> For the complete documentation index, see [llms.txt](https://docs.ipaware.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ipaware.io/dashboard/whois-lookup.md). # WHOIS Lookup ### Overview The WHOIS Lookup tool provides comprehensive IP intelligence including: * **Geolocation:** Country, region, city, timezone * **Network Information:** ASN, organization, CIDR * **Security Intelligence:** Threat detection, risk scoring, recommendations * **Infrastructure Analysis:** Datacenter detection, anycast identification *** ### Performing a Lookup **Steps:** 1. **Navigate to Tool** * Click **Whois Lookup** in the sidebar 2. **Enter IP Address** * Type the IP address in the search field * Supports both IPv4 and IPv6 * Examples: * IPv4: `8.8.8.8` * IPv6: `2001:4860:4860::8888` 3. **Search** * Click **Lookup** * Results appear within seconds 4. **Review Results** * Data organized into clear sections * JSON view available for raw data *** ### Understanding Results #### Location Information **Data provided:** * **Country:** Full name and 2-letter code * **Region:** State or province * **City:** City name * **Timezone:** IANA timezone identifier * **Coordinates:** Latitude and longitude (in JSON) * **Postal Code:** ZIP or postal code (in JSON) * **Continent:** Continent name and code (in JSON) **Example:** ``` Country: United States (US) Region: California City: Mountain View Timezone: America/Los_Angeles ``` **Use cases:** * Verify user location * Detect VPN/proxy usage * Geofencing and compliance * Localized content delivery #### Network Information **Data provided:** * **ASN:** Autonomous System Number * **Organization:** ISP or hosting provider * **CIDR:** Network range * **Anycast:** Whether IP uses anycast routing **Example:** ``` ASN: 15169 Organization: Google LLC CIDR: 8.8.8.0/24 Anycast: Yes ``` **Use cases:** * Identify hosting providers * Detect cloud services * Network troubleshooting * Infrastructure analysis #### Security Intelligence The most powerful feature - comprehensive threat analysis. **Risk Assessment:** * **Trust Score:** 0-100 (higher is better) * **Risk Score:** 0-100 (lower is better) * **Threat Level:** Low, Medium, High, Critical * **Recommendation:** Allow, Flag, or Block **Security Indicators:** * **Is Proxy:** Anonymous proxy detection * **Is Datacenter:** Hosting/datacenter IP * **Is Threat:** Known malicious activity * **Is Satellite:** Satellite provider * **Threat Types:** Specific threat categories (in JSON) **Example - Safe IP:** ``` Trust Score: 95 Risk Score: 5 Threat Level: LOW RISK Recommendation: ALLOW Infrastructure: Residential/Consumer ``` **Example - Risky IP:** ``` Trust Score: 20 Risk Score: 85 Threat Level: HIGH RISK Recommendation: BLOCK Infrastructure: Datacenter ``` **Color coding:** * 🟢 **Green (Allow):** Safe to allow * 🟡 **Yellow (Flag):** Monitor or challenge * 🔴 **Red (Block):** High risk, consider blocking *** ### Use Cases #### Fraud Prevention **Scenario:** E-commerce checkout **Check for:** * Datacenter IPs (potential fraud) * High risk scores * Mismatched geolocation * Known threat IPs **Action:** * Trust Score < 50: Require additional verification * Recommendation = Block: Reject transaction * Datacenter IP: Flag for manual review #### Account Security **Scenario:** Login attempt from new location **Check for:** * Unusual location vs user's history * Proxy/VPN usage * Threat indicators **Action:** * Different country: Trigger 2FA * Proxy detected: Send verification email * High risk: Block and notify user #### API Access Control **Scenario:** Rate limiting and access decisions **Check for:** * Datacenter vs residential * Known malicious IPs * Geographic restrictions **Action:** * Datacenter: Apply stricter rate limits * Threat detected: Block API access * Restricted country: Deny access #### Content Delivery **Scenario:** Serving localized content **Use:** * Country and region data * Timezone information * Language preferences **Action:** * Redirect to regional site * Display localized content * Set appropriate timezone *** ### JSON Response Click to view the raw JSON response for programmatic use. **Structure:** ```json { "ip": { "address": "8.8.8.8", "version": "IPv4", "network_start": "8.8.8.0", "network_end": "8.8.8.255" }, "location": { "country": "United States", "country_code": "US", "region": "California", "city": "Mountain View", "time_zone": "America/Los_Angeles", "latitude": 37.386, "longitude": -122.0838 }, "security": { "is_proxy": false, "is_datacenter": true, "is_threat": false, "threat_level": "low", "risk_score": 15, "trust_score": 85, "recommendation": "allow" }, "connection": { "asn": 15169, "org": "Google LLC", "asn_cidr": "8.8.8.0/24" } } ``` **Use cases:** * Copy for API integration testing * Save for documentation * Analyze patterns * Debugging *** ### Best Practices #### Interpreting Results **Trust Score guidelines:** * **90-100:** Highly trustworthy * **70-89:** Generally safe * **50-69:** Moderate caution * **Below 50:** High caution **Risk Score guidelines:** * **0-25:** Low risk * **26-50:** Moderate risk * **51-75:** High risk * **76-100:** Critical risk **Recommendations:** * **Allow:** Safe to proceed * **Flag:** Add extra verification * **Block:** High risk, consider denying #### Decision Making **Don't rely solely on one indicator:** * Combine multiple signals * Consider context (user behavior, history) * Use risk scores as guidance, not absolute rules * Implement tiered responses **Example decision tree:** ``` If risk_score > 75: → Block Else if risk_score > 40: → Require 2FA Else if is_datacenter: → Flag for review Else: → Allow ``` *** ### Limitations **Data accuracy:** * Geolocation is approximate (city-level) * IP ownership can change * VPNs may mask true location * Mobile IPs may show carrier location **Not a replacement for:** * Comprehensive fraud detection * Full security audits * Legal compliance verification * Identity verification **Use as part of:** * Multi-factor authentication * Layered security approach * Risk-based decision making * User behavior analysis *** ### Troubleshooting #### "Invalid IP address format" **Cause:** IP address is malformed **Solutions:** * Verify IPv4 format: `XXX.XXX.XXX.XXX` * Verify IPv6 format: Valid hex groups * Remove extra spaces * Don't include port numbers #### Incomplete Data **Possible reasons:** * IP is newly allocated * Private/internal IP address * Limited database coverage * IP is reserved/special use **What to do:** * Verify IP is public * Try again later * Check if IP is in private range * Reach out to and submit a correction *** ### Privacy Considerations **What's logged:** * IP addresses you look up * Timestamp of lookup * Your user ID **What's NOT logged:** * Why you're looking up the IP * What you do with the results * Associated user data **Data retention:** * Lookup history: 90 days * Rate limit counters: 60 seconds *** ### API Integration For programmatic access to IP intelligence: **Use the API endpoint.** **Benefits:** * Batch lookups * Automated integration * Real-time threat detection See [API Documentation](https://api-docs.ipaware.io/) for details. *** ### Next Steps * Create API keys for programmatic access * Set up whitelist based on lookup results * Monitor usage to track API consumption * Review security settings for your account --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.ipaware.io/dashboard/whois-lookup.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.