WHOIS Lookup

WHOIS data tells you the basic ownership history of a domain — who registered it, when, with which registrar, when it expires, and which DNS servers are currently authoritative. We query via RDAP (the modern JSON-over-HTTPS replacement for legacy WHOIS port 43) which works inside containerized environments and Docker Desktop, where outbound port 43 is often blocked. Status flags reveal whether a domain is locked against transfer, in redemption period, or pending delete.

Common reasons to run this check: confirming a domain isn't about to expire (the most common cause of unexpected outages), verifying that a competitor or partner actually owns the brand domain they claim to, checking the status flags before initiating a domain transfer (a `clientTransferProhibited` flag means you need to unlock at the current registrar first), and pulling the abuse contact when reporting phishing or malware hosted on a third-party domain.

What WHOIS won't tell you anymore: most registrant contact details are redacted under GDPR for `.com`/`.net`/`.org` and ccTLDs operated by EU registries. You'll see 'REDACTED FOR PRIVACY' instead of names and emails. For pre-GDPR domains or domains registered with privacy-disabled status (rare), full registrant details may still be visible. To reach the actual owner of a redacted domain, use the abuse contact or registrar's anonymized forwarding email if listed.

If you're doing security research or asset inventory across many domains, SteelSuit's API endpoint returns the same WHOIS data as JSON suitable for piping into your scripts. Combine with the DNS lookup and SSL check tools for a full domain-footprint scan in three API calls.