Obtain historic WHOIS data for a domain

  • Updated on May 16, 2023
  • Published on Apr 12, 2023
  • 1 minute(s) read
Prev Next

Historical WHOIS data can provide valuable information about the ownership and registration of domains and IP addresses associated with potential threats. For example, information such as the name and contact information of the domain owner can be used to verify the legitimacy of a website or to identify potential sources of phishing or malware distribution.

WHOIS data can be used to identify patterns and connections between different domains and IP addresses, as well as between different threat actors. By monitoring WHOIS data, security teams can detect and respond to changes that may indicate potential threats, such as the creation of new subdomains or changes to the IP addresses associated with a domain.

Silent Push provides organizations with a historic WHOIS lookup function that can be modified to return results based on sample intervals and changed records.

  1. Navigate to Advanced Query Builder > Xperimental Queries > Domain WHOIS History

  2. Specify a domain

  3. (Optional) Choose a sample interval to return one result from a sample period, if available:

    1. Day
    2. Week
    3. Month
    4. Quarter
    5. Year

  4. Select changes_only to only show records that have at least one change

  5. Choose the number of results to limit

  6. Click Search

Saving queries

Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

  1. Specify the query parameters

  2. Click Save Query

  3. Give your query a Name

  4. Specify a Description to add more context

  5. Click Save