How to Check Domain WHOIS Information

Domain WHOIS records contain the registration data for every domain name on the internet. When you register a domain through a registrar like Namecheap, GoDaddy, or Google Domains, that registration is recorded in a public database maintained by the registry for that TLD (top-level domain). Looking up these records tells you when a domain was registered, when it expires, which registrar manages it, and what nameservers are configured.

Our WHOIS Lookup Tool queries this data using RDAP, the modern replacement for the legacy WHOIS protocol. Enter any domain and get structured results in seconds, including registration dates, EPP status codes, nameserver details, and the full raw RDAP response.

This guide covers what WHOIS data contains, how to interpret each field, and practical situations where you would need to run a lookup.

What is WHOIS and Why It Matters

WHOIS started in the early 1980s as a directory service for ARPANET. Network administrators needed a way to look up who was responsible for a given network resource. As the Domain Name System grew, WHOIS became the standard way to query domain registration data. For decades, running whois example.com in a terminal returned a plain text block with the registrant’s name, address, phone number, and email alongside technical details about the domain.

The system served its purpose but had limitations. WHOIS responses were unstructured text with formatting that varied between registries. There was no authentication, no encryption, and no standardized way to handle access controls. RDAP (Registration Data Access Protocol) was developed by the IETF to address all of these shortcomings. It returns JSON over HTTPS, supports authentication tokens, and provides consistent response structures regardless of which registry you query.

Understanding Registration Dates

Every domain record includes three key dates that tell you the history and timeline of the registration:

Created Date shows when the domain was first registered. For long-established domains, this date can go back to the 1990s. A recently created date on a domain that claims to be an established business is a potential red flag for phishing or fraud.

Updated Date reflects the last time any change was made to the domain record. This includes renewals, nameserver changes, registrar transfers, and WHOIS contact updates. A recent update date doesn’t necessarily mean the domain changed owners.

Expiry Date is when the current registration term ends. If the owner doesn’t renew before this date (or have auto-renewal enabled), the domain begins a multi-stage expiration process that can eventually lead to it becoming available for anyone to register. Monitoring expiry dates is important for domain owners who manage multiple domains and for domain investors who track soon-to-expire names.

EPP Status Codes and What They Mean

EPP (Extensible Provisioning Protocol) status codes are flags set on a domain to control what actions can be performed. These codes appear in WHOIS/RDAP records and tell you whether a domain can be transferred, deleted, or updated.

The most common codes you will see on active domains are the “client” locks. clientTransferProhibited prevents the domain from being moved to another registrar without first removing the lock. clientDeleteProhibited stops accidental or unauthorized deletion. clientUpdateProhibited prevents changes to the domain’s WHOIS data. Most registrars apply these locks by default as a security measure.

“Server” locks like serverTransferProhibited and serverDeleteProhibited are applied by the registry itself, usually for high-value domains, legal disputes, or during the first 60 days after a registrar transfer.

If you see serverHold, the domain has been suspended by the registry. This removes it from DNS entirely, making the associated website and email unreachable. Domains in redemptionPeriod have been deleted but can still be recovered for a premium fee within a 30-day window.

A domain showing only the ok status code is in good standing with no locks applied.

Domain Privacy and GDPR Redaction

Before May 2018, every WHOIS record displayed the full personal contact information of the domain registrant. Name, street address, phone number, and email were all publicly searchable. This created serious privacy concerns and made domain owners targets for spam, social engineering, and identity theft.

When GDPR enforcement began, ICANN allowed registrars to redact personal data from WHOIS responses for registrants in the European Economic Area. Most registrars extended this protection globally, redacting contact fields for all registrants by default. Today, running a WHOIS lookup typically shows “REDACTED FOR PRIVACY” or similar placeholder text in the registrant name, address, and phone fields.

Some registrars offer a separate “WHOIS privacy” or “ID protection” service that replaces your information with a proxy contact belonging to the privacy provider. This existed before GDPR and is still offered as an optional add-on, though the default GDPR redaction makes it less necessary for most domain owners.

For legitimate purposes like trademark enforcement, abuse complaints, or law enforcement, registrars provide a process to request access to non-public registrant data. This typically involves submitting a formal request with documentation of your legal interest.

Practical Use Cases for WHOIS Lookups

Verifying domain ownership is the most common reason to run a WHOIS lookup. If you’re purchasing a domain from a third party, the WHOIS record confirms whether the seller is actually the registrant or has authority to transfer it.

Tracking domain expiration helps both domain owners and investors. Set calendar reminders based on the expiry date shown in WHOIS to ensure you never accidentally lose a domain. Domain investors monitor expiring domains to register valuable names the moment they become available.

Investigating suspicious websites starts with a WHOIS lookup. A domain registered yesterday that claims to be a 10-year-old company is an obvious warning sign. Phishing sites and scam operations frequently use newly registered domains.

Verifying DNS configuration by cross-referencing the nameservers listed in WHOIS with the nameservers your DNS provider expects to see. Mismatched nameservers are a common cause of domain resolution failures after a provider migration.

Legal and compliance research uses WHOIS data to identify domain holders in trademark disputes, copyright claims, and fraud investigations. Even with redacted personal data, the registrar information and creation dates provide useful evidence.

Frequently Asked Questions

How often is WHOIS data updated?

Registries typically update their RDAP/WHOIS databases within minutes of any registration change. When you modify nameservers, renew a domain, or update contact information through your registrar, the change propagates to the registry database almost immediately. However, some RDAP servers cache responses for a short period (usually under an hour), so you may need to wait briefly after making changes before seeing updated results in a lookup.

Can I hide my information from WHOIS?

Yes. Most registrars now redact personal contact information by default under GDPR privacy rules. You can also purchase dedicated WHOIS privacy protection from your registrar, which replaces your contact details with a proxy service. Some country-code TLDs have their own privacy rules that may differ from the generic TLD approach. For example, some ccTLDs require registrant names to be public for corporate registrations but allow individual registrants to opt out.

What happens when a domain expires?

When a domain passes its expiry date, it enters a grace period (typically 0-45 days depending on the registrar) where it can still be renewed at the standard price. After that, it moves to a redemption period lasting about 30 days, during which the original registrant can recover it by paying a premium fee, usually between $80 and $200. Finally, the domain enters a pending delete phase of approximately 5 days before it drops and becomes available for new registration. Throughout this process, the EPP status codes in the WHOIS record change to reflect each stage.

Why do some domains show no registrant data at all?

GDPR-compliant registrars strip personal data from public RDAP responses. Some registries go further and omit the registrant entity entirely from the response rather than returning redacted fields. Country-code TLDs each set their own disclosure policies, so the amount of visible registrant data varies a lot between TLDs. Thick WHOIS registries (like Verisign for .com) hold registrant data centrally, while thin registries delegate it to individual registrars, which further affects what appears in lookup results.