How to use the command 'whois' (with examples)

How to use the command 'whois' (with examples)

The ‘whois’ command-line client is used for retrieving information about domain names and IP addresses by querying WHOIS servers. By providing a domain name or IP address as an argument, the command sends a request to the WHOIS server and retrieves the registered information associated with the domain or IP address.

Use case 1: Get information about a domain name

Code:

whois example.com

Motivation: If you want to gather detailed information about a specific domain name, such as the domain registrar, registration date, expiration date, and nameservers, you can use the ‘whois’ command. This can be useful for conducting research, checking the ownership of a domain, or troubleshooting domain-related issues.

Explanation:

  • ‘whois’ is the command-line client for the WHOIS protocol.
  • ’example.com’ is the domain name for which you want to retrieve information.

Example output:

Domain Name: EXAMPLE.COM
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2021-03-11T22:21:45Z
Creation Date: 1993-11-05T05:00:00Z
Registry Expiry Date: 2022-11-04T05:00:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.MARKMONITOR.COM
Name Server: NS2.MARKMONITOR.COM
Name Server: NS3.MARKMONITOR.COM
Name Server: NS4.MARKMONITOR.COM
Name Server: NS5.MARKMONITOR.COM
Name Server: NS6.MARKMONITOR.COM
Name Server: NS7.MARKMONITOR.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

Use case 2: Get information about an IP address

Code:

whois 8.8.8.8

Motivation: If you need to obtain information about an IP address, such as the allocation details, organization name, and contact information, you can use the ‘whois’ command. This can be helpful for investigating potential network issues, identifying malicious IP addresses, or verifying if an IP address is legitimate.

Explanation:

  • ‘whois’ is the command-line client for the WHOIS protocol.
  • ‘8.8.8.8’ is the IP address for which you want to retrieve information.

Example output:

NetRange:       8.0.0.0 - 8.255.255.255
CIDR:           8.0.0.0/8
NetName:        LVLT-GOGL-8-8-8
NetHandle:      NET-8-0-0-0-1
Parent:         NET8 (NET-8-0-0-0-0)
NetType:        Direct Allocation
Organization:   Level 3 Parent, LLC (LPL-141)
RegDate:        1992-12-01
Updated:        2018-12-19
Ref:            https://rdap.arin.net/registry/ip/8.0.0.0

OrgName:        Level 3 Parent, LLC
OrgId:          LPL-141
Address:        100 CenturyLink Drive
City:           Monroe
StateProv:      LA
PostalCode:     71203
Country:        US
RegDate:        2018-02-27
Updated:        2018-12-17
Comment:        ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Ref:            https://rdap.arin.net/registry/entity/LPL-141

Use case 3: Get abuse contact for an IP address

Code:

whois -b 8.8.8.8

Motivation: If you come across suspicious or abusive behavior originating from an IP address, you may want to report it to the appropriate authorities or contacts. The ‘whois’ command with the ‘-b’ option allows you to quickly retrieve the abuse contact information for an IP address, enabling you to report any malicious activities.

Explanation:

  • ‘whois’ is the command-line client for the WHOIS protocol.
  • ‘-b’ is an option that specifies the abuse contact for the given IP address.
  • ‘8.8.8.8’ is the IP address for which you want to retrieve abuse contact information.

Example output:

OrgAbuseName:   Abuse
OrgAbusePhone:  +1-877-453-8353 
OrgAbuseEmail:  abuse@level3.com

Conclusion:

The ‘whois’ command is a powerful tool for retrieving information about domain names and IP addresses. Whether you need to investigate domain ownership, troubleshoot network issues, or report abusive behavior, the ‘whois’ command provides easy access to the registered details associated with a domain or IP address.

Tags :

Related Posts

How to use the command fdp (with examples)

How to use the command fdp (with examples)

The fdp command is a part of the graphviz package, and it is used to render an image of a force-directed network graph from a graphviz file.

Read More
How to use the command ppmtobmp (with examples)

How to use the command ppmtobmp (with examples)

ppmtobmp is a command-line tool that is used to convert a PPM (Portable Pixmap) image to a BMP (Bitmap) file.

Read More
How to use the command findfs (with examples)

How to use the command findfs (with examples)

The findfs command is used to find a filesystem by its label or UUID.

Read More