Enhance Detection and Blocking of Risky Infrastructure
DomainTools® IP Risk products identify potentially dangerous infrastructure based on hosted domains. The IP Hotlist is highly filtered based on risk score and traffic, while the Hosting IP Risk Feed contains all IPv4 addresses hosting at least one domain, regardless of traffic or risk.
Domain Risk Translates to IP Risk
Potentially dangerous traffic is often based on domains controlled by malicious actors. The unique, predictive Domain Risk Score is an ideal method for evaluating IP addresses that host domains.
- Threat Profile classifiers identify likely phishing, spam, or malware domains
- Proximity scoring ties domains to already “convicted” infrastructure
Predictive IP Risk Scoring
-
Hosting IP Risk Feed
The Hosting IP Risk Feed contains all IPv4 addresses known to be hosting one or more domains. Updated daily.
-
Domain registration profile data
The daily-updated IP Hotlist contains 40-50,000 of the riskiest IP addresses on the Internet.
Confidence in the Data
The most trusted online infrastructure data. Anywhere.
Near real-time risk scoring on all newly registered and discovered domains
>97% of currently registered domains
Sophisticated associations across datasets to accelerate action.
About the DomainTools Risk Score
DomainTools Risk Score predicts how likely a domain is to be malicious, often before it is weaponized. The score comes from two distinct machine learning algorithms:
- Proximity — how closely a domain is connected to other known-bad domains
- Threat Profile — how closely a domain resembles other known-bad domains
