Heatmap

The PassiveTotal heatmap visualizes the last 6 months of passive DNS resolution information into an easily consumable graphic that allows analysts to make sift through large amounts of data quickly and improve assessments of suspicious indicators.

In the heatmap above each box represents a single day in the sixth month resolution period. The heatmap uses colors, symbols, and numbers to bring context to passive DNS data

Heatmap Colors & Icons

There are two types of heatmaps generated in PassiveTotal; one of IP addresses and one for domains

Domain Heatmap Colors

• Blue - Represents a domain resolving to an publicly routable IP address

• Tan - Represents a domain resolving to a non- publicly routable such as local host (127.0.0.1)

• Green - Indicates that PassiveTotal has observed the domain resolving to both publicly and non-publicly routable IP space on the same day.

IP Heatmap Colors

• Blue - Represents dynamic DNS domains resolving to an IP address. These domains are free third level domains offered by companies such as NoIP and ChangeIP which do not require registering a domain through the normal WHOIS process.

• Tan - Represents domains resolving to and IP address which have gone through the normal registrations process and would possibly have useful WHOIS information that can be used as an investigative lead.

• Green - Represents both registered and dynamic DNS domains resolving to and IP address on the same day.

Symbols

• Orange flags - represent the first time a resolution has been seen in passive DNS records.

• Rounded squares - provide visual representation for the first and last days of a month

• Numbers - Represent the amount of domains or IP addresses that resolved on a given day over the past 6 month period.