ycfounders.com, ycombinator.org, ycombinator.net, ycombinator.org are AWS S3 static sites
hacker.news and yc.run return CloudFront headers
The servers serving the redirects run the gamut of Google GCP, Google Registrar, AWS Global Accelerator, AWS S3, Dreamhost, Uniregistry, Cloudfront, Gandi, Fastmail, and more
Registrars include Namecheap, Gandi, GoDaddy, Google, NameSilo, Wild West Domains, Global Domains International, Key-Systems, PDR Ltd, NameSilo, ENOM, Tucows, Dreamhost
Most of those are probably not YC-owned, but if people are using them expecting to get to YC, it's a very large attack surface. It's probably a safe bet that one or two registrar or hosting accounts could get popped and redirect traffic through a malicious site and then onto the real site without anybody noticing. I know a few of those registrars don't check for identification before they accept a zone transfer. I'd also bet most of the hosting and registrar accounts don't have MFA enabled.
phoenixbenchmarkingtruth.com links to https://news.ycombinator.com/item?id=22894191
c47jl.tk and fa26j.tk links to http://news.ycombinator.com/item?id=3539792
ycfounders.com, ycombinator.org, ycombinator.net, ycombinator.org are AWS S3 static sites
hacker.news and yc.run return CloudFront headers
The servers serving the redirects run the gamut of Google GCP, Google Registrar, AWS Global Accelerator, AWS S3, Dreamhost, Uniregistry, Cloudfront, Gandi, Fastmail, and more
Registrars include Namecheap, Gandi, GoDaddy, Google, NameSilo, Wild West Domains, Global Domains International, Key-Systems, PDR Ltd, NameSilo, ENOM, Tucows, Dreamhost
Most of those are probably not YC-owned, but if people are using them expecting to get to YC, it's a very large attack surface. It's probably a safe bet that one or two registrar or hosting accounts could get popped and redirect traffic through a malicious site and then onto the real site without anybody noticing. I know a few of those registrars don't check for identification before they accept a zone transfer. I'd also bet most of the hosting and registrar accounts don't have MFA enabled.