Domain Wide View

New
  • Published on Sep 10, 2025
  • 2 minute(s) read
Prev Next

In Total View’s Domain-Wide View, the Basic Raw Data option or display provides unprocessed, detailed information about a domain and its subdomains across multiple tabs, including PADNS, Web Search, Dangling DNS, and Certificates. This feature is crucial for users who need to analyze the original data collected by Silent Push, providing insights into DNS configurations, web content, and security details.

Basic Raw Data is the unfiltered, original output of Silent Push’s data collection, presenting details such as IP addresses, DNS records, scan results, and timestamps without summarization or interpretation.

It enables the verification of configurations, detection of anomalies, and deeper investigation by providing the exact data as received, making it valuable for troubleshooting and security analysis as of September 2, 2025.

Example: Basic Raw Data might show an A record for oldblog.example.com with 192.168.1.10 and a timestamp of 2025-09-01, or a certificate with a SHA1 hash and expiration date of 2025-12-01.

PADNS tab

  • Displays raw DNS records (A, AAAA, CNAME, MX, NS, SOA, TXT) for a domain and its subdomains.

  • Includes IP addresses, record counts, and timestamps. For instance, you might see an NS record for ns1.example.com with a TTL of 86400 seconds.

  • Check for inconsistencies, like a subdomain with an outdated A record (e.g., 2025-08-01), indicating a potential misconfiguration.

Infrastructure Variance tab

  • Offers raw data on how a domain’s infrastructure (ASNs, IPs, and nameservers) has changed over time, available in the ASN, IP Diversity, and Name Server Changes sub-tabs.

  • Includes raw lists of historical ASNs (e.g., AS15169), IP addresses (e.g., 203.0.113.5), and nameserver shifts (e.g., ns1.example.com to ns2.example.com) with timestamps (e.g., 2025-09-01 10:00 CDT).

  • Analyze raw ASN data to detect a recent hop to an unexpected provider, such as a shift to AS207713 on 2025-09-02, indicating potential fast-flux activity.

Web Search tab

  • Provides raw data from web scans, including certificates, JARM fingerprints, favicon hashes, HTML content, and HTTP headers.

  • Shows unprocessed values like a Certificate’s Issuer Common Name (e.g., “Let’s Encrypt”) or a Header’s Server field (e.g., “Apache/2.4.41”). For example, a Favicon md5 might be d41d8cd98f00b204e9800998ecf8427e.

  • Verify a suspicious HTML Body ssdeep hash to detect phishing content that differs from expected patterns.

Dangling DNS tab

  • Highlights raw DNS data for subdomains at risk of takeover, focusing on record counts and details.

  • Includes raw counts of A, CNAME, or MX records for unclaimed subdomains, such as 0 A records for unused.example.com, signaling a vulnerability.

  • Investigate a subdomain with no active records in Raw Data to confirm a takeover risk as of [time] today.

Certificates tab

  • Presents raw certificate data associated with a domain or subdomain, including IP addresses, SHA1 hashes, and validity dates.

  • Displays unedited fields like Valid From (e.g., 2025-06-01) and Valid Until (e.g., 2025-12-01), or an Issuer Organization (e.g., “DigiCert Inc”).

  • Check Raw Data for an expired certificate (e.g., Valid Until < 2025-09-02) to identify a security gap.

Tips

  • Cross-Check Records: Use Basic Raw Data in PADNS to compare DNS record timestamps with the current date (2025-09-02) to spot outdated configurations.

  • Track Infrastructure: In Infrastructure Variance, use raw data to monitor ASN or IP changes, such as a new IP in IP Diversity, to assess trustworthiness.

  • Analyze Web Content: In Web Search, review raw HTML or Header data to detect anomalies like unexpected Server responses.

  • Identify Risks: In Dangling DNS, look for zero or missing records in Raw Data to flag takeover candidates.

  • Verify Certificates: In Certificates, ensure raw validity dates align with current security standards.