// KEYLOGGER.LOL

// WHAT IS THIS?

keylogger.lol is a redirector. Mostly for curl|bash installer scripts.

Turn this:

bash

curl https://raw.githubusercontent.com/username/repo/main/install.sh | bash

Into this:

bash

curl -L keylogger.lol/myproject | bash

Short. Memorable. Suspicious enough that people actually check what they're running.

// QUICK START

Create a redirect

bash

curl -X POST https://keylogger.lol/myproject \
  -H "Content-Type: application/json" \
  -d '{"target": "https://raw.githubusercontent.com/you/repo/main/install.sh"}'

Use the redirect

bash

curl -fsSL keylogger.lol/myproject | bash

That's it. No account needed. No API keys. Just POST and go.

// API REFERENCE

GET /

Returns service info and usage instructions.

Response: 200 OK with plain text usage info.

POST /<path>

Create a new redirect.

Request body:

json

{
  "target": "https://raw.githubusercontent.com/owner/repo/branch/file.sh"
}

Responses:

Status	Description
`201`	Redirect created successfully
`400`	Invalid JSON or missing target
`403`	Target URL not allowed (must be GitHub)
`409`	Path already claimed

Success response:

json

{
  "ok": true,
  "path": "/myproject",
  "target": "https://raw.githubusercontent.com/..."
}

GET /<path>

Follow a redirect.

Responses:

Status	Description
`302`	Redirect to target URL
`404`	Path not found

// PATH RULES

Paths must be:

•Lowercase — automatically normalized
•Alphanumeric — letters, numbers, hyphens, underscores, slashes
•Under 200 characters
•No .. sequences — path traversal is blocked

Valid examples:

• /install
• /my-project
• /org/repo
• /v2/setup

Invalid examples:

• /My Project — spaces not allowed
• /setup.sh — dots not allowed
• /../etc/passwd — nice try

// ALLOWED TARGETS

Only GitHub URLs are permitted:

• https://github.com/*
• https://raw.githubusercontent.com/*

Attempting to create a redirect to any other domain returns 403 Forbidden.

This isn't a general URL shortener. It's specifically for sharing GitHub-hosted scripts and files.

// USAGE EXAMPLES

With curl

bash

curl -fsSL keylogger.lol/install | bash

With wget

bash

wget -qO- keylogger.lol/install | bash

Nested paths

bash

# Organize by owner/repo
curl -X POST https://keylogger.lol/dschreck/dotfiles \
  -H "Content-Type: application/json" \
  -d '{"target": "https://raw.githubusercontent.com/dschreck/dotfiles/main/install.sh"}'

# Then use it
curl -L keylogger.lol/dschreck/dotfiles | bash

In HTML

html

<script src="https://keylogger.lol/analytics"></script>

// TECHNICAL DETAILS

Property	Value
Platform	Cloudflare Workers (edge compute)
Response Code	302 Temporary Redirect
Latency	<50ms (Cloudflare edge network)
Storage	Cloudflare KV (3 namespaces)
Observability	Cloudflare Workers observability enabled (for debugging only)
Request Logging	None — we don't log individual requests

Architecture

The service runs entirely on Cloudflare's edge network as a Worker, meaning requests are handled at the closest data center to the user. No backend servers, no databases, no proxies.

Storage (Cloudflare KV):

•REDIRECTS — User-created redirect mappings (path → target URL)
•RESERVED — Reserved paths managed separately
•BADWORDS — Blocklist for inappropriate path names

Request Flow

Creating a redirect (POST /path):

1.
Path Normalization
- NFKC Unicode normalization (converts fancy characters to standard equivalents)
- Convert to lowercase
- Remove leading/trailing slashes
- Validate: max 200 chars, alphanumeric + hyphens/underscores/slashes only
- Block path traversal attempts (.. sequences)
2.
Path Analysis
- De-confusables: Replace lookalike characters (e.g., h4te → hate)
- Sanitize: Strip non-alphanumeric characters for blocklist checking
- Check against BADWORDS KV namespace
- Reject if flagged
3.
Target Validation
- Must start with https://github.com/ or https://raw.githubusercontent.com/
- Reject all other domains with 403 Forbidden
4.
Storage
- Check if path already exists in REDIRECTS KV (returns 409 Conflict if claimed)
- Store as JSON: { target: string, created_at: number }
- Return 201 Created with redirect details

Following a redirect (GET /path):

1.
Lookup
- Check RESERVED KV namespace first (for reserved paths)
- Fall back to REDIRECTS KV namespace
- Return 404 Not Found if neither exists
2.
Validation
- Parse stored JSON record
- Re-validate target URL (must still be GitHub)
- Return 410 Gone if target is no longer allowed
3.
Redirect
- Return 302 Temporary Redirect with Location header
- Browser/client follows redirect to GitHub
- No content proxied, no injection, no logging

Special Endpoints

•GET / — Returns usage instructions (plain text)
•GET /stats — Returns redirect counts from KV (JSON: { redirects, reserved, total })
•First-party redirects — Specific hostnames (e.g., github.keylogger.lol) redirect to hardcoded targets

Security Features

•Path filtering: Blocklist system prevents inappropriate path names
•Target restriction: Only GitHub URLs allowed (no arbitrary redirects)
•Path normalization: Prevents Unicode homoglyph attacks and confusables
•No content proxying: Users hit GitHub directly after redirect (transparent)
•302 redirects: Temporary redirects show final URL in browser network tab

Privacy

The service is a thin redirect layer. We don't:

•Proxy or cache content
•Log individual requests (no request/response logging)
•Inject scripts or modify responses
•Store analytics or tracking data

Users hit GitHub directly after the redirect. The Worker only performs the lookup and returns the redirect header.

// FAQ

Is this actually a keylogger?

No.

It's just 302 redirects to GitHub. Check the network tab. View the source. We literally cannot log anything because we redirect before any content is served.

Why the name?

Short domains are expensive. Funny ones aren't.

Plus, you'll never forget this URL. And neither will anyone you share it with.

Is this free?

Yes. Completely free. No catch.

Can I trust random internet redirects?

Good instinct — you shouldn't blindly trust any URL.

That's why:

We only allow GitHub URLs as targets
The service is fully open source
We use 302s so your browser shows the final GitHub URL

Always verify what you're piping to bash. Even from us. Especially from us.

What if someone claims my path?

First come, first served.

If you need a specific path for a legitimate project, open an issue on the GitHub repo.

Why 302 instead of 301?

302 (temporary) redirects let you see the final URL in your browser's network tab before following. 301s get cached aggressively and can hide the destination.

Transparency > caching.

Why have a BADWORDS filter? Don't censor me bro!!!

Totally hear you, bro. Freedom of speech cuts both ways: you can say it, and I can choose not to host it.

Yes but why?!

Because it's my service, not a public square. If you want different rules, run your own. Also fuck you, that's why.

// SOURCE CODE

This project is open source:

GitHub: github.com/dschreck/keylogger-lol

Built with Cloudflare Workers. PRs welcome.