False positive malicious website

The domain I am working on has been flagged as malicious by MetaMask from one day to the next. I tried reaching out on GitHub and got replies from different people who redirected me to other websites for assistance—some of which were even flagged as malicious by Chrome!

After some research, I discovered an external service (blockaid (dot) co) that appears to work with MetaMask to detect malicious or scam websites. They replied as follows:

After a thorough investigation, we have found that the flagging was indeed incorrect. The flagging has been modified accordingly.
We apologize for any inconvenience this might have caused and appreciate your understanding as we strive to maintain the highest security standards.

However, 14 days have passed and nothing has changed. In the meantime, I tried to find out who flagged our website as malicious and why, but I haven’t found any useful information.

I tried also in links written in github MetaMask support page

MetaMask (dot) github (dot) io (slash) eth-phishing-detect
app (dot) chainpatrol (dot) io

Today, I received another reply saying that, on their end, our website is now whitelisted—or at least no longer flagged as malicious—but the issue still persists. When visiting lucky16 (.app) using a mobile browser inside MetaMask, the domain is still flagged as malicious, and nobody seems to know why.

Is there anyone who can point me in the right direction to understand the cause of this flag? We are a small community, and in three years, nobody has ever been scammed. We have no disputes or user reports, so I truly don’t understand the reason behind this negative flag.

Any help would be greatly appreciated. Thank you!

Hi and thank you for reaching out. The usual procedure to follow in situations like this is to create a github issue here GitHub · Where software is built, here’s some more info that might help 'Deceptive site ahead' when trying to connect to a site | MetaMask Help Center

If you haven’t create an issue there yet, I’d recommend doing so! If you have other questions please let us know.

Thank you. Yes, I already did that, but it was useless. I got responses from people telling me to ask for help on certain websites—when I tried to visit them, one was flagged as malware by Chrome, and another just pointed me to a different site… and finally, there was deshvin.

He said that since he didn’t like the layout, he assumed it was a scam. Can you imagine? Just because he didn’t like the design, he flagged it as a scam—with no reason or evidence whatsoever.

That’s why I’m here again, trying to find another path. We are a registered company operating fully legally, we have never scammed anyone, we have no complaints from users, and we’ve done nothing wrong. But as long as people like deshvin—who seems to be acting as the sole decision-maker—can flag websites arbitrarily, we’re stuck in this situation.

So, I’m here hoping someone can help us find a real solution to get this flag removed.

Thanks for providing more info, have you tried explaining this in the gh issue as well? Also can you please share the issue # ? Thank you!

Hi thank you again for your help. yes I can send you the issue# MetaMask/eth-phishing-detect/issues/175702
I tried to check in the phishing search tool but our domain is not listed so I dont think there is any relation with phishing.

Let me know, thank you!

Cris

I’ll follow up with the team and let you know here once I hear anything back, thank you for sharing all the info above!