Passive DNS

Follow malicious infrastructure across its whole history

Look up any domain or IP and get its historical resolutions, plus the malware-family context tied to related infrastructure. Built for analysts pivoting from one indicator to the next.

Free evaluation key · no credit card · live in minutes

Drops straight into the tools your SOC already runs

What you can query

Investigate infrastructure, not just indicators

A single domain or IP rarely tells the whole story. Query our passive DNS to see what else that infrastructure has touched, when, and whether it connects to tracked malware families.

  • Historical A resolutions for any domain or IP
  • Domain-to-IP and IP-to-domain pivoting across resolution history
  • First-seen and last-seen timestamps for every resolution
  • Malware-family context on related infrastructure
  • Communicating malware samples and detected URLs tied to a lookup

How it works

Live in your workflow in minutes

Query the API directly, or enrich indicators without leaving MISP using the same passive-DNS data through our MISP enrichment module.

  1. Request an evaluation API key — no credit card required.
  2. Query the REST API directly, or enable the PrecisionSec MISP enrichment module.
  3. Pivot across the returned domains, IPs and malware-family context.

Request access

Get a passive DNS API key

Tell us about your use case and we'll follow up within one business day with an evaluation API key and setup instructions.

Already using MISP? The same data is available through the MISP enrichment module instead.

Request a passive DNS API key

Ready to pivot on infrastructure?

Request a free evaluation API key and start querying passive DNS across the malware, C2 and ransomware infrastructure we track.

Request an API key