WHOIS Lookup: Who Actually Owns That Domain

Every registered domain has ownership records stored in the WHOIS database — the registrant's name, organisation, address, phone number, and email. For decades this was fully public. Then GDPR arrived, registrars redacted personal data for European registrants, and suddenly everyone thought WHOIS was dead. It isn't.

What WHOIS Still Shows

Even post-GDPR, WHOIS records show the registrar, the registration and expiration dates, the nameservers, and the domain status codes. For business-registered domains, the organisation name often remains visible. For domains registered without privacy protection, personal details can still appear — registration privacy services are optional and not everyone uses them.

IP address WHOIS (handled through ARIN, RIPE, APNIC, etc.) is less affected by GDPR. Network block registrations for business IP ranges typically show the company name, address, and abuse contact. This is intentional — the internet needs a way to report abuse to the right people.

How to Read a WHOIS Record

The key fields are: Registrant (who owns the domain), Registrar (which company sold the domain), Nameservers (which DNS servers are authoritative for it), and dates. The creation date tells you how old the domain is — a suspicious-looking site registered last week is a different risk profile than one that's been running for eight years.

RDAP — the newer Registration Data Access Protocol — is replacing the old WHOIS protocol. It returns structured JSON instead of free-form text, supports access control so different requestors see different levels of detail, and is genuinely more useful for automated analysis. ICANN has been pushing RDAP adoption, and most major registries now support it.

What WHOIS Is Actually Used For

Security researchers use WHOIS to track threat actor infrastructure — attackers reuse registrant email addresses, nameserver patterns, and registration timing across domains. Journalists use it to link anonymous sites to their real owners. Brand protection teams use it to find counterfeit domains before they do damage. Legal teams use it to identify defendants in domain disputes.

Here's the thing — domain privacy services don't make ownership invisible. They replace your details with proxy contact information from the privacy service. The registrar still knows who really owns the domain. Subpoenas to the registrar can surface real ownership data when legally required.