Registry Lens

Look up IP ASN, IP RDAP/WHOIS, and domain DNS details for investigations.

Ready

Evidence Input

0IPs
0Domains
0Ignored

ASN Results

IP ASN Prefix Country Registry Allocated AS Name

IP RDAP / WHOIS

No IP RDAP results yet.

Domain DNS Records

No domain results yet.

Lookup Sources

ASN

Team Cymru bulk whois service: whois.cymru.com:43

IP Registration

IANA RDAP bootstrap is used to route each IP to ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC, or an indicated NIR/referral source.

DNS

The server resolver queries A, AAAA, CNAME, MX, NS, TXT, SOA, CAA, and SRV records.

Run a lookup to see exact queried databases.

How Registry Lens Works

Registry Lens turns pasted indicators from logs into network, DNS, and registration context. It extracts IP addresses and domains, then performs live lookups against public infrastructure data sources.

Pasted logs, IPs, domains, or URLs

IP Path

  1. Extract valid IPv4 and IPv6 addresses
  2. Query Team Cymru for ASN and prefix data
  3. Use IANA RDAP bootstrap to find the correct RIR/NIR
  4. Fetch RDAP registration details and contacts

Domain Path

  1. Extract domains and hostnames from text
  2. Query DNS records and parent-domain context
  3. Fetch domain registration data using RDAP or WHOIS
  4. Send resolved A/AAAA IPs through the IP path

What The Results Mean

ASN

Shows the network announcing or associated with an IP prefix. This is routing context, not necessarily the end customer.

IP RDAP / WHOIS

Shows registration data from ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC, or a referred NIR where available.

Domain Registration

Shows registrar, dates, status, nameservers, and contacts from domain RDAP or WHOIS fallback.

Data Sources

  • Team Cymru bulk whois service for IP-to-ASN lookups.
  • IANA RDAP bootstrap files for routing IP and domain RDAP requests.
  • RIR and NIR RDAP services for IP registration data.
  • TLD RDAP and WHOIS servers for domain registration data.
  • The server DNS resolver for DNS record lookups.

Limitations

  • Results are live and can change over time.
  • External services may timeout, rate-limit, redact fields, or return referral records.
  • DNS answers may vary by resolver, geography, and TTL.
  • ASN data, IP registration data, and domain registration data answer different questions.

Credits

Registry Lens was developed by Adli Wahid.

Contact: adli@apnic.net