Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Actions Artifact Enrichment Exposed Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

Passive Dns

 

What It Looks Like

Get Passive DNS

Retrieves the passive DNS results from active account sources.

Parameters

Field Field Type Description
queryString the domain or IP being queried
start (optional)Datetime the start datetime
end (optional)Datetime the end datetime
timeout (optional)Number timeout to use for external resources
Default value:7

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/dns/passive?query=passivetotal.org'
# With start parameter
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/dns/passive?query=passivetotal.org&start=2017-04-01 00:00:00'
			

Sample Response

{
    "totalRecords": 200,
    "firstSeen": "2009-09-01 21:40:49",
    "lastSeen": "2017-04-11 22:42:20",
    "results": [
        {
            "firstSeen": "2011-03-08 07:38:51",
            "resolveType": "ip",
            "value": "passivetotal.org",
            "recordHash": "55e1cabe4667d8bdb6349f9bef7c9bb46e16d05662e535626d5662f2b02572b2",
            "lastSeen": "2011-03-08 07:38:51",
            "resolve": "52.8.192.151",
            "source": [
                "kaspersky"
            ],
            "recordType": "A",
            "collected": "2017-04-11 22:42:19"
        },
        ...
    ],
    "queryType": "domain",
    "pager": null,
    "queryValue": "passivetotal.org"
}
			 

Get Unique Passive DNS

Retrieves the unique passive DNS results from active account sources.

Parameters

Field Field Type Description
queryString the domain or IP being queried
start (optional)Datetime the start datetime
end (optional)Datetime the end datetime
timeout (optional)Number timeout to use for external resources
Default value:7

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/dns/passive/unique?query=passivetotal.org'
# With start parameter
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/dns/passive/unique?query=passivetotal.org&start=2017-04-01 00:00:00'
			

Sample Response

{
    "pager": null,
    "frequency": [
        ["52.8.192.151", 1],
        ...
        ["ns-1460.awsdns-54.org", 1]
    ],
    "total": 32,
    "queryValue": "passivetotal.org",
    "results": [
        "52.8.192.151",
        ...
        "ns-1460.awsdns-54.org"
    ],
    "queryType": "domain",
}
				

Search Passive DNS

Searches the Passive DNS data for a keyword query.

Parameters

Field Field Type Description
keywordString query

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/dns/search/keyword?query=passivetotal'
			

Sample Response

{
    "results": [
        {
            "fieldMatch": "domain",
            "focusPoint": "passivetotal.org",
            "matchType": "domain"
        },
        ...
        {
            "fieldMatch": "domain",
            "focusPoint": "passivetotal.readthedocs.org",
            "matchType": "domain"
        }
    ],
    "queryValue": "passivetotal"
}