PSA: Safari URL Correction Being Exploited by Scammers
Update: This has been a known issue in other browsers since 2015 at least. My guess is it's been since fixed in Chrome/Firefox but not yet in Safari.
https://superuser.com/questions/888283/why-is-https-www-google-com-getting-redirected-to-http-www-https-com-www-goo
Scenario:
Copy-paste or type any URL beginning with `https//` (missing colon before `//).
Expected:
Invalid URL page (like Chrome does).
Actual:
It redirects to `https.com` which is a scam website that has random redirection based on the IP address to a variety of scam websites. When I tried it, my first few were to a tech support scam website, the others were all to similar exploiting ones (all from US IP address).
Tries from IP addresses of other countries also redirect to other random websites that are also of questionable nature.
Root Cause:
It seems like Safari always puts `.com` when URL does not have a TLD. e.g Typing `something//` automatically goes to `something.com` While most cases this seems like helpful behavior, in this particular case of `https//` only bad things are happening, and looks like scammers figured this out and are exploiting it in the wild.
I don't know when this started, but it seems like `https.com` has been owned by the same entity since 2008 at least.
`https://whois.domaintools.com/https.com` Thanks for posting this. >It seems like Safari always puts `.com` when URL does not have a TLD This doesn't even seem that helpful of a redirect! Plenty of sites don't use .com. Might be better to turn off this functionality completely. It's probably related to the default browser shortcut which loads `foo.com` when entering `foo` in the address bar, and pressing `Ctrl-Enter` That behavior goes all the way back to the mid 90s in IE4 at least when everything was .com Is there an example of somewhere posting these malformed URLs? Yup, I found about this when I accidentally clicked on such a link to PlayStore that was missing the colon and was confused when it didn't work and copy-pasted it in the address bar. I am sure it was just a typo on that website. GitHub is full of similar typos in documentation and code files (74.8k results). I am not sure if there's a way to do a web search based on code and find "live" examples but I can't imaging there'd be a shortage of those either.