Google ad link impersonating

This discussion was created from comments split from: Can’t open zotero website on chrome and safari.
  • I have an observation that may or may not be relevant. I almost exclusively use Firefox. Two days ago I opened Safari for the first time in forever. I didn't have zotero bookmarked. I entered "" in the URL field and received a list from Google instead of linking to the Zotero website. Like a nitwit in a hurry I clicked the first listed link. I received an error message stating:

    "This connection is not private. This website may be impersonating to steal your personal or financial information. You should go back to the previous page."

    I realized that I did something dumb & wrong and what I got was a Google search and the first item's url was to a free utility aggregator site. The link had an Ad mark.

    I entered the full URL with https and was taken to

    I'm now on my iPad and I tried to replicate the problem and find the shady link but I couldn't get Google to show me any ads at the top of the search list for any word search.
  • You should be able to find the URL you visited in your Safari history. What you describe doesn't make a ton of sense, though:

    1) An actual URL (e.g., "") wouldn't trigger a Google search in a browser address bar. A typo might trigger a search, though.

    2) It hasn't been necessary to manually type HTTPS when accessing in many years — has been in browsers' lists of HTTPS-only sites for over a decade, so all modern browsers will redirect http:// Zotero URLs to https:// before they hit the network.

    3) If you accessed some malicious site, it wouldn't have a domain of, so you wouldn't get that certificate warning. The only exception is if your computer or network (your DNS resolver, specifically) was actually compromised, such that was resolving to the wrong IP address — then the browser would redirect you automatically to and you'd see a certificate warning. But then manually typing would just take you to the same malicious site.

    In any case, your browser history should show you exactly what you did.
  • edited February 19, 2024
    The problem url is (separated to avoid linking)




    I sent a screen shot of the error message to

    edit: I am absolutely certain that I entered into the Safari URL field expecting to be taken to Zotero website. Instead I received a Google search listing.
  • OK, that's certainly scammy, but it wouldn't have showed a certificate warning about (It also is serving the genuine installer, not malware, at least to me.)

    Fraudulent search ads for "zotero" can be reported, but whether this counts would probably depend on the exact wording.
  • (That site also has a valid Let's Encrypt certificate. Not sure why you would be getting a certificate error there.)
Sign In or Register to comment.