EMERGENT THREATS DOMAINS
The Next Layer of Domain Protection
Intelligence That Thinks Ahead
Our Emergent Threats Domains feed is designed to help you stay one step ahead of zero-day and fast-moving campaigns that often go undetected until it’s too late. We draw on a variety of data sources and analysis techniques to surface high-risk domains with a strong likelihood of being used in malicious activity. Our analyses include structural traits, behavioral indicators, and connections to known malicious infrastructure to name a few.
The goal of this feed is to give your security efforts a head start, spotting potential threats even before they are activated. This ultimately enables proactive detection, faster response times, and reduced exposure to emerging campaigns. In short, to stop threats before they become threats.
WHAT MAKES THESE DOMAINS RISKY?
New and/or suspicious domains are commonly used in phishing, malware delivery, C2 infrastructure, and ransomware campaigns. While these domains may not yet have a digital footprint – no VirusTotal hits or blacklist appearances – they can still exhibit strong indicators of future malicious use. Our system identifies and scores domains based on:
Try our data with a free evaluation.
Suspicious Structure
We analyze domains for patterns like randomness and entropy often linked to algorithmically generated domains (DGA).
Infrastructure Associations
Domains are cross-referenced with IPs and assets tied to previous malicious campaigns, identifying early signs of threat reuse.
Brand Lookalikes
We detect domains that mimic trusted brands to pinpoint phishing and impersonation attacks before they are activated.
Risky Registrations
Recently registered domains are flagged and closely reviewed as these are frequently used in short-lived or stealthy campaigns.
Predictive. Proactive.
The Emergent Threats Domain feed complements traditional threat intelligence with its forward-looking visibility into potential threats by helping to:
- Block high-risk domains before they are weaponized
- Pre-identify suspicious infrastructure tied to emerging or stealthy campaigns
- Reduce dwell time by acting earlier in the kill chain
- Enhance DNS-layer defenses and threat detection systems with predictive data
Designed For:
- DNS Firewalls and DNS Security Layers
- SIEMs and Threat Analytics Platforms
- TIPs and Threat Hunting Teams
- AI/ML model training on suspicious-but-not-yet-flagged data
Subscription Options
Emergent Threats Domains is available in the packages listed below. It can also be purchased as a standalone feed through our Enterprise offering.
- Radar: Provides daily downloads of suspicious domains for teams managing custom DNS filters or threat tracking systems.
- Guardian: Delivers emergent threats domains alongside multiple IOC types (domains, IPs, hashes) + metadata for use in threat detection, enrichment, and proactive security workflows.
- Sentinel (NGFW): Enables NGFW to proactively detect and block suspicious domain traffic across the network perimeter.
- ThreatLens: Emergent threats domains + context-enhancing metadata for early-stage alerting, enrichment, and threat correlation.
- Enterprise: Offers full control over feed format, delivery, and integration for building detection models, research, and automation workflows.
Available Formats:
CSV, JSON, Downloadable DNS Firewall Zone