Whois Domain Lookup
Check domain registration info, expiration date, DNS servers and more
Enter a domain name and click "Lookup" to get registration info
What is Whois Lookup?
WHOIS returns registration information for domains or IP-related resources when that data is published by the registry, registrar, or regional internet registry. It may include registrar name, name servers, creation and expiration dates, status codes, contact or privacy-proxy details, and technical notes. The tool supports domain research, expiration monitoring, abuse reporting, trademark checks, incident response, and understanding which organization is responsible for a name. WHOIS data is not always complete or current: privacy regulations, proxy services, RDAP migration, and registry policies can all change what is visible. For legal, security, or ownership decisions, results should be cross-checked with official registrar or registry sources.
How to Use
How to use
- Enter the domain name you want to query (e.g. google.com)
- Click the "Lookup" button or press Enter
- Wait for the lookup results to return
- View the domain's registrar, creation date, expiration date, and more
- Expand "Raw Text" to see the complete Whois response
Lookup Notes
- WHOIS data may be redacted for privacy or cached by registries, so it is not always complete or current.
- For ownership, expiration, or abuse handling, confirm details with the registrar or registry source.
Use Cases
Technical Principle
The WHOIS protocol is specified in RFC 3912 and is one of the simplest internet protocols still in active use: a client opens a TCP connection to port 43 on a WHOIS server, sends the query string followed by `\r\n`, and the server replies with free-form ASCII text and closes the connection. There is no authentication, no structured schema, and no required field order — every TLD registry returns its own text layout, which is why the parser has to handle each TLD's quirks individually. Lookups follow a two-step referral chain. The IANA root WHOIS at `whois.iana.org` knows which registry runs each TLD: for `.com` it returns `refer: whois.verisign-grs.com`, the thin registry that holds only the registrar and name-server info. To get full registrant details a second query goes to the sponsoring registrar's WHOIS (e.g. `whois.markmonitor.com` for many corporate domains). Country-code TLDs differ: `.cn` is served by `whois.cnnic.cn` (CNNIC), `.de` by `whois.denic.de` (with most personal data suppressed), and `.jp` by `whois.jprs.jp`. The whole referral chain is plain text, so a browser cannot speak raw port 43 directly — this tool proxies through a server-side fetch that performs the TCP query and returns the parsed response. RDAP (Registration Data Access Protocol), defined in RFC 7480-7484 and 9082-9083, is the structured successor. It is a RESTful JSON-over-HTTPS API at `https://rdap.verisign.com/com/v1/domain/example.com` style URLs, with consistent field names, internationalisation, and access control. ICANN required gTLD registries and registrars to deploy RDAP by August 2019, and as of 2025 ICANN's Registration Data Consensus Policy phases out legacy WHOIS (port 43) for gTLDs in favour of RDAP, with many registries still operating WHOIS in parallel during the transition window. Since GDPR took effect in May 2018, registrant name, email, address, and phone for natural persons in the EEA are redacted by default and shown as "REDACTED FOR PRIVACY" or routed through the registrar's anonymized abuse contact.
- WHOIS protocol: RFC 3912, TCP port 43, plain-text request (`domain\r\n`) and unstructured ASCII response, no auth, no schema.
- Two-step referral: IANA root (`whois.iana.org`) returns the TLD's WHOIS server; the registry WHOIS returns the sponsoring registrar's WHOIS for full data.
- Common status codes (EPP, RFC 5731): `clientTransferProhibited` (registrar lock), `serverDeleteProhibited`, `clientHold` (DNS suspended), `pendingDelete`.
- GDPR (effective May 2018) redacts EEA natural-person registrant data; replies show `REDACTED FOR PRIVACY` and route contact through registrar abuse channels.
- RDAP (RFC 7480-7484, 9082-9083) is the structured JSON-over-HTTPS successor; ICANN's 2025 Registration Data Consensus Policy phases out legacy port-43 WHOIS for gTLDs in favour of RDAP, with parallel operation during the transition window.
- Browsers cannot open raw TCP port 43, so client-side WHOIS tools require a server proxy that performs the socket query and returns parsed JSON.
- Critical date fields use ISO 8601: `Creation Date`, `Updated Date`, `Registry Expiry Date`; a domain enters a 30-day redemption grace period after expiry before deletion.
Examples
WHOIS lookup result for google.com
Domain Name: GOOGLE.COM
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Creation Date: 1997-09-15T04:00:00Z
Updated Date: 2019-09-09T15:39:04Z
Expiration Date: 2028-09-14T04:00:00Z
Domain Status: clientUpdateProhibited, clientTransferProhibited
Name Servers: NS1.GOOGLE.COM, NS2.GOOGLE.COM, NS3.GOOGLE.COM, NS4.GOOGLE.COM
DNSSEC: unsignedCheck renewal date and status codes
Domain Name: example.org
Expiration Date: 2026-08-13T04:00:00Z
Days remaining: ~64 days
Status: clientTransferProhibited (locked, cannot be transferred)
serverDeleteProhibited
# Renew before expiration date or risk losing the domain to a redemption period.Verify name servers after a DNS migration
Before migration:
Name Servers: ns1.oldprovider.com, ns2.oldprovider.com
After migration (registry updated):
Name Servers: ns-123.awsdns-12.com, ns-456.awsdns-34.net
Updated Date: 2026-06-10T08:42:11ZGDPR-redacted registrant for a .eu domain
Domain: mybrand.eu
Registrant: REDACTED FOR PRIVACY
Email: Please query the RDAP service of the Registrar
Registrar: Gandi SAS
Abuse email: abuse@gandi.net
# Personal details are hidden; contact registrar abuse channel for takedowns.FAQ
What information does whois return?
Domain registrar, creation/expiry/last-updated dates, name servers, registrant contact (often redacted under GDPR/privacy services), administrative and technical contacts, registrar abuse contact, and DNSSEC status. The exact fields depend on the TLD's whois server.
Why is the registrant info redacted or missing?
Since GDPR (2018), most registrars hide personal registrant contact in public whois output. Many registrants also pay for 'whois privacy' which replaces real contacts with a proxy. To reach the actual owner, use the registrar's contact form or message the abuse contact.
What's the difference between thin and thick whois?
Thick whois (most TLDs): all data lives at the registry. Thin whois (.com, .net via VeriSign): the registry returns only the registrar; you query the registrar for full details. The page handles both transparently.
Why is some of the date data confusing?
Different TLDs use different date formats and field labels. ICANN registrars are required to standardise core fields, but ccTLDs (country codes like .uk, .cn, .de) often have their own whois response format. The page tries to normalise but odd-looking dates can mean unparseable input.
Can I check IP whois too?
Some builds combine domain whois and IP whois (RIR whois for ARIN, RIPE, APNIC, LACNIC, AFRINIC). IP whois shows the network owner, address range, and abuse contact - useful for tracing where an IP belongs.
How current is whois data?
Updates happen at registrar-set frequency, usually within hours of a change. If a domain just changed hands, the update may take 24-48 hours to propagate to all whois servers. Cached whois entries may also lag.
Is the lookup logged?
Whois servers log queries by IP. Our backend issues the query, so the destination whois server sees our IP. Bulk querying is rate-limited by most whois providers; don't loop this in scripts.