Is this Paypal Github SDK reference really a dangerous site?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








51















I'm working on integrating a payment system with paypal in C#, and I installed the official paypal nuget package. Then I went to the paypal github site.



And linked to this below site (SDK Reference).



At this point both Chrome and Firefox warned me about



Deceptive Site Ahead



Is this site really dangerous?



URL's are listed here so that people don't need to click on potentially dangerous links:



https://github.com/paypal/PayPal-NET-SDK
http://paypal.github.io/PayPal-NET-SDK/Samples/PaymentWithPayPal.aspx.html









share|improve this question



















  • 4





    Seems to be fixed in Chrome now.

    – Omegastick
    Mar 8 at 15:28






  • 6





    I don’t know why PayPal doesn’t self host this anyway. Especially since this is getting served over HTTPS.

    – zero298
    Mar 8 at 23:03

















51















I'm working on integrating a payment system with paypal in C#, and I installed the official paypal nuget package. Then I went to the paypal github site.



And linked to this below site (SDK Reference).



At this point both Chrome and Firefox warned me about



Deceptive Site Ahead



Is this site really dangerous?



URL's are listed here so that people don't need to click on potentially dangerous links:



https://github.com/paypal/PayPal-NET-SDK
http://paypal.github.io/PayPal-NET-SDK/Samples/PaymentWithPayPal.aspx.html









share|improve this question



















  • 4





    Seems to be fixed in Chrome now.

    – Omegastick
    Mar 8 at 15:28






  • 6





    I don’t know why PayPal doesn’t self host this anyway. Especially since this is getting served over HTTPS.

    – zero298
    Mar 8 at 23:03













51












51








51


4






I'm working on integrating a payment system with paypal in C#, and I installed the official paypal nuget package. Then I went to the paypal github site.



And linked to this below site (SDK Reference).



At this point both Chrome and Firefox warned me about



Deceptive Site Ahead



Is this site really dangerous?



URL's are listed here so that people don't need to click on potentially dangerous links:



https://github.com/paypal/PayPal-NET-SDK
http://paypal.github.io/PayPal-NET-SDK/Samples/PaymentWithPayPal.aspx.html









share|improve this question
















I'm working on integrating a payment system with paypal in C#, and I installed the official paypal nuget package. Then I went to the paypal github site.



And linked to this below site (SDK Reference).



At this point both Chrome and Firefox warned me about



Deceptive Site Ahead



Is this site really dangerous?



URL's are listed here so that people don't need to click on potentially dangerous links:



https://github.com/paypal/PayPal-NET-SDK
http://paypal.github.io/PayPal-NET-SDK/Samples/PaymentWithPayPal.aspx.html






web-browser credit-card account-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 8 at 9:05







user230910

















asked Mar 8 at 8:51









user230910user230910

368137




368137







  • 4





    Seems to be fixed in Chrome now.

    – Omegastick
    Mar 8 at 15:28






  • 6





    I don’t know why PayPal doesn’t self host this anyway. Especially since this is getting served over HTTPS.

    – zero298
    Mar 8 at 23:03












  • 4





    Seems to be fixed in Chrome now.

    – Omegastick
    Mar 8 at 15:28






  • 6





    I don’t know why PayPal doesn’t self host this anyway. Especially since this is getting served over HTTPS.

    – zero298
    Mar 8 at 23:03







4




4





Seems to be fixed in Chrome now.

– Omegastick
Mar 8 at 15:28





Seems to be fixed in Chrome now.

– Omegastick
Mar 8 at 15:28




6




6





I don’t know why PayPal doesn’t self host this anyway. Especially since this is getting served over HTTPS.

– zero298
Mar 8 at 23:03





I don’t know why PayPal doesn’t self host this anyway. Especially since this is getting served over HTTPS.

– zero298
Mar 8 at 23:03










2 Answers
2






active

oldest

votes


















58














This is a typical false positive. Since Firefox is using Google safe browsing API, it will show similar warning as in Chrome browser. Since some antivirus also use the API, it will be warned by those antivirus as well.



Here is the Google safe browsing transparency report. Somebody needs to file an incorrect phishing warning to google to remove the incorrect warning.



For antivirus/security services, the false positive problem can be cascaded by Google safe browsing and each other's detection algorithm. If you put the URL into virustotal, you will see a possible detection compound problem, e.g. A see B,C,D services detect the URL, so it also assume the URL is bad.



google safe browsing results as at Mar 8 2019



(Update : phishing web page example)



Because github.io allows user to stage their web content, do not assumed that anything hosting there is safe. Here is an phishing webpage spotted and have been removed by github.io.
a phishing github webpage






share|improve this answer
































    112














    No, it's not dangerous at all. Your browser is warning you because a non-Paypal website has Paypal in its name. This is a common technique used by phishing sites that attempt to fool you into thinking the site is official. For example, a website might be called paypal.secure1234.com and made to look like the official site, enticing you to trust it and input your sensitive credentials. The browser has no way of knowing that the site you are visiting has Paypal in its name for completely benign reasons.






    share|improve this answer

























      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "162"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205009%2fis-this-paypal-github-sdk-reference-really-a-dangerous-site%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      58














      This is a typical false positive. Since Firefox is using Google safe browsing API, it will show similar warning as in Chrome browser. Since some antivirus also use the API, it will be warned by those antivirus as well.



      Here is the Google safe browsing transparency report. Somebody needs to file an incorrect phishing warning to google to remove the incorrect warning.



      For antivirus/security services, the false positive problem can be cascaded by Google safe browsing and each other's detection algorithm. If you put the URL into virustotal, you will see a possible detection compound problem, e.g. A see B,C,D services detect the URL, so it also assume the URL is bad.



      google safe browsing results as at Mar 8 2019



      (Update : phishing web page example)



      Because github.io allows user to stage their web content, do not assumed that anything hosting there is safe. Here is an phishing webpage spotted and have been removed by github.io.
      a phishing github webpage






      share|improve this answer





























        58














        This is a typical false positive. Since Firefox is using Google safe browsing API, it will show similar warning as in Chrome browser. Since some antivirus also use the API, it will be warned by those antivirus as well.



        Here is the Google safe browsing transparency report. Somebody needs to file an incorrect phishing warning to google to remove the incorrect warning.



        For antivirus/security services, the false positive problem can be cascaded by Google safe browsing and each other's detection algorithm. If you put the URL into virustotal, you will see a possible detection compound problem, e.g. A see B,C,D services detect the URL, so it also assume the URL is bad.



        google safe browsing results as at Mar 8 2019



        (Update : phishing web page example)



        Because github.io allows user to stage their web content, do not assumed that anything hosting there is safe. Here is an phishing webpage spotted and have been removed by github.io.
        a phishing github webpage






        share|improve this answer



























          58












          58








          58







          This is a typical false positive. Since Firefox is using Google safe browsing API, it will show similar warning as in Chrome browser. Since some antivirus also use the API, it will be warned by those antivirus as well.



          Here is the Google safe browsing transparency report. Somebody needs to file an incorrect phishing warning to google to remove the incorrect warning.



          For antivirus/security services, the false positive problem can be cascaded by Google safe browsing and each other's detection algorithm. If you put the URL into virustotal, you will see a possible detection compound problem, e.g. A see B,C,D services detect the URL, so it also assume the URL is bad.



          google safe browsing results as at Mar 8 2019



          (Update : phishing web page example)



          Because github.io allows user to stage their web content, do not assumed that anything hosting there is safe. Here is an phishing webpage spotted and have been removed by github.io.
          a phishing github webpage






          share|improve this answer















          This is a typical false positive. Since Firefox is using Google safe browsing API, it will show similar warning as in Chrome browser. Since some antivirus also use the API, it will be warned by those antivirus as well.



          Here is the Google safe browsing transparency report. Somebody needs to file an incorrect phishing warning to google to remove the incorrect warning.



          For antivirus/security services, the false positive problem can be cascaded by Google safe browsing and each other's detection algorithm. If you put the URL into virustotal, you will see a possible detection compound problem, e.g. A see B,C,D services detect the URL, so it also assume the URL is bad.



          google safe browsing results as at Mar 8 2019



          (Update : phishing web page example)



          Because github.io allows user to stage their web content, do not assumed that anything hosting there is safe. Here is an phishing webpage spotted and have been removed by github.io.
          a phishing github webpage







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Mar 20 at 10:39

























          answered Mar 8 at 10:05









          mootmootmootmoot

          2,079615




          2,079615























              112














              No, it's not dangerous at all. Your browser is warning you because a non-Paypal website has Paypal in its name. This is a common technique used by phishing sites that attempt to fool you into thinking the site is official. For example, a website might be called paypal.secure1234.com and made to look like the official site, enticing you to trust it and input your sensitive credentials. The browser has no way of knowing that the site you are visiting has Paypal in its name for completely benign reasons.






              share|improve this answer





























                112














                No, it's not dangerous at all. Your browser is warning you because a non-Paypal website has Paypal in its name. This is a common technique used by phishing sites that attempt to fool you into thinking the site is official. For example, a website might be called paypal.secure1234.com and made to look like the official site, enticing you to trust it and input your sensitive credentials. The browser has no way of knowing that the site you are visiting has Paypal in its name for completely benign reasons.






                share|improve this answer



























                  112












                  112








                  112







                  No, it's not dangerous at all. Your browser is warning you because a non-Paypal website has Paypal in its name. This is a common technique used by phishing sites that attempt to fool you into thinking the site is official. For example, a website might be called paypal.secure1234.com and made to look like the official site, enticing you to trust it and input your sensitive credentials. The browser has no way of knowing that the site you are visiting has Paypal in its name for completely benign reasons.






                  share|improve this answer















                  No, it's not dangerous at all. Your browser is warning you because a non-Paypal website has Paypal in its name. This is a common technique used by phishing sites that attempt to fool you into thinking the site is official. For example, a website might be called paypal.secure1234.com and made to look like the official site, enticing you to trust it and input your sensitive credentials. The browser has no way of knowing that the site you are visiting has Paypal in its name for completely benign reasons.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Mar 8 at 9:07

























                  answered Mar 8 at 9:01









                  forestforest

                  39.3k18127139




                  39.3k18127139



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Information Security Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205009%2fis-this-paypal-github-sdk-reference-really-a-dangerous-site%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown






                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?