Hacker News new | past | comments | ask | show | jobs | submit login
Don't just shorten your URL, make it suspicious and frightening (2010) (shadyurl.com)
460 points by client4 on June 15, 2021 | hide | past | favorite | 91 comments



Past related threads:

ShadyURL - https://news.ycombinator.com/item?id=24579931 - Sept 2020 (5 comments)

Don't just shorten your URL, make it suspicious and frightening (2010) - https://news.ycombinator.com/item?id=16791029 - April 2018 (68 comments)

ShadyURL - https://news.ycombinator.com/item?id=11572679 - April 2016 (2 comments)

Shady URL: Don't just shorten your URL, make it suspicious and frightening. - https://news.ycombinator.com/item?id=1134868 - Feb 2010 (21 comments)


Fixed them for you:

    1. http://www.5z8.info/freeporn_m9o0wv_nic_cage_naked
    2. http://www.5z8.info/manhunter_n7f2qq_double-your-wang
    3. http://www.5z8.info/bombbuilding_x7j5jc_boobs
    4. http://www.5z8.info/winamp-cracked.exe_o5m1zq_-49exploit-begin--


Yikes, that really does create a visceral response.


Honestly the .info is the most frightening.


I dunno, ds.gd or whatever Discord uses takes the cake for me so far.


.gg? Stands for "good game". Haven't seen it get much use.


ddg.gg is duckduckgo.com. I use this all the time.


duck.com is cooler imo


They should use it as their main domain


Why is that the most frightening part? (Genuinely curious) I tried to look up the original intent of the .info domain and found the following on Wikipedia: "Info is the only top-level domain that was explicitly created and chartered for unrestricted use, although various other TLDs resulted in this situation de facto." [0]

[0] https://en.wikipedia.org/wiki/.info


Not sure this is still the case, but for years newly-registered .info domains were deeply discounted, i.e. $0.99 or $1.99 for the first year. This made them very attractive for cybercriminals who wanted throwaway domains that weren't needed for more than a year, since they'd be added to spam/malware blacklists within days.

The result was that .info gained a very bad reputation. Since it was so popular among bad actors, but never became very popular for legit sites, for many users the vast majority of times they saw a .info domain it was something nasty.


Exactly - .info and .biz are forever etched in my mind as nothing but scams and spams. I know it has spread beyond that but the original usage was highly tilted toward those.


FWIW, .biz always has seemed unprofessional-sounding to me. Why that was ever created with the intent of being a legitimate domain is beyond me. It cast a shadow over the whole process of creating those new domains at that time, almost as if ICANN was in on all the shadyness from the beginning. It was as if the WHO or UN started adopting warez terminology — you'd start questioning whether they were what you thought they were.


like bitcoin


Almost every time I've seen uBlock Origin block a whole page from loading, and requires adding an exception to browse to it, it's a *.info domain.


These look mostly NSFW, except for the WinAmp one. To me really scary would be something along www.bankofamerica.5z8.info/bank-login

Specially if my name, email or username is part of the url...


To be fair, it's part of quite a few URLs, just usually called "fbclid" or "ref" or "utm_*" or encoded in a cookie.


Kinda wanting this option for all URLs, be a massive time saver


See also the recent related URL Lengthener -- https://news.ycombinator.com/item?id=27156106


It came up recently too in the discussion about a url lengthener: A URL Lengthener https://news.ycombinator.com/item?id=27156106 - May 2021



Wow, utterly shocking.

You won't believe what this article describes.

Bitcoin millionaire reveals his 1 strange trick in this link.

This article helped me lose 30 lbs using this 1 weird food.


I knew but had to confirm. Bfilliant.


You bastard!


Make that x2


I got a BT warning that I was being scammed. So glad I clicked "proceed anyway" =')


I got an ad :-)


My ISP warned me "you could be getting scammed"

I never knew my ISP was filtering and checking my links


That's why I recommend using https://aaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa... for your urls.


Ironically the supicious and fightening url generator thinks that isn't a valid url. Tho it does seem to work in reverse https://aaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...



This is the sort of project that the "old" internet was best at. I miss these kind of things, so much.


Me too. So hard to find anymore.




Wait, what?


It's trivial with delay>0 enabled in your HN profile. (Delay makes your comment not appear publicly for N minutes)

Post comment, get link, "shorten" url, edit comment, boom:

http://www.5z8.info/dogfights_i2z2so_specter-exec


I figured it had something to do with editing, but didn’t know about the “delay” option. So when @samschooler commented, HN Replies[0] contained a link to itself, and that threw me off.

Reminds me of the videos on YouTube that contain their own ID in the content, except you can’t replace your video post upload (unless you’re a major record label…)

[0]: http://www.hnreplies.com/


Comments have incrementing IDs so without using the delay option you could look at https://news.ycombinator.com/newcomments and try to guess what your comment ID will be before posting, but now you're in a race to be the next comment.



Recursion.



This seems like a great way to make people less suspicious of genuinely sketchy URLs...


Isn’t that kind of the point?

I can’t imagine anyone actually using this, but it’s good fun.


Reminds me of Pavlov's experiments


the one dangerous thing in an Url is the host (precisely: the IP).

Either trust it or don't. What it actually says doesn't mean a thing.


the scheme can be pretty dangerous, especially if it starts with javascipt: - it will run in the current origin.



I started trying it out but when the captcha presented me a fourth picture to click on, I gave up.


X-Powered-By: PHP/5.5.9-1ubuntu4.11

yikes!


It’s a nice touch for sure. Someone’s got an eye for detail :-)


I love how they don't use SSL.


This is magnificent.





I purchased https://m8.fyi. The intention was to create very short urls to put on GIFs/videos, making it easy for people to visit the source (e.g. https://m8.fyi/mon), especially on mobile.

Most avoid it or don't realise it's a URL!


This is click unbait.


I was going to try it but they use capcha just because I'm using a VPN. Best wishes on the site though.




(2010)


Added. Thanks!


I do something similar with my WiFi dais’s

Crappy_wifi_2g

Spam_and_Malware



one of mine literally is ><)))*>


I don't understand how this shortens a URL, most URLs are still pretty long.


It shortens the upper bound on URL length, so for computer scientists, it shortens it.


I was confused too, but this actually explains it pretty well:

http://www.5z8.info/freeanimalporn.com-start-download_s2e9hb...


i think it's supposed to be funny, which would be against HN regulations; on the other hand it's something "that good hackers would find interesting". https://news.ycombinator.com/newsguidelines.html (or rather http://www.5z8.info/-49exploit-begin--_j0k3gm_uniqueinvestme... - or www.5z8.info/-49exploit-begin--_j0k3gm_uniqueinvestmentopportunity in all it's glory)


https://google.com

is now http://www.5z8.info/how2printmoney_x5n2rg_lemon-party-redux

??? shorten in what way? the https becomes http ?


Take a longer url... but whatever you didn't get the joke


Validation is rejecting my .solutions tld domain


lol, I have a subdomain 'darknet' – that alone scares a lot.


would we really need URL shortening if people didn't play SEO games by making URLs a complete sentence?


Yes, often if you share resources, the urls are quite long, and pasted into a messaging client, the result looks annoying. For this reason, an internal url shortener is included in several products, like Onlyoffice.


I think you would still end up with "Just put the article title as the URL" out of laziness a bunch too. Or because someone with decision making power doesn't like URLS that seem random.


I'm told urls with IDs and query strings look "unprofessional" in today's web.


Yes, because urls are part of UX and should be as readable and meaningful as possible. It is not just about SEO.


What if my resource is indexed by GUID and I want to build a REST API?


For REST APIs standard would be /resources?query=something&offset=50&limit=50 etc for list of resources. And single resource. /resources/:resourceId, so a bit different for APIs as opposed to user facing urls.

While for a single resource when user facing it would be /resource/human-readable-resource-slug.


That wouldn't force you to use query strings.

I agree it's not always a mistake for a URL to contain an ID value of some sort. How else would online shops assign a URL to each product they offer?


The trend in browsers is to not display the URL, so who cares what it looks like? Mobile hides the address bar as soon as possible to regain the real estate. A certain desktop browser also received a lot of flack about only displaying the domain name rather than the path/query.

Also, if these are the same UX rules that have brought us worthless cookie screens, I'm not sure I'd put stock in their opinions, but that just me joey not-a-frontend-guy-just-a-user beercan.


The requirement to notify and give an opt out option regarding cookies is intended as a privacy improvement.

Most cookie screens are deliberately designed as bad UX to make it very difficult to properly opt out and very easy to accidentally and permanently opt-in.


Also when visiting a new site, the last thing on my mind is the cookie popup.

Here the main goal is to get rid of it fast, which more often than not leads to accepting all cookies the site offers. And bad cookie UX ensures that.

I would actually prefer to never see a cookie popup and then deal with privacy another way, if that was an option.


> Here the main goal is to get rid of it fast, which more often than not leads to accepting all cookies the site offers.

My fast route out is to close the tab. Same for auto-playing audio, distracting animations/video, and other irritations.

So far I don't think I've missed out on anything of significance that way. There are some sites that are useful enough for me to have spent time clicking tens of things, beyond that it turns out that I can live quite happily without the others.


There is a Firefox plugin for that. Not on the computer will look up the name later.


> Most cookie screens are deliberately designed as bad UX to make it very difficult to properly opt out and very easy to accidentally and permanently opt-in.

This is true, but if I recall correctly it's plainly against the law for them to do this. Websites continue to do it because they're fully aware that enforcement is laughable.


> but if I recall correctly it's plainly against the law for them to do this.

Yes, though technically no. IIRC it is against the letter of the law to make it harder to opt out than to opt in. So this behaviour would be fine if it was at least as painful to opt in.

> Websites continue to do it because they're fully aware that enforcement is laughable.

Pretty much.


Well, as someone who has cared about what urls look like[1] since the 90’s, I will rejoice the day I see the last cookie dialog (unless it also is my final day).

[1] It’s a way of communicating with the user. And yes, I often edit the address bar on my phone.


You're under the impression that cookie screens were intended as a UX improvement?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: