Avast WEBforum

Other => Viruses and worms => Topic started by: tiagonunes on May 10, 2021, 08:01:59 PM

Title: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
Post by: tiagonunes on May 10, 2021, 08:01:59 PM
Hello,

My website is being blocked by Avast.

htxps://laskasas.com/

It shows two errors:
- HTML:Script-inf [Susp]
- URL:Blacklist

https://we.tl/t-TUZBNZkwYL

Why is this happening? I already checked my website on different tools like VirusTotal, google transparency report, Wordfence (Wordpress), and don't detect any malware or problems.

I already sent a false positive report https://www.avast.com/false-positive-file-form.php

What could possible be the problem?

Best Regards
Title: Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
Post by: DavidR on May 10, 2021, 09:39:54 PM
You should get a response in a day or two from your submission
VirusTotal doesn't do live scans of sites, but rather checks blacklists.

This check reports Low Security Risk but some observations - https://sitecheck.sucuri.net/results/laskasas.com

Out of date software reported in this check - https://awesometechstack.com/analysis/website/laskasas.com/?protocol=https%3A

Also see security points raised here - https://webhint.io/scanner/d8da8855-44f6-48d4-b96e-93b097875f50
Title: Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
Post by: polonus on May 10, 2021, 10:10:41 PM
It's probably this external link, that is flagged by avast's: -https://www.cniacc.pt/pt/
Avast Webshield does not flag this website, just flags the external links to facebook.

But wait for a final verdict by avast team, as they are the only ones to come and unblock.

polonus
Title: Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
Post by: tiagonunes on May 11, 2021, 01:10:05 AM
Hello,

Thank you for your answers. Yes I will wait a day or two for some answer from Avast Team.

I checked the security of my website in multiple online tools and it looks like evertything is fine.

I am algo updating some plugins to the latest version.

Best Regards
Title: Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
Post by: tiagonunes on June 02, 2021, 04:42:45 PM
Hello again,

After my website was removed from the blacklist it looks like it's happening again.

I contacted Avast and they replied this:

"It seems that there are two infected JS files to check: js.cookie.min.js and add-to-cart-variation.min.js"

Can someone help me identify the real problem with those two files? Because it looks like they are native from Woocommerce and I can't see why those two files have a problem.

Best Regards
Title: Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
Post by: tiagonunes on June 02, 2021, 07:03:43 PM
Hello again,

After my website was removed from the blacklist it looks like it's happening again.

I contacted Avast and they replied this:

"It seems that there are two infected JS files to check: js.cookie.min.js and add-to-cart-variation.min.js"

Can someone help me identify the real problem with those two files? Because it looks like they are native from Woocommerce and I can't see why those two files have a problem.

Best Regards


htxps://laskasas.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4

htxps://laskasas.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=5.3.0

This is my files that are on my server when I run them on VirusTotal I can’t detect any kind of problem.

Js.cookie.min.js -> https://www.virustotal.com/gui/file/3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612/detection

Add-to-cart-variation.min.js -> https://www.virustotal.com/gui/file/794afb583cd66a9d7a31a2ca0b8d98752cbd90fb0e5a8090b8301b4ccfaeafc6/detection

I also compared those two files to the source code of Woocommerce here https://plugins.trac.wordpress.org/browser/woocommerce/tags/5.3.0?order=name and I can’t find any difference between those files.
Title: Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
Post by: polonus on June 02, 2021, 10:57:05 PM
On the VT links you produced I can only see related detections like for Maltego XL v4.2.18 Activation Tool.exe

Attackers may compromise by planting malware via a phishing domain and e-mail attachment.

See: https://www.virustotal.com/gui/file/794afb583cd66a9d7a31a2ca0b8d98752cbd90fb0e5a8090b8301b4ccfaeafc6/relations

Without avast interfering your website still produces an "Unable to scan your site. 503 Service Unavailable" at Sucuri's.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)