http://lists.busybox.net/pipermail/busybox/2016-July/084362.html
the above post shows that even though the default servers were unresposive at the time, querying an IPv4 with "-h host" still worked.

https://forum.openwrt.org/t/whois-broken-for-ip-address-queries/45071/4
https://bugs.busybox.net/show_bug.cgi?id=12251
According to those posts (bug filed in 2019), the output is captured properly, but skipped over and "domain " is forced.

"domain " should not be forced (unless its _not_ an IPv4), especially when a positive result has already been recieved.

I dont understand why this _standard_ functionality has been broken for so long, as there have been 4 patches made to "whois" since v1.26.0 (Dec 2016) with the last one being v1.32.0 (Jun 2020) - according to https://busybox.net/

Here is the current output from the same command (Jul 2016):

"""
$ whois -h whois.arin.net 204.74.78.75

[Querying whois.arin.net:43 '204.74.78.75']
[Querying whois.arin.net:43 'domain 204.74.78.75']
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "e / domain 204.74.78.75"
#
# Use "?" to get help.
#

No match found for domain 204.74.78.75.


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
#


"""

https://git.busybox.net/busybox/tree/networking/whois.c
From a look at the code "success" is only set based on "domain:" response, but if its an IPv4, its _not_ a domain response (its a network response). If needed for simple/quick IPv4 verify, the following BusyBox regex works (note the \'s - tested against sshd log messages):
grep -E -o "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"

Also according to the code, implimenting "-a" would have the same effect as the "workaround" posted in the other bug report. It would also appear implimenting "-n" would be relatively simple.

This code is simple (small), but it appears the logic has been screwed up, and that IPv4 was simply never tested (why? that is the _default_ use for whois lookup, upon which domain lookup was built), but it appears (mostly) to be simple fix(es).

https://centralops.net/co/domaindossier.aspx?addr=204.74.78.75&net_whois=true
I use DomainDossier to verify "Network whois", as it is intelligent about which whois server it uses, and what results it is looking for, giving those options when used (ie command line options).

For anyone looking into this who is not exactly sure what is supposed to be going on, its a telnet protocol (like smtp), so it can be easily verified by hand if need be.