This is a neat tool! FYI, make sure the domain is registered with Safe Browsing in advance. If one subdomain is cataloged as malicious by google the entire domain can be flagged. It can be a pain to deal with.
You need multiple subdomains to be flagged in order to cause the eTLD+1 domain to be flagged. But then since this is open for anyone to change, I imagine it's really easy to cross that threshold.
This is a real risk. When people start adding CNAME's or A's that point to known phishing sites, it's very easy for Google to notice and block.
hypothetically, what happens if a domain is catalogued by malicious? Also who catalogues it? If you haven't bought the domain from Google, the only thing that Google can do is not show the domain on google search results. Did I miss anything?
> If you haven't bought the domain from Google, the only thing that Google can do is not show the domain on google search results. Did I miss anything?
I would imagine they might also show warnings in Chrome.
Indeed. Google basically gives this service away to browsers. It costs money if you want to build a commercial service using it, but if you give away browsers, no problem.
You can switch it off, but you probably shouldn't, even if you're sure you would spot a phishing scam, actually maybe even especially if you're sure you would spot the scam.
The service is capable of being quite nuanced since it works on (hashes of) HTTP path segments, so e.g. it can say OK this site https://some.example/ seems fine except the /cgi-bin/crapscript.php/fake-bank/ pages are clearly a fake bank, and so if your browser tries to visit those pages it gets flagged. But equally it can say OK, everything in bogus.example is bogus, fakebank.bogus.example, harrods.bogus.example, www.news.bogus.examples, it's all bogus, warn for all of it.
You can't get the actual list, because if you could of course that mostly helps bad guys. Your browser does a bunch of hash lookups, and it has a fancy tree structure, so it can rule out e.g. OK everything starting FE43 is fine, everything in FD9 is fine etc. If that tree can't rule out a hash it calls Google, who have much finer grained hash data that wouldn't fit in your browser. Also periodically the browser fetches delta updates to the tree from Google.
Google's safe browsing list has never caught a fishing site for me. Since it's public, phishers obviously check their site against it before sending it to you.
> You can switch it off, but you probably shouldn't
You really should disable it because Google cannot be allowed to be the gatekeeper of the internet. The list contains tons of non-malicious URLs [0] and Google has absolutely no incentive to remove them. And even if you haunt them enough to do so the same broken process that added it in the first place will just add it again. Any browser that enables this list by default is actively making the web a worse place an engaging in mass-defamation.
> It does NOT contain any malware. Use a browser that is free of Google Shit Browsing security service crap (which is based on tons of noname antivirus "engines", look at VirusTotal if interested).
