Malware/false positive sample submission broken

Affected page: Comodo Antivirus Database | Submit Files for Malware Analysis
Chrome console log - lines beginning with ## are comments
##on page load
submit.php:1467 Refused to load the script ‘https://cdn.appsflyer.com/web-sdk/banner/latest/sdk.min.js?webkey=406b1413-d5b6-40c5-b1a3-5f8ed978cc51’ because it violates the following Content Security Policy directive: "script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ https://js.hs-analytics.net https://js.hscollectedforms.net https://geolocation.onetrust.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://geoip.nekudo.com https://freegeoip.net https://secure.comodo.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://m.addthisedge.com https://m.addthis.com https://s7.addthis.com https://cdn3.optimizely.com https://cdn2.optimizely.com https://www.gstatic.com https://www.youtube.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com cdn.ckeditor.com *.comodo.com *.comodo.net https://code.jquery.com https://googleads.g.doubleclick.net https://script.hotjar.com https://plugins.help.com https://www.google.com https://www.google.co.uk https://cdn.optimizely.com https://www.comodo.com https://www.google-analytics.com https://secure.leadforensics.com https://static.hotjar.com https://ajax.googleapis.com https://secure.comodo.com https://www.googleadservices.com https://s.ytimg.com https://js.hs-scripts.com https://cdn.cookielaw.org https://beta.phonewagon.com https://addevent.com *.lookbookhq.com *.googletagmanager.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com tagmanager.google.com *.linkedin.com ". Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

(anonymous) @ submit.php:1467
(anonymous) @ submit.php:1467
(anonymous) @ submit.php:1467
jquery.min.js:4 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user’s experience. For more help, check https://xhr.spec.whatwg.org/.
send @ jquery.min.js:4
ajax @ jquery.min.js:4
getPageID @ utm5.js?v=50:493
start @ utm5.js?v=50:72
(anonymous) @ utm5.js?v=50:730
j @ jquery.min.js:2
fireWith @ jquery.min.js:2
ready @ jquery.min.js:2
J @ jquery.min.js:2

A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .
##above line repeats 10 times

submit.php:1 Refused to load the script ‘https://js.phonewagon.com/pw_dns.js?cguid=f26d0dae-fed3-4c82-aea4-86c69aec8432’ because it violates the following Content Security Policy directive: "script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ https://js.hs-analytics.net https://js.hscollectedforms.net https://geolocation.onetrust.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://geoip.nekudo.com https://freegeoip.net https://secure.comodo.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://m.addthisedge.com https://m.addthis.com https://s7.addthis.com https://cdn3.optimizely.com https://cdn2.optimizely.com https://www.gstatic.com https://www.youtube.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com cdn.ckeditor.com *.comodo.com *.comodo.net https://code.jquery.com https://googleads.g.doubleclick.net https://script.hotjar.com https://plugins.help.com https://www.google.com https://www.google.co.uk https://cdn.optimizely.com https://www.comodo.com https://www.google-analytics.com https://secure.leadforensics.com https://static.hotjar.com https://ajax.googleapis.com https://secure.comodo.com https://www.googleadservices.com https://s.ytimg.com https://js.hs-scripts.com https://cdn.cookielaw.org https://beta.phonewagon.com https://addevent.com *.lookbookhq.com *.googletagmanager.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com tagmanager.google.com *.linkedin.com ". Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

submit.php:1 A cookie associated with a resource at http://adnxs.com/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at Chrome Platform Status.
##after filling and submitting form with 2MB file attached
jquery.min.js:4 POST https://www.comodo.com/home/internet-security/file_upload.php?rnd=1570366107923 413
send @ jquery.min.js:4
ajax @ jquery.min.js:4
(anonymous) @ submit.php:1382
dispatch @ jquery.min.js:3
r.handle @ jquery.min.js:3

@Shimakaze, thank you for reporting this, we’re checking it.