DomainTools
@domaintools.bsky.social
A global leader for internet #intel that enables security practitioners to proactively defend their organization in a constantly evolving threat landscape.
Don't miss this! DTI’s November newsletter covers research exposing two major nation-state operations:
🇨🇳 China's GFW and 🇮🇷 APT35 /Charming Kitten
https://www.linkedin.com/pulse/newsletter-11-could-take-forever-daniel-schwalbe-xy48c
#Cybersecurity #InfoSec #GreatFirewall #APT35 #China #Iran
🇨🇳 China's GFW and 🇮🇷 APT35 /Charming Kitten
https://www.linkedin.com/pulse/newsletter-11-could-take-forever-daniel-schwalbe-xy48c
#Cybersecurity #InfoSec #GreatFirewall #APT35 #China #Iran
Newsletter 11 Could Take Forever
The title of this month’s newsletter is a deep cut taken from the height of my favorite music genre, the admittedly awkwardly titled “Alternative Music.” What can I say, the 1990s in Seattle were wild, man - you had to be there.
www.linkedin.com
December 2, 2025 at 7:30 PM
Don't miss this! DTI’s November newsletter covers research exposing two major nation-state operations:
🇨🇳 China's GFW and 🇮🇷 APT35 /Charming Kitten
https://www.linkedin.com/pulse/newsletter-11-could-take-forever-daniel-schwalbe-xy48c
#Cybersecurity #InfoSec #GreatFirewall #APT35 #China #Iran
🇨🇳 China's GFW and 🇮🇷 APT35 /Charming Kitten
https://www.linkedin.com/pulse/newsletter-11-could-take-forever-daniel-schwalbe-xy48c
#Cybersecurity #InfoSec #GreatFirewall #APT35 #China #Iran
😼 APT35/Charming Kitten Internal Documents Leaked
Our new DTI report analyzes the actor's methods.
Read the full analysis: https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
Our new DTI report analyzes the actor's methods.
Read the full analysis: https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
November 21, 2025 at 8:00 PM
😼 APT35/Charming Kitten Internal Documents Leaked
Our new DTI report analyzes the actor's methods.
Read the full analysis: https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
Our new DTI report analyzes the actor's methods.
Read the full analysis: https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
Enterprise Strategy group found that customers can expect up to a 17 times return on their initial investment in their first year when integrating DomainTools products with their existing solutions.
Ready to learn more? Book with a demo with us here: https://www.domaintools.com/demo/
Ready to learn more? Book with a demo with us here: https://www.domaintools.com/demo/
Request a Demo | DomainTools - Start here. Know now.
Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.
www.domaintools.com
November 18, 2025 at 5:30 PM
Enterprise Strategy group found that customers can expect up to a 17 times return on their initial investment in their first year when integrating DomainTools products with their existing solutions.
Ready to learn more? Book with a demo with us here: https://www.domaintools.com/demo/
Ready to learn more? Book with a demo with us here: https://www.domaintools.com/demo/
🌎 Geopolitics and the Global Reach of the GFW
Part 3 dives into the Geopolitical and Societal Ramifications, revealing how China projects digital control abroad.
🧵 Read the final report: https://dti.domaintools.com/inside-the-great-firewall-part-3-geopolitical-and-societal-ramifications/
Part 3 dives into the Geopolitical and Societal Ramifications, revealing how China projects digital control abroad.
🧵 Read the final report: https://dti.domaintools.com/inside-the-great-firewall-part-3-geopolitical-and-societal-ramifications/
Inside the Great Firewall Part 3: Geopolitical and Societal Ramifications - DomainTools Investigations | DTI
Part 3 analyzes the GFW as geopolitical infrastructure: economic protectionism, the export of cyber sovereignty norms, and the emergence of an authoritarian coalition (Russia, Iran).
dti.domaintools.com
November 13, 2025 at 8:23 PM
🌎 Geopolitics and the Global Reach of the GFW
Part 3 dives into the Geopolitical and Societal Ramifications, revealing how China projects digital control abroad.
🧵 Read the final report: https://dti.domaintools.com/inside-the-great-firewall-part-3-geopolitical-and-societal-ramifications/
Part 3 dives into the Geopolitical and Societal Ramifications, revealing how China projects digital control abroad.
🧵 Read the final report: https://dti.domaintools.com/inside-the-great-firewall-part-3-geopolitical-and-societal-ramifications/
Are your queries working as hard as they could be?
Using Iris Investigate + Farsight DNSDB in tandem gives you the fuller picture needed for better preventative decisions. Stop missing key pivots.
Read our latest blog post: https://bit.ly/3VzTr9V
Using Iris Investigate + Farsight DNSDB in tandem gives you the fuller picture needed for better preventative decisions. Stop missing key pivots.
Read our latest blog post: https://bit.ly/3VzTr9V
How Domain Intelligence and Passive DNS create Full Profile
DomainTools walks users through how using domain intelligence and passive DNS tools together create a fuller picture of a domain profile
bit.ly
November 13, 2025 at 7:00 PM
Are your queries working as hard as they could be?
Using Iris Investigate + Farsight DNSDB in tandem gives you the fuller picture needed for better preventative decisions. Stop missing key pivots.
Read our latest blog post: https://bit.ly/3VzTr9V
Using Iris Investigate + Farsight DNSDB in tandem gives you the fuller picture needed for better preventative decisions. Stop missing key pivots.
Read our latest blog post: https://bit.ly/3VzTr9V
Looking to get the most out of your year-end budget?
DomainTools integrations delivers best-in-class DNS intelligence directly into your security stack to enrich alerts, automate investigations, and enhance threat detection.
Request a demo today! https://www.domaintools.com/demo/
DomainTools integrations delivers best-in-class DNS intelligence directly into your security stack to enrich alerts, automate investigations, and enhance threat detection.
Request a demo today! https://www.domaintools.com/demo/
Request a Demo | DomainTools - Start here. Know now.
Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.
www.domaintools.com
November 12, 2025 at 7:00 PM
Looking to get the most out of your year-end budget?
DomainTools integrations delivers best-in-class DNS intelligence directly into your security stack to enrich alerts, automate investigations, and enhance threat detection.
Request a demo today! https://www.domaintools.com/demo/
DomainTools integrations delivers best-in-class DNS intelligence directly into your security stack to enrich alerts, automate investigations, and enhance threat detection.
Request a demo today! https://www.domaintools.com/demo/
An independent study surveying DomainTools customers from Enterprise Strategy Group found DomainTools provided OEM partners 11 months faster time to value, reduced risk, and operational savings of 92%. Schedule a conversation with us here to learn more: https://www.domaintools.com/demo/
Request a Demo | DomainTools - Start here. Know now.
Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.
www.domaintools.com
November 11, 2025 at 7:00 PM
An independent study surveying DomainTools customers from Enterprise Strategy Group found DomainTools provided OEM partners 11 months faster time to value, reduced risk, and operational savings of 92%. Schedule a conversation with us here to learn more: https://www.domaintools.com/demo/
🧵DTI researchers leveraged the leaked data from China’s Great Firewall to map the core design of the censorship stack in Part 2 of Inside the Great Firewall.
Read the technical deep dive here: https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
Read the technical deep dive here: https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
Inside the Great Firewall Part 2: Technical Infrastructure - DomainTools Investigations | DTI
See the Great Firewall's technical blueprint. DomainTools Investigations details the TSG core, packet interception methods, and routines that detect tools like V2Ray/Psiphon.
dti.domaintools.com
November 6, 2025 at 8:29 PM
🧵DTI researchers leveraged the leaked data from China’s Great Firewall to map the core design of the censorship stack in Part 2 of Inside the Great Firewall.
Read the technical deep dive here: https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
Read the technical deep dive here: https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
DomainTools customers report wins from cost savings & improved detection rates, identifying up to 83% more malicious domains up to 96% faster with DomainTools than with industry-standard blocklist sources.
Set up a conversation with us to learn more: https://www.domaintools.com/domaintools-demo/
Set up a conversation with us to learn more: https://www.domaintools.com/domaintools-demo/
DomainTools Demo - DomainTools | Start Here. Know Now.
www.domaintools.com
November 6, 2025 at 7:00 PM
DomainTools customers report wins from cost savings & improved detection rates, identifying up to 83% more malicious domains up to 96% faster with DomainTools than with industry-standard blocklist sources.
Set up a conversation with us to learn more: https://www.domaintools.com/domaintools-demo/
Set up a conversation with us to learn more: https://www.domaintools.com/domaintools-demo/
DomainTools integrations deliver critical DNS intelligence into your TIP, SIEM, SOAR, E/XDR, and LLM solutions to:
💡Enrich alerts
⚠️Get predictive Risk Scores
🔗Make infrastructure pivots
🔍Get instant Whois/RDAP data
Learn more: https://www.domaintools.com/demo/
💡Enrich alerts
⚠️Get predictive Risk Scores
🔗Make infrastructure pivots
🔍Get instant Whois/RDAP data
Learn more: https://www.domaintools.com/demo/
Request a Demo | DomainTools - Start here. Know now.
Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.
www.domaintools.com
November 5, 2025 at 7:00 PM
DomainTools integrations deliver critical DNS intelligence into your TIP, SIEM, SOAR, E/XDR, and LLM solutions to:
💡Enrich alerts
⚠️Get predictive Risk Scores
🔗Make infrastructure pivots
🔍Get instant Whois/RDAP data
Learn more: https://www.domaintools.com/demo/
💡Enrich alerts
⚠️Get predictive Risk Scores
🔗Make infrastructure pivots
🔍Get instant Whois/RDAP data
Learn more: https://www.domaintools.com/demo/
DomainTools maximizes the value of OEM products by identifying up to 83% more malicious domains, 96% faster compared to industry-standard blocklists. Want to learn more? Schedule a conversation with us here: https://www.domaintools.com/demo/
Request a Demo | DomainTools - Start here. Know now.
Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.
www.domaintools.com
November 4, 2025 at 7:00 PM
DomainTools maximizes the value of OEM products by identifying up to 83% more malicious domains, 96% faster compared to industry-standard blocklists. Want to learn more? Schedule a conversation with us here: https://www.domaintools.com/demo/
500GB+ of data from China's digital censorship infrastructure was leaked last month. In Part 1 of our analysis, DomainTools Investigations maps the implicated entities and initial attribution clusters.
🧵 Don't miss the thread.
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
🧵 Don't miss the thread.
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
Inside the Great Firewall Part 1: The Dump - DomainTools Investigations | DTI
Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it.
dti.domaintools.com
October 30, 2025 at 7:19 PM
500GB+ of data from China's digital censorship infrastructure was leaked last month. In Part 1 of our analysis, DomainTools Investigations maps the implicated entities and initial attribution clusters.
🧵 Don't miss the thread.
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
🧵 Don't miss the thread.
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
Ransomware & phishing campaigns are evolving fast. DomainTools helps Federal defenders stay ahead by exposing the infrastructure behind the threats.
Schedule a demo today to learn how your team can use DNS intelligence to strengthen your cyber posture: https://www.domaintools.com/domaintools-demo/
Schedule a demo today to learn how your team can use DNS intelligence to strengthen your cyber posture: https://www.domaintools.com/domaintools-demo/
DomainTools Demo - DomainTools | Start Here. Know Now.
www.domaintools.com
October 30, 2025 at 4:45 PM
Ransomware & phishing campaigns are evolving fast. DomainTools helps Federal defenders stay ahead by exposing the infrastructure behind the threats.
Schedule a demo today to learn how your team can use DNS intelligence to strengthen your cyber posture: https://www.domaintools.com/domaintools-demo/
Schedule a demo today to learn how your team can use DNS intelligence to strengthen your cyber posture: https://www.domaintools.com/domaintools-demo/
Year-end budgets are in play. Are you making them count? 🤔DomainTools integrations instantly enhance your security stack & deliver key DNS intelligence so you can:
🔍Enrich alerts
⚡Automate investigations
🗺️Map adversary infrastructure
Request a demo today! https://www.domaintools.com/demo/
🔍Enrich alerts
⚡Automate investigations
🗺️Map adversary infrastructure
Request a demo today! https://www.domaintools.com/demo/
Request a Demo | DomainTools - Start here. Know now.
Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.
www.domaintools.com
October 29, 2025 at 4:30 PM
Year-end budgets are in play. Are you making them count? 🤔DomainTools integrations instantly enhance your security stack & deliver key DNS intelligence so you can:
🔍Enrich alerts
⚡Automate investigations
🗺️Map adversary infrastructure
Request a demo today! https://www.domaintools.com/demo/
🔍Enrich alerts
⚡Automate investigations
🗺️Map adversary infrastructure
Request a demo today! https://www.domaintools.com/demo/
From NPM bypasses to crypto scam networks—October brought a wave of complexity, and we’ve got the full analysis.
Read and subscribe to October’s edition of the DomainTools Investigations Newsletter here: https://www.linkedin.com/newsletters/dt-investigations-news-7289801727560630273/
Read and subscribe to October’s edition of the DomainTools Investigations Newsletter here: https://www.linkedin.com/newsletters/dt-investigations-news-7289801727560630273/
October 28, 2025 at 8:02 PM
From NPM bypasses to crypto scam networks—October brought a wave of complexity, and we’ve got the full analysis.
Read and subscribe to October’s edition of the DomainTools Investigations Newsletter here: https://www.linkedin.com/newsletters/dt-investigations-news-7289801727560630273/
Read and subscribe to October’s edition of the DomainTools Investigations Newsletter here: https://www.linkedin.com/newsletters/dt-investigations-news-7289801727560630273/
Is your team maximizing it DNS intel? DomainTools helps defenders uncover adversary infrastructure before it becomes a threat. Download our Best Practices Guide for OEMs to learn how our data empowers proactive defense & delivers up to 17X ROI in the first year. https://ow.ly/VcEU50Xh3Le
October 28, 2025 at 6:00 PM
Is your team maximizing it DNS intel? DomainTools helps defenders uncover adversary infrastructure before it becomes a threat. Download our Best Practices Guide for OEMs to learn how our data empowers proactive defense & delivers up to 17X ROI in the first year. https://ow.ly/VcEU50Xh3Le
Tired of jumping between security tools? We’ve got you covered.
DomainTools integrates with your favorite SOC platforms to deliver comprehensive DNS intelligence. Get the right data where you need it.
Request a demo to see our integrations in action.
https://www.domaintools.com/demo/
DomainTools integrates with your favorite SOC platforms to deliver comprehensive DNS intelligence. Get the right data where you need it.
Request a demo to see our integrations in action.
https://www.domaintools.com/demo/
Request a Demo | DomainTools - Start here. Know now.
Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.
www.domaintools.com
October 27, 2025 at 4:01 PM
Tired of jumping between security tools? We’ve got you covered.
DomainTools integrates with your favorite SOC platforms to deliver comprehensive DNS intelligence. Get the right data where you need it.
Request a demo to see our integrations in action.
https://www.domaintools.com/demo/
DomainTools integrates with your favorite SOC platforms to deliver comprehensive DNS intelligence. Get the right data where you need it.
Request a demo to see our integrations in action.
https://www.domaintools.com/demo/
Get the intelligence you need, right where you work 💻 DomainTools integrates with your favorite tools to deliver:
🚨Alert/Event Enrichment
🔮Predictive Risk Scoring
🔗Infrastructure Pivots
🔍Whois/RDAP Data
See how our integrations support your team.
https://www.domaintools.com/demo/
🚨Alert/Event Enrichment
🔮Predictive Risk Scoring
🔗Infrastructure Pivots
🔍Whois/RDAP Data
See how our integrations support your team.
https://www.domaintools.com/demo/
Request a Demo | DomainTools - Start here. Know now.
Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.
www.domaintools.com
October 24, 2025 at 4:02 PM
Get the intelligence you need, right where you work 💻 DomainTools integrates with your favorite tools to deliver:
🚨Alert/Event Enrichment
🔮Predictive Risk Scoring
🔗Infrastructure Pivots
🔍Whois/RDAP Data
See how our integrations support your team.
https://www.domaintools.com/demo/
🚨Alert/Event Enrichment
🔮Predictive Risk Scoring
🔗Infrastructure Pivots
🔍Whois/RDAP Data
See how our integrations support your team.
https://www.domaintools.com/demo/
Government and military systems are among the highest-profile targets for attackers. Passive DNS data from DomainTools aids government agencies worldwide in gaining context on attacks against government or military infrastructure & networks. Learn more: https://youtu.be/NEf4hMR6qo8?t=130
October 23, 2025 at 7:01 PM
Government and military systems are among the highest-profile targets for attackers. Passive DNS data from DomainTools aids government agencies worldwide in gaining context on attacks against government or military infrastructure & networks. Learn more: https://youtu.be/NEf4hMR6qo8?t=130
How do you uncover the infrastructure behind state sponsored ransomware? Our analysts used domain risk scoring to expose connections between Russian-affiliated threat groups. Read the full investigation: dti.domaintools.com/mapping-hidd... #ThreatIntel #APT #Ransomware #DomainTools #CyberOps
Mapping Hidden Alliances in Russian-Affiliated Ransomware - DomainTools Investigations | DTI
Explore the hidden web of Russian-affiliated ransomware groups through a visual map revealing human overlaps, shared infrastructure, and evolving cybercriminal alliances in the post-Conti era
dti.domaintools.com
October 23, 2025 at 4:45 PM
How do you uncover the infrastructure behind state sponsored ransomware? Our analysts used domain risk scoring to expose connections between Russian-affiliated threat groups. Read the full investigation: dti.domaintools.com/mapping-hidd... #ThreatIntel #APT #Ransomware #DomainTools #CyberOps
🚨NPM developers are being targeted by sophisticated phishing that defeats MFA.
Attackers use multi-stage fake login pages to steal both credentials and MFA/OTP codes. Account takeover is fast and silent.
Read more:
dti.domaintools.com/securitysnac...
#CyberSecurity #NPM #InfoSec
Attackers use multi-stage fake login pages to steal both credentials and MFA/OTP codes. Account takeover is fast and silent.
Read more:
dti.domaintools.com/securitysnac...
#CyberSecurity #NPM #InfoSec
SecuritySnack: Repo The Repo - NPM Phishing - DomainTools Investigations | DTI
A deep dive into the 4-stage NPM phishing attack flow that led to high-profile repository account takeover. Protect your development security.
dti.domaintools.com
October 16, 2025 at 7:37 PM
🚨NPM developers are being targeted by sophisticated phishing that defeats MFA.
Attackers use multi-stage fake login pages to steal both credentials and MFA/OTP codes. Account takeover is fast and silent.
Read more:
dti.domaintools.com/securitysnac...
#CyberSecurity #NPM #InfoSec
Attackers use multi-stage fake login pages to steal both credentials and MFA/OTP codes. Account takeover is fast and silent.
Read more:
dti.domaintools.com/securitysnac...
#CyberSecurity #NPM #InfoSec
Thanks to all that attended Ian Campbell and @mjwalk.bsky.social #BSidesNoVA talks this morning. Please don’t hesitate to stop by our table and say hello 👋 !
October 11, 2025 at 4:38 PM
Thanks to all that attended Ian Campbell and @mjwalk.bsky.social #BSidesNoVA talks this morning. Please don’t hesitate to stop by our table and say hello 👋 !
Don’t miss @mjwalk.bsky.social lightening talk on the relationships between F1 and surrounding cyber activities at 11:30 at #BSidesNoVA!
bsidesnova-2025.sessionize.com/session/1000...
bsidesnova-2025.sessionize.com/session/1000...
The Race Against New Threats: How Formula 1 Became a Hotbed of Cyber Activity
Cyber and racing enthusiasts alike: Start. Your. Engines! The evolution of technology used in Formula 1 (F1) racing has caused each vehicle on the track to become computers on wheels. Formula 1 may be...
bsidesnova-2025.sessionize.com
October 11, 2025 at 2:26 PM
Don’t miss @mjwalk.bsky.social lightening talk on the relationships between F1 and surrounding cyber activities at 11:30 at #BSidesNoVA!
bsidesnova-2025.sessionize.com/session/1000...
bsidesnova-2025.sessionize.com/session/1000...
At 11:30 AM Ian is presenting on DNS and domain intelligence as it applies to investigative journalist investigations. In related news, Allan Liska is selling “The Press Guardian”. We highly recommend checking out his table as well!
bsidesnova-2025.sessionize.com/session/1001...
bsidesnova-2025.sessionize.com/session/1001...
October 11, 2025 at 1:57 PM
At 11:30 AM Ian is presenting on DNS and domain intelligence as it applies to investigative journalist investigations. In related news, Allan Liska is selling “The Press Guardian”. We highly recommend checking out his table as well!
bsidesnova-2025.sessionize.com/session/1001...
bsidesnova-2025.sessionize.com/session/1001...
Attending #BSidesNoVA? Be sure to say hello to Malachi and Ian at the DomainTools table before their talks at 11:30!
October 11, 2025 at 1:02 PM
Attending #BSidesNoVA? Be sure to say hello to Malachi and Ian at the DomainTools table before their talks at 11:30!