logo anonymous proxies logo anonymous proxies

How to find someone's ip address

Finding someone's IP address can be a challenging task if the person does not know you. There are many methods of exposing one's IP address, some of which, involve clever tactics that we will discuss in detail in this article.

Finding someone's IP address can be a challenging task if the person does not know you. There are many methods of exposing one's IP address, some of which, involve clever tactics...to say the least.

Have the person access an online service

If you're trying to help someone find their IP address then things are simple. Have him access an online service such as infoip and the website will display their address and geolocation data.

Some things to know

  • An IP address can be changed Before you embark on finding the target's IP address keep in mind that it can be changed easily nowadays. Sometimes even by restarting your router if the allocation is dynamic.
  • An IP address can be shared This is more and more common with the release and adoption of IPv6. Internet providers have less IPv4s to allocate to their customers so they join multiple ones on the same IPv4.
  • Knowing an IP address does not mean you know their real (street) address Let's not confuse these terms. Both are addresses I know but they are very different.

Can I extract a user's IP address from social media apps?

No, you cannot extract the IP address from someone you talk to over {Whatsapp/Telegram/Instagram/Facebook/...}. In most instances, a third party (middle server) is responsible for relaying communication data between parties. The exchange does not flow directly from A to B. Actually, sensitive data like this is hidden by design. Being able to find someone's IP address through such an app would be considered a bug or security risk and should be reported straight away. you might even get a reward.

Method 1: Parse email headers

Simplest method would be to receive an email from the target and display the headers (full message). For Gmail you can open the email, go to the top right corner where the 3 vertical dotted menu sits, click on it and select `Show original`. This will open the email in the original form that contains all the data that came with it, similarly to the source code of a webpage.
With the full message displayed, look for something like Received: from o15.ptr9908.discord.com (o15.ptr9908.discord.com. []) (actual message I received). here represents the sender's address.

Method 2: Send them an email with a tracking pixel

If method one does not work we need to try a different approach by sending an email to the target. Of course...this requires that you know their email address. Inside that email we will place an image. It can be a one pixel image or a bigger image, it doesn't matter. What matters is that the image is not sent as an attachment. It needs to be inline and loaded from an url. That url must be from a web server deployed by us. When the target tries to read the email, the browser or client they use will attempt to load the images so it will call your server in order to download the image from the url you provided. When the file is requested, your server can store the IP address of the caller.

Example web server used to serve email tracking images

I will use a Python web server for this task along with `Flask` which is a very light web framework.
import logging
from flask import Flask, send_file, request
app = Flask(__name__)
logging.basicConfig(filename='access.log', level=logging.INFO, format='%(asctime)s - %(message)s')
def pixel():
client_ip = request.remote_addr
logging.info(f'Client IP: {client_ip}')
return send_file('pixel.png', mimetype='image/png')
if __name__ == '__main__':
app.run(host='', port=5000)
This can be uploaded on Digitalocean or other providers, there are literally thousands of of options so I won't stress it too far. Funnily enough, this is how I started learning programming.
The pixel can even be generated by Python, in the same code:
from PIL import Image
img = Image.new('RGBA', (1, 1), (0, 0, 0, 0))
Now you can place the image in your email: <img src="http://your-server-ip:5000/pixel.png" alt="">
Keep in mind that many email providers have started resolving the images via proxy servers before sending them to the client so the IP address that you log might actually be one of their server's address.

Method 3: Make them visit a webpage that you control

You can use the web server from method 2 and, with little tweaks, make it to respond to various kind of requests, not just images. The target would need to visit one of your endpoints for that to work. These two methods are very similar but one requires you to know the email address while the other one doesn't but requires that you're able to send an url to the target.

How to find the IP address of a website

This one is slightly unrelated but it will introduce you to ping which is a tool I use very often. You can open a command prompt and write ping google.com which will output something like:
ping google.com
PING google.com ( 56 data bytes
64 bytes from icmp_seq=0 ttl=115 time=51.153 ms
64 bytes from icmp_seq=1 ttl=115 time=78.244 ms
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 51.153/64.698/78.244/13.546 ms
In this output, is the IP that responded for google.com. Since they have thousands of servers deployed, I am more than sure that is a server located very close to me and the 50ms latency confirms it.

Are you hiding behind a proxy and need to check for leaks?

If you're using an anonymous HTTP proxy or maybe a SOCKS5 proxy and wish to check if it is leaking any private information I suggest you to find a service which performs all these tests:
  • WebRTC
  • Java applets
  • Quic/HTTP3
  • DNS leak
Let's actually take them one by one and see how could they break through and reveal your real internet address.


It is used for real-time communication. Think video, voice or other generic binary data. Since it is a new protocol that works over UDP (preferably) and its traffic is not yet passed through proxies, WebRTC is able to reveal your IP address easily. You can stop it by disabling it in the browser's settings or you can trick it by using a VPN that works at the network level and not just the browser. For fast and light proxy work I suggest disabling it in the browser.
To disable WebRTC in chrome go to `chroms://settings` and perform a Search for the `WebRTC` keyword. It will display a list with one of the items being `WebRTC IP handling policy`. Set it to `Disable non-proxied UDP`.
Here is a Javascript code that uses WebRTC to show the real IP address of the user, bypassing the browser's proxy settings:
function getPublicIP(callback) {
let ipAddresses = new Set();
let pc = new RTCPeerConnection({
iceServers: [{ urls: 'stun:stun.l.google.com:19302' }]
pc.createOffer().then(offer => pc.setLocalDescription(offer)).catch(err => console.error('Error creating offer:', err));
pc.onicecandidate = (event) => {
if (event.candidate) {
let candidate = event.candidate.candidate;
let regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/g;
let matches = candidate.match(regex);
if (matches) {
matches.forEach(ip => ipAddresses.add(ip));
} else {
getPublicIP(publicIPs => {
console.log('Public IP addresses:', publicIPs);
To run this code and see for yourself whether your browser is leaking unwanted bits, right click anywhere on a webpage , select Inspect, in the newly opened drawer go to Console, paste the code and hit Enter. It might take even a minute to come back but, if the browser allows it, your real ip address will be resolved.
So why does WebRTC discloses the IP address after all? To understand this we need to first understand how this protocol operates. Since it is being used mostly for direct communication where low latencies are desired, knowing the IP address of the peer you wish to communicate with is crucial. If you're doing any voice or video activities you know how bad higher latencies can affect the quality of the stream so this is why WebRTC dominates other protocols that involve a third party server to relay the packets.

Java applets

Java applets can be executed from the browser but they run on the system and here lies the problem. The system is not proxied, only the browser so any type of request made from that Java applet to any given server will reveal your real info. I suggest disabling Java from running inside the browser entirely.


Similarly to WebRTC QUIC is a new protocol which is not yet proxified by browsers. It works on UDP and it is being used generally for a faster internet since connections are established much easier. There is a document where it is being discussed/proposed how to tunnel UDP through HTTP by using the connect-udp method but no browser implementations so far. Your best bet is to disable QUIC by going to chrome://flags and look for Experimental QUIC protocol; set it to disabled.
QUIC seems like the future for the web so we're eagerly waiting for adoptions of this RFC and for browsers to be able to proxify UDP traffic. This will probably solve both WebRTC and QUIC.

DNS leak

While a DNS leak will not reveal your IP address, it will reveal the address of your DNS resolver. You see, each url you visit has a domain and each domain has one or more servers behind it. Those servers have IP addresses through which they communicate with you. For the browser to know the IP addresses it can talk to, it needs a DNS server which resolves a domain to its address(es) so it will contact the nameservers. A website could send out requests towards generated subdomains and put a nameserver up just to see who tries to resolve those domains. If the IP of the resolver is very different (country, city etc) from the IP of the visitor then it may be flagged. This is, in a nutshell, how a DNS leak works.
To see if your proxy or browser is leaking via DNS you can perform a DNS leak test online. Our premium HTTP proxies resolve DNS queries locally so you're protected from this leak.

How to find the IP addresses that your PC is communicating with

To find the IP addresses that your PC is communicating with, you can use various tools and commands available on your operating system. Here are methods for Windows, macOS, and Linux.


Using Command Prompt

1. Open Command Prompt: Press Win + R, type cmd, and press Enter.
2. Run the netstat Command:
netstat -an
This command will display all active connections and listening ports.
For more detailed information:
netstat -anob
The -o option shows the owning process ID associated with each connection, and -b shows the executable involved in creating each connection.

Using PowerShell

1. Open PowerShell: Press Win + X, select Windows PowerShell (Admin).
2. Run the Get-NetTCPConnection Command:
Get-NetTCPConnection | Select-Object -Property State, LocalAddress, RemoteAddress
This command displays TCP connections along with the local and remote IP addresses.


Using Terminal

1. Open Terminal: You can find it in Applications > Utilities, or press Cmd + Space and type Terminal.
2. Run the netstat Command:
netstat -an
This will show all active connections and listening ports.
For more detailed information:
sudo lsof -i -n -P
This command lists open internet and network files.


Using Terminal

1. Open Terminal: Press Ctrl + Alt + T.
2. Run the netstat Command:
netstat -an
This will show all active connections and listening ports.
For more detailed information:
sudo netstat -tunlp
  • -t displays TCP connections.
  • -u displays UDP connections.
  • -n shows addresses numerically.
  • -l shows listening sockets.
  • -p shows the PID and program name.

Using ss Command

The ss command is a modern alternative to netstat on Linux:
ss -tunap
  • -t displays TCP connections.
  • -u displays UDP connections.
  • -n shows addresses numerically.
  • -a shows both listening and non-listening (for TCP this means established connections) sockets.
  • -p shows the process using the socket.

Using Wireshark (Cross-Platform)

Wireshark is a network protocol analyzer that can capture and analyze packets in real-time.
  • Download and Install Wireshark: Wireshark Download
  • Run Wireshark:
  • Select the network interface to monitor.Click on "Start" to begin capturing packets
  • Analyze Packets: You can filter packets by IP address, protocol, port, etc., using Wireshark's filtering capabilities.

We offer highly secure, (Dedicated or Shared / Residential or Non-Residential) SOCKS5, Shadowsocks, DNS or HTTP Proxies.

DR SOFT S.R.L, Strada Lotrului, Comuna Branesti, Judet Ilfov, Romania

@2024 anonymous-proxies.net