WHOIS is a 40-year-old protocol that returns the registration record for any domain or IP address. It's how you find out who owns a website, when it was registered, where to report abuse, and which company runs an IP block. Here's how to actually use it.

Domain WHOIS vs IP WHOIS

• Domain WHOIS: registrant info for domain names (registrar, creation date, expiry, name servers, sometimes contact email).
• IP WHOIS: ownership info for IP blocks (organization, abuse contact, country, allocation date). Maintained by Regional Internet Registries — ARIN (North America), RIPE (Europe), APNIC (Asia-Pacific), LACNIC (Latin America), AFRINIC (Africa).

How to run a lookup

• Web: who.is, ARIN, RIPE
• Command line: whois example.com or whois 8.8.8.8 on Mac/Linux (also Windows via WSL or installed separately)

Why most fields say "redacted"

Since GDPR went into effect (2018), most personal contact info in domain WHOIS is redacted. You see the registrar and abuse contact, not the registrant's name or email. To reach the owner, the registrar offers a contact form. IP WHOIS is largely unaffected — corporate owners are still public.

What the abuse contact is for

Every IP block has a published abuse contact. If an IP is attacking you, scraping you, or sending spam, that's the address you email. Reputable ISPs investigate and shut down abusers. Less reputable ones ignore the report — often telling you which ISPs to avoid hosting on.

When to use it

• Investigating suspicious traffic in your server logs
• Confirming a domain isn't squatted before approaching the owner
• Reporting abuse, phishing, or spam
• Due diligence on a vendor or partner organization
• OSINT research on a target IP

Try it now

Curious what your IP is showing the world right now? Check your IP address & location instantly with our free tool — no signup, nothing stored. Or trace any other IP to see its geolocation, ISP, and network details.