HTTPS means the person who has registered (bought) the domain name and set up the server has purchased a certificate from an authority that supposedly verifies who they are. If it is a Minecraft game server, then my theory is it’s legit and lets users/members put Minecraft stuff on it.
My theory is that it is a share site for members to share things they built for minecraft, and someone has figured out how to put something nasty on the server above and beyond their minecraft stuff. The “GTX” makes me think it is a server for resources (textures, etc.). If it’s set up and run by some hobbyists, probably does not have very good security.
Or… someone could have compromised the whole server. if it still works for its legit purpose too, the real owners may not even have noticed.
The only thing important to the rest of the internet is the domainname-dot-com. (or org, or whatever). DNS uses that and tells your computer the IP address to send to. When the domain address receives the request packet, the extra bit (gtx-dot) tells the domain what to do with it. Often, it is used because a domain can have multiple servers - you used to see mail-dot-foo-dot-com and webserver-dot-foo-dot-com and archive-dot-foo-dot-com etc. The domain might have one IP address, and multiple servers behind their gateway/firewall and that sub-domainname tells the firewall which server to send it to. (or, which port number/program on the server to send it to).
I agree, when the server receives your long string of numbers and letters, that’s probably something that was generated by a program. The server will match your request string to whatever email address it used to send out that particular string. If it then asks for more details - name, address, phone, create an account and enter a password - this is why it’s a bad idea to use the same password on mutliple different servers and accounts… Now they have the person’s personal details and typical password (and typical username, if it asked to create an account name - are you “Bob12345” on every site?). So many sites nowadays use your email as the userid for logon. Now they can try (or the server can try for them) logging into Google, Paypal, Amazon, etc. with your email and common password.
If they send out a million emails and get a dozen hits - well, that was cheap.
