False flag

Viggo_Henelius

Hi!

My name is Viggo, and together with some friends we have launched a hull cleaning business for this summer. We are unfortunately suffering from being false flagged by F-secure at the moment. We have had a professional build our site and run it, but I have been unable to get in contact with F-secure to update our rating. On the 12th of March I submitted a dispute via the official channel but have heard nothing from that. Does anyone have any advice how to get in contact with an actual human at the company to try and sort this out?

/Viggo

Ukko

On the 12th of March I submitted a dispute via the official channel but have heard nothing from that

Did you use: https://www.f-secure.com/en/support/submit-a-sample ?

Did you say "Yes" to "Do you want to give more details about this sample url?"

Did you provide more details and your valid email in forms?

Anyway, I see that your website is flagged by many vendors and even since last month this number has increased. As well as you contacted some of them via their communities.

I did not look around, but maybe you do use Next.js;

If this is so, then huge vulnerabilities were discovered in React / Next.js some months ago and many websites were hacked. Probably you may find more information by searching about CVE-2025-55182
; CVE-2025-66478; less likely: CVE-2025-59471; CVE-2025-29927

Can you confirm that your website is unaffected/patched? Or was it affected at some point at all?

Then it will be clear whether your website currently has any'troubles' that need to be addressed (and all vendors correctly flag it as either phishing, malicious, or suspicious).

Or whether it's simply a consequence of previous problems. And the databases are still not in proper condition.

Otherwise I do not see reason to be flagged by tens (or more) vendors as 'tricky' website.

// for example, this discussion on Reddit forum or this about owner of next.js project (website) who faced incident likely related to mentioned vulnerabilities/exploits-in-wild. it was an obscure situation for him. so, best to ensure that your website is indeed as clean as possible; and as 'unaffected' by any known vulnerabilities / stuff as possible.

Thanks!

// if I wrongly deducted your website, then sorry.

// // but if so, then someone is trying to use your identity as well.

Does anyone have any advice how to get in contact with an actual human at the company to try and sort this out?

https://www.f-secure.com/gb-en/support - with options like phone or web-chat. you can ask in web-chat to connect you with Support Agent. I am not sure about situation with phone calls.