SH.SG – Singapore based full featured URL Shortener

SH.SG - Full Featured URL Shortener made in Singapore

When one thinks of URL shortener, BITLY comes to mind. While BITLY has been a reliable, mostly free service, there are limitations.

But wait. Why do you need a URL shortener?

  • Long URLs doesn’t look good.

This is a no brainer. Would you like a link like http://sg.iherb.com/now-foods-essential-oils-lemon-eucalyptus-1-fl-oz-30-ml/3329?rcode=rfc074 OR https://sh.sg/iherb ?

  • Stop referencing “link in bio” on Instagram

Many instagrammers make reference to “link in bio” because they can’t post a link on the post level. However, this means that the latest post will always hog the link in the bio, rendering referencing in previous posts useless. With a shortened URL, simply put the link in the post. Viewers don’t mind typing out the link in the browser if it is short enough.

  • You want to hide the destination URL

Not that you have malicious intent but maybe you just want to keep the destination link a mystery until it gets clicked.

  • You want to redirect users based on their country

There are times when you want to send visitors from different countries to a different link. For example, a Singapore visitor may be directed to your Singapore site and the rest will be sent to the international site. This can be done by some link shortener services.

  • You want to redirect users based on their device type

Want to link to your mobile app but there’s only space for one link? Redirect users to the Google Play Store or Apple App Store based on their device type. i.e. iPhone users get automatically redirected to your app on the Apple App Store. Amazing? Try this demo link: https://sh.sg/msa

  • You need a placeholder link for your email/website campaigns and have the freedom to redirect it to the final link when it is ready.

Your developer or web designer needs the actual URL for an upcoming campaign but you don’t have it ready. Give them the shortened URL with a dummy destination link and then update the destination link later! But beware, some shortener services doesn’t not allow you to amend the link unless you’re on a paid plan!

  • You want to set an expiry date for a link

Set an expiry date for your shortened link so that it no longer redirects when your campaign ends. Lots of use cases for this!

  • You want to add a simple password protection to the link

I wouldn’t recommend this to be the only protection for your destination link but it is useful to have this feature to avoid having people snooping on your shortened link to your home VPN / private links.

Need a recommendation? Introducing SH.SG, a Singapore based, full featured URL Shortener.

There is a free tier with limited features but the paid plans are really cheap too, starting from as low as S$1.33 / month!

Features:

Shortest domain name 🆓

With only 2 letters (excluding TLD), SH.SG is one of the shortest domain names you can get in Singapore.

.SG TLD 🆓

A Singapore based TLD provides more relevance when you are redirecting to a Singapore website.

Custom Aliases 💰

Instead of https://sh.sg/AeXd4, our paying users get to choose their own custom alias e.g. https://sh.sg/iherb

Link Expiration 🆓

You can set an expiration date to stop redirecting users. This is useful for time-sensitive pages such as promotions and other limited offers.

Password Protection 🆓

Want to allow redirection only for authorised user? Want an extra layer of security? Password protection feature is available for everyone!

Geotargeting 💰

This option allows you

Device Targeting 💰

Set conditions so that, for example, iPhone users get redirected to a specific link and Android users, another. You can use this to send iOS users to an Apple App Store link to your app and for Android users, to your Google Play Store app.

Targeting Pixels 💰

Allows you to use Facebook Pixels

Parameter Builder 💰

You can add custom parameters to the link above using this tool. Choose the parameter name and then assign a value. These will be added during redirection.

Try it now >> SH.SG – Singapore URL Shortener

Cloning a Banapassport Card

I recently spoke to a client who wanted me to try to help him clone his “Arcade Card”. I immediately rejected him as I wasn’t into illegal stuff like cloning stored value cards. Besides, I was highly doubtful that modern stored value cards are that easily duplicated. He went on to explain that the card has no stored value and was simply sort of an identification card for the Wangan Midnight series of racing games in the arcade. The card authenticates the user to his/her Banapassport account which stores the cars acquired through the game. 

After speaking to a few players, I found out that the common reasons why they would want to clone their original cards are:

  • Convenience. The Banapassport card can now exist also in the form of a key tag or even sticker. Hanging the key tags with your other keys seems like a great idea. 
  • Backup. While players with Banapassport cards that are properly linked to their email address can recover the data in the event of the loss of the original card, there is a cost involved as a new original card needs to be obtained. Also, if the player’s Banapassport card is not linked to an irrecoverable account, there is no way to recover the data. Having a physical clone will solve the problem. 
  • Security. Leaving the original card at home and only going to the arcade with the generic looking cloned tag makes it unlikely that anyone knows what the tag is for if it gets lost. 
  • Sharing. While one cannot log in to two machines simultaneously, two or more players who are not staying close to each other can each hold on to a card/tag to play at different times. 

After doing some research, I managed to crack the keys and successfully clone a Banapassport card into a generic RFID key tag:

 

Interested? Head over to Carousell : Banapassport Card Cloning

Singapore Airlines Free First Class Tickets WhatsApp scam

Lately, I kept receiving the following message from contacts on my business WhatsApp number:

Hello, Singapore Airline is giving away 2 Free FirstClass Tickets to celebrate 45th anniversary, Now you can get your tickets too ! go here to get it: http://www.singaporeaır.com/firstclass Enjoy your flight!.

singapore air free business class tickets whatsapp scam

It is surprising how careless people can be when forwarding such messages around. There are a few things in the message above that clues one in on its authenticity:

  1. The English. Singapore Airlines was spelled without an “s” at the back, Inconsistent and unnecessary capitalisation of letters, inappropriate spaces and punctuation.
  2. The hyperlink might appear to be singaporeair.com but if you take a closer look, you will notice that there’s something wrong with the letter “i” in the word “air”. We’ll elaborate below.

So what happened to the dot in the “i”? Turns out that the letter is actually:

ı

The letter i without a dot above.

Source: Wikipedia

This is a visual trick used by people with malicious intention to lower the guard of people who have learned to be suspicious of obviously dubious URLs. These people will go “Hey the URL looks legit” and proceeds to click on it.

By the time I found some time to write this post, the site has been taken down. However, I still want to explain more about the web technologies used to bait people to the site.

How did the scammer do it?

Scammers have been using internationalized domain names (IDN) to create resemblance to leigitimate domain names for some time now. But because DNS servers cannot handle the unicode characters of IDNs, Punycode is used to convert the unicode back to ASCII characters. For the above domain, www.singaporeaır.com actually converts to www.xn--singaporear-8zb.com. And if you were you look up the domain name, it claims to be registered in the Bahamas:

Domain Name: XN–SINGAPOREAR-8ZB.COM
Registry Domain ID: 2182998491_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.internet.bs
Registrar URL: http://www.internetbs.net
Updated Date: 2017-11-04T05:16:54Z
Creation Date: 2017-11-04T04:45:22Z
Registrar Registration Expiration Date: 2018-11-04T04:45:22Z
Registrar: Internet Domain Service BS Corp.
Registrar IANA ID: 2487
Registrar Abuse Contact Email: abuse@internet.bs
Registrar Abuse Contact Phone: +1.5167401179
Reseller:
Domain Status: clientTransferProhibited – http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Domain Admin
Registrant Organization: Whois Privacy Corp.
Registrant Street: Ocean Centre, Montagu Foreshore, East Bay Street
Registrant City: Nassau
Registrant State/Province: New Providence
Registrant Postal Code:
Registrant Country: BS
Registrant Phone: +1.5163872248
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: xn--singaporear-8zb.com-owner-ysp5@customers.whoisprivacycorp.com
Registry Admin ID:
Admin Name: Domain Admin
Admin Organization: Whois Privacy Corp.
Admin Street: Ocean Centre, Montagu Foreshore, East Bay Street
Admin City: Nassau
Admin State/Province: New Providence
Admin Postal Code:
Admin Country: BS
Admin Phone: +1.5163872248
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: xn--singaporear-8zb.com-admin-85n9@customers.whoisprivacycorp.com
Registry Tech ID:
Tech Name: Domain Admin
Tech Organization: Whois Privacy Corp.
Tech Street: Ocean Centre, Montagu Foreshore, East Bay Street
Tech City: Nassau
Tech State/Province: New Providence
Tech Postal Code:
Tech Country: BS
Tech Phone: +1.5163872248
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: xn--singaporear-8zb.com-tech-qfid@customers.whoisprivacycorp.com
Name Server: ns-canada.topdns.com
Name Server: ns-uk.topdns.com
Name Server: ns-usa.topdns.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-11-07T06:47:31Z <<<

Registrar: Internet Domain Service BS Corp
Whois Server: whois.internet.bs
Creation Date: 2017-11-04T04:45:22Z
Updated Date: 2017-11-04T05:16:54Z
Expiration Date: 2018-11-04T04:45:22Z

Nameserver: NS-CANADA.TOPDNS.COM
Nameserver: NS-UK.TOPDNS.COM
Nameserver: NS-USA.TOPDNS.COM

The profile of the registrant has been anonymised as part of a value-added service provided by the registrar but even then, we should take the above information with a pinch of salt. One important point to note is that the domain was only registered 3 days ago and we don’t know what else this person plans to do.

Be very careful even if the link was sent by someone you know

Whatever you do, please be very careful even when friends forward links to you via WhatsApp, Facebook or any other platform. There are two main possible scenarios:

  1. Your friend/contact knowingly forwarded the link to you but didn’t know that the link is fake
  2. Your friend/contact’s device sent the link to everyone in the contact list without his/her knowledge. This can happen to a compromised device.

Do your friend/contact a favour and alert him/her about the link instead of just clicking on it. Together, we can foil the plans of these scammers.