Monitoring Newly Registered Domains | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages Cyber Threat Intelligence Services
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Threat Intelligence Analysis
Threat Intelligence Analysis

Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.

Threat Intelligence APIs
Threat Intelligence APIs

Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.

Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.

Custom development

We offer comprehensive services for the integration of our data – from consultations to the precise definition of the basic needs of the business to increase the work efficiency.

Registrar WHOIS Services

Set up and manage public WHOIS servers for your business. Our WHOIS parsing system is a utility that collects extensive information about any given domain by sending series of DNS and WHOIS queries. The report is generated in raw as well as in parsed format.

Support services

Regardless of whether you are a startup, a small business or a global one, our team is always ready to help you. Enterprises operating on a scale can also choose special premium support management with high priority 24/7 email and telephone responses and other professional services.

Internet Statistics Reports

Get customized reports on TLDs covering datasets falling under domain name, WHOIS and DNS category.

×
Contact Us
Specifications Pricing FAQ Blog

Newly Registered & Just Expired Domains Blog

Read other articles

Monitoring Newly Registered Domains

Posted on November 5, 2019
Monitoring Newly Registered Domains

The first line of defense for companies that want to protect their staff or customers from bogus websites is monitoring domain names.Hackers will use variations of domain names to lure unsuspecting users onto portals whose purpose is to steal private information and drop viruses onto devices.

WhoisXML API offers a Newly Registered Domains Database and the Domain Research Suite that provide users with the ability to watch whether new domain names closely resemble existing registrations, which may be intended to trap internet users.

Why Monitor New Registrations?

There are a variety of use cases where information on newly registered domains can be of interest to particular individuals or businesses. Web development companies can utilize these lists to prospect for new business. Similarly, marketing companies can use the registration information to build email lists.

Monitoring new registrations, either through a newly registered domains database or new domain monitoring alerts, is particularly useful for security professionals. Hackers often register new domains to perform cyber attacks. Therefore, a new domain monitoring alert could play a vital role in a proactive security solution.

The Bad Guys Register Too

Hackers, like all other Internet users, need domains for their online operations. Carrying out web-based attacks using a domain name provides the hacker with much more flexibility than a fixed IP address. For example, if an attacker has set up a Distributed Denial of Service (DDoS) attack, they may need their proxies to acquire commands from a specific web address.

By utilizing a domain, they can rapidly change IP addresses and servers without needing to update any client settings. This flexibility allows them to avoid any defensive measures. It can also help the hackers evade the authorities, especially when the malicious servers and DNS services fall outside their jurisdiction. There are a few other nefarious reasons for registering domains, such as utilizing them for phishing campaigns.

Gone Phishing

A phishing campaign requires an unsuspecting user to click on a malicious link. If the link resembles the domain of an existing organization, the chances of successfully deceiving the user increase substantially. It is therefore imperative that businesses remain vigilant of any registration which closely matches their legitimate business name to defend against this type of attack.

When identifying a potentially malicious registration, a WHOIS query can quickly inform infosec professionals of its legitimacy. This record listing provides a treasure trove of data about the domain owner, which includes their contact details, the domain’s creation date, and which servers host the domain’s records.

The Best Defense

The WhoisXML API’s Domain Research Suite offers a set of tools that automatically report whether a registration that has appeared in the Whois database of registrations may be of questionable intent.

Domain Monitor

The Domain Monitor API watches out for companies that users specify they find of interest. Whenever the Whois record of the registrant changes, Domain Monitor sends an email alert to analysts about what security professionals may consider suspicious activity.

Cybersecurity staff receive details of any changes that have occurred for criteria they have used to filter the registration, including: the Updated Date, Created Date, Expiration Date, Registrant Information, the Domain Status, and more.

To illustrate, we have been monitoring the domain yahoodatabrachsettlement[.]com for months. The domain is among the typosquatting domains of Yahoo’s official data breach settlement site, yahoodatabreachsettlement[.]com.

On 2 September 2020, several changes to its WHOIS record were detected, leading to the conclusion that the domain was left to expire.

Domain Monitor: yahoodatabrachsettlement[.]com

Domain Monitor also alerted us that the malicious domain covid19[.]vegas was renewed at some point in October 2020. Given that the domain was previously flagged for phishing, it may be worth investigating why someone decided to extend the registration.

Domain Monitor: covid19[.]vegas

Brand Monitor

Hackers also tend to follow brands to piggy-back on the popularity of products and services. WhoisXML API offers a Brand Monitoring Tool that reports on exact and fuzzy matches of brand names. In short, the tool monitors variations and common misspellings of keywords. So, how does it work? The API alerts users when it returns keyword matches that reveal domains which either are newly registered or have recently expired.

A brand monitor for Microsoft, for example, yielded 156 look-alike domains that were either added or modified within the last 10 days. On the other hand, 70 domains were dropped. The chart below reflects these activities.

Brand Monitor: chart

Some examples of the domains are shown in the screenshot of the Brand Monitor below.

Brand Monitor: microsoft

Registrant Monitor

Some hackers have developed reputations or even profiles that enable infosec professionals to keep tabs on their activities. The Registrant Monitor Tool alerts cyberdefense specialists of all Whois database registrants who have newly registered, deleted or modified domains.

The API uses keywords based on the names of individuals or companies that white hats want to track. The tool sends alerts when the tracked names register new domains. The API even offers a report of when target names have updated existing domain registration information or any of their domain names expire.

Newly Registered Domains Database

Aside from the Domain Research Suite, WhoisXML API also offers a Newly Registered Domains Database so clients can access about 190,000 newly registered domains daily. Gaining insights into these can allow companies to enhance their brand protection and threat intelligence systems.

For one, it can help detect cybersquatting or typosquatting. On 17 March 2021 alone, the Newly Registered Domains Database contained 162,895 recently added domain names under the .com gTLD. Some of these are potentially typosquatting on the 10 most-spoofed brands.

Brand Name Number of possible
Typosquatting Domains
Detected on 17 March		 Examples
Microsoft 8
  • belintonmicrosoft[.]com
  • file-microsoftonlines[.]com
  • microsofto1ine[.]com
DHL 12
  • dhlexpress-tracking[.]com
  • dhlinnovationcenter[.]com
  • dhlmaytrackingseiwss[.]com
Google 25
  • active-google[.]com
  • apps-google-play[.]com
  • googlecloudhexagon[.]com
PayPal 14
  • paypal-compte-restreint[.]com
  • tarot-paypal[.]com
  • singin02b-paypal09uihjy8uj8yujwdeds4te[.]com
Netflix 6
  • netflix-biilin[.]com
  • netflix-helpdesk[.]com
  • netflix-reminderrenewal[.]com
Facebook 15
  • ad-facebook40[.]com
  • facebook-marketplace-item35235[.]com
  • facebookmiami[.]com
Apple 71
  • applecore99[.]com
  • applecoreint[.]com
  • applecustomers-service[.]com
WhatsApp 7
  • whatsapa[.]com
  • whatsappclap[.]com
  • whatsappeando[.]com
Amazon 49
  • accountupdat-amazon[.]com
  • amazoncountertops[.]com
  • amazoncryptoquickpay[.]com
Instagram 7
  • buyinstagram[.]com
  • instagram-bussines-form[.]com
  • instagrammkeke[.]com

WhoisXML API offers dozens of tools to aid infosec professionals with their defense and forensics work. The Newly Registered Domains Database, Domain Monitor, Brand Monitor, and Registrant Monitor all provide organizations and individuals with effective protection where it counts most—before hackers can strike.

Read other articles
Try our WhoisXML API for free
Get started