The investigate-ui Developer Hub

Welcome to the investigate-ui developer hub. You'll find comprehensive guides and documentation to help you start working with investigate-ui as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Passive DNS

We keep track of the DNS requests our resolvers process and our Umbrella categorization changes by using our own passive DNS database. Our passive DNS data enhances Investigate by providing up to four years of history for you to work with.

About Passive DNS

Passive DNS is a way of storing DNS resolution data, so that you can reference past DNS record values to uncover potential security incidents or discover malicious infrastructures.

For example, when a DNS record changes, the previous value is gone. Without passive DNS, it can be difficult to find out what a malicious site's DNS records were in the past.

Passive DNS helps you find patterns and use predictive analysis to uncover attacks. At a glance, you can discover useful information about a domain. For example, you can see the date that a domain's A record changed: what it was before, and what it is now. Unlike querying live records, you avoid alerting bad actors to your investigation.

How Our Passive DNS Is Different

As we operate our own resolvers, we have a unique perspective of the internet. On average, we process over 150 billion DNS requests every day. See our System Status page to view our total activity graph. Our large repository of passive DNS history enriches our service.

We store the usual passive DNS data, such as DNS records and domain changes. We also store our security assessments and DNS query volumes so that you can see how security risks for domains change over time.


Getting Started < Passive DNS > Investigate Views

Passive DNS


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.