The domain I am working on has been flagged as malicious by MetaMask from one day to the next. I tried reaching out on GitHub and got replies from different people who redirected me to other websites for assistance—some of which were even flagged as malicious by Chrome!
After some research, I discovered an external service (blockaid (dot) co) that appears to work with MetaMask to detect malicious or scam websites. They replied as follows:
After a thorough investigation, we have found that the flagging was indeed incorrect. The flagging has been modified accordingly. We apologize for any inconvenience this might have caused and appreciate your understanding as we strive to maintain the highest security standards.
However, 14 days have passed and nothing has changed. In the meantime, I tried to find out who flagged our website as malicious and why, but I haven’t found any useful information.
I tried also in links written in github MetaMask support page
Today, I received another reply saying that, on their end, our website is now whitelisted—or at least no longer flagged as malicious—but the issue still persists. When visiting lucky16 (.app) using a mobile browser inside MetaMask, the domain is still flagged as malicious, and nobody seems to know why.
Is there anyone who can point me in the right direction to understand the cause of this flag? We are a small community, and in three years, nobody has ever been scammed. We have no disputes or user reports, so I truly don’t understand the reason behind this negative flag.
Thank you. Yes, I already did that, but it was useless. I got responses from people telling me to ask for help on certain websites—when I tried to visit them, one was flagged as malware by Chrome, and another just pointed me to a different site… and finally, there was deshvin.
He said that since he didn’t like the layout, he assumed it was a scam. Can you imagine? Just because he didn’t like the design, he flagged it as a scam—with no reason or evidence whatsoever.
That’s why I’m here again, trying to find another path. We are a registered company operating fully legally, we have never scammed anyone, we have no complaints from users, and we’ve done nothing wrong. But as long as people like deshvin—who seems to be acting as the sole decision-maker—can flag websites arbitrarily, we’re stuck in this situation.
So, I’m here hoping someone can help us find a real solution to get this flag removed.
Hi thank you again for your help. yes I can send you the issue# MetaMask/eth-phishing-detect/issues/175702
I tried to check in the phishing search tool but our domain is not listed so I dont think there is any relation with phishing.