malicious website or false positive?

system · 2015-07-11T06:06:08.000Z

I was looking at google images and got a popup saying

URL: ht tp://www.blackseascuba.com/images/diving-in-bulgaria.jpg
Infection: URL:Mal
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

I scanned the URL on virus total and it said it was clean. False positive or??

mikaelrask · 2015-07-11T07:14:56.000Z

hey and welcome to the forum.

zulu scan did found something one the site.

http://zulu.zscaler.com/submission/show/41cc6aaa2c537fe6ae17aaf49a754413-1436598671

do you have the result from the virustotal? if so plasese attach the scan result here. and i will get someone a bit more knowledge then me to have a look at this seens im no expert at this.

Eddy · 2015-07-11T07:26:31.000Z

The IP is blacklisted for very good reasons:
http://urlquery.net/report.php?id=1436599526358
http://urlquery.net/report.php?id=1436599537737

system · 2015-07-11T08:29:54.000Z

mikaelrask post:2:

hey and welcome to the forum.

zulu scan did found something one the site.

http://zulu.zscaler.com/submission/show/41cc6aaa2c537fe6ae17aaf49a754413-1436598671

do you have the result from the virustotal? if so plasese attach the scan result here. and i will get someone a bit more knowledge then me to have a look at this seens im no expert at this.

thanks mikaelrask, heres my scan result: https://www.virustotal.com/en/url/aa1ad38642fbd9f6fa54b31757933de196eefb7edfb830fc46b1a39ce37083b9/analysis/

im not an expert either and was just curious as to what was being detected. As long as i’m protected I can’t complain though. I love avast, keep up the great work guys

polonus · 2015-07-11T11:49:01.000Z

There is some script on that site being alerted by Malware Script Detector v.0.2b.
The IP has malware history: https://www.virustotal.com/nl/ip-address/72.52.170.129/information/
so it could also have been a general IP block for the IP.
“Scripts/AC_RunActiveContent.js:” is running on line 9 so there is active Flash running
and we know under the present circumstances that should better be blocked or run on demand when found to be safe.
Excessive server header info proliferation: Apache/2.4.12 Unix OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9
vulnerable for instance to (wp-posts.php) or other shell exploit.

polonus

Announcements