Whois is a protocol and tool that allows querying information from domain registries, IP addresses, and other Internet resources.

What is Whois?

Whois is a query protocol that provides information about domain registries, IP addresses, contacts, and other Internet resources.

How It Works

Protocol

• TCP Port 43: TCP port 43
• Text-based: Text-based
• Query/Response: Query/Response
• Standardized Format: Standardized format

Process

1. Connect to Whois Server: Connect to Whois server
2. Send Query: Send query
3. Receive Response: Receive response
4. Parse Information: Parse information

Basic Usage

Basic Command

1
2
3

whois domain.com
whois 192.168.1.1
whois google.com

Common Options

1
2
3
4
5
6
7
8

# Whois with specific server
whois -h whois.verisign-grs.com google.com

# Whois with specific format
whois -H google.com

# Whois with timeout
whois -t 30 google.com

Available Information

Domains

• Domain Name: Domain name
• Registrar: Registrar
• Creation Date: Creation date
• Expiration Date: Expiration date

Contacts

• Registrant: Registrant
• Administrative Contact: Administrative contact
• Technical Contact: Technical contact
• Billing Contact: Billing contact

Servers

• Name Servers: Name servers
• DNS Records: DNS records
• Status: Status
• Last Updated: Last updated

Use Cases

Research

• Domain Research: Domain research
• Ownership Verification: Ownership verification
• Contact Information: Contact information
• Legal Investigations: Legal investigations

Security

• Threat Intelligence: Threat intelligence
• Domain Monitoring: Domain monitoring
• Phishing Detection: Phishing detection
• Malware Analysis: Malware analysis

Administration

• Domain Management: Domain management
• DNS Administration: DNS administration
• Network Administration: Network administration
• Compliance: Compliance

Tools

Command Line

• whois: Standard tool
• dig: DNS tool
• nslookup: DNS lookup
• host: Name resolution

Web

• Whois Websites: Whois websites
• Domain Registrars: Domain registrars
• DNS Tools: DNS tools
• Network Tools: Network tools

APIs

• REST APIs: REST APIs
• GraphQL APIs: GraphQL APIs
• Bulk Queries: Bulk queries
• Automated Tools: Automated tools

Result Interpretation

Domain Information

Domain Name: GOOGLE.COM
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2019-09-09T15:39:04Z
Creation Date: 1997-09-15T04:00:00Z
Registry Expiry Date: 2028-09-14T04:00:00Z

Contact Information

Registrant Name: Google LLC
Registrant Organization: Google LLC
Registrant Street: 1600 Amphitheatre Parkway
Registrant City: Mountain View
Registrant State/Province: CA
Registrant Postal Code: 94043
Registrant Country: US

Best Practices

Queries

• Specific Queries: Specific queries
• Appropriate Servers: Appropriate servers
• Rate Limiting: Rate limiting
• Respect Privacy: Respect privacy

Analysis

• Data Validation: Data validation
• Cross-reference: Cross-reference
• Historical Data: Historical data
• Trend Analysis: Trend analysis

Limitations

Privacy

• Privacy Protection: Privacy protection
• Proxy Services: Proxy services
• Data Masking: Data masking
• GDPR Compliance: GDPR compliance

Availability

• Server Availability: Server availability
• Rate Limiting: Rate limiting
• Query Restrictions: Query restrictions
• Access Control: Access control

Related Concepts

• DNS - Related concept
• Domains - Related concept
• SSL Certificates - Related concept
• Ping - Related concept
• Traceroute - Related concept
• Firewall - Related concept
• VPN - Related concept
• Logs - Related concept
• Dashboards - Related concept
• CISO - Related concept
• Incident Response - Related concept
• Security Breaches - Related concept

References

• RFC 3912
• Domain Name System
• Network Security
• DNS Security