Step-by-Step Guide to Getting Started with NRD 1.0
Domain intelligence gleaned from WhoisXML API’s Newly Registered & Just Expired Domains can help companies in multiple ways, including but not limited to:
- Supporting threat intelligence collection and correlation;
- Looking into domain registration trends and market shares;
- Enhancing brand and trademark protection strategies;
- Gathering data for competitor analysis and anticipating the rivals’ next moves.
We tackle these use cases with illustrations in this in-depth guide, along with details on how to access such a source via flexible pricing plans.
Choosing Pricing Plans and Licenses
WhoisXML API offers five types of Newly Registered Domain (NRD) packages: Lite, Pro, Enterprise, Custom 1, and Custom 2. The package prices vary depending on the usage license you choose. Licenses come in the form of educational and nonprofit, personal, internal business, and commercial ones.
Pricing Plans: What Features Do You Get with Each Package?
Our pricing plans differ in terms of pricing and features. Here is an overview:
Under our Lite package, clients can access all registered domain names plus get daily downloads of the latest additions. The subscription prices start at $59 a month.
Our Pro package includes access to all registered domains, daily downloadable NRD feeds, and recently expired domain name feeds. Pro plans are available for as low as $99 per month.
Our Enterprise package enables companies to see the WHOIS records of all newly registered and recently expired domains. Thus, enterprise users can obtain full domain ownership information—with the key data points summarized in the table below. The prices for Enterprise plans start at $199 monthly.
|Registrar’s name and Internet Assigned Numbers Authority (IANA) ID
|Contact email address
|Contact email address, same as registrant’s
|WHOIS server used by registrar
|List of nameservers used by domain name
|Includes creation, update, and expiration dates of domain
|Reflects current status of domain name
|Registrant contact details include registrant’s email address, name, organization, street address, country, postal code, and telephone numbers
|Administrative contact details
|Same data points as registrant details, plus administrative contact information
|Billing Contact Details
|Same data points as registrant details, plus billing contact information.
|Technical contact details
|Same data points as registrant details, plus technical contact information
With our Custom 1 package,users can enjoy the same benefits as our Enterprise package users, but the domain names are also categorized by the registrant country. This unique feature makes it easy for users to perform location-based market research. Market segmentation thus becomes more precise and less complicated. What’s more, users get access to WHOIS archives dating back to 2012 with this package. Custom 1 package prices start at $299 monthly for educational use.
Custom 2 package users get access to all registered domains and daily downloadable feeds of newly registered and recently expired domain names. Categorization by the registrant country and access to WHOIS archives are also included in the package. Unredacted domain WHOIS data available through WHOIS proxy removal is also included at prices starting at $399 a month.
Below is a visual representation of the features included in each pricing plan.
Licenses: How Will You Use the Data?
The licenses that users select dictate package prices and how they can use the data provided. WhoisXML API offers four different license types described below.
- Educational license: As the name suggests, this license is for educational purposes only. The data is useful for professors or students working on research projects. During application, clients who want to use this license are required to submit their academic credentials.
- Personal license: This type of license gives users permission to access the database content for personal consumption only. Data use should remain noncommercial, which means users cannot use it for income-generating activities. The Personal license also prohibits users from sharing the database’s content to third parties.
- Internal Business license: With the Internal Restricted License, businesses can use the database within their organization for internal research. This license does not allow users to integrate the database into any commercial product or solution. Sharing data with third parties is also prohibited under this license.
- Commercial or Redistribution license: Organizations that want to use Newly Registered & Just Expired Domains commercially should get this type of license. They can distribute the data to third parties and integrate it into commercial products, such as threat intelligence platforms, third-party risk management solutions, and the like.
The package prices under the Commercial license depend on the agreement between WhoisXML API and the client. You can send our sales team an email at [email protected] to discuss pricing and other terms.
Downloading Newly Registered & Just Expired Domains
After choosing a pricing package, you can download the NRD files. That can be done via HyperText Transfer Protocol Secure (HTTPS) or File Transfer Protocol (FTP). For both methods, you need your application programming interface (API) key, which you can get from your account’s My Products page (login is required).
The base path for downloading via HTTPS is https://newly-registered-domains.whoisxmlapi.com/datafeeds. Depending on your product subscription, you will see other databases on this page, including one named “Newly_Registered_Domains.”
The link to the root file will take you to a directory where you can see the package you selected.
Open the correct package by clicking its name and select the path named “domain_names_new.”
Select the file you want to download identified by its gTLD. Clicking on a gTLD will take you to a directory where all available data feeds are listed, arranged from oldest to newest.
To download files via FTP, use the base path ftp://datafeeds.whoisxmlapi.com:21210.
The file name of each data feed comes in the format of “add.[gTLD].csv.” If you download the .com file, the file name would then be “add.com.csv.” The domain names are listed per line without the domain extension. A sample is provided in the screenshot below.
Depending on the plan selected, more downloading paths will also be available in addition to domain_names_new. Here are brief descriptions of each:
- domain_names_ngtlds_new: Contains newly registered domain names categorized by new gTLD, ranging from .aaa to .zuerich.
- Same as “Lite”
- domain_names_dropped: Contains a list of recently dropped domain names in major gTLD spaces, namely, .aero, .asia, .biz, .com, .info, .mobi, .name, . net, .org, .pro, .tel, and .us.
- domain_names_ngtlds_dropped: Lists recently expired domain names in the new gTLD space, ranging from .aaa to .zuerich.
- Same as “Pro”
- domain_names_diff_whois: This data feed provides the WHOIS records of domain names that may not have been available on previous days. It only contains information on major gTLDs only.
- domain_names_dropped_whois: This database contains newly dropped domains names (only in the major gTLD spaces) for a given day, along with their WHOIS records.
- domain_names_ngtlds_diff_whois: Lists the domain names (new gTLDs only) whose WHOIS records changed on a given date and may not have been available on previous days.
- domain_names_ngtlds_dropped_whois: Contains the WHOIS records of recently expired domains (new gTLDs only) for a given date.
Below is an example of an Enterprise NRD file that is enriched with WHOIS data.
- Same as “Enterprise”
- domain_names_diff_whois_archive: The database contains the historical WHOIS records of gTLD domains registered on a given day. The data feeds are arranged by the year.
- domain_names_diff_whois_filtered_reg_country: This data feed contains the WHOIS data of NRDs whose WHOIS records were not available on previous days. The domain names are categorized by the registrant country.
- domain_names_ngtlds_whois_archive: This data feed provides users with access to the archived WHOIS data of domains in the new gTLD space, registered on a given day.
- domain_names_whois_filtered_reg_country: Contains the WHOIS data of domain names covering all major gTLDs categorized by the registrant country. The files are contained in gzipped .tar archives named after the date, gTLD, and country.
- domain_names_whois_filtered_reg_country_archive: This data feed contains the archived or historical WHOIS records of domains under major gTLDs categorized by the registrant country.
- Same as “Custom 1”
- domain_names_diff_whois_filtered_reg_country_noproxy: This database contains the WHOIS records of domains (major gTLDs only) categorized by the registrant country and with WHOIS guard and proxy protection removed.
- domain_names_diff_whois_filtered_reg_country_noproxy_archive: Contains the historical WHOIS records of domains across all major gTLDs categorized by registrant country with WHOIS proxies removed.
- domain_names_ngtlds_diff_whois_filtered_reg_country_noproxy: This data feed contains the unredacted WHOIS records of domains across all new gTLDs categorized by the registrant country.
- domain_names_whois_filtered_reg_country_noproxy: This database contains the WHOIS records of domains under the new gTLDs. The data is categorized by the registrant country, with WHOIS guards and proxies removed.
Newly Registered & Just Expired Domains in Action
You can use the Newly Registered & Just Expired Domains database for brand protection, threat intelligence, competitor analysis, market research, and other purposes. We illustrated some of these use cases in this section.
Brand and trademark protection includes monitoring new registrations for domain names that use your brand or trademarked names. Domain names that imitate a brand could figure in phishing campaigns or damage your company’s reputation. For example, we downloaded a file dated 28 October 2020 and found several domains that use Adidas’s brand name.
It also detected dozens of domain names that use the brand name PayPal.
Monitoring NRDs allows companies to immediately take action when they notice copycats or threat actors abusing their brand or company name. Companies can also monitor recently expired domains that contain their brand name. That way, they can immediately take over these domains and prevent threat actors from abusing them in the future.
Access to unredacted WHOIS records of cybersquatting domain names, meanwhile, allows companies to reach out to their registrants. The Enterprise package, for instance, reveals the registrant details of cybersquatting domain restorepaypal48[.]com. The company can contact the person to learn how he or she uses the domain.
Threat Intelligence Enrichment
Threat actors typically use NRDs to launch malicious campaigns, such as botnet infection and phishing attacks. In this way, monitoring them can help enrich a company’s threat intelligence gathering and research. With a Commercial or Redistribution license, it’s possible to integrate the Newly Registered & Just Expired Domains into security products for automated monitoring. Among the things that they need to check with regard to NRDs are:
- Indicators of cybersquatting or typosquatting: The Adidas and PayPal lookalike domains in the previous section are examples of these.
- Presence of possible non-human- or domain generation algorithm (DGA)-generated domain names: Malware and botnet creators use machines or DGA to make their command-and-control (C&C) servers less detectable. But DGA-generated domains are characterized by the presence of random strings of alphanumeric characters. That said, looking for domain names with these strings can improve threat intelligence efforts.
Some of the domains we downloaded appear to have been machine-generated. Out of 134,276 NRDs, hundreds had random characters. Some examples are:
Competitor and Market Analysis
Newly Registered & Just Expired Domains can provide insights into market trends and offer a glimpse of what competitors are doing. A business that offers web design services, for instance, would find out that 35 new domains containing the string “webdesign” appeared on the DNS on 28 October.
For those who want to learn about the business trends in Calgary, the feed also revealed that as of 28 October, eight out of the 13 NRDs were related to used car dealership.
The Newly Registered & Just Expired Domains database also makes it easy to conduct country-based research. The Custom 1 package along with others, for instance, categorizes data by the registrant country.
Additionally, being able to see domains’ WHOIS records and filter those that use proxies allows companies to map the domain name infrastructure of competitors and market leaders.
Competitors of Zurple, Inc., for instance, can get a glimpse of its competitors’ business direction. With the Enterprise package, it can filter the Registrant Organization column and see that the company of interest registered two domain names on 29 October 2020, laineysellingswflorida[.]com and winstonsalemhomefinder[.]com.
As was illustrated, WhoisXML API’s Newly Registered & Just Expired Domains database and its data feeds have multiple use cases, including cybersecurity, brand protection, and market research. Visit our pricing page for more information about our various licensing options and plans or contact us at [email protected] with any questions or sales queries you may have.