+zbutler@ for consideration from a Safe Browsing POV; I can't tell whether the site is legitimate.

In terms of the certificate:
Firefox does not include the certificate's issuer (PostSignum Root QCA 2) in its trusted authorities store (See "Not in Trust Store" at https://www.ssllabs.com/ssltest/analyze.html?d=adisspr.mfcr.cz&latest). It isn't blocking the site as phishing. 

In contrast, Windows (IE) and Chrome do trust that certificate issuer, and the site's certificate has not been revoked by the CA: https://crt.sh/?q=B7DC86F042FEB41972B00C2053AFD484E70FD7CD

Mozilla declined to certify the CA: https://bugzilla.mozilla.org/show_bug.cgi?id=643398

The fact that the alleged phishing site shares the same ETLD+1 (mfcr.cz) and certificate issuer as the claimed legitimate site suggests that it is unlikely to be a phishing site.

Thanks for your answers. I didn't even realize it was possible for browsers to separately certify CAs.

Tested the issue on windows-7, Mac-10.11.4 and Linux ubuntu-14.04 with using 
chrome stable version 54.0.2840.59 and latest canary 56.0.2895.0 with below steps
1.opened chrome
2.Navigated to page https://adisspr.mfcr.cz/
3.could not observed any security warning which noticed in other browser(Firefox)


This is non-regression issue observed from earlier version of chrome M-30.0.1550.0.Hence marking it as untraiged to get addressed

elawrence -- Is the current warning state WAI? I do get an SSL error on Linux 54.0.2840.59.

I can't tell if this is a phishing site -- it doesn't appear to ask for any credentials AFAIKT.

+elawrence for prev comment

The website asks for upload of files and various credentials etc. at
http://adisspr.mfcr.cz/adistc/adis/idpr_pub/eet/eet_sluzby.faces

where one can get by clicking at "ELEKTRONICKÁ EVIDENCE TRŽEB" on the main adisspr.mfcr.cz web page.

@nparker re #8: Chrome uses the platform's Trusted Root store on Windows and Mac. On Linux, as far as I know, it ends up using NSS' root certificate database (also used by Firefox). So, yes, I'd expect this to show a cert error on Linux only.

Given that both addresses are in the same IP block owned by "Ministerstvo financi", this is either a legitimate site or the most clever phish I've ever seen.

Hostname: adisspr.mfcr.cz
IP:     185.16.183.177
ISP:	Ministerstvo financi
Organization:	Ministerstvo financi

Hostname: adisepo.mfcr.cz
IP:	185.16.183.158
ISP:	Ministerstvo financi
Organization:	Ministerstvo financi

It may be a legit site managed, but may be used for phishing other stuff.

In either event, I suggest we WontFix/WAI this.

- For the SafeBrowsing side, use the public information to find out why it was flagged for SB
- For it not causing an SSL error on some platforms, that's also WAI

The only thing which would be problematic is if the SSL error is masking the SafeBrowsing checking. That would be a bug.

Re: #12: To clarify, this site is NOT blocked by Safe Browsing. The reporter suggested that it should be, on account of the fact that he saw an error page when navigating to the site in Firefox. Firefox is showing the error page because the root certificate is not in Firefox's trust store.

We have no indication that the site in question is unsafe, but most of us neither speak Czech or have significant knowledge of the Czech tax authorities.

Ah, I was basing this on the tag.

In that case, I just suggest we close this WontFix/WAI.

Changing to WontFix, as above.