The latest edition of the DomainTools Report is here with a current snapshot of trending information regarding the evolving nature of malicious activity across the Internet.

Hertz Dont It?, Decoy Oy Yoy Yoy, and Two Truths and a Lie.

Fraud where scarce and important medical equipment is concerned is abhorrent at any time, but during a pandemic when its urgently needed to save lives, the seriousness of such activity compounds dramatically. Investigating and stopping such actions becomes imperative in order to ensure legitimate medical facilities can deliver the care so desperate...

Catch up on our most popular blog posts from Q2 2022 in this infosec roundup!

Catch up on our most popular blog posts from Q2 2022 in this infosec roundup!

Hertz Dont It?, Decoy Oy Yoy Yoy, and Two Truths and a Lie.

Its been a minute since weve done an Employee Spotlight! Were excited to bring it back and introduce you to some new people since the DomainTools acquisition of Farsig

Everyone loves that in the right place at the right time feeling, including illicit actors. In this article, we look at domain registration correlating with current events to see where opportunities for threats may lie.

The MTBL file format supports fast random access and is a space-efficient format. This article details how to use MTBL files to efficiently provide a Python3 dictionary-like interface to moderately large CSV files, even on typical laptop hardware

The latest version of the DomainTools App for Splunk adds features supporting Farsight Security DNSDB and DomainTools Iris Detect, along with several other performance and usability enhancements.

RSA 2022 kicks off next week and we couldnt be more excited! Learn more about who from DomainTools will be there, what were sharing, and some fun events were pumped to attend!

We talk about the fundamental use cases for domain, DNS, and related data, but what we dont typically spend as much time on is how we can actually spot potentially risky traffic flows.

Stay in the know with some of our favorite Twitter accounts of 2022

When we talk about investigating bad domains, the focus of the story is usually the starting clues, but what about after youve identified bad domains? This blog discusses the approaches to take once a bad domain has been identified.

In our latest series, well discuss obscure, but premium services that enable cybercrime and online fraud to thrive and scale. Our first installment explores a dubious, yet noteworthy skimmer-as-a-service group, Caramel.

On May 1, 2022, the Alexa Top Million list will sunset. All of the potential replacements have pros and cons. In this blog post, well walk through those options along with our proposed replacement solution.

Newly-created domain monitoring and passive DNS offer companies the chance to intercept phishing campaigns before the first email flies. Recent campaigns against cryptocurrency companies illustrate how.

In light of the recent international law enforcement activity against the 16Shop principal DevilScreaM, we review a competing service known as SPM55, attempting to fill the void left in the market.

This article will look at the extent to which private IPs show up in DNSDB, publicly describing how we quantified their existence, a deeper look at those findings, and the associated risks of leakages.

Learn more about use cases and benefits of SVCB and HTTPS DNS resource record types.

DomainTools is offering a new, free threat intelligence feed of newly observed or registered Ukraine-related domain names to help organizations monitor threats.

We are pleased to announce the much anticipated launch of Iris Detect. Learn more about how this new technology works, what differentiates it from other products, and what it offers to protect your brand and your customers.

Learn how spam SMS numbers are created and how bad actors leverage URL shorteners to help protect your organization from phishing attacks.

A domain bloom is in progress centered on the term log4j, referring to the large-scale vulnerability being exploited in the wild. DomainTools characterized domain blooms in the spring 2021 DomainTools Report.

In the Fall 2021 edition of the DomainTools Report, we examine concentrations of phishing, malware, and spam activity along six domain characteristics.

The DomainTools Research team came across innocuous PDFs linking to dozens of short-lived Glitch apps hosting a SharePoint phishing page designed to harvest credentials:

We are excited to announce that DomainTools and Farsight Security have joined forces to make the Internet a safer place by combining the most comprehensive domain and DNS datasets.

Learn how the enhanced DomainTools App for Splunk can help you pinpoint potentially dangerous connections quickly and efficiently by simplifying your triage process and expediting your workflow.

Catch up on your industry reading with a curated list of the most popular blogs of Q3 2021. This installment includes a ransomware defenders guide, valuable data set cheat sheet, original research, and helpful OSINT tools.

Although ransomware holds a significant mindshare in security, phishing continues to be an effective and efficient tool for threat actors. In this blog, Tim Helming walks through various anti-phishing tools and methods available to defenders.

Although ransomware holds a significant mindshare in security, phishing continues to be an effective and efficient tool for threat actors. In this blog, Tim Helming cautions not to dismiss BEC just because its not grabbing headlines.

Among the kinds of attention natural disasters attract, sketchy or outright scammy domains are among the less savory. We explored the DomainTools database in the aftermath of Hurricane Ida and found many domains with high risk profiles.

Understand how to develop threat intel requirements for the most relevant dataseta sweet spot where your internally generated threat intelligence builds on your own network trafficknown as DNS-related network observables.

Learn how to take advantage of one-off, bite-sized intelligence to help your organizations defensive posture and inform future investigations.

In the final installment of this series, learn about Passive DNS and how it works, explore valuable artifacts for investigations, and study our handy cheat sheet.

In this blog, reacquaint yourself with the Whois protocol, identify signals to dive deeper into an investigation, and dive into complementary datasets for investigations.

In the first installment of this blog series, familiarize yourself with DNS, identify signals to dive deeper into an investigation, and complementary datasets to pair with DNS.

With thousands of malicious domains registered and used every day for phishing, ransomware, and more, we are excited to introduce the DomainTools Domain Discovery Feed to proactively reveal traffic to potentially harmful infrastructure.

Brush up on indicators of compromise, their relationship to your internal threat intelligence, and tools to help you quickly extract them from PDFs and plain text.

Senior Security Researcher, Chad Anderson, expands on Kryptos Logics research on AnchorDNS and uncovers an additional four C2 domains.

Catch up on your industry reading with a curated list of the most popular blogs of Q2 2021. This installment includes research relating to Cobalt Strike, COVID-19 related threats, DNS logging tips, and more.

Scammers target Americans looking for COVID tax relief to steal identity documents

The heightened focus on the ransomware problem may help organizations in the important work they do on their threat modeling and their security posture.

In this article, DomainTools researchers provide a look at the three most prolific ransomware families and their toolsets.

Learn how to quickly identify and characterize malicious online infrastructure with support from our two new offerings: IP Hotlist and Hosting IP Risk Feed.

Learn how investing in your organizations threat intelligence data quality can improve how much value your security operations can extract from SOAR.

Learn how to interpret nameserver activity to enumerate infrastructure in the context of a recent Cloud Atlas example investigated by Senior Security Researcher, Chad Anderson.

Join us as we reflect on Pride Month, LGBTQ+ representation in infosecurity, and actions our industry can take to recruit and retain more diverse talent.