Malicious actors often use tactics such as domain hopping or domain fronting to evade detection and propagate malicious activity.

By changing the nameservers associated with a domain, threat groups are able toy evade detection and continue their activities under a different set of infrastructure.

By monitoring changes to nameservers associated with a domain, security teams can pinpoint connections between different domains and nameservers, and identify previously unknown threat actors or infrastructure based on different patterns of behaviour.

Additionally, if a domain is repeatedly changing nameservers or associated infrastructure, it may be an indication that the domain's security controls or practices are inadequate, and that the domain is vulnerable to attack.

Silent Push allows you to search for all nameserver changes associated with a specific domain over time.

Monitoring nameserver data

You can monitor results populated on the Explore screen for any changes, saving you time and resources by automating key queries across a range of internal workflows.

Monitors run once every 24 hours. You'll be alerted when Silent Push detects new results via email (filtering/sorting options are not applied)