Whose IP address is it?

When looking at logs (web, email, ssh) at you don’t recognize an IP address, what are some easy ways to find out if it’s a “friendly” IP address (someone using Comcast wifi from different locations) versus a hacker from another country.

http://whois.arin.net/ui/ – Look up who owns the bigger netblock

https://search.arin.net/rdap/ – More useful for finding out where in the world that subnet might be

Leave a Reply

Your email address will not be published.