How To: Find IP Address Owner

by on July 24, 2009 · 24 comments· LAST UPDATED July 24, 2009

in , ,

I'm getting lots of spam from few IPs. How do I find the owner of an IP address and report them to concern parties?

All public IP address on the Internet is registered to ISP or an owner or a larger organization. Each IP address is recorded in the whois database. You can query this database to get owner name, phone, email address and so on the Internet using whois command line client.

Find IP Address For A Host Name

For instance to find the IP address for a www.cyberciti.biz open a command line and type in:
host www.cyberciti.biz
or
nslookup www.cyberciti.biz
Sample Outputs:

www.cyberciti.biz has address 74.86.48.99
www.cyberciti.biz has IPv6 address 2607:f0d0:1002:11::4

74.86.48.99 is IPv4 address and 2607:f0d0:1002:11::4 is IPv6 address for www.cyberciti.biz hostname.

whois - Client For The Whois Directory Service

Type the following command to find out the owner of an IP address called 74.86.48.99:
$ whois 74.86.48.99
Sample Outputs:

OrgName:    SoftLayer Technologies Inc.
OrgID:      SOFTL
Address:    1950 N Stemmons Freeway
City:       Dallas
StateProv:  TX
PostalCode: 75207
Country:    US
ReferralServer: rwhois://rwhois.softlayer.com:4321
NetRange:   74.86.0.0 - 74.86.255.255
CIDR:       74.86.0.0/16
OriginAS:   AS36351
NetName:    SOFTLAYER-4-4
NetHandle:  NET-74-86-0-0-1
Parent:     NET-74-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.SOFTLAYER.COM
NameServer: NS2.SOFTLAYER.COM
Comment:    abuse@softlayer.com
RegDate:    2007-05-16
Updated:    2007-11-14
RAbuseHandle: ABUSE1025-ARIN
RAbuseName:   Abuse
RAbusePhone:  +1-214-442-0605
RAbuseEmail:  abuse@softlayer.com
RNOCHandle: IPADM258-ARIN
RNOCName:   IP Admin
RNOCPhone:  +1-214-442-0600
RNOCEmail:  ipadmin@softlayer.com
RTechHandle: IPADM258-ARIN
RTechName:   IP Admin
RTechPhone:  +1-214-442-0600
RTechEmail:  ipadmin@softlayer.com
OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-214-442-0605
OrgAbuseEmail:  abuse@softlayer.com
OrgTechHandle: IPADM258-ARIN
OrgTechName:   IP Admin
OrgTechPhone:  +1-214-442-0600
OrgTechEmail:  ipadmin@softlayer.com
# ARIN WHOIS database, last updated 2009-07-23 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
Found a referral to rwhois.softlayer.com:4321.
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.74.86.32.0/19
network:Auth-Area:74.86.32.0/19
network:Network-Name:SOFTLAYER-74.86.32.0
network:IP-Network:74.86.48.96/29
network:IP-Network-Block:74.86.48.96-74.86.48.103
network:Organization;I:SoftLayer Technologies, Inc.
network:Street-Address:1950 Stemmons Freeway Suite 2043
network:City:Dallas
network:State:TX
network:Postal-Code:75207
network:Country-Code:US
network:Tech-Contact;I:sysadmins@softlayer.com
network:Abuse-Contact;I:abuse@softlayer.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20070708
network:Updated:20071205
network:Updated-By:ipadmin@softlayer.com
%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 24 comments… read them below or add one }

1 Ahmed July 24, 2009 at 8:53 pm

It doesn’t work if the spammer is sending spams from poor country.
So what is the best solution ?
Ignore him.

Reply

2 nixCraft July 24, 2009 at 10:32 pm

Block IP address using iptables or pf firewall.

Reply

3 burmese July 25, 2009 at 6:40 pm

I never recommend banning IPs, which is never a reliable solution these days.
Even sending abuse report mail to network/ip owner is worthless as these emails are not monitored.
What’s more, even calling that phone number is in vain.

The must-do is to patch your hole.

Reply

4 Alok Khode July 27, 2009 at 7:30 am

We have to follow different ways: Block the IP in f/w, Set some rule/policy in Spam control software, black list/while list mailid. For this to be done, we have to understand header of the mail at microlevel. But its a horse race between spammer and mail admin!!!!

Reply

5 joecoder July 28, 2009 at 3:34 am

>>Block IP address using iptables or pf firewall.
This is useless. Spam originates in hell, but it is your email provider that delivers it to you.
To block spam, you need a spam blocking package… which is dependent on your email client. Or if you run an email server, is dependent on your email server.
Do some googling and see what people recommend for your email situation.

Reply

6 techbrainless August 20, 2009 at 10:11 pm

Very great and interesting post. Thanks alot.

Reply

7 carolyne cowan September 25, 2009 at 7:53 am

How do I stop vicious, pornographic and violent spam being posted onto my website.
I have gone down the road of tracing IP addresses, but they are all from Proxy services.
I have a stat counter which gives me the IP address of all who have visited my site, even for a second, but these eroneous insertions do not show up. They are accessing it somehow else.
I have sent emails to the abuse@ addresses but again with no response.
I have contacted my website builder (BlueVoda) and they say they do not have a script on the guestbook which can stop these things from happening, but gave me some computer jargon about a script opening up in notebook etc….might have well been speaking Klingon!!!
Is there a simple way to stop these insertions. I am worried about them as some are pornographic (offering Eastern Block women doing all sorts of things) and I get a lot of kids looking at my site…and fear they will see these.
I clear at least one a day from my guestbook
Thank you for any help.
Carolyne

Reply

8 nixCraft September 25, 2009 at 11:35 am

Protect your webpage with a Captcha , which is nothing but a type of challenge-response test used by you to ensure that the response is not generated by a bot. See example below:
http://www.cyberciti.biz/faq/php-captcha-class-simple-php-captcha-example/

Reply

9 sumit November 13, 2009 at 8:45 am

I just want to know one thing if i have someones I.P. address can I get his or hers personal details by that i.e. email address, name, phone nos, etc

Reply

10 Indie Rahama January 27, 2012 at 9:25 pm

Please i want to find out who has this ip address. The sender has been threatening to pour me acid: 178.239.85.7

Reply

11 Glen May 4, 2012 at 4:52 pm

It’s somebody with a blackberry in the UK.

Reply

12 sameer_13 October 11, 2012 at 7:20 am

178.239.85.7 belongs to RIMBLACKBERRY3 ,……. Research In Motion UK Limited
address:-295 Phillip St., Waterloo, ON, CANADA N2L 3W8

Reply

13 casandra April 16, 2013 at 2:34 am

With ip address info, how did you get the person’s name and postal address ?

Reply

14 J February 19, 2012 at 2:59 pm

So where do I type in
“$ whois 74.86.48.99″?

Reply

15 Glen May 4, 2012 at 4:55 pm

This one traces to:

SoftLayer Technologies Inc.
Dallas Texas

Reply

16 Saumitra April 1, 2012 at 3:09 am

“$ whois” is not working.m having windows 7(64-bit).Now what do i do?

Reply

17 tik August 21, 2012 at 2:20 am

I have some ones IP address… I need to know his/her address email. Can some one help me how can find the details.. plz..?

Reply

18 prema October 11, 2012 at 7:39 pm

I am getting dirty, threatening emails from IP 190.58.178.87, 190.58.193.230 &
127.1.0.0 can anyone trace these addresses to person, email, location, anything
please….

Reply

19 Tamtam March 1, 2013 at 2:41 am

Please find the address of this IP address and name and any other info I am being harassed thank u 24.192.137.13 ip address

Reply

20 Malu March 7, 2013 at 6:20 am

Please let me know the owner and other info of this IP address as this IP address is trying to hack my account.
IP Address: 223.182.220.202

Reply

21 KEN June 4, 2013 at 9:03 pm

96.233.116.141, PLS TRACE THIS IP FOR ME COS THE GUY HACKED ME TIME AFTER TIME

Reply

22 David August 1, 2013 at 7:39 am

Please help me. My daughter has run away and all I know is she is at 70.196.3.10

please help me find her

Reply

23 Nob August 1, 2013 at 9:44 am

Contact your local PD. BTW, that ip belongs to verizon wireless.

Reply

24 Mark October 1, 2013 at 11:43 am

Please help!! This person has harassed me for two years and I’ve tried everything, I need to know name or address. Thank you so much if you help!
88.112.228.179

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: