Look up the full WHOIS record for any domain. See the registrar, registration and expiry dates, nameservers, and EPP status codes in a clean, structured view. Includes raw WHOIS output and a developer JSON API.
Enter any domain name to see its WHOIS record
WHOIS is the global directory of domain registrations. Every time a domain is registered, key details are logged with the registry — and WHOIS lets you query that record.
WHOIS is maintained by ICANN and individual registries (Verisign for .com, RIPE for European IPs, ARIN for North American IPs). It's the authoritative source of domain ownership records — or what ownership data registries are permitted to share.
A WHOIS record includes the registrar name, registration and expiry dates, last update timestamp, nameservers, and EPP status codes. Contact details (registrant, admin, tech) have been widely redacted since GDPR (2018) for privacy protection.
Security researchers use WHOIS to trace malicious domains, fraud analysts use it to assess domain age and registrar reputation, and developers use it to verify domain ownership and detect newly registered high-risk domains.
RDAP (Registration Data Access Protocol) is the modern successor to WHOIS. It returns structured JSON instead of plain text and supports richer authentication. Many registries now offer both. Our API returns WHOIS data parsed into structured JSON — giving you RDAP-style output from the traditional WHOIS pipeline.
Since May 2018, most gTLD registrars redact registrant contact details (name, email, phone, address) under GDPR. Country-code TLDs (ccTLDs) have their own rules — some publish full records, others nothing at all. Fields that are redacted will show as "Redacted for privacy" in our output rather than empty.
WHOIS records use standardised field names but vary by registry. Here's what each field means in plain English.
| Field | What It Means | Fraud Signal? |
|---|---|---|
Registrar |
The accredited company through which the domain was registered (e.g. GoDaddy, Namecheap, Cloudflare Registrar). | Low-cost, obscure, or offshore registrars are overrepresented in fraudulent domain registrations. |
Creation Date |
The date the domain was first registered. Domains registered in the last 30 days are statistically riskier. | Yes — newly registered domains are a top fraud signal. Pair with our Domain Age Checker. |
Expiry Date |
The date the current registration period ends. After this date the domain may be available for re-registration. | Domains expiring very soon may be abandoned or about to be drop-caught. |
Updated Date |
The last time the WHOIS record was modified — often triggered by registrar changes, nameserver updates, or renewals. | A very recent update on an old domain may indicate account takeover or preparation for fraud. |
Name Servers |
The DNS servers authoritative for this domain. They control where the domain's traffic is routed. | Nameservers shared with many other high-risk domains can indicate bulletproof hosting. |
Domain Status |
EPP (Extensible Provisioning Protocol) codes describing what operations are allowed on the domain right now. | A domain without clientTransferProhibited is easier to hijack via unauthorised transfer. |
Registrant / Admin / Tech |
Contact details for the domain owner and technical contacts. Widely redacted since GDPR 2018. | When visible, mismatched registrant names or generic email addresses are fraud signals. |
Integrate WHOIS lookups directly into your application. Returns structured JSON — no WHOIS parsing required on your end.
https://ip-api.io/api/v1/dns/whois/{domain}
Returns a structured WHOIS record for a domain including registrar, dates, nameservers, and EPP status codes. Results are cached for 24 hours per domain. Rate limited by IP address — no API key required for free-tier use.
{
"domain": "example.com",
"registrar": {
"name": "RESERVED-Internet Assigned Numbers Authority",
"url": "http://res-dom.iana.org",
"iana_id": "376"
},
"registered_on": "1995-08-14",
"expires_on": "2025-08-13",
"updated_on": "2023-08-14",
"name_servers": [
"a.iana-servers.net",
"b.iana-servers.net"
],
"status": [
{
"code": "clientDeleteProhibited",
"humanized": "Domain locked against deletion"
},
{
"code": "clientTransferProhibited",
"humanized": "Domain locked against transfer"
}
],
"raw": "Domain Name: EXAMPLE.COM\nRegistry Domain ID: 2336799_DOMAIN_COM-VRSN\n..."
}domain
The queried domain name (normalised to lowercase, stripped of protocol/path)
registrar.name
Name of the registrar holding the domain registration. Null if not in WHOIS record.
registrar.url
Registrar website URL as reported in the WHOIS record.
registrar.iana_id
ICANN-assigned registrar ID number.
registered_on
Domain creation date in ISO 8601 format (YYYY-MM-DD). Null if not parseable.
expires_on
Domain expiry date in ISO 8601 format. Null if not available.
updated_on
Last WHOIS record update date in ISO 8601 format.
name_servers
Array of authoritative nameserver hostnames, sorted alphabetically.
status
Array of EPP status codes, each with the raw code and a plain-English description.
raw
The full raw WHOIS response text from the registry.
curl "https://ip-api.io/api/v1/dns/whois/example.com"import requests
response = requests.get("https://ip-api.io/api/v1/dns/whois/example.com")
data = response.json()
print(f"Domain: {data['domain']}")
print(f"Registrar: {data['registrar']['name']}")
print(f"Registered: {data['registered_on']}")
print(f"Expires: {data['expires_on']}")
print(f"Nameservers: {', '.join(data['name_servers'])}")
for s in data['status']:
print(f"Status: {s['code']} — {s['humanized']}")const response = await fetch("https://ip-api.io/api/v1/dns/whois/example.com");
const data = await response.json();
console.log(`Domain: ${data.domain}`);
console.log(`Registrar: ${data.registrar?.name}`);
console.log(`Registered: ${data.registered_on}`);
console.log(`Expires: ${data.expires_on}`);
console.log(`Nameservers: ${data.name_servers.join(', ')}`);
for (const s of data.status) {
console.log(`Status: ${s.code} — ${s.humanized}`);
}Start using IP-API.io to make your website safer and more user-friendly. Keep out unwanted bots, show visitors content that's relevant to where they are, and spot risky IP addresses quickly. It's perfect for making online shopping more personal and keeping your site secure. Get started today with one of the plans!
Everything you need to know about WHOIS lookups
A WHOIS lookup queries the global registry of domain registrations maintained by ICANN and individual domain registries. It returns the registrar, registration and expiry dates, nameservers, EPP status codes, and (where not redacted) registrant contact details. WHOIS data is public record — anyone can query it.
Enter any domain name in the lookup tool above and click Look Up WHOIS.
You'll see a structured result with tabs for Registration, Name Servers, Status codes, and
the full raw WHOIS text. For programmatic access, use
GET https://ip-api.io/api/v1/dns/whois/{domain} which returns structured JSON.
On the command line, you can also run whois example.com.
Since GDPR came into effect in May 2018, most gTLD registrars (those handling .com, .net, .org, and other generic TLDs) are required to redact personal contact details — registrant name, email, phone number, and postal address. These fields now show as "Redacted for privacy" or similar. Technical data like dates, nameservers, and status codes remain public. Country-code TLDs (ccTLDs) have their own rules per jurisdiction.
WHOIS is the original protocol — it returns plain text output over port 43. RDAP (Registration Data Access Protocol) is its modern replacement — it returns structured JSON over HTTPS and supports authentication, internationalized domain names, and richer data models. Many registries now support both. Our API parses traditional WHOIS output and returns it as structured JSON, giving you the convenience of RDAP from the traditional pipeline.
Yes — WHOIS also covers IP address blocks, querying the Regional Internet Registries (ARIN for North America, RIPE NCC for Europe, APNIC for Asia-Pacific, LACNIC for Latin America, AFRINIC for Africa). IP WHOIS returns the organisation assigned a block of IP addresses. Our current tool focuses on domain WHOIS; for IP intelligence use our Fraud Detection API or What Is My IP tool.
WHOIS registries update in near-real-time when domain records change (registration, renewal, nameserver update, transfer). However, WHOIS servers can have their own caching layers introducing delays of minutes to hours. Our tool caches results for 24 hours per domain since WHOIS data changes infrequently and registrars rate-limit queries. For near-real-time monitoring use the API and bypass caching on a schedule.
Yes, the interactive WHOIS lookup tool on this page is completely free with no sign-up required. API access for developers — including bulk lookups and higher rate limits — requires a paid subscription. See our pricing page for details.
Absolutely. Domain age (from registered_on) is one of the strongest
fraud signals available — phishing and scam domains are overwhelmingly registered
within 30 days of their first use. Registrar reputation, nameserver patterns, and
presence of addPeriod status are also useful signals. For a complete
fraud scoring pipeline, combine WHOIS data with our
Fraud Detection API (VPN, proxy, Tor detection)
and Advanced Email Validation.
Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.
Contact SupportCustomize your experience with tailored plans that fit your IP security and geolocation needs.
Email Us