Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

pnamajck

Honorable Member
Joined
Aug 28, 2014
Messages
439
so … you find a tiny url and feeling apprehensive … not sure if you can trust the url being safe. indeed, your concern is warranted. nowadays … just opening a web-page can release malware, exploits and ransomware into your environment.

tiny urls:
reasons for shortening url:
allows most small string fields
may be easier to remember
less typing
easier to copy/paste​

yes … sometime it does seem necessary to provide for, and substantiate for, shortened urls. for instance, google- maps/searches both have long addresses … many others as well. ever try inserting a long url inside a tweet? i'd rather not launch into the semantics here.

google (and others):
this morning i ran into a url … which propagated this post here. the url seemed to have been manifested via google (goo.gl/6okWTw). question being … how to find the true url hiding within the obfuscated/compressed version?

google offers its own tiny-url service (goo.gl) … so do a myriad of other providers (youtu.be, y.ahoo.it, amzn.to, bit.ly, etc.) … each with their own architecture.

one handy way, for goo.gl links, is by typing a plus-sign(+) at the rear of the url. for example, if the url is goo.gl/6okWTw … adding a "+" would finish the sequence as goo.gl/6okWTw+. pls refer to the bottom references if you wish to know the url's true identity*.

in the real world … say, you come across the goo.gl link … you'd need to copy the url … paste the url into the browser's address field. you would then type a plus-sign after the url … and, finally, hit "enter" on the keyboard. from there, google.com will refresh your web-page … deobfuscating the shortened url … finally divulging the expanded address**.

services offered:
other tiny url services offer different methods of deobfuscation. several different online portals out there offer to expand the url … some wanting sign-up first(wtf?) … some demand the person viewing to lower their ad-blocker … some even slap your face with ads. the following expanders seem to be universal and not proprietary:
checkshorturl.com (contained 1 ad and 8 trackers)
getlinkinfo.com (contained 9 trackers)
untiny.com (contained 1 ad and 3 trackers)
9inchurl.com (contained 1 trackers)

add-ons:
there are add-ons which offer similar approaches … in which it's automated and, therefore, requires no copy/paste maneuvers. i present … 9inchurl.com … offering add-ons for both firefox as well as chrome. i have not tried either add-on personally … far as i know they are free and have not yet died.

virus-total:
last of all … our favorite virustotal.com comes to the rescue. not only can you check the link for malware … it will also point you to the originating url! check out line#4 … scroll all the way right.

Code:
content-length: 66880
x-seen-by: m0j2EEknGIVUW/liY8BLLna/Y3lFyAIO6fJh1n72JsA=,1wy2ILu/S4rlWT/R4rqCrRuIDmz9IMyTDzWNWPvKo0o=,LwsIp90Tma5sliyMxJYVEi2yokv0wGdZxJj27ka7Yas=,1wy2ILu/S4rlWT/R4rqCrRuIDmz9IMyTDzWNWPvKo0o=,Tw2AanFDQ+Wwo8Xxk6ZL7rHKeAJXtkPxqn+uc4aMlOBIwTBgXpw0piCVV5ZIxFN9,I2ZOrNA1LIowGTY6Ll7mx3a/Y3lFyAIO6fJh1n72JsA=
content-language: en-US
set-cookie: hs=1674075430;Path=/;Domain=theghosthacker.wixsite.com;HttpOnly, svSession=c4d171f41467663073a9579b5860f01772ba7609e1a3c1f86e4162c3d851fc77cd19cd5db43af83b4a22e12cb3c9e48d1e60994d53964e647acf431e4f798bcd20f733950c851763ed6e244e03d71fad831e4c2577dc6914b61504dcf5ef2afe;Path=/theghosthacker;Domain=theghosthacker.wixsite.com;Expires=Sat, 08-Jan-2022 15:29:23 GMT
x-wix-renderer-server: app-jvm1b.42.wixprod.net
expires: Thu, 01 Jan 1970 00:00:00 GMT
vary: User-Agent
server: Pepyaka/1.11.3
connection: keep-alive
pragma: no-cache
cache-control: no-cache
date: Sun, 08 Jan 2017 15:29:24 GMT
x-wix-request-id: 1483889364.9021718369998784272
content-type: text/html;charset=utf-8
pls note:
Path=/theghosthacker;Domain=theghosthacker.wixsite.com
pls also note:
HttpOnly ***
additionally, virus-total offers an ip-address as well.

p.s. actually … yahoo decommissioned their y.ahoo.it exchange (11/2013).

ref:


virustotal.com
security.thejoshmeister.com/2009/04/how-to-preview-shortened-urls-tinyurl.html

theghosthacker.wixsite.com/theghosthacker (goo.gl/6okWTw) *
goo.gl/#analytics/goo.gl/6okWTw/all_time **

checkshorturl.com
getlinkinfo.com
untiny.com
9inchurl.com
owasp.org/index.php/HttpOnly ***
yahoodevelopers.tumblr.com/post/67403245494

addons.mozilla.org/en-us/firefox/addon/simple-url-extender/
chrome.google.com/webstore/detail/simple-url-extender/lmmoknkjcopjcbhmahpmogamfblhlpfa
 
Back
Top