Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages AI Deep Research
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Attack Surface Discovery API
Attack Surface Discovery API

Uncover entire attack surfaces with this API to embed asset discovery, vulnerability scanning, and technology metadata into your platform. Now in early access.

MCP Server
MCP Server

Talk to our APIs using LLMs. Connect your preferred LLM to WhoisXML API and simply chat about WHOIS, DNS, threat intelligence, and more.

Jake AI
Jake AI

I’m your Domain Intelligence Assistant. I make it easy to explore WHOIS, DNS, and threat data from WhoisXML API — I’m cloud-based, fast, and always ready to help.

WhoisXML API Domain Intelligence Advisor (via ChatGPT)
WhoisXML API Domain Intelligence Advisor (via ChatGPT)

A custom GPT for WHOIS, DNS, IP, and threat intelligence research. Connects ChatGPT directly to WhoisXML API to enable fast, conversational investigations and domain insights.

Discover what you really pay for when buying commercial Internet intelligence data.

Download now
×
Contact Us
Specifications Pricing Blog

Product Blog

December 2025: Domain Activity Highlights

WhoisXML API analyzed 10.2+ million domains registered between 1 and 31 December 2025 to identify the most popular registrars, TLD extensions, and other global domain registration trends. This number rose by 16.9% from 8.7+ million NRDs last month.

We also determined the top TLD extensions used by 27.3+ billion domains from our DNS database’s A record full file dated 4 December 2025, indicating a 14.6% drop from November’s 31.9+ billion domains.

Next, we studied the top TLDs of 1.1+ million domains, up by 5.0% from 1.0+ million in November, detected as IoCs this month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Continue reading

November 2025: Domain Activity Highlights

WhoisXML API analyzed 8.7+ million domains registered between 1 and 30 November 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends. This number dropped 8.7% from 9.6+ million last month.

We also determined the top TLD extensions used by 31.9+ billion domains from our DNS database’s A record full file dated 6 November 2025, indicating a 17.5% drop from October’s 38.7+ billion domains.

Next, we studied the top TLDs of 1.0+ million domains, down from 1.1+ million in October, detected as indicators of compromise (IoCs) this month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Continue reading

October 2025: Domain Activity Highlights

WhoisXML API analyzed 9.6+ million domains registered between 1 and 31 October 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 38.7+ billion domains from our DNS database’s A record full file dated 4 October 2025.

Next, we studied the top TLDs of 1.1+ million domains detected as indicators of compromise (IoCs) this month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Continue reading

September 2025: Domain Activity Highlights

WhoisXML API analyzed 8.7+ million domains registered between 1 and 30 September 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 42.1+ billion domains from our DNS database’s A record full file dated 4 September 2025.

Next, we studied the top TLDs of 1.0+ million domains detected as indicators of compromise (IoCs) this month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Continue reading

August 2025: Domain Activity Highlights

WhoisXML API analyzed 8.5+ million domains registered between 1 and 31 August 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 45.1+ billion domains from our DNS database’s A record full file dated 7 August 2025.

Next, we studied the top TLDs of 1.0+ million domains detected as indicators of compromise (IoCs) this August.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Continue reading

July 2025: Domain Activity Highlights

WhoisXML API analyzed 8.3+ million domains registered between 1 and 31 July 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 49.3+ billion domains from our DNS database’s A record full file dated 3 July 2025.

Next, we studied the top TLDs of 1.1+ million domains detected as indicators of compromise (IoCs) this July.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Continue reading

June 2025: Domain Activity Highlights

WhoisXML API analyzed 9.8+ million domains registered between 1 and 30 June 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 51.7+ billion domains from our DNS database’s A record full file dated 5 June 2025.

Next, we studied the top TLDs of 1.0+ million domains detected as indicators of compromise (IoCs) this June.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

May 2025: Domain Activity Highlights

The WhoisXML API research team analyzed 8.5+ million domains registered between 1 and 31 May 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 54.6+ billion domains from our DNS database’s A record full file dated 1 May 2025.

Next, we studied the top TLDs of 1.3+ million domains detected as indicators of compromise (IoCs) this May.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

April 2025: Domain Activity Highlights

The WhoisXML API research team analyzed 7.6+ million domains registered between 1 and 30 April 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 55.8+ billion domains from our DNS database’s A record full file dated 3 April 2025.

Next, we studied the top TLDs of 1.5+ million domains detected as indicators of compromise (IoCs) this April.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

Newly Registered Domains (NRD) Data Feed Now Offers Up to One Year of Historical Files

We are excited to share that Enterprise and Ultimate subscribers of the Newly Registered Domains (NRD) Data Feed will now have access to past data feed files, giving security professionals deeper context to help trace threat patterns and evolution. 

In particular, NRD Enterprise users can access files produced in the past 30 days from their subscription date, while NRD Ultimate users can go as far back as 365 days. With this new enhancement, WhoisXML API users can now use NRD data feeds to:

Continue reading

March 2025: Domain Activity Highlights

The WhoisXML API research team analyzed 8.2+ million domains registered between 1 and 31 March 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 59.2+ billion domains from our DNS database’s A record full file dated 6 March 2025.

Next, we studied the top TLDs of 1.1+ million domains detected as indicators of compromise (IoCs) this March.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

February 2025: Domain Activity Highlights

The WhoisXML API research team analyzed 7.5+ million domains registered between 1 and 28 February 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 62.1+ billion domains from our DNS database’s A record full file dated 6 February 2025.

Next, we studied the top TLDs of 1.0+ million domains detected as indicators of compromise (IoCs) this February.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

January 2025: Domain Activity Highlights

The WhoisXML API research team analyzed 7.6+ million domains registered between 1 and 31 January 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 61.2+ billion domains from our DNS database’s A record full file released in the same month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

December 2024: Domain Activity Highlights

The WhoisXML API research team analyzed 7.9+ million domains registered between 1 and 31 December 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 60.1+ billion domains from our DNS database’s A record full file released in the same month.

Next, we studied the top TLDs of 1.3+ million domains detected as indicators of compromise (IoCs) in December.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

November 2024: Domain Activity Highlights

The WhoisXML API research team analyzed 8.2 million domains registered between 1 and 30 November 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 59.6 billion domains from our DNS database’s A record full file released in the same month.

Next, we studied the top TLDs of 1.1 million domains detected as indicators of compromise (IoCs) in November.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

October 2024: Domain Activity Highlights

The WhoisXML API research team analyzed more than 8.2 million domains registered between 1 and 31 October 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by the more than 57.4 billion domains from our DNS database’s A record full file released in the same month.

Next, we studied the top TLDs of more than 1.0 million domains detected as indicators of compromise (IoCs) in October.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

September 2024: Domain Activity Highlights

The WhoisXML API research team analyzed more than 7.1 million domains registered between 1 and 30 September 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by the more than 60.1 billion domains from our DNS database’s A record full file released in the same month.

Next, we studied the top TLDs and associated threat types of more than 1.0 million domains detected as indicators of compromise (IoCs) in September.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

August 2024: Domain Activity Highlights

The WhoisXML API research team analyzed more than 7.4 million domains registered between 1 and 31 August 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by the more than 59.2 billion domains from our DNS database’s A record full file released in the same month.

Next, we studied the top TLDs and associated threat types of more than 1.0 million domains detected as indicators of compromise (IoCs) in August.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

July 2024: Domain Activity Highlights

The WhoisXML API research team analyzed more than 7.3 million domains registered between 1 and 31 July 2024 in this post to identify five of the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top 5 TLD extensions used by the more than 58.1 billion domains from our DNS database’s A record full file released in July 2024.

Next, we studied the top 5 TLDs and associated threat types of more than 1 million domains detected as indicators of compromise (IoCs) in the same month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

Domains Only Data Feed Is Now Available for Newly Registered Domains Ultimate Users

A new type of data feed has been made available for users with a Newly Registered Domains (NRD) Database Ultimate subscription, allowing them to obtain new domain intelligence faster. 

Specifically, the new Domains Only data feed gives access to files containing all domains from the Ultimate data feed, along with those added to or deleted from a given day’s zone files compared with the previous day.

Continue reading

June 2024: Domain Activity Highlights

The WhoisXML API research team analyzed more than 7.5 million domains registered between 1 and 30 June 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

After that, we determined the top TLD extensions used by the more than 58.2 billion domains from our DNS database’s A record full file released in June 2024.

We also studied the top TLDs and associated threat types of more than 1.1 million domains detected as indicators of compromise (IoCs) in June.

Finally, we summarized the findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

May 2024: Domain Activity Highlights

WhoisXML API researchers analyzed more than 7.4 million domains registered between 1 and 31 May 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also studied the top TLDs and associated threat types of more than 1 million domains detected as indicators of compromise (IoCs) in May.

Finally, we summarized the findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.

Continue reading

April 2024: Domain Activity Highlights

WhoisXML API researchers analyzed more than 6.6 million domains registered between 1 and 30 April 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and  other global domain registration trends.

We also studied the top TLDs and associated threat type breakdown of more than 1.1 million domains detected as indicators of compromise (IoCs) in April.

Finally, we summarized the findings and provided links to the threat reports produced during the period with the aid of DNS, IP, and domain intelligence sources.

Continue reading

March 2024: Domain Activity Highlights

WhoisXML API researchers analyzed more than 7.3 million domains registered between 1 and 31 March 2024 to identify global domain registration trends, including the most popular registrars, registrant countries, and top-level domain (TLD) extensions.

We also studied the TLD usage and associated threat type breakdown of more than 1.1 million domains detected as indicators of compromise (IoCs) in March.

Finally, we summarized the findings and provided links to the threat reports produced during the period with the aid of DNS, IP, and domain intelligence sources.

Continue reading
WhoisXML API Launches Newly Registered Domains Feed (Community Edition) on Snowflake Marketplace

WhoisXML API Launches Newly Registered Domains Feed (Community Edition) on Snowflake Marketplace

WhoisXML API recently launched Newly Registered Domains Feed (Community Edition) on Snowflake Marketplace. Newly Registered Domains Feed (Community Edition) availability on Snowflake Marketplace will enable joint customers to access up to 10,000 NRDs per day and view 30 days’ worth of historical data.

Continue reading

Newly Registered Domains (NRD) 2.0 vs. 1.0: What Has Changed?

WhoisXML API has significantly improved its Newly Registered Domains (NRD) service, leading to the introduction of NRD 2.0 and phasing out of NRD 1.0 with end of service (EOS) and end of life (EOL) scheduled respectively on 1 March 2024 and 31 December 2024.

Among other enhancements, new domain activities that are monitored now not only span “added” and “dropped” domains but also “updated” and “discovered” domains. Below is an overview of NRD 2.0’s technical benefits.

Continue reading

Newly Registered Domains V2 (NRD2) Top ccTLD Coverage Increased by 154% in 2023

WhoisXML API continues to improve its products and services as part of its commitment to a safer and more transparent Internet through the delivery of high-quality and reliable domain, IP, and DNS intelligence sources.

Among our most recent developments is the massive increase in the country-code top-level domain (ccTLD) coverage of the Newly Registered Domains V2 (NRD2) Data Feed. Specifically, we recorded a 153.95% increase in the number of domain activity for the top 10 ccTLDs in 2023 compared to 2022.

Continue reading

Importing NRD2 Data Feed to GCP

The intention of this document is to show you the basics of how to download the WhoisXML API's NRD2 data feed provided by WhoisXML API to a GCP Cloud Storage bucket by leveraging a serverless Cloud Functions.  GCP Cloud Functions acts as a serverless compute service that allows you to write and execute code without provisioning or managing servers.  GCP Cloud Storage is an object storage service for storing and retrieving files.  This document will guide you through the process of configuring both GCP Cloud Functions and a GCP Cloud Storage bucket.  

Continue reading

Importing NRD2 Data Feed to AWS S3

The intention of this document is to show you the basics of how to download the WhoisXML API's NRD2 data feed provided by WhoisXML API to an AWS S3 bucket by leveraging a serverless Lambda function. AWS Lambda functions act as a serverless compute service that allows you to write and execute code without provisioning or managing servers. AWS S3 is an object storage service for storing and retrieving files. This document will guide you through the process of configuring both AWS Lambda and an AWS S3 bucket.  

Continue reading

Newly Registered Domains (NRD2) Coverage Increased by 89% in 2023

As part of WhoisXML API’s efforts to continuously improve its products and services, the coverage and quality of the Newly Registered Domains (NRD2) Data Feed significantly improved over the past months. More precisely, the latest Q3 2023 measurements show that the data feed’s coverage increased by 89% since the last quarter of 2022.

Continue reading

Important Product Announcement—NRD 1.0 End of Life (EOL) and Migration to NRD 2.0

Within the next months, we will stop supporting Newly Registered Domain (NRD) 1.0 and steadily continue user migration to NRD 2.0, an upgraded version with more comprehensive data coverage and event monitoring than ever before.

Continue reading
Just-Dropped Domains: How Do You Find Them?

Just-Dropped Domains: How Do You Find Them?

Domain names go through a life cycle that begins during their registration and ends when they expire. The minimum domain registration period usually lasts one year. After that, owners or registrants must go through the renewal process unless they opt for automatic renewal that many registrars offer. That said, many domains could still end up on just-dropped domain lists for the following reasons:

  • Their owners no longer need them.
  • Their owners forgot to renew their registration.

Regardless of the reason, monitoring them can serve various purposes. This blog post tackles these use cases and the ways to find just-dropped domains.

Continue reading
Monitoring New Domain Registrations Effectively

Monitoring New Domain Registrations Effectively

An early line of defense for companies that want to protect their staff or customers from bogus websites is to monitor new domain registrations. Threat actors often use variations of well-known domain names to lure unsuspecting users to fake portals to steal their private information or drop malware onto their devices.

There are a few ways users can watch out for new domain names that closely resemble their existing websites or their customers’ or suppliers’ sites. But before we dive into them, let’s review why monitoring new domain registrations is essential.

Continue reading
WhoisXML API’s Newly Registered & Just Expired Domains Database 2.0: Getting Started

WhoisXML API’s Newly Registered & Just Expired Domains Database 2.0: Getting Started

WhoisXML API’s Newly Registered & Just Expired Domains Database service has a new and improved version called “NRD 2.0.” Among other improvements, it offers better coverage and is easier to use than its predecessor. Learn more about NRD 2.0 in this guide.

Continue reading

Download WhoisXML API daily data ASAP part 2: An application with trending English words in .com

In the first part of this blog, we demonstrated how to download data from WhoisXML API's daily data feeds right after their publication by using the recently introduced RSS feed as the activator of download. In particular, we showed how to download the list of domains newly registered in the .com top-level domain (TLD). 

Now, to make the task a bit more interesting we demonstrate the use of our domain list with a showcase application: we calculate the list of the most frequent English words in the domain names on that day. This can be interesting in various applications. Domainers, for instance, can get information on the newest trends in domain registrations. Journalists and researchers can get a clue on a topic gaining popularity, etc.

Continue reading

Download WhoisXML API daily data ASAP part 1: RSS-activated download

This technical blog aims to demonstrate how to download data from WhoisXML API's daily data feeds right after their publication. Obtaining lists of newly registered domains and their WHOIS data can be critical in many applications. (We will showcase such an application in the second part of this blog.) Recently an RSS feed has been introduced for the service that informs about data publication immediately, which makes this easy. As a demonstration, we shall go through a particular task: download the list of domains newly registered in the .com top-level domain (TLD). 

We will use a Linux system and its understanding requires intermediate programming and command-line skills. We will use BASH but it is also easy to modify for zsh, which is the default on Mac OS X. We assume Python, with pip and virtualenv.  

Continue reading
Integrating a Newly Registered Domains Database into Enterprise Cybersecurity Strategies

Integrating a Newly Registered Domains Database into Enterprise Cybersecurity Strategies

It’s generally agreed that newly registered domains are potential sources of threats. After all, many of these domain registrations are made opportunistically—sometimes even in bulk, following public announcements and global events. While not all of these domains have to be avoided at all costs, they certainly deserve more scrutiny than others that have been established for years.

The good news is that monitoring newly registered domains is doable with the help of the Newly Registered & Just Expired Domains Database.

Continue reading
4 Practical Usages of a Newly Registered & Just Expired Domains Database

4 Practical Usages of a Newly Registered & Just Expired Domains Database

Imagine a world without domain names. While it is possible to live in one, the majority of people would have a hard time memorizing sets of numbers instead of names. If you want to visit google[.]com, for example, you would need to type in 172[.]217[.]11[.]14 every single time – not to mention that this IP address might change every time Google changes the way it deploys its web server network. But you get the point. People would need to memorize several series of numbers so they can shop, pay bills, and get in touch with people from across the globe online.

We dare say that without domain names, the online world would not be flourishing as it is now. The domain name industry in itself is also thriving, with thousands of domains bought and registered every day. Verisign disclosed that during the fourth quarter of 2019, it closed 362.3 million domain name registrations across all top-level domains (TLDs).

With that enormous number, how can you monitor new domain names? That is where Newly Registered & Recently Expired Domains Data Feed comes in handy. But perhaps a more pressing question is why there should be a need to monitor domain names, notably, newly registered ones? We addressed these questions in this post, starting with the practical usages of having a newly registered domain list or database.

Continue reading
Try our WhoisXML API for free
Get started