DomainTools
Incident response software
Threat intelligence software
Digital forensics software
DNS security solutions
System security software
Network security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if DomainTools and its alternatives fit your requirements.
$99 per month
Free TrialFree version
Small
Medium
Large
- Banking and insurance
- Energy and utilities
- Information technology and software
What is DomainTools
DomainTools is a domain and DNS-focused threat intelligence platform used to investigate internet infrastructure and identify relationships between domains, IPs, and registrant artifacts. Security operations, incident response, and threat hunting teams use it for domain reputation checks, pivoting during investigations, and enrichment of alerts and cases. The product emphasizes historical DNS/WHOIS data, passive DNS, and correlation features to support attribution and infrastructure mapping. It is commonly consumed via web UI and APIs for integration into security workflows.
Deep DNS and WHOIS history
DomainTools provides investigation workflows centered on domain registration and DNS infrastructure, including historical context that supports timeline reconstruction. This is useful for identifying domain ownership changes, infrastructure reuse, and related assets during incident response. The DNS-centric approach complements broader observability and security analytics tools by adding internet-asset context. It is particularly relevant when domains are primary indicators in phishing, malware delivery, or command-and-control cases.
Strong pivoting and correlation
The platform supports pivoting across artifacts such as domains, IP addresses, name servers, and registrant-related signals to uncover related infrastructure. These link-analysis style workflows help analysts expand from a single indicator to a cluster of associated assets. This can reduce manual research time compared with using disparate public sources. The approach aligns with investigative tooling used for mapping relationships rather than only scoring indicators.
API-driven enrichment integrations
DomainTools offers APIs that teams commonly use to enrich alerts, cases, and internal datasets with domain intelligence. This supports automation in SOC and incident response processes, such as triage, blocking decisions, and prioritization. API access also enables integration into SIEM/SOAR and custom pipelines where DNS indicators are frequent. The product can function as a specialized enrichment layer alongside broader security platforms.
Narrower scope than XDR
DomainTools focuses on domain/DNS intelligence and does not replace endpoint, network, or cloud telemetry collection. Organizations still need other systems for detection engineering, log analytics, and response orchestration across hosts and applications. As a result, it typically serves as an enrichment and investigation component rather than a single consolidated security operations platform. Buyers expecting end-to-end detection and response may need additional tooling.
Data coverage varies by region
Domain and registration data quality can vary due to privacy protections, registrar practices, and jurisdictional differences. WHOIS redaction and proxy services can limit the availability of registrant details, which may reduce the usefulness of certain pivots. Analysts may need to corroborate findings with additional sources when attribution signals are weak. This is an inherent constraint of relying on internet registration artifacts.
Cost and access tier complexity
Advanced datasets and higher-volume API usage can require higher subscription tiers, which may be difficult for smaller teams to justify. Investigation-heavy workflows can also consume API quotas quickly if used broadly for automated enrichment. Teams may need to design caching and selective enrichment to control usage. Procurement often requires aligning expected query volume with licensing terms.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Novice (Free) | Free — "Free while you learn" | Limited access for learning: limited Whois lookup, Domain Search (limited), Screenshot History, Domain Monitor for up to 100 domains. (Official signup page indicates Novice is free.) |
| Personal | $99 per month (monthly) or $995 per year (annual) | Single-user, non-commercial Personal Membership. Monthly limits shown on the official signup: Whois Lookup 200/day; Domain Search 5/month; Whois History 25 domains; Hosting History 25 domains; Reverse Whois 3; Reverse IP 5; Reverse NS 5; Domain Report 5; Brand/Name Server/Registrant/IP Monitors 3 alerts each; Screenshot History unlimited for reasonable human use. Payment via PayPal or credit card for Personal. |
| Enterprise | Custom pricing — contact sales | Enterprise packages bundled (Detection, Enrichment, Investigation, Data Services) including Iris Detect, Iris Enrich, Iris Investigate, Farsight DNSDB, monitoring and feeds. Enterprise subscriptions are sold as annual subscriptions; query allocations and add‑ons vary by package. Contact sales for quotes. |
Seller details
DomainTools, LLC
Seattle, Washington, USA
2009
Private
https://www.domaintools.com/
https://x.com/DomainTools
https://www.linkedin.com/company/domaintools/
