WHOIS lookup for domain

The following procedure tells you how to perform a WHOIS search for a domain.

To perform a WHOIS lookup for a domain:

  1. Open the WHOIS Lookup page (WHOIS Tracking (WHOIS icon.) → WHOIS Lookup), and then select the Domain tab.

    Required and optional fields will be displayed.

  2. Fill in at least one of the required fields:
    • Domain—Domain that you want to investigate.

      You can use special search characters (such as *, ~, and ^).

      Advanced searches can be performed only for ASCII domain names. A search for internationalized domain names (IDNs) may be proceeded incorrectly.

    • Contact—Name, email address, or organization name of any of the contacts (registrant, administrative, technical, billing, or zone) to which the domain belongs. Searches are word-based and case-insensitive.

      You can perform different types of searches.

    • Name server—Name server for the domain that you want to investigate.

      For name servers, the same types of search are possible as for domain names: exact matching, substring matching, and approximate string matching.

  3. If necessary, in the Advanced options section fill in the following fields:
    • Information checked date (range)—Date or period of time when the information about the domain was last updated in Kaspersky expert systems.
    • Creation date (range)—Date or period of time when the domain was created.
    • Expiration date (range)—Date or period of time when the domain expires.
    • Updated date (range)—Date or period of time when the domain was last updated in the registry.
  4. Click the Search button.

    Kaspersky Threat Intelligence Portal will display available results.

  5. If necessary, in the History table, click the Resend request button to repeat the WHOIS lookup search.

If more than 1000 results are available, Kaspersky Threat Intelligence Portal will ask you to narrow your search by filling in more fields and/or using date pickers.

Page top