OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


How to Decipher Links

When you hover over a link in an email or website to check where it really goes, how do you decipher the URL? What do those addresses mean? Let's look at some:

Normal Ones

  • https://ca.secunia.com : This is a secure link: https to the ca server in the secunia.com website. The https means a secure connection which is encrypted. the last name before the .com is the main server. Earlier names (ca in this case) are sub-servers within that site.
  • http://www.amazon.com/gp/offer-listing⁄B0001V2N62/ref=dp_olp.... The http://means a standard, not a secure connection to somewhere, in this case amazon.com. The stuff after the .com are the folders within that server at amazon. Sometimes a ?=... or ref=... indicates giving search parameters to a search engine. But it would still be within Amazon. You really do not need to worry about the folders beneath the final .com address.
  • Sometimes the link is embedded, so for instance they might say "go to our corporate website", with the link being embedded in the words Corporate Website. If you hover over those words and they say something like: http://corp.jones.com then you can assume it is going to the corp server within the jones.com network.
  • https://maps.google.com/- This links to the maps server within the google network. https indicates a secure connection.
  • http://www.oregonlive.com/blazers/: The blazers folder in the OregonLive domain.

Possible Traps

  • Http://rs6.net⁄tn.jsp?t=g5itc8bab.0.enh9d8bab.ourfozbab.95&ts=S0222&p=http%3A%2F%2Fwww.SiteAdvisor.com This odd link is what links look like in MY newsletter, and it looks fishy. The link says it was going to siteadvisor.com, which is a legitimate site, but look what it really does! First you can see that it starts off going to rs6.net - Which you have no way of knowing is the service that sends out my newsletters. Then it goes to ⁄tn.jsp and sends a ?t= query along with a detailed specification. Then it forwards you on to www.siteadvisor.com . This even made me nervous! What is happening is that my newsletter sending service tracks the links that get clicked so I can get reports showing which articles have information you pursue. I am then able to write more articles that are getting interest from my clients. If I write an article with a link which no one clicks on, then I should write less of that sort of stuff. When a link gets a big response, I figure you want that kind of stuff. For example, I'm interested this month in how many of you follow the IMDB link to check it out that entertainment, and how many check out the Secunia and FileHippo security services. However, unless you trust me, you should not click on links that send you somewhere you don't know before sending you on to what it says!
  • This one said Lending Saver offering to give me a free mortgage quote. The ip address I saw when I hovered over it was: 

    I was being offered a mortgage quote from a folder at hayfevervaccines.com - Not one I would want to click on.
  • An email greeting card company had this link:

    The point of using the actual IP address instead of the website was to camouflage who it was really from. I looked it up, and they are not a legitimate company. This was from a large ISP so the address was probably a personal computer hijacked and turned into a zombie robot to serve an evil master. A client sent me a similar email from a Comcast customer, also probably a hijacked computer.
  • I just got a Bank of the West phishing scam email with this apparent link:

    however when I hovered over it, I found it really linked to

    Notice that after bankoftehwest.com it has dll.hk. So we know that the real server is not bankofthewest, but dll.hk. .HK is the top level domain for Hong Kong. I looked dll.hk up in a whois search and found this:

Holder English Name: MR DMITRY BORKIN
Holder Chinese Name:
Email: nozato227@yahoo.com
Domain Name Commencement Date: 05-07-2007
Address: Withheld
Country: US
Expiry Date: 05-07-2008
Re-registration Status: Complete
Name of Registrar: HKDNR
Account Name: HK1926682T

So, someone named Dmitry Borkin in the US with a Yahoo email address registered this domain two months ago for 1 year through Hong Kong and refused to give a physical address. Clearly this isn't really the Bank of the West.

You should now be able to hover over links before clicking on them and check out where the link goes before actually visiting potentially dangerous sites.

Date: July 2007

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster