Hello,
hxxp://www.surfactif.fr/site_under_total.php
False positive, nothing detected with nod32, kaspersky and bitdefender.
Thank you.
Asyn
2
Test it at VT (virustotal.com) and post the link here.
So you don’t think that this little obfuscated gzip file being loaded isn’t suspicious.
Asyn
5
Usually, I would guess on FP with this dedection rate.
But since you posted the obfuscated gzip file… :-\
So this link is bad ?
I use nod32 on my main computer, so I have no problem with this link, but on some websites called autosurf (trafic generator on a website), you can see this link in a viewbar.
I use avast on a second computer, and I have some alert with this link.
I can’t say for sure, but it is most certainly suspicious. I’m always concerned when any level of obfuscation is used.
Avast (the company) answer me : “False positive will be fixed in next VPS update.”
So it seems to be okay, no worry about this link, it’s weird :
Thanks for the update, weird is certainly right.
Hi DavidR,
There were some GET /favicon.ico HTTP/1.1 but could not connect,
According to this report the site is safe: htxp://urlquery.net/report.php?id=2763
See the warnings ar urlquery.net, only visit given link there if security aware and know what you are doing.
But when I analyze the site here: htxp://monkeywrench.de/result.html?id=3805338&displaykey=zd8821f3
avast webshield flags JS:ScriptPE-inf [Trj] there
As unmaked parasites is also flagging the site for 1 suspicious inline script found:
see attached gif image
Goes to a suspicious link, see: http://www.urlvoid.com/scan/cashinlink.com
banner-clicker
polonus
DavidR
11
Yes I saw that one and another when I downloaded just the php file. But I suspect they may well have been affiliate/sponsored links.