DNS Security Research
Analyze 240 billions DNSrequests per day
thousands highly active maliciousdomains added daily
Server 20 millionsChinese users 24/7/365
DNSMon - DNS security research system
We start with massive amount of network DNS data, and then correlation with the Honeypot, sandbox,WEB, TLS certificate, Whoisand various other multi-dimensional data, adding the help of various machine learning algorithms, we have a system that can identify malicious domains on a large scale very efficiently.
Real-time Data process
millions QPS DNS requests is being processed in real time, and new intelligence data is being generated on a hourly basis.
No need to rely on static rules
New Malicious, high-risk domains can be identified at large scale without prior knowledge.
Automated operations
The system runs automatically and generates thousands of malicious domain names and high-risk domain names every day.
Multi-platform threat intelligence
DNS is one of the most basic protocols being used by almost all Internet-connected devices, DNSmon is good at finding threats, no matter what platforms the users are using, Windows, Linux, MacOS, Android and various IoT platforms all covered.
A snip of DNSMon statsSince 2018, DNSMon on average generates 3000+ malicious and high-risk domains on a daily basis. The malicious domains then get pushed to 360 DNS, which servesmore than 20 million users in China, and the false positive feedback rate is less than 0.01%
The IoCs output by DNSMon
Blocked activitied by 360 DNS
Latest research