IP / ASN / GeoIP Lookup

RDAP (Registration Data Access Protocol) is the modern JSON replacement for the legacy WHOIS protocol. Each Regional Internet Registry (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) runs an RDAP server that returns structured data about an IP block: who owns it, what country it is allocated to, and how to contact the abuse desk.

An Autonomous System Number identifies the network that controls a block of IP addresses on the public internet. That is usually an ISP, a hosting provider, or a large enterprise. RDAP exposes the network handle, which usually maps to a single ASN. ASNs are most useful for spotting things like "this IP belongs to a residential ISP, so it shouldn't be sending bulk email" or "this is a known bulletproof hoster."

If an IP is sending spam, attacking your servers, or otherwise misbehaving, the abuse contact is who you report it to. Every public IP block is required to publish one. If your reports keep getting ignored, escalate to the RIR. Sustained non-response can get the block de-listed.

RDAP only exposes the country the IP block is registered in, which is reliable but coarse. City- or region-level GeoIP needs a commercial database like MaxMind or IP2Location, built from inference rather than registry data. We avoid those because the licensing is restrictive and the accuracy is hit-or-miss for IPv6 and cloud ranges.

One of three things: rdap.org could not route the query (rare), the responsible RIR's RDAP server returned an error, or the block is in a special-use range (private space, documentation) with no public registration. If a normal-looking IP keeps failing, just retry. RIR servers occasionally throttle or have brief outages.