What Is WHOIS?
WHOIS (pronounced "who is") is a publicly accessible database that stores registration information about domain names, IP address blocks, and autonomous systems. Originally created as a simple directory for network administrators, WHOIS has evolved into a critical tool for domain research, cybersecurity investigations, and legal due diligence.
What Information Does a WHOIS Record Contain?
A typical WHOIS record includes several data points, though privacy protection services may mask some of them:
- Registrant Name & Organization: Who registered the domain (individual or company).
- Registrant Contact: Email address, phone number, and mailing address.
- Registrar: Which company the domain was registered through (e.g., Namecheap, GoDaddy).
- Registration Date: When the domain was first created.
- Expiration Date: When the domain registration is set to expire.
- Last Updated Date: When the record was most recently modified.
- Nameservers: Where the domain's DNS is hosted.
- Domain Status Codes: Technical flags indicating the domain's current state (e.g., clientTransferProhibited).
WHOIS Privacy and GDPR
Since the introduction of GDPR in 2018, much of the personal registrant data in WHOIS records has been redacted or replaced with proxy information for European registrants. Many registrars globally followed suit by offering WHOIS privacy protection (sometimes called WHOIS guard), which substitutes the registrar's or a proxy service's contact details for the registrant's real information. This means that for many domains, you'll see masked data — but the registration and expiry dates, registrar, and nameserver records remain visible.
How to Perform a WHOIS Lookup
There are multiple ways to query WHOIS data:
- Command line: On Linux/macOS, type
whois example.comin a terminal. - Registrar websites: Most registrars (GoDaddy, Namecheap, etc.) have a WHOIS lookup tool on their site.
- Dedicated WHOIS tools: Platforms like ICANN Lookup, Whois.domaintools.com, and who.is provide clean, structured results.
Top Free WHOIS Lookup Tools
| Tool | Strengths |
|---|---|
| ICANN Lookup (lookup.icann.org) | Official, authoritative source; clean interface |
| who.is | Fast results with DNS records included |
| DomainTools WHOIS | Historical WHOIS data (premium for full access) |
| MXToolbox | Great for combining WHOIS with email and DNS diagnostics |
| Whois.net | Simple, no-frills lookup for quick checks |
Practical Uses for WHOIS Lookups
Domain Research & Acquisition
Before approaching a domain owner about purchasing a domain, a WHOIS lookup tells you when it was registered, when it expires, and potentially who to contact. This intelligence shapes your negotiation approach.
Cybersecurity & Fraud Investigation
Security teams use WHOIS data to identify domains used in phishing campaigns, trace malicious infrastructure, and block threats. Even with privacy protection, nameserver patterns and registration dates provide useful signals.
Competitive Intelligence
Checking when a competitor's domain was registered, or whether they've recently acquired new domains, can yield strategic insights about their expansion plans.
Understanding Domain Status Codes
WHOIS records include EPP status codes that indicate what actions are currently permitted on a domain. Common ones include:
- clientTransferProhibited: The domain cannot be transferred to another registrar without the current registrar's approval.
- serverHold: The domain is on hold and not resolving — often due to a dispute or non-payment.
- pendingDelete: The domain is about to be released back into the pool for registration.
Understanding these codes is essential when evaluating a domain's availability or negotiating a transfer.