Cloudflare mistakenly flagged our website as phishing, now anti-virus warn and block our users and kill our business

I’m posting this here to hopefully get a quicker resolution to my issue.

On July 24th I got an email that Cloudflare received a phishing report about our website https://xxxxx.xxx :

Cloudflare received a phishing report regarding:

xxxxx.xxx

Below is the report we received:

Reporter: Anonymous
Reported URLs:

https://xxxxx.xxx/

Logs or Evidence of Abuse: This is a steam platform account scam

We have forwarded this complaint to your hosting provider. We have restricted access to the phishing-related content until it has been removed.

Regards,

Cloudflare Abuse

For some reason Cloudflare thought that this report written by what appears to be a 10 year old is credible information and now greeted all our visitors with a full screen phishing website warning like this:

The warning was up for an hour or two and at this point I had messaged Cloudflare support and tweeted on our Twitter account to inform our followers about the issue. The Cloudflare Head of Trust & Safety admitted the mistake on Twitter (https://twitter.com/xxdesmus/status/1286727175278718976) and the warning had now been removed, but several anti-virus software and phishing site tracking websites had already automatically added our domain to their systems.

Now the world’s most popular anti-virus software block users from accessing our website. We receive constant complaints from our users that they are unable to access the website and based on their reports even ISPs are starting to completely block people’s access to it. Now if they have any issue with our service they instantly get suspicious. We were flagged as a phishing site on PhishTank (https://www.phishtank.com/phish_detail.php?phish_id=6693897), which I believe is from where various software receive their data. It seems possible we were reported there by the same malicious person who sent the report to Cloudflare, as the account had been registered on the same day as the report was sent.
On Virustotal we are detected by 9/79 anti-virus software as phishing/malicious and this number has only been growing. We have so far messaged Avast, AVG, Kaspersky and PhishTank about the false positive and so far Avast has responded and fixed the issue. China makes up some of our customer base and if their anti virus and firewall software block our website we won’t know about it and we won’t be able to win back their trust or remove the flag from their anti-virus. China could potentially make up over 90% of our business but that’s most likely not possible anymore.

We are an online service whose business relies on people who actively use and visit our website and this whole ordeal is having a large impact on our business. We have been a very reputable service for over three years and it’s absurd how someone’s 15 second effort to send a report and Cloudflare’s dumb mistake can lead to this.

I doubt Cloudflare would be interested in helping us contact all anti-virus software and websites that have blacklisted xxxxx.xxx so I’m here to ask you for help to most efficiently recover from this. Is there more we can do other than listen to our customers to see which software or service is causing issues and then contacting them to hopefully fix it? Is there a better way than Virustotal to find these software? How do we get PhishTank to remove the phishing flag?

Support ticket: https://support.cloudflare.com/hc/en-us/requests/1933011

Edit: removed the domain from the post

I have no ability to do anything about your site being flagged, but just observe that the domain name in the image you posted is different to the domain you are talking about, CS.DEALS.

Now replaced it with a screenshot that doesn’t show the domain as it was irrelevant

Have you already looked into reporting the phishtank submission as a false positive?

Thanks for the suggestion. Did this yesterday as soon as I found out it was an issue. Thankfully all these websites seem pretty active and cooperative and already removed the flag within an hour or two from my reports. Phishtank either hasn’t reviewed it yet or didn’t approve my report.

This topic was automatically closed after 14 days. New replies are no longer allowed.