False Positive: Site Blocked - HTML:Script-inf

[a.vagamundos]

Avast is blocking our website wxw.vagamundos.pt claiming that it is infected with HTML:Script-inf[Susp].

We believe it is a false positive because our website is monitored 24/7 by Sucuri (premium account) and all the reports say that it is clean of malware.
We also checked for virus in several websites and all of them show that the site is not infected/blacklisted:

https://www.virustotal.com/gui/url/9cc4af13183fbbff4724da3174298b7d27eea4d8e4cf76c69ef37c400ea84c2c?nocache=1
https://labs.sucuri.net/blacklist/info/?domain=vagamundos.pt
https://www.siteadvisor.com/sitereport.html?url=vagamundos.pt
https://yandex.com/safety/?url=vagamundos.pt&l10n=en
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.vagamundos.pt%2F

We already filled a report yesterday at https://www.avast.com/false-positive-file-form.php but we got no feedback.

Since we work in the tourism sector weekends are usually very busy and many readers of our site are reporting that they cannot access our website, and that is hurting our brand image and company profit.

Can someone here helps us checking these false positive issue and help us with the site unblock? 
Thank you so much for your time.

[Pondus]

Unmask/Sucuri. https://unmask.sucuri.net/security-report/?page=www.vagamundos.pt

[a.vagamundos]

Thank for your help. The Suspicious Inline Script is from WP Rocket plugin, a very popular plugin:
class RocketLazyLoadScripts{constructor(){this.v="1.2.3",this.triggerEvents=["keydown","mousedown","mousemove","touchmove...

We have Sucuri premium monitoring the site and I runned another scan and it keeps showing no issues, even on server side (print screen in attach). Therefore it seems a false positive to me.

[a.vagamundos]

Unmask/Sucuri. https://unmask.sucuri.net/security-report/?page=www.vagamundos.pt

I just tried running the test again and it is showing no issue now:
https://unmask.sucuri.net/security-report/?page=vagamundos.pt

[polonus]

Still website will kick up a 404 error and cannot be scanned:
hxtp://vagamundos.pt/.git/HEAD
This is  being flagged at Sucuri's.
Read:
httpss://serverfault.com/questions/128069/how-do-i-prevent-apache-from-serving-the-git-direc

polonus

[a.vagamundos]

Thanks a lot for your help. I read the info you send me and for what I understand the only page that Sucuri can´t read in the sitecheck page is the .git/HEAD (it even shouldn´t try to read it in the first place). Like I mentioned I have Sucuri Pro monitoring my site and I have no errors scaning the site or warnings at all.

Anyway I´m going to follow your tip and try to prevent apache from serving the .git directory. Hopefully it works.
Once again thank you for your help.

[a.vagamundos]

Just to give some feedback: Avast team already confirmed that it was a false positive and cleared the reputation on their database and therefore the site is not blacklisted anymore. I really apreciate the efforts of the ones who tried to help. Thank you guys!

[R&R]

I'm having the same issue with our website www.reno.solar Can someone help please?

[DavidR]

I'm having the same issue with our website wXw.reno.solar Can someone help please?

First there is little detail to work with, a screenshot of the Avast Alert, with the details option selected would also help.

Please modify your link (as I have in the quoted text) or just post the domain name leaving the www out completely, so it isn't active to prevent accidental exposure.

There are lots of links above where you can investigate and see what else may be found.
There is also a link in the first to report a suspected FP.

- Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include 'Attachments and other options'. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.