WHOIS Lookup

Look up registration information for any domain name or IP address. Powered by RDAP (Registration Data Access Protocol).

What is WHOIS?

WHOIS (pronounced "who is") is a query and response protocol used to look up registration information for domain names, IP address blocks, and autonomous systems. When someone registers a domain or is allocated an IP range, that information is stored in a database maintained by registries and registrars — WHOIS provides a standardized way to access that data.

RDAP: The Modern WHOIS

This tool uses RDAP (Registration Data Access Protocol), the modern successor to the traditional WHOIS protocol. RDAP provides structured JSON responses instead of the unstructured text that legacy WHOIS returns, making it far easier to parse and display. RDAP also supports better internationalization, access controls, and is now the preferred protocol used by major registries including ICANN-compliant registrars.

What Information Can You Find?

  • For Domains: Registrar name and URL, registration date, expiry date, last updated date, domain status flags, nameservers, and (where not redacted for privacy) registrant contact information.
  • For IP Addresses: The organization or ISP that owns the IP block, country of allocation, CIDR block/range, abuse contact details, and network type.

Domain Status Codes Explained

  • clientTransferProhibited — The domain cannot be transferred to another registrar. This is a standard security setting for most active domains.
  • clientUpdateProhibited — Domain details cannot be modified. Set by registrars for security.
  • clientDeleteProhibited — The domain cannot be deleted. Protects against accidental or malicious removal.
  • pendingDelete — The domain is about to be deleted and may become available for registration soon.
  • redemptionPeriod — The domain has expired and is in the redemption grace period (typically 30 days) before being released.
  • serverHold — The domain is not active in DNS. Often set by the registry for policy violations.

Privacy and GDPR

Since the GDPR came into effect in 2018, many domain registrars now redact personal information (name, address, phone, email) from WHOIS/RDAP responses for EU-based registrants. In place of real contact information, you'll often see privacy-protected proxy details or simply "Redacted for Privacy." This is intended to protect individual domain owners, though it has made it harder to identify domain abuse.

Use Cases for WHOIS Lookup

  • Checking whether a domain is already registered before trying to buy it
  • Finding the expiry date to catch dropped domains
  • Identifying the registrar to initiate a dispute or transfer
  • Locating abuse contacts for IP addresses sending spam or malicious traffic
  • Verifying the owner of a website for due diligence purposes
  • Investigating phishing domains to find registration patterns
  • Finding the ISP responsible for an IP block in network logs

IP WHOIS vs Domain WHOIS

IP address allocation data is managed by Regional Internet Registries (RIRs): ARIN (North America), RIPE NCC (Europe/Middle East), APNIC (Asia-Pacific), LACNIC (Latin America), and AFRINIC (Africa). When you look up an IP address, the query goes to the relevant RIR's RDAP service. Domain WHOIS data, on the other hand, is maintained by registrars and zone registries like Verisign (.com/.net), DENIC (.de), and Nominet (.uk).