Online Whois Lookup of IP address and Domains | HackerTarget.com (2024)

Perform an Online Whois Lookup of a domain or IP address to find the registered owner, netblock, ASN and registration dates.

Valid Input: IPv4 IPv6 example.com 8.8.8.8

About the Online Whois Lookup

An Online Whois Lookup is an easy and fast way to find the ISP, Hosting provider and contact details for a domain or IP address. There are many uses for Whois data that can be utilised by attackers and defenders in the information security sector.

By having access to whois online it is possible to gather the required information without having a whois client installed on your system. If you are running a Linux or *nix based system installation of a whois client is generally a simple matter.

Useful for tracking down attackers when defending or finding targets to attack when on the offensive. A whois lookup can reveal organisational details, IP ranges to scan and the email addresses of technical staff. This information is commonly found in the information gathering phase of an assessment or planned attack.

This Online Whois Lookup Tool simply runs the whois command line tool that is packaged in most Linux operating systems. With the results displayed in your web browser.

Whois Query Limits

FREE USER Membership
Queries / day5500 - 20000
# based on plan

With a membership get access to all our security scanners and IP Tools. A gold mine of data for security analysts, network defenders and other cyber security professionals.

Online Whois Lookup of IP address and Domains | HackerTarget.com (1)

Whois Lookup API

Another way to query the whois service is to use the API. Any client can be used from command line utilities to your favourite scripting language.

Whois API - Simple Text Response

The default HTTP response from the API will be returned in a simple plain text based format. This is actually very close to the standard output from the Linux whois command.

curl "https://api.hackertarget.com/whois/?q=google.com&apikey=**apikeyrequired**"

Whois API - JSON response

In this example with JSON output specified we are using the X-API-Key HTTP Header rather than the &apikey= parameter.

curl -H "X-API-Key: ***apikey***" "https://api.hackertarget.com/whois/?q=8.8.8.8&output=json" | jq{ "address": "REDACTED FOR PRIVACY", "city": "REDACTED FOR PRIVACY", "country": "US", "creation_date": "Mon, 16 Apr 2018 22:57:01 GMT", "dnssec": "signedDelegation", "domain_name": "dns.google", "emails": "[emailprotected]", "expiration_date": "Wed, 16 Apr 2025 22:57:01 GMT", "name": "REDACTED FOR PRIVACY", "name_servers": [ "ns1.zdns.google", "ns2.zdns.google", "ns3.zdns.google", "ns4.zdns.google" ], "org": "Charleston Road Registry, Inc.", "referral_url": null, "registrar": "MarkMonitor Inc.", "state": "CA", "status": [ "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited", "clientTransferProhibited https://icann.org/epp#clientTransferProhibited", "clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited" ], "updated_date": "Wed, 20 Mar 2024 10:02:54 GMT", "whois_server": "whois.nic.google", "zipcode": null}

The API is simple to use and aims to be a quick reference tool for security professionals and IT teams. Due to abuse by a small number of users there is a limit of 5 queries per day for Free Users or you can increase the daily quota with a Membership. For those who need to send more packets HackerTarget has Enterprise Plans.

What is a Whois Lookup?

Whois is simply a plain text protocol that returns information from a database of Internet resources. It can reveal the owner or registered user of a resource; that may be a domain name, an IP address block or an autonomous system number (ASN).

Information returned includes physical addresses, email addresses of system staff, names and phone numbers. The DNS name servers of a domain are also displayed. Many domain registration services allow a private listing in which the details of the domain owner can be hidden, these became popular following the prevalence of spam being directed at domain owners.

The Whois protocol was based on the Finger protocol that goes back to 1977, during the very early days of the Internet (ARPANET). The Finger protocol allowed you to "finger" a remote host and the response from the plaintext protocol would reveal who was actually logged on to the system (and how long they had been logged on).

Whois is still a simple plaintext protocol that has a server component that listens on TCP port 43. Clients establish a connection to this port and transmit a text record with the domain or IP address that is to be queried against the Whois database. Since the protocol is so simple a telnet client can be used to query the whois service.

Using Telnet to perform a Whois Lookup

With whois being a simple plain text protocol it is possible to use a standard telnet (or netcat) client to access whois data.

test@testserver:~$ telnet whois.iana.org 43Trying 192.0.32.59...Connected to ianawhois.vip.icann.org.Escape character is '^]'.hackertarget.com% IANA WHOIS server% for more information on IANA, visit http://www.iana.org% This query returned 1 objectrefer: whois.verisign-grs.comdomain: COMorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statescontact: administrativename: Registry Customer Serviceorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statesphone: +1 703 925-6999fax-no: +1 703 948 3978e-mail: [emailprotected]contact: technicalname: Registry Customer Serviceorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statesphone: +1 703 925-6999fax-no: +1 703 948 3978e-mail: [emailprotected]nserver: A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30nserver: B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30nserver: C.GTLD-SERVERS.NET 192.26.92.30 2001:503:83eb:0:0:0:0:30nserver: D.GTLD-SERVERS.NET 192.31.80.30 2001:500:856e:0:0:0:0:30nserver: E.GTLD-SERVERS.NET 192.12.94.30 2001:502:1ca1:0:0:0:0:30nserver: F.GTLD-SERVERS.NET 192.35.51.30 2001:503:d414:0:0:0:0:30nserver: G.GTLD-SERVERS.NET 192.42.93.30 2001:503:eea3:0:0:0:0:30nserver: H.GTLD-SERVERS.NET 192.54.112.30 2001:502:8cc:0:0:0:0:30nserver: I.GTLD-SERVERS.NET 192.43.172.30 2001:503:39c1:0:0:0:0:30nserver: J.GTLD-SERVERS.NET 192.48.79.30 2001:502:7094:0:0:0:0:30nserver: K.GTLD-SERVERS.NET 192.52.178.30 2001:503:d2d:0:0:0:0:30nserver: L.GTLD-SERVERS.NET 192.41.162.30 2001:500:d937:0:0:0:0:30nserver: M.GTLD-SERVERS.NET 192.55.83.30 2001:501:b1f9:0:0:0:0:30ds-rdata: 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766whois: whois.verisign-grs.comstatus: ACTIVEremarks: Registration information: http://www.verisigninc.comcreated: 1985-01-01changed: 2017-06-22source: IANAConnection closed by foreign host.

We can see that by simply entering the domain we were able to get a response from the iana.org whois server. The important information contained in this response is a pointer to the whois server we need to talk to get more information about our domain.

The pointer is this snippet whois: whois.verisign-grs.com

Lets try again using the verisign-grs.com whois server.

test@testserver~:$ telnet whois.verisign-grs.com 43Trying 199.7.54.74...Connected to whois.verisign-grs.com.Escape character is '^]'.hackertarget.com Domain Name: HACKERTARGET.COM Registry Domain ID: 1064667694_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: http://www.enom.com Updated Date: 2017-04-25T02:32:05Z Creation Date: 2007-07-04T01:13:38Z Registry Expiry Date: 2020-07-04T01:13:38Z Registrar: eNom, Inc. Registrar IANA ID: 48 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

Now we have more information, including the DNS servers for the domain, the creation date and the registry expiry date.

Practical Use Cases

Incident Response and Threat Intelligence

The most obvious benefits of a whois lookup for those responding to a security incident is identifying the netblock and ISP that owns a particular IP address. From this contact information the incident responder can alert the owner of the netblock to the presence of malicious traffic.

Historical Whois records are also play a big role in threat intelligence allowing a incident responder to search for key details in the whois data that may be present across multiple investigations or targets. For example you can search whois data to find an email address across multiple domains correlating malicious infrastructure and threat actors.

Troubleshooting Network Issues with Whois

With access to the whois data a network engineer using traceroute to investigate a high latency hop will be able to determine the owner of the network in question and contact the engineers responsible for that network.

Automated Security Vulnerability Scans.

Discover. Investigate. Learn.

Use Cases

Website Recon?

Fingerprint Web App
Technologies in Bulk

Whatweb / Wappalyzer

Remove limits with a full membership

More info available

Membership

Online Whois Lookup of IP address and Domains | HackerTarget.com (2024)

FAQs

How to find all domains associated with an IP address? ›

Perform a reverse IP lookup to find all A records associated with an IP address. The results can pinpoint virtual hosts being served from a web server. Information gathered can be used to expand the attack surface when identifying vulnerabilities on a server.

Can you find a domain name from an IP address? ›

However, with the reverse DNS lookup command, you query the IPv4 address or IPv6 address to find the hostname. Therefore, entering the IP address into the reverse lookup tool tests PTR records. This allows users to locate the domain name associated with the corresponding IP.

Can you look up who owns an IP address? ›

To find an IP address' owner you must use a WHOIS lookup tool, which is essential for getting the IP's registration details. For official and detailed information, you can use the RIPE NCC WHOIS lookup.

How do I find out WHOIS behind a domain name? ›

We'll explain how in 3 easy steps.
  1. Step 1: Make sure the domain is registered. ...
  2. Step 2: Navigate to a Whois Lookup portal. ...
  3. Step 3: Search for the domain name you're interested in. ...
  4. Step 4: Find the information you need in Whois records.

What command looks up domain names of IP addresses? ›

The Nslookup command is available on many of the popular computer operating systems like Windows, macOS, and Linux distros. You can use it to perform DNS queries and receive: domain names or IP addresses, or any other specific DNS Records.

How do I find a fully qualified domain name from an IP address? ›

To find the fully qualified domain name (FQDN) of an IP address, use the "nslookup" command in a command prompt or terminal window. Simply type "nslookup" followed by the IP address, and the command will return the corresponding FQDN.

How to reverse lookup an IP address? ›

How to do a reverse DNS lookup
  1. Open the command prompt.
  2. Type nslookup followed by the IP address and press 'Enter. ' For example, it can be nslookup 8.8. 8.8.
  3. Now, the command prompt will return the DNS name and the associated IP you entered.
Aug 1, 2024

How do I find the name associated with an IP address? ›

The easiest way to find the owner of an IP address is to use a WHOIS lookup tool. When you enter an IP address into a lookup tool, you'll be able to see information such as: The Internet Service Provider (ISP) and the organization's name. The IP's hostname.

How do I ping a domain name from an IP address? ›

Using Ping on a Windows device
  1. Open a Command Prompt. ...
  2. In the Command Prompt window, type 'ping' followed by the destination, either an IP Address or a Domain Name, and press Enter. ...
  3. The command will begin printing the results of the ping into the Command Prompt.
Dec 11, 2023

Can you legally trace an IP address? ›

Is tracing an IP address legal? Yes, tracing your IP address is legal as long as it's not used for criminal activities. The websites you visit, the apps you use, and even your ISP collect your IP address along with other personal information. However, individual users can also easily trace your IP address.

Can IP address be traced to name? ›

The only direct information someone can get with your IP address is your general geographic location, usually your city or postal code. If they have additional information about you, such as your birthdate or Social Security number, a hacker might be able to steal your identity or impersonate you online.

What is arin lookup? ›

ABOUT ARIN LOOKUP

This test will query the American Registry for Internet Numbers (ARIN) database and tell you who an IP address is registered to. Generally speaking, you will input an IP address and find out what ISP or hosting provider uses that block for its customers.

How do I unmask a domain owner? ›

By exploring the website, investigating WhoIs, and contacting the registrar you can search for the domain owner. If your search fails, consider alternatives such as alternate spellings or domain extensions.

How do I find out who owns hidden domains? ›

What to Do if the Domain Registration Information is Hidden?
  1. Contact The Domain Registrar to Forward Your Request. The domain owner's information will often be hidden, but the domain name registrar will be visible. ...
  2. Look up Company Information. ...
  3. Reach out to The Domain Owner via Their Website. ...
  4. Hire a Domain Broker.
Dec 12, 2023

How do I verify who owns a domain name? ›

The Whois database can provide you with details such as a domain's current owner, its availability and its expiration date. With Whois info, you'll be able to check who owns a domain, find the domains that are right for you, and get one step closer to securing them.

How do I get all DNS records from an IP address? ›

Open Command Prompt. Enter nslookup domain.com to perform a DNS lookup for the domain.

How do I find everything about an IP address? ›

The easiest way to find the owner of an IP address is to use a WHOIS lookup tool. When you enter an IP address into a lookup tool, you'll be able to see information such as: The Internet Service Provider (ISP) and the organization's name. The IP's hostname.

How are domains related to IP addresses? ›

A domain name (often simply called a domain) is an easy-to-remember name that's associated with a physical IP address on the Internet. It's the unique name that appears after the @ sign in email addresses, and after www. in web addresses.

Can an IP address have multiple domain names? ›

Hello Yes, you can host two domains on the same static IP address. From a technical point of view, you can host multiple domain names on the same static IP address, but the website corresponding to each domain name still needs enough server resources to run.

Top Articles
Latest Posts
Article information

Author: Neely Ledner

Last Updated:

Views: 5886

Rating: 4.1 / 5 (42 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Neely Ledner

Birthday: 1998-06-09

Address: 443 Barrows Terrace, New Jodyberg, CO 57462-5329

Phone: +2433516856029

Job: Central Legal Facilitator

Hobby: Backpacking, Jogging, Magic, Driving, Macrame, Embroidery, Foraging

Introduction: My name is Neely Ledner, I am a bright, determined, beautiful, adventurous, adventurous, spotless, calm person who loves writing and wants to share my knowledge and understanding with you.