Where/How to know more info about a public IP?

From Net Flow Analyser we noticed one computer had a lot of http traffic with a public IP 204.2.199.166. We are trying to find out what website this IP is associated to. The whatismyip.com can only give very limited info. Do you know where or how to get more info about the public IP ?
CastlewoodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seaton007Commented:
Here you go:
http://www.networksolutions.com/whois/results.jsp?ip=204.2.199.166

It looks like that IP Address belongs to NTT America, Inc.
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
http://cqcounter.com/whois/

The problem is you don't know if that is the actual IP.  It could be spoofed.

       
204.2.199.166 - Geo Information
IP Address      204.2.199.166
Host      204.2.199.166
Location      US US, United States
City      Cheshire, CT -
Organization      Akamai
ISP      NTT America
AS Number      AS2914 NTT America, Inc.
Latitude      41°49'90" North
Longitude      72°90'07" West
0
skullnobrainsCommented:
@padas : if you see actual http traffic, the ip cannot be spoofed or the TCP handshake would have failed.

like @seaton said whois points to NTT. you can always ask them. if you have a reason to complain, they might react but they probably won't give you the info directly

the host has no PTR

the last hop in traceroute is
ae-2.r06.nycmny01.us.bb.gin.ntt.net (129.250.4.175)  95.776 ms  102.155 ms  101.108 ms
we find ntt again but not much usable information
this address is located in colorado by maxmind

there is a working web server but you cannot view any page since they likely use virtualhosts and we don't know which domain would work.

apparently they are located in Cheshire
i used this site http://www.ip-adress.com/ip_tracer/204.2.199.166 to get the information
most likely it makes use of the maxmind geoiplookup database

nmap gives the following information
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
179/tcp  filtered bgp
445/tcp  filtered microsoft-ds
500/tcp  open     isakmp
8000/tcp open     http-alt
9050/tcp open     tor-socks

looks like a unix/linux server. nmap guesses the following
Running (JUST GUESSING): Linux 3.X|2.6.X (91%)
OS CPE: cpe:/o:linux:kernel:3 cpe:/o:linux:kernel:2.6.18
Aggressive OS guesses: Linux 3.0 (91%), Linux 2.6.18 (90%), Linux 2.6.22 (90%), Linux 2.6.9 - 2.6.27 (89%), Linux 2.6.38 (88%), Linux 2.6.16 - 2.6.28 (87%), Linux 2.6.30 (87%), Blue Coat Director (Linux 2.6.10) (87%), Linux 2.6.5 (87%), Linux 2.6.15 - 2.6.26 (86%)
No exact OS matches for host (test conditions non-ideal).

-----

i'm stopping here because the fact that it is running tor-socks is probably the explanation to whatever is happening to you. most likely lots of tor users surf through this server, and some visit your site anonymously
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocols

From novice to tech pro — start learning today.