Jump to content

Website marked as phishing, no indication that it is being re-analyzed.

Recommended Posts

I submitted my website to be re-analyzed and while the website screenshots were updated, it was still deemed dangerous. I have fixed the CSP for my HTTPS and HTML header to use hashes. There is no input form available on my website. There should be no way for malicious code to be implemented into the website by others, to the best of my knowledge. I've included the immuniweb scan of my last security test. Since then I've changed the filler nonce-values to hashes. For some reason Wapiti says I don't have X-XSS protection but I do, through cloudflare. 













Link to comment
Share on other sites

40 minutes ago, sabuya said:
  1. I submitted my website to be re-analyzed and while the website screenshots were updated, it was still deemed dangerous.

Hello @sabuya


  1. We've logged the issue with Kaspersky's Virus Lab to re-analyse the site. Please wait for their feedback, it will be posted here as soon as it's available. 
  • (Noting Kaspersky's Virus Lab are the only Kaspersky team qualified to make a determination).2024-01-22_164735.thumb.png.de08d6db1e63096d522aef2af89e249a.png

Thank you🙏

Edited by Flood and Flood's wife
added images
Link to comment
Share on other sites

@sabuya Welcome.

Kaspersky Threat Intelligence Portal is reporting  some JS objects as dangerous  e.g.  🤔




Component: Safe Browsing
Result description: Blocked
Type: Threat of data loss
Name: https://sabahayub.com/
Precision: Exactly
Threat level: High
Object type: Web page
Object path: https://sabahayub.com
Reason: Databases
Databases release date: Today, 22/01/2024 5:50:00



  • Like 1
Link to comment
Share on other sites


Referring to above JS object

↓ From Kaspersky Virus Lab ↓



Dear User,

Thank you for sending a request to Kaspersky!
We have checked the link you sent us.
It has been confirmed as a false positive and excluded from our data loss threat protection databases.

Best regards, Xxxxxx Xxxxxx, Intern
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700"

As i noticed more suspicious JS objects please check again ?

  • Like 2
  • Haha 1
Link to comment
Share on other sites

Yeah it's the text-typing effect I have on the main webpage.

https : //www.typeitjs.com/


1. Get the code through one of the following means:

https : //unpkg.com/typeit@8.8.3/dist/index.umd.js

  • Include the source on your page.
<script src="https://unpkg.com/typeit@@{TYPEIT_VERSION}/dist/index.umd.js"></script>

The unpkg url I used is 

https : //unpkg.com/typeit@8.8.0/dist/index.umd.js

Instead of linking it from its source I formatted it and put it into a JavaScript file so I could tweak the cursor's blinking speed to be more like a Linux terminal. 

Edited by Berny
Links disabled
  • Like 1
Link to comment
Share on other sites


Thank you for your feedback.

I can olny search and detect  suspicious  blocked objects , only Kaspersky Virus Lab can proceed with a deeper analysis and confirm or deny a FP. Some other JS objects were also reported as suspicious but I don’t like to share them on this Forum, please check your HTML source code ?

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...