Press Releases

DomainTools Announces Domain Hotlist

SEATTLE – April 30, 2020DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced Domain Hotlist, a predictive, prioritized, and easily consumable block list that identifies active, high-risk domains—empowering organizations to proactively guard against relevant, emerging threats.

DomainTools Risk Score is the foundation for the daily predictive and prioritized block list. Domain Hotlist contains domains that are associated with Passive DNS (pDNS) activity within the last day, a Threat Profile (Phishing, Malware, Spam) score of 90+, and/or a Proximity score of 70+. All domains included in the Domain Hotlist are both highly risky and currently active. This list gives customers a relatively small, easy-to-manage, focused set of domains for

  • Log File Enrichment – automate enrichment to drive workflows
  • Active Blocking and Rule-Driven Actions – institute preemptive blocking and establish rule-driven actions based on identification of operationalized domains
  • Data Augmentation – leverage operationalized data to deliver insights
  • Activity Tracking – monitor attack progression
  • Abuse Detection – identify domains registered with malicious intent

Driven by the needs of our customers for a trustworthy, predictive, and consumable list to inform their workflows, Domain Hotlist was created in collaboration with Quad9, a free, recursive, anycast DNS platform, to prevent their customers’ devices from connecting to malware or phishing sites.

“Core to DomainTools is leveraging our data to help establish a safe, secure, and open Internet, and our efforts with Quad9 exemplifies that mission. Since ingesting Domain Hotlist, Quad9 has blocked nearly 35.8 million DNS requests to bad domains, and blocked more than 135,000 unique bad domains. Today, we extend Domain Hotlist to our customers to open up new possibilities for organizations,” said Sean McNee, PhD, director of research, DomainTools.

“The results have been outstanding! This has been a very successful threat source activation for Quad9. We are very selective and the DomainTools Hotlist has quickly established itself as one of our top-producing data sources out of our 19 threat intelligence partners. I’m really very happy that we have been able to add DomainTools’ blocks to our system, and it’s clearly been a big win for helping to keep our users safe,” said John Todd, executive director, Quad9.

Domain Hotlist provides an easy-to-consume block list supported by the breadth and quality of DomainTools data, a nuanced understanding of cybersecurity, and machine learning expertise in building validated algorithms for identifying malicious domains before they are weaponized. Domain Hotlist is available through Quad9 (embedded as block elements in their free recursive DNS services) and directly from DomainTools to customers immediately.

For more information on Domain Hotlist, visit our blog, The new “Hotness” at DomainTools, Introducing Domain Hotlist.

About Quad9

Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy. Users can configure their systems to use & as DNS resolvers with no signup or fees to receive the DomainTools Hotlist protections.

Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting to malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 checks the site against a list of domains combined from 19 different threat intelligence partners. Each threat intelligence partner supplies a list of malicious domains based on their heuristics, which examine such factors as scanned malware discovery, network IDS past behaviors, visual object recognition, optical character recognition (OCR), structure and linkages to other sites, and individual reports of suspicious or malicious behavior. Based on the results, Quad9 resolves or denies the lookup attempt, preventing connections to malicious sites when there is a match. Quad9 never collects or sells personal data, and is a 501(c)3 non-profit organization dedicated to providing security and privacy to Internet users.

About DomainTools

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at or follow us on Twitter: @domaintools.

Media Contact Information:

Leslie Kesselring

Kesselring Communications for DomainTools

[email protected] or [email protected]