Whether you are chasing cybercriminals, researching domains for your own use, keeping an eye on your competitors, or any number of other activities, your quest often begins by entering a domain name or IP address in the search box, and looking over the information returned by DomainTools.
“Whois” with DomainTools is much more than just a static Whois entry for a domain. The DomainTools Whois results page gives a detailed profile of the specified domain, and also serves as the jumping-off point for all kinds of investigations. Long-time DomainTools users will see some important enhancements, introduced in June 2014, to this fundamental tool.
There are several key areas in which the DomainTools Whois results go beyond traditional Whois lookup tools:
- Investigators and researchers can learn or infer information about the domain at a quick glance, with rich profile information that is not available in a simple Whois lookup. Examples include IP/hosting information, screenshots, Web server and traffic profiles
- Many of the key datapoints have secondary information associated with them, and this secondary information can be of vital importance to an investigation. Examples are the number of other domains associated with the registrant, the number of other domains hosted on the same IP address, and the number of historical Whois records in the DomainTools database.
- Because of the wealth of information provided in the profile of the domain, the Whois results page provides a good starting point for an investigation, with connections to premium research tools such as Reverse Whois, Whois History and Screenshots History, Reverse IP, and more. These premium tools are available to DomainTools Personal and Enterprise members.
The Whois Page Layout
The Whois results page consists of four major sections:
- The Domain Profile, which is a summary of key data about the domain that comes from the Whois record itself as well as other data sources maintained by DomainTools.
- The raw Whois record, as provided directly from the authoritative Whois server
- The Tools section, providing access to DomainTools research and monitoring products.
- Available TLDs, showing registration status for the same domain name in other generic and country Top Level Domains (TLDs).
A simple key/value table shows the relevant data for each field. The table consists of two sections, which can be collapsed or expanded for convenience:
- Whois & Quick Stats
Several of the fields in Whois & Quick Stats contain data that can be further explored by jumping to other research tools:
- Registrant Email: if the email address(es) of the registrant are associated with other domains, you can jump to a Reverse Whois page for that email address, showing the other domains associated with it.
- Registrant Organization: if the registrant is associated with other domains, you can jump to a Reverse Whois page showing those domains.
- IP address: If other domains are hosted on the same IP address, you can jump to a Reverse IP page showing those domains.
- Name Servers: If other domains are served by the same name server(s), you can jump to a Reverse Name Server page for that server showing the domains it serves.
- Whois History: If DomainTools has historical Whois records for the domain, you can jump to the Whois History page to explore these records.
- IP, Registrar, and Name Server History: if DomainTools has historical records pertaining to these hosting parameters, you can jump to a Hosting History page for the domain.
Anonymous/Not Logged In:
The tools listed above are for DomainTools Personal or Enterprise members. If you are not a member, or are not logged in, each of the tools referred to above will take you to a preview page which presents a partial view of the data that is available to logged-in members.
This section helps round out your at-a-glance summary of the domain. Information shown here helps give a sense of the website’s prominence and relevance on the Internet, and allows you to draw some inferences about the nature of the site.
The actual Whois record, as pulled directly from the Whois server, is displayed here.
Availability in Other Top Level Domains (TLDs)
Whether or not you are interested in acquiring the domain you looked up, it can be useful to see the registration status for the same domain name in other generic or country code TLDs. This section has a separate tab for generic TLDs and ccTLDs, with the availability shown for each TLD.
If the domain in question is taken, you can click a link to see the Whois results page for the domain.
If the domain is available, you can click a link to register the domain.
Since the Whois results page is often the starting point for an investigation, you can jump immediately to other tools to explore further. For each of these other tools, the context of the domain from the Whois record is retained.
For example, the Monitors tools will monitor pertinent datapoints from the domain you entered in your Whois lookup, such as the registrant, IP, name server or the domain itself.
You can jump from the Whois page to other DomainTools research tools from the controls in this section:
- Preview Full Domain Report takes you to a summary of the report, which you can choose to download if your subscription allocation permits.
- Monitors allows you to quickly configure monitors for different datapoints from the Domain Profile:
- Domain Monitor will alert you to status changes to the domain
- Registrant Monitor allows you to monitor any of the email addresses associated with the registrant, to detect registration activities tied to that email address
- IP Monitor will alert you to domains that are pointed to or away from the IP address that hosts this Domain
- Name Server Monitor will alert you to any domains that are added to or removed from this name server
- Whois History allows you to explore the historical Whois records for this domain in the DomainTools database
- Reverse Whois allows you to see the other domains associated with the selected registrant email address
- Reverse IP allows you to see what other domains are hosted on the same IP address
- Reverse Name Server allows you to see what other domains are served by the selected name server
- Hosting History gives you at-a-glance historical information about the IP addresses the
domain was hosted on, its name servers, and the registrars of the Domain
- Network Tools allows you to perform Ping, Traceroute, or NS Lookups on the Domain
- Visit Website opens a new tab with the home page for the Domain
- Screenshot: By default, an approximately 4:3 thumbnail is shown; click the thumbnail to
expand to the full length of the current screenshot. You can also see Screenshot History for the domain, and can queue the domain for an updated screenshot.
Anonymous/Not Logged In:
The tools listed above are available to DomainTools Personal or Enterprise members. If you are not a member, or are not logged in, each of the tools referred to above will take you to a preview page which presents a partial view of the data that is available to logged-in members.