
Turn any link into a suspicious-looking one - defaultnamehere
https://verylegit.link
======
rjbrock
A similar site has been around for a long time:
[http://www.shadyurl.com/](http://www.shadyurl.com/)

example: google.com -> [http://www.5z8.info/dogs-being-
eaten_x2r3rq_5waystokillwitha...](http://www.5z8.info/dogs-being-
eaten_x2r3rq_5waystokillwithamelon)

~~~
mlacher
I made shadyurl! The subdomain feature in this is great. Also cool it has an
API. Though with the amount shadyurl was abused by phishers, I'd be interested
to see how long an API stays viable.

~~~
carbocation
It's kind of wild that "SHADY URL" is something phishers want to use. But, in
the end I guess it's all about finding a domain that isn't tied to them?

~~~
eternauta3k
Similar to 419 scams, shady links/propositions are a good way to select the
people who are easy to trick.

~~~
mlacher
Yeah that's my best guess. I was shocked how much it was used for scams. Might
also be possible the link is so suspicious looking it's actually more
intriguing to click.

------
OJFord
If I were trying to send someone to my nefarious website, I'd definitely now
wrap the link in this, so that the savvy viewer would think it's a harmless
verylegit.link...

~~~
sleepychu
You already have that same deal with bit.ly and friends.

[http://bit.ly/2saifoB](http://bit.ly/2saifoB)
[http://bit.ly/2t5xNhB](http://bit.ly/2t5xNhB)

Which is safe and wonderful and which is dangerous?

~~~
eganist
For the uninitiated: just add a + to the end of any bitly URL to expose
metrics and preview the destination.

[http://bit.ly/2saifoB+](http://bit.ly/2saifoB+)
[http://bit.ly/2t5xNhB+](http://bit.ly/2t5xNhB+)

~~~
sleepychu
This is neat, I hadn't seen it before.

------
nandhp
Is there any way to get SSL error messages in Firefox?

[https://irc.verylegit.link/0x8c*download()194mobiads(windows...](https://irc.verylegit.link/0x8c*download\(\)194mobiads\(windows8!downloader.sh.exe)
is supposed to redirect to Facebook, and it does if you use HTTP. However,
over HTTPS Firefox just gives me a very generic "Secure Connection Failed"
message. (Chrome is rather more helpful, giving me "ERR_CONNECTION_CLOSED".)

~~~
Buge
Where did you get that link? Was it one of the sample links? I don't think
those are real links. But if you type in
[https://facebook.com](https://facebook.com) and click "Make it look dodgy" it
will give you a real link.

[http://hey.look.a.verylegit.link/malware-425iphone)ip-
steale...](http://hey.look.a.verylegit.link/malware-425iphone\)ip-
stealer)(.docx.html.rar

Edit: Although it appears Hacker News decided to mangle this link that I
posted. Apparently it's not happy about mismatched parenthesis in links. Why
HN wants to try to match parenthesis in links... that's a good question.

~~~
funnyfacts365
Markdown uses parenthesis? HN software parses markdown in comments to format
them?

~~~
TazeTSchnitzel
HN doesn't use Markdown, it has its own eccentric and much more limited markup
system.

------
BenjiWiebe
The suffixes should be exe, com, js, hta, vbs, and so on, for extra evilness.

~~~
troymc
pdf and dmg are already pretty scary.

~~~
josteink
Considering most people in the world use Windows, dmg is pretty much
irrelevant. They can only be opened/unpacked on Macs, so even if it contains a
evil payload you won't ever got to it on Windows or Linux.

Exe-files has much bigger impact and can be run through emulation on non-
Windows systems.

I'd say exe is a much better choice.

~~~
falcor84
My mental pronunciation mechanism cannot stop reading "dmg" as "damage"

~~~
dEnigma
Same for me. I guess that's what decades of playing with and reading about
video games do to your brain ^^

------
btschaegg

      How does it work?
    
      Due to rapid advancement in dark ritual technology, 
      the programming community has streamlined the
      Development and deployment of unspeakable 
      eldritch horrors. 
    
      Using robust open-source libraries like a sack of 
      live geese, websites like this one can be
      developed with far more efficient sacrificial
      rituals than ever before.
    
      We're still stuck on the version with 
      really inefficient sacrifical rituals 
      though, due to comp͆aͭatib̊i̼͕l̈̿i̮̜t̚y̅ ͊i͋s̾s̢͈͠u̶e̛̊s̼̃. 
    

Not that I'm in need for an URL shortener, but I really like the style it's
"advertised" in :-)

------
Retr0spectrum
This could potentially be useful to scammers, to pre-filter out the kind of
people who click on shady links.

------
acbabis
This is neat. I'll make sure to use it whenever I post something here or on
Reddit. Great work

------
zeep
redirect to about:config -> [http://hey.look.a.verylegit.link/765ip-
stealer_.json.zip](http://hey.look.a.verylegit.link/765ip-stealer_.json.zip)

and get a Corrupted Content Error (edit: under Firefox)

------
rkuykendall-com
I built this years ago when I made it up during an IM conversation with a
friend and we realized it wasn't taken:
[http://shadydownloads.com/](http://shadydownloads.com/)

------
SimeVidas
I get “Secure Connection Failed”in Firefox Nightly when clicking on the demo
link.

~~~
fiatjaf
That's a feature!

~~~
crazysim
That "feature" does not appear to work for me. It probably should be a feature
though.

------
amelius
I'd like a way to get some statistics, e.g. how many people clicked the link,
etc.

That might even be useful when posting links to HN.

------
dredmorbius
I've DNS blackholed the entire .link TLD, along with .science, .country,
.click, and .rocks.

So, there's that.

(DNSMasq, router-based blocklist.)

~~~
jessaustin
Do you care to share the reasons you've taken this decision?

~~~
dredmorbius
Direct personal realisation, an increasingly take-no-prisoners approach to
online abuse, and a considerable amount of evidence from elsewhere that such
TLDs are almost entirely void of value.

My router doesn't have sufficient resources to list individual hosts,
particularly where widespread abuse is found. Plus it's just too much fucking
work.

BlueCoat Security (now part of Symantec) have been publishing a "Shady TLD
series".

[https://www.symantec.com/connect/blogs/floating-down-
stream-...](https://www.symantec.com/connect/blogs/floating-down-stream-shady-
tld-research-part-17)

Basically: to 2-3 nines, these TLDs are nothing but trouble. If they can't
clean up their own acts, fuck 'em.

And let that be warning to other TLD registrars.

~~~
lstamour
These lists, it should be pointed out, are quickly becoming outdated as more
folks sign up for new domain names. For example, there’s this on .xyz
[https://www.symantec.com/connect/blogs/exploring-xyz-
another...](https://www.symantec.com/connect/blogs/exploring-xyz-another-
shady-tld-report) and then there’s actual usage of it:
[https://abc.xyz](https://abc.xyz) (completely not mentioned...) If you want
to know the most popular/relevant sites on a TLD, search google for `site:xyz`
to see a small list... E.g. .link often is used by websites with very long
domains looki for a shorter one, like [http://gcr.link/](http://gcr.link/)
Amazon has [http://aws.science/](http://aws.science/) .country is mostly crap,
but there is [http://cma.country/](http://cma.country/) .click is indeed only
slightly less spammy, but does have [http://bbc.click/](http://bbc.click/) And
.rocks doesn’t deserve the ban. It’s used by fan sites, people promoting tech
or events, and fun stuff like kqed.rocks for kqed.org ... I’ll admit though,
it can be hard to tell with all the third party domains which sites are
legitimate and which aren’t...

~~~
dredmorbius
Given the risk/reward of, oh, say, finding my systems hosed or users scammed
and/or bank accounts drained, vs. missing out on someone's link shortener, I
think I'll err on the side of caution.

This being an assessment based on local awareness of circumstances.

~~~
cptn_brittish
In what way are you more secure then when someone uses a .com domain? In both
cases it is easy to register a url and turn into a malicious site. It really
seems you are blackholing parts of the web for no good reason except to exempt
yourself from actually performing a security check on the sites on the
assumption all other tld's are safe.

~~~
dredmorbius
Wrong question.

Risk. Reward. Administrative cost.

The first of these I blocked when I looked at the domain and realised that the
TLD were registering any old line noise. I'm not going to bother sorting that.
Search for other experience turned up Blue Coat.

I subscribe to blocklists, and they update periodically. There are other
levels of protection.

When a TLD is 99.9% malware or scams, it's far easier to block it outright.
Registrars should take responsibility for what they're registering. Not my
problem.

~~~
cptn_brittish
My experiance with symantec web protection (which I assume will use the same
blocklists they are talking about) is that it has a ridiculous false positive
rate and when I was still in High School they had blue-coat installed and it
had a worse false positive rate. I would be very careful about running
blacklists from those companies aside from anti-ad blocklists.

------
alexdrans
Hi, would you please consider paramaterising the input in the URL so that I
can use it with Chrome's Omnibar?

------
pavlakoos
But what for? So that people don't click it?

------
qume
Woz would love this, I hope he gets to see it

------
Mayzie
Doesn't work for any HTTPS site.

------
dingo_bat
Unable to open in Edge: [http://imgur.com/a/nBAne](http://imgur.com/a/nBAne)

------
m0atz
How is this top of hacker news???

~~~
LeoNatan25
People have a sense of humor, and this is a fantastic meta joke. Why so
serious?

~~~
superflyguy
This site doesn't like jokey comments, so how are pointless jokey links
tolerated? It's not like the linked to site is making a serious point in a
light hearted way.

~~~
matt_wulfeck
Because the joke is actually a utility, and I for one plan to share links to
others with it to continue the fun (can't be done with a witty/funny comment).

------
pmiller2
Mods, thanks for changing the title. It was screwing with the layout on
mobile.

------
logicallee
This:

    
    
       secure.verylegit.link/warez737speedupurpc.gif.pdf
    

(example from site) doesn't look dodgy to me at all.

I'd have no qualms clicking on it, because my browser and I can handle
suspicious websites. (Especially ones ending pdf.)

Something that would give pause would be:

[https://tinyurl.com/2ea2mu4?command=127.0.0.1/activate](https://tinyurl.com/2ea2mu4?command=127.0.0.1/activate)

I would think...wait a minute... I probably wouldn't click this example.

~~~
swampthinker
Good for you. But this is a scary looking link for the average internet
browser.

~~~
logicallee
I disagree, because it literally says "secure.verylegit.link". Those are not
negative words.

If this seemed suspicious to the people you're talking about, nobody would
start a letter to them with the words, " Please permit me to make your
acquaintance in so informal a manner. This is necessitated by my urgent need
to reach a dependable and trust wordy foreign partner. This request may seem
strange and unsolicited but I will crave your indulgence and pray that you
view it seriously. " (I found this example online.)

So, I simply disagree that the example produced looks suspicious. It looks
fine.

Further, I wouldn't even think twice before clicking it. The example I quoted
simply doesn't look suspicious. (Because pdf is a 'safe' filetype.) I don't
think it would give the average Internet user pause, either.

~~~
TheSpiceIsLife
_The example I quoted simply doesn 't look suspicious. (Because pdf is a
'safe' filetype.)_

Safe?

[https://www.cvedetails.com/vulnerability-
list/vendor_id-53/p...](https://www.cvedetails.com/vulnerability-
list/vendor_id-53/product_id-497/Adobe-Acrobat-Reader.html)

~~~
logicallee
Yes, safe. I open it safely in Chrome (I just click, Chrome opens it natively
in the same view) and the chance someone is going to burn a PDF zero-day for
chrome on a random link I come across is vanishingly small.

You can open PDF files in Chrome. Even malicious ones. It's okay.

