Apollo Lighting

Auto WhatsApp Story Sharing
Lightning-Fast Performance
Smart Ad Placement Control

About The Project

Industry :

Crypto Currency

Sector :

Information Security Analyst

Niche :

Web Security Specialist

Country :

United States

Technologies:

Team Size :

1 Frontend developer, 1 Wordpress developer

Initial Goal

Apollo Lighting’s BigCommerce storefront was flagged by multiple third-party security and reputation services as suspicious, and in some cases as potentially malicious or phishing-related. The client needed a trusted technical partner to investigate the root cause, clean up unnecessary or harmful storefront code, and restore the website’s reputation across major security vendors, all without disrupting the live storefront or the customer experience.

Pain Area

Security vendor flags: Services including Norton, Quttera, and VirusTotal flagged the domain, blocking access for staff and raising alarms with customers.

Suspicious script behavior: Unknown external domains, legacy scripts, and a custom login popup storing sensitive data in LocalStorage were all present in the storefront.

Messy redirect profile: 1,007 redirects were active, including 27 self-redirects, 4 broken entries, and 5 pointing to external domains contributing to scanner distrust.

Unclear source of issue: It was not initially clear whether the problem was DNS, SSL, endpoint security, injected scripts, or theme-level code requiring systematic investigation.

Development Approach

Connection and DNS assessment: Started with a connection-level review (ERR_CONNECTION_RESET), then examined DNS, nameservers, and domain configuration screenshots to rule out infrastructure failure as the root cause.

Endpoint and network isolation: Tested site access across office networks, personal mobile networks, and the office desktop in isolation to pinpoint that Norton endpoint security was blocking the domain on specific machines.

VirusTotal and Quttera analysis: Reviewed VirusTotal scan data to identify the single malicious vendor flag (ADMINUSLabs), and used Quttera’s findings, including blacklisted domain references and unconditional redirect detection, to trigger deeper file-level investigation.

Script Manager and theme audit: Individually reviewed all active Script Manager entries, footer scripts, theme partials, and storefront source output to distinguish safe business scripts from suspicious or unnecessary ones.

Dispute and vendor review submission: After cleanup, submitted review or dispute requests to Norton Safe Web, Quttera, and ADMINUSLabs to ensure updated scan results reflected the remediated storefront.

Deliverables Outlined

Delivered a thorough, documented investigation covering connection-level assessment, DNS review, redirect analysis, endpoint isolation testing, VirusTotal vendor flags, and Quttera findings. This gave the client a clear, evidence-backed understanding of exactly what caused the flags and why, not just a vague cleanup summary.

Removed or commented out unnecessary and suspicious scripts across footer, Script Manager, and theme files, including the Searchanise script, NoFraud device check, Wise Pops, a GraphQL testing script, and the LocalStorage-based "Remember Me" login logic. Safe business and tracking scripts were preserved after validation.

Identified and removed insecure custom login behavior that stored sensitive user data in browser LocalStorage, a poor security practice that had no place in the live storefront. Corrected Facebook Pixel Add to Cart tracking configuration and reviewed LP Event Tracking entry for legitimacy.

Submitted dispute or review requests to Norton Safe Web, Quttera, and ADMINUSLabs following remediation. Coordinated the evidence, cleanup summary, and supporting context required for each vendor's review process, resulting in confirmed removal by Norton and clean scan results from Quttera, Bitdefender, and DNSChecker.

Challenges Faced

Multiple overlapping root causes made it unclear whether the issue was DNS, SSL, scripts, or endpoint-level blocking

Scripts were embedded across footer, Script Manager, and hardcoded theme files not all in one place

Isolating the {{{footer.scripts}}} injection path required a controlled disabling test to rule it out

Quttera flagged a blacklisted domain (searchserverapi1.com) requiring both removal and a separate dispute submission

Some storefront output came from theme partials not directly visible in

layout/base.html, requiring deeper tracing

Solution

Applied a systematic, layer-by-layer investigation connection → DNS → endpoint → scripts → theme — to eliminate causes one at a time

Audited each script location independently (footer, Script Manager, base.html, partials) before making any changes

Used isolation testing by temporarily disabling {{{footer.scripts}}} to confirm or rule out that injection path

Removed the blacklisted domain references from storefront code and initiated a formal Quttera blacklist review by email

Traced unexpected storefront output to theme partials and content/widget

render areas through source inspection

Success Story

Norton cleared

Quttera: zero malicious files

Bitdefender: site safe

DNSChecker: no threat detected

Through a methodical investigation and targeted cleanup, we transformed Apollo Lighting’s storefront from a security-flagged risk into a verified, clean web property. By tracing the issue through multiple layers endpoint blocking, reputation vendor flags, script injection paths, and theme-level code we were able to remove the actual causes rather than apply a surface-level fix.

Norton confirmed the removal of the suspicious flag by email. Quttera subsequently reported zero malicious and zero suspicious files. Bitdefender Link Checker declared the site safe, and DNSChecker’s IP Blacklist Check showed no threat detected. The storefront is now in a materially cleaner, lower-risk state — with the documentation to prove every step of how it got there.