Access Spamhaus' passive DNS (pDNS) database through a simple API with historical context and rapid, actionable insight into DNS infrastructure — including capturing CNAMEs, nameservers, TXT, MX, and other query responses.
Enable analysts to trace malicious domains, track infrastructure changes, and investigate cyber threats by revealing how DNS records have evolved over time across the internet.
Optimized infrastructure ensures low-latency API queries, delivering results in near real time.
A simplified API supporting a variety of query types, with technical assistance available.
A wealth of data from our extensive DNS sensor network provides comprehensive historical visibility.
Uncover historical, and up-to-the-moment DNS infrastructure connections from Spamhaus’ Passive DNS (pDNS) database — the same data used daily by Spamhaus researchers to assist their investigations and research.
Easily integrate the pDNS API with your applications to enrich existing data feeds, or use it as an independent data source, giving analysts additional context for domains or IPs.
Why are there two different names for the data?
Our datasets have been supporting users for a very long time. With new users requesting our support, the dataset names are being updated for clearer understanding. We’re documenting two names, for now, to best support all users.
From SOC teams to Incident response analysts, our Passive DNS API can be integrated directly into existing platforms, tools and workflows to assist research and investigations.
Boost the efficiency and depth of your threat hunting by pivoting quickly from a single indicator to a broader set of related DNS infrastructure. Passive DNS via API uncovers historical links between domains and IPs, revealing intelligence that would otherwise remain hidden.
With additional DNS context, detect newly active malicious domains, track emerging threats, and map related infrastructure, opening up new paths for proactive threat hunting.
Starting with a single domain or IP, easily pivot from one indicator to uncover a set of connected infrastructure and accelerate investigations.
By contextualising domains and IPs, i.e. how they are historically linked, passive DNS exposes previously unknown intelligence just beneath the surface.
Use the data to identify associated domains and related subdomains, spot suspicious patterns linked to DGAs (Domain Generated Algorithm), and open up new paths for investigation.
Passive DNS (pDNS) data via API enables security teams to enhance existing threat intelligence data streams with rich historical DNS resolution data - seamlessly integrating into SIEMs, SOAR platforms or other threat intelligence tools.
From incident response and forensics, to threat hunting, pDNS via API provides actionable intelligence. With enriched visibility, organizations can identify threats more efficiently, track malicious infrastructure, and accelerate investigations.
Easily plug pDNS data into existing threat intelligence platforms via API, enhancing workflows without adding complexity.
Add targeted historical DNS context to existing workflows and alerts.
Quickly identify new malicious domains, track emerging threats, and spot cybercriminal infrastructure trends.
Simply complete the form and submit. No credit card or payment details are required for the free trial.
What happens next?
Once you’ve completed the form to trial the Passive DNS via API, one of our team will be in touch to get you set up with access.
Need help?
If you have any questions, please add them to the comments box below. Once you gain access to the data, technical support is available via our Customer Portal.
How can I purchase the data?
During your free trial, you can request a quote in the Customer Portal to get the subscription cost based on your setup. You can also enable trials of additional datasets via the Customer Portal.
Get a free 30-day trial of the Passive DNS via API. No credit card details required.
It is a log of DNS queries and answers over time, recording the mappings between domain names and IP addresses. The data consists of anonymized DNS queries, collected from recursive DNS servers worldwide. It includes a number of different internet records including: IPs, domains, hosts, name servers, and canonical names. Using the Passive DNS Real Time Feed, you can uncover the connections between these records.
You can learn more about where passive DNS data comes from in "What is Passive DNS? A beginner’s guide".
Data Access
A firehose of Passive DNS data, get updates as soon as they are generated with minimal or no delay. This provides immediate access for up-to-date information on DNS infrastructure connections.
Data Access
High-impact data, dedicated to malware indicators, from a globally diverse, knowledge-rich community. Access enterprise-grade intelligence, with reliability and scale, to enrich, hunt and track with clarity and confidence.
Data Access
Integrate context-rich metadata relating to IP and domain reputation to enhance existing data feeds, or consume as an independent data source. Gain additional intelligence to monitor, assess and remediate as required.