How do you recognise bad links ?

[Dirk41]

Hi everyone!

Sometimes In the past I read about people who can create a link ( sorry I can't tell you much more because I don't know , I hope you guess / understand what I am talking about ) , make you click on that link and so they get your ip ( and so approximately where are you from , unless you use a vpn).

I don't know if the link directs you to a legit or malicious / fake website . Let's suppose it is legit ( like those one created by Iknowwhatyoudownload)

How can we recognise if they can steal our ip ?

Thank you for reading

 

[Like a Western!]

Hi

no anti-phishing add-on , plugin or i don't know even that antifishing in AV softwares, are not able to catch all of phishing or bad urls , thats why Zero-Days exist, so you just should not click on any links sent to you by whoever, except those one who you trust them. IMO this is the only way.

 

[Ink]

Shortened URL services can use Analytics for their customers to track and see where their traffic is coming from, but no IP addresses (anonymous).

Any website you visit your IP may be logged, ie. Sites that use Forum software, Logging into Microsoft, PayPal accounts for Security purposes etc.

 

[Deleted member 178]

You can use link checkers, they can help a lot , but it is not a 100% solution.

 

[SHvFl]

Basically you can't know if someone is going to try and get your ip when you visit a site so if you have this fear you should use a vpn.

What usually people do to get ip addresses of a specific user on a forum you can't control is to do a targeted attack. Meaning you pm the victim something random and add a transparent image at the bottom of an host you can control and see the ip. When you open the pm he gets your ip because the image gets loaded(except if you have image disabled).
As i told you this was just a simple example there are many ways to get someones ip.

 

[Sr. Normal 2.0]

I do not think it is difficult to know the IP of someone, in fact for years there are served as danasoft.com that simply by visiting them they know about your IP, browser and system, in fact you can add it to your signature of the posts. So it is not difficult for me to assume that it is easy to track someone on the internet

 

[Wave]

Hello,

If you see a link in the future, before clicking it, read what the text says and check where the link actually leads to. When people post links where the text is "Click here for...", they can hyper-link it to anywhere they want, therefore it's important for you to check prior to clicking the link. You can hover over the link and normally in most browsers, you'll be able to see where it'll lead too, or you can right click and copy the link address and paste it somewhere to read the URL you'd have been redirected to.

However, sometimes a URL can be shortened through a shortening URL service... The way this works is someone will paste their link and a new link will be generated for them to paste somewhere. Once someone clicks this shortened, new URL, they'll be redirected to the normal URL after the shortening URL service loads. Essentially, it can be used to trick someone into not knowing where it leads (without them being aware that they'll be lead to a malicious website), but then they get redirected to somewhere they don't want to be in the first place... That being said, these URL shortening services can be used for perfectly genuine reasons too, not always for bad.

In the case of URL shortening, you can try to use a service like URL X-Ray or CheckShortURL to find out where it will lead to (there are many other services like this).

-------------
If you are worried about websites tracking your location through the use of your IP address (or feel that your IP may be stolen by someone and used in attacks such as DDoS) then you should use a Virtual Private Network, however make sure that it's software-based and not from a browser extension (e.g. use CyberGhost VPN as opposed to ZenMate VPN browser extension). The reason for this is simply because software-VPN will protect you properly and will not just be a proxy, whereas the browser extensions are really nothing more than a proxy for the connections - a proxy is definitely not as secure as a real Virtual Private Network - not to mention the fact that software-based VPN will protect you system-wide, meaning all running programs will be connected through the server of the VPN provider.

You can try using CyberGhost (free version, upgrade if you like it and need the premium features).
-------------

As an extension to the above, I recommend you make sure you're using:
1. An ad-blocker (e.g. uBlock Origin or Adguard will do well) - adblockers have more uses than just making your browsing experience cleaner and more polite... They can actually keep you protected from malvertising and more common than not, normal malicious websites as well (they normally include a filter for these sorts of things too these days).

You don't have to use a browser extension ad-blocker, a software version will do well also.

2. HTTPSEverywhere (this one is not really "essential" in my opinion, however it'll still keep you better protected). HTTPS connections will make sure that information transmitted between the browser client to the server is encrypted, meaning if someone is sniffing your network (e.g. if you're on a public WiFi hotspot or your home network is not properly secured) then they won't be able to steal the data submitted to websites (login credentials, messages, etc.).

3. If you are paranoid, you can use a sandbox for your web browsing (as well as VPN). Therefore, if you click on the wrong link that causes a drive-by-download/exploit attack, it'll be contained within the sandbox. A good sandbox which works via real virtualization methods would be from Comodo (within Comodo Firewall for example), however products like Sandboxie will do just fine as well.

4. Use an extension for web URL filtering (like from Avira or Bitdefender) but this isn't realy essential either. Only if you feel you need it.
-------------

If you read the links properly (where they are leading to), you can sometimes even identify if a link is bad or not... E.g. if you have some random URL and then it has "\paypal\" then that is an identifier right there of it being a phishing for PayPal. It doesn't always work like this, and sometimes there are no identifiers like this, but malicious links tend to be quite suspicious (bad spelling/misspelling of genuine services, random characters, many sub-directories, etc.).

I recommend you read the thread I wrote back in 2015, it might help you further: How-to Guide - Always check your links

Stay safe and good luck,
Wave.

 

[Dirk41]

Wow thank you for the replies ( @Wave thank you I already have cyberghost , not always turned ,on and ublock origin with many filters and SBIE)

I just want to specify that I am completely aware that websites can know you ip ( even this forum and the staff ) but I was referring to random bad users/ people .
I don't know what they could to then ( port scan ? Ip helps them in social engineering? Privacy at least .. I don't care if @Jack , just a random example,know where a I am from .. I do care if people ,who does not have the right , know . Staff has the right because they have to check if anyone has multiple accounts for example ))


Anyway ,as I said ,the link could direct to a legit website : have you heard about Iknowwhatyoudownload I suppose : it generates a short url that directs you to a legit / official website ( exactly the website you wanted), but it as the " feature " to let the attacker tracks you .

So weeks ago I tried to create a short url with that website and check it with unshorten.something and it seems it loads for ages .
I also tried to copy the short Url (created with Iknowwhatyoudownload ) in the Url bar adding a "+ " and Google shows you it was created by Iknowwhatyoudownload.
So in this case you know that Iknowwhatyoudownload can track you so you don't click

But let's suppose the the short url is created by other websites ( I don't know them .. Bitly ? ) : using this metods I don't know if you can guess the link can tell the attacker you ip

Thank you

 

[Wave]

Wow thank you for the replies ( @Wave thank you I already have cyberghost , not always turned ,on and ublock origin with many filters and SBIE)

I just want to specify that I am completely aware that websites can know you ip ( even this forum and the staff ) but I was referring to random bad users/ people .
I don't know what they could to then ( port scan ? Ip helps them in social engineering? Privacy at least .. I don't care if @Jack , just a random example,know where a I am from .. I do care if people ,who does not have the right , know . Staff has the right because they have to check if anyone has multiple accounts for example ))


Anyway ,as I said ,the link could direct to a legit website : have you heard about Iknowwhatyoudownload I suppose : it generates a short url that directs you to a legit / official website ( exactly the website you wanted), but it as the " feature " to let the attacker tracks you .

So weeks ago I tried to create a short url with that website and check it with unshorten.something and it seems it loads for ages .
I also tried to copy the short Url (created with Iknowwhatyoudownload ) in the Url bar adding a "+ " and Google shows you it was created by Iknowwhatyoudownload.
So in this case you know that Iknowwhatyoudownload can track you so you don't click

But let's suppose the the short url is created by other websites ( I don't know them .. Bitly ? ) : using this metods I don't know if can you guess the link can tell the attacker you ip

Thank you

Sometimes there is nothing you can do. The best bet you have is using your VPN and if you're scared about malicious redirections then keep a web filter enabled and/or use the Sandbox fo browsing.

You can try to find out where the short URLs lead to, or download the page source and analyze the code within the website document manually without visiting it yourself, but that can be difficult. Speak to @DardiM about that.

 

[DardiM]

A very good solution : don't use short Urls (=a too easy way to hide domain names)
Or use one of the tools @Wave has posted, and then :
=> search if the real url has been reported (Virus total, etc)
=> the same for real links with xxxxxxxx.domains.com you don't know).
All website / webpage can access your IP (or the IP that hides your real IP).

 

[Wave]

Generally speaking, every website can log your IP address; there's nothing you can do about that really. You can enable a Do Not Track request if your browser supports it (e.g. Internet Explorer definitely does), but will it make a difference? Unlikely, not to mention that your IP will still be logged. Your IP address will be logged for every webpage you visit naturally... It's a trace of your network activity and used by police investigation if required to track if you had accessed/done something which you should not have.

I was speaking to @DardiM and we recommend you block WebRTC leak, you can do it through a browser extension (easiest method), however Firefox supports blocking it through settings. However, this suggestion was thought of by @DardiM, I am just sharing it here, so I don't take credit for this.

Even using software VPN, WebRTC is capable of linking your real IP address since it won't follow the routing table/default gateway from the VPN tunnel - this results in the leak of your real IP address. Therefore, blocking WebRTC leaks is an important step if you want to stay anonymous when using VPN.

 

[Dirk41]

Thank you


Guys I know every website log your ip. I was referring for example : a new user here ( or in another forum ) wants to target just you and post a link from Iknowwhatyoudownload, for example ( websites log you among thousands or more ip , they don't even know who you are, you are just an ip )




Anyway out of curiosity: you know on forum ( like here , but it is only an example ) url are replaced with titles : can this prevent to be aware of malicious links ?( malicious means the website is ok but the link provide the attacker, so the one who posted the link , your ip or other tracking features )

 

[Wave]

Anyway out of curiosity: you know on forum ( like here , but it is only an example ) url are replaced with titles : can this prevent to be aware of malicious links ?( malicious means the website is ok but the link provide the attacker, so the one who posted the link , your ip or other tracking features )

Depending on the browser you use you can hover over the link and see where it's leading to at the bottom left, if not you can copy the link address from a right click on the link and paste it somewhere to read the target URL.

 

[Zero Knowledge]

You can check a url with virustotal.com. There are other link checkers out there but virustotal is the best.

 

[Bryan Lam]

There are sites that allow you to create a redirect url which grabs your IP, delivers it to the creator of that URL, then directs you to a different web page making it look normal. Otherwise, people can send you to domains they own then go into Awstats or something and look at your IP. I'd advise using a VPN