Have you ever looked at a Web address and wondered, “What do all those slashes and dots mean?” You might not care, but there’s a very good reason you should: Scammers love to use tricky Web addresses to get you to give them personal information.
I’m going to teach you how to look at a Web address like “http://www.amazon.com.xyz.it:8000/secure/login.php” and know whether or not it’s legitimate or not. It’s not as hard as it sounds. The key is in knowing what doesn’t matter, so you can focus on what does.
If we take a look at a Web URL, you’ll see that there are three major parts.
The protocol is the part that comes at the beginning. That’s the “http://” part. This tells your Web browser how to handle what’s printed after it. You don’t need to know much about the protocol, other than the fact that traffic sent to and from Web sites that use “http” as their protocol is sent without any encryption. Web sites that use “https” send and receive traffic in an encrypted format. The s stands for secure.
The part that comes after the protocol, but before the first slash, is the Site Name. It’s a combination of items, which we will discuss in more detail below. It looks like “www.clocktowertech.com” or “answers.yahoo.com”. It tells your Web browser where to find the Web server. (If it were a mailing address, it would be the “country”, “state”, “city”, and “street” of the building you’re looking for.)
After the domain, you may see a slash (“/”), followed by other text of varying length. This is the path. It’s kind of like an inside address. Once your Web browser has found the right server (“building” in our address example) the path tells it how to find the specific information on that server (“or specific room, file cabinet, folder, and file in that building”). You’re almost never going to be concerned with the path, so you can pretty much ignore everything after the slash.
Dissecting the Site Name
What we’re most concerned with, then, is everything in between the “//” and the first “/”. So, in this example . . .
. . . all we’re concerned with is “www.amazon.com”.
Web addresses are like street addresses, the more general information is at the end, while the more specific information is at the beginning. In a sense, you read them from right to left. If you were going to look up an address on a map, you’d start by locating the country, then the state, then the city, and then the street, which is opposite of the way it’s written. The same is true for Web addresses.
Let’s take a look at the sections of a Site Name. The sections are divided by periods (“.”), or “dots”.
As with a street address, the “biggest” section is all the way to the right. The top-level domain (TLD) is like the “country”. In fact, it often is the country where the domain is registered. The United States has a country code of “us”, but it is rarely used. Most domains in the US us the TLDs “com”, “org”, “edu”, and “net”. These codes designate the purpose of the domain (commercial, non-profit organization, education, Internet-related). If you’re really interested, here’s a Wikipedia article that lists them all.
Registered Domain Name
The combination of the TLD and the section one dot to the left is the domain name. In “www.facebook.com”, it would be “facebook.com”. Every domain is registered to some entity (company, individual, or organization). A domain name in the .com TLD and a similarly named domain in the .net TLD don’t have to be registered to the same entity. For example, mass.com, mass.gov, and mass.org are all registered to very different entities.
There can only be one of each possible domain name, so, while there is a “microsoft.com” and a “microsoft.net” there can’t be two domains named “microsoft.com”.
This is important, because, when you’re trying to decide if a Web address is legitimate, the domain name is what you look at. It doesn’t matter what any other portion of the address says, the domain name is the key.
Sub-domains and Host Names
If there is anything to the let of the domain name, it’s either a sub-domain or a host name. The host name is whatever is all the way to the left (immediately following the “://”). In “www.amazon.com” the host name is “www”. Essentially, the host name is the server where the Web pages reside. It’s the “building number” from our address example.
A Web address doesn’t have to have www. That’s just a standard naming convention for a domain’s primary Web site. For example, http://answers.yahoo.com is not the same as http://www.yahoo.com. They both belong to the same company (yahoo.com) but they’re two different sites in the same domain.
Anything between the host name and the domain name is a sub-domain. For example, you might have an address that looks like this: “http://west.exch025.serverdata.net”. In this case, “west” is the host name, and “exch025” is a sub-domain (and “serverdata.net” is the domain name). Sub-domains are just a way for organizations with a lot of sites to further subdivide their space.
Wrapping it Up
To read a Web address, the most important part is the domain name. To find the domain name, look at the part after the “://” (colon, slash, slash). Read to the right, until you find the next slash (/). The two sections directly before that slash are the domain name. The domain names are highlighted in the examples below:
- https://www.facebook.com (There is no single slash, so the domain name is at the end.)
- http://www.youtube.com.abcxyz.it/login.php (It doesn’t matter that you see a recognizable name in there. Those are just sub-domains. The domain name is always at the end of the site name, before the first single slash.
- http://www.bbc.co.uk/news/ (Domain names in the United Kingdom have three parts.)
- http://www.amazon.com:80/login.html (A trick: The “:80” part is a port number. We didn’t talk about this, because it’s rare, but it’s good to know what it is.)
- http://18.104.22.168/tdbank_login (The address has been replaced with an IP address. This is valid, but it’s a trick that’s often used by scammers.)
Here’s a diagram of all the parts of a Web address:
To be valid, an address must include a protocol, a domain, and a TLD (top-level domain). Everything else just makes it a more specific address.
Here’s a list of links used in this article: