Recently links shared to me from IOS users using the google app have been obfuscated with search.app/SOMEUNIQUECODE where the app redirects to the originally intended website, but, of course, the person clicking the link is revealed to the owners of search.app.

Does anyone have IOS + google and can confirm this behavior? search.app has no home page and no documentation or reporting about it that I could find (other than that it’s a firebase app). The domain was registered to MarkMonitor Inc. in September of last year. But It’s not clear to me what MarkMonitor’s business actually is–it seems like they could just have registered it on behalf of someone.

  • towerful@programming.dev
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    TL;dr:
    My discovery process is kinda listed below.
    https://www.slashgear.com/google-android-app-beta-makes-it-easier-to-share-search-results-20581224


    MarkMonitor.

    Corporate Domain Management

    Your brand portfolio is exceptional. Shouldn’t your domain management service be the same?

    Looks like they are a domain squatter, buying up domains and selling them at ridiculous prices.
    They have a page showing some domains they have for sale https://www.markmonitor.com/domains-for-sale/top-level-domains/
    But I don’t see search.app listed. Doesn’t mean they don’t own it tho, or perhaps they managed the acquisition of it.
    It’s strange, because it seems like Google Domains is the registrant:
    Registrant Organization: Google LLC.
    Maybe MarkMonitor owned it and leased it to Google?

    search.app.goo.gl probably also points to the same firebase app: https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/

    Both the Google subdomain and the TLD point to firebase hosting.

    Firebase is essentially free hosting (and some Backend as a Service things).
    I can’t find any details on who is behind it tho, and I don’t think there is any way to publicly find those details.
    I’m guessing it’s some sort of link obfuscation or shortener service.

    It might be that it is an official Google service for their apps, which is why they are the registrant.

    Ah, found something:

    https://www.slashgear.com/google-android-app-beta-makes-it-easier-to-share-search-results-20581224

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Yes, it’s Google:

    Registrant Organization: Google LLC

    You can get more details if you run whois on your machine (this is about half of the output):

    refer:        whois.nic.google
    
    domain:       APP
    
    organisation: Charleston Road Registry Inc.
    address:      1600 Amphitheatre Parkway
    address:      Mountain View CA 94043
    address:      United States of America (the)
    
    contact:      administrative
    name:         TLD Admin
    organisation: Google Inc.
    address:      111 8th Avenue
    address:      New York NY 10011
    address:      United States of America (the)
    phone:        +1 404 978 8419
    fax-no:       +1 650 492 5631
    e-mail:       [email protected]
    
    contact:      technical
    name:         TLD Engineering
    organisation: Google Inc
    address:      76 Ninth Avenue, 4th Floor
    address:      New York NY 10011
    address:      United States of America (the)
    phone:        +1 404 978 8419
    fax-no:       +1 650 492 5631
    e-mail:       [email protected]
    
    nserver:      NS-TLD1.CHARLESTONROADREGISTRY.COM 2001:4860:4802:32:0:0:0:69 216.239.32.105
    nserver:      NS-TLD2.CHARLESTONROADREGISTRY.COM 2001:4860:4802:34:0:0:0:69 216.239.34.105
    nserver:      NS-TLD3.CHARLESTONROADREGISTRY.COM 2001:4860:4802:36:0:0:0:69 216.239.36.105
    nserver:      NS-TLD4.CHARLESTONROADREGISTRY.COM 2001:4860:4802:38:0:0:0:69 216.239.38.105
    nserver:      NS-TLD5.CHARLESTONROADREGISTRY.COM 2001:4860:4805:0:0:0:0:69 216.239.60.105
    ds-rdata:     23684 8 2 3a5cc8a31e02c94aba6461912fabb7e9f5e34957bb6114a55a864d96aec31836
    
    whois:        whois.nic.google
    
    status:       ACTIVE
    remarks:      Registration information: https://www.registry.google
    
    created:      2015-06-25
    changed:      2020-04-20
    source:       IANA