0

I sleepily clicked on this bad link yesterday (DONT CLICK Unless you know what you're doing: https://6to.me/idsoni7kjv with a "?fbclid=" param - presumably identifying me)

I'm wondering how much harm could be done. I'm sure it could try to phish me with mimic websites, but it didn't seem to do that. I'm more worried about whether clicking on a link is sufficient to allow something worse, like installing something on my computer or browser?

Further, is there a safe way to investigate what that webpage is trying to do?

In case it's relevant, I'm on firefox on a mac. Thank you for any pointers!

Jonas
  • 1
  • Just by visiting a link there is a possibility of getting infected. In the past there were exploits in Java, ActiveX, Flash... nowadays we have WebAssembly (turn it off if you can) The safest way to investigate the link is to run in a virtual machine. However, there are some exploits that can be leveraged against virtual machines, too... so... googling the URL or running it through a site-checker type tool might be your safest bet. See this link (it's fine with the link you posted though): https://transparencyreport.google.com/safe-browsing/search?hl=en – pcalkins Nov 18 '21 at 21:18
  • The link you posted is just a URL shortener so that complicates things a bit. You'd need to check the redirected URL. – pcalkins Nov 18 '21 at 21:22
  • Does this answer your question? [What malicious things can happen when clicking on links in email?](/questions/3674/), [What security holes are introduced by clicking an unknown link?](/questions/183428/), [Can just clicking on a malicious link lead to hacking of my device?](/questions/242343/), [I clicked a link in an email message. What should I do now?](/questions/210581/), ... – Steffen Ullrich Nov 18 '21 at 21:49
  • Can you provide the link with the parameter? – NotStanding with GoGotaHome Nov 19 '21 at 03:40

1 Answers1

0

You can download whatever you want, the problem is the program that you are using for download that content. For example a browser downloads and then process the content, that's the main problem. If you download a virus with curl or wget, these programs just download and don't process whatever is inside in general, browsers does. For for analysis of malicious content my advice is to use wget/curl and then do the analysis but never use a browser because they are more complex and you don't know what will do once you download the file in general.

camp0
  • 2,172
  • 1
  • 10
  • 10