Online Whois Lookup of IP address and Domains | HackerTarget.com (2024)

Perform an Online Whois Lookup of a domain or IP address to find the registered owner, netblock, ASN and registration dates.

Valid Input: IPv4 IPv6 example.com 8.8.8.8

About the Online Whois Lookup

An Online Whois Lookup is an easy and fast way to find the ISP, Hosting provider and contact details for a domain or IP address. There are many uses for Whois data that can be utilised by attackers and defenders in the information security sector.

By having access to whois online it is possible to gather the required information without having a whois client installed on your system. If you are running a Linux or *nix based system installation of a whois client is generally a simple matter.

Useful for tracking down attackers when defending or finding targets to attack when on the offensive. A whois lookup can reveal organisational details, IP ranges to scan and the email addresses of technical staff. This information is commonly found in the information gathering phase of an assessment or planned attack.

This Online Whois Lookup Tool simply runs the whois command line tool that is packaged in most Linux operating systems. With the results displayed in your web browser.

Whois Query Limits

FREE USER Membership
Queries / day5500 - 20000
# based on plan

With a membership get access to all our security scanners and IP Tools. A gold mine of data for security analysts, network defenders and other cyber security professionals.

Online Whois Lookup of IP address and Domains | HackerTarget.com (1)

Whois Lookup API

Another way to query the whois service is to use the API. Any client can be used from command line utilities to your favourite scripting language.

Whois API - Simple Text Response

The default HTTP response from the API will be returned in a simple plain text based format. This is actually very close to the standard output from the Linux whois command.

curl "https://api.hackertarget.com/whois/?q=google.com&apikey=**apikeyrequired**"

Whois API - JSON response

In this example with JSON output specified we are using the X-API-Key HTTP Header rather than the &apikey= parameter.

curl -H "X-API-Key: ***apikey***" "https://api.hackertarget.com/whois/?q=8.8.8.8&output=json" | jq{ "address": "REDACTED FOR PRIVACY", "city": "REDACTED FOR PRIVACY", "country": "US", "creation_date": "Mon, 16 Apr 2018 22:57:01 GMT", "dnssec": "signedDelegation", "domain_name": "dns.google", "emails": "[emailprotected]", "expiration_date": "Wed, 16 Apr 2025 22:57:01 GMT", "name": "REDACTED FOR PRIVACY", "name_servers": [ "ns1.zdns.google", "ns2.zdns.google", "ns3.zdns.google", "ns4.zdns.google" ], "org": "Charleston Road Registry, Inc.", "referral_url": null, "registrar": "MarkMonitor Inc.", "state": "CA", "status": [ "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited", "clientTransferProhibited https://icann.org/epp#clientTransferProhibited", "clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited" ], "updated_date": "Wed, 20 Mar 2024 10:02:54 GMT", "whois_server": "whois.nic.google", "zipcode": null}

The API is simple to use and aims to be a quick reference tool for security professionals and IT teams. Due to abuse by a small number of users there is a limit of 5 queries per day for Free Users or you can increase the daily quota with a Membership. For those who need to send more packets HackerTarget has Enterprise Plans.

What is a Whois Lookup?

Whois is simply a plain text protocol that returns information from a database of Internet resources. It can reveal the owner or registered user of a resource; that may be a domain name, an IP address block or an autonomous system number (ASN).

Information returned includes physical addresses, email addresses of system staff, names and phone numbers. The DNS name servers of a domain are also displayed. Many domain registration services allow a private listing in which the details of the domain owner can be hidden, these became popular following the prevalence of spam being directed at domain owners.

The Whois protocol was based on the Finger protocol that goes back to 1977, during the very early days of the Internet (ARPANET). The Finger protocol allowed you to "finger" a remote host and the response from the plaintext protocol would reveal who was actually logged on to the system (and how long they had been logged on).

Whois is still a simple plaintext protocol that has a server component that listens on TCP port 43. Clients establish a connection to this port and transmit a text record with the domain or IP address that is to be queried against the Whois database. Since the protocol is so simple a telnet client can be used to query the whois service.

Using Telnet to perform a Whois Lookup

With whois being a simple plain text protocol it is possible to use a standard telnet (or netcat) client to access whois data.

test@testserver:~$ telnet whois.iana.org 43Trying 192.0.32.59...Connected to ianawhois.vip.icann.org.Escape character is '^]'.hackertarget.com% IANA WHOIS server% for more information on IANA, visit http://www.iana.org% This query returned 1 objectrefer: whois.verisign-grs.comdomain: COMorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statescontact: administrativename: Registry Customer Serviceorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statesphone: +1 703 925-6999fax-no: +1 703 948 3978e-mail: [emailprotected]contact: technicalname: Registry Customer Serviceorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statesphone: +1 703 925-6999fax-no: +1 703 948 3978e-mail: [emailprotected]nserver: A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30nserver: B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30nserver: C.GTLD-SERVERS.NET 192.26.92.30 2001:503:83eb:0:0:0:0:30nserver: D.GTLD-SERVERS.NET 192.31.80.30 2001:500:856e:0:0:0:0:30nserver: E.GTLD-SERVERS.NET 192.12.94.30 2001:502:1ca1:0:0:0:0:30nserver: F.GTLD-SERVERS.NET 192.35.51.30 2001:503:d414:0:0:0:0:30nserver: G.GTLD-SERVERS.NET 192.42.93.30 2001:503:eea3:0:0:0:0:30nserver: H.GTLD-SERVERS.NET 192.54.112.30 2001:502:8cc:0:0:0:0:30nserver: I.GTLD-SERVERS.NET 192.43.172.30 2001:503:39c1:0:0:0:0:30nserver: J.GTLD-SERVERS.NET 192.48.79.30 2001:502:7094:0:0:0:0:30nserver: K.GTLD-SERVERS.NET 192.52.178.30 2001:503:d2d:0:0:0:0:30nserver: L.GTLD-SERVERS.NET 192.41.162.30 2001:500:d937:0:0:0:0:30nserver: M.GTLD-SERVERS.NET 192.55.83.30 2001:501:b1f9:0:0:0:0:30ds-rdata: 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766whois: whois.verisign-grs.comstatus: ACTIVEremarks: Registration information: http://www.verisigninc.comcreated: 1985-01-01changed: 2017-06-22source: IANAConnection closed by foreign host.

We can see that by simply entering the domain we were able to get a response from the iana.org whois server. The important information contained in this response is a pointer to the whois server we need to talk to get more information about our domain.

The pointer is this snippet whois: whois.verisign-grs.com

Lets try again using the verisign-grs.com whois server.

test@testserver~:$ telnet whois.verisign-grs.com 43Trying 199.7.54.74...Connected to whois.verisign-grs.com.Escape character is '^]'.hackertarget.com Domain Name: HACKERTARGET.COM Registry Domain ID: 1064667694_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: http://www.enom.com Updated Date: 2017-04-25T02:32:05Z Creation Date: 2007-07-04T01:13:38Z Registry Expiry Date: 2020-07-04T01:13:38Z Registrar: eNom, Inc. Registrar IANA ID: 48 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

Now we have more information, including the DNS servers for the domain, the creation date and the registry expiry date.

Practical Use Cases

Incident Response and Threat Intelligence

The most obvious benefits of a whois lookup for those responding to a security incident is identifying the netblock and ISP that owns a particular IP address. From this contact information the incident responder can alert the owner of the netblock to the presence of malicious traffic.

Historical Whois records are also play a big role in threat intelligence allowing a incident responder to search for key details in the whois data that may be present across multiple investigations or targets. For example you can search whois data to find an email address across multiple domains correlating malicious infrastructure and threat actors.

Troubleshooting Network Issues with Whois

With access to the whois data a network engineer using traceroute to investigate a high latency hop will be able to determine the owner of the network in question and contact the engineers responsible for that network.

Automated Security Vulnerability Scans.

Discover. Investigate. Learn.

Use Cases

Website Recon?

Fingerprint Web App
Technologies in Bulk

Whatweb / Wappalyzer

Remove limits with a full membership

More info available

Membership

Online Whois Lookup of IP address and Domains | HackerTarget.com (2024)

FAQs

How to find all domains associated with an IP address? ›

Perform a reverse IP lookup to find all A records associated with an IP address. The results can pinpoint virtual hosts being served from a web server. Information gathered can be used to expand the attack surface when identifying vulnerabilities on a server.

Can you find a domain name from an IP address? ›

However, with the reverse DNS lookup command, you query the IPv4 address or IPv6 address to find the hostname. Therefore, entering the IP address into the reverse lookup tool tests PTR records. This allows users to locate the domain name associated with the corresponding IP.

Can you look up who owns an IP address? ›

To find an IP address' owner you must use a WHOIS lookup tool, which is essential for getting the IP's registration details. For official and detailed information, you can use the RIPE NCC WHOIS lookup.

What command looks up domain names of IP addresses? ›

It may seem quite complex, but NsLookup is a fundamental tool that stands for "Name Server Lookup". It primarily identifies the domain name associated with an IP address. It can also perform a reverse lookup to find the IP address linked to a domain name.

How do I find a fully qualified domain name from an IP address? ›

To find the fully qualified domain name (FQDN) of an IP address, use the "nslookup" command in a command prompt or terminal window. Simply type "nslookup" followed by the IP address, and the command will return the corresponding FQDN.

How to do reverse lookup? ›

How to do a reverse DNS lookup
  1. Open the command prompt.
  2. Type nslookup followed by the IP address and press 'Enter. ' For example, it can be nslookup 8.8. 8.8.
  3. Now, the command prompt will return the DNS name and the associated IP you entered.
Aug 1, 2024

How do I find the name associated with an IP address? ›

The easiest way to find the owner of an IP address is to use a WHOIS lookup tool. When you enter an IP address into a lookup tool, you'll be able to see information such as: The Internet Service Provider (ISP) and the organization's name. The IP's hostname.

How do I ping a domain name from an IP address? ›

Using Ping on a Windows device
  1. Open a Command Prompt. ...
  2. In the Command Prompt window, type 'ping' followed by the destination, either an IP Address or a Domain Name, and press Enter. ...
  3. The command will begin printing the results of the ping into the Command Prompt.
Dec 11, 2023

How to convert IP to domain name? ›

You can manually edit the hosts file on your computer, mapping the IP address to a hostname. Alternatively, if your system caches DNS information locally, you might find the hostname there. Some network diagnostic tools like nslookup could help if available.

What is a reverse lookup domain name? ›

A reverse DNS lookup is a DNS query for the domain name associated with a given IP address. This accomplishes the opposite of the more commonly used forward DNS lookup, in which the DNS system is queried to return an IP address.

Can IP address be traced to name? ›

The only direct information someone can get with your IP address is your general geographic location, usually your city or postal code. If they have additional information about you, such as your birthdate or Social Security number, a hacker might be able to steal your identity or impersonate you online.

Can an IP address identify a person? ›

In some cases, an IP address indicates the country, state, city, or zip code where a device is located. It also tells others the identity of your ISP. However, even with that information, your IP address doesn't reveal enough to pinpoint your location, your personal information, or put you in any danger.

What is arin lookup? ›

ABOUT ARIN LOOKUP

This test will query the American Registry for Internet Numbers (ARIN) database and tell you who an IP address is registered to. Generally speaking, you will input an IP address and find out what ISP or hosting provider uses that block for its customers.

How do I get all DNS records from an IP address? ›

Open Command Prompt. Enter nslookup domain.com to perform a DNS lookup for the domain.

How do I find everything about an IP address? ›

The easiest way to find the owner of an IP address is to use a WHOIS lookup tool. When you enter an IP address into a lookup tool, you'll be able to see information such as: The Internet Service Provider (ISP) and the organization's name. The IP's hostname.

How are domains related to IP addresses? ›

A domain name (often simply called a domain) is an easy-to-remember name that's associated with a physical IP address on the Internet. It's the unique name that appears after the @ sign in email addresses, and after www. in web addresses.

Can an IP address have multiple domain names? ›

Hello Yes, you can host two domains on the same static IP address. From a technical point of view, you can host multiple domain names on the same static IP address, but the website corresponding to each domain name still needs enough server resources to run.

References

Top Articles
Latest Posts
Article information

Author: Laurine Ryan

Last Updated:

Views: 5670

Rating: 4.7 / 5 (77 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Laurine Ryan

Birthday: 1994-12-23

Address: Suite 751 871 Lissette Throughway, West Kittie, NH 41603

Phone: +2366831109631

Job: Sales Producer

Hobby: Creative writing, Motor sports, Do it yourself, Skateboarding, Coffee roasting, Calligraphy, Stand-up comedy

Introduction: My name is Laurine Ryan, I am a adorable, fair, graceful, spotless, gorgeous, homely, cooperative person who loves writing and wants to share my knowledge and understanding with you.