Author Topic: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?  (Read 744 times)

0 Members and 1 Guest are viewing this topic.

Offline tiagonunes

  • Newbie
  • *
  • Posts: 4
Hello,

My website is being blocked by Avast.

htxps://laskasas.com/

It shows two errors:
- HTML:Script-inf [Susp]
- URL:Blacklist

https://we.tl/t-TUZBNZkwYL

Why is this happening? I already checked my website on different tools like VirusTotal, google transparency report, Wordfence (Wordpress), and don't detect any malware or problems.

I already sent a false positive report https://www.avast.com/false-positive-file-form.php

What could possible be the problem?

Best Regards

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85072
  • No support PMs thanks
Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
« Reply #1 on: May 10, 2021, 09:39:54 PM »
You should get a response in a day or two from your submission
VirusTotal doesn't do live scans of sites, but rather checks blacklists.

This check reports Low Security Risk but some observations - https://sitecheck.sucuri.net/results/laskasas.com

Out of date software reported in this check - https://awesometechstack.com/analysis/website/laskasas.com/?protocol=https%3A

Also see security points raised here - https://webhint.io/scanner/d8da8855-44f6-48d4-b96e-93b097875f50
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
« Reply #2 on: May 10, 2021, 10:10:41 PM »
It's probably this external link, that is flagged by avast's: -https://www.cniacc.pt/pt/
Avast Webshield does not flag this website, just flags the external links to facebook.

But wait for a final verdict by avast team, as they are the only ones to come and unblock.

polonus
« Last Edit: May 10, 2021, 10:14:52 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline tiagonunes

  • Newbie
  • *
  • Posts: 4
Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
« Reply #3 on: May 11, 2021, 01:10:05 AM »
Hello,

Thank you for your answers. Yes I will wait a day or two for some answer from Avast Team.

I checked the security of my website in multiple online tools and it looks like evertything is fine.

I am algo updating some plugins to the latest version.

Best Regards

Offline tiagonunes

  • Newbie
  • *
  • Posts: 4
Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
« Reply #4 on: June 02, 2021, 04:42:45 PM »
Hello again,

After my website was removed from the blacklist it looks like it's happening again.

I contacted Avast and they replied this:

"It seems that there are two infected JS files to check: js.cookie.min.js and add-to-cart-variation.min.js"

Can someone help me identify the real problem with those two files? Because it looks like they are native from Woocommerce and I can't see why those two files have a problem.

Best Regards

Offline tiagonunes

  • Newbie
  • *
  • Posts: 4
Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
« Reply #5 on: June 02, 2021, 07:03:43 PM »
Hello again,

After my website was removed from the blacklist it looks like it's happening again.

I contacted Avast and they replied this:

"It seems that there are two infected JS files to check: js.cookie.min.js and add-to-cart-variation.min.js"

Can someone help me identify the real problem with those two files? Because it looks like they are native from Woocommerce and I can't see why those two files have a problem.

Best Regards


htxps://laskasas.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4

htxps://laskasas.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=5.3.0

This is my files that are on my server when I run them on VirusTotal I can’t detect any kind of problem.

Js.cookie.min.js -> https://www.virustotal.com/gui/file/3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612/detection

Add-to-cart-variation.min.js -> https://www.virustotal.com/gui/file/794afb583cd66a9d7a31a2ca0b8d98752cbd90fb0e5a8090b8301b4ccfaeafc6/detection

I also compared those two files to the source code of Woocommerce here https://plugins.trac.wordpress.org/browser/woocommerce/tags/5.3.0?order=name and I can’t find any difference between those files.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Re: Website blocked: URL:Blacklist & HTML:Script-inf [Susp] why?
« Reply #6 on: June 02, 2021, 10:57:05 PM »
On the VT links you produced I can only see related detections like for Maltego XL v4.2.18 Activation Tool.exe

Attackers may compromise by planting malware via a phishing domain and e-mail attachment.

See: https://www.virustotal.com/gui/file/794afb583cd66a9d7a31a2ca0b8d98752cbd90fb0e5a8090b8301b4ccfaeafc6/relations

Without avast interfering your website still produces an "Unable to scan your site. 503 Service Unavailable" at Sucuri's.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: June 02, 2021, 11:05:56 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!