Turns out one single right-to-left character in a URL can make the omnibox (Address Bar) freak out, and render it wrongly:
Placing neutral characters such as “/”, “ا” in filepath causes the URL to be flipped and displayed from Right To Left. In order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters […] what matters is that the first strong character (generally, alphabetic character) in the URL must be an RTL character.
When typing in 127.0.0.1/ا/http://google.com
into the omnibox, it will be displayed as http://google.com/ا/127.0.0.1
, which is obviously not google.com … let this be a reminder to check also check for the green padlock being present when visiting well known sites.