What is WHOIS? Complete Guide with Examples
WHOIS is a protocol and database system for querying information about registered domain names, IP address blocks, and autonomous systems. A WHOIS lookup reveals the domain registrant's name and contact information (unless privacy-protected), registration and expiration dates, nameserver configuration, registrar details, and domain status codes. WHOIS data is maintained by domain registrars and accessible through WHOIS lookup tools.
How Does WHOIS Work?
When a domain is registered, the registrar collects and stores registrant information (name, organization, email, phone, address) in a WHOIS database. This data is accessible via the WHOIS protocol (port 43) or web-based lookup tools. The query goes to the appropriate WHOIS server based on the TLD (.com → Verisign's WHOIS, .org → PIR's WHOIS). ICANN requires registrars to maintain accurate WHOIS data, though GDPR has led to redacted WHOIS records for EU registrants. RDAP (Registration Data Access Protocol) is gradually replacing WHOIS with a structured JSON API.
Key Features
- Domain registrant contact information (when not privacy-protected)
- Registration, creation, update, and expiration dates for domain lifecycle tracking
- Nameserver configuration showing current DNS provider
- Registrar identification and transfer status
- Domain status codes (clientTransferProhibited, serverHold, etc.) indicating domain state
Common Use Cases
Domain Research
Before acquiring a domain, buyers check WHOIS to verify ownership, see when it expires, determine if it's available for transfer, and contact the current owner for purchase negotiations.
Brand Protection
Companies monitor WHOIS registrations for domains similar to their brand names (typosquatting, cybersquatting) and take action through UDRP (Uniform Domain-Name Dispute-Resolution Policy).
Security Investigation
Security researchers use WHOIS to investigate phishing domains, identify who registered suspicious domains, and track threat actor infrastructure across multiple domains.