Internet
Fact-checked

At EasyTechJunkie, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What is WHOIS?

WHOIS is a protocol used to query databases that store the registered users or assignees of internet resources, such as domain names or IP addresses. It's a tool that can reveal the identity behind a website, providing transparency in the digital realm. Interested in uncovering the layers of the internet? Discover how WHOIS can be your digital detective.
R. Kayne
R. Kayne

WHOIS (who is) is the aptly named Internet function that allows one to query remote databases for domain registration information. By performing a simple search, you can discover when and by whom a domain was registered, contact information, and more. A search can also reveal the name or network mapped to a numerical IP address. Originally, WHOIS searches were performed in a command line environment and took the form, [drive]:\>whois domain.com. Searches can still be performed from the command line, but Web interface tools now make it convenient to visit a website and simply enter the IP address or domain name.

In the case of a privately owned domain, the WHOIS database contains the full name, address, telephone number, and email address of the registered owner of the domain. If the domain is owned by a business, the company name, address, email, and telephone number are listed. There are also fields for a domain administrator, technical administrator, and other contacts. The expiration date of the registration period is also listed.

WHOIS searches can reveal the network mapped to a numerical IP address.
WHOIS searches can reveal the network mapped to a numerical IP address.

While the original purpose of the WHOIS database was to provide a directory for domain owners, the publicly available information opened the doors to mass spam and other abuses. The terms and conditions of these databases include a provision that the information revealed shall not be used for such purposes, but this has proven to be a rather anemic solution. To further discourage data miners, most WHOIS sites have implemented a script with a random graphic display of numbers or letters which the requester has to manually enter into a field. "Bots" or data scouring programs cannot read these graphic displays, disabling results from automated queries. Beyond precautions such as these, there is no real mechanism in place to catch, identify, or punish abusers of the information.

The publicly available information of WHOIS opened the doors to mass spam and other abuses.
The publicly available information of WHOIS opened the doors to mass spam and other abuses.

In 2004, the Internet Engineering Task Force (IETF) proposed a new protocol for handling WHOIS information. The new proposed protocol is termed Cross Registry Information Service Protocol (CRISP). The information is currently stored by different schemes and on various servers. The technical aspects of the protocol are outlined in RFC 954.

You might also Like

Discussion Comments

anon20669

how does the "whois" help the attackers to do

reconnaissance on an institution before launching an attack?

Post your comments
Login:
Forgot password?
Register:
    • WHOIS searches can reveal the network mapped to a numerical IP address.
      By: iinspiration
      WHOIS searches can reveal the network mapped to a numerical IP address.
    • The publicly available information of WHOIS opened the doors to mass spam and other abuses.
      By: lichtmeister
      The publicly available information of WHOIS opened the doors to mass spam and other abuses.