Author Topic: futbolarg IP block by MBAM  (Read 2826 times)

0 Members and 1 Guest are viewing this topic.

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7470
  • No soporte por PM.
futbolarg IP block by MBAM
« on: March 28, 2012, 10:42:22 PM »
I posted this in " Samples missed by Avast! ". Obviously no the right place. Appologize for the double post.

Can someone take a look at this.

MBAM detects IP suspicious and blocks it. Avast! does not do anything

-http://www.futbolarg.com/

Nada in VT, Sucuri, or URL link scanner:
https://www.virustotal.com/url/8ff75c9a6122285bc6bad8ae0e6105cf3be2d3d0165b8601b7c6e1d1b022af69/analysis/1332965165/
http://sitecheck.sucuri.net/results/http://www.futbolarg.com/
http://vscan.urlvoid.com/analysis/293964cfa43ef77ef1a0978efc2599f9/aW5kZXg=/

but Zulu and urlQuery finds something suspisious or IP reported by sources:

http://zulu.zscaler.com/submission/show/e2d7fa760e91f072232bdcc9faa10809-1332963901
http://urlquery.net/report.php?id=36018

What is the deal ?

« Last Edit: March 28, 2012, 11:06:20 PM by iroc9555 »
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: futbolarg IP block by MBAM
« Reply #1 on: March 28, 2012, 11:18:08 PM »
There is some adware via this link there: ads.cpxinteractive dot com/ttj?id=769595&size=300x250

Given clean here: http://siteinspector.comodo.com/public/reports/866700
BrighTCloud rep green 96 trustworthy
Attack code described here: http://xss.cx/examples/html/ib.adnxs.com.xss-sql-injection.html (see code on urlquery) link source
CloudScan Vulnerability Crawler

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60274
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: futbolarg IP block by MBAM
« Reply #2 on: March 28, 2012, 11:23:28 PM »
What is the deal ?

Looks like a MBAM FP.
Windows 8.1 [x64] - Avast PremSec 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: futbolarg IP block by MBAM
« Reply #3 on: March 28, 2012, 11:32:46 PM »
Hi Asyn,

As MBAM also detects minor misdemeanors as adware tracking, that would qualify here. If not explicitly detected at least as we see from the analysis the vulnerability can be abused. Not actually interesting or threatening to the visitors of mentioned site, but the website owner better be aware of these issues,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7470
  • No soporte por PM.
Re: futbolarg IP block by MBAM
« Reply #4 on: March 28, 2012, 11:36:24 PM »
Thanks guys.

I'l report back the findings to the interested party at the Spanish Forum. May also post at MBAM, but I doubt they would change the alert.
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: futbolarg IP block by MBAM
« Reply #5 on: March 29, 2012, 12:02:38 AM »
Hola iroc9555,

It is becoming a small world indeed. Site is multi-lingual (English, Italian, German, Spanish & Argentinian) and is hosted in Sweden,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!