Home > OS >  I received an email with the following URL information. Seems like phishing, could somebody clarify
I received an email with the following URL information. Seems like phishing, could somebody clarify

Time:01-15

https://example.com/mailRedir.php?u=1&code=k1SdbF1P96Yycn3AR2GDvP3DETlcVWpm&link=5&transformedUrl=9435610899793b08f19dff3e81aa109cb5c588c0120abd37b1d58d0fcd03db53

Obviously the site wasn't example.com, but I've used that so that the link doesn't work. I have been messing with it and it seems to redirect me to a legit site after rapidly sending me to the website https://epic.avature.net.

  1. Does this link load a php script?

  2. Is it possible for me to know whats going on with variables U, code, link, transformedUrl?

  3. Is the URL being changed to something else with "transformed URL"?

  4. Is there a way to determine what the new URL is?

CodePudding user response:

  1. Probably, but without access to the remote server we cannot know for certain whether the server is configured to pass .php files through the PHP interpreter. It's very likely, but we can't definitively answer that.

  2. "going on" is a bit vague, but if you mean you want to know what the server does with them then, again without seeing the source code of the (probably) PHP script then no, not really. We would only be able to observe what seems to happen based on testing it. Ideally you'd want a bigger sample than just one URL to experiment with.

  3. It's not really possible to say, without more info.

  4. What do you mean by "new URL"? You mean the site you get redirected to eventually? The only way to know that is to access the first link, and see what it returns by way of redirection instructions (e.g. a 3xx response with a Location header, or some JS code which tells the browser to redirect, or a meta redirect HTML tag). You can't know where it's going to redirect you without sending a request to it, unfortunately. I would never recommend you to access a link you're unsure of, though.

P.S. It wasn't quite clear if https://epic.avature.net was in the original URL (which you've substituted out in the question), or whether it started from another URL, then redirected you to there, and then redirected you again to the final site.

Either way, the golden rule of links in emails is: if you don't know who it's from, and/or you're not expecting it, and/or you don't know what the site is which it's linking you to, then simply don't click on it, even out of curiosity. Ideally, don't even open the email at all, if the sender/subject details are enough to make you suspicious. You can never be certain what the effect of clicking the link will be.

Page link:https//www.codepudding.com/os/263872.html

Prev:Comparing values by their constructors
Next:Handling task timeout and exception
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding