Back to Validator

Help Topics

Quick Actions

→ Back to Validator

WHOIS Domain Lookup - Complete Guide

Master domain research with WHOIS - View ownership, registration dates, nameservers, and contact information for any domain

Table of Contents

What is WHOIS?

WHOIS is a protocol used to query databases that store information about registered domain names, IP addresses, and autonomous systems. It's an essential tool for domain research, security investigations, and administrative purposes.

History & Standards

  • Established in 1982 with RFC 812 (later updated by RFC 3912)
  • Originally designed for ARPANET user lookups
  • Evolved to become the standard for domain registration queries
  • Operates on TCP port 43 (standard WHOIS protocol)
  • RDAP (RFC 7480-7485) is the modern replacement with structured data

Note: WHOIS data accuracy depends on registrants providing correct information. False information can lead to domain suspension under ICANN policies.

Information Available in WHOIS

WHOIS records contain various types of information about domain registrations:

Domain Information

  • Domain Name: The registered domain
  • Registry Domain ID: Unique identifier
  • Registrar: Company managing the domain
  • Registrar IANA ID: Registrar's unique number
  • Registrar URL: Registrar's website
  • Status: Current domain status codes
  • Name Servers: DNS servers for the domain
  • DNSSEC: Security extension status

Important Dates

  • Creation Date: When domain was registered
  • Updated Date: Last modification
  • Expiry Date: When registration expires

Contact Information

  • Registrant: Domain owner
  • Admin Contact: Administrative contact
  • Tech Contact: Technical contact
  • Abuse Contact: For reporting issues

Understanding Domain Status Codes

EPP (Extensible Provisioning Protocol) status codes indicate the state of a domain. Multiple statuses can be active simultaneously.

Normal Operation Statuses

  • ok - No restrictions, normal state
  • active - Domain is active in DNS
  • autoRenewPeriod - Grace period after expiry

Client-Set Protections

  • clientTransferProhibited - Transfer lock enabled
  • clientUpdateProhibited - Changes prohibited
  • clientDeleteProhibited - Deletion prohibited
  • clientHold - Domain suspended by registrar

Registry-Set Statuses

  • serverTransferProhibited - Registry prevents transfer
  • serverUpdateProhibited - Registry prevents updates
  • serverDeleteProhibited - Registry prevents deletion
  • serverHold - Domain suspended by registry

Pending/Problem Statuses

  • pendingTransfer - Transfer in progress
  • pendingDelete - Scheduled for deletion
  • redemptionPeriod - Can be restored (extra fee)
  • pendingRestore - Restoration in progress

Tip: Multiple "prohibited" statuses indicate strong domain security. These prevent unauthorized changes but must be removed before making legitimate updates.

Privacy Protection & GDPR

Privacy concerns and regulations have significantly impacted WHOIS data availability:

GDPR Impact (Since May 2018)

  • Personal data often redacted for EU citizens
  • Email addresses frequently replaced with anonymized forms
  • Physical addresses may be hidden
  • Phone numbers typically redacted
  • Organization data usually remains visible

Privacy Protection Services

Many registrars offer WHOIS privacy protection (also called Domain Privacy or WHOIS Guard):

  • Replaces personal info with proxy service details
  • Forwards legitimate inquiries to actual owner
  • May be free or paid depending on registrar
  • Can be disabled for verified legal requests
  • Not available for some TLDs (.us, .ca restrictions)

Important: Privacy protection doesn't hide domain ownership from ICANN, law enforcement, or in legal proceedings. It only masks public WHOIS displays.

Monitoring Domain Expiry

Domain expiry monitoring is crucial to prevent losing valuable domains:

Domain Lifecycle

  1. Active Period: Domain functions normally
  2. Expiry Date: Registration period ends
  3. Auto-Renew Grace (0-45 days): Can renew at normal price
  4. Redemption Period (30-90 days): Can restore with penalty fee
  5. Pending Delete (5 days): Cannot be restored
  6. Available: Anyone can register

Best Practices

  • Enable auto-renewal for critical domains
  • Keep payment methods up to date
  • Use multiple notification emails
  • Set calendar reminders 60-90 days before expiry
  • Consider multi-year registrations
  • Monitor domains quarterly, not just near expiry

Warning: Expired domains can be registered by anyone, including competitors or malicious actors. Domain squatters often target expired domains with existing traffic or backlinks.

Common Use Cases

Business Intelligence

  • • Research competitor domains
  • • Verify business legitimacy
  • • Check domain portfolio ownership
  • • Due diligence for partnerships
  • • M&A domain asset research

Security & Compliance

  • • Investigate phishing domains
  • • Track domain abuse patterns
  • • Verify SSL certificate domains
  • • Brand protection monitoring
  • • Cybercrime investigations

Technical Administration

  • • Verify nameserver configurations
  • • Check DNSSEC deployment
  • • Troubleshoot email delivery
  • • Audit domain configurations
  • • Plan DNS migrations

Domain Management

  • • Monitor expiration dates
  • • Track domain transfers
  • • Audit contact information
  • • Manage domain portfolios
  • • Plan renewal strategies

Interpreting WHOIS Results

Key Indicators to Check

🔍 Domain Age

Older domains (3+ years) are generally more trustworthy. New domains (< 6 months) used for e-commerce or financial services warrant extra scrutiny.

🏢 Registrar Reputation

Well-known registrars (GoDaddy, Namecheap, Google Domains) indicate legitimate registration. Obscure or problematic registrars may signal issues.

📧 Contact Consistency

Matching registrant, admin, and tech contacts suggest single ownership. Different contacts might indicate resellers or complex structures.

🔒 Status Codes

Multiple security locks (TransferProhibited, UpdateProhibited) indicate good security practices. Unusual statuses like ServerHold require investigation.

📅 Recent Updates

Frequent recent updates might indicate domain trading or configuration changes. Stable domains show infrequent updates.

Best Practices

For Domain Owners

  • Keep WHOIS information accurate and up-to-date
  • Use privacy protection for personal domains
  • Enable all available security locks
  • Use a dedicated email for domain management
  • Document all domains in a central inventory
  • Set up monitoring for unauthorized changes

For Researchers

  • Cross-reference multiple WHOIS servers
  • Check historical WHOIS data when available
  • Verify information through multiple sources
  • Respect privacy and use data ethically
  • Understand limitations of redacted data
  • Use RDAP for more structured data when available

Legal Considerations

  • WHOIS data is subject to terms of use
  • Bulk harvesting is typically prohibited
  • Data cannot be used for unsolicited marketing
  • Accuracy requirements vary by jurisdiction
  • False WHOIS data can result in domain loss

Advanced Topics

RDAP Protocol

Registration Data Access Protocol - The modern replacement for WHOIS with JSON output, authentication, and better internationalization support.

Reverse WHOIS

Search for domains by owner information. Useful for finding all domains owned by an organization (requires specialized services).

Historical WHOIS

Track ownership changes over time. Essential for investigations and understanding domain history (premium service from providers like DomainTools).

Bulk WHOIS

Query multiple domains efficiently. Useful for portfolio management and monitoring (requires API access and respecting rate limits).

Related Tools & Resources

DNS Lookup Tool

Query DNS records and verify configurations

DNS Records Guide

Learn about different DNS record types

ICANN Status Codes

Official EPP status code documentation