Shortened URLs are generated by services such as Bitly or TinyURL, and they take a long address and turn it into something like https://tinyurl.com/ycwcj8xd.

These are legitimate services as some URLs can be truly horrific but they are also often abused to disguise malicious addressees, or tracking and affiliate parameters that you may not wish to entertain. Often you simply want to see what site you’re being taken to before clicking on a link.

Let’s check it out:

▸ Open your PowerShell as administrator and type:

function ExpandURL([string]$URL) {
    (Invoke-WebRequest -MaximumRedirection 0 -Uri $URL -ErrorAction SilentlyContinue).Headers.Location
}

▸ Type the commands below:

Invoke-WebRequest -MaximumRedirection 0 -Uri <your_short-url>

(Invoke-WebRequest -MaximumRedirection 0 -Uri <your_short-url> -ErrorAction SilentlyContinue).Headers

▸ Let’s see it in action:

PS C:\> expandurl https://tinyurl.com/ycwcj8xd
https://www.stenge.info

The way these services work is through HTTP redirects, the browser takes you to the shortened URL, the service returns a HTTP 301 (Moved Permanently), and provides the actual URL in the return header which your client then follows. We can get in the middle of this process by telling PowerShell not to follow redirects using the -MaximumRedirection 0 option with Invoke-WebRequest, and then retrieving the real address from the headers.