phishing url
How would a browser treat a URL with reserve characters, specifically the forward slash?
sample link: https://amazon .com/prime_day_deals/xyz .info
Please note, I added a space before the dot.
Would this link work, in sending the traffic to xyz .info as opposed to the legit amazon.com?
Tutte le risposte (1)
A browser breaks the URL into parts:
(1) Protocol (http or https) -- this specifies how to connect
(2) Host name (in your example, amazon.com) -- this is the server to look up and connect to
(3) Path and Search (everything after the host name up to but not including #) -- this part is sent as a whole to the web server for interpretation (any part after a hash character (#) is considered by the browser after the page is returned)
Some sites do have outbound link forwarders, like Google and Facebook. For example, if you right-click > Copy Link Location on a Google search result, the URL looks like this:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjCq6rBqqjsAhWhIDQIHfRtBNMQFjABegQIAhAC&url=https%3A%2F%2Fwww.mozilla.org%2Fen-US%2Ffirefox%2F&usg=AOvVaw1aIQZ3syQXuPwS0XmIL8lb
That feeds into a script on Google's server to record your click and redirect you to the address in the url= section of the URL.
But in your example, if /prime_day_deals/ doesn't feed into a redirecting script, it's more likely you'll get a page not found error.