Cover image

Open Source Intelligence (OSINT) from common link shorteners

Bradley's author profile picture
Bradley Kemp on

Phishers love to use URL shorteners, but this can actually be a benefit for defenders too. Wouldn't it be great if you could know exactly how many victims had clicked on a phishing link? With many shortened URLs you can find out!

Most URL shorteners don't just offer URL shortening, they also include all sorts of other features. The most common of which is link analytics.

Some of these analytics are only visible to the creator of the short-url, but many are publicly visible.

Using these publicly available analytics, you can learn extremely useful data about phishing campaigns. For example, in this phishing campaign you could tell from the analytics that it:

  • Was distributed via LinkedIn
  • Mostly targeted iOS users in India
Referrer analytics for a cutt.ly shortened URL
Referrer analytics for a cutt.ly shortened URL

Getting analytics from the most common URL shorteners

How to view public Cutt.ly analytics

To view the analytics for cutt.ly shortened links: add -stats30 to the end of the URL. For example, cutt.ly/short would become cutt.ly/short-stats30

An example of the analytics available on a cutt.ly short url
An example of the analytics available on a cutt.ly short url

How to view public Bit.ly analytics

bit.ly shortened links used to have public analytics available by adding + to the URL, but these are now restricted to the account who created the shortened URL.

Anyone else trying to view the statistics will unfortunately just get the message:

If this is a Bitly link you created from your account, please log in to view the click data . Learn more about how to view your click data in our Help Center.

How to view public TinyURL analytics

TinyURL used to have public analytics available by adding ~ to the URL, but these are now restricted to the account who created the shortened URL.

How to view public Rebrandly analytics

URLs shortened using Rebrandly's free version have public analytics viewable by appending .stats to the URL. For example, rb.gy/short has analytics viewable on rb.gy/short.stats

These analytics offer a wide range of useful data, not just on click counts, but also on:

  • The countries clicking on the link
  • What type of devices are being used (mobile, tablet, or desktop)
  • Where people are being referred to the link from. For example, if they're clicking the link from a specific social media site.
An example of the analytics available on a Rebrandly short url
An example of the analytics available on a Rebrandly short url

How to view public CUTT.US analytics

To view the analytics for cutt.us shortened links: add ~ to the end of the URL. For example, cutt.us/short would become cutt.us/short~

Only a basic click count is available, but you can also see when the link was created and when it was last clicked.

An example of the analytics available on a CUTT.US short url
An example of the analytics available on a CUTT.US short url

How to view public tiny.cc analytics

To view the analytics for tiny.cc shortened links: add ~ to the end of the URL. For example, tiny.cc/short would become tiny.cc/short~

Only a basic click count is available, and note that this will only work if the creator ticked the "Log stats for this link" option.

Want more insight into phishing kits?
Start a trial today.

More posts from the Phish Report team

Cover image

Detecting phishing sites with high-entropy strings

You'd expect phishing sites to be hard to detect and track, but actually, many of them contain HTM...
Cover image

Top 5 phishing detection APIs you can start using today

There's too many suspicious URLs going round to manually check every one to see if it's malicious....
Cover image

Threat hunting for phishing sites with urlscan.io

[urlscan.io](https://urlscan.io) is an incredible tool for taking a snapshot of a phishing website...