RESEARCH PoC - Arc Android 94 HTTPS-lock spoof. Researcher's own mock page. Not a real bank.
WARNING: this page is loaded over HTTPS. The lock test is VOID. Re-open it over plain http:// (e.g. http://poc.syarif07.my.id/).
ExampleBank - Online Banking
Real committed origin of THIS page: ...
Over http it should show no padlock / "Not secure". After you TAP a green/blue Continue,
the omnibox flips to the https domain with a padlock while this http page stays painted =
false lock. The grey Control flips the bar but stays without a padlock, confirming
f31061A = target.startsWith("https:").
Fallback if the 204 reverts: change the green link target to https://syarif07.my.id/stall.php.