Skip to content

IP/Domain Info

IP/Domain Info tool provides an easy way to obtain a summary of Netlas data for a specific IP address or domain name. By aggregating data from nearly all Netlas data collections in a single request, users receive a thorough overview of the target.


Input a valid IP address or domain name to retrieve data.

Without an argument, the tool returns a summary for the requester's IP, allowing you to quickly assess your external IP by visiting Netlas app.

The IP/Domain Info tool is limited to single-host queries by IP address or domain name. For multi-target investigations, query each target individually. See the automation section bellow to get ideas on how to batch the operations.

The IP/Domain info tool doesn't support complex queries, conditions, and operators.


The tool returns different data for IPs and domains. The most majority of fields are optional.

IP/Domain Info tool IP/Domain Info tool

Please note, data availability depends on your pricing plan

For example, if your pricing plan does not provide you with access to contact details such as phone numbers and email addresses, this data will not be returned (displayed) by any of Netlas tools.

Anonymity Labels

Displayed next to the IP address are labels indicating if the IP is associated with a TOR exit node, a VPN, or a proxy service.

TOR / VPN / Proxy bages TOR / VPN / Proxy bages

  • TOR label displayed if the IP address hosts a TOR exit node according to Onionoo protocol data. Updated daily.

  • VPN label displayed if the scanner has detected a software of the corresponding category. Updated during scanning.

  • Proxy label displayed if the scanner has detected socks-proxy service. Updated during scanning.


Identify the organization managing an IP address using Organization and PTR fields.

The Organization field in the IP info view is a calculated property:

  1. By default it equals to net.organization field.
  2. If net.organization is undefined, it equals to net.description.
  3. If net.description is also undefined, it equals to

The PTR, if present, typically indicates a domain owned by the organization.

Scan Results

Display of scan results varies between IP addresses and domains:

  • For IP addresses, all available protocols are displayed, including HTTP requested by IP.

  • For domains, only the HTTP protocol scan results are displayed.

Scan results on IP address view Scan results on IP address view

Scan results on Domain view Scan results on Domain view

For comprehensive scan data, use the Responses Search button.