Hello,

I need your help. I’ve been given a URL but I’m not too sure if it’s 100% safe. Are you able to check it for me? I say, better safe than sorry. It is from the same platform (reputable) where I picked up a crazy virus a while back and you helped me out with that.

Here’s the link: https://www.freelancer.com/users/l.php?url=http:%2F%2Fbit.ly%2Fonboardingapplication&sig=0cf366701455b98c2cfc56f9f2568b911cb1c93e8bc7379ea285437517b358d3

Thanks for your help

Anthony

Posting an active link to a suspect site isn’t wise it risks accidental exposure.

Links should be broken e.g. freelancer.com/users/l.php?url=http:%2F%2Fbit.ly%2Fonboardingapplication&sig=0cf366701455b98c2cfc56f9f2568b911cb1c93e8bc7379ea285437517b358d3 even so, I’m not even sure it should be here at all (active or not).

Personally having a url which appears to do a redirect to another unknown URL, I wouldn’t touch with a long stick.

What is it that you are hoping to get by visiting said link, you wouldn’t be going there just on speculation ?
As in who gave you it and for what reason.

In life you have to learn from your mistakes or you will repeat them.

Thing is, it’s a Freelancer job marketplace. So, an employer shared the link with me… they want to hire me. But then, I didn’t click it. I thought to ask first. Just in case it’s malicious.

I ran a Google Safe Browsing site status check and it seems clean. But then it’s a URL redirected, so who knows. I’m going to ask sender to email me the link.

Seems also clean to me: https://www.virustotal.com/gui/url/6f0a9f04ef6efc4482964d77594e889689bdf67b09e47dd5136f77c8c94dcc78/details
and one engine to detect the IP here: https://www.virustotal.com/gui/ip-address/151.101.2.114/detection
See also javascript files here: https://www.virustotal.com/gui/ip-address/151.101.2.114/relations
A JavaScript blocker will keep you from initial harm’s way. The uri you provided skimmed for XSS-DOM issues
Number of sources found: 3
Number of sinks found: 146
Opening up to results from scanning URL: -https://www.f-cdn.com/assets/compat/en/runtime-es5.9dcad04a20e9638ff635.js
Number of sources found: 39
Number of sinks found: 18

On the link provided I get a 500 error on a particular 3rd party scan: (fileviewer AWSnap).
Server: Varnish
Retry-After: 0
content-type: text/html
Cache-Control: private, no-cache
connection: keep-alive
X-Served-By: cache-wdc5567-WDC
Content-Length: 228
Accept-Ranges: bytes
Date: Thu, 16 Jul 2020 19:38:57 GMT
Via: 1.1 varnish
Connection: close
and Fastly error: unknown domain null
&
Results from scanning URL: -https://www.f-cdn.com/assets/compat/en/runtime-es5.9dcad04a20e9638ff635.js
Number of sources found: 1
Number of sinks found: 0

No Cloaking, no spammy looking links detected.
Angular, html - 9.1.0
Not vulnerable
jQuery, script
Not vulnerable
2017 -Vulners.com -vulners.com

Tracked by Alexa Certified Site Metrixs, facebook domain insights, Facebook Pixel, Conversion tracking, Google
Built with a.o. Angular.JS, Cloudfront, Varnish - cert: Global Sign Cloud SSL.

I see no immediate problems, that’s all,

polonus (3rd party cold recon website security-analyst and website error-hunter)

Thank you so much for your feedback. I managed to get a direct URL from them (I asked them to email it to me). Running this through Google URL Check, I get “No Available Data”. Here’s the url: http://bit.ly/onboardingapplication I wonder what you’ll find your end.

Well the bit.ly url shortening function also make things difficult to check without actually visiting it.

That leads to /surveyheart.com/form/5ecXXXXXX3fe1eXXXXXXX34db#welcome, I have modified that long reference with the XXXXXs as I don’t know if that would refer to you or the job.

Some of the work that they undertake includes Job Application Form - Collect the complete details of candidates.

Many many thanks, you’ve been of tremendous help.

You’re welcome.