Lookup · live RDAP

Domain age checker

When was this domain registered, who's the current registrar, when does it expire, and what are its name servers? Live RDAP query against the responsible registry.

Works for .com, .org, .io, .dev, .ai, most ccTLDs

What domain age actually tells you

Every registered domain has a fixed registration date — the moment the registry first created the record. That date is published in the WHOIS / RDAP system, and barring deletion and re-registration, it never changes. The difference between then and now is the domain's age.

Age is a useful but easily-misread signal. Older domains are generally more trustworthy because the cost of registration and consistent renewal accumulates — fraudsters tend to register fresh disposable domains. A 15-year-old domain has been continuously renewed by someone who keeps caring about it. A 3-day-old domain claiming to be your bank is a strong red flag.

But age alone is far from definitive. Plenty of legitimate startups launch with brand-new domains. Plenty of long-established domains get sold to bad actors who squat on the existing age to build credibility. Always combine domain age with other signals: TLS certificate transparency, abuse history, hosting reputation, content quality.

What this tool returns

  • Registration date — when the domain was first created. Read as "the age of the domain."
  • Expiration date — when the current registration period ends. Domains in good standing get renewed before this; expired domains can be re-registered by anyone after a grace period.
  • Last changed — when something in the record was last updated. Doesn't mean the content changed; just the registry record.
  • Registrar — the ICANN-accredited company managing the registration. Common registrars: GoDaddy, Namecheap, Cloudflare Registrar, Squarespace, Porkbun, Google Domains (now Squarespace), Tucows.
  • Status flags — operational status of the registration.clientTransferProhibited is normal and means the owner has set a registrar lock; clientHold means the domain is suspended;redemptionPeriod means it just expired and there's a chance to recover.
  • Name servers — the authoritative DNS servers for the domain. Useful for inferring hosting: ns-cloudflare.com means Cloudflare,awsdns-* means Route53, etc.
  • DNSSEC signed — whether the domain has DNSSEC delegation in the parent zone (defense against DNS spoofing).

Why it sometimes returns less than expected

Different TLDs publish different amounts of RDAP data. The .com / .net / .org registries (Verisign / Public Interest Registry) return rich records. Many ccTLDs restrict access — .uk, .br, .jp, .de all redact most of the fields for privacy reasons. Registrar-level privacy services (Domains by Proxy, WhoisGuard, Cloudflare's automatic privacy) replace the registrant contact with a privacy proxy. The registration date usually survives, but contact details often don't.

If a lookup returns sparse data, the Wayback Machine (archive.org) is a good supplement: the earliest snapshot of a domain's content puts a lower bound on when the domain was active.

How RDAP is different from old-style WHOIS

Classic WHOIS uses port 43 with a free-form text response — every registrar formatted theirs differently, parsing was a perpetual hack. RDAP (RFC 7480 / 7481 / 9082, finalized 2015) replaces it with HTTPS-served JSON, structured fields, and a bootstrap registry that tells you which RDAP server serves which TLD. Lookups are reliable, machine-parseable, and authentication-aware. ICANN required registrars to deploy RDAP by 2023; modern registries all serve it.

IPFerret uses rdap.org as a redirector — a free service that implements the IANA bootstrap registry and chases the redirect to the authoritative TLD server, so we don't have to maintain that routing table ourselves.

Adjacent tools