Where/How to know more info about a public IP?

Posted on 2013-08-29
Medium Priority
Last Modified: 2013-12-20
From Net Flow Analyser we noticed one computer had a lot of http traffic with a public IP We are trying to find out what website this IP is associated to. The whatismyip.com can only give very limited info. Do you know where or how to get more info about the public IP ?
Question by:Castlewood
LVL 12

Assisted Solution

Seaton007 earned 668 total points
ID: 39450058
Here you go:

It looks like that IP Address belongs to NTT America, Inc.
LVL 54

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 664 total points
ID: 39450064

The problem is you don't know if that is the actual IP.  It could be spoofed. - Geo Information
IP Address
Location      US US, United States
City      Cheshire, CT -
Organization      Akamai
ISP      NTT America
AS Number      AS2914 NTT America, Inc.
Latitude      41°49'90" North
Longitude      72°90'07" West
LVL 27

Accepted Solution

skullnobrains earned 668 total points
ID: 39454969
@padas : if you see actual http traffic, the ip cannot be spoofed or the TCP handshake would have failed.

like @seaton said whois points to NTT. you can always ask them. if you have a reason to complain, they might react but they probably won't give you the info directly

the host has no PTR

the last hop in traceroute is
ae-2.r06.nycmny01.us.bb.gin.ntt.net (  95.776 ms  102.155 ms  101.108 ms
we find ntt again but not much usable information
this address is located in colorado by maxmind

there is a working web server but you cannot view any page since they likely use virtualhosts and we don't know which domain would work.

apparently they are located in Cheshire
i used this site http://www.ip-adress.com/ip_tracer/ to get the information
most likely it makes use of the maxmind geoiplookup database

nmap gives the following information
22/tcp   open     ssh
80/tcp   open     http
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
179/tcp  filtered bgp
445/tcp  filtered microsoft-ds
500/tcp  open     isakmp
8000/tcp open     http-alt
9050/tcp open     tor-socks

looks like a unix/linux server. nmap guesses the following
Running (JUST GUESSING): Linux 3.X|2.6.X (91%)
OS CPE: cpe:/o:linux:kernel:3 cpe:/o:linux:kernel:2.6.18
Aggressive OS guesses: Linux 3.0 (91%), Linux 2.6.18 (90%), Linux 2.6.22 (90%), Linux 2.6.9 - 2.6.27 (89%), Linux 2.6.38 (88%), Linux 2.6.16 - 2.6.28 (87%), Linux 2.6.30 (87%), Blue Coat Director (Linux 2.6.10) (87%), Linux 2.6.5 (87%), Linux 2.6.15 - 2.6.26 (86%)
No exact OS matches for host (test conditions non-ideal).


i'm stopping here because the fact that it is running tor-socks is probably the explanation to whatever is happening to you. most likely lots of tor users surf through this server, and some visit your site anonymously

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As we talk to multiple clients across the globe, one common discussion thread seems to be that DevOps for one company, may not necessarily be the same as for another company.
Welcome to 2018! Exciting things lie ahead in the world of tech. To start things off, we compiled great member articles on how to stay safe, ways to learn, and much more! Read on to start your new year right.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question