WHOIS Lookup

Look up WHOIS records, domain age, registration and expiry dates. Free, instant domain checker.

✓ Free✓ No sign-up✓ Works in browser

How to Use This Tool

Enter a Domain Name

Type a domain name (e.g., example.com) into the search box. You can enter multiple domains separated by new lines for bulk lookup.

View WHOIS Data

See the registrar, registration date, expiry date, nameservers, and domain status. A countdown shows days until expiry.

Check Domain Age

The domain age (in years and days) is displayed prominently. Older domains are generally more trusted by search engines.

Related Tools

IP Address Lookup

Website Speed Checker

QR Code Generator

Business Name Generator

Frequently Asked Questions

What is a WHOIS lookup?

WHOIS is a protocol for querying the registration database of domain names. It returns information about who registered a domain, when, and until when.

Why does WHOIS show privacy-protected data?

Domain registrars offer WHOIS privacy protection, which replaces the owner's personal details with the registrar's proxy details. This is common practice to reduce spam and protect registrant privacy.

How does domain age affect SEO?

Older domains generally have more established backlink profiles and domain authority. However, domain age itself is a minor ranking factor — quality content and backlinks matter far more.

What does 'clientTransferProhibited' mean in domain status?

This status prevents the domain from being transferred to another registrar without authorization. It is a standard security lock that most active domains have.

About WHOIS Lookup

A phishing email is circulating that links to a newly-registered lookalike domain and legal wants to know the registrar so they can file a UDRP complaint by end of day. Or you are evaluating a brand-partnership offer from a company whose domain was registered last month through a reseller in a country you have never heard of, and that is a red flag worth a two-minute check. This lookup queries the registry and registrar WHOIS servers (plus the newer ICANN RDAP endpoints that are replacing classic WHOIS since 2019) and returns registrar name, registration and expiry dates, updated date, nameservers, registration status codes (clientTransferProhibited, serverHold), registrant organization, and registrant country where disclosed. Since GDPR came into force in 2018, personal contact details for domains registered to natural persons inside the EU are redacted and replaced with registrar-level abuse contacts. For most small personal domains you will see 'REDACTED FOR PRIVACY' where a name used to be — that is the post-GDPR normal, not a broken lookup.

How it works

1
TLD routed to the right WHOIS or RDAP server
The domain's TLD is used to pick the correct upstream — .com and .net go to Verisign's thin registry plus the registrar's thick record; .io, .dev, .app go to their respective registries; ccTLDs route to national registries (Nominet for .uk, DENIC for .de). Newer gTLDs now expose RDAP endpoints returning structured JSON instead of the legacy WHOIS text format.
2
Response parsed for the standardized fields
Free-form WHOIS text is notoriously inconsistent across registrars, so the parser extracts the common fields (Registrar, Creation Date, Expiry Date, Updated Date, Name Server, Status, Registrant Organization, Registrant Country) and leaves the raw response accessible as a fallback when a parser misses a non-standard field.
3
GDPR-redacted fields surfaced honestly
Where registrant name, email, address, or phone come back as REDACTED FOR PRIVACY or a registrar-proxy email, those fields are shown as redacted rather than omitted — so you know the data is hidden by policy, not missing due to a lookup error. The registrar's abuse email remains visible and is the correct first-contact for reporting.

Pro tips

Registration date is the most useful honesty signal

A domain created within the last 90 days is the single strongest predictor of abuse in most threat feeds. Legitimate businesses tend to have long-held domains and plan ownership transitions years in advance; phishing, scam, and spam operations churn through freshly-registered domains weekly. When evaluating a suspicious email or link, the creation date alone often tells you more than any other field in the WHOIS record. Pair it with registrar reputation (some bulk-reseller registrars are heavily over-represented in abuse data) for a quick heuristic.

Do not expect to find the owner's name anymore

Post-GDPR (May 2018) and following ICANN's Temporary Specification, personal registrant data is redacted by default for domains held by natural persons, especially within the EU. The registrant organization field remains visible for corporate registrations, so a company-owned domain still shows the company name. For individual-held domains, expect 'REDACTED FOR PRIVACY' and plan to escalate through the registrar's abuse channel rather than trying to contact the registrant directly. This is not WHOIS being broken — it is privacy law working as intended.

RDAP is the future — WHOIS is being deprecated

ICANN is phasing out classic WHOIS in favour of RDAP (Registration Data Access Protocol), which returns structured JSON and supports authenticated access for contracted parties who are entitled to unredacted data. For most public lookups the visible fields are the same, but if you are building an automated pipeline, target RDAP endpoints directly — they give you stable field names instead of parsing free-form text that varies across registrars. Classic WHOIS text output is being retired on a rolling basis through 2027.

Honest limitations

· Personal registrant data for domains held by natural persons is redacted under GDPR and similar privacy regulations — expect 'REDACTED FOR PRIVACY' on most individual domains.
· ccTLDs set their own disclosure rules; some (.de, .nl) disclose very little even for corporate registrations, others (.uk) show more.
· RDAP-only registries may return structured data that differs in field naming from the classic WHOIS fields shown; raw response is preserved for fallback inspection.

Frequently asked questions

Why can I not see the owner's name and email anymore?

Since May 2018 the EU General Data Protection Regulation has classified registrant contact data as personal information that cannot be published without a lawful basis. ICANN's Temporary Specification (now the Registration Data Policy) directs registrars to redact registrant name, email, phone, and address for individuals by default. Some registrars redact for all registrants including companies, out of caution. You will typically see the registrant organization if the domain is company-held, and you will always see the registrar's abuse email, which is the proper escalation path for any concern about the domain's use.

What is RDAP and how is it different from WHOIS?

RDAP (Registration Data Access Protocol) is the modern successor to the WHOIS protocol, standardized through IETF RFC 7480-7485. It uses HTTPS and returns structured JSON instead of WHOIS's free-form text, supports internationalized data natively, and allows authenticated queries that can return unredacted data to contracted parties (law enforcement, trademark holders with a legitimate basis). ICANN began requiring gTLD registries and registrars to offer RDAP in 2019 and is phasing out classic WHOIS on a rolling schedule. For most public lookups the visible fields are equivalent but RDAP's structure is far more automation-friendly.

How often is WHOIS data updated?

Changes typically propagate from the registrar's system to the registry within minutes for gTLDs like .com and .net, and the registry-level data is authoritative once updated. Field changes requested by the registrant (nameserver updates, registrant organization changes after a corporate name change) appear the same day. Registration date and registrar do not change after initial creation unless the domain is transferred, in which case registrar changes but the original creation date is preserved. Status codes (clientTransferProhibited, serverHold) update immediately when applied by the registrar or registry.

Can I find out if a domain is available for purchase?

Indirectly, yes. If the lookup returns 'No match' or 'No Data Found' for a gTLD, the domain is almost certainly available for registration through any accredited registrar. For ccTLDs the response format varies and a missing record is a stronger signal. Note that 'available' in WHOIS does not always mean 'available at the registrar' — some domains are in redemption grace period (expired but not yet re-released), in pending-delete status, or reserved by the registry. Use a registrar's availability check as the final confirmation before planning to register.

What do status codes like clientTransferProhibited mean?

EPP status codes tell you which operations are blocked on the domain. clientTransferProhibited is set by the registrar at the owner's request (or by default) and prevents transfer to another registrar without first unlocking — a standard anti-hijack defence for valuable domains. serverHold is set by the registry and takes the domain offline (nameserver delegation removed), typically due to a court order or unpaid fees. clientDeleteProhibited blocks deletion. pendingDelete means the domain entered the delete lifecycle and will drop in about five days. Seeing multiple clientXxxProhibited codes on a high-value domain is normal and healthy.

WHOIS data is usually one step in a broader investigation. ip-address-lookup profiles the ASN and hosting provider serving the domain, which often tells a different story than the registration record (a privacy-registered domain pointing to a bulletproof-hosted Russian IP is a louder signal than the WHOIS alone). website-speed-checker captures performance and header data from a live domain during review. json-formatter cleans RDAP JSON responses for inclusion in a ticket. For evidence capture during investigations, pdf-merger combines multiple WHOIS snapshots, screenshots, and emails into a single case file for legal review.