Document toolboxDocument toolbox

Dossier Source Descriptions

Owned by Gary Leicht
Last updated: Sept 06, 2024
3 min read

The Dossier™ threat indicator research tool offers the following features. Using the Dossier toolset, users may make accurate decisions more quickly and with greater confidence based on the contextual information obtained from a dozen sources simultaneously. Dossier source descriptions are as follows:

  • Infoblox
    This is Infoblox’s flagship data collection. Queries are executed against all data within Infoblox and data provider subscriptions.

  • Current DNS (dns)
    Search results from Current DNS provide all the available information about a given hostname from DNS nameservers.

  • Global Custom Search (gcs)
    Global Custom Search, or GCS, searches anti-virus analysis pages, malware analysis blogs and other related malware/RCE websites. Global Custom Search is a platform provided by Bing that allows web developers to feature specialized information in web searches, refine and categorize queries, and create customized search engines.

  • Geolocation (geo)
    The geolocation tool plots the identified coordinates on a map, providing city-level accuracy. Other information including ISP, city, region, lat/long, and country are also included.

  • Google Web Risk (gwr)
    Google Web Risk (GWR), formally Google Safe Browsing, is a Google service that enables applications to check URLs against Google’s constantly updated lists of suspected phishing, malware, and unwanted software pages.

  • InfoRanks
    InfoRanks provides statistically significant results for domains possessing a high level of confidence. True rank is determined based on the domain's likely range and its most likely rank within a range. Rank ranges for domains as provided by InfoRanks can give insights about rank stability, where highly popular domains will possess low rank ranges, while less popular domains will have larger rank ranges. Do note that domains possessing a low level of confidence are not included in the list.

  • iSIGHT
    iSIGHT Partners is the leading provider of global cyber threat intelligence, delivering unparalleled insight into your cyber adversaries, their motives and methods. iSIGHT provides instant reporting on threat actors targeting organizations, plus related Indicators of Compromise (IOCs) to help prioritize relevant threats, speed detection of advanced attacks, and bolster responses to minimize further risk. iSIGHT is available as a separate subscription and is not automatically included with Dossier.

  • Passive DNS (pdns)
    Passive DNS is the historical DNS record for hostnames. When searching a hostname, Passive DNS will return all IPs that hostname has resolved to and those that were caught by the Passive DNS sensors in the previous 12 months. When searching an IP, Passive DNS will return all hostnames that have pointed to that IP. Note that not every DNS change is caught, so there will be missing information.

  • Reverse DNS
    The Reverse DNS tool performs a reverse DNS lookup of an IP address by searching domain name registry and registrar tables.

  • Reverse Whois (rwhois)
    DomainTools’ Reverse Whois lookup API allows a lookup in Whois records that contain a string. This is typically used for identifying information like an email address or name. The results can reveal related, registered domains. The WHOIS data may differ slightly between the UI and API results. This is by design.

  • Malware Analysis
    Data collection of malicious content detected by aggregation of antivirus engines and website scanners.

  • Nameserver Reputation
    Nameserver reputation information is obtained from DNS records when available.

  • ThreatFox
    ThreatFox collects, tracks, and reports indicators of compromise (IOCs) associated with malware.

  • URLHaus
    URLHaus collects, tracks, and shares malware URLs, helping network administrators and security analysts protect their network and customers from cyber threats.

  • Whois
    DomainTools’ Whois lookup API provides the ownership record for a domain name or IP address with basic registration details, all in a well-structured format that groups together important data. The WHOIS data may differ slightly between the UI and API results. This is by design.

    .