Top10VPN is editorially independent. We may earn commissions if you buy a VPN via our links.
What Can Someone Do with Your IP Address?
Simon Migliano
Simon Migliano is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times and more. Read full bio
Your IP address directly reveals your ISP, city, and approximate location. This can be used to monitor your browsing activity, restrict your access to certain websites, and personalize advertisements to your device. However, if your IP address is exposed to a bad actor, you may also be at risk of malicious attacks including DoS, vishing, or swatting attacks.
An IP (Internet Protocol) address is a unique numerical label used to identify a device. Every routing device gets allocated a different IP address, similar to a social security number. It’s an essential part of internet communication.
Your public IP address is assigned to your device by your internet service provider (ISP). It allows your device to send and receive traffic across the internet, and can be used to track your activity and location. To find out your public IP address, use our IP checker tool.
A typical IPv4 address will look something like this: 192.0.4.235.
Most people know that your IP address can reveal sensitive information, including your city and ZIP code. But what exactly can people do with your IP address
SUMMARY: What Someone Can Do with Your IP Address:
Find your approximate location. Your IP address can reveal your country, ISP, city, time zone, and potentially even your ZIP code.
Restrict your access to websites. The content available to you is dependent on your IP address and location. Streaming services can block your IP address to abide by copyright laws.
Perform a Denial of Service (DoS) attack. This works by sending copious amounts of traffic to your IP address, causing your router to crash. If you are hit by a DoS attack while playing a video game, you will be kicked offline.
Scan for open ports. This allows hackers to identify whether your device is vulnerable to online attacks.
Progress a doxing attack. This uncovers your real identity and personal information, which is then released to the public. With this information, someone can launch a swatting attack by sending emergency services to your address.
Steal your personal information by conducting a vishing attack. Criminals can call your ISP and attempt to impersonate you. If they are successful, your ISP may disclose your personal information.
Personalize ads through IP targeting. Advertisers can build unique profiles of users and send advertisements to devices associated with a specific IP address.
EXPERT TIP: Without a VPN, your IP address is exposed and your online privacy is compromised. We recommend using ExpressVPN to prevent this. It’s a secure VPN service that is equipped with a kill switch to ensure your IP address remains hidden.
11 Things People Can Do with Your IP Address
Your IP address is only useful to certain parties. Your ISP and the websites you visit can use it to track your browsing activity and restrict your access to certain services. However, there’s much less a single individual can do with your IP address.
As they are primarily used as an identifier, your IP address itself cannot be hacked. In fact, in most circumstances, an IP address alone is not enough to carry out a cyberattack. However, it can be combined with other tactics to discover sensitive personal information, including your name and address.
Here’s a list of the most important things someone can do with your IP address:
Every time you browse the internet, your data is recorded. This includes:
The device used
Your geographic location
The websites you visit
The amount of time spent on each website
If you are located in the US, your ISP has the right to sell your data to businesses for ad serving, essentially making profit with your data without sharing it with you. This is also a threat to your privacy as third parties can use it to target you with tailored ads.
2. Log Your Website Visits
Every time you visit a website, your IP address is visible to the website host. This is required so that the server can send back the requested information to your device.
Websites and analytics programs use your IP address to track your activity on their website. This includes:
What pages you have viewed
How long you have stayed on each page for
The browser you are using
The number of returning visitors
Your geographic location
When visiting a website, you also may be asked to accept cookies. This is a small file of data used to identify and track your device to create a more personalized experience when browsing the web.
Google’s website explains how they use cookies for rendering and personalizing ads.
If you accept the website cookies, information such as your username and password will be saved on the web browser.
3. Find Your ISP and Approximate Location
Your IP address reveals information about your approximate location. It exposes the city, ZIP code, time zone of the router you are connected to, and the ISP you are using. In fact, anyone with access to your IP address can find all of this information using a simple IP lookup tool.
Your IP address reveals your approximate location.
Used alongside other identifying information, someone may be able to use your IP address to find your exact location.
For example, social media leaves a trail of personal information. A criminal can use these digital breadcrumbs alongside your IP address to work out your exact geographical location.
4. Restrict Access to Websites and Streaming Services
Every time you visit a website, your IP address and subsequently your geographic location is visible to the web server. This allows websites to restrict your access to content according to your IP and physical location, a process known as geoblocking.
Due to copyright laws and royalties, streaming services such as Netflix use this method to regulate your access to content depending on your location. This means someone living in the US has access to a different content library compared to someone living in the UK.
Users in the UK and US have access to different libraries on Netflix.
If you travel abroad for an extended period, the content available to you will change as you’re accessing the service from a different location. You can use a VPN to unblock geo-restricted content on Netflix.
5. Scan for Open Ports
Open ports are an important part of internet communication. They allow inbound communication from the public internet, and – with a highly restrictive firewall – outbound communication from a private network to the public internet.
On most consumer routers, outbound ports are open by default. For example, TCP/UDP port 53 is open to allow DNS lookups, and TCP port 80 and 443 are open to allow communication with external websites.
However, malicious actors can exploit open inbound ports in an effort to send malware to your device. This can result in unauthorized access to your personal information.
Nmap is a program used to scan for open ports.
If someone has access to your IP address, they can scan for open ports using a program such as Nmap. This will reveal which ports are open and available for exploitation.
6. ‘Vishing’ Attacks
A vishing attack is a fom of social engineering used by malicious actors to deceive a victim into disclosing personally identifiable information (PII) over the phone.
If someone knows your IP address, they can identify your ISP and attempt to impersonate you by calling your provider. Telecom operators have access to your personal information and can reveal sensitive information about you.
This attack is much less common now compared to the early days of the internet. A hacker would require your full name to be successful, and most telecom operators will not give out personal information without going through security checks first.
7. Personalized Advertising and IP Targeting
Online advertising companies can define and target a specific audience based on their location and IP address.
IP targeting is an extremely efficient way for advertisers to target certain individuals or demographics without wasting their marketing budget. Some businesses even create personalized content to target individual households, offices, or schools.
8. DoS or DDoS Attacks
Online gaming platforms are a huge target for cyber attacks. When you play a video game online, your IP address is visible to the game’s server, and sometimes other players, depending on the game you are playing.
DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks are amongst the most common IP-based cyberattacks, especially for Xbox and PlayStation users.
These attacks operate by sending huge volumes of traffic to your IP address in an attempt to overwhelm your network or web server.
A DoS attack is carried out by a single system, whereas a DDoS attack is initiated by multiple sources. Consequently, a DDoS attack tends to be faster and more severe.
The Xbox support page suggests using a VPN to protect yourself from DoS attacks.
DoS and DDoS attacks create lag spikes or cause your server to crash completely. As a result, you will be evicted from the game and lose any progress made. While this will not result in permanent damage to your device, it can be annoying.
Users are at greater risk of these attacks when playing games that support private third-party servers, such as Minecraft, as your IP address is visible to the server host and possibly other players.
EXPERT TIP: DDoS attacks are particularly common in the gaming community. If you want to protect your IP address on Xbox or PlayStation, we recommend using a top-rated VPN for gaming.
9. Doxing Attacks
Doxing is a social engineering technique used to find out your personal information and disclose it to the public without your consent. This information could include your name, address, school or workplace, or even personal photos.
Just like DDoS attacks, Doxing is particularly common in gaming communities and on streaming platforms like Twitch.
When you play multiplayer games, someone can use your IP address and username to find your location and social media accounts. This information can then be assembled and released online.
This technique is also used by hacktivists to expose anonymous users who have acted negatively online.
10. ‘Swatting’ Attacks
Swatting involves sending emergency services to a victim’s address under false pretenses. It involves falsifying high-risk situations such as a bomb threat, murder, or hostage situation.
Victims of swatting attacks are often online gamers and Twitch streamers who have failed to hide their IP address. Here, social engineering and doxing are used to locate the victim’s address.
Although swatting is usually initiated as a prank, it is an illegal act that seriously wastes police time and, in extreme circumstances, can be fatal.
11. IP Address Bans
An IP ban is a server-level action that blocks requests from specific IP addresses. They’re usually issued by websites and gaming servers to ban users who breach the terms of service.
If your IP gets banned, you will no longer be able to visit the website or connect to the game, because your IP has been blacklisted by the provider.
IP bans may occur if you exploit the rules of the game.
Any network can block an IP address. For example, IP bans are commonly used to enforce state censorship, as they allow governments to restrict residents from accessing certain websites.
How Can Someone Find Your IP Address?
Your IP address acts as your passport to the internet. It is used in every interaction you make with another user, server, or website online.
This means when you use the internet, you leave digital footprints everywhere. In fact, you reveal your IP address every time you visit a website.
As such, it’s fairly easy for someone to find your IP address if you do not change your browsing habits.
Here is a list of the easiest ways someone can find your IP address:
If You Visit a Website
When you browse the internet, your connection is routed directly from your device to the server hosting the website you’re visiting. That means every time you visit a website, your IP address is visible to the web server.
The web server needs to know your IP address to send back data to your device. In many cases, it will also log your IP address to record your visit. This includes social media sites such as Facebook, Instagram and Snapchat.
If You Send An Email
Every email you send contains a message header. This includes information about the email you’ve sent, including the sender, the recipient, and the date the email was sent.
Depending on your email provider, the message header can also contain your public IP address. However, in most cases, it will only contain the IP address of the email server.
An example of a message header on a Gmail account.
Our tests have found Gmail, Outlook, and Yahoo do not leak your IP address. We recommend using these providers to ensure your IP address is protected.
If Someone Has Access to Your Device
It’s possible for someone to find your IP address if they have access to your device or home network by using an IP checker. These tools reveal information such as your IP address and your approximate location.
If someone were to get hold of your personal device, they can find out your IP address by following these steps:
If two devices are connected to the internet via the same router, they will share the same IP address. However, their private IP address will remain different.
Similarly, If someone is connected to your home network, they can use their own device to expose your IP address because both devices are sharing the same internet connection.
IP Grabbing
IP grabbing is a technique used to expose someone’s IP address without the victim’s consent. Although tracing an IP address is legal, IP grabbing is used to initiate illegal acts such as DoS attacks or vishing attacks.
IP grabbing usually involves a third-party service like Grabify. These programs are known as IP grabbers.
Grabify is used to expose IP addresses without consent.
IP grabbers are links to websites that log your IP address. If you click the link, your IP and associated information will be visible to the person that created the tracking link. These links are often sent on social media or in chat boxes in video games.
Online Gaming
Every time you play a video game, your IP address is visible to the gaming server. Without an IP, the server would not know where to send back the information needed to play the game.
You can find your IP address in the advanced settings menu on Xbox One.
Transactions between players are logged, to protect users against hackers and online abuse. This means if a player breaches the terms of service, they can be identified by their IP address and hit with an IP ban.
Additionally, peer-to-peer (P2P) games operate by establishing a direct connection between players. This means your IP address will be shared with other players to allow communication within the game.
How to Prevent Your IP Address from Being Exposed
IP addresses are an integral part of internet communication. They allow devices to send and receive information across the internet however, there are several risks associated with individuals and businesses knowing your IP address.
As such, it’s important to hide your IP address to improve your online security, protect your privacy and increase your online freedom.
Here’s a list of the most effective ways to conceal your IP address and protect your data:
1. Use a VPN Service
The best way to hide your IP address is to use a trusted VPN service. It protects your privacy and internet freedom by encrypting all traffic from your device and hiding your public IP address from third parties.
When browsing the web, your traffic is routed through a remote VPN server before it is sent to the web server of your desired website.
When information is sent back to your device, it is again routed through the VPN server. This means the IP address of the VPN server is visible to the web server, not your IP address.
Only the IP address of the VPN server is visible to the website server.
We recommend using ExpressVPN. It is a premium VPN service that combines a virtually no-logs policy with fast speeds and great usability. ExpressVPN offers advanced security features including a kill switch that ensures your IP address will not leak.
EXPERT TIP: To protect your IP address from websites, applications, and web service providers, use our IP leak tool. We test to see if your VPN is working correctly. This will prevent your true IP address from being exposed.
2. Use an Anonymous Web Proxy
A web proxy is a server that acts as an intermediary between your device and the internet. Like VPN software, when you use an anonymous proxy to browse the web, your traffic is routed through the proxy server before your request is sent to the internet. Usually, most VPN browser extensions are anonymous web proxies.
Once your request has reached the desired website, your traffic is routed back through the same proxy server, before your device receives the information.
The website server will only see the IP address of the proxy server, allowing you to browse the web without exposing your IP address.
However, if you use a normal web proxy, each request from the proxy server to the web server will include an x-forwarded-for header. This will include your original IP address and the URL request may be written to the proxy server’s access logs.
It’s worth mentioning that, unlike a VPN, a proxy only protects the browser that is in use and it does not natively encrypt your traffic. This makes this method unsuitable if you are handling sensitive data or if you’re really concerned about your privacy.
3. Enable Your Firewall
A firewall is a network security feature that monitors the traffic flowing to or from your network based on a set of predefined security rules. It protects your device by blocking unidentified traffic. Advanced firewalls will additionally scan for malicious code to provide an extra layer of security.
If someone gets hold of your IP address, a firewall will work to prevent unauthorized access to your device and protect against malware. It can operate on both your personal device and your router.
Windows firewall & network protection can be found in the settings menu.
The majority of modern computers come with a built-in firewall. To ensure your firewall is turned on, go to your device’s security setting and enable your firewall.
Don’t forget to update your firewall regularly to ensure your device is always protected against hackers.
4. Change to Mobile Data
When using a cellular device, WiFi and mobile data have different IP addresses. As a result, your phone’s public IP address will change every time you establish a connection via a new network.
If you turn off your WiFi and switch to mobile data, your mobile carrier will assign your phone a new IP address each time you begin a new data session.
Your traffic will route through your device’s cellular network, instead of a WiFi connection meaning a different IP address is visible to the web server.
You can switch to mobile data in your phone’s settings menu.
However, this is a short-term solution as your cell phone’s monthly data allowance will get used up quickly if you do not have unlimited data. Check your monthly data allowance to ensure you do not get charged for extra data.
5. Change Your Browsing Behaviour
To protect your IP address from being exposed to third parties, it’s important to browse the web with caution.
Never click on links you do not trust, especially when using social networking sites or video game messaging services. Malicious actors can send you IP grabbing links that will expose your IP address if the link is clicked on. This will leave your device vulnerable to the risks mentioned above.
Accepting cookies when you visit a website also poses a risk to your privacy as they track your online activity. When asked by a website, you should reject cookies or tailor the permissions to your needs to prevent third parties from accessing your data.
Google explains how to manage cookies in your browser.
Lastly, you should only access HTTPS websites. They provide a layer of encryption that HTTP sites do not offer. This protects your privacy by preventing your ISP from seeing the specific URLs you visit.