dev.to
Open in
urlscan Pro
151.101.130.217
Public Scan
URL:
https://dev.to/techspence/how-to-check-a-sketchy-link-without-clicking-it-1okh
Submission: On April 25 via manual from US — Scanned from DE
Submission: On April 25 via manual from US — Scanned from DE
Form analysis 3 forms found in the DOM
GET /search
<form method="get" action="/search" role="search" accept-charset="UTF-8"><input name="utf8" type="hidden" value="✓">
<div class="crayons-fields crayons-fields--horizontal">
<div class="crayons-field flex-1 relative"><input class="crayons-header--search-input crayons-textfield" type="text" id="" name="q" placeholder="Search..." autocomplete="off" aria-label="Search term"><button type="submit" aria-label="Search"
class="c-btn c-btn--icon-alone absolute inset-px left-auto mt-0 py-0"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" aria-hidden="true" class="crayons-icon c-btn__icon" focusable="false">
<path
d="m18.031 16.617 4.283 4.282-1.415 1.415-4.282-4.283A8.96 8.96 0 0 1 11 20c-4.968 0-9-4.032-9-9s4.032-9 9-9 9 4.032 9 9a8.96 8.96 0 0 1-1.969 5.617zm-2.006-.742A6.977 6.977 0 0 0 18 11c0-3.868-3.133-7-7-7-3.868 0-7 3.132-7 7 0 3.867 3.132 7 7 7a6.977 6.977 0 0 0 4.875-1.975l.15-.15z">
</path>
</svg></button></div>
</div>
</form>POST /comments
<form class="comment-form print-hidden" id="new_comment" action="/comments" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="✓" autocomplete="off">
<input type="hidden" name="authenticity_token" value="NOTHING" id="new_comment_authenticity_token">
<input value="266094" autocomplete="off" type="hidden" name="comment[commentable_id]" id="comment_commentable_id">
<input value="Article" autocomplete="off" type="hidden" name="comment[commentable_type]" id="comment_commentable_type">
<span class="crayons-avatar m:crayons-avatar--l mr-2 shrink-0">
<img src="https://res.cloudinary.com/practicaldev/image/fetch/s--RmY55OKL--/c_limit,f_auto,fl_progressive,q_auto,w_256/https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlogo-pwa-512.png" width="32" height="32" alt="pic"
class="crayons-avatar__image overflow-hidden" id="comment-primary-user-profile--avatar" loading="lazy">
</span>
<div class="comment-form__inner">
<div class="comment-form__field">
<textarea placeholder="Add to the discussion" onfocus="handleFocus(event)" onkeyup="handleKeyUp(event)" onkeydown="handleKeyDown(event)" oninput="handleChange(event)" id="text-area" required="required"
class="crayons-textfield comment-textarea crayons-textfield--ghost" aria-label="Add a comment to the discussion" name="comment[body_markdown]"></textarea>
<div class="comment-form__toolbar">
<div class="editor-image-upload">
<input type="file" id="image-upload-main" name="file" accept="image/*" style="display:none">
<button type="button" class="crayons-btn crayons-btn--s crayons-btn--icon-left crayons-btn--ghost-dimmed" onclick="handleImageUpload(event,'main')">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" class="crayons-icon">
<path d="M20 5H4v14l9.292-9.294a1 1 0 011.414 0L20 15.01V5zM2 3.993A1 1 0 012.992 3h18.016c.548 0 .992.445.992.993v16.014a1 1 0 01-.992.993H2.992A.993.993 0 012 20.007V3.993zM8 11a2 2 0 110-4 2 2 0 010 4z"></path>
</svg>
<span class="hidden s:inline-block" aria-hidden="false">Upload image</span>
</button>
<label class="image-upload-file-label" id="image-upload-file-label-main"></label>
<input type="submit" id="image-upload-submit-main" value="Upload" style="display:none">
<input class="hidden" id="uploaded-image-main">
</div>
<button type="button" class="crayons-btn crayons-btn--s crayons-btn--icon-left crayons-btn--ghost-dimmed response-templates-button" title="Use a response template" data-has-listener="true" data-form-id="new_comment">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" class="crayons-icon">
<path d="M3 18.5V5a3 3 0 013-3h14a1 1 0 011 1v18a1 1 0 01-1 1H6.5A3.5 3.5 0 013 18.5zM19 20v-3H6.5a1.5 1.5 0 100 3H19zM10 4H6a1 1 0 00-1 1v10.337A3.485 3.485 0 016.5 15H19V4h-2v8l-3.5-2-3.5 2V4z"></path>
</svg>
<span class="hidden s:inline-block" aria-hidden="false">Templates</span>
</button>
<a href="/p/editor_guide" class="crayons-btn crayons-btn--ghost-dimmed crayons-btn--icon crayons-btn--s ml-auto" target="_blank" rel="noopener" title="Markdown Guide">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="24" height="24" role="img" aria-labelledby="amzgau945yewyofwvn2n2mbr2mucxdks" class="crayons-icon"><title id="amzgau945yewyofwvn2n2mbr2mucxdks">Editor guide</title>
<path d="M12 22C6.477 22 2 17.523 2 12S6.477 2 12 2s10 4.477 10 10-4.477 10-10 10zm0-2a8 8 0 100-16 8 8 0 000 16zM11 7h2v2h-2V7zm0 4h2v6h-2v-6z"></path>
</svg>
</a>
</div>
</div>
<div class="response-templates-container crayons-card crayons-card--secondary p-4 mb-4 comment-form__templates fs-base hidden">
<header class="mb-3">
<button type="button" class="crayons-btn personal-template-button active" data-target-type="personal" data-form-id="new_comment">Personal</button>
<button type="button" class="crayons-btn moderator-template-button hidden" data-target-type="moderator" data-form-id="new_comment">Moderator</button>
</header>
<img class="loading-img hidden" src="https://dev.to/assets/loading-ellipsis-b714cf681fd66c853ff6f03dd161b77aa3c80e03cdc06f478b695f42770421e9.svg" alt="loading" loading="lazy">
<div class="personal-responses-container">
</div>
<div class="moderator-responses-container hidden">
</div>
<a target="_blank" rel="noopener nofollow" href="/settings/response-templates">
Create template
</a>
<p>Templates let you quickly answer FAQs or store snippets for re-use.</p>
</div>
<div class="comment-form__preview text-styles text-styles--secondary" id="preview-div"></div>
<div class="comment-form__buttons mb-4">
<button type="submit" class="crayons-btn mr-2 js-btn-enable" onclick="validateField(event)" disabled="">Submit</button>
<button type="button" class="preview-toggle crayons-btn crayons-btn--secondary comment-action-preview js-btn-enable mr-2" disabled="">Preview</button>
<a href="/404.html" class="dismiss-edit-comment crayons-btn crayons-btn--ghost js-btn-dismiss hidden">Dismiss</a>
</div>
</div>
<div class="code-of-conduct" id="toggle-code-of-conduct-checkbox"></div>
</form>POST /comments/hide
<form id="hide-comments-modal__form" class="hide-comments-modal__form" data-type="json" action="/comments/hide" accept-charset="UTF-8" data-remote="true" method="post"><input name="utf8" type="hidden" value="✓" autocomplete="off"><input type="hidden"
name="_method" value="patch" autocomplete="off"><input type="hidden" name="authenticity_token" value="Z5vdXC3RKm5w63Xeoo5hWnSRT1lk2IjpeguuUzCL5LmGC75yqvwqOUA68Wlq+CqKaeR4m3nFJ2w5aawPLCK1+A==" autocomplete="off">
<div class="hide-comments-modal__content">
<p class="pb-2"> Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's <a id="hide-comments-modal__comment-permalink" href="#">permalink</a>. </p>
<label class="crayons-field crayons-field--checkbox my-2">
<input name="hide_children" type="hidden" value="0" autocomplete="off"><input class="hide_children crayons-checkbox" type="checkbox" value="1" name="hide_children" id="hide_children">
<p class="crayons-field__label">Hide child comments as well</p>
</label>
<p class="pb-4 pt-2">
<button type="submit" class="crayons-btn"> Confirm </button>
</p>
</div>
</form>Text Content
Skip to content
Navigation menu
Search Log in Create account
DEV COMMUNITY
Close
DEV COMMUNITY IS A COMMUNITY OF 849,126 AMAZING DEVELOPERS
We're a place where coders share, stay up-to-date and grow their careers.
Create account Log in
* Home
* Listings
* Podcasts
* Videos
* Tags
* FAQ
* Forem Shop
* Sponsors
* About
* Contact
OTHER
* Code of Conduct
* Privacy Policy
* Terms of use
Twitter Facebook Github Instagram Twitch
2 1 1
More...
Copy link Copy link
Copied to Clipboard
Share to Twitter Share to LinkedIn Share to Reddit Share to Hacker News Share to
Facebook
Share Post via... Report Abuse
Spencer Alessi
Posted on Feb 21, 2020
HOW TO CHECK A SKETCHY LINK WITHOUT CLICKING IT
#infosec #cybersecurity #phishing #urlscan
Let's say you're working through your dozens of emails, responding to clients or
customers or business partners and you come across this one email from your bank
informing you that you need to reset your password. This email comes completely
out of the blue and to top it off you don't recognize the senders email address.
Do you click it?
Maybe...maybe not.
Did you know that you can investigate if that link is sketchy or not without
clicking on it?
This article and all the articles I write show up on my blog first. Head over
there for more Cybersecurity thoughts, tips and write-ups:
https://spenceralessi.com
HOW TO SNIFF OUT A SKETCHY LINK
When it comes to hyperlinks, sometime's it's really obvious it's sketchy, but
other times, in the case of look-a-like domains, it can actually be a bit
tricky.
Here are a few things that make a link sketchy, when visibly looking at it.
* Links that end in uncommon top level domains (TLD). Because the cost to
purchase domains within these TLDs are pretty inexpensive, they are very
frequently used for spamming and malicious activity. Aside from abc.xyz which
is a web site owned by Google's parent Alphabet I don't know of any legit
domains with these TLDs.
* Commonly used for spamming/nefarious activity:
* .xyz
* .buzz
* .live
* .fit
* .tk
* Links that are knock-offs (known as look-a-like domains) of major brands.
These are popular because the domain closely resembles that of real brands
domains. Depending on how the URL looks in your browser and if you're on a
mobile device or on your computer, you may or may not be able to spot these
very easily.
* Examples:
* netflix-mail[.]com
* t-mogbile[.]com
* googlre[.]com
* secure-paypal.com.fraud.hmmmm[.]com
Note, these domains may or may not be valid at the time of you reading this
* Links that contain random numbers and/or letters. These are pretty obvious.
Not all are malicious, however, anytime I see a url like this I immediatly
get suspicious. It's not a trustworthy link in my opinion and should be
investigated further.
* Examples:
* eqbqcguiwcymao[.]info
CHECKING A LINK WITHOUT CLICKING
There is definitly no shortage of URL and website scanners out there. I've tried
dozens of them. None of them seem as good to me as URLscan. It's fast, extremely
detailed, provides a live screenshot and it allows you to link out to other
scanns to check them as well.
URLSCAN - HTTPS://URLSCAN.IO
My go-to move with any sketchy links is to pop them into URLScan and see what
comes up. To do that, just head on over to https://urlscan.io. Then just simply
copy and paste the link you want to scan into the scan field. Once there you can
also click Options and make your scan Private, which sometimes is nice to do,
since Public scans will show up on the front page and in searches.
Now that you have your link pasted in, click Scan! Once URLScan is finished
checking our your link, doing it's analysis and fingerprinting it will bring you
to a results page that looks something like this.
Note, this is an example results page of a known malicious site.
1. Live Screenshot. This allows you to visibly see if there might be anything
weird going on with the site. This is good for sniffing out things like
misspelled words on login pages.
2. Google Safe Browsing rating. This is a nice quick view of if the website is
safe or potentially nefarious.
3. Lookup the URL with other scanners. The lookup tab allows you to pick any of
a number of other website scanners. This can help you gleen additional
information about the site you're scanning incase you're still not sure
about it.
CAUTION WHEN CLICKING
It's a bit cliche by now but, think before you click! It only takes a few
minutes to pause, copy and paste the link into URLScan and check it out first
before clicking.
If you're at work and have an IT Department or Security Team, send it over to
them and ask them to investigate it for you. It's better to wait 10 minutes to
get a link checked out than spend 10 weeks recovering from a security incident.
ADDITIONAL INFORMATION
I did some googling on this topic and found some good articles related to
suspcious and or malicious domains. The articles below go into much more detail
on TLDs and their use for malicious or spammy activity. If you're into the
technical nitty gritty these would be great reads.
* Newly Registered Domains: Malicious Abuse by Bad Actors
* Most Suspicious TLDs Revealed by Blue Coat Systems
* Exploring .XYZ (Another Shady TLD Report)
* Why is there’s so much spam coming from .xyz and other new top-level domains?
DISCUSSION (0)
Subscribe
Upload image
Templates Editor guide
Personal Moderator
Create template
Templates let you quickly answer FAQs or store snippets for re-use.
Submit Preview Dismiss
Code of Conduct • Report abuse
Are you sure you want to hide this comment? It will become hidden in your post,
but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting
abuse
READ NEXT
MULTI-TENANT SECURITY MODEL: HOW TO MITIGATE RISKS
AscendixTech - Mar 16
THREATMAPPER 1.3.0: NOW WITH SECRET SCANNING, RUNTIME SBOMS, AND MORE
Deepfence - Mar 15
AWS SECURITY HUB-VISUALIZE SECURITY HUB FINDING AND OTHER SECURITY DATA
Michael Wahl - Mar 14
RAILS APP SECURITY
Natalie Taktachev - Mar 14
Spencer Alessi
Follow
💙 Family 1st! Cybersecurity practitioner. Lover of video games, winter, waffles
& outdoor photography. Currently dabbling with projects written mainly in
Powershell and Python.
* Location
New York
* Work
Information Security at Financial Services
* Joined
Mar 26, 2019
MORE FROM SPENCER ALESSI
Quick And Easy Ways to Protect Your Company From CEO Fraud
#cybersecurity #emailsecurity #phishing #ceofraud
DEV Community — A constructive and inclusive social network for software
developers. With you every step of your journey.
Built on Forem — the open source software that powers DEV and other inclusive
communities.
Made with love and Ruby on Rails. DEV Community © 2016 - 2022.
Forem logo
We're a place where coders share, stay up-to-date and grow their careers.
Log in Create account