''Never Click on any unknown link''- but WHY?

(image source: Freepik)

As a rule of thumb cyber experts always say never click on any unknown or suspicious link. But ever wonders why?

Well, today I'm gonna show you why. There are several reasons and several attacks available on the internet from phishing, clickjacking, cookie stealing and so on. But I will show you the simplest one for which you need neither any PC nor kali Linux nor any technical knowledge. Just a mobile with a web browser and a working internet connection that's it! 

So there is a website named IPlogger using which one can easily gather information about a target victim. Can log his IP, approx physical location, mobile handset model number, ISP info, Exact system date and time, latitude and longitude, OS running in your system with version, browser info and so on. 

I'm attaching the screenshots below to show what in reality it looks like.

This is what the website interface looks like. The smart data option collects device information. If you turn it on it will gather the victim's device info. I've intentionally hidden some of the sensitive info. And this attack I've performed on myself.

Once the victim clicks the link you've sent then their logs will be shown here. And if you click on the smart data option it will show you the victim's info.

And this is how the victim's device info looks like

See, here my device's model number has been detected as well, so one can perform any attack upon me by just finding this particular model number's current open/unpatched vulnerability. So think twice before clicking any suspicious link.

And there goes my GPS info my exact location Which I've hidden.

And this link can be shortened or can be manipulated by using any other links as well. Like you can copy any Youtube Url and shorten it here and after shortening there will be so many options available here like tracking GPS data, tracking device data, etc, to look it innocent you can also shorten this URL using bitly or TinyURL as well. So one can't even recognize what's going on behind the scene during the whole redirection process. Within a fraction of a second, they will be landed on that youtube video that you manipulated using a tracker. And the victim's data will be collected from there. 

In Ethical hacking, this process is called Information Gathering. Obviously, if someone is performing this step without one's concern that is illegal. And if the victim complains about this the attacker or whoever is collecting the info may get behind the bar!

Note:- This website was built for research purposes so whoever is misusing the website may face legal issues.

One can also send you this kind of QR code instead of a URL because this website also provides links through QR codes as well. So don't just scan any random qr code for fun! and can be shared using various social media platforms as well. So be careful before clicking or scanning any!

So now the questions arises how to be safe or how to check if someone is keeping an eye on you?

Well, it is as simple as the previous one this website also has a tool to counter-attack. It is called URL Checker. Just paste the suspicious URL here and it will show you the actual URL and redirection. 

Here I've encoded a YouTube Url using a Bitly URL. So this website opens up the actual destination of that shortened/suspicious URL. So you can also get to know any URL's destination without clicking on the link, And the good news is that you can click the destination URL from here as well so Congrats! you have successfully avoided the tracker/trap!

So never forget to scan any suspicious URL before scanning. 

Note:- This blog is only for educational purposes misusing this information/tools may create legal issues.