WHOIS is both a protocol and a public database that records registration information for domain names. It was one of the earliest internet services and remains a key tool for domain ownership verification, abuse investigation and due diligence.
What WHOIS Records Contain
- Registrant name, organisation, address and email
- Administrative and technical contact details
- Domain registration and expiry dates
- Domain status (active, locked, pending transfer)
- Nameserver information
- Registrar name and IANA ID
- Domain creation, update and expiry timestamps
WHOIS and GDPR
Since GDPR came into force in 2018, registrars serving EU customers are required to redact personal data from public WHOIS records. Most registrars now show a privacy proxy or "REDACTED FOR PRIVACY" for registrant details. Domain expiry dates and nameserver information are still generally visible.
WHOIS Privacy
Most registrars offer free WHOIS privacy protection (also called domain privacy or proxy registration). This replaces your personal contact details in WHOIS with generic registrar contact details, protecting you from spam harvesting and targeted attacks.
How to Perform a WHOIS Lookup
- Use the command line:
whois example.com - Use ICANN's Lookup tool:
lookup.icann.org - Use your registrar's WHOIS tool
- Use third-party tools like whois.domaintools.com
WHOIS for Abuse Investigation
Cybersecurity professionals use WHOIS to identify registrars of malicious domains and find abuse contact emails ([email protected]) to report phishing, spam or other malicious activity for potential domain suspension.