Domains that were once live on the Internet and then abandoned are often purchased and reused by criminals in order to avoid immediate detection. The reuse of abandoned domains, that may have a good or neutral reputation/spam score, dramatically increase the probability of successfully delivering their intended criminal activities such as spam, malware distribution or botnets until spam and reputation engines get updated after a period of time.
Security teams need real-time information about domains that are reactivated on the Internet after a period of inactivity. With this information, security teams can apply rules to firewalls and mail servers to block inbound and outbound connections to these domains until more information is available about them.
Farsight’s Newly Active Domains (NAD) solution is a real-time data feed of domains that have become active after a period of inactivity (offline) for a period of at least ten (10) days. This data is very useful to detect and block domains used by threat actors who are patient enough to establish a harmless reputation for domain-name assets before use or reusing expired/abandoned domains that may have previously good reputations. Farsight NAD leverages our real-time Passive DNS sensor array and cross-references that data with our industry leading DNSDB® historical DNS database.