Introducing our New DomainTools IP Hotlist

DomainTools and Bandura logos

At Threater, we believe that defending against cyber threats is a volume game that requires the use of massive volumes of cyber intelligence from multiple sources. This is why a critical component of our strategy is to partner with best-in-class cyber intelligence providers. Through these partnerships, we provide our customers with access to best-in-class cyber intelligence data through the tens of millions of multi-source indicator we provide “out of the box” as part of our subscriptions, additional options through our recently launched Cyber Intelligence Marketplace, and through integrations we have with other systems like Threat Intelligence Platforms.

On this note, we’re very excited about the recent addition of a new cyber intelligence data feed from our partner DomainTools. Specifically, all Threater customers now have access to a new IP Hotlist from DomainTools that will provide enhanced protection from malware, phishing, and spam threats. Even better is the fact that this new feed is free for customers with a Threater subscription.

DomainTools – A Market Leader in DNS Cyber Intelligence

DomainTools is one of our long-standing strategic cyber intelligence partners. They are a market leader in DNS cyber intelligence. Our initial DomainTools’ cyber intelligence offering was a Domain Hotlist, which is a blocklist that consists of domains with a DomainTools Risk Score of 99 and higher (out of 100). The list includes approximately three million malicious domains that are associated with malware, phishing, and spam threats.

While domain indicators are a great source of cyber intelligence, there is also significant value in knowing the IP addresses that malicious domains resolve to. Knowing the underlying IPs that malicious domains resolve to not only provides another critical way to protect against cyber threats but also helps eliminate potential blind spots related to encrypted DNS.

The New DomainTools IP Hotlist

With this in mind, we’re excited to announce the addition of the DomainTools IP Hotlist. The DomainTools IP Hotlist is a brand new cyber intelligence feed from DomainTools. IP Hotlist includes approximately 50,000 IPs that are associated with threat-actor controlled infrastructure. IP indicators on the DomainTools IP Hotlist have to be associated with malicious passive DNS activity over the previous 24 hours and greater than 50% of the hosted domains have to be either known malicious or predicted to be malicious by DomainTools.

Access IP Hotlist on Threater Cyber Intelligence Marketplace

The DomainTools IP Hotlist is available on our Cyber Intelligence Marketplace. As mentioned earlier, the great news is that Hotlist is free for all Threater customers as part of your subscription.

To access IP Hotlist, simply follow these four steps:

  • Go to the Threater app (i.e. GMC) and click on Marketplace on the left menu.
  • Click on DomainTools IP Hotlist.
  • Click Subscribe.
  • Click Enroll.

That’s it! In just a few minutes, IP Hotlist will appear in your IPv4 Denied Lists enhancing your protection from malware, phishing, and spam threats.

Want to learn more about Domain Tools Malicious Domain Blocklist and IP Hotlist?