Skip to main content

Whois IP Lookup

Identify the owner of any IP address

Need to know who owns an IP address? Enter an IPv4 or IPv6 and instantly get the owning organization, country, network range, and abuse contacts.

IPv4 and IPv6

Works with both address formats. Identify legacy addresses and new IPv6 allocations alike.

Global registries

Automatic queries to RIPE, ARIN, APNIC, LACNIC, and AFRINIC based on the IP range searched.

Abuse contact

Quickly find the abuse email to report spam, attacks, or suspicious behavior from this IP.

CIDR range

View the complete network block assigned to the organization. Useful for firewall rules.

100% free

No registration required. Perform as many Whois lookups as needed without limits.

What is IP Whois lookup used for?

IP Whois helps identify the organization responsible for an IP address and find the right contacts when needed.

Common use cases:

  • Abuse reporting: Find the abuse email to report spam, DDoS attacks, or port scanning
  • Security investigation: Identify the source of suspicious connections in your logs
  • Firewall configuration: Get the complete CIDR range to block or allow a network
  • Partner verification: Confirm that a vendor's IP actually belongs to their organization

How to interpret Whois results

Organization and Netname

The organization field shows the legal entity that owns the IP block. The netname is the technical identifier for the network range.

Examples:

  • Google LLC → Block owned by Google
  • OVH SAS → Server hosted at OVH
  • CLOUDFLARENET → IP behind Cloudflare CDN

CIDR Range and Netrange

The CIDR range (e.g., 203.0.113.0/24) defines the allocated address block. The netrange shows the first and last address of the block.

Usage:

# Block entire range on Linux firewall
iptables -A INPUT -s 203.0.113.0/24 -j DROP

Contacts (abuse, admin, tech)

  • abuse-mailbox: Email to report abuse (spam, attacks, etc.)
  • admin-c: Administrative contact for the organization
  • tech-c: Technical contact for network questions

The 5 Regional Internet Registries (RIR)

IP addresses are managed by 5 regional registries that delegate blocks to operators and organizations:

RegistryRegionExample range
RIPE NCCEurope, Middle East, Central Asia193.0.0.0/8
ARINNorth America74.0.0.0/8
APNICAsia-Pacific1.0.0.0/8
LACNICLatin America, Caribbean200.0.0.0/8
AFRINICAfrica41.0.0.0/8

The tool automatically identifies the correct registry based on the IP address searched.

Limitations of IP Whois

What Whois does NOT show

  • End user: Behind a residential IP, Whois shows the ISP, not the subscriber
  • Exact location: The country shown is the organization's, not the physical server's
  • Real-time activity: Whois describes ownership, not current BGP state or routing

Potentially outdated data

Whois databases are updated by the organizations themselves. Some information may be dated. When in doubt, cross-reference with RDAP (modern standardized format).

FAQ - Frequently asked questions

Q: What's the difference between domain Whois and IP Whois?

A: Domain Whois identifies the owner of a domain name and its registrar. IP Whois identifies the organization that owns a block of IP addresses and the network operator responsible.

Q: How do I find the abuse contact for an IP address?

A: Perform a Whois lookup on the IP. In the results, look for the 'abuse-mailbox' or 'abuse-c' field. This is the email dedicated to reporting abuse.

Q: Why is some Whois information hidden?

A: Some organizations use privacy protection services. Cloud operators and CDNs often hide their end customers' details for privacy reasons.

Q: How can I tell if an IP belongs to a VPN or proxy?

A: Look for the organization name in the Whois results. Known VPN providers typically appear in the organization or netname field.

Complementary tools

ToolPurpose
Reverse DNS (PTR)Find the hostname associated with an IP
My IP AddressDisplay your current public IP
Netmask CalculatorCalculate network ranges and masks

Useful resources