To the average computer user, IP address numbers may seem a little disconnected from reality. But for investigators and journalists, IP data tells stories that can’t be found anywhere else.

Sound a little like magic? Well, it’s not. We’ve seen IP data used around the globe to protect human rights organizations, expose online fraud, and reveal how regimes restrict freedom of speech or controversial opinions.

In this article, we want to take a look inside IP address information as used by investigators and journalists. But before we get started, here are some important things to note about geolocation data.

Geolocation data at a glance

For starters, IP addresses and domains are used to gather a variety of data types - data types that can enhance research and investigations.

And while we’re going to take a flyby view of how to get started, we won’t leave your questions unanswered. We'll also give you some extra resources to learn as much as you want.

Getting started

So how do investigators and journalists (like the ones we’re going to highlight below) get started with IP address data? For a quick start option, we offer a free search feature with no string attached.

IPinfo free IP lookup

But beyond that, journalists and investigators can try out 50,000 free monthly lookups that include geolocation information and some ASN data. We also offer a weeklong free trial where users can try all our data types.

In addition, we also offer several free tools, such as the Reverse DNS Lookup, CIDR to IP Ranges, and our Summarize IPs tool – the data visualizer for quick, detailed IP overviews. You can get full data summary on up to 1000 IPs – geolocation, traffic type, privacy detection, and other data types.

Report example via Summarize IPs tool

Data types

In addition, journalists and investigators can access a variety of data types to fuel their research. Here are some common data types derived from IP addresses as well as some resources to learn more:

For more details about how other journalists have used this data, just keep reading. IP address data has come in handy on quite a few investigations.

Collaboration

If you haven’t noticed, we have a ton of resources available on our site for journalists and investigators. But we’re also open to connecting with you to discuss possible collaborations. Simply reach out to us. Our data team is always eager to help answer any questions you may have.

But without further ado, here are some exciting ways IP address data is being used to tell the stories no one sees.

1. Protecting at-risk groups

Around the world, civil society organizations, independent media houses, or other advocacy groups are at work to encourage change or protect human rights. However, many individuals in these groups in the developing world are at risk simply through online exposure.

In 2012, for instance, the Bahrain government apparently used surveillance malware to expose activists, politicians, and human rights lawyers. Additionally, it appears that the government spied on IPs for the purpose of targeting and arresting individuals who expressed critical opinions online.

All this to say, at risk groups such as these need digital protection. Interestingly, penetration testing and risk assessment methodologies are now being used to protect these organizations.

SafeTag, a company that provides audits and online security frameworks for low-income at-risk groups, uses a framework that accesses IPinfo’s data to determine which telecommunications networks and ISPs are state owned or operated.

Additionally, they help these at-risk organizations develop automated reconnaissance and context analysis using APIs like IPinfo.

In short, IP address data is used by investigators to protect individuals and organizations whose security could be compromised online.

2. Researching political strategies

In the recent US election, Joe Biden and Donald Trump both used comprehensive digital strategies to raise support. And part of their tactics revolved around acquiring and forwarding domain names to one designated website.

The journalist who researched this aspect of the 2020 election had this to say:

“According to data from Host.io, there are 755 domain names that forward to JoeBiden.com.”

In other words, webs of domain names are one strategy politicians use to get the word out about their campaign. For instance, this journalist found that KamalaHarris.com and JoeBiden.io forwarded to JoeBiden.com.

However, on the damaging side, Antifa.com also forwards to Biden’s domain name. And while forwarding derogatory domain names to Biden’s site may not necessarily influence voters one way or another, they can cause a general sense of confusion among supporters.

Domain names were used similarly in the Trump Campaign. For example, forwarding domain names are used to either support or confuse Trump voters. Plus, in the 2016 election Donald Trump also used domain names for a viral stunt against Hillary Clinton.

In short, domain data is an accessible resource for journalists who want to discover more facts about the inner workings of political campaign strategies.

3. Investigating web censoring

Journalists have also used IP and domain data to uncover web censoring in different countries.

In 2020, an investigation looked into how IP addresses were being used to block content in India. Specifically, these investigators used domain data and Transport Layer Security (TLS) to look at how ISPs deny access to certain SNIs.

And while some domains, such as Facebook or Google weren’t blocked using IP and domain data, several other domain names were blocked. This same kind of investigation was performed in Spain and Iran.

Similar studies done in Bahrain have shown how connectivity restrictions occurred during uprisings or for the purpose of surveillance that negatively impacted human rights. Investigators discovered that advocacy organizations, religious sites, news outlets, and much more were censored using IP address data.

All this to say, web censorship is often hidden from the public eye. But using IP addresses and domain name data, researchers can expose violations of human rights.

4. Discover backdoors that allow for spam or scams

Additionally, sites can be hacked if they’re connected through domain names. In fact, this very scenario happened with GoDaddy, a popular Domain Name System service.

The spammers found a weakness in the GoDaddy infrastructure that allowed them to hijack websites connected through domain names. These compromised domains, that until that point had been reputable sites, then began spreading ransomware. And since these domains had a trustworthy history and reputation, these emails were very likely to be delivered.

GoDaddy, in turn, stated that they had simply overlooked fraudulent domains and that they had fixed the problem. They also asserted that there hadn’t been a DNS server breach. But many of these hacked domains still point to one IP address, which sells stolen credit card information.

And while GoDaddy denies that their DNS servers were compromised, other facts point a different direction. For instance, hundreds of domains (maybe even thousands) were altered within a short period of time… a difficult feat if done by logging into individual accounts.

Here’s an example of DNS changes made by the Grand Crab spam campaign:

In other words, DNS can be used to compromise otherwise secure and reputable domains. IP address data and domain name data can be used to prevent such breaches of security.

5. Securing servers from brute-force logins

Servers are pinpointed by hackers because they control the flow of website information, emails, sensitive files, and much more for small and large organizations. Needless to say, individuals and businesses need to track and manage attempted logins to servers.

Here’s one way an investigator discovered the password logins attempted on their server. Not only was this individual able to track usernames and passwords, but they were also able to see what country these attempts came from.

Then using IPinfo’s APIs this individual processed the JSON data. In short, investigators manage the security of their servers by using IP address data.

6. Researching how tech giants track users

Another way we’ve seen our IP address data used is by analyzing how tech giants track people all over the world.

In 2019, for example, a reporter spent six weeks trying to block the big five - Amazon, Google, Facebook, Apple, and Microsoft - from gathering information about her. In fact, she used some of IPinfo’s data during this time for her research.

Many IP addresses are controlled by companies like Google. And these addresses are used to gather more and more information about people - people who may or may not know that the website they’re accessing uses Google’s Mapping API.

Suffice it to say, this journalist found that avoiding detection by these tech giants is much more difficult than it seems. And blocking them will only become more challenging in the future.

These are just a few of the ways we’ve seen IP address data used by investigators and journalists to tell the whole story - the story no one else sees. It’s been our privilege to provide accurate data that fuels better research, more transparency, and better protection for at-risk groups.

Interested in learning how to use IPinfo’s data for research or investigations? Talk with a data expert now!