The DomainTools Hotlist CDF surfaces a list of active high-risk domains.

The Domain Hotlist is a family of hotlists that support blocking with DNS Response Policy Zones (RPZ). The hotlist configurations support smaller DNS servers/firewalls with fixed or limited resources, as well as large DNS fleets.  Activity is measured by DomainTools’ global passive DNS sensor network and domain risk is calculated from predicted malware and phishing activity, and observed proximity with malicious infrastructure. Hotlists are available from DomainTools’ DNS servers using DNS Zone Transfer from an authorized IP address.

Note: Each hotlist is updated once per day. Some hotlists are capped at a maximum number of entries.

The integration provides the following feed:

• DomainTools Hotlist - ingests FQDN indicators from DomainTools. 

The integration ingests FQDN type indicators into the ThreatQ platform.