Silent Push enables security teams to track WHOIS record changes for a domain, visualizing its movement across IP space and potential ties to malicious infrastructure.
Obtain a WHOIS history
Navigate to DNS Data > WHOIS History.
Specify a domain.
Use Collected Before and Collected After fields to set a timeline.
Click Search.
Work with WHOIS results
Results display on the Explore screen with:
WHOIS Record First Created: Initial registration date.
Latest SOA Record: Current zone authority details.
Nameserver Reputation Scores: Risk assessment for each nameserver.
A graphical timeline shows WHOIS changes within the specified dates. Hover over changes to view details (e.g., old vs. new values).
A tabulated view lists changes by date, with expandable rows highlighting modifications in red (old value) and green (new value).
Security use cases
Track domain ownership changes to detect potential hijacking.
Identify associations with malicious infrastructure via nameserver or IP shifts.
Monitor registrar changes for signs of unauthorized transfers.
Monitor WHOIS Changes
On the Explore screen, click the Monitor button (top right).
Specify a Monitor Name and Description.
Click Save.
View monitored queries in Monitors > Monitored Queries.
Monitors run every 24 hours, sending email alerts for new results. Refer to the Silent Push documentation for sharing monitors.