When does a URL get categorized as 'newly-registered-domain'?

• Palo Alto Firewall.
• Any PAN-OS.
• PAN DB URL Filtering.

URLs are categorized as a 'newly-registered-domain' when the domain has been registered or re-registered (indicating a potential change in ownership) within the last 32 days. Palo Alto Networks determines the official registration date based on the following hierarchy of data sources:
Zone Files: For TLDs where zone files are publicly available (e.g., .com, .net, .org), we primarily rely on them to determine the official registration date.
Passive DNS (pDNS): For TLDs where zone files are unavailable, such as country-code TLDs (ccTLDs like .at, .uk, .de), the registration date is determined by the date the domain was first observed via Passive DNS.
WHOIS Records: PAN-DB also utilizes WHOIS record data. If an official creation date in the WHOIS record is earlier than our existing records, the registration date will be updated accordingly. Due to the high volume of domains, we do not perform active/real-time WHOIS queries for every URL.

After this 32-day period, Palo Alto Networks will crawl the URL to determine if it needs to be re-categorized. If this is unsuccessful, the category will be Insufficient-Content, Newly-Registered-Domain. The crawler then tries again at 3 day, 7 day, 2 week, and 30 day markers. By the last day, if the crawler cannot determine the content, the URL will be categorized as "Insufficient-Content".
As a temporal workaround, please use a custom URL category if needed.

 https://docs.paloaltonetworks.com/advanced-url-filtering/administration/configuring-url-filtering/url-category-exceptions/create-a-custom-url-category

CUSTOMER CATEGORY CHANGE REQUESTS REGARDING NRD:

** Please note this category does not get manually removed before the 32 days, as this defeats the purpose of this category 'newly registered domain'. This not only provides category integrity when it comes to NRD designation, but also ensures protection to all customers who choose to block NRDs. This category will automatically drop off the domain 32 days after registration.

If, for whatever reason, after 32 days have passed and the NRD designation has not been removed, the customer can then open a case with support to have this corrected.