# IPinfo MCP

> IPinfo provides instant deep intelligence on IP addresses. Your AI client can instantly map an IP to its precise location, determine network ownership details (ASN), and retrieve full WHOIS records for organizations or networks. It also lets you check which domains are hosted on a specific IP, making it essential for security analysis and traffic pattern mapping.

## Overview
- **Category:** security-compliance
- **Price:** Free
- **Tags:** ip-lookup, geolocation, asn, whois, threat-intelligence

## Description

When your agent needs to figure out where an IP address belongs, this MCP delivers instant intelligence. Instead of manually checking multiple databases—one for geography, another for ownership, and yet another for domain records—you send the IP, and the data comes back enriched. You can get precise city, region, and country details instantly. Need to know who owns a large block of IPs? It identifies Autonomous System numbers and associated ranges. The agent also pulls full WHOIS reports detailing network owners or specific points of contact. Furthermore, you can enrich massive sets of IP addresses at once, handling up to 1,000 in one go. If you're building automated security checks, this MCP gives your client the deep visibility it needs, all connected easily through Vinkius.

## Tools

### get_asn
Retrieves details about a specific Autonomous System (ASN) using its number or prefix.

### batch_enrich_ips
Enriches and pulls detailed intelligence for up to 1,000 IP addresses at once.

### get_hosted_domains
Lists specific domains that are known to be hosted on a particular IP address.

### get_enterprise_ip
Retrieves advanced, enterprise-level intelligence data for an IP address.

### get_lite_ip
Fetches basic geographic and network details for a standard IP address lookup.

### get_lookup_ip
Performs comprehensive core IP lookups, providing detailed location and carrier information.

### get_ranges
Finds all associated IP ranges linked back to a specific domain name.

### get_whois_net
Gets WHOIS data specifically for an entire network range or block of IPs.

### get_whois_org
Retrieves official WHOIS records detailing the owning organization associated with an IP.

### get_whois_poc
Fetches WHOIS data focused on a specific point of contact for an IP address.

## Prompt Examples

**Prompt:** 
```
Lookup the location and carrier details for IP 8.8.8.8.
```

**Response:** 
```
I've retrieved the data for 8.8.8.8 using `get_lookup_ip`. It is located in Mountain View, California, United States. The carrier is Google LLC and it is associated with AS15169.
```

**Prompt:** 
```
What domains are currently hosted on the IP 1.1.1.1?
```

**Response:** 
```
Using `get_hosted_domains`, I found several domains hosted on 1.1.1.1, including 'one.one.one.one', 'cloudflare-dns.com', and 'cloudflare.com'. Would you like to see more results from the next page?
```

**Prompt:** 
```
Get the IP ranges for the domain microsoft.com.
```

**Response:** 
```
I've queried `get_ranges` for microsoft.com. I found multiple IP ranges associated with this domain, such as 20.112.52.0/24 and 20.103.85.0/24. These belong to Microsoft Corporation (AS8075).
```

## Capabilities

### Determine IP location and carrier details
Fetch detailed geographic data, including city, country, and carrier information for any given IP address.

### Check network ownership and ranges
Look up Autonomous System (ASN) details or gather all associated IP ranges linked to a specific domain name.

### Analyze organization and network records
Retrieve comprehensive WHOIS data covering the entire network, owning organization, or point of contact.

### Reverse lookup hosted domains
Discover which web domains are registered to use a particular IP address.

### Process large batches of IPs
Enrich multiple IP addresses simultaneously, supporting high-volume data analysis.

## Use Cases

### Investigating suspicious web traffic
A security analyst gets an unusual IP address from a firewall log. Instead of running three separate manual checks (GeoIP service, WHOIS lookup, ASN check), they ask their agent to use `get_lookup_ip` and `get_whois_org`. The resulting data immediately flags the location as suspicious and identifies the corporate owner.

### Analyzing API usage logs
A data analyst receives a massive log file of user IP addresses. They feed this list to their agent, which uses `batch_enrich_ips` to instantly map every single entry to a country and carrier detail. This allows them to build accurate regional revenue models.

### Debugging domain conflicts
A DevOps engineer finds an IP address used by multiple, unrelated services. They ask the agent to use `get_hosted_domains`. The MCP instantly lists every single domain name that has ever been associated with that problematic IP.

### Validating network boundaries
A team setting up a new internal service needs to know if their chosen IP range is already in use by another major entity. They run `get_ranges` against the target domain, confirming which specific blocks of IPs are legally associated with it.

## Benefits

- Instant threat identification: Instead of guessing an IP's origin during an incident, you get immediate details on its geographic source and carrier using lookups like `get_lookup_ip`.
- Scale your analysis with batch processing. Use `batch_enrich_ips` to process hundreds of IPs in a single request, making large log file reviews feasible for the first time.
- Pinpoint domain hosting: Need to know which websites share an IP? The `get_hosted_domains` tool runs a reverse lookup, telling you exactly what domains are tied to that address.
- Understand organizational structure: You can use `get_whois_org` and `get_whois_net` to trace ownership back to the core corporation or network owner, bypassing simple domain checks.
- Verify infrastructure boundaries: When planning a new service, use `get_ranges` to find all official IP ranges associated with a key domain, ensuring you don't overlap resources.

## How It Works

The bottom line is that it turns complex, multi-database investigations into a single conversational query.

1. First, you connect this MCP to your preferred AI client and input your unique access token.
2. Next, you ask your agent to check an IP address or a list of IPs for specific data points, like location or ownership.
3. Finally, the client executes the necessary lookup tools and returns structured, enriched data directly to your workflow.

## Frequently Asked Questions

**How does the IPinfo MCP handle large numbers of IPs?**
It uses the `batch_enrich_ips` tool. This allows you to send up to 1,000 IP addresses in a single request, making it highly efficient for analyzing massive log files.

**What is the difference between `get_whois_net` and `get_whois_org`?**
`get_whois_net` provides details about an entire network range, showing who controls the block of IPs. `get_whois_org` focuses specifically on the corporate or organizational owner.

**Can I find out what domains are using a specific IP?**
Yes, use the `get_hosted_domains` tool. This performs a reverse lookup to list every domain name that has been associated with that particular IP address.

**Is this MCP useful for general traffic analysis?**
Absolutely. You can enrich user logs using `get_lookup_ip` to map raw IPs to precise geographic details, which is crucial for accurate regional pattern recognition.

**Does IPinfo help verify network ranges?**
Yes, the `get_ranges` tool finds all official and associated IP ranges linked to a given domain name, helping you confirm infrastructure boundaries.