whois lookup
look up registrar, creation date, expiry date, and registry statuses for a domain via WHOIS. a fast sanity-check for domain ownership and renewal health. part of the drwho.me domain dossier.
whois
inforesolving whois…
Overview
WHOIS (RFC 3912) is the oldest directory protocol on the internet — a simple text-over-TCP query to port 43 on a registry or registrar server. the response is free-form text; format varies by registry. this tool uses the `whoiser` library to query the relevant WHOIS server for the TLD, parses the response, and returns structured fields: registrar name, creation date, expiry (or expiration) date, and the set of EPP status codes that govern what operations are currently permitted on the domain (e.g. `clientTransferProhibited`, `serverDeleteProhibited`, `pendingDelete`). business-continuity framing: knowing when a domain expires and who the registrar is lets you plan renewals, catch accidental lapses, and quickly identify ownership after a change. domains that slip into `pendingDelete` or `redemptionPeriod` are expensive to recover and may be sniped by squatters. ICANN's registrant data redaction (under GDPR and ICANN consensus policy) means the raw WHOIS response for most gTLDs no longer includes the registrant's contact details — those now require an accredited registrar request. what this tool returns (dates, registrar, statuses) is still publicly available even after redaction.
How to use
- enter a bare domain — just the domain name — no scheme, no www, no path.
- read the registration window — creation date tells you how old the domain is (useful for fraud signals — newly registered domains are higher risk). expiry date tells you when renewal is due. set a calendar reminder 60–90 days before expiry.
- inspect the EPP status codes — `clientTransferProhibited` is the safe default — prevents unauthorised transfer. `pendingDelete` means the domain is in its grace period after expiry and will be released to the public soon. `serverHold` means the registry has suspended it.
Examples
input
github.comoutput
registrar: MarkMonitor, created: 1994-08-31, expires: 2025-10-31, statuses: [clientTransferProhibited, clientUpdateProhibited, …]input
example.comoutput
registrar: RESERVED-Internet Assigned Numbers Authority, created: 1992-01-01, expires: far futureCommon mistakes
cloud IP blocks commonly get refused or rate-limited— many WHOIS servers (.me, .io, .uk, and some ccTLDs) block or rate-limit queries originating from cloud data center IP ranges. vercel's edge functions run on cloud IPs, which means this check occasionally returns a network error or a partial/empty response for those TLDs. the underlying tool returns the raw WHOIS block so you can see whether the registry refused the query or just returned sparse data.expiry date format varies by registry— there is no universal WHOIS date format. the `whoiser` library normalises common patterns, but obscure ccTLD registries (some national-level operators) use non-standard date strings that may parse as `null`. the raw field is always shown alongside the parsed value.registrant contact data is redacted post-GDPR— ICANN's 2018 temporary specification, made permanent for most registrars, removed registrant name, email, phone, and address from publicly accessible WHOIS for gTLDs. this tool does not attempt to retrieve redacted data — it returns whatever the registry's public WHOIS exposes.EPP status codes stack— a domain can have multiple EPP statuses simultaneously. `clientTransferProhibited` + `clientUpdateProhibited` is a common pair for enterprise domains that want extra friction on any change. `pendingDelete` can coexist with `serverHold` during the post-expiry grace window. read all statuses, not just the first one.
FAQ
why do some domains show almost no WHOIS data?
two reasons: (1) GDPR-era redaction removed registrant contact fields. (2) some ccTLD registries (especially country-code TLDs with restrictive policies) return minimal or no data for public WHOIS queries, or require web-based lookups instead of TCP/43.
what's the difference between clientTransferProhibited and serverTransferProhibited?
`client*` statuses are set by the sponsoring registrar — the registrar chose to lock this. `server*` statuses are set by the registry itself — only the registry can remove them. both block the named operation, but only the relevant party can unlock them.
what happens when a domain expires?
most gTLD registrars offer a 30-day auto-renew grace period, then a 30-day redemption period (expensive recovery, ~$100-300 depending on registrar), then a 5-day pending-delete period after which it's released to the public for anyone to register. the full post-expiry window before public availability is typically ~65 days.
is WHOIS the same as RDAP?
RDAP (registration data access protocol, RFC 7483) is the modern structured replacement for WHOIS — it returns JSON over HTTPS. most registries now publish RDAP alongside legacy WHOIS. this tool uses `whoiser` which tries RDAP first for supported registries and falls back to WHOIS over TCP/43.
how do I monitor a domain for expiry automatically?
most registrars send expiry reminder emails — check those are going to an active inbox, not a dead alias. for programmatic monitoring, the dossier_whois mcp tool returns `expiresAt` as a parsed date you can compare against.
can ai agents call this?
yes — dossier_whois on the mcp endpoint at drwho.me/mcp/mcp.
Related tools
dns records lookup— resolve A, AAAA, NS, SOA, CAA, and TXT records for a domain in one go.tls certificate checker— inspect a domain's TLS certificate: subject, issuer, validity, SANs, fingerprint.ct-log lookup— discover subdomains via Certificate Transparency logs (crt.sh / certspotter).