Finding IP address is a very simple procedure and some times it is even possible to recover the whole web proxy chain, if HTTP proxies have been used for anonymity.
After detecting the IP from web server logs or data interception dumps almost every investigation «where is this IP from» starts from running a WHOIS lookup. In a best case scenario for the investigator it will show the country, city, and street address as many big Internet service providers store this data in WHOIS database or in a host name, to help support staff to troubleshoot network issues. In a worst case scenario the IP lookup will show contact details of the ISP or organization responsible for IP block allocation. This is the address where the research will be continued to find the IP address owner.
Below you will find the output of a very simple IP lookup script with WHOIS search on detected IP address.
|Your IP Address:||126.96.36.199|
|Your host name:||[NOT CHECKED]|
|Through a WEB Proxy:||[NO PROXY DETECTED]|
|Reverse DNS lookup:||[NOT CHECKED]|
|WHOIS lookup on IP address:||
RESULTS FOUND: 1 ------------- Lookup results for 188.8.131.52 from whois.lacnic.net server: Amazon Technologies Inc. AMAZON-2011L (NET-54-192-0-0-1) 184.108.40.206 - 220.127.116.11 Amazon.com, Inc. AMAZO-ZIAD7 (NET-54-204-0-0-1) 18.104.22.168 - 22.214.171.124
Note. On a high load WHOIS database server may reject queries. If the WHOIS lookup on IP address failed, please try again later.