Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

Playbook Fridays: URL Decoder

This URL decoder Playbook automatically lengthens potentially malicious urls.

ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention.

As analysts, we should never spend our time on mundane and monotonous tasks when dealing with the cyber antics of adversaries. Playbooks have provided such powerful and flexible capabilities that no adversary should take comfort in thinking that the good guys are getting stuck in the weeds when dealing with these feeble attempts of masquerading.

One common example of such techniques implemented by adversaries is using services to mask malicious URLs and hosts. Sure, as analysts we can manually reverse this process to reveal the dangerous sites, but with Playbooks this is now a trivial matter that requires no effort from us!

Enter the URL decoder, a very simple Playbook that automatically lengthens potentially malicious urls.

Upon creation of any URL in the Platform, the Playbook is kicked off automatically (thanks to the URL trigger with text filtering) and leverages the API to retrieve the lengthened version of the link, kindly adding it as a URL in the Platform with a link to it in the description.

To set up this Playbook in your org., download the .pbx file from the ThreatConnect PlayBook repo, import it, and configure the variable for the API key when prompted.

You also need to make sure the Trigger has the correct owner configured as well as the Create TC URL app. Then you’re all set!

About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at