Passive DNS
Follow malicious infrastructure across its whole history
Look up any domain or IP and get its historical resolutions, plus the malware-family context tied to related infrastructure. Built for analysts pivoting from one indicator to the next.
Free evaluation key · no credit card · live in minutes
Drops straight into the tools your SOC already runs
What you can query
Investigate infrastructure, not just indicators
A single domain or IP rarely tells the whole story. Query our passive DNS to see what else that infrastructure has touched, when, and whether it connects to tracked malware families.
- Historical A resolutions for any domain or IP
- Domain-to-IP and IP-to-domain pivoting across resolution history
- First-seen and last-seen timestamps for every resolution
- Malware-family context on related infrastructure
- Communicating malware samples and detected URLs tied to a lookup
How it works
Live in your workflow in minutes
Query the API directly, or enrich indicators without leaving MISP using the same passive-DNS data through our MISP enrichment module.
- Request an evaluation API key — no credit card required.
- Query the REST API directly, or enable the PrecisionSec MISP enrichment module.
- Pivot across the returned domains, IPs and malware-family context.
Request access
Get a passive DNS API key
Tell us about your use case and we'll follow up within one business day with an evaluation API key and setup instructions.
Already using MISP? The same data is available through the MISP enrichment module instead.
Ready to pivot on infrastructure?
Request a free evaluation API key and start querying passive DNS across the malware, C2 and ransomware infrastructure we track.