Post by kas on Sept 23, 2018 23:07:44 GMT -5
Understanding URL's and telling which could be a bad site before visiting them.
Uniform Resource Identifier (URI) — a name that was later changed to URL. URL is another name for the link in the address bar. If I remember correctly from my first early computer classes in the 90's the URL stands for Uniform Resource LINK.
A web address or LINK or URL starts out with the Protocol which tells the browser the computer language that the browser should load.
Most of the time you will see the computer language that your computer and the site's server communicate in as Hypertext Transfer Protocol or http. Many browsers today don't even show the http unless it has an s after it meaning secure such as for banks. The protocol is followed by the :// characters. For example:
The times when you won't see a protocol is when you are using a naming convention for internal pages used by many popular browsers. An example of that is about:blank. About is NOT a protocol.
For example, my forums have a base address and then as you look at threads the URL gets longer.
http://kasha-against-spam.proboards.com/thread/523/understanding-urls-telling-which-couldbe
The parts of the url are the PROTOCOL://SUB-DOMAIN NAME.DOMAIN NAME or HOST NAMEDomain extension/DIRECTORY/SUB-DIRECTORY/FILE OR PAGE NAME
Directories are shown separated by a slash (in UNIX) or by a backslash (in Windows). In URLs, subdomains are separated by period (aka dot)
Other protocols you may see here are:
When it comes to sub-domain names they are the same as the old way URL's used to be listed but just in a different order:
Example:
science.example.com (in directory notation it is equivalent of com/example/science)
and
history.example.com (in directory notation it is equivalent of com/example/history)
21cif.com/tutorials/micro/mm/urls/page5.htm
Or this site might explain it better:
techwelkin.com/understanding-the-components-and-structure-of-a-url
Also, here are different extensions:
Some URL's have different file structures to them. For example:
Youtube can look like this: www.youtube.com/watch?v=YR12Z8f1Dh8&feature=relmfu
Resource Name
Then comes the name of the resource that you are seeking from the website. In this example, watch is the webpage that you are seeking.
The part after the domain name and extension and the blackslash (/) is the Resource Name which in this case is watch.
Then you have the ?. The question mark “?” signals the end of the entire domain name and beginning of the parameter list. Some webpages expect certain parameters to be passed on to them. This is necessary for the page to function properly.
Parameters
The parameters are passed in a “key=value” format and parameters in the list are separated from each other by a character “&” (pronounced as “ampersand”). In our example, we are passing two parameters to the watch page. These parameters are:
v=YR12Z8f1Dh8&feature=relmfu
The first parameter is v whose value is YR12Z8f1Dh8 and the second parameter is feature whose value is relmfu. Both the parameters are separated by the & character.
There is a lot more but I don't really want to get into this too deeply. My point of this was to explain URL's before we look at suspicious URL's in Search Engines such as Google.
There are other URL's that have an extension .php which can be used to download files onto your computer or do other things. After the .php extension there is the ? and the start of a parameter list that doesn't make any sense (random letters that are the name of a file folder) and a value which is a file that will download or bring you to a page with the program (or app) to download.
Today I was looking in Google and I noticed a LOT of links such as these with the same type of format. These look suspicious to me. I have taught my mom to not click on links because of what they have for you to get. Looks at the URL .. the domain name .. see if anything is suspicious that can tell you if the site may give you something that you do NOT want.
That last one, Avast Online Security said was not safe. I already figured all of these were not safe but the others did not have any red warning (in other words, not yet scanned).
If you want to visit a URL and are not sure if it is safe you can check it here: www.virustotal.com
I checked them all and 2 were Malicious and one even had Malware on the site. Good thing I got them scanned and did not visit them.
So my point is to always look at the whole URL and if it looks suspicious do not visit it.
This is also the case for spam emails to you that tell you your bank needs you to visit and gives you a link.
It might look something like this:
http://www.mybank.com.scamsite.com
Now when reading this notice there is not a / after mybank.com .. which means that is not the domain.
Just like earlier in our example of sub-domains which shows history.example.com you know if you look closely that the mybank.com.scamsite.com is not really your bank but a duplicate page on the website scamsite.com made to look like your bank to steal your bank ID and login. They record the input put into that page while you may think you are entering your information into your own bank's website.
So now even though I am not the best to describe this and made it confusing, hopefully, this will educate you and get you to look at those URL's closer to decide if it is worth just passing by. If you get a spam bank email you can even report it to your REAL bank so they can put out a warning to all clients.
Remember: The domain name is the one that ends in the extension before any backslash (/) and before the directory or sub-directory if it lists any. Also look for any misspelling in the URL like in this example:
http://www.firstamericanbnk.com (This url is now expired so it is safe for me to post it)
Does that site belong to the First American Bank?
It was a scammer site pretending to be a bank that was thankfully shut down in 2008 thanks to the security people of aa419.
So tell me .. is this really the PayPal URL?
Other links for you that are saying the same thing but might be easier to understand:
www.techwalla.com/articles/how-to-recognize-a-fake-url
www.thesslstore.com/blog/5-ways-to-determine-if-a-website-is-fake-fraudulent-or-a-scam/
Uniform Resource Identifier (URI) — a name that was later changed to URL. URL is another name for the link in the address bar. If I remember correctly from my first early computer classes in the 90's the URL stands for Uniform Resource LINK.
A web address or LINK or URL starts out with the Protocol which tells the browser the computer language that the browser should load.
Most of the time you will see the computer language that your computer and the site's server communicate in as Hypertext Transfer Protocol or http. Many browsers today don't even show the http unless it has an s after it meaning secure such as for banks. The protocol is followed by the :// characters. For example:
The times when you won't see a protocol is when you are using a naming convention for internal pages used by many popular browsers. An example of that is about:blank. About is NOT a protocol.
For example, my forums have a base address and then as you look at threads the URL gets longer.
http://kasha-against-spam.proboards.com/thread/523/understanding-urls-telling-which-couldbe
The parts of the url are the PROTOCOL://SUB-DOMAIN NAME.DOMAIN NAME or HOST NAMEDomain extension/DIRECTORY/SUB-DIRECTORY/FILE OR PAGE NAME
Directories are shown separated by a slash (in UNIX) or by a backslash (in Windows). In URLs, subdomains are separated by period (aka dot)
Other protocols you may see here are:
When it comes to sub-domain names they are the same as the old way URL's used to be listed but just in a different order:
Example:
science.example.com (in directory notation it is equivalent of com/example/science)
and
history.example.com (in directory notation it is equivalent of com/example/history)
21cif.com/tutorials/micro/mm/urls/page5.htm
Or this site might explain it better:
techwelkin.com/understanding-the-components-and-structure-of-a-url
Also, here are different extensions:
Some URL's have different file structures to them. For example:
Youtube can look like this: www.youtube.com/watch?v=YR12Z8f1Dh8&feature=relmfu
Resource Name
Then comes the name of the resource that you are seeking from the website. In this example, watch is the webpage that you are seeking.
The part after the domain name and extension and the blackslash (/) is the Resource Name which in this case is watch.
Then you have the ?. The question mark “?” signals the end of the entire domain name and beginning of the parameter list. Some webpages expect certain parameters to be passed on to them. This is necessary for the page to function properly.
Parameters
The parameters are passed in a “key=value” format and parameters in the list are separated from each other by a character “&” (pronounced as “ampersand”). In our example, we are passing two parameters to the watch page. These parameters are:
v=YR12Z8f1Dh8&feature=relmfu
The first parameter is v whose value is YR12Z8f1Dh8 and the second parameter is feature whose value is relmfu. Both the parameters are separated by the & character.
There is a lot more but I don't really want to get into this too deeply. My point of this was to explain URL's before we look at suspicious URL's in Search Engines such as Google.
There are other URL's that have an extension .php which can be used to download files onto your computer or do other things. After the .php extension there is the ? and the start of a parameter list that doesn't make any sense (random letters that are the name of a file folder) and a value which is a file that will download or bring you to a page with the program (or app) to download.
Today I was looking in Google and I noticed a LOT of links such as these with the same type of format. These look suspicious to me. I have taught my mom to not click on links because of what they have for you to get. Looks at the URL .. the domain name .. see if anything is suspicious that can tell you if the site may give you something that you do NOT want.
oakhill.nadvertex.com/ul4kj9z/0hukwlo.php?tozzwudzf=astro-file-manager Found nothing ... yet.
hopeforfallenleaves.org/yoc6uby/dtybscg.php?eaabqsrkn=shockwave-sound Found nothing ... yet.
curumins-berlin.de/r5mpsub/yoygahr.php?eaabqsrkn=snagit-8-free-download Found nothing ... yet.
sandstonesoftware.com.au/2odpvmx/iiyfgcy.php?eaabqsrkn=music-visualizer-free CRDF says Malicious and Fortinet found this URL to have Malware in it.
taylorbruce.com/s4jyytx/arxqb2f.php?eaabqsrkn=free-fire-top-up Found nothing ... yet.
foccusmedical.com.br/smfaytv/ricdi8u.php?eaabqsrkn=music-effects-apk Says contains something MaliciousThat last one, Avast Online Security said was not safe. I already figured all of these were not safe but the others did not have any red warning (in other words, not yet scanned).
If you want to visit a URL and are not sure if it is safe you can check it here: www.virustotal.com
I checked them all and 2 were Malicious and one even had Malware on the site. Good thing I got them scanned and did not visit them.
So my point is to always look at the whole URL and if it looks suspicious do not visit it.
This is also the case for spam emails to you that tell you your bank needs you to visit and gives you a link.
It might look something like this:
http://www.mybank.com.scamsite.com
Now when reading this notice there is not a / after mybank.com .. which means that is not the domain.
Just like earlier in our example of sub-domains which shows history.example.com you know if you look closely that the mybank.com.scamsite.com is not really your bank but a duplicate page on the website scamsite.com made to look like your bank to steal your bank ID and login. They record the input put into that page while you may think you are entering your information into your own bank's website.
So now even though I am not the best to describe this and made it confusing, hopefully, this will educate you and get you to look at those URL's closer to decide if it is worth just passing by. If you get a spam bank email you can even report it to your REAL bank so they can put out a warning to all clients.
Remember: The domain name is the one that ends in the extension before any backslash (/) and before the directory or sub-directory if it lists any. Also look for any misspelling in the URL like in this example:
http://www.firstamericanbnk.com (This url is now expired so it is safe for me to post it)
Does that site belong to the First American Bank?
It was a scammer site pretending to be a bank that was thankfully shut down in 2008 thanks to the security people of aa419.
So tell me .. is this really the PayPal URL?
Other links for you that are saying the same thing but might be easier to understand:
www.techwalla.com/articles/how-to-recognize-a-fake-url
www.thesslstore.com/blog/5-ways-to-determine-if-a-website-is-fake-fraudulent-or-a-scam/