Online Whois Lookup of IP address and Domains | HackerTarget.com (2025)

Perform an Online Whois Lookup of a domain or IP address to find the registered owner, netblock, ASN and registration dates.

Valid Input: IPv4 IPv6 example.com 8.8.8.8

About the Online Whois Lookup

An Online Whois Lookup is an easy and fast way to find the ISP, Hosting provider and contact details for a domain or IP address. There are many uses for Whois data that can be utilised by attackers and defenders in the information security sector.

By having access to whois online it is possible to gather the required information without having a whois client installed on your system. If you are running a Linux or *nix based system installation of a whois client is generally a simple matter.

Useful for tracking down attackers when defending or finding targets to attack when on the offensive. A whois lookup can reveal organisational details, IP ranges to scan and the email addresses of technical staff. This information is commonly found in the information gathering phase of an assessment or planned attack.

This Online Whois Lookup Tool simply runs the whois command line tool that is packaged in most Linux operating systems. With the results displayed in your web browser.

Whois Query Limits

FREE USER Membership
Queries / day5500 - 20000
# based on plan

With a membership get access to all our security scanners and IP Tools. A gold mine of data for security analysts, network defenders and other cyber security professionals.

Online Whois Lookup of IP address and Domains | HackerTarget.com (1)

Whois Lookup API

Another way to query the whois service is to use the API. Any client can be used from command line utilities to your favourite scripting language.

Whois API - Simple Text Response

The default HTTP response from the API will be returned in a simple plain text based format. This is actually very close to the standard output from the Linux whois command.

curl "https://api.hackertarget.com/whois/?q=google.com&apikey=**apikeyrequired**"

Whois API - JSON response

In this example with JSON output specified we are using the X-API-Key HTTP Header rather than the &apikey= parameter.

curl -H "X-API-Key: ***apikey***" "https://api.hackertarget.com/whois/?q=8.8.8.8&output=json" | jq{ "address": "REDACTED FOR PRIVACY", "city": "REDACTED FOR PRIVACY", "country": "US", "creation_date": "Mon, 16 Apr 2018 22:57:01 GMT", "dnssec": "signedDelegation", "domain_name": "dns.google", "emails": "[emailprotected]", "expiration_date": "Wed, 16 Apr 2025 22:57:01 GMT", "name": "REDACTED FOR PRIVACY", "name_servers": [ "ns1.zdns.google", "ns2.zdns.google", "ns3.zdns.google", "ns4.zdns.google" ], "org": "Charleston Road Registry, Inc.", "referral_url": null, "registrar": "MarkMonitor Inc.", "state": "CA", "status": [ "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited", "clientTransferProhibited https://icann.org/epp#clientTransferProhibited", "clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited" ], "updated_date": "Wed, 20 Mar 2024 10:02:54 GMT", "whois_server": "whois.nic.google", "zipcode": null}

The API is simple to use and aims to be a quick reference tool for security professionals and IT teams. Due to abuse by a small number of users there is a limit of 5 queries per day for Free Users or you can increase the daily quota with a Membership. For those who need to send more packets HackerTarget has Enterprise Plans.

What is a Whois Lookup?

Whois is simply a plain text protocol that returns information from a database of Internet resources. It can reveal the owner or registered user of a resource; that may be a domain name, an IP address block or an autonomous system number (ASN).

Information returned includes physical addresses, email addresses of system staff, names and phone numbers. The DNS name servers of a domain are also displayed. Many domain registration services allow a private listing in which the details of the domain owner can be hidden, these became popular following the prevalence of spam being directed at domain owners.

The Whois protocol was based on the Finger protocol that goes back to 1977, during the very early days of the Internet (ARPANET). The Finger protocol allowed you to "finger" a remote host and the response from the plaintext protocol would reveal who was actually logged on to the system (and how long they had been logged on).

Whois is still a simple plaintext protocol that has a server component that listens on TCP port 43. Clients establish a connection to this port and transmit a text record with the domain or IP address that is to be queried against the Whois database. Since the protocol is so simple a telnet client can be used to query the whois service.

Using Telnet to perform a Whois Lookup

With whois being a simple plain text protocol it is possible to use a standard telnet (or netcat) client to access whois data.

test@testserver:~$ telnet whois.iana.org 43Trying 192.0.32.59...Connected to ianawhois.vip.icann.org.Escape character is '^]'.hackertarget.com% IANA WHOIS server% for more information on IANA, visit http://www.iana.org% This query returned 1 objectrefer: whois.verisign-grs.comdomain: COMorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statescontact: administrativename: Registry Customer Serviceorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statesphone: +1 703 925-6999fax-no: +1 703 948 3978e-mail: [emailprotected]contact: technicalname: Registry Customer Serviceorganisation: VeriSign Global Registry Servicesaddress: 12061 Bluemont Wayaddress: Reston Virginia 20190address: United Statesphone: +1 703 925-6999fax-no: +1 703 948 3978e-mail: [emailprotected]nserver: A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30nserver: B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30nserver: C.GTLD-SERVERS.NET 192.26.92.30 2001:503:83eb:0:0:0:0:30nserver: D.GTLD-SERVERS.NET 192.31.80.30 2001:500:856e:0:0:0:0:30nserver: E.GTLD-SERVERS.NET 192.12.94.30 2001:502:1ca1:0:0:0:0:30nserver: F.GTLD-SERVERS.NET 192.35.51.30 2001:503:d414:0:0:0:0:30nserver: G.GTLD-SERVERS.NET 192.42.93.30 2001:503:eea3:0:0:0:0:30nserver: H.GTLD-SERVERS.NET 192.54.112.30 2001:502:8cc:0:0:0:0:30nserver: I.GTLD-SERVERS.NET 192.43.172.30 2001:503:39c1:0:0:0:0:30nserver: J.GTLD-SERVERS.NET 192.48.79.30 2001:502:7094:0:0:0:0:30nserver: K.GTLD-SERVERS.NET 192.52.178.30 2001:503:d2d:0:0:0:0:30nserver: L.GTLD-SERVERS.NET 192.41.162.30 2001:500:d937:0:0:0:0:30nserver: M.GTLD-SERVERS.NET 192.55.83.30 2001:501:b1f9:0:0:0:0:30ds-rdata: 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766whois: whois.verisign-grs.comstatus: ACTIVEremarks: Registration information: http://www.verisigninc.comcreated: 1985-01-01changed: 2017-06-22source: IANAConnection closed by foreign host.

We can see that by simply entering the domain we were able to get a response from the iana.org whois server. The important information contained in this response is a pointer to the whois server we need to talk to get more information about our domain.

The pointer is this snippet whois: whois.verisign-grs.com

Lets try again using the verisign-grs.com whois server.

test@testserver~:$ telnet whois.verisign-grs.com 43Trying 199.7.54.74...Connected to whois.verisign-grs.com.Escape character is '^]'.hackertarget.com Domain Name: HACKERTARGET.COM Registry Domain ID: 1064667694_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: http://www.enom.com Updated Date: 2017-04-25T02:32:05Z Creation Date: 2007-07-04T01:13:38Z Registry Expiry Date: 2020-07-04T01:13:38Z Registrar: eNom, Inc. Registrar IANA ID: 48 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

Now we have more information, including the DNS servers for the domain, the creation date and the registry expiry date.

Practical Use Cases

Incident Response and Threat Intelligence

The most obvious benefits of a whois lookup for those responding to a security incident is identifying the netblock and ISP that owns a particular IP address. From this contact information the incident responder can alert the owner of the netblock to the presence of malicious traffic.

Historical Whois records are also play a big role in threat intelligence allowing a incident responder to search for key details in the whois data that may be present across multiple investigations or targets. For example you can search whois data to find an email address across multiple domains correlating malicious infrastructure and threat actors.

Troubleshooting Network Issues with Whois

With access to the whois data a network engineer using traceroute to investigate a high latency hop will be able to determine the owner of the network in question and contact the engineers responsible for that network.

Automated Security Vulnerability Scans.

Discover. Investigate. Learn.

Use Cases

Website Recon?

Fingerprint Web App
Technologies in Bulk

Whatweb / Wappalyzer

Remove limits with a full membership

More info available

Membership

Online Whois Lookup of IP address and Domains | HackerTarget.com (2025)

FAQs

How to find all domains associated with an IP address? ›

Perform a reverse IP lookup to find all A records associated with an IP address. The results can pinpoint virtual hosts being served from a web server. Information gathered can be used to expand the attack surface when identifying vulnerabilities on a server.

Can you find a domain name from an IP address? ›

However, with the reverse DNS lookup command, you query the IPv4 address or IPv6 address to find the hostname. Therefore, entering the IP address into the reverse lookup tool tests PTR records. This allows users to locate the domain name associated with the corresponding IP.

Can you look up who owns an IP address? ›

To find an IP address' owner you must use a WHOIS lookup tool, which is essential for getting the IP's registration details. For official and detailed information, you can use the RIPE NCC WHOIS lookup.

How do I find out WHOIS behind a domain name? ›

How to Track Down Who Owns a Domain Name
  1. Step One: Visit the Website.
  2. Step Two: Check the WHOIS Database.
  3. Step Three: Contact the Domain Registrar.
Sep 6, 2024

What command looks up domain names of IP addresses? ›

The Nslookup command is available on many of the popular computer operating systems like Windows, macOS, and Linux distros. You can use it to perform DNS queries and receive: domain names or IP addresses, or any other specific DNS Records.

How do I find a fully qualified domain name from an IP address? ›

To find the fully qualified domain name (FQDN) of an IP address, use the "nslookup" command in a command prompt or terminal window. Simply type "nslookup" followed by the IP address, and the command will return the corresponding FQDN.

Can you reverse lookup an IP address? ›

The Reverse Lookup tool will do a reverse IP lookup. If you type in an IP address, we will attempt to locate a dns PTR record for that IP address. You can then click on the results to find out more about that IP Address. Please note that in general, your ISP must setup and maintain these Reverse DNS records (i.e.

Which command to look up a domain name record for an IP address? ›

To do a domain name system lookup in a Windows computer, go to Start, then Run, and type command to open the command prompt. Type nslookup as the DNS lookup command and hit Enter.

How do I find the name associated with an IP address? ›

The easiest way to find the owner of an IP address is to use a WHOIS lookup tool. When you enter an IP address into a lookup tool, you'll be able to see information such as: The Internet Service Provider (ISP) and the organization's name. The IP's hostname.

Can you legally trace an IP address? ›

Is tracing an IP address legal? Yes, tracing your IP address is legal as long as it's not used for criminal activities. The websites you visit, the apps you use, and even your ISP collect your IP address along with other personal information. However, individual users can also easily trace your IP address.

Can I identify someone by their IP address? ›

In some cases, an IP address indicates the country, state, city, or zip code where a device is located. It also tells others the identity of your ISP. However, even with that information, your IP address doesn't reveal enough to pinpoint your location, your personal information, or put you in any danger.

What is ARIN WHOIS? ›

ARIN's Whois service is a public resource that allows a user to retrieve information about IP number resources, organizations, POCs, customers, and other entities. ARIN will not collect any personal information for inclusion in its public Whois.

How do I verify who owns a domain name? ›

The Whois database can provide you with details such as a domain's current owner, its availability and its expiration date. With Whois info, you'll be able to check who owns a domain, find the domains that are right for you, and get one step closer to securing them.

Can the owner of a domain be traced? ›

To find an owner, you can search the domain registration history. Domain registration history is also known as WHOIS history because it collects all WHOIS records associated with a domain, starting with the first registration.

How do I find everything about an IP address? ›

For a safe, reliable way to look up an IP address, you can use the IP lookup tool on whatismyipaddress.com. Simply paste the IP address into the lookup box and you'll get a results page with info about that IP address. An IP lookup results page for 216.58. 194.78 (which belongs to Google).

How are domains related to IP addresses? ›

A domain name (often simply called a domain) is an easy-to-remember name that's associated with a physical IP address on the Internet. It's the unique name that appears after the @ sign in email addresses, and after www. in web addresses.

Can an IP address have multiple domain names? ›

Comment Use comments to ask for clarification, additional information, or improvements to the question. Hello Yes, you can host two domains on the same static IP address.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Wyatt Volkman LLD

Last Updated:

Views: 5317

Rating: 4.6 / 5 (46 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Wyatt Volkman LLD

Birthday: 1992-02-16

Address: Suite 851 78549 Lubowitz Well, Wardside, TX 98080-8615

Phone: +67618977178100

Job: Manufacturing Director

Hobby: Running, Mountaineering, Inline skating, Writing, Baton twirling, Computer programming, Stone skipping

Introduction: My name is Wyatt Volkman LLD, I am a handsome, rich, comfortable, lively, zealous, graceful, gifted person who loves writing and wants to share my knowledge and understanding with you.