Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Finding the Owner of an IP Address

What you can find, how to find it, and what you can and can’t do with it.

IP Address
(Image: canva.com)
While you can't find the specific owner of an IP address, there are a few tools to see what IP-related information you can get.
Question: How do I figure out who owns an IP address?

You don’t.

That may come across as rude, but it’s the truth.

The level of detail most people want is simply not something you or I can get on our own.

There’s a certain amount of information you can get, however, and I’ll show you what that is and how to get it.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Who's at an IP Address

It’s not possible to find out who is using a specific IP address without the aid of law enforcement. There are services, including whois, reverse DNS, Geo-IP, and IP-sharing lookups, that can provide some information about an IP address. To go beyond that point, you need the assistance of the ISP owning the IP address, and to get that, you likely need law enforcement or the courts to get them to release otherwise private information.

Who cares who owns an IP address?

I’ve received this question repeatedly, and for various reasons. Most commonly, it’s from someone being harassed online. They believe they have the IP address of the person responsible, and they want to track the person down.

It’s important to realize that you will not, on your own, be able to get the information you want.

The name, location, phone number, email address, or other specific information is not available if all you have is an IP address. Not only can an IP address change or be shared among many computers (and hence people), but the information you’re seeking is private and protected by the ISP, who really “owns” the IP address.

Let’s look at what you can determine from an IP address on your own, and a few tools that will help you determine who that ISP is.

Whois

“Whois” is a service that basically answers the question “who is X” where X is an IP address, a domain name, or, potentially, several other things.

ARIN, the American Registry for Internet Numbers, is a fine place to start. The ARIN Whois can be accessed from whois.arin.net.  In the upper right corner’s Search box,

ARIN Whois Search
(Screenshot: askleo.com)

enter the IP address you’re interested in and press Return. I’ll use 72.104.186.113 (an IP address that I know to be assigned) as my example.

ARIN Whois Results
(Screenshot: askleo.com)

This is typical of what you’ll get: information that identifies the ISP who owns the “block” of IP addresses containing the IP address you asked about. In this example, the block is owned by Verizon Wireless, and includes all IP addresses from 72.96.0.0 through 72.127.255.255.

With a court order, law enforcement could then approach the ISP for more detailed information, including who the IP address was assigned to at the time in question.

Note that it’s possible the information presented may point you to a different whois server. ARIN covers IP addresses assigned in North America; there are other services for the rest of the planet.

Reverse DNS

In some cases, reverse DNS can be instructive.

DNS (Domain Name System) maps a domain name, like “askleo.com”, to an IP address. As its name implies, reverse DNS does the opposite: given an IP address, it finds the domain name that has been assigned as the primary1 identifier.

I’ll use a tool from a third-party vendor this time, whois.domaintools.com.

DomainTools.com results
(Screenshot: askleo.com)

You can see this gives much of the same information that we’ve seen above, namely the ISP who owns that IP address. But there’s an additional tidbit of information.

113.sub-72-104-186.myvzw.com is the domain name associated to this IP address. This type of domain name is common for IP addresses assigned to consumers and small businesses. You can see that “myvzw” is an additional clue to which ISP provides this IP address: Verizon Wireless.

Occasionally, you may find things in the reverse DNS that lead you to some additional theories about the IP’s ownership, including, perhaps, an actual domain name for a website or some kind of encoded general location.

GEOIP

Looking at the report from domaintools.com, you can see that it references “United States Newark Verizon Wireless” as the IP location. Needless to say, that’s incorrect. It reflects the location of the ISP — Verizon Wireless — but does not refer to the location of the equipment connected to and using that IP address.

We may be able to get a little closer.

A company called MaxMind provides geographic location information based on IP addresses. They have a page on which you can test their technology, and here’s what they displayed for the IP address I entered:

Geoip Results
(Screenshot: askleo.com)

Here you can see that the scope has narrowed somewhat. The location is listed as Chattaroy, Washington.

We’re getting closer, but not much. MaxMind has correctly identified the state where this IP has been assigned. The city of Chattaroy, however, is several hundred miles on the other side of the state from where that IP address is actually in use.

This is common. For most normal, residential, or small-business connections, most of the publicly available information is accurate only to the state. Occasionally, depending on how the ISP has constructed their network, you may be able to get to the correct city or neighborhood. It is possible, just not common — and there’s no real way to know how accurate the information is when you get it. The response for my IP address here at home, for example, is a city five miles to the south of me. Close, but not close enough.

IP sharing

Particularly when it comes to web servers and web hosting, it can be instructive to see what other domains might be hosted at the same IP address and server.

We’ll use hackertarget.com/reverse-ip-lookup for this.

A lookup of a residential or other IP assigned for internet access is unlikely to return any results, so we’ll use another IP address, one I know is assigned to a shared hosting service: 69.89.31.214.

Reverse Shared IP Lookup
Reverse shared IP lookup results. Click for larger image. (Screenshot: askleo.com)

That shows the beginning of a list of hundreds of entries. This is common for shared hosting: hundreds, if not thousands, of websites can be hosted on a single, powerful server.

This probably wasn’t what you wanted

While I’ve shown you several tools you can use to gather information about an IP address, I understand that it’s probably not enough to satisfy you. Most people want the name of the person at an IP address, their physical address, their email address, or their phone number.

You can’t get there from here.

The ISP provides internet service to someone, it’s true, but they will not release that information, and that information is not available publicly. You’ll need the assistance of courts, law enforcement, and possibly overseas law enforcement, if the IP address is located in another country.

And when you think about it, that’s exactly as it should be: if the tables were reversed, you wouldn’t want random people tracking you down by your IP address, do you?

You can’t. They can’t.

And that’s good.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

Footnotes & References

1: An IP address can be assigned to many different domains, particularly on shared hosting services. One domain name is typically designated as primary. For example, a reverse DNS lookup on the server hosting askleo.com would return you a subdomain of pugetsoundsoftware.com — the primary name of the server currently hosting the site — or a name assigned by the hosting company.

Footnotes & references

2: An IP address can be assigned to many different domains, particularly on shared hosting services. One domain name is typically designated as the primary. For example a reverse DNS lookup on the server hosting askleo.com would actually return you lw3.pugetsoundsoftware.com – the primary name of that server.

3: Sadly apparently no longer available.

66 comments on “Finding the Owner of an IP Address”

  1. Good stuff, Leo.

    An IP address can tell us when the same Internet connection is used repeatedly, such as tracking a browser from page to page in server logs. However, as you said, and contrary to what many hope or believe, tracking down an individual by IP address is nearly impossible.

    Reply
  2. Looking up UP addresses by Geolocation, I’ve sometimes gotten as close as a couple of miles, and as far as the wrong country.

    I’d also like to highlight something you said. You can get the assistance of the courts by asking a judge to issue a subpoena – but you don’t have to use law enforcement. If you are being harassed online, or some unauthorized person has gotten into your email account, it is fairly straightforward to get a judge to issue a subpoena to ISP to reveal who a given IP address is assigned to at a given time. At least, that’s what attorneys I’ve worked with on computer forensic cases have told me. Law enforcement has far too much to do than to act on a user’s suspicion without evidence of real harm.
    {Broken link removed}

    Reply
  3. TOR will route your e-mail through various and sundry relay ‘nodes’ (is that the right idea?) so your IP address is anon. So I understand.
    Check it out yourself and see.

    Reply
    • Your IP is never really “Hidden”, just encrypted on a Virtual Network provided with any VPN service. Best way to go is if you think someone is using your personal information for malicious acts, report it to the authorities and let them do their job. With the right knowledge you can track anyone on the Web, but i do not recommend trying it.

      Reply
  4. My daughter had a very embarrasing moment, her and her friends were trying to start a blog and decided to send out questionares from an idependent email dedicated to the blog for intrest topics. They received back alot of comments and downloaded them into comment sheets on various topics. When they decided to send out another folloe up report the wrong document with some of these comments that had been received was sent by mistake. One of the comments although it did not mention a name was a little racy and was sent to the person it concerned. That person’s mother had someone trace the email (she sai# and announced the finding with my name attached at a school meeting. I don’t understand how she did this and got my name!! or did this at all?? our service in our home is in my husbands name. From what the girls told me, #i wasn’t at the meeting# she mentioned when the email was set up not sent and showed this on some fancy phone. my name was showed with: #Malito). We have since tried to apologize and say there was no maliciosness behing it, but this person tends to be a mean conspiracy theroist and it is just such a headache.

    Reply
  5. @Beatrice
    In order to register for an email address, the email provider usually asks for a name and other personal information. If an email is sent out through the webmailer, this name is typically added to all emails sent out. If you use an email program, the name you set up the account with in that program is included in the sent emails. This is a feature, as most people want it that way. If you prefer to remain anonymous, you would have to include a pseudonym.

    Reply
  6. OK Leo, if what you say is true, and I do not doubt it, how come that whenever I visit some sites even for the first time where no cookies can be present, my location is correctly identified to the suburb I live in, Chelsea in Vic, Aust, as a matter of fact?

    Reply
  7. Hi. I’ve been using my work wifi on my mobile phone’ we are not aloud to but many of us do. Is there any way there they can track it ? Would it have our IP address ?
    Many thanks dave

    Reply
    • Yes. They can track it. It’s probably even easier than an IP address. More than likely they just have to look at the list of connected devices and they will find something like “Dave’s phone.”

      Reply
    • The internet is basically a two-way street. Every time a browser accesses a server, that server can also “see back” and see numerous little bits of information from the time of access to the type of browser being used. In fact, it’s so much data that it really doesn’t make a lot of sense to the typical website owner. Companies like these simply have sophisticated ways of analyzing the data that is already available.

      Reply
  8. My daughter has a phone I provided for her. She does not have access to the Internet and does not use a router. She only has texting and calling. She claims that someone knows her IP address of her phone and can follow her. Is this possible? She’s on my personal Verizon account and lives in another state than my husband and I. Please return comment asap. Thank you. SANDY

    Reply
  9. Hiya Leo
    An IP address I don’t recognise (I know the geographical location) has checked my GMail account this morning. I’ve logged out and will change my password, just in case.
    Do you know of any emerging tech that can help me identify the IP more specifically?
    Your assistance would be greatly appreciated.
    Jojo

    Reply
  10. Dear Leo
    I have been writing to someone who is suppose to be in the army stationed in Afghanistan. I am trying to find out if he really is there or just trying to lead me on. There are several things that don’t add up in our conversations.Please help me if you can.

    Reply
  11. Leo, we’ve had a new copyrighted book stolen by website: IP {IP address removed} who is giving the copyrighted book away free under their domain {url removed}. They have added new copyrighted books apparently daily to their free giveaways. Authors spend anywhere from a few months to a few years writing a book and they are being robbed of their commissions for their work. The site is protected by icann.com who doesn’t even respond when abuse is reported. Any ideas?

    Reply
    • If the Website is hosted in the states you can complain the hosting company. You can file a DMCA take down request. If the site is hosted overseas, then there typically little that can be done other than that trying to contact the site owner. I have the same problem with my books. One important thing to do is realize that your book is essentially a sales letter for your own product or website, and to make sure that every page is branded with your URL or identification. that way pirated copies are at least marketing materials for you.

      Reply
  12. I recently discovered a company, El Toro, who offer services to identify someone’s IP address by using their mailing address–this is not merely higher level geolocating but using the specific mailing address. They have patented some sort of technology and claim the source of their data comes from publicly available sources. Do you know anything about them, or what their “publicly available sources” could be?

    Reply
    • Publicly available sources essentially refers to information which anyone can Google. They claim to have developed an algorithm to be able to associate an IP address with a physical address using information available to anyone. They, then, use this information to target ads for their clients. According to the success their clients are having seems to indicate that their algorithm works. Even if their claims of being able to target an individual home might be exaggerated. they definitely are on to something.

      Reply
  13. I ran an IP address on the Hanz Resolver site from a Skype username.. (user was OFFLINE ) and it is saying a completely different country … can this be a mistake? I can see it messing up a state or city etc but a country? It did say to run the Skype username to get the IP address when the contact is ONLINe but I did it when they were offline to get the IP address then went to another site and ran the IP address and it came back the UK however this person says they are in the USA?!

    Reply
  14. Hi,Leo!

    My Facebook and ok.ru accounts(russian for classmates) are being accessed in different cities of US pretty much at the same time as I do.I have IP addresses on ok.ru.As for Facebook,I get notifications if my accounts are being accessed from different devices. I wonder if it possible to find out who does that .The cities are the ones I never visited.That really scares me.

    Thanks in advance,

    Svetlana.

    Reply
    • Are you using a VPN service or a proxy or any kind of service which hides your identity. If so that other person is you. These services acces websites through their servers, and th IP address of the proxy server is what appears to the website. The reason I suspect that is because it happens at the same time as you are logged on.

      In any case, you should lock down your accounts. This article is titled “Email Hacked?”, but the advice is pretty much the same for any kind of account.
      Email Hacked? 7 Things You Need to do NOW

      Reply
  15. There are several tools on line for getting information on IP addresses and Domain names, like ping.eu or various skype resolve or other ping resolve sites, but none will give out a users name or address people. It takes the legal system to help you get that information. Leo, thank you for your hard work and time in all matters you discuss.

    Reply
  16. Hi I need help I’m looking for a company to help me find a Pacific PI address on someone that has been contacting me off of it and I need to find out who they are since your name is coming up anonymous if you can help me with a source of what company does this or person or if you have any ability to help with the situation please let me know thank you

    Reply
    • As the article states, it would take law enforcement intervention to get this information. If you feel there is a compelling legal reason to get this information, you might contact law enforcement or seek legal counsel.

      Reply
  17. Technology changes literally on a daily basis. What someone. can’t do today doesn’t mean they can’t do it tomorrow. Also the people who have instant access to this information are only human and can be bribed, threatened or blackmailed. Believing you cannot be traced if someone was determined to do it is naive.

    Reply
    • If people are not just determined to track you down, but willing to bribe, threaten, blackmail or commit otherwise illegal acts to find out where you live based on a situation that gives someone else access to your IP address… well, you may want to reconsider your online behavior.

      Reply
  18. WHY the HELL in a democratic country would an ISP DISCRIMINATE “law enforcement” from simple individuals requesting IP owner ?
    – physical/geo adresse
    – phone number
    – email
    – name
    – etc …
    “private” info isn’t private anymore and belong to everyone once your on the net, not EXCLUSIVLY the government/police, this is my definition of
    “information freedom in a democratic country”

    Reply
    • Because in any country laws take precedence over desires.

      Also, law enforcement gives the request a level of accountability (and often a paper trail) that a random requests from random people simply don’t have. ISPs are covering their behinds. By not giving the information out to anyone they’re protecting themselves from accidentally giving it out to the wrong person. You’d be even more angry if that happened to you.

      Reply
  19. Someone logged into my snapchat and sent an inappropriate pic to another person. Snapchat history shows it’s an iPhone with an ipv6 IP address. I know me as a regular person can’t find much but could an IT expert find out more? And if so what can he find that i can’t?

    Reply
    • It would take subpoenas to find out more about an IP address. So the only solution would be to get law enforcement involved. That’s not an easy task.

      Reply
      • What if you use a router to send the messages? Can they trace the IPV6 to a specific router if you give them access to your phone and wifi?

        Reply
  20. My simple question is this: Is the IP address linked to a customer name, either the IP is static or dynamic? I know that what’s generally being shown is the approximate location and the name of the service provider. I ask of this because if you imagine one person in a country where its current form of government is somewhat autocratic or however the like you may define it, and that person is an active critic, or even so, highly opposed of that, wouldn’t he or she be at risk of being tracked down and be endangered just because of that obtained IP address, esp. if the government doesn’t need to request any court orders or whatever since they can do almost pretty much anything? Or like is it even possible for someone so techie to look into the database of that service provider and really find the registered name of the person who is using that IP address? Thank you.

    Reply
  21. HEllo Leo,
    i have a friend who works with computers and stuff and he says that actually you can from IP adress get someones browsing history or anything. Okay i believe you can if you have a law court or something but just some random person being able to do that i am not sure? Even if they were to be able to would it be easy to do so?

    Reply
  22. Hi,
    So I’m wondering, if I sent messages to someone’ over two years ago. And it was on a texting app form my home wifi? Are they able to retrieve my information that says its me? Revealing my location, or from my IP address, or from my phone device. It’s been so long that I assume any and all information between the messages would be gone right?

    Reply
    • The IP information would still be on the sent message. If you have normal home Internet with dynamic IP address assignment, your IP address would have changed several times since then. Your ISP would be able to identify you but they wouldn’t release that information without law enforcement intervention and a court order.

      Reply
  23. Hi Leo,
    I’m wondering if a hacker can find my home address from my IPv6 address. I accidentally logged into an account and found out that the website logs the public IP and date and time. In a scenario where the person is a hacker, can they find me? I also have a Anti-Virus installed on my computer. Thank You!

    Reply
  24. I find it interesting that someone was able to obtain my name via IP address in 2011 in the USA. I was playing video games on Xbox live and some “hackers” obtained this information. Now that I’m a cyber security expert I realize that they may have been the real deal. Probably should have kept in touch with them ;p.
    I do remember being able to do this to other people as well though.

    Reply
    • I’d be very curious as to HOW they did it. Only approach I can think of is to get your IP address and then somehow associate it with some other public data that very coincidentally matches, OR by actually hacking your ISP.

      Reply
  25. What a lot of these commenters don’t realize or understand is that for US consumers their IP address is assigned to them dynamically by their ISP server out of the range of IP addresses assigned to that specific ISP. Before IPv6 came along, IPv4 addresses were limited so ISPs reused IP addresses frequently. Most ISPs charge a fee for a static (doesn’t change) IP address & it’s usually used by a business that has servers always connected to the ISP. They need static IP addresses for DNS lookup. (This is a simplification)

    When a consumer connects to the ISP, the ISP dynamically assigns an available IP address to that device. When the user drops the ISP connection (powering down or restarting the PC or phone) & then reconnects to the ISP afterwards, there’s no guaranty that the ISP will assign that same IP address to the device. Depending on the time interval between connections, the ISP could have dynamically assigned that IP address to another user/device & a new IP address would be assigned to the user upon reconnecting to the ISP. The ISP’s server dedicated for assigning IP addresses determines all that. The user has no control over the assigned IP address. If a router is in place doing the connection to the ISP, then the assigned IP address is the external address of the router on the Internet, not the internal network’s IP addresses from NATing by the router.

    Because the IP address is dynamic for consumers, that’s why Leo mentioned that one also needs to know the time in addition to the IP address. The ISP’s server logs would match the two if needed.

    Reply
  26. I would seem to think it is harassment and investigation into The Who of the IP address would be court order so if you filled a complaint the judge would order it well if this continues to me that’s the avenue I will take!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.