WHOIS MCP Server

WHOIS MCP server enabling AI agents to perform domain and IP WHOIS lookups — querying domain registration information (registrar, registrant, creation/expiry dates, nameservers), IP address ownership (ASN, organization, abuse contacts), and network range data. Useful for network investigation, security research, threat intelligence, and domain monitoring workflows.

Evaluated Mar 07, 2026 (0d ago) vcurrent

Homepage ↗ Repo ↗ Developer Tools whois domain dns mcp-server network security-research ip-lookup osint

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Public protocol. No credentials. Ethical use required. GDPR-aware: registrant data often redacted. Use for legitimate research only.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

A security analyst or network administrator needs to perform domain and IP reconnaissance as part of investigation, threat intelligence, or network monitoring workflows.

Avoid When

You need bulk WHOIS data at scale (use commercial WHOIS API providers), or need historical WHOIS records (use historical WHOIS services).

Use Cases

• Querying domain registration details for security investigation from threat intelligence agents
• Checking IP address ownership and ASN information from network security agents
• Monitoring domain expiration dates from domain management agents
• Investigating suspicious domains during incident response from SOC agents
• Gathering OSINT on threat actors' infrastructure from security research agents
• Verifying domain ownership for email security validation from email security agents

Not For

• GDPR-redacted WHOIS data (many European domains show redacted registrant info)
• Bulk domain enumeration at high volume without rate limiting
• Building spam or stalking tools — WHOIS data must be used ethically

Interface

REST API

GraphQL

gRPC

MCP Server

Yes ↗

SDK

Webhooks

Authentication

Methods: none

OAuth: No Scopes: No

No authentication for basic WHOIS lookups — WHOIS is a public protocol. Some WHOIS API providers require API keys for higher-rate or bulk lookups. Check which backend the MCP uses.

Pricing

Model: free

Free tier: Yes

Requires CC: No

WHOIS protocol is free. MCP server is free. High-volume use may need commercial WHOIS API (WHOISXML API, etc.).

Agent Metadata

Pagination

none

Idempotent

Full

Retry Guidance

Not documented

Known Gotchas

⚠ GDPR has led to redaction of registrant PII in many WHOIS records (RDAP replacing traditional WHOIS)
⚠ WHOIS format varies significantly by TLD — parsing output requires TLD-specific handling
⚠ Bulk WHOIS lookups are rate-limited by registries — implement delays between lookups
⚠ ccTLD registries (country domains) have different WHOIS servers — may need registry-specific queries
⚠ WHOIS data may be outdated — registration data can lag behind actual ownership changes
⚠ Some TLDs (some ccTLDs) don't provide public WHOIS access

Alternatives

shodan-mcp censys-mcp virustotal-mcp

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for WHOIS MCP Server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.