WHOIS Lookup: Complete Guide
WHOIS is a query and response protocol used to look up information about domain names, IP addresses, and autonomous systems. It provides valuable information about domain ownership, registration details, and network assignments. This guide explains everything you need to know about WHOIS lookups and how to use them effectively.
What is WHOIS?
WHOIS (pronounced "who is") is a protocol that allows you to query databases containing information about internet resources. When you perform a WHOIS lookup, you can discover who owns a domain name, when it was registered, when it expires, and contact information for the registrant.
What Information WHOIS Provides
For Domain Names: - Domain name - Registrar (company that registered the domain) - Registration date - Expiration date - Last updated date - Name servers - Domain status - Registrant contact information (may be redacted) - Administrative contact - Technical contact
For IP Addresses: - IP address range - Organization name - Country - Network name - Abuse contact - Registration date - Last updated date
How WHOIS Works
Query Process
- User initiates query - You enter domain or IP address
- Query sent to WHOIS server - Request goes to appropriate WHOIS database
- Database searched - Server looks up registration information
- Results returned - Information sent back to user
- Display results - Data presented in readable format
WHOIS Hierarchy
Domain WHOIS:
User Query → Registrar WHOIS Server → Registry WHOIS Server → Results
IP WHOIS:
User Query → Regional Internet Registry (RIR) → Results
Performing WHOIS Lookups
Online WHOIS Tools
Popular WHOIS lookup websites: - whois.com - who.is - whois.domaintools.com - icann.org/lookup - whois.net
How to use: 1. Visit WHOIS lookup website 2. Enter domain name or IP address 3. Click search/lookup 4. View results
Command Line WHOIS
Linux/macOS
Install WHOIS (if not installed): ```bash
Debian/Ubuntu
sudo apt install whois
macOS (usually pre-installed)
Or install via Homebrew
brew install whois ```
Basic usage: ```bash
Domain lookup
whois example.com
IP address lookup
whois 8.8.8.8
Specify WHOIS server
whois -h whois.verisign-grs.com example.com ```
Windows
Using PowerShell: ```powershell
Windows doesn't have built-in whois
Use online tools or install third-party tools
Alternative: Use web request
Invoke-WebRequest -Uri "https://www.whois.com/whois/example.com" ```
Install WHOIS tool: - Download Sysinternals WHOIS - Or use WSL (Windows Subsystem for Linux)
Programming Languages
Python
```python import whois
Domain lookup
domain = whois.whois('example.com') print(domain.registrar) print(domain.expiration_date) print(domain.name_servers) ```
PHP
```php
```
JavaScript (Node.js)
```javascript const whois = require('whois');
whois.lookup('example.com', function(err, data) { console.log(data); }); ```
Understanding WHOIS Results
Sample Domain WHOIS Output
Domain Name: EXAMPLE.COM
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.iana.org
Registrar URL: http://res-dom.iana.org
Updated Date: 2023-08-14T07:01:31Z
Creation Date: 1995-08-14T04:00:00Z
Registry Expiry Date: 2024-08-13T04:00:00Z
Registrar: RESERVED-Internet Assigned Numbers Authority
Registrar IANA ID: 376
Registrar Abuse Contact Email: abuse@iana.org
Registrar Abuse Contact Phone: +1.3108239358
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Name Server: A.IANA-SERVERS.NET
Name Server: B.IANA-SERVERS.NET
DNSSEC: signedDelegation
Key Fields Explained
Domain Status Codes
clientDeleteProhibited: - Domain cannot be deleted - Protection against unauthorized deletion
clientTransferProhibited: - Domain cannot be transferred to another registrar - Protection against unauthorized transfers
clientUpdateProhibited: - Domain information cannot be updated - Protection against unauthorized changes
clientHold: - Domain is on hold - Website won't resolve - Usually due to non-payment or legal issues
pendingDelete: - Domain is being deleted - Grace period before becoming available
redemptionPeriod: - Domain expired and in redemption - Can be restored for a fee - 30-day period typically
Name Servers
DNS servers that host the domain's DNS records:
Name Server: ns1.example.com
Name Server: ns2.example.com
These servers control where the domain points.
DNSSEC
Domain Name System Security Extensions: - signedDelegation: DNSSEC is enabled - unsigned: DNSSEC not enabled
Adds cryptographic signatures to DNS records for security.
Sample IP WHOIS Output
``` NetRange: 8.8.8.0 - 8.8.8.255 CIDR: 8.8.8.0/24 NetName: LVLT-GOGL-8-8-8 NetHandle: NET-8-8-8-0-1 Parent: NET8 (NET-8-0-0-0-0) NetType: Direct Allocation OriginAS: AS15169 Organization: Google LLC (GOGL) RegDate: 2014-03-14 Updated: 2014-03-14 Ref: https://rdap.arin.net/registry/ip/8.8.8.0
OrgName: Google LLC OrgId: GOGL Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2000-03-30 Updated: 2019-10-31 ```
WHOIS Privacy and GDPR
Privacy Protection
Domain Privacy/WHOIS Privacy: - Service offered by registrars - Hides personal information - Shows registrar's contact info instead - Protects against spam and identity theft
What's hidden: - Registrant name - Email address - Phone number - Physical address
What's still visible: - Registrar information - Registration dates - Name servers - Domain status
GDPR Impact
Since GDPR (General Data Protection Regulation) in 2018:
Changes: - Personal data redacted by default - Registrant information often hidden - Only registrar contact shown - Reduced public information
What you might see:
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service
Access to full data: - Legitimate legal requests - Law enforcement - Intellectual property disputes - Through RDAP (Registration Data Access Protocol)
Use Cases for WHOIS Lookups
Domain Research
Before buying a domain: - Check if domain is available - See when it expires - Find out who owns it - Contact owner for purchase
Domain history: - Previous owners - Age of domain - Registration patterns
Security and Fraud Prevention
Identify phishing sites: - Check domain registration date - Verify registrant information - Look for suspicious patterns - Recently registered domains
Investigate suspicious emails: - Look up sender's domain - Check registration details - Verify legitimacy
Cybersecurity research: - Track malicious domains - Identify attack infrastructure - Find related domains
Network Administration
IP address investigation: - Identify network owner - Find abuse contacts - Determine geographic location - Understand network allocation
Troubleshooting: - Verify DNS configuration - Check name servers - Identify network issues
Legal and Compliance
Trademark protection: - Monitor domain registrations - Identify infringement - Gather evidence
Legal disputes: - Find domain owner - Serve legal notices - UDRP (Uniform Domain-Name Dispute-Resolution Policy) proceedings
Business Intelligence
Competitor research: - Discover competitor domains - Track new registrations - Identify business expansion
Market research: - Industry domain trends - Geographic presence - Technology stack (via name servers)
WHOIS Servers by TLD
Generic TLDs (gTLDs)
| TLD | WHOIS Server | |-----|--------------| | .com | whois.verisign-grs.com | | .net | whois.verisign-grs.com | | .org | whois.pir.org | | .info | whois.afilias.net | | .biz | whois.biz | | .name | whois.nic.name |
Country Code TLDs (ccTLDs)
| TLD | Country | WHOIS Server | |-----|---------|--------------| | .uk | United Kingdom | whois.nic.uk | | .de | Germany | whois.denic.de | | .fr | France | whois.nic.fr | | .jp | Japan | whois.jprs.jp | | .cn | China | whois.cnnic.cn | | .au | Australia | whois.auda.org.au |
New gTLDs
| TLD | WHOIS Server | |-----|--------------| | .app | whois.nic.google | | .dev | whois.nic.google | | .blog | whois.nic.blog | | .shop | whois.nic.shop | | .online | whois.nic.online |
Regional Internet Registries (RIRs)
For IP address WHOIS lookups:
ARIN (American Registry for Internet Numbers): - Region: North America - WHOIS: whois.arin.net - Website: arin.net
RIPE NCC (Réseaux IP Européens Network Coordination Centre): - Region: Europe, Middle East, parts of Central Asia - WHOIS: whois.ripe.net - Website: ripe.net
APNIC (Asia-Pacific Network Information Centre): - Region: Asia-Pacific - WHOIS: whois.apnic.net - Website: apnic.net
LACNIC (Latin America and Caribbean Network Information Centre): - Region: Latin America and Caribbean - WHOIS: whois.lacnic.net - Website: lacnic.net
AFRINIC (African Network Information Centre): - Region: Africa - WHOIS: whois.afrinic.net - Website: afrinic.net
Advanced WHOIS Techniques
Bulk WHOIS Lookups
Use cases: - Domain portfolio management - Security research - Competitive analysis
Tools: - WhoisXML API - DomainTools - Custom scripts
Rate limiting: - Most WHOIS servers limit queries - Typically 1-10 queries per second - Respect rate limits to avoid blocking
Reverse WHOIS
Search for domains by registrant information:
Find domains owned by: - Specific person - Organization - Email address
Tools: - DomainTools Reverse WHOIS - WhoisXML API - ViewDNS.info
Use cases: - Find all domains owned by company - Track domain portfolios - Identify related properties
Historical WHOIS
View past WHOIS records:
Information available: - Previous owners - Registration history - Changes over time - Deleted domains
Tools: - DomainTools WHOIS History - WhoisXML API Historic - Archive.org (limited)
WHOIS Monitoring
Track changes to domain WHOIS records:
Monitor for: - Ownership changes - Expiration dates - Name server changes - Status updates
Tools: - DomainTools Monitoring - WhoisXML API Brand Alert - Custom monitoring scripts
WHOIS Alternatives and Complements
RDAP (Registration Data Access Protocol)
Modern replacement for WHOIS:
Advantages: - Standardized JSON format - Better internationalization - More structured data - RESTful API
Example:
https://rdap.arin.net/registry/ip/8.8.8.8
DNS Lookup
Complement WHOIS with DNS information:
bash
dig example.com
nslookup example.com
host example.com
SSL Certificate Information
Check SSL certificates for ownership details:
bash
openssl s_client -connect example.com:443 | openssl x509 -noout -text
Online tools: - crt.sh - censys.io - SSLLabs
Troubleshooting WHOIS Lookups
Common Issues
"No match" or "Not found"
Causes: - Domain doesn't exist - Domain not registered - Typo in domain name - Wrong WHOIS server
Solutions: - Verify domain spelling - Check if domain is registered - Try different WHOIS server
Rate Limiting
Symptoms: - "Too many requests" - Temporary blocks - Connection refused
Solutions: - Slow down queries - Use different WHOIS server - Wait before retrying - Use paid WHOIS API
Incomplete Information
Causes: - GDPR/privacy protection - Redacted data - Registrar policy
Solutions: - Contact registrar directly - Use RDAP - Legal request if justified
Timeout Errors
Causes: - Server overload - Network issues - Firewall blocking
Solutions: - Try again later - Use different server - Check network connection
WHOIS Best Practices
For Domain Owners
1. Keep information updated - Ensure contact details are current - Update when changing email/phone - Maintain accurate registrant info
2. Enable auto-renewal - Prevent accidental expiration - Avoid domain loss - Maintain continuous ownership
3. Consider privacy protection - Reduce spam - Protect personal information - Balance privacy with accessibility
4. Monitor your domains - Check WHOIS regularly - Watch for unauthorized changes - Set up alerts
For Researchers
1. Respect rate limits - Don't overwhelm servers - Space out queries - Use appropriate tools
2. Verify information - Cross-reference multiple sources - Check historical data - Validate findings
3. Understand limitations - Privacy protection hides data - Information may be outdated - Not all data is public
4. Use appropriate tools - Command line for simple lookups - APIs for bulk queries - Specialized tools for research
Legal and Ethical Considerations
Acceptable Use
Legitimate uses: - Domain research before purchase - Security investigations - Network troubleshooting - Legal compliance
Prohibited uses: - Harvesting for spam - Stalking or harassment - Unauthorized marketing - Identity theft
Privacy Concerns
Be aware: - WHOIS data can reveal personal information - Use responsibly - Respect privacy - Follow applicable laws
Terms of Service
Most WHOIS services prohibit: - Commercial use without permission - Automated bulk queries - Data mining for marketing - Reselling WHOIS data
Conclusion
WHOIS is an essential tool for domain research, security investigations, and network administration. While GDPR and privacy protections have reduced publicly available information, WHOIS remains valuable for legitimate research and security purposes.
Related Articles
DNS and Lookup Tools
- DNS Servers - DNS fundamentals
- Reverse DNS - IP to hostname lookup
- IP Lookup - IP information lookup
- What Is My IP? - Check your IP
Security and Investigation
- IP Reputation - IP reputation checks
- IP Blacklisting - Blacklist checks
- IP Evidence - Digital forensics
- Network Scanning - Reconnaissance
Privacy
- GDPR IP Addresses - Privacy regulations
- IP Location Privacy - Privacy concerns
- Hide IP Address - Privacy protection
Explore More
- Tools & Utilities - Diagnostic tools hub
- Security & Privacy - Security resources
Key takeaways: - WHOIS provides registration information for domains and IP addresses - Multiple methods exist: online tools, command line, APIs - GDPR has limited publicly available personal data - Use WHOIS responsibly and respect rate limits - Combine with other tools (DNS, SSL certificates) for complete picture - Essential for security research, domain management, and troubleshooting - Privacy protection services hide personal information - RDAP is the modern successor to WHOIS
Whether you're researching a domain purchase, investigating security threats, or managing your domain portfolio, understanding WHOIS lookups empowers you to gather critical information about internet resources effectively and responsibly.
