Domain owner appeal

Think we got it wrong?
Make us prove it.

Submit your domain for re-review. We cross-check our evidence against current threat-intel feeds, run an independent automated review, and a human looks at anything that isn't clear-cut.

48h max — auto-removed if not reviewed Privacy-first — track by ID Public commit log
Our 48-hour promise

Every appeal is partially analyzed by AI, but the final call still needs a volunteer reviewer. If no volunteer manages to confirm yours within 48 hours, the system auto-approves — your domain is removed from our site, GitHub repository, and database. The clock starts the moment you submit.

01
Submit
Domain, contact email, why we got it wrong.
02
Verify
We pull our internal record, current VirusTotal, urlscan, DNS, certificate history.
03
Review
Automated triage decides clear cases; ambiguous ones go to a human reviewer.
04
Decide
If approved — full removal across DBs, public repo, caches. Commit URL on file.

The full domain we have listed (no https://, no path)

Default is set so you don't have to share anything personal. We don't store contact data, we don't follow up — if we were wrong, we just remove the domain. Track your appeal by ID. If you really want a notification, replace with your address (temp inbox works fine).

No need for evidence, ownership proof, or formal language. Just tell us what's there. We'll do the verification.

No account, no email required. We don't store request logs. Security policy.

Paste your appeal ID (UUID) or open the tracking URL we sent you.

Common questions

How fast is the decision?

Within 48 hours of submission. Our AI partially pre-checks each appeal, but the final decision still needs a volunteer reviewer. If no volunteer manages to confirm in time, the system auto-approves and removes your domain from our site, GitHub repo and database — no human approval needed. The clock is enforced in code, not policy.

Will you email me?

Most likely no. We're privacy-first — we don't store request logs and we don't run a mailing pipeline. Track your appeal by ID using the link we give you on submit. We only reach out by email in rare cases that need clarification.

Do you actually take sites down?

No. We don't have a “delete this site” button. We scan, analyze, and forward our findings to domain registrars, hosting providers and partner threat-intel feeds. The actual takedown decision is theirs — and registrars only act on legitimate phishing. If your site is legitimate, you have nothing to fear.

Do I need to provide proof of ownership?

No. Just send the domain and a sentence of context. We do the verification ourselves — cross-checking against current threat-intel, DNS records, certificate history and our own evidence. Asking owners to prove themselves felt invasive, so we stopped.

Why was my domain listed in the first place?

Most listings come from automated detection of phishing kits, drainer scripts, brand impersonation, or community reports. If you want to see exactly what evidence we hold, submit an appeal and check the public tracking page.

Do you auto-decide with AI yet?

Not yet — we're working toward it carefully. Right now appeals go through automated triage that surfaces signals (VirusTotal, urlscan, DNS, certificate history) but the decision is still made by a human. We refuse to automate something that has real-world consequences for site owners until we trust the system enough.

What if you're wrong?

If we were wrong, we just remove the domain. We don't email you to apologize, we don't discuss what went wrong publicly — we log every false positive privately, analyze which signals failed, and patch the system so the same mistake doesn't happen twice. The removal IS the apology.

What if I'm rejected?

You can re-submit later if circumstances change, or open a GitHub issue for public discussion if you believe the rejection was wrong. We don't run a back-and-forth email pipeline — the goal is fair decisions, not negotiation.