I am reaching out regarding a critical issue affecting my Bubble application hosted at https://softplanner.app.br.
My app is being flagged as “Phishing” by multiple security vendors including Microsoft Defender SmartScreen, AVG/Avast, Norton Safe Web, and Cloudflare itself. This is causing users to be blocked from accessing the platform with a phishing warning page.
After investigation, I identified that the root cause appears to be Cloudflare’s domain categorization, which classified my domain as “Phishing” and “CIPA Filter”. Since Bubble uses Cloudflare as its CDN and infrastructure provider, this miscategorization is being propagated to other security vendors.
I have already taken the following steps:
Submitted a recategorization request via Cloudflare Radar (changed to “Personal Finance” and “Economy & Finance”)
Reported false positives to Microsoft SmartScreen, AVG, Norton, Trend Micro, and ESET
Verified the domain is clean on Google Safe Browsing and 70+ blacklists
Confirmed the domain has no malicious content, valid HTTPS, and no external redirects
The Cloudflare URL Scanner shows a “Malicious” verdict and a /cdn-cgi/phish-bypass URL in the page history, which appears to be generated by Cloudflare’s own phishing interstitial page.
Since this infrastructure is managed by Bubble, I am requesting your assistance to:
Escalate this to your Cloudflare account team to expedite the recategorization
Confirm whether there is anything on Bubble’s infrastructure side contributing to this classification
Advise on any additional steps I should take
Domain: softplanner.app.br Bubble App:mpf100.bubbleapps.ioCloudflare Ray ID from phishing warning: 9d9a0bdf2a951f69
This issue is severely impacting my users and business. I would appreciate urgent attention.
My app softplanner.app.br was flagged as “Phishing” by multiple security vendors, including Microsoft Edge/SmartScreen, AVG, and Cloudflare itself. Users were seeing a phishing warning page and Edge users were getting a 403 Forbidden error — completely blocked.
Root cause
After investigation, I identified that the issue originated from Cloudflare miscategorizing the domain as “Phishing” and “CIPA Filter” at the infrastructure level. Since Bubble uses Cloudflare, this propagated to other security vendors automatically.
What I did
Confirmed the domain was clean on Google Safe Browsing, MXToolbox (70+ blacklists), Sucuri, and Fortinet
Reported false positives directly to each vendor — Microsoft SmartScreen, AVG, Norton, Sophos, Forcepoint, ESET, Webroot, Trend Micro, and others
Submitted recategorization requests via Cloudflare Radar multiple times
Opened a ticket with Bubble Support, providing Cloudflare Ray IDs and URL Scan IDs as technical evidence
When Bubble asked for clarification, I provided a formal written declaration explaining the app’s purpose and denying any connection to the alleged phishing target
What resolved it
Bubble’s specialized team escalated the case directly to Cloudflare. Once Cloudflare reviewed the declaration and removed the infrastructure block, everything resolved in cascade — Edge warnings disappeared, VirusTotal detections dropped, and the URL scanner verdict changed to “No classification.”
Key lessons
Cloudflare Radar’s public portal alone is insufficient for phishing cases — you need Bubble to escalate via their enterprise Cloudflare relationship
Provide Ray IDs and URL Scan IDs — they are essential technical evidence
Be persistent and document everything in the ticket
If Cloudflare asks for clarification about the phishing allegation, respond with a clear, formal written declaration
Hope this helps anyone facing a similar situation!
