Site Flagged for "phishing" on Webflow's servers


I published this site the other day and it’s been flagged for “Phishing” on Kaspersky.

As you can see, this is a single page site and the only interactive code is a webflow form.
Please see the screenshot attached for the report details. It appears the issue is with the servers that Webflow uses via Amazon. For some reason, it’s been flagged in India??

I’ve already submitted an appeal to Kaspersky (anti-virus company) to see if it’s a false positive, but I’m still very concerned for my client’s new site.

Any advice would be amazing!!

Thank you,


Here is my site Read-Only: LINK
(how to share your site Read-Only link)

Hey Rachel, generally flags are attached to domain names more often than IP’s.
As you can see in the report, those are not Webflow’s IP’s, so you’re probably looking at a cached result.

You’ve done the right thing to raise the appeal with Kaspersky, I’ve done that in the past with Avira. If Google reports any red flags, you deal with those in Google Search Console.

Curious on the history of the domain name, I have seen quite a few cases of people having problems with domain names purchased on GoDaddy, which used GoDaddy’s parking page. That page sometimes shows ads… not sure how well they audit that stuff. So… draw the conclusions you will.

Hi Michael,

Thanks so much for your reply!

I purchased the domain with I’ve also heard similar things about Go Daddy.

In your experience, is getting flagged a common occurrence?
This is the 2nd Webflow site I’ve had issues with. The other site was flagged by 10 anti virus companies. However, this site had a suspicious scheduling widget which I believe is the culprit. The warnings were mostly “malware”. I’m assuming malware refers to interactive code (and the widget was the only java script on the site)

I’m just trying to understand if there’s anything I’m doing wrong here to trigger even a false positive. Webflow wrote back to me and said it might be that a few link blocks were missing the “https://” , even though they were performing okay.
Does that seem likely to you?

Thanks again :slight_smile:

I can put it this way- Out of 300+ Webflow sites, I’ve only seen an Avira flag with one domain, and that site’s domain was purchased from a GoDaddy auction. On every other site, we use business domains that no one else has owned, and we’ve never seen any flags.

Here in the forums I’ve had a few mini-projects helping designers with blocked domain issues and the common ingredient always seems to be that GoDaddy parking page.
My conclusions are that;

  • Webflow’s IP’s are fine
  • domain registrar parking pages can be risky
  • the flagging systems, e.g Google’s and Avira’s have a very long memory. They don’t appear to re-check, ever, without an explicit request

I don’t think you’ve done anything, but yes of course avoid suspicious code and generally don’t use registrar parking pages. Better to make your own coming-soon page anyway.

I wouldn’t think that’s a major factor. Particularly for an antivirus site, they’re looking for “signatures” on specific code or libraries that are delivered to the browser. An http: protocol shouldn’t affect that.

Thank you Michael. Have a great week!

Just to follow up on this, I wrote to Kaspersky’s customer service. They confirmed it was a false positive and removed the flag. I’ve asked what might have triggered it and they’ve not replied.