
Show HN: IPalyzer – Analyze any IP for location, RDNS, blacklisting - k5hp
https://ipalyzer.com
======
ereyes01
I ran this on my own IP (Time Warner cable dynamic IP) and was surprised to
see I was in a Spamhaus list. I dug a little deeper and I found that the IP
was in a PBL (Policy Block List).

Spamhaus says the following in its FAQ about the PBL
([https://www.spamhaus.org/faq/section/Spamhaus%20PBL#183](https://www.spamhaus.org/faq/section/Spamhaus%20PBL#183)):

"The first thing to know is: THE PBL IS NOT A BLACKLIST. You are not listed
for spamming or for anything you have done. The PBL is simply a list of all of
the world's dynamic IP space, i.e: IP ranges normally assigned to ISP
broadband customers (DSL, DHCP, PPP, cable, dialup). It is perfectly normal
for dynamic IP addresses to be listed on the PBL. In fact all dynamic IP
addresses in the world should be on the PBL. Even static IPs which do not send
mail should be listed in the PBL."

So, in this tool, presumably any dynamic IP will turn up as "Listed in
spamhaus PBL", which might cause some undue alarm to the uninformed. Maybe you
should just show a yellow warning saying "you're a dynamic IP address" or
something of that sort.

Congrats on the tool, it is really neat!

------
coderholic
Very nice UI! If you're looking for something similar via an API you can try
my service [http://ipinfo.io](http://ipinfo.io):

    
    
        $ curl ipinfo.io/8.8.8.8
        {
          "ip": "8.8.8.8",
          "hostname": "google-public-dns-a.google.com",
          "city": "Mountain View",
          "region": "California",
          "country": "US",
          "loc": "37.3845,-122.0881",
          "org": "AS15169 Google Inc.",
          "postal": "94040"
        }
    
        $ curl ipinfo.io/8.8.8.8/org
        AS15169 Google Inc.
        

It also supports lookup of IPv6 addresses (but not IPv6 connections, due to
AWS). See [http://ipinfo.io/about](http://ipinfo.io/about) for more details

~~~
sadris
Do you sell an offline version? My company would be interested but no way
would they sign on to transmitting the IP lookups to a third party.

~~~
coderholic
Yes we offer various different downloadable datasets. Reach out to
ben@ipinfo.io or use our contact form if you'd like more details.

------
lucb1e
Looks useful!

There are some issues with the port detection on my IP address though: HTTP
was 'disabled' (whatever that means, but it's open and apache is listening)
and SMTP was incorrectly labeled 'closed'. Https detection was correct, and
ssh was 'closed', which could be correct if it means 'RST returned' rather
than 'firewalled'.

Also I'd prefer seeing an OpenStreetMap tile rather than having Google log my
visit, but that is probably just me. On the positive side, Piwik instead of GA
:)

Another small point: I'm not sure which address you're looking for, but the
whois info of my IP definitely contains an abuse address (80.100.131.150).

~~~
lorenzbrun
Author here, I only include a static map, no JS from Google. But I'll look
into it, I'm also not a huge fan of Google being able to log all visits.

Abuse mails get parsed from the RIR WHOIS data, this involves lots of regexes,
which can be wrong sometimes. In your specific case it is the fact that it
can't yet parse the remarks statement.

~~~
lucb1e
Although it does load something from Google, it's not Javascript indeed.
Thanks for thinking about it!

------
johansch
Nice!

Suggestion: Accept host names as well, despite the name of the service.

~~~
finnn
You mean reverse DNS? I see that listed on the second line of the "info" box

~~~
danielparks
No, allow us to enter a hostname instead of an IP address to look up.

Obviously a hostname could resolve to multiple IPs or no IPs, but that's a
solvable problem.

~~~
johansch
Right. It's can be quite fun/useful to quickly look up this type of
information for e.g. random website hostnames, without having to manually look
up the IP first.

------
gazby
I have a similar service that I'm working on in my free time. There are many
alternatives to AWS that offer full IPv6. Until you need the features AWS
affords I'd definitely recommend trying some of the smaller alternatives
(cheaper, too). Happy to share some options with you in private.

------
teddyh
> _Error! No IPv6 possible yet_

No so much "any IP" then, is it?

------
x0ner
If you are looking to do more persisted research around a domain or ip
address, consider checking out PassiveTotal
([https://www.passivetotal.org](https://www.passivetotal.org)) . We draw in a
lot of the same free feeds, but also have the most comprehensive passive dns
aggregation out there, and let users pivot on Whois and ssl certificate data
from Internet scans. API is documented and available to use for all account
types. We also host free Maltego transforms if you want more of a graph
analysis solution.

------
secant
Nice! Any chance of making this open-source? I'm trying to learn node-js and
it looks like you've used a few node modules, so it would be handy to see how
it's done.

------
achillean
If you're interested in more in-depth port/ SSL/ host information you can pull
the data for free using the Shodan API
([https://developer.shodan.io/api](https://developer.shodan.io/api)). For SSL
we also explicitly test for Heartbleed, support for SSL versions, POODLE and a
few other issues. Each IP also gets scanned for more than 200 ports so all
popular services are covered fully.

------
ipdk
Looks really cool, it's hard to get a complete view with most of the other
tools out there. This is definitely a keeper.

[https://myip.ms/info/whois/212.51.131.143](https://myip.ms/info/whois/212.51.131.143)
[https://www.domaintally.com/hosted-
ip/212.51.131.143/](https://www.domaintally.com/hosted-ip/212.51.131.143/)

------
newman314
Incorrectly identifies that I have SMTP open...

------
sidarok
My IP doesn't work. It says "undefined"

~~~
dewey
You have to click on the IP not just on "Analyse" with the empty IP field. Ran
into the same problem.

------
tequila_shot
Very useful and better than all those websites that come up on a Google
search. Well done.

------
preinheimer
Super slick interface. nice.

------
niij
How about hostname lookup as well as by IP? Otherwise, pretty neat service.

------
gondo
by testing couple of IPs i get city unknown but google map is pointing to more
or less correct location.

why don't you use some service to get city by long/lat? i think google should
have something for this

------
janzer
Very nice. Looks like the smtp port detection report is reversed though.

------
cmdrfred
Nice, everything I need to know in one place. I'll bookmark this.

------
finnn
it uses websockets to get the information to the browser. a little weird, but
whatever, my question is why does the socket remain open after the information
is downloaded?

~~~
lorenzbrun
It asynchronously pushes all info so that you can view everything as soon as
the server gets it. It keeps the connections open because new requests also
use WebSockets.

~~~
finnn
Ah, didn't realize new requests used the same socket. that makes a lot more
sense

------
ommunist
Positioning is so wrong. Places IP 800miles to the East from original
location. Services practically undiscovered.

~~~
jacquesm
Really accurate geolocation is not that easy, most public dbs are seriously
polluted.

