IP WHOIS
developer/v1/ip/whoisReturns comprehensive WHOIS/RDAP registration data for an IP address. Includes the owning organization, allocated IP range (start, end, CIDR), network name and handle, registration and last-changed dates, Regional Internet Registry (ARIN, RIPE, APNIC, LACNIC, AFRINIC), RDAP status codes, and all contacts — including abuse, administrative, registrant, and technical roles — each with name, email, phone, and organization. Also detects bogon (reserved/private) addresses. Results are cached for 1 hour.
What It Does
Queries the appropriate Regional Internet Registry (RIR) RDAP endpoint to retrieve IP allocation data. Uses the IANA RDAP bootstrap (RFC 9224) to automatically route queries to the correct RIR. Parses the full RDAP entity tree to extract all contacts by role (abuse, administrative, registrant, technical) with details from jCard/vCard data (name, email, phone, organization). Returns the allocated IP range in CIDR notation, network name, RDAP handle, registration and update dates, RIR source, and RDAP status codes. Short-circuits for bogon/reserved IPs without external API calls.
Why It's Useful
IP WHOIS data is critical for incident response, threat attribution, abuse reporting, and due diligence. During security incidents, responders need to quickly identify who operates an attacking IP and find the abuse contact to report malicious activity. This endpoint is the single source for IP registration data and abuse contact information, replacing the need for separate lookups. For compliance, verifying IP ownership confirms vendor and partner infrastructure claims.
Use Cases
Incident Response & Attribution
During an active security incident, quickly identify the organization, ISP, or cloud provider operating the attacking IPs to coordinate takedown and notify the responsible party.
Immediate attribution and contact information for rapid incident containment and coordinated response.
Abuse Report Filing
Identify the registered organization and correct RIR for malicious IP traffic to file properly formatted abuse reports with the responsible network operator.
Route abuse reports to the correct organization with proper registry reference for faster resolution.
Vendor & Infrastructure Verification
Verify that IP addresses used by vendors, partners, or third-party services are actually registered to the claimed organizations as part of vendor due diligence.
Confirm infrastructure ownership claims and detect potential supply chain risks through IP registration verification.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
ip | string | Required | The IPv4 or IPv6 address to query WHOIS data forExample: 8.8.8.8 |
Response Fields
| Field | Type | Description |
|---|---|---|
ip | string | The queried IP address |
range.start_address | string | Start of allocated IP range |
range.end_address | string | End of allocated IP range |
range.cidr | string | CIDR notation of the allocation |
name | string | Network name from RDAP |
handle | string | RDAP registration handle |
organization | string | Registered organization name |
registration_date | string | When the range was allocated |
last_changed | string | Last update date of the registration |
rir | string | Regional Internet Registry: ARIN, RIPE, APNIC, LACNIC, or AFRINIC |
status | array | RDAP status codes (e.g., active, reserved) |
contacts | array | All contacts (abuse, administrative, registrant, technical) — each with role, name, email, phone, and organization |
contacts_truncated | boolean | Whether the contacts list was truncated (max 50 contacts) |
is_bogon | boolean | Whether the IP is a bogon (reserved/private) address |
bogon_type | string | Bogon classification (e.g., rfc1918_private, rfc5737_documentation) |
Code Examples
curl "https://api.edgedns.dev/v1/ip/whois" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "ip=8.8.8.8"const response = await fetch(
'https://api.edgedns.dev/v1/ip/whois?ip=8.8.8.8',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/ip/whois',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'ip': '8.8.8.8'
}
)
data = response.json()
print(data)Read the full IP WHOIS guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.