myipcat.com — Tank myipcat
Home  /  Tools  /  Domain Infrastructure

Domain Infrastructure Lookup

See who actually hosts a domain — web server provider, mail server provider, DNS host, all in one view. Pulls every DNS record and looks up the netblock owner of each IP. Inspired by NirSoft's DomainHostingView tool, but in your browser with no Windows required.

What this does: Queries DNS for every common record type (A, AAAA, MX, NS, TXT, SOA, CNAME). Then for each IP found, it queries the regional internet registry (ARIN/RIPE/APNIC) to identify which company owns that netblock. Result: you see "web is at WPEngine, mail is at Amazon, DNS is at GoDaddy" without bouncing between five different sites.

About this tool

What you get back

  • All DNS records for the domain — A, AAAA, MX, NS, TXT, SOA, CNAME — pulled in parallel from Cloudflare's public resolver.
  • Server identification — for each IP found in those records, the netblock owner (the actual company that owns the IP range), the CIDR, and where possible the abuse contact and country.
  • Role labeling — each server is tagged web (from A/AAAA records), mail (from MX records resolved to IPs), or DNS (from NS records resolved to IPs). One IP can have multiple roles if it's serving multiple things.

What this is good for

  • Migration planning. You're moving a customer to a new host — you need to know whether their web, mail, and DNS are at the same provider or different ones. This shows you in 3 seconds.
  • "Where is this site actually hosted?" Marketing sites with private WHOIS often hide everything; the IP ownership tells you the real story (Squarespace, Wix, WordPress.com, Shopify, custom AWS, etc.).
  • Phishing investigation. If a phishing domain points its mail server at a hosting provider you can report abuse to — this shows you the abuse contact email.
  • Outage debugging. When a partner's site is down, this tells you whose support to call (their hosting provider, not them).

Limitations — the honest part

  • Some IPs won't resolve. Public RDAP servers (ARIN, RIPE, etc.) sometimes block bursts of requests from the same source IP. We retry across multiple servers but a fraction of lookups still fail, especially for shared CDN ranges (Cloudflare, Google, Akamai). Hit lookup again in a minute and missing rows usually fill in.
  • Postal addresses are usually empty for cloud IPs. AWS, Azure, GCP, etc. don't publish street addresses for their netblocks via RDAP. ARIN-allocated IPs sometimes have addresses; RIPE (Europe) hides them per GDPR.
  • 20 IP cap. Domains with huge mail or DNS pools (Slack-tier infrastructure) get truncated to the first 20 IPs to stay within Cloudflare Workers' subrequest budget. We tag the response so you know there were more.
  • No DNS history. This tool shows current DNS only. Historical DNS records would require a paid data source like SecurityTrails or DNSDB and aren't free to provide. For now, snapshot a domain's records here, save the JSON, and compare yourself.
  • CNAME flattening. If the A record is actually a CNAME chain, we follow Cloudflare's resolver's flattening — same answer most consumer DNS resolvers would give.

How netblock ownership works

Every IP address on the public internet is part of a "netblock" allocated by one of five Regional Internet Registries: ARIN (North America), RIPE (Europe/Middle East), APNIC (Asia/Pacific), LACNIC (Latin America), AFRINIC (Africa). Those registries publish ownership data via the Registration Data Access Protocol (RDAP, RFC 7480-7484, the modern replacement for WHOIS). We query rdap.arin.net for every IP, which automatically redirects to the right RIR for IPs not allocated by ARIN. The result tells us which company holds the allocation, which gives us the hosting/network operator's identity.

Compare with WHOIS Lookup

If you only need who registered the domain itself — the registrar, expiration date, name servers — use the simpler and faster WHOIS / Domain Lookup. This tool (Domain Infrastructure) is the heavier sibling: it pulls all DNS records and looks up every IP's netblock owner. Use WHOIS for the "what registrar?" question, use this for the "where is everything actually hosted?" question.