Ever stumbled across a sketchy website and wondered, “Who on earth is running this thing?” Or maybe you’ve had your eye on a domain name and want to know when it expires so you can snag it. Either way, you’ve been struggling with the same problem, and there’s a lookup tool built exactly for this.
It’s called a WHOIS lookup (pronounced “who is”), and it lets you look up public registration data for any domain name. Things like who registered it, when it was created, when it expires, and which registrar manages it. The catch? A lot has changed since WHOIS lookups became popular. Thanks to privacy laws like GDPR, most personal owner details are now hidden behind a “REDACTED FOR PRIVACY” wall. But don’t worry, you can still find plenty of useful info, and there are ways to dig deeper when you need to. This guide walks you through everything.
What Is a WHOIS Lookup?
A WHOIS lookup is basically a public database search that returns registration information about a domain name. Think of it like a phone book for websites, except privacy laws have torn out a lot of the pages.
What you can typically find:
- The registrar (the company where the domain was purchased, like GoDaddy or Namecheap)
- Domain creation date and expiration date
- Nameservers (the servers that point the domain to a website)
- Domain status (active, locked, expired, etc.)
- Registrant contact info, if the owner hasn’t enabled privacy protection
What you often WON’T find anymore:
- The owner’s real name, address, phone number, or email (thanks to GDPR and similar privacy regulations)
- Any meaningful contact info if a privacy proxy service is being used
In practice, the vast majority of newly registered domains now use some form of privacy protection, so don’t be surprised if you hit a wall. But the public data that IS available is still really useful, especially if you’re researching domain availability or checking expiration dates.
How to Do a WHOIS Lookup
Method 1: Use the ICANN Lookup Tool (Best Starting Point)
ICANN (the nonprofit that oversees domain names globally) runs the official lookup tool, and it’s the most reliable place to start. It uses the modern RDAP (Registration Data Access Protocol) standard, which is basically a smarter, more structured version of the old WHOIS system.
- Go to lookup.icann.org.
- Type the domain name you want to look up (e.g.,
example.com) into the search bar. - Make sure Domain is selected, then click the search button.
- Review the results, you’ll see the registrar, creation and expiration dates, nameservers, and domain status. Registrant details will likely show “REDACTED FOR PRIVACY” unless the owner has opted out of privacy protection.
Method 2: Use a Third-Party WHOIS Tool
If you want a more user-friendly interface or extra data like DNS records, these third-party tools are solid alternatives:
- Who.is, Combines WHOIS, RDAP, and DNS data in one clean view. Great all-rounder, free to use.
- Namecheap WHOIS, Fast and clean. Also tells you if a domain is available to register.
- GoDaddy WHOIS, Pairs lookup results with availability and backorder options if the domain is expiring.
- ViewDNS.info, No login required, fast, and includes reverse IP/domain tools as a bonus.
Method 3: Use the Command Line (For the More Tech-Savvy)
If you’re comfortable with the command line (the text-based interface on your computer), you can run WHOIS lookups directly from your machine, no browser needed.
On Windows
- Open Windows Terminal or PowerShell (search for either in the Start menu).
- Install the WHOIS tool by typing:
winget install whoisand pressingEnter. - Once installed, type
whois example.com(replacingexample.comwith your target domain) and pressEnter.
On macOS
- Open Terminal (find it in Applications > Utilities, or search with Spotlight using
Cmd + Space). - If you have Homebrew installed, type
brew install whoisto get the latest version. Otherwise, macOS has a basic WHOIS client built in. - Type
whois example.comand pressReturn.
The output is raw and a bit messy compared to a web tool, but all the same data is there.
What to Do When Owner Info Is Redacted
Here’s the frustrating reality: in practice, the vast majority of new domain registrations now use some form of privacy protection. So when you run a WHOIS lookup and get back a wall of “REDACTED FOR PRIVACY,” you’re not doing anything wrong. The info just isn’t publicly available anymore.
That said, you’re not completely out of options:
- Check the website itself: Look for an /about or /contact page. Many site owners list their info there even if their WHOIS data is hidden.
- Email the privacy proxy: When a privacy service is active, the WHOIS record usually shows a generic proxy email like
abuse@withheldforprivacy.com. You can try emailing it, the proxy may forward your message to the real owner. - Use historical WHOIS data: Tools like SecurityTrails and WhoisXML API store historical records going back years, sometimes to before GDPR, when full owner details were publicly visible. SecurityTrails’ free tier currently allows around 100 queries per month—check their site for the latest limits.
- Try DomainTools: DomainTools is the premium option here. It includes reverse WHOIS, ownership graphs, and risk scoring, but it’s a paid service (at the time of writing, plans start around $99/year—check their site for current pricing). Worth it if you do this regularly for research or security purposes.
- Contact the registrar directly: For legitimate legal or abuse complaints, you can email the registrar’s abuse team (e.g.,
abuse@godaddy.com). They have access to the redacted data and are required to act on valid complaints.
Why Is So Much WHOIS Data Hidden Now?
Back in the early days of the internet, WHOIS records were completely public. Your name, address, phone number, and email were all visible to anyone who looked up your domain. That was great for accountability, but terrible for privacy. Spammers would harvest WHOIS data to build email lists, and people would get bombarded with junk mail within days of registering a domain (this actually happened to the original author of this article, they ran an experiment and confirmed it). If you’re dealing with unwanted messages yourself, learning how to stop spam emails from reaching your inbox can help.
Then in 2018, the EU’s GDPR (General Data Protection Regulation), a major privacy law, forced a huge change. Registrars had to stop publicly displaying personal data for EU-based registrants, and most extended those protections globally to keep things consistent.
ICANN formalized this with updated registration data policies, and today the standard is: public data (registrar, dates, nameservers) stays visible, but personal info (name, address, email) is redacted by default.
- Practical takeaway: Expect redacted personal fields on almost every domain you look up — this is completely normal post-GDPR, not a sign that something is wrong or that the domain is suspicious.
So if you’re registering a domain yourself, use privacy protection. It’s almost always free or very cheap, and it’ll save you from a spam avalanche.
WHOIS Tool Comparison
| Tool | Cost | Best For | Historical Data? |
|---|---|---|---|
| ICANN Lookup | Free | Official, accurate public data on any domain | No |
| Who.is | Free | WHOIS + DNS records in one place | No |
| ViewDNS.info | Free | Quick lookups, no login needed | No |
| SecurityTrails | Free (~100/mo*) / Paid | Historical WHOIS snapshots going back years | Yes (19+ years) |
| DomainTools | Paid (~$99+/yr*) | Deep research, reverse WHOIS, ownership graphs | Yes |
| WhoisXML API | Paid (free trial) | Bulk lookups, pre-GDPR historical data | Yes (back to 2014) |
* Pricing and free-tier limits are approximate as of the time of writing. Check each provider’s site for current plans.
Tips and Troubleshooting
All the registrant info says “REDACTED FOR PRIVACY”: This is normal. Most domains use privacy protection now. Try the historical lookup tools listed above, or check the website’s contact page directly.
The proxy email address bounces: Generic privacy proxy emails (like privacy@service.com) often don’t work reliably. Your best bet is to use the contact form on the actual website instead.
You’re looking up a country-code domain (.uk, .ca, .de, etc.): Country-specific domains follow their own rules. For example, .uk domains are managed by Nominet. Use Nominet’s WHOIS tool for those. For other country codes, search for “[country] domain registry WHOIS” to find the right tool.
The domain shows as “available” but has a huge price tag: Some domains are technically available but are listed as premium domains with inflated prices. If you want to catch a domain when it expires at a normal price, look into backorder services like GoDaddy Auctions or DropCatch.
You’re hitting rate limits on free tools: Most free WHOIS tools cap how many lookups you can do per day (Who.is limits around 50/day). If you need to look up multiple domains, rotate between tools. ICANN, Who.is, and ViewDNS.info together give you plenty of headroom.
Pro tip on expiration dates: If you’re hoping to register a domain that’s already taken, use any of the tools above to find its expiration date. Domains that expire and aren’t renewed become available again (usually within 30–90 days after expiration). You can set up a backorder through GoDaddy Auctions or DropCatch to automatically try to grab it the moment it drops. You can also learn how to check the age of a website or domain for additional context when researching a domain’s history.
Wrapping Up
WHOIS lookups are still one of the most useful tools for figuring out who’s behind a domain, even if privacy laws have made the full picture a lot harder to see. For most situations, the free ICANN Lookup tool is all you need to check expiration dates, registrars, and nameservers. If you need to dig deeper into ownership, SecurityTrails or DomainTools are worth a look. And if you’re registering a domain yourself, turn on privacy protection. Your inbox will thank you.