Registrar, dates, nameservers, status — via RDAP
Lookups go directly from your browser to the registry's RDAP server. Mungomash never sees the domain you type — there is no server-side code on this page.
example.com
Most personal contact data is redacted.
Under ICANN's post-GDPR temporary specification for gTLD registration data, registrant name, email, address, and phone number are hidden by default for non-business registrants. The fields shown here — registrar, dates, nameservers, status — are the ones that remain public.
No registration record was returned for this domain. Possible reasons: it isn't registered, the registry's RDAP server is suppressing the record, or the TLD's RDAP server returned an empty response.
Try one:
From WHOIS to RDAP
For decades the canonical answer to "who registered this domain?" lived in WHOIS — a plain-text protocol from the early ARPANET, defined in RFC 3912, served over TCP port 43. Every registry returned its own ad-hoc free-form text; client tools like whois shipped TLD-specific parsing tables to make sense of the output.
That worked, but it had problems. There was no standard schema, no character-set discipline (Unicode handling was per-registry guesswork), no authentication (so registries couldn't return different data to different requesters), and no rate-limiting story. As GDPR-style privacy rules forced registries to redact personal data, the lack of structure made it impossible to mark which field had been redacted versus simply absent.
The IETF's response was RDAP, the Registration Data Access Protocol, defined across RFCs 7480–7484 and 9082–9083. RDAP is JSON over HTTPS — the same shape every modern web API uses — with a documented schema, standardized event types and status codes, explicit redaction markers, and an IANA-coordinated bootstrap registry that maps each TLD to its authoritative RDAP server. Since 2019, ICANN has required all gTLD registries and registrars to operate RDAP services.
This page calls those RDAP servers directly. The IANA bootstrap registry at data.iana.org/rdap/dns.json is fetched once per session (cached for 24 hours) to figure out which RDAP server handles each TLD; after that, a typed domain triggers exactly one fetch — to the appropriate registry — and the response carries everything you see above.
EPP status codes, briefly
The status field on a domain is a list of EPP (Extensible Provisioning Protocol) flags — the same flags registries use to talk to registrars about what is and isn't allowed on a name. ICANN publishes the full reference at icann.org/epp; the codes most often seen in the wild:
| Code | What it means |
|---|---|
| ok / active | No restrictions in place. The default state for a healthy registered domain. |
| clientTransferProhibited | The registrar prevents the domain from being transferred to another registrar — usually a default lock to block hijacking attempts. |
| clientUpdateProhibited | The registrar prevents updates to the domain's contact info, nameservers, or other fields. |
| clientDeleteProhibited | The registrar prevents the domain from being deleted. |
| clientHold | The registrar has paused the domain in DNS — nameservers are not delegated, so the domain doesn't resolve. Often a billing or abuse-response action. |
| serverTransferProhibited | The registry (one level above the registrar) prevents transfer. Usually a registry-level lock requested by the registrant. |
| serverHold | The registry has paused the domain in DNS. Often court-ordered or abuse-response. |
| inactive | No nameservers are delegated to the domain — it's registered but doesn't resolve. |
| pendingDelete | The domain is scheduled for deletion. Often follows the redemption-period grace window. |
| pendingTransfer | A transfer to another registrar is being processed. |
| pendingRenew | A renewal is being processed. |
| redemptionPeriod | The domain has been deleted but is in the 30-day window during which the previous registrant can pay to restore it. |
| addPeriod | A short refundable grace period right after registration. Allows registrars to undo a registration mistake. |
| autoRenewPeriod | The 45-day grace window after an automatic renewal during which the registrar can request a refund. |
"Client" prefix → the lock is set by the registrar (the company you bought the domain from). "Server" prefix → the lock is set by the registry (the company that operates the TLD itself, like Verisign for .com). Server-level locks are stronger — they require an out-of-band process to lift — and are sometimes set in response to court orders or as a defense against high-value-domain hijacking.
Why personal contact info is redacted
Until 2018, a WHOIS lookup typically returned the registrant's name, email, postal address, and phone number alongside the registrar and dates. That was a generation-defining design decision — ICANN's founding documents made WHOIS publicly accessible by policy — and a generation-defining mistake: it made every domain registration a public dossier, and it scaled into a spam-and-harassment vector once registrations went online.
When the EU's General Data Protection Regulation came into force in May 2018, ICANN issued a temporary specification for gTLD registration data requiring registrars to redact personal contact fields by default. The specification has been renewed repeatedly and is now effectively permanent. It applies to all gTLDs (and many ccTLDs follow the same approach) regardless of where the registrant lives — if you can't tell whether a registrant is an EU person, you redact for everyone.
What you still see: the registrar (the company the domain was bought from), the registration and expiration dates, the nameservers, the status flags, and (when present) an organization name on records belonging to a business registrant. What's hidden: registrant name, email, phone, address, and the equivalent fields for admin and technical contacts. There is a documented disclosure process for legitimate requesters (law enforcement, IP rights-holders) that goes through the registrar; it isn't a public lookup.
Some commercial WHOIS sites still display name and address fields by quietly cross-referencing pre-2018 cached scrapes. This page does not — the redaction is the registrant's right, and the live RDAP record is the source of truth.
What this page deliberately doesn't do
- No IP-WHOIS lookups. Looking up an IP address's holder, ASN, prefix, and registry is a different shape with different authoritative sources. That lives at /tools/asn/.
- No domain-availability checking. "Is this domain available to register?" is structurally a registrar-affiliate funnel, and affiliate offers aren't a thing on this site. Visitors who want to register a domain can use a registrar directly.
- No historical records. The "WHOIS history" feature on commercial sites is a paid scraped-database product, not part of the RDAP protocol. Live RDAP only.
- No personal-info reconstruction. Redacted fields stay redacted — the page does not cross-reference pre-GDPR snapshots to reveal them.
- No saved query history. The page keeps no record of what you looked up. There is no client-side storage of others' domains.
Live data via the IANA RDAP bootstrap registry and per-TLD RDAP servers operated by the registries themselves.