Why Does a Mistyped Vue URL Lead to Adult Sites? Uncovering the Redirect Trick

In a recent discussion, a user mistakenly typed the Vue documentation URL as http://vuejs.org.cn instead of the correct https://cn.vuejs.org/, which led to an unexpected adult website.

Investigating the behavior, the author used browser developer tools to monitor network activity and discovered a series of redirects:

First, a 301 redirect sends the request to an index.php page.

The index.php itself contains minimal content, primarily loading two JavaScript files.

These scripts generate a random number to choose between two target sites, causing different users or repeated refreshes to see varying pages, some of which are explicit.

Network analysis with curl captured the full page source, highlighting the red‑highlighted code responsible for the dual‑target redirection logic.

The author also notes similar incidents, such as a case where the Go standard library’s source code referenced a pornographic site, suggesting that such “domain hijacking” tactics may have commercial motives.

While the investigation stops short of identifying the exact operators, the findings illustrate how simple URL typos can expose users to malicious content and underscore the importance of proper URL handling and security checks in frontend development.

Readers are encouraged to share insights or further information about the phenomenon.