Hi there,

I'm dealing with a rather enigmatic issue that's been plaguing me for a while now. I've got an instance of n8n, an integration platform, set up on a dedicated subdomain. This subdomain is exclusively used for accessing the admin dashboard - there's no other content or functionality hosted on it.

However, for the past week, Google has been flagging this admin login page as employing "social engineering tactics". As a result, my entire domain and all associated subdomains, including email services, are being red-flagged.

This issue seems to have arisen after I registered an application on Google Cloud to facilitate n8n's interaction with tables. I specified the admin login page as the application's homepage, which is how Google became aware of it. Notably, Yandex isn't raising any flags, and other verification services I've consulted don't seem to have any issues with the page either. Yet, Google persists in categorizing the admin login page as a social engineering threat.

I've submitted requests for reevaluation, and after a 48-hour wait, the issue was temporarily resolved. However, the problem recurred a day later, leaving me perplexed.

In light of this, I'd appreciate any insights into potential causes or solutions. This situation is nothing short of bewildering, to be frank.

I'd recommend taking a step back and reevaluating your setup. Instead of fighting Google's flagging, why not consider using a different approach? You could set up a separate, isolated environment for your admin login page, using a different domain or subdomain that's not associated with your main domain. This would allow you to keep your admin login page separate from your main domain and avoid any potential flagging issues.

Additionally, you could consider using a third-party authentication service to handle your admin login, which would add an extra layer of security and credibility. By thinking outside the box, you can avoid Google's flagging altogether.

It's evident that the issue at hand stems from a misstep on Google's part. The question remains, what implications does this have on the overarching security paradigm?

Prior to putting a domain on the blacklist, Google sends out notifications through Search Console. This platform allows us to flag any erroneous blocks that might occur.

In the absence of Search Console, I suspect that Google would proceed to blacklist the domain without delay.