The appeal of recently registered domain names for Cybercriminals
Recently registered domains or Newly registered domain names(NRD) are attractive to cybercriminals for several reasons. First, they are relatively cheap and easy to obtain, making them an ideal choice for those looking to carry out malicious activities. Second, because they are new, they have no reputation.
Additionally, these domain names still need to be blocklisted by security systems, making it easier for cybercriminals to bypass security measures.
Most enterprise security teams need to pay more attention to and monitor DNS traffic and monitor or block newly registered domain names.
How we curate
At Shreshta, our threat intelligence team runs daily active and passive scans (passive DNS analysis) on the Internet to detect and harvest newly registered domain names(NRD). Our process uses automated crawlers and machine learning to detect and curate the feeds.
Community access to newly registered domain feeds
The intelligence of newly registered domain names is critical to enterprise security teams in the community. Using our NRD feeds, enterprise security teams and analysts can fend off cyber threats such as phishing, malware, spam, etc.
For this reason, we are releasing a subset of our NRD feeds that can be consumed for free.
To get no-cost access to these feeds,
- NRD-1w – The domain names registered in the past week
Download Download zip
- NRD-1m – The domain names registered in the past month
Download Download zip
The feeds should also be available for download from our GitHub repository in sometime.
The feeds are updated every day at 1300 IST.
Terms (added on 2024-02-07)
- Shreshta’s recently registered domain name community feeds are available for non-commercial use at no cost with no limitations.
- Shreshta IT Technologies Pvt. Ltd. (Shreshta) disclaims any responsibility for inaccuracies or harm resulting from the utilization of these newly registered domain name feeds.
- The usage of the newly registered domain name feeds is provided “as is” with no guarantees.
How can you apply this intelligence?
There are multiple ways in which enterprise security teams can ingest these feeds.
1. Protective DNS
If the organisation already has a Protective DNS deployment, the feeds can be ingested easily.
Our Protective DNS product comes with full NRD feeds, and we also have the provision to offer the feeds directly to your Protective DNS instance as an RPZ.
From a monitoring standpoint, any SIEM product can ingest our feeds and flag domain names which match.
3. Email Gateways
Why would enterprise users want to accept emails from domain names that have just been registered? That’s why ingesting our NRD feeds and blocking/flagging incoming email at the email gateway makes sense.
Access to the full NRD feeds
If you are interested in getting access to the full NRD feeds daily, please send us an email to firstname.lastname@example.org