malware URL - false alarm on my site

[red.dante]

help..
my site hxxp://requestanylinks.co.cc/
cant be opened..

 

[DavidR]

I don't get a Malware URL (network shield alert) on the above link, which should have been changed from http to hXXp to break the link and avoid accidental exposure to a suspect site (I know you are saying it isn't infected).

It is the redirected site that the alert is on requestanylinks.cilacaponline.web.id that I see the alert on, and that ?id-index is also loading a compressed javascript file. Whilst avast is effectively the only scanner detecting this, http://www.virustotal.com/file-scan/report.html?id=50d81dd73f4f819e8e6edede2a22952a271d22d980987c5fc58bc6a4adf8ed04-1295090449, a) there aren't many scanners even looking for this type of thing and b) avast has been very accurate in the past on these.

[red.dante]

I don't get a Malware URL (network shield alert) on the above link, which should have been changed from http to hXXp to break the link and avoid accidental exposure to a suspect site (I know you are saying it isn't infected).

It is the redirected site that the alert is on requestanylinks.cilacaponline.web.id that I see the alert on, and that ?id-index is also loading a compressed javascript file. Whilst avast is effectively the only scanner detecting this, http://www.virustotal.com/file-scan/report.html?id=50d81dd73f4f819e8e6edede2a22952a271d22d980987c5fc58bc6a4adf8ed04-1295090449, a) there aren't many scanners even looking for this type of thing and b) avast has been very accurate in the past on these.

yes, that co.cc is redirected to web.id
so i must remove the javascript?
but how do i know, which javascript did you mean?

thanks.

[SafeSurf]

We are asking you to go back to your first post in this thread, and change the http to hXXp so no one can accidentally click on it.  Go to Modify post to change this.

You can then alert your webmaster about this problem based on the Virus Total report.

[DavidR]

I don't get a Malware URL (network shield alert) on the above link, which should have been changed from http to hXXp to break the link and avoid accidental exposure to a suspect site (I know you are saying it isn't infected).

It is the redirected site that the alert is on requestanylinks.cilacaponline.web.id that I see the alert on, and that ?id-index is also loading a compressed javascript file. Whilst avast is effectively the only scanner detecting this, http://www.virustotal.com/file-scan/report.html?id=50d81dd73f4f819e8e6edede2a22952a271d22d980987c5fc58bc6a4adf8ed04-1295090449, a) there aren't many scanners even looking for this type of thing and b) avast has been very accurate in the past on these.

yes, that co.cc is redirected to web.id
so i must remove the javascript?
but how do i know, which javascript did you mean?

thanks.

I don't know if you have control over the web.id site as it is a compress script file being loaded by the redirected link.

So it could be something on the home/index page of your sub-domain of web.id or something more general loaded by the web.id host and I don't know which it might be.

[m00nbl00d]

@ red.dante

Just wishing to clarify something that is confusing me...

When you say your website cannot be opened, are you using avast!, thus preventing you from accessing your own website? Or, did some visitor using avast! got access blocked and asked you what was happening?

Your information if very scarce.

Thank you

[red.dante]

@DavidR : i think the host web.id is clean, it seems i have to try and remove the javascript code one by one

@m00nbl00d : previously i'm not using avast and i dont have any problem opening my site, then i find this avast has better protection against web traffic. But i cant open my site again, it is written :

MALWARE BLOCKED
hxxp://requestanylinks.cilacaponline.web.id/?id=index|>{gzip} [L] HTML:Script-inf (0)

thanks.

[m00nbl00d]

[...]
@m00nbl00d : previously i'm not using avast and i dont have any problem opening my site, then i find this avast has better protection against web traffic. But i cant open my site again, it is written :

MALWARE BLOCKED
hxxp://requestanylinks.cilacaponline.web.id/?id=index|>{gzip} [L] HTML:Script-inf (0)

thanks.

Let's see if I understand you correctly. You weren't an avast! user, but then started using avast!, because you found out it offers better web protection? Correct? And, now, you can no longer access the website, because avast! blocks it. Correct?

I ask, because I'm finding this very "confusing"... I happened to step upon this thread opened at AVG forums, stating the same about their antivirus: -http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=144415

So, are you using avast! or AVG? Or both?

That's the reason of my first question...

When you say your website cannot be opened, are you using avast!, thus preventing you from accessing your own website? Or, did some visitor using avast! got access blocked and asked you what was happening?

Perhaps, two different systems, where in one you got avast! and one other where you got AVG?

-edit-

-http://www.urlvoid.com/scan/requestanylinks.cilacaponline.web.id

[red.dante]

[...]
@m00nbl00d : previously i'm not using avast and i dont have any problem opening my site, then i find this avast has better protection against web traffic. But i cant open my site again, it is written :

MALWARE BLOCKED
hxxp://requestanylinks.cilacaponline.web.id/?id=index|>{gzip} [L] HTML:Script-inf (0)

thanks.

Let's see if I understand you correctly. You weren't an avast! user, but then started using avast!, because you found out it offers better web protection? Correct? And, now, you can no longer access the website, because avast! blocks it. Correct?

I ask, because I'm finding this very "confusing"... I happened to step upon this thread opened at AVG forums, stating the same about their antivirus: -http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=144415

So, are you using avast! or AVG? Or both?

That's the reason of my first question...

When you say your website cannot be opened, are you using avast!, thus preventing you from accessing your own website? Or, did some visitor using avast! got access blocked and asked you what was happening?

Perhaps, two different systems, where in one you got avast! and one other where you got AVG?

-edit-

-http://www.urlvoid.com/scan/requestanylinks.cilacaponline.web.id

ok you've got me.

your first question : previously i use Avira, but now i use Avast only, but my friends which use AVG and KIS find similiar false alarm about my site.
that's the reason, i post the same thread to their forum.

i have one PC only which has Avast in it to access my site.
furthermore, the cpanel on web.id is under maintenance, so i cant change any code right now..

hope to clear your confused..

[m00nbl00d]

[...]
@m00nbl00d : previously i'm not using avast and i dont have any problem opening my site, then i find this avast has better protection against web traffic. But i cant open my site again, it is written :

MALWARE BLOCKED
hxxp://requestanylinks.cilacaponline.web.id/?id=index|>{gzip} [L] HTML:Script-inf (0)

thanks.

Let's see if I understand you correctly. You weren't an avast! user, but then started using avast!, because you found out it offers better web protection? Correct? And, now, you can no longer access the website, because avast! blocks it. Correct?

I ask, because I'm finding this very "confusing"... I happened to step upon this thread opened at AVG forums, stating the same about their antivirus: -http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=144415

So, are you using avast! or AVG? Or both?

That's the reason of my first question...

When you say your website cannot be opened, are you using avast!, thus preventing you from accessing your own website? Or, did some visitor using avast! got access blocked and asked you what was happening?

Perhaps, two different systems, where in one you got avast! and one other where you got AVG?

-edit-

-http://www.urlvoid.com/scan/requestanylinks.cilacaponline.web.id

ok you've got me.

your first question : previously i use Avira, but now i use Avast only, but my friends which use AVG and KIS find similiar false alarm about my site.
that's the reason, i post the same thread to their forum.

i have one PC only which has Avast in it to access my site.
furthermore, the cpanel on web.id is under maintenance, so i cant change any code right now..

hope to clear your confused..

No worries. But, considering that, initially, such information was lacking, for sure you'll understand that when the same request is present at other security vendor forums, it sounds a bit off.

As it was mentioned, the best you can do is send a request to test the website for false positives (or not); from there see the best option to clean whatever needs to be cleaned.

Kind regards

[Sirmer]

Hello,
this detection is correct, in hxxp://requestanylinks.cilacaponline.web.id/?id=index|>{gzip} is script redirecting at ultrafiles.net.....
Regards

[red.dante]

Hello,
this detection is correct, in hxxp://requestanylinks.cilacaponline.web.id/?id=index|>{gzip} is script redirecting at ultrafiles.net.....
Regards

@all : thanks for your support..

the code causing this false alarm comes from ultrafiles.net which originally generated by linkbucks..
now __http://requestanylinks.co.cc/ is working fine..

thanks all