My BTCpay server (Bitcoin Invoice Server, self-hosted) has been running for months. Last night my Avast Webshield flagged it as PHISHING URL. I sent a report last night (13 hours ago). This morning it was still blocked. Making an exception doesn’t help me because this is about paying customers who get invoiced through the BTCpay server.

So I changed the domain on the BTCpay server, which I thought would immediately fix the problem. Within 5 minutes it got flagged again and blocked. This is just unacceptable. It’s a standard BTCpay server with nothing changed on the index page which should trigger a shield block.

Original domain pay.witza.com Then changed to btcpay.witza.com.

I realized I did have on the invoices a separate CSS on my other domain. Since it was an external CSS I figured that had to be the cause. So once again, I change the domain of the btcpay server to pay.hackforums.net. All was good, then 30 minutes later, BLOCKED again.

I’m livid right now. I’ve wasted 3-4 hours on this. This is my money avast is screwing up. I have income I am losing.

I expect a fast response. A report was done on all 3 domains.

Great, now my checkout page is being flagged too as “HTML:Script-inf [Susp]”.

I need this false flag fixed.

Nothing found here - https://www.virustotal.com/gui/url/ccdbb2168b5c167c1f32f4ebf52cedbd8a91eb644b28963658c8ae4dc195cd03?nocache=1
However the Links show going to - hxxps://wxw.cloudflare.com?utm_source=challenge&utm_campaign=m Now this could be quite normal, but I have seen issues like this being considered suspicious.

Some security issues reported here - https://en.internet.nl/site/pay.witza.com/1864481/

Webpage Security Score F - https://snyk.io/test/website-scanner/?test=230110_AiDcKD_W7&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Recently-discovered vulnerabilities on the Snyk database:

I don’t know if this would contribute to the detection or not.

You can use the - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.
In the information you give I would suggest giving a link back to this topic.

They removed it after about a week. Finally got it sorted.

Then within 48 hours it was flagged again as Phishing. WTF.

Losing money on this and need it fixed asap. It’s a DAMN INVOICE SYSTEM THAT’S ALL OVER THE WEB. There is no PHISHING.

Have you investigated the security issues reported by other security checking site I gave, e.g reporting it to pay.witza.com.

These vulnerabilities could be exploited resulting in further detections.

Of course you can report it again and I suggest that you give a link back to this topic as it is likely to contain more information than using the report form.

Before shooting the messenger, I’m an Avast user not an Avast Team member.