Back

Add On: IP Address

Track IP Addresses in your investigations, including IPv4 and IPv6 addresses

hubstream logo

By Hubstream Inc.

Try It For Free

IP Address

An IP address is a unique identifier for a device that is connected to the internet. It allows devices to communicate with each other and share information. Every device that is connected to the internet has its IP address, and without one, it would not be able to access the internet at all. IP addresses constantly recycle based on the internet service provider (ISP) and policy.

How does an IP address work?

When someone types in a website’s URL into the browser, their computer sends a request to that website’s server. The server then looks up the IP address associated with that domain name and sends back the appropriate information. The computer then uses that information to render the website on the screen.

IP addresses are made up of four sets of numbers between 0 and 255, and they usually look something like this: 216.58.194.206. These numbers identify the specific server that a website is hosted on. Every time someone visits a website, their computer must look up the IP address for that site’s domain name so that it can find the right server to request information from.

Computers also have their IP addresses which allow other devices to identify that computer on the network. Just like a person needs someone’s mailing address to send them a letter, devices need a person’s computer’s IP address to send information to that computer. The IP address of a computer can be static, which means it never changes, or dynamic, which means it can change from time to time.

IPv4 vs IPv6

There are two types of IP addresses, i.e., IPv4 and IPv6. IPv4 is the older type of address, and IPv6 is the newer type. IPv4 addresses are 32-bits long, and they are written in dotted-decimal notation. For example, 192.168.1.1 is an IPv4 address. IPv6 addresses are 128-bits long, and they are written in hexadecimal notation. For example, 2001:db8:85a3:0000:0000:8a2e:0370:7334 is an IPv6 address.

IPv6 is the latest version of the Internet Protocol, and it offers several improvements over IPv4. IPv6 is more scalable, easier to manage, and provides enhanced security features. Most importantly, IPv6 can support vastly more devices than IPv4.

How can an IP address help in an investigation?

IP addresses can be used to determine the location of a device. This is because every ISP (internet service provider) is assigned a range of IP addresses to use. So, by looking up the IP address of a device, it’s possible to determine which ISP it is using and, from there, approximately where the device is located.

This information can be very useful in an investigation. For example, if a crime was committed online using a computer or smartphone, investigators can obtain a warrant for the ISP records associated with that IP address. This will reveal the identity of the person who was using the device at the time of the crime.

How do criminals use a proxy or VPN?

Some criminals use proxy or VPN services to conceal their identities and activities online. This can make it more difficult for law enforcement officials to track them down and prosecute them. Additionally, proxy and VPN services can be used by criminals to access websites and content that are blocked in certain countries.

What is a proxy server?

A proxy server is an intermediary between one’s computer and the internet. When a criminal connects to the internet through a proxy server, their IP address is hidden from the sites they visit. This can be used by criminals to protect their privacy online or access geo-blocked content. But proxy servers only provide a basic level of anonymity and can’t be used by criminals to encrypt their traffic or prevent tracking by ISPs.

What is a VPN?

A VPN, or Virtual Private Network, is a more sophisticated way of masking identity and activities from law enforcement agents than a proxy server. A VPN encrypts all the traffic between a device and the VPN server, making it impossible for anyone to see what a person is doing online. This includes their ISP and government agencies. In addition, VPNs can be used by criminals to bypass geographic restrictions and access content that would otherwise be unavailable in a particular location. VPNs tend to be slower than proxy servers due to the extra encryption overhead.

The problem of constantly recycling IP addresses

Constantly recycling IPs creates a time-boxed problem of tracking locations. Each ISP has different rules. Countries have different rules. As a result, it can be difficult to keep track of all the location information for a given IP address. This can make it difficult to keep track of the location of a criminal or suspect and can lead to investigations being stalled or stopped altogether.

API management

API management is key in this scenario. By creating an API that can keep track of the IP addresses being used, one can keep track of where each request is coming from and when it was made. This helps in identifying any suspicious activity and ensures that the data is properly protected.

How can Hubstream help investigators with IP addresses?

Hubstream offers a powerful add-on template called an IP address which can help track IP addresses in your investigations, including IPv4 and IPv6 addresses. This template can help teams track activities of IP addresses at specific times, such as login, register or upload, store information on the geolocation of IP addresses as well as an internet service provider and visualize links between IP addresses as well as links with other entities such as people or online profiles.

What does the add-on template IP address contain?

An IP address entity type, along with IP activity and geo-lookup entity types.
Value lists of countries and states for geolocation tracking and common internet service providers.

What goals can investigators achieve with this add-on template?

Include IP addresses as part of their investigations.
Manage and analyze data on the activity of specific IP addresses.
Store information on the geolocation of IPs (e.g., supplied by a geolocation service or manual searches).

What are the benefits of using this template?

Efficiently track activities of IP addresses at any given time.
Safely store geolocation data for the IPs in question, as well as the associated internet service provider.
Gain detailed visibility into where and when certain activities occur.
Get the ability to visualize links between multiple IP addresses, as well as links between those IPs and other entities such as people or online profiles.
Gain better insights into relationships within their network and identify potentially malicious activity with ease.
Hubstream’s IP address template is a powerful tool that can help teams track the activities of IP addresses and visualize links between them. The template allows users to store information on geolocation and internet service providers, as well as create links with other entities such as people or online profiles. This provides investigators with resources to identify and analyze IP addresses in their investigations, improving their chances of uncovering the truth. With the ability to track both IPv4 and IPv6 addresses, The template effectively streamlines investigations and provides an invaluable resource for investigative teams.

Use this template

Tech abstract + Tech abstract
Try It For Free

Request a demo

We’re happy to either send you one of our demo videos, or meet with your team to discuss how Hubstream works in complex environments. Fill out the below form, and we’ll get in touch as soon as we can. Or email us at sales@hubstream.net

Request Demo