What is the Whois and how to query it?
About
whois literally who is is an Internet database that identifies who owns:
- a domain
- an IP address
and how to get in contact with them.
Query
Command line
It can be queried with the whois protocol.
You can get information via the whois client 1)
Example:
- Installation on Linux Debian based (Ubuntu, …)
sudo apt-get whois
- Installation on Linux Fedora based (Centos, Redhat, …)
# yum install whois
- Query an IP Address
whois 172.67.150.50
- Query a DNS name
whois domain.extension
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#
NetRange: 172.64.0.0 - 172.71.255.255
CIDR: 172.64.0.0/13
NetName: CLOUDFLARENET
NetHandle: NET-172-64-0-0-1
Parent: NET172 (NET-172-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2015-02-25
Updated: 2021-05-26
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref: https://rdap.arin.net/registry/ip/172.64.0.0
OrgName: Cloudflare, Inc.
OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2021-07-01
Ref: https://rdap.arin.net/registry/entity/CLOUD14
OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
OrgRoutingHandle: CLOUD146-ARIN
OrgRoutingName: Cloudflare-NOC
OrgRoutingPhone: +1-650-319-8930
OrgRoutingEmail: [email protected]
OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
OrgNOCHandle: CLOUD146-ARIN
OrgNOCName: Cloudflare-NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: [email protected]
OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: [email protected]
RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: [email protected]
RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: [email protected]
RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#
Online
Database
The global coordination of the DNS Root, IP addressing, and other Internet protocol resources is performed as the Internet Assigned Numbers Authority (IANA) functions
The IANA WHOIS Service is provided using the WHOIS protocol on port 43.
Whois service of IANA are checked every month to get Root Whois Servers List. See Root whois watcher
For instance:
- You search first at IANA
https://www.iana.org/whois?q=172.67.150.50
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.arin.net
inetnum: 172.0.0.0 - 172.255.255.255
organisation: Administered by ARIN
status: LEGACY
remarks: 172.16.0.0/12 reserved for Private-Use Networks
remarks: [RFC1918]. Complete registration details are found
remarks: iniana-ipv4-special-registry.
whois: whois.arin.net
changed: 1993-05
source: IANA
- The refer whois is whois.arin.net, you:
- go to https://whois.arin.net and search the owner of the IP via the search box
- see that the IP is managed by the RIPE Network Coordination Centre (RIPE, Amsterdam)
The RIPE NCC 2) consists of over 20,000 organisations that act as Local Internet Registries (LIRs) to provide Internet services in their own countries.
Service Region
The whois database are managed by the accreditation organisms (known as rirs ) that manages a region.