Product Update Timeline

Iris Platform

Iris Investigate

March 2024

  • pDNS Panel enhancements:
    • New “Scope” selector to filter results for just apex domains (domaintools.com), just subdomains (www.domaintools.com) or both apex and subdomains.
    • A new duration column that shows how long each result has been been seen.
    • In the date filters, a new option to choose “days-back” to quickly see recent results instead of choosing specific dates from the calendar picker.
    • Timestamps are now stored in UTC and displayed in local time per your browser. A mouse-over displays the UTC date/time.
  • IP Tools panel: The Ping and Traceroute functions are only run after users manually trigger them.

November 2023

  • Domain certificates are now gathered from monitoring certificate transparency logs. This provides faster updating of newly issued/renewed certificates on existing domains.

October 2023

  • Domain history: A replacement to Hosting History that tracks domain changes across DNS, Whois, SSL Certificates, Web Content, and more. History records can provide a “missing link” to find elusive ownership details or to confirm connection to other domains or IP addresses. Powerful filtering lets you separate the signal from noise and focus on the data that’s important to you.
  • User-triggered Whois collection: Selecting the “Update Domain” control for one or multiple domains will now trigger a Whois lookup in addition to screenshot, web content and SSL certificate.

September 2023

  • New web trackers: Support for 8 new web trackers was added, including Google Analytics 4, Google Tag Manager, Facebook Metapixel, Baidu, and more. Trackers can be guided pivots and are available as parameters in advanced searches.

August 2023

  • CIDR IP queries in pDNS panel – see pDNS results for all IPs in a CIDR range.

July 2023

IP Profile:

  • For domains hosted on the IP, use the right-click operations menu to see Pivot Preview (if appropriate) and add as a filter to the investigation.
  • In the pDNS preview pane, added First/Last Seen, Count:

June 2023

Major SSL Certificate Enhancements

  • Certificate gathering as part of screenshot gathering – speeds certificate acquisition for newly active domains
  • Added Issuer Common Name and Subject Alt Names to Pivot Engine
  • New field “duration” represents the number of days a certificate is valid
  • Additional fields supported in UX Advanced Search and API responses:
    • Issuer Common Name
    • Subject Common Name
    • Subject Alt Names
    • Not Before and Not After validity dates
    • Duration of certificate validity

April 2023

Iris Investigate Refresh

  • Updated Web UX
  • Simplified panel management for improved ease of use
  • Inspect view for IP enrichment
  • Enhanced visualization panel
  • New data fields in UX & API
    • First Seen showing when domains are discovered as newly active
    • Website Title, Web Response & Server Type – gathered with screenshots

June 2022

  • Near real-time discovery of newly active domains vs. daily batch updates of entire data, improving discovery of newly active domain by an average of 20+ hours
  • Near real-time provisional risk scoring for Phishing and Proximity following domain discovery
  • Daily DNS resolution of all active domains

October 2021

  • Modernized screenshot gathering with strong fidelity improvements to screenshots show in Iris Investigate.

Iris Enrich API

September 2023

  • Web tracker codes added as new fields:  Support for 8 new web trackers was added, including Google Analytics 4, Google Tag Manager, Facebook Metapixel, Baidu, and more.

June 2023

  • Additional SSL Certificate fields:
    • Issuer Common Name
    • Subject Common Name
    • Subject Alt Names
    • Not Before and Not After validity dates
    • Duration of certificate validity

April 2023

  • New data fields
    • First Seen showing when domains are discovered as newly active
    • Website Title, Web Response & Server Type

Iris Detect

August 2023

  • Domain History upgrade to new database, significantly improving response times for data retrieval.

November 2022

  • New API query parameter for the /domains endpoints “discovered_before”. Can be used with “discovered_since” parameter to query for domains discovered within a specific time window.

DNSDB

DNSDB Scout

Latest releases:

August 13, 2024 v2.5.6

  • Added controls for copying individual cells and whole rows from the search results table.
  • Added an option to display times using the browser-defined Local Timezone, as an alternative to the default UTC time display.
  • Updated the Support email link.
  • Added a Research button for quickly researching a domain using Iris Investigate.

June 21, 2024 v2.5.5

  • Added pagination controls above the search results table to reduce the need for scrolling.
  • Fixed a bug when visiting shared query URLs, where the RData Input Mode always defaulted to Name, even when IP or Network or Raw Hex modes were used in the query.
  • Fixed a bug where some font styles were displaying as bold when using Safari.

December 14, 2023 v2.5.4

  • Adds CNAME Chasing functionality

August 8 2023 v2.5.3

  • Added NULL RRType to Standard Search dropdown

July 11 2023 v2.5.2

  • Added sharable query links and copy shortcuts
  • Fixed bug where reversed RRNames wouldn’t sort consistently

April 12 2023 v2.5.1

  • Removed all DNSDB Community Edition (DCE) features following service sunset.
  • Theme settings reset for all users following new theme additions

Mar 15 2023 v2.5.0

  • Added a new DomainTools Light and DomainTools Dark theme option
  • Updated copyright and license notices to reflect DomainTools acquisition of Farsight Security, Inc.

DNSDB

April 28, 2023 – Time fencing optimizations

Threat Intelligence Feeds

Jul 19, 2023 Domain and IP Hotlist improvements to more tightly leverage passive DNS information to indicate domain activity

May 25, 2023 Filtered Domain Hotlist RPZ preview availability

April 11, 2023 SIE: AXA Client and Server Update

Resolves authentication issue. AXA tool update. Retires Tech Debt.

  1. AXA tools & library
  2. AXA servers
  3. ERP agent for Axa
  4. ERP client for Axa

April 28, 2023 DNSDB Export – resume download functionality

June 2021 IP Hotlist, Hosted IP List

April 2020, Domain Hotlist 

April 2020, COVID 19 Threat List, was deployed until June 30, 2021.

Feb 2018, Release of Threat Profile. Initial feeds released at the same time

2015, Proximity feed released

Risk Scoring

March 7, 2024 Risk Score improvements to Proximity scoring for feeds, and blocklist updates.

March 8, 2023 Threat Profile Release – Set of improvements to Risk Scoring, specifically to our three Threat Profile classifiers as well as our PhastPhish provisional Risk Scoring classifier.

June 30, 2022 release of PhastPhish classifier as part of the release of Iris Detect

Sept 2021: Threat Profile Release – Improvements to core ML classifiers.

June 2020: Threat Profile Release – improvements to threat profile in response to COVID domains

November 2019: Threat Profile Release – Improvements to Threat Profile: daily model building, moved core processing from HC01 hadoop cluster to HCProd; re-write of core codebase in pyspark

February 2018: Release of Threat Profile. New UX in Iris, new API fields for Iris APIs. New Risk API endpoint created.

2015: Proximity score released.

Integrations

Splunk

Release notes

Release Milestones: (see all)

4.4.3 – December 18, 2023

Changes and Fixes

  • Fixes read only file system error when updating suffix list.
4.4.2 – October 3, 2023

Changes and Fixes

  • Resolves an installation issue on distributed Splunk 9 clusters using Splunk’s new folder structures
  • Resolved an issue with the Iris Detect Monitors page causing repeated queries on page load
  • Fixes consistency between panel reporting and result sets on the Threat Intelligence and Monitoring Pages
  • Adds a “no_cache” option to dtirisinvestigate to bypass the local KV store lookup, forcing an API call
  • Removed hard-coded ports from most functions (a notable exception being DNSDB functions), deferring to the Server Settings -> General Settings, management port.
  • Fixes some Iris Detect logs not showing on the diagnostic panel.
4.4.1 – May 8, 2023

Changes and Fixes

  • Removes the need to separately install the app on indexers. Installing on the search head will automatically update content on the indexers.
  • Resolves an issue enriching domains containing non-ASCII and uppercase characters.
  • Fixes an issue on the Threat Intel page where the threat map would not update based on the applied filter.
  • Fixes the on-click link for the threat map on the Monitoring Dashboard.

4.4 (GA, On-Prem and Cloud) – March 27, 2023

New:

  • Added an inline Passive DNS lookup command, dtdnsdbenrich.
  • All pages have been rebuilt using SimpleXML and React, resolving HTML dashboard warnings and removing dependencies on older versions of jQuery.

Deprecated:

  • Removed support for PhishEye (replaced by Iris Detect)
  • Stopped replicating KV stores to indexers (an unused feature taking up space on indexers, but if you miss it, please let us know!)

Changes and Fixes:

  • The Iris Detect page has been separated into two pages: an Iris Detect Dashboard and Iris Detect Monitored Term setup page.
  • Added an inline_results option to dtirisenrich to preserve previous fields, if desired.
  • Resolved an issue that would cause Iris Detect domains to be imported into Splunk, regardless of whether or not a monitored term was enabled.
  • Resolved an issue on Splunk 9 when Iris Detect domains would not be imported at all.
  • Domains with parsing issues are logged (if Diagnostic Panel is enabled) and skipped, resolving a queue builder error in some environments.
  • Improved in-app documentation and syntax highlighting on custom search commands.

Splunk SOAR

Jul 14, 2023 – v1.4.1
  • All Iris Investigate and Iris Enrich queries now support batch lookups of up to 100 comma-separated domain inputs
  • Added support for additional Iris fields: “first seen”, “server type”, and “website title”
  • Pivot action adds support for additional operators: “create date within”, “first seen within”, and “first seen since”
  • Added pagination on pivot responses (returns up to 5000 domains, sorted by risk score)
  • “Lookup Domain” action displays and adds outbound links to pivot in Iris Investigate when a domain has up to 500 connected domains on a data point
  • Added support for proxies
  • Minor UI improvements
  • Updated python libraries

Full version history

Microsoft Sentinel

February 21, 2023: V1.0 Initial Release. Supports DNSDB, Iris Enrich and Iris Investigate in Sentinel

Cortex XSOAR

July 5, 2023: Iris Detect for Cortex XSOAR Initial Release

MISP

April 5 2023: MISP 2.0

  • Added Iris Detect & Iris Enrich support
  • Refreshed the available Iris Investigate fields
  • Deprecated the reputation endpoint (Use risk score)

Tooling

July 9, 2024: nmsgtool

  • Support for Kafka input/output in JSON and binary form

    • Limitation: Only plaintext, unencrypted, unauthenticated connections to Kafka are currently supported. SSL support, and support for client authentication with Kafka will be added in a future release.

DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2025 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap