Overview
Read about the basics of Domain Intel
Quick View
What it does | Retrieves intelligence data for submitted domains |
Supported Languages | |
Capabilities |
|
Supported Providers |
What is the Domain Intel service?
The Domain Intel service allows you to retrieve intelligence about known domain names. Through a combination of providers, you gain access to the disposition of over 390 million domain addresses.
Why use the Domain Intel service?
Pangea serves intelligence data from third party providers, normalizing responses, to help you quickly identify malicious domains. All of this happens through a unified API and SDK - with no contracts or direct integrations to the provider required.
For example, if you set DomainTools as the provider
, you’ll receive a standard score that can be easily interpreted
in the API response. Armed with this information, you might choose to immediately block or investigate a domain
in your environment.
Use Cases
The Domain Intel API can be embedded directly into your application to determine if a domain is known to be malicious. Common use cases include:
- Detecting malicious domains in forum posts, blogs, chat sessions, social applications, or any other type of user generated content.
- Blocking a user signing up for your app with an email that has a malicious domain in it.
- Checking domain names extracted from files stored in the Pangea Secure Object Store.
- Checking domain names extracted from suspicious files that have been either statically or dynamically analyzed (i.e. sandbox detonation or runtime behavior analysis).
- Checking the address of incoming emails to detect and block Business Email Compromise, Phishing, and SPAM email campaigns. This may
include one or more of the following, for example:
- The From Address (e.g. info@pangea.cloud)
- The Return-Path Domain (e.g. bounces@pangea.cloud)
- The DKIM Signing Domain
- Any other links, headers, content, and brand assets included in the message
Was this article helpful?