Curious to find out who’s behind that domain you visit daily or that parked page with the perfect name for your project? Good news: on the Internet there are a couple of master keys to open that door with order and transparency. We’re talking about WHOIS, the veteran protocol that has revealed public registration data since the 1980s, and RDAP, its modern successor that provides responses structured in JSON, improved security and GDPR compliance. Let’s see, step by step and without unnecessary jargon, how to find out who owns a website, what limits you’ll encounter and how to move like a pro among queries and forms, almost as easy as doing a ping or making a request to a REST API.
What WHOIS is today and what data you can see
WHOIS is, essentially, a public directory service that centralizes information about domain and IP network registrations; it can be queried via the web or from the command line through port 43 and, although it was born in the ARPANET era, it is still operational. Its mission is simple: answer the question “who is” with basic domain data, such as who registered it, when it was created and when it expires, its status, or which name servers it uses. However, since the GDPR came into effect in the European Union, the picture is less clear: you will no longer see addresses, phone numbers or personal emails as in the past, and that’s good for privacy and to reduce spam.
Also, there are two classic response modes. A thin lookup returns the bare minimum —masked registrant or via a proxy, dates and status— and is common for .com or .net domains. A thick response adds more complete fields and is usually seen in extensions like .info or .name. This difference affects your objective: if you want to contact someone to buy a domain, with a thin lookup you may have to go through an intermediary, which complicates negotiations a bit.
By the way, what if you only have the IP? Many WHOIS tools show your public address as soon as you enter and allow expanding information with one click; someone who knows your IP could deduce an approximate location (city or country), but not your exact address or identity, so no need to worry.
How to check it: web, terminal and the move to RDAP
If you prefer the quick route, go to who.is, type the domain and you’ll instantly get whatever is public: registrar, key dates, DNS servers and, sometimes, the responsible name or organization. Registrar portals like GoDaddy also offer an equally simple WHOIS search. Are you a keyboard-and-terminal person? On Windows you can use utilities like WhoisCL to run the query from CMD and receive a dump with the registrant, the technical contact and other visible fields.
That said, WHOIS has limitations recognized by ICANN itself: lack of standardization, absence of authentication and security, and inconsistent results between registries. Hence RDAP (Registration Data Access Protocol) arrives, developed by the IETF as the natural successor. RDAP delivers responses in JSON —readable by humans and machines—, supports internationalization, incorporates encrypted connections and allows differentiated access to data depending on authentication and legitimate interest. In practice, this means clearer queries, standardized references and redirects, and even search functions, all within a more secure framework than traditional WHOIS.
To use RDAP, the most reliable starting point is ICANN Lookup: enter the domain or an Internet resource (IP or ASN) and you get the structured record. You also have rdap.org as a simple gateway, or search tools offered by hosting and domain companies, such as dinahosting’s. Seeing less information than you expected is normal: some contact data are not public; if you need access, there is ICANN’s Registration Data Request Service (RDRS), where you must justify a legitimate interest, something that usually fits profiles like law enforcement, intellectual property specialists, cybersecurity or consumer protection.
Privacy, limits and how to contact the owner
After the GDPR, many records only show the registrar, the dates and the domain status; even so, WHOIS/RDAP remain useful to locate the responsible party through the registrar or proxy emails. If your goal is to propose a purchase, report abuse or resolve a technical issue, these official channels still work, although with an extra step. In dispute or investigation scenarios, authorities have traditionally relied on these records, now reinforced by RDAP’s controls.
Can WHOIS be hidden? Yes: almost all registrars offer “WHOIS privacy protection”, an add-on that replaces your data with a proxy to avoid spam and impersonation. Still, when registering a domain you will have to provide your data to ICANN, and if they were ever public they could continue circulating in third-party directories. In addition, depending on your country’s regulations, you may be required to display legal notice, a privacy policy and a means of contact on your website, with the responsible person or company clearly identified.
In short, if you want to know who owns a website, start with a quick lookup at who.is or ICANN Lookup, note the registrar and the dates, and decide the next step: contact via the channels that appear, monitor expiration if you’re interested in the name or, if you need non-public data and meet the requirements, go to the RDRS. With RDAP at the center and JSON responses, the domain ecosystem is brought up to date, just like when we moved from unencrypted FTP to secure-by-default connections; and you, as a good geek, now have the map to navigate it confidently.
