The
goo.gl domain is owned by Google. To verify, see:
http://www.whois.com/whois/goo.gl
You can create shortcuts of long URLs. You can use the Google URL
shortener service yourself by visiting:
http://goo.gl/
There is a link at the bottom of the page for help which goes to:
https://support.google.com/faqs/answer/190768?rd=1
Giving someone a 200 character URL means they are likely to get it wrong
or not even bother trying to go there. TinyURL has the same URL
shortening service. With them, and if the person doling out the URL
doesn't include it, you can add the "preview" hostname to the domain so
you can see to where the shortened hyperlink will redirect. Although
not very long, an example is where:
http://www.intel.com/p/en_US/support/highlights/processors/toolspiu
gets shortened to:
http://tinyurl.com/27l8znh
but if you want to preview to where that redirection link leads then
use:
http://preview.tinyurl.com/27l8znh
I don't see any mention at
goo.gl on how to preview the target of their
shortened URL. There are many such URL shortening services and many of
them offer no means to see to where the short link will redirect them.
As a consequence, and to prevent visiting an unwanted site by letting
you the target site BEFORE going there, some sites will figure out what
is the long URL. They take the shortened URL and determine what is the
long URL to what the short link points. Of course, since they are
resolving the shortened link to something now, the long URL them compute
may differ from the original long URL that got shortened.
http://longurl.org/
For example, when I enter
http://tinyurl.com/27l8znh (although the
preview mode is available for that service by adding the "preview"
hostname), it tells me the long URL is:
http://www.intel.com/p/en_US/support/highlights/processors/toolspiu
Well, that what I expected but it's possible the long URL could be
different (but still point at the same page). When I entered the
suspect URL you gave of:
http://goo.gl/wXcjcN
LongURL says the long version is:
http://shortz.so/bcb
To check that the "long" URL isn't another redirection service, I enter
the shortz.so URL into LongURL but it comes back as the same URL. Yet I
still suspect shortz.so is another redirection service. With scripting
and metarefresh disabled in my web browser, visiting that target URL
results in a page claiming "nothing found". They are using Javascript
code in their web page to redirect you elsewhere.
http://www.whois.com/whois/shortz.so
That shows whomever is the real registrant of that domain is using
GoDaddy's private service. IANA requires that a domain registration
specify who is responsible for the domain. Registrars, at an extra fee,
while assume that responsibility by listing themselves as the
responsible party while keeping hidden who is the real registrant. That
means the real domain owner is hiding. You don't hide for good reasons.
nslookup shortz.so
returns 69.65.45.16
yet
nslookup 69.65.45.16
returns
ip-69.65.45.16.servernap.net
So the web host is not operating their own web server. They syntax of
the reverse DNS lookup indicates it is someone's home PC but it could be
a web site hosted at
servernap.net.
So just from where did you download the .rar file? Are you trying to
get a cracked version of software? Is this some software you're trying
to get for free using trailpay or similar scheme?
I suspect there's more to the story than you "just came across" an
encrypted .rar file. Obviously if there were reasons to encrypt a file
then it would be stupid to include the decryption key within the .rar
file. That is like taping your house key to your door when you left.
The password or key has to be delivered via some other venue else there
would be no reason to encrypt the file. When you send an e-mail to
someone that has an attachment which is an encrypted file, do you give
the password within the body of that same e-mail?