How to verify a URL of a website

[Alpha Marine]

Maybe there are ways we can successfully avoid phishing emails and links 100%, if there are, I do not know any, but we can verify if the link sent to us is genuine or not.

We all know that THE SITE MUST USE HTTPS.
Emphasis on the "S"
This should be common knowledge.
A site that uses HTTP doesn't necessarily mean it's a scam site, but it most definitely means a site like that is more likely to be compromised.
You might as well just hand over your data to a cybercriminal if you input your data into these kinds of sites.

Tools to use

Use Link Checker Tools.
A link checker tool helps verify if the link is safe or not.
  Google transparency report is a popular link checker. It's easy and fast. Just copy the URL you want to verify the search.


This image clearly shows that there is no unsafe content found on the URL I used "Bitcointalk".

A relatively more advanced link checker tool is URLVOID. This shows what different tools have to say about that website.


URLVoid tels the date of registration and the IP address and also on how many tools has that site been detected as unsafe.


This image shows that this website has been detected by one tool as a malicious link. The higher the detection counts, the higher it's unsafe.

Verify the ownership and how old the site is.
Tools like WHOIS searchhelp you know when the site was registered. A lot of scam sites are relatively new and they may not appear as malicious on URL checker.



Backline Analysis tools.
This is a URL that can take you to a website from another website.
A fake or scam website won't feature on many other websites while the reverse is the case for an authentic site.
Ahrefs site checker is a tool that can be used to check a website's backline profile.

No way a scam website has this many backlines and linking websites.

If you want to read more you can go HERE

If you somehow click on a malicious URL, either by mistake or knowingly, don't panic. In the process of trying to copy the URL to verify you may mistakenly click it, these are a few tips from keeper security

*Do not enter any data
*Don't click on anything on the site
*Disconnect from the Internet
*Do a full scan of your device using a trusted and authentic antivirus software
*Keep an eye on your account for any irregularities.

Bonus Tip:
Don't use one or two passwords for multiple accounts. If you do that, once cybercriminals get hold of one password, they have access to all or multiple of your accounts.
If possible, every account should have its password.

[1714285418]

1714285418

[1714285418]

1714285418

[Gladitorcomeback]

If you somehow click on a malicious URL, either by mistake of knowingly, don't panic. In the process of trying to copy the URL to verify you may mistakenly click it, if you do
*Do not enter any data
*Don't click on anything on the site
*Disconnect from the Internet
*Do a full scan of your device using a trusted and authentic antivirus software
*Keep and eye on your account for any irregularities. 

Which antivirus will you prefer for malware? I used Avast,node32 and Avira some years ago but all these antivirus delete my necessary files and also hang my PC, so I uninstalled and never used again so far.
If we doesn't click on any site nor delete then still possibility of any malware attack?

Bonus Tip:
Don't use one or two passwords for multiple accounts. If you do that, once cyber criminals get hold of one password, they have access to all or multiple of your accounts.
If possible, every account should have its own password.

Oh, I am using only only two password, using strong and totally different password for Binance because my 90% fund are there which i used for trading while using one password for all other platforms. I think if any hacker got access, he will get nothing but I believe no hacker will access because new sign-in from change IP need email verification and all my email password is totally different.

[ChicksX]

Particularly around crypto people will be using all sorts of tricks to phish. A common one you also must be way of is the IDN homograph attack, which uses similar characters to trick people into visiting a malicious site. The suggestions you gave to check these domains will go in some way preventing these types of attacks.

[Faisal2202]

Which antivirus will you prefer for malware? I used Avast,node32 and Avira some years ago but all these antivirus delete my necessary files and also hang my PC, so I uninstalled and never used again so far.
If we doesn't click on any site nor delete then still possibility of any malware attack?

Yes, you will still be vulnerable to attacks, because you just clicked on a phishing link, let's say a link you received from a scammer pretending to be your bank, and asked you to change your password from that link, and once you change your password your account will no longer be under your control. In this case you are vulnerable when you entered data, i mean changed the password.

But when hackers, are at advance level, they simply have to load some javascripts on your browser, and once they got in, they can install there respective malware easily. But this attack could be avoided easily if you are using a good and up to date browser. Because usage of out kf date and not reputed browsers then you are a sitting duck.

And my suggestion for antivirus, is don't use them, simple use the built-in windows defender tool, and never try to use patched windows, or run any scripts to activate your windows. Best way to keep you digital finance on linux operator.

Oh, I am using only only two password, using strong and totally different password for Binance because my 90% fund are there which i used for trading while using one password for all other platforms. I think if any hacker got access, he will get nothing but I believe no hacker will access because new sign-in from change IP need email verification and all my email password is totally different.

Just a friendly advice, you don't have to share this information here, because evesdropping  is a technique of keeping record of user (internet user) and hacker analyze the activity of a user to get to know more about it. Just to get information which you just already gave here.

We all know that THE SITE MUST USE HTTPS.
Emphasis on the "S"
This should be common knowledge.
A site that uses HTTP doesn't necessarily mean it's a scam site, but it most definitely means a site like that is more likely to be compromised.

What if the scammer uses hyperlink function, like link shorteners, where the upper text is something and the below link is something else. I mean we can generate links comprised of https but inside they really are not https integrated.

Although, I liked your point of backlinks, but besides that, I will not trust on third party websites telling me about a phishing link. I have my own ways, but to be very honest I dont even click on links which my interviewer sends me.

[Charles-Tim]

If we doesn't click on any site nor delete then still possibility of any malware attack?

My device will not download any file unless I authorized for it. I visit just the correct URL of known sites. I have three devices and I am still careful on the least secure one. Where my wallets are, the are most secure but still online. I have not suffered any hack before and I avoid ads.

For my bitcoin wallet, for long term storage, it is on a multisig devices.

Going for wallet on an airgapped device, hardware wallet or other cold storage wallets for higher amount of bitcoin is advised. No matter how safe an online device is, it is not safe as offline devices and there could be a mistake at anytime.

[Zaguru12]

Scammers still finds way to get to a user, the best is staying offline with your bitcoin wallets. One can actually have a designated device for them that you don’t bring online always. The device that’s usually online should use watch only wallet.

On links you need to verify everything, even links send to your emails are should be avoided, once you get a notification of probably an update, go to the app and visit the website directly from there. Don’t connect your wallet to any site.

The best way to avoid all this links is to be extra cautious because some of these sites also checking out links could also pose some threats too

[ZAINmalik75]

Dear op, you really spend a time on coming up with all this useful information, newbies should really use these types of websites, but never depend or blind trust these websites that you have mentioned above.

Always, find your own ways because you are the one knows better, which thing to save from such scam links and to where open these links.

Scammers still finds way to get to a user, the best is staying offline with your bitcoin wallets. One can actually have a designated device for them that you don’t bring online always. The device that’s usually online should use watch only wallet.

You said well, because on digital world, scammers are finding new ways to scam you like the recent one, about Hong Kong Binance scam, in which they people received phishing mails and got hacked and lost there funds. And one of the member here on BTT, pointed out that, many buyers and sellers on P2P trades, have set some rules of giving them the phone number otherwise they will not trade with you, and once you receive the funds they will send you phishing emails on that and pretend to be from Binance.

We should definitely avoid to click on links, all I do is simple think twice before clicking on any.

The best way to avoid all this links is to be extra cautious because some of these sites also checking out links could also pose some threats too

Exactly, best way is to avoid clicking on them, and if you have no other option but to click on it then use a device which is not in your personal use, and which have no connections to your crypto wallets either they are custodial or non custodial.

[Hamza2424]

Which antivirus will you prefer for malware? I used Avast,node32 and Avira some years ago but all these antivirus delete my necessary files and also hang my PC, so I uninstalled and never used again so far.
If we doesn't click on any site nor delete then still possibility of any malware attack?

Buddy as long as you don't bypass your own security by installing the software from third-party sources and cracked versions of the security firewalls provided by the Windows itself. No need for additional layers, avoid clicking suspicious links and you're safe.

I've encountered similar issues back in time but after I realized my own few mishandlings, after that never I realized to have antivirus software. Hmm yes, buddy if you follow never click on unwanted sites, and don't install any third-party sourced software you can go safe without any antivirus software.

[Gladitorcomeback]

But when hackers, are at advance level, they simply have to load some javascripts on your browser, and once they got in, they can install there respective malware easily. But this attack could be avoided easily if you are using a good and up to date browser. Because usage of out kf date and not reputed browsers then you are a sitting duck.

I am using chrome up to date browser and sometimes Mozilla Firefox and also popup spam has been blocked with default and i am not seeing any chance for malware to download automatically. Moreover I use windows 10 which always ask for" allow access" when I install any thirds party software. I think there is no chance for malware to install in my PC without my permission. anyway I am not using my main wallet and exchanges in the PC because my wallet compromised two times.

Just a friendly advice, you don't have to share this information here, because evesdropping  is a technique of keeping record of user (internet user) and hacker analyze the activity of a user to get to know more about it. Just to get information which you just already gave here.

Yes, I am doing so and not using any antivirus. We have to buy the key to use full feature and without key I am not seeing any benefit of free antivirus. Window built-in malware defender working properly and much safe and better than other softwares.

[btctodamon]

Dear OP in this connection in my mind there are no tools is full proof secure if you get any URL unverified source and if you have any doubt about its legitimacy Always be mindful of security and privacy concerns and double check it when dealing with website URLs
You should always exercise caution

[tvplus006]

My device will not download any file unless I authorized for it. I visit just the correct URL of known sites...

The fact that you visit the correct URLs does not guarantee that you cannot get to a phishing site. Scammers can change the DNS of the server, as it was very recently with Galxe.com , and even earlier with the Myetherwallet wallet. This way you will come to the phishing site on your own.

[Charles-Tim]

The fact that you visit the correct URLs does not guarantee that you cannot get to a phishing site. Scammers can change the DNS of the server, as it was very recently with Galxe.com , and even earlier with the Myetherwallet wallet. This way you will come to the phishing site on your own.

Like I mentioned earlier, for better security, it is better to go for offline wallets or multisig wallet.

For my bitcoin wallet, for long term storage, it is on a multisig devices.

Going for wallet on an airgapped device, hardware wallet or other cold storage wallets for higher amount of bitcoin is advised. No matter how safe an online device is, it is not safe as offline devices and there could be a mistake at anytime.

I was only referring to ways to avoid malware and hackers online and how not to depend on a single device for all online purposes. For wallet download, you can verify its PGP signature.

[Alpha Marine]

Dear OP in this connection in my mind there are no tools is full proof secure if you get any URL unverified source and if you have any doubt about its legitimacy Always be mindful of security and privacy concerns and double check it when dealing with website URLs
You should always exercise caution

Maybe I was misunderstood, these tools alone do not keep you 100% safe from phishing, but it doesn't hurt to be extra careful.
I don't see how we'll be on the Internet without clicking on any link. We may feel the link is safe because it's coming from a verified source, but even that source can be compromised that is why we always have to verify.

Like I mentioned earlier, for better security, it is better to go for offline wallets or multisig wallet.

I agree. Offline wallets are the best, but it's not just your Bitcoin that should be kept safe. Your data can be stolen and used to scam someone else. Identity theft.

For wallet download, you can verify its PGP signature.

I don't know about this. I'm definitely going to read up on it. Thanks a lot for this.

[goxcraft]

Like I mentioned earlier, for better security, it is better to go for offline wallets or multisig wallet.

For my bitcoin wallet, for long term storage, it is on a multisig devices.

I was only referring to ways to avoid malware and hackers online and how not to depend on a single device for all online purposes. For wallet download, you can verify its PGP signature.

The most useful technique I used was virtual machines, also known as VMs. We all know that airgapped devices are the most secure because they are totally offline. But we can't always sit offline and do nothing. We have to connect ourselves to the Internet. So what to do? I have multiple devices and external hard drives. All my important files are there. Whenever I'm unsure of a link or app, I first test it on my VM. So my main device doesn't get infected. Even if my main device gets infected, that's not even an issue. As all my data was previously backed up on my secondery device and harddrives. I personally don't prefer any antivirus software as they seemed somehow unreliable to me.

I don't know if it's enough. But so far, everything seems fine.

[tvplus006]

The fact that you visit the correct URLs does not guarantee that you cannot get to a phishing site. Scammers can change the DNS of the server, as it was very recently with Galxe.com , and even earlier with the Myetherwallet wallet. This way you will come to the phishing site on your own.

Like I mentioned earlier, for better security, it is better to go for offline wallets or multisig wallet.

For my bitcoin wallet, for long term storage, it is on a multisig devices.

Going for wallet on an airgapped device, hardware wallet or other cold storage wallets for higher amount of bitcoin is advised. No matter how safe an online device is, it is not safe as offline devices and there could be a mistake at anytime.

I was only referring to ways to avoid malware and hackers online and how not to depend on a single device for all online purposes. For wallet download, you can verify its PGP signature.

Obviously we don't understand each other) If you connect to a phishing site that you switched to due to the change of DNS servers by scammers, then you will connect your wallet, since the domain does not cause you distrust. Right? Accordingly, you will sign the transaction yourself, and multi-signature will not help you in this, since you believe that this transaction is signed on the correct domain. The same applies to the wallet.

[pinggoki]

Another useful tip to prevent landing on phishing sites is to just bookmark the legitimate website so whenever you have to open your browser, you don't have to search for it again and risk clicking the phishing site of that website. Less hassle than constantly checking the websites every time you go to it, maybe the first time it's a valid and a smart thing to do but in the long run, you have to think how to optimize stuff. And also, remember to not a stupid Internet surfer, like in life, don't put your dick in anything that resembles a hole which is the same as putting your information because the website asks for it, the moment that they ask for it right from the get go, that should already raise some red flags.

[noorman0]

Maybe there are ways we can successfully avoid phishing emails and links 100%, if there are, I do not know any, but we can verify if the link sent to us is genuine or not.

We all know that THE SITE MUST USE HTTPS.

It is an SSL certificate that simply encrypts your connection more securely from malicious attempts by third parties. Phishing sites are malicious efforts carried out by a second party, its the site owner. In fact, fake and phishing sites can also activate SSL certificates, this method does not protect you from phishing at all.

You have to manually type the url, or copy the url and then use "search with google" in the address bar. Genuine sites are usually indexed in the top search results (except ads).

[morantis2015]

i use a site any run, ut runs the site completely sandboxed and you can get a lot of data

[examplens]

Maybe there are ways we can successfully avoid phishing emails and links 100%, if there are, I do not know any, but we can verify if the link sent to us is genuine or not.

We all know that THE SITE MUST USE HTTPS.

It is an SSL certificate that simply encrypts your connection more securely from malicious attempts by third parties. Phishing sites are malicious efforts carried out by a second party, its the site owner. In fact, fake and phishing sites can also activate SSL certificates, this method does not protect you from phishing at all.

SSL certificates are offered free of charge with hosting. It is even enough via Cloudflare, it is activated in two clicks. I'm sure that every scammer already knows that much and can activate the HTTPS protocol on the domain without any problems. Well, we can consider this as an absolutely unreliable method of identifying phishing and scam sites.

You have to manually type the url,

Manual URL entry, what can go wrong here?
This is probably the most common way confusion occurs. The user manually misses one or enters a wrong (but very similar) character, and of course a phishing site is waiting for him behind it.

[MusaMohamed]

You can use Virustotal with their tool to scan URL.
https://www.virustotal.com/gui/home/url

I don't click on strange links because I am curious about new websites. Before clicking on link, I will do research about it with search engines first and if some bad things reported and found, I stop at it and don't take risk to click on a link.

They can use shortened links too.
Shortened URL security.