Helping people with computers... one answer at a time.

While you cannot find the specific owner of an IP address, I'll look at a few tools to see what IP-related information you can get.

How do I figure out who owns an IP address?

It's critically important that you realize that you will not, on your own, be able to get the name, location, phone number, email address or any other specific information with just an IP address. Not only can an IP address change or be shared among many computers (and hence people), but the information that you're seeking is considered private and is protected by the ISP who owns that IP address.

To get that information, you'll need a legal reason to require it and that typically means a court order of some sort.

Let's look at what you can determine from an IP address on your own and a few tools that will help you determine at least the ISP that owns it.

I'm going to use several different tools in this example because each provides valuable information, even though they might overlap quite a bit as well.

Whois

"Whois" is a service that basically answers the question "who is X" where X is an IP address, a domain name, and several other things.

ARIN, the American Registry for Internet Numbers, is a fine place to start. The ARIN Whois can be accessed from http://whois.arin.net in the upper right corner:

ARIN whois search box

Enter the IP address you're interested in and press Return. I'll use 64.105.215.206 (an IP address that I know to be assigned, but at this writing, is unused) as my example:

whois lookup of an IP address

This is pretty typical of what you'll get: information that identifies the ISP who owns the "block" of IP addresses that contains the IP address that you asked about. In this case, the block includes all IP addresses from 64.105.0.0 through 64.105.255.255.

With a court order, law enforcement would then approach the ISP for more detailed information about who that IP address is assigned to.

Also note that it's possible that the information presented may point you to a different whois server - ARIN covers IP addresses assigned in North America; there are other services for the rest of the planet.

Reverse DNS

In some cases, reverse DNS can be instructive.

DNS is the mapping of a domain name, like "ask-leo.com", to an IP address. Reverse DNS does, as its name implies, the reverse - given an IP address finds the domain name that has been assigned as the primary identifier.

I'll use a tool from a third-party vendor this time, http://whois.domaintools.com:

Whois information from domaintools.com

You can see that this gives much of the same information that we've seen above, namely the ISP who owns that IP address. But there's an additional tidbit of information.

h-64-105-215-206.sttnwaho.static.covad.net is the domain name that identifies this IP address. This type of domain name is common for IP addresses which have been assigned to consumers and small businesses for internet access. You can see that it begins with the IP address, "sttnwaho", which is something that the ISP dreamed up (I believe it identifies in part the IP address as being assigned to a location in Washington state), "static" meaning it's a statically assigned IP address, and then "covad.net", the domain of the ISP.

Sometimes, as I did with the "wa" in "sttnwaho", you may find things in the reverse-DNS that might lead you to some additional theories about the IP's ownership.

GEOIP

Looking at the report from domaintools.com, you can see that it actually includes the phrase "United States Seattle" as part of the IP Location. Geographic location of IP addresses (or GEO-IP) is notoriously inaccurate at a fine scale - this is 10 miles off, for example - but can sometimes be usefully at a less granular scale. The country is typically correct, for example.

A company called MaxMind, who provides geographic location information based on IPs to businesses has a page on which you can test their technology: http://www.maxmind.com/app/locate_demo_ip. Here's what they displayed for the IP address I entered:

MaxMind lookup results

We're getting closer. MaxMind has correctly identified the city where this IP has been assigned and the company to which it has been assigned. By now, you can see that this is an IP address currently assigned to my company, Puget Sound Software, LLC.

There are two problems...

  • The latitude and longitude are wrong. I believe that they represent a generic "geographical center of Woodinville" and are still a few miles off of being correct.

  • These results are not typical. The fact that I have a particular kind of business connection, and in fact am running a business contributes to more accurate information being available - as inaccurate as it may in fact be.

For a normal, residential connection, you'd be lucky to get the correct city or neighborhood. It's possible, just not common.

IP sharing

Particularly when it comes to web servers and web hosting, it can sometimes be instructive to see what other domains might be hosted at the same IP address and server.

We'll use http://whois.webhosting.info/ for this look-up.

A lookup of a residential or other IP assigned for internet access is unlikely to return any results (and in fact, a lookup of 64.105.215.206 returned none), so we'll use another IP address - that of ask-leo.com, 67.225.235.59:

Who's at an IP address

(This search can be slow - the information in DNS is not optimized at all for this kind of look-up.)

As you can see, it reflects that both ask-leo.com and pugetsoundsoftware.com are on the same server and share the same IP address.

If you do this kind of IP lookup on an account at a shared hosting service, you might find that the site shares an IP with perhaps hundreds of other websites.

Depending on the type of hosting being used, you may or may not draw conclusions from the list of sites returned. In my case, it's a fairly safe bet that ask-leo.com and pugetsoundsoftware.com are related. However, if the IP is shared with hundreds of other sites at a shared hosting location, then no inferences can be made.

This probably wasn't what you wanted...

While I've shown you several tools that you can use to gather information about an IP address and there's a fair amount of information based on the most common questions, I get that it's still not enough.

Most people want the name of the person who owns an IP address, their physical address, their email address or their phone number.

You can't get there from here.

You'll need the assistance of the courts, law enforcement, and possibly overseas law enforcement if the IP address is located elsewhere.

And when you think about it, that's as it should be.

If the tables were reversed, you really don't want random people tracking you down by your IP address (which my server believes is 54.198.9.77), now do you?

(This is an update to an article originally published July 19, 2004.)

Article C2132 - August 5, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

8 Comments
Will Bontrager
August 9, 2011 11:10 AM

Good stuff, Leo.

An IP address can tell us when the same Internet connection is used repeatedly, such as tracking a browser from page to page in server logs. However, as you said, and contrary to what many hope or believe, tracking down an individual by IP address is nearly impossible.

Steve Burgess
August 9, 2011 11:40 AM

Looking up UP addresses by Geolocation, I've sometimes gotten as close as a couple of miles, and as far as the wrong country.

I'd also like to highlight something you said. You can get the assistance of the courts by asking a judge to issue a subpoena - but you don't have to use law enforcement. If you are being harassed online, or some unauthorized person has gotten into your email account, it is fairly straightforward to get a judge to issue a subpoena to ISP to reveal who a given IP address is assigned to at a given time. At least, that's what attorneys I've worked with on computer forensic cases have told me. Law enforcement has far too much to do than to act on a user's suspicion without evidence of real harm. (May I link to a story about one such case? The Case of the Teacher and the Trickster )

A fun read. Smile
Leo
10-Aug-2011
Snert
August 9, 2011 12:55 PM

TOR will route your e-mail through various and sundry relay 'nodes' (is that the right idea?) so your IP address is anon. So I understand.
Check it out yourself and see.

Dennis Kelley
August 9, 2011 1:45 PM

For fun I googled 67.225.235.59

A couple of clicks later I got:
(I exchanged some numbers with "x's)
Registration Service Provided By: Simple Online Solutions
Contact:
Visit: http://simpleURL.com

Domain name: ask-leo.com

Registrant Contact:
Puget Sound Software
Leo Notenboom ()

Fax:
P.O. Box 2xxx
Woodinville, WA 98072
US

Administrative Contact:
Puget Sound Software
Leo Notenboom ()
+1.20677xxxxx
Fax: +1.20677xxxxx
P.O. Box 2xxx
Woodinville, WA 98072
US

Technical Contact:
Puget Sound Software
Leo Notenboom ()
+1.20677xxxxx
Fax: +1.20677xxxxx
P.O. Box 2xxx
Woodinville, WA 98072
US

Status: Locked

Name Servers:
ns1.pugetsoundsoftware.com
ns2.pugetsoundsoftware.com

Creation date: 05 Sep 2003 23:57:38
Expiration date: 05 Sep 2012 23:57:38

pirate22
August 9, 2011 5:22 PM

ANYONE RECIEVING A E-MAIL-can they determine which Country it came from.
Also im "Miffed"that the country that has been tracked keeps throwing up sites in the foreign language-can this be stopped from haappening

Margaret Louk
August 9, 2011 7:05 PM

I got an add-on for Mozilla Firefox called WorldIP. When you go to a web site it tells you what country it is from, at least it is supposed to. There is a little U.S. flag etc. Very unobtrusive. I would recommend it.

beatrice
December 9, 2011 5:46 PM

My daughter had a very embarrasing moment, her and her friends were trying to start a blog and decided to send out questionares from an idependent email dedicated to the blog for intrest topics. They received back alot of comments and downloaded them into comment sheets on various topics. When they decided to send out another folloe up report the wrong document with some of these comments that had been received was sent by mistake. One of the comments although it did not mention a name was a little racy and was sent to the person it concerned. That person's mother had someone trace the email (she sai# and announced the finding with my name attached at a school meeting. I don't understand how she did this and got my name!! or did this at all?? our service in our home is in my husbands name. From what the girls told me, #i wasn't at the meeting# she mentioned when the email was set up not sent and showed this on some fancy phone. my name was showed with: #Malito). We have since tried to apologize and say there was no maliciosness behing it, but this person tends to be a mean conspiracy theroist and it is just such a headache.

Mark J
December 10, 2011 1:22 AM

@Beatrice
In order to register for an email address, the email provider usually asks for a name and other personal information. If an email is sent out through the webmailer, this name is typically added to all emails sent out. If you use an email program, the name you set up the account with in that program is included in the sent emails. This is a feature, as most people want it that way. If you prefer to remain anonymous, you would have to include a pseudonym.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.