WHOIS Lookup: How to Find Who Owns Any Domain Name
Every domain name registered on the internet has an owner โ a person or organization that paid a registrar to hold that name. WHOIS is the protocol that makes this information publicly accessible. It is one of the internet's oldest investigative tools, predating the World Wide Web itself.
Whether you are researching a suspicious website, trying to contact a domain owner to negotiate a purchase, investigating potential trademark infringement, or managing your own domains, understanding WHOIS gives you the investigative capability to find the answers you need.
What Is WHOIS?
WHOIS (pronounced "who is") is a query-and-response protocol that retrieves records from databases of registered internet resources. Originally developed in the early 1980s at the Stanford Research Institute, it was designed to answer a simple question: who is responsible for this domain or IP address?
Every domain registrar is required to maintain WHOIS records for the domains they manage. When you register a domain, you provide contact information โ name, organization, address, phone number, and email โ that gets stored in the WHOIS database. Until 2018, this information was fully public. The GDPR changed that significantly (more on this below).
WHOIS records also exist for IP address blocks. Our IP Lookup tool uses WHOIS data to identify who owns a given IP address, which ISP or organization it belongs to, and its registration details.
What Information Does WHOIS Show?
A full WHOIS record contains several categories of information:
| Field | Description | Example |
|---|---|---|
| Domain Name | The queried domain | example.com |
| Registrar | Company where domain is registered | GoDaddy, Namecheap |
| Registration Date | When the domain was first created | 2010-03-15 |
| Expiration Date | When the domain expires | 2027-03-15 |
| Updated Date | Last modification to the record | 2026-01-10 |
| Name Servers | DNS servers handling the domain | ns1.example.com |
| Registrant Name | Owner's name (often redacted) | John Smith |
| Registrant Email | Owner's email (often redacted) | [email protected] |
| Admin Contact | Administrative contact info | Same or different person |
| Tech Contact | Technical contact | Hosting provider |
| Domain Status | Current operational status codes | clientTransferProhibited |
| DNSSEC | Whether DNSSEC is enabled | unsigned |
Post-GDPR, the registrant name and contact fields are frequently replaced with privacy-protected placeholders. Technical data โ dates, name servers, registrar โ remains publicly visible.
How to Do a WHOIS Lookup
Method 1: Use Our Online Tool
The fastest way is our WHOIS Lookup tool. Enter any domain name and get the full WHOIS record in seconds, formatted for easy reading without any command-line knowledge.
Method 2: Command Line (macOS / Linux)
The whois command is built into most Unix-based systems:
whois example.comFor IP address lookups:
whois 8.8.8.8Method 3: Windows Command Line
WHOIS is not built into Windows, but Microsoft offers a free Sysinternals tool:
whois.exe example.comDownload it from the official Microsoft Sysinternals page and place it anywhere in your PATH.
Method 4: RDAP (The Modern Replacement)
RDAP (Registration Data Access Protocol) is the modern successor to WHOIS. It returns the same information in structured JSON format, supports HTTPS, and has better internationalization support. Most domain registries now support both RDAP and traditional WHOIS. Our tool uses RDAP where available, falling back to WHOIS for registries that have not yet migrated.
How to Read WHOIS Results
Domain Status Codes
Status codes tell you what operations are currently permitted on the domain:
- clientTransferProhibited โ cannot be transferred to another registrar without owner action (very common, not a red flag)
- clientUpdateProhibited โ contact details cannot be changed without owner approval
- clientDeleteProhibited โ domain cannot be deleted without owner approval
- serverTransferProhibited โ the registry itself has locked the domain (standard for .com)
- pendingDelete โ domain is in the process of being released
- redemptionPeriod โ domain has expired and is in a brief grace period before public release
Registration Age as a Trust Signal
A domain registered very recently โ weeks or a few months ago โ combined with suspicious content is one of the strongest signals of a phishing or scam site. Legitimate businesses typically maintain domains for years. Always cross-reference registration age with our IP Lookup tool to see where the site is hosted.
Name Servers Reveal the Hosting Stack
Name servers in a WHOIS record often identify the hosting provider:
ns1.digitalocean.comโ hosted on DigitalOceanns1.cloudflare.comโ using Cloudflare as CDN or primary hostdns1.registrar-servers.comโ still using the registrar's default DNS (often a new or unconfigured domain)
For the full DNS picture โ A records, MX records, TXT records โ use our DNS Lookup tool alongside WHOIS.
WHOIS Privacy Protection
Domain privacy (also called WHOIS privacy or ID protection) is a service offered by most registrars. It replaces your personal contact information with the registrar's proxy details. Instead of your name, home address, and email appearing in public records, the registrar's privacy shield details appear.
Who benefits from domain privacy:
- Individual domain owners who do not want a home address publicly indexed and archived
- Bloggers, content creators, and freelancers operating under a personal name
- Anyone concerned about contact-harvesting spam
Limitations:
- Domain privacy does not make a registration truly anonymous โ the registrar holds the real data and must provide it in response to valid legal requests
- Some country-code TLD registries do not permit privacy protection for their extensions
- Commercial registrations with trademark obligations may have disclosure requirements
Domain privacy typically costs $1โ$15 per year per domain. Many modern registrars (Cloudflare Registrar, Porkbun, Namecheap) include it free of charge.
What GDPR Changed About Public WHOIS Data
The General Data Protection Regulation (GDPR), in effect since May 2018, fundamentally altered public WHOIS records. Because WHOIS data contains personal information of EU residents, registrars were required to restrict what they publish.
| Field | Pre-GDPR | Post-GDPR |
|---|---|---|
| Registrant name | Fully public | Usually redacted |
| Registrant email | Fully public | Usually redacted or proxied |
| Phone number | Fully public | Usually redacted |
| Postal address | Fully public | Usually redacted |
| Registration date | Public | Still public |
| Registrar name | Public | Still public |
| Name servers | Public | Still public |
| Domain status | Public | Still public |
This means finding the owner of a privacy-protected .com domain registered after 2018 is significantly harder than before. Registrars do maintain the full records and can provide them in response to legitimate legal requests โ intellectual property disputes, cybercrime investigations โ but they are not publicly accessible.
For country-code TLDs, rules vary by registry. Some (.uk, .eu) have adopted GDPR-aligned restrictions; others expose more data.
Practical Use Cases for WHOIS
| Use Case | What to Look For |
|---|---|
| Verify a website's legitimacy | Registration age, registrar reputation, hosting country |
| Contact an owner to buy a domain | Registrant email (if not redacted), registrar contact form |
| Investigate a phishing or scam site | Recently registered, privacy-protected, unusual registrar |
| Check if a desired domain is available | Registration status and expiration date |
| Cybersecurity research | IP and hosting correlation, registrant patterns across domains |
| Trademark investigation | Owner identity and registration timeline |
| Monitor domain expiry | Set reminders based on expiration date |
Limitations of WHOIS
Keep these constraints in mind when conducting WHOIS research:
- Privacy protection hides contacts โ most personal registrations now show only proxy data, especially for newer domains
- Accuracy is not guaranteed โ registrants are required to provide accurate information but verification is rare
- Historical data is not included โ current WHOIS shows only the present record; ownership history requires specialized tools
- Country-code TLDs use separate systems โ .uk domains are in Nominet's database; .de domains in DENIC's โ and each has its own access rules
- Propagation delay โ updates can take 24โ48 hours to appear after a registration change
For domains where WHOIS shows only privacy proxy data, complementary investigation approaches include checking SSL certificate details (which sometimes contain organization names), reviewing web archive snapshots, and running an IP Lookup on the hosting server.
Conclusion
WHOIS is a foundational internet tool that remains genuinely useful despite GDPR changes and the proliferation of privacy protection services. Understanding how to read and interpret a WHOIS record helps you verify websites, investigate suspicious domains, manage your own registrations, and conduct effective online research.
Bookmark our WHOIS Lookup tool for quick queries, and pair it with DNS Lookup and IP Lookup for a complete picture of any domain's infrastructure and ownership.
Related Articles
WhatIsMyLocation Team
Our team of network engineers and web developers builds and maintains 25+ free networking and location tools used by thousands of users every month. Every article is reviewed for technical accuracy using real-world testing with our own tools.
Related Articles
Try Our Location Tools
Find your IP address, GPS coordinates, and more with our free tools.