Silent Push helps track changes to nameservers to detect malicious domain hopping or inadequate security practices. This query combines scans and searches for comprehensive monitoring.
Scan for Nameserver Changes: Identifies all changes to a domain’s nameservers, offering summarized results or detailed views.
Search for Nameserver Changes: Targets specific changes within a time window, including registrar and WHOIS filters.
Scan and search for Nameserver Changes
From the left navigation menu, select Advanced Query Builder > Domain Queries > Nameserver Changes.
Specify a domain.
(Optional) Click Summary to return summarized results.
(Optional) Click Explore Table View to visualize results and look up passive DNS data.
(Optional) For a targeted search, select Search Nameserver Changes.
Specify nameservers in the from_ns and to_ns fields.
(Optional) Specify a date in change_date_before or change_date_after (defaults to the last 30 days).
(Optional) Check ns_changes_only to focus on nameserver data.
(Optional) Specify whois_date_before, whois_date_after, registrar, or email for WHOIS filters.
(Optional) Adjust the sorting order or set a limit and skip to control results.
Click Search.
Save Query
Specify query parameters.
Click Save Query.
Provide a Name and Description for context.
Click Save. The query appears in Private Queries.
This pinpoints shifts in threat actor infrastructure, reducing attack windows.