Threat Intelligence visa ccTLD ( country code top-level domain )

 

Country Code Top-Level Domain (ccTLD) is a type of top-level domain that represents specific countries. These domains are mostly used by embassies, government organizations, and companies. Here is a list of some ccTLDs:

1. .us – United States

2. .iq – Iraq

3. .au – Australia

4. .de – Germany

5. .in – India

Threat actors often try to appear legitimate by registering or forging domains, and sometimes by compromising existing domains . especially those that use a country code top-level domain (ccTLD). Why do they target ccTLDs in particular? Because registering a ccTLD domain usually requires documentation and goes through a verification process, as these domains represent specific countries. Once attackers manage to take over such a domain, they may use it to send spear-phishing or phishing emails. Emails coming from a .gov domain or any domain ending with a ccTLD tend to appear more legitimate and trustworthy, which increases the chances of their attacks succeeding.

Well, again another question arises: How can we investigate and find newly registered ccTLDs?

Again and again, we will rely on https://dnpedia.com/ and the following ccTLD search resource: https://www.whoisds.com/newly-registered-domains.

You can actually use paid options to search for available ccTLDs, as shown in the previous image and the image below.

So, you can select one of them and either upload it manually to threat intelligence platforms such as VirusTotal, or integrate it into your automated script.