Mindflow and DomainTools have partnered to enable users to automate their incident management and better protect their information systems.


DomainTools is a threat intelligence software that aims to detect and analyze malware, defend against attacks. It provides a Whois and other DNS profile data for threat intelligence enrichment. 

It helps security analysts investigate malicious activity on their networks. To that end, it uses Indicators of Compromise, including domains and IPs. Your teams can then build a map of connected infrastructure, thanks to a base of over 10 billion related DNS data points of ‘who’s doing what’. 

Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.

DomainTools provides a variety of tools:

Iris Investigation Platform: Iris is a threat intelligence and investigation platform combining domain intelligence and risk scoring with passive DNS data from Farsight Security and other providers.

PhisEye: Phishing often uses deceptive domain names. Similar domains allow criminals to pose as employees by spoofing email addresses, or creating deceptive links. DomainTools monitors the Internet for “phishy” domain name registrations. PhishEye identifies existing and new domains that spoof legitimate brand, product, organization, or other names, so that you can carry out defensive or investigative actions against them.

Risk Feeds: Domain or IP reputation feeds rely on observing behavior. Someone has to observe an attack before the domain or IP gets added to a block list. This leaves a place for vulnerability. Your company is exposed to new attacks from new or previously unseen domains. Risk Feeds can predict the risk level and likely threats associated with a domain not yet observed in malicious activities. It analyses intrinsic properties of the domain that are observable as soon as the domain is registered.

Monitoring Products: Domains are registered or dropped every day. DomainTools monitors track different kinds of information and send you alerts when changes are detected.

By integrating with DomainTools, Mindflow allows its users to connect indicators from your network with active domains and IP addresses on the Internet. This data can inform risk assessments, help to profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.

Features and Benefits

  • Threat Intelligence: Assess the risk of domains and enrich malware intel with domain data
  • Forensics and Incident Response: Investigate crimes and online fraud by connecting the dots
  • Threat Hunting: Hunt using Domain and DNS Profile info
  • Phishing Detection: Phishing prevention starts with monitoring the Internet for “phishy” domain name registrations
  • Brand Protection: Monitor infringing activity and gather the data to take out malicious sites
  • Online Fraud Investigation: Find, characterize, and fight perpetrators of ad network fraud and digital piracy

Automation Through Mindflow

Automation Use Case

Related Integrations