Recently links shared to me from IOS users using the google app have been obfuscated with search.app/SOMEUNIQUECODE where the app redirects to the originally intended website, but, of course, the person clicking the link is revealed to the owners of search.app.
Does anyone have IOS + google and can confirm this behavior? search.app has no home page and no documentation or reporting about it that I could find (other than that it’s a firebase app). The domain was registered to MarkMonitor Inc. in September of last year. But It’s not clear to me what MarkMonitor’s business actually is–it seems like they could just have registered it on behalf of someone.
Yes, it’s Google:
Registrant Organization: Google LLC
You can get more details if you run
whoison your machine (this is about half of the output):refer: whois.nic.google domain: APP organisation: Charleston Road Registry Inc. address: 1600 Amphitheatre Parkway address: Mountain View CA 94043 address: United States of America (the) contact: administrative name: TLD Admin organisation: Google Inc. address: 111 8th Avenue address: New York NY 10011 address: United States of America (the) phone: +1 404 978 8419 fax-no: +1 650 492 5631 e-mail: iana-contact@google.com contact: technical name: TLD Engineering organisation: Google Inc address: 76 Ninth Avenue, 4th Floor address: New York NY 10011 address: United States of America (the) phone: +1 404 978 8419 fax-no: +1 650 492 5631 e-mail: crr-tech@google.com nserver: NS-TLD1.CHARLESTONROADREGISTRY.COM 2001:4860:4802:32:0:0:0:69 216.239.32.105 nserver: NS-TLD2.CHARLESTONROADREGISTRY.COM 2001:4860:4802:34:0:0:0:69 216.239.34.105 nserver: NS-TLD3.CHARLESTONROADREGISTRY.COM 2001:4860:4802:36:0:0:0:69 216.239.36.105 nserver: NS-TLD4.CHARLESTONROADREGISTRY.COM 2001:4860:4802:38:0:0:0:69 216.239.38.105 nserver: NS-TLD5.CHARLESTONROADREGISTRY.COM 2001:4860:4805:0:0:0:0:69 216.239.60.105 ds-rdata: 23684 8 2 3a5cc8a31e02c94aba6461912fabb7e9f5e34957bb6114a55a864d96aec31836 whois: whois.nic.google status: ACTIVE remarks: Registration information: https://www.registry.google created: 2015-06-25 changed: 2020-04-20 source: IANATL;dr:
My discovery process is kinda listed below.
https://www.slashgear.com/google-android-app-beta-makes-it-easier-to-share-search-results-20581224
MarkMonitor.
Corporate Domain Management
Your brand portfolio is exceptional. Shouldn’t your domain management service be the same?
Looks like they are a domain squatter, buying up domains and selling them at ridiculous prices.
They have a page showing some domains they have for sale https://www.markmonitor.com/domains-for-sale/top-level-domains/
But I don’t seesearch.applisted. Doesn’t mean they don’t own it tho, or perhaps they managed the acquisition of it.
It’s strange, because it seems like Google Domains is the registrant:
Registrant Organization: Google LLC.
Maybe MarkMonitor owned it and leased it to Google?search.app.goo.glprobably also points to the same firebase app: https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/Both the Google subdomain and the TLD point to firebase hosting.
Firebase is essentially free hosting (and some Backend as a Service things).
I can’t find any details on who is behind it tho, and I don’t think there is any way to publicly find those details.
I’m guessing it’s some sort of link obfuscation or shortener service.It might be that it is an official Google service for their apps, which is why they are the registrant.
Ah, found something:
https://www.slashgear.com/google-android-app-beta-makes-it-easier-to-share-search-results-20581224