Developer finds his website banned by Google, spends weeks getting it delisted by security firms
One software engineer found that his side project website was mistakenly banned by Google – instantly, 10 other security firms flagged it, too. He spent weeks getting it delisted, raising concerns about one company’s control over the web.
Bogdan Chadkin, a frontend engineer who goes by the username TrySound on GitHub, recently started a new side project called Engramma. This is a free tool that helps web designers manage colors, fonts, spacing, and other visual elements, outputting them as CSS variables.
One Friday evening, he discovered that Google Safe Browsing flagged the website, and the browsers started alerting users about a “Deceptive site ahead” – a full-screen red banner that appears when a dangerous site is detected.
“You pour some tea, open your laptop, and navigate to your project, only to find a red banner across the whole app placed by the browser saying ‘Deceptive site ahead,’ Chadkin shared the experience in a blog post.
The site, according to the author, had no phishing, no malware, and only anonymous analytics. The developer followed Google’s instructions, checked the status in the Google Safe Browsing platform, created an account in Google Search Console, and verified domain ownership.
“The error message remained frustratingly vague, something about ‘detected phishing activity.’ I submitted a review request with a brief clarification,” Bogdan said.
Clearing the domain with Google was really simple – just two hours later, the engineer got an email confirmation, and the red banner vanished instantly. Alas, it took nearly three weeks to restore the site’s reputation fully.
Multiple vendors flagged the project
While the browsers no longer showed the alert, multiple security apps still showed warnings to users. A quick check on VirusTotal, a free online service comparing multiple antivirus engines and website scanners, revealed that 10 other security vendors had flagged the Engramma.dev domain.
Even X blocked posts containing the engramma.dev domain.
“Now began the real work, contacting each vendor through web forms, forums, and support emails,” Chadkin writes.
The author detailed the experiences with each of the 10 vendors that flagged his website. It was the easiest with CRDF, which maintains a dedicated form to report false positives. CRDF removed the website from its database the next morning.
It wasn't as fast with other vendors. Bitdefender cleared the website three days after contacting support, followed by Fortinet and alphaMountain.ai – each took four days.
However, Bogdan was especially frustrated with Fortinet, because “their automated ‘review’ system confirmed the phishing classification after my first request,” and it took multiple subsequent submission attempts before one direct email finally broke through.
CyRadar lifted the ban after six days, Seclookup took eight days, at some point the flag was cleared by ESET and Lionic, and Gridinsoft took the longest –16 days in total.
The developer was forced to navigate mazes of web forms, AI chatbots, support emails, and forum registrations, while most vendors didn’t ever bother to reply – the flags just disappeared one after the other.
“No confirmation email, no status update, no resolution notice. At some point, the flag simply disappeared,” Bogdan described the experience.
Ultimately, VirusTotal showed zero detections, but the mystery remained.
What was the root cause of the ban?
The developer never got an exact answer as to why his website was flagged.
“Three days after resolving the Google flag, Search Console sent another alert: Social engineering content detected on engramma.dev,” the developer noted.
Bogdan submitted another request. Three days passed – another incident flag.
Bogdan eventually suspected a single, easy-to-miss culprit – a 302 temporary redirect. This is a web technique to send visitors from one web address to another. Bogdan’s site didn’t have a home page at the time – engramma.dev’s visitors were redirected directly to app.engramma.dev.
“In addition to a newly registered domain, this looks like an obvious issue. Security systems flag such redirects because malicious actors use them extensively,” Bogdan speculates.
Once he replaced the redirect with a simple landing page, the alerts stopped. The developer is now warning other website owners to avoid temporary redirects as it can be a ‘damaging shot in the foot.”
Cybernews has reached out to Google for a comment and will update the story with its response.
Raises broader concerns
The story gained a lot of attention on Lobste.rs, a community-driven forum for programmers and tech professionals.
Users shared other similar stories. One developer accidentally discovered that their website was mistakenly banned. The domain was completely frozen, and to lift the ban with Google, the developer needed to prove ownership by adding a small piece of code to the website, which was impossible while the website was down. The developer recommended adding the new website to Google Search Console immediately to avoid a similar trap.
Lobste.rs users raised concerns about Google's influence over the web.
“Still scares me how much control one company has over this kind of thing,” one user posted.
Others raised a broader question about the security vendor ecosystem, suggesting that a single flag shouldn’t trigger a cascade across independent firms with their own algorithms.
“An obvious herd mentality, with the lead wildebeest of the herd being Google,” another user posted.
Unlock more exclusive Cybernews content on YouTube.
