sabuya Posted January 22 Share Posted January 22 Hello! I submitted my website to be re-analyzed and while the website screenshots were updated, it was still deemed dangerous. I have fixed the CSP for my HTTPS and HTML header to use hashes. There is no input form available on my website. There should be no way for malicious code to be implemented into the website by others, to the best of my knowledge. I've included the immuniweb scan of my last security test. Since then I've changed the filler nonce-values to hashes. For some reason Wapiti says I don't have X-XSS protection but I do, through cloudflare. Link to comment Share on other sites More sharing options...
Flood and Flood's wife Posted January 22 Share Posted January 22 (edited) 40 minutes ago, sabuya said: I submitted my website to be re-analyzed and while the website screenshots were updated, it was still deemed dangerous. Hello @sabuya, Welcome! We've logged the issue with Kaspersky's Virus Lab to re-analyse the site. Please wait for their feedback, it will be posted here as soon as it's available. (Noting Kaspersky's Virus Lab are the only Kaspersky team qualified to make a determination). Thank you🙏 Flood🐳+🐋 Edited January 22 by Flood and Flood's wife added images Link to comment Share on other sites More sharing options...
Berny Posted January 22 Share Posted January 22 @sabuya Welcome. Kaspersky Threat Intelligence Portal is reporting some JS objects as dangerous e.g. 🤔 Spoiler Component: Safe Browsing Result description: Blocked Type: Threat of data loss Name: https://sabahayub.com/ Precision: Exactly Threat level: High Object type: Web page Object path: https://sabahayub.com Reason: Databases Databases release date: Today, 22/01/2024 5:50:00 1 Link to comment Share on other sites More sharing options...
Berny Posted January 22 Share Posted January 22 @sabuya Referring to above JS object ↓ From Kaspersky Virus Lab ↓ Quote "Hello, Dear User, Thank you for sending a request to Kaspersky! We have checked the link you sent us. It has been confirmed as a false positive and excluded from our data loss threat protection databases. Best regards, Xxxxxx Xxxxxx, Intern 39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700" As i noticed more suspicious JS objects please check again ? 2 1 Link to comment Share on other sites More sharing options...
sabuya Posted January 23 Author Share Posted January 23 (edited) @Berny Yeah it's the text-typing effect I have on the main webpage. https : //www.typeitjs.com/ Quote 1. Get the code through one of the following means: https : //unpkg.com/typeit@8.8.3/dist/index.umd.js Include the source on your page. <script src="https://unpkg.com/typeit@@{TYPEIT_VERSION}/dist/index.umd.js"></script> The unpkg url I used is https : //unpkg.com/typeit@8.8.0/dist/index.umd.js Instead of linking it from its source I formatted it and put it into a JavaScript file so I could tweak the cursor's blinking speed to be more like a Linux terminal. Edited January 23 by Berny Links disabled 1 Link to comment Share on other sites More sharing options...
sabuya Posted January 23 Author Share Posted January 23 @Berny I'm not sure if this is a valid analysis but I analyzed the file in the threat intelligence portal. Link to comment Share on other sites More sharing options...
Berny Posted January 23 Share Posted January 23 @sabuya Thank you for your feedback. I can olny search and detect suspicious blocked objects , only Kaspersky Virus Lab can proceed with a deeper analysis and confirm or deny a FP. Some other JS objects were also reported as suspicious but I don’t like to share them on this Forum, please check your HTML source code ? Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now