ASM: WHOIS to RDAP Migration

Beginning August 21, 2025, ICANN will require registrars to deactivate WHOIS in favor of RDAP (Registration Data Access Protocol). Censys Attack Surface Management (ASM) currently uses WHOIS data for attribution purposes.

The registration data provider used for ASM's attribution process supports RDAP, but expects disruptions after August 21, 2025. Censys has mitigations in place to minimize the issues that may occur as a result of this change. Additionally, Censys' attribution process supports RDAP for asset discovery.

This document provides additional context about this issue and Censys' plan to navigate the switch from WHOIS to RDAP.

Background and ASM context

WHOIS is a protocol that is used for collecting domain and CIDR registration data. It has been the internet standard for several decades, but ICANN has announced the EOL of WHOIS in favor of RDAP, a more modern registration data protocol.

On January 28, 2025, domain registrars were no longer required by ICANN to support WHOIS. Beginning August 21, 2025, registrars are required to stop supporting WHOIS in favor of RDAP.

ASM uses WHOIS registration information for its attribution, specifically for domain and CIDR discovery. These domains and CIDRs are then used to attribute assets to each workspace.

To date, only 13% of domains have been migrated to RDAP, so extensions are likely beyond August 21, 2025. However, customers may experience disruption to WHOIS data after this date.

Mitigation plan

Censys is in constant contact with its WHOIS and RDAP data provider to minimize data loss.

Censys' WHOIS data provider has updated their API to automatically check for RDAP if WHOIS returns no data. In addition, Censys will pull RDAP data after August 21, 2025.

If both WHOIS and RDAP return no data for valid, non-expired domains with existing registrant information, Censys plans to cache the domains until data is returned.