I have never seen a 'wrong' case of safebrowsing warning...
Always after sufficient investigation I find that the server has been broken into and there are some malicious PHP files sitting in some directory named '.system' or something similar.
Either that or the site allows user uploads and some user has uploaded some malicious JavaScript crypto miner or something.
On a mastodon server, it is hard to check all the content posted by all the users... But I'd bet somewhere there is something malicious that safebrowsing detected.
Everyone just assumes, incorrectly, that their systems are clean and secure. It didn't seem to even occur to OP to seriously investigate his site for "malware or social engineering attacks".
On this topic: I've encountered multiple small business websites that have a spam JavaScript redirect that on a referral from google.com -- if you go directly to the website (as the business owner or the GoogleBot might), everything is fine, if you click out from Google you get served either a small page with nothing both the JavaScript redirect, or the page with the JavaScript redirect prepended.
Some variants of this use cookies to only serve the redirect on the first click from Google, so if you're like "weird" and try again, everything looks fine the second time.
You can see the problem if you curl such a URL with Google as the referrer.
Sometimes the console does tell you which URL they found malicious content at.
However, if they detect you doing dodgy things like trying to cloak from their scanner (eg. giving bad content when given a browser user agent from a home internet IP range, but not when scanned by googlebot from a google datacenter), then they won't give the URL because that would leak what IP range they scan from to detect such cloaking.
If we let Google design our criminal justice system, the accused would never be informed of what crime they broke because that would "help criminals get away with it"
Always after sufficient investigation I find that the server has been broken into and there are some malicious PHP files sitting in some directory named '.system' or something similar.
Either that or the site allows user uploads and some user has uploaded some malicious JavaScript crypto miner or something.
On a mastodon server, it is hard to check all the content posted by all the users... But I'd bet somewhere there is something malicious that safebrowsing detected.