I found a Phishing Detected warning in the Chrome browser on my dev site. Interestingly, I don’t come across the same warning in Firefox or Safari, although, as far as I can tell, they use the same phishing database (although Safari’s settings say that “Google Safe Browsing is not available”). I also do not come across a warning on the same page of production sites.
First, he appeared on a new account verification page that I created, among other things, asked users to confirm their PayPal account using the GetVerifiedStatus API . This requires only a name and email address.
I also came across a warning on the configuration page that asks for the PayPal email address the user wants to receive.
No page asks for a password or any other data that is considered a secret.
As you could collect, I nullified a potential false positive regarding PayPal content, as if I might be phishing for PayPal information outside of the payers email address. There was no injection of malicious code or any such thing. Even when I removed all the content from the page, a warning is still present.
I reported the first incorrect discovery to Google and intends to do the same for the second incident, however, what I really want to clarify is:
- What content might lead to this warning?
- ?
- "", URL-? ( - dev)
- " " , ?
, , , , (, ) , .