WHOIS
Domain and IP Registration Lookup
A query protocol (TCP port 43) that returns registration data for domain names, IP address blocks, and Autonomous System Numbers — who owns a domain, when it was registered, when it expires, which nameservers it uses, and which organisation controls an IP range.
WHOIS is one of the internet's oldest query protocols, dating to 1982 (RFC 812). When you run whois example.com, your client connects to TCP port 43 of the relevant WHOIS server (determined by the TLD), sends the query, and receives a plain-text response. For domain names, the TLD registry (Verisign for .com) holds the authoritative WHOIS data; registrars may hold more detailed registrant information. For IP addresses, the five Regional Internet Registries (RIRs) each maintain WHOIS servers covering their allocated IP ranges.
WHOIS data fields
| Field | Domain WHOIS | IP WHOIS |
|---|---|---|
| Registrant | Owner name/org (often redacted post-GDPR) | Organisation holding the IP block |
| Registrar | Company domain was registered through | RIR that allocated the block |
| Created / Updated | Registration and last update dates | Allocation date |
| Expires | Registration expiry date | N/A (IP allocations don't expire) |
| Nameservers | Authoritative DNS servers for the domain | N/A |
| Abuse contact | Email for abuse reports | Abuse contact for the IP block |
| Status | clientTransferProhibited, etc. | ALLOCATED, ASSIGNED, etc. |
Regional Internet Registries
IP address and ASN WHOIS is maintained by five RIRs: ARIN (North America — whois.arin.net), RIPE NCC (Europe, Middle East, Central Asia — whois.ripe.net), APNIC (Asia-Pacific — whois.apnic.net), LACNIC (Latin America and Caribbean — whois.lacnic.net), AFRINIC (Africa — whois.afrinic.net). The command-line whois tool automatically queries the correct RIR based on the IP address. For domain lookups, IANA maintains a list of TLD WHOIS servers. The modern replacement for WHOIS, RDAP, returns structured JSON over HTTPS instead of unstructured text.
Frequently Asked Questions
Why does WHOIS show redacted or privacy-protected information?
GDPR (2018) required registrars to stop displaying registrants' personal details publicly. Most registrars now show "REDACTED FOR PRIVACY" or proxy contact details. IP WHOIS (managed by RIRs) is less affected and typically shows the network operator's organisation. Free WHOIS privacy protection is standard with most registrars.
What is the difference between WHOIS and RDAP?
WHOIS returns unstructured plain text over TCP port 43 — inconsistent formatting between registrars. RDAP (2015) returns structured JSON over HTTPS with consistent field names, authentication support, and proper internationalised domain name handling. ICANN mandated RDAP for gTLD registries in 2019. Both return the same underlying data.
How do I look up who owns an IP address?
Run whois <IP> from the command line or use the relevant RIR's web tool: ARIN (North America), RIPE NCC (Europe), APNIC (Asia-Pacific), LACNIC (Latin America), AFRINIC (Africa). Results show the organisation, abuse contact, network name, and country of the IP block owner.