WHOIS Lookup

What is WHOIS?

WHOIS is a query-and-response protocol used to look up registration information for domain names. When a domain is registered, the registrar is required to maintain a record of who owns it, when it was registered, and when it expires. WHOIS provides public access to this data, making it an essential tool for domain research, abuse reporting, and due diligence.

WHOIS data is maintained by domain registrars and registries. Each TLD (top-level domain) has its own WHOIS server, and registrars maintain their own databases. Our tool queries the appropriate servers automatically based on the domain's TLD and follows referrals to get the most detailed information available.

Understanding WHOIS Fields

A WHOIS record contains several important fields:

• Registrar — The company through which the domain was registered (e.g. Cloudflare, Namecheap, GoDaddy). This is who you contact for domain management issues.
• Created Date — When the domain was first registered. Older domains generally carry more trust with search engines and email providers.
• Updated Date — When the WHOIS record was last modified. This changes whenever DNS, contact details, or nameservers are updated.
• Expiry Date — When the domain registration expires. If not renewed, the domain enters a grace period and eventually becomes available for anyone to register.
• Nameservers — The DNS servers authoritative for this domain. Changing nameservers is how you point a domain to a different hosting or DNS provider.
• Status Codes — EPP (Extensible Provisioning Protocol) status codes that indicate the domain's current state. Common codes include:
  • clientTransferProhibited — Transfer lock enabled (prevents unauthorised transfers)
  • clientDeleteProhibited — Deletion protection enabled
  • ok / active — Domain is in normal operation with no restrictions
  • pendingDelete — Domain is about to be released back to the public pool
• DNSSEC — Whether the domain uses DNS Security Extensions to cryptographically sign DNS responses, preventing DNS spoofing attacks.

Domain Lifecycle

Every domain goes through a predictable lifecycle:

• Registered — The domain is purchased and active. The registrant has full control.
• Active — Normal operation. DNS records resolve, email works, website is accessible. This period lasts for the registration term (1-10 years).
• Expired — The registration term has ended without renewal. Most registrars provide a grace period (typically 30-45 days) during which the original owner can still renew at the standard price.
• Redemption — After the grace period, the domain enters redemption (typically 30 days). The original owner can still recover it, but at a significantly higher cost (often hundreds of dollars).
• Pending Delete — The domain is queued for release. This period lasts approximately 5 days and cannot be interrupted.
• Available — The domain is back in the public pool and can be registered by anyone. Popular expired domains are often snapped up within seconds by automated services.

WHOIS Privacy and GDPR

Since the introduction of the General Data Protection Regulation (GDPR) in 2018, WHOIS data has changed significantly. European privacy laws require that personal data not be published without consent, which means most registrars now redact registrant names, addresses, email addresses, and phone numbers from public WHOIS results.

Even before GDPR, many registrars offered WHOIS privacy protection (also called domain privacy or ID protection) as an add-on or free service. This replaces the registrant's personal information with the privacy service's proxy details. Today, most registrars enable privacy protection by default.

The RDAP (Registration Data Access Protocol) is gradually replacing WHOIS as the standard for domain registration lookups. RDAP provides structured, machine-readable responses and supports differentiated access levels — allowing verified parties like law enforcement to access more detailed information while keeping personal data private for general queries.