Network and Security Investigation Tools for IPs, Domains, and Subnets

Move from a suspicious IP, hostname, or CIDR block to public-record facts without switching between multiple tabs.

Use ComUtil for first-pass investigation only: ASN ownership, registrar metadata, nameservers, certificate details, and deterministic subnet math. These pages do not score maliciousness or make final security verdicts.

Quick Start

Check an IP and ASN owner

Start from a public IP when you need ASN, registry, and network-range context before escalating.

Read the guide

Follow the investigation workflow

Use a practical order for suspicious domains, source IPs, and provider ranges.

Read the workflow

Check domain WHOIS and SSL

Confirm registrar, expiration date, nameservers, and certificate timing in one lookup.

Read the guide

Understand CIDR scope

Measure whether an address belongs to a single host, a small subnet, or a large provider block.

Read the guide

Start with IP, domain, or subnet?

I already have a public IP address.

Use the IP guide when the question is who owns this address, which registry allocated it, and whether the range matches the provider you expected.

Investigate the IP

I need JSON output for one public IP lookup.

Use the API guide when you want the live /api/ip request shape, response fields, and guardrails before you automate a single-IP lookup.

Read the API guide

I started from a hostname, URL, or login domain.

Use the domain guide to review registrar data, nameservers, and SSL timing before you pivot into infrastructure ownership.

Check the domain

I need the triage order, not just one tool.

Use the workflow page when the investigation spans domain facts, IP ownership, and CIDR scope.

Open the workflow

The question is whether a whole range should be allowed or blocked.

Use the CIDR guide when you need host counts, subnet boundaries, or a safer way to reason about provider-sized ranges.

Review CIDR scope

Investigation workflow

1

Domain facts

Confirm registrar, expiration, nameservers, and certificate details when the investigation starts from a hostname.

2

IP ownership

Inspect ASN, registry, and network-range data to see whether the source belongs to the provider or geography you expected.

3

CIDR scope

Measure how large the relevant subnet is before you widen an allowlist or blocklist to a whole provider range.

4

Escalate with evidence

Carry verified public-record facts into your security review instead of relying on vague reputation assumptions.

Related tools

IP lookup API guide

See the live /api/ip request pattern, example snippets, and response fields before you script a single-IP lookup.

WHOIS vs RDAP

Compare where WHOIS still fits for domains and where RDAP gives you more structured ownership context.

Unix Timestamp

Check the exact timing behind domain expiration dates or token windows when a security review depends on chronology.

JSON Editor

Format exported API payloads or incident notes before you share them with a teammate.

Diff Checker

Compare old and new allowlists, deny lists, or infrastructure notes once the investigation facts are clear.