WHOIS Lookup Guide: What Domain Registration Data Reveals
WHOIS is the public registry of domain registration information. Every domain registered on the internet has a WHOIS record containing details about when it was registered, when it expires, which registrar manages it, and what nameservers it uses.
Understanding how to read WHOIS data is essential for domain management, security research, brand protection, and competitive intelligence.
Running a Quick WHOIS Lookup
The easiest way to look up any domain's registration data is with our free domain expiration checker. It queries RDAP and WHOIS databases and presents the results in a clean, readable format — no command-line knowledge needed.
For command-line users:
whois example.com
Or using RDAP directly:
curl -s https://rdap.verisign.com/com/v1/domain/example.com | jq .
What WHOIS Data Contains
Registration Dates
Every WHOIS record includes three key dates:
- Creation Date: When the domain was first registered. This is permanently set and never changes, even when the domain transfers between registrars.
- Updated Date: When the WHOIS record was last modified. This changes with renewals, transfers, contact updates, or nameserver changes.
- Expiry Date: When the domain registration expires. After this date, the domain enters grace and redemption periods before potentially being released. Check any domain's expiry instantly with the domain checker.
Registrar Information
The registrar is the company through which the domain was registered. WHOIS shows:
- Registrar name: GoDaddy, Namecheap, Cloudflare, etc.
- IANA ID: A unique identifier assigned by ICANN
- Abuse contact: Where to report problems with the domain
This information helps you identify where to go for renewals, transfers, or security issues.
Nameservers
Nameservers tell you where the domain's DNS is hosted. Common patterns:
ns1.cloudflare.com/ns2.cloudflare.com— DNS hosted at Cloudflarens-123.awsdns-45.com— DNS hosted at AWS Route53dns1.registrar-servers.com— DNS hosted at the registrar
Unexpected nameserver entries can indicate domain hijacking or unauthorized transfers.
Domain Status Codes
Status codes reveal the security posture of a domain:
- clientTransferProhibited: Transfer lock is enabled — the domain can't be transferred without explicit unlock
- clientDeleteProhibited: Delete protection is on — prevents accidental deletion
- clientUpdateProhibited: Update lock prevents unauthorized contact or nameserver changes
- serverTransferProhibited: Registry-level transfer lock (strongest protection)
A domain without these protections is vulnerable. The domain expiration checker shows these status codes so you can verify your domains are properly locked.
Registrant Contact (When Available)
Due to GDPR and privacy regulations, many WHOIS records now redact registrant contact information. Before GDPR (pre-2018), WHOIS records showed the full name, email, phone number, and physical address of the domain registrant.
Today you'll typically see:
- Redacted for privacy (GDPR-compliant registrars)
- Privacy/proxy service contact info
- Organization name (sometimes still visible)
WHOIS vs RDAP: The Modern Transition
WHOIS dates back to the 1980s. It returns unstructured text with inconsistent formatting. RDAP (Registration Data Access Protocol) is its replacement:
| Feature | WHOIS | RDAP |
|---|---|---|
| Data format | Free-form text | Structured JSON |
| Privacy | Inconsistent | GDPR-compliant by design |
| Authentication | None | Supports differentiated access |
| Internationalization | Limited | Full Unicode support |
| Reliability | Variable | Standardized responses |
Most modern domain lookup tools, including our domain checker, use RDAP when available. The transition is ongoing — some TLDs still only support traditional WHOIS.
Practical Uses for WHOIS Data
Domain Due Diligence
Before purchasing a domain, WHOIS reveals:
- How old the domain is (older domains may carry more SEO authority)
- Whether it's been recently transferred (could indicate a drop-catch)
- The current registrar (affects transfer complexity)
- Status codes (indicates how seriously the current owner manages it)
Brand Protection
Monitor WHOIS data for domains similar to your brand. New registrations of your-brand-support.com or yourbrand-login.com may indicate phishing attempts.
Security Investigation
When investigating suspicious emails or websites, WHOIS data provides:
- When the domain was created (phishing domains are often brand new)
- Which registrar hosts it (for abuse reports)
- Nameserver patterns (shared infrastructure with other suspicious domains)
Competitive Intelligence
WHOIS data on competitor domains reveals their registrar choices, DNS infrastructure, and domain portfolio management patterns.
Common WHOIS Lookup Mistakes
Trusting WHOIS as real-time data: WHOIS records are cached and updated periodically. The data you see might be hours or days old. For time-sensitive checks like expiration dates, use tools that query authoritative sources directly.
Ignoring status codes: Most people check expiration dates and stop. Status codes tell you whether the domain is actually protected against theft and accidental loss.
Not checking all variations: If you own example.com, also check example.net, example.org, and common typos. Squatters target these.
Relying on manual lookups: Running manual WHOIS commands works for spot checks but doesn't scale. For ongoing domain management, set up automated monitoring.
From Lookup to Monitoring
A WHOIS lookup gives you a snapshot. Domain monitoring gives you continuous protection.
Start by checking your domains with the free domain expiration checker to get the current state. Then set up monitoring through exit1.dev to receive automatic alerts when:
- A domain approaches expiration
- Status codes change unexpectedly
- Nameservers are modified
- Registration details are updated
The transition from manual lookups to automated monitoring is the difference between hoping you'll remember to check and knowing you'll be alerted.
Recommended Reading
- Free Domain Expiration Checker – Look up any domain's registration data instantly
- WHOIS to RDAP: Modern Domain Monitoring – How the transition affects your monitoring
- Registry Status Codes: Business Guide – Understanding domain protection status
- Domain Expiration: The Silent Killer – Why expiration monitoring matters
Morten Pradsgaard is the founder of exit1.dev — the free uptime monitor for people who actually ship. He writes no-bullshit guides on monitoring, reliability, and building software that doesn't crumble under pressure.