PSA: Safari URL Correction Being Exploited by Scammers
https://superuser.com/questions/888283/why-is-https-www-google-com-getting-redirected-to-http-www-https-com-www-goo
Scenario:
Copy-paste or type any URL beginning with `https//` (missing colon before `//).
Expected:
Invalid URL page (like Chrome does).
Actual:
It redirects to `https.com` which is a scam website that has random redirection based on the IP address to a variety of scam websites. When I tried it, my first few were to a tech support scam website, the others were all to similar exploiting ones (all from US IP address).
Tries from IP addresses of other countries also redirect to other random websites that are also of questionable nature.
Root Cause:
It seems like Safari always puts `.com` when URL does not have a TLD. e.g Typing `something//` automatically goes to `something.com` While most cases this seems like helpful behavior, in this particular case of `https//` only bad things are happening, and looks like scammers figured this out and are exploiting it in the wild.
I don't know when this started, but it seems like `https.com` has been owned by the same entity since 2008 at least.
`https://whois.domaintools.com/https.com`