TLDR: You can use Browserling (built by me and my team) to check if a URL is safe. You can connect to your browser remotely by running it in a virtual machine in the cloud. This way, you can open malicious URLs without risking infecting your device because everything is done in this remote browser.
introduction
As the world becomes more digitally interconnected, the importance of being able to distinguish between secure and insecure URLs has never been more important. Insecure URLs can lead to malware infections, phishing attempts, and personal data compromise. In this article, I’ll explain what I (with 20 years of experience in web security) know about how to distinguish between safe and unsafe URLs, and how to use Browserling to find and avoid these digital landmines. I’ll explain everything.
Understand URL structure
Before delving into the signs of an insecure URL, it’s important to understand the basics of a URL. A URL can be divided into seven parts: protocol scheme, subdomain, domain, top level domain (TLD), path, query string, and anchor. Let’s take a look at each part.
protocol scheme
This is the first part of a web address that determines the communication protocol or program used to open it.
example: http
, https
, ftp
or mailto
.
in the URL https://www.google.com
the https
is a secure version of the HTTP protocol used for online communications, ensuring that data is encrypted and transmitted securely between your device and a website.
Domain name
The main part of a web address. This is a human-readable address that uniquely identifies a website or online resource.
example: google.com
, yahoo.com
and digg.com
.
in the URL https://www.google.com
the google.com
sub domain
This is an optional part before the domain name.
example: www
, blog
or shop
.
in the URL https://www.google.com
the www
This is a commonly used prefix in web addresses that stands for “World Wide Web” and serves as a standard subdomain for almost all websites.
Top-level domain (TLD)
The last segment of a web address. Indicates the domain type, category, or country of origin.
example: .com
, .org
, .net
, .it
or .onion
.
in the URL https://www.google.com
the .com
path
A specific page on a website.
example: /blog
, /account
or /resources/free/downloads
.
in the URL https://www.google.com/blog
the /blog
directs users to your blog section or another page on your website.
query string
This part starts with a question mark ?
Allows parameters to be sent to the page. It often takes the form: key=value
pair.
example: ?id=123
or ?search=python&sort=date
.
in the URL https://www.google.com/search?q=puppies
the ?q=puppies
loads the puppy search query.
anchor
Anchors are used to direct people to specific sections of a page.
example: #footer
or #tools
.
in the URL https://www.google.com/blog#top-posts
the #top-posts
scroll down the web page to the posts section at the top of your blog.
Full URL example
- scheme:
https
- sub domain:
www
- Domain name:
google.com
- Top-level domain (TLD):
.com
- path:
/blog/post
- Query string:
?id=123
- anchor:
#tools
Finding unsafe URLs
Here are 15 signs to help you identify and avoid unsafe URLs.
1. URL mismatch
Hover over a link to see its destination. Be careful if the hover link doesn’t match the URL or the title in the text.
Examples of ligatures used in place of letters
The text says: Bank of America
But the hover bankofarnerica.com
(Combining the letters ‘rn’ creates a ligature that looks like the letter ‘m’).
Example of using numbers as characters
The text says: PayPal
But it hovers like paypa1.com
(The letter el – the number “1” is used instead of “l”).
2. Misspelled domain
Typos and slight changes in common domain names can lead to malicious websites.
Amazon misspelling example
When you search for a book and click on a link that seems to be the destination, amazon.com
However, if you look closely, it says: amazom.com
(The last letter is “m” instead of “n”).
Facebook misspelling example
When I log in facebook.com
But when I realized facebokk.com
instead (instead of “book” it says “boku”).
3. Unicode characters in URLs
URLs containing bogus Unicode characters pose a huge risk.
Example of isomorphic attack
While searching for updates for your Samsung phone, you will find the following link. ѕаmѕung.соm
. This address turned out to be fake because it replaced standard characters with visually similar Unicode characters (called homoglyphs).
Punycode deception example
If you are looking for security products, please visit security.com
But after accessing it, the browser shows xn--scurity-w4a.com
in the address bar.The real address is sécurity.com
The browser then translated it into an International Domain Name (IDN) encoding called Punycode.
4. Uncommon top-level domains
Unusual TLDs that don’t match the site’s intended purpose.
Example of a government website with a .kim domain
When you are looking for administrative services, you will come across GovernmentAgency.kim
I don’t think it’s official.
Example of a clothing brand website with a .horse domain
I’m looking for a site for an Italian clothing brand and I come across the following site. ItalianBrand.horse
this seems inconsistent with the product line.
5. Excessive redirects
URLs that quickly pass through multiple sites.
Examples of fake online transactions
you want to earn online deals greatoffer90.com
However, before you know it, you find yourself bouncing back and forth between multiple unrelated websites.
Examples of fake video sites
I’m trying to watch a movie at freemoviesnow.com
However, the page keeps moving and redirecting and never settles on the desired content.
6. URL shortener
A service that hides the final destination of a link.
bit.ly link example
a friend sends you an email bit.ly
Links (e.g. bit.ly/XXXXX
And you can’t decide on the destination.
tinyurl.com link example
Email offers great discounts, but links are shortened tinyurl.com/XXXXX
hides the true endpoint.
7. General greetings
Emails and messages that include vague greetings rather than personal greetings.
Example of a personal account update email
You will receive an email asking you to update your account details for security reasons
With link reading accountupdate.com
and an inorganic greeting Dear valued member
(instead of your name).
Lucky visitor popup example
A notification will pop up, claiming that you are the lucky visitor and have won a prize, and inviting you to visit. surprisewin.com
with greetings Hello user
(instead of your name).
8. Unilateral invitation
Unexpected URLs from known or unknown senders can be suspicious.
Example of an invitation to an unknown photo site
An email from an unknown sender invites you to view some amazing photos. checkoutthisphoto.com
.
Example invitation to view PDF files
You receive a message that a colleague shared a PDF document with you. seemyresume.net
but you didn’t expect anything like that.
9. An offer that’s too good to be true
Promises of deals or prizes that seem too generous.
Example of a link to a huge prize
The ad claims you can make $1 million right away and leads you to: win-1million-now.com
.
Examples of unexpected prizes
Every time you fill out a form, you’ll receive an email promising you a top-of-the-line smartphone for free. freesmartphones.com
.
10. Alarm list messages
Sites that induce panic in order to encourage quick action.
Example of a pop-up requesting immediate response
A pop-up warns you of suspicious activity on your account and invites you to access it urgent-account-alert.com
If not resolved, your account will be suspended.
Example of an alert that informs you that your PC is infected with a virus
A warning pops up stating that your PC is infected with a virus and asking you to visit the following website to repair your PC. instant-pcfixer.com
.
11. Grammar and Spelling Errors
Mistakes in URLs and link text can indicate deception.
Example login page with typos
When I try to access the login page, I get a link like this: officiall-login.com
the character “el” is duplicated.
Examples of grammar and spelling errors in the text surrounding the link
You will receive an email from the online payment service with the following content. Varifay, your acount to login
with terrible grammar and spelling errors.
12. Inconsistent branding
The website design or URL structure does not match a known brand from a reputable company.
Example of broken logo on Google login page
I click on the Google login page, but something doesn’t seem right. Page URL google-securelogin.com
And the logo is broken.
Example of a fake Apple support page
If you’re looking for Apple support, the site you land on has a web address applesupports.org
is well made, but does not match Apple’s official domain.
13. No contact information
The website does not have genuine contact details.
Examples of fake product support sites
If you have a problem with your product, try contacting us using the following methods: contactsupportnow.com
However, the site only has one page and no real contact details.
Example of a page without contact details
If you need customer care, customercareinfo.net
It appears that they offer support, but no phone number or address is listed.
14. Unexpected software downloads
URLs that initiate downloads of unwanted software or files.
Example of an unexpected download
You want to listen to a new music track, so click . freemusicdownloader.com
it just starts downloading an unexpected executable file.
Examples of non-consensual downloads
A friend recommended a new app to me. getthisappnow.com
Unsolicited software downloads are initiated without your consent.
15. Lack of HTTPS
A lack of secure protocols indicates that your site is unencrypted, which can lead to the disclosure of personal data and credit cards.
Examples of unsafe banking websites
Bank websites that do not use https: http://yourbanklogin.com
.here instead https
it is using http
protocol.
Examples of insecure payment portals
Secure payment portal without HTTPS: http://secure-paymentportal.com
.Again, using something unsafe http
protocol instead of secure https
protocol.
How Browser Ring helps identify unsafe URLs
While we’ve detailed 15 important signs that can help you identify a potentially malicious URL, it’s essential to understand that the digital landscape of unsafe URLs is vast and constantly evolving. In many ways, I’ve only skimmed the surface of the complex world of URL-related cybersecurity threats. Fortunately, my service Browserling acts as a bulwark against these various threats, providing a safe layer of protection.
What is browser ring?
Browserling is a web-based service that provides real-time remote access to sandboxed browsers, allowing users to run browsers for various operating systems directly in their browsers. The browser is sandboxed, so browsing sessions are isolated, which is especially useful for testing potentially unsafe URLs without putting your systems or data at risk.
interactive test
Browser Ring is more than just a passive tool. This helps security experts recognize unusual site behavior and other potential red flags that aren’t included in the first 15 signs, from unexpected redirects to aggressive pop-ups. , provides a live and interactive browsing experience.
Cross-browser analysis
Cybercriminals often exploit browser-specific and platform-specific vulnerabilities. For example, you might target Chrome version 115 running on Windows 10. Browserling has the ability to test URLs across multiple browsers and platforms, so you can look for common as well as browser-specific threats.
Zero additional risk
Browserling requires no necessary downloads, installations, or extensions, and ensures that your safety is not compromised by adding potential vulnerabilities. All interactions are web-based, keeping you at a safe distance from potential threats.
Always clean
Each Browserling session is temporary and permanently erased after use. This session data cleanup ensures that no malware, viruses, cookies, or trackers remain after the investigation.
secure connection
Browser Ring prioritizes user data privacy and security with SSL encrypted connections. This ensures that your connection is invisible to potential eavesdroppers while they investigate the URL.
conclusion
The scope of unsafe URLs extends far beyond the 15 signs initially outlined. Browserling provides users with advanced tools that provide both breadth and depth of analysis and protection against a myriad of URL-based cyber threats. Give it a try and browse safely!