The bot skips an important point. The site looks really close to the genuine site, only difference being “ķeepass dot info” and not “keepass”. Definitely easy to miss.
I feel like browsers should flag urls with unicode in their domains as suspicious by default. Maybe they already do, not sure. It’s honestly surprising to me in 2023 if they don’t.
I wouldn’t mind if FF popped up and said “hey, take another look at that URL” and very clearly drew attention to the weird k character. Of course it would have a “I’m absolutely sure this isn’t a scam, I own this domain or know who owns it and you don’t need to warn me about it in the future” button, but better safe than sorry.
This should be ON by default, in my opinion. Also, I believe Mozilla has a massive opportunity here to demarcate themselves as the more security-conscious browser vendor. “This phishing trick works on all major browsers except Firefox” would be great publicity material.
FF Android redirects me to the real keepass page and I have no idea why :D
Lol are you sure?
