False phishing flag/report

Hey there,

It seems like one of my domains has been flagged by phishing by Cloudflare. Whenever I try to visit it, they are displaying this right in front:

The report was anonymous and only contained 2-3 sentences. We have a “Login with” button. We’re not sure if these reports are checked by humans, but a quick check in the URL bar would reveal that the user is directed to the targets domain itself, and we are just using the oauth2 flow for verification. We were not contacted from Cloudflare at all prior to this. This is extremely distressing, and it has been up for over 10 hours now with no reply from Cloudflare.

It seems like there have been other instances of this in the past:
Site Repeatedly Taken Down for Phishing
False Phishing Flag (Again)
False phishing flag

Was wondering if you guys had any suggestions to do in the meantime.

Thanks!

What’s your domain? Do you have a ticket number?

Hi jnperamo,

Thank you for your response, really appreciate it. The ticket number is 2425236. It looks like the domain was in-review and then was out of it, so I am assuming it was re-checked and denied (?). We would be grateful for any help, thanks again!

Can you share the domain name publicly?

Here you are: DiscordLink
When you click on the login button, it goes directly to discord’s own domain for oauth2 (Discord Developer Portal) for authentication. This is required as we need to know which server the user has permission over. A quick check in the URL bar would just show the following:
Capture

Looks like the in-review request was denied, really not sure what to do.

Just for more context, this is the email that was sent:

We are not using even Steam authentication at all. I have already contacted my server host just in case as we have several other domains and services hosted.

Yeah, I can see that the website is legitimate; odds are that somebody looked at the domain and the report and didn’t think twice about it.

Edit: I have just escalated the ticket; hopefully, you will receive help shortly. The main inconvenience is that it’s Friday, and support might not be able to pick the case up before Monday.

3 Likes

Seems like that must have been the case. Thanks again for the help :slight_smile:

2 Likes

Hi @Miyanomi sorry for the issues. I have added myself to your ticket and have escalated it to our Trust & Safety team… While I have added myself to the ticket, the T&S team are the only ones that are able to review it and I will no longer be able to see updates on it. I’ve made notes on the ticket with links to this conversation and the escalated post.

2 Likes

Thank you cloonan, again I very much appreciate the support. I will keep an eye out for their response.

2 Likes

Wait… you have a domain called discord.link with a login button using Discord Auth and /don’t/ think it’s a sketchy site? If you work for Discord, you should have your trust and safety team reach out to Cloudflare’s T&S team. If you don’t work for Discord… :shrug: seems unlikely that would be lifted.

The login process is not handled by us, but directly by Discord using their official oauth2 flow made available to developers. We do not store or have access to any of the user’s login information. What we get back is a numerical user id and a list of servers, of which we can identify which ones they have managing perms to. The domain is used as a shortlink/unique link generation service. There are other sites such as discord.me or discord.io using the same authorization flow, as this is necessary to see what servers a user has permissions to.

It’s been run for years now without any issue. It is a free service and there isn’t any monetization. And we are requesting the minimum amount of information required to operate, with what we are doing well within the realms of what is allowed by Discord. The user is made aware of what information is being requested (user id, their server list) from Discord’s end via the authorization page.

2 Likes

By chance, was a URL included in the email you got? or just the front page (/)?

(didn’t meant to reply to that comment)

1 Like

It seems like it was just the front page at ‘/‘.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.