Text recently registered domain names feeds and Shreshta logo and URL

Recently registered domains – Free Download Daily Domains List‎

The appeal of recently registered domain names for Cybercriminals

Recently registered domains or Newly registered domain names(NRD) are attractive to cybercriminals for several reasons. First, they are relatively cheap and easy to obtain, making them an ideal choice for those looking to carry out malicious activities. Second, because they are new, they have no reputation.

Image of clouds and globes with the generic TLD and ccTLD text

Additionally, these domain names still need to be blocklisted by security systems, making it easier for cybercriminals to bypass security measures.

Most enterprise security teams need to pay more attention to and monitor DNS traffic and monitor or block newly registered domain names.

How we curate

At Shreshta, our threat intelligence team runs daily active and passive scans (passive DNS analysis) on the Internet to detect and harvest newly registered domain names(NRD). Our process uses automated crawlers and machine learning to detect and curate the feeds.

Community access to newly registered domain feeds

The intelligence of newly registered domain names is critical to enterprise security teams in the community. Using our NRD feeds, enterprise security teams and analysts can fend off cyber threats such as phishing, malware, spam, etc.

For this reason, we are releasing a subset of our NRD feeds that can be consumed for free.

To get no-cost access to these feeds,

The feeds should also be available for download from our GitHub repository in sometime.

The feeds are updated every day at 1300 IST.

Terms (added on 2024-02-07)

  1. Shreshta’s recently registered domain name community feeds are available for non-commercial use at no cost with no limitations.
  2. Shreshta IT Technologies Pvt. Ltd. (Shreshta) disclaims any responsibility for inaccuracies or harm resulting from the utilization of these newly registered domain name feeds.
  3. The usage of the newly registered domain name feeds is provided “as is” with no guarantees.

How can you apply this intelligence?

There are multiple ways in which enterprise security teams can ingest these feeds.

1. Protective DNS

If the organisation already has a Protective DNS deployment, the feeds can be ingested easily.

Our Protective DNS product comes with full NRD feeds, and we also have the provision to offer the feeds directly to your Protective DNS instance as an RPZ.


From a monitoring standpoint, any SIEM product can ingest our feeds and flag domain names which match.

3. Email Gateways

Why would enterprise users want to accept emails from domain names that have just been registered? That’s why ingesting our NRD feeds and blocking/flagging incoming email at the email gateway makes sense.

Access to the full NRD feeds

If you are interested in getting access to the full NRD feeds daily, please send us an email to info@shreshtait.com

Website | + posts