DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced Domain Hotlist, a predictive, prioritized, and easily consumable block list that identifies active, high-risk domains—empowering organizations to proactively guard against relevant, emerging threats.
DomainTools Risk Score is the foundation for the daily predictive and prioritized block list. Domain Hotlist contains domains that are associated with Passive DNS (pDNS) activity within the last day, a Threat Profile (Phishing, Malware, Spam) score of 90+, and/or a Proximity score of 70+. All domains included in the Domain Hotlist are both highly risky and currently active. This list gives customers a relatively small, easy-to-manage, focused set of domains for
- Log File Enrichment – automate enrichment to drive workflows
- Active Blocking and Rule-Driven Actions – institute preemptive blocking and establish rule-driven actions based on identification of operationalized domains
- Data Augmentation – leverage operationalized data to deliver insights
- Activity Tracking – monitor attack progression
- Abuse Detection – identify domains registered with malicious intent
Driven by the needs of our customers for a trustworthy, predictive, and consumable list to inform their workflows, Domain Hotlist was created in collaboration with Quad9, a free, recursive, anycast DNS platform, to prevent their customers’ devices from connecting to malware or phishing sites.
“Core to DomainTools is leveraging our data to help establish a safe, secure, and open Internet, and our efforts with Quad9 exemplifies that mission. Since ingesting Domain Hotlist, Quad9 has blocked nearly 35.8 million DNS requests to bad domains, and blocked more than 135,000 unique bad domains. Today, we extend Domain Hotlist to our customers to open up new possibilities for organizations,” said Sean McNee, PhD, director of research, DomainTools.
“The results have been outstanding! This has been a very successful threat source activation for Quad9. We are very selective and the DomainTools Hotlist has quickly established itself as one of our top-producing data sources out of our 19 threat intelligence partners. I’m really very happy that we have been able to add DomainTools’ blocks to our system, and it’s clearly been a big win for helping to keep our users safe,” said John Todd, executive director, Quad9.
Domain Hotlist provides an easy-to-consume block list supported by the breadth and quality of DomainTools data, a nuanced understanding of cybersecurity, and machine learning expertise in building validated algorithms for identifying malicious domains before they are weaponized. Domain Hotlist is available through Quad9 (embedded as block elements in their free recursive DNS services) and directly from DomainTools to customers immediately.