🔎 WHOIS Domain Lookup

Who owns this domain? Type whois example.com-style — get the domain owner, registrar, registration and expiry dates, nameservers, DNSSEC, and status flags in one screen. Modern RDAP (JSON WHOIS) — faster and more reliable than the legacy 1980s WHOIS protocol.

Try: google.com github.com cloudflare.com mozilla.org wikipedia.org
⚙️
Querying RDAP…
Copied

Who owns this domain?

You just typed something like whois google.com or "who owns example.com" into a search bar and landed here. This is the tool that answers exactly that question. It queries the domain's official registration record (WHOIS) and gives you the domain owner, the registrar the domain is registered through, the creation and expiry dates, the nameservers, the DNSSEC status, and any registry-level status flags — all in one screen.

Under the hood the tool uses RDAP — the Registration Data Access Protocol (RFC 9083) — which is the modern JSON-native replacement for the 1980s-era WHOIS protocol. Every gTLD registry now supports RDAP, and the public bootstrap service at rdap.org routes each query to the authoritative registry. That's why this WHOIS domain lookup returns results in ~200 ms with clean structured data, instead of the messy free-form text you'd get from the old whois command line.

How to look up who owns a domain

Just paste the domain name into the box at the top of this page and click Look up. That's it. You can use any of these formats:

  • example.com
  • www.example.com (we strip the www.)
  • https://example.com/some/path (we extract the domain)
  • Unicode / IDN domain names like café.fr — automatically converted to punycode

The historical way to run a WHOIS domain search was from a Unix command line: whois example.com. That still works if you're comfortable in a terminal, but the output is unstructured text that changes format across every TLD and registrar. This browser-based WHOIS lookup gives you the same data — cleanly parsed, cross-linked to related diagnostic tools, and available from any device with a browser.

What a WHOIS lookup shows you

Everything runs server-side (RDAP endpoints require CORS-allowed origins that aren't yours), but nothing is stored — the record is returned to your browser and forgotten. Each lookup shows you every field the registry publishes, in a clean layout:

📅 Dates

  • Registration — when the domain was first registered.
  • Expiration — when the current registration expires. The tool highlights domains expiring soon (amber < 30 days, red < 7 days).
  • Last changed — when the record was last updated at the registry.

🏢 Registrar

Name, IANA ID, homepage URL, and abuse contact (email + phone) as required by ICANN policy.

🌐 Nameservers

The authoritative NS records at the registry level. These are the DNS servers responsible for resolving the domain — cross-check with the actual live NS records via DNS Lookup.

🔒 DNSSEC

Whether the domain is signed with DNSSEC at the registry level. Signed domains protect against certain DNS spoofing attacks.

🏷️ Status flags

ICANN-standardized status codes like clientTransferProhibited (registrar blocks transfer — safe default) or serverHold (registry has suspended DNS — usually payment or legal issues). Each flag is shown with a plain-English explanation.

👤 Contacts

Registrant, admin, tech, and billing contacts if the registrar publishes them. Since GDPR (2018), most gTLD registries redact personal contact info by default — you will typically see only the registrar and abuse contact.

Who is a domain registered to?

When you're trying to find the owner of a domain, the WHOIS record is the authoritative source — it's the entry the registrar has to publish per ICANN policy. Depending on when the domain was registered and whether the registrar respects privacy law, the "registrant" field will show either:

  • The person or company that registered the domain (name, org, email, phone, address)
  • A privacy service like Domains By Proxy, Withheld for Privacy, or Redacted for Privacy — the registrar's paid or free privacy shield
  • Just the word "REDACTED" — since GDPR (2018), most gTLD registries redact personal data by default even without a privacy service

If the registrant is redacted and you genuinely need to reach the owner, the abuse contact (also shown by this WHOIS domain lookup) is the ICANN-required forwarding address. Send your message to abuse@theregistrar and the registrar will forward it to the owner if warranted.

How to find the domain owner behind a website

The workflow to find a domain owner is usually:

  1. Type the domain into this WHOIS lookup — check the registrant field first.
  2. If redacted, note the registrar's name and their abuse email — that's your contact path.
  3. Cross-check the nameservers — if they point at a shared host like Cloudflare, Squarespace, or Shopify, the operator is often that platform's user (not the platform itself).
  4. Use DNS Lookup to see the actual A / MX / TXT records — a corporate MX (Google Workspace, Microsoft 365) will reveal the operator's real email domain.
  5. For public-benefit records (trademark disputes, UDRP cases, law enforcement), the registrar can be compelled to reveal registrant data.

WHOIS lookup vs domain lookup vs DNS lookup — what's the difference?

These terms get used interchangeably but they answer different questions:

  • WHOIS lookup / WHOIS domain lookup — who owns the domain, when it was registered, when it expires, who to contact. This is registration data from the registry.
  • DNS lookup — what IP address, mail server, and other technical records the domain points at. This is operational data from the DNS system. Use our DNS Lookup for this.
  • Domain lookup (informal) — often used to mean either of the above; ambiguous. Most people who search "domain lookup" want a WHOIS lookup.

Rule of thumb: WHOIS tells you the human information (who, when, expiry); DNS tells you the technical routing (where, how). Both live at different layers of internet infrastructure.

RDAP vs legacy WHOIS

Legacy WHOIS is a plain-text protocol from 1982 where every registrar returns free-form text in whatever format they like. RDAP standardizes everything: JSON responses over HTTPS, consistent field names across registries, machine-parseable events and status codes, and proper HTTP status codes for "not found" vs "server error". Every major registry migrated between 2015 and 2024. This tool uses RDAP exclusively.

Privacy & rate limits

Requests are rate-limited to 30 per minute per IP, 12-second timeout. No queries are stored. The rdap.org bootstrap service and the authoritative registry may keep their own logs — nothing this tool can control.

Frequently asked questions

RDAP (Registration Data Access Protocol, RFC 9083) is the modern JSON-native replacement for the 1980s WHOIS protocol. Every gTLD registry supports it. Returns structured data over HTTPS with standardized field names.
Paste the domain into this WHOIS domain lookup. The tool queries the authoritative registration record and shows the registrant (if published), registrar, dates, nameservers, and abuse contact. If the registrant is redacted (common since GDPR 2018), use the abuse contact to reach the owner.
A WHOIS lookup queries the official registration record for a domain — who registered it, through which registrar, when it was registered, when it expires, and which nameservers it uses. This tool uses modern RDAP (JSON WHOIS) which returns clean structured data faster than legacy WHOIS.
A WHOIS lookup shows who owns the domain and its registration data. A DNS lookup shows the technical routing — A records, MX mail servers, nameservers. Both live at different infrastructure layers.
Since GDPR (2018), most registrars redact personal contact info by default. You will typically see the registrar contact and abuse email, plus dates, flags, and nameservers. This is expected — not an error.
Most ccTLDs now publish RDAP endpoints. A few (like .de) return limited fields per local policy. The bootstrap service routes each query to the authoritative registry.
A registrar-set status flag that prevents transfer to another registrar. It is the safe default and does NOT mean anything is wrong. The tool explains every flag it shows in plain English.