Get WHOIS history for a domain

  • Published on Apr 2, 2024
  • 1 minute(s) read

Silent Push allows users to obtain a graphical representation of WHOIS record changes for any given domain, within a set time period.

Security teams are able to use the WHOIS History query to vizualise a domain's movement across the IP space, and track it's association with malicious infrastructure.

Obtain a WHOIS history

  1. Navigate to Explore DNS Data > WHOIS History

  2. Specify a Domain

  3. Use the Collected Before and Collected After fields to establish a timeline

  4. Click Search

Working with WHOIS results

Once you've generated a set of results, the following fields are used to give a general overview:

  1. WHOIS Record First Created
  2. Latest SOA Record
  3. Nameserver Reputation scores for each nameserver

The graph displayed shows a visual timeline of WHOIS record changes, within the specified Collected Before and Collected After dates.

Hovering over a change gives the precise reason for the change:

Screenshot 2024-04-02 at 11.47.42.png

A tabulated version of results are displayed below the graph, corresponding to the specified timeline, with any changes tagged on the relevant date:

Screenshot 2024-04-02 at 11.51.54.png

You can expand each row to obtain the fill WHOIS record for that date, with any changes highlighted in red (the old value) and green (the new value).