Passive DNS Sources
PassiveTotal has partnered with multiple organizations to bring our user base the most comprehensive access to historical resolution information. The API Associations allow our users to pull in additional pDNS sources and provide for a globally diverse set of data and flexibility. Some of our sources are available to all users, while other require credentials. The below list provides detailed information about each of our sources:
DNSIQ™ - RiskIQ's DNSIQ™ services provide access to a pDNS repository which takes in 400 million unique records per day. To provide DNSIQ™, RiskIQ ingests records from a geographically dispersed sensor and partner network, providing our community and customers with one of the most comprehensive passive DNS data sources.
DNSRes - PassiveTotal's DNS Collection source.
Pingly - PassiveTotal's active resolver (Can be turned off)
Partner Data Sources
Kaspersky - pDNS data from their malware environment and active collection operations.
Mnemonic - Managed Security Service from Norway that provides an open source pDNS repository for the analyst community.
AlienVault - Passive DNS data partner. PT community users can activate this source to receive access to their pDNS data.
VirusTotal - Passive DNS provider based on malware execution and individuals searches in their UI.
360CN - Chinese AV company Qihoo 360. Requires user id and password from Qihoo to use this source.
Circl.lu - Computer Incident Response Center Luxembourg is a government driven incident response center which offers a passive DNS repository to the analysts community. Credentials are required to access this data set and can be requested via email at [email protected]
These providers offer paid access to Passive DNS and WHOIS information based on query volume. These services require credentials and a contract with the respective service provider
Farsight Security - Passive DNS provider
OpenDNS - Passive DNS Provider which allows customers to access their pDNS information alongside our additional data sources.