I am receiving the following error message regarding a set of newsletter emails.

Object: HTTP://mail.travelagentcommunications... Infection: URL:Mal

When I click on the “More Details” link, I get the following:

URL hxxp://mail.travelagentcommunications.com/db/258407/17401603/1.gif

Infection     URL:Mal</blockquote>

The above is totally useless to me in deciding whther this is a false positive or a real threat. I don’t specialize in internet security, which is why I am using Avast. So, I am eft wondering whether this is a real threat or a false positive. :-/

URL:mal means url or ip is blacklisted for whatever reason

Sucuri report http://sitecheck.sucuri.net/results/mail.travelagentcommunications.com/db/258407/17401603/1.gi

VT scan
https://www.virustotal.com/en/url/6898a5e6b492aa7fd79edd9a47a3558433f1b50b9527447a135a42bd04510ebe/analysis/1407604486/

IP is blacklisted by apews.org … see reason below

Oooops 209.204.114.9 is currently listed in APEWS :-( Entry matching your Query: E-249350 209.204.64.0/18 CASE: C-130 One or more bots in ASN / CIDR, unprofessional / negligent owner Special Reason: Only the ASN/CIDR owner can solve this listing by actioning FAQ 42 apews.org SHUTDOWN BOTS, ZOMBIES, NET ABUSE History: Entry created 2007-07-10

Hi Pondus,

Could well be, my good friend, but the AS again has a splendid reputation: http://sitevet.com/db/asn/AS10823
This is making a FP more plausible i.m.h.o.

Damian

I would say, submit it to avast and let’s see what they say.

Hi Eddy,

It is their generic detection, URL:Mal, supported by the Sucuri results.
If they were the only one to flag a FP is plausible.
We do not know on what ground a detection came up.

pol

Hi all, the URL is blocked for 46 days now and we haven’t got any response from the owner yet. This seems very suspicious to me, as normal false positives are reported almost immediately.