There is a difference in a script being ‘malicious’ or not and the script isn’t contained in the cookie, but there is likely to be something on the page, etc. that accesses/runs the quant.js file.

WOT is a user based reputational tool, it isn’t scanning anything in real time as the avast shields are.