Online Whois Lookup of IP address and Domains | HackerTarget.com (2024)

Perform an Online Whois Lookup of a domain or IP address to find the registered owner, netblock, ASN and registration dates.

Valid Input 8.8.8.8 example.com

About the Online Whois Lookup

An Online Whois Lookup is an easy and fast way to find the ISP, Hosting provider and contact details for a domain or IP address. There are many uses for Whois data that can be utilised by attackers and defenders in the information security sector.

By having access to whois online it is possible to gather the required information without having a whois client installed on your system. If you are running a Linux or *nix based system installation of a whois client is generally a simple matter.

Useful for tracking down attackers when defending or finding targets to attack when on the offensive. A whois lookup can reveal organisational details, IP ranges to scan and the email addresses of technical staff. This information is commonly found in the information gathering phase of an assessment or planned attack.

This Online Whois Lookup Tool simply runs the whois command line tool that is packaged in most Linux operating systems. With the results displayed in your web browser.

Whois Query Limits

FREE USER Membership
Queries / day5500 - 20000
# based on plan

With a membership get access to all our security scanners and IP Tools. A gold mine of data for security analysts, network defenders and other cyber security professionals.

Online Whois Lookup of IP address and Domains | HackerTarget.com (1)

What is a Whois Lookup?

Whois is simply a plain text protocol that returns information from a database of Internet resources. It can reveal the owner or registered user of a resource; that may be a domain name, an IP address block or an autonomous system number (ASN).

Information returned includes physical addresses, email addresses of system staff, names and phone numbers. The DNS name servers of a domain are also displayed. Many domain registration services allow a private listing in which the details of the domain owner can be hidden, these became popular following the prevalence of spam being directed at domain owners.

The Whois protocol was based on the Finger protocol that goes back to 1977, during the very early days of the Internet (ARPANET). The Finger protocol allowed you to "finger" a remote host and the response from the plaintext protocol would reveal who was actually logged on to the system (and how long they had been logged on).

Whois is still a simple plaintext protocol that has a server component that listens on TCP port 43. Clients establish a connection to this port and transmit a text record with the domain or IP address that is to be queried against the Whois database. Since the protocol is so simple a telnet client can be used to query the whois service.

Using Telnet to perform a Whois Lookup

With whois being a simple plain text protocol it is possible to use a standard telnet (or netcat) client to access whois data.

test@testserver:~$ telnet whois.iana.org 43Trying 192.0.32.59...Connected to ianawhois.vip.icann.org.Escape character is '^]'.hackertarget.com% IANA WHOIS server% for more information on IANA, visit http://www.iana.org% This query returned 1 objectrefer: whois.verisign-grs.comdomain: COMorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statescontact: administrativename: Registry Customer Serviceorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statesphone: +1 703 925-6999fax-no: +1 703 948 3978e-mail: [emailprotected]contact: technicalname: Registry Customer Serviceorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statesphone: +1 703 925-6999fax-no: +1 703 948 3978e-mail: [emailprotected]nserver: A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30nserver: B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30nserver: C.GTLD-SERVERS.NET 192.26.92.30 2001:503:83eb:0:0:0:0:30nserver: D.GTLD-SERVERS.NET 192.31.80.30 2001:500:856e:0:0:0:0:30nserver: E.GTLD-SERVERS.NET 192.12.94.30 2001:502:1ca1:0:0:0:0:30nserver: F.GTLD-SERVERS.NET 192.35.51.30 2001:503:d414:0:0:0:0:30nserver: G.GTLD-SERVERS.NET 192.42.93.30 2001:503:eea3:0:0:0:0:30nserver: H.GTLD-SERVERS.NET 192.54.112.30 2001:502:8cc:0:0:0:0:30nserver: I.GTLD-SERVERS.NET 192.43.172.30 2001:503:39c1:0:0:0:0:30nserver: J.GTLD-SERVERS.NET 192.48.79.30 2001:502:7094:0:0:0:0:30nserver: K.GTLD-SERVERS.NET 192.52.178.30 2001:503:d2d:0:0:0:0:30nserver: L.GTLD-SERVERS.NET 192.41.162.30 2001:500:d937:0:0:0:0:30nserver: M.GTLD-SERVERS.NET 192.55.83.30 2001:501:b1f9:0:0:0:0:30ds-rdata: 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766whois: whois.verisign-grs.comstatus: ACTIVEremarks: Registration information: http://www.verisigninc.comcreated: 1985-01-01changed: 2017-06-22source: IANAConnection closed by foreign host.

We can see that by simply entering the domain we were able to get a response from the iana.org whois server. The important information contained in this response is a pointer to the whois server we need to talk to get more information about our domain.

The pointer is this snippet whois: whois.verisign-grs.com

Lets try again using the verisign-grs.com whois server.

test@testserver~:$ telnet whois.verisign-grs.com 43Trying 199.7.54.74...Connected to whois.verisign-grs.com.Escape character is '^]'.hackertarget.com Domain Name: HACKERTARGET.COM Registry Domain ID: 1064667694_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: http://www.enom.com Updated Date: 2017-04-25T02:32:05Z Creation Date: 2007-07-04T01:13:38Z Registry Expiry Date: 2020-07-04T01:13:38Z Registrar: eNom, Inc. Registrar IANA ID: 48 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

Now we have more information, including the DNS servers for the domain, the creation date and the registry expiry date.

Use Cases for a Whois Lookup

Incident Response and Threat Intelligence

The most obvious benefits of a whois lookup for those responding to a security incident is identifying the netblock and ISP that owns a particular IP address. From this information the incident responder can contact the owner of the netblock in order to alert the provider to the presence of malicious traffic.

Historical Whois records are also available that allow a responder to search for details in the whois data that may be present across multiple investigations or targets. For example you can search whois data to find an email address across multiple domains and determine when the email address first appeared in a whois record.

Troubleshooting Network Issues with Whois

With access to the whois data a network engineer investigating a path across the Internet may notice a particular network is introducing significant latency. Using an online whois lookup the network engineer will be able to determine the owner of the network in question and contact the engineers responsible for that network.

Whois Lookup API

Another way to query the whois service is to use the API. The HTTP response from the API will be returned in a simple text based format.

https://api.hackertarget.com/whois/?q=google.com&apikey=**apikeyrequired**

The API is simple to use and aims to be a quick reference tool for security professionals and IT teams. Due to abuse by a small number of users there is a limit of 5 queries per day for Free Users or you can increase the daily quota with a Membership. For those who need to send more packets HackerTarget has Enterprise Plans.

Automated Security Vulnerability Scans.

Discover. Investigate. Learn.

Use Cases

Website Recon?

Fingerprint Web App
Technologies in Bulk

Whatweb / Wappalyzer

Remove limits with a full membership

More info available

Membership

Online Whois Lookup of IP address and Domains | HackerTarget.com (2024)

FAQs

How to find all domains associated with an IP address? ›

Perform a reverse IP lookup to find all A records associated with an IP address. The results can pinpoint virtual hosts being served from a web server. Information gathered can be used to expand the attack surface when identifying vulnerabilities on a server.

Is it possible to find out who owns an IP address? ›

To find out who owns an IP address, you can use a WHOIS lookup tool. They're easy to use, and most let you look up an unlimited number of IP addresses for free. Whether you're simply curious about an IP address's owner or need to know more for security reasons, this is the guide for you.

How do I find out WHOIS behind an IP address? ›

To find an IP address' owner you must use a WHOIS lookup tool, which is essential for getting the IP's registration details. For official and detailed information, you can use the RIPE NCC WHOIS lookup.

How do I find domain name from IP address? ›

  1. Click the Windows Start button, then "All Programs" and "Accessories." Right-click on "Command Prompt" and choose "Run as Administrator."
  2. Type "nslookup %ipaddress%" in the black box that appears on the screen, substituting %ipaddress% with the IP address for which you want to find the hostname.
Nov 19, 2016

What command looks up domain names of IP addresses? ›

The Nslookup command is available on many of the popular computer operating systems like Windows, macOS, and Linux distros. You can use it to perform DNS queries and receive: domain names or IP addresses, or any other specific DNS Records.

How do I find a fully qualified domain name from an IP address? ›

To find the fully qualified domain name (FQDN) of an IP address, use the "nslookup" command in a command prompt or terminal window. Simply type "nslookup" followed by the IP address, and the command will return the corresponding FQDN.

Can you legally trace an IP address? ›

Is tracing an IP address legal? Yes, tracing your IP address is legal as long as it's not used for criminal activities. The websites you visit, the apps you use, and even your ISP collect your IP address along with other personal information. However, individual users can also easily trace your IP address.

Can IP address be traced to name? ›

The only direct information someone can get with your IP address is your general geographic location, usually your city or postal code. If they have additional information about you, such as your birthdate or Social Security number, a hacker might be able to steal your identity or impersonate you online.

How do I find out what device an IP address belongs to? ›

Additionally, you can use the ping command to identify devices by their IP address. To do this: Open the command prompt utility as an administrator. Type ping -a [IP_ADDRESS], where [IP_ADDRESS] is the device's IP address you want to find.

How do I trace an IP source? ›

How to Trace an IP Address Using Command Prompt
  1. Step 1: Open the Command Prompt Window. ...
  2. Step 2: Enter the IP Address. ...
  3. Step 3: Trace the IP Address. ...
  4. Step 4: Identify the Location. ...
  5. Step 5: Repeat the Process. ...
  6. Step 1: Log into your Gmail account.
  7. Step 2: Select the email you want to trace the IP address for.
Oct 25, 2023

How to find someones name with IP address? ›

Unfortunately, you can't find someone for free with their IP address unless you have a subpoena. Additionally, if you're wondering how to get someone's IP address indirectly, like through Facebook, you can't.

What company owns the most IP addresses? ›

The US Department of Defense owns the most IP addresses, both in IPv4 and IPv6. This makes a certain amount of sense, since the Internet itself was originally a creation of the Defense Advanced Research Projects Agency (DARPA).

How to reverse lookup an IP address? ›

How to do a reverse DNS lookup
  1. Open the command prompt.
  2. Type nslookup followed by the IP address and press 'Enter. ' For example, it can be nslookup 8.8. 8.8.
  3. Now, the command prompt will return the DNS name and the associated IP you entered.
Aug 1, 2024

How do I find my IP address or domain? ›

If you know how to access your command line or terminal emulator, you can use the ping command to find and get your IP address for your domain: 1. At the prompt, type ping, press the spacebar, and then type the relevant domain name or the server hostname.

Who owns an IP address? ›

The WHOIS IP address results provide the organization or individual's name against which the IP is registered in the IP WHOIS Database. Typically, the owner is none other than the internet service provider (ISP). It's possible to get the end-user information only if the ISP allows it, which usually doesn't happen.

How do I get all DNS records from an IP address? ›

Open Command Prompt. Enter nslookup domain.com to perform a DNS lookup for the domain.

How to find out what websites are hosted on an IP address? ›

Takes a domain or IP address and does a reverse lookup to quickly shows all other domains hosted from the same server. Useful for finding phishing sites or identifying other sites on the same shared hosting server.

How to check a domains IP address? ›

Both the ping command and nslookup command are options for finding the IP address of a website. However, the simplest way to determine the IP address of a website is through the DNS lookup tool. Go to the DNS lookup tool, type the website URL into the text entry, and click Lookup.

How do I find the name associated with an IP address? ›

The IP address hostname lookup tool allows users to find the hostname associated with an IP address. For a computer, the hostname is the web address or domain name. Hostnames allow computers to be easily identified and differentiated from other computers on local networks (LANs).

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Dean Jakubowski Ret

Last Updated:

Views: 6405

Rating: 5 / 5 (70 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Dean Jakubowski Ret

Birthday: 1996-05-10

Address: Apt. 425 4346 Santiago Islands, Shariside, AK 38830-1874

Phone: +96313309894162

Job: Legacy Sales Designer

Hobby: Baseball, Wood carving, Candle making, Jigsaw puzzles, Lacemaking, Parkour, Drawing

Introduction: My name is Dean Jakubowski Ret, I am a enthusiastic, friendly, homely, handsome, zealous, brainy, elegant person who loves writing and wants to share my knowledge and understanding with you.