Skip to main content

DomainTools Iris

This Integration is part of the DomainTools Iris Investigate Pack.#

Together, DomainTools and Cortex XSOAR automate and orchestrate the incident response process with essential domain profile, web crawl, SSL and infrastructure data. SOCs can create custom, automated workflows to trigger Indicator of Compromise (IoC) investigations, block threats based on connected infrastructure, and identify potentially malicious domains before weaponization. The DomainTools App for Cortex XSOAR is shipped with pre-built playbooks to enable automated enrichment, decision logic, ad-hoc investigations, and the ability to persist enriched intelligence. This integration was integrated and tested with version 1.0 of DomainTools Iris.

Configure DomainTools Iris on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for DomainTools Iris.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    DomainTools API URLChange to https://api.domaintools.com in order to use DomainTool's https endpoint.True
    API UsernameTrue
    API KeyTrue
    High-Risk ThresholdTrue
    Young Domain Timeframe (within Days)True
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Source ReliabilityReliability of the source providing the intelligence data.False
    False
    False
    Guided Pivot ThresholdWhen a small set of domains share an attribute (e.g. registrar), that can often be pivoted on in order to find other similar domains of interest. DomainTools tracks how many domains share each attribute and can highlight it for further investigation when the number of domains is beneath the set threshold.True
    Enabled on Monitoring Domains by Iris Search HashFalse
    Domaintools Iris Investigate Search HashThe DomainTools Iris Investigate Search hashFalse
    Enabled on Monitoring Domains by Iris TagsFalse
    Domaintools Iris TagsThe DomainTools Iris Tags (Values should be a comma separated value. e.g. (tag1,tag2))False
    Maximum number of incidents to fetchThis is a required field by XSOAR and should be set to 2, one for each possible feed type iris search hash and iris tags.False
    Incident type
    Fetch incidents
    First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)This is a required field by XSOAR and should be set to 2, one for each possible feed type iris search hash and iris tags.False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

domain#


Provides data enrichment for domains.

Base Command#

domain

Input#

Argument NameDescriptionRequired
domainThe domain to enrich.Required

Context Output#

PathTypeDescription
Domain.NameStringThe name of the domain.
Domain.DNSStringThe DNS of the domain.
Domain.DomainStatusBooleanThe status of the domain.
Domain.CreationDateDateThe creation date.
Domain.ExpirationDateDateThe expiration date of the domain.
Domain.NameServersStringThe nameServers of the domain.
Domain.Registrant.CountryStringThe registrant country of the domain.
Domain.Registrant.EmailStringThe registrant email of the domain.
Domain.Registrant.NameStringThe registrant name of the domain.
Domain.Registrant.PhoneStringThe registrant phone number of the domain.
Domain.Malicious.VendorStringThe vendor who classified the domain as malicious.
Domain.Malicious.DescriptionStringThe description as to why the domain was found to be malicious.
DomainTools.NameStringThe domain name in DomainTools.
DomainTools.LastEnrichedDateThe last Time DomainTools enriched domain data.
DomainTools.Analytics.OverallRiskScoreNumberThe Overall Risk Score in DomainTools.
DomainTools.Analytics.ProximityRiskScoreNumberThe Proximity Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.RiskScoreNumberThe Threat Profile Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.ThreatsStringThe threats of the Threat Profile Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.EvidenceStringThe Threat Profile Risk Score Evidence in DomainTools.
DomainTools.Analytics.WebsiteResponseCodeNumberThe Website Response Code in DomainTools.
DomainTools.Analytics.TagsStringThe Tags in DomainTools.
DomainTools.Identity.RegistrantNameStringThe name of the registrant.
DomainTools.Identity.RegistrantOrgStringThe organization of the registrant.
DomainTools.Identity.RegistrantContact.Country.valueStringThe country value of the registrant contact.
DomainTools.Identity.RegistrantContact.Country.countNumberThe count of the registrant contact country.
DomainTools.Identity.RegistrantContact.Email.valueStringThe Email value of the registrant contact.
DomainTools.Identity.RegistrantContact.Email.countNumberThe Email count of the registrant contact.
DomainTools.Identity.RegistrantContact.Name.valueStringThe name value of the registrant contact.
DomainTools.Identity.RegistrantContact.Name.countNumberThe name count of the registrant contact.
DomainTools.Identity.RegistrantContact.Phone.valueStringThe phone value of the registrant contact.
DomainTools.Identity.RegistrantContact.Phone.countNumberThe phone count of the registrant contact.
DomainTools.Identity.SOAEmailStringThe SOA record of the Email.
DomainTools.Identity.SSLCertificateEmailStringThe Email of the SSL certificate.
DomainTools.Identity.AdminContact.Country.valueStringThe country value of the administrator contact.
DomainTools.Identity.AdminContact.Country.countNumberThe country count of the administrator contact.
DomainTools.Identity.AdminContact.Email.valueStringThe Email value of the administrator contact.
DomainTools.Identity.AdminContact.Email.countNumberThe Email count of the administrator contact.
DomainTools.Identity.AdminContact.Name.valueStringThe name value of the administrator contact.
DomainTools.Identity.AdminContact.Name.countNumberThe name count of the administrator contact.
DomainTools.Identity.AdminContact.Phone.valueStringThe phone value of the administrator contact.
DomainTools.Identity.AdminContact.Phone.countNumberThe phone count of the administrator contact.
DomainTools.Identity.TechnicalContact.Country.valueStringThe country value of the technical contact.
DomainTools.Identity.TechnicalContact.Country.countNumberThe country count of the technical contact.
DomainTools.Identity.TechnicalContact.Email.valueStringThe Email value of the technical contact.
DomainTools.Identity.TechnicalContact.Email.countNumberThe Email count of the technical contact.
DomainTools.Identity.TechnicalContact.Name.valueStringThe name value of the technical Contact.
DomainTools.Identity.TechnicalContact.Name.countNumberThe name count of the technical contact.
DomainTools.Identity.TechnicalContact.Phone.valueStringThe phone value of the technical contact.
DomainTools.Identity.TechnicalContact.Phone.countNumberThe phone count of the technical contact.
DomainTools.Identity.BillingContact.Country.valueStringThe country value of the billing contact.
DomainTools.Identity.BillingContact.Country.countNumberThe country count of the billing contact.
DomainTools.Identity.BillingContact.Email.valueStringThe Email value of the billing contact.
DomainTools.Identity.BillingContact.Email.countNumberThe Email count of the billing contact.
DomainTools.Identity.BillingContact.Name.valueStringThe name value of the billing contact.
DomainTools.Identity.BillingContact.Name.countNumberThe name count of the billing contact.
DomainTools.Identity.BillingContact.Phone.valueStringThe phone value of the billing contact.
DomainTools.Identity.BillingContact.Phone.countNumberThe phone count of the billing contact.
DomainTools.Identity.EmailDomainsStringThe Email Domains.
DomainTools.Identity.AdditionalWhoisEmails.valueStringThe value of the Additional Whois Emails record.
DomainTools.Identity.AdditionalWhoisEmails.countNumberThe count of the Additional Whois Emails record.
DomainTools.Registration.DomainRegistrantStringThe registrant of the domain.
DomainTools.Registration.RegistrarStatusStringThe status of the registrar.
DomainTools.Registration.DomainStatusBooleanThe active status of the domain.
DomainTools.Registration.CreateDateDateThe date the domain was created.
DomainTools.Registration.ExpirationDateDateThe expiration date of the domain.
DomainTools.Hosting.IPAddresses.address.valueStringThe address value of IP addresses.
DomainTools.Hosting.IPAddresses.address.countNumberThe address count of IP addresses.
DomainTools.Hosting.IPAddresses.asn.valueStringThe ASN value of IP addresses.
DomainTools.Hosting.IPAddresses.asn.countNumberThe ASN count of IP addresses.
DomainTools.Hosting.IPAddresses.country_code.valueStringThe country code value of IP addresses.
DomainTools.Hosting.IPAddresses.country_code.countNumberThe country code count of IP addresses.
DomainTools.Hosting.IPAddresses.isp.valueStringThe ISP value of IP addresses.
DomainTools.Hosting.IPAddresses.isp.countNumberThe ISP count of IP addresses.
DomainTools.Hosting.IPCountryCodeStringThe country code of the IP address.
DomainTools.Hosting.MailServers.domain.valueStringThe domain value of the Mail Servers.
DomainTools.Hosting.MailServers.domain.countNumberThe domain count of the Mail Servers.
DomainTools.Hosting.MailServers.host.valueStringThe host value of the Mail Servers.
DomainTools.Hosting.MailServers.host.countNumberThe host count of the Mail Servers.
DomainTools.Hosting.MailServers.ip.valueStringThe IP value of the Mail Servers.
DomainTools.Hosting.MailServers.ip.countNumberThe IP count of the Mail Servers.
DomainTools.Hosting.SPFRecordStringThe SPF Record.
DomainTools.Hosting.NameServers.domain.valueStringThe domain value of the domain NameServers.
DomainTools.Hosting.NameServers.domain.countNumberThe domain count of the domain NameServers.
DomainTools.Hosting.NameServers.host.valueStringThe host value of the domain NameServers.
DomainTools.Hosting.NameServers.host.countNumberThe host count of the domain NameServers.
DomainTools.Hosting.NameServers.ip.valueStringThe IP value of the domain NameServers.
DomainTools.Hosting.NameServers.ip.countNumberThe IP count of domain NameServers.
DomainTools.Hosting.SSLCertificate.hash.valueStringThe hash value of the SSL certificate.
DomainTools.Hosting.SSLCertificate.hash.countNumberThe hash count of the SSL certificate.
DomainTools.Hosting.SSLCertificate.organization.valueStringThe organization value of the SSL certificate.
DomainTools.Hosting.SSLCertificate.organization.countNumberThe organization count of the SSL certificate information.
DomainTools.Hosting.SSLCertificate.subject.valueStringThe subject value of the SSL certificate information.
DomainTools.Hosting.SSLCertificate.subject.countNumberThe subject count of the SSL certificate information.
DomainTools.Hosting.RedirectsTo.valueStringThe Redirects To Value of the domain.
DomainTools.Hosting.RedirectsTo.countNumberThe Redirects To Count of the domain.
DomainTools.Analytics.GoogleAdsenseTrackingCodeNumberThe tracking code of Google Adsense.
DomainTools.Analytics.GoogleAnalyticTrackingCodeNumberThe tracking code of Google Analytics.
DomainTools.Domains.Analytics.GA4TrackingCodeNumberThe tracking code of ga4.
DomainTools.Domains.Analytics.GTMTrackingCodeNumberThe tracking code of gtm.
DomainTools.Domains.Analytics.FBTrackingCodeNumberThe tracking code of fb.
DomainTools.Domains.Analytics.HotJarTrackingCodeNumberThe tracking code of Hot Jar.
DomainTools.Domains.Analytics.BaiduTrackingCodeNumberThe tracking code of Baidu.
DomainTools.Domains.Analytics.YandexTrackingCodeNumberThe tracking code of Yandex.
DomainTools.Domains.Analytics.MatomoTrackingCodeNumberThe tracking code of Matomo.
DomainTools.Domains.Analytics.StatcounterProjectTrackingCodeNumberThe tracking code of Stat Counter Project.
DomainTools.Domains.Analytics.StatcounterSecurityTrackingCodeNumberThe tracking code of Stat Counter Security.
DomainTools.WebsiteTitleNumberThe website title.
DomainTools.FirstSeenNumberThe date the domain was first seen.
DomainTools.ServerTypeNumberThe server type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type of the DBotScore.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

domaintoolsiris-investigate#


Returns a complete profile of the domain (SLD.TLD) using Iris Investigate. If parsing of FQDNs is desired, see domainExtractAndInvestigate.

Base Command#

domaintoolsiris-investigate

Input#

Argument NameDescriptionRequired
domainThe domain name (SLD.TLD) to Investigate. Supports up to 1,000 comma-separated domains.Required
include_contextInclude the investigate results in Context Data. Defaults to true. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
Domain.NameStringThe name of the domain.
Domain.DNSStringThe DNS of the domain.
Domain.DomainStatusBooleanThe status of the domain.
Domain.CreationDateDateThe creation date.
Domain.ExpirationDateDateThe expiration date of the domain.
Domain.NameServersStringThe nameServers of the domain.
Domain.Registrant.CountryStringThe registrant country of the domain.
Domain.Registrant.EmailStringThe registrant email of the domain.
Domain.Registrant.NameStringThe registrant name of the domain.
Domain.Registrant.PhoneStringThe registrant phone number of the domain.
Domain.Malicious.VendorStringThe vendor who classified the domain as malicious.
Domain.Malicious.DescriptionStringThe description as to why the domain was found to be malicious.
DomainTools.NameStringThe domain name in DomainTools.
DomainTools.LastEnrichedDateThe last Time DomainTools enriched domain data.
DomainTools.Analytics.OverallRiskScoreNumberThe Overall Risk Score in DomainTools.
DomainTools.Analytics.ProximityRiskScoreNumberThe Proximity Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.RiskScoreNumberThe Threat Profile Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.ThreatsStringThe threats of the Threat Profile Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.EvidenceStringThe Threat Profile Risk Score Evidence in DomainTools.
DomainTools.Analytics.WebsiteResponseCodeNumberThe Website Response Code in DomainTools.
DomainTools.Analytics.TagsStringThe Tags in DomainTools.
DomainTools.Identity.RegistrantNameStringThe name of the registrant.
DomainTools.Identity.RegistrantOrgStringThe organization of the registrant.
DomainTools.Identity.RegistrantContact.Country.valueStringThe country value of the registrant contact.
DomainTools.Identity.RegistrantContact.Country.countNumberThe count of the registrant contact country.
DomainTools.Identity.RegistrantContact.Email.valueStringThe Email value of the registrant contact.
DomainTools.Identity.RegistrantContact.Email.countNumberThe Email count of the registrant contact.
DomainTools.Identity.RegistrantContact.Name.valueStringThe name value of the registrant contact.
DomainTools.Identity.RegistrantContact.Name.countNumberThe name count of the registrant contact.
DomainTools.Identity.RegistrantContact.Phone.valueStringThe phone value of the registrant contact.
DomainTools.Identity.RegistrantContact.Phone.countNumberThe phone count of the registrant contact.
DomainTools.Identity.SOAEmailStringThe SOA record of the Email.
DomainTools.Identity.SSLCertificateEmailStringThe Email of the SSL certificate.
DomainTools.Identity.AdminContact.Country.valueStringThe country value of the administrator contact.
DomainTools.Identity.AdminContact.Country.countNumberThe country count of the administrator contact.
DomainTools.Identity.AdminContact.Email.valueStringThe Email value of the administrator contact.
DomainTools.Identity.AdminContact.Email.countNumberThe Email count of the administrator contact.
DomainTools.Identity.AdminContact.Name.valueStringThe name value of the administrator contact.
DomainTools.Identity.AdminContact.Name.countNumberThe name count of the administrator contact.
DomainTools.Identity.AdminContact.Phone.valueStringThe phone value of the administrator contact.
DomainTools.Identity.AdminContact.Phone.countNumberThe phone count of the administrator contact.
DomainTools.Identity.TechnicalContact.Country.valueStringThe country value of the technical contact.
DomainTools.Identity.TechnicalContact.Country.countNumberThe country count of the technical contact.
DomainTools.Identity.TechnicalContact.Email.valueStringThe Email value of the technical contact.
DomainTools.Identity.TechnicalContact.Email.countNumberThe Email count of the technical contact.
DomainTools.Identity.TechnicalContact.Name.valueStringThe name value of the technical Contact.
DomainTools.Identity.TechnicalContact.Name.countNumberThe name count of the technical contact.
DomainTools.Identity.TechnicalContact.Phone.valueStringThe phone value of the technical contact.
DomainTools.Identity.TechnicalContact.Phone.countNumberThe phone count of the technical contact.
DomainTools.Identity.BillingContact.Country.valueStringThe country value of the billing contact.
DomainTools.Identity.BillingContact.Country.countNumberThe country count of the billing contact.
DomainTools.Identity.BillingContact.Email.valueStringThe Email value of the billing contact.
DomainTools.Identity.BillingContact.Email.countNumberThe Email count of the billing contact.
DomainTools.Identity.BillingContact.Name.valueStringThe name value of the billing contact.
DomainTools.Identity.BillingContact.Name.countNumberThe name count of the billing contact.
DomainTools.Identity.BillingContact.Phone.valueStringThe phone value of the billing contact.
DomainTools.Identity.BillingContact.Phone.countNumberThe phone count of the billing contact.
DomainTools.Identity.EmailDomainsStringThe Email Domains.
DomainTools.Identity.AdditionalWhoisEmails.valueStringThe value of the Additional Whois Emails record.
DomainTools.Identity.AdditionalWhoisEmails.countNumberThe count of the Additional Whois Emails record.
DomainTools.Registration.DomainRegistrantStringThe registrant of the domain.
DomainTools.Registration.RegistrarStatusStringThe status of the registrar.
DomainTools.Registration.DomainStatusBooleanThe active status of the domain.
DomainTools.Registration.CreateDateDateThe date the domain was created.
DomainTools.Registration.ExpirationDateDateThe expiration date of the domain.
DomainTools.Hosting.IPAddresses.address.valueStringThe address value of IP addresses.
DomainTools.Hosting.IPAddresses.address.countNumberThe address count of IP addresses.
DomainTools.Hosting.IPAddresses.asn.valueStringThe ASN value of IP addresses.
DomainTools.Hosting.IPAddresses.asn.countNumberThe ASN count of IP addresses.
DomainTools.Hosting.IPAddresses.country_code.valueStringThe country code value of IP addresses.
DomainTools.Hosting.IPAddresses.country_code.countNumberThe country code count of IP addresses.
DomainTools.Hosting.IPAddresses.isp.valueStringThe ISP value of IP addresses.
DomainTools.Hosting.IPAddresses.isp.countNumberThe ISP count of IP addresses.
DomainTools.Hosting.IPCountryCodeStringThe country code of the IP address.
DomainTools.Hosting.MailServers.domain.valueStringThe domain value of the Mail Servers.
DomainTools.Hosting.MailServers.domain.countNumberThe domain count of the Mail Servers.
DomainTools.Hosting.MailServers.host.valueStringThe host value of the Mail Servers.
DomainTools.Hosting.MailServers.host.countNumberThe host count of the Mail Servers.
DomainTools.Hosting.MailServers.ip.valueStringThe IP value of the Mail Servers.
DomainTools.Hosting.MailServers.ip.countNumberThe IP count of the Mail Servers.
DomainTools.Hosting.SPFRecordStringThe SPF Record.
DomainTools.Hosting.NameServers.domain.valueStringThe domain value of the domain NameServers.
DomainTools.Hosting.NameServers.domain.countNumberThe domain count of the domain NameServers.
DomainTools.Hosting.NameServers.host.valueStringThe host value of the domain NameServers.
DomainTools.Hosting.NameServers.host.countNumberThe host count of the domain NameServers.
DomainTools.Hosting.NameServers.ip.valueStringThe IP value of the domain NameServers.
DomainTools.Hosting.NameServers.ip.countNumberThe IP count of domain NameServers.
DomainTools.Hosting.SSLCertificate.hash.valueStringThe hash value of the SSL certificate.
DomainTools.Hosting.SSLCertificate.hash.countNumberThe hash count of the SSL certificate.
DomainTools.Hosting.SSLCertificate.organization.valueStringThe organization value of the SSL certificate.
DomainTools.Hosting.SSLCertificate.organization.countNumberThe organization count of the SSL certificate information.
DomainTools.Hosting.SSLCertificate.subject.valueStringThe subject value of the SSL certificate information.
DomainTools.Hosting.SSLCertificate.subject.countNumberThe subject count of the SSL certificate information.
DomainTools.Hosting.RedirectsTo.valueStringThe Redirects To Value of the domain.
DomainTools.Hosting.RedirectsTo.countNumberThe Redirects To Count of the domain.
DomainTools.Analytics.GoogleAdsenseTrackingCodeNumberThe tracking code of Google Adsense.
DomainTools.Analytics.GoogleAnalyticTrackingCodeNumberThe tracking code of Google Analytics.
DomainTools.Domains.Analytics.GA4TrackingCodeNumberThe tracking code of ga4.
DomainTools.Domains.Analytics.GTMTrackingCodeNumberThe tracking code of gtm.
DomainTools.Domains.Analytics.FBTrackingCodeNumberThe tracking code of fb.
DomainTools.Domains.Analytics.HotJarTrackingCodeNumberThe tracking code of Hot Jar.
DomainTools.Domains.Analytics.BaiduTrackingCodeNumberThe tracking code of Baidu.
DomainTools.Domains.Analytics.YandexTrackingCodeNumberThe tracking code of Yandex.
DomainTools.Domains.Analytics.MatomoTrackingCodeNumberThe tracking code of Matomo.
DomainTools.Domains.Analytics.StatcounterProjectTrackingCodeNumberThe tracking code of Stat Counter Project.
DomainTools.Domains.Analytics.StatcounterSecurityTrackingCodeNumberThe tracking code of Stat Counter Security.
DomainTools.WebsiteTitleNumberThe website title.
DomainTools.FirstSeenNumberThe date the domain was first seen.
DomainTools.ServerTypeNumberThe server type.
DBotScore.IndicatorStringThe indicator of the DBotScore.
DBotScore.TypeStringThe indicator type of the DBotScore.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

domaintoolsiris-enrich#


Returns a complete profile of the domain (SLD.TLD) using Iris Enrich. If parsing of URLs or FQDNs is desired, see domainExtractAndEnrich.

Base Command#

domaintoolsiris-enrich

Input#

Argument NameDescriptionRequired
domainThe domain name (SLD.TLD), or a comma-separated list of up to 6,000 domains.Required
include_contextInclude the investigate results in Context Data. Defaults to true. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
Domain.NameStringThe name of the domain.
Domain.DNSStringThe DNS of the domain.
Domain.DomainStatusBooleanThe status of the domain.
Domain.CreationDateDateThe creation date.
Domain.ExpirationDateDateThe expiration date of the domain.
Domain.NameServersStringThe nameServers of the domain.
Domain.Registrant.CountryStringThe registrant country of the domain.
Domain.Registrant.EmailStringThe registrant email of the domain.
Domain.Registrant.NameStringThe registrant name of the domain.
Domain.Registrant.PhoneStringThe registrant phone number of the domain.
Domain.Malicious.VendorStringThe vendor who classified the domain as malicious.
Domain.Malicious.DescriptionStringThe description as to why the domain was found to be malicious.
DomainTools.NameStringThe domain name in DomainTools.
DomainTools.LastEnrichedDateThe last Time DomainTools enriched domain data.
DomainTools.Analytics.OverallRiskScoreNumberThe Overall Risk Score in DomainTools.
DomainTools.Analytics.ProximityRiskScoreNumberThe Proximity Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.RiskScoreNumberThe Threat Profile Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.ThreatsStringThe threats of the Threat Profile Risk Score in DomainTools.
DomainTools.Analytics.ThreatProfileRiskScore.EvidenceStringThe Threat Profile Risk Score Evidence in DomainTools.
DomainTools.Analytics.WebsiteResponseCodeNumberThe Website Response Code in DomainTools.
DomainTools.Analytics.TagsStringThe Tags in DomainTools.
DomainTools.Identity.RegistrantNameStringThe name of the registrant.
DomainTools.Identity.RegistrantOrgStringThe organization of the registrant.
DomainTools.Identity.RegistrantContact.Country.valueStringThe country value of the registrant contact.
DomainTools.Identity.RegistrantContact.Country.countNumberThe count of the registrant contact country.
DomainTools.Identity.RegistrantContact.Email.valueStringThe Email value of the registrant contact.
DomainTools.Identity.RegistrantContact.Email.countNumberThe Email count of the registrant contact.
DomainTools.Identity.RegistrantContact.Name.valueStringThe name value of the registrant contact.
DomainTools.Identity.RegistrantContact.Name.countNumberThe name count of the registrant contact.
DomainTools.Identity.RegistrantContact.Phone.valueStringThe phone value of the registrant contact.
DomainTools.Identity.RegistrantContact.Phone.countNumberThe phone count of the registrant contact.
DomainTools.Identity.SOAEmailStringThe SOA record of the Email.
DomainTools.Identity.SSLCertificateEmailStringThe Email of the SSL certificate.
DomainTools.Identity.AdminContact.Country.valueStringThe country value of the administrator contact.
DomainTools.Identity.AdminContact.Country.countNumberThe country count of the administrator contact.
DomainTools.Identity.AdminContact.Email.valueStringThe Email value of the administrator contact.
DomainTools.Identity.AdminContact.Email.countNumberThe Email count of the administrator contact.
DomainTools.Identity.AdminContact.Name.valueStringThe name value of the administrator contact.
DomainTools.Identity.AdminContact.Name.countNumberThe name count of the administrator contact.
DomainTools.Identity.AdminContact.Phone.valueStringThe phone value of the administrator contact.
DomainTools.Identity.AdminContact.Phone.countNumberThe phone count of the administrator contact.
DomainTools.Identity.TechnicalContact.Country.valueStringThe country value of the technical contact.
DomainTools.Identity.TechnicalContact.Country.countNumberThe country count of the technical contact.
DomainTools.Identity.TechnicalContact.Email.valueStringThe Email value of the technical contact.
DomainTools.Identity.TechnicalContact.Email.countNumberThe Email count of the technical contact.
DomainTools.Identity.TechnicalContact.Name.valueStringThe name value of the technical Contact.
DomainTools.Identity.TechnicalContact.Name.countNumberThe name count of the technical contact.
DomainTools.Identity.TechnicalContact.Phone.valueStringThe phone value of the technical contact.
DomainTools.Identity.TechnicalContact.Phone.countNumberThe phone count of the technical contact.
DomainTools.Identity.BillingContact.Country.valueStringThe country value of the billing contact.
DomainTools.Identity.BillingContact.Country.countNumberThe country count of the billing contact.
DomainTools.Identity.BillingContact.Email.valueStringThe Email value of the billing contact.
DomainTools.Identity.BillingContact.Email.countNumberThe Email count of the billing contact.
DomainTools.Identity.BillingContact.Name.valueStringThe name value of the billing contact.
DomainTools.Identity.BillingContact.Name.countNumberThe name count of the billing contact.
DomainTools.Identity.BillingContact.Phone.valueStringThe phone value of the billing contact.
DomainTools.Identity.BillingContact.Phone.countNumberThe phone count of the billing contact.
DomainTools.Identity.EmailDomainsStringThe Email Domains.
DomainTools.Identity.AdditionalWhoisEmails.valueStringThe value of the Additional Whois Emails record.
DomainTools.Identity.AdditionalWhoisEmails.countNumberThe count of the Additional Whois Emails record.
DomainTools.Registration.DomainRegistrantStringThe registrant of the domain.
DomainTools.Registration.RegistrarStatusStringThe status of the registrar.
DomainTools.Registration.DomainStatusBooleanThe active status of the domain.
DomainTools.Registration.CreateDateDateThe date the domain was created.
DomainTools.Registration.ExpirationDateDateThe expiration date of the domain.
DomainTools.Hosting.IPAddresses.address.valueStringThe address value of IP addresses.
DomainTools.Hosting.IPAddresses.address.countNumberThe address count of IP addresses.
DomainTools.Hosting.IPAddresses.asn.valueStringThe ASN value of IP addresses.
DomainTools.Hosting.IPAddresses.asn.countNumberThe ASN count of IP addresses.
DomainTools.Hosting.IPAddresses.country_code.valueStringThe country code value of IP addresses.
DomainTools.Hosting.IPAddresses.country_code.countNumberThe country code count of IP addresses.
DomainTools.Hosting.IPAddresses.isp.valueStringThe ISP value of IP addresses.
DomainTools.Hosting.IPAddresses.isp.countNumberThe ISP count of IP addresses.
DomainTools.Hosting.IPCountryCodeStringThe country code of the IP address.
DomainTools.Hosting.MailServers.domain.valueStringThe domain value of the Mail Servers.
DomainTools.Hosting.MailServers.domain.countNumberThe domain count of the Mail Servers.
DomainTools.Hosting.MailServers.host.valueStringThe host value of the Mail Servers.
DomainTools.Hosting.MailServers.host.countNumberThe host count of the Mail Servers.
DomainTools.Hosting.MailServers.ip.valueStringThe IP value of the Mail Servers.
DomainTools.Hosting.MailServers.ip.countNumberThe IP count of the Mail Servers.
DomainTools.Hosting.SPFRecordStringThe SPF Record.
DomainTools.Hosting.NameServers.domain.valueStringThe domain value of the domain NameServers.
DomainTools.Hosting.NameServers.domain.countNumberThe domain count of the domain NameServers.
DomainTools.Hosting.NameServers.host.valueStringThe host value of the domain NameServers.
DomainTools.Hosting.NameServers.host.countNumberThe host count of the domain NameServers.
DomainTools.Hosting.NameServers.ip.valueStringThe IP value of the domain NameServers.
DomainTools.Hosting.NameServers.ip.countNumberThe IP count of domain NameServers.
DomainTools.Hosting.SSLCertificate.hash.valueStringThe hash value of the SSL certificate.
DomainTools.Hosting.SSLCertificate.hash.countNumberThe hash count of the SSL certificate.
DomainTools.Hosting.SSLCertificate.organization.valueStringThe organization value of the SSL certificate.
DomainTools.Hosting.SSLCertificate.organization.countNumberThe organization count of the SSL certificate information.
DomainTools.Hosting.SSLCertificate.subject.valueStringThe subject value of the SSL certificate information.
DomainTools.Hosting.SSLCertificate.subject.countNumberThe subject count of the SSL certificate information.
DomainTools.Hosting.RedirectsTo.valueStringThe Redirects To Value of the domain.
DomainTools.Hosting.RedirectsTo.countNumberThe Redirects To Count of the domain.
DomainTools.Analytics.GoogleAdsenseTrackingCodeNumberThe tracking code of Google Adsense.
DomainTools.Analytics.GoogleAnalyticTrackingCodeNumberThe tracking code of Google Analytics.
DomainTools.Domains.Analytics.GA4TrackingCodeNumberThe tracking code of ga4.
DomainTools.Domains.Analytics.GTMTrackingCodeNumberThe tracking code of gtm.
DomainTools.Domains.Analytics.FBTrackingCodeNumberThe tracking code of fb.
DomainTools.Domains.Analytics.HotJarTrackingCodeNumberThe tracking code of Hot Jar.
DomainTools.Domains.Analytics.BaiduTrackingCodeNumberThe tracking code of Baidu.
DomainTools.Domains.Analytics.YandexTrackingCodeNumberThe tracking code of Yandex.
DomainTools.Domains.Analytics.MatomoTrackingCodeNumberThe tracking code of Matomo.
DomainTools.Domains.Analytics.StatcounterProjectTrackingCodeNumberThe tracking code of Stat Counter Project.
DomainTools.Domains.Analytics.StatcounterSecurityTrackingCodeNumberThe tracking code of Stat Counter Security.
DomainTools.WebsiteTitleNumberThe website title.
DomainTools.FirstSeenNumberThe date the domain was first seen.
DomainTools.ServerTypeNumberThe server type.
DBotScore.IndicatorStringThe indicator of the DBotScore.
DBotScore.TypeStringThe indicator type of the DBotScore.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

domaintoolsiris-analytics#


Displays DomainTools Analytic data in a markdown format table.

Base Command#

domaintoolsiris-analytics

Input#

Argument NameDescriptionRequired
domainThe domain name to display.Required
include_contextInclude the enrich results in Context Data. Defaults to true. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
Domain.NameStringThe name of the domain.
Domain.DNSStringThe DNS of the domain.
Domain.DomainStatusBooleanThe status of the domain.
Domain.CreationDateDateThe creation date of the domain.
Domain.ExpirationDateDateThe expiration date of the domain.
Domain.NameServersStringThe NameServers of the domain.
Domain.Registrant.CountryStringThe registrant country of the domain.
Domain.Registrant.EmailStringThe registrant Email of the domain.
Domain.Registrant.NameStringThe registrant name of the domain.
Domain.Registrant.PhoneStringThe registrant phone number of the domain.
Domain.Malicious.VendorStringThe vendor that classified the domain as malicious.
Domain.Malicious.DescriptionStringThe description as to why the domain was found malicious.
DomainTools.Domains.NameStringThe domain name in DomainTools.
DomainTools.Domains.LastEnrichedDateThe last Time DomainTools enriched domain data.
DomainTools.Domains.Analytics.OverallRiskScoreNumberThe DomainTools Overall Risk Score.
DomainTools.Domains.Analytics.ProximityRiskScoreNumberThe DomainTools Proximity Risk Score.
DomainTools.Domains.Analytics.ThreatProfileRiskScore.RiskScoreNumberThe DomainTools Threat Profile Risk Score.
DomainTools.Domains.Analytics.ThreatProfileRiskScore.ThreatsStringThe DomainTools Threat Profile Threats.
DomainTools.Domains.Analytics.ThreatProfileRiskScore.EvidenceStringThe DomainTools Threat Profile Evidence.
DomainTools.Domains.Analytics.WebsiteResponseCodeNumberThe Website Response Code.
DomainTools.Domains.Analytics.TagsStringThe tags in DomainTools.
DomainTools.Domains.Identity.RegistrantNameStringThe name of the registrant.
DomainTools.Domains.Identity.RegistrantOrgStringThe organization of the registrant.
DomainTools.Domains.Identity.RegistrantContact.Country.valueStringThe country value of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Country.countNumberThe country count of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Email.valueStringThe Email value of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Email.countNumberThe Email count of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Name.valueStringThe name value of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Name.countNumberThe Name count of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Phone.valueStringThe phone value of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Phone.countNumberThe phone count of the registrant contact.
DomainTools.Domains.Identity.SOAEmailStringThe SOA record Email.
DomainTools.Domains.Identity.SSLCertificateEmailStringThe email of the SSL certificate.
DomainTools.Domains.Identity.AdminContact.Country.valueStringThe country value of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Country.countNumberThe country count of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Email.valueStringThe Email value of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Email.countNumberThe Email count of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Name.valueStringThe name value of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Name.countNumberThe name count of administrator contact.
DomainTools.Domains.Identity.AdminContact.Phone.valueStringThe phone value of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Phone.countNumberThe phone count of the administrator contact.
DomainTools.Domains.Identity.TechnicalContact.Country.valueStringThe country value of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Country.countNumberThe country count of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Email.valueStringThe Email value of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Email.countNumberThe Email count of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Name.valueStringThe name value of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Name.countNumberThe name count of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Phone.valueStringThe phone value of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Phone.countNumberThe phone count of the technical contact.
DomainTools.Domains.Identity.BillingContact.Country.valueStringThe country value of the billing contact.
DomainTools.Domains.Identity.BillingContact.Country.countNumberThe country count of the billing contact.
DomainTools.Domains.Identity.BillingContact.Email.valueStringThe email value of the billing contact.
DomainTools.Domains.Identity.BillingContact.Email.countNumberThe email count of the billing contact.
DomainTools.Domains.Identity.BillingContact.Name.valueStringThe name value of the billing contact.
DomainTools.Domains.Identity.BillingContact.Name.countNumberThe name count of the billing contact.
DomainTools.Domains.Identity.BillingContact.Phone.valueStringThe phone value of the billing contact.
DomainTools.Domains.Identity.BillingContact.Phone.countNumberThe phone count of the billing contact.
DomainTools.Domains.Identity.EmailDomainsStringThe domain of the Email.
DomainTools.Domains.Identity.AdditionalWhoisEmails.valueStringThe value of the Additional Whois Emails.
DomainTools.Domains.Identity.AdditionalWhoisEmails.countNumberThe count of the Additional Whois Emails.
DomainTools.Domains.Registration.DomainRegistrantStringThe registrant of the domain.
DomainTools.Domains.Registration.RegistrarStatusStringThe status of the registrar.
DomainTools.Domains.Registration.DomainStatusBooleanThe active status of the domain.
DomainTools.Domains.Registration.CreateDateDateThe date the domain was created.
DomainTools.Domains.Registration.ExpirationDateDateThe date the domain expires.
DomainTools.Domains.Hosting.IPAddresses.address.valueStringThe address values of the IP addresses.
DomainTools.Domains.Hosting.IPAddresses.address.countNumberThe address counts of the IP addresses.
DomainTools.Domains.Hosting.IPAddresses.asn.valueStringThe ASN values of the IP addresses.
DomainTools.Domains.Hosting.IPAddresses.asn.countNumberThe ASN counts of the IP addresses.
DomainTools.Domains.Hosting.IPAddresses.country_code.valueStringThe country code values of the IP addresses.
DomainTools.Domains.Hosting.IPAddresses.country_code.countNumberThe country code counts of the IP addresses.
DomainTools.Domains.Hosting.IPAddresses.isp.valueStringIP Addresses Info isp value.
DomainTools.Domains.Hosting.IPAddresses.isp.countNumberIP Addresses Info isp count.
DomainTools.Domains.Hosting.IPCountryCodeStringIP Country Code.
DomainTools.Domains.Hosting.MailServers.domain.valueStringMail Servers Info domain value.
DomainTools.Domains.Hosting.MailServers.domain.countNumberMail Servers Info domain count.
DomainTools.Domains.Hosting.MailServers.host.valueStringMail Servers Info host value.
DomainTools.Domains.Hosting.MailServers.host.countNumberMail Servers Info host count.
DomainTools.Domains.Hosting.MailServers.ip.valueStringMail Servers Info ip value.
DomainTools.Domains.Hosting.MailServers.ip.countNumberMail Servers Info ip count.
DomainTools.Domains.Hosting.SPFRecordStringThe SPF record.
DomainTools.Domains.Hosting.NameServers.domain.valueStringThe domain value of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.domain.countNumberThe domain count of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.host.valueStringThe host value of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.host.countNumberThe host count of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.ip.valueStringThe IP value of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.ip.countNumberThe IP count of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.SSLCertificate.hash.valueStringThe hash value of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.hash.countNumberThe hash count of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.organization.valueStringThe organization value of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.organization.countNumberThe organization count of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.subject.valueStringThe subject value of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.subject.countNumberThe subject count of the SSL certificate.
DomainTools.Domains.Hosting.RedirectsTo.valueStringThe Redirects To value of the domain.
DomainTools.Domains.Hosting.RedirectsTo.countNumberThe Redirects To count of the domain.
DomainTools.Domains.Analytics.GoogleAdsenseTrackingCodeNumberThe tracking code of Google Adsense.
DomainTools.Analytics.GoogleAnalyticTrackingCodeNumberThe tracking code of Google Analytics.
DomainTools.Domains.Analytics.GA4TrackingCodeNumberThe tracking code of ga4.
DomainTools.Domains.Analytics.GTMTrackingCodeNumberThe tracking code of gtm.
DomainTools.Domains.Analytics.FBTrackingCodeNumberThe tracking code of fb.
DomainTools.Domains.Analytics.HotJarTrackingCodeNumberThe tracking code of Hot Jar.
DomainTools.Domains.Analytics.BaiduTrackingCodeNumberThe tracking code of Baidu.
DomainTools.Domains.Analytics.YandexTrackingCodeNumberThe tracking code of Yandex.
DomainTools.Domains.Analytics.MatomoTrackingCodeNumberThe tracking code of Matomo.
DomainTools.Domains.Analytics.StatcounterProjectTrackingCodeNumberThe tracking code of Stat Counter Project.
DomainTools.Domains.Analytics.StatcounterSecurityTrackingCodeNumberThe tracking code of Stat Counter Security.
DBotScore.IndicatorStringThe DBotScore indicator.
DBotScore.TypeStringThe indicator type of the DBotScore.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

domaintoolsiris-threat-profile#


Displays DomainTools Threat Profile data in a markdown format table.

Base Command#

domaintoolsiris-threat-profile

Input#

Argument NameDescriptionRequired
domainThe domain name.Required

Context Output#

PathTypeDescription
Domain.NameStringThe name of the domain.
Domain.DNSStringThe DNS of the domain.
Domain.DomainStatusBooleanThe status of the domain.
Domain.CreationDateDateThe creation date of the domain.
Domain.ExpirationDateDateThe expiration date of the domain.
Domain.NameServersStringThe NameServers of the domain.
Domain.Registrant.CountryStringThe registrant country of the domain.
Domain.Registrant.EmailStringThe Email of the registrant domain.
Domain.Registrant.NameStringThe registrant name of the domain.
Domain.Registrant.PhoneStringThe phone value of the registrant domain.
Domain.Malicious.VendorStringVendor that classified the domain as malicious.
Domain.Malicious.DescriptionStringThe description as to why the domain was found to be malicious.
DomainTools.Domains.NameStringThe DomainTools domain name.
DomainTools.Domains.LastEnrichedDateThe last time DomainTools enriched the domain data.
DomainTools.Domains.Analytics.OverallRiskScoreNumberThe DomainTools Overall Risk Score.
DomainTools.Domains.Analytics.ProximityRiskScoreNumberThe DomainTools Proximity Risk Score.
DomainTools.Domains.Analytics.ThreatProfileRiskScore.RiskScoreNumberThe DomainTools Threat Profile Risk Score.
DomainTools.Domains.Analytics.ThreatProfileRiskScore.ThreatsStringThe DomainTools Threat Profile Threats.
DomainTools.Domains.Analytics.ThreatProfileRiskScore.EvidenceStringThe DomainTools Threat Profile Evidence.
DomainTools.Domains.Analytics.WebsiteResponseCodeNumberThe response code of the Website.
DomainTools.Domains.Analytics.TagsStringThe DomainTools Tags.
DomainTools.Domains.Identity.RegistrantNameStringThe name of the registrant.
DomainTools.Domains.Identity.RegistrantOrgStringThe organization of the registrant.
DomainTools.Domains.Identity.RegistrantContact.Country.valueStringThe country value of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Country.countNumberThe county count of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Email.valueStringThe Email value of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Email.countNumberThe Email count of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Name.valueStringThe name value of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Name.countNumberThe name count of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Phone.valueStringThe phone value of the registrant contact.
DomainTools.Domains.Identity.RegistrantContact.Phone.countNumberThe phone count of the registrant contact.
DomainTools.Domains.Identity.SOAEmailStringThe SOA record Email.
DomainTools.Domains.Identity.SSLCertificateEmailStringThe SSL certificate Email.
DomainTools.Domains.Identity.AdminContact.Country.valueStringThe country value of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Country.countNumberThe country count of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Email.valueStringThe Email value of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Email.countNumberThe Email count of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Name.valueStringThe name value of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Name.countNumberThe name count of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Phone.valueStringThe phone value of the administrator contact.
DomainTools.Domains.Identity.AdminContact.Phone.countNumberThe phone count of the administrator contact.
DomainTools.Domains.Identity.TechnicalContact.Country.valueStringThe country value of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Country.countNumberThe country count of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Email.valueStringThe Email value of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Email.countNumberThe Email count of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Name.valueStringThe name value of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Name.countNumberThe name count of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Phone.valueStringThe phone value of the technical contact.
DomainTools.Domains.Identity.TechnicalContact.Phone.countNumberThe phone count of the technical contact.
DomainTools.Domains.Identity.BillingContact.Country.valueStringThe country value of the billing contact.
DomainTools.Domains.Identity.BillingContact.Country.countNumberThe country count of the billing contact.
DomainTools.Domains.Identity.BillingContact.Email.valueStringThe Email value of the billing contact.
DomainTools.Domains.Identity.BillingContact.Email.countNumberThe Email count of the billing contact.
DomainTools.Domains.Identity.BillingContact.Name.valueStringThe name value of the billing contact.
DomainTools.Domains.Identity.BillingContact.Name.countNumberThe name count of the billing contact.
DomainTools.Domains.Identity.BillingContact.Phone.valueStringThe phone value of the billing contact.
DomainTools.Domains.Identity.BillingContact.Phone.countNumberThe phone count of the billing contact.
DomainTools.Domains.Identity.EmailDomainsStringThe Email domains.
DomainTools.Domains.Identity.AdditionalWhoisEmails.valueStringThe value of the Additional Whois Emails.
DomainTools.Domains.Identity.AdditionalWhoisEmails.countNumberThe count of the Additional Whois Emails.
DomainTools.Domains.Registration.DomainRegistrantStringThe registrant of the domain.
DomainTools.Domains.Registration.RegistrarStatusStringThe status of the registrar.
DomainTools.Domains.Registration.DomainStatusBooleanThe active status of the domain.
DomainTools.Domains.Registration.CreateDateDateThe date the domain was created.
DomainTools.Domains.Registration.ExpirationDateDateThe expiry date of the domain.
DomainTools.Domains.Hosting.IPAddresses.address.valueStringThe address value of the IP Addresses.
DomainTools.Domains.Hosting.IPAddresses.address.countNumberThe address count of the IP Addresses.
DomainTools.Domains.Hosting.IPAddresses.asn.valueStringThe ASN value of the IP Addresses.
DomainTools.Domains.Hosting.IPAddresses.asn.countNumberThe ASN count of the IP Addresses.
DomainTools.Domains.Hosting.IPAddresses.country_code.valueStringThe country code of the IP Addresses.
DomainTools.Domains.Hosting.IPAddresses.country_code.countNumberThe country code count of the IP Addresses.
DomainTools.Domains.Hosting.IPAddresses.isp.valueStringISP value of the IP Addresses.
DomainTools.Domains.Hosting.IPAddresses.isp.countNumberThe ISP count of the IP Addresses.
DomainTools.Domains.Hosting.IPCountryCodeStringThe country code of the IP address.
DomainTools.Domains.Hosting.MailServers.domain.valueStringThe domain value of the Mail Servers.
DomainTools.Domains.Hosting.MailServers.domain.countNumberThe domain count of the Mail Servers.
DomainTools.Domains.Hosting.MailServers.host.valueStringThe host value of the Mail Servers.
DomainTools.Domains.Hosting.MailServers.host.countNumberThe host count of the Mail Servers.
DomainTools.Domains.Hosting.MailServers.ip.valueStringThe IP value of the Mail Servers.
DomainTools.Domains.Hosting.MailServers.ip.countNumberThe IP count of the Mail Servers.
DomainTools.Domains.Hosting.SPFRecordStringThe SPF Record.
DomainTools.Domains.Hosting.NameServers.domain.valueStringThe domain value of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.domain.countNumberThe domain count of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.host.valueStringThe host value of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.host.countNumberThe host count of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.ip.valueStringThe IP value of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.NameServers.ip.countNumberThe IP count of the DomainTools Domains NameServers.
DomainTools.Domains.Hosting.SSLCertificate.hash.valueStringThe hash value of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.hash.countNumberThe hash count of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.organization.valueStringThe organization value of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.organization.countNumberThe organization count of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.subject.valueStringThe subject value of the SSL certificate.
DomainTools.Domains.Hosting.SSLCertificate.subject.countNumberThe subject count of the SSL certificate.
DomainTools.Domains.Hosting.RedirectsTo.valueStringThe Redirects To value of the domain.
DomainTools.Domains.Hosting.RedirectsTo.countNumberThe Redirects To count of the domain.
DomainTools.Domains.Analytics.GoogleAdsenseTrackingCodeNumberThe tracking code of Google Adsense.
DomainTools.Analytics.GoogleAnalyticTrackingCodeNumberThe tracking code of Google Analytics.
DomainTools.Domains.Analytics.GA4TrackingCodeNumberThe tracking code of ga4.
DomainTools.Domains.Analytics.GTMTrackingCodeNumberThe tracking code of gtm.
DomainTools.Domains.Analytics.FBTrackingCodeNumberThe tracking code of fb.
DomainTools.Domains.Analytics.HotJarTrackingCodeNumberThe tracking code of Hot Jar.
DomainTools.Domains.Analytics.BaiduTrackingCodeNumberThe tracking code of Baidu.
DomainTools.Domains.Analytics.YandexTrackingCodeNumberThe tracking code of Yandex.
DomainTools.Domains.Analytics.MatomoTrackingCodeNumberThe tracking code of Matomo.
DomainTools.Domains.Analytics.StatcounterProjectTrackingCodeNumberThe tracking code of Stat Counter Project.
DomainTools.Domains.Analytics.StatcounterSecurityTrackingCodeNumberThe tracking code of Stat Counter Security.
DBotScore.IndicatorStringThe DBotScore indicator.
DBotScore.TypeStringThe indicator type of the DBotScore.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

domaintoolsiris-pivot#


Pivot on connected infrastructure (IP, email, SSL), or import domains from Iris Investigate using a search hash. Retrieves up to 5000 domains at a time. Optionally exclude results from context with include_context=false.

Base Command#

domaintoolsiris-pivot

Input#

Argument NameDescriptionRequired
ipThe IP Address.Optional
emailThe Email Address.Optional
nameserver_ipThe Name Server IP Address.Optional
ssl_hashThe hash of the SSL.Optional
nameserver_hostThe fully-qualified host name of the name server. For example, ns1.domaintools.net.Optional
mailserver_hostThe fully-qualified host name of the mail server. For example, mx.domaintools.net.Optional
email_domainOnly the domain portion of a Whois or DNS SOA email address.Optional
nameserver_domainRegistered domain portion of the name server.Optional
registrarExact match to the Whois registrar field.Optional
registrantExact match to the Whois registrant field.Optional
registrant_orgExact match to the Whois registrant organization field.Optional
tagged_with_anyComma-separated list of Iris Investigate tags. Returns domains tagged with any of the tags in a list.Optional
tagged_with_allComma-separated list of tags. Only returns domains tagged with the full list of tags.Optional
mailserver_domainOnly the registered domain portion of the mail server (domaintools.net).Optional
mailserver_ipIP address of the mail server.Optional
redirect_domainFind domains observed to redirect to another domain name.Optional
ssl_orgExact match to the organization name on the SSL certificate.Optional
ssl_subjectSubject field from the SSL certificate.Optional
ssl_emailEmail address from the SSL certificate.Optional
google_analyticsDomains with a Google Analytics tracking code.Optional
adsenseDomains with a Google AdSense tracking code.Optional
search_hashEncoded search from the Iris UI.Optional
include_contextInclude the results of the pivot in Context Data. Defaults to true. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
DomainTools.Pivots.PivotedDomains.NameStringThe DomainTools Domain Name.
DomainTools.Pivots.PivotedDomains.LastEnrichedDateThe last time DomainTools enriched the domain data.
DomainTools.Pivots.PivotedDomains.Analytics.OverallRiskScoreNumberThe DomainTools Overall Risk Score.
DomainTools.Pivots.PivotedDomains.Analytics.ProximityRiskScoreNumberThe DomainTools Proximity Risk Score.
DomainTools.Pivots.PivotedDomains.Analytics.ThreatProfileRiskScore.RiskScoreNumberThe DomainTools Threat Profile Risk Score.
DomainTools.Pivots.PivotedDomains.Analytics.ThreatProfileRiskScore.ThreatsStringThe DomainTools Threat Profile Threats.
DomainTools.Pivots.PivotedDomains.Analytics.ThreatProfileRiskScore.EvidenceStringThe DomainTools Threat Profile Evidence.
DomainTools.Pivots.PivotedDomains.Analytics.WebsiteResponseCodeNumberThe response code of the website.
DomainTools.Pivots.PivotedDomains.Analytics.TagsStringThe DomainTools tags.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantNameStringThe name of the registrant.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantOrgStringThe organization of the registrant.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantContact.Country.valueStringThe country value of the registrant contact.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantContact.Country.countNumberThe country count of the registrant contact.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantContact.Email.valueStringThe Email value of the registrant contact.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantContact.Email.countNumberThe Email count of the registrant contact.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantContact.Name.valueStringThe name value of the registrant contact.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantContact.Name.countNumberThe name count of the registrant contact.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantContact.Phone.valueStringThe phone value of of the registrant contact.
DomainTools.Pivots.PivotedDomains.Identity.RegistrantContact.Phone.countNumberThe phone count of the registrant contact.
DomainTools.Pivots.PivotedDomains.Identity.SOAEmailStringThe SOA record Email.
DomainTools.Pivots.PivotedDomains.Identity.SSLCertificateEmailStringThe SSL certificate Email.
DomainTools.Pivots.PivotedDomains.Identity.AdminContact.Country.valueStringThe country value of the administrator contact.
DomainTools.Pivots.PivotedDomains.Identity.AdminContact.Country.countNumberThe country count of the administrator contact.
DomainTools.Pivots.PivotedDomains.Identity.AdminContact.Email.valueStringThe Email value of the administrator contact.
DomainTools.Pivots.PivotedDomains.Identity.AdminContact.Email.countNumberThe Email count of the administrator contact.
DomainTools.Pivots.PivotedDomains.Identity.AdminContact.Name.valueStringThe name value of the administrator contact.
DomainTools.Pivots.PivotedDomains.Identity.AdminContact.Name.countNumberThe name count of the administrator contact.
DomainTools.Pivots.PivotedDomains.Identity.AdminContact.Phone.valueStringThe phone value of the administrator contact.
DomainTools.Pivots.PivotedDomains.Identity.AdminContact.Phone.countNumberThe phone count of the administrator contact.
DomainTools.Pivots.PivotedDomains.Identity.TechnicalContact.Country.valueStringThe country value of the technical contact.
DomainTools.Pivots.PivotedDomains.Identity.TechnicalContact.Country.countNumberThe country count of the technical contact.
DomainTools.Pivots.PivotedDomains.Identity.TechnicalContact.Email.valueStringThe Email value of the technical contact.
DomainTools.Pivots.PivotedDomains.Identity.TechnicalContact.Email.countNumberThe Email count of the technical contact.
DomainTools.Pivots.PivotedDomains.Identity.TechnicalContact.Name.valueStringThe name value of the technical contact.
DomainTools.Pivots.PivotedDomains.Identity.TechnicalContact.Name.countNumberThe name count of the technical contact.
DomainTools.Pivots.PivotedDomains.Identity.TechnicalContact.Phone.valueStringThe phone value of the technical contact.
DomainTools.Pivots.PivotedDomains.Identity.TechnicalContact.Phone.countNumberThe phone count of the technical contact.
DomainTools.Pivots.PivotedDomains.Identity.BillingContact.Country.valueStringThe country value of the billing contact.
DomainTools.Pivots.PivotedDomains.Identity.BillingContact.Country.countNumberThe country count of the billing contact.
DomainTools.Pivots.PivotedDomains.Identity.BillingContact.Email.valueStringThe Email value of the billing contact.
DomainTools.Pivots.PivotedDomains.Identity.BillingContact.Email.countNumberThe Email count of the billing contact.
DomainTools.Pivots.PivotedDomains.Identity.BillingContact.Name.valueStringThe Name value of the billing contact.
DomainTools.Pivots.PivotedDomains.Identity.BillingContact.Name.countNumberThe Name count of the billing contact.
DomainTools.Pivots.PivotedDomains.Identity.BillingContact.Phone.valueStringThe phone value of the billing contact.
DomainTools.Pivots.PivotedDomains.Identity.BillingContact.Phone.countNumberThe phone count of the billing contact.
DomainTools.Pivots.PivotedDomains.Identity.EmailDomainsStringThe Email domains.
DomainTools.Pivots.PivotedDomains.Identity.AdditionalWhoisEmails.valueStringThe value of the Additional Whois Emails.
DomainTools.Pivots.PivotedDomains.Identity.AdditionalWhoisEmails.countNumberThe count of the Additional Whois Emails.
DomainTools.Pivots.PivotedDomains.Registration.DomainRegistrantStringThe Registrant of the domain.
DomainTools.Pivots.PivotedDomains.Registration.RegistrarStatusStringThe status of the registrar.
DomainTools.Pivots.PivotedDomains.Registration.DomainStatusBooleanThe active status of the registrar.
DomainTools.Pivots.PivotedDomains.Registration.CreateDateDateThe date the domain was created.
DomainTools.Pivots.PivotedDomains.Registration.ExpirationDateDateThe Expiry date of the domain.
DomainTools.Pivots.PivotedDomains.Hosting.IPAddresses.address.valueStringThe address value of IP addresses.
DomainTools.Pivots.PivotedDomains.Hosting.IPAddresses.address.countNumberThe address count of IP addresses.
DomainTools.Pivots.PivotedDomains.Hosting.IPAddresses.asn.valueStringThe ASN value of IP addresses.
DomainTools.Pivots.PivotedDomains.Hosting.IPAddresses.asn.countNumberThe ASN count of IP addresses.
DomainTools.Pivots.PivotedDomains.Hosting.IPAddresses.country_code.valueStringThe country code value of IP addresses.
DomainTools.Pivots.PivotedDomains.Hosting.IPAddresses.country_code.countNumberThe country code count of IP addresses.
DomainTools.Pivots.PivotedDomains.Hosting.IPAddresses.isp.valueStringThe ISP value of IP addresses.
DomainTools.Pivots.PivotedDomains.Hosting.IPAddresses.isp.countNumberThe ISP count of IP addresses.
DomainTools.Pivots.PivotedDomains.Hosting.IPCountryCodeStringThe country code of the IP address.
DomainTools.Pivots.PivotedDomains.Hosting.MailServers.domain.valueStringThe domain value of the Mail Servers.
DomainTools.Pivots.PivotedDomains.Hosting.MailServers.domain.countNumberThe domain count of the Mail Servers.
DomainTools.Pivots.PivotedDomains.Hosting.MailServers.host.valueStringThe host value of the Mail Servers.
DomainTools.Pivots.PivotedDomains.Hosting.MailServers.host.countNumberThe host count of the Mail Servers.
DomainTools.Pivots.PivotedDomains.Hosting.MailServers.ip.valueStringThe IP address value of the Mail Servers.
DomainTools.Pivots.PivotedDomains.Hosting.MailServers.ip.countNumberThe IP address count of the Mail Servers.
DomainTools.Pivots.PivotedDomains.Hosting.SPFRecordStringThe SPF record Information.
DomainTools.Pivots.PivotedDomains.Hosting.NameServers.domain.valueStringThe domain value of DomainTools Domains NameServers.
DomainTools.Pivots.PivotedDomains.Hosting.NameServers.domain.countNumberThe domain count of DomainTools Domains NameServers.
DomainTools.Pivots.PivotedDomains.Hosting.NameServers.host.valueStringThe host value of DomainTools Domains NameServers.
DomainTools.Pivots.PivotedDomains.Hosting.NameServers.host.countNumberThe host count of DomainTools Domains NameServers.
DomainTools.Pivots.PivotedDomains.Hosting.NameServers.ip.valueStringThe IP address value of DomainTools Domains NameServers.
DomainTools.Pivots.PivotedDomains.Hosting.NameServers.ip.countNumberThe IP address count of DomainTools Domains NameServers.
DomainTools.Pivots.PivotedDomains.Hosting.SSLCertificate.hash.valueStringThe hash value of the SSL certificate.
DomainTools.Pivots.PivotedDomains.Hosting.SSLCertificate.hash.countNumberThe hash count of the SSL certificate.
DomainTools.Pivots.PivotedDomains.Hosting.SSLCertificate.organization.valueStringThe organization value of the SSL certificate.
DomainTools.Pivots.PivotedDomains.Hosting.SSLCertificate.organization.countNumberThe organization count of the SSL certificate.
DomainTools.Pivots.PivotedDomains.Hosting.SSLCertificate.subject.valueStringThe subject value of the SSL certificate.
DomainTools.Pivots.PivotedDomains.Hosting.SSLCertificate.subject.countNumberThe subject count of the SSL certificate.
DomainTools.Pivots.PivotedDomains.Hosting.RedirectsTo.valueStringThe Redirects To value of the domain.
DomainTools.Pivots.PivotedDomains.Hosting.RedirectsTo.countNumberThe Redirects To count of the domain.
DomainTools.Pivots.PivotedDomains.Analytics.GoogleAdsenseTrackingCodeNumberThe tracking code of Google Adsense.
DomainTools.Pivots.PivotedDomains.Analytics.GoogleAnalyticTrackingCodeNumberThe tracking code Google Analytics.

domaintools-whois-history#


The DomainTools Whois History API endpoint returns up to 100 historical Whois records associated with a domain name.

Base Command#

domaintools-whois-history

Input#

Argument NameDescriptionRequired
domainA domain name to query (e.g. example.com).Required
modeoptions: list, count, check_existence. list: (default), return whois records. count: return how many total records are available. check_existence: return if any records exist. Default: list. Possible values are: list, count, check_existence. Default is list.Optional
offsetnumeric, the index from which to begin retrieving results. Default: 0. Default is 0.Optional
limitnumeric, default: 100, max: 100, the total number of records to return. Default: 100. Default is 100.Optional
sortoptions: date_desc, date_asc. date_desc: (default), order records from newest to oldest. date_asc: sort order records from oldest to newest. Default: date_desc. Possible values are: date_desc, date_asc. Default is date_desc.Optional

Context Output#

PathTypeDescription
DomainTools.History.ValueunknownName of domain.
DomainTools.History.WhoisHistoryunknownDomain Whois history data.

domaintools-hosting-history#


Hosting History will list IP address, name server and registrar history.

Base Command#

domaintools-hosting-history

Input#

Argument NameDescriptionRequired
domainA domain name to query (e.g. example.com).Required

Context Output#

PathTypeDescription
DomainTools.History.ValueunknownName of domain.
DomainTools.History.IPHistoryunknownDomain IP history data.
DomainTools.History.NameserverHistoryunknownDomain Nameserver history data.
DomainTools.History.RegistrarHistoryunknownDomain Registrar history data.

domaintools-reverse-whois#


The DomainTools Reverse Whois API provides a list of domain names that share the same Registrant Information. You can enter terms that describe a domain owner, like an email address or a company name, and you’ll get a list of domain names that have your search terms listed in the Whois record.

Base Command#

domaintools-reverse-whois

Input#

Argument NameDescriptionRequired
terms(default) List of one or more terms to search for in the Whois record, separated with the pipe character ( | ).Required
excludeDomain names with Whois records that match these terms will be excluded from the result set. Separate multiple terms with the pipe character ( | ).Optional
onlyHistoricScopeShow only historic records. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
DomainTools.ReverseWhois.ValueunknownSearch term to reverse whois lookup on.
DomainTools.ReverseWhois.ResultsunknownList of results for reverse whois lookup.

domaintools-whois#


The DomainTools Parsed Whois API provides parsed information extracted from the raw Whois record. The API is optimized to quickly retrieve the Whois record, group important data together and return a well-structured format. The Parsed Whois API is ideal for anyone wishing to search for, index, or cross-reference data from one or multiple Whois records.

Base Command#

domaintools-whois

Input#

Argument NameDescriptionRequired
queryA domain name or IP address (e.g. example.com or 192.168.1.1).Required

Context Output#

PathTypeDescription
Domain.NameunknownRequested domain name.
Domain.WhoisunknownParsed Whois data.
Domain.WhoisRecordsunknownFull Whois record.