ToolActToolAct

Whois Domain Lookup

Check domain registration info, expiration date, DNS servers and more

Enter a domain name and click "Lookup" to get registration info

What is Whois Lookup?

WHOIS returns registration information for domains or IP-related resources when that data is published by the registry, registrar, or regional internet registry. It may include registrar name, name servers, creation and expiration dates, status codes, contact or privacy-proxy details, and technical notes. The tool supports domain research, expiration monitoring, abuse reporting, trademark checks, incident response, and understanding which organization is responsible for a name. WHOIS data is not always complete or current: privacy regulations, proxy services, RDAP migration, and registry policies can all change what is visible. For legal, security, or ownership decisions, results should be cross-checked with official registrar or registry sources.

How to Use

How to use

  1. Enter the domain name you want to query (e.g. google.com)
  2. Click the "Lookup" button or press Enter
  3. Wait for the lookup results to return
  4. View the domain's registrar, creation date, expiration date, and more
  5. Expand "Raw Text" to see the complete Whois response

Lookup Notes

  • WHOIS data may be redacted for privacy or cached by registries, so it is not always complete or current.
  • For ownership, expiration, or abuse handling, confirm details with the registrar or registry source.

Use Cases

Check a domain before renewal, purchase, or transfer workQuery the domain and review the registrar, creation date, updated date, expiration date, DNSSEC value, status tags, and name servers in one structured result. The lookup is forwarded to the public WHOIS server for that TLD, and only the domain you entered is transmitted as the query string. It is a practical first pass before deciding whether a domain is close to expiry, recently changed, locked, or pointing at the expected DNS provider.
Collect the original registry response for an incident or support ticketWhen the summarized fields are not enough, expand the raw WHOIS text and copy it into an internal ticket. That preserves registry-specific wording, uncommon status codes, and fields the normalized view may not expose, while still making the common fields easy to scan. Attach the raw output alongside DNS, certificate, and hosting traces so the responder has a single timeline.
Compare ownership signals during domain troubleshootingUse WHOIS alongside DNS, IP, and port tools when a site suddenly stops resolving or a migration appears incomplete. WHOIS can show whether the registrar, name servers, or domain status changed, though privacy redaction and registry policy mean it should not be treated as a complete ownership record; cross-reference with RDAP when authoritative details matter.
Investigate a domain flagged in an abuse or phishing reportPull the registrant organization, abuse contact email, sponsoring registrar, and status codes like clientHold or serverTransferProhibited to support a takedown or escalation thread. Note that GDPR-era redaction often hides the abuse email, so fall back to the registrar's published abuse contact when the field is privacy-proxied, and capture the registry snapshot timestamp for your evidence file.
Verify name server changes after a DNS migrationRun the same domain before and after a cutover and diff the name server entries against what your DNS provider reported. A cached WHOIS view can lag the registry by minutes, so re-query after a short interval if the migration timestamp and the WHOIS updated-date do not yet line up; confirm the DS record and DNSSEC state separately before pointing production traffic.

Technical Principle

The WHOIS protocol is specified in RFC 3912 and is one of the simplest internet protocols still in active use: a client opens a TCP connection to port 43 on a WHOIS server, sends the query string followed by `\r\n`, and the server replies with free-form ASCII text and closes the connection. There is no authentication, no structured schema, and no required field order — every TLD registry returns its own text layout, which is why the parser has to handle each TLD's quirks individually. Lookups follow a two-step referral chain. The IANA root WHOIS at `whois.iana.org` knows which registry runs each TLD: for `.com` it returns `refer: whois.verisign-grs.com`, the thin registry that holds only the registrar and name-server info. To get full registrant details a second query goes to the sponsoring registrar's WHOIS (e.g. `whois.markmonitor.com` for many corporate domains). Country-code TLDs differ: `.cn` is served by `whois.cnnic.cn` (CNNIC), `.de` by `whois.denic.de` (with most personal data suppressed), and `.jp` by `whois.jprs.jp`. The whole referral chain is plain text, so a browser cannot speak raw port 43 directly — this tool proxies through a server-side fetch that performs the TCP query and returns the parsed response. RDAP (Registration Data Access Protocol), defined in RFC 7480-7484 and 9082-9083, is the structured successor. It is a RESTful JSON-over-HTTPS API at `https://rdap.verisign.com/com/v1/domain/example.com` style URLs, with consistent field names, internationalisation, and access control. ICANN required gTLD registries and registrars to deploy RDAP by August 2019, and as of 2025 ICANN's Registration Data Consensus Policy phases out legacy WHOIS (port 43) for gTLDs in favour of RDAP, with many registries still operating WHOIS in parallel during the transition window. Since GDPR took effect in May 2018, registrant name, email, address, and phone for natural persons in the EEA are redacted by default and shown as "REDACTED FOR PRIVACY" or routed through the registrar's anonymized abuse contact.

  • WHOIS protocol: RFC 3912, TCP port 43, plain-text request (`domain\r\n`) and unstructured ASCII response, no auth, no schema.
  • Two-step referral: IANA root (`whois.iana.org`) returns the TLD's WHOIS server; the registry WHOIS returns the sponsoring registrar's WHOIS for full data.
  • Common status codes (EPP, RFC 5731): `clientTransferProhibited` (registrar lock), `serverDeleteProhibited`, `clientHold` (DNS suspended), `pendingDelete`.
  • GDPR (effective May 2018) redacts EEA natural-person registrant data; replies show `REDACTED FOR PRIVACY` and route contact through registrar abuse channels.
  • RDAP (RFC 7480-7484, 9082-9083) is the structured JSON-over-HTTPS successor; ICANN's 2025 Registration Data Consensus Policy phases out legacy port-43 WHOIS for gTLDs in favour of RDAP, with parallel operation during the transition window.
  • Browsers cannot open raw TCP port 43, so client-side WHOIS tools require a server proxy that performs the socket query and returns parsed JSON.
  • Critical date fields use ISO 8601: `Creation Date`, `Updated Date`, `Registry Expiry Date`; a domain enters a 30-day redemption grace period after expiry before deletion.

Examples

WHOIS lookup result for google.com

Domain Name:       GOOGLE.COM
Registrar:         MarkMonitor Inc.
Registrar IANA ID: 292
Creation Date:     1997-09-15T04:00:00Z
Updated Date:      2019-09-09T15:39:04Z
Expiration Date:   2028-09-14T04:00:00Z
Domain Status:     clientUpdateProhibited, clientTransferProhibited
Name Servers:      NS1.GOOGLE.COM, NS2.GOOGLE.COM, NS3.GOOGLE.COM, NS4.GOOGLE.COM
DNSSEC:            unsigned

Check renewal date and status codes

Domain Name:     example.org
Expiration Date: 2026-08-13T04:00:00Z
Days remaining:  ~64 days
Status:          clientTransferProhibited (locked, cannot be transferred)
                 serverDeleteProhibited

# Renew before expiration date or risk losing the domain to a redemption period.

Verify name servers after a DNS migration

Before migration:
  Name Servers: ns1.oldprovider.com, ns2.oldprovider.com

After migration (registry updated):
  Name Servers: ns-123.awsdns-12.com, ns-456.awsdns-34.net
  Updated Date: 2026-06-10T08:42:11Z

GDPR-redacted registrant for a .eu domain

Domain:      mybrand.eu
Registrant:  REDACTED FOR PRIVACY
Email:       Please query the RDAP service of the Registrar
Registrar:   Gandi SAS
Abuse email: abuse@gandi.net

# Personal details are hidden; contact registrar abuse channel for takedowns.

FAQ

What information does whois return?

Domain registrar, creation/expiry/last-updated dates, name servers, registrant contact (often redacted under GDPR/privacy services), administrative and technical contacts, registrar abuse contact, and DNSSEC status. The exact fields depend on the TLD's whois server.

Why is the registrant info redacted or missing?

Since GDPR (2018), most registrars hide personal registrant contact in public whois output. Many registrants also pay for 'whois privacy' which replaces real contacts with a proxy. To reach the actual owner, use the registrar's contact form or message the abuse contact.

What's the difference between thin and thick whois?

Thick whois (most TLDs): all data lives at the registry. Thin whois (.com, .net via VeriSign): the registry returns only the registrar; you query the registrar for full details. The page handles both transparently.

Why is some of the date data confusing?

Different TLDs use different date formats and field labels. ICANN registrars are required to standardise core fields, but ccTLDs (country codes like .uk, .cn, .de) often have their own whois response format. The page tries to normalise but odd-looking dates can mean unparseable input.

Can I check IP whois too?

Some builds combine domain whois and IP whois (RIR whois for ARIN, RIPE, APNIC, LACNIC, AFRINIC). IP whois shows the network owner, address range, and abuse contact - useful for tracing where an IP belongs.

How current is whois data?

Updates happen at registrar-set frequency, usually within hours of a change. If a domain just changed hands, the update may take 24-48 hours to propagate to all whois servers. Cached whois entries may also lag.

Is the lookup logged?

Whois servers log queries by IP. Our backend issues the query, so the destination whois server sees our IP. Bulk querying is rate-limited by most whois providers; don't loop this in scripts.