<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p>Threat actors move fast. Brand-new domains can be registered, weaponized, and abandoned in an hour. If your Protective DNS waits for a daily threat-feed refresh, that hour is an open door. By pairing ThreatSTOP’s Protective DNS platforms with DomainTools’ real-time risk feeds, you shut that door the moment a threat appears.</p> <!--more--><h3><strong>The Problem: Minutes Matter</strong></h3> <p>Periodic blocklist updates are great for yesterday’s threats. They are less helpful for the domain registered five minutes ago to host a phishing kit or beacon malware. Every minute of delay increases the chance a user clicks a malicious link, an endpoint calls home, or data slips out.</p> <h3><strong>The DomainTools Real-Time Feed API</strong></h3> <p><a href="https://www.domaintools.com/resources/blog/why-your-protective-dns-needs-real-time-data-the-domaintools-advantage/" rel="noopener" target="_blank">DomainTools now streams risk indicators the instant they are observed</a>:</p> <ul> <li> <p><span><strong>Newly Observed Domain (NOD)</strong></span> – Domains never before seen by the DomainTools passive DNS sensor network, delivered within seconds of first observation.</p> </li> <li> <p><span><strong>Domain Hotlist</strong></span> – A curated set of high-risk, active domains scored for phishing, malware, spam, and infrastructure proximity.</p> </li> </ul> <h3>We've ALREADY GOT YOU. <br>Key advantages when paired with ThreatSTOP:</h3> <ul> <li> <p>For an additional cost that is passed to DomainTools, we make this feed available right in our DNS products!</p> </li> <li>Telemetry from customers that are using this feed is ingested into our ML system for further processing</li> </ul> <h3><strong>How ThreatSTOP Turns Data into Protection</strong></h3> <p>&nbsp;</p> <table style="border-collapse: collapse; table-layout: fixed; margin-left: auto; margin-right: auto; border: 1px solid #99acc2;"> <thead> <tr> <th> <p><strong>ThreatSTOP Product</strong></p> </th> <th> <p><strong>How It Leverages Real-Time Feeds</strong></p> </th> </tr> </thead> <tbody> <tr> <td> <p><strong>DNS Defense Cloud</strong></p> </td> <td> <p>Automatically ingests NOD and Hotlist indicators. Queries to risky domains are answered with a protective sinkhole response, blocking the threat before any connection occurs.</p> </td> </tr> <tr> <td> <p><strong>DNS Defense</strong></p> </td> <td> <p>Runs on your own resolvers, applying the same real-time intelligence at every branch, data center, and remote office.</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> <h4><strong>Marketplace Bonus</strong></h4> <p>DomainTools NOD is available as a <a href="/marketplace" rel="noopener" target="_blank">Marketplace offering</a> inside ThreatSTOP. Enable it by contacting our sales engineers at <a href="mailto:support@threatstop.com">support@threatstop.com</a>. Customers consistently report fantastic emerging detections from this feed.</p> <h3><strong>Proven Benefits</strong></h3> <ul> <li> <p><span><strong>Rapid Blocking</strong></span> – Prevent communication with malicious infrastructure in seconds rather than hours.</p> </li> <li> <p><span><strong>Reduced Analyst Load</strong></span> – ThreatSTOP enforces policy and logs events automatically, letting your team focus on investigation and response.</p> </li> </ul> <p>The ThreatSTOP Security, Intelligence, and Research team continuously verifies DomainTools data and augments it with thousands of additional third-party and proprietary protections for command and control, invalid traffic, peer-to-peer activity, data exfiltration, phishing, spam, and Distributed Denial of Service attacks.</p> <h3><strong>Take the Next Step</strong></h3> <p>For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our <a href="/threatstop-platform" rel="noopener" target="_blank">product page</a>. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers! <a href="https://admin.threatstop.com/register?hsLang=en" rel="noopener" target="_blank">Get started with a Demo today</a>!</p> <h3><strong>MITRE ATT&amp;CK Mapping</strong></h3> <p>&nbsp;</p> <table style="border-collapse: collapse; table-layout: fixed; margin-left: auto; margin-right: auto; border: 1px solid #99acc2;"> <thead> <tr> <th> <p><strong>ATT&amp;CK Technique</strong></p> </th> <th> <p><strong>Real-Time Feed Contribution</strong></p> </th> <th> <p><strong>ThreatSTOP Enforcement</strong></p> </th> </tr> </thead> <tbody> <tr> <td> <p><strong>T1568.003 – DNS for Command and Control</strong></p> </td> <td> <p>NOD identifies new C2 domains on first sighting</p> </td> <td> <p>Protective DNS blocks lookups and redirects to sinkhole</p> </td> </tr> <tr> <td> <p><strong>T1204.002 – Malicious Domain (Phishing)</strong></p> </td> <td> <p>Hotlist flags high-risk phishing domains within minutes</p> </td> <td> <p>Users receive a safe response instead of the phishing site</p> </td> </tr> <tr> <td> <p><strong>T1041 – Exfiltration Over C2 Channel</strong></p> </td> <td> <p>Unknown or suspicious domains are blocked immediately</p> </td> <td> <p>Prevents outbound data transfer attempts</p> </td> </tr> <tr> <td> <p><strong>T1190 – Exploit Public-Facing Application</strong></p> </td> <td> <p>Early detection of exploit kit landing pages</p> </td> <td> <p>Resolver denies DNS resolution, stopping drive-by download chains</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> <p><strong>Connect with Customers, Disconnect from Risks</strong></p></span>
![Darkside Ransomware Group domains fotoeuropa[.]ro and catsdegree[.]com](https://www.threatstop.com/hs-fs/hubfs/pipeline.jpg?width=600&name=pipeline.jpg)