Loading
Loading
Every IP address on the internet is registered with one of five Regional Internet Registries: ARIN, RIPE NCC, APNIC, LACNIC, or AFRINIC. The IP WHOIS Lookup API queries those registries directly and returns the full registration record for any IPv4 or IPv6 address in a single REST call — who owns the IP block, what CIDR range it belongs to, the registered organization, and the abuse contacts you need when investigating suspicious traffic.
Manual WHOIS queries are slow, inconsistently formatted across registries, and impossible to automate at scale. This API gives you structured JSON and raw WHOIS text in the same response, so you can parse the fields your application needs and still retain the original registry output for audit or compliance workflows.
inet_nums array gives you everything needed to identify the owning block and push a netblock-level firewall rule without a second lookup.organization object returns the legal name, physical address, country, and registry handle of the entity responsible for the IP block. Separate technical_contacts and abuse_contacts arrays give you the email addresses and phone numbers to use when filing network abuse reports — the contacts your abuse reporting workflow actually needs.whois_raw_response — exactly as returned by the source registry server. Use the structured data for programmatic workflows; use the raw output for audit logs, compliance documentation, or ML pipelines that need to parse their own field formats.ip parameter. The API identifies the responsible registry, queries it in real time, and returns the same structured response format for both address families. No separate endpoints, no configuration changes.abuse_contacts[].email directly from the registry — the registered address for network abuse reports, not a generic contact form. Pull the IP, extract the contact, and file the report without leaving your toolchain. Security operations teams use this to close the abuse loop on incidents in seconds.inet_nums object gives you the full CIDR range the IP belongs to, so you can push a block rule that covers the entire registered allocation. Pair this with the ASN Lookup API to trace the owning autonomous system and block at the routing level when the threat scope warrants it.organization object returns the legal name of the entity that owns the IP block — "Amazon Data Services," "DigitalOcean, LLC," "Cloudflare, Inc." — so you can flag at transaction time whether a request originates from a datacenter rather than a residential or business ISP. Combine this with the inet_nums.status field to identify direct allocations to known hosting providers and route those transactions to your fraud review queue without relying on third-party blocklists.organization.handle and parents[] fields to pivot from a single malicious IP to all registered IP blocks under common organizational ownership. The whois_raw_response preserves the full registry record for documentation and chain-of-custody requirements.$ pip install requestsimport requests
url = "https://api.apifreaks.com/v1.0/ip/whois/live?ip=8.8.8.8"
payload = {}
headers = {
'X-apiKey': 'API-KEY'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
Pass the ip parameter with any valid IPv4 address. The response identifies the responsible registry (whois_server), returns the full inet_nums block containing the CIDR range and network handle, and includes the organization and abuse_contacts objects for the registered owner.
{ "status": true, "ip_address": "8.8.8.8", "query_time": "2024-08-08 15:14:11", "whois_server": "whois.arin.net", "inet_nums": [ { "start_ip": "8.8.8.0", "end_ip": "8.8.8.255", "cidr": [ "8.8.8.0/24" ], "net_name": "GOGL", "net_handle": "NET-8-8-8-0-2", "status": "Direct Allocation", "organization": "Google LLC (GOGL)", "date_created": "2023-12-28", "date_updated": "2023-12-28", "source": "https://rdap.arin.net/registry/ip/8.8.8.0", "parents": [ "NET8 (NET-8-0-0-0-0)" ] } ], "organization": { "handle": "GOGL", "name": "Google LLC", "address": [ "1600 Amphitheatre Parkway", "Mountain View", "CA", "94043", "US" ], "street": "Amphitheatre Parkway", "city": "Mountain View", "state": "CA", "zip_code": "94043", "country": [ "US" ], "date_created": "2000-03-30", "date_updated": "2019-10-31", "source": "https://rdap.arin.net/registry/entity/GOGL" }, "technical_contacts": [ { "handle": "ZG39-ARIN", "name": "Google LLC", "email": [ "arin-contact@google.com" ], "phone": [ "+1-650-253-0000" ], "source": "https://rdap.arin.net/registry/entity/ZG39-ARIN" } ], "abuse_contacts": [ { "handle": "ABUSE5250-ARIN", "name": "Abuse", "email": [ "network-abuse@google.com" ], "phone": [ "+1-650-253-0000" ], "source": "https://rdap.arin.net/registry/entity/ABUSE5250-ARIN" } ], "whois_raw_response": "#\n# ARIN WHOIS data and services are subject to the Terms of Use\n# available at: https://www.arin.net/resources/registry/whois/tou/\n#\n# If you see inaccuracies in the results, please report at\n# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/\n#\n# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.\n#\n\n\nNetRange: 8.8.8.0 - 8.8.8.255\nCIDR: 8.8.8.0/24\nNetName: GOGL\nNetHandle: NET-8-8-8-0-2\nParent: NET8 (NET-8-0-0-0-0)\nNetType: Direct Allocation\nOriginAS: \nOrganization: Google LLC (GOGL)\nRegDate: 2023-12-28\nUpdated: 2023-12-28\nRef: https://rdap.arin.net/registry/ip/8.8.8.0\n\n\n\nOrgName: Google LLC\nOrgId: GOGL\nAddress: 1600 Amphitheatre Parkway\nCity: Mountain View\nStateProv: CA\nPostalCode: 94043\nCountry: US\nRegDate: 2000-03-30\nUpdated: 2019-10-31\nComment: Please note that the recommended way to file abuse complaints are located in the following links. \nComment: \nComment: To report abuse and illegal activity: https://www.google.com/contact/\nComment: \nComment: For legal requests: http://support.google.com/legal \nComment: \nComment: Regards, \nComment: The Google Team\nRef: https://rdap.arin.net/registry/entity/GOGL\n\n\nOrgTechHandle: ZG39-ARIN\nOrgTechName: Google LLC\nOrgTechPhone: +1-650-253-0000 \nOrgTechEmail: arin-contact@google.com\nOrgTechRef: https://rdap.arin.net/registry/entity/ZG39-ARIN\n\nOrgAbuseHandle: ABUSE5250-ARIN\nOrgAbuseName: Abuse\nOrgAbusePhone: +1-650-253-0000 \nOrgAbuseEmail: network-abuse@google.com\nOrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5250-ARIN\n\n\n#\n# ARIN WHOIS data and services are subject to the Terms of Use\n# available at: https://www.arin.net/resou... (line truncated to 2000 chars) }curl -X 'GET' 'https://api.apifreaks.com/v1.0/ip/whois/live?ip=8.8.8.8&apiKey=API-KEY'
IPv6 lookups use the same endpoint and parameter. The response format is identical to IPv4 — inet_nums, organization, technical_contacts, and abuse_contacts are all present. Pass the address URL-encoded when using curl.
{ "status": true, "ip_address": "2001:4860:4860::1", "query_time": "2024-08-08 15:27:56", "whois_server": "whois.arin.net", "inet_nums": [ { "start_ip": "2001:4860::", "end_ip": "2001:4860:ffff:ffff:ffff:ffff:ffff:ffff", "cidr": [ "2001:4860::/32" ], "net_name": "GOOGLE-IPV6", "net_handle": "NET6-2001-4860-1", "status": "Direct Allocation", "organization": "Google LLC (GOGL)", "date_created": "2005-03-14", "date_updated": "2012-02-24", "source": "https://rdap.arin.net/registry/ip/2001:4860::", "parents": [ "ARIN-004 (NET6-2001-4800-0)" ] } ], "organization": { "handle": "GOGL", "name": "Google LLC", "address": [ "1600 Amphitheatre Parkway", "Mountain View", "CA", "94043", "US" ], "street": "Amphitheatre Parkway", "city": "Mountain View", "state": "CA", "zip_code": "94043", "country": [ "US" ], "date_created": "2000-03-30", "date_updated": "2019-10-31", "source": "https://rdap.arin.net/registry/entity/GOGL" }, "technical_contacts": [ { "handle": "ZG39-ARIN", "name": "Google LLC", "email": [ "arin-contact@google.com" ], "phone": [ "+1-650-253-0000" ], "source": "https://rdap.arin.net/registry/entity/ZG39-ARIN" } ], "abuse_contacts": [ { "handle": "ABUSE5250-ARIN", "name": "Abuse", "email": [ "network-abuse@google.com" ], "phone": [ "+1-650-253-0000" ], "source": "https://rdap.arin.net/registry/entity/ABUSE5250-ARIN" }, { "handle": "ZG39-ARIN", "name": "Google LLC", "email": [ "arin-contact@google.com" ], "phone": [ "+1-650-253-0000" ], "source": "https://rdap.arin.net/registry/entity/ZG39-ARIN" } ], "whois_raw_response": "# # ARIN WHOIS data and services are subject to the Terms of Use\n# available at: https://www.arin.net/resources/registry/whois/tou/\n#\n# If you see inaccuracies in the results, please report at\n# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/\n#\n# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.\n#\n\n\nNetRange: 2001:4860:: - 2001:4860:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\nCIDR: 2001:4860::/32\nNetName: GOOGLE-IPV6\nNetHandle: NET6-2001-4860-1\nParent: ARIN-004 (NET6-2001-4800-0)\nNetType: Direct Allocation\nOriginAS: AS15169\nOrganization: Google LLC (GOGL)\nRegDate: 2005-03-14\nUpdated: 2012-02-24\nRef: https://rdap.arin.net/registry/ip/2001:4860::\n\n\n\nOrgName: Google LLC\nOrgId: GOGL\nAddress: 1600 Amphitheatre Parkway\nCity: Mountain View\nStateProv: CA\nPostalCode: 94043\nCountry: US\nRegDate: 2000-03-30\nUpdated: 2019-10-31\nComment: Please note that the recommended way to file abuse complaints are located in the following links. \nComment: \nComment: To report abuse and illegal activity: https://www.google.com/contact/\nComment: \nComment: For legal requests: http://support.google.com/legal \nComment: \nComment: Regards, \nComment: The Google Team\nRef: https://rdap.arin.net/registry/entity/GOGL\n\n\nOrgTechHandle: ZG39-ARIN\nOrgTechName: Google LLC\nOrgTechPhone: +1-650-253-0000 \nOrgTechEmail: arin-contact@google.com\nOrgTechRef: https://rdap.arin.net/registry/entity/ZG39-ARIN\n\nOrgAbuseHandle: ABUSE5250-ARIN\nOrgAbuseName: Abuse\nOrgAbusePhone: +1-650-253-0000 \nOrgAbuseEmail: network-abuse@google.com\nOrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5250-ARIN\n\nRTechHandle: ZG39-ARIN\nRTechName: Google LLC... (line truncated to 2000 chars) }curl -X 'GET' 'https://api.apifreaks.com/v1.0/ip/whois/live?ip=2001%3A4860%3A4860%3A%3A1&apiKey=API-KEY'
When investigating a flagged IP, you typically need the abuse contact directly. The abuse_contacts array contains the registered email address and phone number for the responsible network operator — the contacts the registry holds on record for abuse reporting.
import requests response = requests.get( "https://api.apifreaks.com/v1.0/ip/whois/live", params={"ip": "8.8.8.8", "apiKey": "YOUR_API_KEY"} ) data = response.json() for contact in data.get("abuse_contacts", []): print(f"Name: {contact['name']}") for email in contact.get("email", []): print(f"Email: {email}") for phone in contact.get("phone", []): print(f"Phone: {phone}")
# RESPONSE Name: Abuse Email: network-abuse@google.com Phone: +1-650-253-0000
To retrieve the full registered IP range — useful for netblock-level blocking or network audits — read the inet_nums array. Each entry contains cidr, start_ip, end_ip, net_name, and status.
import requests response = requests.get( "https://api.apifreaks.com/v1.0/ip/whois/live", params={"ip": "8.8.8.8", "apiKey": "YOUR_API_KEY"} ) data = response.json() for block in data.get("inet_nums", []): print(f"CIDR: {block['cidr']}") print(f"Range: {block['start_ip']} — {block['end_ip']}") print(f"Net name: {block['net_name']}") print(f"Status: {block['status']}") print(f"Organization: {block['organization']}")
#RESPONSE CIDR: ['8.8.8.0/24'] Range: 8.8.8.0 — 8.8.8.255 Net name: GOGL Status: Direct Allocation Organization: Google LLC (GOGL)
inet_nums array (registered IP block, CIDR notation, start and end address, net handle, and allocation status), the organization object (legal name, address, country, and registry handle), technical_contacts and abuse_contacts arrays with emails and phone numbers, and the full whois_raw_response text from the registry server.To use the IP WHOIS Lookup API, API credits are required. Charges apply only for successful queries, indicated by a 2xx status code. If a request results in a 4xx or 5xx status code, no credits will be deducted, and any credits previously charged will be refunded.
For each successful request, 15 credits will be charged for WHOIS IP lookup. Utilize the Credits Usage API to efficiently monitor your recent consumption of both one-off and subscription credits. This API provides a streamlined way to track and manage your credit usage, ensuring you stay informed about your remaining balance and can optimize your resource allocation effectively.
Each successful request costs 15 credits. 10,000 free credits on signup — approximately 666 lookups at no cost.