view the rest of the comments
Lemmy Be Wholesome
Welcome to Lemmy Be Wholesome. This is the polar opposite of LemmeShitpost. Here you can post wholesome memes, palate cleanser and good vibes.
The home to heal your soul. No bleak-posting!
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. No NSFW Content
-Content shouldn't be NSFW
-Refrain from posting triggering content, if the content might be triggering try putting it behind NSFW tags.
7. Content should be Wholesome, we accept cute cats, kittens, puppies, dogs and anything, everything that restores your faith in humanity!
Content that isn't wholesome will be removed.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
Also check out:
Partnered Communities:
6.Jokes
...
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
In the interests of being wholesome and helpful, I used a secure method to retrieve the contents of that URL without providing my own cookie info.
I accessed and extracted the .png image directly using a similar method, then dug through it with a hex editor. As best I can tell, there's nothing particularly weird about the image itself or its metadata.
The HTML file pointing to the image contains a bunch of trackers from imgur. Google analytics, Facebook, scorecard research, etc. Those are certainly things to be concerned about, but I didn't specifically notice anything unusual beyond the ordinary corporate-surveillance crudware (which was indeed written in JavaScript). None of these were in the image itself though.
Obviously it's impossible to prove that anything is safe, and I only spent 10 minutes looking into this, so you should still follow the OP's advice about not clicking on random links without thinking. However my quick analysis did not find anything particularly alarming.
It uses an onload event using a markdown parser bug to run JS and upload your JWT to a certain website.
That looks like something Imgur is doing then. Which is not surprising at all. If it's a free service, you're the product, right?
Honestly the sketchiest thing I found was the use of BTLoader, a self-described 'adblock revenue recovery service'.
When getting chatgpt to decode the js, it spoke about a URL that went to a website ending in .zip/save in the interests of security I will not be posting it.
It wasn't solely the image that drew redflags but the js that appears to come before it. There is more to that URL than the file. I won't be posting the full details here. In a DM I can provide if you would like to see it and analyse it further
Sure, send it my way. If it sufficiently malicious, I'll maybe have fun dissecting it. You should know that messaging on Lemmy is not secure though.