85
24
I came across this URL (NSFW) and need to convert this to puny code.
As an experiment, I'll paste this URL here, but not sure if this will save.
http://..ws/ (NSFW)
How can I convert this URL to a standard DNS name so I can whois the IP space?
goodguys_activate
Posted 2016-10-05T04:44:53.137
Reputation: 1 925
82
In this case, the domain is ".ws" (xn--vi8hiv.ws). This is a free link "shortener" that can turn any link into emojis. It's free and available at http://linkmoji.parseapp.com
In this case, the translation punycode as Steffen mentioned won't help you, because you just get the domain/ips of this free service.
You need to check the redirects using e.g. curl or your browser's developer tools.
In Chrome's developer tools, it could look like this:
Josef says Reinstate Monica
Posted 2016-10-05T04:44:53.137
Reputation: 1 230
46I'm absolutely blown away and horrified that such a service exists. When I read the title of this question I thought "Surely this is some xkcd-style humor" but no... it's a real thing. Next thing you know people are going to figure out how to encode their social media accounts into selfies or some other bizarre internet hack. – thanby – 2016-10-05T18:51:23.930
3
@thanby already done, https://www.google.co.uk/search?q=snapchat+id+selfie&ie=UTF-8&oe=UTF-8&hl=en-gb&client=safari#imgrc=iF1Dk0Pa6yliPM%3A
– Tim – 2016-10-05T22:41:21.5802
@thanby and also fb messenger does it with your profile picture: https://imgur.com/a/iJeLE
– Tim – 2016-10-05T22:47:22.43717
@thanby the essence of xkcd-style humor (and the internet in general) is that someone is bound to make it reality (if it isn't already)
– Amani Kilumanga – 2016-10-06T00:31:50.847cURL gives me Failed to convert ..ws to ACE; String preparation failed. – TRiG – 2016-10-06T14:40:10.203
@TRiG if it doesn't work, you have to decode the punycode before. There is for example the idn tool. But if your shell doesn't handle unicode properly, better use a web tool like punycoder.com anyways, the output should be xn--ki8hb4a5cudxa08a01a.xn--vi8hiv.ws Then a curl -vv xn--ki8hb4a5cudxa08a01a.xn--vi8hiv.ws should have Location: http://linkmoji.parseapp.com/xn--ki8hb4a5cudxa08a01a somwhere. Put that in curl again and get <body onLoad="location.replace('http://trk.egtcashtrk.com/aff_c...
@Josef. In other words, this is definitely spam (as if we couldn't tell). But I'm puzzled that cURL can't handle it. My shell is GNU Bash 4.3.46 on Ubuntu 16.04 LTS, and I've never had any problems with Unicode. – TRiG – 2016-10-07T15:03:09.147
Is there any technical reason to have 10 redirects? – Sebb – 2016-10-09T11:23:54.837
1@thanby At the risk of further derailing this post: Mastercard is looking to roll out "pay-by-selfie" by the end of the year. Let's face it, we're growing old. – Lilienthal – 2016-10-10T10:40:30.340
30
This is a two-step process, which involved a bit of trial and error in finding the right URL un-shorteners.
First of all, I tried a bunch of URL-unshorteners on the emoji-URL, until I found one that worked.
Unshorten.me turned
http://..ws/
into
http://linkmoji.parseapp.com/xn--ki8hb4a5cudxa08a01a
Unfortunately, I wasn't able to feed that back to itself; it looped back to that same URL.
But Unshorten.it, which choked on the emoji, could handle this URL perfectly well and told me it pointed to
http://getlaid-xxxhoookupnow.com
The description it found for that site contains some words that are NSFW, so I won't repeat it here, but it's obviously spam to say the least, and possibly dodgy in other ways as well.
SQB
Posted 2016-10-05T04:44:53.137
Reputation: 629
1
Are you sure Unshorten.It! works? On trying, It just gave me a long Please Wait.
– Don't Root here plz... – 2016-10-05T17:24:30.0934Works for me, but on the second URL, the one returned by the first step. – SQB – 2016-10-05T17:37:51.833
18I don't think you need the description to tell what kind of site http://getlaid-xxxhoookupnow.com is. – Fund Monica's Lawsuit – 2016-10-06T17:01:53.867
6@QPaysTaxes Looks like it might have something to do with finding a place to put your RV(?) hookups? – Michael – 2016-10-07T02:14:07.257
14
You need to convert it to punycode which is the ASCII representation of the name. This can be done for example online at punycoder.com and many programming languages have the necessary libraries if you want to convert it inside a program.
Steffen Ullrich
Posted 2016-10-05T04:44:53.137
Reputation: 3 897
12
This is amazing! I had no idea you can use emojis in a URL, even though I'm a web developer! The other answer are great, but I found Unfurlr to work well. It allows you to see where something goes, without setting cookies in your browser, and without exposing you to a virus or drive-by-download as you would if you view it in your browser. It also shows you headers and scripts and contents if you need to safely inspect it more closely.
Chloe
Posted 2016-10-05T04:44:53.137
Reputation: 4 502
3
Just past the URL in the address bar of Firefox browser, it will show you the ASCII form automatically:
I'd expect other modern browsers to have similar behaviour, but I didn't actually test those.
Dmitry Grigoryev
Posted 2016-10-05T04:44:53.137
Reputation: 7 505
92Susan sounds like a nice girl though. – Sombrero Chicken – 2016-10-05T12:03:16.477
5This is the Short URL :-
http://xn--ki8hb4a5cudxa08a01a.xn--vi8hiv.ws/and this is the long URL :-http://trk.egtcashtrk.com/aff_c?offer_id=48&aff_id=4348&aff_sub=akash(The message you got was spam, because this links to a dating site.) – Don't Root here plz... – 2016-10-05T14:40:32.547@Don'tRoothereplz... I think you should post that as an answer. – SQB – 2016-10-05T16:15:28.187
8The link in the question currently redirects to an NSFW page without warning. – murgatroid99 – 2016-10-05T22:09:48.423
6@Don'tRoothereplz... I think it was pretty obvious the message was spam, even without following the link, don't you? – user253751 – 2016-10-06T06:09:52.120
@user20574 Now that you say it like that, Yes, it is pretty obvious that it's spam. – Don't Root here plz... – 2016-10-06T19:18:47.203
1@murgatroid99 The warning is that it's embedded in this sort of spam message. – user253751 – 2016-10-06T19:44:47.393
31In an ironic twist, your SU question has probably driven more traffic to this "dating" site than the spammers could have hoped for. Or maybe you were in on the whole thing... – nispio – 2016-10-06T19:52:25.467