An IP lookup, also known as an IP address lookup or IP checker, is the act of trying to detect the information behind an IP address, for both IPV4 and IPV6 types of IPs.
Check-Host is a modern online tool for website monitoring and checking availability of hosts, DNS records, IP addresses. It supports the latest technologies such as localized domain names (both punycode and original formats), hostname IPv6 records (also known as AAAA record). Toggle navigation If you are using assistive technology and are unable to read any part of the HostGator website, or otherwise have difficulties using the HostGator website, please call 855-435-0974 and our customer service team will assist you.
When you perform an IP address lookup in real time, you will likely be querying and testing against the ARIN (American Registry for Internet Numbers) database. On other occasions, the query will be answered by a passive DNS, domain or IP database server. In either situation, inputting an IP address will show you detailed information about the ISP and web hosting/server provider using that network block.
Most of the time, this sort of information is queried by technical users, system administrators and security researchers performing infosec investigations surrounding phishing domains, spamming, DNS attacks and other illegal activities.
Today we’ll explore the top most effective tools you can use to perform an IP lookup utilizing terminal-based commands and web-based interfaces.
Top Unix/Linux IP lookup tools
While an IP lookup can be performed from Windows operating systems, Unix and Linux are often the ideal platforms to run a full IP lookup and domain and network diagnostics, due to the wide number of tools available and actions you can perform.
Now let’s analyze the most popular terminal-based tools designed for performing a quick domain IP address lookup as well as a WHOIS IP lookup.
The Ping tool is a cross-platform command available on most modern operating systems. It’s widely used to determine if a network or remote machine is responding to remote network requests—in other words, if it’s “alive” (online).
The Ping command uses the ICMP echo (RFC 792 Internet Control Message Protocol) function to send packets over the network to a specific hostname or IP address. Once the packet has been sent, it will wait for the remote packet response. If the remote host is up, it will return a network packet; if not, it may be a sign that the host is unreachable, down or simply that the ICMP response is disabled by firewall rules on the destination server.
This command is also used to measure the network response speed, packet loss and number of packets sent/received. Ultimately, the main goal of Ping is to resolve the IP address of any host, as you see below:
This way you can perform a simple domain IP lookup. When you target a balanced domain that is listening on multiple IP addresses (as used in Round Robin DNS, for example), the domain IP lookup will sometimes resolve to different IP addresses.
Microsoft’s DNS zone exemplifies this case:
The Ping command can also be used against IP addresses—just replace the target for any IP address, as shown below:
This way, we can get a summary of all the data obtained from this quick IP network lookup:
And there you have it! That’s the easiest way to perform a domain IP lookup.
Dig, know as Domain Information Groper, is a popular domain tool and DNS utility used to query DNS name servers while performing IP and DNS lookups.
To run a simple domain IP lookup using Dig, use the following syntax:
dig A domain.com
In the previous example, dig was querying against the A DNS record type, which answered back showing the
126.96.36.199 as the main IP address.
You can see that there is a lot of information that isn’t directly related to the IP address, such as query time, the DNS server that was queried, query status, and other details.
Here’s a simplified way to achieve the same results:
+noall disables stats, comments and other non-useful things, and
+answer will only include the answer from the DNS server, the very part we need.
For an even easier way to do it, use the
nslookup is another widely-used system and network administration terminal-based tool available on Unix/Linux and Windows systems.
This tool is mostly used while running network diagnostics and system administration tasks, often to query DNS servers as a way to grab the IP address behind a host.
Let’s illustrate how to use nslookup to run a simple domain IP lookup:
One way to use the host command to perform an IP lookup is to query against an IP address. You can also use it bidirectionally when querying hostnames — host can help security researchers perform DNS lookups to translate hostnames into IP addresses, and vice versa. It supports different lookups for various DNS records such as A, MX or NS records.
To find the IP address of the remote securitytrails.com server, just type:
This will return something like:
As you see, you obtained the main IP address (188.8.131.52) from the A-type DNS record, as well as the MX records from Google G-suite.
Let’s see the opposite now with the IP addresses of two [popular DNS servers][blog_dnsservers] such as Cloudflare’s
184.108.40.206 and Google’s
In this case, we obtained the rDNS or PTR record from the IP network provider. This is also called reverse IP lookup, or rDNS lookup.
The WHOIS command is one of our favorite terminal commands, as it can reveal a lot of information about any IP address.
As seen in our WHOIS History article, the WHOIS command dates back to the time of ARPANET, and its development has continued to the present day.
When you use WHOIS to perform an IP lookup, your host will try to pick the right WHOIS database server to ask for the information you need. Other times, it will connect to whois.networksolutions.com for NIC handles, or to ARIN at whois.arin.net when you need to perform network and IPv4 lookups.
While it can also be used to fetch domain information, we’ll use it this time to fetch IP information.
The syntax is pretty simple:
Output example against Cloudflare’s
220.127.116.11 IP address:
As you see, this tool gave us a few important details about the IP address, such as the network source (APNIC), the AS number (AS13335), INET number (
18.104.22.168), description of the network (APNIC and Cloudflare DNS Resolver project / Routed globally by AS13335/Cloudflare), abuse email address ([email protected] / [email protected]), as well as the full mail address (6 Cordelia St, PO Box 3646, South Brisbane, QLD 4101 - Australia).
You’re reading this correctly: Nmap is not only one of the best network mappers and port scanners around, it’s also a useful utility when it comes to IP lookups.
Check Ip Hosting Provider
By using Nmap with its powerful NSE scripts, you can also run any IP WHOIS lookup.
The whois-ip NSE script queries the Regional Internet Registries (RIR) WHOIS databases and tries to fetch as much information as possible about the target, such as inetnum, inetname, description, country, organization name and associated email address.
nmap target --script whois-ip
BGPView allows any visitor to perform network and IP lookups using a web-based interface, or an API, to view details about IP addresses, ASN, prefix or any resource name on the Internet.
When it comes specifically to IP lookups (in this case bgpview.io/ip/22.214.171.124), it can reveal a lot of information (similar to the whois command), but a handy feature with this tool is its rDNS lookup, and the ability to cross data and jump into related network data such as AS (bgpview.io/asn/13335) or explore the full IP range (126.96.36.199/24).
Historical IP Lookup
Nowadays, network, domain and IP history are critical for investigating any infosec incident, offering the information needed to expose useful information such as where the domain was hosted, technical and personal details about the person involved, where the web servers were hosted, or what MX servers were used to send an email.
SecurityTrails IP History is one of the easiest ways you can perform a historical IP lookup. You can do it by using our web-based interface, or by API. Let’s see two practical examples of how you can perform a simple IP lookup.
- Move to SecurityTrails.com
- Enter your domain name, and press Search.
In less than a second, you’ll have the full IP lookup with all the IPV4 records found for that server, including domain name, Alexa rank, web hosting provider and email provider.
One of our tool’s handiest features is the IP neighbors function, which lets you find all the neighbors hosted on the same IP address ordered by IP range and number of sites hosted.
By using our API you can accomplish the same results. Our API supports a wide range of programming languages and integrations, but for this quick example we will launch a query against our database using the old terminal-based curl utility:
Expected output will show something like this:
Our Passive DNS API allows you to fully integrate our intelligent cybersecurity database within your own apps, automating the entire OSINT process in just minutes.
How to perform a passive IP lookup
SurfaceBrowser™ is our enterprise-security OSINT tool that allows you to test, access and correlate domain, DNS and IP data-sets in mere seconds.
Chosen by public and private infosec agencies to perform deep and thorough investigations into all cybersecurity aspects of domain names belonging to any company in the world, it’s also a great way to perform IP research.
IP lookup check
To perform an IP lookup check with SurfaceBrowser, you simply need to follow these steps:
Important: if you don’t have a SecurityTrails account with SurfaceBrowser™ enabled, book a demo today with our Sales team! Or sign up for a 7-day trial for only $49.
- Login to your SecurityTrails account at [securitytrails.com/app/auth/login][account_login]
- Move to the SurfaceBrowser™ interface: securitytrails.com/app/sb
- Enter the IP address you wish to explore.
- Browse the results and pivot between the ASN, IP and domain data links.
As you can see, by using the IP lookup tool you will be able to access IP details such as associated rDNS, ASN number, Organization, Type of Company and IP route. A real-time map of the geographical IP address origin will be displayed as well.
The same applies to IP ranges—you can extract all the intel about any IP range in the world. In the following example, we’re exploring Cloudflare’s range 188.8.131.52/24:
If you click ‘Explore nearby IPs’, you will find many additional IP ranges associated with your initial IP search, letting you find sites hosted on each one of those ranges instantly.
SurfaceBrowser™ also allows you to explore all the hosted domains within any IP address, and find details about every one of them. The filter lets you order results by hostname, Alexa rank, computed company name, registrar, expiry date, creation date, mail and hosting provider.
It’s an easy and efficient way to cross data and pivot between all information extracted from that single IP address.
Reverse IP lookup verification
A PTR record is also known as reverse DNS, or rDNS. Quite simply, it’s the reverse information shown for the A DNS record.
Usually when you analyze an A record, you’ll find that it points to a domain name. On the other hand, a PTR record will map an IP address to a hostname—just the opposite.
PTR records are not only useful for finding data correlation in your infosec research, but also to protect against spammers and malicious domain names that will try to exploit your mail server. Therefore, most popular email providers always check for PTR records by performing domain and IP lookups before accepting any incoming email from external hostnames.
SurfaceBrowser™ has the ability to show you every PTR record from any company domain name in existence.
In this case, while analyzing cloudflare.com, we were able to get all the associated PTR records from each hostname, as well as the IPs responding to that hostname:
And for each one of those PTR records, you’ll be able to find critical information such as open ports and associated IP addresses.
By clicking the right column, all associated IP addresses belonging to that record will be displayed:
Check Host Ip Ubuntu
Reverse Ip Address Lookup
Performing an infosec investigation will always require the use of manual tools (such as ping and dig) when you run isolated tests and tasks. But when you need to accomplish a number of IP lookups, the entire process can become slow and time-consuming.
Fortunately, there’s a solution. By using our daily-updated historical IP database, you’ll be able to avoid using slow manual commands and start fetching results from our API database with your own apps.
Alternatively, SurfaceBrowser™ is a great infosec tool to cross data between your IP lookups, rDNS lookup, open ports, domain and DNS information in an instant.
Get your free API account today, or book a SurfaceBrowser™ demo with our sales team so you can get a deep IP lookup approach against any IP address and domain name in the world!
Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.