--- title: "How to Use WHOIS tab" slug: "how-to-use-whois-tab" updated: 2025-12-19T15:22:29Z published: 2025-12-19T15:22:29Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # How to Use WHOIS tab Every domain you look up in Silent Push comes with **complete historical WHOIS data,**including every change, every registrant, every email, every name server, going back years. And every blue value is a **one-click pivot** across the entire Silent Push WHOIS database. This is how you turn one phishing domain into an entire actor’s portfolio. [WHOIS.mov](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/WHOIS(1).mov) ## Open Any Domain in Total View Search any domain. Click the result and you’re now in **Total View**. Scroll down and click the **WHOIS** tab. The moment the tab loads, you get: - **First Seen Date** – when the WHOIS record was originally created - **Current & Historical SOA records** - **Complete change timeline** – every single WHOIS update with exact dates ## Expand Any Date Click the **Expand** arrow next to any date, even if nothing looks changed. You now see **every field Silent Push captured at that exact moment**: - Registrant Name / Organization - Registrant Email (the real jackpot) - Registrant Phone & Address - Name Servers (past and present) - Registrar - All dates (creation, updated, expiry) On the right: **Previous Value** vs **New Value** — instantly spot stealthy changes. ## One-Click Pivot on Anything Blue - No copying. No pasting. Just click. - Click a blue **registrant email,** and Silent Push instantly shows every domain ever registered with that exact email. - Click a blue **name server,** and you’ll see every domain that has ever used it. - Click a blue **registrant name** or **organization,** and the same thing happens. ## Real-World Example Workflows - **Who really owns this phishing domain?** - Open Total View, go to the WHOIS tab, expand the latest date, click the blue registrant email, and instantly see dozens of other domains registered with the same address. - **Is this hosted on bulletproof infrastructure?** Look at the name server history, click on an old name server, and instantly reveal hundreds of malicious domains that used the same provider. - **Did the actor try to cover their tracks?** Check the timeline, expand multiple dates, and watch them switch from a real name to “PrivacyProtect.org” or “Redacted for Privacy”. ## Tips - Always expand **multiple dates** — actors frequently flip back and forth between identities. - Combine with the **PADNS** tab to see which IPs those old name servers pointed to. - Combine with the **Web Search** tab to spot reused registrant emails on a completely different infrastructure.