Topic: How to verify a URL of a website (Read 299 times)

I have not used Bitfender yet but I checked review. Their 5 star rating and review on almost all review platform show that this antivirus is very fast and secure. I have no intention to use any antivirus other then Microsoft own security software. If i feels any need , i will pick this one.


Thanks for advice, Yes I am aware of Cex risk especially when FTX collapse then I have no trust on other CEX too. I am using limited fund in the CEX which i used for trading because trading in Cex is easy, fast and charge low fee as compared to dex. I have a hardware wallet for holding purpose.

The importance of using antivirus cannot be overemphasized is it enable you to have the mindset of safety even though one cannot be completely safe when connected to the internet. Personally, I will recommend Bitdefender antivirus because they have several advantages over the popular antiviruses.  

I was about telling you to remember the risk of saving funds in CEX before I notice you use them for trading. Just in case you have forgotten, it is only good to keep minimal amount in CEX especially those funds you are using daily and not saving. As a senior ranking member of the forum, you already know this so don't feel bad a lower ranking member is bring this reminder.

You can use Virustotal with their tool to scan URL.
https://www.virustotal.com/gui/home/url

I don't click on strange links because I am curious about new websites. Before clicking on link, I will do research about it with search engines first and if some bad things reported and found, I stop at it and don't take risk to click on a link.

They can use shortened links too.
Shortened URL security.

SSL certificates are offered free of charge with hosting. It is even enough via Cloudflare, it is activated in two clicks. I'm sure that every scammer already knows that much and can activate the HTTPS protocol on the domain without any problems. Well, we can consider this as an absolutely unreliable method of identifying phishing and scam sites.


Manual URL entry, what can go wrong here?
This is probably the most common way confusion occurs. The user manually misses one or enters a wrong (but very similar) character, and of course a phishing site is waiting for him behind it.

i use a site any run, ut runs the site completely sandboxed and you can get a lot of data

It is an SSL certificate that simply encrypts your connection more securely from malicious attempts by third parties. Phishing sites are malicious efforts carried out by a second party, its the site owner. In fact, fake and phishing sites can also activate SSL certificates, this method does not protect you from phishing at all.

You have to manually type the url, or copy the url and then use "search with google" in the address bar. Genuine sites are usually indexed in the top search results (except ads).

Another useful tip to prevent landing on phishing sites is to just bookmark the legitimate website so whenever you have to open your browser, you don't have to search for it again and risk clicking the phishing site of that website. Less hassle than constantly checking the websites every time you go to it, maybe the first time it's a valid and a smart thing to do but in the long run, you have to think how to optimize stuff. And also, remember to not a stupid Internet surfer, like in life, don't put your dick in anything that resembles a hole which is the same as putting your information because the website asks for it, the moment that they ask for it right from the get go, that should already raise some red flags.

Obviously we don't understand each other) If you connect to a phishing site that you switched to due to the change of DNS servers by scammers, then you will connect your wallet, since the domain does not cause you distrust. Right? Accordingly, you will sign the transaction yourself, and multi-signature will not help you in this, since you believe that this transaction is signed on the correct domain. The same applies to the wallet.

The most useful technique I used was virtual machines, also known as VMs. We all know that airgapped devices are the most secure because they are totally offline. But we can't always sit offline and do nothing. We have to connect ourselves to the Internet. So what to do? I have multiple devices and external hard drives. All my important files are there. Whenever I'm unsure of a link or app, I first test it on my VM. So my main device doesn't get infected. Even if my main device gets infected, that's not even an issue. As all my data was previously backed up on my secondery device and harddrives. I personally don't prefer any antivirus software as they seemed somehow unreliable to me.

I don't know if it's enough. But so far, everything seems fine.

Maybe I was misunderstood, these tools alone do not keep you 100% safe from phishing, but it doesn't hurt to be extra careful.
I don't see how we'll be on the Internet without clicking on any link. We may feel the link is safe because it's coming from a verified source, but even that source can be compromised that is why we always have to verify.


I agree. Offline wallets are the best, but it's not just your Bitcoin that should be kept safe. Your data can be stolen and used to scam someone else. Identity theft.


I don't know about this. I'm definitely going to read up on it. Thanks a lot for this.

Like I mentioned earlier, for better security, it is better to go for offline wallets or multisig wallet.


I was only referring to ways to avoid malware and hackers online and how not to depend on a single device for all online purposes. For wallet download, you can verify its PGP signature.

The fact that you visit the correct URLs does not guarantee that you cannot get to a phishing site. Scammers can change the DNS of the server, as it was very recently with Galxe.com , and even earlier with the Myetherwallet wallet. This way you will come to the phishing site on your own.

Dear OP in this connection in my mind there are no tools is full proof secure if you get any URL unverified source and if you have any doubt about its legitimacy Always be mindful of security and privacy concerns and double check it when dealing with website URLs
You should always exercise caution

I am using chrome up to date browser and sometimes Mozilla Firefox and also popup spam has been blocked with default and i am not seeing any chance for malware to download automatically. Moreover I use windows 10 which always ask for" allow access" when I install any thirds party software. I think there is no chance for malware to install in my PC without my permission. anyway I am not using my main wallet and exchanges in the PC because my wallet compromised two times.


Yes, I am doing so and not using any antivirus. We have to buy the key to use full feature and without key I am not seeing any benefit of free antivirus. Window built-in malware defender working properly and much safe and better than other softwares.

Buddy as long as you don't bypass your own security by installing the software from third-party sources and cracked versions of the security firewalls provided by the Windows itself. No need for additional layers, avoid clicking suspicious links and you're safe.

I've encountered similar issues back in time but after I realized my own few mishandlings, after that never I realized to have antivirus software. Hmm yes, buddy if you follow never click on unwanted sites, and don't install any third-party sourced software you can go safe without any antivirus software.

Dear op, you really spend a time on coming up with all this useful information, newbies should really use these types of websites, but never depend or blind trust these websites that you have mentioned above.

Always, find your own ways because you are the one knows better, which thing to save from such scam links and to where open these links.
You said well, because on digital world, scammers are finding new ways to scam you like the recent one, about Hong Kong Binance scam, in which they people received phishing mails and got hacked and lost there funds. And one of the member here on BTT, pointed out that, many buyers and sellers on P2P trades, have set some rules of giving them the phone number otherwise they will not trade with you, and once you receive the funds they will send you phishing emails on that and pretend to be from Binance.

We should definitely avoid to click on links, all I do is simple think twice before clicking on any.
Exactly, best way is to avoid clicking on them, and if you have no other option but to click on it then use a device which is not in your personal use, and which have no connections to your crypto wallets either they are custodial or non custodial.

Scammers still finds way to get to a user, the best is staying offline with your bitcoin wallets. One can actually have a designated device for them that you don’t bring online always. The device that’s usually online should use watch only wallet.

On links you need to verify everything, even links send to your emails are should be avoided, once you get a notification of probably an update, go to the app and visit the website directly from there. Don’t connect your wallet to any site.

The best way to avoid all this links is to be extra cautious because some of these sites also checking out links could also pose some threats too

My device will not download any file unless I authorized for it. I visit just the correct URL of known sites. I have three devices and I am still careful on the least secure one. Where my wallets are, the are most secure but still online. I have not suffered any hack before and I avoid ads.

For my bitcoin wallet, for long term storage, it is on a multisig devices.

Going for wallet on an airgapped device, hardware wallet or other cold storage wallets for higher amount of bitcoin is advised. No matter how safe an online device is, it is not safe as offline devices and there could be a mistake at anytime.

Yes, you will still be vulnerable to attacks, because you just clicked on a phishing link, let's say a link you received from a scammer pretending to be your bank, and asked you to change your password from that link, and once you change your password your account will no longer be under your control. In this case you are vulnerable when you entered data, i mean changed the password.

But when hackers, are at advance level, they simply have to load some javascripts on your browser, and once they got in, they can install there respective malware easily. But this attack could be avoided easily if you are using a good and up to date browser. Because usage of out kf date and not reputed browsers then you are a sitting duck.

And my suggestion for antivirus, is don't use them, simple use the built-in windows defender tool, and never try to use patched windows, or run any scripts to activate your windows. Best way to keep you digital finance on linux operator.

Just a friendly advice, you don't have to share this information here, because evesdropping  is a technique of keeping record of user (internet user) and hacker analyze the activity of a user to get to know more about it. Just to get information which you just already gave here.

What if the scammer uses hyperlink function, like link shorteners, where the upper text is something and the below link is something else. I mean we can generate links comprised of https but inside they really are not https integrated.

Although, I liked your point of backlinks, but besides that, I will not trust on third party websites telling me about a phishing link. I have my own ways, but to be very honest I dont even click on links which my interviewer sends me.

Particularly around crypto people will be using all sorts of tricks to phish. A common one you also must be way of is the IDN homograph attack, which uses similar characters to trick people into visiting a malicious site. The suggestions you gave to check these domains will go in some way preventing these types of attacks.