Passive DNS – Deteque’s newest releaseMay 27, 2019
Deteque is delighted to announce the latest release of our Passive DNS service. This is a simple to use, effective and fast investigation tool, available via a web browser or API. With all the expected features of Passive DNS, including ‘Forward’ & ‘Reverse’ searches, we also have unique features including ‘Fuzzy’ search and International Domain Name (IDN) support. Want to find out more?…
Who should consider using Passive DNS?
Security Professionals, Malware Researchers, Brand Protection Specialists, Penetration Testers, among others.
Why use Passive DNS?
Deteque’s Passive DNS speeds up cyber research and investigations, providing you with increased visibility across the internet. By simply entering a single domain name or IP address, in addition to specific search parameters, you can quickly pivot to new areas of potential ‘badness,’ viewing real-time & historic Passive DNS data.
Watch out for our’ How to Use’ videos over the coming weeks to get a deeper understanding of how you can utilize this tool.
Features of Deteque’s Passive DNS
As with most Passive DNS tools, it is possible to run the following basic searches:
Forward search – on rrname queries (e.g., exampledomain.com)
Reverse search – on rrdata queries (e.g., 123.456.7.89)
There are also a multitude of filters you can utilize to fine tune your search. In addition to the basic date and ‘Record Type’ filters, e.g., ‘A’ or ‘CNAME,’ we have several filters that are unique to Deteque: Word Search, Left Match, Fuzzy Search & IDN Support. Here’s a brief overview of some of the filters you can apply when running a query:
Exact match – Search for an exact match in the database of your requested query.
Right match – Perform a “right match” searching for the records which have the requested string on the rightmost side. (example: *.google.com)
Left Match – Perform a “left match” searching for the records which have the requested string on the leftmost side. (example: www.google.*)
Word Match – Search for a single string in the target field
Last & First Seen Date – the dates you want the query to return results to and from.
Fuzzy search – Search for domains where one or multiple characters have been altered: Select the number of characters you want to be different from the original domain to reveal a host of spoofed domains.
IDN: Search for internationalized domain names once their “confusable” characters have been replaced with their normalized homoglyphs. e.g. “xn--aple-csa.com” is shown as “apþle.com“. For more information on this new function, click here.
Where does the data come from?
Deteque leverages Passive DNS data from Spamhaus, who have been providing threat intelligence to the industry for over 20 years. Spamhaus collect the data from trusted third parties across the globe. For a more in-depth look at Passive DNS data, click here.
How much does it cost?
If you have low usage requirements or are wanting to trial the product, you can get 200 queries per month for free (no credit card details requested). Should you require a more substantial plan, we won’t tie you into a contract; instead, we give you the flexibility to change your plan monthly to meet your ever-changing business requirements. Details of the plans are outlined here.