IP Whois Lookup Tool checks a given IP Address against the IP Address owners database. Every IP Address used on the internet is owned by some organization or individual, and no one else can use the IP Address except the real-owner of an IP Address. What is IP Address Ownership?
An IP lookup, also known as an IP address lookup or IP checker, is the act of trying to detect the information behind an IP address, for both IPV4 and IPV6 types of IPs.
IP-based Geolocation is mapping of an IP address or MAC address to the real-world geographic location of an Internet-connected computing or a mobile device. Geolocation involves in mapping IP address to the country, region (city), latitude/longitude, ISP and domain name among other useful things. It is perfect for checking proxy or socks servers, providing information about your VPN server and scanning black lists for your IP address. The service shows whether your computer enables Flash and Java, as well as its language and system settings, OS and web-browser, define the DNS etc. IP-based Geolocation is mapping of an IP address or MAC address to the real-world geographic location of an Internet-connected computing or a mobile device. Geolocation involves in mapping IP address to the country, region (city), latitude/longitude, ISP and domain name among other useful things. Look up IP Address Location If you can find out the IPv4 or IPv6 address of an Internet user, you can get an idea what part of the country or world they're in by using our IP Lookup tool. What to do: Enter the IP address you're curious about in the box below, then click 'Get IP Details.'
When you perform an IP address lookup in real time, you will likely be querying and testing against the ARIN (American Registry for Internet Numbers) database. On other occasions, the query will be answered by a passive DNS, domain or IP database server. In either situation, inputting an IP address will show you detailed information about the ISP and web hosting/server provider using that network block.
Most of the time, this sort of information is queried by technical users, system administrators and security researchers performing infosec investigations surrounding phishing domains, spamming, DNS attacks and other illegal activities.
Today we’ll explore the top most effective tools you can use to perform an IP lookup utilizing terminal-based commands and web-based interfaces.
Top Unix/Linux IP lookup tools
While an IP lookup can be performed from Windows operating systems, Unix and Linux are often the ideal platforms to run a full IP lookup and domain and network diagnostics, due to the wide number of tools available and actions you can perform.
Now let’s analyze the most popular terminal-based tools designed for performing a quick domain IP address lookup as well as a WHOIS IP lookup.
The Ping tool is a cross-platform command available on most modern operating systems. It’s widely used to determine if a network or remote machine is responding to remote network requests—in other words, if it’s “alive” (online).
The Ping command uses the ICMP echo (RFC 792 Internet Control Message Protocol) function to send packets over the network to a specific hostname or IP address. Once the packet has been sent, it will wait for the remote packet response. If the remote host is up, it will return a network packet; if not, it may be a sign that the host is unreachable, down or simply that the ICMP response is disabled by firewall rules on the destination server.
This command is also used to measure the network response speed, packet loss and number of packets sent/received. Ultimately, the main goal of Ping is to resolve the IP address of any host, as you see below:
This way you can perform a simple domain IP lookup. When you target a balanced domain that is listening on multiple IP addresses (as used in Round Robin DNS, for example), the domain IP lookup will sometimes resolve to different IP addresses.
Microsoft’s DNS zone exemplifies this case:
The Ping command can also be used against IP addresses—just replace the target for any IP address, as shown below:
This way, we can get a summary of all the data obtained from this quick IP network lookup:
And there you have it! That’s the easiest way to perform a domain IP lookup.
Dig, know as Domain Information Groper, is a popular domain tool and DNS utility used to query DNS name servers while performing IP and DNS lookups.
To run a simple domain IP lookup using Dig, use the following syntax:
dig A domain.com
How To Check Ip Address Windows
In the previous example, dig was querying against the A DNS record type, which answered back showing the
18.104.22.168 as the main IP address.
You can see that there is a lot of information that isn’t directly related to the IP address, such as query time, the DNS server that was queried, query status, and other details.
Here’s a simplified way to achieve the same results:
+noall disables stats, comments and other non-useful things, and
+answer will only include the answer from the DNS server, the very part we need.
For an even easier way to do it, use the
nslookup is another widely-used system and network administration terminal-based tool available on Unix/Linux and Windows systems.
This tool is mostly used while running network diagnostics and system administration tasks, often to query DNS servers as a way to grab the IP address behind a host.
Let’s illustrate how to use nslookup to run a simple domain IP lookup:
One way to use the host command to perform an IP lookup is to query against an IP address. You can also use it bidirectionally when querying hostnames — host can help security researchers perform DNS lookups to translate hostnames into IP addresses, and vice versa. It supports different lookups for various DNS records such as A, MX or NS records.
To find the IP address of the remote securitytrails.com server, just type:
This will return something like:
As you see, you obtained the main IP address (22.214.171.124) from the A-type DNS record, as well as the MX records from Google G-suite.
Let’s see the opposite now with the IP addresses of two [popular DNS servers][blog_dnsservers] such as Cloudflare’s
126.96.36.199 and Google’s
In this case, we obtained the rDNS or PTR record from the IP network provider. This is also called reverse IP lookup, or rDNS lookup.
The WHOIS command is one of our favorite terminal commands, as it can reveal a lot of information about any IP address.
As seen in our WHOIS History article, the WHOIS command dates back to the time of ARPANET, and its development has continued to the present day.
When you use WHOIS to perform an IP lookup, your host will try to pick the right WHOIS database server to ask for the information you need. Other times, it will connect to whois.networksolutions.com for NIC handles, or to ARIN at whois.arin.net when you need to perform network and IPv4 lookups.
While it can also be used to fetch domain information, we’ll use it this time to fetch IP information.
The syntax is pretty simple:
Output example against Cloudflare’s
188.8.131.52 IP address:
As you see, this tool gave us a few important details about the IP address, such as the network source (APNIC), the AS number (AS13335), INET number (
184.108.40.206), description of the network (APNIC and Cloudflare DNS Resolver project / Routed globally by AS13335/Cloudflare), abuse email address ([email protected] / [email protected]), as well as the full mail address (6 Cordelia St, PO Box 3646, South Brisbane, QLD 4101 - Australia).
You’re reading this correctly: Nmap is not only one of the best network mappers and port scanners around, it’s also a useful utility when it comes to IP lookups.
By using Nmap with its powerful NSE scripts, you can also run any IP WHOIS lookup.
The whois-ip NSE script queries the Regional Internet Registries (RIR) WHOIS databases and tries to fetch as much information as possible about the target, such as inetnum, inetname, description, country, organization name and associated email address.
nmap target --script whois-ip
BGPView allows any visitor to perform network and IP lookups using a web-based interface, or an API, to view details about IP addresses, ASN, prefix or any resource name on the Internet.
When it comes specifically to IP lookups (in this case bgpview.io/ip/220.127.116.11), it can reveal a lot of information (similar to the whois command), but a handy feature with this tool is its rDNS lookup, and the ability to cross data and jump into related network data such as AS (bgpview.io/asn/13335) or explore the full IP range (18.104.22.168/24).
Historical IP Lookup
Nowadays, network, domain and IP history are critical for investigating any infosec incident, offering the information needed to expose useful information such as where the domain was hosted, technical and personal details about the person involved, where the web servers were hosted, or what MX servers were used to send an email.
SecurityTrails IP History is one of the easiest ways you can perform a historical IP lookup. You can do it by using our web-based interface, or by API. Let’s see two practical examples of how you can perform a simple IP lookup.
- Move to SecurityTrails.com
- Enter your domain name, and press Search.
In less than a second, you’ll have the full IP lookup with all the IPV4 records found for that server, including domain name, Alexa rank, web hosting provider and email provider.
One of our tool’s handiest features is the IP neighbors function, which lets you find all the neighbors hosted on the same IP address ordered by IP range and number of sites hosted.
By using our API you can accomplish the same results. Our API supports a wide range of programming languages and integrations, but for this quick example we will launch a query against our database using the old terminal-based curl utility:
Expected output will show something like this:
Our Passive DNS API allows you to fully integrate our intelligent cybersecurity database within your own apps, automating the entire OSINT process in just minutes.
How to perform a passive IP lookup
SurfaceBrowser™ is our enterprise-security OSINT tool that allows you to test, access and correlate domain, DNS and IP data-sets in mere seconds.
Chosen by public and private infosec agencies to perform deep and thorough investigations into all cybersecurity aspects of domain names belonging to any company in the world, it’s also a great way to perform IP research.
IP lookup check
To perform an IP lookup check with SurfaceBrowser, you simply need to follow these steps:
Important: if you don’t have a SecurityTrails account with SurfaceBrowser™ enabled, book a demo today with our Sales team! Or sign up for a 7-day trial for only $49.
- Login to your SecurityTrails account at [securitytrails.com/app/auth/login][account_login]
- Move to the SurfaceBrowser™ interface: securitytrails.com/app/sb
- Enter the IP address you wish to explore.
- Browse the results and pivot between the ASN, IP and domain data links.
As you can see, by using the IP lookup tool you will be able to access IP details such as associated rDNS, ASN number, Organization, Type of Company and IP route. A real-time map of the geographical IP address origin will be displayed as well.
The same applies to IP ranges—you can extract all the intel about any IP range in the world. In the following example, we’re exploring Cloudflare’s range 22.214.171.124/24:
If you click ‘Explore nearby IPs’, you will find many additional IP ranges associated with your initial IP search, letting you find sites hosted on each one of those ranges instantly.
SurfaceBrowser™ also allows you to explore all the hosted domains within any IP address, and find details about every one of them. The filter lets you order results by hostname, Alexa rank, computed company name, registrar, expiry date, creation date, mail and hosting provider.
It’s an easy and efficient way to cross data and pivot between all information extracted from that single IP address.
Reverse IP lookup verification
A PTR record is also known as reverse DNS, or rDNS. Quite simply, it’s the reverse information shown for the A DNS record.
Usually when you analyze an A record, you’ll find that it points to a domain name. On the other hand, a PTR record will map an IP address to a hostname—just the opposite.
PTR records are not only useful for finding data correlation in your infosec research, but also to protect against spammers and malicious domain names that will try to exploit your mail server. Therefore, most popular email providers always check for PTR records by performing domain and IP lookups before accepting any incoming email from external hostnames.
SurfaceBrowser™ has the ability to show you every PTR record from any company domain name in existence.
In this case, while analyzing cloudflare.com, we were able to get all the associated PTR records from each hostname, as well as the IPs responding to that hostname:
And for each one of those PTR records, you’ll be able to find critical information such as open ports and associated IP addresses.
By clicking the right column, all associated IP addresses belonging to that record will be displayed:
Performing an infosec investigation will always require the use of manual tools (such as ping and dig) when you run isolated tests and tasks. But when you need to accomplish a number of IP lookups, the entire process can become slow and time-consuming.
Fortunately, there’s a solution. By using our daily-updated historical IP database, you’ll be able to avoid using slow manual commands and start fetching results from our API database with your own apps.
Alternatively, SurfaceBrowser™ is a great infosec tool to cross data between your IP lookups, rDNS lookup, open ports, domain and DNS information in an instant.
Get your free API account today, or book a SurfaceBrowser™ demo with our sales team so you can get a deep IP lookup approach against any IP address and domain name in the world!
Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.
Get the best cybersec research, news, tools,
and interviews with industry leaders
If you want to make changes to your router, you need to know your routerâ€™s IP address. Perhaps you want to change the network name, create a new WiFi password, or use a different channel to boost your internet speed. These functions are accessible through your routerâ€™s log-on page, but you can only get there if you know how to find your routerâ€™s IP address.
What is an IP Address?
An Internet Protocol (IP) address isa unique string of numbers that identifies the devices in a network. Itâ€™s kindof like a mailing address that lets the mailman will know exactly where to dropoff your packages.
IP addresses can be public orprivate. A public IP address is assigned to you by your Internet ServiceProvider (ISP), such as AT&T or Comcast. However, a private IP address iswhat allows all your devices to communicate with each other over your privatenetwork. In order to be connected to the outside world, devices with a privateIP address need to connect to a public IP address, usually through a modem.
IP addresses can also be static or dynamic. A static IP address will not change over time, while a dynamic IP address does change. In most cases, your router will take a (mostly) static public IP address from your modem and transform it into a dynamic private IP address. This allows you to buy new devices and connect them to your WiFi without having to set a new IP address for every device.
How to Find Your Routerâ€™s IP Address on Windows
If youâ€™re using Windows, you canfind your routerâ€™s IP address by using the Command Prompt app or the ControlPanel. From the Command Prompt app, type ipconfig, hit Enter, and yoursystem will bring up your default gateway or IP address. In Control Panel, goto Network and internet > View network status and tasks > Ethernet >Details. Here are the steps for each method.
How to Find Router IP Address with Command Prompt
- Click the Windows search bar, and type Command Prompt in the search box.
- Then press Enter. You can also double click on the Command Prompt app that appears in the search results.
- Type ipconfig in the command line and press Enter.
- You will see your routerâ€™s IP address next to the Default Gateway.
How to Find Router IP Address with the Control Panel
Ifyou prefer to use the Control Panel, hereâ€™s how to find your routerâ€™s IPaddress:
- Open the Windows search bar and type Control Panel in the search box.
- Hit Enter. You can also double click on the Control Panel app.
- Under Network and Internet, click on View network status and tasks.
- Then click on the link for Connection: WiFi. If you are connecting directly to your router with an Ethernet cable, this might say Connection: Ethernet instead.
- Then click on Details in the pop-up box.
- Your routerâ€™s IP address will be next to IPv4 Default Gateway.
How to Find Your Routerâ€™s IP Address on a Mac
You can find your routerâ€™s IPaddress on a Mac in two ways. First, you can open System Preferences, click onNetwork, and then see the connection details on the Ethernet or WiFi panel. Or,you can launch the Terminal app, type netstat -nr grep default, hitEnter, and look at the default IP address. Just follow these steps below.
How to Find Router IP Address with System Preferences
- Go to System Preferences. You can access this by clicking on the Apple logo in the top left corner of your screen and clicking System Preferences from the drop-down menu.
- Click on Network.
- Select WiFi in the left panel. If you are connected through Ethernet, your router IP address will be displayed along with other network information when you select the Ethernet from the left-hand side of the panel.
- Then click on Advanced.
- Click on the TCP/IP tab in the top panel.
- You will find your routerâ€™s IP address next to Router.
How to Find Router IP Address with the Terminal App
- Open the Terminal app. You can find this by opening your Applications folder and double-clicking Utilities.
- Then type netstat -nr grep default, and press Enter.
- Your routerâ€™s IP address will be indicated after the line which says â€œdefault.â€
How to Sign In To Your Router
- Open any web browser. You can use Chrome, Firefox, Safari, or any other web browser.
- Type your routerâ€™s default IP address into the search bar, and press Enter.
Note: You might be prompted that the webpage you are trying to view is not secure. Make sure that you have the correct address typed in, then click on the option to proceed even if itâ€™s unsafe.
- Log in by typing your routerâ€™s user name and password.
Note: This information can be usually found in your routerâ€™s manual. Default log-in credentials per router brand vary.
If you are still having problems figuring out how to log in to your router, be sure to check out our guide on how to reset a router.