DomainTools
DNS-based threat intelligence to detect, investigate, and prevent cyberattacks.
DNS Intelligence Data
20+ years
Internet Coverage
97%
Fortune 1000 Customers
Over 500
About DomainTools
DomainTools offers a suite of security tools and APIs that map internet infrastructure to identify and mitigate threats. Leveraging over 20 years of historical Whois and DNS data, the platform allows security teams to profile attackers, guide forensic investigations, and monitor for emerging threats. Key features include predictive domain risk scoring, extensive passive DNS data, and integrations with security platforms like SIEMs and SOARs. Common use cases involve threat hunting, incident response, phishing detection, and brand protection by providing context and connections between domains, IPs, and other infrastructure identifiers.
Core Threat Intelligence Products
Iris Investigate
A platform for threat hunting and incident response that connects domain and DNS data points.
Iris Detect
Proactively identifies and blocks malicious domains before they can launch attacks.
Iris Enrich
API and integrations for enriching existing security tools (SIEM, SOAR, TIP) with domain intelligence.
Passive Dns
A comprehensive database of historical DNS resolutions for forensic analysis.
Common Use Cases
Threat Hunting
Pivoting between related data points to uncover attacker infrastructure.
Incident Response
Enriching alerts and investigating security incidents with domain context.
Phishing & Malware Defense
Identifying and blocking domains associated with malicious campaigns.
Brand Protection
Monitoring for domain registrations that may indicate brand impersonation.