Navigation

What is this guide for?

This guide provides a comprehensive overview of the information returned by the various tools available on this website. It aims to help users understand the significance of the data presented, including IP address details, DNS records, geolocation information, and threat intelligence. Each section will delve into the specifics of the information provided and how it relates to the megatool and other tools on ipid.pro.

IP Address Basics

IP addresses are unique identifiers assigned to devices on a network. Our tool provides detailed classification of any IP address:

  • Private IPs: Reserved for use within private networks (e.g., 192.168.0.0/16, 10.0.0.0/8)

    Private IP addresses are defined in RFC 1918 and are not routable on the public internet. They are commonly used in home and business networks.

  • Global IPs: Publicly routable addresses on the internet

    Global IP addresses are assigned by Internet Assigned Numbers Authority (IANA) and Regional Internet Registries (RIRs). They are unique worldwide and can be routed on the public internet.

  • Loopback: Special addresses (127.0.0.0/8) for local testing

    Loopback addresses are defined in RFC 5735. The most common is 127.0.0.1, which always refers to the local machine.

  • Multicast: Addresses (224.0.0.0/4) for one-to-many communication

    Multicast addresses are defined in RFC 5771. They enable efficient one-to-many communication for applications like streaming media.

  • Link Local: Self-assigned addresses (169.254.0.0/16) when DHCP fails

    Link-local addresses are defined in RFC 3927. They are automatically assigned when DHCP fails, allowing basic network connectivity.

  • Reserved: Addresses set aside for special purposes

    Various IP ranges are reserved for special purposes as defined in RFC 5735, including documentation, testing, and future use.

  • Bogon: Invalid or unallocated IP ranges

    Bogon addresses are IP ranges that have not been allocated by IANA or have been reserved. They should not appear on the public internet and often indicate misconfiguration or malicious activity.

Reverse DNS Lookup

A reverse DNS lookup allows you to determine the domain name associated with an IP address:

  • Functionality: Converts an IP address into a domain name

    This process is the opposite of a standard DNS lookup, which translates domain names into IP addresses. It is often used for verification and security purposes.

  • Use Cases: Commonly used in email verification and network troubleshooting

    Reverse DNS lookups can help identify the source of an email or troubleshoot network issues by confirming the domain associated with an IP address.

Cloud Hosting Provider Detection

Identifying the cloud hosting provider for an IP address can provide insights into the infrastructure behind a service:

  • Common Providers: AWS, Google Cloud, Azure, DigitalOcean, etc.

    Each cloud provider has specific IP ranges, and recognizing these can help in understanding the hosting environment of a website or service.

  • Importance: Useful for security assessments and performance analysis

    Knowing the hosting provider can assist in evaluating the reliability and security of a service, as well as in making informed decisions about network configurations.

DNS Records

DNS records provide essential information about domain names and their associated IP addresses:

  • A Records: Map domain names to IPv4 addresses

    A records are the most common DNS record type, defined in RFC 1035. They provide the direct mapping between domain names and IPv4 addresses.

  • AAAA Records: Map domain names to IPv6 addresses

    AAAA records are defined in RFC 3596. They provide the mapping between domain names and IPv6 addresses, similar to A records but for IPv6.

  • CNAME Records: Create domain name aliases

    CNAME records are defined in RFC 1035. They create aliases for domain names, allowing multiple names to point to the same host.

  • TXT Records: Store text-based information (often used for verification)

    TXT records are defined in RFC 1035. They store arbitrary text data and are commonly used for domain verification and email security (SPF, DKIM, DMARC).

  • MX Records: Specify mail servers for email delivery

    MX records are defined in RFC 1035. They specify the mail servers responsible for receiving email for a domain, with priority values to determine order.

  • NS Records: Identify authoritative DNS servers

    NS records are defined in RFC 1035. They specify the authoritative name servers for a domain, essential for DNS delegation and zone transfers.

Geolocation

Our geolocation feature provides precise location information for any IP address:

  • Country: Nation where the IP is registered

    Country information is based on IP address allocation data from Regional Internet Registries (RIRs) and geolocation databases. This provides the country where the IP address is registered.

  • Region/State: Administrative division within the country

    Regional information provides more specific location data within a country, helping to identify the state, province, or region where the IP is located.

  • City: Specific city location

    City-level geolocation provides the most specific location information available for an IP address, though accuracy may vary based on the data source.

  • Postal Code: Local postal code

    Postal code information helps identify the specific area within a city where the IP address is located, though this data may not be available for all locations.

  • Coordinates: Precise latitude and longitude

    Geographic coordinates provide the exact location of the IP address on Earth, though accuracy depends on the geolocation database and may represent the location of the ISP rather than the end user.

  • Timezone: Local time zone information

    Timezone data helps identify the local time zone of the IP address location, useful for scheduling and time-based operations.

  • Accuracy Radius: Confidence level of the location data

    The accuracy radius indicates the confidence level of the geolocation data, measured in kilometers. A smaller radius indicates higher confidence in the location data.

Whois Information

Whois data provides registration and ownership details for IP addresses and domains:

  • Registrar: Organization that registered the IP/domain

    The registrar is the organization authorized by ICANN to register domain names and IP addresses. This information is essential for understanding who manages the registration.

  • Registration Date: When the IP/domain was registered

    The registration date indicates when the IP address or domain was first registered, providing historical context about when the resource was allocated.

  • Expiration Date: When the registration expires

    The expiration date shows when the current registration period ends. This is important for domain names and some IP address allocations that have time-limited registrations.

  • Contact Information: Details of the registrant

    Contact information includes details about the organization or individual who registered the resource, though some information may be protected by privacy services.

ASN Information

Autonomous System Numbers (ASNs) identify networks on the internet:

  • ASN Number: Unique identifier for the network

    ASNs are defined in RFC 1930. They are unique numbers assigned to networks that operate under a single routing policy.

  • ASN Description: Organization operating the network

    The ASN description provides information about the organization that owns and operates the network, helping identify the network's purpose and ownership.

  • ASN Registry: Regional internet registry (RIR)

    The RIR is the organization responsible for allocating IP addresses and ASNs in a specific region. There are five RIRs: ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC.

  • ASN Country: Country where the ASN is registered

    The ASN country indicates where the network is registered, which may differ from the physical location of the network infrastructure.

Network Information

Detailed information about the network block containing the IP:

  • CIDR: Network block size (e.g., /24, /16)

    CIDR (Classless Inter-Domain Routing) notation is defined in RFC 4632. It specifies the size of the network block and the number of available IP addresses.

  • Network Range: Start and end IPs in the block

    The network range shows the first and last IP addresses in the network block, helping identify the total scope of the network.

  • Network Handle: Unique identifier for the network

    The network handle is a unique identifier assigned by the RIR to identify the network block in their database.

  • Organization: Entity owning the network

    The organization field identifies the entity that owns or manages the network block, providing information about network ownership.

  • Location: Physical location of the network

    The physical location indicates where the network infrastructure is located, which may be different from the registration location.

  • Abuse Contacts: Email addresses for reporting issues

    Abuse contacts are email addresses where network abuse can be reported, essential for security and network management.

Threat Intelligence

Security information about the IP address:

  • Tor Exit Node: If the IP is a Tor network exit point

    Tor exit node detection identifies if an IP address is a known exit node for the Tor network, which can indicate anonymous browsing activity.

  • External IP Lookups: Links to third-party services

    External IP lookup links provide quick access to additional information by automatically running the IP address in external solutions. Simply click on any of these links to analyze the IP address using specialized third-party tools and databases.

  • Proxy/VPN Detection: Whether the IP is a proxy server or VPN endpoint

    Identifies if an IP address is associated with proxy servers or VPN services, which can indicate attempts to hide the true origin of traffic. Coming soon

  • IP Blocklists: Known malicious IP addresses

    IP blocklist detection identifies if an IP address appears on known security blocklists for malicious activities. Coming soon

  • DNS Blocklists: Domain-based threat intelligence

    DNS blocklist detection checks if domains associated with an IP address appear on known spam or malware blocklists. Coming soon

  • Spam Activity: Email abuse detection

    Spam activity detection identifies if an IP address has been associated with sending unsolicited emails or other forms of spam. Coming soon

Subnet Calculator

Our subnet calculator helps with network planning:

  • Network Size: Calculate available IP addresses

    Network size calculation helps determine the total number of IP addresses available in a subnet, based on CIDR notation as defined in RFC 4632.

  • Subnet Mask: Convert between CIDR and dotted decimal notation

    Subnet mask conversion helps translate between CIDR notation and traditional dotted decimal subnet masks, essential for network configuration.

  • Network Range: Determine start and end IPs

    Network range calculation identifies the first and last usable IP addresses in a subnet, helping with network planning and address allocation.

  • Broadcast Address: Calculate network broadcast address

    The broadcast address is the last address in a subnet, used for sending data to all hosts in the network, as defined in RFC 919.