WHOIS Lookup

What is WHOIS?

WHOIS is a query and response protocol used to query databases storing information about registered domain names, IP address assignments, and autonomous system numbers. When you register a domain, you provide contact information that gets stored in a WHOIS database maintained by the domain registrar and registry. This creates a public record of domain ownership and registration details.

The WHOIS system dates back to the early days of the internet when it was important to know who operated various networks and domains for coordination and troubleshooting. Today, WHOIS serves multiple purposes: helping identify domain owners for legitimate business or legal purposes, checking domain availability and expiration dates, verifying nameserver configurations, investigating domain disputes, and identifying potential cybersecurity threats.

Information in WHOIS Records

Domain Name: The registered domain including the TLD (top-level domain like .com, .org, .net).

Registrar: The company through which the domain was registered (e.g., GoDaddy, Namecheap, Google Domains). The registrar is the interface between domain owners and the registry.

Registry: The organization managing the TLD (e.g., Verisign manages .com and .net). Registries maintain the authoritative database for their TLD.

Registration Dates: When the domain was created, when it was last updated, and when it expires. Critical for tracking domain lifecycle and renewal deadlines.

Nameservers: The DNS servers authoritative for the domain. These servers store the DNS records that translate the domain to IP addresses and other services. Learn more about DNS with our DNS Lookup tool.

Domain Status: Codes indicating the domain's state (clientTransferProhibited, serverHold, etc.). Status codes control what operations can be performed on the domain.

Contact Information: Traditionally included registrant (owner), administrative, and technical contact details. Now often protected by privacy services due to GDPR and other privacy regulations.

WHOIS Privacy and GDPR

The General Data Protection Regulation (GDPR) and similar privacy laws have significantly changed WHOIS data availability. Previously, domain registration required publicly listing personal contact information including name, address, phone number, and email. This led to spam, unwanted solicitations, identity theft, and privacy concerns. Many registrants used WHOIS privacy services to mask their information.

Since GDPR took effect in 2018, most registrars automatically redact personal information from WHOIS records for domains registered by individuals. You'll typically see the registrar's contact information or a privacy service instead of the actual registrant's details. This protects privacy while still allowing legitimate access through formal requests to registrars for valid legal or security purposes.

Organizations registering domains often still have their corporate information visible, as GDPR applies to personal data of individuals, not businesses. Some TLDs (.us, for example) have specific requirements about who can register and what information must be public.

Domain Status Codes

clientTransferProhibited: Prevents unauthorized transfers to another registrar. This is a security feature often enabled by default to protect against domain hijacking.

clientUpdateProhibited and clientDeleteProhibited: Prevent unauthorized changes or deletion of the domain. Adds an extra layer of protection for valuable domains.

serverHold: Domain is not resolving (suspended). This can happen due to legal disputes, abuse, or non-payment.

pendingDelete: Domain is in the deletion process and will become available for re-registration soon. After expiration and a grace period, domains enter this status before being released.

redemptionPeriod: Grace period after a domain expires, during which the original owner can still renew it, usually at a higher cost.

How to Perform WHOIS Lookups

Command line: Most Unix-like systems include a whois command. Usage: whois example.com. Windows users can download whois utilities or use online services.

Web-based services: Numerous websites offer WHOIS lookup tools, including ICANN Lookup, whois.net, and individual registrar websites. These often format the data more readably than raw command-line output.

Registrar websites: Most domain registrars offer WHOIS lookup tools on their sites, often with additional features like bulk lookups or historical WHOIS data.

WHOIS APIs: For automated lookups or integration into applications, various API services provide programmatic access to WHOIS data.

WHOIS Use Cases

Domain availability checking: Before purchasing a domain, check if it's available and when it might expire if currently registered. You might find a domain in redemption period or about to expire.

Security research: Cybersecurity professionals use WHOIS to investigate phishing sites, malware distribution domains, and other malicious infrastructure. Patterns in registrant information can reveal connections between different attack campaigns.

Brand protection: Companies monitor WHOIS data to identify typosquatting, brand infringement, or unauthorized use of their trademarks in domain names.

Due diligence: When entering business relationships, verify that a company owns the domains they claim to operate. WHOIS can reveal if a site is legitimate or potentially fraudulent.

Trademark disputes: Legal proceedings often require proving domain ownership and registration timeline. WHOIS provides official registration records.

Technical troubleshooting: Verify nameserver configurations, check domain status codes, and identify the responsible party for DNS issues.

Limitations of WHOIS

WHOIS data is not always current or accurate. Domain owners can provide false information (though this violates registration agreements), privacy services mask real contact details, and some TLDs have less strict validation requirements. WHOIS also doesn't tell you who actually controls a website—it only shows who registered the domain name, which might be a hosting company, developer, or previous owner.

Different registries format WHOIS data differently, making automated parsing challenging. Historical WHOIS data isn't always available through standard queries, though some commercial services maintain archives. Rate limiting by WHOIS servers can restrict how many queries you can make in a given timeframe.

RDAP: The Future of WHOIS

RDAP (Registration Data Access Protocol) is the modern replacement for WHOIS. It uses RESTful APIs and JSON instead of plain text, provides standardized responses across registries, supports internationalization better, and includes better access control mechanisms for protecting private data while allowing legitimate access.

RDAP was developed to address WHOIS's limitations: lack of standardization, poor security, difficulty parsing responses, and inadequate privacy controls. Many registries now support both WHOIS and RDAP, with RDAP gradually becoming the standard protocol for domain registration data queries.

Domain Lifecycle and WHOIS

Understanding the domain lifecycle helps interpret WHOIS data. When registered, a domain enters the active state with a registration period (typically 1-10 years). As expiration approaches, registrars send renewal reminders. If not renewed, the domain enters a grace period (typically 30-45 days) where it can still be renewed at normal prices. After that comes the redemption period (another 30 days) where renewal is possible but expensive. Finally, the domain enters pending delete status (5 days) before being released for general registration again.

WHOIS records reflect these states through status codes and expiration dates. Monitoring WHOIS for domains you're interested in can help you catch them when they become available, though be aware that many expired valuable domains get snapped up by automated services instantly upon release.

Browser Limitations

Note: Web browsers cannot directly perform WHOIS lookups due to security restrictions and the protocol's design. WHOIS uses port 43 and a specialized query protocol not accessible from JavaScript. To perform actual WHOIS lookups, use command-line tools (whois example.com), web-based WHOIS services (who.is, whois.net), or your domain registrar's WHOIS lookup tool. This educational tool explains what WHOIS is and how to use it, but cannot execute real queries from your browser.