Contents x
      Get WHOIS history for a domain
      • 02 Apr 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      Contents

      Get WHOIS history for a domain

      • Updated on 02 Apr 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      Article summary

      Silent Push allows users to obtain a graphical representation of WHOIS record changes for any given domain, within a set time period.

      Security teams are able to use the WHOIS History query to vizualise a domain's movement across the IP space, and track it's association with malicious infrastructure.

      Obtain a WHOIS history

      1. Navigate to Explore DNS Data > WHOIS History

      2. Specify a Domain

      3. Use the Collected Before and Collected After fields to establish a timeline

      4. Click Search

      Working with WHOIS results

      Once you've generated a set of results, the following fields are used to give a general overview:

      1. WHOIS Record First Created
      2. Latest SOA Record
      3. Nameserver Reputation scores for each nameserver

      The graph displayed shows a visual timeline of WHOIS record changes, within the specified Collected Before and Collected After dates.

      Hovering over a change gives the precise reason for the change:

      Screenshot 2024-04-02 at 11.47.42.png

      A tabulated version of results are displayed below the graph, corresponding to the specified timeline, with any changes tagged on the relevant date:

      Screenshot 2024-04-02 at 11.51.54.png

      You can expand each row to obtain the fill WHOIS record for that date, with any changes highlighted in red (the old value) and green (the new value).

      Was this article helpful?
      What's Next