MetaMask · mindofmar · Oct 31, 2025 · Oct 14, 2025 · Oct 14, 2025 · Oct 16, 2025
diff --git a/app/scripts/background.js b/app/scripts/background.js
@@ -344,7 +344,7 @@ function maybeDetectPhishing(theController) {
 
       // Determine the block reason based on the type
       let blockReason;
-      let blockedUrl = hostname;
+      let blockedUrl = href;
       if (phishingTestResponse?.result && blockedRequestResponse.result) {
         blockReason = `${phishingTestResponse.type} and ${blockedRequestResponse.type}`;
       } else if (phishingTestResponse?.result) {
@@ -354,16 +354,18 @@ function maybeDetectPhishing(theController) {
         blockedUrl = details.initiator;
       }
 
+      const blockedHostname = new URL(blockedUrl).hostname;
+
       if (!isFirefox) {
         theController.metaMetricsController.trackEvent(
           {
             // should we differentiate between background redirection and content script redirection?
             event: MetaMetricsEventName.PhishingPageDisplayed,
             category: MetaMetricsEventCategory.Phishing,
             properties: {
-              url: blockedUrl,
+              url: blockedHostname,
               referrer: {
-                url: blockedUrl,
+                url: blockedHostname,
               },
               reason: blockReason,
               requestDomain: blockedRequestResponse.result
@@ -376,7 +378,10 @@ function maybeDetectPhishing(theController) {
           },
         );
       }
-      const querystring = new URLSearchParams({ hostname, href });
+      const querystring = new URLSearchParams({
+        hostname: blockedHostname, // used for creating the EPD issue title (false positive report)
+        href: blockedUrl, // used for displaying the URL on the phsihing warning page + proceed anyway URL
+      });
       const redirectUrl = new URL(phishingPageHref);
       redirectUrl.hash = querystring.toString();
       const redirectHref = redirectUrl.toString();