Class: Whois
The resources of a WHOIS record for a given domain. This can include domain
names, IP address blocks, autonomous system information, and/or contact and
registration information for a domain.
URI: ocsf:Whois
classDiagram
class Whois
click Whois href "../Whois/"
Object <|-- Whois
click Object href "../Object/"
Whois : autonomous_system
Whois --> "0..1" AutonomousSystem : autonomous_system
click AutonomousSystem href "../AutonomousSystem/"
Whois : created_time
Whois : dnssec_status
Whois : dnssec_status_id
Whois --> "0..1 _recommended_" DnssecStatusIdEnum : dnssec_status_id
click DnssecStatusIdEnum href "../DnssecStatusIdEnum/"
Whois : domain
Whois : domain_contacts
Whois --> "* _recommended_" DomainContact : domain_contacts
click DomainContact href "../DomainContact/"
Whois : email_addr
Whois : isp
Whois : isp_org
Whois : last_seen_time
Whois : name_servers
Whois : phone_number
Whois : registrar
Whois : status
Whois : subdomains
Whois : subnet
Inheritance
- OcsfObject
- Object
- Whois
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| autonomous_system | 0..1 AutonomousSystem |
The autonomous system information associated with a domain | direct |
| created_time | 0..1 recommended TimestampT |
When the domain was registered or WHOIS entry was created | direct |
| dnssec_status | 0..1 String |
The normalized value of dnssec_status_id | direct |
| dnssec_status_id | 0..1 recommended DnssecStatusIdEnum |
Describes the normalized status of DNS Security Extensions (DNSSEC) for a | direct |
| domain | 0..1 recommended String |
The domain name corresponding to the WHOIS record | direct |
| domain_contacts | * recommended DomainContact |
An array of Domain Contact objects |
direct |
| email_addr | 0..1 EmailT |
The email address for the registrar's abuse contact | direct |
| isp | 0..1 String |
The name of the Internet Service Provider (ISP) | direct |
| isp_org | 0..1 String |
The organization name of the Internet Service Provider (ISP) | direct |
| last_seen_time | 0..1 recommended TimestampT |
When the WHOIS record was last updated or seen at | direct |
| name_servers | * recommended String |
A collection of name servers related to a domain registration or other record | direct |
| phone_number | 0..1 String |
The phone number for the registrar's abuse contact | direct |
| registrar | 0..1 recommended String |
The domain registrar | direct |
| status | 0..1 recommended String |
The status of a domain and its ability to be transferred, e | direct |
| subdomains | * String |
An array of subdomain strings | direct |
| subnet | 0..1 SubnetT |
The IP address block (CIDR) associated with a domain | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Osint | whois | range | Whois |
In Subsets
Aliases
- WHOIS
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Whois |
| native | ocsf:Whois |
| exact | uco_master:Whois |
LinkML Source
Direct
name: Whois
description: 'The resources of a WHOIS record for a given domain. This can include
domain
names, IP address blocks, autonomous system information, and/or contact and
registration information for a domain.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- WHOIS
exact_mappings:
- uco_master:Whois
is_a: Object
slots:
- autonomous_system
- created_time
- dnssec_status
- dnssec_status_id
- domain
- domain_contacts
- email_addr
- isp
- isp_org
- last_seen_time
- name_servers
- phone_number
- registrar
- status
- subdomains
- subnet
slot_usage:
autonomous_system:
name: autonomous_system
description: The autonomous system information associated with a domain.
created_time:
name: created_time
description: When the domain was registered or WHOIS entry was created.
recommended: true
dnssec_status_id:
name: dnssec_status_id
recommended: true
domain:
name: domain
description: The domain name corresponding to the WHOIS record.
recommended: true
domain_contacts:
name: domain_contacts
recommended: true
email_addr:
name: email_addr
description: The email address for the registrar's abuse contact
last_seen_time:
name: last_seen_time
description: When the WHOIS record was last updated or seen at.
recommended: true
name_servers:
name: name_servers
recommended: true
phone_number:
name: phone_number
description: The phone number for the registrar's abuse contact
registrar:
name: registrar
recommended: true
status:
name: status
description: 'The status of a domain and its ability to be transferred, e.g.,
<code>clientTransferProhibited</code>.'
recommended: true
subnet:
name: subnet
description: The IP address block (CIDR) associated with a domain.
Induced
name: Whois
description: 'The resources of a WHOIS record for a given domain. This can include
domain
names, IP address blocks, autonomous system information, and/or contact and
registration information for a domain.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- WHOIS
exact_mappings:
- uco_master:Whois
is_a: Object
slot_usage:
autonomous_system:
name: autonomous_system
description: The autonomous system information associated with a domain.
created_time:
name: created_time
description: When the domain was registered or WHOIS entry was created.
recommended: true
dnssec_status_id:
name: dnssec_status_id
recommended: true
domain:
name: domain
description: The domain name corresponding to the WHOIS record.
recommended: true
domain_contacts:
name: domain_contacts
recommended: true
email_addr:
name: email_addr
description: The email address for the registrar's abuse contact
last_seen_time:
name: last_seen_time
description: When the WHOIS record was last updated or seen at.
recommended: true
name_servers:
name: name_servers
recommended: true
phone_number:
name: phone_number
description: The phone number for the registrar's abuse contact
registrar:
name: registrar
recommended: true
status:
name: status
description: 'The status of a domain and its ability to be transferred, e.g.,
<code>clientTransferProhibited</code>.'
recommended: true
subnet:
name: subnet
description: The IP address block (CIDR) associated with a domain.
attributes:
autonomous_system:
name: autonomous_system
description: The autonomous system information associated with a domain.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Autonomous System
rank: 1000
alias: autonomous_system
owner: Whois
domain_of:
- Osint
- Whois
- NetworkEndpoint
range: AutonomousSystem
created_time:
name: created_time
description: When the domain was registered or WHOIS entry was created.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Created Time
rank: 1000
alias: created_time
owner: Whois
domain_of:
- Osint
- RelatedEvent
- Sbom
- Scim
- Session
- Sso
- Token
- Whois
- Resource
- Advisory
- AuthenticationToken
- Certificate
- Cve
- Database
- Databucket
- DigitalSignature
- Enrichment
- Epss
- File
- FindingObject
- FindingInfo
- Job
- KbArticle
- LdapPerson
- ProcessEntity
- Table
- Device
range: TimestampT
recommended: true
dnssec_status:
name: dnssec_status
description: The normalized value of dnssec_status_id.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- DNSSEC Status
rank: 1000
alias: dnssec_status
owner: Whois
domain_of:
- Whois
range: string
dnssec_status_id:
name: dnssec_status_id
annotations:
sibling:
tag: sibling
value: dnssec_status
description: 'Describes the normalized status of DNS Security Extensions (DNSSEC)
for a
domain.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- DNSSEC Status ID
rank: 1000
alias: dnssec_status_id
owner: Whois
domain_of:
- Whois
range: DnssecStatusIdEnum
recommended: true
domain:
name: domain
description: The domain name corresponding to the WHOIS record.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Domain
rank: 1000
alias: domain
owner: Whois
domain_of:
- Url
- Whois
- Endpoint
- Group
- HttpCookie
- Idp
- User
- Device
range: string
recommended: true
domain_contacts:
name: domain_contacts
description: An array of <code>Domain Contact</code> objects.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Domain Contacts
rank: 1000
alias: domain_contacts
owner: Whois
domain_of:
- Whois
range: DomainContact
recommended: true
multivalued: true
email_addr:
name: email_addr
description: The email address for the registrar's abuse contact
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Email Address
rank: 1000
alias: email_addr
owner: Whois
domain_of:
- Whois
- AuthFactor
- DomainContact
- User
range: EmailT
isp:
name: isp
description: The name of the Internet Service Provider (ISP).
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- ISP Name
rank: 1000
alias: isp
owner: Whois
domain_of:
- Whois
- Location
- NetworkEndpoint
range: string
isp_org:
name: isp_org
description: 'The organization name of the Internet Service Provider (ISP). This
represents
the parent organization or company that owns/operates the ISP. For example,
Comcast Corporation would be the ISP org for Xfinity internet service. This
attribute helps identify the ultimate provider when ISPs operate under
different brand names.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- ISP Org
rank: 1000
alias: isp_org
owner: Whois
domain_of:
- Whois
- NetworkEndpoint
range: string
last_seen_time:
name: last_seen_time
description: When the WHOIS record was last updated or seen at.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Last Seen
rank: 1000
alias: last_seen_time
owner: Whois
domain_of:
- RelatedEvent
- Vulnerability
- Whois
- FindingObject
- FindingInfo
- IdentityActivityMetrics
- Device
range: TimestampT
recommended: true
name_servers:
name: name_servers
description: A collection of name servers related to a domain registration or
other record.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name Servers
rank: 1000
alias: name_servers
owner: Whois
domain_of:
- Whois
range: string
recommended: true
multivalued: true
phone_number:
name: phone_number
description: The phone number for the registrar's abuse contact
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Phone Number
rank: 1000
alias: phone_number
owner: Whois
domain_of:
- Whois
- AuthFactor
- DomainContact
- LdapPerson
- User
range: string
registrar:
name: registrar
description: The domain registrar.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Domain Registrar
rank: 1000
alias: registrar
owner: Whois
domain_of:
- Whois
range: string
recommended: true
status:
name: status
description: 'The status of a domain and its ability to be transferred, e.g.,
<code>clientTransferProhibited</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status
rank: 1000
alias: status
owner: Whois
domain_of:
- RelatedEvent
- Ticket
- Whois
- AdditionalRestriction
- Check
- Compliance
- DataClassification
- HttpResponse
- BaseEvent
- Finding
- IncidentFinding
- DroneFlightsActivity
range: string
recommended: true
subdomains:
name: subdomains
description: 'An array of subdomain strings. Can be used to collect several subdomains
such
as those from Domain Generation Algorithms (DGAs).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Subdomains
rank: 1000
alias: subdomains
owner: Whois
domain_of:
- Osint
- Whois
range: string
multivalued: true
subnet:
name: subnet
description: The IP address block (CIDR) associated with a domain.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Subnet
rank: 1000
alias: subnet
owner: Whois
domain_of:
- Osint
- Whois
- Device
range: SubnetT