Whois Lookup

Whois Lookups are used to perform searches within databases on Domain Name System (DNS) names, Internet Protocol (IP) addresses, Autonomous System (AS) numbers, and other data upon which the successful operation of the Internet depends. The whois specification is based in RFC 954 defining an Internet Protocol that allows registrar databases to be searched for owner and contact information for Internet names and ip numbers.

Whois lookups are used by people to look up ownership or contact information for a domain name, or by network administrators for troubleshooting Internet addressing and naming issues, but they can also be used by spammers to collect detailed contact information to spam, or malicious hackers for scoping out target networks prior to commencing an attack on the network.

Whois is not a distributed database but is a group of independent databases managed by different companies and organizations, performing a Whois lookup first involves knowing which database to search, but more recently tools have evolved to automatically peform a whois lookup and search multiple databases at once. Whois lookups are provided generally free of charge by domain name registrars including BallisticDomains.com. Try searching for a domain and find one that is already taken. See the little ‘(click here for info)’ link to the right of it? If you click on that then you will automatically do a whois lookup on that domain you entered!

Do you know an IP address that you need to know who controls it? Perhaps it is a suspicious intrusion through your firewall? Do a whois lookup on the IP address and you will see what company has been assigned the range of IP addresses that contain that particular IP address in question.

Eg. Lets choose IP address 74.125.19.103 (the latest one accessed through my firewall).
Performing a whois lookup on that IP address will show the below;

---
IP WHOIS LOOKUP RESULTS; 

IP Address Block: 74.125.0.0 - 74.125.255.255

Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
United States

Tech Contact
Google Inc.
Phone: +1-650-318-0200
Email: <removed>@google.com

DNS Name Servers
NS1.GOOGLE.COM
NS2.GOOGLE.COM
NS3.GOOGLE.COM
NS4.GOOGLE.COM

GOOGLE
Created: 2007-03-13
Updated: 2007-05-22
Source: whois.arin.net
---
... it looks like by browser contacted a server at Google ... probably to do a Google Search.
Or, if you did a whois lookup on the domain name google.com you will get the information below back from the whois query;
---
DOMAIN WHOIS LOOKUP RESULTS;

Registrant:
Dns Admin
Google Inc.
Please contact  1600 Amphitheatre Parkway
Mountain View CA 94043 US
Email: <removed>@google.com 
Phone: +1.6502530000 Fax: +1.6506188571

Domain Name: google.com

Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com

Administrative Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043, US
Email: <removed>@google.com 
Phone: +1.6506234000 Fax: +1.6506188571

Technical Contact, Zone Contact:
DNS Admin
Google Inc.
2400 E. Bayshore Pkwy
Mountain View CA 94043, US
Email: <removed>@google.com 
Phone: +1.6503300100 Fax: +1.6506181499

Domain Created on..............: 1997-09-15.
Domain Expires on..............: 2011-09-13.
Domain Record last updated on..: 2009-06-21.

Domain servers in listed order:
ns3.google.com
ns4.google.com
ns2.google.com
ns1.google.com
---
So since a whois lookup can expose so much of your pivate information including name, address, phone number, email etc, to the world (including spammers and hackers), what can you do about it?

Private Registration!: Privately registering your domain name through a third party or proxy efectively hides your information in the whois lookup search. Your domain registrar still knows the real registrants information, but it is not shared to the world. Private domain registration protects you from abusive whois lookups, and is provided by the better domain registrars for a nominal fee.