An Internet Protocol (IP) address is an identifier associated with a device (e.g., a computer, printer, router, mobile device, or Internet-of-Things (IoT) device) connected to a Transmission Control Protocol/Internet Protocol (TCP/IP) network. TCP/IP refers to the conceptual model and communications protocols used by the Internet and similar computer networks. An IP address may be associated with hardware such as network interface card (NIC) on the associated device or with a virtual resource executing on the device (e.g., in a virtual local area network).
There are several versions of Internet protocol, such as version 4 (IPv4, which defines an IP address as a 32-bit number) and version 6 (IPv6, which defines an IP address as a 128-bit number). The Internet Assigned Numbers Authority (IANA) has assigned IP addresses to five regional Internet registries (RIR) in blocks of approximately 16.8 million addresses each. Those IP address space are assigned to end users and local Internet registries (Internet service providers). Each Internet service provider or private network administrator assigns IP addresses to each device connected to the provider's respective network. The assignments may be static or dynamic.
Like all devices connected to the Internet, hosts that distribute malware have IP addresses. Once a host is known to be malicious, the host's IP address can be added to a blacklist to apprise other network users of the danger of communication with that host. In some cases, a malicious host's physical location is not immediately known. However, since the host has an IP address, methods for detecting geographical location based on IP address can be useful for tracking down the hardware from which malicious content is distributed.