Jump to content
Kaspersky Support Forum

Website domain marked as Phishing

VoidStar1547

By VoidStar1547
in Virus and Ransomware related questions

 Share

Recommended Posts

VoidStar1547

VoidStar1547

Posted
Posted

Hello,

Kaspersky has marked our entire domain (poke-nexus.com) and all subdomains as phishing. This started with our native application server subdomain being marked (live-srv.poke-nexus.com), and has now spread to the whole domain. The sub-domain has it's own internal server running so that the native application can use TLS without having to go through the Cloudflare CDN, which we *do* want for the main website as we utilise their caching - the same goes for the cdn sub-domain as we use the cloudflare cache to help reduce server load for shared resources.

1) The live-srv subdomain returns 444 on https which should be "No Response" to terminate the connection. This is to indicate there is no valid website here, and http should automatically redirect to https (which would then return 444).

2) We would also like to state that the root domain poke-nexus.com is also a false positive and is our community's main website and forum.

3) We would also like to state that the cdn subdomain is also a false positive, as this is our shared resource server.

I'm willing to help/validate/reconfigure/do whatever I need to, as our community is now struggling to connect to our services.

 

Thanks

harlan4096

harlan4096

Posted
Posted

Welcome to Kaspersky Community.

 

Just reported the URL to K. analysts.

 

image.thumb.png.21afe2ebce12d8b5994cf63283389a99.png

harlan4096

harlan4096

Posted
Posted
Quote

Hello,

Dear User,

Thank you for sending a request to Kaspersky!
We have checked the link you sent us.
It has been confirmed as a false positive and excluded from our data loss threat protection databases.

Best regards, Senior Web Content Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

  • Like 1
VoidStar1547

VoidStar1547

Posted
  • Author
Posted

Many thanks - will this also apply to both subdomains (live-srv and cdn) I mentioned as well?

 

Void*

VoidStar1547

VoidStar1547

Posted
  • Author
Posted

@harlan4096

Hello, thank you for you initial response, I appreciate the assistance.

Unfortunately, it looks like live-srv.poke-nexus.com remains marked as phishing.

Are you able to double check on this please?

As before, if you need anything from me, please ask.

Regards,
Void*

  • Like 1
harlan4096

harlan4096

Posted
Posted

No Kaspersky detection here in that URL:

 

image.thumb.png.21f4417c948645f381f9961b0404ba4b.png

 

image.thumb.png.18922d0cf2037bc76a1055a79e45879e.png

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...