Enter a URL
An Online Whois Checker is an easy and fast way to find the ISP, Hosting provider and contact details for a domain or IP address. There are many uses for Whois data that can be utilized by attackers and defenders in the information security sector.
By having access to whois online it is possible to gather the required information without having a whois client installed on your system. If you are running a Linux or *nix based system installation of a
whois the client is generally a simple matter.
Useful for tracking down attackers when defending or finding targets to attack when on the offensive. A whois lookup can reveal organizational details, IP ranges to scan and the email addresses of technical staff. This information is commonly found in the information-gathering phase of an assessment or planned attack.
This Online Whois Lookup Tool simply runs the whois command-line tool that is packaged in most Linux operating systems. With the results displayed in your web browser.
Whois is simply a plain-text protocol that returns information from a database of Internet resources. It can reveal the owner or registered user of a resource; that may be a domain name, an IP address block or an autonomous system number (ASN).
Information returned includes physical addresses, email addresses of system staff, names and phone numbers. The DNS name servers of a domain are also displayed. Many domain registration services allow a private listing in which the details of the domain owner can be hidden, these became popular following the prevalence of spam being directed at domain owners.
The Whois protocol was based on the Finger protocol that goes back to 1977, during the very early days of the Internet (ARPANET). The
Finger the protocol allowed you to "finger" a remote host and the response from the plaintext protocol would reveal who was actually logged on to the system (and how long they had been logged on).
Whois is still a simple plaintext protocol that has a server component that listens on TCP port 43. Clients establish a connection to this port and transmit a text record with the domain or IP address that is to be queried against the Whois database. Since the protocol is so simple a telnet client can be used to query the
With whois being a simple plain text protocol it is possible to use a standard telnet (or netcat) client to access whois data.
The most obvious benefit of a whois lookup for those responding to a security incident is identifying the netblock and ISP that owns a particular IP address. From this information, the incident responder can contact the owner of the netblock in order to alert the provider to the presence of malicious traffic.
Historical Whois records are also available that allow a responder to search for details in the whois data that may be present across multiple investigations or targets. For example, you can search whois data to find an email address across multiple domains and determine when the email address first appeared in a whois record.
With access to the
whois data a network engineer investigating a path across the Internet may notice a particular network is introducing significant latency. Using an online whois lookup the network engineer will be able to determine the owner of the network in question and contact the engineers responsible for that network.