- 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Obtain historic WHOIS data for a domain
- Updated on 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Historical WHOIS data can provide valuable information about the ownership and registration of domains and IP addresses associated with potential threats. For example, information such as the name and contact information of the domain owner can be used to verify the legitimacy of a website or to identify potential sources of phishing or malware distribution.
WHOIS data can be used to identify patterns and connections between different domains and IP addresses, as well as between different threat actors. By monitoring WHOIS data, security teams can detect and respond to changes that may indicate potential threats, such as the creation of new subdomains or changes to the IP addresses associated with a domain.
Silent Push provides organizations with a historic WHOIS lookup function that can be modified to return results based on sample intervals and changed records.
Navigate to
Advanced Query Builder > Xperimental Queries > Domain WHOIS History
Specify a
domain
(Optional) Choose a
sample interval
to return one result from a sample period, if available:- Day
- Week
- Month
- Quarter
- Year
Select
changes_only
to only show records that have at least one changeChoose the number of results to
limit
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder
, and store them in the Private Queries
menu for future analysis, or to share with their organization.
Specify the query parameters
Click
Save Query
Give your query a
Name
Specify a
Description
to add more contextClick
Save