RDAP Lookup — IP, ASN & Domain Registration Data
Find out who an IP address, ASN or domain is registered to — netblock ranges, abuse contacts, nameservers and status flags, straight from the registry RDAP services.
For example, try 8.8.8.8 or AS13335.
What is an RDAP lookup?
An RDAP lookup queries the Registration Data Access Protocol — the modern successor to WHOIS — for the official registration data behind an internet resource. For an IP address, that's the netblock it belongs to, the organization it was allocated to, the responsible RIR, the country, and the abuse contact. For an ASN (autonomous system number), it's the network operator behind that routing identity. For a domain, it's the registrar, registration and expiry events, status flags and nameservers.
Unlike WHOIS, RDAP responses are structured JSON served over HTTPS by the registries themselves, so the data is authoritative, machine-readable and consistent across registries.
How to use this tool
- Enter a query — an IPv4 or IPv6 address (
8.8.8.8), an ASN (AS13335), or a domain (example.com). The type is detected automatically. - Select "Lookup". We route the query to the right registry RDAP service — the IANA bootstrap decides which RIR or domain registry is authoritative.
- Read the result. You'll see the registered handle and name, the RIR, the IP or ASN range, status flags, registration events, contacts (with the abuse contact highlighted) and the raw JSON.
What RDAP data is useful for
- Abuse reporting: find the abuse contact for the network behind a malicious IP — the single most common RDAP use case.
- Incident response: identify who operates the address space showing up in your logs, and which country and RIR it belongs to.
- Network debugging: confirm which organization announces a range, and whether an IP moved to a new owner.
- Domain due diligence: check a domain's registrar, status flags (e.g.
clientTransferProhibited) and registration dates.
Frequently asked questions
What is RDAP?
RDAP (Registration Data Access Protocol) is the modern, standardized replacement for WHOIS. It returns registration data for IP addresses, ASNs and domains as structured JSON over HTTPS, served directly by the registries themselves — the five Regional Internet Registries for IP space and the domain registries for domain names.
How is RDAP different from WHOIS?
WHOIS is a 1980s plain-text protocol with no standard format — every registry prints its data differently, which makes it hard to parse reliably. RDAP returns the same registration data as structured JSON with consistent field names, supports HTTPS, redirects you to the authoritative registry automatically, and handles internationalized names properly. ICANN has been sunsetting WHOIS in favor of RDAP since 2019.
What are RIRs?
Regional Internet Registries are the five organizations that allocate IP addresses and ASNs worldwide: ARIN (North America), RIPE NCC (Europe, Middle East, Central Asia), APNIC (Asia-Pacific), LACNIC (Latin America, Caribbean) and AFRINIC (Africa). Every public IP address belongs to a range allocated by exactly one RIR — an RDAP lookup tells you which one, and who the range was allocated to.
Can I look up any IP address?
Any public IPv4 or IPv6 address, yes — every routable address belongs to an RIR-registered range. Private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7) and other special-use blocks are not allocated to anyone, so they return no meaningful registration data.
Why is registrant contact data missing or redacted?
Privacy law — mostly GDPR. Since 2018, domain registries redact personal registrant details from public output, and many IP-range contacts are role accounts rather than people. Abuse contacts are the exception: registries keep those public on purpose, so abuse reporting keeps working. This tool highlights the abuse contact for exactly that reason.
Are there rate limits?
The upstream registries rate-limit aggressive clients, and this tool applies its own fair-use limits and caches recent answers to stay well within them. Registration data changes rarely, so a cached response from the last few hours is virtually always identical to a live one.
Related tools
- DNS lookup — see all records for any domain
- Reverse DNS lookup — find the hostname behind an IP
- Website hosting checker — who hosts a website
- DNS propagation checker — watch record changes spread worldwide
- DNS health report — audit a domain's DNS configuration
Know when registration data changes
A quietly transferred netblock or a changed abuse contact can be the first sign of a hijack. Monitor IP ranges and ASNs for RDAP changes and get alerted the moment ownership data moves.
Monitor registration data