{
  "$type": "site.standard.document",
  "canonicalUrl": "https://trysound.io/how-my-side-project-got-banned-from-the-internet",
  "description": "A little piece about dealing with security providers and clearing my side project's reputation after a false positive flagging.",
  "path": "/how-my-side-project-got-banned-from-the-internet",
  "publishedAt": "2026-02-12T00:00:00.000Z",
  "site": "at://did:plc:ookzzzg4hc3mxf44jkocwiep/site.standard.publication/3mmgno6gxmw2z",
  "textContent": "Friday evening is a great time for tinkering with a side project after a long\nweek. You pour some tea, open your laptop and navigate to your project, only to\nfind a red banner across whole app placed by the browser saying \"Deceptive site\nahead\".\n\n!Google Chrome deceptive site warning banner\n\nThis happened with Engramma, my tool for editing\nJSON with design tokens. No phishing, no malware, only anonymous analytics.\n\nWhat Is Engramma?\n\nI built Engramma to explore better approaches for\ndesign systems and improves the experience of working with them. It's very much\na work in progress with only a handful of users, so this warning felt especially\nsurreal.\n\nIt made me wonder, how damaging would it be for an active business? A few hours\nof downtime costs real money. For me it costed only time.\n\nFighting False Positives\n\nGoogle (2h)\n\nAs the banner suggested I checked the status in\nGoogle Safe Browsing, created an\naccount at Google Search Console,\nand verified domain ownership with a TXT record in DNS settings. The error\nmessage remained frustratingly vague, something about \"detected phishing\nactivity\".\n\nI submitted a review request with a brief clarification. Two hours later, an\nemail arrived: the domain was cleared. The red banner vanished instantly.\n\n_Phew._\n\nWell, not quite. A deeper dive revealed the problem was far from over. A check\non VirusTotal showed 10 different security\nvendors had flagged the domain.\n\n!VirusTotal scan showing 10 security vendors flagging the domain\n\nGoogle's warning might be gone, but security providers started warning users\nwith their installed apps.\n\nNow began the real work, contacting each vendor through web forms, forums, and\nsupport emails. Here's how they ranked from best to worst.\n\nCRDF (1 day)\n\nCRDF maintains a dedicated false positives form requiring no account creation. I\nsubmitted details and received a response the next morning:\n\n> We are pleased to inform you that the domain name 'engramma.dev' have been\n> removed from our database.\n\nBitDefender (3 days)\n\nBitDefender's support defaults to an AI bot that knows nothing. I immediately\ntyped \"human agent.\" The AI obliged, transferring me to a support representative\nwho escalated to technicians.\n\nThree days later:\n\n> The initial detection was a false positive.\n\nalphaMountain.ai (4 days)\n\nAccount creation is required just to submit a report—an annoying friction layer\nwhen you're dealing with multiple vendors. I posted my case and waited.\n\nFour days later:\n\n> We have rescanned and reclassified the site. Our partner systems will be\n> updated within 24 hours.\n\nFortinet (4 days)\n\nThe most frustrating experience. Their automated \"review\" system confirmed the\nphishing classification after my first request. The submission form uses\nunintuitive categories that took multiple attempts. Eventually, I bypassed the\nform entirely and replied directly to one of their automated emails.\n\nResult:\n\n> Updated Category: Information Technology\n\nFour days, multiple form submissions, and one firm email to escape the\nautomation loop.\n\nCyRadar (6 days)\n\nTheir \"Report False Positive\" button redirects to Messages by Meta. I closed the\ntab immediately.\n\nHowever, I found a contact email on their site. Six days later:\n\n> Thanks for your response. We will reply you soon.\n\nThey never did. The flag disappeared eventually, though I received no\nconfirmation.\n\nSeclookup (8 days)\n\nFirst attempt early January, sent email. No response. Nothing.\n\nSecond attempt 8 days later. Thirty minutes later:\n\n> This is an automated response to confirm that the following domains have been\n> successfully whitelisted: engramma.dev, github.com\n\nApparently, their bot was on holiday. As a bonus they also whitelisted\ngithub.com, which I hadn't requested.\n\nESET\n\nForum registration required. I created an account, posted my case, and...\nnothing. No confirmation email, no status update, no resolution notice. At some\npoint, the flag simply disappeared. Ignorance is bliss, hah?\n\nLionic\n\nWeb form only. No confirmation, no timeline, no transparency. The flag\neventually cleared.\n\nGridinsoft (16 days)\n\nGridinsoft was both first and last on my list. Their initial response:\n\n> The current flagging of your domain is not based on a manual decision by our\n> team. It originates from detections reported by multiple third-party security\n> and reputation providers.\n\nThey cited VirusTotal and essentially said: \"Go fix everyone else first.\"\n\nSo I did. I hunted down every vendor on that VirusTotal list, cleared them one\nby one, and returned two weeks later. This time, they performed a manual\nre-scan. The trust score finally updated.\n\n!VirusTotal scan showing clean status after resolving all flags\n\nWhat Went Wrong\n\nThree days after resolving the Google flag, Search Console sent another alert:\n\n> Social engineering content detected on engramma.dev\n\nSame cryptic error, zero explanation. I submitted another review request noting\nthat the site contained no phishing content.\n\nAll got quiet. Then, a few days later, another identical flag.\n\nDigging through Google forums, I found the most reported culprit: 302\ntemporary redirects. I used one redirect (engramma.dev → app.engramma.dev) to\navoid building a landing page. In addition to a newly registered domain, this\nlooks like an obvious issue. Security systems flag such redirects because\nmalicious actors use them extensively.\n\nSo I built a small landing page with the Engramma logo and an \"Open Engramma\"\nbutton. Submitted one final review.\n\nA week later, everything cleared. Almost a month later, still no issues.\n\nFinal thoughts\n\nI always thought temporary redirect is a safe bet to avoid future issues with\nSEO but turns out can be damaging shot in the foot.\n\nIf you're launching on a fresh domain, monitor its status proactively. Check\nVirusTotal before launch. Set up Google Search Console immediately. One\nerroneous flag can spread like a virus across vendor databases.\n\nAutomated systems are causing real harm. \"Request review\" processes shouldn't\nrequire detective work to find contact forms, forum registrations, and email\naddresses. A 15-day resolution time for a false positive is unacceptable for\nbusinesses that depend on web traffic.\n\nIf something like this happens to you: don't panic, act fast. Hit their every\nchannel, forms, emails, social links. Let them know.\n\n_P.S._ During the entire time, Twitter blocked any posts containing the\nengramma.dev domain. Good thing there are many other\nchannels to share.",
  "title": "How my side project got banned from the internet"
}