Silent Push's WHOIS Data section provides powerful tools for investigating domain ownership, registration details, and historical changes. This is essential for threat hunting, infrastructure mapping, and attributing malicious activity to threat actors.
The WHOIS Data section includes two primary features:
WHOIS Search: Query and pivot across global WHOIS records using specific fields like registrant name, email, registrar, or creation date.
WHOIS History: Track timestamped changes to a specific domain's WHOIS records over time, including ownership transfers and infrastructure shifts.
How to Access WHOIS Data
From the left navigation menu, select WHOIS Data.
Choose either WHOIS Search or WHOIS History depending on your investigation needs.
Tips
Start with a known suspicious domain from alerts, PADNS, or threat reports.
Use WHOIS Search to pivot from a single indicator (e.g., a registrant email) to discover related domains.
Switch to WHOIS History to view lifecycle changes and detect patterns like domain flipping or burner infrastructure.
Combine with other Silent Push features, such as PADNS or Threat Feeds, for deeper context.
These tools help SOC teams and threat analysts uncover hidden infrastructure reuse, even when actors obfuscate DNS or hosting details.
Check out the Use Cases section for examples.