When your site gets flagged, the warning rarely comes from one place. It comes from a web of antivirus engines, browser safe-browsing lists, and email reputation services that all share data. We scan your domain across 124 of these security vendors and reach each one that flagged you, so you don't have to track down dozens of different false-positive forms and inboxes yourself.

Most owners discover the problem the hard way: a customer screenshots a red "deceptive site" warning, or marketing emails stop landing. Google's Safe Browsing service alone shows warnings to users on millions of devices (Google Transparency Report). Each vendor has its own review channel, its own rules, and its own queue. This page lists every one we reach, what kind of list it is, and how the request gets there.

TL;DR: unflagdomain scans your domain across 124 security vendors and emails or guides removal requests to each one that flagged you, after you clean your site. Most of the catalog is antivirus engines surfaced through scanners like VirusTotal, which aggregates 70+ engines (VirusTotal Docs). We guarantee the dispatch. Each vendor decides the outcome on its own timeline.

full removal walkthrough

Which security vendors does unflagdomain contact?

We scan across 124 active vendors in three categories: 78 antivirus engines, 38 web blocklists, and 6 RBL and search-engine safe-browsing services. The largest group is antivirus engines, the same ones surfaced by multi-scanner services. VirusTotal alone aggregates more than 70 antivirus engines (VirusTotal Docs), and a single flag from any of them can trip a browser warning.

unflagdomain maintains a catalog of 124 active security vendors spanning antivirus engines, web blocklists, RBLs, and safe-browsing services. The catalog is built from public false-positive contacts and the multi-engine results services like VirusTotal expose, which covers 70+ engines (VirusTotal Docs).

What the four categories mean

Each category flags your site for a slightly different reason, and each clears in a different way.

Antivirus engines (AV) make up the bulk of the list. Names like Bitdefender, ESET, Kaspersky, McAfee, and Sophos run URL and file reputation systems. When they tag a domain, browser extensions, desktop suites, and corporate gateways start blocking it.

Web blocklists are reputation services and threat-intel feeds — think Sucuri, Netcraft, CRDF, and Spamhaus-adjacent lists. They feed firewalls, CDNs, and security plugins. In our experience running unflag, these are the lists owners forget about. They make up a large slice of our catalog, yet they rarely show a visible browser warning until a firewall somewhere downstream picks up the feed — which is why we scan and dispatch to them whether or not the owner ever saw a warning.

RBLs (email reputation lists) like Abusix and Spamhaus affect deliverability, not browsing. If your domain lands here, your invoices and password resets start going to spam.

Search-engine safe browsing covers Google Safe Browsing and Yandex Safebrowsing. These drive the full-page red warnings in Chrome, Firefox, and Safari that scare customers most.

per-vendor removal guides

How does each vendor get contacted?

Each vendor is reached through one of three channels: a direct false-positive email, a web form, or a manual submission you complete with our guidance. Most are email — we send a plain-text, unique request to the vendor's published false-positive address, with your email set as Reply-To so their reply lands in your inbox, not ours.

unflagdomain routes each removal request through the vendor's own published channel — a false-positive email, a web form, or a guided manual submission. Dispatched emails are plain text with no images, links, or tracking, following deliverability guidance from senders like Google (Gmail Bulk Sender Guidelines).

Email vendors: sent for you

For vendors that publish a false-positive inbox, we generate a separate plain-text message for each flagging vendor and send them sequentially over a randomized one-hour window after payment. In our experience that pacing and per-vendor variation matter more than anything else: Claude rewrites each message so no two are identical, because identical bulk emails get filtered as spam. That mirrors why Google's bulk sender rules (Gmail) reward varied, low-volume, reputable sending. Your address is the Reply-To, so the vendor's reply lands in your inbox and you own the conversation from the first message.

Form vendors: guided cards

Some vendors — AVG, Avira, ESET, Fortinet, Microsoft, Symantec, and others — only accept disputes through a web form behind a login or CAPTCHA. We can't legally or reliably auto-submit those, so we turn each one into a dashboard card with the exact URL and the ready-to-paste text. Here's something we learned building unflag: owners assume "automated" means everything is hands-off, but several of the most visible vendors sit behind forms no tool can submit for you. So rather than pretend otherwise, we route those into guided cards and keep them honestly separate from the emails we send for you.

Google Safe Browsing: manual, by design

Google Safe Browsing has no public API for requesting a review, so this step is always manual. We give you the prepared text; you paste it into the Security Issues report in Google Search Console and request a review there. Google states that a successful review can clear warnings, and its Search Console help (Google Search Central) walks through the security-issues flow. We can't shortcut Google's queue, and we'd never claim to.

what to do when Norton flags your site

What unflagdomain does — and what it doesn't

We do one thing well: after you've cleaned your site, we dispatch removal requests to every relevant vendor and show you real sent, bounced, and failed counts. We don't scan or clean malware for you, and we never promise delisting. According to Sucuri's hacked-site research, reinfection is common when the original issue isn't fully removed first (Sucuri).

unflagdomain guarantees dispatch, not delisting. The tool scans across 124 vendors, emails or guides a request to each one that flagged you, and reports real sent, bounced, and failed counts — but each vendor reviews independently. Cleanup must happen first; Sucuri reports reinfection is common when sites are submitted before the underlying compromise is fully resolved.

Clean first, then dispatch

Vendors re-scan your site when they review a request. If malware or a malicious redirect is still live, the flag stays — or comes back fast. So the order matters: remove the problem, confirm it's gone, then let us send the requests. We're deliberate about this because we don't scan or clean sites ourselves — unflag trusts your cleanup and clears the residual blocklist flags. In our experience, dispatching before a site is genuinely clean is the surest way to have a vendor relist it, and that's exactly the outcome our re-dispatch-on-bounce flow can't fix for you.

"False positive" means your website, not a file

If a vendor flagged your domain or URL by mistake, that's a website false positive, and it's exactly what we handle. We do not deal with flagged downloads, installers, or .exe files — that's a separate file-submission process each AV runs, and it's out of scope here. If your site itself is clean and wrongly listed, you're in the right place.

What you actually get for €39

You get one flat fee per domain that covers a fresh multi-vendor scan, AI-drafted removal requests, automatic dispatch to every email vendor, and guided cards for every form and manual vendor. There's no subscription and no per-vendor charge. We send the requests; the vendors decide. That's the honest deal, and it's why the dashboard shows you delivery facts instead of promises.

Cleaning up first is non-negotiable — security plugins block a large share of attacks before they ever reach a flag, with Wordfence reporting billions of blocked attacks across WordPress sites (Wordfence). Once your site is genuinely clean, getting back off the lists is mostly a matter of reaching every vendor correctly and waiting. We handle the reaching. If you want the step-by-step, start with the complete blacklist removal guide, then browse the individual vendor removal pages for the names that flagged you.

next step, start a scan