HomeIP ToolsWHOIS Lookup
IP Tool

WHOIS Lookup

Look up domain registration data including registrar, registration and expiry dates, nameservers, DNSSEC status, and EPP transfer locks.

Protocol
WHOIS / RDAP
Port 43 or HTTPS JSON.
Privacy
GDPR redacted
Most registrants hidden by default.
WHOIS Lookup

Find domain registration details via RDAP.

WHOIS Record

How to Use

Use WHOIS Lookup in 4 Steps

01
Enter domain
Type the domain name you want to investigate.
02
Run WHOIS
Click check to query the WHOIS registry for that domain.
03
Review ownership
Check registrar, registration date, expiry, and nameservers.
04
Inspect status codes
EPP status codes show transfer locks, deletion flags, and lifecycle state.

What is WHOIS Lookup?

WHOIS is a query protocol that retrieves registration data for domain names and IP address blocks from the registries that manage them. When you register a domain, your registrar submits your contact and technical details to a registry (like Verisign for .com, Nominet for .uk). WHOIS exposes that record: registrant, administrative and technical contacts, registration and expiry dates, nameservers, and registrar.

WHOIS is used to check domain ownership during due diligence, verify expiry dates before acquisition, investigate abuse sources, confirm nameserver delegations during migrations, and research brand conflicts.

What WHOIS Returns

FieldDescriptionExample
Domain nameThe queried domaingithub.com
RegistrarCompany that registered the domainMarkMonitor Inc.
Registered onOriginal registration date1994-04-05
Expires onDate registration lapses2026-04-06
Updated onLast WHOIS record update2024-03-07
Name serversAuthoritative DNS serversns1.p16.dynect.net
DNSSECWhether DNSSEC is signedunsigned
RegistrantOwner name/org (often redacted)Privacy-protected
StatusDomain lifecycle flagsclientTransferProhibited

Domain Status Codes Explained

Domain status codes (EPP status codes) tell you what operations are permitted or locked on the domain.

StatusMeaning
clientTransferProhibitedTransfer to another registrar is locked — requires registrant unlock
clientDeleteProhibitedDomain cannot be deleted by registrar
clientUpdateProhibitedWHOIS contact data is locked from changes
serverTransferProhibitedRegistry-level transfer lock — strongest lock
pendingTransferTransfer to another registrar is in progress
pendingDeleteDomain is in redemption/deletion grace period
redemptionPeriod30-day window after expiry — can be restored at premium cost
okNo special status — normal active state

WHOIS Privacy and GDPR

Since GDPR took effect in 2018, most registrars redact personal registrant information for domains registered to individuals in the EU (and many do so globally by default). Where privacy protection is enabled, the registrant section shows the registrar's proxy contact details rather than the actual owner's information.

To investigate a privacy-protected domain owner, options include:

  • RDAP (Registration Data Access Protocol) — the modern WHOIS replacement with structured JSON output
  • Legal subpoena to the registrar
  • Abuse contact via registrar's abuse@ address for reported violations

CLI Commands

# Standard WHOIS query
whois github.com

# Query specific WHOIS server
whois -h whois.verisign-grs.com github.com

# IP address WHOIS
whois 8.8.8.8

# RDAP (modern structured output)
curl https://rdap.org/domain/github.com | python3 -m json.tool

# Check expiry date only
whois github.com | grep -i "expir"

# Check nameservers
whois github.com | grep -i "name server"

Domain Lifecycle Timeline

Understanding domain lifecycle prevents accidental loss of a domain after expiry:

PhaseDurationStatusWhat Happens
ActiveUntil expiryokDomain resolves normally
Auto-Renew Grace0–45 days past expiryVariousRegistrar may auto-renew
Redemption Period30 daysredemptionPeriodRestorable at penalty cost (~$100–300)
Pending Delete5 dayspendingDeleteCannot be restored — about to drop
AvailableAfter pending deleteAnyone can register

Set calendar reminders 60 and 30 days before expiry. Enable auto-renewal unless intentionally letting a domain lapse.

Frequently Asked Questions

Q: Why is the WHOIS registrant information hidden? A: GDPR and equivalent privacy regulations require registrars to mask personal contact details for individual registrants. Most registrars now apply privacy protection by default. Corporate registrations may still show full contact data.

Q: Can I find out who really owns a privacy-protected domain? A: For legitimate legal matters, the registrar can unmask ownership under subpoena. For abuse (spam, phishing, trademark), use the registrar's abuse reporting process — they are required to investigate and may reveal ownership to affected parties.

Q: What does "clientTransferProhibited" mean? A: The registrar has locked the domain against transfer to another registrar. This is a standard anti-hijacking measure. To transfer a domain, the current owner must request an unlock from their registrar first.

Q: How long does a WHOIS record take to update after changes? A: WHOIS updates propagate within minutes to hours after a registrar submits changes to the registry. DNS changes (nameservers) may take up to 24–48 hours to propagate globally even after the WHOIS record updates.

Q: What is RDAP and how does it differ from WHOIS? A: RDAP (Registration Data Access Protocol) is the structured, authenticated successor to WHOIS. It returns JSON rather than plain text, supports authentication for privileged data access, and has a standardised field structure. ICANN mandated RDAP support from all registries in 2019.

Related Tools

Frequently Asked Questions

Why is the WHOIS registrant information hidden?
GDPR and equivalent privacy regulations require registrars to mask personal contact details for individual registrants. Most registrars now apply privacy protection by default. Corporate registrations may still show full contact data.
Can I find out who really owns a privacy-protected domain?
For legitimate legal matters, the registrar can unmask ownership under subpoena. For abuse (spam, phishing, trademark), use the registrar's abuse reporting process — they are required to investigate and may reveal ownership to affected parties.
What does "clientTransferProhibited" mean?
The registrar has locked the domain against transfer to another registrar. This is a standard anti-hijacking measure. To transfer a domain, the current owner must request an unlock from their registrar first.
How long does a WHOIS record take to update after changes?
WHOIS updates propagate within minutes to hours after a registrar submits changes to the registry. DNS changes (nameservers) may take up to 24–48 hours to propagate globally even after the WHOIS record updates.
What is RDAP and how does it differ from WHOIS?
RDAP (Registration Data Access Protocol) is the structured, authenticated successor to WHOIS. It returns JSON rather than plain text, supports authentication for privileged data access, and has a standardised field structure. ICANN mandated RDAP support from all registries in 2019.
Domain Lifecycle
Activeok
Auto-Renew Grace0–45 days
Redemption Period30 days
Pending Delete5 days
Free Newsletter

Get guides like this by email

DNS, email auth, and security playbooks delivered when they publish. No spam.