Threat actors move fast. Brand-new domains can be registered, weaponized, and abandoned in an hour. If your Protective DNS waits for a daily threat-feed refresh, that hour is an open door. By pairing ThreatSTOP’s Protective DNS platforms with DomainTools’ real-time risk feeds, you shut that door the moment a threat appears.
Periodic blocklist updates are great for yesterday’s threats. They are less helpful for the domain registered five minutes ago to host a phishing kit or beacon malware. Every minute of delay increases the chance a user clicks a malicious link, an endpoint calls home, or data slips out.
DomainTools now streams risk indicators the instant they are observed:
Newly Observed Domain (NOD) – Domains never before seen by the DomainTools passive DNS sensor network, delivered within seconds of first observation.
Domain Hotlist – A curated set of high-risk, active domains scored for phishing, malware, spam, and infrastructure proximity.
For an additional cost that is passed to DomainTools, we make this feed available right in our DNS products!
|
ThreatSTOP Product |
How It Leverages Real-Time Feeds |
|---|---|
|
DNS Defense Cloud |
Automatically ingests NOD and Hotlist indicators. Queries to risky domains are answered with a protective sinkhole response, blocking the threat before any connection occurs. |
|
DNS Defense |
Runs on your own resolvers, applying the same real-time intelligence at every branch, data center, and remote office. |
DomainTools NOD is available as a Marketplace offering inside ThreatSTOP. Enable it by contacting our sales engineers at support@threatstop.com. Customers consistently report fantastic emerging detections from this feed.
Rapid Blocking – Prevent communication with malicious infrastructure in seconds rather than hours.
Reduced Analyst Load – ThreatSTOP enforces policy and logs events automatically, letting your team focus on investigation and response.
The ThreatSTOP Security, Intelligence, and Research team continuously verifies DomainTools data and augments it with thousands of additional third-party and proprietary protections for command and control, invalid traffic, peer-to-peer activity, data exfiltration, phishing, spam, and Distributed Denial of Service attacks.
For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers! Get started with a Demo today!
|
ATT&CK Technique |
Real-Time Feed Contribution |
ThreatSTOP Enforcement |
|---|---|---|
|
T1568.003 – DNS for Command and Control |
NOD identifies new C2 domains on first sighting |
Protective DNS blocks lookups and redirects to sinkhole |
|
T1204.002 – Malicious Domain (Phishing) |
Hotlist flags high-risk phishing domains within minutes |
Users receive a safe response instead of the phishing site |
|
T1041 – Exfiltration Over C2 Channel |
Unknown or suspicious domains are blocked immediately |
Prevents outbound data transfer attempts |
|
T1190 – Exploit Public-Facing Application |
Early detection of exploit kit landing pages |
Resolver denies DNS resolution, stopping drive-by download chains |
Connect with Customers, Disconnect from Risks