Tech Ramblings
Published in

Tech Ramblings

Finding the Owner of an IP Address

While you cannot find the specific owner of an IP address, I’ll look at a few tools to see what IP-related information you can get.

How do I figure out who owns an IP address?

At the risk of coming off as rude: you don’t. There’s a certain amount of information you can get, and I’ll show you shortly, but the level of detail most people want is simply not something that you can get on your own.

Over the years, I’ve received this question repeatedly and for various reasons. Most commonly, it’s from someone who’s being harassed online, and they believe that they have the IP address of the person responsible and now want to track them down.

It’s critically important that you realize that you will not, on your own, be able to get the information you want. The name, location, phone number, email address or any other specific information are simply not available to just any given IP address. Not only can an IP address change or be shared among many computers (and hence people), but the information that you’re seeking is considered private and is protected by the ISP who owns that IP address.

To get that information, you’ll need a legal reason to require it and that typically means a court order of some sort.

However, let’s look at what you can determine from an IP address on your own and a few tools that will help you determine at least the ISP that owns it.

Whois

“Whois” is a service that basically answers the question “who is X” where X is an IP address, a domain name, and several other things.

ARIN, the American Registry for Internet Numbers, is a fine place to start. The ARIN Whois can be accessed from http://whois.arin.net in the upper right corner:

Enter the IP address you’re interested in and press Return. I’ll use 72.104.186.113 (an IP address that I know to be assigned) as my example:

This is pretty typical of what you’ll get: information that identifies the ISP who owns the “block” of IP addresses that contains the IP address that you asked about. In this case, the block is owned by Verizon Wireless and includes all IP addresses from 72.96.0.0 through 72.127.255.255.

With a court order, law enforcement would then approach the ISP for more detailed information about who that IP address was assigned to at the time in question.

Also note that it’s possible that the information presented may point you to a different whois server — ARIN covers IP addresses assigned in North America; there are other services for the rest of the planet.

Reverse DNS

In some cases, reverse DNS can be instructive.

DNS is the mapping of a domain name, like “askleo.com”, to an IP address. Reverse DNS does, as its name implies, the reverse: given an IP address, it finds the domain name that has been assigned as the primary1 identifier.

I’ll use a tool from a third-party vendor this time, http://whois.domaintools.com:

You can see that this gives much of the same information that we’ve seen above, namely the ISP who owns that IP address. But there’s an additional tidbit of information.

113.sub-72–104–186.myvzw.com is the domain name that identifies this IP address. This type of domain name is common for IP addresses which have been assigned to consumers and small businesses for internet access. You can see that “myvzw” is an additional clue to which ISP provides this IP address: Verizon Wireless.

Occasionally you may find things in the reverse DNS that might lead you to some additional theories about the IP’s ownership including, perhaps, an actual domain name for an actual web site, or some kind of encoded general location.

GEOIP

Looking at the report from domaintools.com, you can see that it references “United States Newark Verizon Wireless” as the IP location. Needless to say that’s incorrect. It reflects the location of the ISP, Verizon Wireless, but does not actually refer to the location of whatever equipment is connected and using that IP address.

We may be able to get a little closer.

A company called MaxMind provides geographic location information based on IP addresses to businesses. They used to have a page on which you can test their technology2, and here’s what they displayed for the IP address I entered:

Here you can see that the scope has narrowed somewhat. The location is listed as “Chattaroy, Washington”.

We’re getting closer, but not much. MaxMind has correctly identified the state where this IP has been assigned. The city of Chattaroy, however, is several hundred miles on the other side of the state from where that IP address is actually in use.

This is common. For most normal, residential or small business connections most of the publicly available information is accurate only to the state. Occasionally, depending on how the ISP has constructed their network, you may be able to get to the correct city or neighborhood. It is possible, just not common, and there’s no real way to know just how accurate the information is when you get it.

IP sharing

Particularly when it comes to web servers and web hosting, it can sometimes be instructive to see what other domains might be hosted at the same IP address and server.

We’ll use http://whois.webhosting.info for this look-up.

A lookup of a residential or other IP assigned for internet access is unlikely to return any results (and in fact, a lookup of 72.104.186.113 returned none), so we’ll use another IP address — that of askleo.com, 67.225.235.59:

(This search can be slow — the information in DNS is not optimized at all for this kind of look-up.)

As you can see, it reflects that askleo.com and 51 other domains are on the same server and share the same IP address. (Yes, I have several domains, and host a few for close friends as well.)

If you do this kind of IP lookup on an account at a shared hosting service, you might find that the site shares an IP with perhaps hundreds or even thousands of other websites.

Depending on the type of hosting being used, you may or may not draw conclusions from the list of sites returned. In my case, it’s a fairly safe bet that askleo.com and pugetsoundsoftware.com (on the same server) are related. However, if the IP is shared with hundreds of other sites at a shared hosting location, then no inferences can really be made.

This probably wasn’t what you wanted…

While I’ve shown you several tools that you can use to gather information about an IP address, and there’s a fair amount of information based on the most common questions, I totally understand that it’s still not enough.

Most people want the name of the person who owns an IP address, their physical address, their email address or their phone number. You can’t get there from here. The ISP provides that internet service to someone, it’s true, but they will not release that information, and that information is not available publicly. You’ll need the assistance of the courts, law enforcement, and possibly overseas law enforcement if the IP address is located in another country.

And when you think about it, that’s exactly as it should be.

If the tables were reversed, you really don’t want random people tracking you down by your IP address, now do you?

This article originally appeared on Ask Leo! where you’ll always find updates as well as the most vibrant discussion. For the latest, subscribe now to The Ask Leo! Newsletter and get a copy of The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition. This ebook will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Leo Notenboom

Leo Notenboom

Former software engineer at Microsoft for 18 years, now sharing my passions, answering questions & helping folks with technology. askleo.com (since 2003)