WhoisXML API Blog

WhoisXML API analyzed 10.5+ million domains registered between 1 and 31 May 2026 that appeared in Newly Registered Domains to identify the most popular registrars, TLD extensions, and other global domain registration trends. This number rose by 3.6% from 10.2+ million NRDs last month.

We also determined the top TLD extensions used by 2.9+ million domains likely registered with malicious intent from the First Watch Malicious Domains Data Feed in May 2026. This number rose by 6.4% from the previous month.

Next, we studied the top TLD extensions of 1.0+ million confirmed malicious domains from the Threat Intelligence Data Feeds this month, which decreased by 2.4% from 1.1+ million in April.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

If you’ve spent any time on the early internet, you likely saw people threatening each other with phrases like “I am going to find where you live by your IP and then we’ll have a serious conversation.” They implied that knowing your IP address was enough to know your precise location.  

But does your IP address really reveal location data? The answer might be a bit more complicated than just “yes” or “no.” Let’s figure it out.

WhoisXML API analyzed 10.2+ million domains registered between 1 and 30 April 2026 that appeared in Newly Registered Domains to identify the most popular registrars, TLD extensions, and other global domain registration trends. This number rose by 14.1% from 8.9+ million NRDs last month.

We also determined the top TLD extensions used by 2.7+ million domains likely registered with malicious intent from the First Watch Malicious Domains Data Feed in April 2026. This number rose by 30.8% from the previous month.

Next, we studied the top TLD extensions of 1.11+ million confirmed malicious domains from the Threat Intelligence Data Feeds this month, which decreased by 2.0% from 1.13+ million in March.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

WhoisXML API has released a Python script that tells you whether a domain’s top-level domain (TLD) (including multi-level TLDs like .co.uk) supports RDAP, WHOIS, both protocols, or neither, based on a reference TLD dataset.

The script is useful for anyone performing programmatic WHOIS lookups who wants to know in advance which protocol a TLD responds to. It works in two modes and requires a TLD reference CSV (which you can get from rdap.wxapros.com) as its first input:

WhoisXML API is proud to have been named one of the companies that continues to make an impact in the Pacific by Inc. in 2026, ranking 121st in the Regionals list.

The Inc. Regionals list acknowledges the achievements of private companies in generating sustainable growth and jobs. Making it to the list means the company has had remarkable revenue growth over a two-year period (2022–2024) and met strict revenue requirements during those years.

Modern operating systems offer a variety of tools to retrieve DNS records. One of the simplest and most efficient tools for this purpose is the host command, a lightweight utility designed for quick, human-readable DNS queries on Linux and Unix-like systems.

In this guide, we’ll explain how it works, break down its syntax and options, and walk you through some practical examples. Whether you’re troubleshooting DNS issues or performing quick lookups, you’ll learn how to use host effectively — as well as what its limitations are and when you might want to consider alternatives like nslookup, dig, or a DNS Lookup API.