When looking at logs (web, email, ssh) at you don’t recognize an IP address, what are some easy ways to find out if it’s a “friendly” IP address (someone using Comcast wifi from different locations) versus a hacker from another country.
http://whois.arin.net/ui/ – Look up who owns the bigger netblock
https://search.arin.net/rdap/ – More useful for finding out where in the world that subnet might be