Skip to main content
IP Intelligence BETA

IP Intelligence

Is this IP part of your infrastructure?

Evidence-based attribution — we correlate reverse DNS, ASN ownership, SPF authorization, and certificate transparency to determine whether an IP is your own server, an approved provider, or something that doesn’t belong

API Keys (optional — enrich your results)
Without these keys, you still get a full investigation: reverse DNS, ASN ownership (via Team Cymru), SPF authorization, CDN detection, and certificate transparency matching — all included, no key required. These optional keys add extra layers of intelligence.
What it adds: IP Neighborhood — shows other domains hosted on the same IP. Helps you see who else shares this server (co-tenants on shared hosting, or related properties on dedicated servers). Get an API key →
What it adds: Physical Location — city, region, postal code, coordinates, timezone, and the organization operating this IP. Useful for verifying that a server is where you expect it to be. Get a token →
Your keys are sent directly to each service and are never stored on our servers.
Enter a domain and an IP address from a report, log, or email header. We’ll correlate reverse DNS, ASN ownership, SPF authorization, and infrastructure mapping — evidence-based attribution, not just a lookup. All queries use publicly available DNS records, RDAP data, and Certificate Transparency logs via open-standard protocols.
Reverse DNS + FCrDNS ASN Attribution SPF Authorization Check Infrastructure Mapping

What We Check

Cross-referencing the IP against every layer of your domain's infrastructure

DNS Records

Compare against your domain's A, AAAA, MX, and NS records to identify direct hosting and service providers

SPF Authorization

Check if the IP is authorized to send email on your behalf via SPF ip4/ip6 mechanisms and include chains

ASN & Provider

Identify the network operator, autonomous system, and whether the IP belongs to a CDN or cloud provider

CT Subdomains

Cross-reference against Certificate Transparency discovered subdomains to find hidden infrastructure matches

Straight talk about your data.

We use two cookies, both essential:

  • _csrf — Prevents cross-site request forgery. Required for form submissions. Security-only.
  • _dns_session — Only exists if you choose to sign in. No account required to use DNS Tool.

We log your IP address for two reasons: rate limiting (so nobody abuses the service) and security (identifying malicious actors and complying with legal obligations). We check source geography for analysis accuracy — DNS responses vary by region, and knowing which resolver answered from where makes the science better.

No tracking cookies. No analytics cookies. No ad networks. No data brokers. Our code is open-core — the application framework is publicly available under BUSL-1.1 with timed Apache-2.0 conversion. Verify it yourself.

If you create an account and want out, account deletion removes your login and scan history. Public domain analyses remain available because they contain only public DNS records, already hashed. Full details: Privacy Pledge.

Investigating IP Relationship

0s

We're checking reverse DNS, comparing against your domain's DNS records, verifying SPF authorization, querying Certificate Transparency logs, and performing ASN attribution. This typically takes 10–20 seconds.

Performing reverse DNS (PTR) lookup… Validating Forward-Confirmed reverse DNS (FCrDNS)… Comparing against domain A/AAAA records… Checking MX host resolution… Verifying nameserver IP addresses… Parsing SPF record for IP authorization… Walking SPF include chain… Querying Certificate Transparency logs… Looking up ASN and network attribution… Detecting CDN/edge network presence… Classifying IP-to-domain relationship…