Product Details

What is Passive DNS data?

This is anonymized DNS query data, collected from recursive DNS servers around the world. A number of different record types are collected including: A, AAA, NS, MX, CNAME, TXT, SPF, SOA, SRV, PTR. Our Passive DNS database shows the connections between these different internet records.

The Spamhaus team of researchers use this tool on a daily basis to assist with their investigations and research.

Who can use Passive DNS?

  • Security professionals
  • Brand Protection Specialists
  • Malware Researchers
  • Penetration Testers

How can Passive DNS be accessed?

Web interface – designed for information security professionals and cyber incident response analysts who want to carry out digital forensics. It is also useful for security researchers who want to investigate what sort of activity is associated with particular IP ranges, or analyze the relationships between DNS queries and responses.

API – for security vendors and expert users who wish to integrate our raw datasets with their own software and security platforms.

Continuous data feed – or inclusion into third-party security products and organizations, including those of law enforcement agencies, who wish to continuously monitor live recursive DNS traffic to aid the identification of new malicious domains, emerging threats, or cybercriminal trends.

How can you use Passive DNS data?

Searching real time and historic Passive DNS data enables you to undertake a multitude of research tasks:

  • Investigate suspicious domains by revealing their current and historical IP address associations.
  • Research IP addresses or domains that have raised suspicion and see if it’s a single entity or multilayered operation.
  • Reveal the health of your hosting network by discovering what other domains and organizations are associated with the IP blocks and nameservers used by your hosting provider.
  • Analyze lookalike domains to evaluate their threat potential.
  • Detect infringement of your copyright and brands, by detecting spoofed domains.
  • Uncover previously unknown areas of your network by searching for subnets of domains.
  • Reduce the need for complex reverse engineering when dealing with malware.
  • Ensure marketing service providers and affiliated marketing platforms are not damaging your brand.

Pricing – Monthly subscriptions

  • BASIC – Free – 20 queries per day, 200 queries per month
  • CLASSIC – $250 per month – 100 queries per day, 1,500 queries per month
  • PRO – $850 per month – 1,000 queries per day, 20,000 queries per month
  • ENTERPRISE – POA – 10,000 queries per day, 200,000 queries per month

For full details, download our pricing PDF.