DNS Firewall Threat Feeds prevent your users from accessing malicious sites, without any intervention from security and IT teams. This enables overstretched IT teams to employ valuable resources on other pressing matters.

Our team of research experts have been compiling threat intelligence data for over 20 years. They understand the rapidly changing threat landscape. Working 24/7 on your behalf, they deliver actionable, real time DNS Firewall Threat Feeds.

These Threat Feeds list a wide range of threats, including phishing, malware, adware, botnet command & controllers (C&Cs) and cryptomining.

 

Our threat feeds provide the ultimate in flexibility. You can choose the feeds you want to consume based on the level of risk that is right for your organization. N.B. As the level of protection increases, so does the potential for an increased number of false positives.

Our feeds are applied at the DNS level, and can be integrated with open source DNS servers like BIND and PowerDNS, along with some DNS appliances, including Infoblox DNS Firewall.

 

Adware Hosts (Ad Hosts)

Standard: Domains identified as hosting adware.
Edited: This feed is also available in an edited version, containing only the worst of the worst. This can be used where customers require a lower risk of false positives. The protection provided by an edited feed is lower than that of its standard feed.

The Standard and Edited feeds are both included in our subscription cost.

Bad Nameserver Hosts (Bad NS Hosts)

Standard: Domains that are being used as the host record for a nameserver, and are classified as having a bad reputation.

This feed is included in our subscription cost.

Bad Nameserver IPs (Bad NS IPs)

Standard: Nameserver IP addresses that are hosting domains, and are classified as having a bad reputation.

This feed is available in our subscription cost.

Bad Reputation Hosts (Bad Rep Hosts)

Standard: Uncategorized domains identified as having a bad reputation. This includes hosts owned by known spammers, payload URLs, malicious tracking domains and domains associated with low reputation networks, amongst other factors.

Hacked: A ‘hacked’ version of this feed is available. This feed contains host domains with a bad reputation which are usually considered legitimate, but are currently compromised.

The Standard and Edited feeds are both available in our subscription cost.

Bogon IPs (Bogon IPs)

Standard: IP addresses that have not yet been assigned to an entity, and should not be generating any incoming or outgoing traffic.

This feed is included in our subscription cost.

Botnet Command and Control IPs (Botnet C&C IP)

Standard: IP addresses identified as hosting botnet command and controller (C&C) malware.
Hacked: A ‘hacked’ version of this feed is available. This feed contains host domains with a bad reputation which are usually considered legitimate, but are currently compromised.

The Standard and Edited feeds are both available in our subscription cost.

Botnet C&C Hosts (Botnet CC Host)

Standard: Domains identified as hosting a botnet command & controller (C2).
Edited: This feed is available in an edited version, containing only the worst of the worst. This can be used where customers require a lower risk of false positives.  The protection provided by an edited feed is lower than that of its standard feed.

Hacked: A ‘hacked’ version of this feed is available.  This feed contains botnet C&C host domains which are usually considered legitimate, but are currently compromised.

The Standard, Edited and Hacked feeds are all included in our subscription costs.

Botnet Hosts (Botnet Host)

Standard: Domains identified as hosting a botnet resource that are not a botnet command and controller.
Edited: This feed is also available in an edited version, containing only the worst of the worst. This can be used where customers require a lower risk of false positives. The protection provided by an edited feed is lower than that of its standard feed.

The Standard and Edited feeds are both included in our subscription cost.

Do Not Route or Peer (DROP)

IPs that have been identified as being hijacked, belonging to bullet proof hosters, or are being leased by professional malicious organizations. The very worst of the worst.

This feed is available for free, to protect users from the most malicious IPs we are observing. It is also included in our subscription cost.

Domain Generated Algorithm (DGA Host)

Domains created from multiple domain generated algorithms (DGA). These are automatically generated and usually associated with malware.

This feed is included in our subscription cost.

Malware Hosts (Malware Host)

Standard: Domains identified as hosting malware.
Hacked: A ‘hacked’ version of this feed is available. This feed contains domains hosting malware which are usually considered legitimate, but are currently compromised.

The Standard and Hacked feeds are both included in our subscription cost.

Phishing Hosts (Phish Host)

Standard: Domains identified as hosting a phishing site(s).
Hacked: A ‘hacked’ version of this feed is available. This feed contains phishing host domains which are usually considered legitimate, but are currently compromised.

The Standard and Hacked feeds are both included in our subscription cost.

Edited Adware Hosts (Ad Edit Host)

Domains identified as hosting adware, and are considered to be the worst of the worst.

This feed is included in our subscription cost.

Zero Reputation Domain (ZRD)

Domains, listed for only 24 hours, that have been recently registered or have been identified as previously dormant.

This feed is a premium feed and available at an additional cost.

Service Feeds (Service Feeds)

The following service zones can be accessed for free. Where required these zones can also be included in our paid subscription.

Please note: These service feeds are not curated by Spamhaus, and therefore may contain false positives, that cannot be remediated.

Tor Blocker – List of known Tor Exit Nodes.

Coinblocker – Lists of IP addresses and domains that are hosting cryptojacking scripts, which utilize the resources of an end user’s computer to mine cryptocurrency.

Porn Host – Hostnames and domains that are known to serve pornographic material.