Building a WHOIS Lookup Tool

March 10, 2026 · 3 min · Whois Wolf

What Is Whois Wolf?

Whois Wolf is a WHOIS lookup tool that retrieves registration details for any domain name. Enter a domain and see when it was registered, when it expires, who the registrar is, what nameservers it uses, and available contact information for the registrant.

It is useful for checking domain availability, verifying ownership, monitoring expiration dates, and investigating unfamiliar domains.

Architecture Overview

WHOIS Lookup Request
  -> CloudFront (static frontend)
    -> API Gateway
      -> Lambda (WHOIS query)
        -> Determine correct WHOIS server for TLD
        -> TCP connection to WHOIS server (port 43)
        -> Parse raw WHOIS response
          -> Return structured JSON

TLD Mapping
  -> Lambda loads TLD-to-WHOIS-server mapping
    -> .com -> whois.verisign-grs.com
    -> .org -> whois.pir.org
    -> .io  -> whois.nic.io

WHOIS is a protocol, not an API. The Lambda function opens a raw TCP connection to the appropriate WHOIS server for the domain's TLD, sends the query, and reads the response. Because every registrar formats their WHOIS output differently, the parser handles dozens of response formats to extract consistent fields.

Parsing Unstructured Data

The biggest challenge with WHOIS is that responses are free-form text with no standard structure. A .com domain returns data in a completely different format than a .de or .jp domain. Whois Wolf uses pattern matching against known registrar formats to extract key fields: registrar name, creation date, expiration date, updated date, nameservers, and status codes.

When a format is not recognized, the tool falls back to displaying the raw WHOIS text so the user still gets useful information.

Domain Status and Expiration

WHOIS responses include EPP status codes like clientTransferProhibited or serverDeleteProhibited that indicate what actions are allowed on a domain. Whois Wolf decodes these codes into plain language so users understand whether a domain is locked, pending transfer, or in a redemption period.

Expiration dates are parsed and displayed with a clear countdown showing days remaining. This makes it easy to monitor domains you own or watch domains you are interested in acquiring.