How to Use WHOIS tab

New
  • Published on Dec 5, 2025
  • 1 minute(s) read
Prev Next

Every domain you look up in Silent Push comes with complete historical WHOIS data, including every change, every registrant, every email, every name server, going back years. And every blue value is a one-click pivot across the entire Silent Push WHOIS database.

This is how you turn one phishing domain into an entire actor’s portfolio.  

Open Any Domain in Total View

Search any domain → click the result → you’re now in Total View.

Scroll down and click the WHOIS tab.

The moment the tab loads, you get:

  • First Seen Date – when the WHOIS record was originally created

  • Current & Historical SOA records

  • Complete change timeline – every single WHOIS update with exact dates

Expand Any Date

Click the Expand arrow next to any date — even if nothing looks changed.

You now see every field Silent Push captured at that exact moment:

  • Registrant Name / Organization

  • Registrant Email (the real jackpot)

  • Registrant Phone & Address

  • Name Servers (past and present)

  • Registrar

  • All dates (creation, updated, expiry)

On the right: Previous Value vs New Value — instantly spot stealthy changes.

One-Click Pivot on Anything Blue

  • No copying. No pasting. Just click.

    • Click a blue registrant email, and Silent Push instantly shows every domain ever registered with that exact email.

    • Click a blue name server, and you’ll see every domain that has ever used it.

    • Click a blue registrant name or organization, and the same thing happens.    

Real-World Example Workflows

  • Who really owns this phishing domain?

    • Open Total View, go to the WHOIS tab, expand the latest date, click the blue registrant email, and instantly see dozens of other domains registered with the same address.

  • Is this hosted on bulletproof infrastructure?

    Look at the name server history, click on an old name server, and instantly reveal hundreds of malicious domains that used the same provider.

  • Did the actor try to cover their tracks?

    Check the timeline, expand multiple dates, and watch them switch from a real name to “PrivacyProtect.org” or “Redacted for Privacy”.

Tips

  • Always expand multiple dates — actors frequently flip back and forth between identities.

  • Combine with the PADNS tab to see which IPs those old name servers pointed to.

  • Combine with the Web Search tab to spot reused registrant emails on a completely different infrastructure.

Related articles