IP Address Research: 5 Methods to Do It | WhoisXML API

WhoisXML API Blog

IP Address Research: 5 Ways to Do It Explained

IP Address Research: 5 Ways to Do It Explained

Personalization is the way to go when it comes to targeted marketing and advertising. Customers, existing and potential alike, want to feel that the brands they support care about their needs and try to predict what they might want. That’s what makes IP address research critical for digital marketers and advertisers. 

But they aren’t the only ones who can benefit from IP geolocation data, cybersecurity pros, fraud protection agents, and market researchers do, too. Every computer or mobile device, after all, has a designated IP address that helps today’s companies and individuals pinpoint where their strongest markets are, identify where threats likely come from, detect potentially fraudulent transactions, and predict consumption patterns and trends.

5 Lookups Explained for IP Address Research

There are tons of ways to locate an Internet user and we’ll discuss them in greater detail in the next sections. You can choose one or more of them to improve your IP address research for any of your business- or cybersecurity-related processes.

Option #1: Using a Bulk IP Lookup Tool

It’s often the norm for any company that sells products online to keep a customer database. That’s how marketers keep track of purchases, determine their loyal shoppers, personalize content, and take advantage of strategies like geo-targeting.

Logging IP addresses that come into contact with one’s network, meanwhile, is also a given now since cyberattacks are widespread. IP address research is one of the means cybersecurity analysts use to determine an attacker’s possible location, identify cybercrime hotspots, prevent fraud, and block access to and from threat sources.

A bulk IP lookup tool is an easy way to do IP address research. You can perform one in two ways.

You can upload a comma-separated values (CSV) file containing all of the IP addresses you wish to query into the input field and click Upload. Alternatively, you can copy and paste all of the IP addresses from a network log, for instance, into the input field and click Upload. Wait a few minutes and download the results in CSV format.

Bulk IP Lookup Tool

You will get an IP address list like the one below, which tells you the IP addresses’ corresponding countries; regions or states; cities; latitude and longitude coordinates; postal codes; time zones; Internet service providers (ISPs); domain resolutions (maximum of three); and Autonomous System (AS) numbers, routes, domains, and types.

Using a Bulk IP Lookup Tool

Option #2: Using a WHOIS Lookup Tool

While WHOIS searches are more typically used to obtain domain ownership information, it is also useful for IP address research. An IP address search on a WHOIS lookup tool will tell you who or what company administrates it. Registry data can be useful in cybersecurity when it comes to reporting abuse.

WHOIS Lookup Tool

Option #3: Using a Bulk IP WHOIS Lookup Tool

Bulk WHOIS lookups provide the same results as an ordinary WHOIS search with one major difference—you can query as many as 500,000 IP addresses at one time. You can use it the same way you would a bulk IP lookup tool. Upload a CSV file containing the IP addresses you’d like to query using the input field. Copying and pasting IP addresses into the field works as well. 

Bulk IP WHOIS Lookup Tool

Wait for the processing to finish and download the results. It should look something like this:

Using a Bulk IP WHOIS Lookup Tool

Option #4: Using a Reverse IP/DNS Lookup Tool

Passive Domain Name System (DNS) data such as that from reverse IP/DNS lookup tools can help with IP address research as well. The information you gain from such searches can be useful in additional threat artifact discovery, asset mapping, and indicators of compromise (IoCs) list expansion.

Given an IP address, you can identify all of the domains that resolved to it at one point in time. If you take the malicious IP address 186[.]236[.]14[.]64 identified by AbuseIPDB as of 27 May 2021, for instance, you would know that it’s connected to the subdomain dynamic-186-235-14-64[.]ntcom[.]com[.]br.

Using a Reverse IP/DNS Lookup Tool
Reverse IP/DNS Lookup Tool

If you would like to avoid the threats related to 186[.]236[.]14[.]64, therefore, avoiding dealings with dynamic-186-235-14-64[.]ntcom[.]com[.]br should become part of your cybersecurity strategy.

Option #5: Using Nmap

Nmap is essentially an open-source network mapper and port scanner but is also useful for IP address research. To perform an IP address search, follow these steps:

  • Download the version that’s compatible with your system Nmap’s website.
  • Open the program. Type # nmap -sL <IP address>.

You should see a result that looks like this:

Using Nmap

Making Your Choice

Among the ways to conduct IP address research mentioned above, it is generally more advantageous to use bulk options if you need to query thousands of IP addresses at one time. Bulk IP Lookup, for example, can give you the geolocation data of up to 100,000 users in one go while Bulk IP WHOIS Lookup can do so for 500,000 IP addresses at once.

The results from both Bulk IP Lookup and Bulk IP WHOIS Lookup also come in a format that you can easily correlate with other databases. You can also create charts using the IP address research data you collated by simply saving the CSV file as a spreadsheet using programs like Excel (on Windows) or Numbers (on macOS).

Your choice of IP address solution depends on your business requirements. If you wish to simply find the physical locations of thousands of users, use a bulk IP lookup tool. If you need to identify who is in charge of a particular IP address, you can opt for IP WHOIS Lookup or Bulk IP WHOIS Lookup. What’s more, if you’re mapping a potential cyber attacker’s infrastructure, you may choose Nmap or passive Domain Name System (DNS) lookup tools like Reverse IP Lookup.

Try our WhoisXML API for free
Get started