-1

I read similar questions but I didn't find something similar to what I'm asking.

Suppose that we want to know who hosts a particular website knowing the domain name using the cmd only.

I found many web interfaces to do it, so for example I put the domain name in a form and click lookup and boom it gives me back the company that hosts that particular website.

I thought that WHOIS was a solution for my problem but when I try to use it for a particular website it gives me back the registrar and the nameservers, which are both pretty good infos, but it didn't show me the company who hosts the website.

If there are websites that gives these infos (web hosting company that hosts a website) I think that there are some databases of web hosting providers to query for or am I missing something?

Does someone have in mind a script for cmd in order to accomplish that?

Davide Mosca
  • 1
  • 1
  • `nslookup` to get IP of site, then `whois` on the IP to find the netblock owner. `nslookup` on the IP can also return a reverse DNS record, which may show info of interest - depending. – ivanivan May 28 '18 at 17:49
  • With whois you can know the registrar for that domain and also the nameservers but I can't see the hosting provider – Davide Mosca May 28 '18 at 18:26
  • You have to whois the IP. Lemme work up an answer for you real quick w/ examples. – ivanivan May 28 '18 at 18:46

3 Answers3

0

Netstat agent

http://netstatagent.com/
Netstat agent will show you all connections to and from Your computer in an easy to read and up to the second display window,help you manage and close unwanted connections and help to quickly identify suspect traffic entering or leaving the network.

•Status updates on all active TCP and UDP connections; •IPv6 connections monitoring; •Local and remote port availability and status; •Connection state; •Owning process; •Full status information including geographical location of remote IP-addresses together with complete hostname.

Free Willy
  • 1
0

First, run nslookup against the domain to find the IP address it points to. Then run whois against the IP address - this will tell you who IANA assigned the netblock the IP is in to. From there it is determining if it is a network provider, ISP, colocation company, etc.

Here's an example using google.com - 

user@darkstar ~ $ nslookup google.com
Server:     192.168.1.2
Address:    192.168.1.2#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.3.238

user@darkstar ~ $ whois 172.217.3.238

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#


NetRange:       172.217.0.0 - 172.217.255.255
CIDR:           172.217.0.0/16
NetName:        GOOGLE
NetHandle:      NET-172-217-0-0-1
Parent:         NET172 (NET-172-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS15169
Organization:   Google LLC (GOGL)
RegDate:        2012-04-16
Updated:        2012-04-16
Ref:            https://whois.arin.net/rest/net/NET-172-217-0-0-1



OrgName:        Google LLC
OrgId:          GOGL
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2000-03-30
Updated:        2017-12-21
Ref:            https://whois.arin.net/rest/org/GOGL


OrgTechHandle: ZG39-ARIN
OrgTechName:   Google LLC
OrgTechPhone:  +1-650-253-0000 
OrgTechEmail:  arin-contact@google.com
OrgTechRef:    https://whois.arin.net/rest/poc/ZG39-ARIN

OrgAbuseHandle: ABUSE5250-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-650-253-0000 
OrgAbuseEmail:  network-abuse@google.com
OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE5250-ARIN

And one using serverfault.com - you can see the owner of the netblock is "Fastly Network Operations"

user@darkstar ~ $ nslookup serverfault.com
Server:     192.168.1.2
Address:    192.168.1.2#53

Non-authoritative answer:
Name:   serverfault.com
Address: 151.101.193.69
Name:   serverfault.com
Address: 151.101.129.69
Name:   serverfault.com
Address: 151.101.1.69
Name:   serverfault.com
Address: 151.101.65.69

user@darkstar ~ $ whois 151.101.65.69

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#


NetRange:       151.101.0.0 - 151.101.255.255
CIDR:           151.101.0.0/16
NetName:        SKYCA-3
NetHandle:      NET-151-101-0-0-1
Parent:         RIPE-ERX-151 (NET-151-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       
Organization:   Fastly (SKYCA-3)
RegDate:        2016-02-01
Updated:        2016-02-01
Ref:            https://whois.arin.net/rest/net/NET-151-101-0-0-1

OrgName:        Fastly
OrgId:          SKYCA-3
Address:        PO Box 78266
City:           San Francisco
StateProv:      CA
PostalCode:     94107
Country:        US
RegDate:        2011-09-16
Updated:        2017-03-30
Ref:            https://whois.arin.net/rest/org/SKYCA-3

OrgAbuseHandle: ABUSE4771-ARIN
OrgAbuseName:   Abuse Account
OrgAbusePhone:  +1-415-496-9353 
OrgAbuseEmail:  abuse@fastly.com
OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE4771-ARIN

OrgTechHandle: FRA19-ARIN
OrgTechName:   Fastly RIR Administrator
OrgTechPhone:  +1-415-404-9374 
OrgTechEmail:  rir-admin@fastly.com
OrgTechRef:    https://whois.arin.net/rest/poc/FRA19-ARIN

OrgNOCHandle: FNO19-ARIN
OrgNOCName:   Fastly Network Operations
OrgNOCPhone:  +1-415-404-9374 
OrgNOCEmail:  noc@fastly.com
OrgNOCRef:    https://whois.arin.net/rest/poc/FNO19-ARIN
ivanivan
  • 1,488
  • 7
  • 6
0

Windows doesn't have a built-in command line whois. Luckily, you can download Sysinternals Whois and place it in a folder specified in Path system variable. Now, nslookup example.com and then perform whois IP for the resulting IP.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129