Fix page change detection sensitivity with threat-triggered adaptive re-scanning

[Copilot]

Extension only detected partial threats on initial page load (e.g., bad URL) but missed late-loading phishing content like devtools blocking. Manual re-scan found all indicators. Root cause: initial scan ran before dynamic content fully loaded.

Solution: Threat-Triggered Adaptive Re-scanning

When threats detected, automatically schedule follow-up scans at strategic intervals to catch late-loading content:

Implementation

New scan strategy:

• Initial scan detects threats → schedule re-scan Fix page change detection sensitivity with threat-triggered adaptive re-scanning #1 at 800ms
• Re-scan Fix page change detection sensitivity with threat-triggered adaptive re-scanning #1 finds new threats → schedule re-scan Add Firefox support via browser API polyfill layer #2 at 2000ms
• Stop when: max 2 re-scans OR no page changes detected

Page change detection:

// Fast hash: length + 5 character samples at key positions
computePageSourceHash(pageSource) {
  const len = pageSource.length;
  const samples = [0.1, 0.3, 0.5, 0.7, 0.9].map(p => 
    pageSource.charCodeAt(Math.floor(len * p))
  );
  return `${len}:${samples.join(',')}`;
}

Smart rate limiting:

• Threat-triggered re-scans: 500ms cooldown
• DOM-triggered re-scans: 1200ms cooldown
• Skips re-scan if page source hash unchanged

Safeguards:

• Max 2 follow-up scans per page
• Clears scheduled scans on block/unload
• Total scan limit (5) still enforced
• Separate counter for threat-triggered vs DOM-triggered

Files Changed

• scripts/content.js: Add threat-triggered re-scan logic, page hash comparison, smart rate limiting
• test-pages/phishing-delayed-load.html: Test page with progressive content loading (500ms → 1500ms → 2500ms)
• test-pages/index.html: Updated test instructions

Testing

Load test-pages/phishing-delayed-load.html with DevTools console open to observe:

1. Initial scan finds basic threat (bad URL)
2. Re-scan Fix page change detection sensitivity with threat-triggered adaptive re-scanning #1 at ~800ms catches login form + devtools blocking
3. Re-scan Add Firefox support via browser API polyfill layer #2 at ~2000ms catches hidden tracking elements
4. Extension blocks after detecting all indicators

Original prompt

can you pleaes look into the code relating to how the extension checks for page changes before re-running analysis as it seems its not quite sensitive enough or not triggering properly. I experienced this when loading a phioshing page that it only showed the warning banner with 1 phishing indicator for the bad url struct but if I re-ran the scan now option it correctly picked up all of the issues and blocked the page, things like blocking dev tools and such. im not sure if its starting to run the scan before the page has fully loaded or if its not waiting for all the scripts to load correctyl. can you explore potential solutions to this problem. before applying changes we should discuss what options we have. 1 though I has was to re-run with a short delay when we find any indicators and if there was no change since last check stop else re-scan again after a short delay and or page change. we need to ensure we do not get into a loop or cause the browser to slow down or cause the page detection to run too slowly

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Zacgoose]

@copilot 🔄 Updating verdict for tab 1856462488: not-evaluated → not-evaluated
logger.js:51 🔄 Updating verdict for tab 1856462488: not-evaluated → not-evaluated
logger.js:80 🏷️ Setting badge for tab 1856462488: verdict="not-evaluated" → text="" color="#000"
logger.js:51 🏷️ Setting badge for tab 1856462488: verdict="not-evaluated" → text="" color="#000"
background.js:1766 [URL Defanging] Event type: threat_detected_no_action, shouldDefang: true, URL: https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok
logger.js:80 Check: Security Event: Objectevent: {timestamp: '2025-11-24T08:08:30.753Z', url: 'https[:]//loniykorsis.org/AS3apTesgJeKuKF8saC5aTmk…dqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok', userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/142.0.0.0 Safari/537.36 Edg/142.0.0.0', type: 'threat_detected_no_action', reason: 'Suspicious phishing indicators detected: phi_003, phi_021_suspicious_url_structure', …}profile: {profileId: '099e91fd-4e98-4bf3-980f-370fdfcfbfc7', isManaged: false, userInfo: {…}, browserInfo: {…}, timestamp: '2025-11-24T08:05:47.880Z'}tabId: 1856462488timestamp: "2025-11-24T08:08:30.757Z"type: "security_event"[[Prototype]]: Object
logger.js:51 Check: Security Event: Objectevent: {timestamp: '2025-11-24T08:08:30.753Z', url: 'https[:]//loniykorsis.org/AS3apTesgJeKuKF8saC5aTmk…dqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok', userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/142.0.0.0 Safari/537.36 Edg/142.0.0.0', type: 'threat_detected_no_action', reason: 'Suspicious phishing indicators detected: phi_003, phi_021_suspicious_url_structure', …}profile: {profileId: '099e91fd-4e98-4bf3-980f-370fdfcfbfc7', isManaged: false, userInfo: {…}, browserInfo: {…}, timestamp: '2025-11-24T08:05:47.880Z'}tabId: 1856462488timestamp: "2025-11-24T08:08:30.757Z"type: "security_event"[[Prototype]]: Object
background.js:1766 [URL Defanging] Event type: threat_blocked, shouldDefang: true, URL: https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok
logger.js:80 Check: Security Event: Objectevent: {timestamp: '2025-11-24T08:08:31.668Z', url: 'https[:]//loniykorsis.org/AS3apTesgJeKuKF8saC5aTmk…dqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok', userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/142.0.0.0 Safari/537.36 Edg/142.0.0.0', type: 'threat_blocked', reason: 'Multiple phishing indicators detected on non-Micro…ious_url_structure, phi_017_microsoft_brand_abuse', …}profile: {profileId: '099e91fd-4e98-4bf3-980f-370fdfcfbfc7', isManaged: false, userInfo: {…}, browserInfo: {…}, timestamp: '2025-11-24T08:05:47.880Z'}tabId: 1856462488timestamp: "2025-11-24T08:08:31.680Z"type: "security_event"[[Prototype]]: Object
logger.js:51 Check: Security Event: Objectevent: {timestamp: '2025-11-24T08:08:31.668Z', url: 'https[:]//loniykorsis.org/AS3apTesgJeKuKF8saC5aTmk…dqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok', userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/142.0.0.0 Safari/537.36 Edg/142.0.0.0', type: 'threat_blocked', reason: 'Multiple phishing indicators detected on non-Micro…ious_url_structure, phi_017_microsoft_brand_abuse', …}profile: {profileId: '099e91fd-4e98-4bf3-980f-370fdfcfbfc7', isManaged: false, userInfo: {…}, browserInfo: {…}, timestamp: '2025-11-24T08:05:47.880Z'}tabId: 1856462488timestamp: "2025-11-24T08:08:31.680Z"type: "security_event"[[Prototype]]: Object
blocked.js:683 DOM loaded, initializing page
blocked.js:697 Adding click listener to technical details header
blocked.js:12 parseUrlParams called
blocked.js:13 Current URL: chrome-extension://hiaojcdkibmeobjipbjanmahifepglml/blocked.html?details=%7B%22reason%22%3A%22Multiple%20phishing%20indicators%20detected%20on%20non-Microsoft%20page%20(3%2F3%20threshold%20exceeded)%3A%20phi_003%2C%20phi_021_suspicious_url_structure%2C%20phi_017_microsoft_brand_abuse%22%2C%22url%22%3A%22https%3A%2F%2Floniykorsis.org%2FAS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI%2F5napVzjS2Gok%22%2C%22timestamp%22%3A%222025-11-24T08%3A08%3A31.665Z%22%2C%22rule%22%3A%22unknown%22%2C%22ruleDescription%22%3A%22Multiple%20phishing%20indicators%20detected%20on%20non-Microsoft%20page%20(3%2F3%20threshold%20exceeded)%3A%20phi_003%2C%20phi_021_suspicious_url_structure%2C%20phi_017_microsoft_brand_abuse%22%2C%22score%22%3A40%2C%22threshold%22%3A85%2C%22phishingIndicators%22%3A%5B%7B%22id%22%3A%22phi_003%22%2C%22category%22%3A%22social_engineering%22%2C%22severity%22%3A%22high%22%2C%22confidence%22%3A0.85%2C%22description%22%3A%22Common%20Microsoft%20365%20phishing%20keywords%20and%20variations%22%2C%22action%22%3A%22block%22%2C%22matchDetails%22%3A%22page%20source%22%7D%2C%7B%22id%22%3A%22phi_021_suspicious_url_structure%22%2C%22category%22%3A%22url_structure%22%2C%22severity%22%3A%22medium%22%2C%22confidence%22%3A0.5%2C%22description%22%3A%22Suspicious%20URL%20structure%20with%20long%20random%20strings%20in%20path%20segments%20(before%20query%20parameters)%22%2C%22action%22%3A%22warn%22%2C%22matchDetails%22%3A%22URL%22%7D%2C%7B%22id%22%3A%22phi_017_microsoft_brand_abuse%22%2C%22category%22%3A%22brand_abuse%22%2C%22severity%22%3A%22high%22%2C%22confidence%22%3A0.95%2C%22description%22%3A%22Microsoft%20branding%20combined%20with%20login%2Fauthentication%20terms%20on%20non-Microsoft%20domain%22%2C%22action%22%3A%22block%22%2C%22matchDetails%22%3A%22page%20text%22%7D%5D%2C%22foundIndicators%22%3A%5B%7B%22id%22%3A%22phi_003%22%2C%22description%22%3A%22Common%20Microsoft%20365%20phishing%20keywords%20and%20variations%22%2C%22severity%22%3A%22high%22%2C%22category%22%3A%22social_engineering%22%2C%22confidence%22%3A0.85%2C%22matchDetails%22%3A%22page%20source%22%7D%2C%7B%22id%22%3A%22phi_021_suspicious_url_structure%22%2C%22description%22%3A%22Suspicious%20URL%20structure%20with%20long%20random%20strings%20in%20path%20segments%20(before%20query%20parameters)%22%2C%22severity%22%3A%22medium%22%2C%22category%22%3A%22url_structure%22%2C%22confidence%22%3A0.5%2C%22matchDetails%22%3A%22URL%22%7D%2C%7B%22id%22%3A%22phi_017_microsoft_brand_abuse%22%2C%22description%22%3A%22Microsoft%20branding%20combined%20with%20login%2Fauthentication%20terms%20on%20non-Microsoft%20domain%22%2C%22severity%22%3A%22high%22%2C%22category%22%3A%22brand_abuse%22%2C%22confidence%22%3A0.95%2C%22matchDetails%22%3A%22page%20text%22%7D%5D%2C%22detectionMethod%22%3A%22content-analysis%22%2C%22triggeredRules%22%3A%5B%5D%2C%22pageTitle%22%3A%22Verify%20your%20account%22%2C%22pageHost%22%3A%22loniykorsis.org%22%2C%22referrer%22%3A%22https%3A%2F%2Floniykorsis.org%2FAS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI%2FSIxYXmUjxg3ou%3Fa%3DanVsaWVAdmFzc2V0YXguY29tLmF1%22%2C%22userAgent%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F142.0.0.0%20Safari%2F537.36%20Edg%2F142.0.0.0%22%2C%22detectionTime%22%3A1763971711665%7D
blocked.js:16 URL params: details=%7B%22reason%22%3A%22Multiple+phishing+indicators+detected+on+non-Microsoft+page+%283%2F3+threshold+exceeded%29%3A+phi_003%2C+phi_021_suspicious_url_structure%2C+phi_017_microsoft_brand_abuse%22%2C%22url%22%3A%22https%3A%2F%2Floniykorsis.org%2FAS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI%2F5napVzjS2Gok%22%2C%22timestamp%22%3A%222025-11-24T08%3A08%3A31.665Z%22%2C%22rule%22%3A%22unknown%22%2C%22ruleDescription%22%3A%22Multiple+phishing+indicators+detected+on+non-Microsoft+page+%283%2F3+threshold+exceeded%29%3A+phi_003%2C+phi_021_suspicious_url_structure%2C+phi_017_microsoft_brand_abuse%22%2C%22score%22%3A40%2C%22threshold%22%3A85%2C%22phishingIndicators%22%3A%5B%7B%22id%22%3A%22phi_003%22%2C%22category%22%3A%22social_engineering%22%2C%22severity%22%3A%22high%22%2C%22confidence%22%3A0.85%2C%22description%22%3A%22Common+Microsoft+365+phishing+keywords+and+variations%22%2C%22action%22%3A%22block%22%2C%22matchDetails%22%3A%22page+source%22%7D%2C%7B%22id%22%3A%22phi_021_suspicious_url_structure%22%2C%22category%22%3A%22url_structure%22%2C%22severity%22%3A%22medium%22%2C%22confidence%22%3A0.5%2C%22description%22%3A%22Suspicious+URL+structure+with+long+random+strings+in+path+segments+%28before+query+parameters%29%22%2C%22action%22%3A%22warn%22%2C%22matchDetails%22%3A%22URL%22%7D%2C%7B%22id%22%3A%22phi_017_microsoft_brand_abuse%22%2C%22category%22%3A%22brand_abuse%22%2C%22severity%22%3A%22high%22%2C%22confidence%22%3A0.95%2C%22description%22%3A%22Microsoft+branding+combined+with+login%2Fauthentication+terms+on+non-Microsoft+domain%22%2C%22action%22%3A%22block%22%2C%22matchDetails%22%3A%22page+text%22%7D%5D%2C%22foundIndicators%22%3A%5B%7B%22id%22%3A%22phi_003%22%2C%22description%22%3A%22Common+Microsoft+365+phishing+keywords+and+variations%22%2C%22severity%22%3A%22high%22%2C%22category%22%3A%22social_engineering%22%2C%22confidence%22%3A0.85%2C%22matchDetails%22%3A%22page+source%22%7D%2C%7B%22id%22%3A%22phi_021_suspicious_url_structure%22%2C%22description%22%3A%22Suspicious+URL+structure+with+long+random+strings+in+path+segments+%28before+query+parameters%29%22%2C%22severity%22%3A%22medium%22%2C%22category%22%3A%22url_structure%22%2C%22confidence%22%3A0.5%2C%22matchDetails%22%3A%22URL%22%7D%2C%7B%22id%22%3A%22phi_017_microsoft_brand_abuse%22%2C%22description%22%3A%22Microsoft+branding+combined+with+login%2Fauthentication+terms+on+non-Microsoft+domain%22%2C%22severity%22%3A%22high%22%2C%22category%22%3A%22brand_abuse%22%2C%22confidence%22%3A0.95%2C%22matchDetails%22%3A%22page+text%22%7D%5D%2C%22detectionMethod%22%3A%22content-analysis%22%2C%22triggeredRules%22%3A%5B%5D%2C%22pageTitle%22%3A%22Verify+your+account%22%2C%22pageHost%22%3A%22loniykorsis.org%22%2C%22referrer%22%3A%22https%3A%2F%2Floniykorsis.org%2FAS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI%2FSIxYXmUjxg3ou%3Fa%3DanVsaWVAdmFzc2V0YXguY29tLmF1%22%2C%22userAgent%22%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F142.0.0.0+Safari%2F537.36+Edg%2F142.0.0.0%22%2C%22detectionTime%22%3A1763971711665%7D
blocked.js:17 All URL params:
blocked.js:19 details: {"reason":"Multiple phishing indicators detected on non-Microsoft page (3/3 threshold exceeded): phi_003, phi_021_suspicious_url_structure, phi_017_microsoft_brand_abuse","url":"https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok","timestamp":"2025-11-24T08:08:31.665Z","rule":"unknown","ruleDescription":"Multiple phishing indicators detected on non-Microsoft page (3/3 threshold exceeded): phi_003, phi_021_suspicious_url_structure, phi_017_microsoft_brand_abuse","score":40,"threshold":85,"phishingIndicators":[{"id":"phi_003","category":"social_engineering","severity":"high","confidence":0.85,"description":"Common Microsoft 365 phishing keywords and variations","action":"block","matchDetails":"page source"},{"id":"phi_021_suspicious_url_structure","category":"url_structure","severity":"medium","confidence":0.5,"description":"Suspicious URL structure with long random strings in path segments (before query parameters)","action":"warn","matchDetails":"URL"},{"id":"phi_017_microsoft_brand_abuse","category":"brand_abuse","severity":"high","confidence":0.95,"description":"Microsoft branding combined with login/authentication terms on non-Microsoft domain","action":"block","matchDetails":"page text"}],"foundIndicators":[{"id":"phi_003","description":"Common Microsoft 365 phishing keywords and variations","severity":"high","category":"social_engineering","confidence":0.85,"matchDetails":"page source"},{"id":"phi_021_suspicious_url_structure","description":"Suspicious URL structure with long random strings in path segments (before query parameters)","severity":"medium","category":"url_structure","confidence":0.5,"matchDetails":"URL"},{"id":"phi_017_microsoft_brand_abuse","description":"Microsoft branding combined with login/authentication terms on non-Microsoft domain","severity":"high","category":"brand_abuse","confidence":0.95,"matchDetails":"page text"}],"detectionMethod":"content-analysis","triggeredRules":[],"pageTitle":"Verify your account","pageHost":"loniykorsis.org","referrer":"https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/SIxYXmUjxg3ou?a=anVsaWVAdmFzc2V0YXguY29tLmF1","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Edg/142.0.0.0","detectionTime":1763971711665}
blocked.js:24 Details param: {"reason":"Multiple phishing indicators detected on non-Microsoft page (3/3 threshold exceeded): phi_003, phi_021_suspicious_url_structure, phi_017_microsoft_brand_abuse","url":"https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok","timestamp":"2025-11-24T08:08:31.665Z","rule":"unknown","ruleDescription":"Multiple phishing indicators detected on non-Microsoft page (3/3 threshold exceeded): phi_003, phi_021_suspicious_url_structure, phi_017_microsoft_brand_abuse","score":40,"threshold":85,"phishingIndicators":[{"id":"phi_003","category":"social_engineering","severity":"high","confidence":0.85,"description":"Common Microsoft 365 phishing keywords and variations","action":"block","matchDetails":"page source"},{"id":"phi_021_suspicious_url_structure","category":"url_structure","severity":"medium","confidence":0.5,"description":"Suspicious URL structure with long random strings in path segments (before query parameters)","action":"warn","matchDetails":"URL"},{"id":"phi_017_microsoft_brand_abuse","category":"brand_abuse","severity":"high","confidence":0.95,"description":"Microsoft branding combined with login/authentication terms on non-Microsoft domain","action":"block","matchDetails":"page text"}],"foundIndicators":[{"id":"phi_003","description":"Common Microsoft 365 phishing keywords and variations","severity":"high","category":"social_engineering","confidence":0.85,"matchDetails":"page source"},{"id":"phi_021_suspicious_url_structure","description":"Suspicious URL structure with long random strings in path segments (before query parameters)","severity":"medium","category":"url_structure","confidence":0.5,"matchDetails":"URL"},{"id":"phi_017_microsoft_brand_abuse","description":"Microsoft branding combined with login/authentication terms on non-Microsoft domain","severity":"high","category":"brand_abuse","confidence":0.95,"matchDetails":"page text"}],"detectionMethod":"content-analysis","triggeredRules":[],"pageTitle":"Verify your account","pageHost":"loniykorsis.org","referrer":"https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/SIxYXmUjxg3ou?a=anVsaWVAdmFzc2V0YXguY29tLmF1","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Edg/142.0.0.0","detectionTime":1763971711665}
blocked.js:29 Parsed details: Object
blocked.js:36 Setting blocked URL to: https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok
blocked.js:38 Defanged URL: https[:]//loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5Wk...
blocked.js:49 Setting block reason to: Multiple phishing indicators detected on non-Microsoft page (3/3 threshold exceeded): phi_003, phi_021_suspicious_url_structure, phi_017_microsoft_brand_abuse
blocked.js:754 === POPULATING TECHNICAL DETAILS ===
blocked.js:755 Full details object: ObjectdetectionMethod: "content-analysis"detectionTime: 1763971711665foundIndicators: (3) [{…}, {…}, {…}]pageHost: "loniykorsis.org"pageTitle: "Verify your account"phishingIndicators: (3) [{…}, {…}, {…}]reason: "Multiple phishing indicators detected on non-Microsoft page (3/3 threshold exceeded): phi_003, phi_021_suspicious_url_structure, phi_017_microsoft_brand_abuse"referrer: "https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/SIxYXmUjxg3ou?a=anVsaWVAdmFzc2V0YXguY29tLmF1"rule: "unknown"ruleDescription: "Multiple phishing indicators detected on non-Microsoft page (3/3 threshold exceeded): phi_003, phi_021_suspicious_url_structure, phi_017_microsoft_brand_abuse"score: 40threshold: 85timestamp: "2025-11-24T08:08:31.665Z"triggeredRules: []url: "https://loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5WkgrceWbDPIOsJ09eQrfAdQ9YylXkfGV7qCejtCuzoetopXHaIXFk3pb7PK5EEMIRPkhtgo3mQx18TidqVfwN75jSNI33DhnaW0hHPw2pOVav3qYirI/5napVzjS2Gok"userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Edg/142.0.0.0"[[Prototype]]: Object
blocked.js:756 Details.threats: undefined
blocked.js:757 Details.phishingIndicators: Array(3)0: {id: 'phi_003', category: 'social_engineering', severity: 'high', confidence: 0.85, description: 'Common Microsoft 365 phishing keywords and variations', …}1: {id: 'phi_021_suspicious_url_structure', category: 'url_structure', severity: 'medium', confidence: 0.5, description: 'Suspicious URL structure with long random strings in path segments (before query parameters)', …}2: {id: 'phi_017_microsoft_brand_abuse', category: 'brand_abuse', severity: 'high', confidence: 0.95, description: 'Microsoft branding combined with login/authentication terms on non-Microsoft domain', …}length: 3[[Prototype]]: Array(0)
blocked.js:758 Details.foundIndicators: Array(3)
blocked.js:794 Using phishingIndicators array as fallback: Array(3)
blocked.js:840 Severities found: Array(3)
blocked.js:848 Highest severity set to: high
blocked.js:890 === POPULATING PHISHING INDICATORS LIST ===
blocked.js:891 Indicators to display: Array(3)
blocked.js:942 Populated phishing indicators list with 3 indicators
blocked.js:94 Final blocked URL element text: https[:]//loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5Wk...
blocked.js:471 loadBranding function called
blocked.js:497 Branding response from background: Object
blocked.js:501 Using branding from background script: Object
blocked.js:506 Setting company name from background to: CyberDrain
blocked.js:512 Setting product name: Check
blocked.js:561 No custom logo configured, using default Check logo
blocked.js:579 Applying primary color: #f77f00
blocked.js:602 No support email available, hiding contact button
blocked.js:622 No false positive webhook configured, hiding report button
blocked.js:709 After 1 second - URL element: https[:]//loniykorsis.org/AS3apTesgJeKuKF8saC5aTmkRc77tZUGNwVz1SNNTKj0hu1V5Wk...