How To: Find IP Address Owner

I‘m getting lots of spam from few IPs. How do I find the owner of an IP address and report them to concern parties?

All public IP address on the Internet is registered to ISP or an owner or a larger organization. Each IP address is recorded in the whois database. You can query this database to get owner name, phone, email address and so on the Internet using whois command line client.

ADVERTISEMENTS

Find IP Address For A Host Name

For instance to find the IP address for a www.cyberciti.biz open a command line and type in:
host www.cyberciti.biz
or
nslookup www.cyberciti.biz
Sample Outputs:

www.cyberciti.biz has address 74.86.48.99
www.cyberciti.biz has IPv6 address 2607:f0d0:1002:11::4

74.86.48.99 is IPv4 address and 2607:f0d0:1002:11::4 is IPv6 address for www.cyberciti.biz hostname.

whois – Client For The Whois Directory Service

Type the following command to find out the owner of an IP address called 74.86.48.99:
$ whois 74.86.48.99
Sample Outputs:

OrgName:    SoftLayer Technologies Inc. 
OrgID:      SOFTL
Address:    1950 N Stemmons Freeway
City:       Dallas
StateProv:  TX
PostalCode: 75207
Country:    US

ReferralServer: rwhois://rwhois.softlayer.com:4321

NetRange:   74.86.0.0 - 74.86.255.255 
CIDR:       74.86.0.0/16 
OriginAS:   AS36351
NetName:    SOFTLAYER-4-4
NetHandle:  NET-74-86-0-0-1
Parent:     NET-74-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.SOFTLAYER.COM
NameServer: NS2.SOFTLAYER.COM
Comment:    abuse@softlayer.com
RegDate:    2007-05-16
Updated:    2007-11-14

RAbuseHandle: ABUSE1025-ARIN
RAbuseName:   Abuse 
RAbusePhone:  +1-214-442-0605
RAbuseEmail:  abuse@softlayer.com 

RNOCHandle: IPADM258-ARIN
RNOCName:   IP Admin 
RNOCPhone:  +1-214-442-0600
RNOCEmail:  ipadmin@softlayer.com 

RTechHandle: IPADM258-ARIN
RTechName:   IP Admin 
RTechPhone:  +1-214-442-0600
RTechEmail:  ipadmin@softlayer.com 

OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName:   Abuse 
OrgAbusePhone:  +1-214-442-0605
OrgAbuseEmail:  abuse@softlayer.com

OrgTechHandle: IPADM258-ARIN
OrgTechName:   IP Admin 
OrgTechPhone:  +1-214-442-0600
OrgTechEmail:  ipadmin@softlayer.com

# ARIN WHOIS database, last updated 2009-07-23 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.


Found a referral to rwhois.softlayer.com:4321.

%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.74.86.32.0/19
network:Auth-Area:74.86.32.0/19
network:Network-Name:SOFTLAYER-74.86.32.0
network:IP-Network:74.86.48.96/29
network:IP-Network-Block:74.86.48.96-74.86.48.103
network:Organization;I:SoftLayer Technologies, Inc.
network:Street-Address:1950 Stemmons Freeway Suite 2043
network:City:Dallas
network:State:TX
network:Postal-Code:75207
network:Country-Code:US
network:Tech-Contact;I:sysadmins@softlayer.com
network:Abuse-Contact;I:abuse@softlayer.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20070708
network:Updated:20071205
network:Updated-By:ipadmin@softlayer.com

%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
29 comments… add one
  • Ahmed Jul 24, 2009 @ 20:53

    It doesn’t work if the spammer is sending spams from poor country.
    So what is the best solution ?
    Ignore him.

    • 🐧 nixCraft Jul 24, 2009 @ 22:32

      Block IP address using iptables or pf firewall.

  • burmese Jul 25, 2009 @ 18:40

    I never recommend banning IPs, which is never a reliable solution these days.
    Even sending abuse report mail to network/ip owner is worthless as these emails are not monitored.
    What’s more, even calling that phone number is in vain.

    The must-do is to patch your hole.

  • Alok Khode Jul 27, 2009 @ 7:30

    We have to follow different ways: Block the IP in f/w, Set some rule/policy in Spam control software, black list/while list mailid. For this to be done, we have to understand header of the mail at microlevel. But its a horse race between spammer and mail admin!!!!

  • joecoder Jul 28, 2009 @ 3:34

    >>Block IP address using iptables or pf firewall.
    This is useless. Spam originates in hell, but it is your email provider that delivers it to you.
    To block spam, you need a spam blocking package… which is dependent on your email client. Or if you run an email server, is dependent on your email server.
    Do some googling and see what people recommend for your email situation.

  • techbrainless Aug 20, 2009 @ 22:11

    Very great and interesting post. Thanks alot.

  • carolyne cowan Sep 25, 2009 @ 7:53

    How do I stop vicious, pornographic and violent spam being posted onto my website.
    I have gone down the road of tracing IP addresses, but they are all from Proxy services.
    I have a stat counter which gives me the IP address of all who have visited my site, even for a second, but these eroneous insertions do not show up. They are accessing it somehow else.
    I have sent emails to the abuse@ addresses but again with no response.
    I have contacted my website builder (BlueVoda) and they say they do not have a script on the guestbook which can stop these things from happening, but gave me some computer jargon about a script opening up in notebook etc….might have well been speaking Klingon!!!
    Is there a simple way to stop these insertions. I am worried about them as some are pornographic (offering Eastern Block women doing all sorts of things) and I get a lot of kids looking at my site…and fear they will see these.
    I clear at least one a day from my guestbook
    Thank you for any help.
    Carolyne

  • sumit Nov 13, 2009 @ 8:45

    I just want to know one thing if i have someones I.P. address can I get his or hers personal details by that i.e. email address, name, phone nos, etc

  • Indie Rahama Jan 27, 2012 @ 21:25

    Please i want to find out who has this ip address. The sender has been threatening to pour me acid: 178.239.85.7

    • Glen May 4, 2012 @ 16:52

      It’s somebody with a blackberry in the UK.

    • sameer_13 Oct 11, 2012 @ 7:20

      178.239.85.7 belongs to RIMBLACKBERRY3 ,……. Research In Motion UK Limited
      address:-295 Phillip St., Waterloo, ON, CANADA N2L 3W8

      • casandra Apr 16, 2013 @ 2:34

        With ip address info, how did you get the person’s name and postal address ?

  • J Feb 19, 2012 @ 14:59

    So where do I type in
    “$ whois 74.86.48.99”?

    • Glen May 4, 2012 @ 16:55

      This one traces to:

      SoftLayer Technologies Inc.
      Dallas Texas

  • Saumitra Apr 1, 2012 @ 3:09

    “$ whois” is not working.m having windows 7(64-bit).Now what do i do?

  • tik Aug 21, 2012 @ 2:20

    I have some ones IP address… I need to know his/her address email. Can some one help me how can find the details.. plz..?

  • prema Oct 11, 2012 @ 19:39

    I am getting dirty, threatening emails from IP 190.58.178.87, 190.58.193.230 &
    127.1.0.0 can anyone trace these addresses to person, email, location, anything
    please….

  • Tamtam Mar 1, 2013 @ 2:41

    Please find the address of this IP address and name and any other info I am being harassed thank u 24.192.137.13 ip address

  • Malu Mar 7, 2013 @ 6:20

    Please let me know the owner and other info of this IP address as this IP address is trying to hack my account.
    IP Address: 223.182.220.202

  • KEN Jun 4, 2013 @ 21:03

    96.233.116.141, PLS TRACE THIS IP FOR ME COS THE GUY HACKED ME TIME AFTER TIME

  • David Aug 1, 2013 @ 7:39

    Please help me. My daughter has run away and all I know is she is at 70.196.3.10

    please help me find her

    • Nob Aug 1, 2013 @ 9:44

      Contact your local PD. BTW, that ip belongs to verizon wireless.

  • Mark Oct 1, 2013 @ 11:43

    Please help!! This person has harassed me for two years and I’ve tried everything, I need to know name or address. Thank you so much if you help!
    88.112.228.179

  • rachana Apr 11, 2015 @ 5:58

    i really wanted to know who is 37.228.105.48 . please help its urgent ..

  • huzzain Oct 12, 2015 @ 13:36

    i just wana knw ds ip address owner name….some one had hacked my account

  • lee fender Mar 14, 2016 @ 8:13

    can u please tell me who is hacking my account from the IP# 74.5.101.200 thank u very much for any help Lee Fender

  • Andy Aug 22, 2016 @ 21:06

    Hi there,
    When I try to assign an IP, it says other machine on the network already has it.
    Is there a way I can find out who owns Internal IP like 10.10.10.10 in my internal network?
    I cannot ping it and the nslookup says “server can’t find 10.10.10.10”.
    Is there any other way?
    Thanks,
    Andy

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.