IRP Playbooks
  • Initial page
  • Output Types
    • Number (Num)
    • Arrays
    • Objects
    • HR (Human Readable)
  • Components
    • Notifications
      • Send SMS
    • Start Playbook (Required)
      • Incident
    • Investigation
      • SearchEvents
      • SearchLogs
      • SearchWatchList
      • SearchIncidentData
    • Incident Response
      • AbuseEmail
    • Mange Incident
      • AddNote
      • Resolve
      • Escalate
      • AddToWatchList
    • Enrichements
      • Virustotal
      • ThreatIntel
      • WhoisURL
      • GeoIP
      • DomainAvailability
    • Filters
      • Each
    • Controls
      • PublicIp
  • Version
    • Changelog
Powered by GitBook
On this page
  • Inputs
  • Outputs
  1. Components
  2. Enrichements

WhoisURL

The WHOIS Lookup finds contact information for the owner of a specified IP address.

PreviousThreatIntelNextGeoIP

Last updated 4 years ago

Inputs

  • URL

Outputs

  • Raw Results

IPs (Array)

["123.3.3.3", "123.3.3.2"]

Total IPs

A number of all IPs

Abuse Emails (Array of Objects)

[{ip: "123.3.3.3", value: "abuse@email"}, {ip: "123.3.3.4", value: "abuse@email"}]

All Results (Object)

"221.130.59.248": {
    "name": "221.130.59.248",
    "created": null,
    "changed": null,
    "status": "ALLOCATED NON-PORTABLE",
    "contacts": {
        "admin": [
            {
                "handle": "TC105-AP",
                "type": null,
                "name": "tao chen",
                "organization": null,
                "email": null,
                "address": "81st. HuJu Road, Nanjing, P.R.China",
                "zipcode": null,
                "city": null,
                "state": null,
                "country": null,
                "phone": "+86-13800250222",
                "fax": "+86-025-86668202",
                "created": null,
                "changed": null
            }
        ],
        "tech": [
            {
                "handle": "TC105-AP",
                "type": null,
                "name": "tao chen",
                "organization": null,
                "email": null,
                "address": "81st. HuJu Road, Nanjing, P.R.China",
                "zipcode": null,
                "city": null,
                "state": null,
                "country": null,
                "phone": "+86-13800250222",
                "fax": "+86-025-86668202",
                "created": null,
                "changed": null
            }
        ]
    },
}
"52.166.5.106": {
    "name": "52.166.5.106",
    "created": "2015-11-24 00:00:00",
    "changed": "2015-11-24 00:00:00",
    "status": "Direct Assignment",
    "contacts": {
        "owner": [
            {
                "handle": "MSFT",
                "type": null,
                "name": null,
                "organization": "Microsoft Corporation",
                "email": null,
                "address": "One Microsoft Way",
                "zipcode": "98052",
                "city": "Redmond",
                "state": "WA",
                "country": "US",
                "phone": null,
                "fax": null,
                "created": "1998-07-10 00:00:00",
                "changed": "2017-01-28 00:00:00"
            }
        ],
        "tech": [
            {
                "handle": "MRPD-ARIN",
                "type": null,
                "name": "Microsoft Routing, Peering, and DNS",
                "organization": null,
                "email": "IOC@microsoft.com",
                "address": null,
                "zipcode": null,
                "city": null,
                "state": null,
                "country": null,
                "phone": "+1-425-882-8080 ",
                "fax": null,
                "created": null,
                "changed": null
            }
        ],
        "abuse": [
            {
                "handle": "MAC74-ARIN",
                "type": null,
                "name": "Microsoft Abuse Contact",
                "organization": null,
                "email": "abuse@microsoft.com",
                "address": null,
                "zipcode": null,
                "city": null,
                "state": null,
                "country": null,
                "phone": "+1-425-882-8080 ",
                "fax": null,
                "created": null,
                "changed": null
            }
        ]
    }
}

Results (HR)

% Information related to '185.216.140.0 - 185.216.141.255'

% Abuse contact for '185.216.140.0 - 185.216.141.255' is 'abuse@novogara.com'

inetnum:        185.216.140.0 - 185.216.141.255
descr:          NG-NL
netname:        DEDI-NOVOGARA
country:        NL
admin-c:        NO1654-RIPE
tech-c:         NO1654-RIPE
abuse-c:        NO1654-RIPE
status:         ASSIGNED PA
mnt-by:         NOVOGARA-MNT
created:        2017-08-28T13:58:40Z
last-modified:  2018-05-27T20:21:08Z
source:         RIPE

role:           Novogara 24x7 Operations
address:        Kingsfordweg 151
address:        1043GR Amsterdam
address:        NETHERLANDS
e-mail:         support@novogara.com
abuse-mailbox:  abuse@novogara.com
nic-hdl:        NO1654-RIPE
mnt-by:         NOVOGARA-MNT
created:        2018-04-09T21:43:12Z
last-modified:  2018-04-09T22:10:08Z
source:         RIPE

% Information related to '185.216.140.0/23AS204655'

route:          185.216.140.0/23
origin:         AS204655
mnt-by:         NOVOGARA-MNT
created:        2018-05-27T20:26:16Z
last-modified:  2018-05-27T20:27:31Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.97.2 (HEREFORD)

IPs (Array)
Total IPs
Abuse Emails (Array of Objects)
All Results (Object)
Results (HR)