Author Topic: False Positive: Site Blocked - HTML:Script-inf  (Read 18508 times)

0 Members and 1 Guest are viewing this topic.

Offline a.vagamundos

  • Newbie
  • *
  • Posts: 9
False Positive: Site Blocked - HTML:Script-inf
« on: May 27, 2023, 02:43:20 PM »
Avast is blocking our website wxw.vagamundos.pt claiming that it is infected with HTML:Script-inf[Susp].

We believe it is a false positive because our website is monitored 24/7 by Sucuri (premium account) and all the reports say that it is clean of malware.
We also checked for virus in several websites and all of them show that the site is not infected/blacklisted:

https://www.virustotal.com/gui/url/9cc4af13183fbbff4724da3174298b7d27eea4d8e4cf76c69ef37c400ea84c2c?nocache=1
https://labs.sucuri.net/blacklist/info/?domain=vagamundos.pt
https://www.siteadvisor.com/sitereport.html?url=vagamundos.pt
https://yandex.com/safety/?url=vagamundos.pt&l10n=en
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.vagamundos.pt%2F

We already filled a report yesterday at https://www.avast.com/false-positive-file-form.php but we got no feedback.

Since we work in the tourism sector weekends are usually very busy and many readers of our site are reporting that they cannot access our website, and that is hurting our brand image and company profit.

Can someone here helps us checking these false positive issue and help us with the site unblock? 
Thank you so much for your time.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user

Offline a.vagamundos

  • Newbie
  • *
  • Posts: 9
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #2 on: May 27, 2023, 03:55:51 PM »
Thank for your help. The Suspicious Inline Script is from WP Rocket plugin, a very popular plugin:
class RocketLazyLoadScripts{constructor(){this.v="1.2.3",this.triggerEvents=["keydown","mousedown","mousemove","touchmove...

We have Sucuri premium monitoring the site and I runned another scan and it keeps showing no issues, even on server side (print screen in attach). Therefore it seems a false positive to me.


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #4 on: May 28, 2023, 07:02:53 PM »
Still website will kick up a 404 error and cannot be scanned:
hxtp://vagamundos.pt/.git/HEAD
This is  being flagged at Sucuri's.
Read:
httpss://serverfault.com/questions/128069/how-do-i-prevent-apache-from-serving-the-git-direc

polonus
« Last Edit: May 28, 2023, 07:15:59 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline a.vagamundos

  • Newbie
  • *
  • Posts: 9
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #5 on: May 28, 2023, 09:20:37 PM »
Thanks a lot for your help. I read the info you send me and for what I understand the only page that Sucuri can´t read in the sitecheck page is the .git/HEAD (it even shouldn´t try to read it in the first place). Like I mentioned I have Sucuri Pro monitoring my site and I have no errors scaning the site or warnings at all.

Anyway I´m going to follow your tip and try to prevent apache from serving the .git directory. Hopefully it works.
Once again thank you for your help.

Offline a.vagamundos

  • Newbie
  • *
  • Posts: 9
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #6 on: May 29, 2023, 01:26:59 PM »
Just to give some feedback: Avast team already confirmed that it was a false positive and cleared the reputation on their database and therefore the site is not blacklisted anymore. I really apreciate the efforts of the ones who tried to help. Thank you guys!

Offline R&R

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #7 on: April 19, 2024, 07:34:45 PM »
I'm having the same issue with our website www.reno.solar Can someone help please?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89439
  • No support PMs thanks
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #8 on: April 19, 2024, 08:23:55 PM »
I'm having the same issue with our website wXw.reno.solar Can someone help please?

First there is little detail to work with, a screenshot of the Avast Alert, with the details option selected would also help.

Please modify your link (as I have in the quoted text) or just post the domain name leaving the www out completely, so it isn't active to prevent accidental exposure.

There are lots of links above where you can investigate and see what else may be found.
There is also a link in the first to report a suspected FP.

- Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include 'Attachments and other options'. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.
« Last Edit: April 19, 2024, 08:25:34 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #9 on: April 20, 2024, 04:04:35 PM »
The site is no longer being blocked by Avast.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Hanneliina

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #10 on: June 01, 2024, 12:31:07 PM »
Avast blocks access to the site's Sukututkijan sanasto -pages. How can I bypass the block?
https://www.juuret.org/sanasto

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #11 on: June 01, 2024, 01:48:23 PM »
Avast blocks access to the site's Sukututkijan sanasto -pages. How can I bypass the block?
https://www.juuret.org/sanasto
Malware detected  https://sitecheck.sucuri.net/results/www.juuret.org


Quote
This page includes a JavaScript/iframe from hxxps://js.localstorage.tk/s.js?qr=888 that is blacklisted by Sucuri Labs, see hxxps://labs.sucuri.net/?blacklist=js.localstorage.tk  hxxps://js.localstorage.tk/s.js?qr=888

https://www.virustotal.com/gui/url/d7ddbcb38657da97fc3089d8973255648355e529691a2fcfcc564cecf55afe1c?nocache=1


« Last Edit: June 02, 2024, 09:52:56 AM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #12 on: June 03, 2024, 03:50:27 PM »
Cleanse the live link, like with hxtp:// or -http://

See the 16 malicious files given here: https://quttera.com/detailed_report/www.juuret.org

Infested with M.BL.Domain.gen. Also see: https://sitecheck.sucuri.net/results/www.juuret.org

Belonging to compromised website categories.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline John745

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #13 on: July 06, 2024, 06:50:51 PM »
I'm having the same issue trying to access zbj.com
it works on my cell phone but Avast blocks it on my laptop
Blacklisted HTML:Script-inf [Susp]
Please see attached screenshots

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89439
  • No support PMs thanks
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #14 on: July 06, 2024, 09:30:22 PM »
I'm having the same issue trying to access zbj.com
it works on my cell phone but Avast blocks it on my laptop
Blacklisted HTML:Script-inf [Susp]
Please see attached screenshots

New location to report either a False Positive and or a False Negative (for File or URL) - https://www.avast.com/submit-a-sample#pc
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security