Looking at the links you have provided in a virtual machine and what Avast category of the infection I would suggest its not the fact that its html that it has been detected its because the java script inside the html has an infection in it. Java script could be allowing the website to do something to you pc or download an infection.
Thanks for looking at it. But code in the txt file has not javascript, and it still produces the alert. And what about the jpg image? Or the favaicon.ico file? Those two also produce the alert (sometimes).
Sorry if I’m annoying, I’m just trying to understand if this a real alert, because all the ones I get don’t look coherent to me. If I get an alert just saying “the script code in this page is malicious” then that’s fine. But when I also get alerts on images, I don’t understand anymore.
Sorry just wish I could help more not having access to my virtual machine I’m not going to load the site again but reading the source code you provided there is a hidden value it could be that however I am not sure. Sorry I can’t be anymore help.
I have just visited the site and browsed many of the pages and no alerts. I downloaded that image and avast doesn’t alert on it and not detections on it from virustotal (42 AV scanners).
Avast has in the past been very accurate in these detections and the most common attack now is from sites that have been hacked and these redirection scripts inserted.
I don’t know if that was the case here and the site has been cleaned up, but that is a reasonable assumption.
I think it was pretty specific JS:Redirector-CV, a javascript redirector, there is only so much you can display in the alert window. Which in most cases is as a result of the site being hacked.
Ok, after doing some more testing I have to wholeheartedly agree with you. I tried entering the site “manually” (i.e. via a telnet session), and indeed whatever request you send, an infected file comes back.