The URL shortener that makes your links look as suspicious as possible

Posted by dreadsword 10 hours ago

The URL shortener that makes your links look as suspicious as possible(creepylink.com)

513 points | 104 comments

postalcoder 9 hours ago|

There may actually be some utility here. LLM agents refuse to traverse the links. Tested with gemini-3-pro, gpt-5.2, and opus 4.5.

edit: gpt-oss 20B & 120B both eagerly visit it.

devsda 7 hours ago||

I wish this came a day earlier.

There is a current "show your personal site" post on top of HN [1] with 1500+ comments. I wonder how many of those sites are or will be hammered by AI bots in the next few days to steal/scrape content.

If this can be used as a temporary guard against AI bots, that would have been a good opportunity to test it out.

1. https://news.ycombinator.com/item?id=46618714

aflukasz 1 hour ago|||

AI bots (or clients claiming to be one) appear quite fast on new sites, at least that's what I saw recently in few places. They probably monitor Certificate Transparency logs - you won't hide by avoiding linking. Unless you are ok with staying in the shadow of naked http.

xlii 6 hours ago||||

I posted my site on the thread.

My site is hosted on Cloudflare and I trust its protection way more than flavor of the month method. This probably won't be patched anytime soon but I'd rather have some people click my link and not just avoid it along with AI because it looks fishy :)

treebeard901 5 hours ago|||

I've been considering how feasible it would be to build a modern form of the denial of service low orbit ion cannon by having various LLMs hammer sites until they break. I'm sure anything important already has Cloudflare style DDOS mitigation so maybe it's not as effective. Still, I think it's only a matter of time before someone figures it out.

There have been several amplification attacks using various protocols for DDOS too...

devsda 3 hours ago|||

Yeah I meant using it as an experiment to test with two different links(or domains) and not as a solution to evade bot traffic.

Still, I think it would be interesting to know if anybody noticed a visible spike in bot traffic(especially AI) after sharing their site info in that thread.

testfrequency 6 hours ago||||

Glad I’m not the only one who felt icky seeing that post.

I agree my tinfoil hat signal told me this was the perfect way to ask people for bespoke, hand crafted content - which of course AI will love to slurp up to keep feeding the bear.

kzalesak 2 hours ago||||

I think that something specifically intended for this, like Anubis, is a much better option.

subscribed 1 hour ago||

Anubis flatly refuses me access to several websites when I'm accessing them with a normal Chromium with enabled JS and whatnot, from a mainstream, typical OS, just with aggressive anti-tracking settings.

Not sure if that's the intended use case. At least Cloudflare politely masks for CAPTCHA.

john01dav 1 hour ago|||

I thought that Anubis solely is proof of work, so I'm very curious as to what's going on here.

fc417fc802 27 minutes ago|||

What do you mean "refuses"? The worst it should do is serve up a high difficulty proof of work. Unless it gained new capabilities recently?

Are you sure the block isn't due to the authors of those websites using some other tool in addition?

jnrk 7 hours ago||||

Of course, the downside is that people might not even see your site at all because they’re afraid to click on that suspicious link.

postalcoder 6 hours ago||

Site should add a reverse lookup. Provide the poison and antidote.

gala8y 3 hours ago||

Bitly does that, just add '+' to Bitly URL (probably other shorteners, too).

briandear 2 hours ago|||

How is AI viewing content any different from Google? I don’t even use Google anymore because it’s so filled with SEO trash as to be useless for many things.

Zambyte 56 minutes ago||

Try hosting a cgit server on a 1u server in your bedroom and you'll see why.

PUSH_AX 5 hours ago|||

LLM led scraping might not as it requires an LLM to make a choice to kick it off, but crawling for the purpose of training data is unlikely to be affected.

Barathkanna 6 hours ago||

Sounds like a useful signal for people building custom agents or models. Being able to control whether automated systems follow a link via metadata is an interesting lever, especially given how inconsistent current model heuristics are.

latexr 1 hour ago||

I think it’s perfectly reasonable to make something useless for fun, it’s an interesting idea.

But what I’d like to understand is why there are so many of the same thing. I know I’ve seen this exact idea multiple times on HN. It’s funny the first time, but once it’s done once and the novelty is gone (which is almost immediately), what’s the point of another and another and another?

amne 1 hour ago||

I think it's just someone learning something new most of the time.

I have home made url shorteners in go, rust, java, python, php, elixir, typescript, etc. why? because I'm trying the language and this kind of project touches on many things: web, databases, custom logic, how and what design patterns can I apply using as much of the language as I can to build the thing.

latexr 28 minutes ago||

Right. But the question is why redo the exact same joke? Why not come up with another twist (like the URL lengthener) or do no twist but be useful?

I’m not criticising the author or anyone who came before. I’m trying to understand the impetus between redoing a joke that isn’t yours. You don’t learn anything new by redoing the exact same gag that you wouldn’t learn by being even slightly original or making the project truly useful.

Ideas are a dime a dozen. You could make e.g. a Fonzie URL shortener (different lengths of “ayyyyy”), or an interstellar one (each is the name of a space object), or a binary one (all ones and zeroes)… Each of those would take about the same effort and teach you the same, but they’re also different enough they would make some people remember them, maybe even look at the author and their other projects, instead of just “oh, another one of these, close”.

postalcoder 21 minutes ago||

A joke isn’t the best example because there are jokes that never changes but the delivery is a sign of mastery. The Aristocrats is like Bach’s cello suite for comedians.

latexr 13 minutes ago||

The Aristocrats is a special case where the setup is the joke instead of the punchline. The point is the inventiveness of the journey. If it was told with the same setup every time, it wouldn’t be funny.

victords 1 hour ago|||

A fun project doesn't need to be original, IMO.

URL Shortener is still one of the most popular System Design questions, building this project is a great way to have some experience / understanding of it, for example.

latexr 27 minutes ago||

> A fun project doesn't need to be original, IMO.

I agree. But a URL shortener with a twist isn’t just fun, it’s funny. The joke—as opposed to the usefulness—is what’s interesting about it. But when the same joke is overdone, it’s no longer funny.

> building this project is a great way to have some experience / understanding of it

https://news.ycombinator.com/item?id=46632329

meken 31 minutes ago||

I’ve been browsing this site for a decade plus and this idea was new to me. Maybe the author is in the same boat.

Edit: I see referencnes to shadyurl in the comments and I have heard of that, but probably wouldn’t have thought of it.

latexr 25 minutes ago||

Fair. I’d think they would look for prior work beforehand, but that’s perfectly valid.

https://xkcd.com/1053/

Again, this was not a criticism, but a genuine question.

zX41ZdbW 1 hour ago||

I would also like to have something like this, but for "vintage" links - something that looks like it was from the late 90s.

I use them in tests, just for fun: https://github.com/ClickHouse/ClickHouse/blob/master/tests/q...

eythian 55 minutes ago|

There was a "shadyurl". The site itself seems to be long gone, but this'll give you some context: https://www.mikelacher.com/work/shady-url/

gnabgib 10 hours ago||

Related: A URL shortener not shortening the URL but makes it look very dodgy (434 points, 2023, 100 comments) https://news.ycombinator.com/item?id=34609461

vedmakk 2 hours ago||

That's less a URL shortener and more a URL dodgifier.

tylervigen 1 hour ago||

To be fair, the one in the OP also did not shorten any of the links I gave it.

Bengalilol 2 hours ago||

The key point here is "not shortening"

arjvik 9 hours ago||

My favorite link of all time:

https://jpmorgan.c1ic.link/logger_zcGFC2_bank_xss.docm

Definitely not meta

deltarholamda 25 minutes ago||

I got one where the called script ended in ".pl" and I had a flashback to the 90s. My trousers grew into JNCOs, Limp Bizkit started playing out of nowhere and I got a massive urge to tell Slashdot that Alan Thicke had died.

cuechan 3 hours ago|||

With Firefox on Android it simply says

Deceptive site issue

This web page at [...] has been reported as a deceptive site and has been blocked based on your security preferences.

What's going on? I can't find any setting to disable this.

Yeri 3 hours ago||

NextDNS is blocking it too (https://google.c1ic.link/lottery_qrdLCz_account_verification). The reason is that Google Safe Browsing considers that site as unsafe.

fc417fc802 23 minutes ago||

TBF it ought to trigger even the simplest heuristics so it wouldn't surprise me if it was automatically categorized that way.

fuddle 8 hours ago||

Imagine using this as your personal website lol

morshu9001 5 hours ago||

email too

qnleigh 5 hours ago||

What's up with the creepy ads on this website? It seems like they are actually sketchy ads and not just fake ads for comedic effect. One shows some scammy nonsense about your device being infected and the other links to a real VPN app.

wmeredith 7 minutes ago||

This is probably the result of a context based ad network serving sketchy adds because of the suspicious url content.

HPsquared 2 hours ago||

That's just the ambient creepiness of the internet. It's a creepy place!

bityard 9 hours ago||

IIRC, shadyurl was the original version of this. Doesn't seem to be around anymore, though.

nomel 8 hours ago|

shadyurl a whole bunch of different incredibly shady domains that were used at random. it was beautiful.

champagnepapi 9 hours ago||

https://jpmorgan.c1ic.link/G4JQKX_money_request.dll

reincarnate0x14 8 hours ago||

https://jpmorgan.web-safe.link/flash_7KzCZd_money_request

I love this version and I hope you do too.

html5cat 9 hours ago||

well played sir

vhurg 2 hours ago||

Please don’t use 3rd party relays for your URLs. It’s bad enough to have your own server, domain, etc. as single points of failure and bottlenecks without adding a 3rd party into the mix, who either themselves or someone that takes over their domain later track users, randomly redirect your users to a malicious site, or just fail.

I know people have fond memories of long ago when they thought surely some big company’s URL shortener would never be taken down and learned from that when it later was.

jmward01 7 hours ago|

This had to be done:

https://wellsfargo.c1ic.link/TODO_obfuscate_url_8wyS7G_hot_s...

bl4ckneon 6 hours ago|

Thought this might be it... I clicked it anyways haha. I will need to update the Rick roll url on my nfc implant with this new link!

More comments...