Either the download site or the IP it is on are checked and found PHISHING.
Means that IP is being abused, might not be the actual download site.
The detection of one engine at VT often denotes an FP.
I just gave some ground why this engine might have decided to detect it
Two engines detecting could also mean a False Positive, but then it is more unlikely.
But it may be the NSIS appended that these engines might have problems with.
So there is not a final verdict yet, but I would lean towards a false positive detection.
Re:
https://urlscan.io/result/626025a4-dd1e-4e24-99ff-b5e92ffc6c42and indicators of compromise:
https://urlscan.io/result/626025a4-dd1e-4e24-99ff-b5e92ffc6c42#iocsNo specific privacy intrusion indicators:
https://privacyscore.org/site/144583/but lack of some best policies not implemented.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)