Historical WHOIS data can provide valuable information about the ownership and registration of domains and IP addresses associated with potential threats. For example, information such as the name and contact information of the domain owner can be used to verify the legitimacy of a website or to identify potential sources of phishing or malware distribution.
WHOIS data can be used to identify patterns and connections between different domains and IP addresses, as well as between different threat actors. By monitoring WHOIS data, security teams can detect and respond to changes that may indicate potential threats, such as the creation of new subdomains or changes to the IP addresses associated with a domain.
Silent Push provides organizations with a historic WHOIS lookup function that can be modified to return results based on sample intervals and changed records.
-
Navigate to
Advanced Query Builder > Xperimental Queries > Domain WHOIS History
-
Specify a
domain
-
(Optional) Choose a
sample interval
to return one result from a sample period, if available:- Day
- Week
- Month
- Quarter
- Year
-
Select
changes_only
to only show records that have at least one change -
Choose the number of results to
limit
-
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder
, and store them in the Private Queries
menu for future analysis, or to share with their organization.
-
Specify the query parameters
-
Click
Save Query
-
Give your query a
Name
-
Specify a
Description
to add more context -
Click
Save