Discover the some of the most common tactics cybercriminals use to obtain your IP address, from simple tracking links to DDoS attacks. Learn how to protect yourself and maintain your privacy online with a few simple tips.
1. Tracking Link Deception (IP Loggers)
Cybercriminals camouflage a link (often via a URL shortener or embedded image) that, when clicked, directs traffic to a server that records the visitor’s IP address before redirecting them to the actual content. It is common in forums, social networks, and direct messages.
One way to do this is to use the grabify.info website. This is a web portal that records clicks on a shortened link. For example, you choose any url or address of an image on the internet and shorten it to the one provided by Grabify. That new URL is shared with the victim and once that person clicks on that link you can see information about the person who clicked.
The result after clicking is seen in the following image where the IP comes from. It’s like a beacon that points to information about the IP, a timestamp of when it was clicked in UTC format, the country, the user-agent, the referring URL (if applicable), and more.
2. Attachments with Malware
Malware (such as Trojans or spyware) is attached to emails or downloaded via pirated software. Once installed, the malware can communicate with an attacker’s command and control (C2) server, revealing the IP address of the infected device.
3. Attacks on P2P Networks and Gaming Platforms
In peer-to-peer (P2P) networks such as BitTorrent, or in some online games, the connection is established directly between users. The attacker uses a network tool to view and log the IP addresses of everyone who is connected to the same host or tracker.
Similar to the example in point 1 you can use the https://iknowwhatyoudownload.com/ page and put a URL or image online. The victim is given that URL and now all they have to do is wait for them to click on the link. What you see is what the other person is downloading on the bittorrent network.
4. Social Engineering and Phishing
The victim is tricked into revealing their IP address indirectly. For example, through an email that pretends to be from an internet service company and asks the victim to click on an «account verification» link (which is actually a logger or malware download).
5. Legacy Email Services
Although major email providers hide the sender’s IP by default, the headers of emails sent through older or incorrectly configured servers can sometimes contain the sender’s real IP address.
6. Packet Interception on Public Wi-Fi Networks
On insecure public Wi-Fi networks, attackers can use network monitoring tools to «sniff» traffic and potentially discover the IP address of other connected users.
7. Use of Stress Tools (DDoS Attacks)
Some attackers obtain a target’s IP address to launch a Distributed Denial of Service (DDoS) attack using booter services or stressers. While this doesn’t always reveal the IP, it’s often the next step after you’ve obtained it by one of the previous methods to saturate the victim’s connection.
How to Protect Your IP Address (Solution Section)
There are different ways to prevent personal IP capture. Surfing the web safely can be done using some of these options:
- Be wary of Links: Never click on links from unknown or suspicious sources.
- VPN (Virtual Private Network): This is the best defense. It hides your real IP address by encrypting your traffic and showing the world a VPN server IP.
- Proxies: Similar to VPNs, but generally less secure and only hide the IP of the browser or app using it.
- Constant Updates: Keep your operating system and security software up to date to prevent malware infections.
