do you have a hostname canonicalization redirect in place?
what happens when you request this url?
you should get a 301 redirect to the equivalent path on the www hostname...

[edited by: phranque at 7:17 am (utc) on Jul 6, 2018]

Check out how your host handles subdomains. You may need to change or add an A Record.

For me the issue is entirely why it appears that way in Google. I don't use subdomains. This URL

https://ti.example.com/directory/new-page-on-widgets.htm

Isn't mine, so how the hell did my new page end up in Google that way?

How does

 https://www.example.com morph into https://ti.example.com

at Google?

A dopey error of sorts, or was it something malicious?

Have you heard back from your host? (BTW, you do have a pre-change back of your site, right?)

BTW, you do have a pre-change back of your site, right?

The only thing I know about pre-change is if you intend to change your domain name, which of course isn't my intention.

Why I am so worried is if your click on the link - https://ti.example.com/directory/new-page-on-widgets.htm
- provided by Google search you are sent to a page [as if it really exists on my site] which says:

This site is not secure
This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.
Recommended iconClose this tab
More information More information

Of course my site is in fact secure, and the correct URL causes no problems.

What at Google search substituted ti. for www.?

There are no subdomains on my site at all

The "not secure" message is likely only because your certificate doesn't include ti. as a subdomain.

Have you seen any traffic logged to that URL - including Google's bots?
Have you tried submitting the actual URL using "Fetch as Google" in the old GSC?
Made sure something hasn't accidentally created a link to that /ti. URL in an edit or sitemap?
Have you checked headers when trying to visit that URL?
Do "visits" trigger a 500 error?

Not that I think you haven't checked, just can't think of anything that might have gotten that link into Google's sights.

What at Google search substituted ti. for www.?

Nothing. Google doesn't invent URLs, it only discovers them.

As I said above, you need to get the answer from your host. This is where the URL is being created. Google just found it and added it to the index.

Also, this is not a hack.

FTP to your site file heirachy. Look above root. Unhide any hidden files. If the subdomain exists, you should see it.

So if you do not see this subdomain "ti" anywhere on your account, and your server admin can't explain it...

...then the logical explanation is that another site placed a link to your site but misspelled the URL either accidentally, or by design and Google crawled it.

The placeholder "www" can really be anything. That's why ti.example.com points to your site, and as not2easy explained, you get a browser security warning because this address is not valid for your security certificate.

These things happen. I see lots of URL errors in GSC every week. Some are just pages no longer on my server, but many are non-existent URLs that have no explanation.

There is absolutely nothing my host nor myself can identify on the server. Nothing at all.

I have requested Google delete the proper URL. I'll wait awhile and see what happens, if it goes away then I'll resubmit the page.

BTW there is no way I can see the source code of that page.

BTW there is no way I can see the source code of that page.

No cache in Google?
What about wayback machine - of course, if it's too new it won't be there.

Page is only a couple of days old mate

For the technically minded our internet service has been switched from ADSL via phone line over to what was supposed to be fibre optic.

In regional areas you get a hybrid. No matter what you get though - if you have a power blackout you lose your VOIP telephone.

A long story, but a mini cyclone [hurricane] through here a few years back left us without power for over a week. My old landline phone continued to work, not so mobile phones without means of charging until the local club provided charging suites powered by a generator, then the phone tower flat batteries closed the phones down anyway after a few days.

There was a serious medical emergency [not mine] and having an old land line phone I was able call an ambulance. With this new fangled broadband thingy? No electricity, no phone, no ambulance.

I teach electronics. This project page was an uninterruptable power supply designed to solely power my modem. Pull it out of the 240V power point, and you can still make a telephone call - mission accomplished at a cost of around $A 70.00 about $US 50.00. The cheapest commercial UPS cost nearly twice that...

Repairing, building, modifying things is what I do for recreation and entertainment.

Might still be a google cache, but, then, i guess you would have seen that already. Aaaah, well, just a thought.

Any server raw logs?

What about Search Console?

I looked at the page.

ti.example.com is the same exact mark-up as www.example.com

As I said, www or ti or whatever is just a place holder for a sub-domain, but you don't have a sub-domain configured on your account so it just goes to your index page.

Quick thoughts off the top of my head...

Any chance you've got wildcard subdomains enabled in your DNS A-records? Wildcard DNS is open to all kinds of mischief and errors.

Also, one of the first things to look for when you think you've been hijacked is whether the site that appears in the serps mimicks changes of your page content in real time, or whether it's been scraped and is a static version. "Live" realtime changes that also show up in the serps suggest DNS or proxy hijacking of some sort, whereas scraped pages that don't respond to realtime changes suggest other mechanisms.

Compare Google results with results in, say, Bing (or local requests for your pages via direct url requests, without a search engine) to see if there's a difference.

BTW there is no way I can see the source code of that page.

Can you explain why that is. Are the pages in ti subdomain further cloaked, or do they redirect when you examine them. That would also suggest hacking. There are a million ways hackers might try to prevent you from accessing a page.

And looking at your site using fetch as Googlebot might provide other clues.

I have requested Google delete the proper URL. I'll wait awhile and see what happens, if it goes away then I'll resubmit the page.

Did that yesterday - problem now resolved - correct URL alone now appears in Google search results.

Weird

Thanks to all

The end result is what's important, yet, the mystery remains! How cool is that? I see a major movie in the wings. :)

More seriously, good result. On to the next adventure...

Any chance you've got wildcard subdomains enabled in your DNS A-records? Wildcard DNS is open to all kinds of mischief and errors.

have you verified that you don't have wildcard subdomains implemented at your dns?

Did that yesterday - problem now resolved - correct URL alone now appears in Google search results.

you may be addressing the results but i don't think you have solved the cause.

Have you checked headers when trying to visit that URL?

my questions still stand unanswered:

do you have a hostname canonicalization redirect in place?
what happens when you request this url?

what happens when you request this url?

I answered that above.

It was the same mark-up as the normal index page... because it was the same page only the cert didn't apply to that odd sub-domain placeholder, so the browser was displaying a warning.

I agree that the cause of this URL has not been discovered, but also as I said above, maybe it is as simple as a 3rd party backlink with a typo.

I see all kinds of strange URLs for my sites, most unexplained. Always have.

I answered that above.

headers?
status code (chain)?

regardless of how or where it was discovered, if the hostname is noncanonical it should be redirected with a 301 status code instead of providing a 200 OK response.