DomainTools, the recognized leader in domain name research and monitoring tools, offers the most comprehensive searchable database of domain name registration, Whois records and hosting data for online investigations and research. Cyber security analysts, fraud investigators, domain professionals and marketers use DomainTools to investigate cybercrime, protect their assets and monitor online activity. DomainTools has 12 years of history on domain name ownership, Whois records, hosting data, screenshots and other DNS records. That's why customers say, "Every online investigation starts with DomainTools." DomainTools customers include many Fortune 1000 companies, leading vendors in the Security and Threat Intelligence community and most crime-fighting government agencies. Individual users can start with an online Free Trial available at Enterprise accounts are available from

Our Website:

Latest Content From DomainTools

Research Report: Survey Report: The Value of Threat Intelligence in Protecting against Cybercrime

by DomainToolsJan 04, 2016

DomainTools teamed with analyst Michael Osterman to understand how organizations purchase and use threat intelligence.

Research Report: SANS 2015 Analytics and Intelligence Survey

by DomainToolsJan 04, 2016

DomainTools teamed with SANS and analyst Dave Shackleford to conduct this survey of views on threat intel and analytics.

Whitepaper: The DomainTools Report: Bulk Domain Registration Agents as Cyber Threats

by DomainToolsJan 04, 2016

Learn about malicious Bulk Domain Registration Agents and tips on how to apply this knowledge to your own organization.

Whitepaper: The Continuous Security Model: Using Domain Profile and DNS Intelligence

by DomainToolsJan 04, 2016

Learn about Adaptive Security and the Continuous Security Model and see its practical application in a phishing attack.

Webcast: Using Threat Intelligence To Improve Enterprise Cyber Defense

by DomainToolsAug 24, 2015

Many enterprises are adding threat intelligence feeds and external threat data to their cyber defense arsenal. But how can security teams integrate this new threat information with their own security data to build a stronger defense? How can they mine security intelligence data to find the threats that pose the greatest danger to their specific environments?

Join DomainTools and industry analyst Michael Osterman as they offer insight into the latest trends in threat intelligence, and how enterprises can use that intelligence to measure risk and prioritize their defenses. Osterman will share the results of a new survey on how organizations purchase and use threat intelligence, as well as the pitfalls and payoffs of using threat data wisely. The experts will also offer advice on how domain and DNS-based threat information can help organizations assess risk, assess potential indicators of compromise, and even anticipate and block future attacks.

Attendees will learn:

  • The right and wrong ways to make use of threat intelligence data;
  • Results of a major survey showing how enterprises are implementing threat intelligence services and technology;
  • The pitfalls and payoffs of using threat intelligence;
  • How domain and DNS-based threat data can help organizations see threats coming by detecting, investigating, and acting upon threat indicators.

Whitepaper: Supercharge Your SIEM: How Domain Intel Enhances Situational Awareness

by DomainToolsAug 01, 2015

Read this white paper to learn what your SIEM isn't telling you, the importance of building a complete picture of the attack, and how to get better insight with better data.

Whitepaper: Supercharge Your SIEM: How Domain Intel Enhances Situational Awareness

by DomainToolsApr 03, 2015

Security Information and Event Management (SIEM) tools have become indispensable for the modern enterprise. These are the eyes and ears of a security team, providing them with the ability to detect network anomalies and track down threats. But even the best SIEM tool falls short when it comes to situational awareness of key "outside the firewall" aspects of an attack. Security professionals have long understood that they must evolve quickly to meet the challenges of a constantly changing threat landscape. Augmenting SIEM tools with detailed domain and IP address information enhances situational awareness and enables strong forensics and proactive security. Read this white paper to learn what your SIEM isn't telling you, the importance of building a complete picture of the attack, and how to get better insight with better data.

Whitepaper: Beyond Whois: How Extended Domain Profiles Can Yield Unexpected Insights

by DomainToolsNov 07, 2014

Every investigation has a starting point. A basic Whois query takes just a few seconds but can quickly provide the foundation for a successful investigation However, it's often the data that does NOT reside in a Whois record that can be truly illuminating. Like a CarFax report that goes beyond the vehicle title, there is a wealth of knowledge captured in other public data that can be invaluable to an investigator when leveraged appropriately. This is what we call our Domain Profile. Read this white paper to learn the types of domain intelligence available beyond the Whois record, what the Domain Profile can tell you about a website and its owner, why IP addresses are so important to attribution and enumeration, and how to use historical information can get past the roadblocks of privacy protection.

Whitepaper: Using DNS Data in Cybercrime Intelligence and Incident Forensics

by DomainToolsOct 02, 2014

When cybercrime happens, it is imperative to discover as much as possible about the scope of activity and the entity behind the crime. The right set of data and tools can help unmask hostname and IP address ownership, can highlight connections between nefarious online resources and accelerate your investigation into malicious activity and criminal attribution. Read our Cybercrime Investigation Guide to learn how DNS Intel can help you in developing a suspect profile, mapping associated activity, identifying the source (attribution), building a case of evidence, and proactively monitoring your domain assets.

Whitepaper: Best Practices Guide: Using DNS Data for Threat Intelligence and Incident Forensics

by DomainToolsJul 14, 2014

Cybercrime represents a major threat to both government and businesses, costing the economy hundreds of billions of dollars in losses every year. Often, the most challenging part for an investigator is discovering the who behind an attack. Is it a coordinated attack orchestrated by a criminal syndicate or an amateur hacker looking for a backdoor into your network? If the actual individual cannot be identified-as is too often the case-then investigators can build a Threat Intelligence Profile on the suspect that uniquely "finger prints" the organization and how they act. Threat investigators need to use all the tools at their disposal in order to identify the individuals and organizations involved in an online attack. DNS and Whois data is an essential tool that should be leveraged by every incident response team.

This guide will show you how DomainTools products can be applied during the course of an investigation to identify the perpetrator, build a profile of a cyber-attack, and proactively protect your data, infrastructure and intellectual property.