WHOIS Lookup
Why Use Our WHOIS Lookup
- Clean summary view: registrar, creation/expiration/updated dates, nameservers, DNSSEC and status codes in one glance
- Domain-focused validation: rejects URLs with protocol/path and expects a proper FQDN (e.g. example.com, sub.domain.org)
- Normalized fields: backend maps domain, registrar, dates, nameservers, DNSSEC, status[] and registrant.organization (when available) into a consistent data model
- Raw record panel: view the original WHOIS text or RDAP JSON exactly as returned by the registry/registrar
- RDAP support where available, for more structured, machine-readable JSON responses
- Mobile-friendly UI with copy/paste-friendly formatting for tickets, incident reports and domain portfolios
- No account required; fair-use rate limiting to keep the service fast and stable for everyone
🔍 How to Perform a WHOIS Lookup for whois-lookup
1. Enter a Domain Name
Type a fully qualified domain name like <code>example.com</code> or <code>sub.domain.org</code>. Do not include <code>http://</code>, <code>https://</code> or any path/query parameters – the tool validates only domain-style input.
2. Validate & Query
The tool checks that your input looks like a valid domain (FQDN-ish), then queries the appropriate WHOIS or RDAP source based on the TLD and backend routing logic.
3. Parse Key Fields
Core fields – domain, registrar, created/updated/expires dates, nameservers, DNSSEC state, status codes and registrant organization when available – are normalized into a structured summary for quick reading and comparison.
4. Inspect Raw Data
For investigations and edge cases, open the raw output panel to see the complete WHOIS text or RDAP JSON. This is the same <code>rawData</code> returned by the backend, ideal for copy/paste into tickets, SIEM notes or spreadsheets.
Protocol Details & Data Model
WHOIS (RFC 3912) & RDAP (RFC 7483)
The tool is designed around modern WHOIS/RDAP data access and the normalized shape your UI consumes:
| Aspect | Detail | Note |
|---|---|---|
| WHOIS Transport | TCP port 43 | Free-form text; caller must parse lines and follow referrals where needed |
| RDAP Transport | HTTPS + JSON | Structured JSON: objects for domain, contacts and status codes |
| Input Type | Domain name (FQDN only) | The UI validation rejects protocol/path to match how registries expect queries |
| Output Shape | Parsed + Raw | UI shows normalized fields and exposes <code>rawData</code> from the backend |
Typical Response Characteristics
Actual speed depends on the registry/registrar involved, network latency and throttling:
| Registry Type | Typical Latency | Notes |
|---|---|---|
| .com / .net (gTLD) | ⚡ ~0.5–1s | Often fast, with clear registrar/referral patterns |
| New gTLDs | ⏳ 1–2s | Many use RDAP with richer structured data |
| ccTLDs (country-code) | ⏳ 1–3s | Highly variable formatting; privacy rules differ by country |
Core Fields Parsed by the Tool
When present in the upstream response, the backend maps key WHOIS/RDAP fields into the normalized object exposed to the frontend (the <code>WhoisResult</code> shape):
| Field | Description | Example |
|---|---|---|
| domain | Domain name queried | example.com |
| registrar | Registrar responsible for the domain | Namecheap, GoDaddy, OVH, Gandi… |
| created / updated / expires | Lifecycle timestamps | 2020-01-01 / 2023-01-10 / 2026-01-01 |
| nameServers[] | Authoritative nameservers | ns1.example.com, ns2.example.com |
| status[] | Domain status codes | clientTransferProhibited, ok, pendingDelete… |
| dnssec | DNSSEC signing state | signedDelegation, unsigned |
| registrant.organization | Registrant organization (if not redacted) | Example Corp |
| rawData | Full raw WHOIS text or RDAP JSON | Displayed as-is in the raw panel for copy/paste |
Command Line WHOIS
Prefer the terminal? These commands mirror what the backend does, but directly from your shell:
Linux/macOS
Basic WHOIS lookup
whois example.comQueries the default WHOIS server for the TLD and prints the raw record
Filter common lifecycle fields
whois example.com | grep -iE "registrar:|creation date:|updated date:|expiry date:|name server:"Quickly extract registrar, dates and nameservers from noisy output
Minimal RDAP query via curl (if supported)
curl https://rdap.org/domain/example.comReturns JSON with structured RDAP data where available
Windows
Sysinternals WHOIS (after installing whois.exe)
whois.exe -v example.comVerbose WHOIS lookup with additional hints and formatting
Practical Applications of WHOIS
Domain Research & Due Diligence
- Check how old a domain is before buying it on a marketplace
- Verify whether a domain is close to expiration (risk of drop or loss)
- See which registrar holds a domain to plan a transfer or consolidation
// Extract domain age (rough) from a raw WHOIS string
const match = /Creation Date:\s*(.+)/i.exec(rawWhois);
const createdAt = match ? new Date(match[1]) : null;
const ageYears = createdAt ? (Date.now() - createdAt.getTime()) / (1000*60*60*24*365) : null;Cybersecurity & Incident Response
- Investigate suspicious domains seen in logs or phishing emails
- Track registrar and nameserver patterns across malicious infrastructure
- Document ownership context when filing abuse reports or takedown requests
// Track nameserver lines from WHOIS output
const nsLines = rawWhois.match(/Name Server:\s*(.+)/gi) || [];
const currentNS = nsLines.map(l => l.split(/:\s*/i)[1]?.trim());
compareWithPreviousSnapshot(currentNS);Operations & DNS Housekeeping
- Verify that a domain is correctly delegated to your DNS provider
- Check DNSSEC flag before enabling security-sensitive features
- Audit a portfolio of domains for consistent registrars and expirations
❓ Frequently Asked Questions
❓Why are some WHOIS details hidden or redacted?
🔄How fresh is WHOIS/RDAP data?
🔍What’s the difference between WHOIS and RDAP?
HTTP+JSON replacement with structured objects, standardized error codes and better access control. Many TLDs currently expose both in parallel.🌐Can I look up IP address ownership?
⚠️Why do I sometimes see errors or partial data?
Pro Tips
When investigating ownership, compare both registry and registrar WHOIS (and RDAP when available); subtle differences can reveal transfer timing or stale mirrors.
For abuse or phishing, registrar abuse contacts and hosting providers are usually more effective than chasing a possibly redacted registrant email.
Track key domains’ expiration dates in a calendar or monitoring system; don’t rely solely on registrar reminder emails.
Watch domain status codes (clientTransferProhibited, redemptionPeriod, etc.). They tell you at a glance whether a domain is locked, in grace, or close to deletion.
Additional Resources
Other Tools
- CSS Beautifier
- HTML Beautifier
- Javascript Beautifier
- PHP Beautifier
- Color Picker
- Sprite Extractor
- Base64 Decoder
- Base64 Encoder
- Csharp Formatter
- Csv Formatter
- Dockerfile Formatter
- Elm Formatter
- ENV Formatter
- Go Formatter
- Graphql Formatter
- Hcl Formatter
- INI Formatter
- JSON Formatter
- Latex Formatter
- Markdown Formatter
- Objectivec Formatter
- Php Formatter
- Proto Formatter
- Python Formatter
- Ruby Formatter
- Rust Formatter
- Scala Formatter
- Shell Script Formatter
- SQL Formatter
- SVG Formatter
- Swift Formatter
- TOML Formatter
- Typescript Formatter
- XML Formatter
- YAML Formatter
- Yarn Formatter
- CSS Minifier
- Html Minifier
- Javascript Minifier
- JSON Minifier
- XML Minifier
- Http Headers Viewer
- PDF To Text
- Regex Tester
- Serp Rank Checker