DomainTools Blog
The DomainTools Spring 2022 Report | Mark As Read |
The latest edition of the DomainTools Report is here with a current snapshot of trending information regarding the evolving nature of malicious activity across the Internet.
126. Give Em the Old RaaSleDazzle | Mark As Read |
Hertz Dont It?, Decoy Oy Yoy Yoy, and Two Truths and a Lie.
Fraud in the Time of COVID | Mark As Read |
Fraud where scarce and important medical equipment is concerned is abhorrent at any time, but during a pandemic when its urgently needed to save lives, the seriousness of such activity compounds dramatically. Investigating and stopping such actions becomes imperative in order to ensure legitimate medical facilities can deliver the care so desperate...
Fraud in the Time of COVID | Mark As Read |
In the early days of the Covid-19 pandemic, a Nigerian threat actor attempted to impersonate medical institutions in the US. In this blog, well walk through the tactics he used that would ultimately be his downfall.
7 Most Popular Blog Posts of Q2 2022 | Mark As Read |
Catch up on our most popular blog posts from Q2 2022 in this infosec roundup!
7 Most Popular Blog Posts of Q2 2022 | Mark As Read |
Catch up on our most popular blog posts from Q2 2022 in this infosec roundup!
125 . Nobody Makes Me HertzBleed My Own Blood | Mark As Read |
Hertz Dont It?, Decoy Oy Yoy Yoy, and Two Truths and a Lie.
DomainTools Employee Spotlight - Ian Campbell | Mark As Read |
Its been a minute since weve done an Employee Spotlight! Were excited to bring it back and introduce you to some new people since the DomainTools acquisition of Farsight Security!
DomainTools Employee Spotlight - Ian Campbell | Mark As Read |
Its been a minute since weve done an Employee Spotlight! Were excited to bring it back and introduce you to some new people since the DomainTools acquisition of Farsig
Timing Is Everything | Mark As Read |
Everyone loves that in the right place at the right time feeling, including illicit actors. In this article, we look at domain registration correlating with current events to see where opportunities for threats may lie.
Efficiently Accessing a Moderately-Large Sorted and Uniquely-Keyed CSV File in Python3 with MTBL | Mark As Read |
The MTBL file format supports fast random access and is a space-efficient format. This article details how to use MTBL files to efficiently provide a Python3 dictionary-like interface to moderately large CSV files, even on typical laptop hardware
Bringing New Capabilities to the DomainTools App for Splunk | Mark As Read |
The latest version of the DomainTools App for Splunk adds features supporting Farsight Security DNSDB and DomainTools Iris Detect, along with several other performance and usability enhancements.
All About RSA 2022 | Mark As Read |
RSA 2022 kicks off next week and we couldnt be more excited! Learn more about who from DomainTools will be there, what were sharing, and some fun events were pumped to attend!
Network Traffic Analysis and Adversary Infrastructure | Mark As Read |
We talk about the fundamental use cases for domain, DNS, and related data, but what we dont typically spend as much time on is how we can actually spot potentially risky traffic flows.
Infosec To Go: Top Security Twitter Accounts of 2022 | Mark As Read |
Stay in the know with some of our favorite Twitter accounts of 2022
"I've Found Some Bad DomainsNow What?" | Mark As Read |
When we talk about investigating bad domains, the focus of the story is usually the starting clues, but what about after youve identified bad domains? This blog discusses the approaches to take once a bad domain has been identified.
A Sticky Situation Part 1: The Pervasive Nature of Credit Card Skimmers | Mark As Read |
In our latest series, well discuss obscure, but premium services that enable cybercrime and online fraud to thrive and scale. Our first installment explores a dubious, yet noteworthy skimmer-as-a-service group, Caramel.
Mirror, Mirror, on the Wall, Whos the Fairest (website) of Them all? | Mark As Read |
On May 1, 2022, the Alexa Top Million list will sunset. All of the potential replacements have pros and cons. In this blog post, well walk through those options along with our proposed replacement solution.
Stop Crypto Kleptos in Their Tracks | Mark As Read |
Newly-created domain monitoring and passive DNS offer companies the chance to intercept phishing campaigns before the first email flies. Recent campaigns against cryptocurrency companies illustrate how.
SPM55: Ascending the Ranks of Indonesian Phishing As A Service Offerings | Mark As Read |
In light of the recent international law enforcement activity against the 16Shop principal DevilScreaM, we review a competing service known as SPM55, attempting to fill the void left in the market.
Non-Routable Private Address Space That Appears in DNSDB Results | Mark As Read |
This article will look at the extent to which private IPs show up in DNSDB, publicly describing how we quantified their existence, a deeper look at those findings, and the associated risks of leakages.
The Use Cases and Benefits of SVCB and HTTPS DNS Record Types | Mark As Read |
Learn more about use cases and benefits of SVCB and HTTPS DNS resource record types.
Threat Monitoring Newly Created Ukraine-Related Domain Names | Mark As Read |
DomainTools is offering a new, free threat intelligence feed of newly observed or registered Ukraine-related domain names to help organizations monitor threats.
Iris Detect: A New Way to Discover and Monitor Hostile Domains | Mark As Read |
We are pleased to announce the much anticipated launch of Iris Detect. Learn more about how this new technology works, what differentiates it from other products, and what it offers to protect your brand and your customers.
New Phone, Who Dat? | Mark As Read |
Learn how spam SMS numbers are created and how bad actors leverage URL shorteners to help protect your organization from phishing attacks.
A Domain Bloom in Progress: log4j Domains | Mark As Read |
A domain bloom is in progress centered on the term log4j, referring to the large-scale vulnerability being exploited in the wild. DomainTools characterized domain blooms in the spring 2021 DomainTools Report.
The DomainTools Report, Fall 2021: Concentrations of Badness with a Side of Surprise | Mark As Read |
In the Fall 2021 edition of the DomainTools Report, we examine concentrations of phishing, malware, and spam activity along six domain characteristics.
Seeing Red | Mark As Read |
The DomainTools Research team came across innocuous PDFs linking to dozens of short-lived Glitch apps hosting a SharePoint phishing page designed to harvest credentials:
DomainTools and Farsight Security Join Forces to Deliver Best-in-class Threat Intelligence | Mark As Read |
We are excited to announce that DomainTools and Farsight Security have joined forces to make the Internet a safer place by combining the most comprehensive domain and DNS datasets.
An Update to the DomainTools App for Splunk | Mark As Read |
Learn how the enhanced DomainTools App for Splunk can help you pinpoint potentially dangerous connections quickly and efficiently by simplifying your triage process and expediting your workflow.
7 Most Popular Blog Posts of Q3 2021 | Mark As Read |
Catch up on your industry reading with a curated list of the most popular blogs of Q3 2021. This installment includes a ransomware defenders guide, valuable data set cheat sheet, original research, and helpful OSINT tools.
Stop That Phish! | Mark As Read |
Although ransomware holds a significant mindshare in security, phishing continues to be an effective and efficient tool for threat actors. In this blog, Tim Helming walks through various anti-phishing tools and methods available to defenders.
Plain Phishing Still Outpacing Ransomware | Mark As Read |
Although ransomware holds a significant mindshare in security, phishing continues to be an effective and efficient tool for threat actors. In this blog, Tim Helming cautions not to dismiss BEC just because its not grabbing headlines.
Hurricane Ida Scam Domains | Mark As Read |
Among the kinds of attention natural disasters attract, sketchy or outright scammy domains are among the less savory. We explored the DomainTools database in the aftermath of Hurricane Ida and found many domains with high risk profiles.
Developing DNS-Based Intel Requirements | Mark As Read |
Understand how to develop threat intel requirements for the most relevant dataseta sweet spot where your internally generated threat intelligence builds on your own network trafficknown as DNS-related network observables.
Hunting Down Late Night Security Snacks - Raiding The Domain Fridge | Mark As Read |
Learn how to take advantage of one-off, bite-sized intelligence to help your organizations defensive posture and inform future investigations.
Valuable Datasets to Analyze Network Infrastructure | Part 3 | Mark As Read |
In the final installment of this series, learn about Passive DNS and how it works, explore valuable artifacts for investigations, and study our handy cheat sheet.
Valuable Datasets to Analyze Network Infrastructure | Part 2 | Mark As Read |
In this blog, reacquaint yourself with the Whois protocol, identify signals to dive deeper into an investigation, and dive into complementary datasets for investigations.
Valuable Datasets to Analyze Network Infrastructure | Part 1 | Mark As Read |
In the first installment of this blog series, familiarize yourself with DNS, identify signals to dive deeper into an investigation, and complementary datasets to pair with DNS.
Announcing the DomainTools Domain Discovery Feed | Mark As Read |
With thousands of malicious domains registered and used every day for phishing, ransomware, and more, we are excited to introduce the DomainTools Domain Discovery Feed to proactively reveal traffic to potentially harmful infrastructure.
Tools To Quickly Extract Indicators of Compromise | Mark As Read |
Brush up on indicators of compromise, their relationship to your internal threat intelligence, and tools to help you quickly extract them from PDFs and plain text.
Finding AnchorDNS C2s With Iris Investigate | Mark As Read |
Senior Security Researcher, Chad Anderson, expands on Kryptos Logics research on AnchorDNS and uncovers an additional four C2 domains.
7 Most Popular Blog Posts of Q2 2021 | Mark As Read |
Catch up on your industry reading with a curated list of the most popular blogs of Q2 2021. This installment includes research relating to Cobalt Strike, COVID-19 related threats, DNS logging tips, and more.
American Rescue Plan Act Lures in the Wild | Mark As Read |
Scammers target Americans looking for COVID tax relief to steal identity documents
We Know How To Prevent Ransomware | Mark As Read |
The heightened focus on the ransomware problem may help organizations in the important work they do on their threat modeling and their security posture.
The Most Prolific Ransomware Families: A Defenders Guide | Mark As Read |
In this article, DomainTools researchers provide a look at the three most prolific ransomware families and their toolsets.
A New Way to Pinpoint Dangerous Infrastructure | Mark As Read |
Learn how to quickly identify and characterize malicious online infrastructure with support from our two new offerings: IP Hotlist and Hosting IP Risk Feed.
Data Quality Makes your Security Operations SOAR | Mark As Read |
Learn how investing in your organizations threat intelligence data quality can improve how much value your security operations can extract from SOAR.
Cloud Atlas Navigates Us Into New Waters | Mark As Read |
Learn how to interpret nameserver activity to enumerate infrastructure in the context of a recent Cloud Atlas example investigated by Senior Security Researcher, Chad Anderson.
DomainTools Reflects on LGBTQ+ Representation in Infosecurity | Mark As Read |
Join us as we reflect on Pride Month, LGBTQ+ representation in infosecurity, and actions our industry can take to recruit and retain more diverse talent.
- Welcome!
- NameBee aggregates blogs for the Domain Name industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
NameBee is your source for all your Domain Name news.
Know of a Domain Name blog that we're missing? Let us know! |