IP Cow logo IP Cow

Privacy-first IP, DNS & email tools · 20+ years of serving your IP

Privacy-first · no login required

What's my IP—and a whole fleet of tools that don't phone home.

For 20+ years, IP Cow answered one question. Now it answers a hundred—IP, DNS, email checks on our own infrastructure.
No ads, no trackers, no big-tech APIs.

Your public IP

IPv4

IPv6

Resolved on IP Cow infrastructure — your IP is never sent to a third party.

More info
Browse all tools Pricing & monitoring
  • No trackers
  • Quad9 by default
  • Self-hosted
  • No Google / Microsoft / Apple

The toolkit

See all →

IP

IP free

What's My IP

Your public IPv4/IPv6 and the request headers that matter — no third parties involved.
IP free

Command-Line IP

Your public IP as plain text — curl checkip.ipcow.com. Force IPv4/IPv6 with -4/-6, or add ?json. Built for scripts.
IP free

CIDR Calculator

Network, broadcast, mask, wildcard, host range and counts for any IPv4/IPv6 CIDR.
IP free

IP Range → CIDR

Convert an inclusive IP range into the minimal set of CIDR blocks.
IP free

IP Geolocation

Approximate location and network (ISP / ASN) for any IP — from self-hosted GeoLite2, never a third-party API.

Network

Network free

Ping

ICMP round-trip time to a host, measured from our IPv4 and IPv6 probes.
Network free

Port Check

Test whether a TCP port is open and how fast it connects — over IPv4 and IPv6.
Network free

HTTP Check

Fetch a URL from our probes and report status, redirects and response time per stack.
Network free

HTTP Headers

Fetch a URL, follow the redirect chain, and inspect every response header — with the security headers (HSTS, CSP, X-Frame-Options…) called out.
Network free

SMTP Banner

Connect to a mail server and read its SMTP banner — mostly an IPv4 story.
Network free

SSL Certificate

Inspect a host's TLS certificate — issuer, validity dates, days to expiry, SANs and chain — over IPv4 and IPv6.
Network free

Traceroute

Trace the network path to a host hop by hop — measured from our IPv4 and IPv6 probes.

Diagnostics

Diagnostics free

Speed Test

Download, upload and latency to our IPv4 and IPv6 servers — no Flash, no ads.
Diagnostics free

WebSocket Test

Check whether your network allows WebSocket connections — some proxies and firewalls block them.
Diagnostics free

Sound Test

Play test tones to check your speakers and headphones — left, right and both channels.
Diagnostics free

Webcam Test

Preview your camera and confirm it works — nothing ever leaves your browser.

DNS

DNS free

DNS Lookup

Resolve A, AAAA, CNAME, MX, TXT, NS, SOA, CAA or SRV records via Quad9.
DNS free

Reverse DNS (PTR)

Find the PTR record(s) an IP address resolves back to.
DNS free

DNSSEC Check

Is the domain DNSSEC-signed and validating? Shows the DNSKEY/DS chain and the resolver's authenticated-data flag.
DNS free

DNS Propagation

Query a record across Quad9, Cloudflare, Mullvad and AdGuard and see whether they agree — handy after a DNS change.
DNS free

CAA Check

See which certificate authorities are authorized to issue for a domain.
DNS free

AAAA Lookup

Resolve a domain's IPv6 (AAAA) address records.
DNS free

CNAME Lookup

Resolve a host's CNAME alias and the chain it points to.
DNS free

NS Lookup

List the authoritative nameservers a domain is delegated to.
DNS free

TXT Lookup

Fetch a domain's TXT records — SPF, verification tokens and free-form text.
DNS free

SOA Lookup

Read a zone's SOA record — primary NS, contact, serial and refresh/retry/expiry timers.
DNS free

SRV Lookup

Resolve an SRV service record — priority, weight, port and target host.
DNS free

DS Lookup

The DS (delegation signer) records that link a zone to its parent in the DNSSEC chain.
DNS free

DNSKEY Lookup

The DNSKEY records (ZSK/KSK, with key tags) a zone publishes for DNSSEC.
DNS free

DNS Check

A one-shot overview of a domain's core records (A, AAAA, MX, NS, TXT, SOA, CAA) plus its DNSSEC status.
DNS free

LOC Lookup

Resolve a DNS LOC record — the latitude, longitude and altitude published for a name.
DNS free

CERT Lookup

Fetch CERT records — certificates or CRLs stored in DNS (PKIX, PGP, SPKI…).
DNS free

IPSECKEY Lookup

Resolve IPSECKEY records — the IPsec public key and gateway published for a host.
DNS free

RRSIG Lookup

The RRSIG signatures over a name — each DNSSEC signature, its validity window and signer.
DNS free

NSEC Lookup

The NSEC record — the authenticated next name and the record types that exist (DNSSEC).
DNS free

NSEC3PARAM Lookup

The NSEC3PARAM record — the hash, iterations and salt for a zone’s NSEC3 chain (DNSSEC).

Email

Email free

Blacklist Check

Sweep an IP across a curated set of major DNS blacklists (RBLs) at once — see exactly which ones list it.
Email free

MX Lookup

List a domain’s mail exchangers in preference order.
Email free

SPF Check

Parse SPF and count DNS lookups against the RFC 7208 limit of 10 — the one that catches everyone.
Email free

DMARC Check

Resolve and validate the DMARC policy at _dmarc.<domain>.
Email free

DKIM Lookup

Fetch a DKIM public key by selector and flag weak keys.
Email free

MTA-STS Check

A domain's SMTP TLS posture — the MTA-STS policy (mode, MX, max_age) and the TLS-RPT reporting record.
Email free

BIMI Lookup

Find a domain's BIMI brand-logo record and its Verified Mark Certificate (VMC).
Email free

Email Deliverability

MX, SPF, DMARC and MTA-STS in one shot — the whole inbound-email posture, with problems flagged.

AI

AI free

LLMs.txt Lookup

Check whether a site publishes /llms.txt — curated, model-friendly docs for LLMs.
AI free

Robots.txt LLM Policy

See how a site's robots.txt treats AI crawlers — GPTBot, ClaudeBot, Google-Extended and more.

Privacy

Privacy free

Send a Secret

Share a password or note as a one-time, end-to-end-encrypted link. We only store ciphertext — the key never leaves your browser.

RDAP

RDAP free

RDAP / IP Whois

Owning org, network range and abuse contact for an IP, straight from the RIRs.
RDAP free

RDAP / Domain Whois

Registrar, status, nameservers, DNSSEC and expiry for a domain.
RDAP free

ASN Lookup

Find the autonomous system (AS number, name and BGP prefix) announcing an IP — resolved over Team Cymru DNS, no whois API.

FAQs

The questions we get asked the most and their answers.

What is IP Cow?

IP Cow (ipcow.com) has answered one question since 2005: what's my IP address? Two decades later, it's grown into a whole privacy-first toolkit—IP, DNS, email, and RDAP checks plus connection tests—with a new promise: no login, no ads, no tracking. And yes, there's a cow.

What about analytics watching me?

Nothing on IP Cow watches you. We run no identifying analytics, no advertising networks, no fingerprinting, and no third-party scripts, fonts, or trackers from Google, Microsoft, Apple, or any other Big Tech.

The tools—including the What's-My-IP widget—talk only to our own endpoints. We don't collect data from you, so we can't ever sell or share your data. If you create an account on IP Cow, all of your data is encrypted. We don't have the keys—your password is the key. Requests may appear briefly in operational server logs used purely to keep the service running and secure. They're short-lived, never tied to your identity, and only stored in your encrypted store if you opt-in. See the privacy policy for the full picture.

Is privacy really the default?

Privacy is the default, not a setting. No accounts, no ad networks, no big-tech round-trips — just fast, honest tooling. There's nothing to opt out of, because there's nothing collecting you in the first place: no analytics that identify you, no fingerprinting, and the What's-My-IP widget talks only to our own endpoint.

Where are your servers — and why Germany?

Every IP Cow server runs on Hetzner infrastructure in Germany (Falkenstein). That's a deliberate choice, not an accident of convenience.

We host in Germany specifically for its privacy-protection laws. The EU GDPR and Germany's own Federal Data Protection Act (BDSG) are among the strongest data-protection regimes in the world, and German jurisdiction keeps your traffic out of reach of laws like the US CLOUD Act. Combined with our no-tracking, no-third-party design, the legal floor matches the technical one — your lookups stay private by law as well as by architecture.

Do you depend on Google, Microsoft or Apple?

No—and that's deliberate. No big-tech dependency. DNS is resolved over Quad9, RDAP comes straight from the regional registries, and geolocation runs on self-hosted GeoLite2. Nothing is quietly routed through Google, Microsoft, or Apple, and there are no third-party scripts, fonts, or CDNs.

How does DNS lookup work?

You enter a domain and pick a record type. Our server then performs the query over DNS-over-HTTPS (RFC 8484): it encodes the question into the binary DNS wireformat, sends it to a privacy-first resolver, and decodes the wireformat response itself — there is no third-party "lookup API" in the middle that could log your query.

The result you see (A, AAAA, MX, TXT, CAA and friends) is parsed from that raw answer and returned as clean JSON. The same core code runs the website and the API, so what you see in the browser is exactly what an automated call gets.

What DNS resolver is used?

By default, Quad9 — a Swiss non-profit, privacy-first resolver that blocks known-malicious domains and does not log the data that would identify you. We talk to it over encrypted DoH, never plain UDP port 53.

If Quad9 is briefly unreachable, we fall back to Cloudflare DNS so your lookup still completes. Your queries are never routed through Google, Microsoft, or Apple, and never through an ad-tech company.

Can I use the tools from the command line or in scripts?

Yes — IP Cow is built to be automated. Every tool has a clean JSON endpoint and a copy-paste curl recipe, so the checks you run by hand drop straight into a script.

For your IP specifically, checkip.ipcow.com returns it as plain text — curl checkip.ipcow.com, with -4 or -6 to force a stack. Metered API access and monitoring subscriptions are on the way.