10.09.2025
4 min
984
In this article, you will learn how IP loggers work, why they are created, and why a simple link can reveal your IP address, device, browser, and even location. In simple terms, it explains how such a “trap” works, what it is based on, and why even modern browsers are not always able to block it. The article will show you what a typical logger looks like, how it collects technical data about users, and what methods will help you avoid being tracked.
An IP logger is a small program or web service that records the IP addresses of users who click on a certain link or interact with a page. Its main task is to collect basic technical information about visitors: IP, device type, browser, operating system, and sometimes even an approximate geographical location. In short, clicked on the link – and now I know where you live.
The mechanism is ridiculously simple:
The user follows a unique link created by the logger.
The server records the IP address and metadata of the request (time, user-agent, referrer, etc.).
The collected information is stored in a database or sent to the owner of the logger.
In fact, most IP loggers are simple Flask or Node.js services with a request.remote_addr function. No magic or “hacking” involved – this is basic network telemetry. Even a small duckling can handle it.
Not to be unfounded, the hacker mom, according to the Hollywood and Instagram version, has prepared a GitHub repository for the reader with an example of such a logger:
P.S. This is not just a script that can be cloned and run – each IP logger is created individually.
In this case, the logger was deployed on Flask. An HTML page was prepared – for example, a fake online chess site – and a domain was selected that was as similar as possible to the original one so that the user would not suspect anything.
When a person clicked on the link, they saw a regular connection error, but there was a button on the page that redirected them to the real site. As practice has shown, after one click, the fake site no longer appeared – everything happened automatically: logging and redirecting.
Experiment resultsIn the README you can read the details of the logger’s operation, and here is what the test showed. The picture shows that the logger collected information not only about the user’s IP and location, but also about the device, operating system, browser and even the name of the device.
Interestingly, the test was conducted on macOS and iOS – systems that supposedly block trackers. But not this time.
Browsers usually block JavaScript trackers and fingerprinting, but here Flask works, which simply redirects the user’s request to third-party services.
So, friends, don’t worry about it – and let Ukrainian hacking flourish!
