This free tool can reveal who is behind any internet domain

Understanding a WhoIs search is a useful skill to add to your repertoire.
A woman sitting behind a laptop, looking somewhat amused.
This is how you might look if you find something particularly interesting in a WhoIs search. Bermix Studio/Unsplash

Share

If you want to find out who owns a website, how old it is, or even try to contact the person or company who runs it, typing the domain name into Google isn’t going to help much. Instead, turn to the specialized WhoIs lookup tool maintained by the Internet Corporation for Assigned Names and Numbers.

When someone (a registrant) registers a domain, they have to provide the company that manages the domain (the registrar) with contact information and keep it updated. If they don’t, the website may be suspended or taken down. When you use the WhoIs search function, it returns whatever available information there is about “who is” responsible for the site, though some details, particularly contact information, may be private and won’t appear in the results for every site.

While certain pieces of data may be easy to understand, there are acronyms and items that may go beyond what the average person has experience with. We’ve broken down what to expect below.

  • Name: This is simply the domain name for the website you looked up.
  • Internationalized domain name: If the domain is linked to a location that doesn’t use the Latin characters present in English and other European languages, you may see its name displayed here in Arabic, Greek, or another type of script.
  • Registry domain ID: This is the unique name that the website’s home registry uses to identify the domain.
  • Domain status: There are more than a dozen codes that could appear here, so we won’t explain them all. In short, these describe, well, the domain’s status. The standard is “ok,” or “active,” meaning it’s living its best life. ICANN has a page that details what each one means.
  • Nameservers: These are servers that direct users to the website, and you’ll probably see at least two listed here. They’re the reason we don’t have to memorize IP addresses. For example, if you enter “popsci.com” into your browser’s address bar, the browser notifies our nameservers, they respond with our IP address, and your browser grabs our website content from that address for you.
  • Dates: A number of dates may appear here, including when the domain was created and when its registration expires.
  • Contact information: You might not see anything here, but if you do, it may tell you how to reach the registrant and other people involved with the domain.
  • Registrar name: This is just the name of the company hosting the domain name, like Namecheap, or GoDaddy.
  • IANA ID: The Internet Assigned Numbers Authority is a department within ICANN that oversees global IP address allocation and other internet-related numbers. The number that may appear here is the one IANA uses to identify the registrar.
  • Abuse contact email and phone: If available, these two fields will show you how to contact the domain’s registrar if you think someone is abusing the domain name or using it for criminal activity.
  • Reseller name and organization: A reseller is any company that offers domain registration through a registrar. Not all of these are ICANN-accredited. If the domain was registered via one of these third-party entities, its information may appear in these two fields.
  • DNSSEC delegation signed: The Domain Name System Security Extensions help ensure that the true version of a website—not one created by an attacker—shows up when someone visits the domain. This field tells you whether or not this security feature is enabled on the searched domain.
  • DS data and key data: These are data fields related to any DNSSEC keys used with the domain.
  • Authoritative servers: The information in this field will show the URL of any server that provided the information displayed in the WhoIs lookup search results. It will also show when the servers were last updated, and therefore the age of the data you’re seeing.
  • Raw registry and registrar RDAP responses: These are minimized at the bottom of the page and contain pure code related to the Registration Data Access Protocol. This provides similar information to the WhoIs lookup.

If there’s anything you still don’t understand or isn’t on this list, ICANN has a glossary for all the terms you may see.