February 2023: New Domain Activity Highlights | WhoisXML API

WhoisXML API Blog

February 2023: New Domain Activity Highlights

Of the millions of domains registered on 1–28 February 2023, WhoisXML API researchers analyzed a randomized sample of 28,000 domains to determine their top registrars, registrant countries, and TLD distribution. We also studied their text string usage to detect possible emerging trends. Check out our findings below, along with links to the threat reports our researchers put together using our domain, DNS, and IP intelligence sources.

Zooming in on the February NRDs

TLD Distribution

The TLD .com remained the most used, accounting for 59.6% of the domain registrations in February, followed by .net (3.7%), .org (3.5%), .online and .xyz (3.3% each), .top (2.8%), .shop (2.2%), and .info (1.7%). The rest of the domains sported 786 other TLDs. The distribution can be seen in the chart below.

TLD distribution of February NRDs

Domain Registration Volumes for the Most-Abused TLDs

We also zoomed in on the domain registration volumes for the most-abused TLDs identified by  Spamhaus on 3 March 2023. The table below shows these TLDs with the percentages of bad domains per TLD computed by Spamhaus and their registration volumes for February.

TLD% of Bad Domains against Total Domains Seen by SpamhausDomain Registration Share against the Total February NRD Volume

While the domain registration volumes accounted for less than 1% per TLD, they could still translate to thousands of NRDs that are likely to go bad since millions of domains were registered in February.

WHOIS Data Redaction

WHOIS data redaction has been massively implemented worldwide for years, and the February NRDs are no different. Only 15% of the domains had public WHOIS records, though even fewer publicized their email addresses.

WHOIS data redaction of Feruary NRDs

About 67.6% of the domains employed the services of privacy protection companies based on their registrant organization fields. We tallied the top WHOIS privacy protection services and methods the registrants used. We discovered that Domains By Proxy, LLC was the most used, protecting the records of more than a quarter of the February NRDs.

Withheld for Privacy ehf followed with an 11% share and Contact Privacy, Inc. with 8%. Other redaction methods and strings that appeared in the NRDs’ registrant organization fields were Privacy Protect, LLC; Whois Privacy Protection Service by onamae.com; Redacted for privacy, c/o whoisproxy.com; WhoisSecure; GDPR Masked; and Private by Design, LLC. These are shown in the chart below.

Top WHOIS privacy services/methods of February NRDs

Registrar Distribution

GoDaddy continued to account for most of the domain registrations with a share of about 24%. Namecheap followed with a 12.7% share, Google with 7.9%, PDR Ltd. with 3.1%, Tucows with 2.6%, Alibaba with 2.3%, Hostinger with 2.2%, Key-Systems with 1.8%, and GMO Internet with 1.6%.

Overall, the top 10 registrars were responsible for more than half of the domain registrations. The rest were distributed across 409 other registrars.

Top 10 registrars of February NRDs

Top Registrant Countries

Almost half of the February NRDs were registered in the U.S., while 12% and 11% were registered in Iceland and Canada, respectively. The other top registrant countries included those that also appeared in the January list—China, Japan, the U.K., Russia, and Germany. However, the Netherlands and Turkey replaced Indonesia and India in February. The map below shows these countries and their corresponding registration volumes.

Top registrant countries of February NRDs

Appearance of Common Strings among the SLDs

Generic Internet terms remained common among the NRDs. Examples include online, shop, market, info, tech, and app. We also noticed the repeated use of AI.

Internationalized domain names (IDNs) continued to be popular, as reflected by the repeated usage of XN. The word cloud below reflects these and other common text strings used in the February NRDs.

Appearance of Common Strings among the SLDs

Cybersecurity through the DNS Lens

Below are some of the threat reports we published in February.

You can find more reports created in the past months here.

Feel free to contact us for more information about the products and capabilities used to analyze domain registration events or support other use cases.

Try our WhoisXML API for free
Get started