In Silent Push, the Domain Wide View is a powerful feature designed to provide comprehensive, raw insights into a domain and its entire subdomain ecosystem in a single, efficient query. This is especially useful when researching high-level or "top" domains (e.g., example.com) where you want to explore subdomains (e.g., blog.example.com, api.example.com) without the need for multiple separate searches. Instead of crafting individual queries for each subdomain, which can be time-consuming and inefficient, you can toggle the Domain Wide View option in the Total View's Basic Raw Data section. This aggregates and displays unprocessed data across the domain's full hierarchy, saving significant time and reducing API calls while revealing patterns, such as infrastructure changes or Dangling DNS risks, at scale.
Key Benefits
Efficiency for Subdomain Analysis: For top-level domains, enabling this view automatically pulls in subdomain data, including PADNS records and certificate details.
Raw, Unfiltered Data: Delivers the original output from Silent Push's collection processes, including timestamps, IP addresses, and record counts, without summarization.
Multi-Tab Breakdown: Organizes insights into dedicated tabs for focused analysis and review.
Note: Certain high-level domains, such as
gov.ukandnhs.uk,are classified as effective top-level domains (eTLDs) according to the Public Suffix List. These are not treated as standard domains in our system because they serve as registration points for subdomains (e.g.,essex.police.ukunderpolice.uk), which can be registered directly.
As a result:
Domain Wide View and subdomain finder may not display records directly at the eTLD level (e.g.,
gov.uk).To analyze subdomains, query one level deeper (e.g., police.uk for government services or
www.nhs.ukfor health sites). This treats it as a full domain, enabling subdomain expansion.You can still access PADNS via domain search at the eTLD level; however, for full hierarchy views and deeper queries, it is recommended.
Example from the Public Suffix List: Entries like *.gov.uk and nhs.uk confirm their eTLD status, allowing registrations like
mod.gov.ukdirectly undergov.uk.
This handling aligns with standard DNS practices but may feel counterintuitive for public-facing eTLDs. If you'd like to discuss adjustments for eTLD workflows, reach out to support.
The Basic Raw Data option in Total View provides this unprocessed, detailed information about a domain and its subdomains across multiple tabs, including PADNS, Web Search, Infrastructure Variance, and Certificates. This feature is crucial for users who need to analyze the original data collected by Silent Push, providing insights into DNS configurations, web content, and security details.
Basic Raw Data is the unfiltered, original output of Silent Push’s data collection, presenting details such as IP addresses, DNS records, scan results, and timestamps without summarization or interpretation.
Example: Basic Raw Data might show an A record for oldblog.example.com with 192.168.1.10 and a timestamp of 2025-09-01, or a certificate with a SHA1 hash and expiration date of 2025-12-01.
PADNS tab
Displays raw DNS records (A, AAAA, CNAME, MX, NS, SOA, TXT) for a domain and its subdomains.
Includes IP addresses, record counts, and timestamps. For instance, you might see an NS record for ns1.example.com with a TTL of 86400 seconds.
Check for inconsistencies, such as a Subdomain with an outdated A record (e.g., 2025-08-01), which may indicate a potential misconfiguration.
Infrastructure Variance tab
Provides raw data on how a domain’s infrastructure (ASNs, IPs, and nameservers) has evolved over time, accessible in the ASN, IP Diversity, and Name Server Changes sub-tabs.
Includes raw lists of historical ASNs (e.g., AS15169), IP addresses (e.g., 203.0.113.5), and nameserver shifts (e.g.,
ns1.example.comtons2.example.com) with timestamps (e.g., 2025-09-01 10:00 CDT).Analyze raw ASN data to detect a recent hop to an unexpected provider, such as a shift to AS207713 on 2025-09-02, indicating potential fast-flux activity.
Web Search tab
Provides raw data from web searches, including certificates, JARM fingerprints, favicon hashes, HTML content, and HTTP headers.
Shows unprocessed values like a Certificate’s Issuer Common Name (e.g., “Let’s Encrypt”) or a Header’s Server field (e.g., “Apache/2.4.41”).
For example, a favicon MD5 might be d41d8cd98f00b204e9800998ecf8427e.
Verify a suspicious HTML Body ssdeep Hash to detect phishing content that differs from expected patterns.
Dangling DNS tab
Highlights raw DNS data for subdomains at risk of takeover, focusing on record counts and details.
Includes raw counts of A, CNAME, or MX records for unclaimed subdomains, such as 0 A records for unused.example.com, signaling a vulnerability.
Investigate a subdomain with no active records in Raw Data to confirm a takeover risk as of [time] today.
Certificates tab
Presents raw certificate data associated with a domain or subdomain, including IP addresses, SHA1 hashes, and validity dates.
Displays unedited fields like Valid From (e.g., 2025-06-01) and Valid Until (e.g., 2025-12-01), or an Issuer Organization (e.g., “DigiCert Inc”).
Check Raw Data for an expired certificate (e.g., Valid Until < 2025-09-02) to identify a security gap.
Tips
Cross-Check Records: Use Basic Raw Data in PADNS to compare DNS record timestamps with the current date (2025-09-02) to spot outdated configurations.
Track Infrastructure: In Infrastructure Variance, use raw data to monitor ASN or IP changes, such as the addition of a new IP in IP Diversity, to assess trustworthiness.
Analyze Web Content: In Web Search, review raw HTML or Header data to detect anomalies, such as unexpected Server responses.
Identify Risks: In Dangling DNS, look for zero or missing records in Raw Data to flag takeover candidates.
Verify Certificates: In Certificates, ensure raw validity dates align with current security standards.