DomainTools

Guess who's back, back again? DTI’s back, tell a friend!

48 — Fri, 28 Feb 2025 17:15:53 +0000

Well hello there! If you are a returning reader, that likely means you found this information beneficial to your organization or all of my jokes last month absolutely KILLED. Or all of the above! Either way, welcome back! If you’re new around these parts, I’m Daniel Schwalbe, CISO and Head of Investigations at DomainTools, and […]

Why RDAP is the Next Big Step in Domain Intelligence

103 — Thu, 20 Feb 2025 17:00:00 +0000

Introduction For many years, domain registration data provided by the Whois protocol has been a crucial source of intelligence for cyber threat researchers. Details such as a registrant’s email address, phone number, and affiliate organization can be critical pivot points for investigators, eventually leading to a more complete answer to the Who, What, When, Where, […]

Using DomainTools and Microsoft Security Copilot to Enhance Domain Intelligence

48 — Fri, 14 Feb 2025 16:59:54 +0000

February 24, 2025 update: general availability for the Security Copilot and DomainTools integration is now live. Cyber attacks, which almost always leverage DNS infrastructure such as domains and IP addresses, often involve hundreds of data points that make up the malicious infrastructure. This can require cybersecurity teams to spend significant amounts of time collecting and […]

Registration Data Access Protocol Frequently Asked Questions

48 — Thu, 06 Feb 2025 15:13:19 +0000

What is RDAP? RDAP, or Registration Data Access Protocol, is a JSON-format replacement for Whois. This replacement is being driven by Internet management organizations like the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Assigned Numbers Authority (IANA). How long has RDAP been around? RDAP was initially standardized by the Internet Engineering […]

DT Investigations - Security Research for the Community

48 — Sat, 01 Feb 2025 17:25:45 +0000

Hello DTI Friends! I should start by introducing myself, as that’s how all the best relationships start (or so I’m told). If we haven’t yet had the opportunity to meet, I’m Daniel Schwalbe, CISO and Head of Investigations at DomainTools. I’ve spent the greater part of two decades tracking cybercriminals and nation-state actors in higher […]

Automated Discovery of Chenlun Domains - Splunk Enterprise Security

103 — Thu, 30 Jan 2025 16:20:00 +0000

TL;DR This technical blog explores a next step in this investigation on Chenlun by automating Splunk searches to gather domains using DomainTools, and share them using Splunk’s trigger actions. By integrating DomainTools with Splunk, you can streamline the identification of malicious domains, stay ahead of attackers, and optimize your security resources. Using Passive DNS to […]

What’s RDAP and Whereis Whois?

48 — Tue, 28 Jan 2025 15:52:06 +0000

Why is Whois Being Sunset? Domain registration data has been a long-standing asset for threat intelligence; correlating registration data across domains can uncover additional identifiers related to threat actors targeting companies, their employees, and their customers. Even with privacy redactions, registration data continues to be a critical source of information for threat analysts. Whois has […]

How Domain Intelligence and Passive DNS Create A Fuller Domain Profile

48 — Tue, 10 Dec 2024 16:19:44 +0000

Introduction We often hear of folks using our tools that they may have a preference for one over another. I think that’s just human nature – we tend to stick with what we know because it’s been working for us – if it ain’t broke why fix it? While it may be true that your […]

7 Most Popular Blogs of Q2 2024

48 — Thu, 11 Jul 2024 16:38:24 +0000

Introduction I don’t want to be one of those people, but I fear I must and say, “boy, this year is flying by!” It truly is, though! Somehow it’s July and the first half of the year is behind us. DomainTools has been hard at work with live presentations, events and conferences, and the Breaking […]

Phishmas Comes Early: New Developments in USPS Smishing Attacks

48 — Tue, 29 Oct 2024 10:00:24 +0000

Executive Summary Introduction Last year, DomainTools published research on a phishing campaign that targeted individuals by using SMS messages to impersonate the USPS. The original article provides details on likely responsible threat actor Chenlun/Sinkinto01. Apparently, the holiday season arrived early for me this year and I may have Chenlun to thank. In one year’s time, […]