Yes, a website without SSL is very likely a phishing attack, it means someone might be impersonating the real website and so it shouldn’t be trusted. Even if by a fluke of chance you hit the right site, all of your communication with it is unencrypted, so anyone in the path can see it clearly.

No, Google has hit me with this multiple times for sub domains where the subdomain is the name of the product and has a login page.

So, for example, if I have emby running at emby.domain.com they’ll mark it as a phishing site. You have to add your domain to their web console and dispute the finding which is probably automated. I’ve had to do this at least three times now.

All my certs were valid.

They are if you control the network of the egress point which is what the first person said.

And I don’t need evidence for that. If you don’t understand those words, you don’t understand how the internet works.

You literally don’t know what you are talking about.

You’re like a computer novice that is only aware of commercialized VPN products thinking you know what you’re talking about but unaware that the commercialized products are open source things that anyone can run, and you’re only paying for the company to run them on their boxes.