I’ll trace your IP address!

I’ll trace your IP address!

In this article, I will put an end to the question of whether it is possible to identify a person or their location by IP address. And let’s start with the immediate answer: yes, it is possible! But not for everyone 😉

First, what is an IP address in relation to an ordinary Internet user? It is a digital identifier assigned to a client by the provider for data exchange with the global network. Simply put, it is your phone number while you are online.

Let me immediately note that there are different technologies that change the approach I will be talking about. For example, many providers use NAT technology, where one IP address can be used by hundreds or even thousands of devices – in this case, gathering information about the IP address from open sources is pointless. However, within the scope of this article’s topic, we will not delve into these nuances.

Is it possible to identify a person by IP address?

About how to determine a user’s IP address I will tell a bit later. For now, let’s talk about how they find out who specifically owns an IP.

Even from the information I gave above, it becomes clear that the data on who exactly (which specific client of a mobile operator or wired internet provider) was assigned a particular IP at a specific time, is available only to the service provider – either the mobile operator or the internet provider company (depending on whether the person used mobile or fixed internet).

Accordingly, to reliably identify a person by IP address is possible only by sending a request to these organizations.

The right to send such requests is granted to a very limited group of entities:

  • law enforcement agencies within the framework of criminal cases they investigate and reports of crimes or offenses – Ministry of Internal Affairs (MVD), Federal Security Service (FSB), Investigative Committee (SK), etc.
  • operative-search units (MVD, FSB, etc.) within the framework of operational-investigative activities
  • courts within the framework of cases they consider
  • some other officials and bodies authorized to request information containing personal data

An ordinary person will never be able to obtain such information legally. Moreover, even the employees of the aforementioned bodies cannot do this “just like that”; they need a basis – a criminal investigation or other legally provided cases.

Of course, no one cancels the corruption factor – if your schoolmate who is an IT specialist works, for example, at Rostelecom, nothing stops him from obtaining this information if he has access to it.

We’ve talked about the sad part. Now about what a regular person or an OSINT specialist can find out from an IP.

What can be determined by an IP address?

Now about what can be determined by an IP address without sending a request, using publicly available resources.

Sometimes, even using open sources, you can gather quite a lot of information about a user, and in rare cases even deanonymize them (that is what you call “calculate” 😉 I’ll explain this in more detail.

The most obvious

The most obvious and always available information when working with an IP is:

  1. The provider (the company that provided Internet access)
  2. The country
  3. The city (sometimes it shows a completely wrong one. For example, some services show Krasnodar for my IP, others show Samara, and some correctly show Kaliningrad).
  4. Connection type: mobile / fixed (cable)
  5. Proxy check – whether a proxy server / VPN is used

You can get this information for absolutely any IP, but it will hardly bring you closer to the goal. It may only provide a general idea. Here’s roughly how it can look in different services:

General information about the IP address (provider, location)
Connection type and provider

Next, we see that no proxy was detected for one IP – this means the person most likely does not use a VPN:

And in the next case, proxy server usage was detected:

These are the main data that can be gathered from absolutely any IP address using open sources. If it’s about an investigation involving law enforcement agencies, the next step will be sending a request to the service provider for information or using other methods if VPN usage is detected.

A bit deeper

Now it gets more interesting but happens much less often.

Besides less valuable info like the IP being on spam lists, sometimes it is possible to collect quite interesting data. For example, when checking my current IP in one service, I see the following info about my device:

Information about my browser and operating system

There is a special resource that allows you to see which torrents were downloaded from this IP. It looks like this:

Even more rarely, an IP can appear in data leaks of users from various services. For example, my IP was found in a leak of users of the children’s game Minecraft. What exact information is included in this leak is unknown to me — at least it surely contains a login, which is already quite good.

Data hidden because the service is paid ($2500 per year)

It is not particularly difficult to find the source of the above leak and investigate it independently, which I did by finding it on one of the dark forums:

As seen in the screenshot above, the leak contains quite valuable information that greatly increases the chances of deanonymization — in particular, email and nickname.

However, in reality, it turned out not to be so interesting. Firstly, this particular leak contained data about my IP as of 2017 (I wasn’t even a client of that provider at that time). Secondly, it lacked the “promised” email. In the end, all we managed to add to our digital trail was a nickname.

Clearly, in this case the information is not related to the identity of the subject, but it demonstrates how in such a simple way your children might participate in your deanonymization 😉

Very rare cases

And very rarely, it’s possible to get a specific identifier linked to a person through their IP. For example, there are services that allow you to find a Skype login by IP address. Here’s how it looks:

On the right, on the green background, you can see the IP address linked to one of the Skype logins. Then it remains to gather data about that user, their nickname, establish the linked email, and maybe even find an avatar on the profile — then the identity may be established quite quickly.

How to find out a person’s IP address?

We’ve more or less figured out what can be learned from an IP address. The question now is — how to get that IP?!

There are several ways, and the answer depends on where exactly you interact with the target and the nature of that interaction. Most often it’s communication via messenger or social network.

To simplify the question, there are 2 main methods to find a person’s IP address:

  1. Initiate a call between you (in Telegram, Skype) and analyze the internet traffic with special programs (Wireshark). This method requires certain skills and practice. After the connection is established, the interlocutor will reveal their IP. Suitable if you have a reason for such a call.
  2. Redirect the person to a logging resource (link). This is the easiest and quite effective method in skilled hands. Under a plausible pretext, you make the user follow your link (there are a number of such tools), after which you get data about their device and, of course, their IP address.

Typically, besides the IP itself, you will receive some information about the target’s device — operating system, screen resolution, and some other details.

One of the popular services provides the following results after following a logging link:

More advanced tools (the very ones we use in our investigations) provide more information, and if lucky, even allow establishing the exact location of the target.

As seen in the screenshot above, besides the IP address, some technical device parameters become known.

And then information about the exact location of the target. Notice — even altitude is indicated. In this case, I am on the 9th floor and 31 meters — quite close to the real situation.

The success of such an operation mostly depends on the following factors:

  1. Reason for interaction — here your imagination and creativity come into play. This is the essence of social engineering.
  2. The level of paranoia and preparedness of the target.
  3. Quality of implementation — whether you give a link to a well-known resource with an obvious purpose like: “https://iplogger.net/bait-for-mammoth” or a clone news site you created specifically for the task on a domain like lenta.news. This point is very important when working with serious targets who are well aware of deanonymization methods (scammers, pedophiles, and other kinds of bio-trash).

What if VPN?

To conclude the article, I’ll briefly answer the question: can you identify a user if they use a VPN? I’ll disappoint many wannabe hackers — yes, you can! But not by the direct methods described above, rather by other means exclusively using law enforcement resources.


Detective agency “Pantera” provides services for deanonymizing users of social networks, messengers, website owners, and internet community administrators. More details about the service and pricing are available on this page.

5 1 vote
Рейтинг статьи
Subscribe
Notify of
guest
0 комментариев
Inline Feedbacks
View all comments