Only one person walks away from Black Hat with a pair of tickets for the Grateful Dead. But you can rock all night and party every day with this record player. We're giving one away after each meeting, so book your slot today! https://bit.ly/3Wc3dQp
DomainTools
Computer and Network Security
Seattle, WA, Washington 19,776 followers
Detect. Investigate. Prevent.
About us
DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know. The world's most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape. DomainTools constantly monitors the Internet and brings together the most comprehensive and trusted domain, website and DNS data to provide immediate context and machine-learning driven risk analytics delivered in near real-time. Visit domaintools.com to experience firsthand why DomainTools is the first stop for advanced security teams when they need to know.
- Website
-
https://www.DomainTools.com
External link for DomainTools
- Industry
- Computer and Network Security
- Company size
- 51-200 employees
- Headquarters
- Seattle, WA, Washington
- Type
- Privately Held
- Founded
- 2004
- Specialties
- Domain Ownership Records, Brand Protection, Whois Records, Threat Investigation, Cybercrime Investigation, Cyber Security Investigation, Whois History, Reverse Whois Lookup, Name Server Monitoring, Online Fraud Detection, and Threat Intelligence
Locations
-
Primary
2101 Fourth Avenue
Suite 1720
Seattle, WA, Washington 98121, US
-
2101 4th Ave
Seattle, WA 98121, US
Employees at DomainTools
Updates
-
🎸Jam with us at Black Hat! Cybersecurity works better when it's not a solo act - so book a meeting to chat about domain and DNS intel and you could be the winner of a pair of tickets to see the Grateful Dead at the Sphere in Las Vegas! Get on the bill here: https://bit.ly/4bumIYI
-
-
There's nothing better than adding a t-shirt to your collection. When you book a meeting at Black Hat, our roadies will give you this awesome concert tee (no t-shirt canons required). Join the band here: https://bit.ly/3zrWhpl
-
-
In this episode of the Breaking Badness Cybersecurity Podcast, Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce discuss vulnerabilities impacting your phone's 5G connection along with the new owner of the popular Polyfill JS project injecting malware into more than 100,000 sites. Listen here: https://bit.ly/4bKCjUt
-
-
🎸Jam with us at Black Hat! Cybersecurity works better when it's not a solo act - so book a meeting to chat about domain and DNS intel and you could be the winner of a pair of tickets to see the Grateful Dead at the Sphere in Las Vegas! Get on the bill here: https://bit.ly/4bumIYI
-
-
DomainTools reposted this
The video of my #RSAC talk is out. Anyone interested in #ThreatHunting will want to check out it! "I Screwed Up Threat Hunting a Decade Ago, and Now We're Fixing it With PEAK"
I Screwed Up Threat Hunting a Decade Ago and Now We're Fixing it With PEAK
https://www.youtube.com/
-
It's the last weekend of June 😱 Catch up on this month's episodes of Breaking Badness including our RSAC mini-series with Aqsa Taylor from Gutsy, Zack Schuler from NINJIO Cybersecurity Awareness Training, and Lawrence Gentilello from Optery. Also catch our latest Voices From Infosec with Jake Bernardes from anecdotes and more! Listen here: https://bit.ly/3rhEPwk
-
-
DomainTools reposted this
Security Operations at DomainTools (but opinions on this page are my own) (No LLM content, any flaws you see here are human-generated)
You may remember DomainTools publishing some research by me 2 weeks ago about the threat environment for gamers (link below). One of the main characters of that blog post was Discord, and I've recanvassed a little today. All in the last two weeks: wvvw-discord[.]com download-discord[.]com oauth-discord-verify[.]xyz and my favorite, IDN homoglyph attacks: xn--dscordapp-0k7d[.]com dịscordapp[.]com xn--dscord-wva[.]com dìscord[.]com xn--discrd-lxa[.]com discôrd[.]com xn--discrd-eya[.]com discørd[.]com If your friends/family/kids use Discord, please give them a heads-up about this kind of thing. Make sure they're aware that bad actors are constantly targeting them, and to be cautious. https://lnkd.in/e-ZHjFF2 #threatintel #infosec
-
We're getting the band back together for Black Hat! If your mission is to make the Internet a safer place, we want to jam with you - and you'll receive a beautiful portable record player to crank tunes long after Black Hat is over! Get on the bill here: https://bit.ly/4czre9l
-
-
DomainTools reposted this
Security Operations at DomainTools (but opinions on this page are my own) (No LLM content, any flaws you see here are human-generated)
Spent a bit this morning looking at some badness that I don't entirely understand. DomainTools observed a massive bloom of newly active domain registrations including the word “airdrop” between 2024-06-19 and 2024-06-20. Instead of the usual 40-60 domains per day, 1600 were registered. 1549 of those domains appear to be by a single actor, with a common profile across MX, registrar, registrant, TLD, and more. The 1549 domains have an average risk score of 90, on a 0-100 scale of increasing risk. Passive DNS (see screenshot from DNSDB Scout) shows an example domain moving from Dynadot to Onamae nameservers prior to expiration, and then moving to parked NS, possibly indicative of enforcement action, but not necessarily. WHOIS shows registrar moving from Dynadot to Onamae at the same time. While not declarative of malicious activity, this massive renewal of activity in the number of “airdrop” domains is notable due to the regularity of airdrop scams in the cryptocurrency space - scams which often involve leading targets to malicious websites. We encourage all cryptocurrency users and services to warn others of the possibility of a wave of airdrop scams. Domain profile: First Seen/newly-active and re-registered: 2024-06-19 or 2024-06-20 Registrar: GMO Internet Group, Inc. d/b/a Onamae[.]com MX domain: h-email[.]net ISP: Team Internet AG (ASN206834) IPs: 104.247.81.50, 104.247.81.51, 104.247.81.52, 104.247.81.53, 104.247.81.54 TLD: xyz
-