Update: This has been a known issue in other browsers since 2015 at least. My guess is it's been since fixed in Chrome/Firefox but not yet in Safari.<p>https://superuser.com/questions/888283/why-is-https-www-google-com-getting-redirected-to-http-www-https-com-www-goo<p>Scenario:<p>Copy-paste or type any URL beginning with `https//` (missing colon before `//).<p>Expected:<p>Invalid URL page (like Chrome does).<p>Actual:<p>It redirects to `https.com` which is a scam website that has random redirection based on the IP address to a variety of scam websites.
When I tried it, my first few were to a tech support scam website, the others were all to similar exploiting ones (all from US IP address).<p>Tries from IP addresses of other countries also redirect to other random websites that are also of questionable nature.<p>Root Cause:<p>It seems like Safari always puts `.com` when URL does not have a TLD.
e.g Typing `something//` automatically goes to `something.com` While most cases this seems like helpful behavior, in this particular case of `https//` only bad things are happening, and looks like scammers figured this out and are exploiting it in the wild.<p>I don't know when this started, but it seems like `https.com` has been owned by the same entity since 2008 at least.<p>`https://whois.domaintools.com/https.com`
Thanks for posting this.<p>>It seems like Safari always puts `.com` when URL does not have a TLD<p>This doesn't even seem that helpful of a redirect! Plenty of sites don't use .com. Might be better to turn off this functionality completely.