12 Ways To Reveal Suspicious Shortened URLs!
Posted by Ching Ya | Posted in Tracking, Twitter, URL Shortener, Web Application | Posted on 05-08-2009
65
Just the other day, I received a Twitter DM :
I’m not familiar with the user, also a bit skeptic towards the link. Normally I would just pass but my curiosity prompt me to dig deeper. It doesn’t take long to reveal the actual location, yeah, some money-making site. Not a fan so let’s end the story here. But I got a valuable lesson that day, know what it is?
Spam, Phishing & Malware Triggered Links in Disguise!
Oh yes, malicious sites transforming themselves into friendly little shortened URLs, waiting to be clicked! Have you not noticed the recent phishing and hijacking cases via click-fraud?? Nah.. it doesn’t seem like something that’ll happen to us, right? WRONG! I don’t know about you, but I find myself getting a little too comfortable with the links sending my way. I figured there’s a need to spread a little awareness about such matter.
No Worries! I Know How To Deal With It! (but.. Are You??)
So we were told that Twitter is going to block those bad URLs. Great effort, but doesn’t mean we should take this lightly. If you were like me, once thought the below methods are enough to solve our problems than think again:
a. Twitter Search Expand Feature
We LOVE the ‘expand’ feature! Safe and ease to use. Blame me for being the party pooper but not all URL shorteners could be revealed. Don’t believe me? try them out:
- Cli.gs / Tr.im / Su.pr / Digg.com / Ow.ly / Tweak.tk
b. Tweetdeck URL Preview Feature
Tweetdeck allows previewing for the link before navigates. Looks safe enough, but what if the link was converted from another shortened URL? It will be displayed as above, the original site address is untraceable, unless you check it manually.
c. FriendFeed Shows Complete URLs
This is much better. FriendFeed shows the complete URLs for all the updates. But what if the link was sent to you via Twitter’s Direct Message? It won’t be shown in the public conversation. How do you go from there? Obviously we need more help than we think.
12 Ways To Expand/Preview Suspicious Shortened URLs
Call me busybody, but I actually checked these 12 apps for the task with below URL Shorteners, sorry I can’t cover ALL that existed. Here’s the overall results I got:
I grouped the URL Shorteners for easier explanations:
Category A (common) :Â Â tinyurl, bit.ly, cli.gs, tr.im, is.gd
Category B (new/framed etc) :Â Â su.pr, digg, owly, tweak.tk
**well what do you know, seems like my previous blog posts still appear in good old Blogger template 
**
i) Powerful Pack (GREEN): Detectable for ALL category A & B.
#1 PrevURL
- thumbnail to preview the original web page.
- comes with ‘search plugin’ to be installed on your browser. Just copy and paste the shortened URL in the box and hit ‘search’to be brought to the PrevURL site.
#2 Longurl
- thumbnail to preview web page.
- plugin available for Firefox: Long URL Mobile expander 2.0.0 (will be discussed in plugin section later).
#3 TheRealURL
- no thumbnail or plugin yet works like a charm. Simple and easy to navigate.
ii) Medium pack (YELLOW): Works perfectly well with category A; minor limitations for B
#4 Sucuri
- no thumbnail previewing.
- special feature: to check whether the real web page is blacklisted via Google Safebrowsing and Siteadvisor.
- has problem detecting Digg.com-shortened URL with question mark ‘?’Â in the midst – for example: http://digg.com/d3ym80?t (10/10 trial attempts).
#5 Unshortme
- Simple page layout without preview.
- Unable to detect Ow.ly.
#6 Unshortn
- allows thumbnail preview.
- bookmarklet available. When clicked, all shortenened URLs on that particular page will expand themselves to original web addresses.
- Minor setbacks:Â To ensure the link converts successfully, preferably paste the shortened URL on top of your web browser then hit ‘Enter’, instead of the ‘Unshorn it’ box’.For Instance: http://unshortn.com/http://su.pr/2gdfR1
- Unable to detect Su.pr.
#7 Urlsnoop
- simple layout with thumbnail preview. No bookmarklet available.
- unable to detect Digg.com
#8 Unshorten
- no plugins or preview feature.
- Unable to retrieve site shortened by Digg.com
#9 ExpandMyURL
- provides bookmarklet on browser: revealing the traceable shortened URLs with green colour. When clicked will redirect to expandmyurl for URL expansion.
- Unable to reveal sites shortened by Tweak.tk.
** ExpandMyURL has improved their service to enable shortening for : Su.pr, Ow.ly. A fantastic improvement to promote them from limited to medium pack. Thanks to Alex for the updating mentioned in the comment below. Good job. **
iii) Limited Pack (ORANGE): Works well with Category A; Seriously lacking for B detections.
#10 Untiny
- provides multiple add-ons from bookmarklet, firefox plugin to firefox search.
- unable to retrieve sites from Su.pr, Digg.com
Firefox Plugins:
#11 Long URL Please 0.4.1
- once installed and enabled, reveals the actual location for the shortened URLs. Works perfectly in Twitter, Facebook etc.
- mostly it is effective in expanding Digg.com, but occasionally not.
- unable to retrieve: Tweak.tk
#12 Long URL Mobile expander 2.0.0
- when hover the mouse over the link, actual web address will be revealed.
- unable to retrieve: Su.pr, Tweak.tk.
What About URL converted from URL Shortener:
Original URL detectable for most applications above. Except for these 3: Sucuri, Urlsnoop & Unshortn.
For example, I’ve shrinked the URL using :
http://tinyurl.com/kqocvk , then again, to
http://bit.ly/vZpuf
After tested, here are the results:
Sucuri.net shows tinyurl as original web address
URL Shorteners that allowing preview
Some URL shorteners provide settings to enable preview for their service when activated. For instance: TinyURL and Trunc.it.
So What Are Your Takes?
Did you ever experience any click-frauds? How do you normally deal with suspicious links that sent in your way? Love to hear your thoughts.
#9 ExpandMyURL
- provides bookmarklet on browser: revealing the traceable shortened URLs with green colour. When clicked will redirect to expandmyurl for URL expansion.
- unstable results for is.gd; while failed to reveal sites shortened by Su.pr, Tweak.tk, Ow.ly.
Related posts:
- 3 Easy Ways to Share Selective Tweets on Facebook Pages submit_url = "http://www.wchingya.com/2009/10/share-selective-tweets-facebook-pages.html"; Having trouble separating social lives between...
- How To Track Your Retweets In Twitter (pt2): 6 URL Shorteners with Stats Tracking! submit_url = "http://www.wchingya.com/2009/05/how-to-track-your-retweets-in-twitter.html"; In previous post, we studied about...
- How To Track Your Retweets In Twitter (Pt.1) submit_url = "http://www.wchingya.com/2009/05/how-to-track-your-retweet-in-twitter.html"; In RT- The Wild Thing in...
- The Reveal: Killer Apps for A Successful Twitter Network (Pt.2) submit_url = "http://www.wchingya.com/2009/03/killer-apps-for-successful-twitter.html"; I hope you’ve already embarked on...
Related posts brought to you by Yet Another Related Posts Plugin.
Wow chingya, you’ve done some major research here. This is an excellent and most useful post for everyone using Twitter.
It’s not only in the tweets, either. When I was checking out someone’s profile page, the (bit.ly) link to their “homepage” was infested was malware. Good thing my antivirus protection was on the job.
Thanks for doing all this work and putting it in such a readable format.
Sue´s last blog ..Walkers Want Access To Lighthouse
Sue,
First of all, welcome to my new apartment. ^^
I’m glad you find the post useful. I was just having several other suspicious URLs sending my way that I had to think of something. Bravo to the developers as they did a brilliant job for inventing the solutions. Thanks so much for commenting.
Hi Ching Ya, first off fantastic in depth post about short urls and great review of the short url expanders.
We initially made http://www.expandmyurl.com as a personal project because we thought the lack of transparency of shortURLs posed a danger to web users especially with the growing popularity of sites like Twitter and put it online because we hoped that other people might find it useful too.
However as your review showed we hadn’t kept up with all the latest shorteners and as we don’t like to be last at anything we’ve now updated expandmyurl to expand su.pr and ow.ly shortURLs.
We haven’t got round to teak.tk yet because of their strange url structure but when we tested other lengthening services like prevurl we found they didn’t work wither (test url: http://5o8ue.tk).
But one test we think is very important and one we are proud that expandmyurl.com does pass is when you chain shortURLs together one inside the other like this http://digg.com/u1dwX expandmyurl.com will return the final nonshort url.
Hope we can be reconsidered/re-evaluated with these improvements
Alex
expandmyurl.com
Alex,
Good job on the improvements. I’ve updated the position and content for ExpandMyURL.
Let’s do some justice for the service by a few tweets, shall we?
Thanks again.
This is a terrific post, Chiny Ya, and clearly a great deal of research went into it! Short URLs are certainly a mixed blessing – so convenient, and yet capable of hiding malicious links – and I think you are quite right that we are all getting just a bit too comfortable with clicking blindly. Thank you very much for this contribution to safer surfing in social media.
rjleaman´s last blog ..Best of Association Jam : Association Links for July 2009
Pleasure to have you here, Rebecca a.k.a Jen.
You’re right. Everything has its pros and cons. We could only try to prevent and minimize the risks. Hopefully these info could help even just a bit. An awareness to all.
Thank you, Rebecca, as always.
Wow Ching Ya! I did not even realize there was a problem! Thanks for opening my eyes.
Since the beginning of the year I’ve acquired some opinions with URL shortners. I do not like the ones that stay “sticky” for a long time – you know the ones where you need to spend time to get rid of the shortener when you want to see the original URL. That’s why I don’t like ow.ly which is a common favorite out there.
As a marketer my favorite is bit.ly – for the stats.
So… now I have to be aware of malicious URL shorteners too
Cindy King´s last blog ..7 Cross-Cultural Skills For Businesses To Master Social Media
Cindy, I totally get that.
Considering original link is a form of credit to the web master, I too am not too crazy about framed URL shorteners either. And now having malicious sites entering our social networking domain, we can’t help but be more skeptic about its usage. Gotta be careful these days. Appreciate your visit, my friend.
What a lot of good research you have done! Thanks – yes I often probably pass up good links because I don’t want to click on an unknown shortened link. Now I have twelve choices to arm myself against malicious links.
Christie´s last blog ..This Tivo would kill for its owner’s attention!
Christie,
Great to see that lovely smile of yours! Yup, now you have 12 weapons armed to defend yourself. Hopefully we will never find any results that startled us. Be cautious always! Thanks so much for your visit!
Thanks, Ching Ya! Great bit of research here, and very helpful. I’ve re-tweeted it AND did a stumble for you. It’s great to know you’re on the lookout for ways to keep social media “clean and healthy!”
Welcome Apryl,
And thanks so much for your kind support. I’m no expert so what I could do is share what I found and hopefully others will benefit from it, or maybe try to enhance the idea to the next level. Hope to see you again soon!
Hey ,
You post was much awaited .. first of all this new apartment is really really nice .. Nice design of the blog and frame work .. good work.
Second thanks for the all this amazing efforts that you put for this article . I am sure every one would love this and would according to their needs .
Sudeep´s last blog ..Four Herbs for Those Few days of Women
Sudeep,
Thanks for the compliment. I think the little blue bird up on the header will be ecstatic to hear that too. lol.
It’s well worth the effort. To have all of you guys supporting the blog I have nothing but complete gratitudes. I’m glad you enjoy the post as well. See you soon.
I try to keep my contacts to ones I know, so this had not been a problem for me.
Jannie Funster´s last blog ..Funny SEO Keyword Searches, 4
Hi Jannie,
It’s quite important that we stay cautious as shortened URLs have not just limited to microblogging alone. I’ve seen people using them in comments and within posts. Although it’s not too common but at least we have some options when running into those situations. ^^ Thanks for dropping by!
Wow.. this is a GREAT resource post. I have never thought about how to un-shorten URLs before, and this covers every possible detail.
Brett Borders´s last blog ..Interview with Patrick Parise (Jenocide312)
Brett,
Great seeing you here! And thank you so much for liking this post. Actually I’m still kinda ‘greedy’ hoping to cover as much shortened URLs as I could.
Hopefully a little guideline like this will help somehow.
What an awesome post Ching Ya. I just click away on Twitter without giving it too much thought… I needed this post before I got stung so thank you.
I am going to be much more vigilant in checking shortened URL’s now.
Michelle´s last blog ..Get outdoors in Sydney this August.
Michelle,
You’re most welcome. Some of the plugins are really convenient and they could be fixed upon browser or auto-revealing the URLs after installed. I would say it’s worth the time to fix them up. ^^ Take care!
Wow I am blown away by the research that you did here! This is amazing as it really uncovers all one needs to know about those shortened URLs.
Thanks!
Pleasure to have you here, Evita.
I’m glad this post could be of some help. A little lengthy but I hope the explanations are clear enough. Do feel free to ask if you need any clarifications. Thank you for commening.
PS Thanks for “featuring” my Twitter post in your example!
Funny to see my pic there.
Michelle´s last blog ..Get outdoors in Sydney this August.
Ha.. you are absolutely welcome, Michelle. I love to ‘feature’ some of my Twitter contacts. A little exposure for all of you nice, sweet tweeple. Great that you noticed!
Ching Ya, this is a fabulous post! I usually ignore links unless they’re from people I know.
Still, it’s nice to have resources to check.
Cheers,
Mitch
Mitchell Allen´s last blog ..Frank McCourt – Six Degrees of Separation?
Hi Mitchell,
At least you know what to do if you’re in doubt with the URLs.
Thank you for visiting. Hope to see you here sometimes.
Chingya,
Haven’t experienced click fraud yet… and now I don’t ever have to with all the neat resources you’ve covered here for my benefit! There’s a lot of useful tools out there, thanks to you, I now know about some of them.
Cheers!
-Mig
Hi Mig,
Hopefully none of us will ever have to deal with click-frauds or spamming. ^^
Always appreciate your visit. Thank you so much for willing to drop a few words.
Since I’m on a Mac and not *that* much in danger for clicking on links, I just click away on pretty much any link I find interesting
But only from those I follow of course, if I get something fishy sent to me from an unknown person at skype or another place, then I don’t click before doing a bit of research.
And now with this article I have many more ways of doing it, thanks
This article/tutorial is so great that I ’stumbled’ it on StumbleUpon.
Klaus @ TechPatio´s last blog ..Man-made Salt Water Clouds To Stop Global Warming?
Thank you, Klaus.
I’m glad this article could be of any help in future on checking on unknown shortened URLs. Thanks for stumbling it as well.
I appreciate your encouragement.
Hi Ching Ya,
Thank you very much for the very detail contribution of all the different resources about suspicious links…
That’s really good, as to the depth and research you’ve done in it, in your post, great work!!
I wasn’t even aware of this problem, since I use anti virus that is always updated, but regardless I think we should all be cautious to some extend to avoid any unsolicited issues.
Cheers…. Paulo.
Paulo´s last blog ..How To Transform Your Self Image.
Welcome Paulo,
Appreciate you dropping by. ^^
I was once very sure that my antivirus would do ‘most’ of the detecting job, until there was a time when a malicious link was sent by one of my close friends via instant messaging and I didn’t check on it. It wasn’t her fault as her PC was infected too. Only then I realized, it’s better to be extra careful rather than regret about it later.
Hope to see you here again. Best wishes!
Ching Ya that was some major effort in your part to research, explained and do all this stuff. Very useful to all of us Twitter fanatics.
BTW, I found your blog from http://www.extremejohn.com/stumble-upon-me-and-i-do-follow-and-stumble-you
And here I am commenting in your excellent post. I also sent a friend request in SU.
Keep it up!
Michael
MichaelR´s last blog ..Submit Your ATA Model, Let Us Help!
Hi Michael,
Nice to meet you. Glad that you drop by and enjoyed the post. Have added you in SU too. See you around and thank you for commenting.
Guess it was inevitable that a lot of spam links will find their way on to twitter especially with the shortened link making it difficult to see what the real url is… ideal for spammers… thanks for explain some of the ways around this im newish to twitter so it a very helpful article for me
graham@promotional pens´s last blog ..Embroidered Polo Shirts smarten up your image
Welcome Graham,
There are too many spammers around. Have to try avoiding them as much. Nice to meet you, hope to see you again here sometimes.
Ching Ya… this is my first time here and I am very impressed with this first post I read. You gave me lots of useful information that I can really use. Usually I just ignore “shortened ulr’s” unless they are from someone I know and trust. After I implement some of these tools it is going to allow me to enjoy some other legitimate links people send me. Great job!
Doug Dillard´s last blog ..How to Create a Gravatar
Thank you so much Doug,
I’m sorry that I missed your comment earlier. Luckily I scrolled through them once more.
I’m glad this post could be a little help for you and others when it comes to suspected shortened URLs. See you soon.
OK Ching Ya, you are going to have to warn me when you do these long posts. I really need a cup of coffee in front of me to stay alert
Honestly though it’s a brilliant post and I am not at all surprised to see that I am at the end of a long list of people who have stumbled this post.
Sire´s last blog ..Updating The Update On Snap Dollars
Hi Sire,
My bad! Sorry.. the coffee(s) are on me!
I was just thinking shall I split the post in 2 at first, but not sure how shall I do that so just shorten the descriptions for each app and made into 1. Sorry again! ha..
Great seeing you here! Thank you for the stumbled.
No worries Ching Ya. It’s just me, I love to read books but find reading text on the computer a bit of a strain. I’m sure the post is fine as it is.
Keep Smiling
Sire´s last blog ..Updating The Update On Snap Dollars
Thank you, Sire. You’re a very kind person indeed.
This is a wonderful informative article. Thanks so much for the heads up.
BunnygotBlog´s last blog ..Eleanor Roosevelt: Speaking Volumes, Part 2
Thank you Bunny,
Always a pleasure to have you here. Take care. ^^
You have way to much time on your hands. lol just kidding. Thanks for this information. I’ll think twice before clicking on some of these urls.
Deneil Merritt´s last blog ..How To Sell Direct Ads And Find Advertisers
Deneil,
Haha.. I sure hope your statement is true (about me having too much time)! In that case I’ll be more productive in my posting. Will improve on that.
Thanks for dropping by, visit your site soon!
lol, I hope it does help improve your producing more posts.
I am always happy to drop by.
Deneil Merritt´s last blog ..Fun Friday: Internet Withdrawal Park Edition
I saw a post like this but you have a lot more research and more detailed. Thanks for sharing. Greg Ellison
Greg Ellison´s last blog ..The Design Of Your New Site
Hi Greg,
It’s a great encouragement to hear this from you! Thanks so much for stopping by. Hopefully will see you again here sometimes.
Well done. A very good tip to prevent spams on Twitter. Thanks for that =)
Jacob Yap´s last blog ..Funky Lunch – 15 Pieces of Amazing Sandwich Design
Thanks Jacob, a little help is better than none I guess.
Short url providers should close this feature.Some buggies are playing bad role in the world.When they get banned from sites or blogs they are again on those sites and blogs with these short urls.
Surender Sharma´s last blog ..Measure the Success of your Blog
Surender,
I guess that’s why people say: there are 2 sides for everything. URL Shorteners are meant for convenience and goodness until some are using it to fulfill their malicious intentions. The only way to deal with it is to be more cautious. Eliminating the service may not be the perfect way to stop spammers. Just my opinion.
Thank you for the comment. I appreciate your opinion on this subject.
wao, its look impressive, great way of posting Ching!
teratips´s last blog ..Windows 7 RTM Media Center SDK Released to Download
Thank you Teratips,
Glad you like the idea. Hope you enjoyed your stay.
Impressive analysis and data collation. Glad I am able to learn a lot about shortened urls.
Kiran´s last blog ..CotD : Su Yin’s Delectables
Kiran,
Glad you get to learn something from the post. Thank you so much for visiting.
I didn’t experience any click fraud case before. I love Untiny and use it everytime I check those tinyurl(s) from people I don’t really know that well. However, if the url(s) come from credible people (I follow) then I would click on it without checking.
Sarah´s last blog ..Free Writing Courses To Help You Be a Better Writer
Sarah,
Great to know you’re applying the URL-check for unknown sources. Yes, unless it’s from someone reliable, always be cautious. Also, do lookout for weird messages as well, it may not be from the original sender sometimes.
Thanks for visiting.
Thank you for the advice. This is something that I really think of. Thank you for the eye opening post.
Rose´s last blog ..Amish Friendship Bread- Starter, Intructions and Recipe
Rose,
You’re most welcome. Thank you for the regular visiting, it means a lot too. ^^
Awesome list! Very useful.
You mentioned this: b. Tweetdeck URL Preview Feature
I didn’t know this existed! I use TweetDeck. How do you activate this preview thingamajig?
reyjr´s last blog ..How JaypeeOnline celebrates Thanksgiving
Reyjr,
You can activate this option by:
Settings > General > tick the ‘Show preview info for short URLs’ > Save
Thanks so much for visiting. I’m glad you like the post. ^^
Wow! It works! Very cooool.
Thank yoU!
reyjr´s last blog ..How JaypeeOnline celebrates Thanksgiving
We always use http://UNfwd4.me in the office, seems to work with pretty much all 301-type shorteners