url: 'https://malist.guardyourdomain.com/api/v1/intel',
   method: 'get',
   data: '?q=_,
   headers: headers,
   success: function(data) {

Malist Threat Feed.
Supercharge Detection.

As a security provider, our goal is to provide the best security possible for our customers, and one method to accomplish this goal is through integrating valuable threat intel with our customer's existing solutions.

DomainGuard's threat feed, Malist, is a JSON based API that allows your organization to enhance your existing security solutions and supercharge detection capabilities.

API Integration

Documentation & Use Cases

Below we've provided documentation and use cases on how DomainGuard integrates with your existing solutions.

What is Malist?

The latin root word, mal, means "bad" or "evil" and is a fitting prefix to the word list, to represent the name of our threat feed. Our threat feed, Malist, is essentially a list of bad or evil domains and other indicators related to those domains.

You must provision an API key in order to make requests to Malist. This can be done by logging into the API management section within the DomainGuard platform.

There are several different types of data you can retrieve from Malist. Our customers are most interested in active threat IoC's for threats identified by DomainGuard. Malist allows you to retrieve threats by domain or IP address so these threats can be blocked in other tools in your environment.

Malist is an HTTP based JSON API. Working with Malist requires crafting HTTP requests specific to the information you are seeking.

Threat Domains

By using Malist, you can retrieve a list of all domains categorized as threats by DomainGuard and block these domains from being able to send an email to your users.

In addition to threat domains, you can retrieve a list of lookalike domains which are not approved by your organization. These domains look similar to your domains and could be used in a phishing attack against your users.

How can DomainGuard detect Account Compromise?

Phishing websites regularly redirect users to the legitimate website after the threat actors have tricked users into entering credentials. This method helps divert suspicion away from the phishing website. In instances where attackers clone your website, and your organization is gathering web server logs from the redirected website you own, Malist can be used to identify potential customer account compromise.


If your organization is using a DNS filter for only allowing your employees to access certain domains, DomainGuard's list of threat and lookalike domains can be added to your filter, to prevent users from being able to resolve those potentially malicious domains.

If your organization utilizes a URL or HTTP based proxy, limiting websites that your users can access, DomainGuard's list of threat and lookalike domains can be added to your blocklist. This will prevent users from accessing potentially malicious sites identified by DomainGuard.

Malist allows you to retrieve a list of IPs associated with threats identified by DomainGuard. Inbound and Outbound traffic to known threat IPs can and should be blocked at the firewall.

Try DomainGuard Today.

Interested in trying DomainGuard?
Reach out for a free Domain Threat Assessment.

Contact Us

By filling out the form below.

Domain Threat Assessment

See real threats related to your domain.

Start Proactive Monitoring

Catch phishing and fraud at inception.

DomainGuard logo large to display upon entry