This article describes the Intelligence Card Extension for Iris API from DomainTools.
DomainTools Iris delivers comprehensive domain profiles to threat analysts directly on the domain Intelligence Card, with insights on the domain's risk score, ownership, registration profile, hosting infrastructure, SSL certificates, web hosting characteristics, and more. The extension is driven by the DomainTools Iris Investigate API. You must have a subscription to DomainTools Iris and an API key to use this extension, but Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
You can enrich any Domain Intelligence Card using the following attributes obtained from DomainTools Iris:
- Domain risk scores from proximity and threat profile algorithms
- Whois, IP, active DNS, website & SSL data
- Counts of connected domains on most attributes
You can pivot in Recorded Future on these elements of the DomainTools Iris response:
- Hosting IP Address
- ASN number
- Nameserver domain, host and IP address
- Mailserver IP address and Domain
- Email Domain
- SSL Hashes and more
Example (for google.com):
Other Resources:
For more information about the DomainTools Iris platform, see https://www.domaintools.com/products/iris/