RECON
Supercharge your Cyber Investigations
Introduction
Global Threat Intelligence
ZeroGuard’s groundbreaking threat hunting tools enable your company to protect and harden its infrastructure - all from a single portal! Our clients possess the ability to automate threat detection and accelerate investigation with a mere click. Using the powerful combination of public threat intelligence feeds as well as our proprietary intelligence databases, you’ll be able to identify, eliminate and quarantine threats efficiently from your personal ZeroGuard dashboard.
DNS Intelligence
Powerful data for discovery and attribution
Using our DNS traffic aggregation methods - which have amassed hundreds of TBs of data - we scan and analyze traffic to detect anomalies which are then used to classify potential DNS attacks. By using a blend of advanced machine learning and correlation techniques, our available intelligence can aid in detecting attacks such as DNS Cache Poisoning, DNS Spoofing, Reflection and DNS Amplification.
Reverse DNS
Our IP address search will quickly correlate domains, providing you with a broad perspective into an IP address’s history.
Forward DNS
Seamlessly establish a domain’s IP address by utilizing our Forward DNS search.
DKIM/DMARC Records
Verify that the contents or headers of an email message haven’t been tampered with, and that email sender is actually the owner of the domain that has the DKIM record attached to it.
Threat Intelligence
Detect and identify digital threats
Detect abusive domains and IPs, matching them against hundreds of public and private reputation feeds. Our platform provides all the best goodies such as advanced search, correlation, etc. right in the web portal and it is capable of delivering threat intelligence directly to your corporate security gateway or firewall.
ZeroGuard’s proprietary technology was developed for use in red teaming, threat hunting and incident response engagements. It provides valuable visibility and event correlation across your entire security environment, thus determining the potential impact of a threat and reducing both detection time and response effort.
Honeypots
ZeroGuard engages and deceives hackers, which helps us identify malicious actors and nasty behaviours.
IP Reputation
Confidently determine whether a particular IP address is or was used by any bad actors to spread malware, take part in DDOS attacks, send spam, attempt ransomware, etc.
Command & Control
Detect and block known command & control hosts, ensuring your servers won’t get infected and become part of a botnet.
Malware
Cross referencing with our threat intel databases, we flag, identify and quarantine various spyware, Trojan Horses, worms and viruses.
Domain Intelligence
Rich data for over 350 million domains
ZeroGuard has successfully collected over 5 billion data points across 355 million domains. With a blend of Historic Whois and a continuously updated assemblage, we aim to provide complete domain oversight, giving you access to records which may have been previously buried beneath privacy shields.
Root Zone Records
We provide detailed information on almost all existing domains, from the highest level of the DNS (Domain Name System) hierarchy all the way down to the smallest registrars.
Historic Whois
View full data of existing and expired domains, complete with pivot points and historical mapping, thus allowing accurate correlation, detection and attribution for both new and existing domains.
Domain Reputation
Change IPs, send email from different providers and be confident that future IP addresses provided by third-party partners will not damage your established and valuable domain/brand reputation.
Powerful CLI tools
Never leave your favourite terminal!
Tired of crafting cURL requests that are 10 lines long, just to get the information you need on the fly? We got you covered. ZeroGuard offers a full-fledged CLI tool which exposes all the functionality provided by our API, including multiple machine readable and human friendly output formats. So you can either pipe into infinity and beyond or just manually inspect the output. The choice is yours.
┌ Domain: 0-1320feet.com
│
├── Module: Forward DNS
│ ├── Status: NOERROR
│ └── A Record: 81.17.18.194
│
├── Module: WHOIS
│ ├── Registrar WHOIS Server: whois.godaddy.com
│ ├── Registrar URL: http://www.godaddy.com
│ ├── Creation Date: 2019-11-04T19:08:08Z
│ ├── Registrar: GoDaddy.com, LLC
│ ├── Registrant Name: Registration Private
│ ├── Registrant Organization: Domains By Proxy, LLC
│ ├── Registrant Country: US
│ ├── Registrant Email: [email protected]
│ ├── Name Server: ns1.namedynamics.net
│ └── DNSSEC: Unsigned
│
├── Module: Threat Intelligence
│ ├── Domain Reputation: Unknown
│ ├── IP Location: Switzerland
│ ├── IP Reputation: Neutral
│ └── IP Blacklisted: No
│
├── Module: SSL Transparency Logs
│ └── Status: No SSL certificate found
│
├ Domain: 00008k.com
│
├── Module: Forward DNS
│ ├── Status: NOERROR
│ ├── A Record: 209.141.38.71
│ ├── A Record: 192.161.187.200
│ └── A Record: 107.161.23.204
│
├── Module: WHOIS
│
... results trunctuated ...
Contact Us
Let’s get talking
Prefer to use email?
[email protected]Got a security vulnerability to report?
[email protected]Or you can call us:
