DomainTools
| Primary URL | Location | Industry | domaintools[.]com |
Country
United States of America
|
Technology
|
|---|
Profile
DomainTools provides a cybersecurity threat intelligence platform that centers on the collection, enrichment, and analysis of domain and DNS data to help security teams identify and mitigate online threats. The platform aggregates WHOIS records, passive DNS histories, SSL certificate information, and web content data to generate contextual insights about internet infrastructure. Among its commercial offerings are Iris Investigate, a workbench for deep dive investigations of suspicious domains; PhishEye, a service that continuously monitors for newly registered domains that mimic protected brands; and Domain Risk Score, a numeric rating that estimates the likelihood a domain is associated with malicious activity. Customers can access these capabilities through a web‑based console or via RESTful APIs that enable integration with security orchestration, automation, and response tools. The data supplied by DomainTools is used for activities such as phishing detection, brand protection, incident response, and threat hunting.
What distinguishes DomainTools from broader threat intelligence providers is its exclusive focus on the domain name system and related registration data as the primary source of threat context. The company maintains one of the largest historical repositories of WHOIS and DNS records, allowing analysts to trace infrastructure changes over months or years. This depth enables the linking of seemingly benign domains to known threat actor campaigns through patterns of registration, hosting, and content similarity. DomainTools emphasizes that its data is particularly valuable for organizations whose security teams are composed of cybersecurity researchers and analysts who rely on technical indicators rather than generic alerts. The firm’s competencies include parsing heterogeneous internet data, normalizing disparate formats, and delivering timely alerts about newly observed or altered domains that match indicators of compromise. These capabilities position DomainTools as a specialized resource for proactive defense against infrastructure‑based attacks such as typosquatting, command‑and‑control setup, and fraudulent site deployment.
DomainTools is headquartered in Seattle, Washington, United States of America. The company has not disclosed its ownership or parent‑subsidiary relationships in the source material, so those details are omitted. In October 2016, DomainTools reported an attack on its user management system in which an unknown actor exploited a vulnerability in the email update function to enumerate registered accounts by testing random addresses. The intrusion allowed the attacker to match a few hundred current or historic account emails, prompting the company to patch the flaw, notify affected customers, and advise password resets due to the risk of credential reuse and potential social‑engineering use of the exposed information. The incident was framed as a reminder that even providers of threat intelligence must protect their own user data, especially when their clientele consists largely of security professionals who may reuse credentials across services.
