Hi Digip, the problem is not with the dns server, i understand why a dns poisoning attack wouldn't work, either by an internal verification or by hsts. But i'm accesing directly via another url, not facebook's url. Also, i've noticed that when i use it with an internal ip eg 192.168.0.X or 10.10.16.X, it works perfectly and doesn't show any alert. However, when i try it with a public ip or a free url service such as 000webhosting, it shows a phishing alert. I'm thinking maybe it detects certain known websites, but it's definitely strange. No other browser is picking it up.