malicious website or false positive?

I was looking at google images and got a popup saying

URL: ht tp://www.blackseascuba.com/images/diving-in-bulgaria.jpg
Infection: URL:Mal
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

I scanned the URL on virus total and it said it was clean. False positive or??

hey and welcome to the forum.

zulu scan did found something one the site.

http://zulu.zscaler.com/submission/show/41cc6aaa2c537fe6ae17aaf49a754413-1436598671

do you have the result from the virustotal? if so plasese attach the scan result here. and i will get someone a bit more knowledge then me to have a look at this seens im no expert at this.

The IP is blacklisted for very good reasons:
http://urlquery.net/report.php?id=1436599526358
http://urlquery.net/report.php?id=1436599537737

thanks mikaelrask, heres my scan result: https://www.virustotal.com/en/url/aa1ad38642fbd9f6fa54b31757933de196eefb7edfb830fc46b1a39ce37083b9/analysis/

im not an expert either and was just curious as to what was being detected. As long as i’m protected I can’t complain though. I love avast, keep up the great work guys :slight_smile:

There is some script on that site being alerted by Malware Script Detector v.0.2b.
The IP has malware history: https://www.virustotal.com/nl/ip-address/72.52.170.129/information/
so it could also have been a general IP block for the IP.
“Scripts/AC_RunActiveContent.js:” is running on line 9 so there is active Flash running
and we know under the present circumstances that should better be blocked or run on demand when found to be safe.
Excessive server header info proliferation: Apache/2.4.12 Unix OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9
vulnerable for instance to (wp-posts.php) or other shell exploit.

polonus