Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

URL Question: (Google Tutorial to Avoid Phishing)

This site may earn commission on affiliate links.

SageBrush

REJECT Fascism
May 7, 2015
14,860
21,485
New Mexico
Google offers a nifty quizz and tutorial on catching fraudulent URLs that are used in phishing schemes.
I find the last one difficult to understand, even after I skimmed the URL rfc written by Lee. The URL (with the scheme omitted) is

//google.com/amp/tinyurl.com/y7u8ewlr

Google says the TLD is tinuyurl.com and not google.com

I'd like to understand why. Obviously my current practice of identifying the TLD as the token to the left of the first single forward slash is wrong.
 
Google is doing a redirect to what's after the /amp/. You are indeed going to google.com as the TLD, but then the browser follows google's instruction to redirect. This is specific behavior to google.com/amp/whatever, not a general browser behavior. Your current practice remains correct as far as I know.
 
  • Informative
Reactions: SageBrush
Google is doing a redirect to what's after the /amp/. You are indeed going to google.com as the TLD, but then the browser follows google's instruction to redirect. This is specific behavior to google.com/amp/whatever, not a general browser behavior. Your current practice remains correct as far as I know.
Wow.

Does that mean that a non-escaped period after the first forward slash is a redirect ?
 
Wow.

Does that mean that a non-escaped period after the first forward slash is a redirect ?
No, there's no general case here. This is purely a google.com/amp/ thing. It's something google is doing on their side for this one particular URL. Imagine if it was instead google.com?SendMeTo=tinyurl.com/y7u8ewlr. It's pretty clear that you're going to google, and passing along a URL as well, and that the backend code is going to redirect you. That's what's happening in the real case, but it's not at all obvious.
 
  • Like
Reactions: SageBrush
No, there's no general case here. This is purely a google.com/amp/ thing. It's something google is doing on their side for this one particular URL. Imagine if it was instead google.com?SendMeTo=tinyurl.com/y7u8ewlr. It's pretty clear that you're going to google, and passing along a URL as well, and that the backend code is going to redirect you. That's what's happening in the real case, but it's not at all obvious.
Can the behavior and URL construct be implemented by any server ?
I tried http://google.com/amp/comcast.net and received a redirection warning. Who is giving the warning, the browser or the server (or something else ) ?