Historic WHOIS data can provide valuable information about the ownership and registration of domains and IP addresses associated with potential threats. For example, information such as the name and contact information of the domain owner can be used to verify the legitimacy of a website or to identify potential sources of phishing or malware distribution.
WHOIS data can be used to identify patterns and connections between different domains and IP addresses, as well as between different threat actors.
By monitoring WHOIS data, security teams can detect and respond to changes that may indicate potential threats, such as the creation of new subdomains or changes to the IP addresses associated with a domain.
Silent Push allows you to scan for previously collected WHOIS information for visible domains, including (but not limited to):
- Nameserver information
- Address
- Registered emails
-
Navigate to
Advanced Query Builder > Domain Queries > whois information -
Specify a
domain -
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.
-
Specify the query parameters
-
Click
Save Query -
Give your query a
Name -
Specify a
Descriptionto add more context -
Click
Save