An easy introduction to URLs
There is a lot of good information available on the Internet. Please take a few minutes to learn the basics.
A good place to get started is Understanding URLs.
The components of a URL
A URL (Uniform Resource Locator) is the address of a webpage or resource on the internet. It consists of several parts:
- Protocol – Usually
http://orhttps://, which tells your browser how to access the resource.https://is more secure. - Domain Name – The main part of the web address, like
google.comoru3aboxhill.com.au. - Subdomain – A prefix before the domain, such as mail.google.com, which is a subdomain of google.com.
- Path – Specifies a particular page or resource on the site, e.g.,
/about-us. - Query String – Comes after a
?and includes parameters, e.g.,?q=ChatGPTfor a search query. - Fragment – Comes after a
#, usually linking to a section within the page.
How to Share a URL
Sharing URLs is simple—copy and paste them into an email, message, or social media post. However, sometimes URLs contain unnecessary tracking or advertising parameters. You may want to simplify them before sharing:
- Remove the query string – Everything after
?may not be needed. - Test the simplified URL – Open it in a private (incognito) window to ensure it still works.
For example, a Google search for “ChatGPT” might give you:
https://www.google.com/search?q=ChatGPT&oq=ChatGPT&gs_lcrp=EgZjaHJvbWUy...But you only need:
https://www.google.com/search?q=ChatGPTThis removes unnecessary tracking information while keeping the search functional.
How to Spot Suspicious URLs
Not all URLs are safe. Be cautious with URLs from unknown sources, especially in emails or messages. Here’s what to check:
- Look for misspellings or extra words – Attackers may use addresses like
paypa1.cominstead ofpaypal.com. - Check the domain – The real domain is the last two parts before the first
/, e.g.,google.cominhttps://mail.google.com/login. - Avoid shortened links unless you trust the sender – Use services like
checkshorturl.comto preview them.
Example of a Suspicious URL
https://storage.googleapis.com/qsdx489sds/eaajiib.html#/d5s4fs6df4.html?od=1syq67c841c253ad3...The domain storage.googleapis.com looks legitimate, but the random path and query string are suspicious. Always verify before clicking.
Another example from a phishing email:
𝘌𝘭𝘰𝘯𝘔𝘶𝘴𝘬_ elon.53123502075465@8dtumg.yd06ui.4y9iv5.us via cas-ione.winner.google-trusted.us.inc.rehynia.in.netHere, rehynia.in.net is the actual domain. Attackers use misleading subdomains (google-trusted.us) to appear trustworthy.
Checking a URL’s Legitimacy with WHOIS
You can use WHOIS lookup services to check domain ownership:
- For Australian domains: auDA WHOIS (auDA = .au Domain Administration)
- For international domains: ICANN WHOIS (ICANN = Internet Corporation for Assigned Names and Numbers)
For example, looking up in.net on ICANN shows it’s registered in the Cayman Islands, likely selling subdomains. Scammers can use this to create misleading addresses like google-trusted.us.inc.rehynia.in.net.
Final Tips
When sharing a URL, remove unnecessary parts to protect privacy and make it clearer.
Always double-check URLs before clicking.
If a URL looks suspicious, verify it with WHOIS or URL-checking services.
About the image
“macro pixels url cliche” by Cubosh is licensed under CC BY 2.0.