Total View equips cybersecurity professionals with a centralized platform to analyze domains and IPv4 addresses using multiple query tabs. Integrating DNS, web content, and threat intelligence, it supports proactive threat hunting and brand protection. This guide details available tabs, including the Expanded and Domain Wide View sections, and explains URL usage, provides use cases, and offers tips.
Domain Total View
Total View’s query tabs, organized into an Expanded section for deeper data analysis and a Domain Wide View for subdomain insights, provide detailed domain intelligence. Below are the tabs, their functions, and access levels.
Tab | Description | How to use | Why it matters | Access |
|---|---|---|---|---|
PADNS | Lists DNS records (A, AAAA, CNAME, NS, MX, SOA, TXT) with pivotable data. | Click blue data points (e.g., IPs) for lookups. | Identifies unauthorized records used in spoofing. | All users |
Infrastructure Variance | Tracks ASN, IP, and nameserver changes with reputation scores. | Review NS Entropy to spot anomalies. | Detects infrastructure shifts in phishing campaigns. | All users |
Displays web content (e.g., favicon, response code) via (origin_hostname = [domain] AND hostname = [domain]). | Pivot on ssl.issuer.organization for certificate analysis. | Detects phishing sites mimicking your brand. | All users | |
Shows historical registrar and creation date data. | Analyze timeline for suspicious changes. | Flags typosquats or recently registered domains. | All users | |
Threat Feed | Displays historical and live threat feed data, including IOFA presence. | Check listings to prioritize investigations (paid users only). | Confirms links to known malicious campaigns. | Paid users |
Screenshots | Provides a timeline of screenshots with metadata. | Review for phishing or spoofed content. | Visual confirmation of malicious activity. | All users |
Compares domain attributes with threat feed data for similarity. | Identify related malicious domains (paid users only). | Uncovers typosquats or lookalike domains. | Paid users | |
Dangling DNS | Lists dangling records with two queries: Record Counts and Record Details. | Use Record Counts to identify vulnerabilities; pivot to Details (paid users only). | Mitigates subdomain takeover risks. | Record Counts: All users; |
Subdomains | Lists subdomains with first/last seen dates and risk scores. | Set up 24-hour monitoring via Monitor | Detects unauthorized subdomains. | All users |
Certificates | Shows active/expired certificates and issuers. | Pivot to detect fake certificates. | Prevents certificate-based impersonation. | All users |
Expanded section
The Expanded section beneath Highlights offers a deeper dive into data sources, accessible via the tabs above.
For Community users, focus on PADNS, Web Scanner, WHOIS, Screenshots, Subdomains, and Certificates.
Paid users unlock Threat Feeds, Context Similarity, and Dangling DNS Details for advanced analysis.
Navigate to each tab, pivot on data points (e.g., IPs, hostnames), and export results for further investigation.
Domain Wide View
Activate Domain Wide View to explore DNS records, Web Scanner data, and Screenshots for an APEX domain’s subdomains. Available tabs include:
PADNS: View subdomain DNS records (all users).
Web Scanner: Access subdomain web content (all users).
Screenshots: Review subdomain screenshots (all users).
Subdomains: Analyze historical subdomains and pivot to details (all users). How to Use: From the Total View page, select Include in the relevant tab to enable Domain Wide View.
Note: Some advanced tabs (e.g., Threat Feeds) are restricted to paid users.
IP Total View
For IPv4 addresses, Total View offers tailored tabs.
Tab | Description | How to use | Why it matters | Access |
|---|---|---|---|---|
PADNS | Lists DNS records linked to the IP. | Pivot on hostnames or ASNs. | Maps IP-to-domain relationships. | All users |
IP Infrastructure | Shows ASN, subnet, and reputation data. | Review 30-day graphs for trends. | Identifies malicious or low-reputation ASNs. | All users |
Web Scanner | Displays web content via (origin_hostname = [IP] AND hostname = [IP]). | Analyze header.server for malicious servers. | Spots IPs hosting phishing sites. | All users |
Threat Feeds | Displays historical and live threat feed data. | Check for sinkhole/proxy tags (paid users only). | Confirms IP involvement in campaigns. | Paid users |
IP Context: Tags IPs as VPNs or proxies (available for all users), aiding incident response.
Use Total View for URLs
For URLs, Total View analyzes the base component:
Domain-based URL (e.g., https://example.com/path): Returns domain tabs.
IP-based URL (e.g., https://192.168.1.1/path): Returns IP tabs.
Enter the URL and then click Total View.
Review relevant Highlights and tabs based on the base observable.
Main Use Cases and Examples
Brand Impersonation Detection:
Scenario: A retailer suspects a typosquatted domain.
Action: Utilize Subdomains and Web Scanner (for all users) to identify risks, and add Context Similarity (for paid users) for more in-depth analysis.
Subdomain Takeover Prevention:
Scenario: An unclaimed subdomain is detected.
Action: Utilize Dangling DNS Record Counts (all users) to identify vulnerabilities, then pivot to Details (paid users) for resolution.
Phishing and Malware Triage:
Scenario: An IP is flagged.
Action: Use Web Scanner and Screenshots (all users); add Threat Feeds (paid users) for confirmation.
Credential Stuffing Defense:
Scenario: Suspicious login attempts from an IP.
Action: Use IP Context (all users) to filter proxies.
Tips for Using Total View
Pivot Efficiently: Click blue data points for lookups (all users).
Monitor Subdomains: Set up 24-hour alerts via Monitor (all users).
Leverage Domain Wide View: Include subdomain data for comprehensive analysis (all users).
Upgrade for Depth: Access Threat Feeds and Content Similarity for advanced threat intelligence (paid users).
Integrate Workflows: Use Copy API URL with SIEM platforms (all users).
Manage Results
Download Data: Use Basic Raw Data or Export (all users).
Save Queries: Store results in Feeds or Collections (all users).
Clear Filters: Reset for full visibility (all users).