whois2.seo.header
whois2.seo.description
Try these domains:
Registrar
Who manages the domain
Dates
Created, updated, expires
Nameservers
DNS configuration
Status
Lock & protection flags
Use cases
$ checkhost monitor --type whois --interval 30s
Need continuous whois monitoring?
Monitor 24/7 from 15 locations. Instant alerts on Telegram, Discord, Slack & more.
About
What Is WHOIS? The Complete Guide to Domain Registration Lookup
WHOIS is a query-response protocol defined in RFC 3912 that provides registration information about domain names, IP addresses, and autonomous systems. Originally developed in the early days of ARPANET, WHOIS has been the standard method for looking up domain ownership since 1982. Today, WHOIS databases are maintained by domain registrars, registries (like Verisign for .com), and Regional Internet Registries (RIRs) for IP address blocks. A WHOIS lookup reveals critical information about any domain: the registrant (owner) name and organization, the registrar that manages the domain (e.g., GoDaddy, Namecheap, Cloudflare), the registration date (when the domain was first created), the expiration date (when it must be renewed or it will be released), the last updated date, the nameservers that handle DNS for the domain, and EPP status codes that indicate the domain's current state. CheckHost queries WHOIS databases in real-time, parsing and structuring the raw WHOIS data into a clean, readable format. Unlike many WHOIS tools that only query a single database, we follow the WHOIS referral chain: first querying the root WHOIS server for the TLD, then following the referral to the registrar's WHOIS server for complete details. WHOIS data is publicly accessible by design — it exists to provide transparency about internet resource allocation. However, since the EU's General Data Protection Regulation (GDPR) took effect in May 2018, registrars must redact personal data for EU-based registrants. This means many WHOIS records now show 'REDACTED FOR PRIVACY' instead of personal details. The RDAP (Registration Data Access Protocol) is gradually replacing WHOIS as a more structured, standardized alternative that better supports access controls and internationalized data. Understanding WHOIS data is essential for domain investors evaluating purchase opportunities, cybersecurity professionals investigating phishing or malware domains, brand protection teams monitoring trademark infringement, SEO specialists assessing domain authority and history, legal professionals gathering evidence for IP disputes, and system administrators verifying DNS configurations.
Usage
How to Perform a WHOIS Lookup With CheckHost
Enter a domain name (e.g., example.com, mysite.org) or IP address in the search field. Do not include http://, https://, or URL paths — just the bare domain or IP.
Select 'WHOIS' from the tool tabs and click Check to query the WHOIS database. CheckHost follows the WHOIS referral chain automatically to get the most complete data.
Review the structured results: registrar name, registration date, expiration date, last updated date, and nameservers are highlighted at the top for quick reference.
Check the EPP domain status codes: clientTransferProhibited means the domain is transfer-locked (a security feature). serverHold means the registry has suspended the domain. pendingDelete means the domain is about to be released.
Examine the raw WHOIS output below the structured data for additional details like DNSSEC status, registrar abuse contact, and the full registrant organization (if not privacy-protected).
If registrant details show a privacy service (e.g., 'WhoisGuard', 'Domains By Proxy', 'Contact Privacy Inc.'), the domain uses WHOIS privacy protection — this is standard practice and not suspicious.
Compare nameservers with what you expect: if your domain shows unexpected nameservers, your DNS may have been changed without authorization — a potential security incident.
FAQ
Frequently Asked Questions
What information does a WHOIS lookup show?
A WHOIS query returns: the domain name and its registrar (the company managing the registration), the registration date (when the domain was first created), the expiration date (when renewal is required), the last updated date, nameservers (DNS configuration pointing to where the domain's records are hosted), EPP status codes indicating the domain's state, and registrant/admin/tech contact information. For privacy-protected domains, contact details are replaced with the privacy service's information. The exact fields vary by TLD — .com domains (managed by Verisign) show different fields than country-code TLDs like .uk or .de.
What does 'clientTransferProhibited' mean?
clientTransferProhibited is an EPP (Extensible Provisioning Protocol) status code that prevents unauthorized domain transfers between registrars. It means the current registrar will reject any incoming transfer requests unless the domain owner explicitly removes this lock. Other common status codes include: clientDeleteProhibited (domain cannot be deleted), clientUpdateProhibited (domain settings cannot be modified), serverHold (domain suspended by the registry — stops DNS resolution), pendingDelete (domain is in the deletion queue and will soon be available for re-registration), and redemptionPeriod (domain expired but can still be recovered by the original owner for a fee).
How can I check when a domain expires?
Look at the 'Registry Expiry Date' or 'Expiration Date' field in the WHOIS results. This shows exactly when the domain registration expires. If the date is within 30-90 days, the domain is at risk of expiring if the owner forgets to renew. After the expiration date, domains typically go through a 30-day grace period (can still be renewed at normal price), then a 30-day redemption period (can be recovered for a premium fee of $80-200+), then a 5-day pending delete period, before finally being released for public registration. CheckHost's domain monitoring service can track expiry dates and alert you automatically.
Why is WHOIS registrant information hidden or redacted?
WHOIS privacy protection (also called domain privacy, proxy registration, or ID protection) replaces the registrant's personal details with those of a privacy service. There are two main reasons this happens: (1) the domain owner opted into privacy protection through their registrar to prevent spam, social engineering, identity theft, and domain hijacking, and (2) GDPR and similar privacy regulations require registrars to redact personal data for residents of the EU, UK, and other privacy-regulated jurisdictions. This is completely legal, extremely common (most new registrations use privacy by default), and does not indicate anything suspicious about the domain.
What is RDAP and how is it different from WHOIS?
RDAP (Registration Data Access Protocol) is the modern replacement for WHOIS, standardized by the IETF. Key differences: RDAP returns structured JSON data instead of plain text, making it machine-readable and consistent across registrars. RDAP supports fine-grained access controls, so registrars can show different information to authenticated vs. anonymous users. RDAP supports internationalized domain names (IDNs) and non-ASCII contact data natively. RDAP uses HTTPS, providing encrypted connections. ICANN mandated that all registries and registrars support RDAP alongside WHOIS. CheckHost supports both protocols and will automatically use the best available source.
Can I do a WHOIS lookup on an IP address?
Yes. IP WHOIS queries the Regional Internet Registries (RIRs) that manage IP address allocation: ARIN (North America), RIPE NCC (Europe/Middle East), APNIC (Asia-Pacific), LACNIC (Latin America), and AFRINIC (Africa). An IP WHOIS shows which organization owns the IP block, the allocated range (CIDR notation), the network name and ASN, abuse contact information, and allocation dates. This is useful for investigating suspicious traffic, identifying hosting providers, and reporting abuse.
Is WHOIS lookup legal?
Yes. WHOIS data is publicly accessible by design — domain registries are required to maintain these databases as part of their agreement with ICANN. Performing a WHOIS lookup is legal in all jurisdictions. However, using WHOIS data for mass marketing, spam, or harassment may violate anti-spam laws and the registrar's terms of service. Many registries also rate-limit WHOIS queries to prevent bulk data harvesting.
What are thick vs. thin WHOIS records?
A thick WHOIS record contains all registration data in the registry's database — both the registrar information and the registrant contact details. A thin WHOIS record only contains basic data at the registry level (registrar name, nameservers, status) and requires a second query to the registrar's WHOIS server for contact details. The .com and .net registries used thin WHOIS until 2019, when they transitioned to thick WHOIS. Most newer TLDs use thick WHOIS exclusively. CheckHost handles both automatically.
How often is WHOIS data updated?
WHOIS data updates when the domain registration changes: when it's first registered, when it's renewed, when DNS or contact details are modified, or when it's transferred to a new registrar. After a change, the registry typically updates within minutes, but some registrars cache WHOIS data for up to 24 hours. If you just made a change and it's not reflected, wait a few hours and check again.
How to find out who owns a specific website?
Enter the domain name (without http://) in our WHOIS lookup tool. If the registrant uses privacy protection, you won't see their personal details — but you can: check the registrar's abuse contact to report issues, look for a contact page on the website itself, search for the domain in public business registries, or check ICANN's WHOIS lookup (lookup.icann.org) which may show different details. For legal matters, courts can compel registrars to reveal the registrant's identity behind privacy protection.