My website is currently being blocked by Norton Safe Web (and Avira) as a dangerous site. The site was previously compromised, but we have completely cleaned it up.
We have taken the following actions:
Replaced all WordPress core files with clean ones.
Scanned the entire site using Wordfence Security, which detected 0 issues.
Scanned the URL on VirusTotal, which shows 0/90 detections.
However, the automated Safe Web dispute system keeps rejecting our requests. We strongly suspect this is a False Positive or a caching issue.
Could a senior analyst please manually review our site? If there is still a specific file or URL triggering the block, please tell us the exact file path so we can fix it.
Note: after submitting dispute and waiting 48 business hours with no change.
Please contact official Norton Support and advise support that you’ve submitted dispute and waited 48 business hours. My understanding is…once you state that you have already submitted False Positive over the submission portal and waited 48 business hours…support agent shall take the URL and detection screenshot and advance the case.
=============================================
Submission Portal:Norton Submission Portal. This system is used for tracking false positive reports. Site Ownership: Ensure you have officially “claimed” your website within the Safe Web portal. Verified owners generally have access to a dashboard where they can see the status of their site and any pending disputes without relying solely on email notifications. 48 hours: Community suggests waiting 48 business hours. If the status of your site has not changed on the Safe Web public lookup after this time, it likely means the dispute is still in the queue or was not processed. Norton Support: If you haven’t received an email or a status change after 48 hours, contact official Norton Support directly. Explicitly tell the agent: “I have already submitted a site dispute via the Safe Web portal more than 48 hours ago and have received no email notification or status update.” This often prompts support to escalate the ticket manually.
“URL:Block [InfoStl] usually means Norton detected behavior associated with information-stealing scripts. This is often caused by compromised code or third-party resources—not necessarily intentional malware by the site owner.”
The site appears legitimate (older domain, valid SSL), but at least one security source has flagged it as suspicious.
Norton’s “URL:Block [InfoStl]” usually means something on the site (often a script or third-party resource) matches patterns used by information-stealing malware.
In most cases this is caused by:
Injected or compromised JavaScript
A flagged third-party script (analytics, widget, etc.)
Or less commonly, a false positive
The site owner should check page source for unknown scripts, review third-party resources, and scan the site externally. If everything is clean, they can submit the site to Norton for re-evaluation.
source: ChatGPT (Norton app) AI sourced content may make mistakes
Thank you for your helpful advice, bjm. I will contact Norton Support directly and request a manual escalation as you suggested. I appreciate your support!
Thank you so much for going out of your way to check my site with Sucuri and VirusTotal, and for sharing the clean results here! I am also truly grateful that you reported the false positive to the Norton threat labs on my behalf. Your detailed explanation about the “InfoStl” detection was very helpful and reassuring.
I will wait for the threat labs to update their database. Thank you again for your incredible support!
I tried to contact Norton Support to request a manual escalation as you suggested, but unfortunately, the “Start Chat” button on the Japanese support portal seems to be broken. It won’t open on any browser (Chrome, Edge, etc.).
Since you have already kindly submitted the false positive report to the Threat Labs on my behalf, I will just wait for their 48-hour review.
I am very happy to report that my website is now officially rated as “Safe” on Norton Safe Web! The block has been completely removed.
Thank you so much for your invaluable help. I truly appreciate you taking the time to analyze my site and report the false positive to the Threat Labs on my behalf. I couldn’t have resolved this without your kind guidance and support.
