Jump to content
Kaspersky Support Forum

Website false alarm

aq777
 Share
Go to solution Solved by Flood and Flood's wife,

Recommended Posts

Flood and Flood's wife

Flood and Flood's wife

Posted
Posted (edited)
On 10/13/2023 at 2:59 AM, aq777 said:

When I visit this completely legit website, my up-to-date KIS 21.3.10.391 reports that it is infected when in reality it is not: https:// therootbrands . com/de/product/rs/

  1. Any suggestions? 
On 10/13/2023 at 11:32 PM, aq777 said:

2. Me too... Maybe this "submit to reanalysis" error should be reported as well...

Hello @aq777

Thank you for posting back!

  1. We've submitted the data using step 3 of Kaspersky's documented process: Kaspersky application blocks my website or application. What should I do?, please wait for a response from the Virus Lab, we will post it when it's available
  2. https://opentip.kaspersky.com/ is working for other submissions (image 2), just not the www that (you're) concerned about (image 1). 

https://www.virustotal.com/gui/url/1a0a88d755dae5584d4794a3dbdf612a395b7eecfcc38308d182d17a27474193

image.thumb.jpeg.26d729dc8c2cbeba342f283953d4eb85.jpeg

image.thumb.jpeg.5a3408f463fe3aecead29ab677727e08.jpeg

image.thumb.jpeg.5b2a454f2bf11707ac9e965e9d55d5ab.jpeg

Thank you🙏
Flood🐳+🐋

Edited by Flood and Flood's wife
grammar😌
  • Like 1
Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted
19 hours ago, Berny said:

Has been done.

FYI @Berny

As we advised & showed in our post to @aq777, there is nothing wrong with Kaspersky's Threat Intelligence Portal, all URLS submitted via - Submit to reanalyze are processing *normally* = as expected - the only issue is with one URL - that being the one that @aq777 could not submit for analysis. 

Flood🐳+🐋

Link to comment
Share on other sites
  • Solution
Flood and Flood's wife

Flood and Flood's wife

Posted
  • Solution
Posted (edited)
On 10/13/2023 at 2:59 AM, aq777 said:

When I visit this completely legit website, my up-to-date KIS 21.3.10.391 reports that it is infected when in reality it is not: https:// therootbrands . com/de/product/rs/

Hello @aq777

Update from Kaspersky Virus Lab:

  • "The classification is correct.
  • This site has been compromised.
  • The site distributes PDF documents containing phishing and malicious URLs.
  • These files are located on the following path: therootbrands.com/wp-content/uploads/2022/12/*
  • They suggested removing the phishing/malicious files at the mentioned path.
  • Also, they recommend changing passwords to all services that can be used to modify website content because they may have been stolen." 

IF (you) have contact with the owners of the www you may wish to share this information with them. 

Thank you🙏
Flood🐳+🐋

Edited by Flood and Flood's wife
grammar😌
  • Like 1
Link to comment
Share on other sites
  • 2 weeks later...
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted
2 hours ago, aq777 said:

Update: site owners apparently cleaned the above path from the bad PDF files because KIS no longer reports an infection when I visit that page.

Hello @aq777

Welcome back!

  1. Did the site owners *actually* confirm to (you) they have cleaned their site? 
  2. Images - as follows, from checking today: 2nd November 2023, after reading (your) update: image 1 = your original URL, image 2 = the URL the Virus Lab experts sent in their advisory, image 3 = Kaspersky Report, image 4 = generic Google search for "therootbrands" -> ioo the issue persists: 

image.thumb.jpeg.25912c598772050d6966fa25440ce9f9.jpeg

 

image.thumb.jpeg.3baa02c6a8fee4ccee90bdf7ecf6b14e.jpeg

 

image.thumb.jpeg.1f6404e4381076f424769d4e1e5547b9.jpeg

 

image.thumb.jpeg.8bbedeb9b9bdac9ec72b17174dd5a417.jpeg

Thank you🙏
Flood🐳+🐋

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...