What you can find, how to find it, and what you can and can’t do with it.
That may come across as rude, but it’s the truth.
The level of detail most people want is simply not something you or I can get on our own.
There’s a certain amount of information you can get, however, and I’ll show you what that is and how to get it.
Become a Patron of Ask Leo! and go ad-free!
Who's at an IP Address
It’s not possible to find out who is using a specific IP address without the aid of law enforcement. There are services, including whois, reverse DNS, Geo-IP, and IP-sharing lookups, that can provide some information about an IP address. To go beyond that point, you need the assistance of the ISP owning the IP address, and to get that, you likely need law enforcement or the courts to get them to release otherwise private information.
Who cares who owns an IP address?
I’ve received this question repeatedly, and for various reasons. Most commonly, it’s from someone being harassed online. They believe they have the IP address of the person responsible, and they want to track the person down.
It’s important to realize that you will not, on your own, be able to get the information you want.
The name, location, phone number, email address, or other specific information is not available if all you have is an IP address. Not only can an IP address change or be shared among many computers (and hence people), but the information you’re seeking is private and protected by the ISP, who really “owns” the IP address.
Let’s look at what you can determine from an IP address on your own, and a few tools that will help you determine who that ISP is.
“Whois” is a service that basically answers the question “who is X” where X is an IP address, a domain name, or, potentially, several other things.
enter the IP address you’re interested in and press Return. I’ll use 220.127.116.11 (an IP address that I know to be assigned) as my example.
This is typical of what you’ll get: information that identifies the ISP who owns the “block” of IP addresses containing the IP address you asked about. In this example, the block is owned by Verizon Wireless, and includes all IP addresses from 18.104.22.168 through 22.214.171.124.
With a court order, law enforcement could then approach the ISP for more detailed information, including who the IP address was assigned to at the time in question.
Note that it’s possible the information presented may point you to a different whois server. ARIN covers IP addresses assigned in North America; there are other services for the rest of the planet.
In some cases, reverse DNS can be instructive.
DNS (Domain Name System) maps a domain name, like “askleo.com”, to an IP address. As its name implies, reverse DNS does the opposite: given an IP address, it finds the domain name that has been assigned as the primary1 identifier.
I’ll use a tool from a third-party vendor this time, whois.domaintools.com.
You can see this gives much of the same information that we’ve seen above, namely the ISP who owns that IP address. But there’s an additional tidbit of information.
113.sub-72-104-186.myvzw.com is the domain name associated to this IP address. This type of domain name is common for IP addresses assigned to consumers and small businesses. You can see that “myvzw” is an additional clue to which ISP provides this IP address: Verizon Wireless.
Occasionally, you may find things in the reverse DNS that lead you to some additional theories about the IP’s ownership, including, perhaps, an actual domain name for a website or some kind of encoded general location.
Looking at the report from domaintools.com, you can see that it references “United States Newark Verizon Wireless” as the IP location. Needless to say, that’s incorrect. It reflects the location of the ISP — Verizon Wireless — but does not refer to the location of the equipment connected to and using that IP address.
We may be able to get a little closer.
A company called MaxMind provides geographic location information based on IP addresses. They have a page on which you can test their technology, and here’s what they displayed for the IP address I entered:
Here you can see that the scope has narrowed somewhat. The location is listed as Chattaroy, Washington.
We’re getting closer, but not much. MaxMind has correctly identified the state where this IP has been assigned. The city of Chattaroy, however, is several hundred miles on the other side of the state from where that IP address is actually in use.
This is common. For most normal, residential, or small-business connections, most of the publicly available information is accurate only to the state. Occasionally, depending on how the ISP has constructed their network, you may be able to get to the correct city or neighborhood. It is possible, just not common — and there’s no real way to know how accurate the information is when you get it. The response for my IP address here at home, for example, is a city five miles to the south of me. Close, but not close enough.
Particularly when it comes to web servers and web hosting, it can be instructive to see what other domains might be hosted at the same IP address and server.
We’ll use hackertarget.com/reverse-ip-lookup for this.
A lookup of a residential or other IP assigned for internet access is unlikely to return any results, so we’ll use another IP address, one I know is assigned to a shared hosting service: 126.96.36.199.
That shows the beginning of a list of hundreds of entries. This is common for shared hosting: hundreds, if not thousands, of websites can be hosted on a single, powerful server.
This probably wasn’t what you wanted
While I’ve shown you several tools you can use to gather information about an IP address, I understand that it’s probably not enough to satisfy you. Most people want the name of the person at an IP address, their physical address, their email address, or their phone number.
You can’t get there from here.
The ISP provides internet service to someone, it’s true, but they will not release that information, and that information is not available publicly. You’ll need the assistance of courts, law enforcement, and possibly overseas law enforcement, if the IP address is located in another country.
And when you think about it, that’s exactly as it should be: if the tables were reversed, you wouldn’t want random people tracking you down by your IP address, do you?
You can’t. They can’t.
And that’s good.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Footnotes & References
1: An IP address can be assigned to many different domains, particularly on shared hosting services. One domain name is typically designated as primary. For example, a reverse DNS lookup on the server hosting askleo.com would return you a subdomain of pugetsoundsoftware.com — the primary name of the server currently hosting the site — or a name assigned by the hosting company.