Malicious-Looking URL Creation Service

Malicious-Looking URL Creation Service

This site turns your URL into something sketchy-looking.

For example, www.schneier.com becomes
https://cheap-bitcoin.online/firewall-snatcher/cipher-injector/phishing_sniffer_tool.html?form=inject&host=spoof&id=bb1bc121&parameter=inject&payload=%28function%28%29%7B+return+%27+hi+%27.trim%28%29%3B+%7D%29%28%29%3B&port=spoof.

Found on Boing Boing.

Tags: phishing, spoofing

Posted on September 25, 2025 at 7:02 AM • 6 Comments

Clive Robinson • September 25, 2025 11:21 AM

@ Bruce, ALL,

Hmm,

“This site turns your URL into something sketchy-looking.”

What worries me is the other direction of turnining

“Something sketchy-looking into something legitimate-looking”

Then of course turning it into a QR Code or something else “that looks convenient” but kicks the average human out of the “authentication loop”.

The sad fact is that we humans even the supposed smart/clever ones, can not avoid being scammed by those who know how to do these sorts of things. And as the old saying has it,

“The attacker only has to win once, the defender every time…”

So the only solution is as far as I can tell gicen to Matthew Broderick in the 1983 film,

“THE ONLY WINNING MOVE IS NOT TO PLAY. HOW ABOUT A NICE GAME OF CHESS?”

It’s a lesson I had to learn after having Amazon try it on.

lurker • September 25, 2025 7:56 PM

So this is open source code we can all see is kosher, no?

I’ve got enough trouble with legitimate business sites sending me humanly unreadable urls. I don’t need to get involved with some prankster whose methods and motives are a mystery.

Dave • September 25, 2025 9:02 PM

Similar things have been around for quite some time, for example I think the Shady URL service (the original, not newer ones) must have been around for at least 20 years. Having said that, because of its lineage it generates URLs that were shady many years ago rather than currently suspicious-looking stuff.

lurker • September 25, 2025 9:20 PM

hmmm, there’s already an industry for this.
I included a physical address in the body text of an email, in the form of
P.O.Box 1234 Somewhere 91919 [I used real numbers in the message]

The address was munged into a scary url from the mechanical workings of
‘https://www.proofpoint.com/
and if the email had been forwarded the url returns an error message suggesting the email was a targeted phishing attack. Sounds like a good way to choke business …

Squalor • September 26, 2025 3:17 AM

Reminds me of the old Shadyurl link shortener service. Showed it to some Feds who worked in a SOC once. They were not amused.