Yeah Google Ads lies about the destination URL, it always has. Which is why the correct choice is to consider Google Ad links malicious by default. There's actually no way to be sure where clicking them will send you, and tons of fraudsters have put scam ads with the official legit domain listed.
I've seen both Amazon and Best Buy URLs on scam ads.
The entire hackjacking of the URLs needs to stop. It is destroying the web. From Safari hiding the full path in the browser in the name of "minimalism" to AMP and all the other bullshit.
URLs are sacred. Please don't fuck with them. Please.
> From Safari hiding the full path in the browser in the name of "minimalism"
That was never the intent of hiding the path, it was and is to help users identify what a site’s domain actually is. To distinguish malicious sites with recognizable domain-like strings in/overlapping their paths as well as malicious sites with recognizable domains as subdomains. It’s not a panacea, but it’s effective. Chrome (and IIRC Firefox) also experimented with similar approaches before ultimately splitting the difference with higher contrast text for the domain.
Just to avoid no confusion, the issue here is that the URL displayed in the ad (and also when hovering over it) has a different domain from the page the user lands on when they actually click the ad. It's not about whether the advertiser owns the domain.
I've seen both Amazon and Best Buy URLs on scam ads.