A domain emerges in your feeds, example.com, tied to suspicious traffic. Who owns it? Recent registration tweaks or DNS admin shifts could signal compromise or impersonation. Cross-referencing fragmented WHOIS pulls slows triage.
The WHOIS tab consolidates registration and SOA data in Total View, displaying creation dates, authority details, and historical mods for quick ownership verification. It pivots to PADNS for DNS alignment and Infrastructure Variance for nameserver correlations.
Available for Domains, this tab sources from WHOIS and DNS datasets, integrating with PADNS (via Lookup) and other tabs to flag unauthorized changes.
Why is it useful?
WHOIS reveals legitimacy, spots fresh registrations for phishing or expired SOA for lapses, but siloed data hides patterns. This tab enables tracking of ownership and configuration shifts, detecting anomalies such as admin email changes or serial increments signaling updates.
Teams verify against current dates, correlate MNAME with Name Server Changes, or review Expires for renewal risks. It complements PADNS for resolution ties and Infrastructure Variance for broader infrastructure review, streamlining the process from raw records to threat assessment.
How does it work?
Silent Push’s in-house WHOIS collection aggregates registrar and SOA intel, creating timestamped historical views without external dependencies. The tab displays core fields, such as creation date and SOA parameters (e.g., Serial, Refresh), along with graphs illustrating change patterns.
Basic Raw Data mode provides unprocessed outputs (e.g., full RNAME formats) for audits. It links to PADNS for detailed records and Infrastructure Variance for contextual shifts—an MNAME update here might match a nameserver hop there. Data is precise, with pivots ensuring unified workflows.
Generate a set of results
Enter a domain (e.g., example.com) in the search bar to load Total View, and click the WHOIS tab. Fields populate with registration/SOA details; toggle Domain Wide View for Subdomain inclusion if needed. Filter by date or field, and select Basic Raw Data for unedited views.
Example
Query example.com in WHOIS: Results display creation date 1995-08-13, latest SOA with MNAME ns1.example.com, RNAME hostmaster.example.com, Serial 2025090201 (recent increment), Refresh 86400s, Retry 7200s, Expire 1209600s, and TTL 3600s.
A graph highlights changes, like an Expires update on 2025-09-01. Pivot to PADNS reveals aligned NS records.
Key fields
Whois record first created: The date when the domain was initially registered (e.g., 1995-08-13).
Latest SOA Record: The most recent SOA record, which defines the primary DNS server and update parameters for the domain.
MNAME (Master Name): The primary nameserver responsible for the domain (e.g., ns1.example.com).
RNAME (Responsible Name): The email contact for the domain’s DNS administrator (e.g., admin.example.com), often in a format like hostmaster.example.com.
Serial: A version number for the SOA record (e.g., 2025090201), incremented with each update.
Refresh: The interval (e.g., 86400 seconds or 24 hours) at which secondary nameservers check for updates.
Retry: The interval (e.g., 7200 seconds or 2 hours) for retrying a failed refresh.
Expire: The time (e.g., 1209600 seconds or 14 days) after which secondary servers stop responding if they can’t contact the primary.
TTL (Time to Live): The duration (e.g., 3600 seconds or 1 hour) that DNS records are cached before being refreshed.
Lookup PADNS: Pivots to the PADNS tab for detailed DNS record analysis.
The WHOIS tab integrates with PADNS (via Lookup) and Infrastructure Variance. For example, an MNAME change might correlate with a Name Server Changes entry, prompting a security review.
Work with WHOIS results
The tab supports direct actions, including copying fields to the clipboard, customizing columns (e.g., adding historical Serials), and downloading as CSV for reports. Save to a Feed or Draft Feed to monitor changes, such as serial increments.
Tips
Verify SOA: Check MNAME and Serial against the current date to ensure recent updates.
Pivot to PADNS: Use Lookup PADNS to confirm DNS alignment with WHOIS data.
Analyze graph: Look for unusual WHOIS Change patterns, such as frequent Expires updates.
Monitor expirations: Track Expires changes in the table to prevent domain loss.
For anomalies, pivot: An RNAME shift? Chain to Infrastructure Variance for NS correlations. Standalone Web Data > WHOIS offers advanced filters. Use the Query Constructor for in-depth analysis of registrants or Multiple Data Sources for bulk data checks.