Scenario: Copy-paste or type any URL beginning with https// (missing colon before `//).
Expected:
Invalid URL page (like Chrome does).
Actual:
It redirects to https.com which is a scam website that has random redirection based on the IP address to a variety of scam websites. When I tried it, my first few were to a tech support scam website, the others were all to similar exploiting ones (all from US IP address).
Tries from IP addresses of other countries also redirect to other random websites that are also of questionable nature.
Root Cause:
It seems like Safari always puts .com when URL does not have a TLD. e.g Typing something// automatically goes to something.com While most cases this seems like helpful behavior, in this particular case of https// only bad things are happening, and looks like scammers figured this out and are exploiting it in the wild.
I don’t know when this started, but it seems like https.com has been owned by the same entity since 2008 at least.
https://whois.domaintools.com/https.com
