WHOIS Lookup

Overview

The WHOIS Lookup tool provides comprehensive IP intelligence including:

• Geolocation: Country, region, city, timezone

• Network Information: ASN, organization, CIDR

• Security Intelligence: Threat detection, risk scoring, recommendations

• Infrastructure Analysis: Datacenter detection, anycast identification

Performing a Lookup

Steps:

1. Navigate to Tool

   • Click Whois Lookup in the sidebar

2. Enter IP Address

   • Type the IP address in the search field

   • Supports both IPv4 and IPv6

   • Examples:

     • IPv4: 8.8.8.8

     • IPv6: 2001:4860:4860::8888

3. Search

   • Click Lookup

   • Results appear within seconds

4. Review Results

   • Data organized into clear sections

   • JSON view available for raw data

Understanding Results

Location Information

Data provided:

• Country: Full name and 2-letter code

• Region: State or province

• City: City name

• Timezone: IANA timezone identifier

• Coordinates: Latitude and longitude (in JSON)

• Postal Code: ZIP or postal code (in JSON)

• Continent: Continent name and code (in JSON)

Example:

Use cases:

• Verify user location

• Detect VPN/proxy usage

• Geofencing and compliance

• Localized content delivery

Network Information

Data provided:

• ASN: Autonomous System Number

• Organization: ISP or hosting provider

• CIDR: Network range

• Anycast: Whether IP uses anycast routing

Example:

Use cases:

• Identify hosting providers

• Detect cloud services

• Network troubleshooting

• Infrastructure analysis

Security Intelligence

The most powerful feature - comprehensive threat analysis.

Risk Assessment:

• Trust Score: 0-100 (higher is better)

• Risk Score: 0-100 (lower is better)

• Threat Level: Low, Medium, High, Critical

• Recommendation: Allow, Flag, or Block

Security Indicators:

• Is Proxy: Anonymous proxy detection

• Is Datacenter: Hosting/datacenter IP

• Is Threat: Known malicious activity

• Is Satellite: Satellite provider

• Threat Types: Specific threat categories (in JSON)

Example - Safe IP:

Example - Risky IP:

Color coding:

• 🟢 Green (Allow): Safe to allow

• 🟡 Yellow (Flag): Monitor or challenge

• 🔴 Red (Block): High risk, consider blocking

Use Cases

Fraud Prevention

Scenario: E-commerce checkout

Check for:

• Datacenter IPs (potential fraud)

• High risk scores

• Mismatched geolocation

• Known threat IPs

Action:

• Trust Score < 50: Require additional verification

• Recommendation = Block: Reject transaction

• Datacenter IP: Flag for manual review

Account Security

Scenario: Login attempt from new location

Check for:

• Unusual location vs user's history

• Proxy/VPN usage

• Threat indicators

Action:

• Different country: Trigger 2FA

• Proxy detected: Send verification email

• High risk: Block and notify user

API Access Control

Scenario: Rate limiting and access decisions

Check for:

• Datacenter vs residential

• Known malicious IPs

• Geographic restrictions

Action:

• Datacenter: Apply stricter rate limits

• Threat detected: Block API access

• Restricted country: Deny access

Content Delivery

Scenario: Serving localized content

Use:

• Country and region data

• Timezone information

• Language preferences

Action:

• Redirect to regional site

• Display localized content

• Set appropriate timezone

JSON Response

Click to view the raw JSON response for programmatic use.

Structure:

Use cases:

• Copy for API integration testing

• Save for documentation

• Analyze patterns

• Debugging

Best Practices

Interpreting Results

Trust Score guidelines:

• 90-100: Highly trustworthy

• 70-89: Generally safe

• 50-69: Moderate caution

• Below 50: High caution

Risk Score guidelines:

• 0-25: Low risk

• 26-50: Moderate risk

• 51-75: High risk

• 76-100: Critical risk

Recommendations:

• Allow: Safe to proceed

• Flag: Add extra verification

• Block: High risk, consider denying

Decision Making

Don't rely solely on one indicator:

• Combine multiple signals

• Consider context (user behavior, history)

• Use risk scores as guidance, not absolute rules

• Implement tiered responses

Example decision tree:

Limitations

Data accuracy:

• Geolocation is approximate (city-level)

• IP ownership can change

• VPNs may mask true location

• Mobile IPs may show carrier location

Not a replacement for:

• Comprehensive fraud detection

• Full security audits

• Legal compliance verification

• Identity verification

Use as part of:

• Multi-factor authentication

• Layered security approach

• Risk-based decision making

• User behavior analysis

Troubleshooting

"Invalid IP address format"

Cause: IP address is malformed

Solutions:

• Verify IPv4 format: XXX.XXX.XXX.XXX

• Verify IPv6 format: Valid hex groups

• Remove extra spaces

• Don't include port numbers

Incomplete Data

Possible reasons:

• IP is newly allocated

• Private/internal IP address

• Limited database coverage

• IP is reserved/special use

What to do:

• Verify IP is public

• Try again later

• Check if IP is in private range

• Reach out to [email protected] and submit a correction

Privacy Considerations

What's logged:

• IP addresses you look up

• Timestamp of lookup

• Your user ID

What's NOT logged:

• Why you're looking up the IP

• What you do with the results

• Associated user data

Data retention:

• Lookup history: 90 days

• Rate limit counters: 60 seconds

API Integration

For programmatic access to IP intelligence: Use the API endpoint.

Benefits:

• Batch lookups

• Automated integration

• Real-time threat detection See API Documentation for details.

Next Steps

• Create API keys for programmatic access

• Set up whitelist based on lookup results

• Monitor usage to track API consumption

• Review security settings for your account