🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Home » Learn » Linux Commands » whois

whois Command

Beginner Networking man(1)

Query domain and IP registration information

📅 Updated: Mar 16, 2026
SYNTAX
whois [OPTIONS] QUERY

What Does whois Do?

The whois command queries WHOIS databases to retrieve registration information about domain names and IP addresses. It shows who owns a domain, when it was registered and expires, the registrar, name servers, and contact information (when available).

For IP addresses, whois returns the organization that owns the IP range, the allocation date, CIDR notation, and abuse contact information. This is essential for network security investigations, identifying the source of suspicious traffic, and verifying hosting providers.

whois is a fundamental tool for system administrators, security professionals, and network engineers. Use cases include domain availability checking, investigating phishing domains, identifying who is scanning your servers, verifying SSL certificate ownership, and planning domain renewals.

Options & Flags

OptionDescriptionExample
DOMAIN Query domain registration info whois example.com
IP Query IP address ownership whois 8.8.8.8
-h SERVER Query a specific WHOIS server whois -h whois.ripe.net 1.2.3.4
-p PORT Connect to WHOIS server on specified port whois -p 4321 example.com
AS NUMBER Query an Autonomous System number whois AS15169

Practical Examples

#1 Check domain registration

Get key domain info: registrar, creation date, expiry date, and name servers.
$ whois example.com | grep -E "Registrar|Creation|Expiry|Name Server"

#2 Check IP ownership

Find who owns an IP address — useful for identifying scanners, attackers, or hosting providers.
$ whois 8.8.8.8 | grep -E "OrgName|NetRange|CIDR|Country"
Output: OrgName: Google LLC\nNetRange: 8.8.8.0 - 8.8.8.255\nCIDR: 8.8.8.0/24\nCountry: US

#3 Check domain availability

Check if a domain is registered. "No match" or "Not found" typically means it is available.
$ whois newdomain.com | grep -i "no match\|not found\|available"

#4 Find domain expiry date

Find when a domain expires — important for renewal planning and competitor monitoring.
$ whois example.com | grep -i expir
Output: Registry Expiry Date: 2025-08-13T04:00:00Z

#5 Look up ASN

Query Autonomous System information — shows the organization and their IP allocations.
$ whois AS15169

#6 Investigate suspicious IP

Find the abuse contact and organization for a suspicious IP. Useful for reporting attacks.
$ whois 203.0.113.50 | grep -iE "abuse|orgname|country|netrange"

Tips & Best Practices

GDPR and privacy: Many domains now show redacted WHOIS info due to GDPR. Registrant details may be hidden behind privacy services. IP WHOIS is not affected.
Use specific WHOIS servers: For more reliable results, query the registry directly: whois -h whois.verisign-grs.com example.com (.com/.net), whois -h whois.ripe.net IP (European IPs).
Install whois: Install with: apt install whois (Debian/Ubuntu), dnf install whois (Fedora/RHEL), brew install whois (macOS).
Rate limiting: WHOIS servers rate-limit queries. Avoid scripting bulk lookups without delays, or your IP may be temporarily blocked.

Frequently Asked Questions

How do I find who owns a domain?
Run: whois example.com — look for Registrant Name/Organization fields. Note that many domains use privacy services that hide this information due to GDPR.
How do I check if a domain is available?
whois domain.com — if the response contains "No match" or "Domain not found", the domain is likely available for registration.
How do I find who owns an IP address?
Run: whois 1.2.3.4 — shows the organization, network range (CIDR), country, and abuse contact for the IP allocation.
Why does whois show "REDACTED FOR PRIVACY"?
GDPR regulations require registrars to hide personal information. The registrant details are available to law enforcement but hidden from public WHOIS queries.

Related Commands

curl

Transfer data from or to a server using various protocols

 dig

DNS lookup utility for querying name servers

 host

DNS lookup utility (simple)

 nslookup

Query DNS name servers interactively

 ping

Send ICMP echo requests to test network connectivity

More Networking Commands

arp

Manipulate the ARP cache

 bridge

Linux network bridge management

 curl

Transfer data from or to a server using various protocols

 dig

DNS lookup utility for querying name servers

 ethtool

Display or change ethernet device settings

 host

DNS lookup utility (simple)

 ifconfig

Configure or display network interface parameters (legacy)

 ip

Show and manipulate network interfaces, routing, and tunnels

 iperf3

Network bandwidth measurement tool

 ip route

Show and manipulate the routing table

 mtr

Combine ping and traceroute in a single network diagnostic t

 nc

Networking utility for reading/writing across network connec
whoami Command 📋 All Commands xargs Command →

Master Linux with Professional eBooks

Curated IT eBooks covering Linux, DevOps, Cloud, and more

Browse Books →