Skip to content

IP/Domain Info

IP/Domain Info tool provides an easy way to obtain a summary of Netlas data for a specific IP address or domain name. By aggregating data from nearly all Netlas data collections in a single request, users receive a thorough overview of the target.


Input a valid IP address or domain name to retrieve data.

Without an argument, the tool returns a summary for the requester's IP, allowing you to quickly assess your external IP by visiting Netlas app.

The IP/Domain Info tool is limited to single-host queries by IP address or domain name. For multi-target investigations, query each target individually. See the automation section to get ideas on how to batch the operations.

The IP/Domain info tool doesn't support complex queries, conditions, and operators.


The tool returns different data for IPs and domains. The most majority of fields are optional.

IP/Domain Info tool IP/Domain Info tool

Please note, data availability depends on your pricing plan

For example, if your pricing plan does not provide you with access to contact details such as phone numbers and email addresses, this data will not be returned (displayed) by any of Netlas tools.

Anonymity Labels

Displayed next to the IP address are labels indicating if the IP is associated with a TOR exit node, a VPN, or a proxy service.

TOR / VPN / Proxy bages TOR / VPN / Proxy bages

  • TOR label displayed if the IP address hosts a TOR exit node according to Onionoo protocol data. Updated daily.

  • VPN label displayed if the scanner has detected a software of the corresponding category. Updated during scanning.

  • Proxy label displayed if the scanner has detected socks-proxy service. Updated during scanning.


Identify the organization managing an IP address using Organization and PTR fields.

The Organization field in the IP info view is a calculated property:

  1. By default it equals to net.organization field.
  2. If net.organization is undefined, it equals to net.description.
  3. If net.description is also undefined, it equals to

The PTR, if present, typically indicates a domain owned by the organization.

Threat Intelligence Data

For an IP address or domain, threat intelligence records can also be displayed. This information is provided by our partners.

Netlas stores and displays IoCs (Indicators of Compromise) for the past year, so please take note of the date in the first column. Some IoCs may be reported as false positives; these will be marked with a special symbol in the last column. The IoCs data is updated daily.

Threat intelligence data is available only in the IP/Domain Info Tool.

Indicators of Compromise in Netlas Indicators of Compromise in Netlas

Scan Results

Display of scan results varies between IP addresses and domains:

  • For IP addresses, all available protocols are displayed, including HTTP requested by IP.

  • For domains, only the HTTP protocol scan results are displayed.

Scan results on IP address view Scan results on IP address view

Scan results on Domain view Scan results on Domain view

For comprehensive scan data, use the Responses Search button.