Every domain name registered on the internet is attached to a record in a public database. The owner can pay to hide their personal contact information — but they cannot hide everything. Registration date, expiry date, registrar, country, name servers: all publicly accessible, free, in seconds. These are the data points that separate a 15-year-old established business from a fraud site registered last week.
The Website Looks Real. The Owner Is Hidden. Here's How to Find Out What You Actually Can.
Every domain name registered on the internet is attached to a record in a public database. The owner can pay to hide their personal contact information — a legitimate practice that most site operators use — but they cannot hide everything. Registration date, expiry date, registrar, country, name servers: all publicly accessible, free, in seconds.
These are the data points that separate a 15-year-old established business from a fraud site registered last week. They are the first things investigators check when a website is involved in a complaint. And they are available to anyone with an internet connection.
"The pattern in online shopping fraud is nearly always the same: recently registered domain, short expiry, privacy protection masking registration country, and a registrar that appears frequently in our case database. None of this requires sophisticated tools to find. A basic WHOIS lookup available to anyone catches the most critical red flags in under 30 seconds. The victims we talk to almost uniformly say they wish they had known to check."
— Patricia Chen, Lead Financial Fraud Investigator, E-Commerce Fraud Prevention Unit
What WHOIS Actually Is and Why It Exists
WHOIS (pronounced "who is") is a query-and-response protocol that provides information about internet resources — primarily domain names. When someone registers a domain, they provide contact information that is stored in a registry database. WHOIS allows anyone to query that database.
The system exists because the internet's original governance structure required accountability. If someone were misusing a domain — for spam, fraud, or trademark infringement — there needed to be a way to identify who to contact. That requirement still exists, even as privacy protections have evolved to allow owners to hide personal details behind their registrar's contact information.
What privacy protection does: hides the registrant's name, email, phone, and mailing address, replacing them with generic registrar contact details.
What privacy protection does NOT hide: registration date, expiry date, registrar name, country of registration, name servers, domain status codes.
The second list is, for practical fraud detection purposes, more useful than the first.
How to Read a WHOIS Record — What Each Field Actually Means
Creation Date / Registered On: When the domain was first registered. The single most important field for fraud assessment. Legitimate businesses do not register domains days before soliciting customers. "Created: 2026-04-15" on a site claiming to be an established retailer is a definitive red flag.
Expiry Date / Expires On: When the registration lapses if not renewed. Scam sites typically register for one year — minimum commitment, maximum flexibility to disappear. Legitimate businesses often register for 2, 5, or 10 years. An expiry date in the near future means the owner is not planning long-term.
Updated Date: The last time registration information was modified. A domain created years ago but updated very recently may have changed hands. The new owner's intentions may differ entirely from the original registration purpose.
Registrar: The company that sold the domain registration. Different registrars have different verification policies and fraud rates. Some registrars appear repeatedly in fraud investigations due to low verification standards.
Registrant Country: Often visible even with privacy protection. A "US company" with a domain registered in a jurisdiction with no consumer protection enforcement warrants additional scrutiny.
Name Servers: The DNS providers managing the domain's records. Reveals hosting indirectly. Cross-reference with our DNS Lookup for detailed technical records.
Domain Status Codes: clientTransferProhibited (domain locked against transfer — good security practice), clientDeleteProhibited (locked against deletion), pendingDelete (expired domain in grace period), redemptionPeriod (expired, nearing public release), clientHold (suspended, often for abuse).
Step-by-Step: How to Check Any Website's Owner
- Visit tracemyiponline.com/whois-lookup
- Enter just the domain name — no "https://" or "www" needed. Example: "amazon.com" not "https://www.amazon.com"
- Results load within seconds, directly from the registry database
- Check: registration date, expiry date, registrar, country, and name servers
- For deeper investigation: cross-reference the name servers with our DNS Lookup and check the IP with our IP Lookup
No account required. Works for all major domain extensions: .com, .net, .org, .uk, .ca, .au, .io, and hundreds more.
Before vs After: WHOIS Prevents Three Types of Common Fraud
Fake e-commerce scenario: Online store selling Nike trainers at 60% off, professional-looking site with SSL certificate and customer reviews. WHOIS check: Created 18 days ago. Expires in 11 months. Registrant country: Hidden behind privacy. Registrar: Known for high fraud volume. Verdict: Do not purchase. The site matches every pattern of a short-term fraud operation. ❌
Fake job posting scenario: Company claiming to be a US staffing firm offering remote work, requesting personal documents and bank details for "payroll setup." WHOIS check: Domain created 3 weeks ago. Registrant country: Eastern Europe. Name servers: Cheap shared hosting. No match to any legitimate business of that name. Verdict: Employment fraud. ❌
Legitimate contract partner verification: Small business verifying a new supplier before committing to a significant order. WHOIS check: Domain created 2011. Expires 2027. Registrant: Company name visible, matches registration with Companies House. Name servers: Professional hosting provider. Domain status: clientTransferProhibited (locked). Verdict: Established business, proceed with normal due diligence. ✅
For California and New York Consumers: WHOIS and Consumer Protection
California loses more to online shopping fraud than any other US state in absolute dollar terms — a function of population size and high e-commerce spending. The California Attorney General's Consumer Alerts regularly advise checking website legitimacy before purchasing, and domain age verification through WHOIS is specifically recommended in their online shopping guidance.
California's CPRA created the California Privacy Protection Agency, which among other functions investigates data breaches — many of which originate from users providing data to fraudulent sites they could have verified in seconds. New York's Consumer Protection Division similarly sees a high volume of online fraud complaints where domain age check would have prevented the loss.
For purchases over $100 from any site you have not previously used, 30 seconds at tracemyiponline.com/whois-lookup is worth the time. Also scan the URL at our URL Scanner before entering payment details.
For London and UK Users: WHOIS and Action Fraud Recommendations
Action Fraud's annual fraud prevention campaign consistently includes domain age checking as a recommended consumer behavior. UK Finance's "Take Five" campaign — the UK's national anti-fraud initiative — specifically advises verifying website legitimacy before any financial transaction, and WHOIS is the most direct tool for this.
The UK's National Trading Standards e-Crime Team (NTSeCT) investigates online retail fraud and regularly uses WHOIS data in building cases. When London, Manchester, or Birmingham residents report online fraud to Action Fraud, investigators' first checks include the domain registration record. The public has access to the same data at tracemyiponline.com/whois-lookup.
For Toronto and Ontario Users: WHOIS and the CAFC
The Canadian Anti-Fraud Centre's "Little Black Book of Scams" — the RCMP's definitive consumer fraud guide — includes checking website registration dates as a fraud prevention step. Ontario consistently reports the highest volume of online shopping fraud cases in Canada, with Greater Toronto Area residents particularly targeted during high-shopping periods.
For Canadians: the CAFC Fraud Reporting System (antifraudcentre.ca) accepts reports with supporting documentation, including WHOIS results and IP lookup data. Building this evidence before reporting strengthens the investigation file. Our WHOIS tool is free, and our IP Lookup completes the evidence package.
For Sydney and Australian Users: WHOIS and Scamwatch Guidance
The ACCC's Scamwatch guidance on online shopping safety explicitly states: "Check when the website was registered — scam websites are often very new." This is WHOIS lookup in plain language. Australia's record AUD $2.74 billion in scam losses in 2025 included substantial amounts lost to fake online stores that a basic domain check would have flagged.
Scamwatch (scamwatch.gov.au) accepts fraud reports with supporting evidence. For Australian consumers who discover they have been defrauded through a fake site, preserving the WHOIS record alongside screenshots and payment records is the evidence package investigators need. Run the check first at tracemyiponline.com/whois-lookup — before you pay, ideally.
When WHOIS Is Not Enough — Extending the Investigation
WHOIS is the starting point, not the complete picture. For thorough verification, layer these checks:
DNS Lookup: Checks mail server records (MX), security records (SPF, DKIM, DMARC), and technical configuration. A site claiming to be a major retailer with no proper email authentication records fails basic legitimacy tests. Use our DNS Lookup.
Reverse IP Lookup: Reveals what other domains share the same server IP. A "professional business" sharing server space with 400 other domains including obvious spam sites has an IP neighborhood problem. Use our Reverse IP Lookup.
IP Blacklist Check: Checks whether the site's server IP appears on spam or malware blacklists. Use our Blacklist Checker.
URL Scanner: Checks the actual URL against threat intelligence databases for known phishing or malware flags. Use our URL Scanner.
All four checks together take under two minutes. All are free at TraceMyIPOnline.com.
Domain Investing: WHOIS as a Business Tool
Beyond fraud prevention, WHOIS is the foundation of domain investing — monitoring valuable domains approaching expiry to register them when they become available. Domains with strong keywords, established age, existing backlinks, or previously known brands can be registered at standard cost ($10-15) and resold for multiples.
The process: identify target keyword categories, monitor expiry dates via WHOIS, place backorders through domain registrars, attempt registration when the domain enters the drop phase. Our WHOIS tool provides the expiry dates needed for monitoring — free and unlimited lookups.
Frequently Asked Questions
Is the WHOIS Lookup completely free?
Yes — 100% free, no signup, no limits. Run as many lookups as you need at tracemyiponline.com/whois-lookup.
A site has privacy protection — does that mean it's suspicious?
Privacy protection on WHOIS records is completely standard and used by the majority of legitimate site operators. It hides personal contact details but leaves the most important fraud indicators — registration date, expiry, registrar, country — visible.
How recent does a registration date need to be to be suspicious?
Context matters. For a site soliciting payment: under 30 days is very high risk, under 3 months warrants additional checks, under 1 year is worth noting. For informational sites: newer domains are less concerning. The combination of new domain + payment request + deal-that-seems-too-good is the pattern to watch for.
Can I find the actual name of the domain owner?
Only if they have not enabled privacy protection. Most domain owners do use privacy protection, so direct identification through WHOIS is uncommon. The registrar has the real contact information and can be required to disclose it under legal process.
I want to buy a domain from its current owner. How do I contact them?
Even with privacy protection, domain registrars typically provide a contact form that forwards messages to the owner anonymously. You can also use domain broker services (Sedo, Afternic) to negotiate purchases on your behalf.
What does "Redemption Period" mean in a WHOIS status?
After a domain expires, there is a grace period (typically 30 days) where the original registrant can renew. If they do not, the domain enters redemption period (another 30 days) where renewal costs significantly more. After that, the domain enters pending delete and is released for public registration.
Can I check country code domains like .uk or .ca?
Yes — WHOIS works for all major domain extensions. Country code domains (.uk, .ca, .au, .de) have their own registries with their own WHOIS data, though the format and available fields vary by registry.
A Habit Worth Building
Checking WHOIS before purchasing from an unfamiliar site, before responding to an unsolicited business email, or before providing personal information to a service you have not used before is a habit that takes 30 seconds and has a meaningful impact on fraud risk.
The fraudulent sites that cause the most damage are the ones that look convincing enough that victims do not think to check. The domain registration record does not care how convincing the site looks — a 12-day-old domain is a 12-day-old domain regardless of the professional branding overlaid on it.
Start at tracemyiponline.com/whois-lookup. Complete the check with our URL Scanner, DNS Lookup, and Blacklist Checker. All free, all no signup.