WHOIS Lookup

Look up domain registration details using the public RDAP protocol. Find the registrar, creation and expiry dates, nameservers, and registrant information for any domain. Results are fetched directly from authoritative RDAP servers.

Enter Domain Name

What Is WHOIS?

WHOIS is a query-and-response protocol used to look up information about registered domain names, IP addresses, and autonomous systems. When you register a domain, your contact and registration details are stored in a public database maintained by your registrar and the relevant registry. WHOIS lookups let anyone query this information.

This tool uses the modern RDAP (Registration Data Access Protocol), which is replacing the older text-based WHOIS protocol. RDAP returns structured JSON data and supports HTTPS, making it more reliable and secure. If you are investigating suspicious activity on your network or checking DNS records, a WHOIS lookup is often the logical first step.

Understanding WHOIS Results

A WHOIS lookup returns several categories of information. Here is what each field means:

Field	Description	Example
Domain Name	The registered domain	example.com
Registrar	Company where the domain was registered	GoDaddy, Namecheap, Cloudflare
Registration Date	When the domain was first created	1997-09-15
Expiry Date	When the registration expires	2028-09-14
Nameservers	DNS servers authoritative for the domain	ns1.example.com
Status	EPP status codes indicating domain state	clientTransferProhibited
Registrant	Domain owner (often privacy-protected)	Contact Privacy Inc.

Pro Tip: If the WHOIS data shows privacy protection (like "Contact Privacy Inc." or "WhoisGuard"), the actual owner's details are hidden behind a proxy service. This is standard practice and does not necessarily indicate anything suspicious. Most modern registrars include free WHOIS privacy with domain registration.

WHOIS vs RDAP: What Changed

The traditional WHOIS protocol (port 43) is being replaced by RDAP, which offers several advantages for network administrators and security researchers:

Feature	WHOIS (Legacy)	RDAP (Modern)
Protocol	TCP port 43, plain text	HTTPS (port 443), encrypted
Data Format	Unstructured text	Structured JSON
Authentication	None	Supports OAuth/tokens
Internationalization	Limited (ASCII)	Full Unicode support
Standardization	Varies by registrar	IETF standard (RFC 7480-7484)
Rate Limiting	Inconsistent	Standardized HTTP 429

Both protocols query the same underlying registration data. Our tool uses RDAP for better reliability and structured output. For more about how domain names resolve to IP addresses, see our What Is DNS guide.

Common WHOIS Use Cases

WHOIS lookups serve a variety of purposes for network administrators, security professionals, and website owners:

Investigating phishing domains — Check when a suspicious domain was registered. Newly created domains mimicking legitimate brands are often malicious. Cross-reference with our DNS Lookup tool to see where the domain points.
Domain availability research — Before choosing a domain, verify it is not already registered and check its history.
Identifying domain ownership — Useful when contacting website administrators or filing abuse reports.
Monitoring domain expiry — Track when domains you are interested in will expire and become available.
Security audits — Verify that your organization's domains are properly configured with correct registrar locks and privacy settings.
Trademark enforcement — Brand owners use WHOIS to identify cybersquatters registering confusingly similar domain names.

Note: Due to GDPR and other privacy regulations, many registrars now redact personal information from WHOIS results for European registrants. You may see "REDACTED FOR PRIVACY" in place of contact details. This applies to both legacy WHOIS and RDAP queries. Legitimate requests for redacted data must go through the registrar's disclosure process.

Domain Status Codes Explained

WHOIS results include EPP (Extensible Provisioning Protocol) status codes that describe the domain's current state. Understanding these codes helps you assess whether a domain is properly secured:

Status Code	Meaning	Set By
clientTransferProhibited	Domain cannot be transferred to another registrar	Registrar
clientDeleteProhibited	Domain cannot be deleted	Registrar
serverTransferProhibited	Registry-level transfer lock	Registry
ok / active	No restrictions, domain is active	Registry
pendingDelete	Domain is being deleted (redemption period ended)	Registry
redemptionPeriod	Domain expired and is in 30-day recovery window	Registry
autoRenewPeriod	Domain was auto-renewed, can still be cancelled	Registrar

For your own domains, enabling transfer lock (clientTransferProhibited) is essential to prevent unauthorized domain theft. This is similar to how you should change your router admin password and disable WPS to prevent unauthorized access to your network.

WHOIS from the Command Line

While our web tool is convenient, you can also run WHOIS queries directly from your terminal:

Linux / macOS

# Basic WHOIS lookup
whois example.com

# Query a specific WHOIS server
whois -h whois.verisign-grs.com example.com

# RDAP lookup using curl
curl -s "https://rdap.org/domain/example.com" | python3 -m json.tool

Windows (PowerShell)

# Using Invoke-RestMethod for RDAP
Invoke-RestMethod -Uri "https://rdap.org/domain/example.com" | ConvertTo-Json

For more command-line networking tools, explore our Port Checker and MAC Lookup tools, or check your network configuration with the router admin panel.

Protecting Your WHOIS Privacy

When registering domains, consider these privacy best practices — they are just as important as securing your home WiFi:

Enable WHOIS privacy — Most registrars offer free privacy protection that replaces your personal details with a proxy service.
Use a business address — If privacy protection is not available, use a business address rather than your home address.
Enable registrar lock — Prevent unauthorized transfers by enabling clientTransferProhibited.
Monitor your domains — Set up alerts for any changes to your domain's WHOIS data.
Use strong registrar credentials — Protect your registrar account with a strong password (use our Password Generator) and two-factor authentication.

Pro Tip: Use a dedicated email address for domain registrations. This prevents your primary email from being harvested by spammers who scrape WHOIS databases. Even with privacy protection, some data can leak through historical WHOIS records cached by third-party services.

Key Takeaways

WHOIS/RDAP lookups reveal domain registration details including registrar, dates, nameservers, and status codes.
RDAP is the modern replacement for WHOIS, offering encrypted, structured JSON responses.
GDPR has caused many registrars to redact personal information from public WHOIS results.
Always enable WHOIS privacy protection and registrar lock on your own domains.
Use WHOIS to investigate suspicious domains, monitor expiry dates, and verify ownership.
Cross-reference WHOIS data with DNS lookups for complete domain intelligence.

Video: Understanding WHOIS and Domain Registration

Related Guides

Frequently Asked Questions

Is WHOIS lookup legal?

Yes. WHOIS data is publicly available by design as part of the domain registration system. Querying WHOIS databases is legal in all jurisdictions. However, using the data for spam, harassment, or bulk harvesting may violate the registrar's terms of service and applicable laws.

Why does WHOIS show privacy protection instead of the owner?

Domain registrants can opt for WHOIS privacy (also called domain privacy or proxy protection), which replaces their personal contact details with a privacy service's information. This is standard practice to prevent spam, identity theft, and unwanted contact. Most registrars now include it for free.

Can I find out who owns a domain with privacy protection?

Not directly through WHOIS. You can submit a request through the privacy service provider, but they will only disclose information for legitimate legal purposes such as trademark disputes, law enforcement requests, or court orders.

What is the difference between WHOIS and DNS lookup?

WHOIS reveals domain registration and ownership information, while DNS lookup shows the actual DNS records (A, AAAA, MX, CNAME, etc.) that control how the domain resolves. They provide complementary information — WHOIS tells you who owns the domain, DNS tells you where it points.

Why does WHOIS show "REDACTED FOR PRIVACY"?

This is due to GDPR compliance. Since May 2018, registrars must redact personal data for registrants in the European Economic Area. Some registrars apply this globally. The ICANN Temporary Specification requires registrars to provide gated access for legitimate purposes.

How often is WHOIS data updated?

WHOIS data is typically updated within 24 hours of any change to the domain registration. However, some registries cache data for up to 48 hours. RDAP queries generally return more current data than legacy WHOIS because they query the authoritative source directly.

Can I look up IP addresses with WHOIS?

Yes, WHOIS also works for IP addresses, returning the organization that owns the IP block and their contact information. This is useful for identifying the source of suspicious traffic. For IP-specific analysis, try our What Is My IP tool or the IP Reputation Checker.

About Tommy N.

Tommy is the founder of RouterHax and a network engineer with 10+ years of experience in home and enterprise networking. He specializes in router configuration, WiFi optimization, and network security. When not writing guides, he's testing the latest mesh WiFi systems and helping readers troubleshoot their home networks.