How to Find Out Who Owns a Domain

WHOIS redaction changed the game — these are the methods that still work in 2026.

Updated June 2026 · Namizy Guides

Start with a free WHOIS/RDAP lookup
Registrar, dates, nameservers, status codes — structured registry data.
Open WHOIS Lookup →

What a lookup still tells you

Run any registered domain through the WHOIS lookup and you get the registrar (where the domain lives), creation and expiry dates (age and renewal runway), nameservers (who hosts it), DNSSEC status, and EPP status codes (locks, or expiry-pipeline stages like redemptionPeriod). Identity is redacted; infrastructure and lifecycle are not — and most practical questions are answerable from those.

Reaching the owner, step by step

(1) Visit the site — active sites have contact paths; even parked pages often show a "this domain is for sale" link. (2) Registrar relay — look up the registrar in WHOIS, find their "contact domain owner" form; most major registrars forward inquiries. (3) Historical WHOIS — domains registered before 2018 often have unredacted archival records in paid databases. (4) Broker — for serious acquisitions, a broker insulates you from anchoring the price against yourself. Never open with your budget; open with interest.

Reading the signals like a domainer

An expiry date a few weeks out plus no website and a parking nameserver = an owner who may not renew — add it to the expiry checker instead of overpaying now. A clientTransferProhibited lock with active mail servers = an actively managed corporate asset; expect end-user pricing if they'd sell at all. Registration in 1998 with stable nameservers = probably not for sale at any reasonable price. The metadata tells you how to negotiate before you ever make contact — and the appraisal tool tells you what's reasonable to offer.

Frequently asked questions

Why does WHOIS show 'REDACTED FOR PRIVACY' everywhere?

Since GDPR (2018), registries and registrars redact personal data by default for all registrants, not just EU ones — the compliance-safe choice. What remains public: registrar, registration/expiry dates, nameservers, status codes, and a registrar abuse contact. That's still enough for most due diligence.

How do I contact an owner to buy their domain?

In order of success rate: the website itself (contact form, email on site), the registrar's WHOIS contact-relay form (many forward messages to the registrant), a broker service for valuable names (registrar brokerage or independent brokers), and historical WHOIS data from before 2018 for older domains (paid services like DomainTools archive it).

Can nameservers reveal who runs a domain?

Often, indirectly. NS records expose the hosting or DNS provider (Cloudflare, AWS, a specific agency's infrastructure). Combined with reverse-IP lookups and shared analytics IDs, investigators frequently connect anonymous domains to operators — useful for due diligence, competitive research, or fraud investigation.

Is the owner's identity ever fully public?

Corporate registrants sometimes opt out of redaction or publish ownership deliberately. Country TLDs vary: some ccTLD registries (like .us) prohibit privacy services entirely, others redact everything. For .com/.net/.org assume redacted unless proven otherwise.