Showing SSL error for genuine sites (links from google search results) and then getting routed to spam advertising sites.

The IP address you listed appear to be registered in Amsterdam.

The iPhone is a closed device. Unless you did a deliberate "jailbreak" to allow it to load software from wherever you choose, nothing except signed, notarized App Store Apps can be installed.

¿are you an iPhone developer? if you are, you should reach out to developer support for help.

Your certificate for localhost is troubling in itself. Localhost is the current device. There is generally no certificate installed for localhost, and if there were one, I would expect it to point back to Apple, not to ospanel.

--------

Another possibility is that your Domain Name Server (DNS) Address in your phone and/or Mac is being provided by your Router automatically, and the address in you Router has been changed to point to a malicious DNS server. In general, you should be using the DNS provided by your Internet service provider, but the default is to use the address provided by your Router. (Your Router automatically gets its DNS server address from the next Router upstream, that belongs to your ISP.)

To just try some stuff, WRITE down the numbers you have now,

then you could deliberately use Google DNS numbers:

8.8.8.8

8.8.4.4

and see if anything changes

On your Mac, you can connect to your Router and check to be sure its DNS address is correct, by logging in to your Router as administrator and reading the settings.

This is a really complex problem, and you may need to contact Apple support for more help:

Official Apple Support

.

You also want to change the admin password of your router after you reset the router. In fact, it is even better if you can also change the actual "admin" name as well to make it more difficult for anyone to guess the login credentials of the router, but some routers don't allow it.

The UPnP feature of routers (enabled by default on most routers) are considered vulnerable especially if you have older routers that were never patched. Yes, consumer router vendors are very bad at updating router firmware to address security concerns since many of them stop supporting routers after a short period of time.

Also many consumer home routers and even other IoT devices (aka "Smart Devices", any device with network access like TV, refrigerator, etc.) have very poor security, it is best to keep their firmware updated if possible.

Here are just some articles regarding the numerous vulnerabilities of consumer home routers and other Smart Devices found in the home these days:

https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/

https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/

https://arstechnica.com/information-technology/2018/11/mass-router-hack-exposes-millions-of-devices-to-potent-nsa-exploit/

https://arstechnica.com/information-technology/2017/11/rethinking-our-approach-toward-personal-threat-models-in-an-iot-world/

While macOS has great built-in security, it also require the user to do their part as well by practicing safe computing habits such as those mentioned in this excellent article written by a respected forum contributor:

Effective defenses against malware and other threats - Apple Community

There is one more related detail your should check.

On your Router, the way you usually login to check things and make adjustments is as a LOCAL administrator (connecting from your network). This is a great feature, and may be needed from time-to-time.

Most Routers also allow REMOTE administration (connecting from anywhere on the Internet) . This is a security risk. Unless you know you MUST use it frequently, you should disable the ability to log in and make changes REMOTELY.

I am facing this problem too on both all my families iPhones. The Safari is showing links for google search results as not having valid SSL certificates. When I click proceed to site, I get routed to this IP address always - http: //89.208.103.43.

These are new iphones, they are not hacked, bought fresh from local Apple store. The issues started occurring when the iphones are connected to home WIFI, but now it occurs when using cell data too. The issue just started 0/01/2023. I've factory reset the WIFI. I've clears the safari's data and history, but the issue comes back.

I have not only cleared data & history, I closed all app tabs.

I did find that my DNS on my firewall was changed to 79.137.248.21 and 8.8.8.8. the 79.137.248.21 is in

Helsinki, Uusimaa, Finland, so might have been hacked, but oddly only the devices on wifi were affected, hardwired PCs were not affected.

jsh80-

DNS numbers are normally Provided DIRECTLY by your Router when you use DHCP to get a good local IP address and connect.

if the ones on your Router are manually deleted and you re-connect with your ISP's upstream router, the ISP Router will give your Router its DNS numbers.

... or you can intervene manually and place know good numbers in Your Router, then reconnect to get them on your devices.

This is not a Virus attack, defined as a spontaneous breaching of your Mac or phone without your intervention.

It may be caused by an attack, but not one that compromised your devices' integrity. Fix the DNS numbers and your device should be fine for now. Then make sure your Router does not allow administration remotely -- FROM the Internet -- and change the login-name and password away from the default.

please post the chain of certificates it says it is trying to use. like this one:

.