WEB Shield blocking safe page with inactive code

Avast is detecting this inactive code on page (first post etc.) http://www.sk.rs/forum/showthread.php?t=89112, as malicious.
In fact it blocks the whole part of the forum http://www.sk.rs/forum/forumdisplay.php?f=89.

Forum is well known and safe.

Zulu Scaler result
Websicherheit reports a lot of external links that could be dangerous.

If you believe it is a false positive, you can report it HERE

Nothing of a block there now, avast does not alert on site!

This could eventually been flagged as suspicious code on site: /1/OP/ATVPDKIKX0DER:182-5891348-2460929:1QZGQ44C0HD7950ZV2N8$uedata=s:%2Fgp%2Fmas%2Fdl%2Fandroid%2Fuedata%2Fnvp%2Funsticky%2F182-5891348-2460929%2FDetail%2Fntpoffrw%3Fnoscript%26id%3D1QZGQ44C0HD7950ZV2N8:2000
info: [img] fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:182-5891348-2460929:1QZGQ44C0HD7950ZV2N8$uedata=s:%2Fgp%2Fmas%2Fdl%2Fandroid%2Fuedata%2Fnvp%2Funsticky%2F182-5891348-2460929%2FDetail%2Fntpoffrw%3Fstaticb%26id%3D1QZGQ44C0HD7950ZV2N8:1000
info: [decodingLevel=0] found JavaScript
suspicious:
Site also failed the Spam check: Suspicion of Spam

r&t=90024" rel=“nofollow”>hacker_aca <img class=“inlineimg” src=…

External links check pose no problems.

Excessive header info found: PHP/5.2.10 *- Running on: Apache/2.2.3 System info: (CentOS)
For * see:
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-79645/year-2011/PHP-PHP-5.2.10.html
Application: vBulletin 3.8.7 vulnerable
Given secure here: http://zulu.zscaler.com/submission/show/24321d47cb1c663a7a8b20fe3cf1cc82-1386436848
and here: http://app.webinspector.com/public/reports/18782891

polonus

According to Zscaler it’s a “parked or disabled domain”.
And the host name could not be resolved.

http://zulu.zscaler.com/submission/show/b4ca330891002a959573a2ad459d4a3e-1386437692

edit: My check was for www.sk.rs/forum/showthread.php?t=89112

There was malicious code in that thread.
Looks like a administrator of the webboard has removed it.

This one still gets an avast pop-up hxxp://www.sk.rs/forum/showthread.php?t=89112

edit: It could be the “gzip” file.

Hi,

Yesterday I sent an email ragarding this topic to virus@avast.com like recommended in the german forum (AVADAS).
There is a false posivtive on some sites quoting malicious code in an article. These sites are definitive harmless, describing infections and their solution.

2 examples:
joomlaboy.com/tutorials/joomla/88-solved-autson-slideshow-clickjack-issue
blog.ff-webdesigner.de/world-wide-webdesign/website-gehackt-mit-iframe-exploit.html

Would be great if Avast! could differentiate better in this case (code in text form vs. active code).

Thanks

Pascal

website-bereinigung.de

@ pascal88 Your issue is not related to this one as you are referring to a completely different website.
Please start your own thread. The one that I referenced is probably due to the “gzip” file.

This forum is run by the oldest IT magazine in the country Svet Kompjutera (World of Computers) first published in '84.
And the code is plain text in forum section, exampling how the guys site was attacked.
There is no threat, and avast WEB shield is making a false detection.
And I’m reporting this, because people from the forum which use avast, are having a problem (I got rid off avast).