Predictive Threat Intelligence: Introducing the New Early DGA Detection Feed | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

×
Contact Us



WhoisXML API Blog

Read other articles Download PDF

Predictive Threat Intelligence: Introducing the New Early DGA Detection Feed

The current cyber threat landscape leaves security teams with no option but to be proactive and continuously aim to stay one step ahead of threat actors. To supplement existing threat intelligence feeds that keep track of known bad properties, WhoisXML API recently launched the Early DGA Detection Feed. This predictive threat intelligence source tracks new domains created algorithmically, leveraging a combination of Machine Learning and Artificial Intelligence, typically identifying pre-weaponizationed domains as they get registered.

Why Include DGA Detection in Your Threat Intel Stack

Threat actors are known to algorithmically create and register large numbers of domains and often purposely delay their weaponization to avoid detection by traditional security engines.

This practice can catch organizations and security teams off guard when the domains are mobilized and become command-and-control (C&C) servers, malware and phishing hosts, or serve as other attack vehicles. Even when security solutions detect the already-malicious DGA domains early, there may already be victims.

Detecting DGA domains as they get registered can help security teams prepare mitigation steps or even preventively block them for optimum security and stricter zero-trust policy implementation.

About Our Early DGA Detection Feed

Early DGA Detection feed predicts DGA domains through the identification of suspicious domain registration patterns that can only be recognized by Machine and Artificial Intelligence. These domains are already pre-filtered and grouped, saving security teams and researchers processing time and computing resources.

The DGA domain files are made available daily and enriched with in-depth contextual information, including WHOIS registration details and IP host association with data points that can help reveal hidden connections and uncover malicious domain footprints.

“The increasing number of zero-day threats highlights that reactive cybersecurity is no longer enough to protect organizations. The Early DGA Detection Feed aims to help security teams get access to suspicious properties before it’s too late,” Ed Gibbs, Field CTO and world recognized industry expert at WhoisXML API.

Early DGA Detection Feed comes in CSV file format for seamless integration into most systems.
You may download a sample file here or contact us for more information.

Related posts
Read other articles Download PDF
Try our WhoisXML API for free
Get started