Avatar
Felix 2y ago

This image sends me your IP address via email once you see it/the preview loads:

http://canarytokens.com/about/tags/traffic/4sf64fusw6x3p94hztcplg6kc/index.html

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 2y ago

my IP address resolves to my NIP-05 so whatever

Avatar
Felix 2y ago

Except for clients that use an image proxy like Amethyst

Avatar
hzrd149 2y ago

I'm running a VPN but I don't see any image 🤔

Avatar
Felix 2y ago

Interesting, its a .html link created with canarytokens.org. Amethyst renders it as image, probably kind of a webpage preview.

Avatar
hzrd149 2y ago

it looks like it either returns an image or html page based on the requests "Accept" header

I just tested it with curl -v -H "Accept: text/html" and it returned html

Avatar
Ingwie Phoenix (aka. birb) 2y ago

Snort uses an image proxy. But it definitively returns an image.

# curl -x socks5h://192.168.2.1:9050 -Lv "http://canarytokens.com/about/tags/traffic/4sf64fusw6x3p94hztcplg6kc/index.html"

* Trying 192.168.2.1:9050...

* Connected to 192.168.2.1 (192.168.2.1) port 9050

* SOCKS5 connect to canarytokens.com:80 (remotely resolved)

* SOCKS5 request granted.

* Connected to 192.168.2.1 (192.168.2.1) port 9050

> GET /about/tags/traffic/4sf64fusw6x3p94hztcplg6kc/index.html HTTP/1.1

> Host: canarytokens.com

> User-Agent: curl/8.5.0

> Accept: */*

>

< HTTP/1.1 200 OK

< Server: nginx

< Date: Wed, 03 Jan 2024 22:40:19 GMT

< Content-Type: image/png <----------------- Here

< Content-Length: 192391

< Connection: keep-alive

< Access-Control-Allow-Origin: *

<

Warning: Binary output can mess up your terminal. Use "--output -" to tell

Warning: curl to output it to your terminal anyway, or consider "--output

Warning: " to save to a file.

* Failure writing output to destination

* Closing connection

Avatar
Ingwie Phoenix (aka. birb) 2y ago

I pray to you that this won't open on my Amethyst eventually. Mobile data here in germany switches IPs faster than some do their panties xD

Avatar
Felix 2y ago

Amethyst also uses an image proxy. But yeah I guess IP address received by this won't be very useful/static.

Avatar
Felix 2y ago

#m=image%2Fjpeg&dim=864x1920&blurhash=%5BmI5oYM%7B%3FbWV%7Eqj%3FRjj%5B%25Mj%5DRjoKIUt7Rkj%5BD%24axbIWCD%25WBt6f6IUWBa%7CfPRPf8bHj%5BRiofWBj%5B&x=0cc75be9518f0defaefb8f45280f04e8381e431a8951bf81e7e0c72aaf1ca09a

#m=image%2Fjpeg&dim=864x1920&blurhash=%5BeJH%5D%23M%7D-%3Dax%3Fwt6adj%5B-%3BWBV%40juw%5BfjNHj%5D0KoLs.a%7BI9WYWqf6D%25WBfkayIUjst6fPxBWWRkj%5B&x=6ef3789b8cb266eef25a64fd793f2b427aa2d912ad1061395bc71bef967ff2a7

#m=image%2Fjpeg&dim=864x1920&blurhash=%5B47-c%2B_N4n9FafjZxuf7IUIox%5BxuoLjuxaayNFM%7Bxut7s%3Aj%5Bt7ayayRjozoft7j%5BofayofWBayju&x=f67f1cf763b1dca394eba25cb3a47f15d1b0416f5f8811245092f9bcde6364b9