Possible FP on web site scan

[AU4U]

Virustotal site scan: https://www.virustotal.com/url/f3e9f9af364f7306a92738af330b806fc5fb8001aacbe9eb7c5240e4434c1856/analysis/1329792028/
Website in question: http://www (dot) flipmytext (dot) com/tattoos/

avast! reports: Infection:js:Redirector-NK [Trj]

Would someone please respond as to the safety of this site and links?
TY

[Pondus]

INFECTED -  http://sitecheck.sucuri.net/results/http://www.flipmytext.com/tattoos/
OBS: you may get a avast warning if you enter this site, since the malware code is displayed there


Malware info:  http://sucuri.net/malware/malware-entry-mwjs159

[AU4U]

So whats with the VT scan showing nothing? 0/19?
And what happens from here, is the site owner or the host notified of this?
I would sure like to have this resolved, I would like to use there services again.

[Gargamel360]

So whats with the VT scan showing nothing? 0/19?
And what happens from here, is the site owner or the host notified of this?
I would sure like to have this resolved, I would like to use there services again.

The VT "scan" isn't a scan at all, it just checks the url against blacklists.  Blacklists always lag behind infections when it comes to legit sites. 

By all means, report it to the sites webmaster if you wish.  Someone might have done it already, if you start getting virus alerts on your site, it usually does not take long for someone to inform you.  But it couldn't hurt to let him know, just in case.

[AU4U]

Holy Crap Batman!
VT site scans are from Blacklists?!?!?!?!?!?!

Don't tell me the File Scans are the same, I might just poop myself!

[Gargamel360]

Don't tell me the File Scans are the same, I might just poop myself!

No, not at all.   File scans are run against  x-amount of scanners

Also, you can scan a site with VT.....you have to save the site itself to your PC, then upload it to VT, if I remember correctly.

[Pondus]

to scan at VT for the infection you need to download the html and upload that to VT. Sonething i can not do froom my Nokia phone......but if you wait 8 hours to after work..,

[Pondus]

i think URlVoid.com have a webinfection scanner. I think you find the link at the bottom, somethin like 'scan url for infection'

[AU4U]

OOOOOH, Bad news Pondus   
Your recommended site, URLVoid.com, came up with a 0/9.     And one of them was avast!
URLVoid.com SCAN RESULTS: http://vscan.urlvoid.com/analysis/05fe8195bc1997b8a9bee8ae5243b15c/dGF0dG9vcw==/
So, does URLLink do the same as VT on the site scans and use the blacklists?

EDIT
So, I found this at the VT site, for the full article, this LINK: https://www.virustotal.com/faq/#url-scans

[Pondus]

It depends what scan at URLVoid you use       the one you used  NO

But URLVoid also have a web rebutation scanner.......it is the one you see when you enter urlvoid.com


and here is one more  http://urlquery.net/report.php?id=23587 
this one will also display any malware reported on that url, if any......see "Alerts"



OBS: and the old VT did download the html file and scan it when scanning a URL...the new does not do that....yet

[polonus]

Next to the avast flagged issue with images/spacer.gif [Spyman malware], the following code at the site also deserves attention: -pagead2.googlesyndication.com/pagead/ads.js suspicious
[suspicious:2] (ipaddr:74.125.227.26) (script) -pagead2.googlesyndication dot com/pagead/ads.js
     status: (referer=wXw.flipmytext.com/tattoos/)saved 11642 bytes 801d92f3f23999c4778ddcdae56f305e0fd84bbc
     info: [decodingLevel=0] found JavaScript
     suspicious:
See also: http://urlquery.net/report.php?id=23583

polonus

[Pondus]

at the moment it seems no AV is detecting this....or the Sucuri detection is wrong/not malicious ?

flipmytext.com.htm
https://www.virustotal.com/file/3054d52bca75a61157866f070c05c879e0b25fad73c9d1df21fd4327bc056cbe/analysis/1329844502/

tattoos.htm
https://www.virustotal.com/file/3717577639c67774b3c02463bb5ac1c1aa77b842f699d630fdbea6c04b95fb84/analysis/1329844596/



have uploaded to Sophos / Avira / Norman lab.... will post the result when i have it 

[AU4U]

Oddly enough, the site has new owners as of July last year.
1st time I've had any problems with this type of thing.

[Pondus]

could you attach a screen shot of the avast warning you get ?

[AU4U]