← Back to blog
2026-04-14·6 min read

What is WHOIS? Domain Ownership Lookup Guide (2026)

What is WHOIS?

WHOIS is a public database that stores registration details for every domain name on the internet. When someone registers a domain, their contact information, registration dates, and nameserver details are recorded in this database.

Think of it as the phone book for domain names. Anyone can query it to find out who owns a domain, when it was registered, and when it expires.

Why WHOIS matters for security

Verify domain ownership

Before doing business with a company, checking their WHOIS record confirms they actually own the domain they claim to represent. Fraudulent sites often have recently registered domains with hidden ownership details.

Detect phishing domains

Attackers register lookalike domains (like "amaz0n.com") to trick users. WHOIS reveals these domains were registered recently and by different entities than the legitimate brand.

Monitor your own domains

WHOIS tells you when your domain expires. Letting a domain lapse is a serious security risk. Attackers monitor expiring domains and register them the moment they become available, inheriting your SEO authority and potentially intercepting email.

Investigate threats

Security teams use WHOIS to trace the origin of attacks. If you receive phishing emails or discover a domain impersonating your brand, WHOIS data can reveal the registrant and help with takedown requests.

What WHOIS records contain

  • **Registrant** — the domain owner (name, organisation, email, phone)
  • **Registrar** — the company where the domain was purchased (GoDaddy, Namecheap, etc.)
  • **Registration date** — when the domain was first registered
  • **Expiry date** — when the registration expires
  • **Nameservers** — the DNS servers handling the domain
  • **Status codes** — flags like clientTransferProhibited (transfer lock)

    • WHOIS privacy and GDPR

    Since GDPR took effect in 2018, many registrars redact personal information from WHOIS records by default. You will often see "REDACTED FOR PRIVACY" instead of the registrant's name and email. This is normal and legal.

    You can still see the registrar, registration dates, expiry dates, and nameservers. For legitimate investigations, you can submit a WHOIS disclosure request through the registrar.

    How to perform a WHOIS lookup

    Method 1: Use a free online tool

    The fastest option is [CQwerty Shield's free WHOIS Lookup](/tools/whois-lookup). Enter any domain and get instant results including registrar, dates, nameservers, and privacy status.

    Method 2: Command line

    whois example.com

    Method 3: ICANN Lookup

    Visit lookup.icann.org for the official ICANN WHOIS service.

    Red flags to watch for

  • Domain registered in the last 30 days (common for phishing)
  • Registration and expiry dates very close together (short-term fraud)
  • Nameservers on free or suspicious hosting providers
  • WHOIS data that contradicts the website's claimed identity

    • [Look up any domain now](/tools/whois-lookup)

    Ready to check your domain?

    Run all 18 security checks in 2 minutes. Free, no signup required.

    Free WHOIS Lookup