if you want to open a subdomain of a url that does not exist, you will arrive at the first url (alphabet) that has been created. If you forge https on a URL that does not have https, you will arrive at the first website that has an https. How to solf it?
What you describe is the normal behavior of any apache and nginx web server, so there is nothing wrong with your setup. For non-https sites, create a default vhost to catch those requests by adding a website with domain name '000-default.tld' in ISPConfig. For https sites, either enable https for all sites or use one IP for https sites and another one for sites without https or use one server for https sites and another server for non-https sites. You can also create a default vhost for ssl, but as the ssl cert will never match the incoming request, users will just get an ssl error, so that's no real solution.
The first option "with domain name '000-default.tld" i have done in the past and that works. Only for https i need a solution
do exactly the same thing with 000-default-ssl.tld and specify the crt, key, and chain file in the config using a certificate with your servers fqdn, or a wildcard cert for the servers domain name.