WHOIS lookup. Live RDAP record.
Enter a domain. Get the registrar, registration date, expiration date, name servers, and registry status — pulled live from the public RDAP gateway. No signup, no email gate, no server-side log.
Public RDAP lookup. Enter a domain; the form sends a query to rdap.org (the public RDAP gateway) and renders the registrar, registration date, expiration, name servers, and status flags as a six-card record. Typical response: 1-3 seconds. No JSON ever passes through Digital Heroes servers.
Sources used by this tool
- rdap.org — public RDAP gateway that routes the query to the authoritative registry per the IANA RDAP bootstrap file
- RFC 7483 — RDAP JSON response format spec
- ICANN RDAP requirement — gTLD registries must support RDAP since Aug 2019
No data is sent to Digital Heroes servers. The query goes directly from your browser to rdap.org.
Privacy: query sent only to rdap.org. Recent lookups stay in browser localStorage.
Six fields. Five practical signals.
Registrar is the company that holds the lease on the domain on the owner's behalf. Useful for migration scoping (you can match registrar to the auth-code retrieval flow) and for abuse reports (the registrar is the right escalation path for a phishing or spam complaint). The IANA registrar ID (#1234 format) uniquely identifies them across the global registry system.
Registration date is the soft trust signal. Domains older than five years sit in a different trust band than domains registered last week. It is one input among many to ranking and backlink-evaluation models — never the only one — but combined with consistent renewal history (no expiry-rebirth cycle) and a Wayback archive, it tells you the domain has been around. Brand acquirers and backlink-buyers should always check the registration date before paying.
Expiration date is the operational signal. Domains that lapse fall into a 30-day renewal grace period, then a 30-day redemption period (recovery only via registrar with a fee), then a 5-day pending-delete period, then drop to the open market. We surface a colored bar — green > 30 days, amber 1-30 days, red expired. If the bar is amber on a domain you own, renew today.
Last updated reflects the most recent change at the registry: a contact update, a name-server change, a transfer, or a renewal. Not usually actionable on its own, but useful for forensic timelines (a recent update on a domain you didn't change is worth investigating).
Name servers confirm the DNS provider. We list the four-or-so authoritative servers (ns1.cloudflare.com, ns-12.awsdns-01.com, ...). Mismatches between the published NS records and what you expect are a common cause of "I changed DNS but nothing happened" — the registrar's NS list overrides everything else.
Status flags are EPP codes (per RFC 5731) describing the registry-level state of the domain. clientTransferProhibited + serverTransferProhibited together are the strongest anti-hijack lock; both should be present on any production domain. clientHold or serverHold means the domain is suspended and DNS will not resolve — usually a fee dispute or an abuse action. We render every flag with a plain-language explanation in the result panel.
Four practical jobs this tool does.
Job 1: Backlink-source vetting. Before accepting a guest-post placement or a sponsored-link offer, run the source domain. A domain registered six months ago with no Wayback archive and a privacy-redacted registrant is the textbook profile of a link-farm shell. A domain registered in 2008, renewed annually, with public registrar and stable NS records, is a credible source.
Job 2: Migration prep. When migrating a brand or replatforming, pull the WHOIS first. Confirm the registrar (so you know where to fetch the auth/EPP code), the expiry date (so you don't migrate a domain that lapses next month), and the current name servers (so you can validate cutover correctly).
Job 3: Acquisition due diligence. Domain transfers as part of an acquisition fail more often than they should. Before signing, check that the current owner has clientTransferProhibited set (which is normal and expected — they unlock for the transfer), that the domain is in good standing (no clientHold), and that expiry is far enough out that nothing lapses during the closing window. The registrar listed is the destination for the auth/EPP code request.
Job 4: Phish + abuse triage. When you receive a phishing email impersonating your brand, the abuse-report destination is the impersonating domain's registrar — not your registrar, not Google. WHOIS gives you that. Most registrars publish an abuse contact in the entity records; for the rest, the IANA ID resolves to a contact page on the registrar's site.
For deeper related signals, our sibling tools cover them: DNS Lookup for the live A/AAAA/MX/TXT records, Wayback Archive Viewer for the first-archive trust signal, Domain Health Checker for a composite of all five signals plus PageSpeed.
Six questions users ask.
What is RDAP and how is it different from WHOIS?
RDAP (Registration Data Access Protocol) is the IETF replacement for legacy WHOIS. RDAP returns structured JSON with registrar, registration date, expiry, name servers, and status; legacy WHOIS returns free-form text that varied per registry. ICANN required all gTLDs to support RDAP by 2019, and registries now publish their RDAP endpoint URLs in a public bootstrap file. We use rdap.org as the gateway, which routes the request to the authoritative registry and returns the structured response.
Why is the registrant name redacted?
Since GDPR took effect in 2018, most registrars redact personal contact information from public WHOIS/RDAP. ICANN's Temporary Specification (later codified in policy) requires masking of registrant name, address, phone, and email for individuals. Organizations sometimes opt to publish; individuals almost always do not. The registrar, registration date, expiry, name servers, and abuse contact remain public for every domain.
Some TLDs don't return data — why?
A handful of country-code TLDs (.de, .ru, certain ASEAN ccTLDs) restrict programmatic RDAP access or do not yet operate an RDAP endpoint. For those, the rdap.org gateway returns 404 or 501. The error panel will surface the upstream message; for restricted TLDs, the canonical fallback is the registry's own web-based WHOIS form.
Does this tool log my domain query?
No. The query is sent only to rdap.org (the public RDAP gateway). Nothing is logged on Digital Heroes servers. Recent lookups are stored in your browser's localStorage and stay on your device. No signup, no email, no analytics beacon that includes your query.
What can I learn from a WHOIS lookup?
Five practical signals: (1) registrar of record — useful for migration scoping and abuse reports; (2) registration date — soft trust signal for ranking and backlink quality; (3) expiry date — flag for upcoming renewal so the domain doesn't lapse; (4) name servers — confirm DNS provider matches what you expect (catches stale records during migrations); (5) status flags — clientHold or serverHold means the domain is suspended; clientUpdateProhibited locks the domain against unauthorized changes.
Can I check a domain that is not registered?
Yes. If the domain is unregistered (available), RDAP returns a 404 from the registry. We surface that as 'No record found — domain may be available' in the result panel. For purchase, check a registrar like Namecheap, Cloudflare Registrar, or Porkbun directly; we do not affiliate with any registrar.
Migration coming up? 30-min call.
Domain migrations sit at the intersection of registrar, DNS, hosting, and SEO. A 30-minute call covers the full sequence + a fixed-price quote.