Obtain historic WHOIS data for a domain
- 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Obtain historic WHOIS data for a domain
- Updated on 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Historical WHOIS data can provide valuable information about the ownership and registration of domains and IP addresses associated with potential threats. For example, information such as the name and contact information of the domain owner can be used to verify the legitimacy of a website or to identify potential sources of phishing or malware distribution.
WHOIS data can be used to identify patterns and connections between different domains and IP addresses, as well as between different threat actors. By monitoring WHOIS data, security teams can detect and respond to changes that may indicate potential threats, such as the creation of new subdomains or changes to the IP addresses associated with a domain.
Silent Push provides organizations with a historic WHOIS lookup function that can be modified to return results based on sample intervals and changed records.
Navigate to
Advanced Query Builder > Xperimental Queries > Domain WHOIS HistorySpecify a
domain(Optional) Choose a
sample intervalto return one result from a sample period, if available:- Day
- Week
- Month
- Quarter
- Year
Select
changes_onlyto only show records that have at least one changeChoose the number of results to
limitClick
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.
Specify the query parameters
Click
Save QueryGive your query a
NameSpecify a
Descriptionto add more contextClick
Save
Was this article helpful?