--- title: "Get Started with Total View" slug: "get-started-with-total-view" tags: ["Cyber Threat Intelligence", "Domain Security", "Risk Assessment", "Threat Feeds", "Website Monitoring"] updated: 2026-01-26T14:09:25Z published: 2026-01-09T18:43:45Z canonical: "help.silentpush.com/get-started-with-total-view" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # Get Started with Total View Silent Push is a powerful cyber threat intelligence platform designed to help organizations like yours proactively spot potential security risks in your online presence. Think of it as a “detective tool” for your domain: it scans for things like suspicious changes to your website’s underlying setup (DNS records, server details), impersonation attempts by bad actors, or signs of compromise before they turn into real problems. It pulls in data from public sources, including WHOIS (domain ownership information), DNS (how your site resolves online), web searches (checking your site's content and headers), and threat feeds (fingerprints of known bad actors). The example domain `parking-pcnqnzn.top` triggered an automated, real-time analysis; no manual **scan/search button** was needed beyond that initial input. The displayed screen is the **overview dashboard** of your scan results. It's like the executive summary of your domain's **health check**. This one raises some red flags immediately (high risk scores, threat feed matches), making it a great example of Silent Push catching potential issues early. [Total View.mov](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Total%20View.mov) ## Get Oriented in Total View This is your [**command center**](/v1/docs/highlights-breakdown-of-key-metrics). Here, you can immediately see anything that could indicate risks, such as unauthorized changes, phishing lookalikes, or exposure to attackers. ![](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2025-11-04 at 8.26.33 AM.png) - **Top Section (Quick Scores)**: - **Reputation (circle gauge)**: This example is **High** (100/100, red. This is concerning news, indicating a strong connection to known threats, such as spam or malware campaigns. - **Age/Score**: Age is **Low** (0—very new domain, often a phishing red flag). The overall threat score is **High** (25), which means it should be prioritized. - [**Flags Detected**](/v1/docs/understand-and-present-flags): Multiple, including Part of Threat Feed and Part of IOFA (Indicators of Fraudulent Activity) Feed. - [**WHOIS Info (Center of the screen)**](/v1/docs/highlights-breakdown-of-key-metrics#data-points): This example is blank, with no registrar or creation date shown. This is suspicious for a legit site. This could involve hiding one’s identity or employing evasion tactics. - **Graphs & Highlights**: - The radar chart (left) shows DNS record types (e.g., A, AAAA). The `parking-pcnqnzn.top` domain is heavily weighted in A/AAAA (8 each), with lighter allocations elsewhere. This is imbalanced, possibly for quick redirects. - Scan date (2025-11-03), the Cloudflare title, which is either generic or masked, the Cloudflare header server commonly used for hiding, no redirects, and no Favicon or screenshot are additional evasion signs. - There is high diversity (ASN: 1, IP: 8, NS Changes: 0) spread across networks, which can indicate a botnet-like setup. - **Bottom Table (Basic Raw Data)**: Lists the DNS answers (the IP addresses your domain points to). - > [!TIP] > **Tip**: Hover over flags like **Smishing Triad - Lucid Domains** (under Threat Intelligence) to link to phishing/smishing kits. Your search is live, so it updates in real-time. ## Three Views to Start With Now that you've got the overview, zoom in on potential risks. Silent Push excels at identifying forward indicators (early signs of attacks), so focus on threats first, then on infrastructure. From your screen: 1. Click **Threat Feeds**. Look for indicators of compromise (IOCs), such as suspicious IP addresses, and tags (e.g., smishing-triad, phishing-kit). Export for reporting. Matches here confirm high risk. Drill into timestamps/context for evidence. This is the red alert search. It cross-references your domain against global threat databases. The example above addresses Smishing Triad (SMS phishing campaigns) and IOFA™, tied to Silent Push. This will quickly tell you whether it's malicious (it is). 2. [**WHOIS**](/v1/docs/whois-tab)**(Bottom Row) or WHOIS Data (Left Menu).**Ownership gaps can signal hijacks. This expands the blank snippet in **Total View—Hunt** for registrant details or updates. The example lacks basics, so compare it****to the expected (if any). No data = major red flag (this can signal evasion). Watch for foreign/anonymous proxies. 3. [**PADNS**](/v1/docs/domain-wide-view-extend-enrichments-to-subdomains)**(Bottom Row)** **or** **DNS Data (Left Menu).**DNS changes the signal compromise (e.g., poisoned records for phishing). Click **DNS Data** (left) for a full breakdown, or **PADNS** (bottom, which displays 20 records) for historical views. Look for unstable IPs (the example is spread across 8). Check for the Dangling DNS tab nearby. If ASN Diversity is low but IP is high, it is a potential opportunity for kit hosting. ## Ongoing Protection - **Set Up a**[**Monitor**](/v1/docs/monitoring)**(Left Menu: Monitors)**: Click to track changes (e.g., new IPs). You will receive alerts via email. - [**Export Data**](/v1/docs/data-exports)**(Left Menu: Data Export)**: Download CSV/PDF of flags/tags to share with your security teams. - Use **Query History** (left) to revisit, or the [**Advanced Query Builder**](/v1/docs/advanced-query-builder) for custom queries (e.g., similar domains to `parking-pcnqnzn.top`). > [!NOTE] > Tips > > - Don't ignore high scores; report them (e.g., to [abuse@cloudflare.com](http://abuse@cloudflare.com)). > - New/low-age domains like this are prime phishing bait; legit ones build history. > - This isn't a **firewall**; it's intel. Pair with basics like domain locks and multi-factor authentication. > - [Response times](/v1/docs/why-total-view-queries-take-a-bit-longer) with Total View can take longer than expected. Don’t cancel them. A small icon or image associated with a website, typically displayed in browser tabs or bookmarks, used in threat intelligence to identify potential spoofing or phishing by analyzing its unique characteristics or hash. Autonomous System Number, a unique numeric identifier assigned to an Autonomous System (AS) for managing IP address routing within and between networks on the internet Unprocessed query results in JSON format, containing detailed threat intelligence data for further analysis or integration. Unresolved or misconfigured DNS records that can be exploited by attackers to redirect traffic or host malicious content. A metric indicating how frequently the IP addresses hosting a domain switch between different Autonomous System Numbers (ASNs) over the past 30 days, often used to detect suspicious domain behavior.