WHOIS Lookup Tool
Domain Registration
Intelligence.
Look up the full WHOIS record for any domain. See the registrar, registration and expiry dates, nameservers, and EPP status codes in a clean, structured view. Includes a developer JSON API.
What Is WHOIS?
WHOIS is the global directory of domain registrations. Every time a domain is registered, key details are logged with the registry — and WHOIS lets you query that record.
Global Registry
WHOIS is maintained by ICANN and individual registries (Verisign for .com, RIPE for European IPs, ARIN for North American IPs). It's the authoritative source of domain ownership records — or what ownership data registries are permitted to share.
What WHOIS Contains
A WHOIS record includes the registrar name, registration and expiry dates, last update timestamp, nameservers, and EPP status codes. Contact details (registrant, admin, tech) have been widely redacted since GDPR (2018) for privacy protection.
Why WHOIS Matters
Security researchers use WHOIS to trace malicious domains, fraud analysts use it to assess domain age and registrar reputation, and developers use it to verify domain ownership and detect newly registered high-risk domains.
WHOIS vs RDAP
RDAP (Registration Data Access Protocol) is the modern successor to WHOIS. It returns structured JSON instead of plain text and supports richer authentication. Many registries now offer both. Our API returns WHOIS data parsed into structured JSON — giving you RDAP-style output from the traditional WHOIS pipeline.
Privacy & GDPR
Since May 2018, most gTLD registrars redact registrant contact details (name, email, phone, address) under GDPR. Country-code TLDs (ccTLDs) have their own rules — some publish full records, others nothing at all. Fields that are redacted will show as "Redacted for privacy" in our output rather than empty.
How to Read a WHOIS Record
WHOIS records use standardised field names but vary by registry. Here's what each field means in plain English.
| Field | What It Means | Fraud Signal? |
|---|---|---|
Registrar |
The accredited company through which the domain was registered (e.g. GoDaddy, Namecheap, Cloudflare Registrar). | Low-cost, obscure, or offshore registrars are overrepresented in fraudulent domain registrations. |
Creation Date |
The date the domain was first registered. Domains registered in the last 30 days are statistically riskier. | Yes — newly registered domains are a top fraud signal. Pair with our Domain Age Checker. |
Expiry Date |
The date the current registration period ends. After this date the domain may be available for re-registration. | Domains expiring very soon may be abandoned or about to be drop-caught. |
Updated Date |
The last time the WHOIS record was modified — often triggered by registrar changes, nameserver updates, or renewals. | A very recent update on an old domain may indicate account takeover or preparation for fraud. |
Name Servers |
The DNS servers authoritative for this domain. They control where the domain's traffic is routed. | Nameservers shared with many other high-risk domains can indicate bulletproof hosting. |
Domain Status |
EPP (Extensible Provisioning Protocol) codes describing what operations are allowed on the domain right now. | A domain without clientTransferProhibited is easier to hijack via unauthorised transfer. |
Registrant / Admin / Tech |
Contact details for the domain owner and technical contacts. Widely redacted since GDPR 2018. | When visible, mismatched registrant names or generic email addresses are fraud signals. |
Common WHOIS Status Codes
Domain is active with no restrictions. Normal state for a live domain.
Domain is locked at the registrar level against being transferred to another registrar.
Domain cannot be deleted by the registrar. Common on important domains as a safety measure.
Transfer is prohibited at the registry level — a stronger lock than client-level restrictions.
Domain is scheduled for deletion and will become available for registration within 5 days.
Domain has expired and entered a grace period. The registrant can still recover it at a premium price.
Domain has been suspended by the registrar — DNS is not resolving. Often due to non-payment or abuse reports.
Domain was registered very recently (within the 5-day add grace period). High-risk signal for abuse detection.
WHOIS Lookup API
Integrate WHOIS lookups directly into your application. Returns structured JSON — no WHOIS parsing required on your end.
GET /api/v1/dns/whois/{domain}
curl "https://ip-api.io/api/v1/dns/whois/example.com"
{
"domain": "example.com",
"registrar": {
"name": "RESERVED-Internet Assigned Numbers Authority",
"url": "http://res-dom.iana.org",
"iana_id": "376"
},
"registered_on": "1995-08-14",
"expires_on": "2025-08-13",
"updated_on": "2023-08-14",
"name_servers": [
"a.iana-servers.net",
"b.iana-servers.net"
],
"status": [
{
"code": "clientDeleteProhibited",
"humanized": "Domain locked against deletion"
},
{
"code": "clientTransferProhibited",
"humanized": "Domain locked against transfer"
}
],
"raw": "Domain Name: EXAMPLE.COM
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
..."
}
GET /api/v1/dns/whois/{domain}
const response = await fetch("https://ip-api.io/api/v1/dns/whois/example.com");
const data = await response.json();
console.log(data.domain); // "example.com"
console.log(data.registrar?.name); // "RESERVED-Internet Assigned Numbers Authority"
console.log(data.registered_on); // "1995-08-14"
console.log(data.expires_on); // "2025-08-13"
console.log(data.name_servers.join(', '));
for (const s of data.status) {
console.log(`${s.code} — ${s.humanized}`);
}
{
"domain": "example.com",
"registrar": {
"name": "RESERVED-Internet Assigned Numbers Authority",
"url": "http://res-dom.iana.org",
"iana_id": "376"
},
"registered_on": "1995-08-14",
"expires_on": "2025-08-13",
"updated_on": "2023-08-14",
"name_servers": [
"a.iana-servers.net",
"b.iana-servers.net"
],
"status": [
{
"code": "clientDeleteProhibited",
"humanized": "Domain locked against deletion"
},
{
"code": "clientTransferProhibited",
"humanized": "Domain locked against transfer"
}
],
"raw": "Domain Name: EXAMPLE.COM
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
..."
}
GET /api/v1/dns/whois/{domain}
import requests
response = requests.get("https://ip-api.io/api/v1/dns/whois/example.com")
data = response.json()
print(data["domain"]) # example.com
print(data["registrar"]["name"]) # RESERVED-Internet Assigned Numbers Authority
print(data["registered_on"]) # 1995-08-14
print(data["expires_on"]) # 2025-08-13
print(", ".join(data["name_servers"]))
for s in data["status"]:
print(f"{s['code']} — {s['humanized']}")
{
"domain": "example.com",
"registrar": {
"name": "RESERVED-Internet Assigned Numbers Authority",
"url": "http://res-dom.iana.org",
"iana_id": "376"
},
"registered_on": "1995-08-14",
"expires_on": "2025-08-13",
"updated_on": "2023-08-14",
"name_servers": [
"a.iana-servers.net",
"b.iana-servers.net"
],
"status": [
{
"code": "clientDeleteProhibited",
"humanized": "Domain locked against deletion"
},
{
"code": "clientTransferProhibited",
"humanized": "Domain locked against transfer"
}
],
"raw": "Domain Name: EXAMPLE.COM
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
..."
}
GET /api/v1/dns/whois/{domain}
require "net/http"
require "json"
uri = URI("https://ip-api.io/api/v1/dns/whois/example.com")
data = JSON.parse(Net::HTTP.get(uri))
puts data["domain"] # example.com
puts data["registrar"]["name"] # RESERVED-Internet Assigned Numbers Authority
puts data["registered_on"] # 1995-08-14
puts data["expires_on"] # 2025-08-13
puts data["name_servers"].join(", ")
{
"domain": "example.com",
"registrar": {
"name": "RESERVED-Internet Assigned Numbers Authority",
"url": "http://res-dom.iana.org",
"iana_id": "376"
},
"registered_on": "1995-08-14",
"expires_on": "2025-08-13",
"updated_on": "2023-08-14",
"name_servers": [
"a.iana-servers.net",
"b.iana-servers.net"
],
"status": [
{
"code": "clientDeleteProhibited",
"humanized": "Domain locked against deletion"
},
{
"code": "clientTransferProhibited",
"humanized": "Domain locked against transfer"
}
],
"raw": "Domain Name: EXAMPLE.COM
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
..."
}
WHOIS Lookup FAQs
Everything you need to know about WHOIS lookups and domain registration data.
What is a WHOIS lookup?
A WHOIS lookup queries the global registry of domain registrations maintained by ICANN and individual domain registries. It returns the registrar, registration and expiry dates, nameservers, EPP status codes, and (where not redacted) registrant contact details. WHOIS data is public record — anyone can query it.
How do I perform a WHOIS lookup for a domain?
Enter any domain name in the lookup tool above and click Look Up.
For programmatic access, use
GET https://ip-api.io/api/v1/dns/whois/{domain} which returns structured JSON.
On the command line, you can also run whois example.com.
Why are some WHOIS fields hidden or redacted?
Since GDPR came into effect in May 2018, most gTLD registrars (those handling .com, .net, .org, and other generic TLDs) are required to redact personal contact details — registrant name, email, phone number, and postal address. These fields now show as "Redacted for privacy" or similar. Technical data like dates, nameservers, and status codes remain public. Country-code TLDs (ccTLDs) have their own rules per jurisdiction.
What's the difference between WHOIS and RDAP?
WHOIS is the original protocol — it returns plain text output over port 43. RDAP (Registration Data Access Protocol) is its modern replacement — it returns structured JSON over HTTPS and supports authentication, internationalized domain names, and richer data models. Many registries now support both. Our API parses traditional WHOIS output and returns it as structured JSON, giving you the convenience of RDAP from the traditional pipeline.
Can I do a WHOIS lookup for an IP address?
Yes — WHOIS also covers IP address blocks, querying the Regional Internet Registries (ARIN for North America, RIPE NCC for Europe, APNIC for Asia-Pacific, LACNIC for Latin America, AFRINIC for Africa). IP WHOIS returns the organisation assigned a block of IP addresses. Our current tool focuses on domain WHOIS; for IP intelligence use our Fraud Detection API or What Is My IP tool.
How often does WHOIS data update?
WHOIS registries update in near-real-time when domain records change (registration, renewal, nameserver update, transfer). However, WHOIS servers can have their own caching layers introducing delays of minutes to hours. Our tool caches results for 24 hours per domain since WHOIS data changes infrequently and registrars rate-limit queries. For near-real-time monitoring use the API and bypass caching on a schedule.
Is your WHOIS lookup tool free?
Yes, the interactive WHOIS lookup tool on this page is completely free with no sign-up required. API access for developers — including bulk lookups and higher rate limits — requires a paid subscription. See our pricing page for details.
Can I use WHOIS data for fraud detection?
Absolutely. Domain age (from registered_on) is one of the strongest
fraud signals available — phishing and scam domains are overwhelmingly registered
within 30 days of their first use. Registrar reputation, nameserver patterns, and
presence of addPeriod status are also useful signals. For a complete
fraud scoring pipeline, combine WHOIS data with our
Fraud Detection API (VPN, proxy, Tor detection)
and Advanced Email Validation.
Simple, transparent pricing
Start small, scale as you grow. No hidden fees.
Full WHOIS records for any domain
Registrar, registration date, expiry, nameservers, and EPP status codes — structured and returned in one API call.