Is URL:Mal2 warning alarms are a false positive?

Hello all,

Started from 15 June, I have got a URL:Mal2 warning when I getting access to the website of http://www.arashibest.com/member.php?mod=logging&action=login&referer=%2Fforum.php (ArashiBest Forum) that I always getting in daily.

For the webpage of the above link was OK and no warning alert existed. However after I login the forum and then red warning window showed up for my every click and stated as bellow (one of the many samples only) :

Malicious URL Blocked
URL: http://www.foxnl.com/photos/original/8530-mwg2er14qfdjwrt7fcr7.jpg
Infection: URL:Mal2
Process: C:\Program Files(x86)\Internet Explorer\iexplore.exe

The link of infection detailed information are as bellow (Selected 3 samples):

http://www.avast.com/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_80_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ww%2Fvirus-alert-default&p_vir=URL:Mal2&p_prc=C:\Program%20Files%20(x86)\Internet%20Explorer\iexplore.exe&p_obj=http://www.foxnl.com/photos/original/8530-mwg2er14qfdjwrt7fcr7.jpg&p_var=.%2Ffa%2Fen-ww%2Fvirus-alert-default&p_pro=0&p_vep=8&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=45&p_lng=tw&p_lid=en-ww&p_elm=7&p_vbd=1483

http://www.avast.com/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_80_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ww%2Fvirus-alert-default&p_vir=URL:Mal2&p_prc=C:\Program%20Files%20(x86)\Internet%20Explorer\iexplore.exe&p_obj=http://www.foxnl.com/photos/original/8529-32n1ahqw8k838fhrxxtz.jpg&p_var=.%2Ffa%2Fen-ww%2Fvirus-alert-default&p_pro=0&p_vep=8&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=45&p_lng=tw&p_lid=en-ww&p_elm=7&p_vbd=1483

http://www.avast.com/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_80_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ww%2Fvirus-alert-default&p_vir=URL:Mal&p_prc=C:\Program%20Files%20(x86)\Internet%20Explorer\iexplore.exe&p_obj=http://www.foxnl.com/photos/original/8531-se8p8w7j3hgj5c1ybx62.jpg&p_var=.%2Ffa%2Fen-ww%2Fvirus-alert-default&p_pro=0&p_vep=8&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=45&p_lng=tw&p_lid=en-ww&p_elm=7&p_vbd=1489

For the Web shield scan report, it stated that:

http://i789.photobucket.com/albums/yy176/wawakaka/WebshieldscanreportforMal2_zps6558b161.jpg

For the report, 1st column: Name of URL, 2nd column: The degree of severe: High
3rd column: Threat: URL:Mal2, 4th column: Action: Blocked

For the above situation, it seems that many several JPG files (i.e. http://www.foxnl.com/photos/original/8xxx-xxxxx.jpg) inside the photo album stated in the forum may have some malware threat on them.

Besides, I ask my friend (by using Avira Anti-virus) to getting and logging in the website (forum), as a result, the website is clean and no warning alert for malware URL for it. Apart from this, I also ask the technical staff of ArashiBest Forum for the queries of the above case, they explained that the photo album is changed recently and all of the JPG files were OK and clean and the warning alert of Avast must be false positive at all.

Therefore, is that the alert of URL:Mal2 is a false positive only? if yes, can it will be fixed by Avast later. Please be advise and help.

Thank you very much for the help and have a nice day to all.

By Karen

Being detected here: https://www.virustotal.com/nl/url/8b729c16581f89cc0da6aa5a8a458537c363ecd4877b2482a197a991dac08cf3/analysis/
alert on same IP: http://urlquery.net/report.php?id=1528918

polonus

Trend micro

reported The latest tests indicate that this URL contains malicious software or phishing.

zscaler risk analyzer reported malicious

http://zulu.zscaler.com/submission/show/23a0768ddc895d588e58cb46f6976e85-1371417929

scanning just domain on VirusTotal
https://www.virustotal.com/en/url/f746089e6acff47db595ba7f2f2e8fbbf95276e128eb783cb75bfd1321d3ab90/analysis/1371418400/

show listed at Clean-MX

zulu
http://zulu.zscaler.com/submission/show/33c9302f70eee76296d12965621e730b-1371418573

Moreover I get this warning from a DNS check: Warning:
Web server 108.162.197.229, which is located site htxp://foxnl.com/, has no PTR-record. Because of this, much of the e-mails sent from the site htxp://foxnl.com/, will not reach the recipient. Have the support of the hosting company to install the correct PTR record for the IP 108.162.197.229.
See: http://hosts-file.net/default.asp?s=108.162.197.229 & http://hosts-file.net/default.asp?s=http%3A%2F%2Ffoxnl.com

polonus