Look up WHOIS and RDAP registration data in bulk, including registrar, expiry dates, domain status flags, nameservers, DNSSEC, contact summaries, abuse contacts, and optional raw RDAP JSON.
Use it for domain portfolio monitoring, SEO aged-domain research, brand protection, merchant risk checks, cybersecurity OSINT, and developer-friendly domain intelligence exports.
At a glance
- Bulk domain lookup: Paste domains, hostnames, or URLs and get one normalized output row per unique input domain.
- Registration details: Export registrar, IANA ID, creation date, update date, expiry date, statuses, and nameservers.
- Risk and compliance context: Review abuse contacts, DNSSEC delegation status, notices, and lookup errors.
- Raw RDAP option: Include the full RDAP JSON payload when you need auditability or custom downstream parsing.
- API-ready output: Download CSV/JSON/Excel exports or call the actor from Apify API, MCP, Make, Zapier, or agents.
What can it do?
WHOIS / RDAP Domain Lookup normalizes each input, calls public RDAP endpoints, and saves structured domain registration records to an Apify dataset.
- Normalize inputs: Accept bare domains, hostnames, or URLs such as
example.com,www.example.com/path, orhttps://example.com. - Fetch RDAP records: Query direct registry RDAP endpoints for common TLDs and fall back to
rdap.org. - Save success and error rows: Keep invalid domains, unsupported TLDs, timeouts, and registry failures visible in the dataset.
- Control reliability: Tune concurrency, retry count, and request timeout for registry rate limits.
- Export clean records: Use fields for registrar audits, expiry monitoring, nameserver inventories, risk checks, and dashboards.
Common workflows
- Domain portfolio expiry monitoring: Track
expiresAt,registrarName,statuses, andnameservers. - Brand protection: Check suspicious or lookalike domains for registrar, dates, and status flags.
- SEO aged-domain research: Compare domain creation dates, status flags, nameservers, and raw RDAP records.
- Merchant or vendor risk checks: Add domain age and registrar context to CRM, onboarding, or risk-review workflows.
- Security OSINT: Export RDAP records for domains related to investigations, phishing reports, or infrastructure mapping.
Example input
{
"domains": [
"example.com",
"iana.org",
"https://apify.com"
],
"includeRawRdap": true,
"maxConcurrency": 3,
"retryCount": 2,
"timeoutSecs": 20
}
Example output
{
"inputDomain": "example.com",
"normalizedDomain": "example.com",
"lookupUrl": "https://rdap.verisign.com/com/v1/domain/example.com",
"success": true,
"error": null,
"registrarName": "RESERVED-Internet Assigned Numbers Authority",
"registrarIanaId": "376",
"registrarAbuseEmail": null,
"statuses": ["client delete prohibited", "client transfer prohibited"],
"createdAt": "1995-08-14T04:00:00Z",
"updatedAt": "2024-08-14T07:01:39Z",
"expiresAt": "2026-08-13T04:00:00Z",
"nameservers": ["A.IANA-SERVERS.NET", "B.IANA-SERVERS.NET"],
"secureDnsDelegationSigned": true,
"contacts": [],
"notices": [],
"rawRdap": {}
}
Search and data tips
- Use bare domains when possible: URLs are accepted, but bare domains make input lists easier to review.
- Keep concurrency modest: Registries can rate-limit RDAP traffic; increase
maxConcurrencygradually. - Turn off raw RDAP for small exports: Set
includeRawRdaptofalsewhen you only need flat fields. - Check error rows: Invalid domains, unsupported TLDs, and temporary registry failures are visible in
successanderror. - Schedule expiry checks: Run the same list weekly or monthly to monitor renewal windows.
Limits and practical notes
- RDAP coverage varies by TLD and registry.
- Some registries redact contact details or do not publish dates in the same format.
contactssummarizes public RDAP entities; it is not a guaranteed lead/contact list.- WHOIS privacy and registry policy can leave registrar abuse or registrant fields empty.
- This actor does not bypass access controls or query private registrar accounts.
API usage
cURL
curl -X POST 'https://api.apify.com/v2/acts/fetch_cat~whois-rdap-domain-lookup/runs?token=YOUR_APIFY_TOKEN' \
-H 'Content-Type: application/json' \
-d '{"domains":["example.com","iana.org"],"includeRawRdap":false}'
Node.js
import { ApifyClient } from 'apify-client';
const client = new ApifyClient({ token: process.env.APIFY_TOKEN });
const run = await client.actor('fetch_cat/whois-rdap-domain-lookup').call({
domains: ['example.com', 'iana.org'],
includeRawRdap: false
});
const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);
Python
from apify_client import ApifyClient
import os
client = ApifyClient(os.environ["APIFY_TOKEN"])
run = client.actor("fetch_cat/whois-rdap-domain-lookup").call(run_input={
"domains": ["example.com", "iana.org"],
"includeRawRdap": False,
})
items = client.dataset(run["defaultDatasetId"]).list_items().items
print(items)
MCP and AI agents
Use this actor from MCP-compatible tools through Apify MCP Server.
MCP URL:
https://mcp.apify.com/?tools=fetch_cat/whois-rdap-domain-lookup
Example prompts:
- "Look up these domains and flag any that expire within 90 days."
- "Export registrar and nameserver data for this domain portfolio."
- "Check these suspicious domains and summarize creation dates and status flags."
Legality and responsible use
This actor queries public RDAP domain registration records.
Use the data responsibly, follow registry and Apify terms, and comply with privacy, anti-spam, security, and data-protection laws in your jurisdiction.
Support
Start with a few known domains, keep maxConcurrency low, and inspect success, error, lookupUrl, and rawRdap before scaling to larger domain lists.