Avast is blocking our website wxw.vagamundos.pt claiming that it is infected with HTML:Script-inf[Susp].
We believe it is a false positive because our website is monitored 24/7 by Sucuri (premium account) and all the reports say that it is clean of malware.
We also checked for virus in several websites and all of them show that the site is not infected/blacklisted:
Since we work in the tourism sector weekends are usually very busy and many readers of our site are reporting that they cannot access our website, and that is hurting our brand image and company profit.
Can someone here helps us checking these false positive issue and help us with the site unblock?
Thank you so much for your time.
Thank for your help. The Suspicious Inline Script is from WP Rocket plugin, a very popular plugin:
class RocketLazyLoadScripts{constructor(){this.v=“1.2.3”,this.triggerEvents=[“keydown”,“mousedown”,“mousemove”,"touchmove…
We have Sucuri premium monitoring the site and I runned another scan and it keeps showing no issues, even on server side (print screen in attach). Therefore it seems a false positive to me.
Still website will kick up a 404 error and cannot be scanned:
hxtp://vagamundos.pt/.git/HEAD
This is being flagged at Sucuri’s.
Read:
httpss://serverfault.com/questions/128069/how-do-i-prevent-apache-from-serving-the-git-direc
Thanks a lot for your help. I read the info you send me and for what I understand the only page that Sucuri can´t read in the sitecheck page is the .git/HEAD (it even shouldn´t try to read it in the first place). Like I mentioned I have Sucuri Pro monitoring my site and I have no errors scaning the site or warnings at all.
Anyway I´m going to follow your tip and try to prevent apache from serving the .git directory. Hopefully it works.
Once again thank you for your help.
Just to give some feedback: Avast team already confirmed that it was a false positive and cleared the reputation on their database and therefore the site is not blacklisted anymore. I really apreciate the efforts of the ones who tried to help. Thank you guys!
First there is little detail to work with, a screenshot of the Avast Alert, with the details option selected would also help.
Please modify your link (as I have in the quoted text) or just post the domain name leaving the www out completely, so it isn’t active to prevent accidental exposure.
There are lots of links above where you can investigate and see what else may be found.
There is also a link in the first to report a suspected FP.
Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include ‘Attachments and other options’. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.
This page includes a JavaScript/iframe from [b]hxxps://js.localstorage.tk/s.js?qr=888[/b] that is blacklisted by Sucuri Labs, see hxxps://labs.sucuri.net/?blacklist=js.localstorage.tk hxxps://js.localstorage.tk/s.js?qr=888
I’m having the same issue trying to access zbj.com
it works on my cell phone but Avast blocks it on my laptop
Blacklisted HTML:Script-inf [Susp]
Please see attached screenshots
Quttera also flags as Detected Malicious Files
File name /fw/1928094.html
Threat name M.BL.Domain.gen
File type HTML
Reason Detected reference to malicious blacklisted domain -homesitetask.zbjimg dot com
Details Detected reference to blacklisted domain
Threat dump [[homesitetask.zbjimg dot com]]
Threat MD5 D17ED955D52B07C816EEFBFDA6A60017
File MD5 58619576420A044529D3D1B08D0DCF8B
Line Available via API only.
Reason: The file contains a reference to a blacklisted domain, -homesitetask.zbjimg.com, which is known to be malicious.
Threat dump: The blacklisted domain -homesitetask.zbjimg dot com
Threat MD5: D17ED955D52B07C816EEFBFDA6A60017
File MD5: 58619576420A044529D3D1B08D0DCF8B
Why is it flagged? M.BL.Domain.gen is likely a part of a GraphQL schema, specifically a part of a generated schema from a.NET Core project using the Microsoft.EntityFrameworkCore package.
When you run dotnet ef dbcontext scaffold to generate a DbContext and its related entities, it can generate a GraphQL schema using the Microsoft.EntityFrameworkCore.Tools package. The generated schema will include types like M.BL.Domain.gen, which represent the entities and relationships in your database.
In an API response, these types would typically be returned as JSON data, so yes, M.BL.Domain.gen could appear in an application/json response. For instance, the M.BL.Domain.gen type would correspond to the user entity in the GraphQL schema. The actual JSON payload would depend on the specific schema and the queries executed against the database.
Yes the FP FN info post was by @Pondus. I have Modified my post above in the hope @Pondus may see it and do the edit.
EDIT: Actually the “new reporting page” posted by @DavidR is the “selector” page that sits above the separate FP and FN pages that @Pondus posted. Both are valid and can be used, so not a big deal.