View WHOIS History

Updated
  • Updated on Aug 21, 2025
  • Published on Aug 8, 2025
  • 1 minute(s) read
Prev Next

Silent Push’s WHOIS History feature allows threat analysts to track domain lifecycle changes, observe historical ownership, and correlate infrastructure reuse across campaigns. This is invaluable for identifying malicious behavior such as domain flipping, burner infrastructure, or bulk abuse by threat actors.

Use WHOIS History

  1. From the Silent Push homepage, go to WHOIS Data > WHOIS History.

  2. In the Enter Domain field, input the domain you want to investigate.

  3. Set Your Time Window:

    • Use Collected Before to specify the earliest point in time to begin your search.

    • Use Collected After to define the latest timestamp for filtering results.

  4. Click Search to retrieve historical records.

Result Table

Result Type

Description

Whois record first created

Date and time the WHOIS record was first collected by Silent Push.

Latest SOA Record

Most recent Start of Authority (SOA) record. Linked to PADNS context.

Name Server Reputation

Reputation score of the nameservers used. Indicates potential abuse signals.

WHOIS Changes

Logged changes to WHOIS fields such as name, email, address, or registrar.

Change Date

Timestamp when each specific WHOIS field was modified.

Tip: Check the icon in the Change column to isolate specific WHOIS field changes like registrar, email, or nameserver.

Example: Tracking Lumma Stealer

This case study examines a suspicious domain linked to Lumma Stealer, referenced in the Use the WHOIS Scanner document under the WHOIS Data section.

  • Domain: elephancouped[.]fun

  • Initial Observation

    • PADNS tab: Domain associated with ASN 13335 (Cloudflare).

    • WHOIS scan: Identified the registrant as Klim Puzharskiy.

    • Broader search: Klim Puzharskiy linked to 51 domains, all sharing:

      • TLD: .fun

      • Registrar: PDR Ltd.

      • Similar registration timeframe

WHOIS History Analysis

Query parameters

  • Domain: elephancouped[.]fun

  • Collected After: 2024-09-01

  • Collected Before: 2025-04-01

Query Result Analysis

  • WHOIS Record Creation: 2025-02-21 09:37:11

  • Latest SOA Record:

    • MNAME: becky.ns.cloudflare.com

    • RNAME: dns.cloudflare.com

    • Serial: 2356517239 Refresh/Retry/Expire/TTL: 10000 / 2400 / 604800 / 1800

  • PADNS Lookup: Accessible via the Lookup PADNS button.

Findings

WHOIS History showed the domain transferred to Klim Puzharskiy, with:

  • Email: bukkenudrkow201@inbox.eu

  • City: Ivanovo

  • Zip Code: 153041