Finding the Owner of an IP Address

While you cannot find the specific owner of an IP address, I'll look at a few tools to see what IP-related information you can get.

//
How do I figure out who owns an IP address?

At the risk of coming off as rude: you don’t. There’s a certain amount of information you can get, and I’ll show you shortly, but the level of detail most people want is simply not something that you can get on your own.

Over the years, I’ve received this question repeatedly and for various reasons. Most commonly, it’s from someone who’s being harassed online, and they believe that they have the IP address of the person responsible and now want to track them down.

It’s critically important that you realize that you will not, on your own, be able to get the information you want. The name, location, phone number, email address or any other specific information are simply not available to just any given IP address. Not only can an IP address change or be shared among many computers (and hence people), but the information that you’re seeking is considered private and is protected by the ISP who owns that IP address.

To get that information, you’ll need a legal reason to require it and that typically means a court order of some sort.

However, let’s look at what you can determine from an IP address on your own and a few tools that will help you determine at least the ISP that owns it.

Whois

“Whois” is a service that basically answers the question “who is X” where X is an IP address, a domain name, and several other things.

ARIN, the American Registry for Internet Numbers, is a fine place to start. The ARIN Whois can be accessed from http://whois.arin.net in the upper right corner:

ARIN Whois Search

Enter the IP address you’re interested in and press Return. I’ll use 72.104.186.113 (an IP address that I know to be assigned) as my example:

ARIN Whois Results

This is pretty typical of what you’ll get: information that identifies the ISP who owns the “block” of IP addresses that contains the IP address that you asked about. In this case, the block is owned by Verizon Wireless and includes all IP addresses from 72.96.0.0 through 72.127.255.255.

With a court order, law enforcement would then approach the ISP for more detailed information about who that IP address was assigned to at the time in question.

Also note that it’s possible that the information presented may point you to a different whois server – ARIN covers IP addresses assigned in North America; there are other services for the rest of the planet.

Reverse DNS

In some cases, reverse DNS can be instructive.

DNS is the mapping of a domain name, like “askleo.com”, to an IP address. Reverse DNS does, as its name implies, the reverse: given an IP address, it finds the domain name that has been assigned as the primary1 identifier.

I’ll use a tool from a third-party vendor this time, http://whois.domaintools.com:

DomainTools.com results

You can see that this gives much of the same information that we’ve seen above, namely the ISP who owns that IP address. But there’s an additional tidbit of information.

113.sub-72-104-186.myvzw.com is the domain name that identifies this IP address. This type of domain name is common for IP addresses which have been assigned to consumers and small businesses for internet access. You can see that “myvzw” is an additional clue to which ISP provides this IP address: Verizon Wireless.

Occasionally you may find things in the reverse DNS that might lead you to some additional theories about the IP’s ownership including, perhaps, an actual domain name for an actual web site, or some kind of encoded general location.

GEOIP

Looking at the report from domaintools.com, you can see that it references “United States Newark Verizon Wireless” as the IP location. Needless to say that’s incorrect. It reflects the location of the ISP, Verizon Wireless, but does not actually refer to the location of whatever equipment is connected and using that IP address.

We may be able to get a little closer.

A company called MaxMind, who provides geographic location information based on IP addresses to businesses has a page on which you can test their technology: http://www.maxmind.com/app/locate_demo_ip. Here’s what they displayed for the IP address I entered:

Geoip Results

Here you can see that the scope has narrowed somewhat. The location is listed as “Chattaroy, Washington”.

We’re getting closer, but not much. MaxMind has correctly identified the state where this IP has been assigned. The city of Chattaroy, however, is several hundred miles on the other side of the state from where that IP address is actually in use.

This is common. For most normal, residential or small business connections most of the publicly available information is accurate only to the state. Occasionally, depending on how the ISP has constructed their network, you may be able to get to the correct city or neighborhood. It is possible, just not common, and there’s no real way to know just how accurate the information is when you get it.

IP sharing

Particularly when it comes to web servers and web hosting, it can sometimes be instructive to see what other domains might be hosted at the same IP address and server.

We’ll use http://whois.webhosting.info for this look-up.

A lookup of a residential or other IP assigned for internet access is unlikely to return any results (and in fact, a lookup of 72.104.186.113 returned
none), so we’ll use another IP address – that of askleo.com, 67.225.235.59:

52 Domains!

(This search can be slow – the information in DNS is not optimized at all for this kind of look-up.)

As you can see, it reflects that askleo.com and 51 other domains are on the same server and share the same IP address. (Yes, I have several domains, and host a few for close friends as well.)

If you do this kind of IP lookup on an account at a shared hosting service, you might find that the site shares an IP with perhaps hundreds or even thousands of other websites.

Depending on the type of hosting being used, you may or may not draw conclusions from the list of sites returned. In my case, it’s a fairly safe bet that askleo.com and pugetsoundsoftware.com (on the same server) are related. However, if the IP is shared with hundreds of other sites at a shared hosting location, then no inferences can really be made.

Get More Answers!

Each week I publish The Ask Leo! Newsletter where you can find more answers tips and tricks to make your technology "just work"!

Subscribe NOW and get a FREE copy of my special report "10 Reasons Your Computer is Slow (and what to do about it)".

This report will help you identify exactly why your computer is slowing down and the steps you can take to fix it.



My Privacy Pledge

This probably wasn’t what you wanted…

While I’ve shown you several tools that you can use to gather information about an IP address, and there’s a fair amount of information based on the most common questions, I totally understand that it’s still not enough.

Most people want the name of the person who owns an IP address, their physical address, their email address or their phone number. You can’t get there from here. The ISP provides that internet service to someone, it’s true, but they will not release that information, and that information is not available publicly. You’ll need the assistance of the courts, law enforcement, and possibly overseas law enforcement if the IP address is located in another country.

And when you think about it, that’s exactly as it should be.

If the tables were reversed, you really don’t want random people tracking you down by your IP address, now do you?

This is an update to an article originally posted : July 19, 2004

Footnotes and references

1: An IP address can be assigned to many different domains, particularly on shared hosting services. One domain name is typically designated as the primary. For example a reverse DNS lookup on the server hosting askleo.com would actually return you lw3.pugetsoundsoftware.com – the primary name of that server.

Comments

  1. Will Bontrager

    Good stuff, Leo.

    An IP address can tell us when the same Internet connection is used repeatedly, such as tracking a browser from page to page in server logs. However, as you said, and contrary to what many hope or believe, tracking down an individual by IP address is nearly impossible.

  2. Steve Burgess

    Looking up UP addresses by Geolocation, I’ve sometimes gotten as close as a couple of miles, and as far as the wrong country.

    I’d also like to highlight something you said. You can get the assistance of the courts by asking a judge to issue a subpoena – but you don’t have to use law enforcement. If you are being harassed online, or some unauthorized person has gotten into your email account, it is fairly straightforward to get a judge to issue a subpoena to ISP to reveal who a given IP address is assigned to at a given time. At least, that’s what attorneys I’ve worked with on computer forensic cases have told me. Law enforcement has far too much to do than to act on a user’s suspicion without evidence of real harm. (May I link to a story about one such case? The Case of the Teacher and the Trickster )

    A fun read. Smile

    Leo
    10-Aug-2011
  3. Snert

    TOR will route your e-mail through various and sundry relay ‘nodes’ (is that the right idea?) so your IP address is anon. So I understand.
    Check it out yourself and see.

  4. pirate22

    ANYONE RECIEVING A E-MAIL-can they determine which Country it came from.
    Also im “Miffed”that the country that has been tracked keeps throwing up sites in the foreign language-can this be stopped from haappening

  5. Margaret Louk

    I got an add-on for Mozilla Firefox called WorldIP. When you go to a web site it tells you what country it is from, at least it is supposed to. There is a little U.S. flag etc. Very unobtrusive. I would recommend it.

  6. beatrice

    My daughter had a very embarrasing moment, her and her friends were trying to start a blog and decided to send out questionares from an idependent email dedicated to the blog for intrest topics. They received back alot of comments and downloaded them into comment sheets on various topics. When they decided to send out another folloe up report the wrong document with some of these comments that had been received was sent by mistake. One of the comments although it did not mention a name was a little racy and was sent to the person it concerned. That person’s mother had someone trace the email (she sai# and announced the finding with my name attached at a school meeting. I don’t understand how she did this and got my name!! or did this at all?? our service in our home is in my husbands name. From what the girls told me, #i wasn’t at the meeting# she mentioned when the email was set up not sent and showed this on some fancy phone. my name was showed with: #Malito). We have since tried to apologize and say there was no maliciosness behing it, but this person tends to be a mean conspiracy theroist and it is just such a headache.

  7. Mark Jacobs

    @Beatrice
    In order to register for an email address, the email provider usually asks for a name and other personal information. If an email is sent out through the webmailer, this name is typically added to all emails sent out. If you use an email program, the name you set up the account with in that program is included in the sent emails. This is a feature, as most people want it that way. If you prefer to remain anonymous, you would have to include a pseudonym.

  8. Mark A

    OK Leo, if what you say is true, and I do not doubt it, how come that whenever I visit some sites even for the first time where no cookies can be present, my location is correctly identified to the suburb I live in, Chelsea in Vic, Aust, as a matter of fact?

  9. Dave Phipps

    Hi. I’ve been using my work wifi on my mobile phone’ we are not aloud to but many of us do. Is there any way there they can track it ? Would it have our IP address ?
    Many thanks dave

    • Connie Delaney

      Yes. They can track it. It’s probably even easier than an IP address. More than likely they just have to look at the list of connected devices and they will find something like “Dave’s phone.”

  10. Larry

    How about companies like {URL removed}? They are able to tell which companies have visited your website. How do they do it?

    • Connie Delaney

      The internet is basically a two-way street. Every time a browser accesses a server, that server can also “see back” and see numerous little bits of information from the time of access to the type of browser being used. In fact, it’s so much data that it really doesn’t make a lot of sense to the typical website owner. Companies like these simply have sophisticated ways of analyzing the data that is already available.

  11. Sandra Orchard-Evans

    My daughter has a phone I provided for her. She does not have access to the Internet and does not use a router. She only has texting and calling. She claims that someone knows her IP address of her phone and can follow her. Is this possible? She’s on my personal Verizon account and lives in another state than my husband and I. Please return comment asap. Thank you. SANDY

  12. maurice

    I had someone post my company videos on youtube using my info and listed it under my name
    I tried the basic search for their info and they listed all info on youtube under my name can i find out the
    computer ip address any kinda of way?

    • Mark Jacobs

      You won’t be able to find out who uploaded that video short of a court order, but you can report and request a takedown of that video from YouTube by clicking on “… More” selecting “Infringes my rights” and answering any further questions they present.

  13. Jojo

    Hiya Leo
    An IP address I don’t recognise (I know the geographical location) has checked my GMail account this morning. I’ve logged out and will change my password, just in case.
    Do you know of any emerging tech that can help me identify the IP more specifically?
    Your assistance would be greatly appreciated.
    Jojo

  14. little kat

    Someone made an gmail account using the fist half of my real email. They sent an email to someone and they said it came from my ip address. How is that possible when I NEVER sent that email and NEVER made a gmail account? I’m desperate to find this out. Thank you for any help

  15. Carol Delmont

    Dear Leo
    I have been writing to someone who is suppose to be in the army stationed in Afghanistan. I am trying to find out if he really is there or just trying to lead me on. There are several things that don’t add up in our conversations.Please help me if you can.

    • Mark Jacobs

      The Defense Department has a website for that. You’d need to know his SSN or birthdate. Unfortunately, there’s no guarantee he’s not using the name and information of someone actually in the military, but if if it comes up negative, you can be sure he isn’t.
      https://www.dmdc.osd.mil/appj/scra/single_record.xhtml

      Another clue would be to find the originating IP address in the header of the email and check it in a whois search. It should come up as a US military of Afghani IP address.
      http://whois.domaintools.com/

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.

Your email address will not be published. Required fields are marked *