Helping people with computers... one answer at a time.
While you cannot find the specific owner of an IP address, I'll look at a few tools to see what IP-related information you can get.
How do I figure out who owns an IP address?
It's critically important that you realize that you will not, on your own, be able to get the name, location, phone number, email address or any other specific information with just an IP address. Not only can an IP address change or be shared among many computers (and hence people), but the information that you're seeking is considered private and is protected by the ISP who owns that IP address.
To get that information, you'll need a legal reason to require it and that typically means a court order of some sort.
Let's look at what you can determine from an IP address on your own and a few tools that will help you determine at least the ISP that owns it.
I'm going to use several different tools in this example because each provides valuable information, even though they might overlap quite a bit as well.
"Whois" is a service that basically answers the question "who is X" where X is an IP address, a domain name, and several other things.
ARIN, the American Registry for Internet Numbers, is a fine place to start. The ARIN Whois can be accessed from http://whois.arin.net in the upper right corner:
Enter the IP address you're interested in and press Return. I'll use 188.8.131.52 (an IP address that I know to be assigned, but at this writing, is unused) as my example:
This is pretty typical of what you'll get: information that identifies the ISP who owns the "block" of IP addresses that contains the IP address that you asked about. In this case, the block includes all IP addresses from 184.108.40.206 through 220.127.116.11.
With a court order, law enforcement would then approach the ISP for more detailed information about who that IP address is assigned to.
Also note that it's possible that the information presented may point you to a different whois server - ARIN covers IP addresses assigned in North America; there are other services for the rest of the planet.
In some cases, reverse DNS can be instructive.
DNS is the mapping of a domain name, like "ask-leo.com", to an IP address. Reverse DNS does, as its name implies, the reverse - given an IP address finds the domain name that has been assigned as the primary identifier.
I'll use a tool from a third-party vendor this time, http://whois.domaintools.com:
You can see that this gives much of the same information that we've seen above, namely the ISP who owns that IP address. But there's an additional tidbit of information.
h-64-105-215-206.sttnwaho.static.covad.net is the domain name that identifies this IP address. This type of domain name is common for IP addresses which have been assigned to consumers and small businesses for internet access. You can see that it begins with the IP address, "sttnwaho", which is something that the ISP dreamed up (I believe it identifies in part the IP address as being assigned to a location in Washington state), "static" meaning it's a statically assigned IP address, and then "covad.net", the domain of the ISP.
Sometimes, as I did with the "wa" in "sttnwaho", you may find things in the reverse-DNS that might lead you to some additional theories about the IP's ownership.
Looking at the report from domaintools.com, you can see that it actually includes the phrase "United States Seattle" as part of the IP Location. Geographic location of IP addresses (or GEO-IP) is notoriously inaccurate at a fine scale - this is 10 miles off, for example - but can sometimes be usefully at a less granular scale. The country is typically correct, for example.
A company called MaxMind, who provides geographic location information based on IPs to businesses has a page on which you can test their technology: http://www.maxmind.com/app/locate_demo_ip. Here's what they displayed for the IP address I entered:
We're getting closer. MaxMind has correctly identified the city where this IP has been assigned and the company to which it has been assigned. By now, you can see that this is an IP address currently assigned to my company, Puget Sound Software, LLC.
There are two problems...
The latitude and longitude are wrong. I believe that they represent a generic "geographical center of Woodinville" and are still a few miles off of being correct.
These results are not typical. The fact that I have a particular kind of business connection, and in fact am running a business contributes to more accurate information being available - as inaccurate as it may in fact be.
For a normal, residential connection, you'd be lucky to get the correct city or neighborhood. It's possible, just not common.
Particularly when it comes to web servers and web hosting, it can sometimes be instructive to see what other domains might be hosted at the same IP address and server.
We'll use http://whois.webhosting.info/ for this look-up.
A lookup of a residential or other IP assigned for internet access is unlikely to return any results (and in fact, a lookup of 18.104.22.168 returned none), so we'll use another IP address - that of ask-leo.com, 22.214.171.124:
(This search can be slow - the information in DNS is not optimized at all for this kind of look-up.)
As you can see, it reflects that both ask-leo.com and pugetsoundsoftware.com are on the same server and share the same IP address.
If you do this kind of IP lookup on an account at a shared hosting service, you might find that the site shares an IP with perhaps hundreds of other websites.
Depending on the type of hosting being used, you may or may not draw conclusions from the list of sites returned. In my case, it's a fairly safe bet that ask-leo.com and pugetsoundsoftware.com are related. However, if the IP is shared with hundreds of other sites at a shared hosting location, then no inferences can be made.
While I've shown you several tools that you can use to gather information about an IP address and there's a fair amount of information based on the most common questions, I get that it's still not enough.
Most people want the name of the person who owns an IP address, their physical address, their email address or their phone number.
You can't get there from here.
You'll need the assistance of the courts, law enforcement, and possibly overseas law enforcement if the IP address is located elsewhere.
And when you think about it, that's as it should be.
If the tables were reversed, you really don't want random people tracking you down by your IP address (which my server believes is 126.96.36.199), now do you?
(This is an update to an article originally published July 19, 2004.)
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.