Tools

Inspect A, AAAA, CNAME, MX, TXT, NS, SOA, CAA, PTR, and SRV records for any domain, with response codes and TTLs, from your browser.

Check whether an email address appears in known public breaches. Uses XposedOrNot breach data; the email is never logged by this site.

Find the mail exchangers for a domain, sorted by preference, with TTL. Useful for verifying MX records after a DNS change or diagnosing mail delivery issues.

Check where a username is registered across ~35 social, coding, gaming, and media sites. Useful for OSINT, brand-name recon, and privacy audits.

Find and parse a domain's BIMI record. Shows the logo URL, Verified Mark Certificate, and previews the SVG as mail clients will render it.

Check an IP address or domain against 15+ reputable DNS-based blacklists in parallel. Identifies listings that may affect mail deliverability.

Find and interpret CAA (Certification Authority Authorization) records. Walks the DNS tree to show which CA is allowed to issue certs for a domain.

Find every TLS certificate ever issued for a domain. Query the public CT logs via crt.sh to discover forgotten subdomains and unauthorized issuance.

Expand an IPv4 CIDR block into its network address, broadcast, netmask, wildcard, usable host range, and total address count.

Fetch a DKIM public key from DNS by selector and domain. Detects revoked keys and parses tags like version, key type, and flags.

Fetch and parse the DMARC policy for a domain. Explains each tag and flags common weaknesses like monitor-only mode, missing reports, or sub-100 pct.

Check whether a domain is DNSSEC-signed. Shows DS and DNSKEY records, algorithm and digest type, and whether the resolver returned an authenticated (AD) response.

Paste raw email headers to trace the delivery path, check SPF/DKIM/DMARC authentication, and spot delays between MTAs.

Compute SHA-1, SHA-256, SHA-384, and SHA-512 of any text. Runs entirely in the browser via the Web Crypto API — your input never leaves the device.

Fetch a URL and display the response headers, status, redirects, and timing. Highlights missing common security headers (HSTS, CSP, X-Frame-Options, etc.).

GeoIP, ASN, ISP, reverse DNS, and allocation info for any IPv4 or IPv6 address. Leave blank to look up your own IP.

Decode the header and payload of a JSON Web Token. Shows claims, expiration status, and kid/alg — all in the browser. Signatures are not verified.

Check whether a domain publishes MTA-STS — the policy that forces TLS on incoming SMTP and prevents opportunistic-TLS downgrade attacks.

Resolve an IPv4 or IPv6 address back to its PTR record. Useful for mail deliverability and sanity-checking what a remote IP claims to be.

Find and parse the SPF (Sender Policy Framework) record for a domain. Explains each mechanism and flags common misconfigurations like +all or over-10 DNS lookups.

Convert between Unix epoch (seconds and milliseconds), ISO 8601, RFC 2822, and your local timezone. Accepts "now" and relative formats.

Check the SMTP TLS Reporting record (RFC 8460) for a domain. Verifies where TLS failure reports from sending MTAs are delivered.

Registrar info, registration dates, nameservers, and status for a domain, plus allocation and ASN data for an IP. Uses RDAP — the modern JSON-based replacement for WHOIS.