Primeiro que tudo: O que é o whois? É um protocolo e uma ferramenta que irá reportar dados sobre um domínio ou IP. Estes dados podem reportar o proprietário do domínio ou IP, bem como a nacionalidade ou, no caso do IP, a geolocalização:
user@host~$ whois wordpress.com Domain Name: WORDPRESS.COM Registry Domain ID: 21242797_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2017-01-12T22:53:10Z Creation Date: 2000-03-03T12:13:23Z Registry Expiry Date: 2020-03-03T12:13:23Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.WORDPRESS.COM Name Server: NS2.WORDPRESS.COM Name Server: NS3.WORDPRESS.COM Name Server: NS4.WORDPRESS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2018-02-06T23:42:26Z <<<
E pode perguntar, de onde vêm estes dados? Estes dados provêm de uma base de dados oferecida pelos servidores whois. Estes servidores podem ter informações específicas ou podem oferecer, por exemplo, “whois.internic.net” que fornece informações sobre praticamente qualquer domínio e pode ser solicitado por IP, devolvendo o DNS de cada domínio associado a este IP.
Como se pode ver em:
Se fizermos uma consulta sobre um IP como servidor whois por defeito, ele reportará todos os dados relacionados com o proprietário do IP, se tiver sido feito um nslookup sobre um domínio e tivermos obtido um IP, executando este comando podemos ver qual o fornecedor de serviços que aloja estes serviços:
user@host:~$ nslookup google.es
Server: 10.0.0.254
Address: 10.0.0.254#53
Non-authoritative answer:
Name: google.es
Address: 216.58.210.131
user@host:~$ whois 216.58.210.131
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#
#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=216.58.210.131?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange: 216.58.192.0 - 216.58.223.255
CIDR: 216.58.192.0/19
NetName: GOOGLE
NetHandle: NET-216-58-192-0-1
Parent: NET216 (NET-216-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS15169
Organization: Google LLC (GOGL)
RegDate: 2012-01-27
Updated: 2012-01-27
Ref: https://whois.arin.net/rest/net/NET-216-58-192-0-1
OrgName: Google LLC
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2017-12-21
Ref: https://whois.arin.net/rest/org/GOGL
OrgTechHandle: ZG39-ARIN
OrgTechName: Google LLC
OrgTechPhone: +1-650-253-0000
OrgTechEmail: arin-contact@google.com
OrgTechRef: https://whois.arin.net/rest/poc/ZG39-ARIN
OrgAbuseHandle: ABUSE5250-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-253-0000
OrgAbuseEmail: network-abuse@google.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE5250-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml