Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.
The WhoisXML API research team analyzed 7.6+ million domains registered between 1 and 30 April 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by 55.8+ billion domains from our DNS database’s A record full file dated 3 April 2025.
Next, we studied the top TLDs of 1.5+ million domains detected as indicators of compromise (IoCs) this April.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
We are excited to share that Enterprise and Ultimate subscribers of the Newly Registered Domains (NRD) Data Feed will now have access to past data feed files, giving security professionals deeper context to help trace threat patterns and evolution.
In particular, NRD Enterprise users can access files produced in the past 30 days from their subscription date, while NRD Ultimate users can go as far back as 365 days. With this new enhancement, WhoisXML API users can now use NRD data feeds to:
The WhoisXML API research team analyzed 8.2+ million domains registered between 1 and 31 March 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by 59.2+ billion domains from our DNS database’s A record full file dated 6 March 2025.
Next, we studied the top TLDs of 1.1+ million domains detected as indicators of compromise (IoCs) this March.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
The WhoisXML API research team analyzed 7.5+ million domains registered between 1 and 28 February 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by 62.1+ billion domains from our DNS database’s A record full file dated 6 February 2025.
Next, we studied the top TLDs of 1.0+ million domains detected as indicators of compromise (IoCs) this February.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
The WhoisXML API research team analyzed 7.6+ million domains registered between 1 and 31 January 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by 61.2+ billion domains from our DNS database’s A record full file released in the same month.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
The WhoisXML API research team analyzed 7.9+ million domains registered between 1 and 31 December 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by 60.1+ billion domains from our DNS database’s A record full file released in the same month.
Next, we studied the top TLDs of 1.3+ million domains detected as indicators of compromise (IoCs) in December.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
The WhoisXML API research team analyzed 8.2 million domains registered between 1 and 30 November 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by 59.6 billion domains from our DNS database’s A record full file released in the same month.
Next, we studied the top TLDs of 1.1 million domains detected as indicators of compromise (IoCs) in November.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
The WhoisXML API research team analyzed more than 8.2 million domains registered between 1 and 31 October 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by the more than 57.4 billion domains from our DNS database’s A record full file released in the same month.
Next, we studied the top TLDs of more than 1.0 million domains detected as indicators of compromise (IoCs) in October.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
The WhoisXML API research team analyzed more than 7.1 million domains registered between 1 and 30 September 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by the more than 60.1 billion domains from our DNS database’s A record full file released in the same month.
Next, we studied the top TLDs and associated threat types of more than 1.0 million domains detected as indicators of compromise (IoCs) in September.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
The WhoisXML API research team analyzed more than 7.4 million domains registered between 1 and 31 August 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top TLD extensions used by the more than 59.2 billion domains from our DNS database’s A record full file released in the same month.
Next, we studied the top TLDs and associated threat types of more than 1.0 million domains detected as indicators of compromise (IoCs) in August.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
The WhoisXML API research team analyzed more than 7.3 million domains registered between 1 and 31 July 2024 in this post to identify five of the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also determined the top 5 TLD extensions used by the more than 58.1 billion domains from our DNS database’s A record full file released in July 2024.
Next, we studied the top 5 TLDs and associated threat types of more than 1 million domains detected as indicators of compromise (IoCs) in the same month.
Finally, we summed up our findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
A new type of data feed has been made available for users with a Newly Registered Domains (NRD) Database Ultimate subscription, allowing them to obtain new domain intelligence faster.
Specifically, the new Domains Only data feed gives access to files containing all domains from the Ultimate data feed, along with those added to or deleted from a given day’s zone files compared with the previous day.
The WhoisXML API research team analyzed more than 7.5 million domains registered between 1 and 30 June 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
After that, we determined the top TLD extensions used by the more than 58.2 billion domains from our DNS database’s A record full file released in June 2024.
We also studied the top TLDs and associated threat types of more than 1.1 million domains detected as indicators of compromise (IoCs) in June.
Finally, we summarized the findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
WhoisXML API researchers analyzed more than 7.4 million domains registered between 1 and 31 May 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also studied the top TLDs and associated threat types of more than 1 million domains detected as indicators of compromise (IoCs) in May.
Finally, we summarized the findings and provided links to the threat reports produced using DNS, IP, and domain intelligence sources during the period.
WhoisXML API researchers analyzed more than 6.6 million domains registered between 1 and 30 April 2024 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.
We also studied the top TLDs and associated threat type breakdown of more than 1.1 million domains detected as indicators of compromise (IoCs) in April.
Finally, we summarized the findings and provided links to the threat reports produced during the period with the aid of DNS, IP, and domain intelligence sources.
WhoisXML API researchers analyzed more than 7.3 million domains registered between 1 and 31 March 2024 to identify global domain registration trends, including the most popular registrars, registrant countries, and top-level domain (TLD) extensions.
We also studied the TLD usage and associated threat type breakdown of more than 1.1 million domains detected as indicators of compromise (IoCs) in March.
Finally, we summarized the findings and provided links to the threat reports produced during the period with the aid of DNS, IP, and domain intelligence sources.
WhoisXML API recently launched Newly Registered Domains Feed (Community Edition) on Snowflake Marketplace. Newly Registered Domains Feed (Community Edition) availability on Snowflake Marketplace will enable joint customers to access up to 10,000 NRDs per day and view 30 days’ worth of historical data.
WhoisXML API has significantly improved its Newly Registered Domains (NRD) service, leading to the introduction of NRD 2.0 and phasing out of NRD 1.0 with end of service (EOS) and end of life (EOL) scheduled respectively on 1 March 2024 and 31 December 2024.
Among other enhancements, new domain activities that are monitored now not only span “added” and “dropped” domains but also “updated” and “discovered” domains. Below is an overview of NRD 2.0’s technical benefits.
WhoisXML API continues to improve its products and services as part of its commitment to a safer and more transparent Internet through the delivery of high-quality and reliable domain, IP, and DNS intelligence sources.
Among our most recent developments is the massive increase in the country-code top-level domain (ccTLD) coverage of the Newly Registered Domains V2 (NRD2) Data Feed. Specifically, we recorded a 153.95% increase in the number of domain activity for the top 10 ccTLDs in 2023 compared to 2022.
The intention of this document is to show you the basics of how to download the WhoisXML API's NRD2 data feed provided by WhoisXML API to a GCP Cloud Storage bucket by leveraging a serverless Cloud Functions. GCP Cloud Functions acts as a serverless compute service that allows you to write and execute code without provisioning or managing servers. GCP Cloud Storage is an object storage service for storing and retrieving files. This document will guide you through the process of configuring both GCP Cloud Functions and a GCP Cloud Storage bucket.
The intention of this document is to show you the basics of how to download the WhoisXML API's NRD2 data feed provided by WhoisXML API to an AWS S3 bucket by leveraging a serverless Lambda function. AWS Lambda functions act as a serverless compute service that allows you to write and execute code without provisioning or managing servers. AWS S3 is an object storage service for storing and retrieving files. This document will guide you through the process of configuring both AWS Lambda and an AWS S3 bucket.
As part of WhoisXML API’s efforts to continuously improve its products and services, the coverage and quality of the Newly Registered Domains (NRD2) Data Feed significantly improved over the past months. More precisely, the latest Q3 2023 measurements show that the data feed’s coverage increased by 89% since the last quarter of 2022.
Within the next months, we will stop supporting Newly Registered Domain (NRD) 1.0 and steadily continue user migration to NRD 2.0, an upgraded version with more comprehensive data coverage and event monitoring than ever before.
Domain names go through a life cycle that begins during their registration and ends when they expire. The minimum domain registration period usually lasts one year. After that, owners or registrants must go through the renewal process unless they opt for automatic renewal that many registrars offer. That said, many domains could still end up on just-dropped domain lists for the following reasons:
Their owners no longer need them.
Their owners forgot to renew their registration.
Regardless of the reason, monitoring them can serve various purposes. This blog post tackles these use cases and the ways to find just-dropped domains.
An early line of defense for companies that want to protect their staff or customers from bogus websites is to monitor new domain registrations. Threat actors often use variations of well-known domain names to lure unsuspecting users to fake portals to steal their private information or drop malware onto their devices.
There are a few ways users can watch out for new domain names that closely resemble their existing websites or their customers’ or suppliers’ sites. But before we dive into them, let’s review why monitoring new domain registrations is essential.
WhoisXML API’s Newly Registered & Just Expired Domains Database service has a new and improved version called “NRD 2.0.” Among other improvements, it offers better coverage and is easier to use than its predecessor. Learn more about NRD 2.0 in this guide.
In the first part of this blog, we demonstrated how to download data from WhoisXML API's daily data feeds right after their publication by using the recently introduced RSS feed as the activator of download. In particular, we showed how to download the list of domains newly registered in the .com top-level domain (TLD).
Now, to make the task a bit more interesting we demonstrate the use of our domain list with a showcase application: we calculate the list of the most frequent English words in the domain names on that day. This can be interesting in various applications. Domainers, for instance, can get information on the newest trends in domain registrations. Journalists and researchers can get a clue on a topic gaining popularity, etc.
This technical blog aims to demonstrate how to download data from WhoisXML API's daily data feeds right after their publication. Obtaining lists of newly registered domains and their WHOIS data can be critical in many applications. (We will showcase such an application in the second part of this blog.) Recently an RSS feed has been introduced for the service that informs about data publication immediately, which makes this easy. As a demonstration, we shall go through a particular task: download the list of domains newly registered in the .com top-level domain (TLD).
We will use a Linux system and its understanding requires intermediate programming and command-line skills. We will use BASH but it is also easy to modify for zsh, which is the default on Mac OS X. We assume Python, with pip and virtualenv.
It’s generally agreed that newly registered domains are potential sources of threats. After all, many of these domain registrations are made opportunistically—sometimes even in bulk, following public announcements and global events. While not all of these domains have to be avoided at all costs, they certainly deserve more scrutiny than others that have been established for years.
Imagine a world without domain names. While it is possible to live in one, the majority of people would have a hard time memorizing sets of numbers instead of names. If you want to visit google[.]com, for example, you would need to type in 172[.]217[.]11[.]14 every single time – not to mention that this IP address might change every time Google changes the way it deploys its web server network. But you get the point. People would need to memorize several series of numbers so they can shop, pay bills, and get in touch with people from across the globe online.
We dare say that without domain names, the online world would not be flourishing as it is now. The domain name industry in itself is also thriving, with thousands of domains bought and registered every day. Verisign disclosed that during the fourth quarter of 2019, it closed 362.3 million domain name registrations across all top-level domains (TLDs).
With that enormous number, how can you monitor new domain names? That is where Newly Registered & Recently Expired Domains Data Feed comes in handy. But perhaps a more pressing question is why there should be a need to monitor domain names, notably, newly registered ones? We addressed these questions in this post, starting with the practical usages of having a newly registered domain list or database.
