iToolVerse Logo
iToolVersev4.2

IP Address Lookup

Geo, ISP, ASN, reverse DNS for any IPv4 or IPv6

Paste any IP address — IPv4 or IPv6 — to get its city, region, country, ISP, organization, ASN, timezone, lat/long on a map, and reverse DNS. Use it for email forensics, server-log triage, identifying VPN/proxy exit ranges, or confirming where a service is hosted. Bulk mode processes up to 50 IPs at once with CSV export. Lookups run from your browser directly against ipwho.is — we never see them, never log them.

Try these IPs

Click any IP to look it up. Each demonstrates a different facet of what the tool reveals.

8.8.8.8Google Public DNS

Famous public resolver. ASN should be AS15169 (Google). City varies — Google announces this IP from many edge POPs via anycast, so the geolocation you see depends on which POP responds to your query.

1.1.1.1Cloudflare DNS

AS13335 Cloudflare. Same anycast story — the geolocation reported is one of Cloudflare's edge POPs, not a fixed datacenter.

142.250.190.46A google.com web server

AS15169 Google. Reverse DNS resolves to something like *.1e100.net — Google's standard PTR convention for production web servers.

2606:4700:4700::1111Cloudflare DNS — IPv6

IPv6 lookup works identically. Note the compressed notation (the :: replaces a run of zero groups).

52.94.236.248AWS in us-east-1

AS16509 Amazon. If you see this ASN on a residential customer IP in your logs, something is off — it's a hosting range.

185.220.101.1A known Tor exit node

AS208294 Marek Isalski. Tor exit operators usually publish their nodes openly. For Tor detection, cross-reference against torproject.org's published exit list — more reliable than ASN heuristics.

Related tools

What Is My IP
See your public IPv4 and IPv6 with geo, ISP, ASN, reverse DNS, and a map — plus what your browser leaks (local IP, GPU, screen, timezone)
URL Decode
Decode URLs, parse query parameters, and strip tracking codes (utm_*, fbclid, gclid)
URL Encode
Encode text or build URLs from scratch with form-encoded and strict RFC 3986 modes
Regex Tester
Test and validate regular expressions with real-time highlighting
Hash Calculator
MD5, SHA-1, SHA-256, SHA-512, SHA-3 and HMAC for text or files — plus a verify mode that auto-detects the algorithm from a published hash
VPC Subnet Calculator
IPv4 + IPv6 CIDR calculator with VLSM, per-provider reserved IPs, Terraform / CloudFormation / Pulumi export, and AWS sizing cheat sheet

What IP lookup tells you (and what it doesn't)

Every IP address is registered to an organization in a public database maintained by one of the five regional internet registries (ARIN, RIPE, APNIC, LACNIC, AFRINIC). IP lookup tools cross-reference that registry data with BGP routing tables (which network actually carries the traffic right now) and proprietary geolocation databases (which map IP blocks to physical service areas).

What you can trust:country (95-99% accurate), ISP / org / ASN (very high accuracy — it's derived from registry data, not guesswork).

What you should question:city (often off by 50-200 miles), street-level coordinates (almost always fake — geolocation databases plot the center of a region when they don't know more), and the distinction between residential vs business (mobile carriers and corporate networks blur this).

Email forensics

The Received headers in an email reveal the path it took. Look up the first non-local IP in the chain — that's usually the sending server.

  • ASN tells you the carrier — AS15169 = Google = Gmail. AS8075 = Microsoft = Outlook. Mismatched ASN vs claimed sender is a phishing flag.
  • Reverse DNS matters for mail. A sending IP with no PTR record, or one that resolves to a different domain than the From header, is suspicious.
  • Residential IPs sending mail directly bypass spam filters — almost always abuse.

Server log investigation

When suspicious traffic appears in your access logs, IP lookup is the first triage step.

  • Datacenter / hosting ASN on an endpoint that expects human users (login, checkout) is a bot signal.
  • Country mismatch with your customer base is a quick filter — but VPNs make this noisy.
  • Bulk lookup the top 50 IPs from your logs and export to CSV for grep-able analysis.

Identifying VPN / proxy exit nodes

Most commercial VPNs use datacenter IP ranges (AS9009 M247, AS46562 Total Server Solutions, AS20473 Choopa). If a customer IP's ASN matches a known VPN provider, that's a strong signal.

Tor exit nodes are a published, downloadable list — far more reliable to check against than IP heuristics.

Be careful with blanket VPN blocking: privacy-aware users, journalists, and corporate networks (which often route through VPNs by policy) are legitimate users.

Bulk workflow

Paste up to 50 IPs (comma, semicolon, or newline separated). Lookups run sequentially in your browser against ipwho.is — we keep the rate polite to avoid burning the free quota.

Export as CSV (ip, type, country, country_code, region, city, isp, asn, lat, lon, error). Pipe into pandas, Excel, or your SIEM.

For larger jobs (1000+ IPs), use a paid batch API (MaxMind GeoIP2 Precision, IPinfo Lite). The accuracy of free-tier providers degrades on edge cases.

How this tool handles your data

The lookup runs in your browser, not on our server.When you click Look Up, your browser fetches https://ipwho.is/<ip> directly. Our server isn't in the path — we don't see, log, or store the IPs you query.

No public lookup API.We intentionally don't expose an endpoint like/api/lookup?ip=…because there are already plenty of free IP-lookup API providers — being a fourth or fifth one doesn't help anyone. If you need programmatic access, hit ipwho.is or ip-api.com directly; they offer generous free tiers.

Want to look up your OWN IP? Use the dedicated What Is My IP page — it auto-detects your IP from Cloudflare edge headers, plots it on a map, and shows you exactly what your browser leaks to every website you visit.

Frequently Asked Questions

Geolocation accuracy, ASN meaning, reverse DNS, bulk lookup, identifying VPNs, and the privacy model behind this tool.