I posted a video on YouTube a while back where I demonstrated on how to find the owner of an IP address or IP address range. Based on the questions I’m getting there appears to be a lot of confusion on what to do with that information. Let’s review the basics – Depending on where the IP is geographically located you will need to use the appropriate registrar or NIC to get the owner information for the IP address:
www.arin.net – IPs in American
www.ripe.net – IPs in Europe
www.apnic.net – IPs in the Asian Pacific
www.lacnic.net – IPs in Latin America
www.afrinic.net – IPs in Africa
If you look up an IP address at the wrong site above it will tell you what NIC you need to use to get the correct information. At each one of those sites you are looking for the ‘whois’ form where you will enter the IP address to research.
The information returned using the whois tool will tell you what ISP, or company is using that IP or IP range, it will not tell you who was using that IP address. In order to find out who was using the address in question you will need to provide logs to the ISP or company, and often times a court order. Considering that, you may need the assistance of an attorney.
Hacked Servers and Computers
Often times the ISP or company has no idea malicious activity is originating from their network or device, this is because it’s been compromised without their knowledge. If that’s the case you may not get any useful information you can use to pursue the source of the activity you are investigating. The best response you can implement in this case it to secure your network with a firewall and make sure you have good backups you can restore from.
If all of this is beyond your technical level you can hire a private investigator that specializes in information security incidents. A private investigator will be able to collect the evidence from the incident and trace it back to where it originated from.