iToolVerse Logo
iToolVersev4.2

Domain Inspector

WHOIS / RDAP lookup with expiry, status flags, nameservers, and DNSSEC

Inspect any registered domain — get its registrar, registration and expiry dates, EPP status flags (with plain-language explanations of things like clientTransferProhibited and redemptionPeriod), nameservers, DNSSECstatus, and registrant contacts when they aren't privacy-suppressed. If the domain isn't registered, you'll see that too. Uses modern RDAP instead of legacy WHOIS, so results are structured and consistent across TLDs.

Try these domains

Click any domain to inspect it. Each illustrates a different facet of the data RDAP exposes.

google.comOld, locked, signed

Registered in 1997. MarkMonitor as registrar. Notice the cluster of "prohibited" status flags — the textbook anti-hijack lockdown that any high-value domain should have. DNSSEC enabled.

wikipedia.orgPublic-interest, contacts visible

One of the few large domains where the registrant info is still public (because the Wikimedia Foundation isn't hiding behind WHOIS privacy). Contrast with most commercial domains where contacts are GDPR-suppressed.

cloudflare.comSelf-registered

Cloudflare registers its own domain through its own registrar product. Look at the IANA ID to see the registrar identity stack.

iana.orgRoot authority

IANA — the organization that manages the global DNS root. Useful for sanity-checking that the tool is talking to the right TLD registry chain.

nic.ioccTLD with RDAP

A country-code TLD that has properly implemented RDAP. Most ccTLDs have not yet — if your favorite ccTLD errors out, that's typically why.

whois.isInverse of this tool

Itself a WHOIS service. Look at its own registrar, dates, and status flags — meta but useful for comparing how a competitor structures its registration.

Related tools

What Is My IP
See your public IPv4 and IPv6 with geo, ISP, ASN, reverse DNS, and a map — plus what your browser leaks (local IP, GPU, screen, timezone)
IP Address Lookup
Look up any IPv4 or IPv6 — geo, ISP, ASN, reverse DNS, lat/long on a map, with bulk mode (up to 50 IPs) and CSV export
URL Decode
Decode URLs, parse query parameters, and strip tracking codes (utm_*, fbclid, gclid)
URL Encode
Encode text or build URLs from scratch with form-encoded and strict RFC 3986 modes
Hash Calculator
MD5, SHA-1, SHA-256, SHA-512, SHA-3 and HMAC for text or files — plus a verify mode that auto-detects the algorithm from a published hash
Regex Tester
Test and validate regular expressions with real-time highlighting

How WHOIS and RDAP work

Every registered domain has a record at the registry that operates its TLD (Verisign for .com / .net, Public Interest Registry for .org, registry of the country for ccTLDs like .uk / .in). That record names the registrar through which the domain was bought, the registration / expiry dates, the authoritative nameservers, the status flags, and (when not privacy-protected) the contact details.

WHOIS is the original 1980s protocol for querying that data over TCP port 43. It returns unstructured plain text in a different format per registry, which makes scraping fragile. RDAP (Registration Data Access Protocol, 2015) is the modern successor — same data, served over HTTPS as structured JSON with a defined schema. ICANN required all gTLD registries to support RDAP by January 2025. This tool uses RDAP exclusively.

Your query is routed via rdap.org, an IETF bootstrap service that maintains a map of which registry runs which TLD and redirects to the right server. Each registry sets its own rate limits — typical free tier is 60-100 lookups per hour per IP.

The expiry lifecycle

What happens after a domain expires depends on the TLD, but the standard .com path:

  • Day 0 — domain expires. Most registrars auto-renew if a card is on file.
  • Days 1-45autoRenewPeriod. Owner can still renew at standard price.
  • Days 30-75redemptionPeriod. Owner can recover but pays a high redemption fee ($80-200).
  • Days 75-80pendingDelete. Soon to be released to the public pool.
  • Day 80+ — back on the market. Often grabbed instantly by drop-catchers (NameJet, DropCatch).

The status flags shown above tell you which phase a domain is in.

Status flags you should care about

  • clientTransferProhibited / clientUpdateProhibited / clientDeleteProhibited— the registrar set these at the owner's request. They're anti-hijack locks. Any valuable domain should have them.
  • serverHold / clientHold — DNS resolution is suspended. The site is offline. Usually a billing dispute, abuse report, or UDRP outcome.
  • pendingTransfer — the domain is mid-transfer between registrars. Nameservers may change soon.
  • redemptionPeriod / pendingDelete— expired, in the recovery window. If you're trying to register the domain, wait it out.

What nameservers tell you

  • ns1.cloudflare.com / *.ns.cloudflare.com — Cloudflare-fronted.
  • *.awsdns-*.com — AWS Route 53.
  • ns-cloud-*.googledomains.com — Google Cloud DNS.
  • ns1.digitalocean.com — DigitalOcean DNS.
  • Registrar-owned (ns1.godaddy.com etc.) — default DNS hosted by the registrar.

Mismatched or unusual nameservers on a domain that claims to be a well-known brand is a phishing signal.

DNSSEC: what it is, when you need it

DNSSEC signs DNS responses with a cryptographic key chained back to the root zone. Resolvers can verify the response wasn't tampered with by an on-path attacker or a poisoned cache.

Enable it if: you run a business site, accept logins, handle payments, or serve a brand attractive to phishers.

Skip it if:you run a personal blog and don't want the operational overhead. DNSSEC misconfigurations can make a site completely unreachable. Cloudflare and most modern DNS hosts handle the signing automatically — if your registrar and DNS host both support it, turning it on is one click.

How this tool handles your data

Lookups run from your browser directly against rdap.org. Our server is only used as a CORS fallback when a specific registry doesn't set CORS headers — and even then, the proxy enforces same-origin checks and rate-limits to 30 lookups per minute per visitor IP, so you can't use us as a public WHOIS API.

We don't log the domains you look up, we don't sell the data, and we don't insert affiliate registrar redirects (those distort the registrar UI in a way that confuses users and historically tank page-quality scores).

If you also need to look up an IP address, see the IP Address Lookup tool, or check your own IP and what your browser leaks via What Is My IP.

Frequently Asked Questions

RDAP vs WHOIS, the expiry lifecycle, EPP status flags, DNSSEC, nameservers, contact privacy, and how this tool handles your data.