Jump to content

Recommended Posts

Posted

Hello!
I submitted my website to be re-analyzed and while the website screenshots were updated, it was still deemed dangerous. I have fixed the CSP for my HTTPS and HTML header to use hashes. There is no input form available on my website. There should be no way for malicious code to be implemented into the website by others, to the best of my knowledge. I've included the immuniweb scan of my last security test. Since then I've changed the filler nonce-values to hashes. For some reason Wapiti says I don't have X-XSS protection but I do, through cloudflare. 

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_1.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_2.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_3.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_4.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_5.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_6.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_7.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_8.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_9.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_10.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_11.jpg

1705899903038-afce153a-d45f-4009-8866-b7a18212dc83_12.jpg

Flood and Flood's wife
Posted (edited)
40 minutes ago, sabuya said:
  1. I submitted my website to be re-analyzed and while the website screenshots were updated, it was still deemed dangerous.

Hello @sabuya

Welcome!

  1. We've logged the issue with Kaspersky's Virus Lab to re-analyse the site. Please wait for their feedback, it will be posted here as soon as it's available. 
  • (Noting Kaspersky's Virus Lab are the only Kaspersky team qualified to make a determination).2024-01-22_164735.thumb.png.de08d6db1e63096d522aef2af89e249a.png

Thank you🙏
Flood🐳+🐋 

Edited by Flood and Flood's wife
added images
Posted

@sabuya Welcome.

Kaspersky Threat Intelligence Portal is reporting  some JS objects as dangerous  e.g.  🤔

saba.jpg.09d901b59d77fbf6a9fd47a8122f422d.jpg

 

Spoiler

Component: Safe Browsing
Result description: Blocked
Type: Threat of data loss
Name: https://sabahayub.com/
Precision: Exactly
Threat level: High
Object type: Web page
Object path: https://sabahayub.com
Reason: Databases
Databases release date: Today, 22/01/2024 5:50:00

 

 

  • Like 1
Posted

@sabuya

Referring to above JS object

↓ From Kaspersky Virus Lab ↓

Quote

"Hello,

Dear User,

Thank you for sending a request to Kaspersky!
We have checked the link you sent us.
It has been confirmed as a false positive and excluded from our data loss threat protection databases.

Best regards, Xxxxxx Xxxxxx, Intern
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700"

As i noticed more suspicious JS objects please check again ?
 

  • Like 2
  • Haha 1
Posted (edited)

@Berny
Yeah it's the text-typing effect I have on the main webpage.

https : //www.typeitjs.com/
 

Quote

1. Get the code through one of the following means:

https : //unpkg.com/typeit@8.8.3/dist/index.umd.js

  • Include the source on your page.
<script src="https://unpkg.com/typeit@@{TYPEIT_VERSION}/dist/index.umd.js"></script>

The unpkg url I used is 

https : //unpkg.com/typeit@8.8.0/dist/index.umd.js

Instead of linking it from its source I formatted it and put it into a JavaScript file so I could tweak the cursor's blinking speed to be more like a Linux terminal. 

Edited by Berny
Links disabled
  • Like 1
Posted

@Berny
I'm not sure if this is a valid analysis but I analyzed the file in the threat intelligence portal.
image.thumb.png.6cac81bfff2b61ba9e3e50d6f4d93910.pngimage.thumb.png.92ddc62af1514a0aa7b58671665299a8.png

Posted

@sabuya 
 

Thank you for your feedback.

I can olny search and detect  suspicious  blocked objects , only Kaspersky Virus Lab can proceed with a deeper analysis and confirm or deny a FP. Some other JS objects were also reported as suspicious but I don’t like to share them on this Forum, please check your HTML source code ?

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...