Investigator Use
Redirect Detective is a free online tool that traces the full redirect chain of any URL, showing each intermediate URL that is visited before reaching the final destination. For OSINT investigators, security analysts, and anyone analyzing suspicious links, Redirect Detective provides transparent visibility into where clicking a link will ultimately take you without actually clicking it.
URL shorteners (like bit.ly, tinyurl.com, and hundreds of custom shorteners) and tracking links intentionally obscure their final destination. While legitimate uses exist (tracking marketing campaign clicks, shortening long URLs), the same mechanism is extensively used in phishing campaigns, malware distribution, and scam operations where the attacker needs to hide the true destination from link preview systems and basic URL scanners.
Redirect Detective reveals the full chain of hops: a suspicious shortened URL might resolve through two or three intermediate redirect services before landing on a phishing page or malware download. Each intermediate URL is an artifact that can be investigated separately — different redirect stages may be hosted on different infrastructure, potentially identifying multiple aspects of the attacker's operational setup.
For email security analysis, Redirect Detective is valuable for investigating suspicious links in reported phishing emails. By tracing the redirect chain without clicking, analysts understand the full path of the attack without exposing themselves or their environment to the final payload. The intermediate URLs often reveal attacker infrastructure including command-and-control domains or bulletproof hosting providers.
Redirect Detective also identifies redirect methods — HTTP 301/302 permanent/temporary redirects, JavaScript-based redirects, and meta-refresh redirects — which can be forensically relevant. Malicious sites often use non-standard redirect methods to evade simple URL checkers.
For threat intelligence, tracking redirect infrastructure across multiple phishing campaigns can reveal shared attacker resources — a single redirect service used across many campaigns may indicate the same threat actor or a specific phishing kit.
Limitations include that Redirect Detective cannot follow redirects that require cookies, login sessions, or specific referrer headers. Pair with URLScan.io and VirusTotal for comprehensive URL analysis.
Document the full redirect chain with all intermediate URLs and final destination in phishing analysis reports.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
ArchiveBox
Web & URL OSINT
ArchiveBox is self-hosted open-source web archiving for preserving websites, social posts, and online evidence for investigations.
Builtwith
Web & URL OSINT
Web technology information profiler tool. Find out what a website is built with.
Check short url
Web & URL OSINT
CheckShortURL expands shortened URLs to reveal the final destination before clicking, supporting safe analysis of potentially malicious links.
Cute Stats
Web & URL OSINT
Cutestat provides website analytics including traffic estimates, Alexa rank, server details, WHOIS data, and SEO metrics for any domain.
Down for who?
Web & URL OSINT
Down For Everyone Or Just Me confirms whether a website is globally offline or unavailable locally during OSINT investigations.
Fast Osint Crawler
Web & URL OSINT
Photon is a fast OSINT crawler extracting URLs, emails, files, subdomains, and metadata from any target website for investigators.