2

I have been using tinyurl.com for years for conveniently marking frequently used long URLs. This morning I went to create a tinyurl and this is the first time I saw:

Screenshot of tinyurl.com: "Warning! Suspected phishing site ahead!"

Questions:

  1. What authority has deemed this a phishing site?
  2. Has the URL name been hijacked?
  3. Maybe it is something that I've done or need to correct on my end?

I seek to have a better understand of why this is happening and its implications. I understand that link that redirects is a prime candidate for masking phishing sites, however, is the implication that the home page of tinyurl.com is a phishing site? Is there cause not to go to tinyurl.com and create redirect links for my lengthy URLs?

Improve this question

    2 Answers 2

    Reset to default
    3

    Given the fact that Tinyurl (or other services like bit.ly) allows one to hide another URL by providing a short one, you can easily understand that the service is abused in the context of phishing attempts where the goal is usually to trap a user into clicking on a malicious link.

    This means than many Tinyurl URL's have been used to redirect to malicious URL's in the past - therefore the flagging.

    A "tinyurl" link looks less dangerous for an uneducated user and has therefore more chances to be clicked on.

    To answer the "What authority has deemed this a phishing site?" : if I use Chrome and go on tinyurl.com I have no warning - I suppose that you use a browser add-on or an AV that has "web protection" and that injects some warning-sign html on your pages to warn when you arrive on addresses that are flagged as dangerous.

    edit : man your question is not the same anymore.......

    Improve this answer
    4
    • Good points. That being said, the warning gave me pause and I am now wondering if there is a reason not to use its home page to create redirects?
      – gatorback
      CommentedFeb 22, 2017 at 12:53
    • oh I also get the warning now. In the footer of that warning you can see that Cloudflare is the "authority that deemed this a phishing site".
      – niilzon
      CommentedFeb 22, 2017 at 13:00
    • to answer your question here in the comments : yes there is a reason : if the people that you share your links with see this warning, they might abandon the flow or even think that you are malicious. I would use another service to avoid this.
      – niilzon
      CommentedFeb 22, 2017 at 13:02
    • Thank you for the good insightful comment: would not want others to think I am malicious. I observed this with Firefox-Ubuntu. Interesting enough: the authority only warns when accessing the home page: when using the tinyurl redirect, there is no warning
      – gatorback
      CommentedFeb 22, 2017 at 14:20
    3

    What authority has deemed this a phishing site?

    CloudFlare does. Is says so right at the bottom of the warning message. CloudFlare is a CDN that TinyURL apparently uses.

    It is a bit strange that CloudFlare would brand TinyURL as phishers, since obviously it is not TinyURL who is doing the phishing, but people using their service to generate obfuscated URL:s to dodgy sites. One could easily imagine a lot of their URL:s being reported as phishing, and that resulting in a block, though.

    Has the URL name been hijacked?

    I see no reason to believe that. CloudFlare can change the content of tinyurl.com because TinyURL has decided to pass all their traffic through CloudFlare.

    It is possible that someone else has hijacked the site and that is the reason CloudFlare is blocking it, but I would not bet on that.

    Maybe it is something that I've done or need to correct on my end?

    No. This has nothing to do with you.

    Is there cause not to go to tinyurl.com and create redirect links for my lengthy URLs?

    I would not worry about my own security (anymore than I already do when clicking an obfuscated URL). I would, however, worry about the people I distribute the link to seeing that message and believing I am the phisher. Thats not good for PR...

    But my guess is that this is some sort of mistake and the warning will dissapear shortly.

    Edit: Now, an hour later, the warning page is not displayed anymore. Looks like my guess was correct - this was probably a mistake on CloudFlares part.

    Improve this answer

      You must log in to answer this question.

      Start asking to get answers

      Find the answer to your question by asking.

      Ask question

      Explore related questions

      See similar questions with these tags.