Detection to keep ahead of emerging threats by monitoring domain creation, infrastructure evolution, and other events that signal adversary intent. Packages include Iris Detect, our flagship lookalike-domain detection and monitoring tool.

Bundled by: Monitors


Enrichment of log and event data at machine scale helps SOC teams maintain situational awareness for detection and triage of potential threats. The APIs in the Enrichment packages integrate with third-party or in-house applications. Packages include Iris Enrich and related APIs for reverse lookups and historical data.


Investigation that combines enterprise-grade domain intelligence and risk scoring with industry-leading passive DNS data to improve incident response capabilities by providing users with valuable information on domains, IPs, and the relationships between them. Packages include Iris InvestigateFarsight DNSDB and related APIs for quick and easy investigations into domains and IPs, even amid an incident.

Data Services

Data Services turn threat data into threat intelligence through rapid discovery, risk scoring, and delivery of data on domains, IPs and hostnames. Packages include threat intelligence feeds with market-leading domain and DNS infrastructure intelligence data and risk scoring. These feeds support OEM applications, as well as threat intelligence use cases.

There is no limit on enterprise license seats. Query allocations are monthly except for Farsight DNSDB which is daily. DomainTools memberships are sold as an annual subscription. Our Iris Detect, Iris Enrich, Iris Investigate, and Farsight DNSDB packages include an API for direct integration within your environment. Speak with a representative about API access.

DomainTools Pricing Circle around Woman with Glass Looking at Laptop

Learn more today