What you can find, how to find it, and what you can and can’t do with it.
You don’t.
That may come across as rude, but it’s the truth.
The level of detail most people want is simply not something you or I can get on our own.
There’s a certain amount of information you can get, however, and I’ll show you what that is and how to get it.
Become a Patron of Ask Leo! and go ad-free!
Who's at an IP Address
It’s not possible to find out who is using a specific IP address without the aid of law enforcement. There are services, including whois, reverse DNS, Geo-IP, and IP-sharing lookups, that can provide some information about an IP address. To go beyond that point, you need the assistance of the ISP owning the IP address, and to get that, you likely need law enforcement or the courts to get them to release otherwise private information.
Who cares who owns an IP address?
I’ve received this question repeatedly, and for various reasons. Most commonly, it’s from someone being harassed online. They believe they have the IP address of the person responsible, and they want to track the person down.
It’s important to realize that you will not, on your own, be able to get the information you want.
The name, location, phone number, email address, or other specific information is not available if all you have is an IP address. Not only can an IP address change or be shared among many computers (and hence people), but the information you’re seeking is private and protected by the ISP, who really “owns” the IP address.
Let’s look at what you can determine from an IP address on your own, and a few tools that will help you determine who that ISP is.
Whois
“Whois” is a service that basically answers the question “who is X” where X is an IP address, a domain name, or, potentially, several other things.
ARIN, the American Registry for Internet Numbers, is a fine place to start. The ARIN Whois can be accessed from whois.arin.net. In the upper right corner’s Search box,
enter the IP address you’re interested in and press Return. I’ll use 72.104.186.113 (an IP address that I know to be assigned) as my example.
This is typical of what you’ll get: information that identifies the ISP who owns the “block” of IP addresses containing the IP address you asked about. In this example, the block is owned by Verizon Wireless, and includes all IP addresses from 72.96.0.0 through 72.127.255.255.
With a court order, law enforcement could then approach the ISP for more detailed information, including who the IP address was assigned to at the time in question.
Note that it’s possible the information presented may point you to a different whois server. ARIN covers IP addresses assigned in North America; there are other services for the rest of the planet.
Reverse DNS
In some cases, reverse DNS can be instructive.
DNS (Domain Name System) maps a domain name, like “askleo.com”, to an IP address. As its name implies, reverse DNS does the opposite: given an IP address, it finds the domain name that has been assigned as the primary1 identifier.
I’ll use a tool from a third-party vendor this time, whois.domaintools.com.
You can see this gives much of the same information that we’ve seen above, namely the ISP who owns that IP address. But there’s an additional tidbit of information.
113.sub-72-104-186.myvzw.com is the domain name associated to this IP address. This type of domain name is common for IP addresses assigned to consumers and small businesses. You can see that “myvzw” is an additional clue to which ISP provides this IP address: Verizon Wireless.
Occasionally, you may find things in the reverse DNS that lead you to some additional theories about the IP’s ownership, including, perhaps, an actual domain name for a website or some kind of encoded general location.
GEOIP
Looking at the report from domaintools.com, you can see that it references “United States Newark Verizon Wireless” as the IP location. Needless to say, that’s incorrect. It reflects the location of the ISP — Verizon Wireless — but does not refer to the location of the equipment connected to and using that IP address.
We may be able to get a little closer.
A company called MaxMind provides geographic location information based on IP addresses. They have a page on which you can test their technology, and here’s what they displayed for the IP address I entered:
Here you can see that the scope has narrowed somewhat. The location is listed as Chattaroy, Washington.
We’re getting closer, but not much. MaxMind has correctly identified the state where this IP has been assigned. The city of Chattaroy, however, is several hundred miles on the other side of the state from where that IP address is actually in use.
This is common. For most normal, residential, or small-business connections, most of the publicly available information is accurate only to the state. Occasionally, depending on how the ISP has constructed their network, you may be able to get to the correct city or neighborhood. It is possible, just not common — and there’s no real way to know how accurate the information is when you get it. The response for my IP address here at home, for example, is a city five miles to the south of me. Close, but not close enough.
IP sharing
Particularly when it comes to web servers and web hosting, it can be instructive to see what other domains might be hosted at the same IP address and server.
We’ll use hackertarget.com/reverse-ip-lookup for this.
A lookup of a residential or other IP assigned for internet access is unlikely to return any results, so we’ll use another IP address, one I know is assigned to a shared hosting service: 69.89.31.214.
That shows the beginning of a list of hundreds of entries. This is common for shared hosting: hundreds, if not thousands, of websites can be hosted on a single, powerful server.
This probably wasn’t what you wanted
While I’ve shown you several tools you can use to gather information about an IP address, I understand that it’s probably not enough to satisfy you. Most people want the name of the person at an IP address, their physical address, their email address, or their phone number.
You can’t get there from here.
The ISP provides internet service to someone, it’s true, but they will not release that information, and that information is not available publicly. You’ll need the assistance of courts, law enforcement, and possibly overseas law enforcement, if the IP address is located in another country.
And when you think about it, that’s exactly as it should be: if the tables were reversed, you wouldn’t want random people tracking you down by your IP address, do you?
You can’t. They can’t.
And that’s good.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Footnotes & References
1: An IP address can be assigned to many different domains, particularly on shared hosting services. One domain name is typically designated as primary. For example, a reverse DNS lookup on the server hosting askleo.com would return you a subdomain of pugetsoundsoftware.com — the primary name of the server currently hosting the site — or a name assigned by the hosting company.
Good stuff, Leo.
An IP address can tell us when the same Internet connection is used repeatedly, such as tracking a browser from page to page in server logs. However, as you said, and contrary to what many hope or believe, tracking down an individual by IP address is nearly impossible.
So my friend is wrong about how he got a phone number from somebody?
Looking up UP addresses by Geolocation, I’ve sometimes gotten as close as a couple of miles, and as far as the wrong country.
I’d also like to highlight something you said. You can get the assistance of the courts by asking a judge to issue a subpoena – but you don’t have to use law enforcement. If you are being harassed online, or some unauthorized person has gotten into your email account, it is fairly straightforward to get a judge to issue a subpoena to ISP to reveal who a given IP address is assigned to at a given time. At least, that’s what attorneys I’ve worked with on computer forensic cases have told me. Law enforcement has far too much to do than to act on a user’s suspicion without evidence of real harm.
{Broken link removed}
TOR will route your e-mail through various and sundry relay ‘nodes’ (is that the right idea?) so your IP address is anon. So I understand.
Check it out yourself and see.
Your IP is never really “Hidden”, just encrypted on a Virtual Network provided with any VPN service. Best way to go is if you think someone is using your personal information for malicious acts, report it to the authorities and let them do their job. With the right knowledge you can track anyone on the Web, but i do not recommend trying it.
Unfortunately, that’s true. The authorities (generally, the police and courts) have the ability to find these things out but they have such a backlog that cases like those usually don’t get prioritized for them to act on it. And TOR is so good at what it does that in most cases even the authorities can’t crack it. Otherwise, it wouldn’t be so effective in places like China.
Depends on the scenario. If you are tracking down something illegal: the police. If you’re just curious: then, no, there are no authorities to help you, nor would you want there to be. Imagine if random curious people could just look up your information.
My daughter had a very embarrasing moment, her and her friends were trying to start a blog and decided to send out questionares from an idependent email dedicated to the blog for intrest topics. They received back alot of comments and downloaded them into comment sheets on various topics. When they decided to send out another folloe up report the wrong document with some of these comments that had been received was sent by mistake. One of the comments although it did not mention a name was a little racy and was sent to the person it concerned. That person’s mother had someone trace the email (she sai# and announced the finding with my name attached at a school meeting. I don’t understand how she did this and got my name!! or did this at all?? our service in our home is in my husbands name. From what the girls told me, #i wasn’t at the meeting# she mentioned when the email was set up not sent and showed this on some fancy phone. my name was showed with: #Malito). We have since tried to apologize and say there was no maliciosness behing it, but this person tends to be a mean conspiracy theroist and it is just such a headache.
@Beatrice
In order to register for an email address, the email provider usually asks for a name and other personal information. If an email is sent out through the webmailer, this name is typically added to all emails sent out. If you use an email program, the name you set up the account with in that program is included in the sent emails. This is a feature, as most people want it that way. If you prefer to remain anonymous, you would have to include a pseudonym.
What about the chances of identifying someone from their email address?
Not unless they’ve posted their email address somewhere on the web associated with their personal information.
http://ask-leo.com/can_someone_find_my_home_address_or_telephone_number_from_my_email_address.html
Close to zero without the help of law enforcement. Same concepts apply.
OK Leo, if what you say is true, and I do not doubt it, how come that whenever I visit some sites even for the first time where no cookies can be present, my location is correctly identified to the suburb I live in, Chelsea in Vic, Aust, as a matter of fact?
That’s this article: http://askleo.com/how_do_those_ads_know_where_i_live/
Hi. I’ve been using my work wifi on my mobile phone’ we are not aloud to but many of us do. Is there any way there they can track it ? Would it have our IP address ?
Many thanks dave
Yes. They can track it. It’s probably even easier than an IP address. More than likely they just have to look at the list of connected devices and they will find something like “Dave’s phone.”
How about companies like {URL removed}? They are able to tell which companies have visited your website. How do they do it?
The internet is basically a two-way street. Every time a browser accesses a server, that server can also “see back” and see numerous little bits of information from the time of access to the type of browser being used. In fact, it’s so much data that it really doesn’t make a lot of sense to the typical website owner. Companies like these simply have sophisticated ways of analyzing the data that is already available.
My daughter has a phone I provided for her. She does not have access to the Internet and does not use a router. She only has texting and calling. She claims that someone knows her IP address of her phone and can follow her. Is this possible? She’s on my personal Verizon account and lives in another state than my husband and I. Please return comment asap. Thank you. SANDY
That’s a bit of an assumption. To be honest, it wouldn’t surprise me if they still did – at least the most current ones.
Thanks! Helped me track down the person who is fraudulently using my Netflix account.
Nope. Not without the help of law enforcement. Youtube does not make that available to the public.
There’s no yes or no answer to this. You can’t, I cannot, but maybe law enforcement could.
Hiya Leo
An IP address I don’t recognise (I know the geographical location) has checked my GMail account this morning. I’ve logged out and will change my password, just in case.
Do you know of any emerging tech that can help me identify the IP more specifically?
Your assistance would be greatly appreciated.
Jojo
This article is pretty up to date on the technology that can be used to identify the user at a given IP address. The best thing you can do is use a strong password. From what you say, the login was unsuccessful, but you might want to go the extra mile and follow the points that apply in these articles, especially checking if any of the recovery information has been changed:
https://askleo.com/how-do-i-tell-if-my-email-has-been-hacked/
https://askleo.com/email_hacked_7_things_you_need_to_do_now/
Nope.
Dear Leo
I have been writing to someone who is suppose to be in the army stationed in Afghanistan. I am trying to find out if he really is there or just trying to lead me on. There are several things that don’t add up in our conversations.Please help me if you can.
The Defense Department has a website for that. You’d need to know his SSN or birthdate. Unfortunately, there’s no guarantee he’s not using the name and information of someone actually in the military, but if if it comes up negative, you can be sure he isn’t.
https://www.dmdc.osd.mil/appj/scra/single_record.xhtml
Another clue would be to find the originating IP address in the header of the email and check it in a whois search. It should come up as a US military of Afghani IP address.
http://whois.domaintools.com/
Leo, we’ve had a new copyrighted book stolen by website: IP {IP address removed} who is giving the copyrighted book away free under their domain {url removed}. They have added new copyrighted books apparently daily to their free giveaways. Authors spend anywhere from a few months to a few years writing a book and they are being robbed of their commissions for their work. The site is protected by icann.com who doesn’t even respond when abuse is reported. Any ideas?
If the Website is hosted in the states you can complain the hosting company. You can file a DMCA take down request. If the site is hosted overseas, then there typically little that can be done other than that trying to contact the site owner. I have the same problem with my books. One important thing to do is realize that your book is essentially a sales letter for your own product or website, and to make sure that every page is branded with your URL or identification. that way pirated copies are at least marketing materials for you.
I recently discovered a company, El Toro, who offer services to identify someone’s IP address by using their mailing address–this is not merely higher level geolocating but using the specific mailing address. They have patented some sort of technology and claim the source of their data comes from publicly available sources. Do you know anything about them, or what their “publicly available sources” could be?
Publicly available sources essentially refers to information which anyone can Google. They claim to have developed an algorithm to be able to associate an IP address with a physical address using information available to anyone. They, then, use this information to target ads for their clients. According to the success their clients are having seems to indicate that their algorithm works. Even if their claims of being able to target an individual home might be exaggerated. they definitely are on to something.
Thanks for the feedback, Mark.
I ran an IP address on the Hanz Resolver site from a Skype username.. (user was OFFLINE ) and it is saying a completely different country … can this be a mistake? I can see it messing up a state or city etc but a country? It did say to run the Skype username to get the IP address when the contact is ONLINe but I did it when they were offline to get the IP address then went to another site and ran the IP address and it came back the UK however this person says they are in the USA?!
There are are a few ways that can happen. One very common way that happens is that the person might be using a proxy server or VPN. It is very common to use these services to get access to content not available in your own country. For example, many people use these to get access to things like Netflix or Youtube content not available in their country.
http://ask-leo.com/how_can_i_falsify_my_ip_address.html
Chances are you got the address of a Skype server. IP addresses are notoriously unreliable – as pointed out in the article.
Hi,Leo!
My Facebook and ok.ru accounts(russian for classmates) are being accessed in different cities of US pretty much at the same time as I do.I have IP addresses on ok.ru.As for Facebook,I get notifications if my accounts are being accessed from different devices. I wonder if it possible to find out who does that .The cities are the ones I never visited.That really scares me.
Thanks in advance,
Svetlana.
Are you using a VPN service or a proxy or any kind of service which hides your identity. If so that other person is you. These services acces websites through their servers, and th IP address of the proxy server is what appears to the website. The reason I suspect that is because it happens at the same time as you are logged on.
In any case, you should lock down your accounts. This article is titled “Email Hacked?”, but the advice is pretty much the same for any kind of account.
Email Hacked? 7 Things You Need to do NOW
There are several tools on line for getting information on IP addresses and Domain names, like ping.eu or various skype resolve or other ping resolve sites, but none will give out a users name or address people. It takes the legal system to help you get that information. Leo, thank you for your hard work and time in all matters you discuss.
Hi I need help I’m looking for a company to help me find a Pacific PI address on someone that has been contacting me off of it and I need to find out who they are since your name is coming up anonymous if you can help me with a source of what company does this or person or if you have any ability to help with the situation please let me know thank you
As the article states, it would take law enforcement intervention to get this information. If you feel there is a compelling legal reason to get this information, you might contact law enforcement or seek legal counsel.
Technology changes literally on a daily basis. What someone. can’t do today doesn’t mean they can’t do it tomorrow. Also the people who have instant access to this information are only human and can be bribed, threatened or blackmailed. Believing you cannot be traced if someone was determined to do it is naive.
If people are not just determined to track you down, but willing to bribe, threaten, blackmail or commit otherwise illegal acts to find out where you live based on a situation that gives someone else access to your IP address… well, you may want to reconsider your online behavior.
I know it’s an old comment, but in case others are looking…
Use an IP lookup site and look for “Abuse email” or “Registrant abuse email” or the like. It’s the ISP’s e-mail address of where you can file complaints with particular users. While they will not give out customer names or addresses, they can contact them and ask them to stop their harrassment or bad behavior.
WHY the HELL in a democratic country would an ISP DISCRIMINATE “law enforcement” from simple individuals requesting IP owner ?
– physical/geo adresse
– phone number
– email
– name
– etc …
“private” info isn’t private anymore and belong to everyone once your on the net, not EXCLUSIVLY the government/police, this is my definition of
“information freedom in a democratic country”
Because in any country laws take precedence over desires.
Also, law enforcement gives the request a level of accountability (and often a paper trail) that a random requests from random people simply don’t have. ISPs are covering their behinds. By not giving the information out to anyone they’re protecting themselves from accidentally giving it out to the wrong person. You’d be even more angry if that happened to you.
Please read the article. It answers your question.
Someone logged into my snapchat and sent an inappropriate pic to another person. Snapchat history shows it’s an iPhone with an ipv6 IP address. I know me as a regular person can’t find much but could an IT expert find out more? And if so what can he find that i can’t?
It would take subpoenas to find out more about an IP address. So the only solution would be to get law enforcement involved. That’s not an easy task.
What if you use a router to send the messages? Can they trace the IPV6 to a specific router if you give them access to your phone and wifi?
This is just a typical scammer. They can’t see you, they can’t see your computer, they are just trying to scare you. More than likely their end game is to get you to pay them money for something or other. Hang up and don’t engage. Block their number if you can. Here’s a good article from Leo about a similar situation: https://askleo.com/i_got_a_call_from_microsoft_and_allowed_them_access_to_my_computer_what_do_i_do_now/
My simple question is this: Is the IP address linked to a customer name, either the IP is static or dynamic? I know that what’s generally being shown is the approximate location and the name of the service provider. I ask of this because if you imagine one person in a country where its current form of government is somewhat autocratic or however the like you may define it, and that person is an active critic, or even so, highly opposed of that, wouldn’t he or she be at risk of being tracked down and be endangered just because of that obtained IP address, esp. if the government doesn’t need to request any court orders or whatever since they can do almost pretty much anything? Or like is it even possible for someone so techie to look into the database of that service provider and really find the registered name of the person who is using that IP address? Thank you.
HEllo Leo,
i have a friend who works with computers and stuff and he says that actually you can from IP adress get someones browsing history or anything. Okay i believe you can if you have a law court or something but just some random person being able to do that i am not sure? Even if they were to be able to would it be easy to do so?
To the best of my knowledge it would be extremely difficult, probably incomplete, and likely require legal intervention.
It’s not clear exactly what you’re seeing but if you’ll read the article you’ll see that it is not possible to locate someone based on their IP number unless you happen to be visiting a website that they own. When an article says something is not possible, asking the author of the article to do it for you is futile.
Hi,
So I’m wondering, if I sent messages to someone’ over two years ago. And it was on a texting app form my home wifi? Are they able to retrieve my information that says its me? Revealing my location, or from my IP address, or from my phone device. It’s been so long that I assume any and all information between the messages would be gone right?
The IP information would still be on the sent message. If you have normal home Internet with dynamic IP address assignment, your IP address would have changed several times since then. Your ISP would be able to identify you but they wouldn’t release that information without law enforcement intervention and a court order.
Hi Leo,
I’m wondering if a hacker can find my home address from my IPv6 address. I accidentally logged into an account and found out that the website logs the public IP and date and time. In a scenario where the person is a hacker, can they find me? I also have a Anti-Virus installed on my computer. Thank You!
Same comments apply as per IPv4: anyone can find the ISP you use, but only the ISP can determine where you are.
I find it interesting that someone was able to obtain my name via IP address in 2011 in the USA. I was playing video games on Xbox live and some “hackers” obtained this information. Now that I’m a cyber security expert I realize that they may have been the real deal. Probably should have kept in touch with them ;p.
I do remember being able to do this to other people as well though.
I’d be very curious as to HOW they did it. Only approach I can think of is to get your IP address and then somehow associate it with some other public data that very coincidentally matches, OR by actually hacking your ISP.
What a lot of these commenters don’t realize or understand is that for US consumers their IP address is assigned to them dynamically by their ISP server out of the range of IP addresses assigned to that specific ISP. Before IPv6 came along, IPv4 addresses were limited so ISPs reused IP addresses frequently. Most ISPs charge a fee for a static (doesn’t change) IP address & it’s usually used by a business that has servers always connected to the ISP. They need static IP addresses for DNS lookup. (This is a simplification)
When a consumer connects to the ISP, the ISP dynamically assigns an available IP address to that device. When the user drops the ISP connection (powering down or restarting the PC or phone) & then reconnects to the ISP afterwards, there’s no guaranty that the ISP will assign that same IP address to the device. Depending on the time interval between connections, the ISP could have dynamically assigned that IP address to another user/device & a new IP address would be assigned to the user upon reconnecting to the ISP. The ISP’s server dedicated for assigning IP addresses determines all that. The user has no control over the assigned IP address. If a router is in place doing the connection to the ISP, then the assigned IP address is the external address of the router on the Internet, not the internal network’s IP addresses from NATing by the router.
Because the IP address is dynamic for consumers, that’s why Leo mentioned that one also needs to know the time in addition to the IP address. The ISP’s server logs would match the two if needed.
I would seem to think it is harassment and investigation into The Who of the IP address would be court order so if you filled a complaint the judge would order it well if this continues to me that’s the avenue I will take!
A court order can be used to find the owner, or more accurately the user of the IP address at the time in question if a judge agrees to a warrant.
is what nordvpn said is true?
They are exaggerating for marketing purposes. I would avoid a service which makes that kind of unfounded claims.