---
title: "Get Started with Whois"
slug: "get-started-with-whois"
tags: ["Domain Ownership", "Threat Hunting", "WHOIS Data"]
updated: 2026-01-26T14:38:00Z
published: 2026-01-16T16:46:20Z
canonical: "help.silentpush.com/get-started-with-whois"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.silentpush.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Started with Whois

Silent Push's WHOIS Data section provides powerful tools for investigating domain ownership, registration details, and historical changes. This is essential for threat hunting, infrastructure mapping, and attributing malicious activity to threat actors.

The WHOIS Data section includes two primary features:

- **WHOIS Search**: Query and pivot across global WHOIS records using specific fields like registrant name, email, registrar, or creation date.
- **WHOIS History**: Track timestamped changes to a specific domain's WHOIS records over time, including ownership transfers and infrastructure shifts.

## How to Access WHOIS Data

1. From the left navigation menu, select **WHOIS Data**.
2. Choose either **WHOIS Search** or **WHOIS History** depending on your investigation needs.

> [!NOTE]
> Tips
> 
> - Start with a known suspicious domain from alerts, PADNS, or threat reports.
> - Use WHOIS Search to pivot from a single indicator (e.g., a registrant email) to discover related domains.
> - Switch to WHOIS History to view lifecycle changes and detect patterns like domain flipping or burner infrastructure.
> - Combine with other Silent Push features, such as PADNS or Threat Feeds, for deeper context.

These tools help SOC teams and threat analysts uncover hidden infrastructure reuse, even when actors obfuscate DNS or hosting details.

Check out the [Use Cases](/v1/docs/whois-use-cases) section for examples.