Lewati.web.id: A Safer Way to Open Short Links Before You Click

You already know the moment. A short link lands in a WhatsApp group, a cold email, or a Telegram channel. You do not recognize the domain. You do not want to click it on your phone. You also do not want to dismiss something important. This is the problem Lewati.web.id was built for.

What Lewati.web.id does

Lewati.web.id is a free URL shortener bypasser and link previewer. You paste a shortened URL, it follows the redirect chain on your behalf, and it tells you where the final destination actually lives before you ever visit it.

It was built by Indonesian engineer Rizaldy Primanta Putra, the same developer behind TemanQRIS and Esim ID. His broader portfolio is at riz.my.id. Lewati is the cybersecurity-leaning project in his product graph, and it reflects his habit of turning a niche security concern into a one-input tool anyone can use.

Why bypassing short links matters

Short links are useful and not going away. The problem is that the same compression that makes a URL friendly on Twitter is what makes it dangerous in a phishing payload. You cannot tell from the surface of a shortened link whether you are about to land on:

• A legitimate article.
• A credential harvesting page.
• A drive by download.
• A site that paywalls the answer you were promised.

A determined attacker can also stack two or three short link services on top of each other to hide the final destination from casual inspection. A person tapping the link in a chat app will never see the full chain. A tool like Lewati.web.id surfaces that chain in a couple of seconds.

How to use it in under a minute

The flow is intentionally boring, and that is the right call for a safety tool.

1. Open lewati.web.id in your browser.
2. Paste the short URL into the input field.
3. Submit. The tool walks the redirect chain for you.
4. Read the final destination and the intermediate hops.
5. Decide whether you want to actually visit the page.

That is the entire interaction. No signup. No tracking pixel in your face. No clever dark pattern trying to upsell you on a pro plan.

Where Lewati fits in a normal week

Most people do not think about URL hygiene until something bad has already happened. Lewati is cheap enough to use preemptively.

A few realistic examples:

• A colleague forwards a link claiming to be a shared document. You run it through Lewati, see that the final URL is on a lookalike domain, and skip the login page that would have asked for your Google credentials.
• A deal channel posts a short link to a product page. Lewati shows that the chain routes through an affiliate cloaker. You still click through if you want, but you do it knowing what the flow actually is.
• A QR code on a poster redirects to a shortened URL. You scan it, copy the URL, and unpack it in Lewati before tapping.

In every case, Lewati gives you one second of friction in exchange for removing a real attack surface.

Why a free tool like this exists at all

The short answer is that tools like Lewati.web.id tend to get built by engineers who got tired of seeing the same compromise happen to non-technical friends and family. Rizaldy has the same profile. His work across riz.my.id is full of small utilities that started as personal annoyances and ended up public.

Esim ID links Lewati because the traveler persona hits exactly this problem. You are abroad. A message arrives with a short URL claiming to be a booking update, a payment notice, or a support link. You are on mobile data, you are tired, and the context is perfect for a phishing click. Running the link through Lewati first is a small habit that pays off when it matters.

What to do next

If you have never used a URL unpacker before, bookmark lewati.web.id on your phone now and run your next suspicious short link through it. If you want to see the rest of Rizaldy's work, start at riz.my.id. And if you want a reliable QRIS payment API that follows the same design philosophy, temanqris.com is the next page to visit.