Whois Checker
Enter a URL
About Whois Checker
You receive an email from a domain you do not recognise. It claims to be a supplier, a partner, or a legal entity. The website looks professional. Before you reply, before you click any link, before you trust a single thing it says — one question matters more than any other: who actually registered this domain, when, and through which registrar?
That question is what the DigitalSub Pro Whois Checker answers. Enter any domain name and the tool returns its complete public WHOIS record — the registration data that every domain is required to file with ICANN when it is registered. You see the exact creation date, the expiry date, the registrar who manages it, the nameservers it points to, the domain status codes currently applied, and the DNSSEC signing status. It is the closest thing the internet has to a public company register for websites.
Whether you are verifying a potential business partner's web presence, investigating a suspicious email, researching a domain you want to acquire, troubleshooting your own DNS configuration, or simply confirming your domain's expiry date — the WHOIS record is the authoritative source, and this tool retrieves it in seconds.
What a Whois Lookup Returns — The Full Data Record
The WHOIS record is a standardised data set. Every domain registrar is required by ICANN to collect and publish certain registration details when a domain is created. Here is what a typical lookup result looks like — based on the exact output format our tool returns.
Above is a representative sample. Your actual WHOIS result is retrieved live from the registry database when you run a check. Data shown varies by registrar and domain privacy settings.
Every WHOIS Field Explained — What Each Data Point Actually Tells You
Most people glance at a WHOIS result and pick out the creation date. But each field in the record is meaningful — and understanding what you are reading turns a wall of text into actionable intelligence about any domain.
The Registered Domain
The exact domain name as stored in the registry — always displayed in uppercase in WHOIS records. This confirms you are looking at the correct domain and allows you to verify there is no subtle typosquatting (e.g. paypa1.com vs paypal.com). The WHOIS record is the definitive source of the domain's canonical registered form.
The Registry's Internal Reference Number
Every domain registered globally is assigned a unique identifier by the registry (e.g. VeriSign for .com). This number — like 3004375285_DOMAIN_COM-VRSN — is used internally by registries and registrars to track the domain record. It is useful for official correspondence with ICANN or your registrar if you need to reference your domain in a dispute or recovery process.
Who Manages the Domain Registration
The company through which the domain is registered — GoDaddy, Hostinger, Namecheap, Cloudflare, and hundreds of others. This is where renewal, transfer, nameserver changes, and contact updates are managed. If you are investigating a suspicious domain, the registrar is who you contact to report abuse. If you want to acquire a domain, the registrar link shows you where the current owner's account lives.
When the Domain Was First Registered
The UTC timestamp from the moment the domain was first registered. A domain claiming to represent a business established in 2010 but with a creation date from last month is an immediate credibility signal worth investigating. A very recent creation date combined with urgent, pressure-driven content — "limited time offer," "act now," "account suspended" — is one of the most reliable signatures of a phishing or scam domain.
When the WHOIS Record Was Last Modified
Updated whenever the registration record changes — on renewal, on registrar transfer, on nameserver changes, or when contact details are modified. A recently updated date on an otherwise old domain can indicate a change of ownership or a significant configuration change worth noting. For your own domain, this field confirms that changes you made (such as updating nameservers) have been recorded by the registry.
When the Registration Expires
The date and time the domain registration ends. If not renewed before this date, the domain enters a grace period during which only the current registrant can renew it, then a redemption period with higher fees, then it drops into open availability. For your own domain: note this date and ensure auto-renewal is active. For competitor domains approaching expiry: this may represent an acquisition opportunity. For unfamiliar domains: a domain expiring imminently is a signal the owner may be abandoning it.
The Registrar's Official ICANN Accreditation Number
Every ICANN-accredited registrar is assigned a unique IANA ID. This number allows you to verify that the registrar managing a domain is legitimately accredited — you can look up any IANA ID on ICANN's official accredited registrar list. An unrecognised registrar name paired with a valid IANA ID confirms legitimacy. An IANA ID that does not appear in ICANN's database is a red flag for a fraudulent or unaccredited operator.
The Domain's Current Operational State — EPP Status Codes
One or more EPP (Extensible Provisioning Protocol) codes that define what operations are currently permitted on the domain. These codes directly affect whether your site is live, transferable, or locked. This is one of the most misunderstood fields in a WHOIS record — and the most important to understand when managing your own domain. Full explanation of all major status codes in the section below.
Where the Domain's DNS Is Hosted
The nameservers define where DNS queries for this domain are resolved — effectively determining which hosting provider, CDN, or DNS management service controls where the domain's traffic is directed. Nameservers reveal a great deal about the domain's technical setup — who hosts the site, whether a CDN like Cloudflare is in use, or whether the domain is parked (DNS-PARKING nameservers are a reliable indicator of an unused or for-sale domain). Full analysis below.
Whether the Domain Uses DNS Security Extensions
DNSSEC (Domain Name System Security Extensions) adds cryptographic signatures to DNS records, protecting against a class of attacks known as DNS spoofing or cache poisoning — where an attacker manipulates DNS responses to redirect users to a malicious server. A status of "unsigned" means DNSSEC is not enabled. Most domains currently show as unsigned — DNSSEC adoption remains low despite the security benefit it provides.
Domain Owner Information — Usually Redacted in 2025
Historically, this section showed the domain owner's name, organisation, address, phone, and email. Since GDPR took effect in 2018 and ICANN's RDAP migration completed in January 2025, most registrant contact data is now redacted by default — displaying "REDACTED FOR PRIVACY" or a proxy service contact instead of real personal details. This affects almost all domains registered through major registrars today. For legitimate access to hidden registrant data, a formal request through the registrar is required. Full explanation in the GDPR section below.
How to Use the Whois Checker — 3 Steps
Enter the Domain
Type any domain name — e.g. example.com — into the field. No https:// or www. needed. Just the root domain.
Submit the Query
Click Submit. The tool queries the appropriate WHOIS or RDAP database for that domain's TLD and retrieves the live registration record.
Read the Full Record
Review all fields — dates, registrar, domain status codes, nameservers, and DNSSEC. Use the data to make your decision, verify details, or troubleshoot.
Domain Status Codes Decoded — What Every EPP Code Means for Your Domain
The Domain Status field in a WHOIS result is where most site owners' eyes glaze over. A string of unfamiliar codes like clientTransferProhibited or serverHold tells you something specific and actionable about the domain's current state — but only if you know how to read them. These are called EPP (Extensible Provisioning Protocol) codes and every registered domain has at least one.
There are two types: client codes (set by your registrar — you can request changes) and server codes (set by the registry itself — you generally cannot change them directly). Here are all the ones you are likely to encounter.
The domain is active and fully operational with no locks or holds applied. You can update, transfer, renew, and delete it. Appears only when no other prohibit codes are set — as soon as clientTransferProhibited is applied, ok disappears automatically.
The most common status code. Applied automatically by most registrars when a domain is first registered. Prevents the domain from being transferred to another registrar without the owner's explicit action. This is a security feature, not a problem. Always keep this enabled unless you are actively initiating a transfer.
No changes can be made to the domain record — nameservers, contact details, or any other configuration cannot be updated while this status is active. Often paired with clientTransferProhibited for maximum security. You can request your registrar to remove this lock when you need to make changes.
The domain cannot be deleted while this code is active. A sensible security measure for important domains — it prevents accidental or malicious deletion. Premium and high-value domains often have this applied alongside transfer and update locks as a triple-lock security configuration.
The registrar has removed the domain from the DNS zone file. Your website, email, and all domain-linked services will stop working while this status is active. Common causes: failure to verify WHOIS contact details within 15 days of registration, non-payment of renewal fees, or a policy violation flagged by the registrar. Resolve the underlying issue with your registrar to lift this status.
Set by the registry (not the registrar) — typically applied automatically for the first 60 days after a domain is registered or transferred. Prevents transfers during this initial period as an anti-fraud measure. Lifts automatically after the lock period. You cannot override this one — only the registry can remove it, and it resolves on its own schedule.
The domain has been suspended at the registry level — not by the registrar but by the registry itself (e.g. VeriSign for .com). The domain is completely offline: no website, no email, no DNS resolution. Causes include ICANN compliance violations, court orders, confirmed abuse reports, or domain fraud investigations. Contact your registrar immediately — registry holds require registrar-mediated resolution.
A transfer to a new registrar has been initiated and is awaiting completion. The process typically takes 5–7 days for most gTLDs. During this period the domain continues to resolve normally — the transfer happens at the registrar level without affecting DNS. If you did not initiate this transfer, contact your registrar immediately as this may indicate unauthorised access.
The domain has expired and not been renewed within the grace period. During redemptionPeriod (typically 30 days after expiry), the original registrant can recover it at a premium fee. After that, pendingDelete appears — the domain is queued for deletion and will drop into open availability within 5 days. Act immediately if this is your own domain.
Why You Often See "REDACTED FOR PRIVACY" — GDPR, RDAP, and the 2025 WHOIS Changes
If you run a WHOIS lookup on almost any domain today and find that the registrant name, address, phone, and email all say "REDACTED FOR PRIVACY" or show a proxy service address — this is not a bug, a problem with the tool, or the domain owner doing anything unusual. It is the new normal, and understanding why requires a brief history.
From Open Directory to Privacy-First: WHOIS in 2025
Before 2018: WHOIS was a fully public directory. Enter any domain and you would see the owner's real name, home or business address, phone number, and email address. This was useful for researchers and investigators — but it was also a goldmine for spammers, phishers, and stalkers who could harvest millions of personal records from the database automatically.
May 2018 — GDPR takes effect: The EU's General Data Protection Regulation required that personal data not be made publicly available without consent or a lawful basis. Registrars responded by redacting personal contact fields globally — not just for EU registrants — rather than maintaining separate systems. Almost overnight, names, addresses, and contact details disappeared from public WHOIS records.
January 28, 2025 — WHOIS officially sunset for gTLDs: ICANN formally replaced the legacy WHOIS protocol with RDAP (Registration Data Access Protocol) for all generic top-level domains — .com, .net, .org, .io, and others. RDAP provides structured, encrypted, standardised responses and supports tiered access — meaning accredited parties (law enforcement, trademark holders, security researchers) can apply for access to redacted data through a gated system, while public queries continue to show only the non-personal fields.
What still shows publicly: Creation date, updated date, expiry date, registrar, registrar IANA ID, domain status codes, nameservers, and DNSSEC status are still fully public. These operational fields remain because they are essential for the internet's technical functioning — not personal data.
The practical implication: a WHOIS check today will reliably tell you when a domain was registered, who manages the registration (registrar), when it expires, what status it has, and where it points (nameservers). It will rarely tell you the individual owner's personal details anymore — and this is by design, not a limitation of the tool.
What Nameservers Tell You — The Hidden Intelligence in WHOIS Records
Most people overlook the nameserver fields entirely. This is a mistake — nameservers are one of the most revealing parts of a WHOIS record, because they tell you exactly which infrastructure a domain is running on without the owner ever needing to disclose it.
Nameservers are the DNS servers responsible for answering queries about a domain — they tell the internet where to find the website, the email server, and other services associated with that domain. The nameserver pattern is a reliable fingerprint for the underlying technology stack.
NS2.DNS-PARKING.COM
The domain is registered but not hosting any active website. Often seen on newly registered domains, domains for sale, or domains being held speculatively.
NS2.HOSTINGER.COM
The site uses Hostinger's hosting and DNS management directly. No CDN layer in front of it. Common for small business and personal sites.
KIP.NS.CLOUDFLARE.COM
The domain's DNS is managed through Cloudflare — meaning the real hosting IP is hidden behind Cloudflare's network. Common for sites prioritising performance and DDoS protection.
NS-XXX.AWSDNS-XX.NET
DNS managed through AWS Route 53. Strong indicator of a professionally managed or enterprise-scale deployment. Often used by SaaS products, startups, and tech companies.
NS2.GOOGLE.COM
DNS managed through Google Cloud Platform. Similar to AWS Route 53 — indicates a technically sophisticated deployment likely running on GCP infrastructure.
NS2.WORDPRESS.COM
The site is hosted directly on WordPress.com (not self-hosted WordPress). Tells you the content management system and hosting platform in one nameserver pattern.
For your own domains, a sudden unexpected nameserver change is one of the most serious signals of domain hijacking — an attacker who has gained control of your domain's DNS can redirect all your traffic and email to servers they control. Run a WHOIS check periodically on your own domains to confirm nameservers match what you expect.
Who Uses the Whois Checker — and Why
Fraud and Phishing Investigation
When a suspicious email arrives from an unfamiliar domain, a WHOIS lookup is the fastest way to assess its credibility. A domain registered two days ago sending urgent "account suspended" messages is almost certainly fraudulent. A domain registered in 2018 with a major registrar and professional nameservers is more plausibly legitimate — though still worth verifying through other means.
Domain Purchase Research
Before approaching a domain owner about a purchase, verify the registrar and expiry date through WHOIS. If the registrar shows an abuse contact, that is the channel for initial contact if the registrar's process requires it. If the expiry date is approaching without renewal, you have leverage and context for timing your approach or backorder.
DNS Troubleshooting
When a website stops resolving correctly or email stops delivering, verifying the nameservers through WHOIS is one of the first diagnostic steps. If the nameservers listed in WHOIS do not match what you configured in your hosting panel, the DNS is pointing to the wrong server — which explains the outage. WHOIS confirms the registry-level nameserver records, separate from any cached DNS data.
Own Domain Monitoring
Running a periodic WHOIS check on your own domain verifies that the nameservers, registrar, and expiry date all match your expectations. Unexpected changes to any of these fields — particularly nameservers you did not update or a registrar you did not transfer to — are early warning signs of domain hijacking that require immediate investigation.
SEO & Agency Client Onboarding
When taking on a new client, a WHOIS check confirms who the domain is registered with, when it expires (for renewal risk assessment), and that the registrar matches what the client believes. Clients are frequently unaware of who manages their domain registration — a WHOIS lookup surfaces this instantly and prevents the common scenario of discovering mid-project that the domain's renewal contact left the company years ago.
Trademark & Legal Investigation
Lawyers and brand protection teams use WHOIS to identify registrants of infringing domains for trademark dispute filings (UDRP proceedings). While personal data is now largely redacted, the registrar and registrar abuse contact remain public — which is the correct initial escalation path for trademark enforcement before formal legal proceedings.
Getting More From Your WHOIS Lookup
5 Ways to Use WHOIS Data More Effectively
- Check creation date vs claimed establishment date. If a website claims to be "established in 2015" but its WHOIS creation date is from last month, that inconsistency is the first specific, verifiable piece of evidence that something is wrong. This single check takes ten seconds and has caught countless scams and misrepresentations.
- Note the registrar's abuse contact for reporting. If a domain is being used for phishing, spam, or fraud, the fastest path to takedown is often through the registrar's abuse contact — listed in the WHOIS record. Registrars have faster response processes for abuse reports than waiting for general law enforcement. Report to the registrar's abuse email directly with evidence.
- Use nameserver patterns to identify technology stack. Cloudflare nameservers tell you there is a CDN layer. AWS Route 53 nameservers suggest a technically sophisticated deployment. DNS-PARKING nameservers confirm the domain is unused. This intelligence is useful for competitor research, partnership vetting, and technical due diligence — all visible without ever visiting the site.
- Monitor your own domain's status codes regularly. A
clientHoldstatus on your own domain means your site and email are offline. Most owners only discover this when visitors start reporting they cannot reach the site. A monthly WHOIS check on your own domain catches this in minutes. Combine this with the Domain Age Checker to keep your expiry date front of mind. - Check that your domain is not approaching
pendingDelete. If you let a domain expire accidentally and it enters the redemption period, you can still recover it — but at significantly higher cost. If it reachespendingDelete, it is queued for permanent release and anyone can register it. A WHOIS check immediately surfaces these emergency status codes so you can act before it is too late.
Tools That Work Alongside Whois Checker
A WHOIS check is often the first step in a broader domain investigation. These free DigitalSub Pro tools complete the picture.
Frequently Asked Questions
Real questions from webmasters, domain buyers, and security researchers who use WHOIS lookups regularly.
Why does the WHOIS result show "REDACTED FOR PRIVACY" instead of owner details?
This is the result of two major changes to how WHOIS data is handled: GDPR (2018) and ICANN's RDAP migration (January 2025).
Since GDPR took effect, registrars have been required to redact personal data — name, address, phone, and email — from public WHOIS records for EU registrants. Most registrars applied this globally rather than per-jurisdiction, so redaction now affects the vast majority of all domains worldwide, not just those registered by EU residents.
ICANN's formal transition to RDAP in January 2025 reinforced this with a structured tiered-access model: personal registrant data is now withheld from public queries and available only to accredited parties through formal request processes. The operational data you still need — creation date, expiry, registrar, status codes, nameservers — remains fully public.
If you need to contact a domain owner whose personal details are redacted, the registrar's abuse contact (still shown in WHOIS) can often facilitate contact, or you can use a domain broker service.
What does clientTransferProhibited mean and should I be worried?
No — clientTransferProhibited is normal and desirable. It means the domain is locked against transfer to another registrar, which is a standard security measure applied automatically by most registrars when you first register a domain.
This lock prevents an attacker who has somehow obtained your domain details from transferring your domain away from your registrar to one they control — a form of domain hijacking. You should keep this lock enabled at all times unless you are actively in the process of transferring the domain to a new registrar, at which point you remove it temporarily, complete the transfer, and the new registrar will typically re-apply it automatically.
If you see clientTransferProhibited on a domain you are checking, it tells you the domain is actively managed and secured — a positive signal, not a concern.
My domain shows clientHold — what does this mean and how do I fix it?
A clientHold status is a genuine problem that requires immediate attention. It means your registrar has removed your domain from the DNS zone file, which means your website is offline, your email is not delivering, and any service using your domain is completely non-functional.
Common causes include:
- Failed WHOIS verification: When you register a domain, ICANN requires you to verify your contact email address within 15 days. If you miss this verification email (often filtered as spam), the registrar applies
clientHold. - Non-payment: Your domain renewal payment failed or your billing details have expired.
- Policy violation: The registrar has flagged your domain for a terms of service violation.
Resolution: log into your registrar account immediately, check for any pending actions or alerts, and resolve the underlying issue. Once you do, request that the hold be lifted. DNS propagation after removal typically takes 1–4 hours.
Can I find out who owns a domain if the registrant details are all redacted?
Public WHOIS can no longer reliably reveal the individual owner's identity for most domains. However, several avenues still exist depending on your purpose:
- Contact through the registrar: The registrar's abuse contact shown in WHOIS can forward your message to the domain owner without disclosing their identity to you. This works for purchase inquiries and some complaints.
- Domain broker services: Services like Sedo, Afternic, or GoDaddy brokerage can approach a domain owner on your behalf for acquisition discussions.
- Historical WHOIS services: Tools like DomainTools maintain archives of historical WHOIS records from before the GDPR-era redactions. For domains registered before 2018, this may surface original registrant data.
- Legal process: Law enforcement, trademark holders, and legal professionals can request full registrant data from registrars through formal legal channels. This is the only route to confirmed identity disclosure.
- ICANN's SSAD (System for Standardised Access to Disclosed Data): A formal mechanism for accredited parties to request access to non-public registration data — available for legitimate security research, brand protection, and legal purposes.
What is RDAP and how is it different from WHOIS?
RDAP (Registration Data Access Protocol) is the formal replacement for the legacy WHOIS protocol, mandated by ICANN for all gTLD registries as of January 28, 2025. The two serve the same fundamental purpose — querying domain registration data — but differ significantly in how they work.
WHOIS was designed in 1982 as a simple text-based query protocol. It returns unstructured plain text, has no encryption, no standardised format across different registries, and no access control — anyone can query anything. RDAP operates over HTTPS, returns structured JSON responses, supports multiple response formats, implements tiered access (different data for public queries vs. authenticated requests from accredited parties), and is standardised across registries globally.
For the purposes of using DigitalSub Pro's Whois Checker, the distinction is invisible — the tool handles both protocols and returns the same readable result regardless of whether the underlying query uses WHOIS or RDAP. WHOIS remains in use for many country-code TLDs that have not yet migrated to RDAP.
Can I run a WHOIS check on country-code domains like .co.uk, .de, or .com.au?
Yes — the tool queries WHOIS and RDAP databases for most country-code top-level domains (ccTLDs) as well as all major generic TLDs. Coverage includes .co.uk, .com.au, .de, .fr, .ca, .in, .io, and hundreds of others.
The level of detail returned varies by country-code registry. Some ccTLDs — particularly in countries with strong data privacy laws — restrict public WHOIS access more aggressively than gTLDs, returning only creation and expiry dates. Others (especially older registries in countries with less restrictive rules) may return more detail than current gTLD policy allows. The tool retrieves whatever the relevant registry makes publicly available.
Is the Whois Checker free? Can I check multiple domains?
Yes — completely free, no account required, no sign-up, no usage limits. You can run as many WHOIS lookups as you need on any domain worldwide. This applies to all 47 free tools on DigitalSub Pro — there is no premium tier, no daily cap, and no paywall on any feature.