2

So right after I clicked the link, the owner of the link sent a screenshot, and it was accurate, the city was correct, so not long after my internet box reseted out of nowhere, while I was in class, it would log me off the meeting and say that someone else was trying to log somewhere else, which is so weird. And usually what ive read said that they just can check my online activity, so if I buy something off the internet, would that tell them my adress?

peterh
  • 2,938
  • 6
  • 25
  • 31
alexa
  • 29
  • 1
  • 1
  • 2
  • 5
    Your IP address is not a secret. Any website that you visit can see your IP address. – mti2935 Dec 07 '20 at 00:40
  • When you go to **any** website the undelying signaling protocol starts with a *SYN* which is basically your machine saying, *"My IP is a.b.c.d , please talk to me."* – user10216038 Dec 07 '20 at 00:41
  • If you want to hide your IP address, you should use a VPN. There are very good out there for a very cheap price. – robertspierre Dec 07 '20 at 01:40
  • Note: I just tested it, and It looks like Grabify won't log your IP automatically if you are connecting from Europe. It asks your permission first, probably because of the GDPR law. If you connect from the US though, it logs your IP without any notices. – reed Dec 07 '20 at 14:29

3 Answers3

5

The attacker is trying to trick you into thinking you're compromised, but you're not.

Your IP address is not "private" information. In fact, you announce your IP address to every client you ever connect to, such as any web server of any website you visit, or any other player in an online game you're playing. Just to illustrate my point, in order to visit stackexchange.com, any packet I send is seen by six different hosts - all of which now know my IP address.

Grabify allows users to see from which IP addresses the link was clicked on, and attackers like to use this information to intimidate people. Notice that I say "attackers", not "hackers" - there is no hacking involved. They are trying to intimidate you, claiming that they have attacked you, or that they are going to attack you - and I'm very certain they're going to demand money to "stop the attack" - even though there never was any attack to begin with.

What information does an IP address contain?

Who your ISP is. That's about it. From that, your rough location can be determined, but that depends entirely on how your ISP operates and allocates numbers. For example, I am a customer of a local ISP that only serves customers in my city and the nearby area. As such, if you look at my IP address, you can tell which city I live in. If I were to be subscribed to an ISP that serves the whole country and the ISP would not differentiate at all in terms of network allocation, then the closest you would get is my country.

The attacker definitely does not know your actual, physical location or home address - at least not from your IP alone.

Then how come all these other things happened?

Pattern recognition. It's similar to how horoscopes work. Your horoscope may tell you that you will have a good impact on people, and wanting to believe in the horoscope, every little positive interaction with another person now becomes "evidence" of the horoscope being correct.

Likewise, your modem resetting "out of nowhere" is a thing that happens regularly and has countless normal explanations, such as your ISP restarting a server for maintenance purposes. If that had happened to you before the whole incident, you would not have considered it "weird" or to be some sort of indicator for an attack.

What should you do now?

Nothing. Stop communication with the attacker and just carry on. Any threats they make are just as credible as an email from metropolitan.ploice@hotmail.com telling you that you have to send them 200 USD worth of Steam Gift Cards or you will be arrested.

2

They have the IP of your router, but not your personal device. You see, devices behind a router only have private IP addresses, and your router has a public IP. The difference?

  • Private (aka local): A private IP is assigned to a device by a router and only routes on the local network. So this means you and I could have the same private IP but it doesn't matter because were on different networks. A person for some reason having your private IP means virtually nothing.
  • Public (aka external): A public IP is assigned to a router by an ISP and is in fact routable over the internet. So a person having your public IP does somewhat mean something but not much, as said by these two, and for one other reason.

The simple explanation is that if someone like this goon tries to in some way interact with your router then that means the request is coming from the internet and not the internal network. Routers are known for being strict with internet-sourced requests, and their firewalls tend to be very prone to blocking request over the internet if they seem even slightly fishy. Also as noted with the public/private difference, your devices are a lot safer behind the guard of your router. They would have to somehow break past or take control of your router to access your personal devices, which is unlikely as noted by the first answerer saying this is not very different from empty threat spam emails.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Cipher Visor
  • 82
  • 7
0

You are probably fine but better to be safe.

If your IP address is dynamic I recommend changing it ASAP. Make sure you have the person blocked and reported first. Be sure to save any evidence you wish to keep before blocking and reporting them.

Possible Issues? An exposed private IP can lead to location tracking down to the street depending on the attacker's knowledge. Exposed IPs can also lead to denial of service attacks and possibly a compromised network.

What can I do? Way too much to list but most of these are not worth the time. Examples:

  • Save the evidence
  • Contact any sites involved with the evidence
  • Block and report the user
  • (If Dynamic) Change your IP
  • Contact your ISP and local authorities with the evidence
  • Avoid them as much as possible and keep an eye out for any suspicious reach outs

What if things get worse somehow? Contact Grabify with what happened to see if they can get you the IP of the user. If so you can have the connection subpoenaed to see if the person is still on that IP. This will likely not work but, it can also be used by investigators to run a correlation attack if the person decides to keep coming back somehow.

My Suggestion: Save the evidence. Send it to Grabify and let them sort it out. -Contact the platform owner that they sent you the link through and send them the same evidence so they can also have them sort it out. -Block and report them on anything they reach out to you on. Change your IP. When you come back online there will be little way for him to reach you again. They will likely be ban and blocked from the sites and hopefully that's the end of it. IPs are more sensitive than people think, even if they are dynamic. Better to be safe than sorry.

schroeder
  • 123,438
  • 55
  • 284
  • 319
TritiumCat
  • 593
  • 1
  • 4
  • 10