Author Topic: futbolarg IP block by MBAM  (Read 4778 times)

0 Members and 1 Guest are viewing this topic.

iroc9555

  • Guest
futbolarg IP block by MBAM
« on: March 28, 2012, 10:42:22 PM »
I posted this in " Samples missed by Avast! ". Obviously no the right place. Appologize for the double post.

Can someone take a look at this.

MBAM detects IP suspicious and blocks it. Avast! does not do anything

-http://www.futbolarg.com/

Nada in VT, Sucuri, or URL link scanner:
https://www.virustotal.com/url/8ff75c9a6122285bc6bad8ae0e6105cf3be2d3d0165b8601b7c6e1d1b022af69/analysis/1332965165/
http://sitecheck.sucuri.net/results/http://www.futbolarg.com/
http://vscan.urlvoid.com/analysis/293964cfa43ef77ef1a0978efc2599f9/aW5kZXg=/

but Zulu and urlQuery finds something suspisious or IP reported by sources:

http://zulu.zscaler.com/submission/show/e2d7fa760e91f072232bdcc9faa10809-1332963901
http://urlquery.net/report.php?id=36018

What is the deal ?

« Last Edit: March 28, 2012, 11:06:20 PM by iroc9555 »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: futbolarg IP block by MBAM
« Reply #1 on: March 28, 2012, 11:18:08 PM »
There is some adware via this link there: ads.cpxinteractive dot com/ttj?id=769595&size=300x250

Given clean here: http://siteinspector.comodo.com/public/reports/866700
BrighTCloud rep green 96 trustworthy
Attack code described here: http://xss.cx/examples/html/ib.adnxs.com.xss-sql-injection.html (see code on urlquery) link source
CloudScan Vulnerability Crawler

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: futbolarg IP block by MBAM
« Reply #2 on: March 28, 2012, 11:23:28 PM »
What is the deal ?

Looks like a MBAM FP.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: futbolarg IP block by MBAM
« Reply #3 on: March 28, 2012, 11:32:46 PM »
Hi Asyn,

As MBAM also detects minor misdemeanors as adware tracking, that would qualify here. If not explicitly detected at least as we see from the analysis the vulnerability can be abused. Not actually interesting or threatening to the visitors of mentioned site, but the website owner better be aware of these issues,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

iroc9555

  • Guest
Re: futbolarg IP block by MBAM
« Reply #4 on: March 28, 2012, 11:36:24 PM »
Thanks guys.

I'l report back the findings to the interested party at the Spanish Forum. May also post at MBAM, but I doubt they would change the alert.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: futbolarg IP block by MBAM
« Reply #5 on: March 29, 2012, 12:02:38 AM »
Hola iroc9555,

It is becoming a small world indeed. Site is multi-lingual (English, Italian, German, Spanish & Argentinian) and is hosted in Sweden,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!