Analyzing Black Hat URL Shorteners

malicious url shortener
Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hackers think that using URL shorteners in site injections makes it less likely to be flagged as malicious because authorities cannot simply blacklist a link from or, so we regularly find shortened URLs in .htaccess files and in src parameters of injected scripts and iframes.

This is an excerpt from a pharma spam cloaking script, found by my colleague Cesar Anjos on one compromised site.
Read More

Check that short URL before clicking on it

URL Un-shortening service supporting all shortening sites (, tinyurl, diff, etc) that also checks the URL using google safe browsing and Siteadvisor:;=check-url