DomainTools is a cybersecurity software platform from DomainTools that provides critical insights into domain intelligence. It combines investigations, integrations, and feeds so security teams can gain crucial context for every stage of a domain's lifecycle. This platform supports various security programs by delivering actionable data that helps identify threats and vulnerabilities in real-time. DomainTools enables organizations to make informed decisions about domain registrations and online presence. Key capabilities: investigations integrations feeds threat intelligence domain monitoring Best for: security professionals that need in-depth domain analysis and threat detection.
DomainTools is a leading digital forensics and threat intelligence platform designed to empower cybersecurity professionals with deep insight into domain and DNS-based threats. At its core, the software enables investigators and analysts to pivot on indicators such as domain names, IP addresses, and WHOIS data to uncover infrastructure patterns, identify malicious actors, and map threat networks. DomainTools specializes in delivering high-context intelligence through features such as WHOIS history, DNS record analysis, domain risk scoring, and passive DNS data. Its flagship tools—Iris Investigate and Risk Score—offer users the ability to rapidly assess the reputation of a domain and correlate it with other artifacts for in-depth forensic investigations. The user interface of DomainTools is clean, modern, and thoughtfully structured, catering to both novice analysts and experienced cybersecurity professionals. The layout prioritizes clarity by offering tabbed navigation, detailed data views, and graphical link analysis, allowing users to explore domain relationships visually. For instance, the Iris platform provides an intuitive workspace where investigators can pivot between data points, apply filters, and customize visual timelines and graphs.
Possesses 23+ years of historical domain, DNS, Whois, and SSL certificate data (including 100+ billion DNS observations and 97% of the full internet), providing unparalleled context for threat investigation and attribution.
Employs advanced machine learning to assign predictive risk scores to domains (overall, malware, phishing, spam), enabling security teams to prioritize threats and act preemptively before attacks are launched.
Specializes in the earliest detection of emerging threats, including malicious lookalike domains and infrastructure, often identifying them days earlier than standard blocklists, significantly reducing exposure time for phishing, fraud, and brand impersonation.
Offers an intuitive platform to map connected infrastructure and uncover hidden relationships between domains, IPs, SSL certificates, and threat actors, streamlining complex investigations and forensic analysis.
Provides real-time, high-fidelity feeds (e.g., Domain Risk, Domain Hotlist, Newly Observed Domains, Newly Active Domains) that deliver intelligence on emerging threats as they appear, enabling rapid blocking and proactive defense.
Designed to integrate effortlessly with existing security tools like SIEM, SOAR, and Threat Intelligence Platforms via robust APIs, enriching indicators at scale and automating security workflows.
Recognized as a global leader in domain and DNS threat intelligence, trusted by Fortune 100 companies, top banks, government agencies, and all branches of the military for critical security operations.
An intuitive web interface and API-driven platform for comprehensive threat investigation and infrastructure mapping.
Maps connected infrastructure (domains, IPs, name servers, SSL certificates) to uncover relationships, provides 10+ years of historical Whois and passive DNS data, and offers features like screenshot history and domain reporting.
Rapidly discovers and monitors lookalike domains with unmatched speed and coverage, providing near real-time risk scoring and automated alerts for emerging phishing and fraud campaigns.
Offers a robust API (REST-based) to seamlessly integrate DomainTools data (Whois, DNS, SSL certificate, risk scores) into SIEM, SOAR, and other security tools, enriching indicators at scale.
The world's largest Passive DNS intelligence solution, containing over 100 billion unique DNS observations dating back to 2010.
Provides programmatic access to this vast historical and real-time passive DNS data.
An "on-premise" version of DNSDB for the fastest response times, unlimited query volume, and total query privacy.
Allows regular expression and glob (wildcard) searches across every label of a fully qualified domain name and select RData, enabling highly specific queries.
Provides high-fidelity, real-time feeds to enable proactive defense.
Leverages machine learning on decades of data to assign predictive risk scores (overall, malware, phishing, spam) to domains and IP addresses, often predicting maliciousness before weaponization.
A prioritized, daily list of active, high-risk domains based on predictive risk scores and passive DNS activity, suitable for proactive blocking via DNS Response Policy Zones (RPZ).
Identifies domains never before seen by DomainTools' passive DNS network, enabling early blocking of new, high-risk activity.
Alerts on domains that have become active after at least 10 days of inactivity, often reused by criminals.
Provides a daily risk-scored domain list and targeted feeds for comprehensive insight into new and changing infrastructure.
Allows filtering of feeds based on risk scores and domain patterns, and delivers content directly as RPZ for DNS firewalls.
Seamlessly integrates with leading security platforms to enhance existing workflows.
Enhances threat hunting and domain alerts within platforms like Splunk, IBM QRadar, and Elastic.
Enables creation of event playbooks and targeted actions with platforms such as Cortex XSOAR and Splunk SOAR.
Connects with TIPs like Anomali, Maltego, MISP, and TheHive/Cortex to uncover actor infrastructure.
Tailored offerings for specific cybersecurity needs.
Detects indicators earlier in their lifecycle to disrupt incipient attacks.
Identifies and blocks malicious domains and infrastructure spoofing assets.
Discovers Indicators of Compromise (IOCs) and malicious infrastructure hidden within networks.
Monitors lookalike domain names and protects brand reputation.
Aids in rapid response, triage, and attribution of cyber incidents.
Empowers homegrown or third-party security applications with deep internet intelligence.
Customized intelligence for critical sectors.
Strengthens national cybersecurity resilience with preemptive intelligence.
Proactively uncovers fraud and reinforces infrastructure defenses.
Protects sensitive PII/PHI and ensures regulatory compliance.
Bolsters defenses against evolving cyber threats in the high-tech attack surface.
Safeguards against data breaches, consumer attacks, phishing, and BEC.
Trusted by over 700 enterprise customers, 45 of the Fortune 100, 8 out of the top 10 US banks, and all branches of the US military, with a strong reputation for data quality and accuracy based on 23+ years of experience.
ESG report indicates a 79% reduction in time and cost for domain-related intelligence tasks and an impressive 1,256% ROI for OEM partners.
Be the first to drop a review
EnCase Forensic is a digital forensic software from Opentext that enables investigators to gather digital…
FARO Zone 3D is a forensic visualization software from FARO that supports the analysis, reconstruction,…
Autopsy is a digital forensics software from Sleuth Kit Labs that provides a comprehensive open-source…
SceneWorks is a software platform from SpheronVR that focuses on creating immersive virtual reality experiences.…
Spot something wrong or outdated?
Suggest a correction — a reviewer verifies every change.
DomainTools is a cybersecurity software platform from DomainTools that provides critical insights into domain intelligence. It combines investigations, integrations, and feeds so security teams can gain crucial context for every stage of a domain's lifecycle. This platform supports various security programs by delivering actionable data that helps identify threats and vulnerabilities in real-time. DomainTools enables organizations to make informed decisions about domain registrations and online presence. Key capabilities: investigations integrations feeds threat intelligence domain monitoring Best for: security professionals that need in-depth domain analysis and threat detection.
Does DomainTools have an in-app market place?
Yes
How many Mini-Apps in the marketplace?
1
N/A
USD ($), EUR (€), GBP (£), JPY (¥), AUD (A$), CAD (C$), CHF (CHF), CNY (¥), SEK (kr), NOK (kr), DKK (kr), INR (₹), SGD (S$), HKD (HK$)
Email Address
EnterpriseSupport@DomainTools.comEnCase Forensic is a digital forensic software from Opentext that enables investigators to gather digital…
FARO Zone 3D is a forensic visualization software from FARO that supports the analysis, reconstruction,…
Autopsy is a digital forensics software from Sleuth Kit Labs that provides a comprehensive open-source…
SceneWorks is a software platform from SpheronVR that focuses on creating immersive virtual reality experiences.…