Newly Observed Hosts and Domains

Identify malicious domains as soon as they appear

What is the Newly Observed Domain and Host data set?

RiskIQ’s intelligence provides customers with a list of domains and hosts observed resolving to an IP address for the very first time in our Passive DNS repository.

How Can it Help?

Threat actors often programmatically use different domains and hosts for their attack campaigns. These entities could be hosting phishing sites, distributing malware, or acting as part of a larger malicious campaign, therefore newly observed data sets can serve as a guide to whether a domain or host is legitimate or not.

Organizations can proactively defend their enterprise against emerging cyber threats by blocking newly observed domains for a specified time period based on policy and risk tolerance.

Additionally, organizations can use the RiskIQ Newly Observed Host list to identify brand infringing websites or to conduct proactive threat hunting and research against this broad set of data.

How to Use It:

  • Proactive blocking of domains and hosts
  • Threat hunting
  • Brand protection