Platform

Passive DNS

The best active and passive DNS data sets anywhere

Request a DemoWatch the Demo

Add Passive DNS to Iris Investigate and Take Your Investigations to the Next Level

DomainTools incorporates world-class passive DNS data from its Farsight division as well as several other top-tier providers to integrate passive DNS data into Iris Investigate. Complementing the active DNS resolutions performed by DomainTools, passive DNS providers capture domain-to-IP mappings observed “in the wild” across the globe. Many of the world’s most advanced security teams rely daily on passive DNS to support their threat hunting, incident response, and adversary analysis activities. Armed with such data, analysts can learn many valuable things:

  • What are all of the domains observed on a given IP address?
  • What are the IP addresses that a given domain uses, or has used?
  • When did DNS requests for a given domain first appear?
  • What are the subdomains tied to a given domain, or observed on a given IP address?

How does passive DNS advance cyber threat investigations?

It provides fine-grained correlation of the timing of events such as attacks or breaches with domain and hostname resolutions for malicious infrastructure.

  • It provides evidence of unusual DNS behavior such as fast-flux configurations.
  • It provides comprehensive context on IP addresses by showing what domains are currently, or were previously, hosted on them. This can help an analyst determine whether an IP is part of a given adversary’s infrastructure.
  • It can also help the analyst decide whether the IP warrants blocking.
  • It gives the analyst insight into the nature of a domain by exposing subdomains. For example, DomainTools has observed that subdomains such as “account,” “login,” “download,” and others, may appear more frequently in malicious domains than in neutral ones.

How does passive DNS advance cyber threat investigations?

Contact [email protected] to add this premium feature to your Iris Investigate subscription.

Confidence in the Data

The most trusted online infrastructure data. Anywhere.

Timely

Near real-time risk scoring on all newly registered and discovered domains

Comprehensive

>97% of currently registered domains

Connected

Sophisticated associations across datasets to accelerate action.

Related Iris Investigat Support & Learning

A selection of documents and materials related to DomainTools industry topics.

Indicators Over Cocktails

Join Tim Helming for a recurring series of fun, informal demonstrations of Domain Tools products and features, with a different featured beverage each episode. You can expect an investigation of timely, interesting indicators that expose relevant and often stillemerging adversary infrastructure.

Related Products

Our security products can help you find out if a domain name is risky, who’s behind it, and what other cyber-assets are associated with it.

Iris Platform

See the full Iris Platform, powered by the gold standard in Internet intelligence

  • Detect
  • Investigate
Learn More

Farsight DNSDB

Plug into the world’s largest passive DNS intelligence solution.

Learn More

Threat Intelligence Feeds

Quickly predict the associated risk and threats of a domain or IP address.

Learn More

API Documentation

API access to data sets for flexible use in commercial and home-grown tools.

Learn More

Enterprise Membership Packages

Enterprise members get interactive access to premium research tools and unrivaled data.

See Package Details
DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2024 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap