ip2geo Lookup

Enter an IPv4 address (or 10,000) below and hit "Look Up IP Addresses" to find a general geographic area or city the IP is registered to. Any non-IP text is stripped, so feel free to just paste your whole log file, netstat output, or whatever pile of plain text that includes some IPs you want to check (as long as it's less than 2MB).

2-letter ISO codes, i.e. US CA GB. Use to filter out non-suspicious IPs.

Contact / Contribute

ip2geo.org is maintained and run by me, Josh. Hi. If this tool was helpful, feel free to say hello — or help contribute to hosting if this really saved the day.

About ip2geo.org


Being on the receiving end of a distributed penetration probe — whether it is aimed at your email system, shell login, or any other public-facing service — can be a harrowing experience. Things get hectic, and the tools avaialble don't always help narrow down malicious connections, let alone format their output in a prepackaged way to highlight strange connections


So you take the output from the powerful CLI tool and put it in your choice of power-text editor, spend precious minutes cleaning it up, and then ... they want you to copy paste IP addresses into a web form, one by one? Don't they know you have tens, hundreds, maybe thousands of entries to check? There isn't time for this nonsense.


I was supporting an old system that ran email for several thousand users, had no password policies, and generally had no support. Email accounts were being compromised regularly, but I didn't have the budget (either cash or man hours) to really fix the problem. Instead, I put this tool together to take raw output from netstat, fail2ban logs, or any other copy/paste text source and not only clean it for me, but do a fast lookup to see where these IPs were coming from. Suddenly it was easy to see the botnet poking at logins from all across the world — and drop traffic from them.

Wait, what happened?

ip2geo.org takes any text input and combs through looking for patterns that match valid IPv4 addresses. It then checks them against an IP-to-geolocation database and returns results. You can filter out certain countries to raise the SNR (say, removing all US IPs when hunting for traffic that doesn't make sense to your Montana business's website).

Why is it free?

I used free tools to create it. Mostly it's free because I wish this existed for free when I needed it. Please buy me a coffee or donate to help with hosting if you find it useful.