{"id":6249,"date":"2021-04-26T15:41:22","date_gmt":"2021-04-26T22:41:22","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6249"},"modified":"2022-10-20T11:46:03","modified_gmt":"2022-10-20T18:46:03","slug":"newly-observed-domains","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/","title":{"rendered":"Newly Observed Domains"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Newly Observed Domains are created and published every day as part of the Domain Name System (DNS) \u2013 but not all of them are created for legitimate purposes. Bad actors use new domains for criminal activities such as spam, malware distribution or botnets in the first minutes of creating them.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Security teams need real-time information regarding new domain usage so that they can apply rules to block access until security providers have time to analyze the domains \u2013 and threats can be avoided. Security analysts don\u2019t have a way to gather and analyze this information in a timely manner because it is broadly distributed across name servers around the world.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Infoblox provides two threat intelligence feeds on newly observed domains:<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">Farsight\u2122 Newly Observed Domains (NOD)<\/span><\/li>\n<li><span style=\"font-weight: 400;\">SURBL\u2122 Fresh<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">Farsight\u2122 NOD\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">This feed will add the new domain when:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">When someone tries to resolve the newly registered domain for the first time.\u00a0 The domain will stay on the list for 72 hours.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The listing is based upon real world activity.\u00a0 If a domain is purchased, but not used it will not be listed.<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">SURBL\u2122 Fresh<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">This feed will add the new domain when:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The new domain is listed when the domain is registered.\u00a0 It stays in the list for 72 hours. No activity is necessary.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Change of ownership of the domain will cause a listing too.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Why would you use both?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Having these two feeds will cover the bases in terms of blocking newly observed domains. Farsight\u2122 NOD will list domains regardless based upon activity and SURBL\u2122 Fresh will list new domains based upon when the domain is registered without activity.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">After 72 hours, if the domain is determined to be malicious, it will be placed into other feeds.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Newly Observed Domains are created and published every day as part of the Domain Name System (DNS) \u2013 but not all of them are created for legitimate purposes. Bad actors use new domains for criminal activities such as spam, malware distribution or botnets in the first minutes of creating them. Security teams need real-time information [&hellip;]<\/p>\n","protected":false},"author":279,"featured_media":4882,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[483,484,30,366,32,485],"class_list":{"0":"post-6249","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-surbl-fresh","9":"tag-farsight-nod","10":"tag-dns","11":"tag-spam","12":"tag-malware","13":"tag-botnets","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Newly Observed Domains<\/title>\n<meta name=\"description\" content=\"Infoblox provides two threat intelligence feeds on newly observed domains. You can learn more about what Infoblox does once their status is determined here.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Newly Observed Domains\" \/>\n<meta property=\"og:description\" content=\"Infoblox provides two threat intelligence feeds on newly observed domains. You can learn more about what Infoblox does once their status is determined here.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-26T22:41:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-20T18:46:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"383\" \/>\n\t<meta property=\"og:image:height\" content=\"254\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Lee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Lee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/\"},\"author\":{\"name\":\"Thomas Lee\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/09eef104302d85b2c7d7ce4bec738761\"},\"headline\":\"Newly Observed Domains\",\"datePublished\":\"2021-04-26T22:41:22+00:00\",\"dateModified\":\"2022-10-20T18:46:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/\"},\"wordCount\":286,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"keywords\":[\"SURBL Fresh\",\"Farsight NOD\",\"DNS\",\"spam\",\"Malware\",\"botnets\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/\",\"name\":\"Newly Observed Domains\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"datePublished\":\"2021-04-26T22:41:22+00:00\",\"dateModified\":\"2022-10-20T18:46:03+00:00\",\"description\":\"Infoblox provides two threat intelligence feeds on newly observed domains. You can learn more about what Infoblox does once their status is determined here.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"width\":383,\"height\":254},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/newly-observed-domains\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Newly Observed Domains\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/09eef104302d85b2c7d7ce4bec738761\",\"name\":\"Thomas Lee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_279_1571768676-96x96.jpg\",\"url\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_279_1571768676-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_279_1571768676-96x96.jpg\",\"caption\":\"Thomas Lee\"},\"description\":\"Thomas Lee is a Technical Marketing Engineer at Infoblox. He has been with Infoblox for over 7 years. He works on the NIOS platform and does competitive analysis. He holds a Computer Science degree from California State University East Bay.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/thomas-lee\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Newly Observed Domains","description":"Infoblox provides two threat intelligence feeds on newly observed domains. You can learn more about what Infoblox does once their status is determined here.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/","og_locale":"en_US","og_type":"article","og_title":"Newly Observed Domains","og_description":"Infoblox provides two threat intelligence feeds on newly observed domains. You can learn more about what Infoblox does once their status is determined here.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/","og_site_name":"Infoblox Blog","article_published_time":"2021-04-26T22:41:22+00:00","article_modified_time":"2022-10-20T18:46:03+00:00","og_image":[{"width":383,"height":254,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","type":"image\/jpeg"}],"author":"Thomas Lee","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas Lee","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/"},"author":{"name":"Thomas Lee","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/09eef104302d85b2c7d7ce4bec738761"},"headline":"Newly Observed Domains","datePublished":"2021-04-26T22:41:22+00:00","dateModified":"2022-10-20T18:46:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/"},"wordCount":286,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","keywords":["SURBL Fresh","Farsight NOD","DNS","spam","Malware","botnets"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/","url":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/","name":"Newly Observed Domains","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","datePublished":"2021-04-26T22:41:22+00:00","dateModified":"2022-10-20T18:46:03+00:00","description":"Infoblox provides two threat intelligence feeds on newly observed domains. You can learn more about what Infoblox does once their status is determined here.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","width":383,"height":254},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/newly-observed-domains\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Newly Observed Domains"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/09eef104302d85b2c7d7ce4bec738761","name":"Thomas Lee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_279_1571768676-96x96.jpg","url":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_279_1571768676-96x96.jpg","contentUrl":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_279_1571768676-96x96.jpg","caption":"Thomas Lee"},"description":"Thomas Lee is a Technical Marketing Engineer at Infoblox. He has been with Infoblox for over 7 years. He works on the NIOS platform and does competitive analysis. He holds a Computer Science degree from California State University East Bay.","url":"https:\/\/www.infoblox.com\/blog\/author\/thomas-lee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/279"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6249"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6249\/revisions"}],"predecessor-version":[{"id":8149,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6249\/revisions\/8149"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/4882"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}