TTI Intelligent Data Feeds
Keep an eye on URLs that host phishing attacks. The near real-time feed comes from a variety of sources including spam email, domain name registrations, proprietary web crawling technology, and “suspect email” streams from major web-based email providers. Our experienced threat analysts quality control this data feed before it goes to you.
This intelligent data feed delivers a near real-time stream of URLs that attempt to infect computers with malicious code when the user accesses the URL. Discovered malicious URLs are gathered from a variety of sources, including spammed links, suspicious domain name registrations, phishing attacks, “suspect email” streams from major web-based email providers, and patented LookingGlass Site Seal technology. LookingGlass analysts then analyze and test against multiple antivirus engines and security programs to ensure the efficacy of this data feed.
Virus Tracker™ Infection Records
Cast a worldwide net with a list of newly identified and historical global infections collected by LookingGlass Virus Tracker botnet monitoring technology.
Virus Tracker™ C2 Domains
Limit and block outgoing traffic from infected machines from reaching command-and-control servers. Get a daily updated list of fully qualified domain names (FQDNs) associated with infected C2. The list is generated from a combination of LookingGlass virus and botnet tracking, sinkhole servers, and reverse engineering of domain-generation algorithms (DGA) and analysis of APTs.
Newly Registered Domains
Stay up to date every day with an aggregated list of Top-Level Domains (TLDs) registered globally in the last 24 hours. We don’t stop at just thee top five traditional TLDs—our systems span more than 825 new generic TLD (gTLD) extensions.
LookingGlass Virus Tracker is a global botnet monitoring system that provides real-time access to incoming new botnet infections and viruses. Its billions of historical infection records – more than 5 billion – dating back to 2012, identify millions of malware infections every day.
LookingGlass owns 40% of all known APT domains, giving you unrivaled insight into targeted attacks and infections.
- infections in your network communicating with Virus Tracker sinkholes masquerading as malware C2 servers.
- threats posed to your organization by third parties that connect to your network.
- on viruses seen in your network or third party networks.
- against new malware infections and spear phishing attacks by receiving a list of newly active malicious domains for use in network security appliances.
Flexible Consumption Model
High-quality threat intelligence that can be easily consumed and integrated with your own workflows and security platforms.
- Security Information and Event Management (SIEM)
- Threat Intelligence Management and Platform products
- Security Appliances (e.g., Application Level Gateways)
High-Quality Multifaceted Threat Coverage
LookingGlass ADS raw intelligence is gathered from a wide variety of deployed internet sensors; surface, deep and darkweb sources; botnet sinkholes; underground channels and LookingGlass proprietary crawling algorithms. It is continuously refined and updated, and then vetted by expert security analysts and machine learning algorithms.
STIX and TAXII: Sharing cyber threat intelligence
Allan Thomson, CTO