WHOIS Lookup Guide: How to Check Domain Ownership & Registration Details

Q: What is a WHOIS lookup?

A WHOIS lookup is a query to a public database that stores registration information for domain names. It returns details like the domain registrant's name and contact info, the registrar, creation and expiration dates, nameservers, and domain status codes. WHOIS has been a core internet protocol since the early 1980s.

Q: Is WHOIS data still public?

Due to GDPR and other privacy regulations implemented around 2018, many registrars now redact personal information from WHOIS results. You'll often see 'REDACTED FOR PRIVACY' instead of actual names and emails. However, administrative details like registration dates, expiration dates, nameservers, and domain status remain visible. RDAP (Registration Data Access Protocol) is gradually replacing WHOIS with better access controls.

Q: How do I find out when a domain expires?

Use a WHOIS lookup tool and look for the 'Registry Expiry Date' or 'Domain Expiry Date' field. This shows the exact date and time when the domain registration ends. If the owner doesn't renew before this date, the domain enters a grace period, then a redemption period, and eventually becomes available for anyone to register.

Q: Can I use WHOIS to check if a domain is available?

Yes. If a WHOIS lookup returns 'No match' or 'Domain not found', the domain is likely available for registration. However, some expired domains in grace or redemption periods may show as registered even though they will become available soon. For accurate availability, always check with a domain registrar, as WHOIS data may have slight delays.

Every registered domain name on the internet has a publicly accessible record stored in the WHOIS database. This record contains essential information about who owns the domain, when it was registered, when it expires, and which registrar manages it. Whether you're researching a competitor, investigating a suspicious website, checking domain availability, or monitoring your own domain portfolio, WHOIS lookup is an indispensable tool for anyone working with domains and websites.

Try Our Free WHOIS Lookup Tool →

What is WHOIS?

WHOIS is a query and response protocol dating back to the early 1980s — making it one of the oldest internet protocols still in active use. Originally designed as a simple directory service for ARPANET users, it evolved into the standard method for querying domain registration information across all top-level domains (TLDs).

When you perform a WHOIS lookup, you're sending a query to a WHOIS server operated by the domain's registry or registrar. The server responds with a structured text record containing all available registration data for that domain. The protocol operates on TCP port 43, though modern web-based tools handle the connection for you behind the scenes.

Understanding WHOIS Data Fields

A typical WHOIS response contains several key fields, each providing different information about the domain:

Domain Name
The exact domain being queried, including its TLD (e.g., example.com). This confirms you're looking at the right record.

Registrar
The accredited company where the domain was registered — companies like GoDaddy, Namecheap, Cloudflare Registrar, or Google Domains. The registrar handles billing, transfers, and WHOIS management for the domain.

Registrant
The person or organization that owns the domain. This typically includes name, organization, address, email, and phone. Note: Much of this data is now redacted due to privacy regulations.

Creation Date
The date when the domain was first registered. Useful for determining how long a website has existed, which can be a trust signal or a red flag depending on context.

Registry Expiry Date
The date when the current registration period ends. If the owner doesn't renew before this date, the domain enters a grace period and may eventually become available for registration by others.

Updated Date
The last time any domain record was modified. Frequent updates to this field alongside unusual nameserver changes can indicate domain hijacking or unauthorized modifications.

Name Servers
The DNS servers authoritative for this domain. These tell you where the domain's DNS records are hosted — common examples include Cloudflare, AWS Route 53, or the registrar's default nameservers.

Domain Status
One or more EPP (Extensible Provisioning Protocol) status codes that describe the domain's current state. These codes control what actions can be performed on the domain.

DNSSEC
Indicates whether DNS Security Extensions are enabled for the domain. DNSSEC adds cryptographic signatures to DNS records, preventing DNS spoofing and cache poisoning attacks.

Domain Status Codes Explained

Status codes are critical for understanding a domain's current state. Here are the most common ones you'll encounter:

Status Code	Meaning
`ok`	No special restrictions. Domain can be transferred, modified, and deleted normally.
`clientTransferProhibited`	The registrant has locked the domain to prevent unauthorized transfers. This is a security best practice.
`clientDeleteProhibited`	The domain is locked against deletion, protecting it from accidental or malicious removal.
`clientUpdateProhibited`	Changes to the domain's registrant contact information are restricted.
`serverHold`	The registry has suspended the domain. The domain won't resolve in DNS. Often due to compliance issues or disputes.
`pendingDelete`	The domain is in the deletion process. It will be removed from the registry after a 5-day waiting period.
`inactive`	The domain has no nameservers delegated to it. It won't resolve in DNS even though it's registered.
`autoRenewPeriod`	The domain is in its auto-renew grace period after the expiration date. The registrar may still renew it.

Privacy and WHOIS: What Changed After GDPR

Before May 2018, WHOIS records were largely public — you could find a domain owner's name, email address, phone number, and physical address with a simple query. The European Union's General Data Protection Regulation (GDPR) changed this dramatically. ICANN issued a Temporary Specification that required registrars to redact personal data from WHOIS output.

Today, when you perform a WHOIS lookup, you'll commonly see:

Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar
Registrant Phone: REDACTED FOR PRIVACY

This doesn't mean the data is gone — it's still stored by registrars. Authorized parties (law enforcement, trademark holders with UDRP claims, and cybersecurity researchers with legitimate purposes) can request access through various channels. Some registrars offer a WHOIS Privacy service that replaces personal data with proxy contact information, providing an additional layer of protection.

Practical Use Cases for WHOIS Lookup

Domain Research for Business

Before launching a business or product, check WHOIS records for competing domains. You can see when competitors registered their domains, who their registrar is, and whether their domains are set to auto-renew. This intelligence helps with competitive analysis and brand protection strategy.

Buying Domains from Current Owners

If a domain you want is already registered, WHOIS lookup helps you find the owner. Even with privacy protection, the registrar is visible. You can often reach the owner through the registrar's contact form or by using a domain brokerage service. Checking the expiration date also tells you if the domain might become available soon.

Website Security Investigation

Security professionals use WHOIS to investigate phishing sites, scam websites, and malicious domains. A domain registered yesterday with privacy protection and hosted on a free hosting service is a strong red flag. WHOIS data helps build a threat profile and identify patterns across multiple malicious domains.

Monitoring Your Own Domains

Regularly check WHOIS records for your domains to ensure nothing has changed unexpectedly. Verify that your contact information is accurate, your nameservers are correct, and no unauthorized status codes have been added. Set calendar reminders to check 60 days before expiration to avoid accidental domain loss.

Trademark Enforcement

Brand owners use WHOIS to identify cybersquatters — people who register domains containing trademarks in bad faith. WHOIS data provides evidence for UDRP (Uniform Domain-Name Dispute-Resolution Policy) complaints filed with WIPO or other dispute resolution providers.

The Domain Lifecycle: From Registration to Deletion

Understanding the domain lifecycle helps you make strategic decisions based on WHOIS data:

Active Period — The domain is registered and functioning normally. WHOIS shows a future expiration date.
Expiration — The registration period ends. The domain may stop working immediately, or continue functioning during auto-renew grace period.
Grace Period (0–45 days) — The owner can still renew at the normal price. WHOIS may show "autoRenewPeriod" status.
Redemption Period (30 days) — The domain has been deleted from the zone but can still be recovered by the original owner for a steep fee (typically $100–300).
Pending Delete (5 days) — Final stage. The domain cannot be recovered. After this, it's released to the public.
Available — Anyone can register the domain. Backorder services often snap up valuable expired domains within seconds.

WHOIS vs RDAP: The Future of Domain Data

RDAP (Registration Data Access Protocol) is ICANN's designated replacement for WHOIS. While WHOIS uses plain text over an unencrypted protocol, RDAP delivers structured JSON data over HTTPS. Key advantages of RDAP include:

Structured data — JSON format is far easier for applications to parse than WHOIS's freeform text
Authentication — HTTPS provides encryption and server authentication
Access control — RDAP supports tiered access levels, allowing different data visibility for different user types
Standardized error handling — Consistent HTTP status codes and error messages
Linking — RDAP responses include hyperlinks between related objects (registrant, registrar, nameserver)

Most modern WHOIS lookup tools now query RDAP servers under the hood while presenting results in a familiar format. The transition is ongoing, with full RDAP adoption mandated by ICANN's latest registration data policy.

How to Use RiseTop's WHOIS Lookup Tool

Enter a domain name — Type any registered domain (e.g., google.com, github.com)
Click "Lookup" — The tool queries the appropriate WHOIS/RDAP server automatically
Review results — See registrar, dates, nameservers, status codes, and DNSSEC status
Export if needed — Copy or save the results for your records

Command-Line WHOIS

For developers and sysadmins, WHOIS queries can be run directly from the terminal:

# Basic WHOIS lookup
whois example.com

# Query a specific WHOIS server
whois -h whois.verisign-grs.com example.com

# Query only registration dates
whois example.com | grep -i "creat\|expir"

# RDAP lookup (modern alternative)
curl -s https://rdap.org/domain/example.com | python3 -m json.tool

Frequently Asked Questions

What is a WHOIS lookup?

A WHOIS lookup is a query to the public registration database for domain names. It returns details about who registered a domain, when it was created, when it expires, which registrar manages it, and the domain's current status. WHOIS has been a core internet protocol since the 1980s and remains the primary way to access domain registration information.

Is WHOIS data still public?

Since GDPR took effect in 2018, most personal information in WHOIS records has been redacted. You'll typically see "REDACTED FOR PRIVACY" instead of the registrant's name, email, and phone. However, administrative data like registration dates, expiration dates, nameservers, and domain status codes remain visible. Authorized parties can still access full data through specific legal channels.

How do I find out when a domain expires?

Perform a WHOIS lookup and look for the "Registry Expiry Date" field. This shows the exact date and time when the current registration ends. If the owner doesn't renew, the domain enters a grace period (up to 45 days), then a redemption period (30 days with high recovery fees), and eventually becomes available for anyone to register.

What are domain status codes?

Domain status codes (EPP status codes) indicate the current state and restrictions on a domain. "clientTransferProhibited" means the domain is locked against transfers. "serverHold" means the registry has suspended it. "pendingDelete" means it's being removed. "ok" means no restrictions. Multiple status codes can apply simultaneously.

Can I use WHOIS to check if a domain is available?

Yes. If a WHOIS query returns "No match" or "Domain not found," the domain is likely available. However, some recently expired domains may still show as registered during their grace or redemption periods. For definitive availability checking, always verify with a domain registrar, as WHOIS data can have slight propagation delays.

What is the difference between WHOIS and RDAP?

RDAP (Registration Data Access Protocol) is the modern replacement for WHOIS. It uses JSON format over HTTPS instead of plain text over TCP port 43. RDAP provides structured, machine-readable data, built-in authentication, tiered access control for privacy compliance, and standardized error handling. Most modern tools use RDAP behind the scenes while displaying results in a user-friendly format.