DomainTools

DomainTools Investigations | SecuritySnack: Phishing Interviews Phishing campaign targets job seekers with fake career portals and interview invites, stealing ID.me credentials and deploying malware since August 2025.

Targeting the Talent: The Rise of "Phishing Interviews" 🎣
Job seekers are the latest target in scams uncovered by the DomainTools Investigations (DTI) team. Read our investigation here:https://dti.domaintools.com/securitysnacks/securitysnack-phishing-interviews
#CyberSecurity #Phishing #JobHunt

DomainTools | Demo Request a demo from DomainTools to learn how our DNS intelligence platform can help you detect, identify, and monitor cyber threats.

DomainTools will be at #AFCEAWest in San Diego from February 10-12.

Stop by our booth or book a meeting with our team to learn how we give defenders and threat hunters the offensive edge not just on land and in the air but across the sea as well.
https://www.domaintools.com/demo

DomainTools | DomainTools & Cribl: Continuous Enrichment for Enhanced Intelligence

Take control of your data with DomainTools integration with Cribl Stream ⚡
Create a Real-Time DomainTools data feed integration with Cribl Stream.
Learn more: https://www.domaintools.com/blog/domaintools-cribl-continuous-enrichment-for-enhanced-intelligence

DomainTools Investigations | Pay to Lose: Dubious Online Gambling Games Be wary of "real money" games this New Year. This report uncovers hundreds of fake Android gambling apps using spoofed reviews, fake win declarations, and "waistcoat" shells to trick users into sideloading unregulated, predatory gambling software.

Play to Win or Pay to Lose? 💰
Our team at DomainTools Investigations identified three massive infrastructure clusters of online gambling and real-money games targeting users across various regions. Learn more ⬇️
https://dti.domaintools.com/securitysnacks/pay-to-lose-dubious-online-gambling-games

Faster pivots. Smarter hunting🛡️
We’ve leveled up the DomainTools for CrowdStrike app to give threat hunters more context without ever leaving their workflow. Learn how to turn a single indicator into a full-scale infrastructure map ⬇️
https://www.youtube.com/watch?v=NEf4hMR6qo8

DomainTools DomainTools is the global leader in Internet intelligence. Learn how our products and data are fundamental to best-in-class security programs.

Introducing the new DomainTools 🔎

20+ years of DNS intelligence, now with a digital presence to match. We’ve evolved our look and feel for 2026 to ensure our platform is as precise and streamlined as our data.
New look. Same mission.
See what’s new: domaintools.com

 Rainy Day Newsletter #12 (but not 35) - DomainTools Investigations | DTI Explore how agentic AI accelerates threat hunting by 10x, a deep dive into APT35’s internal operations, and B2B2C supply chain attacks in the DTI December newsletter.

The December DTI newsletter is here! ☕️
We’re kicking off 2026 with a recap of last month’s research and our monthly reading list. Read the full briefing: https://dti.domaintools.com/rainy-day-newsletter-12-but-not-35/
#Infosec #ThreatIntel #AI #CyberSecurity #APT35

B2B2C Supply Chain Attack: Hotel’s Booking Accounts Compromised to Target Customers - DomainTools Investigations | DTI New B2B2C supply chain attack targets Booking.com customers. Attackers are compromising hotel accounts to send "verify or cancel" phishing messages with dynamic booking data. Learn how to spot these fake domains and protect your payment info.

DomainTools Investigations finds an attacker hijacking hotel accounts to send "verify booking" scams directly through official Booking[.]com messages.
Details: https://dti.domaintools.com/b2b2c-supply-chain-attack-hotels-booking-accounts-compromised-to-target-customers/

🐈‍⬛ In our latest research, DomainTools Investigations covers APT35’s financial model and the administration behind both Charming Kitten and Moses Staff.
https://dti.domaintools.com/the-apt35-dump-episode-4-leaking-the-backstage-pass-to-an-iranian-intelligence-operation/

Our Head of Investigations & CISO, Daniel Schwalbe, joined the CyberWire podcast for Research Saturday to discuss DomainTools Investigations’ GFW research.
Listen to the full interview⬇️
https://thecyberwire.com/podcasts/research-saturday/405/notes
#Cybersecurity #CyberWire #GreatFirewall #Podcast

Chinese Malware Delivery Domains Part IV - DomainTools Investigations | DTI A massive crypto wallet-drain conspiracy links fake trading sites to a single criminal IP address. See our investigative deep dive into how these orchestrated scams are draining user funds.

In part IV of our series analyzing Chinese malware delivery domains, DTI researchers deployed #AgenticAI to analyze 1,900 domains tied to the supercluster we have been tracking since June. https://dti.domaintools.com/chinese-malware-delivery-domains-part-iv/

Newsletter 11 Could Take Forever The title of this month’s newsletter is a deep cut taken from the height of my favorite music genre, the admittedly awkwardly titled “Alternative Music.” What can I say, the 1990s in Seattle were wild, man - you had to be there.

Don't miss this! DTI’s November newsletter covers research exposing two major nation-state operations:
🇨🇳 China's GFW and 🇮🇷 APT35 /Charming Kitten
https://www.linkedin.com/pulse/newsletter-11-could-take-forever-daniel-schwalbe-xy48c
#Cybersecurity #InfoSec #GreatFirewall #APT35 #China #Iran

😼 APT35/Charming Kitten Internal Documents Leaked

Our new DTI report analyzes the actor's methods.

Read the full analysis: https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Enterprise Strategy group found that customers can expect up to a 17 times return on their initial investment in their first year when integrating DomainTools products with their existing solutions.

Ready to learn more? Book with a demo with us here: https://www.domaintools.com/demo/

Inside the Great Firewall Part 3: Geopolitical and Societal Ramifications - DomainTools Investigations | DTI Part 3 analyzes the GFW as geopolitical infrastructure: economic protectionism, the export of cyber sovereignty norms, and the emergence of an authoritarian coalition (Russia, Iran).

🌎 Geopolitics and the Global Reach of the GFW
Part 3 dives into the Geopolitical and Societal Ramifications, revealing how China projects digital control abroad.
🧵 Read the final report: https://dti.domaintools.com/inside-the-great-firewall-part-3-geopolitical-and-societal-ramifications/

How Domain Intelligence and Passive DNS create Full Profile DomainTools walks users through how using domain intelligence and passive DNS tools together create a fuller picture of a domain profile

Are your queries working as hard as they could be?

Using Iris Investigate + Farsight DNSDB in tandem gives you the fuller picture needed for better preventative decisions. Stop missing key pivots.

Read our latest blog post: https://bit.ly/3VzTr9V

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Looking to get the most out of your year-end budget?

DomainTools integrations delivers best-in-class DNS intelligence directly into your security stack to enrich alerts, automate investigations, and enhance threat detection.

Request a demo today! https://www.domaintools.com/demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

An independent study surveying DomainTools customers from Enterprise Strategy Group found DomainTools provided OEM partners 11 months faster time to value, reduced risk, and operational savings of 92%. Schedule a conversation with us here to learn more: https://www.domaintools.com/demo/

Inside the Great Firewall Part 2: Technical Infrastructure - DomainTools Investigations | DTI See the Great Firewall's technical blueprint. DomainTools Investigations details the TSG core, packet interception methods, and routines that detect tools like V2Ray/Psiphon.

🧵DTI researchers leveraged the leaked data from China’s Great Firewall to map the core design of the censorship stack in Part 2 of Inside the Great Firewall.

Read the technical deep dive here: https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/

DomainTools Demo - DomainTools | Start Here. Know Now.

DomainTools customers report wins from cost savings & improved detection rates, identifying up to 83% more malicious domains up to 96% faster with DomainTools than with industry-standard blocklist sources.
Set up a conversation with us to learn more: https://www.domaintools.com/domaintools-demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

DomainTools integrations deliver critical DNS intelligence into your TIP, SIEM, SOAR, E/XDR, and LLM solutions to:
💡Enrich alerts
⚠️Get predictive Risk Scores
🔗Make infrastructure pivots
🔍Get instant Whois/RDAP data
Learn more: https://www.domaintools.com/demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

DomainTools maximizes the value of OEM products by identifying up to 83% more malicious domains, 96% faster compared to industry-standard blocklists. Want to learn more? Schedule a conversation with us here: https://www.domaintools.com/demo/

Inside the Great Firewall Part 1: The Dump - DomainTools Investigations | DTI Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it.

500GB+ of data from China's digital censorship infrastructure was leaked last month. In Part 1 of our analysis, DomainTools Investigations maps the implicated entities and initial attribution clusters.

🧵 Don't miss the thread.
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/

DomainTools Demo - DomainTools | Start Here. Know Now.

Ransomware & phishing campaigns are evolving fast. DomainTools helps Federal defenders stay ahead by exposing the infrastructure behind the threats.
Schedule a demo today to learn how your team can use DNS intelligence to strengthen your cyber posture: https://www.domaintools.com/domaintools-demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Year-end budgets are in play. Are you making them count? 🤔DomainTools integrations instantly enhance your security stack & deliver key DNS intelligence so you can:
🔍Enrich alerts
⚡Automate investigations
🗺️Map adversary infrastructure
Request a demo today! https://www.domaintools.com/demo/

From NPM bypasses to crypto scam networks—October brought a wave of complexity, and we’ve got the full analysis.

Read and subscribe to October’s edition of the DomainTools Investigations Newsletter here: https://www.linkedin.com/newsletters/dt-investigations-news-7289801727560630273/

Is your team maximizing it DNS intel? DomainTools helps defenders uncover adversary infrastructure before it becomes a threat. Download our Best Practices Guide for OEMs to learn how our data empowers proactive defense & delivers up to 17X ROI in the first year. https://ow.ly/VcEU50Xh3Le

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Tired of jumping between security tools? We’ve got you covered.

DomainTools integrates with your favorite SOC platforms to deliver comprehensive DNS intelligence. Get the right data where you need it.

Request a demo to see our integrations in action.
https://www.domaintools.com/demo/

Request a Demo | DomainTools - Start here. Know now. Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Get the intelligence you need, right where you work 💻 DomainTools integrates with your favorite tools to deliver:
🚨Alert/Event Enrichment
🔮Predictive Risk Scoring
🔗Infrastructure Pivots
🔍Whois/RDAP Data
See how our integrations support your team.
https://www.domaintools.com/demo/

Government and military systems are among the highest-profile targets for attackers. Passive DNS data from DomainTools aids government agencies worldwide in gaining context on attacks against government or military infrastructure & networks. Learn more: https://youtu.be/NEf4hMR6qo8?t=130