I ran this on my own IP (Time Warner cable dynamic IP) and was surprised to see I was in a Spamhaus list. I dug a little deeper and I found that the IP was in a PBL (Policy Block List).

Spamhaus says the following in its FAQ about the PBL (https://www.spamhaus.org/faq/section/Spamhaus%20PBL#183):

"The first thing to know is: THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned to ISP broadband customers (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for dynamic IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should be on the PBL. Even static IPs which do not send mail should be listed in the PBL."

So, in this tool, presumably any dynamic IP will turn up as "Listed in spamhaus PBL", which might cause some undue alarm to the uninformed. Maybe you should just show a yellow warning saying "you're a dynamic IP address" or something of that sort.

Congrats on the tool, it is really neat!

Very nice UI! If you're looking for something similar via an API you can try my service http://ipinfo.io:

    $ curl ipinfo.io/8.8.8.8
    {
      "ip": "8.8.8.8",
      "hostname": "google-public-dns-a.google.com",
      "city": "Mountain View",
      "region": "California",
      "country": "US",
      "loc": "37.3845,-122.0881",
      "org": "AS15169 Google Inc.",
      "postal": "94040"
    }

    $ curl ipinfo.io/8.8.8.8/org
    AS15169 Google Inc.
    

It also supports lookup of IPv6 addresses (but not IPv6 connections, due to AWS). See http://ipinfo.io/about for more details

Do you sell an offline version? My company would be interested but no way would they sign on to transmitting the IP lookups to a third party.

Yes we offer various different downloadable datasets. Reach out to ben@ipinfo.io or use our contact form if you'd like more details.

Was looking for this earlier today, and here I just stumble across it. Thanks for sharing!

I've been using ipvoid.com so far (without using an API) because it shows this information along with a blacklist check on like 40 lists

edit: for checking ports: shodan.io for (r)dns: robtex.com

I use this all the time. Thanks for running it!

It says you're also using the MaxMind DB? I assume this is the free, public set? (I still the value of the API.)

ipinfo.org has been amazingly useful for me. Thanks for putting in the time -- it's a great product!

Looks useful!

There are some issues with the port detection on my IP address though: HTTP was 'disabled' (whatever that means, but it's open and apache is listening) and SMTP was incorrectly labeled 'closed'. Https detection was correct, and ssh was 'closed', which could be correct if it means 'RST returned' rather than 'firewalled'.

Also I'd prefer seeing an OpenStreetMap tile rather than having Google log my visit, but that is probably just me. On the positive side, Piwik instead of GA :)

Another small point: I'm not sure which address you're looking for, but the whois info of my IP definitely contains an abuse address (80.100.131.150).

Author here, I only include a static map, no JS from Google. But I'll look into it, I'm also not a huge fan of Google being able to log all visits.

Abuse mails get parsed from the RIR WHOIS data, this involves lots of regexes, which can be wrong sometimes. In your specific case it is the fact that it can't yet parse the remarks statement.

Although it does load something from Google, it's not Javascript indeed. Thanks for thinking about it!

From hovering over the (?) next to Disabled: > Due to Conficker Sinkholes, the server got listed a few times on blacklists, so I decided to disable the HTTP check

Yeah, the port detection seems to be a bit funky. It says my smtp port is open and I panicked a little bit, but everything is pointing out it's not open to the public.

The website doesn't function without like 5 different JS libraries from another 3rd party, so it's not just Google logging your visits. Unfortunately, this is considered totally acceptable for some reason

edit: Just noticed it's also loading fonts from Google

Author here, it's actually only JSdeliver and Google (analytics.dolansoft.org is mine). I wrote the tool a long time ago (like 2 years), there is a new version available internally which minifies all resources into static files delivered from my own server.

Nice!

Suggestion: Accept host names as well, despite the name of the service.

You mean reverse DNS? I see that listed on the second line of the "info" box

No, allow us to enter a hostname instead of an IP address to look up.

Obviously a hostname could resolve to multiple IPs or no IPs, but that's a solvable problem.

Right. It's can be quite fun/useful to quickly look up this type of information for e.g. random website hostnames, without having to manually look up the IP first.

Oh, duh. That would make sense.

Thanks, I'll put that on the todo list for the next version.

I have a similar service that I'm working on in my free time. There are many alternatives to AWS that offer full IPv6. Until you need the features AWS affords I'd definitely recommend trying some of the smaller alternatives (cheaper, too). Happy to share some options with you in private.

> Error! No IPv6 possible yet

No so much "any IP" then, is it?

If you are looking to do more persisted research around a domain or ip address, consider checking out PassiveTotal (https://www.passivetotal.org) . We draw in a lot of the same free feeds, but also have the most comprehensive passive dns aggregation out there, and let users pivot on Whois and ssl certificate data from Internet scans. API is documented and available to use for all account types. We also host free Maltego transforms if you want more of a graph analysis solution.

Nice! Any chance of making this open-source? I'm trying to learn node-js and it looks like you've used a few node modules, so it would be handy to see how it's done.

If you're interested in more in-depth port/ SSL/ host information you can pull the data for free using the Shodan API (https://developer.shodan.io/api). For SSL we also explicitly test for Heartbleed, support for SSL versions, POODLE and a few other issues. Each IP also gets scanned for more than 200 ports so all popular services are covered fully.

Looks really cool, it's hard to get a complete view with most of the other tools out there. This is definitely a keeper.

https://myip.ms/info/whois/212.51.131.143 https://www.domaintally.com/hosted-ip/212.51.131.143/

Incorrectly identifies that I have SMTP open...

My IP doesn't work. It says "undefined"

You have to click on the IP not just on "Analyse" with the empty IP field. Ran into the same problem.

Very useful and better than all those websites that come up on a Google search. Well done.

Super slick interface. nice.

How about hostname lookup as well as by IP? Otherwise, pretty neat service.

by testing couple of IPs i get city unknown but google map is pointing to more or less correct location.

why don't you use some service to get city by long/lat? i think google should have something for this

Very nice. Looks like the smtp port detection report is reversed though.

Nice, everything I need to know in one place. I'll bookmark this.

it uses websockets to get the information to the browser. a little weird, but whatever, my question is why does the socket remain open after the information is downloaded?

It asynchronously pushes all info so that you can view everything as soon as the server gets it. It keeps the connections open because new requests also use WebSockets.

Ah, didn't realize new requests used the same socket. that makes a lot more sense

Positioning is so wrong. Places IP 800miles to the East from original location. Services practically undiscovered.

Really accurate geolocation is not that easy, most public dbs are seriously polluted.