IP Address Scrubber

Strip IPv4 and IPv6 addresses from logs before AI analysis

Paste server logs or network data and automatically detect and replace every IPv4 and IPv6 address with anonymized placeholders — preserving log structure for AI analysis without exposing user IP addresses, entirely in your browser. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What does it detect?

Both IPv4 addresses (validated, dotted-quad) and IPv6 addresses including compressed forms. Each is replaced with a bracketed placeholder so the log structure stays intact.

Why scrub IP addresses before AI analysis?

Server logs are gold for AI-assisted debugging — and full of personal data. Under the GDPR and most modern privacy frameworks, IP addresses are classified as personal data because they can identify a specific individual or device. Pasting raw logs into a third-party AI model means those IP addresses leave your environment and may be stored or processed by the provider. The safe path is to anonymize first, analyze second.

This tool detects every IPv4 and IPv6 address in your pasted log text and replaces each one with a bracketed placeholder, entirely in your browser, before you paste the result into any AI tool.

How it works

Paste your logs and the tool runs two detection passes:

  • IPv4 detection uses a strictly validated pattern: each octet must be a number between 0 and 255, and the address must have exactly four parts. This prevents common false positives like software version strings (3.11.2) or timestamps (2024.01.15) from being caught.
  • IPv6 detection uses a broader pattern that covers compressed forms with :: and full eight-group addresses.

With consistent tokens enabled, each unique IP address maps to a stable numbered placeholder — [IPv4_1], [IPv4_2], [IPv6_1] and so on. This means the same source address always gets the same token throughout the log, so you can still correlate multiple requests from the same client during analysis. With consistent tokens off, every address becomes a flat [IPv4] or [IPv6] with no identity preserved.

A count of unique IPv4 and IPv6 addresses replaced confirms what was found in the text.

What gets replaced, and what does not

The scrubber targets IP address patterns specifically. Log lines like this:

192.168.1.45 - - [15/Jan/2024:10:23:01 +0000] "GET /api/users HTTP/1.1" 200 4521

become:

[IPv4_1] - - [15/Jan/2024:10:23:01 +0000] "GET /api/users HTTP/1.1" 200 4521

The timestamp, request method, status code, response size, and path are untouched. Only the IP address is replaced, keeping the log structure fully intact for analysis.

Consistent tokens vs. flat redaction: when to use each

ModeOutputUse when
Consistent tokens ON[IPv4_3] stable per addressYou need to track same-client requests
Consistent tokens OFF[IPv4] generic for every matchYou only care about log structure, not identity

For most debugging scenarios — finding a 500 error pattern, analyzing slow requests, understanding redirect chains — consistent tokens are more useful because they preserve the ability to say “these three requests came from the same user.”

Tips and notes

  • IPv4 is tightly validated. Octets must be 0–255, so version strings and most ordinary numbers are left alone.
  • Glance at IPv6 output. That pattern is intentionally broad — if your data has lots of colon-separated hex values for other purposes, confirm nothing benign was caught.
  • Nothing is uploaded. All pattern matching runs in your browser. Your log data never leaves your device.