Comment by seanw265
5 months ago
I’ve got a random subdomain hosting a little internal tool. About twice a year, Google Safe Browsing decides it’s phishing and flags it. Sometimes they flag the whole domain for good measure.
Search Console always points to my internal login page, which isn’t public and definitely isn’t phishing.
They clear it quickly when I appeal, and since it’s just for me, I’ve mostly stopped worrying about it.
I encountered something similar. I have `*.domain.tld` pointed to an internal IP address, and over the past few years it happened a few times where some subdomain would be flagged as dangerous by Google Safe Browsing.
Internal IP addresses in public DNS are sometimes used to do things like DNS rebind attacks. It's possible that's tripping up their detection mechanism.
My workaround is to use an IPv6 ULA for my publicly hosted private IP addresses, which is extremely unlikely to ever be reused by a bad actor.