DNS Checker.eu

IPv6 WHOIS Lookup

Discover which organisation an IPv6 address is allocated to, how large the allocation is, and where to send abuse reports.

About IPv6 WHOIS Lookup

IPv6 uses exactly the same registry system as IPv4, so an IPv6 WHOIS lookup tells you which organisation holds the prefix that covers a given address. This tool accepts an IPv6 address in any valid notation - fully expanded, or compressed with the :: shorthand - then queries WHOIS over port 43 starting at IANA and following referrals to the responsible RIR, while also fetching the structured RDAP record for the same address.

A key difference from IPv4 is scale. RIRs hand out IPv6 in large prefixes - commonly a /32 or shorter to a Local Internet Registry (LIR), which then delegates /48 or /56 blocks to end sites. As a result, the record you get back describes the covering allocation (the inet6num object and its netname), which can span an enormous number of addresses, rather than a single host. That is normal: IPv6 WHOIS answers 'who is this block delegated to', not 'who is this exact address'.

The practical fields to look for are the allocation prefix, the network name, the holding organisation, and the abuse contact. If you are tracing traffic or reporting activity from an IPv6 host, the abuse-c contact on the covering block is the right place to send it. The organisation shown is the operator of the network - typically an ISP, cloud provider, or enterprise - not the individual end user.

Queries run from our EU servers with no account and no third-party trackers in the path. You paste an address, we resolve it through the registry chain, and you get both the raw WHOIS hops and the parsed RDAP data.

How to use it

  1. 1Paste an IPv6 address in full or compressed form (for example 2001:db8::1 or its fully expanded equivalent).
  2. 2Run the lookup - it resolves through IANA to the RIR responsible for that prefix.
  3. 3Read the allocation prefix (the inet6num object) and the netname to identify the block.
  4. 4Identify the holding organisation and the abuse contact for the covering allocation.
  5. 5Use the RDAP JSON alongside the raw WHOIS text when you need specific fields programmatically.

Common use cases

  • -Identifying the network operator behind IPv6 traffic appearing in your web, SSH, or mail server logs.
  • -Reporting abuse - scanning, spam, or attacks - originating from an IPv6 host to the right contact.
  • -Checking the size and holder of an IPv6 prefix before applying a firewall or routing filter.
  • -Verifying that an IPv6 range genuinely belongs to the provider or customer you expect.
  • -Auditing which allocation covers an address as IPv6 adoption grows across your services.

Frequently asked questions

How do I look up who owns an IPv6 address?
Enter the IPv6 address into this tool and it queries the internet registries, returning the organisation the covering prefix is allocated to, the allocation's network name, and the abuse contact - via both WHOIS and RDAP.
Why does an IPv6 WHOIS return a whole block instead of one address?
Because Regional Internet Registries allocate IPv6 in large prefixes - often a /32 to a Local Internet Registry and /48 or /56 to end sites - the registry record describes the covering allocation rather than a single 128-bit address.
Can I look up a compressed IPv6 address?
Yes. Both compressed notation using :: and the fully expanded eight-group form are accepted; the tool normalises the address before querying the registries.
Is IPv6 WHOIS different from IPv4 WHOIS?
The mechanism is identical - the same RIRs, the same port-43 WHOIS, and the same RDAP protocol. Only the object type differs: IPv6 records use inet6num objects instead of the inetnum objects used for IPv4.
Does IPv6 WHOIS identify the individual end user?
No. It identifies the organisation that holds the IPv6 allocation, such as an ISP, cloud provider, or enterprise - not the specific person or device using an address within that block.