Figure Out Where That Traffic’s Coming From
Your server logs show 500 failed login attempts from 185.220.101.42. Before you panic, you want to know: is this some kid’s home IP in Germany, or a known Tor exit node? The geolocation data, ISP name, and AS number tell the story.
Enter any IPv4 or IPv6 address and get city, region, country, timezone, ISP, organization, AS number, latitude, longitude, and postal code. The data comes back in about a second.
Security Analysis in Practice
Brute-force origin detection. Your fail2ban logs show clusters of failed SSH attempts. Look up the IPs. If they’re all from the same ASN or ISP, you might block the entire range at the firewall level instead of playing whack-a-mole with individual IPs.
Fraud detection. A user claims to be in Toronto but their IP geolocates to Lagos. That mismatch is worth investigating. It’s not conclusive (VPNs exist), but it’s a signal.
Compliance verification. GDPR requires that EU user data stays in the EU. Look up the IP addresses of your servers and CDN endpoints to verify they’re in the expected jurisdictions.
Incident response. You’re investigating a data breach. The attacker’s IP geolocates to a specific hosting provider. That provider’s abuse desk needs to hear from you.
Accuracy Caveats
IP geolocation is accurate to the city level in most cases, but it’s not GPS. A VPN or proxy completely obscures the real location. Mobile IPs can geolocate to the carrier’s regional hub, not the user’s actual position. Satellite internet users might show up in a completely different country.
Don’t make legal or access-control decisions based solely on IP geolocation. Use it as one data point alongside other signals.
AS numbers are more reliable than city-level geolocation for identifying organizations. AS15169 is Google. AS13335 is Cloudflare. AS16509 is Amazon AWS. The AS number tells you which network operates the IP, regardless of where geolocation says it is.
Related Tools
The My IP Address tool shows your own public IP. The Reverse DNS Lookup finds the hostname associated with an IP (a different kind of identification). The WHOIS Lookup gets domain registration details. Use them together for a complete picture of any IP address or domain.