How To: Find IP Address Owner

I‘m getting lots of spam from few IPs. How do I find the owner of an IP address and report them to concern parties?

All public IP address on the Internet is registered to ISP or an owner or a larger organization. Each IP address is recorded in the whois database. You can query this database to get owner name, phone, email address and so on the Internet using whois command line client.

Find IP Address For A Host Name

For instance to find the IP address for a sxi.io open a command line and type in:
host sxi.io
or
nslookup sxi.io
Sample Outputs:

sxi.io has address 74.86.48.99
sxi.io has IPv6 address 2607:f0d0:1002:11::4

74.86.48.99 is IPv4 address and 2607:f0d0:1002:11::4 is IPv6 address for sxi.io hostname.

whois – Client For The Whois Directory Service

Type the following command to find out the owner of an IP address called 74.86.48.99:
$ whois 74.86.48.99
Sample Outputs:

OrgName:    SoftLayer Technologies Inc. 
OrgID:      SOFTL
Address:    1950 N Stemmons Freeway
City:       Dallas
StateProv:  TX
PostalCode: 75207
Country:    US

ReferralServer: rwhois://rwhois.softlayer.com:4321

NetRange:   74.86.0.0 - 74.86.255.255 
CIDR:       74.86.0.0/16 
OriginAS:   AS36351
NetName:    SOFTLAYER-4-4
NetHandle:  NET-74-86-0-0-1
Parent:     NET-74-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.SOFTLAYER.COM
NameServer: NS2.SOFTLAYER.COM
Comment:    [email protected]
RegDate:    2007-05-16
Updated:    2007-11-14

RAbuseHandle: ABUSE1025-ARIN
RAbuseName:   Abuse 
RAbusePhone:  +1-214-442-0605
RAbuseEmail:  [email protected] 

RNOCHandle: IPADM258-ARIN
RNOCName:   IP Admin 
RNOCPhone:  +1-214-442-0600
RNOCEmail:  [email protected] 

RTechHandle: IPADM258-ARIN
RTechName:   IP Admin 
RTechPhone:  +1-214-442-0600
RTechEmail:  [email protected] 

OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName:   Abuse 
OrgAbusePhone:  +1-214-442-0605
OrgAbuseEmail:  [email protected]

OrgTechHandle: IPADM258-ARIN
OrgTechName:   IP Admin 
OrgTechPhone:  +1-214-442-0600
OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2009-07-23 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.


Found a referral to rwhois.softlayer.com:4321.

%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.74.86.32.0/19
network:Auth-Area:74.86.32.0/19
network:Network-Name:SOFTLAYER-74.86.32.0
network:IP-Network:74.86.48.96/29
network:IP-Network-Block:74.86.48.96-74.86.48.103
network:Organization;I:SoftLayer Technologies, Inc.
network:Street-Address:1950 Stemmons Freeway Suite 2043
network:City:Dallas
network:State:TX
network:Postal-Code:75207
network:Country-Code:US
network:Tech-Contact;I:[email protected]
network:Abuse-Contact;I:[email protected]
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20070708
network:Updated:20071205
network:Updated-By:[email protected]

%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.