alt Hacker NewsThe URL shortener that makes your links look as suspicious as possible
Comments
Related: A URL shortener not shortening the URL but makes it look very dodgy (434 points, 2023, 100 comments) https://news.ycombinator.com/item?id=34609461
My favorite link of all time:
https://jpmorgan.c1ic.link/logger_zcGFC2_bank_xss.docm
Definitely not meta
Hole in one!
I shortened a link and when trying to access it in Chrome I get a red screen with this message:
Dangerous site
Attackers on the site you tried visiting might trick you into installing software or revealing things like your passwords, phone, or credit card numbers. Chrome strongly recommends going back to safety.I think it’s perfectly reasonable to make something useless for fun, it’s an interesting idea.
But what I’d like to understand is why there are so many of the same thing. I know I’ve seen this exact idea multiple times on HN. It’s funny the first time, but once it’s done once and the novelty is gone (which is almost immediately), what’s the point of another and another and another?
IIRC, shadyurl was the original version of this. Doesn't seem to be around anymore, though.
What's up with the creepy ads on this website? It seems like they are actually sketchy ads and not just fake ads for comedic effect. One shows some scammy nonsense about your device being infected and the other links to a real VPN app.
Please don’t use 3rd party relays for your URLs. It’s bad enough to have your own server, domain, etc. as single points of failure and bottlenecks without adding a 3rd party into the mix, who either themselves or someone that takes over their domain later track users, randomly redirect your users to a malicious site, or just fail.
I know people have fond memories of long ago when they thought surely some big company’s URL shortener would never be taken down and learned from that when it later was.
I'm not sure what the use case for this is, but I've been using it as a inefficient messaging service with my girlfriend, ie:
https://c1ic.link/campaign_WxjLdF_login_page_2.bat
You seem to be able to encode arbitrary text, so long as it follows [A-Za-z0-9]+\.[A-Za-z0-9]+
This had to be done:
https://wellsfargo.c1ic.link/TODO_obfuscate_url_8wyS7G_hot_s...
I would also like to have something like this, but for "vintage" links - something that looks like it was from the late 90s.
I use them in tests, just for fun: https://github.com/ClickHouse/ClickHouse/blob/master/tests/q...
BRILLIANT! Even Chrome says nope/DANGEROUS to a creepified link to mail.google.com
Fantastic! I miss the original ShadyURL.
Saw this on relaunched Digg and figured HN would appreciate it.
I wouldn't call it a shortener, since most of the links it creates are longer than the originals.
What would be a good name here? A URL redirector?
This is legit! If you disable your adblock you even get a suspicious ad
I can't tell if the website works as advertised because I don't want to open the generated links
This is fun. Is it not checking for previously submitted URLs though? I can seemingly re-submit the exact same URL and get a new link every time. I would expect this to fill the database unnecessarily but I have no idea how the backend works.
It would've been top-notch if it actually sometimes just used Outlook/O365 or similar vendor's "safelinks" redirector that they use.
Yeah but have fun explaining yourself to the police when the author abandons the project and an actual scammer ends up buying up all those domains.
Every URL shortener is suspicious.
While this seems like it would make it harder for them I wouldn't be surprised if scammers eventually try to abuse this service too and I have no doubt that people would happily click these if they found in them in a phishing email, that said I give the folks behind this a lot of credit for having a way to contact them and report links if that happens.
My city utility provider used secured-server.biz for billing for a long time. I always thought it was hilarious and very suspicious looking.
For humour I shortened "https://www.facebook.com/"
And got https://twitter.web-safe.link/root_4h3ku0_account_verificati...
I like how old-school HN comment section does not care about creepy links at all. Or link for that matter.
This is great. It created a link to my personal site that Firefox blocked me from going to.
This is cool, since the links are actually short, but for properly suspicious links I prefer phishyurl [1] .
[1] https://news.ycombinator.com/item?id=45295898
edit: fixed typo
Just wondering. so you bought c1ic.link and web-safe.link. That's very cool
This is the best article on Wikipedia!
https://c1ic.link/bzSBpN_login_page_2
Edit: Chrome on Android warned me not to visit the site!
As someone who built a standard shortener (coz.jp), this is hilarious. I spent so much time trying to make links look trustworthy; doing the exact opposite is a surprisingly fun concept.
Is this suspicious: https://microsoft.c1ic.link/0B7jqd_invoice.vbs ?
The other day in a Facebook Messenger group chat I tried to link to https://motherfuckingwebsite.com/ as a joke, but Messenger kept blocking it. It's quite overzealous with its blocking.
Haha, it's fun. Just thinking, is there some place where creepy links would be better ?
I am sharing content using these creepy links to send to office people.
Please take my upvote. :)
Firefox is freaking out on some of these. It's hilarious.
/instagram.c1ic.link/mCLIIp_free_vacation_offer.zip
It's so creepy my corporate VPN blocked it
I can just say thanks
why do creepy links look creepy?...
Add this to "HN for psychopaths" please.
Imagine someone compromises apps like these and replaces the creepy looking links to actually dangerous links
haha I love this
It is hilarious and i'm not clicking any link lol.
lol, I'm not clicking a .vbs link
lol
There may actually be some utility here. LLM agents refuse to traverse the links. Tested with gemini-3-pro, gpt-5.2, and opus 4.5.
edit: gpt-oss 20B & 120B both eagerly visit it.