Silent Push helps track nameserver changes to detect malicious domain hopping or inadequate security practices. This query combines scans and searches for comprehensive monitoring.
Scan for Nameserver Changes: Identifies all changes to a domain’s nameservers, offering summarized results or detailed views.
Search for Nameserver Changes: Targets specific changes within a time window, including registrar and WHOIS filters.
Scan and Search for Nameserver Changes
Navigate to Advanced Query Builder > Domain Queries > Nameserver Changes.
Specify a domain.
(Optional) Click Summary to return summarized results.
(Optional) Click Explore Table View to visualize results and look up passive DNS data.
(Optional) For targeted search, select Search Nameserver Changes.
Specify nameservers in from_ns and to_ns fields.
(Optional) Specify a date in change_date_before or change_date_after (defaults to the last 30 days).
(Optional) Check ns_changes_only to focus on nameserver data.
(Optional) Specify whois_date_before, whois_date_after, registrar, or email for WHOIS filters.
(Optional) Adjust order for sorting or set limit and skip for result control.
Click Search.
Save Queries
Organizational users can save queries for future use or sharing.
Specify query parameters.
Click Save Query.
Provide a Name and Description for context.
Click Save. The query appears in Private Queries.
This pinpoints threat actor infrastructure shifts, reducing attack windows.