Blacklist Incident - Page on markets.financialcontent.com embeds zarlatina.kowzam.com

Summary

Correlation: Exact
Matched By: Domain
Matched Lists: GSBMalware
Score: 35
Description:

Incident Details

Id: 85369800
Incident Date: 2014-12-03 01:00 PM PST
Incident Detected Date: 2014-12-04 01:07 PM PST
Cause: iframe.src
Blacklist Resource IP: 91.218.229.159
Blacklist Resource AS: AS48172: Country: RU  Registry: ripencc
OVERSUN Oversun Ltd,RU
Phishing: false
Scam: false
Malware: true
Spam: false
Alexa Rank: 110369

Matched Lists

GSB Malware Match: kowzam.com/
Match Type: Domain

Blacklist Resource Details

URL: http://zarlatina.kowzam.com:488/sql/development/proxy/careers.php?engine=59guardian=389&gaming=955&click=351&display=741&engine=59&asia=subs
Sequence: 5
Response Code: 200
Content Type: text/html
Referrer: http://bodies.michelebachmann.org/means/realttime/claimed/ips.js
Cause: iframe.src
Location in Prior

Resulting Page

Sequence in Crawl: 1
Guid: aaf34a5e-65a2-47dc-b2f5-fba74c3d92fc
URL: http://markets.financialcontent.com/stocks/quote?Symbol=WFC
IP Address: 38.114.159.62
Window Name: : TopLevelWindow@298f5f69

Crawl Details

Crawl Guid: 0651c036-1288-4c3b-9b82-52891a3bc941
Crawl Date: 2014-12-03 01:00 PM PST
Frontier URL: http://markets.financialcontent.com/stocks/quote?Symbol=WFC
Metro Code: none
Crawled Pages: 10
Error Pages: 0

Source Search

ID Date Network Type Search Term Metro Pages Entries Crawl Search
357643946 2014-12-03 Yahoo Organic wells fargo bank stock 10 100 View View
Page 10 - Position 93
WELLS FARGO & CO. Stock Quote | Stock Price for WFC ...
markets.financialcontent.com/stocks/quote?Symbol=WFC
FinancialContent is the trusted provider of stock market information to ... Wells Fargo Fixed-to-Floating Rate Non-Cumulative ... Bank of Commerce hires another ...
http://markets.financialcontent.com/stocks/quote?Symbol=WFC

Sequence Overview

Seq­uence URL Ad Network Cause Response Code Frame Window Parent Window Lost Referrer Referrer
1 http://markets.financialcontent.com/stocks/quote?Symbol=WFC - parentPage 200 true true : TopLevelWindow@298f5f69 - http://search.yahoo.com/search...
2 http://markets.financialcontent.com/stocks?Module=fcadunit72... - script.src 200 - - : TopLevelWindow@298f5f69 - http://markets.financialconten...
3 http://ads.financialcontent.com/www/delivery/afr.php?n=fcad2... - iframe.src 200 true - fcad2389831: FrameWindow@70b1... - http://markets.financialconten...
4 http://bodies.michelebachmann.org/means/realttime/claimed/ip... - iframe.src 200 true - : FrameWindow@16e4aa7c - http://ads.financialcontent.co...
5 http://zarlatina.kowzam.com:488/sql/development/proxy/career... - iframe.src 200 true - : FrameWindow@3e283f7c - http://bodies.michelebachmann....

Sequence Details

1

http://markets.financialcontent.com/stocks/quote?Symbol=WFC
Referrer: http://search.yahoo.com/search?p=wells+fargo+bank+stock&b=&fr=ie8
Cause: parentPage
Contains Element :

2

http://markets.financialcontent.com/stocks?Module=fcadunit728top&Output=JS
Referrer: http://markets.financialcontent.com/stocks/quote?Symbol=WFC
Cause: script.src Path from prior: /html/body/div[1]/div[1]/div/script/@src
Contains Source :

3

http://ads.financialcontent.com/www/delivery/afr.php?n=fcad2389831&&zoneid=1670&cb=fcad2389831
Referrer: http://markets.financialcontent.com/stocks/quote?Symbol=WFC
Cause: iframe.src Path from prior: /html/body/div[1]/div[1]/div/div/iframe/@src
Contains Element :

4

http://bodies.michelebachmann.org/means/realttime/claimed/ips.js
Referrer: http://ads.financialcontent.com/www/delivery/afr.php?n=fcad2389831&&zoneid=1670&cb=fcad2389831
Cause: iframe.src Path from prior: /*[name()='html']/body/iframe[1]/@src
Contains Element :

5

http://zarlatina.kowzam.com:488/sql/development/proxy/careers.php?engine=59guardian=389&gaming=955&click=351&display=741&engine=59&asia=subs
Referrer: http://bodies.michelebachmann.org/means/realttime/claimed/ips.js
Cause: iframe.src Path from prior: /html/body/iframe/@src