Hacker news

Top
New
Past
Ask
Show
Jobs

The URL shortener that makes your links look as suspicious as possible (https://creepylink.com)

803 points by dreadsword 3 days ago | 148 comments | View on ycombinator

postalcoder 3 days ago |

There may actually be some utility here. LLM agents refuse to traverse the links. Tested with gemini-3-pro, gpt-5.2, and opus 4.5.

edit: gpt-oss 20B & 120B both eagerly visit it.

gnabgib 3 days ago |

Related: A URL shortener not shortening the URL but makes it look very dodgy (434 points, 2023, 100 comments) https://news.ycombinator.com/item?id=34609461

arjvik 3 days ago |

My favorite link of all time:

https://jpmorgan.c1ic.link/logger_zcGFC2_bank_xss.docm

Definitely not meta

tcgv 3 days ago |

Hole in one!

I shortened a link and when trying to access it in Chrome I get a red screen with this message:

  Dangerous site
  Attackers on the site you tried visiting might trick you into installing software or revealing things like your passwords, phone, or credit card numbers. Chrome strongly recommends going back to safety.

latexr 3 days ago |

I think it’s perfectly reasonable to make something useless for fun, it’s an interesting idea.

But what I’d like to understand is why there are so many of the same thing. I know I’ve seen this exact idea multiple times on HN. It’s funny the first time, but once it’s done once and the novelty is gone (which is almost immediately), what’s the point of another and another and another?

bityard 3 days ago |

IIRC, shadyurl was the original version of this. Doesn't seem to be around anymore, though.

qnleigh 3 days ago |

What's up with the creepy ads on this website? It seems like they are actually sketchy ads and not just fake ads for comedic effect. One shows some scammy nonsense about your device being infected and the other links to a real VPN app.

vhurg 3 days ago |

Please don’t use 3rd party relays for your URLs. It’s bad enough to have your own server, domain, etc. as single points of failure and bottlenecks without adding a 3rd party into the mix, who either themselves or someone that takes over their domain later track users, randomly redirect your users to a malicious site, or just fail.

I know people have fond memories of long ago when they thought surely some big company’s URL shortener would never be taken down and learned from that when it later was.

champagnepapi 3 days ago |

https://jpmorgan.c1ic.link/G4JQKX_money_request.dll

caminanteblanco 3 days ago |

I'm not sure what the use case for this is, but I've been using it as a inefficient messaging service with my girlfriend, ie:

https://c1ic.link/campaign_WxjLdF_login_page_2.bat

You seem to be able to encode arbitrary text, so long as it follows [A-Za-z0-9]+\.[A-Za-z0-9]+

jmward01 3 days ago |

This had to be done:

https://wellsfargo.c1ic.link/TODO_obfuscate_url_8wyS7G_hot_s...

zX41ZdbW 3 days ago |

I would also like to have something like this, but for "vintage" links - something that looks like it was from the late 90s.

I use them in tests, just for fun: https://github.com/ClickHouse/ClickHouse/blob/master/tests/q...

codemogul 3 days ago |

BRILLIANT! Even Chrome says nope/DANGEROUS to a creepified link to mail.google.com

jhalderm 3 days ago |

Fantastic! I miss the original ShadyURL.

https://news.ycombinator.com/item?id=31386108

domoregood 3 days ago |

For funsies I shortened https://creepylink.com

And got: https://c1ic.link/account_kPvfG7_download_now.bat

dreadsword 3 days ago |

Saw this on relaunched Digg and figured HN would appreciate it.

phoe-krk 3 days ago |

I wouldn't call it a shortener, since most of the links it creates are longer than the originals.

What would be a good name here? A URL redirector?

juliangmp 3 days ago |

This is legit! If you disable your adblock you even get a suspicious ad

falsedev 3 days ago |

I can't tell if the website works as advertised because I don't want to open the generated links

dieggsy 3 days ago |

This is fun. Is it not checking for previously submitted URLs though? I can seemingly re-submit the exact same URL and get a new link every time. I would expect this to fill the database unnecessarily but I have no idea how the backend works.

undefined 3 days ago |

undefined

autoexec 3 days ago |

Every URL shortener is suspicious.

While this seems like it would make it harder for them I wouldn't be surprised if scammers eventually try to abuse this service too and I have no doubt that people would happily click these if they found in them in a phishing email, that said I give the folks behind this a lot of credit for having a way to contact them and report links if that happens.

Avamander 3 days ago |

It would've been top-notch if it actually sometimes just used Outlook/O365 or similar vendor's "safelinks" redirector that they use.

zefhous 3 days ago |

My city utility provider used secured-server.biz for billing for a long time. I always thought it was hilarious and very suspicious looking.

bsza 3 days ago |

Yeah but have fun explaining yourself to the police when the author abandons the project and an actual scammer ends up buying up all those domains.

awesome_dude 3 days ago |

For humour I shortened "https://www.facebook.com/"

And got https://twitter.web-safe.link/root_4h3ku0_account_verificati...

yc784567 3 days ago |

This is cool, since the links are actually short, but for properly suspicious links I prefer phishyurl [1] .

[1] https://news.ycombinator.com/item?id=45295898

edit: fixed typo

lzap 3 days ago |

I like how old-school HN comment section does not care about creepy links at all. Or link for that matter.

TomMasz 3 days ago |

This is great. It created a link to my personal site that Firefox blocked me from going to.

unnouinceput 2 days ago |

My link: https://update.web-safe.link/iy1bxm_money_request

danielpetrica 3 days ago |

As someone who built a standard shortener (coz.jp), this is hilarious. I spent so much time trying to make links look trustworthy; doing the exact opposite is a surprisingly fun concept.

victorevogor 3 days ago |

Just wondering. so you bought c1ic.link and web-safe.link. That's very cool

rendall 3 days ago |

This is the best article on Wikipedia!

https://c1ic.link/bzSBpN_login_page_2

Edit: Chrome on Android warned me not to visit the site!

zakki 3 days ago |

Is this suspicious: https://microsoft.c1ic.link/0B7jqd_invoice.vbs ?

CupricTea 3 days ago |

The other day in a Facebook Messenger group chat I tried to link to https://motherfuckingwebsite.com/ as a joke, but Messenger kept blocking it. It's quite overzealous with its blocking.

arthurezende 2 days ago |

It's so creepy my corporate VPN blocked it

fancychancy 3 days ago |

Haha, it's fun. Just thinking, is there some place where creepy links would be better ?

FuturisticLover 3 days ago |

I am sharing content using these creepy links to send to office people.

neuroelectron 3 days ago |

/instagram.c1ic.link/mCLIIp_free_vacation_offer.zip

abhinai 3 days ago |

Please take my upvote. :)

dizhn 3 days ago |

Firefox is freaking out on some of these. It's hilarious.

CGMthrowaway 3 days ago |

Use case? Besides humor and phishing tests

lzzzam 3 days ago |

I can just say thanks

lasgawe 1 day ago |

haha I love this

virajk_31 3 days ago |

why do creepy links look creepy?...

snehalbaghel 2 days ago |

Imagine someone compromises apps like these and replaces the creepy looking links to actually dangerous links

thimkerbell 3 days ago |

Add this to "HN for psychopaths" please.

CrimsonCape 3 days ago |

It is hilarious and i'm not clicking any link lol.

fuddle 3 days ago |

lol, I'm not clicking a .vbs link

manthangupta109 3 days ago |

lol

hnst1 3 days ago |

[dead]

olya_pllkh 3 days ago |

[dead]

thesebas 3 days ago |

[dead]

undefined 3 days ago |

undefined

pryncevv 3 days ago |

[dead]

pabs3 3 days ago |

Please don't make any more URL shorteners, they are just a bad idea.

https://wiki.archiveteam.org/index.php/URLTeam