Threat Intelligence via GTLD's ( Generic Top Level Domain )

 

A Generic Top-Level Domain (gTLD) is a type of Top-Level Domain (TLD). Unlike country-code TLDs (ccTLDs), gTLDs are not tied to any specific country, and anyone around the world can register them. It's important to remember: all gTLDs are TLDs, but not all TLDs are gTLDs. 

Just like a regular person setting up a website . registering a domain and hosting it to launch a startup or run a business . threat actors also register domains, but with malicious intent. When they are unable to compromise legitimate domains, whether due to time constraints or lack of skill, they often turn to registering new gTLDs or TLDs. These newly registered domains are then used to host malicious infrastructure, such as botnets or Command and Control (C2) servers.

So, the main question is: how can we monitor newly registered gTLDs?
While there are many platforms and threat intelligence feeds available, one particularly useful resource is dnpedia.com. It provides access to recently registered domains, including gTLDs. You can explore these using the following page:

https://dnpedia.com/domains/search.php

As shown in the image below, this interface allows you to search and filter based on specific TLDs or registration dates.

For example, if we're interested in finding newly registered domains that contain the keyword "covenant" and end with the TLD .xyz, we can perform a search using those criteria. The results, as shown in the image below, will display all matching domain names.

You can copy the list of domains and upload it to our (or your own) threat detection script to identify any domains flagged as malicious. Alternatively, if you prefer to do it manually, you can copy each domain one by one and paste it into platforms like VirusTotal to check for potential threats :