Data Sets

Articles

Overview
PassiveTotal centralizes numerous data sets into a single platform, making it easier for our community and customers to conduct infrastructure analysis. Our primary focus is to provide as much data as possible about Internet infrastructure. Res...
PDNS
Passive DNS Simply put, passive DNS is a system of record that stores DNS resolution data for a given location, record and time period. To best understand passive DNS, one must first understand how DNS works and the value it brings to Internet user...
Whois
Whois Thousands of times a day, domains are bought and/or transferred between individuals. The process to make all of this happen is easy and only takes a few minutes and roughly $7 depending on the registrar provider. Beyond payment details, you m...
SSL Certificates
SSL Certificates When browsing the web, SSL certificates are every where. You may only associate them as the small locks inside of your browser bar, but beyond securing your data, certificates are a great way for analysts to connect disparate netwo...
Malware (Hashes)
Malware (Hashes) PassiveTotal partners with a number of commercial and open source repositories of malware data in order to pair it with queried infrastructure. This data helps analysts understand actor capabilities, intent and motives of an att...
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT) Open source intelligence (OSINT) is reporting, both short and long-form, developed by individuals and companies outlining specific threats, methodologies or actors. Data from the OSINT repository is public and fr...
Trackers
Trackers are unique codes or values found within web pages and often are used to track user interaction. These codes can be used to correlate a disparate group of websites to a central entity. PassiveTotal's tracker dataset includes IDs from ...
Host Pairs
Host pairs are two pieces of infrastructure (a parent and a child) that shared a connection observed from a RiskIQ web crawl. The connection could range from a top-level redirect (HTTP 302) to something more complex like an iframe or script sourc...
Web Components
Web components are details describing a web page or server infrastructure gleaned from performing a web crawl using RiskIQ technology. These components provide analysts with a high-level understanding of what was used to host the page and what te...
DNS
Historically, PassiveTotal has focused on displaying “A” records, which dictate the IP address a given domain should resolve to when querying DNS. These records are immensely useful but are only one of the types of DNS record that can...
Cookies
Cookies are small pieces of data passed from the server to the client browser. Cookies will typically be used for state or tracking purposes. RiskIQ collects this data set through our virtual users––advanced web crawlers––...
Subdomains
An internet domain which is part of a primary domain. Subdomains are also referred to as “hosts.” As an example, “play.google.com” is a subdomain of “google.com”. For every subdomain, there could be a new set o...