A wildcard subdomain, such as *.test.com, catches all unresolved queries under your apex domain. While convenient, it can also mask shadow IT, increase takeover risks, or hide malicious activity. The Subdomains view in Total View gives you complete visibility into every discovered subdomain — including wildcards — at massive scale.

Why Subdomains Matter
Subdomains dramatically expand the attack surface
Attackers register lookalikes, abuse wildcards, or hijack forgotten subdomains
Large enterprise domains like paypal.com can have thousands of active subdomains
Sudden spikes in new subdomains often signal reconnaissance or compromise
Key Features in the Updated View
Domain Wide View toggle – expands discovery across the entire domain hierarchy
Clear display of total subdomain count and associated A records
Basic Raw Data button for unfiltered details, including TTLs and raw resolutions
Sortable table with First Seen and Last Seen timestamps
Color-coded indicators and hover tooltips for quick context
Bulk actions: Select All, Download CSV, Monitor, Save To
How It Works
Silent Push continuously aggregates subdomain data from global passive DNS sources. The view is tightly integrated with PADNS, allowing one-click pivots from any subdomain to its full resolution history.
Wildcards are automatically flagged, and Domain Wide View helps reveal hidden or dynamically resolved subdomains that would otherwise stay invisible.
How to Use Subdomains View
Search a domain (e.g.
paypal.com) in Total ViewClick the Subdomains tab (shows count like 1795)
Toggle Domain Wide View to include full hierarchy
Use filters, Basic Raw Data, or Clear Filters as needed
Click any subdomain to pivot to PADNS, Infrastructure Variance, or Threat Feeds
Real-World Example: paypal.com
The updated interface shows 1,795 subdomains. Examples include long hashed subdomains such as:
0cd20b6fe61233e4a24bf70f30c9ba46.paypal.com
Each entry displays precise First Seen and Last Seen dates, making it easy to track infrastructure changes and detect anomalies.
Use Cases
Detect shadow IT and forgotten assets at scale
Identify wildcard abuse and potential subdomain takeovers
Correlate subdomains with PADNS data to trace resolutions to suspicious IPs
Support compliance audits and attack surface management
Set up real-time Monitor alerts for new or changed subdomains
Available in both Community and Enterprise editions.
The refreshed Subdomains view turns a traditionally hard-to-manage problem into a clear, actionable intelligence layer — essential for modern threat hunting and attack surface reduction.