Is this site really URL Mal infected?

[wisteria]

Hello all,

Apologies if this question has already been asked, but whenever I try to visit the following website, I receive the URL Mal warning.  Friends who have computers protected with other anti virus software such as AVG are not receiving this warning and say there is nothing wrong with the site and that Avast is over-reacting.

wxw.bigtoyswarehouse.co.uk

Any information about this would be very welcome as I'm not especially computer literate.

Thanks.   

[midnight]

I just clicked on the link and got the red pop up, saying the site was malicious, clicked on more details and showed that I had just dodged a bullet.  Did you read the details?

[Pondus]

URL:mal means the URL is on a blocklist

if you think this is wrong, you can report it here   http://www.avast.com/contact-form.php?


urlquery - IDS alert by sucuricata _ FILEMAGIC Macromedia Flash data (compressed),
http://urlquery.net/report.php?id=317682

[polonus]

No alerts here: http://urlquery.net/report.php?id=318597
Some code hick-ups found up by Quttera's heuristic scanner in the following 4 files.
This does not mean that these should be malicious per se, only have anomalities to make them stand out from the rest of the files there...

all-include.js
File size[byte]:    173286
Threat type:   Potentially Suspicious
Details:    Detected potentially suspicious content.
Reason:    Detected potentially suspicious initialization of function pointer to JavaScript method writeln <code> __tmpvar1699510875 = writeln; <code/>
MD5:   54D6DF7CB5DAC605790C363683027FB8

/include/js/DD_roundies_0.0.2a-min.js
File size[byte]:    8429
Threat type:   Potentially Suspicious
Details:    Detected potentially suspicious content.
Reason:    Detected potentially suspicious initialization of function pointer to JavaScript method writeln <code> __tmpvar183615581 = writeln; <code/>
MD5:   B8B9F888948D72009322CFD0FEE48E0E

chatserver.comm100 dot com/js/LiveChat.js?siteId=128909&planId=2104&partnerId=-1  (web rep four greens)
File size[byte]:    26398
Threat type:   Potentially Suspicious
Details:    Detected hidden reference to external web resource.
Reason:    Detected generation of hidden DOM element [iframe].
MD5:   8584A6F23E4FC7454E18CFF2237DAF67
Scan duration[sec]:    0.777000
s7.addthis dot com/js/250/addthis_widget.js#pubid=ra-4ec907345df988e1
File size[byte]:    6721
Threat type:   Potentially Suspicious
Details:    Detected hidden reference to external web resource.
Reason:    Detected generation of hidden DOM element [iframe].
MD5:   9ADEDD301F5AA4594680A852630E56AB

source: Quttera's scan data

polonus

[wisteria]

Thank you for your insight guys!  I didn't read the explanation offered by Avast regarding the nature of URL Mal, but will do so.  I was simply puzzled that the issue wasn't coming up in other anti virus software. 

[DavidR]

I just clicked on the link and got the red pop up, saying the site was malicious, clicked on more details and showed that I had just dodged a bullet.  Did you read the details?

The information on that page is more generic and not very helpful if you are looking for a detailed analysis. That requires the use of other analysis tools.

[polonus]

Here you see now that the site has been migrated to another IP without the IDS alerts that were previous given for the former IP location: http://urlquery.net/report.php?id=317682
So I think the site has been cleansed, however the IP migrated to has instances of  HTML:Script-inf malware for other domains there, which avast should detect because it has a very good reputation on detection of thes types of malware: https://www.virustotal.com/file/17650ad4d4808528ab176a6765aae1eb5ba3e73288d7885f984467c878240771/analysis/
Some malware from that IP is long overdue and has been on for more than 1042.3 hrs... JS/Agent.ebz, JS/iFrame.BO.1,  JS/iFrame.czo,  JS/iFrame.XA.1, HTML/Rce.Gen3 etc......


polonus