Various URL redirector services (shorteners, click trackers, et al) are frequently used as obfuscation vectors in phishing and malware attacks.
As part of our DomPhisher detection services for our clients, we maintain a list of such services internally.
These are for the most part legitimate and above board services or applications which are being misused or hijacked for hostile purposes.
What is useful is to be able to programmatically detect whether a given link is part of a generalized indirection, abstraction or analytics service.
As such we’ve made our internal database available via an RBL-style lookup under:
{domain}.redirects.domainsure.zone
In addition to this we’ve deployed a redirect lookup tool and an agentic skill via DomainHelp where we plan on backfilling the query with additional metadata as it becomes available (the redirect chain / link expander is related to this)
PURLs is also available as an RPZ, which can be used in various ways to impair susceptibility to these links when used deceptively, as this proof-of-concept video shows. (Request Access)
