WHOIS Lookup

WHOIS / RDAP Lookup

What WHOIS Tells You

A WHOIS lookup shows the public registration details for a domain or IP address — who registered it, which registrar handled the transaction, when it was created, when it expires, and which name servers are authoritative for it. For IP addresses, the lookup returns which Regional Internet Registry (ARIN, RIPE, APNIC, LACNIC, or AFRINIC) holds the block, who has been assigned it, and the contact for abuse reports. This information is the starting point for incident response, fraud investigation, due diligence, brand protection, and a hundred other operational tasks.

Why This Tool Uses RDAP

Traditional WHOIS is a 1980s text protocol with no standard format and no structured data. The Internet Engineering Task Force replaced it with the Registration Data Access Protocol (RDAP) in 2015. RDAP returns clean JSON, supports authentication, follows redirects through a bootstrap registry, and handles internationalized data correctly. Every gTLD registrar and every Regional Internet Registry now publishes RDAP endpoints, so this tool queries them directly through the well-known rdap.org bootstrap service. The result is faster, more reliable, and more structured than legacy WHOIS — and it works for both domains and IP addresses through a single interface.

Reading the Results

• Registrar / Sponsor is the company that manages the registration on behalf of the owner. For domains this is GoDaddy, Namecheap, Cloudflare, etc. For IPs this is the RIR or downstream allocation holder.
• Registration date tells you when the domain or block was first registered. A very recent registration on a domain is a common phishing red flag.
• Expiry date tells you when the registration lapses. If a critical service is hosted on a domain, this date is worth monitoring.
• Status codes show registry-level locks like clientTransferProhibited or serverHold. They reveal a lot about the domain’s lifecycle and security posture.
• Name servers list which DNS servers are authoritative. Cross-reference these against actual DNS responses with our DNS Record Checker to spot misconfigurations.
• DNSSEC indicates whether the domain is signed. A signed delegation reduces exposure to DNS poisoning attacks.

Privacy and Redaction

Most registrant contact details — name, email, phone, postal address — are now redacted by default to comply with GDPR and ICANN privacy policies. Where they appear in the results, it is because the registrant has chosen not to enable WHOIS privacy or because the registry does not redact certain entity types. Do not be surprised to see REDACTED FOR PRIVACY or similar placeholders; that is the modern norm rather than missing data.

Use Cases

WHOIS lookups remain essential for verifying domain ownership before a purchase, identifying the right contact to report abuse on a malicious IP, checking whether a domain is parked or actively managed, and confirming that a transfer is locked before initiating one. They also pair naturally with our DNS Record Checker and Reverse DNS Lookup when you are tracing the full picture of a domain or IP. To learn more about the difference between IP types, see public vs. private IP addresses.

Related Tools & Resources

Explore more free networking tools: run a DNS lookup, find the PTR record for an IP, check SPF, DKIM, and DMARC records, or look up your own public IP.