Threat Intelligence via TLD's ( Top Level Domain )

 

TLD stands for Top-Level Domain, and gTLD stands for Global Top-Level Domain. Simply put, a Top-Level Domain (TLD) represents the highest level in the domain name system (DNS) hierarchy. It helps classify websites in a structured and legitimate way.

Some common examples of TLDs include:

1. .com – Commercial entities

2. .org – Organizations (usually non-profits)

3. .edu – Educational institutions

4. .net – Network providers or related entities

While Top-Level Domains (TLDs) and Generic Top-Level Domains (gTLDs) are generally used to organize websites in a legitimate and structured manner, threat actors often exploit them to create an appearance of legitimacy. This tactic is frequently used to impersonate trusted platforms or service providers, targeting specific organizations or individuals.

As security researchers, it's important to monitor newly registered TLDs and gTLDs to identify potential threats early. A useful platform for this purpose is dnpedia.com, which provides access to daily data on newly registered domains. The relevant page for tracking new registrations is:

https://dnpedia.com/domains/dailydata.php

You can search for a specific TLD by typing it into the search bar (for example, .xyz) and then pressing Enter or clicking the Add button, as shown in the image below. This will display a list of newly registered domains that end with your selected TLD, such as .xyz.

Additionally, you can modify the date to view domain registrations for a specific day. For example, if you want to see all .xyz domains registered on 30-07-2025, simply select that date, enter your desired TLD, and press Enter . as shown in the image below.

You can also copy the list of domains and upload it into the automated script we discussed in our previous article.

I have uploaded the list of newly registered .xyz TLDs, saved as a .txt file, into our automated platform. The code for this automated project is available in our previous article.

Result :