Helping people with computers... one answer at a time.

There are assorted ways that an IP address might be linked to or associated with an illegal or malicious web site. I'll look at some of the scenarios.

Can my IP address be linked to an illegal site without my knowledge?

It really depends on what you mean by "linked to".

If you mean "identified as a visitor to that site?" then there definitely are scenarios that you need to be careful of.

If you mean "identified as the site", meaning your IP is somehow identified as being the illegal site, or hosting that illegal site's contents ... well, believe it or not there are some scenarios there too.

The good news is regardless of what you mean, there's a common villain.

Malware #1: The Proxy

By far the easiest way for either meaning to happen is malware.

Let's say you have malware of some sort on your machine that turns it into what's called a proxy. That means that some other person could use that malware to connect to the illegal site through your machine.

The malicious use configures his browser to route all of his internet access through your machine. That means that whatever site he's accessing "looks like" it's being accessed by your machine.

If he accesses an illegal site, then it's your machine that then connects to the illegal machine on their behalf.

"Bottom line: keep your machine and internet connection secure ..."

And of course that would make it look like the machine at your IP address had accessed the illegal site.

Malware #2: The Gateway

This time we'll say you have malware on your machine that turns it into a "pass through web server", or gateway.

This is similar to a proxy, in that people access your machine to get at the illegal content and your machine is the one that connects to the illegal site.

In the gateway scenario the malware implements a kind of web server that simply passes through all the requests and responses to and from an illegal site. Anyone who accesses, say, http://your.ip.address, would get the content from the illegal site as your machine acts as a pass-through gateway.

In this scenario, not only is your machine (and IP address) accessing the illegal site to fetch the content to be passed through, but it also looks like it's hosting the site, since the requests for the illegal content are being made of your machine (at your IP address) and your machine it returning that content - even though it had to go elsewhere to get it.

Malware #3: The Mirror

In this scenario the malware actually copies some or all of the content from the illegal web site to your machine (or carries with it that content that is then placed on your machine when infected). The malware then sets up a fairly simple web server on your machine that then serves up the illegal content.

In this scenario it looks like your machine (at your IP) is hosting the illegal content - because it is.

Maybe-Malware #4: Other Sites

When you visit a web site it may load its contents from several other web sites.

A good example is Ask Leo!. While you visit to view the articles, many pieces are coming from completely different sites and servers. The logo image, for example, comes from

In that same way you could visit a site that pulls some of its content from the illegal site, and it would appear as your machine and IP address requesting that content.

More often than not this can happen when the site you're visiting has itself been compromised and malicious pages or software installed on it.

Malware: Prevention Is The Best Solution

As you can guess, all of the above can happen without your knowledge if you've allowed your machine to become infected with malware.

Unfortunately the simply platitude - "so, just don't get infected with malware" - is more complex than it sounds. The standard litany of internet security applies:

  • Use a firewall

  • Use anti-malware software

  • Keep your system up to date

  • Keep the anti-malware software up-to-date

  • Don't invite malware onto your machine by downloading or opening things you're not certain of

There's a more complete list in my article Internet Safety: How do I keep my computer safe on the internet?

Scenarios Without Malware

The most common scenario where your computer or IP address might show up as having accessed an illegal web site - or any website you didn't access yourself, is someone else.

  • Someone else used your computer while you weren't watching

  • Someone else connected to the same router as you appears on the internet as the same IP as you (quite common, actually, if your WiFi is not protected with a password)

Bottom line: keep your machine and internet connection secure - both in terms of software, and who you allow to access them.

Article C4669 - December 3, 2010 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?


Robert Young
December 5, 2010 1:51 PM

Most helpful as my ip address was compromised whereby I had a visit from authorities very embarassing
lesson learnt the hardway
thanks for this excellent info

John L Brown
December 7, 2010 6:46 PM

Some free, though adequate, anti-malware, and perhaps, anti-virus software do not have real-time protection, therefore make sure yours does. If not, seek, and research well established software that has real-time capabilities. Before running a scan be sure to update the definitions, even if the program indicates that it is up to date. Virtually every time my software indicates that it is up to date, when I select the update option, new definitions are actually available for downloading. I don't know why this is the case. In addition, I run a scan every night; cycling amongst the different anti-malware program I use, occasionally finding serious infections that my scheduled scans missed. Now that I think about it, make sure your software is scheduled to scan your computer regularly. I can't suggest how often. After attempting to update the definitions, I will manually perform a scan at least once a day, as well as every night, in that I use the internet quite a lot. I believe these suggestions are reasonable, if not advisable.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.