On 2018-02-20 (22:10 MST), Reindl Harald <h.rei...@thelounge.net> wrote:
> 
> you may hit confirmation-urls (both ham and spam), trigger actions, trigger 
> *one-time* urls which are invalid for the user after a dumb bot used them not 
> talking about that it would be illegal in many countries in case of private 
> ham-mails

As I suspected, it is possible to get the goo.gl target URL without loading the 
site, though using curl is probably not realistic in this specific case.

$ curl -s "http://goo.gl/ylUAd"; | grep -o "http[^\"]*"
http://www.hollywoodreporter.com/thr-esq/donald-trump-threatens-sue-macy-422135

$ curl -s "http://bit.ly/savecastle"; | grep -o "http[^\"]*"
http://community.livejournal.com/castle_tv/28872.html

Doesn't work with t.co, but that is not surprising since twitter uses that 
specifically to hide URLs, considering them all their property that must go 
through their servers.

-- 
Mos Eisley spaceport. You will never find a more wretched hive of scum
and villainy. We must be cautious.

Reply via email to