“WhoIs” this IP

IP WHOIS shows which organization (network) is responsible for an IP address range. It typically includes the network name, range/CIDR, country, registration details, and contacts (often via RDAP).

Common uses include identifying the ISP/cloud/VPN that owns an IP, investigating abuse reports (spam, scanning, attacks), troubleshooting routing/network issues, and finding the correct abuse/technical contact for a network.

Those are the Regional Internet Registries (RIRs). Different parts of the world use different RIRs. A lookup may start at one registry and refer you to another depending on where the IP block is registered.

RDAP (Registration Data Access Protocol) is the modern, structured replacement for legacy WHOIS text. It’s a standard HTTPS API used by registries to publish registration data for IP ranges and ASNs.

They describe the block of IP addresses the result applies to. NetRange is a start–end range, while CIDR is a compact prefix notation (for example 203.0.113.0/24).

These fields identify the organization or network object that owns/operates the IP block (an ISP, cloud provider, enterprise, or sometimes a VPN). “Handle” is often an internal identifier used by the registry.

They are the preferred contacts for reporting abuse (spam/attacks) or network issues. For many large providers, the best route is the listed abuse email or an online abuse portal.

Not always. Data can be outdated, privacy/redaction policies may hide details, and IPs behind VPNs, CGNAT, or cloud services may reflect the provider’s network rather than an end user.