- slide 1 of 4
What is Whois?
Whois is a method that can be used to query the database of domain registrars. Any website or domain name is assigned to an individual, group or business. The Whois domain search is available on the domain registrar's website and other websites using the whois script. You will find the name, home or business address, phone number, and email address of the person or business' representative who registered and now administers the domain.
- slide 2 of 4
Who Uses Whois?
Whois domain search is often used by administrators and researchers, but advanced end-users can also take advantage of a whois service or tool. Anyone can use a whois search to find out who is behind a particular domain name. You can also use a whois domain search to find the assigned or shared IP address in use by a domain name.
- slide 3 of 4
Whois Domain Search - Usage Examples
If a business or home computer is under attack by a remote user or computer, your firewall software should have the log of the intrusion or network attack. A hostname search using a whois tool can help identify the computer name, location or network provider of the attacker. When you have this information, you can use it to file an abuse report.
Phishers and spammers can be taken care of by authorities if anyone files a report with evidence, logs and whois search results. A whois query is a great way to fight back against the bad guys.
Scammers, rogueware and malware distributors are easy to identify using a whois tool or search service. An example of a rogue domain is is-download.com. The is-download.com is serving the rogue Internet Security 2010 program. Using a whois query for the domain, you will find the following information about the domain registrant or owner:
The registrant is located in Russia and we can use the above information to report abuse. If the hosting provider or domain registrar is responsible enough, they will take down or disable the offending domain name and the hosting provider should take the website offline.
Malware distributors that will install additional malicious files onto a compromised computer will also have to give up their IP address. The IP address can be used by people to query the database of whois services. The information on the hostname, hosting provider or internet service provider should help you gather information which can later be used to block and report them.
Discussion forum administrators also have access to whois search via their forum software. It is a very useful option to immediately check the location of forum members or newly registered members that have abuse their website e.g. spammers or scammers.
- slide 4 of 4
Online Whois Tools
Domain registrars and companies that manage Internet numbers all offer a free whois domain search. Examples are ARIN, RIPE, Network Solutions, GoDaddy and InterNIC. Other websites also offers a free whois search such as Robtex and hpHosts.
Whois utility is also available for free so you can have it on your desktop: