Finding the Owner of an IP Address

//
How do I figure out who owns an IP address?

At the risk of coming off as rude: you don’t. There’s a certain amount of information you can get, and I’ll show you shortly, but the level of detail most people want is simply not something that you can get on your own.

Over the years, I’ve received this question repeatedly and for various reasons. Most commonly, it’s from someone who’s being harassed online, and they believe that they have the IP address of the person responsible and now want to track them down.

It’s critically important that you realize that you will not, on your own, be able to get the information you want. The name, location, phone number, email address or any other specific information are simply not available to just any given IP address. Not only can an IP address change or be shared among many computers (and hence people), but the information that you’re seeking is considered private and is protected by the ISP who owns that IP address.

To get that information, you’ll need a legal reason to require it and that typically means a court order of some sort.

However, let’s look at what you can determine from an IP address on your own and a few tools that will help you determine at least the ISP that owns it.

Become a Patron of Ask Leo! and go ad-free!

Whois

“Whois” is a service that basically answers the question “who is X” where X is an IP address, a domain name, and several other things.

ARIN, the American Registry for Internet Numbers, is a fine place to start. The ARIN Whois can be accessed from http://whois.arin.net in the upper right corner:

ARIN Whois Search

Enter the IP address you’re interested in and press Return. I’ll use 72.104.186.113 (an IP address that I know to be assigned) as my example:

ARIN Whois Results

This is pretty typical of what you’ll get: information that identifies the ISP who owns the “block” of IP addresses that contains the IP address that you asked about. In this case, the block is owned by Verizon Wireless and includes all IP addresses from 72.96.0.0 through 72.127.255.255.

With a court order, law enforcement would then approach the ISP for more detailed information about who that IP address was assigned to at the time in question.

Also note that it’s possible that the information presented may point you to a different whois server – ARIN covers IP addresses assigned in North America; there are other services for the rest of the planet.

Reverse DNS

In some cases, reverse DNS can be instructive.

DNS is the mapping of a domain name, like “askleo.com”, to an IP address. Reverse DNS does, as its name implies, the reverse: given an IP address, it finds the domain name that has been assigned as the primary1 identifier.

I’ll use a tool from a third-party vendor this time, http://whois.domaintools.com:

DomainTools.com results

You can see that this gives much of the same information that we’ve seen above, namely the ISP who owns that IP address. But there’s an additional tidbit of information.

113.sub-72-104-186.myvzw.com is the domain name that identifies this IP address. This type of domain name is common for IP addresses which have been assigned to consumers and small businesses for internet access. You can see that “myvzw” is an additional clue to which ISP provides this IP address: Verizon Wireless.

Occasionally you may find things in the reverse DNS that might lead you to some additional theories about the IP’s ownership including, perhaps, an actual domain name for an actual web site, or some kind of encoded general location.

GEOIP

Looking at the report from domaintools.com, you can see that it references “United States Newark Verizon Wireless” as the IP location. Needless to say that’s incorrect. It reflects the location of the ISP, Verizon Wireless, but does not actually refer to the location of whatever equipment is connected and using that IP address.

We may be able to get a little closer.

A company called MaxMind provides geographic location information based on IP addresses to businesses. They used to have a page on which you can test their technology2, and here’s what they displayed for the IP address I entered:

Geoip Results

Here you can see that the scope has narrowed somewhat. The location is listed as “Chattaroy, Washington”.

We’re getting closer, but not much. MaxMind has correctly identified the state where this IP has been assigned. The city of Chattaroy, however, is several hundred miles on the other side of the state from where that IP address is actually in use.

This is common. For most normal, residential or small business connections most of the publicly available information is accurate only to the state. Occasionally, depending on how the ISP has constructed their network, you may be able to get to the correct city or neighborhood. It is possible, just not common, and there’s no real way to know just how accurate the information is when you get it.

IP sharing

Particularly when it comes to web servers and web hosting, it can sometimes be instructive to see what other domains might be hosted at the same IP address and server.

We’ll use https://webhosting.info/whois for this look-up.

A lookup of a residential or other IP assigned for internet access is unlikely to return any results (and in fact, a lookup of 72.104.186.113 returned none), so we’ll use another IP address – that of askleo.com, 67.225.235.59:

52 Domains!

(This search can be slow – the information in DNS is not optimized at all for this kind of look-up.)

As you can see, it reflects that askleo.com and 51 other domains are on the same server and share the same IP address. (Yes, I have several domains, and host a few for close friends as well.)

If you do this kind of IP lookup on an account at a shared hosting service, you might find that the site shares an IP with perhaps hundreds or even thousands of other websites.

Depending on the type of hosting being used, you may or may not draw conclusions from the list of sites returned. In my case, it’s a fairly safe bet that askleo.com and pugetsoundsoftware.com (on the same server) are related. However, if the IP is shared with hundreds of other sites at a shared hosting location, then no inferences can really be made.

This probably wasn’t what you wanted…

While I’ve shown you several tools that you can use to gather information about an IP address, and there’s a fair amount of information based on the most common questions, I totally understand that it’s still not enough.

Most people want the name of the person who owns an IP address, their physical address, their email address or their phone number. You can’t get there from here. The ISP provides that internet service to someone, it’s true, but they will not release that information, and that information is not available publicly. You’ll need the assistance of the courts, law enforcement, and possibly overseas law enforcement if the IP address is located in another country.

And when you think about it, that’s exactly as it should be.

If the tables were reversed, you really don’t want random people tracking you down by your IP address, now do you?

Footnotes & references

1: An IP address can be assigned to many different domains, particularly on shared hosting services. One domain name is typically designated as the primary. For example a reverse DNS lookup on the server hosting askleo.com would actually return you lw3.pugetsoundsoftware.com – the primary name of that server.

2: Sadly apparently no longer available.

106 comments on “Finding the Owner of an IP Address”

  1. Good stuff, Leo.

    An IP address can tell us when the same Internet connection is used repeatedly, such as tracking a browser from page to page in server logs. However, as you said, and contrary to what many hope or believe, tracking down an individual by IP address is nearly impossible.

  2. Looking up UP addresses by Geolocation, I’ve sometimes gotten as close as a couple of miles, and as far as the wrong country.

    I’d also like to highlight something you said. You can get the assistance of the courts by asking a judge to issue a subpoena – but you don’t have to use law enforcement. If you are being harassed online, or some unauthorized person has gotten into your email account, it is fairly straightforward to get a judge to issue a subpoena to ISP to reveal who a given IP address is assigned to at a given time. At least, that’s what attorneys I’ve worked with on computer forensic cases have told me. Law enforcement has far too much to do than to act on a user’s suspicion without evidence of real harm. (May I link to a story about one such case? The Case of the Teacher and the Trickster )

    A fun read. Smile

    Leo
    10-Aug-2011
  3. TOR will route your e-mail through various and sundry relay ‘nodes’ (is that the right idea?) so your IP address is anon. So I understand.
    Check it out yourself and see.

    • Your IP is never really “Hidden”, just encrypted on a Virtual Network provided with any VPN service. Best way to go is if you think someone is using your personal information for malicious acts, report it to the authorities and let them do their job. With the right knowledge you can track anyone on the Web, but i do not recommend trying it.

        • Unfortunately, that’s true. The authorities (generally, the police and courts) have the ability to find these things out but they have such a backlog that cases like those usually don’t get prioritized for them to act on it. And TOR is so good at what it does that in most cases even the authorities can’t crack it. Otherwise, it wouldn’t be so effective in places like China.

        • Depends on the scenario. If you are tracking down something illegal: the police. If you’re just curious: then, no, there are no authorities to help you, nor would you want there to be. Imagine if random curious people could just look up your information.

  4. ANYONE RECIEVING A E-MAIL-can they determine which Country it came from.
    Also im “Miffed”that the country that has been tracked keeps throwing up sites in the foreign language-can this be stopped from haappening

  5. I got an add-on for Mozilla Firefox called WorldIP. When you go to a web site it tells you what country it is from, at least it is supposed to. There is a little U.S. flag etc. Very unobtrusive. I would recommend it.

  6. My daughter had a very embarrasing moment, her and her friends were trying to start a blog and decided to send out questionares from an idependent email dedicated to the blog for intrest topics. They received back alot of comments and downloaded them into comment sheets on various topics. When they decided to send out another folloe up report the wrong document with some of these comments that had been received was sent by mistake. One of the comments although it did not mention a name was a little racy and was sent to the person it concerned. That person’s mother had someone trace the email (she sai# and announced the finding with my name attached at a school meeting. I don’t understand how she did this and got my name!! or did this at all?? our service in our home is in my husbands name. From what the girls told me, #i wasn’t at the meeting# she mentioned when the email was set up not sent and showed this on some fancy phone. my name was showed with: #Malito). We have since tried to apologize and say there was no maliciosness behing it, but this person tends to be a mean conspiracy theroist and it is just such a headache.

  7. @Beatrice
    In order to register for an email address, the email provider usually asks for a name and other personal information. If an email is sent out through the webmailer, this name is typically added to all emails sent out. If you use an email program, the name you set up the account with in that program is included in the sent emails. This is a feature, as most people want it that way. If you prefer to remain anonymous, you would have to include a pseudonym.

  8. OK Leo, if what you say is true, and I do not doubt it, how come that whenever I visit some sites even for the first time where no cookies can be present, my location is correctly identified to the suburb I live in, Chelsea in Vic, Aust, as a matter of fact?

  9. Hi. I’ve been using my work wifi on my mobile phone’ we are not aloud to but many of us do. Is there any way there they can track it ? Would it have our IP address ?
    Many thanks dave

    • Yes. They can track it. It’s probably even easier than an IP address. More than likely they just have to look at the list of connected devices and they will find something like “Dave’s phone.”

  10. How about companies like {URL removed}? They are able to tell which companies have visited your website. How do they do it?

    • The internet is basically a two-way street. Every time a browser accesses a server, that server can also “see back” and see numerous little bits of information from the time of access to the type of browser being used. In fact, it’s so much data that it really doesn’t make a lot of sense to the typical website owner. Companies like these simply have sophisticated ways of analyzing the data that is already available.

  11. My daughter has a phone I provided for her. She does not have access to the Internet and does not use a router. She only has texting and calling. She claims that someone knows her IP address of her phone and can follow her. Is this possible? She’s on my personal Verizon account and lives in another state than my husband and I. Please return comment asap. Thank you. SANDY

  12. I had someone post my company videos on youtube using my info and listed it under my name
    I tried the basic search for their info and they listed all info on youtube under my name can i find out the
    computer ip address any kinda of way?

    • You won’t be able to find out who uploaded that video short of a court order, but you can report and request a takedown of that video from YouTube by clicking on “… More” selecting “Infringes my rights” and answering any further questions they present.

  13. Hiya Leo
    An IP address I don’t recognise (I know the geographical location) has checked my GMail account this morning. I’ve logged out and will change my password, just in case.
    Do you know of any emerging tech that can help me identify the IP more specifically?
    Your assistance would be greatly appreciated.
    Jojo

  14. Someone made an gmail account using the fist half of my real email. They sent an email to someone and they said it came from my ip address. How is that possible when I NEVER sent that email and NEVER made a gmail account? I’m desperate to find this out. Thank you for any help

  15. Dear Leo
    I have been writing to someone who is suppose to be in the army stationed in Afghanistan. I am trying to find out if he really is there or just trying to lead me on. There are several things that don’t add up in our conversations.Please help me if you can.

    • The Defense Department has a website for that. You’d need to know his SSN or birthdate. Unfortunately, there’s no guarantee he’s not using the name and information of someone actually in the military, but if if it comes up negative, you can be sure he isn’t.
      https://www.dmdc.osd.mil/appj/scra/single_record.xhtml

      Another clue would be to find the originating IP address in the header of the email and check it in a whois search. It should come up as a US military of Afghani IP address.
      http://whois.domaintools.com/

  16. Hi,
    I have been to the police several times regarding this. It has been going on for 3 years now. This person has cancelled my car insurance, cost me a job making $65,000 a year, transferred money out of my paypal account, put embarrassing articles on Craigslist about me. Knows where I work where my children go to school, when the get dropped off, where I bank pretty much everything about me and yet the police can’t figure this out. I have changed my cell number 15 times, I have had 100 different email addresses. I don’t know who or how to find out who this person is. Could you please help me. They change my passwords all the time set up accounts Match.com in my name. Facebook they are using my account. I can’t even get on line to change it. If you could point me in the right direction that would be great.

    Thanks

  17. Leo, we’ve had a new copyrighted book stolen by website: IP {IP address removed} who is giving the copyrighted book away free under their domain {url removed}. They have added new copyrighted books apparently daily to their free giveaways. Authors spend anywhere from a few months to a few years writing a book and they are being robbed of their commissions for their work. The site is protected by icann.com who doesn’t even respond when abuse is reported. Any ideas?

    • If the Website is hosted in the states you can complain the hosting company. You can file a DMCA take down request. If the site is hosted overseas, then there typically little that can be done other than that trying to contact the site owner. I have the same problem with my books. One important thing to do is realize that your book is essentially a sales letter for your own product or website, and to make sure that every page is branded with your URL or identification. that way pirated copies are at least marketing materials for you.

  18. I need help with changing my IP address as well as my domain and anything else that would grant the constant breeches of my accounts internet usage and what I can do or not do by family safety as well as my name cleared and protected from {name removed} and {name removed} my cell phone is also constantly being violated by family safety and unwanted administrators

  19. I recently discovered a company, El Toro, who offer services to identify someone’s IP address by using their mailing address–this is not merely higher level geolocating but using the specific mailing address. They have patented some sort of technology and claim the source of their data comes from publicly available sources. Do you know anything about them, or what their “publicly available sources” could be?

    • Publicly available sources essentially refers to information which anyone can Google. They claim to have developed an algorithm to be able to associate an IP address with a physical address using information available to anyone. They, then, use this information to target ads for their clients. According to the success their clients are having seems to indicate that their algorithm works. Even if their claims of being able to target an individual home might be exaggerated. they definitely are on to something.

  20. I ran an IP address on the Hanz Resolver site from a Skype username.. (user was OFFLINE ) and it is saying a completely different country … can this be a mistake? I can see it messing up a state or city etc but a country? It did say to run the Skype username to get the IP address when the contact is ONLINe but I did it when they were offline to get the IP address then went to another site and ran the IP address and it came back the UK however this person says they are in the USA?!

    • There are are a few ways that can happen. One very common way that happens is that the person might be using a proxy server or VPN. It is very common to use these services to get access to content not available in your own country. For example, many people use these to get access to things like Netflix or Youtube content not available in their country.
      http://ask-leo.com/how_can_i_falsify_my_ip_address.html

  21. This IP address you (Leo) are talking about can show the location but not the address. I am long in terms of this response or medium long, not long and not short in this message. The point is that your article was not that helpful to get the address. Leo, if you shortly provide more information about how to get the exact location, that would be better. The other longer steps to contact the ISP with a court order is tedious and would waste time.

    • If you read the article carefully, you’ll see the reason Leo doesn’t explain how to get the exact location without a court order is because it’s not possible

    • “if you shortly provide more information about how to get the exact location, that would be better” – Of course it would. Except that it’s not possible without that court order.

  22. Hi,Leo!

    My Facebook and ok.ru accounts(russian for classmates) are being accessed in different cities of US pretty much at the same time as I do.I have IP addresses on ok.ru.As for Facebook,I get notifications if my accounts are being accessed from different devices. I wonder if it possible to find out who does that .The cities are the ones I never visited.That really scares me.

    Thanks in advance,

    Svetlana.

    • Are you using a VPN service or a proxy or any kind of service which hides your identity. If so that other person is you. These services acces websites through their servers, and th IP address of the proxy server is what appears to the website. The reason I suspect that is because it happens at the same time as you are logged on.

      In any case, you should lock down your accounts. This article is titled “Email Hacked?”, but the advice is pretty much the same for any kind of account.
      Email Hacked? 7 Things You Need to do NOW

  23. There are several tools on line for getting information on IP addresses and Domain names, like ping.eu or various skype resolve or other ping resolve sites, but none will give out a users name or address people. It takes the legal system to help you get that information. Leo, thank you for your hard work and time in all matters you discuss.

  24. can u plz locate and trace this ip {ip address removed} .somebody hve hack my sms panel acountand blasted inapproprate sms to many of the numbers.
    hence i seriously need to file complaim against them so what is the method of filing complaim against them.

    • The only thing you could do about something like that is go to the police about it. Unfortunately, I wouldn’t expect them to be able to do anything, though, as that IP number is from Nigeria.

    • I know it’s an old comment, but in case others are looking…

      Use an IP lookup site and look for “Abuse email” or “Registrant abuse email” or the like. It’s the ISP’s e-mail address of where you can file complaints with particular users. While they will not give out customer names or addresses, they can contact them and ask them to stop their harrassment or bad behavior.

  25. Hi I need help I’m looking for a company to help me find a Pacific PI address on someone that has been contacting me off of it and I need to find out who they are since your name is coming up anonymous if you can help me with a source of what company does this or person or if you have any ability to help with the situation please let me know thank you

    • As the article states, it would take law enforcement intervention to get this information. If you feel there is a compelling legal reason to get this information, you might contact law enforcement or seek legal counsel.

  26. is there a way to identify anonymous commentors (entering comments on a page that guarantees commentors anonimity) if they use their cellphones and laptops?

  27. Technology changes literally on a daily basis. What someone. can’t do today doesn’t mean they can’t do it tomorrow. Also the people who have instant access to this information are only human and can be bribed, threatened or blackmailed. Believing you cannot be traced if someone was determined to do it is naive.

    • If people are not just determined to track you down, but willing to bribe, threaten, blackmail or commit otherwise illegal acts to find out where you live based on a situation that gives someone else access to your IP address… well, you may want to reconsider your online behavior.

  28. Hi Leo: Thanks for the great article. When I use the Whois tool you recommended (http://webhosting.info/whois/), the result for several IPs I identified is “Invalid Domain”. What would this indicate?

    I know that these are real IPs as they were caught by our IP Tracker via Google AdWords.

    Thanks.

  29. Two more related questions, please, and huge thanks in advance:

    Preliminary info: We’re using an IP tracker because of illicit AdWords clicks. We cross referenced the City/State identified by our chosen IP Tracker with the City/State offered by 3 other IP trackers. Each gave different information (which you addressed above).

    When we mentioned this to the IP tracking company we chose, the company tells us this: “We lease a commercial IP to geolocation database. We use a database provided to us by a third-party company which is also used by many very large “Fortune 500″ companies. This database is accurate at the country level by more than 95%. It is accurate at the region/state level by 85% and at the city level by 75-85%. We update this database every 30-45 days.”

    QUESTIONS:
    1. Any IP tracker company that you think is more accurate than others? If you’re not comfortable making a recommendation, please consider sharing what features and/or results you’d look for in making a purchase decision.
    2. Given that IP trackers are typically only accurate to the State level, are they really useful for this purpose?

  30. Hi there,
    When I try to assign an IP, it says other machine on the network already has it.
    Is there a way I can find out who owns Internal IP like 10.10.10.10 in my internal network?
    I cannot ping it and the nslookup says “server can’t find 10.10.10.10”.
    Is there any other way?
    Thanks,
    Andy

  31. WHY the HELL in a democratic country would an ISP DISCRIMINATE “law enforcement” from simple individuals requesting IP owner ?
    – physical/geo adresse
    – phone number
    – email
    – name
    – etc …
    “private” info isn’t private anymore and belong to everyone once your on the net, not EXCLUSIVLY the government/police, this is my definition of
    “information freedom in a democratic country”

    • Because in any country laws take precedence over desires.

      Also, law enforcement gives the request a level of accountability (and often a paper trail) that a random requests from random people simply don’t have. ISPs are covering their behinds. By not giving the information out to anyone they’re protecting themselves from accidentally giving it out to the wrong person. You’d be even more angry if that happened to you.

  32. Is there a way to find someone’s real life account from a roleplay account? She lives somewhere in slovenia, ljublijana. I’m having trouble since she causes trouble and looking for lovers/sex.. Instead of contacting them by on a roleplay account.

  33. Is there a way to include information of the city state or country related to that IP address which you are tracking ? Or does that need a legal reason too ?

    • No. First of all your cell phone number has nothing to do with your IP address, and it would normally take law enforcement intervention to get your personal information from your cell phone number. Of Course, if you have your cell phone number listes somewhere on the publically accesible web, googling would reveal that. You could easily check for that by googling your phone number.

      • In addition to that comment – what if it was a number from an app like textnow or a google number could it be tracked to a specific cellphone or IP address of the cell phone/cellphone number?

  34. Someone logged into my snapchat and sent an inappropriate pic to another person. Snapchat history shows it’s an iPhone with an ipv6 IP address. I know me as a regular person can’t find much but could an IT expert find out more? And if so what can he find that i can’t?

    • It would take subpoenas to find out more about an IP address. So the only solution would be to get law enforcement involved. That’s not an easy task.

      • What if you use a router to send the messages? Can they trace the IPV6 to a specific router if you give them access to your phone and wifi?

  35. I have a account that someone tried to get into, and I had my manage alert tell me someone tried. So I found the I P address and I was hopen to whom it concerns that you can help me find out who this person was, because I do have someone bothering me. Here is the {IP address removed} thank you for taken the time to help me.

    • Please read the article you are commenting on. It discusses everything which can be determined from an IP address if you don’t get law enforcement involved.

  36. Is there a software that I can use to permanently delete files and browser history. One that can replace the files with random files in it’s place?

  37. {removed}@gmail.com

    Hi, someone rang me and abused me saying i was using their wifi. Ive no idea how i did this however if i did inadvertently connect unknowingly how did they get my phone number to ring me. They said they looked up my ip address.. did this show my phone number? I am very shaken by the call as i dont know how i could have.

  38. My simple question is this: Is the IP address linked to a customer name, either the IP is static or dynamic? I know that what’s generally being shown is the approximate location and the name of the service provider. I ask of this because if you imagine one person in a country where its current form of government is somewhat autocratic or however the like you may define it, and that person is an active critic, or even so, highly opposed of that, wouldn’t he or she be at risk of being tracked down and be endangered just because of that obtained IP address, esp. if the government doesn’t need to request any court orders or whatever since they can do almost pretty much anything? Or like is it even possible for someone so techie to look into the database of that service provider and really find the registered name of the person who is using that IP address? Thank you.

  39. HEllo Leo,
    i have a friend who works with computers and stuff and he says that actually you can from IP adress get someones browsing history or anything. Okay i believe you can if you have a law court or something but just some random person being able to do that i am not sure? Even if they were to be able to would it be easy to do so?

  40. i am a newbie which dont know much ,all i know is i need to find someone urgently,but try thr grabify but locatin time is always not sccurate so is hard for me
    too,so if your is good,i really wish to test n try badly

    • It’s not clear exactly what you’re seeing but if you’ll read the article you’ll see that it is not possible to locate someone based on their IP number unless you happen to be visiting a website that they own. When an article says something is not possible, asking the author of the article to do it for you is futile.

  41. Hi,
    So I’m wondering, if I sent messages to someone’ over two years ago. And it was on a texting app form my home wifi? Are they able to retrieve my information that says its me? Revealing my location, or from my IP address, or from my phone device. It’s been so long that I assume any and all information between the messages would be gone right?

    • The IP information would still be on the sent message. If you have normal home Internet with dynamic IP address assignment, your IP address would have changed several times since then. Your ISP would be able to identify you but they wouldn’t release that information without law enforcement intervention and a court order.

  42. Hi Leo,
    I’m wondering if a hacker can find my home address from my IPv6 address. I accidentally logged into an account and found out that the website logs the public IP and date and time. In a scenario where the person is a hacker, can they find me? I also have a Anti-Virus installed on my computer. Thank You!

Leave a reply: