How To: Find IP Address Owner

Posted on in Categories , , , , , , , , , , last updated July 24, 2009

I‘m getting lots of spam from few IPs. How do I find the owner of an IP address and report them to concern parties?

All public IP address on the Internet is registered to ISP or an owner or a larger organization. Each IP address is recorded in the whois database. You can query this database to get owner name, phone, email address and so on the Internet using whois command line client.

Find IP Address For A Host Name

For instance to find the IP address for a open a command line and type in:
Sample Outputs: has address has IPv6 address 2607:f0d0:1002:11::4 is IPv4 address and 2607:f0d0:1002:11::4 is IPv6 address for hostname.

whois – Client For The Whois Directory Service

Type the following command to find out the owner of an IP address called
$ whois
Sample Outputs:

OrgName:    SoftLayer Technologies Inc. 
OrgID:      SOFTL
Address:    1950 N Stemmons Freeway
City:       Dallas
StateProv:  TX
PostalCode: 75207
Country:    US

ReferralServer: rwhois://

NetRange: - 
OriginAS:   AS36351
NetName:    SOFTLAYER-4-4
NetHandle:  NET-74-86-0-0-1
Parent:     NET-74-0-0-0-0
NetType:    Direct Allocation
Comment:    [email protected]
RegDate:    2007-05-16
Updated:    2007-11-14

RAbuseHandle: ABUSE1025-ARIN
RAbuseName:   Abuse 
RAbusePhone:  +1-214-442-0605
RAbuseEmail:  [email protected] 

RNOCName:   IP Admin 
RNOCPhone:  +1-214-442-0600
RNOCEmail:  [email protected] 

RTechHandle: IPADM258-ARIN
RTechName:   IP Admin 
RTechPhone:  +1-214-442-0600
RTechEmail:  [email protected] 

OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName:   Abuse 
OrgAbusePhone:  +1-214-442-0605
OrgAbuseEmail:  [email protected]

OrgTechHandle: IPADM258-ARIN
OrgTechName:   IP Admin 
OrgTechPhone:  +1-214-442-0600
OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2009-07-23 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.

Found a referral to

%rwhois V-1.5:003fff:00 (by Network Solutions, Inc. V-
network:Organization;I:SoftLayer Technologies, Inc.
network:Street-Address:1950 Stemmons Freeway Suite 2043
network:Tech-Contact;I:[email protected]
network:Abuse-Contact;I:[email protected]
network:Updated-By:[email protected]

%referral rwhois://

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

29 comment

  1. I never recommend banning IPs, which is never a reliable solution these days.
    Even sending abuse report mail to network/ip owner is worthless as these emails are not monitored.
    What’s more, even calling that phone number is in vain.

    The must-do is to patch your hole.

  2. We have to follow different ways: Block the IP in f/w, Set some rule/policy in Spam control software, black list/while list mailid. For this to be done, we have to understand header of the mail at microlevel. But its a horse race between spammer and mail admin!!!!

  3. >>Block IP address using iptables or pf firewall.
    This is useless. Spam originates in hell, but it is your email provider that delivers it to you.
    To block spam, you need a spam blocking package… which is dependent on your email client. Or if you run an email server, is dependent on your email server.
    Do some googling and see what people recommend for your email situation.

  4. How do I stop vicious, pornographic and violent spam being posted onto my website.
    I have gone down the road of tracing IP addresses, but they are all from Proxy services.
    I have a stat counter which gives me the IP address of all who have visited my site, even for a second, but these eroneous insertions do not show up. They are accessing it somehow else.
    I have sent emails to the [email protected] addresses but again with no response.
    I have contacted my website builder (BlueVoda) and they say they do not have a script on the guestbook which can stop these things from happening, but gave me some computer jargon about a script opening up in notebook etc….might have well been speaking Klingon!!!
    Is there a simple way to stop these insertions. I am worried about them as some are pornographic (offering Eastern Block women doing all sorts of things) and I get a lot of kids looking at my site…and fear they will see these.
    I clear at least one a day from my guestbook
    Thank you for any help.

  5. Hi there,
    When I try to assign an IP, it says other machine on the network already has it.
    Is there a way I can find out who owns Internal IP like in my internal network?
    I cannot ping it and the nslookup says “server can’t find”.
    Is there any other way?

Leave a Comment