Every domain name on the internet has a public registration record. WHOIS is the protocol that lets you look up who registered a domain, when it was created, when it expires, and which nameservers it uses.
Whether you are investigating a suspicious email, checking if a domain is available, doing competitive research, or verifying the legitimacy of a website, WHOIS is the tool you need. This guide explains what WHOIS data contains, how to use it, and what to do when information is hidden behind privacy services.
What is WHOIS?
WHOIS (pronounced "who is") is a query-and-response protocol that has been around since the 1980s. When someone registers a domain name, the registrar (like Namecheap, GoDaddy, or Cloudflare) collects their contact information and publishes it in a WHOIS database.
Anyone can query this database to find out:
- Who registered the domain
- When it was registered and when it expires
- Which registrar manages it
- Which nameservers it uses
- Contact information (if not privacy-protected)
What WHOIS Data Contains
A typical WHOIS response includes:
Domain Information
| Field | Description | Example |
|---|---|---|
| Domain Name | The domain being queried | samnet.dev |
| Registry Domain ID | Unique identifier in the registry | D123456-DEV |
| Registrar | Company that manages the registration | Cloudflare, Inc. |
| Creation Date | When the domain was first registered | 2024-05-15 |
| Updated Date | Last time the record was modified | 2026-01-10 |
| Expiry Date | When the registration expires | 2027-05-15 |
| Status | Current domain status codes | clientTransferProhibited |
Nameservers
Name Server: ns1.cloudflare.com
Name Server: ns2.cloudflare.comThese tell you who handles DNS for the domain. This can reveal what hosting or CDN the site uses (Cloudflare, AWS, Google, etc.).
Contact Information
Historically, WHOIS included the registrant's name, organization, email, phone number, and physical address. Since GDPR (2018), most registrars now redact personal information by default.
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the RegistrarHow to Perform a WHOIS Lookup
Using Our Tool
The easiest way: use our WHOIS Lookup tool. Enter any domain name and get instant results with parsed registration info and raw WHOIS data.
Command Line
# Linux/Mac (install whois if needed)
whois samnet.dev
# Query a specific WHOIS server
whois -h whois.verisign-grs.com google.comFor IP Addresses
WHOIS also works for IP addresses — it tells you which organization owns the IP block:
whois 8.8.8.8
This returns: Google LLC, ARIN allocation, and the IP range (8.8.8.0/24).
Understanding Domain Status Codes
WHOIS responses include status codes that indicate what actions are allowed on the domain:
| Status | Meaning |
|---|---|
clientTransferProhibited |
Transfer to another registrar is locked |
clientDeleteProhibited |
Cannot be deleted |
clientUpdateProhibited |
Contact/nameserver changes locked |
clientHold |
Domain is suspended (not resolving) |
serverTransferProhibited |
Registry-level transfer lock |
redemptionPeriod |
Domain expired, in grace period |
pendingDelete |
About to be released for re-registration |
active |
Domain is registered and resolving normally |
Healthy domains typically show clientTransferProhibited — this means the owner locked it to prevent unauthorized transfers (domain hijacking).
WHOIS Privacy and GDPR
Before 2018, WHOIS was fully public. Anyone could look up who owned a domain and see their name, address, phone number, and email. This was a privacy nightmare.
Since GDPR, European registrars are required to redact personal information. Most registrars worldwide now follow suit:
Before GDPR:
Registrant Name: John Smith
Registrant Email: [email protected]
Registrant Phone: +1.5551234567
Registrant Address: 123 Main St, Dallas, TXAfter GDPR:
Registrant Name: REDACTED FOR PRIVACY
Registrant Email: Contact registrar for detailsWHOIS Privacy Services
Even before GDPR, you could pay for "WHOIS privacy" through your registrar. This replaces your personal information with the privacy service's contact info. Now most registrars include this for free.
How to Contact a Hidden Registrant
If the WHOIS data is redacted and you need to reach the domain owner (for business, legal, or abuse reasons):
- Contact the registrar's abuse email (listed in WHOIS)
- Use the web form on the registrar's website
- For legal matters, registrars will forward communications to the actual owner
RDAP — The WHOIS Replacement
RDAP (Registration Data Access Protocol) is the modern replacement for WHOIS. It fixes several WHOIS shortcomings:
| Feature | WHOIS | RDAP |
|---|---|---|
| Format | Unstructured text | Structured JSON |
| Authentication | None | Supports access control |
| HTTPS | No | Yes |
| Internationalization | Poor | Full Unicode support |
| Standardized | Loosely | Fully (RFC 7480-7484) |
Most registries now support RDAP, and it is gradually replacing WHOIS queries behind the scenes. When you use a WHOIS tool, it often queries RDAP servers and formats the response for you.
Practical Uses for WHOIS
Check Domain Availability
If WHOIS returns "No match" or "NOT FOUND," the domain is available for registration.
Investigate Suspicious Emails
Got a phishing email claiming to be from secure-bank-login.com? Look it up:
- Creation date: Was it registered yesterday? Probably a scam.
- Registrant: Is it a privacy-protected registration from a country that does not match the supposed business?
- Registrar: Cheap registrars with lax abuse policies are favored by scammers.
Check When a Domain Expires
Want to buy an expired domain? Check the expiry date. After expiration, domains go through a grace period (~30 days), then redemption (~30 days), then pending delete (~5 days), and finally become available for registration.
Competitive Research
Check when competitors registered their domains, which registrar they use, and what nameservers/hosting they are on. This is all public information.
Verify Website Legitimacy
A new online store asking for your credit card? Check WHOIS:
- Domain registered last week? Red flag.
- Registrant info hidden behind privacy? Normal, but combined with a very new domain, be cautious.
- Nameservers point to a known hosting provider? More legitimate.
Look Up Any Domain
Use our free WHOIS Lookup tool to instantly check domain registration details, expiration dates, registrar info, and nameservers. For DNS record details, try our DNS Toolbox. To check SSL certificate validity, use our SSL Server Test.