This article is more than 1 year old

Be careful what you inline: Defunct video-hosting domain used to inject smut flicks into news articles, more

From to f&*% me?!

Updated The domain name of a now-defunct website used by news publishers and others to inline videos in articles has been configured to inject porn into those pages. once upon a time hosted user-submitted videos, and allowed them to be included in webpages using HTML <iframe>s. Websites thus could embed those videos in their coverage, and have the content served from's systems.

In 2017, closed its doors, and was acquired by another video-hosting biz called Giphy, which Facebook is trying to snap up.

Sometime after shut down, the domain was updated so that it pointed to the very NSFW website of Five Star HD Porn, the name of which should give you an indication of the nature of its content. It is likely the domain was changed at the start of this month, judging from its WHOIS records.

And so, as spotted by Twitter user dox_gay today, and first reported by Vice, webpages that embedded those videos – including articles published by the Washington Post, New York Magazine, Fox Sports, Huffington Post, and others – ended up inlining the homepage of the hardcore porno website, and thus displayed thumbnails of and links to X-rated material.

Here's what one of those webpages – taken from Fox Sport's dotcom – looks like as a result of this mess, at time of writing, censored as necessary by us:

Screenshot of a Fox Sports webpage with the embed in it

Inline out of line ... The now-NSFW article on Fox Sports as a result of the brouhaha. Click to enlarge

Some of those aforementioned publishers, particularly the larger ones, have scrambled to remove the now-adults-only <iframe>s. What probably happened is that expired or was sold on, someone snapped it up, and just recently its DNS was updated to serve the porn site.

Though Vice observed that this affair shows the "internet is a collective hallucination that is fading away thanks to link rot," we'll go one step further: it's a reminder that you inline third-party content on your pages at your peril. Whatever you think is in that <iframe> now, it may not be there in future. There may be something from your worst nightmares.

No one at Giphy nor the porn site was available for immediate comment. ®

Updated to add

A person in the know told us Giphy let the domain expire after buying, and so it ended up in the hands of someone who pointed it at the porno site.

PS: Yes, El Reg inlines some outside content, such as Twitter posts. But arguably Twitter's a safer bet than a three-year-old startup like was.

More about

More about

More about


Send us news

Other stories you might like