WhoisXML API Blog

WhoisXML API analyzed 9.6+ million domains registered between 1 and 31 October 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 38.7+ billion domains from our DNS database’s A record full file dated 4 October 2025.

Next, we studied the top TLDs of 1.1+ million domains detected as indicators of compromise (IoCs) this month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

WhoisXML API analyzed 8.7+ million domains registered between 1 and 30 September 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 42.1+ billion domains from our DNS database’s A record full file dated 4 September 2025.

Next, we studied the top TLDs of 1.0+ million domains detected as indicators of compromise (IoCs) this month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

WhoisXML API is proud to announce that the false positive rate of its First Watch Malicious Domains Data Feed went down from 3% to 1.66%. This significant reduction in false alarms translates directly into a more efficient, reliable, and trustworthy predictive threat intelligence solution for users, allowing them to block upcoming threats with higher confidence and fewer interruptions.

WhoisXML API announces the launch of the Domain Info API, a new cyber intelligence solution designed to deliver a single, enriched WHOIS record for any active or expired domain name by leveraging WhoisXML API’s massive historical WHOIS database. The Domain Info API automatically fills in WHOIS fields that are redacted or missing for any domain name, using the latest available historical data.

This post breaks down the whois command — how it works, how to use it, the data points it provides, the parameters you can use with it, and its limitations. We also suggest some tools and techniques that can help you work around the tool’s limitations.

As people explore more ways to use AI, it’s natural that they want to extend its reach by connecting it with other tools. This is done through the Model Context Protocol (MCP) servers — special tools that allow AI applications like Claude or Gemini to interact with external APIs using a unified standard protocol.

With an MCP server in place, your LLM can access data and services it normally couldn’t reach on its own. By bridging the gap between AI and external apps, MCP servers make it possible to handle complex, data-driven tasks with ease. This is why a growing number of web applications and SaaS platforms from very different industries — from marketing to legal and compliance — are rolling out their own MCP servers.

In this post, we’re looking at eight of the best MCP servers for different cybersecurity needs.

WhoisXML API analyzed 8.5+ million domains registered between 1 and 31 August 2025 to identify the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

We also determined the top TLD extensions used by 45.1+ billion domains from our DNS database’s A record full file dated 7 August 2025.

Next, we studied the top TLDs of 1.0+ million domains detected as indicators of compromise (IoCs) this August.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Everything has its pros and cons. For web administrators, wildcard subdomains help simplify domain management and dealing with multisite applications. For cybersecurity professionals, they are a source of regular headaches. They can make an organization’s attack surface look much bigger (or smaller) than it actually is. 

In this post, we look at wildcard subdomains from the security perspective: how they affect attack surface mapping, why it happens, and how you can see through the noise.