How to Find Who Owns a Domain

Nathan ColeBy Nathan Cole, Security Researcher · Updated 2026-06-02

Part of our guide to WHOIS Explained: How to Look Up Who Owns a Domain.

To find who owns a domain, run a WHOIS or RDAP lookup as your first step. That single query returns the registrar, the registration and expiry dates, the name servers, and, when the owner has not enabled privacy protection, a name, organization, email address, and mailing address. If you have never run one before, the pillar guide on WHOIS explained walks through the format and what each line means.

The catch is that many records today are redacted, so the contact fields read "REDACTED FOR PRIVACY" or point to a proxy service rather than a person. That does not mean the trail ends. Plenty of useful data stays visible even on a private record, and there are several legitimate routes to reach the actual owner. The sections below cover both, and the companion guide WHOIS explained gives the broader context for why some fields disappear.

Start with a WHOIS or RDAP lookup

WHOIS is the original protocol for querying domain registration data, defined back in RFC 3912. RDAP (Registration Data Access Protocol) is its modern successor, returning structured JSON instead of free-form text. Both answer the same question: who registered this name and through whom.

The fastest neutral starting point is ICANN's official lookup tool, which queries authoritative registry and registrar data directly. Run the domain through it, or use the tool at the root of this site, and read the result top to bottom.

What you can still see when a record is redacted

Privacy protection hides personal contact fields. It rarely hides the operational data, and that data is often enough to make progress.

Field Usually visible when redacted? Why it helps
Registrar Yes Tells you which company to contact for relay
Creation date Yes Shows how long the owner has held the name
Expiry date Yes Hints at whether the name may soon drop
Name servers Yes Reveals the DNS or hosting provider
Registrant name and email No, replaced by a proxy Personal data is masked

The registrar and name servers matter most. The registrar is your channel for relaying a message, and the name servers frequently point to a host or platform that can confirm an active operator.

Five ways to reach the owner anyway

  1. Registrar relay. Most registrars publish an abuse or owner-contact form. You submit a message, and they forward it to the registrant without exposing the address. Spam and trademark complaints have dedicated channels here.
  2. The domain's own contact form. If a live website sits on the domain, its contact page, about page, or footer often names the operator directly. The simplest answer is sometimes on the homepage.
  3. RDAP. When a WHOIS web page strips a field for display, the raw RDAP response occasionally still carries an abuse or technical contact. Query RDAP directly and read the full JSON.
  4. Proxy or privacy service message. Records under a privacy service usually list a forwarding email or a unique alias at the proxy's domain. Mail sent there is passed along by the provider.
  5. Formal legal routes. For trademark disputes, an ICANN UDRP filing can compel disclosure. For litigation, a subpoena to the registrar obtains the underlying registrant data.

A note on intent

Looking up ownership and reaching out is legitimate. People buy domains from each other constantly, report abuse, resolve trademark conflicts, and pitch partnerships. Keep the contact relevant and avoid bulk or automated outreach, since anti-spam rules still apply to anything you harvest. Treat a redacted record as a privacy choice to respect, not a wall to climb over.

For more on why so many records hide personal data, see WHOIS privacy explained. To interpret every line of a raw result, read how to read a WHOIS record.

Run a lookup now

Curious who is behind a specific name? Run a free WHOIS lookup from the home page and see the registrar, dates, name servers, and any public contact details in seconds.

Frequently asked questions

How do I find out who owns a domain?

Run a WHOIS or RDAP lookup on the domain. That query returns the registrar, registration and expiry dates, and the name servers. If the registrant's personal details are public, you will see a name, organization, email, and address too.

Can I find the owner if WHOIS is private?

Often yes, indirectly. Use the registrar's abuse or contact form to relay a message, try RDAP for any fields the WHOIS page hides, check the website itself for a contact page, and for legal disputes pursue formal channels like a subpoena or an ICANN UDRP filing.

Is it legal to look up domain ownership?

Yes. WHOIS and RDAP are public lookup systems built into how domains work, and querying them is completely legal. What you do with the data is governed by anti-spam and privacy laws, so use it responsibly.

Related guides

  • WHOIS Privacy: What It Is and Whether You Need ItWHOIS privacy (also called domain privacy or a proxy service) hides your personal contact details from public WHOIS. Here's how it works and when to use it.
  • How to Read a WHOIS RecordA field-by-field guide to reading a WHOIS record, including registrar info, the key dates, name servers, and what the EPP status codes mean.