WHOIS Domain Lookup

WHOIS is the standard protocol for querying domain registration records. Every domain has a WHOIS entry maintained by its registry (or the registrar). The data includes who registered the domain, when, with whom and how long it's valid.

This tool sends a query to the authoritative WHOIS server for each TLD (e.g., Verisign for .com, PIR for .org) and parses the response into a readable format.

Since GDPR took effect in May 2018, ICANN required all registrars to redact personal registrant details — name, email, phone, address — from public WHOIS by default for individuals. About 95% of .com / .net / .org domains now show "REDACTED FOR PRIVACY" in those fields.

The data still exists at the registrar — it's just not transmitted in the WHOIS protocol response. We're not "holding it back" or failing to fetch it; the response from the upstream WHOIS server literally contains the string "REDACTED FOR PRIVACY" where the name used to be.

What you CAN see when it's redacted:

• Registrar (who manages the domain — MarkMonitor, GoDaddy, Namecheap, etc.)
• Country (often visible even when other fields are redacted)
• State/Province (sometimes visible)
• Registration / expiry dates
• Nameservers

What you CANNOT see, and how to find it anyway:

• For legitimate research: contact the registrar directly with your purpose — they may share info for clear good-faith requests
• For legal disputes: a subpoena or court order to the registrar will compel disclosure
• For historical data: services like DomainTools, WhoisXMLAPI or archive.org sometimes have pre-2018 WHOIS snapshots showing the original registrant
• For corporate domains: organization details are usually NOT redacted — Google, Microsoft, etc. show full registrant info

EPP (Extensible Provisioning Protocol) status codes show what actions are currently allowed or prohibited on a domain. Common ones:

• clientTransferProhibited — Registrar has locked the domain against transfers to another registrar (good security)
• clientUpdateProhibited — Domain settings can't be modified
• clientDeleteProhibited — Domain can't be deleted
• serverHold — Registry has suspended the domain (typically for policy violations)
• pendingDelete — Domain is in the deletion grace period

For more details, see ICANN's EPP status codes reference.

WHOIS servers rate-limit aggressively. Verisign blocks IPs that query .com more than ~10 times per minute. Caching results for 24 hours lets thousands of people view the same domain's WHOIS without hammering the upstream server.

WHOIS data changes infrequently (registrar changes are weeks/months apart), so 24-hour caching is honest. Use the Refresh now button if you need to verify a very recent change.

We have hardcoded WHOIS server mappings for ~60 popular TLDs (.com, .net, .org, .io, .ai, .co, .me, .us, .uk, .de, .fr, .nl, .ng, and many more).

For unmapped TLDs, we query IANA first to discover the authoritative server, then query it. So in practice almost any TLD works — the hardcoded map is just an optimization to skip the IANA hop for common ones.

Several possible reasons:

• Domain isn't registered — it's available to register
• Registry doesn't publish public WHOIS — some ccTLDs (.tk, .ml, .ga in some periods) intentionally hide data
• Upstream server timeout — rare, try again or hit Refresh
• The TLD is too new and we don't have a mapping yet

From iWebVault's side: we don't log the domain you queried. The cache key is a hash, not the domain itself.

However, when we query upstream WHOIS servers on your behalf, our server's IP appears in their logs — not yours. So in practice this gives you better anonymity than running whois from your local machine, where your IP would hit the upstream.