A URL is categorized as 'Newly Registered Domain' (NRD) in the FortiGuard database if the domain was registered in the previous 10 days. The 10 days refers to the age of the domain from when it was first registered. These URLs will remain in this category during the 10 days until the NRD rating expires and then they will change to 'Not Rated'.

A URL is detected as a 'Newly Observed Domain' (NOD) if the domain name does not exist in the database and the URL is observed for the first time by the FortiGuard Distribution Servers(FDN) or FortiGuard server. The URL will then remain in this category for 30 minutes during which it is scanned for malicious content. If there is no malicious content found, the category for the URL changes to 'Not Rated'.

These 'Not Rated' domains will then be queued for review based on the visit counts. The duration depends on how popular the 'Unrated' websites are and how long the 'Unrated' queue is.

However, after some time, it is also possible to encounter the same domain as NOD again for these reasons:

• The FDN cache expires and the URL gets removed from the cache; the NOD rating is returned, then 'Unrated' and back to NOD again. The NOD cache on the FDN servers has a size limit, so the domain would be added/removed from the cache (based on visit count, time etc).

• Because of the rare visits, it is possible to hit a different FDN server, and that server seeing the URL for the first time returns the NOD rating.
  

the FDN or FortiGuard url entry Cache can be checked by the below command

diag webfilter fortiguard cache ttl

As for URL re-categorization made via the FortiGuard Web Filter Rating Submission, the response time may vary depending on the number of submissions in the queue/priority.

Related documents:

Web Filter Classification Rating Request   

Troubleshooting Tip: Verify the webfilter cache content

Technical Tip: CLI commands to verify status of the FortiGuard service