Potentially Suspicious code. Google marked site as phishing

Describe the issue/error/question

Hello today’s morning my root domain and all of the subdomains was taken off google and marked as deceptive and dangerous because of phishing danger. One of the very few changes I made recently was updating n8n self-hosted (docker). I already rejected other possibilities. Only clue is that one of free scanners I use detected “Potentially Suspicious files” on my n8n site. This is my very only clue at this moment. Can somebody tell is this normal? I’ll keep searching but i just want to be sure. Details below.


Part of code marked as “Potentially Suspicious”:

[[owAe(Oe);returnr.facade=t,ve(t,Se,r),r},ne=function(t){returnge(t,Se)?t[Se]:{}},oe=function(t){returnge(t,Se)}}varRe={set:ee,get:ne,has:oe,enforce:function(t){returnoe(t)?ne(t):ee(t,{})},getterFor:function(t){returnfunction(r){vare;if(!he(r)||(e=ne(r)).type!==t)throwAe("Incompatiblereceiver,"+t+"required");returne}}},Ie=O,_e=o,je=B,Pe=Ft,xe=i,Ce=Zr.CONFIGURABLE,Me=ie,Le=Re.enforce,De=Re.get,Ne=String,ke=Object.defineProperty,Fe=Ie("".slice),Ue=Ie("".replace),We=Ie([].join),Be=xe%26%26!_e((function(){return8!==k]]

What is the error message (if any)?

not applicable

Please share the workflow

not applicable

Share the output returned by the last node

not applicable

Information on your n8n setup

  • n8n version: 0.217.2
  • Database you’re using (default: SQLite):MariaDB
  • **Running n8n with the execution process [own(default), main]: default **
  • Running n8n via [Docker, npm, n8n.cloud, desktop app]: Docker
1 Like

Hey @Arturitu12,

Welcome to the community :tada:

That is a bit unusual but shouldn’t be too much of an issue, While that file exists on my n8n install my site has not been removed :thinking:

It does look like the scan is saying ‘Potentially Suspicious’ as well, I have have a few of those Google issues in the past, Does your main site use Wordpress at all?

I am having the same issue.

In Search Console, I have a security issue stating “These pages attempt to trick users into doing something dangerous, such as installing unwanted software or revealing personal information.”

Sample URLs:

https://n8n.belmontdigitalmarketing.com/
https://n8n.belmontdigitalmarketing.com/signin?redirect=/

I recently updated to 0.218.0. I have also recently added YouTube OAth2 API credentials. Not sure what’s causing the issue.

I did Request a Review in Search Console. I’ll post the results.

Hey @matthiasallred,

Thanks for this I have raised it internally to see if anyone has any thoughts.

As of this morning (less than 24 hours from submitting my request in Search Console), I no longer have any issues and the Security Warning in Search Console is gone.

I am experiencing the same today I am on version 217.2

Have posted a review to Google search as well.

1 Like

Thanks for the report I have let the team internally know.