Passive DNS

Passive DNS

Passive DNS allows you to uncover patterns of malicious activity from networks across the world. Global threat data that’s a powerful boost to your security analytics and online brand protection.

Get started

Build a picture of potential threats across global networks

Integrates with security & analytics tools

Identify fake & fraudulent brands online

Risk Management

Modern IT encompasses an eco-system of cloud services, supply chain infrastructure, hybrid hosting and more…a world where risks and dependencies can easily be hidden. Passive DNS uncovers connections and allows for better risk mitigation and more informed decisions about services being used.

Reputation and revenue protection

A brand is only as good as its online reputation and the proliferation of TLDs (there are currently more than 1,000) has meant an explosion in spoofed and faked brands. domains. The rise in mobile devices and messaging Apps has also made it easier for criminals to use lookalike domains to trick users because they are harder to spot on smaller screens. Passive DNS identifies lookalike and fake domains with ease.

Big data insight

Millions of domains are generated annually and the constant increase in the number of TLDs means that there is a huge amount of data to track and record.. However Deteque’s Passive DNS cluster handles more than 200 million DNS records per hour and stores hundreds of billions of record per month, allowing you to search this vast database easily.

Passive DNS is a constantly updated dataset showing in real-time which host names have been resolving to which IP addresses, and when. Data points are combined from around the world, giving you the power to build a picture of potential threats that cannot be seen from a single network.

Query the Passive DNS database via Deteque’s web interface or API to see domains and IP addresses which are suspects in Security & Incident Event Management (SIEM) investigations. Data sets can be further analyzed by users’ own tools to show whether these domains/IP addresses exhibit unusual or suspicious behavior. Deteque users can also receive data as a constant data feed, for continuous integration into existing SIEM and analytics tools and their own proprietary products.

Download the Overview

Security Professionals

Investigate domains or IP addresses that have raised suspicion, and find out if it is a single malicious IP or a complex multilayered operation.
Using Passive DNS for Security Professionals

Brand Protection Specialist

Intellectual Property and marketing specialists who need to identify misuse or spoofing of a brand or trademark. Passive DNS identifies shadow domains, typo squatting, spoofed domains/websites, noting when they have been active and how they are associated with other domains.
Using Passive DNS for Brand Protection

Penetration Testers

Can search for all the DNS records relating to the subnets of domains under investigation and any infrastructure interest. Use Passive DNS to drill down into the newly discovered networks.
Using Passive DNS for Penetration Testers

Malware Researchers

Ease the burden on Malware Researchers by reducing the need for complex reverse engineering when dealing with malware.
Using Passive DNS for Malware Researchers

A beginner's Guide to Passive DNS

Choose the service that's right for you

Free$0 Basic$250 Pro$1,500 Enterprise$5,000
Max queries per month 200 1,500 20,000 200,000
Max queries per day 20 100 1,000 10,000
Advanced search and ‘first-seen’ feature
Sign up

Start your service, no credit card required

Sign up

Price is US$ per month

Sign up

Price is US$ per month

Sign up

Price is US$ per month

Custom - 200,000+ queries per month

Real Time data feeds: Ideal for security teams performing multiple investigations across complex networks, constant monitoring for Brand and Intellectual Property protection.
Contact us to discuss your requirements

Contact us
Why Deteque?

Deteque utilises Passive DNS data from Spamhaus, which is collected across the internet globally, from trusted third parties including hosting companies, enterprises, business & ISPs. We have 20 year track record of being a trusted third party and so our data is not just received from a narrow group of providers.

Is it GDPR compliant?

Data received from subscribers contains no Personally Identifiable Information (PII) so that there is no compromise of organizational, customer or employee data. All data is transported to Deteque with encryption in place. Passive DNS does not store which client (or person) made a query, just the fact that at some point in time, a domain has been associated with a specific DNS record . This ensures that privacy is maintained throughout the system.

Can I test it first?

There’s free entry level service to get started so it can be tested first before upgrading to a paid for service with greater features.

Engage with us on