Passive DNS

Passive DNS

Passive DNS data provides you with increased visibility across the internet infrastructure. This simple to use and effective investigation tool speeds up cyber research and investigations.

Get started

Build a picture of potential threats across global networks

Integrates with security & analytics tools

Identify fake & fraudulent brands online

Risk Management

Modern IT encompasses an eco-system of cloud services, supply chain infrastructure, hybrid hosting and more…a world where risks and dependencies can easily be hidden. Passive DNS uncovers connections and allows for better risk mitigation and more informed decisions about services being used.

Reputation and revenue protection

A brand is only as good as its online reputation and the proliferation of TLDs (there are currently more than 1,000) has meant an explosion in spoofed and faked brands. domains. The rise in mobile devices and messaging Apps has also made it easier for criminals to use lookalike domains to trick users because they are harder to spot on smaller screens. Passive DNS identifies lookalike and fake domains with ease.

Big data insight

Millions of domains are generated annually and the constant increase in the number of TLDs means that there is a huge amount of data to track and record.. However Deteque’s Passive DNS cluster handles more than 200 million DNS records per hour and stores hundreds of billions of record per month, allowing you to search this vast database easily.

Passive DNS is a constantly updated dataset showing in real-time which host names have been resolving to which IP addresses, and when. Data points are combined from around the world, giving you the power to build a picture of potential threats that cannot be seen from a single network.

Query the Passive DNS database via Deteque’s web interface or API to see domains and IP addresses which are suspects in Security & Incident Event Management (SIEM) investigations. Data sets can be further analyzed by users’ own tools to show whether these domains/IP addresses exhibit unusual or suspicious behavior. Deteque users can also receive data as a constant data feed, for continuous integration into existing SIEM and analytics tools and their own proprietary products.

Download the Overview

Security Professionals

Investigate domains or IP addresses that have raised suspicion, and find out if it is a single malicious IP or a complex multilayered operation.
Using Passive DNS for Security Professionals

Brand Protection Specialist

Intellectual Property and marketing specialists who need to identify misuse or spoofing of a brand or trademark. Passive DNS identifies shadow domains, typo squatting, spoofed domains/websites, noting when they have been active and how they are associated with other domains.
Using Passive DNS for Brand Protection

Penetration Testers

Can search for all the DNS records relating to the subnets of domains under investigation and any infrastructure interest. Use Passive DNS to drill down into the newly discovered networks.
Using Passive DNS for Penetration Testers

Malware Researchers

Ease the burden on Malware Researchers by reducing the need for complex reverse engineering when dealing with malware.
Using Passive DNS for Malware Researchers

A beginner's Guide to Passive DNS

Choose the monthly subscription that's right for you

Most popular

Ideal for users with very low query volumes and limited budget.


Ideal for individuals with low to medium query volume requirements, including Pen Testers & Security Researchers.


Ideal for subject matter experts and businesses with medium to high usage requirements with access to full features. Includes Security, Research and Brand Protection teams.

EnterpriseContact us for
pricing options

Ideal for companies intending to integrate Passive DNS data into their products.

Max queries per month 200 1,500 20,000 200,000
Max queries per day 20 100 1,000 10,000
Advanced features
i Exact match Yes Yes Yes Yes
i Left match - - Yes Yes
i Right match Yes Yes Yes Yes
i Word match - - Yes Yes
i Fuzzy match - - Yes Yes
i Internationalized domain name search - - Yes Yes
i First seen - - Yes Yes
i Last seen Yes Yes Yes Yes
i Limit - - Yes Yes
i Real-Time Data Feeds - - - Negotiable
Sign up

Start your service, no credit card required

Sign up

Sign up for a free account first and then upgrade via the portal

30 day free trial

30 day free unrestricted access to all our advanced features with no credit card required

Contact us

We will put together a personalized subscription based on your business needs

Why Deteque?

Deteque utilises Passive DNS data from Spamhaus, which is collected across the internet globally, from trusted third parties including hosting companies, enterprises, business & ISPs. We have 20 year track record of being a trusted third party and so our data is not just received from a narrow group of providers.

Is it GDPR compliant?

Data received from subscribers contains no Personally Identifiable Information (PII) so that there is no compromise of organizational, customer or employee data. All data is transported to Deteque with encryption in place. Passive DNS does not store which client (or person) made a query, just the fact that at some point in time, a domain has been associated with a specific DNS record . This ensures that privacy is maintained throughout the system.

Can I test it first?

Yes. Sign up for our 30 day free trial for the 'Pro' subscription to discover the full search capabilities Passive DNS offers. No credit card details are required, and if you don't want to continue with this plan you can move to the free Basic account at the end of the trial.

Engage with us on