TOOLS / WHOIS
WHOIS / RDAP Lookup
Query registrar information via RDAP — registration date, expiry, nameservers, status flags. RDAP returns structured data unlike legacy WHOIS text.
What it does
WHOIS reveals when and where a domain was registered, who owns it (where not redacted), and where its authoritative DNS lives. We use RDAP (the modern replacement for legacy text-based WHOIS), which returns structured JSON we render as a clean card. The domain’s age in days is a powerful phishing indicator: domains less than 60 days old are disproportionately used in newly-launched phishing campaigns.
How to use it
- Enter a domain (no http://, no www).
- Click "Lookup".
- Review the creation date and the calculated age in days.
- Check the registrar — some registrars (NameCheap, NameSilo) are disproportionately abused for phishing.
- Inspect the nameservers — Cloudflare/AWS/Google = mainstream, obscure providers = warrant scrutiny.
Common use cases
Newly-registered-domain detection
When a URL appears in your traffic logs, check the registration age. Anything < 60 days deserves investigation.
Brand-protection monitoring
Track when a typosquat lookalike domain (e.g. cipherssecuirty.com) was registered. New registration = recent attacker activity.
Trademark dispute prep
Establishes the creation date of infringing domains — needed for UDRP filings.
Vendor risk assessment
Ensure third-party domains your team interacts with are well-established, not newly-registered shells.
Frequently asked questions
What is RDAP? +
Registration Data Access Protocol. The IETF-standardized successor to WHOIS — returns structured JSON instead of free-text. Easier to parse, supports proper internationalization, and has standardized authentication.
Why is the registrant info missing? +
GDPR (Europe) and ICANN policy increasingly redact personal info from public WHOIS to protect registrants. Use the registrar’s abuse contact if you need to escalate.
Why does it say "domain not found"? +
Either the domain isn’t registered, or the TLD’s RDAP server is temporarily unreachable. Try again in a minute.
Are TLDs like .com / .net all supported? +
All gTLDs and most ccTLDs. Some country-code TLDs don’t publish RDAP yet.
How fresh is the data? +
Live from the authoritative TLD registry. No caching on our side.
Related tools
DNS Records Lookup
All 8 record types in one card. Powered by Cloudflare DNS-over-HTTPS.
Subdomain Finder
Passive enumeration via certificate transparency logs. No port scanning, no DNS brute-force.
IP Reputation Lookup
AbuseIPDB abuse score + ipinfo geo + Tor exit-node detection. IPv4 and IPv6.
Related coverage on Ciphers Security
- Instructure Removed from ShinyHunters' Leak Site as Canvas Breach Deadline Passes
- Costa Rica Joins Have I Been Pwned as the 42nd Government
- LummaC2 Infostealer Targets US Critical Infrastructure: CISA-FBI Advisory AA25-141B and DOJ Domain Seizures
- MacSync Stealer: Hackers Abuse Google Ads and Claude.ai Chats to Push Mac Malware
- JDownloader Site Hacked, Installers Swapped with Python RAT Malware
Free for everyone, no signup required. Tool runs at /tools/whois-lookup/ — bookmark or share.