Passive DNS

Business Benefits

Spamhaus’ Passive DNS data checks DNS infrastructure connections and identifies which have historic links to one another. This allows investigators to locate new threats from a single point and block related menaces.

Enrich existing data sources
Supplement your data sources with Spamhaus' Passive DNS data to increase insight.
Reduce investigation times
Quickly access information required to progress criminal investigations and cyber research.
Protect your online brand
Minimize potential reputation damage from both internal and external sources.

Features

Accessibility of data

Data can be accessed via API or a continuous data feed.

Rapid query results

Optimized infrastructure to provide API based queries with a minimal amount of latency.

Easy to use API

A simplified API with technical assistance available.

Quality of Data

A wealth of data from our global DNS sensor network provides deeper insight.

Product Details

What is Passive DNS data?

This is anonymized DNS query data, collected from recursive DNS servers around the world. A number of different record types are collected including: IPs, domains, hosts, name servers, and canonical names. Our Passive DNS database shows the connections between these different internet records.

The Spamhaus team of researchers uses this passive DNS data on a daily basis to assist with their investigations and research.

Who can use Passive DNS?

A multitude of roles can benefit from using Passive DNS including:

Security professionals
Brand Protection Specialists
Malware Researchers

Find out how fTLD, the registry behind .bank and .insurance utilize Passive DNS data to ensure they have some of the most secure top-level domains in the industry.

How can Passive DNS be accessed?

API – for security vendors and expert users who wish to integrate our raw datasets with their own software and security platforms.

Continuous data feed – for inclusion into third-party security products and organizations, including those of law enforcement agencies, who wish to continuously monitor live recursive DNS traffic to aid the identification of new malicious domains, emerging threats, or cybercriminal trends.

How can you use Passive DNS data?

Searching real time and historic Passive DNS data enables you to undertake various research tasks:

Investigate suspicious domains by revealing their current and historical IP address associations.
Research IP addresses or domains that have raised suspicion and see if it’s a single entity or multilayered operation.
Reveal the health of your hosting network by discovering what other domains and organizations are associated with the IP blocks and nameservers used by your hosting provider.
Analyze lookalike domains to evaluate their threat potential.
Detect infringement of your copyright and brands by detecting spoofed domains.
Uncover previously unknown areas of your network by searching for subnets of domains.
Reduce the need for complex reverse engineering when dealing with malware.

Resources

A surge of malvertising across Google Ads is distributing dangerous malware

2 February 2023

News

Recently, researchers have witnessed a massive spike affecting famous brands, with multiple malware being utilized. This is not “the norm”. Here’s what researchers are observing and a theory on this tsunami of abuse.

Learn more

SERVICE UPDATE | Free Passive DNS Service is being deprecated

25 May 2022

News

To make way for a new free Passive DNS search tool, Spamhaus will be deprecating its free passive DNS service, which will no longer be available as of June 24th, 2022.

Learn more

fTLD Registry effortlessly analyzes its zones with Passive DNS

30 March 2022

Case Study

fTLD, the registry behind .bank, turns to Passive DNS to ease the burden of compliance.

Learn more

Business Benefits

Enrich existing data sources

Reduce investigation times

Protect your online brand

Features

Accessibility of data

Rapid query results

Easy to use API

Quality of Data

Product Details

What is Passive DNS data?

Who can use Passive DNS?

How can Passive DNS be accessed?

How can you use Passive DNS data?

Data for Investigation

Sign up for your free trial

Resources

A surge of malvertising across Google Ads is distributing dangerous malware

SERVICE UPDATE | Free Passive DNS Service is being deprecated

fTLD Registry effortlessly analyzes its zones with Passive DNS