Lookups

Queries to external data sources — registry records, geographic databases, TLS handshakes, global DNS resolvers. Nothing here leaves a fingerprint on the target host; these are all side-channel lookups.

WHOIS

Queries the WHOIS ecosystem for a domain or an IP address, following the referral chain so you get the authoritative record, not just the top-level response.

• Input — domain (example.com, dr-online.pl) or IP (8.8.8.8, 2001:4860::).
• Chain — up to 5 referrals. Each response is shown under a Server N/M header so you can see which registry contributed which field.
• Parsed view — key/value pairs grouped logically (registrar, registrant, technical contact, nameservers, dates).
• Raw view — toggle to see the full text the server returned, exactly as sent.

Many registries redact registrant contact fields under GDPR. Expect REDACTED FOR PRIVACY on a lot of ccTLDs and .com/.net domains.

Tips

• Domain — the chain usually hits the registry (IANA → TLD registry → registrar) then stops.
• IP address — you'll hit a RIR (RIPE, ARIN, APNIC, LACNIC, AFRINIC). The inetnum / NetRange tells you the real network block.
• Freshness — WHOIS data is as stale as the last registry update. Creation/expiry dates are usually authoritative; contact info may lag.

GeoIP

Turns an IP into a physical location and network identity. Uses the DR-ONLINE geo-API; works for both IPv4 and IPv6.

• Address — country, country code, region/state, city, postcode, timezone.
• Network — ISP / organisation, AS number, ASN name.
• Coordinates — latitude and longitude, plotted on an interactive map (pin marker, zoom, rotation).

Accuracy varies. Cloud provider IPs, VPN exit nodes and mobile carriers often resolve to the operator's HQ, not the end user. Treat city-level data as a hint, not a fact.

Common uses

• Triage — abusive IP in your logs. Country + ISP tells you whether to block or negotiate.
• Latency mental model — if your traceroute stops in Frankfurt, DE and the target is in Sydney, AU, the remaining RTT budget is an ocean.
• CDN debugging — which edge node is answering? Cross-reference with DNS propagation.

SSL / TLS certificate

Connects to a host on a TCP port, completes the TLS handshake, and lays out the certificate chain the server presented. Read-only — no bytes are written after the handshake.

• Host — hostname or IP.
• Port — default 443. Use 465 for SMTPS, 636 for LDAPS, 993 for IMAPS, 5671 for AMQPS, etc.
• Chain — every certificate the server sent, from leaf up. Each entry shows:
  • Subject (CN and full DN).
  • Issuer (who signed it).
  • Validity (Not Before, Not After) — with a clear expiry warning if close or past.
  • Serial number.
  • Signature algorithm (e.g. sha256WithRSAEncryption, ecdsa-with-SHA384).
  • Public key — algorithm and bit length.
  • Fingerprints — SHA-1 and SHA-256.
  • Subject Alternative Names (SAN) — every DNS name / IP the cert is valid for.
  • Key usage, extended key usage (server auth, client auth, code signing…).
  • HPKP pins (if set), OCSP responder URL, CRL distribution points.

The overall result is coloured: TRUSTED (green) if the chain validates against the system trust store, NOT TRUSTED (amber) if it completes but doesn't chain to a known root, FAILED (red) if the handshake didn't complete.

Self-signed and internal-CA certs will show as NOT TRUSTED. That's not a bug — it means your local system doesn't have the CA in its trust store. Install it separately if you want green.

DNS propagation

Queries the same domain against ~45 public resolvers worldwide and compares the answers. When you've just changed an A record, this tells you how far the update has travelled.

• Domain — the name to resolve (A record only).
• Per-server result — provider name, IP of the resolver, flag, resolved address. A spinner while in progress, a red cross on timeout/error.
• Map — each responder is plotted by approximate location; matching answers cluster colour-coded.
• Resolvers — Google, Cloudflare, Quad9, OpenDNS, Yandex, 114DNS, Comodo, AdGuard, CleanBrowsing, Neustar, Verisign, DNS.WATCH, AliDNS, DNSPod, Baidu, 360 Secure, CNNIC, Hurricane, puntCAT, Censurfridns, UncensoredDNS, DNS.SB, Nawala, SafeDNS, CIRA Shield, Dyn, Alternate DNS — across US, EU, APAC, South America.

The tool times out any individual resolver at 5 seconds — stuck queries don't block the rest.

Free tier allows one full sweep per install; subsequent runs require PRO. This keeps the public resolvers from being hammered by the app.

Common uses

• After a DNS change — verify TTL-driven rollout across continents.
• Different answers for the same domain — a red flag: split-horizon, DNS hijacking, or regional GeoDNS working as intended. Check TTLs.
• Timeouts from one cluster — that provider is down, not your domain.