WHOIS Replacement — RDAP-Powered Drop-In for Any TLD

WhoisXML is gated. Here's the RDAP-powered drop-in that works on any TLD.

For two decades, every domain-hunter script, brand-protection dashboard, security-ops playbook, SEO toolchain, DNS expiry monitor, cold-outreach CRM, and "who owns this site?" utility on the internet leaned on a handful of free or cheap WHOIS endpoints: the original port-43 WHOIS servers, the WhoisXML free tier, the RapidAPI WHOIS collection, the scrape-whois.com fallback. One by one, every single one of those pipes has been crimped: GDPR redactions (2018) stripped out registrant identity from every gTLD, the ICANN-mandated RDAP-over-WHOIS migration (2023-2024) broke every scraper that expected port-43 text, WhoisXML's "free tier" now caps at a nuisance-level quota and requires a payment method on file, and the RapidAPI WHOIS bundle limits you to 500 lookups/month with mandatory billing details. The "free WHOIS API" Google keeps surfacing in search results either 404s, 403s, or quietly returns an empty JSON stub.

This actor is the clean replacement. It speaks RDAP — the IETF-standardized, JSON-native successor to WHOIS — against the same IANA bootstrap registry the protocol designers published for exactly this purpose, and falls back to legacy WHOIS only for the long-tail ccTLDs that still haven't migrated. You get one consistent JSON schema across every TLD, regardless of which registrar served the data.

Zero auth. No API keys. No monthly minimum. You pay $0.005 per domain lookup via Apify's pay-per-event billing; the underlying RDAP data is free and public.

---

Why RDAP Is the Right Backend (and Why Your Existing Code Broke)

RDAP — the Registration Data Access Protocol, RFC 7480-7484 — is the IETF's JSON-native replacement for port-43 WHOIS. ICANN mandated RDAP support for all accredited gTLD registrars and registries starting August 2019 and declared RDAP the primary public lookup mechanism for gTLDs in 2023-2024. Port-43 WHOIS isn't gone yet, but it's officially deprecated, the output is structurally inconsistent (every registrar formats its text differently), and redacted fields now return a useless "REDACTED FOR PRIVACY" stub instead of real data.

RDAP fixes every one of those pain points:

• Structured JSON — events[], nameservers[], entities[], status[], publicIds[] — no regex-parsing of free-text text files.
• Standard discovery — the IANA bootstrap registry maps every TLD to its RDAP base URL. Every lookup starts by looking up the server for the TLD, then hitting {base}/domain/{domain}.
• Consistent identifiers — IANA Registrar ID as a first-class publicIds entry, vCard/jCard contact blocks with typed fields.
• HTTPS by default — no raw TCP/43 firewall exceptions, no "WHOIS returns 42 lines of English prose and a disclaimer."
• Globally deployed — Verisign (.com, .net), Afilias, Nominet, Donuts / Identity Digital, CentralNic, ICANN-accredited registrars, plus a growing set of ccTLDs all speak RDAP in 2025.

The problem is that most legacy client code was written before RDAP landed and assumes either (a) a scraped HTML page from whois.com / who.is, (b) a raw port-43 text response, or (c) one of the redirected-to-a-paywall "free" APIs. All three pipes broke over the last two years.

This actor is the glue layer: it hides the RDAP bootstrap dance, the jCard parsing, the vcardArray flattening, the event-action date mapping, and the rare-but-real ccTLD legacy fallback — and returns one consistent record for every domain.

---

Unified Output Schema

Every domain returns the same shape, whether it came from RDAP or the legacy fallback:

Field	Type	Description
domain	string	The domain that was looked up (normalized).
source	enum	rdap, whois, or error.
registrar_name	string or null	Registrar display name.
registrar_iana_id	string or null	IANA numeric registrar ID (RDAP only).
created_date	ISO-8601 or null	Domain registration/creation date.
updated_date	ISO-8601 or null	Last-changed date.
expires_date	ISO-8601 or null	Domain expiration date.
status	array of strings	EPP/RDAP status codes.
nameservers	array of strings	Authoritative NS hostnames, lowercased.
registrant_country	string or null	Often redacted post-GDPR.
registrant_organization	string or null	Often redacted post-GDPR.
admin_email	string or null	Often a privacy-proxy address.
raw_rdap	object or null	Full RDAP JSON, only when include_raw: true.
rdap_fallback_reason	string or null	Present only when we fell back to legacy WHOIS.

Redacted fields come back as null rather than the mess of "REDACTED FOR PRIVACY" / "GDPR Masked" / "Data Protected" strings that legacy WHOIS servers sprinkle in — so you can cleanly check if record["registrant_country"] is None without a regex over possible placeholders.

---

Quick Start

Bulk lookup via curl:

curl -X POST \
  "https://api.apify.com/v2/acts/nexgendata~whois-replacement/run-sync-get-dataset-items?token=YOUR_APIFY_TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "domains": ["google.com", "github.com", "stripe.com"],
    "include_raw": false,
    "timeout_seconds": 10
  }'

Python with the official client:

from apify_client import ApifyClient

client = ApifyClient("YOUR_APIFY_TOKEN")

run = client.actor("nexgendata/whois-replacement").call(run_input={
    "domains": ["google.com", "github.com", "example.co.uk"],
    "include_raw": False,
    "timeout_seconds": 10,
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item["domain"], "->", item["registrar_name"], "| expires:", item["expires_date"])

One PPE event fires per domain, so a 100-domain batch costs 100 × $0.005 = $0.50.

---

5 Real Use Cases

1. Domain-Expiry Monitoring for Your Brand Portfolio

You own 40 domains across .com, .io, .ai, .co, and a few ccTLDs. Feed the full list into this actor weekly, alert on any expires_date inside a 60-day window. Replaces the "we paid $49/mo to WhoisXML for a single-digit-domain portfolio" anti-pattern.

2. Brand-Protection / Typosquat Detection

Pipe a typo-generator feed (facebok.com, faceboook.com, faceboook.net, ...) into this actor; filter results where created_date is within the last 90 days and nameservers don't match your authoritative set. Cheap, evergreen brand-protection signal.

3. Cold-Outreach Enrichment for B2B Sales

For every domain in your CRM, pull the registrar_name and registrant_organization (when not redacted) plus created_date. Domain age is a real B2B signal — "company owns a 15-year-old .com" patterns differently than "company owns a 4-month-old .io." Feed the record into Clay, HubSpot, or your own scoring pipeline.

4. Security Ops: Newly-Registered-Domain Triage

Your SIEM flagged outbound traffic to weird-domain-xyz.net. Run one lookup, see created_date: 2025-02-14 and registrant_country: null. That's a three-week-old domain with redacted registrant — a classic phishing/C2 signal. This beats pasting the domain into whois.com by hand for every alert.

5. SEO / Link Audit Deduplication

You scraped 10,000 backlinks. Bulk-lookup to cluster them by registrant_organization (when disclosed) to spot link-farm networks that share an operator, or by nameservers tuple to find domains hosted together. RDAP exposes both cleanly.

---

WHOIS / WhoisXML Free vs This Actor vs the Paid Alternatives

Capability	WhoisXML Free Tier	whois.com Scrape	This actor (RDAP-first)	WhoisXML Paid ($49/mo+)	WhoXY ($2/1k)
Auth required	API key + payment method	None (until blocked)	No auth (via Apify token)	API key	API key
Monthly cap	Tight free ceiling	Rate-limited aggressively	None — pay per event	Tier-gated	Tier-gated
TLD coverage	gTLDs + common ccTLDs	Inconsistent (HTML changes)	Every RDAP-registered TLD + legacy fallback	Broad	Broad
Consistent schema	Yes	No (regex over HTML)	Yes, unified	Yes	Yes
Survives ICANN RDAP migration	Maintained	Breaks	Native RDAP	Maintained	Maintained
Raw RDAP available	No	N/A	Yes (opt-in)	Varies	No
Price per 1,000 lookups	N/A (free cap)	Free but unreliable	~$5 via PPE	~$8-$20	$2 bulk
Integrations	Paid-tier gated	None	Apify (Slack, Sheets, Zapier, webhooks)	Paid-tier gated	Paid-tier gated

WhoXY is cheaper per 1k — but you're paying for the convenience of a unified schema plus Apify's integration surface (Google Sheets, Slack, Zapier, Make, n8n, webhooks, scheduled runs), not raw WHOIS calls. If you need millions of lookups/month, talk to WhoXY directly. For every workload under that, this actor is the right tool.

---

Why Run This on NexGenData / Apify?

• Zero infra. No IANA bootstrap caching code, no jCard parser, no event-action date mapping, no python-whois fallback orchestration.
• Batch-friendly. Up to 100 domains per run — one PPE event per domain.
• Pay-per-event. No monthly seat. One domain is $0.005; a 100-domain batch is $0.50.
• Resilient. RDAP primary, legacy WHOIS automatic fallback; returns an error record rather than crashing the run when both fail.
• Integration-ready. Pipe to Google Sheets, Slack, Zapier, Make, n8n, or a webhook via standard Apify integrations.

---

FAQ

Q: Why is registrant_country / admin_email null for most domains? GDPR redactions. Since 2018, ICANN-accredited registrars redact personal registrant data for every gTLD by default. For domains owned by organizations that opted into public disclosure (many governments, large corporations, open-source projects), you'll get real values. For everything else, expect nulls — and be glad we return null instead of the legacy "REDACTED FOR PRIVACY" text soup.

Q: Does this work for ccTLDs like .co.uk, .de, .fr? Many yes, some no. The UK's Nominet, Germany's DENIC, France's AFNIC, and the Dutch SIDN all speak RDAP in 2025. Some smaller ccTLDs haven't migrated — for those we fall back to legacy port-43 WHOIS via the python-whois library, and you'll see "source": "whois" on the record.

Q: How fresh is the data? RDAP responses reflect the registry's current state — same freshness as the registrar's own dashboard. Some registries cache aggressively (1-hour TTLs are typical), so a freshly-transferred domain may show old registrar info for a short window.

Q: What's the rate limit? RDAP servers enforce per-IP limits — typically 10-60 req/minute. This actor lookups sequentially with default timeouts sized for stable operation. For 10,000+ domain batches, split into multiple runs with a gap between them.

Q: Can I get the raw RDAP JSON? Yes — set include_raw: true and every record includes a raw_rdap field with the full RDAP response (entities[], events[], publicIds[], notices[], everything). Useful when you need a field we don't surface by default.

---

Related tools in the NexGenData suite

• wappalyzer-replacement — Detect the tech stack of any domain (CMS, framework, analytics, CDN). Pairs with WHOIS to build full tech-OSINT profiles.
• tranco-rank-lookup — Academic, free Alexa Rank replacement. Cross-reference your WHOIS list against domain popularity.
• company-data-aggregator — Bulk company profile from WHOIS, DNS, SSL, GitHub — the enterprise-bundle upsell of this actor.
• dns-propagation-checker — Verify A / AAAA / NS / MX across global resolvers. Use alongside WHOIS when domains move between registrars.

Built by NexGenData — more "killed API, reborn cheaper" actors at apify.com/nexgendata