Malicious URL ? MBAM blocks IPs.

This was posted in the Forum:

MBAM blocks these IPs. I reported them to MBAM forum but they are taken too long to answer. The URL are active and OP has not edited them yet:

http://forum.avast.com/index.php?topic=96000.0

-http://www.nastol.com.ua/digital/19601-avast-antivirus-kompyuter.html
IP-BLOCK 91.223.77.97 (Type: outgoing)

-http://www.nastol.com.ua/look/19629-avast-internet-bezopasnost-kompyuter.html
IP- BLOCK 91.223.77.53 (Type: outgoing)

see domain history

http://zulu.zscaler.com/submission/show/43d00a95715fdfcfcd0789ca24ef7f1f-1333282184
http://zulu.zscaler.com/submission/show/b6a40564e9e8fefee727ceaa8a46da7f-1333282210

http://zulu.zscaler.com/submission/show/07054fce0b636a81a81a2be73695b3c1-1332163966
new scan
http://zulu.zscaler.com/submission/show/07054fce0b636a81a81a2be73695b3c1-1333282351

Thanks Pondus.

So, It is just some IP associated with the site, no necessarly the wallpapers themselves otherwise MBAM would have stopped them

Hi

This has to do with certain domains on that IP: AS Name: UKRTELNET JSC UKRTELECOM,
IPs allocated: 1406720
Blacklisted URLs: 342

Hosts…
…malicious URLs? Yes
…badware? Yes
…botnet C&C servers? Yes
…Current Events? Yes

BrightCloud gives the IP a suspicious yellow 40 meaning There is a higher than average probability that the user will be exposed to malicious links or payloads,

polonus