The WHOIS command in Windows Command Prompt is used to retrieve domain registration information from WHOIS servers. These servers store details about domain ownership, registration, and availability. This command is primarily useful for network administrators, cybersecurity professionals, and other IT professionals who need to query this information for verifying domain registrations, investigating spam sources, or checking domain availability.


The basic syntax for the WHOIS command is:

WHOIS domainname.com

To specify a particular WHOIS server, the syntax expands to:

WHOIS [-v] domainname.com [whois.server.com]


  • domainname.com: The domain about which information is to be retrieved.
  • whois.server.com: Optional. Specifies a specific WHOIS server to query. If not provided, the command selects the default server based on the domain extension.


  • -v: Verbose mode. Provides detailed processing information about the WHOIS request.


  1. Basic WHOIS Query:

    WHOIS example.com

    This command retrieves the WHOIS information for example.com using the default WHOIS server for .com domains.

  2. Specifying a WHOIS Server:

    WHOIS example.com whois.verisign-grs.com

    This example queries the WHOIS information for example.com from the Verisign WHOIS server directly.

  3. Using Verbose Output:

    WHOIS -v example.com

    This command displays detailed information about the retrieval process of the WHOIS record for example.com.

Common Issues

  • Timeout or No Response: Sometimes, queries might timeout or not return any information. This can be due to network issues, the WHOIS server being down, or rate limits being exceeded. Ensure network connectivity and try using a different WHOIS server or querying at a different time.

  • Incomplete Data: WHOIS servers may return incomplete or outdated information due to caching mechanisms or privacy settings. Verify the information from multiple sources if crucial.


WHOIS can be integrated with other CMD commands or scripts to automate domain investigations or registrations checks:

FOR /F "tokens=*" %%G IN (domains.txt) DO (
    WHOIS %%G >> whois-results.txt

This script reads a list of domain names from a file named domains.txt and logs their WHOIS information into whois-results.txt.

  • PING: Used to verify the network connectivity to a server.
  • NSLOOKUP: Queries the DNS to obtain domain name or IP address mapping.
  • TRACERT: Traces the route packets take to a network host.

For further reading and more detailed information, you can refer to the official documentation of network commands in Windows or specific WHOIS server documentation.