How to use command line whois for "spam infected" domains like apple.com?

macos command-line spam-prevention freebsd whois
14,532

Solution 1

The whois command looks for the string "Whois Server:" in the output and, if found, will issue the same query again to that server. This is what you want, except it only works for the first match. You can use a command like whois "domain apple.com" to get just one match from the default server, but markmonitor (used by apple.com) does not accept that syntax. It would work if you could send "domain apple.com" to the default server, and then apple.com to the second server, like this:

function mywhois {
  whois -h `whois "domain $@" | sed '/^.*Whois Server:/!d;s///'` "$@"
}

However this is specific to these whois servers so will not necessarily work for domains on other whois servers. A robust implementation would probably need to have knowledge of specific query and output formats used by a variety of whois server implementations.

Solution 2

It seems that (at least in September 2009) the following uses GeekTools Whois Proxy, which is quite smart in figuring out which whois-server to use. This also works for other TLDs than com, net and org:

whois -h whois-servers.net apple.com

Or, according to a very old hint at macosxhints.com:

whois -h geektools.com apple.com

I found this by accident: wondering how @mark4o knew about the domain command for the answer above, I eventually found that running whois help gives me the output of some whois-server. As I did not specify any TLD, I then wondered which one replied. I tried telnet whois-servers.net 43, so basically using the bare domain as mentioned in the manual pages:

-h host

     Use the specified host instead of the default variant.  Either a host
     name or an IP address may be specified.

     By default whois constructs the name of a whois server to use from the
     top-level domain (TLD) of the supplied (single) argument, and appending
     ".whois-servers.net".  This effectively allows a suitable whois server
     to be selected automatically for a large number of TLDs.

And here GeekTools Whois Proxy announced itself:

$ telnet whois-servers.net 43
Trying 206.117.161.86...
Connected to whois-servers.net.
Escape character is '^]'.
GeekTools Whois Proxy v5.0.4 Ready.
Checking access for 82.95.xx.xx... ok.

apple.com

Checking server [whois.crsnic.net]

Checking server [whois.markmonitor.com]
Results:
[..]

(In fact, geektools.com is currently 206.117.161.84, so is a different IP than whois-servers.net.)

Share:
14,532

Related videos on Youtube

Arjan
Author by

Arjan

Updated on September 17, 2022

Comments

  • Arjan
    Arjan almost 2 years

    In short: is there any way to get the full whois-details for domains like apple.com, using the command line on Max OS X?

    Running whois on the command line for, for example, apple.com is like searching for all domains that include that phrase. So, thanks to whois-spam, this gets one the following on a Mac or on FreeBSD:

    $ whois apple.com

Whois Server Version 2.0
[..]
APPLE.COM.WWW.BEYONDWHOIS.COM
APPLE.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
APPLE.COM.IS.OWN3D.BY.NAKEDJER.COM
APPLE.COM.IS.0WN3D.BY.GULLI.COM
APPLE.COM.BEYONDWHOIS.COM
APPLE.COM.AT.WWW.BEYONDWHOIS.COM
APPLE.COM

To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.

    To get some extra info for all these domains, I can run the command for =apple.com, like:

    $ whois =apple.com

Whois Server Version 2.0
[..]
   Server Name: APPLE.COM.WWW.BEYONDWHOIS.COM
   IP Address: 203.36.226.2
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net
[..]
   Domain Name: APPLE.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NSERVER.APPLE.COM
   Name Server: NSERVER.ASIA.APPLE.COM
   [..]
   Updated Date: 21-jan-2009
   Creation Date: 19-feb-1987
   Expiration Date: 20-feb-2011

    Still, this does not give me the full record, like the one including the contact information:

    $ whois -h whois.markmonitor.com apple.com
[..]
    Administrative Contact:
        Apple Inc.
        Apple Inc.
        1 Infinite Loop
         Cupertino CA 95014
        US
[..]

    (On Redhat Linux, jwhois shows only apple.com but without the contact information; on Debian whois version 4.7.20 yields summaries of all domains like above, and additional detailed info for the exact matched domain, apparently by doing an additional query at whois.markmonitor.com for that exact match.)

    I even tried to telnet directly, but cannot come up with anything I cannot do using the whois-command, so I guess that is useless:

    $ telnet com.whois-servers.net 43
Trying 199.7.55.74...
Connected to whois.verisign-grs.com.
Escape character is '^]'.

apple.com
[..]

    So: is there any easier way to get the full details for such domain (for only the exact matched domain), using the command line?

    (Thinking that command line whois would soon be banned in favour of captcha-enabled web interfaces, this never bothered me a lot. But still, I'm curious...)

    • Admin
      Admin almost 15 years
      When I use my own, Godaddy.com-registered domain, e.g., 'whois mydomain.com', it returns what looks like a complete set of registration details. This got me thinking, "Interesting; what's so special about apple.com?"
    • Admin
      Admin almost 15 years
      The query string "apple.com" also matches all the domains that have been registered for spam (just to show up when people run whois), and as there are multiple matches one won't get all details. (A command line whois microsoft.com will also show you how some feel about that company...)
  • Arjan
    Arjan almost 15 years
    Aha, "domain"! Why didn't I think of getting the syntax for whois server queries, by querying the server for the syntax? Running whois ? shows some help, and running whois help even some more. (This help is from the default com.whois-servers.net, and is very different from man whois. Other whois servers indeed may use a different syntax.) It seems that whois -h whois-servers.net apple.com invokes "GeekTools Whois Proxy", which gives full details for all TLDs...?
  • Hay
    Hay almost 9 years
    whois-servers.net doesn't seem to work anymore, geektools.com however, does.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to copy files from Mac OS to Windows which are in same network using command line?
Install Command Line Developer Tools: can't install the software because it is not currently available from the software update server
Increase memory for jMeter on command line
How to delete a keychain reference from command line
Path, /usr/bin/ and /usr/local/bin/
OS X: creating or extracting preview(.jpg,.png) of .eps file
DHCP Setting in Mac OS X
Where is the mount point for the iPod/iPhone in Mac?
KeyChain Security command line tool works with find-internet-passwords but not find-generic-passwords
How to copy file to Windows share (using command line) without asking for user's help, if possible at all?