DomainTools

Inside the Great Firewall Part 3: Geopolitical and Societal Ramifications - DomainTools Investigations | DTI Part 3 analyzes the GFW as geopolitical infrastructure: economic protectionism, the export of cyber sovereignty norms, and the emergence of an authoritarian coalition (Russia, Iran).

🌎 Geopolitics and the Global Reach of the GFW
Part 3 dives into the Geopolitical and Societal Ramifications, revealing how China projects digital control abroad.
🧵 Read the final report: https://dti.domaintools.com/inside-the-great-firewall-part-3-geopolitical-and-societal-ramifications/

How Domain Intelligence and Passive DNS create Full Profile DomainTools walks users through how using domain intelligence and passive DNS tools together create a fuller picture of a domain profile

Are your queries working as hard as they could be?

Using Iris Investigate + Farsight DNSDB in tandem gives you the fuller picture needed for better preventative decisions. Stop missing key pivots.

Read our latest blog post: https://bit.ly/3VzTr9V

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Looking to get the most out of your year-end budget?

DomainTools integrations delivers best-in-class DNS intelligence directly into your security stack to enrich alerts, automate investigations, and enhance threat detection.

Request a demo today! https://www.domaintools.com/demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

An independent study surveying DomainTools customers from Enterprise Strategy Group found DomainTools provided OEM partners 11 months faster time to value, reduced risk, and operational savings of 92%. Schedule a conversation with us here to learn more: https://www.domaintools.com/demo/

Inside the Great Firewall Part 2: Technical Infrastructure - DomainTools Investigations | DTI See the Great Firewall's technical blueprint. DomainTools Investigations details the TSG core, packet interception methods, and routines that detect tools like V2Ray/Psiphon.

🧵DTI researchers leveraged the leaked data from China’s Great Firewall to map the core design of the censorship stack in Part 2 of Inside the Great Firewall.

Read the technical deep dive here: https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/

DomainTools Demo - DomainTools | Start Here. Know Now.

DomainTools customers report wins from cost savings & improved detection rates, identifying up to 83% more malicious domains up to 96% faster with DomainTools than with industry-standard blocklist sources.
Set up a conversation with us to learn more: https://www.domaintools.com/domaintools-demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

DomainTools integrations deliver critical DNS intelligence into your TIP, SIEM, SOAR, E/XDR, and LLM solutions to:
💡Enrich alerts
⚠️Get predictive Risk Scores
🔗Make infrastructure pivots
🔍Get instant Whois/RDAP data
Learn more: https://www.domaintools.com/demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

DomainTools maximizes the value of OEM products by identifying up to 83% more malicious domains, 96% faster compared to industry-standard blocklists. Want to learn more? Schedule a conversation with us here: https://www.domaintools.com/demo/

Inside the Great Firewall Part 1: The Dump - DomainTools Investigations | DTI Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it.

500GB+ of data from China's digital censorship infrastructure was leaked last month. In Part 1 of our analysis, DomainTools Investigations maps the implicated entities and initial attribution clusters.

🧵 Don't miss the thread.
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/

DomainTools Demo - DomainTools | Start Here. Know Now.

Ransomware & phishing campaigns are evolving fast. DomainTools helps Federal defenders stay ahead by exposing the infrastructure behind the threats.
Schedule a demo today to learn how your team can use DNS intelligence to strengthen your cyber posture: https://www.domaintools.com/domaintools-demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Year-end budgets are in play. Are you making them count? 🤔DomainTools integrations instantly enhance your security stack & deliver key DNS intelligence so you can:
🔍Enrich alerts
⚡Automate investigations
🗺️Map adversary infrastructure
Request a demo today! https://www.domaintools.com/demo/

From NPM bypasses to crypto scam networks—October brought a wave of complexity, and we’ve got the full analysis.

Read and subscribe to October’s edition of the DomainTools Investigations Newsletter here: https://www.linkedin.com/newsletters/dt-investigations-news-7289801727560630273/

Is your team maximizing it DNS intel? DomainTools helps defenders uncover adversary infrastructure before it becomes a threat. Download our Best Practices Guide for OEMs to learn how our data empowers proactive defense & delivers up to 17X ROI in the first year. https://ow.ly/VcEU50Xh3Le

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Tired of jumping between security tools? We’ve got you covered.

DomainTools integrates with your favorite SOC platforms to deliver comprehensive DNS intelligence. Get the right data where you need it.

Request a demo to see our integrations in action.
https://www.domaintools.com/demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Get the intelligence you need, right where you work 💻 DomainTools integrates with your favorite tools to deliver:
🚨Alert/Event Enrichment
🔮Predictive Risk Scoring
🔗Infrastructure Pivots
🔍Whois/RDAP Data
See how our integrations support your team.
https://www.domaintools.com/demo/

Government and military systems are among the highest-profile targets for attackers. Passive DNS data from DomainTools aids government agencies worldwide in gaining context on attacks against government or military infrastructure & networks. Learn more: https://youtu.be/NEf4hMR6qo8?t=130

Mapping Hidden Alliances in Russian-Affiliated Ransomware - DomainTools Investigations | DTI Explore the hidden web of Russian-affiliated ransomware groups through a visual map revealing human overlaps, shared infrastructure, and evolving cybercriminal alliances in the post-Conti era

How do you uncover the infrastructure behind state sponsored ransomware? Our analysts used domain risk scoring to expose connections between Russian-affiliated threat groups. Read the full investigation: dti.domaintools.com/mapping-hidd... #ThreatIntel #APT #Ransomware #DomainTools #CyberOps

SecuritySnack: Repo The Repo - NPM Phishing - DomainTools Investigations | DTI A deep dive into the 4-stage NPM phishing attack flow that led to high-profile repository account takeover. Protect your development security.

🚨NPM developers are being targeted by sophisticated phishing that defeats MFA.

Attackers use multi-stage fake login pages to steal both credentials and MFA/OTP codes. Account takeover is fast and silent.
Read more:
dti.domaintools.com/securitysnac...

#CyberSecurity #NPM #InfoSec

Thanks to all that attended Ian Campbell and @mjwalk.bsky.social #BSidesNoVA talks this morning. Please don’t hesitate to stop by our table and say hello 👋 !

Don’t miss @mjwalk.bsky.social lightening talk on the relationships between F1 and surrounding cyber activities at 11:30 at #BSidesNoVA!

bsidesnova-2025.sessionize.com/session/1000...

At 11:30 AM Ian is presenting on DNS and domain intelligence as it applies to investigative journalist investigations. In related news, Allan Liska is selling “The Press Guardian”. We highly recommend checking out his table as well!

bsidesnova-2025.sessionize.com/session/1001...

Malachi and Ian standing at the DomainTools tabletop

Attending #BSidesNoVA? Be sure to say hello to Malachi and Ian at the DomainTools table before their talks at 11:30!

Inside a Crypto Scam Nexus - DomainTools Investigations | DTI A massive crypto wallet-drain conspiracy links fake trading sites to a single criminal IP address. See our investigative deep dive into how these orchestrated scams are draining user funds.

💰 One attacker, one IP address. DTI discovered a coordinated web of wallet-drain scams all traced back to the same infrastructure. Learn how one setup runs multiple scams.

Full report:

🔗 dti.domaintools.com/inside-a-cry...

#Crypto #Cybercrime #ThreatIntel

SecuritySnack: 18+E-Crime - DomainTools Investigations | DTI Starting in September 2024, a financially motivated cluster of more than 80 spoofed domain names and lure websites began targeting users with fake applications and websites themed as government tax si...

New from DTI: A financially-motivated cluster of spoofed domains disguised as age 18+ social media content, government tax sites, consumer banking, and online gambling apps targeting Windows and Android users. Learn more ⬇️ dti.domaintools.com/securitysnac...

#cybercrime #cybersecurity #threatintel

Cybersecurity Reading List - Week of 2025-09-29 - DomainTools Investigations | DTI Commentary followed by links to cybersecurity articles that caught our interest internally.

📖 Dive into this month's essential #cybersecurity reading list. Discover new research and articles from Google, The Record , @schneier.com , and more. Explore the list here: dti.domaintools.com/cybersecurit...

#InfoSec #ThreatIntel

DT Investigations News | LinkedIn Monthly updates featuring community-based research focused on Domain- and DNS-based attacks

JUST DROPPED: Our Head of Investigations’ monthly newsletter!

📰This edition shares research on Salt Typhoon, the Kimsuky leak, PoisonSeed, and a banker trojan targeting android users in Southeast Asia: www.linkedin.com/newsletters/...

#Cybersecurity #ThreatIntel #InfoSec

Big news! Our Real-Time Threat Feeds are now available.

With feeds for high-risk and newly-discovered domains, you get instant, 97%+ Internet-wide visibility to strengthen your blue team and threat detection efforts.

Learn how: www.domaintools.com/resources/bl...

Inside Salt Typhoon: China’s State-Corporate Advanced Persistent Threat - DomainTools Investigations | DTI Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infra...

DomainTools Investigations analyzed infrastructure and operational profiles for Salt Typhoon. Our research includes crucial intelligence for attribution, detection, and threat modeling. Read more here➡️ dti.domaintools.com/inside-salt-...

#ThreatIntel #SaltTyphoon #Cybersecurity #NationStateAPT

Football season is back, and so are the scammers! 🏈 Learn how to avoid activation scams spoofing services like ESPN & CBS, and get essential security tips for organizations and end-users. Read our latest research today:
https://bit.ly/4nr2o0W

Speaker presenting at a podium with a "Confs Tech" banner on it, at a conference event. The presentation slide behind reads, "Splunk around the Phishmas Tree."

Steve Behm at #splunkconf25 shared a 2-year investigation into attacks on USPS & Amazon. His talk highlighted how to use Splunk and DomainTools to detect DGA domains and automate domain discovery.

#Cybersecurity #ThreatIntelligence #Splunk #Phishing