VPN PROXY IP TRACKER
Shivanshu Rana
Department of Computer Science and
Engineering
Sharda University,Greater Noida
Rahul Bhandari
Department of Computer Science and
Engineering
Sharda University,Greater Noida
ABSTRACT
Cybercriminals use a variety of
techniques to steal their digital
footprints, which creates challenges for
law enforcement to catch and prosecute
them. It knows when the machine tries
to connect to the target in a different
way. The victim's machine only sees
requests from the "proxy" or VPN
server. Now, since the VPN hides the IP
address, it causes the network to be
redirected by some specially configured
remote from the VPN owner. Therefore,
the user's digital footprint is hidden. The
footprint of the VPN server is taken by
the receiver.
This can put an entire organization or p
erson at risk. The work shows as a
computational model where address the
limitations currently encountered in
VPN traffic analysis. The model used by
to describe virtual private networks
(VPNs) is built using a -trained
multilayer perceptron neural network
using traffic statistics in the
Transmission Control Protocol (TCP)
headers of the captured network packets.
Udit Mishra
Department of Computer Science and
Engineering
Sharda University,Greater Noida
Dr.sandeep Kumar
Department of Computer Science and
Engineering
Sharda University,Greater Noida
The number of people staying at home a
s a service has turned into a new gray m
arket area where service providers gain
ownership (intervention) in residential a
reas. Provide community anonymous se
rvices, effectively hiding their clients' IP
addresses from others, such as regular I
P addresses (RESIP) addresses.Cyberatt
acks are on the rise, and since the Covid
19 pandemic, the world has recorded th
e largest number of cyberattacks ever re
corded. These attacks are often carried
out by attackers to steal personal inform
ation or commit financial fraud. As you
can see, knowledge is the next utility of t
he future.Cybercriminals often use pseu
donymous IP addresses to hide real IP a
ddresses for greater anonymity. For this
, we plan to create a solution that can de
tect whether
IP is real IP or proxy IP or VPN IP.
KEYWORDS
Residential proxy, cyberattacks,
Cybercriminals, Security, Fraud
 I. INTRODUCTION
A proxy server is a software program that
acts as a intermediary between a client's
machine and the destination server. When a
client application wants to access a
particular resource, it sends a request
through the network to a proxy server. Once
the proxy server receives the request, it
determines the desired resource and the
server where it is located, along with any
additional information that needs to be
transmitted.
Once the request reaches the proxy server
and any necessary processing is completed,
the proxy server forwards the request to the
target server and then waits for a response.
Once the response is obtained, the proxy
server forwards it back to the client. To
improve performance, a proxy server may
implement caching. Caching involves
storing a copy of frequently requested
resources on the proxy server, so that they
can be served quickly without having to be
fetched from the destination server every
time they are requested. This can help to
reduce network congestion and improve
response times, especially for resources that
are requested frequently. In addition to
caching, proxies can also be used to
implement access control and filtering.
Access control involves restricting access
to certain resources based on user
credentials or other criteria, while filtering
involves blocking access to certain
resources based on content or other
characteristics.One of the advantages of us
ing a nameserver is that it provides caching
to improve performance. Caching involves
storing copies of frequently requested requ
ests on the name server so they can be proc
essed quickly without having to be retrieve
d from the target server each time they are r
equested. This helps reduce network conge
stion and improve response time, especiall
y for frequent requests. Like Virtual Private
Networks (VPNs), proxy servers allow
users to hide their true IP address and make
their internet traffic appear to come from a
different IP address. This is possible
because Since the client application sends
the request to the proxy server, the source
IP address of the incoming traffic on the end
node will belong to the proxy server., rather
than the user's machine. However, since
proxies are often located at data centers,
some web services have started blocking
network traffic coming from them in order
to prevent annoymous activity. In addition,
data center IP ranges tend to start with the
same few integers, making them very easy
to identify and restrict.
As a result, some proxy services have
started using rotating IP addresses or
offering access to residential IP addresses
to bypass these restrictions. However, it is
important to note that using proxies or
VPNs to engage in illegal activities is still
against the law and can result in
consequences such as legal action or
account suspension.
The use of false IP addresses is a common
tactic used by cybercriminals to conceal
their actual IP addresses and remain
anonymous. The main goal of our work is
to identify the real IP address, or if
applicable, the VPN IP address, of
cybercriminals who are hiding behind a
pseudonym. Hackers use various methods
to hide their online activities, making it
challenging for law enforcement agencies
to track them down and prosecute them.
Typically, they avoid directly accessing
their intended target computer and instead
use a proxy server or VPN server as an
intermediary layer between their device and
the target computer. One possible solution
to this issue is to input an IP address and
determine whether it belongs to a proxy or
VPN provider. This can be achieved
through the use of IP geolocation databases
and other tools that are designed to identify
the IP addresses of known proxy and VPN
servers. By identifying the IP addresses
associated with proxy and VPN providers,
law enforcement agencies can more
effectively track down cybercriminals and
hold them accountable for their actions.
However, it is important to note that this
approach may not always be effective, as
cybercriminals may use tactics such as IP
address spoofing to further conceal their
identities. As such, it is important for law
enforcement agencies to continually
develop and implement new tools and
strategies for tracking down and
prosecuting cybercriminals.
IP blocking is a simple technique used to p
revent network threats and is also one of th
e most common network protection techni
ques . Using this method, you can prevent
one IP address or multiple IP addresses fro
m accessing the addresses of your web ser
ver or your organization's internal network
. Using a proxy or VPN can be used witho
ut IP blocking. The user's IP address is usu
ally sent to the web server as the destinatio
n IP address in network packets containing
requests. However, when using a proxy or
VPN, this request is first sent to the proxy
server and then forwarded to the web serve
r.
Therefore, the user's blocked IP address ha
s no direct connection to the web server ru
nning the IP filter. It has the ability to bloc
k domain names or VPN IP addresses, but
it is possible to make the blocking of IP ad
dresses permanent. Users can switch to an
other domain or VPN
service provider after detecting that their p
referred IP address is blocked. Unless prec
autions taken (which will costsa lot of ti
me and effort), users can make change to c
ontrol their access
II. RELATED WORK
A) Research papers
1. "Tracking Anonymized Bluetooth
Devices" by Jonathan Petit and
David Oswald: This research work
focuses on tracking anonymized
Bluetooth devices using passive
sniffing techniques. The authors
demonstrate how they can track the
movements of Bluetooth devices
even when they are not transmitting
data.
2. "On the Effectiveness of IP Address
Obfuscation for Anonymous
Communication" by Chen Chen et
al.: This study evaluates the
effectiveness of different IP address
obfuscation techniques in providing
anonymous communication. The
authors analyze the performance of
various obfuscation techniques such
as Tor, VPNs, and proxies.
3. "Proxy Detection: A Survey" by
Andrei Petrovich et al.: This survey
provides an overview of different
techniques used for proxy detection.
The authors discuss the advantages
and limitations of various methods,
including blacklists, honeypots,
machine learning, and behavioral
analysis.
4. In 2021, a research paper titled
"Detection of Anonymizing
Proxies" demonstrated the use of
computational models with
intelligent machine learning
techniques to overcome the
limitations posed by unauthorized
users. One such model uses a
multilayer perceptron neural
network to detect the use of
 anonymous names. This model
leverages the information in
Transmission Control Protocol
(TCP) headers from captured
network packets to learn and
analyze data. By utilizing these
techniques, the authors were able to
improve the accuracy of detecting
anonymizing proxies and enhance
security measures against potential
cyber threats.
5. The research paper "Detecting VPN
Tunnels Using Deep Packet
Inspection" explores the use of deep
packet inspection (DPI) to identify
VPN tunnels. The authors discuss
the effectiveness of DPI in detecting
the presence of VPN traffic and
differentiating it from other types of
traffic. They also analyze various
techniques for inspecting VPN
traffic to identify the location and
identity of the user. By using these
techniques, the authors were able to
improve the accuracy of detecting
VPN tunnels and enhance security
measures against potential cyber
threats.
6. In the field of web proxy services,
security has been a popular area of
research. A study conducted by
Weaver et al. in 2010 examined the
functionality of free proxy services
and their impact on network traffic.
The researchers used controlled
clients and servers to exchange
HTTP messages, and then analyzed
any variations from the expected
behavior. The purpose of this study
was to investigate the potential
security risks associated with the
use of free proxy services.
7. Research on the security aspects of
web proxy services has been widely
conducted in the literature. One
example is the study by Weaver et
al., who investigated the impact of
free proxy services on traffic. Their
study used controlled clients and
servers to exchange known HTTP
messages and detect any anomalies
from the expected behavior..
Similarly, Carnavalet et al.
proposed a framework to evaluate
client-end TLS proxies, while
Perino et al. developed a distributed
measurement platform to monitor
the free proxy ecosystem. In another
study, Tsirantonakis et al. proposed
a methodology for detecting proxies
that actively modify the relayed
content. However, unlike previous
research that focused on web
proxies.
8. In a paper entitled "A Method for
Original IP Detection," the authors
proposed a technique for detecting
the original IP of a client's physical
NIC. The method involves checking
for the presence of a virtual NIC that
is installed by the VPN client in
front of the physical NIC. The
authors suggest requesting that
customers who connect to the web
server execute a script to check the
origin IP. If a VPN is being used,
the IP of the virtual NIC is sent as
the VPN Entry, and the original NIC
IP (original IP) is sent to the web
server. Once the script has been
executed, it is restored.
B) Existing System Architecture

Fig.1
Honeypots: Honeypots are designed to
mimic real computers, complete with
applications and files, to appear as
attractive targets to cybercriminals. Unlike
firewalls or antivirus software, honeypots
do not specifically address security issues;
instead, they offer insights into current and
developing threats that can assist in
comprehending the risks faced by an
organization. By using the data collected
from honeypots, organizations can
determine security priorities and direct
their efforts towards improving overall
safety.
VPN Discovery: The use of web proxies
and virtual private networks (VPNs) has
become increasingly popular among both
businesses and individual users who seek
to mask their online activities. To
overcome the limitations posed by
unauthorized users, computational models
that utilize intelligent machine learning
techniques have been developed. For
example, one such model employs a
multilayer perceptron neural network to
detect the use of anonymous names by
analyzing the information contained in the
Transmission Control Protocol (TCP)
headers of network packets captured
during communication.
Clickbait Systems: The task of
maintaining relevance, or linking online
activities to their respective actors, is
challenging in cybersecurity and forensics.
The Internet's original design didn't intend
to monitor user behavior, operating as an
open platform that allows anonymity.
Unfortunately, some malicious actors
exploit this anonymity, making it hard to
hold them accountable for their actions in
court. In response, a new tool called
Voyager has been proposed, which utilizes
tracking pixels. This tool has the potential
to aid investigators in making more
informed decisions during investigations by
enabling them to track and monitor the
activities of anonymous users.
III. METHODOLOGY
A. PROPOSED SYSTEM
Creating a honeypot security mechanism
can be an effective way to detect
unauthorized users who connect through a
VPN server and to identify their actual IP
address. By luring potential attackers into
interacting with a system that appears to be
vulnerable, security professionals can
monitor and analyze their behavior to gain
insight into their tactics and identify their
true IP address. By doing so, we can attract
and lure potential attackers, and when they
attempt to steal our fabricated data, we will
send a Trojan along with it. Once the Trojan
successfully infiltrates an attacker's system,
it can potentially transmit information such
as the attacker's IP address, data, logs, and
files. By analyzing this information, it may
be possible to determine the location of the
attacker. However, it's important to note
that the use of Trojans to gather information
without the user's consent is illegal and
unethical. It's essential to take appropriate
legal and ethical considerations into
account when considering such actions.

Fig 2 :Proposed system
architecture
B. IMPLEMENTATION
DETAILS
Techniques used in the proposed system
are:
Honeypot: The concept of a honeypot
involves creating a system that imitates a
genuine computer, with realistic
applications and data, to trick
cybercriminals into believing it is a viable
target. Unlike specific solutions such as
firewalls or antivirus software, honeypots
are not designed to address particular
issues. Instead, they serve as valuable tools
for gathering information that can aid in
recognizing existing and emerging threats
to a business. By analyzing intelligence
gathered from honeypots, organizations can
identify and prioritize security concerns to
improve overall safety.
Selecting an appropriate e-commerce
platform is crucial for the success of an
online business. With so many options
available, it's important to consider your
specific needs and abilities when choosing
a platform. Popular e-commerce platforms
include WooCommerce, Shopify, Magento,
and many others. Each platform has its
strengths and weaknesses, so it's important
to do research and evaluate which platform
best aligns with your business
requirements, budget, technical expertise,
and growth plans.
Set up the honeypot website: To set up a
honeypot website for security purposes, it's
important to mimic a legitimate e-
commerce website to attract unauthorized
users. One can use realistic product images,
descriptions, and fake products to make the
website look authentic and professional.
Implement security measures: To prevent
real customers from accidentally stumbling
onto the honeypot website, it is
recommended to use a subdomain or a
completely different domain name for the
honeypot website. Additionally, you can
add a warning message or disclaimer on the
honeypot website stating that it is a
simulated environment for security testing
purposes only and is not a legitimate e-
commerce website. It is also important to
implement access controls and restrict
access to the honeypot website only to
authorized personnel. This can be achieved
through the use of authentication
mechanisms such as passwords or IP
restrictions.
Monitor the honeypot: After setting up the
honeypot, it is crucial to monitor it carefully
for any indications of an attack. You can
use different tools like intrusion detection
systems, web application firewalls, and log
analysis tools to monitor the traffic and
activity on the honeypot. By doing so, you
can detect any suspicious activity or
attempted attacks and gather information
about the attackers, such as their IP
addresses, the methods they use, and the
vulnerabilities they exploit. This
information can be used to strengthen the
security of your system and prevent future
attacks.
Analyse the data: After setting up the
honeypot and implementing security
measures, it is crucial to closely monitor the
website for any suspicious activity. This
can be accomplished through the use of web
application firewalls, intrusion detection
systems, and log analysis tools. Once the
honeypot has gathered data on attackers, it
is essential to analyze this data to identify
patterns in their tactics and techniques. This
analysis can provide valuable insights into
the methods used by attackers and help in
the development of more effective security
measures. Ultimately, the goal is to
improve the overall security of e-commerce
websites and protect against cyber threats.
It's important to keep in mind that VPN
providers can take measures to make it
difficult to identify the IP address behind a
VPN. One way they can do this is by using
advanced encryption and tunneling
protocols to protect the privacy of their
users. Additionally, VPN providers may
route traffic across multiple servers and use
methods like packet fragmentation to
obscure traffic patterns and make it harder
to track their users' activities. As such,
identifying the actual IP address of a user
behind a VPN can be challenging, and it
may require more advanced techniques and
tools.
Trojan: The term Trojan generally refers to
malicious software that is designed to
deceive users about its true intentions.
Typically, a Trojan disguises itself as a
legitimate file or application in order to
trick the user into downloading and
installing it. The ultimate goal of a Trojan
is to execute its malicious functions, which
may include stealing sensitive data,
modifying or deleting files, or taking
control of the infected device.
IV. COMPONENTS
A. WEB INTERFACE
The system is composed of two distinct
components: a frontend application and a
back-end application.
1.Front-end:
Node.js is a popular server-side
programming language used for web
development, while React is a widely used
JavaScript library that allows for the
creation of user interfaces in web
applications. By combining these two
technologies, developers can create
dynamic, scalable, and efficient web
applications with a responsive user
interface. React is particularly useful for
front-end development because it enables
the creation of modular components that
can manage their own state, resulting in the
development of interactive features and
functions that enhance the user experience.
2. Back-end:
To handle the data storage and retrieval, the
application uses a MySQL database as its
back-end. The database is accessed through
a simple API that is designed to accept
requests from the user interface and
perform tasks such as creating, modifying
or storing data in response to these requests.
By using a database management system
like MySQL, the application can efficiently
store and retrieve data while ensuring the
security and integrity of the information.
This allows for seamless communication
between the front-end and back-end of the
application, resulting in a more robust and
reliable software system.
B: Capturing and Analyzing
Network Traffic
The system monitors network traffic for
any suspicious activities and records the IP
addresses of users, along with information
about whether they are using a proxy and
their geographical location. This data is fed
into a Random Forest Model, an ML
algorithm that checks for any signs of
malicious activity. If a user manages to gain
unauthorized access to the admin section,
they will be met with malware disguised as
important data. The Trojan that comes with
the fake data will also transmit the real IP
address of the attacker to the system admin.
V. CONCLUSION
The study showcases a proxy detection
mechanism that can identify VPN proxies
used by attackers and provide the actual IP
address of the user behind it. A honeypot
website is set up to attract malicious users,
and a Trojan is planted in a file that
appears to contain important data. Once
the attacker downloads and executes the
Trojan, it will report the attacker's IP
address to the administrator, alerting them
of the attack.
REFERENCES
1. Vipasha Chaudhary, Dr. Purushottam
Sharma, Dr Vinod Kr Shukla, Vikasdeep.
“Tracking and Tracing proxy enabled
system” (ICRITO) Amity University,
Noida, India. Sep 3-4, 2021
2. hane Miller, Kevin Curran,Tom Lunney
“Detection of Anonymising Proxies Using
Machine Learning” S. International Journal
of Digital Crime and ForensicsVolume 13 •
Issue 6, 2021
3. Samuel Decanioa, Michael Soltysa,
Kimo Hildreth “Voyager: Tracking with a
Click” KES International.
10.1016/j.procs.2020.08.11
4. Ankith Rai, Jovita Dsouza,
Edison.C.Saldanha. “Secure +, An
Intrusion Detection System” International
Journal of Innovative Science and Research
Technology Volume 4, Issue 5, May– 2019
5. V. Rawat, R. Tio, S. Nanji and R.
Verma, "Layer Two Tunneling Protocol
(L2TP) over Frame Relay," February 2001,
pp. 1-3. [Online].
Available:
https://www.researchgate.net/publication/2
77825842_Layer_Two_Tunneling_Protoc
ol_L2 P_over_Frame_Relay.
6. Z. Hou, M. Xu, L. Zhu, L. Peng and B.
Hu, "The Design and Realization of the
Test Scheme OpenVPN, Based on
Message Simulation," November 2013.
[Online]. Available:
https://www.researchgate.net/publication/2
66643218_The_Design_and_
Realization_of_the_Test_Scheme_OpenV
PN_Based_on_Message_Simu lation.
7. Miller, S., Curran, K. and Lunney, T.
(2018) 'Detection of Anonymising Proxies
using Machine Learning', Special issue on
Machine Learning for Cyber Security in
Journal of Information Science (MDPI),
ISSN 2078-2489, (Accepted) 2019
8. Geetha, S. and Phamila, A. V. (2016)
Combating Security Breaches and Criminal
Activity in the Digital Sphere. First. IGI
Global. doi: 10.4018/978-1-5225-0193-0.
9. Wood, D.. (1988) ‘Virtual private
networks’, in 1988 International
Conference on Private Switching Systems
and Networks, New York, USA, pp. 132–
136.
10. Zorn, G. (1999) ‘Point-to-Point
Tunneling Protocol (PPTP)’, RFC 2637,
pp. 1–57. Available at:
https://tools.ietf.org/html/rfc2637
(Accessed: 12 January 2018).