Skip to main content

SilentPush

This Integration is part of the Silent Push Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

The Silent Push Platform uses first-party data and a proprietary scanning engine to enrich global DNS data with risk and reputation scoring, giving security teams the ability to join the dots across the entire IPv4 and IPv6 range, and identify adversary infrastructure before an attack is launched. The content pack integrates with the Silent Push system to gain insights into domain/IP information, reputations, enrichment, and infratag-related details. It also provides functionality to live-scan URLs and take screenshots of them. Additionally, it allows fetching future attack feeds from the Silent Push system. This integration was integrated and tested with version 4.2 of SilentPush.

Configure SilentPush in Cortex#

ParameterRequired
Base URLTrue
API KeyTrue
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

silentpush-density-lookup#


This command queries granular DNS/IP parameters (e.g., NS servers, MX servers, IPaddresses, ASNs) for density information.

Base Command#

silentpush-density-lookup

Input#

Argument NameDescriptionRequired
qtypeQuery type.Required
queryValue to query.Required
scopeMatch level (optional).Optional

Context Output#

PathTypeDescription
SilentPush.DensityLookup.qtypeStringThe following qtypes are supported: nssrv, mxsrv.
SilentPush.DensityLookup.queryStringThe query value to lookup, which can be the name of an NS or MX server.
SilentPush.DensityLookup.records.densityNumberThe density value associated with the query result.
SilentPush.DensityLookup.records.nssrvStringThe name server (NS) for the query result.

Command example#

!silentpush-density-lookup qtype="nssrv" query="vida.ns.cloudflare.com"

Context Example#

{
"qtype": "nssrv",
"query": "vida.ns.cloudflare.com",
"records": [
{
"density": 100601,
"nssrv": "vida.ns.cloudflare.com"
}
]
}

Human Readable Output#

Results#

FieldValue
Density100601
NSSRVvida.ns.cloudflare.com

silentpush-forward-padns-lookup#


This command performs a forward PADNS lookup using various filtering parameters.

Base Command#

silentpush-forward-padns-lookup

Input#

Argument NameDescriptionRequired
qtypeDNS record type.Required
qnameThe DNS record name to lookup.Required
netmaskThe netmask to filter the lookup results.Optional
subdomainsFlag to include subdomains in the lookup results.Optional
regexRegular expression to filter the DNS records.Optional
matchType of match for the query (e.g., exact, partial).Optional
first_seen_afterFilter results to include only records first seen after this date.Optional
first_seen_beforeFilter results to include only records first seen before this date.Optional
last_seen_afterFilter results to include only records last seen after this date.Optional
last_seen_beforeFilter results to include only records last seen before this date.Optional
as_ofDate or time to get the DNS records as of a specific point in time.Optional
sortSort the results by the specified field (e.g., date, score).Optional
output_formatThe format in which the results should be returned (e.g., JSON, XML).Optional
preferPreference for specific DNS servers or sources.Optional
with_metadataFlag to include metadata in the DNS records.Optional
max_waitMaximum number of seconds to wait for results before timing out.Optional
skipNumber of results to skip for pagination purposes.Optional
limitMaximum number of results to return.Optional

Context Output#

PathTypeDescription
SilentPush.PADNSLookup.qnameStringThe DNS record name that was looked up.
SilentPush.PADNSLookup.qtypeStringThe DNS record type queried (e.g., NS).
SilentPush.PADNSLookup.records.answerStringThe answer (e.g., name server) for the DNS record.
SilentPush.PADNSLookup.records.countNumberThe number of occurrences for this DNS record.
SilentPush.PADNSLookup.records.first_seenStringThe timestamp when this DNS record was first seen.
SilentPush.PADNSLookup.records.last_seenStringThe timestamp when this DNS record was last seen.
SilentPush.PADNSLookup.records.nshashStringUnique hash for the DNS record.
SilentPush.PADNSLookup.records.queryStringThe DNS record query name (e.g., silentpush.com).
SilentPush.PADNSLookup.records.ttlNumberTime to live (TTL) value for the DNS record.
SilentPush.PADNSLookup.records.typeStringThe type of the DNS record (e.g., NS).

Command Example#

!silentpush-forward-padns-lookup qtype="ns" qname="silentpush.com"

Context Example#

{
"qtype": "ns",
"qname": "silentpush.com",
"records": [
{
"answer": "henry.ns.cloudflare.com",
"count": 23043,
"first_seen": "2020-12-24 19:04:43",
"last_seen": "2025-04-08 07:06:24",
"nshash": "850c47a684c9ea9c32ece18e7be4cddc",
"query": "silentpush.com"
}
]
}

Human Readable Output#

Results#

FieldValue
Answerhenry.ns.cloudflare.com
Count23043
First Seen2020-12-24 19:04:43
Last Seen2025-04-08 07:06:24
NSHash850c47a684c9ea9c32ece18e7be4cddc
Querysilentpush.com

silentpush-get-asn-reputation#


This command retrieve the reputation information for an IPv4.

Base Command#

silentpush-get-asn-reputation

Input#

Argument NameDescriptionRequired
asnThe ASN to lookup.Required
explainShow the information used to calculate the reputation score.Optional
limitThe maximum number of reputation history records to retrieve.Optional

Context Output#

PathTypeDescription
SilentPush.ASNReputation.asnNumberAutonomous System Number (ASN) associated with the reputation history.
SilentPush.ASNReputation.asn_reputationNumberReputation score of the ASN at a given point in time.
SilentPush.ASNReputation.asn_reputation_explain.ips_in_asnNumberTotal number of IPs within the ASN.
SilentPush.ASNReputation.asn_reputation_explain.ips_num_activeNumberNumber of actively used IPs in the ASN.
SilentPush.ASNReputation.asn_reputation_explain.ips_num_listedNumberNumber of IPs in the ASN that are listed as malicious.
SilentPush.ASNReputation.asnameStringName of the ASN provider or organization.
SilentPush.ASNReputation.dateNumberDate of the recorded reputation history in YYYYMMDD format.

Command Example#

!silentpush-get-asn-reputation asn="12345"

Context Example#

{
"asn": "12345",
"reputation": 0,
"as_name": "AS12345, IT",
"date": "20250408"
}

Human Readable Output#

Results#

FieldValue
ASN12345
Reputation0
AS NameAS12345, IT
Date2025-04-08

silentpush-get-asn-takedown-reputation#


This command retrieve the takedown reputation information for an Autonomous System Number (ASN).

Base Command#

silentpush-get-asn-takedown-reputation

Input#

Argument NameDescriptionRequired
asnThe ASN to lookup.Required
explainShow the information used to calculate the reputation score.Optional
limitThe maximum number of reputation history records to retrieve.Optional

Context Output#

PathTypeDescription
SilentPush.ASNTakedownReputation.takedown_reputation.asnameStringThe name of the Autonomous System (AS).
SilentPush.ASNTakedownReputation.takedown_reputation.asnStringThe Autonomous System Number (ASN).
SilentPush.ASNTakedownReputation.takedown_reputation.allocation_ageNumberThe age of the ASN allocation in days.
SilentPush.ASNTakedownReputation.takedown_reputation.allocation_dateNumberThe date when the ASN was allocated (YYYYMMDD).
SilentPush.ASNTakedownReputation.takedown_reputation.asn_takedown_reputationNumberThe takedown reputation score for the ASN.
SilentPush.ASNTakedownReputation.takedown_reputation.asn_takedown_reputation_explain.ips_in_asnNumberThe total number of IP addresses associated with the ASN.
SilentPush.ASNTakedownReputation.takedown_reputation.asn_takedown_reputation_explain.ips_num_listedNumberThe number of IP addresses within the ASN that are flagged or listed in security threat databases.
SilentPush.ASNTakedownReputation.takedown_reputation.asn_takedown_reputation_explain.items_num_listedNumberThe total number of security-related listings associated with the ASN, including IP addresses and domains.
SilentPush.ASNTakedownReputation.takedown_reputation.asn_takedown_reputation_explain.listings_max_ageNumberThe maximum age (in hours) of the listings, indicating how recent the flagged IPs/domains are.

Command Example#

!silentpush-get-asn-takedown-reputation asn="211298"

Context Example#

{
"asn": "211298",
"asn_allocation_age": 1420,
"asn_allocation_date": "2021-05-19",
"asn_takedown_reputation": 0,
"as_name": "INTERNET-MEASUREMENT, GB"
}

Human Readable Output#

Results#

FieldValue
ASN211298
ASN Allocation Age1420 days
ASN Allocation Date2021-05-19
ASN Takedown Reputation0
AS NameINTERNET-MEASUREMENT, GB

silentpush-get-asns-for-domain#


This command retrieves Autonomous System Numbers (ASNs) associated with a domain.

Base Command#

silentpush-get-asns-for-domain

Input#

Argument NameDescriptionRequired
domainDomain name to search ASNs for. Retrieves ASNs associated with a records for the specified domain and its subdomains in the last 30 days.Required

Context Output#

PathTypeDescription
SilentPush.DomainASNs.domainStringThe domain name for which ASNs are retrieved.
SilentPush.DomainASNs.asnsUnknownDictionary of Autonomous System Numbers (ASNs) associated with the domain.

Command Example#

!silentpush-get-asns-for-domain domain="silentpush.com"

Context Example#

{
"domain": "silentpush.com",
"asns": [
{
"asn": "13335",
"description": "CLOUDFLARENET, US"
},
{
"asn": "14618",
"description": "AMAZON-AES, US"
},
{
"asn": "16509",
"description": "AMAZON-02, US"
},
{
"asn": "209242",
"description": "CLOUDFLARESPECTRUM Cloudflare, Inc., US"
},
{
"asn": "213230",
"description": "HETZNER-CLOUD2-AS, DE"
},
{
"asn": "24940",
"description": "HETZNER-AS, DE"
}
]
}

Human Readable Output#

Results#

ASNDescription
13335CLOUDFLARENET, US
14618AMAZON-AES, US
16509AMAZON-02, US
209242CLOUDFLARESPECTRUM Cloudflare, Inc., US
213230HETZNER-CLOUD2-AS, DE
24940HETZNER-AS, DE

silentpush-get-domain-certificates#


This command get certificate data collected from domain scanning.

Base Command#

silentpush-get-domain-certificates

Input#

Argument NameDescriptionRequired
domainThe domain to query certificates for.Required
domain_regexRegular expression to match domains.Optional
certificate_issuerFilter by certificate issuer.Optional
date_minFilter certificates issued on or after this date.Optional
date_maxFilter certificates issued on or before this date.Optional
preferPrefer to wait for results for longer running queries or to return job_id immediately (Defaults to Silent Push API behaviour).Optional
max_waitNumber of seconds to wait for results before returning a job_id, with a range from 0 to 25 seconds.Optional
with_metadataIncludes a metadata object in the response, containing returned results, total results, and job_id.Optional
skipNumber of results to skip.Optional
limitNumber of results to return.Optional

Context Output#

PathTypeDescription
SilentPush.Certificate.domainStringQueried domain.
SilentPush.Certificate.metadataStringMetadata of the response
SilentPush.Certificate.certificates.cert_indexNumberIndex of the certificate.
SilentPush.Certificate.certificates.chainUnknownCertificate chain.
SilentPush.Certificate.certificates.dateNumberCertificate issue date.
SilentPush.Certificate.certificates.domainStringPrimary domain of the certificate.
SilentPush.Certificate.certificates.domainsUnknownList of domains covered by the certificate.
SilentPush.Certificate.certificates.fingerprintStringSHA-1 fingerprint of the certificate.
SilentPush.Certificate.certificates.fingerprint_md5StringMD5 fingerprint of the certificate.
SilentPush.Certificate.certificates.fingerprint_sha1StringSHA-1 fingerprint of the certificate.
SilentPush.Certificate.certificates.fingerprint_sha256StringSHA-256 fingerprint of the certificate.
SilentPush.Certificate.certificates.hostStringHost associated with the certificate.
SilentPush.Certificate.certificates.issuerStringIssuer of the certificate.
SilentPush.Certificate.certificates.not_afterStringExpiration date of the certificate.
SilentPush.Certificate.certificates.not_beforeStringStart date of the certificate validity.
SilentPush.Certificate.certificates.serial_decStringDecimal representation of the serial number.
SilentPush.Certificate.certificates.serial_hexStringHexadecimal representation of the serial number.
SilentPush.Certificate.certificates.serial_numberStringSerial number of the certificate.
SilentPush.Certificate.certificates.source_nameStringSource log name of the certificate.
SilentPush.Certificate.certificates.source_urlStringURL of the certificate log source.
SilentPush.Certificate.certificates.subjectStringSubject details of the certificate.
SilentPush.Certificate.certificates.wildcardNumberIndicates if the certificate is a wildcard certificate.
SilentPush.Certificate.job_details.getStringURL to get the data of the job or its status.
SilentPush.Certificate.job_details.job_idStringID of the job.
SilentPush.Certificate.job_details.statusStringStatus of the job.

Command Example#

!silentpush-get-domain-certificates domain="silentpush.com"

Context Example#

{
"domain": "silentpush.com",
"certificates": [
{
"common_name": "silentpush.com",
"expires_on": "2025-07-03 16:02:40",
"fingerprint_sha256": "f7ec9de47a7b22181e6a394a2af8a59793c6ea07538fc49a2351b25c6dc20d69",
"issued_on": "2025-04-04 16:02:41",
"issuer": "E5",
"serial_number": "6E51EEDAA93109DCA31CE852A8D0C27C001",
"subject_alternative_names": ["silentpush.com"]
}
]
}

Human Readable Output#

Result#

FieldValue
Common Namesilentpush.com
Expires On2025-07-03 16:02:40
Fingerprint (SHA256)f7ec9de47a7b22181e6a394a2af8a59793c6ea07538fc49a2351b25c6dc20d69
Issued On2025-04-04 16:02:41
IssuerE5
Serial Number6E51EEDAA93109DCA31CE852A8D0C27C001
Subject Alternative Namessilentpush.com

silentpush-get-enrichment-data#


This command retrieves comprehensive enrichment information for a given resource (domain, IPv4, or IPv6).

Base Command#

silentpush-get-enrichment-data

Input#

Argument NameDescriptionRequired
resourceType of resource for which information needs to be retrieved {e.g. domain}.Required
valueValue corresponding to the selected "resource" for which information needs to be retrieved{e.g. silentpush.com}.Required
explainInclude explanation of data calculations.Optional
scan_dataInclude scan data (IPv4 only).Optional

Context Output#

PathTypeDescription
SilentPush.Enrichment.valueStringQueried value
SilentPush.Enrichment.domain_string_frequency_probability.avg_probabilityNumberAverage probability score of the domain string.
SilentPush.Enrichment.domain_string_frequency_probability.dga_probability_scoreNumberProbability score indicating likelihood of being a DGA domain.
SilentPush.Enrichment.domain_string_frequency_probability.domainStringDomain name analyzed.
SilentPush.Enrichment.domain_string_frequency_probability.domain_string_freq_probabilitiesUnknownList of frequency probabilities for different domain string components.
SilentPush.Enrichment.domain_string_frequency_probability.queryStringDomain name queried.
SilentPush.Enrichment.domain_urls.results_summary.alexa_rankNumberAlexa rank of the domain.
SilentPush.Enrichment.domain_urls.results_summary.alexa_top10kBooleanIndicates if the domain is in the Alexa top 10k.
SilentPush.Enrichment.domain_urls.results_summary.alexa_top10k_scoreNumberScore indicating domain’s Alexa top 10k ranking.
SilentPush.Enrichment.domain_urls.results_summary.dynamic_domain_scoreNumberScore indicating likelihood of domain being dynamically generated.
SilentPush.Enrichment.domain_urls.results_summary.is_dynamic_domainBooleanIndicates if the domain is dynamic.
SilentPush.Enrichment.domain_urls.results_summary.is_url_shortenerBooleanIndicates if the domain is a known URL shortener.
SilentPush.Enrichment.domain_urls.results_summary.resultsNumberNumber of results found for the domain.
SilentPush.Enrichment.domain_urls.results_summary.url_shortner_scoreNumberScore of the shortned URL
SilentPush.Enrichment.domaininfo.domainStringDomain name analyzed.
SilentPush.Enrichment.domaininfo.errorStringError message if no data is available for the domain.
SilentPush.Enrichment.domaininfo.zoneStringTLD zone of the domain.
SilentPush.Enrichment.domaininfo.registrarStringregistrar of the domain.
SilentPush.Enrichment.domaininfo.whois_ageStringThe age of the domain based on WHOIS records.
SilentPush.Enrichment.domaininfo.whois_created_dateStringThe created date on WHOIS records.
SilentPush.Enrichment.domaininfo.queryStringThe domain name that was queried in the system.
SilentPush.Enrichment.domaininfo.last_seenNumberThe first recorded observation of the domain in the database.
SilentPush.Enrichment.domaininfo.first_seenNumberThe last recorded observation of the domain in the database.
SilentPush.Enrichment.domaininfo.is_newBooleanIndicates whether the domain is considered "new.".
SilentPush.Enrichment.domaininfo.is_new_scoreNumberA scoring metric indicating how "new" the domain is.
SilentPush.Enrichment.domaininfo.ageNumberRepresents the age of the domain in days.
SilentPush.Enrichment.domaininfo.age_scoreNumberA scoring metric indicating the trustworthiness of the domain based on its age.
SilentPush.Enrichment.ip_diversity.asn_diversityStringNumber of different ASNs associated with the domain.
SilentPush.Enrichment.ip_diversity.ip_diversity_allStringTotal number of unique IPs observed for the domain.
SilentPush.Enrichment.ip_diversity.hostStringThe hostname being analyzed.
SilentPush.Enrichment.ip_diversity.ip_diversity_groupsStringThe number of distinct IP groups (e.g., IPs belonging to different ranges or providers).
SilentPush.Enrichment.ns_reputation.is_expiredBooleanIndicates if the domain’s nameserver is expired.
SilentPush.Enrichment.ns_reputation.is_parkedBooleanThe domain is not parked (a parked domain is one without active content).
SilentPush.Enrichment.ns_reputation.is_sinkholedBooleanThe domain is not sinkholed (not forcibly redirected to a security researcher’s trap).
SilentPush.Enrichment.ns_reputation.ns_reputation_maxNumberMaximum reputation score for nameservers.
SilentPush.Enrichment.ns_reputation.ns_reputation_scoreNumberReputation score of the domain’s nameservers.
SilentPush.Enrichment.ns_reputation.ns_srv_reputation.domainStringThe nameservers of domain.
SilentPush.Enrichment.ns_reputation.ns_srv_reputation.ns_serverStringProvided nameserver.
SilentPush.Enrichment.ns_reputation.ns_srv_reputation.ns_server_domain_densityNumberNumber of domains sharing this NS
SilentPush.Enrichment.ns_reputation.ns_srv_reputation.ns_server_domains_listedNumberNumber of listed domains using this NS.
SilentPush.Enrichment.ns_reputation.ns_srv_reputation.ns_server_reputationNumberReputation score for this NS
SilentPush.Enrichment.scan_data.certificates.domainStringDomain for which the SSL certificate was issued.
SilentPush.Enrichment.scan_data.certificates.domainsUnknownOther Domains for which the SSL certificate was issued.
SilentPush.Enrichment.scan_data.certificates.issuer_organizationStringIssuer organization of the SSL certificate.
SilentPush.Enrichment.scan_data.certificates.fingerprint_sha1StringA unique identifier for the certificate.
SilentPush.Enrichment.scan_data.certificates.hostnameStringThe hostname associated with the certificate.
SilentPush.Enrichment.scan_data.certificates.ipStringThe IP address of the server using this certificate.
SilentPush.Enrichment.scan_data.certificates.is_expiredStringIndicates whether the certificate has expired.
SilentPush.Enrichment.scan_data.certificates.issuer_common_nameStringhe Common Name (CN) of the Certificate Authority (CA) that issued this certificate.
SilentPush.Enrichment.scan_data.certificates.not_afterStringExpiry date of the certificate.
SilentPush.Enrichment.scan_data.certificates.not_beforeStringStart date of the certificate validity.
SilentPush.Enrichment.scan_data.certificates.scan_dateStringThe date when this certificate data was last scanned.
SilentPush.Enrichment.scan_data.headers.responseStringHTTP response code for the domain scan.
SilentPush.Enrichment.scan_data.headers.hostnameStringThe hostname that sent this response.
SilentPush.Enrichment.scan_data.headers.ipStringThe IP address responding to the request.
SilentPush.Enrichment.scan_data.headers.scan_dateStringThe date when the headers were scanned.
SilentPush.Enrichment.scan_data.headers.headers.cache-controlStringHTTP cache-control
SilentPush.Enrichment.scan_data.headers.headers.content-length"StringContent lenght of the HTTP response.
SilentPush.Enrichment.scan_data.headers.headers.dateStringThe date/time of the response.
SilentPush.Enrichment.scan_data.headers.headers.expiresStringIndicates an already expired response.
SilentPush.Enrichment.scan_data.headers.headers.serverStringThe web server handling the request (Cloudflare proxy).
SilentPush.Enrichment.scan_data.html.hostnameStringHTTP response code for the domain scan.
SilentPush.Enrichment.scan_data.html.html_body_murmur3Stringhash of the page content
SilentPush.Enrichment.scan_data.html.html_body_ssdeepStringSSDEEP hash (used for fuzzy matching similar HTML content).
SilentPush.Enrichment.scan_data.html.html_titleStringThe page title (suggests a Cloudflare challenge page, likely due to bot protection).
SilentPush.Enrichment.scan_data.html.ipStringThe IP address responding to the request.
SilentPush.Enrichment.scan_data.html.scan_dateStringThe date when the headers were scanned.
SilentPush.Enrichment.scan_data.favicon.favicon2_md5StringMD5 hash of a secondary favicon.
SilentPush.Enrichment.scan_data.favicon.favicon2_mmh3StringMurmur3 hash of a secondary favicon.
SilentPush.Enrichment.scan_data.favicon.favicon2_pathStringThe file path of the secondary favicon.
SilentPush.Enrichment.scan_data.favicon.favicon_md5StringMD5 hash of the primary favicon.
SilentPush.Enrichment.scan_data.favicon.favicon_mmh3StringMurmur3 hash of the primary favicon.
SilentPush.Enrichment.scan_data.favicon.hostnameStringThe hostname where this favicon was found.
SilentPush.Enrichment.scan_data.favicon.ipStringThe IP address associated with the favicon.
SilentPush.Enrichment.scan_data.favicon.scan_dateStringDate when this favicon was last scanned.
SilentPush.Enrichment.scan_data.jarm.hostnameStringThe hostname where this jarm was found.
SilentPush.Enrichment.scan_data.jarm.ipStringThe IP address responding to the request.
SilentPush.Enrichment.scan_data.jarm.jarm_hashStringUnique identifier for the TLS configuration of the server.
SilentPush.Enrichment.scan_data.jarm.scan_dateStringDate when this jarm was last scanned.
SilentPush.Enrichment.sp_risk_scoreNumberOverall risk score for the domain.
SilentPush.Enrichment.sp_risk_score_explain.sp_risk_score_deciderStringFactor that determined the final risk score.
SilentPush.Enrichment.ip2asn.asnNumberAutonomous System Number (ASN) associated with the IP.
SilentPush.Enrichment.ip2asn.asn_allocation_ageNumberAge of ASN allocation in days.
SilentPush.Enrichment.ip2asn.asn_allocation_dateNumberDate of ASN allocation.
SilentPush.Enrichment.ip2asn.asn_rankNumberRank of the ASN.
SilentPush.Enrichment.ip2asn.asn_rank_scoreNumberRank score of the ASN.
SilentPush.Enrichment.ip2asn.asn_reputationNumberReputation score of the ASN.
SilentPush.Enrichment.ip2asn.asn_reputation_explain.ips_in_asnNumberTotal number of IPs in the ASN.
SilentPush.Enrichment.ip2asn.asn_reputation_explain.ips_num_activeNumberNumber of active IPs in the ASN.
SilentPush.Enrichment.ip2asn.asn_reputation_explain.ips_num_listedNumberNumber of listed IPs in the ASN.
SilentPush.Enrichment.ip2asn.asn_reputation_scoreNumberReputation score of the ASN.
SilentPush.Enrichment.ip2asn.asn_takedown_reputationNumberTakedown reputation score of the ASN.
SilentPush.Enrichment.ip2asn.asn_takedown_reputation_explain.ips_in_asnNumberTotal number of IPs in the ASN with takedown reputation.
SilentPush.Enrichment.ip2asn.asn_takedown_reputation_explain.ips_num_listedNumberNumber of listed IPs in the ASN with takedown reputation.
SilentPush.Enrichment.ip2asn.asn_takedown_reputation_explain.items_num_listedNumberNumber of flagged items in the ASN with takedown reputation.
SilentPush.Enrichment.ip2asn.asn_takedown_reputation_explain.listings_max_ageNumberMaximum age of listings for the ASN with takedown reputation.
SilentPush.Enrichment.ip2asn.asn_takedown_reputation_scoreNumberTakedown reputation score of the ASN.
SilentPush.Enrichment.ip2asn.asnameStringName of the Autonomous System (AS).
SilentPush.Enrichment.ip2asn.benign_info.actorStringThis field is usually used to indicate a known organization or individual associated with the IP.
SilentPush.Enrichment.ip2asn.benign_info.known_benignBooleanIndicates whether this IP/ASN is explicitly known to be safe (e.g., a reputable cloud provider or public service)
SilentPush.Enrichment.ip2asn.benign_info.tagsUnknownContains descriptive tags if the IP/ASN has a known role (e.g., "Google Bot", "Cloudflare Proxy").
SilentPush.Enrichment.ip2asn.dateNumberDate of the scan data (YYYYMMDD format).
SilentPush.Enrichment.ip2asn.densityNumberThe density value associated with the IP.
SilentPush.Enrichment.ip2asn.ipStringIP address associated with the ASN.
SilentPush.Enrichment.ip2asn.ip_has_expired_certificateBooleanIndicates whether the IP has an expired SSL/TLS certificate.
SilentPush.Enrichment.ip2asn.ip_has_open_directoryBooleanIndicates whether the IP hosts an open directory listing.
SilentPush.Enrichment.ip2asn.ip_is_dsl_dynamicBooleanthe IP is from a dynamic DSL pool.
SilentPush.Enrichment.ip2asn.ip_is_dsl_dynamic_scoreNumberA score indicating how likely this IP is dynamic.
SilentPush.Enrichment.ip2asn.ip_is_ipfs_nodeBooleanthe InterPlanetary File System (IPFS), a decentralized file storage system.
SilentPush.Enrichment.ip2asn.ip_is_tor_exit_nodeBooleanTor exit node (used for anonymous internet browsing).
SilentPush.Enrichment.ip2asn.ip_location.continent_codeStringabbreviation for the continent where the IP is located.
SilentPush.Enrichment.ip2asn.ip_location.continent_nameStringThe full name of the continent.
SilentPush.Enrichment.ip2asn.ip_location.country_codeStringThe ISO 3166-1 alpha-2 country code representing the country.
SilentPush.Enrichment.ip2asn.ip_location.country_is_in_european_unionBooleanA Boolean value (true/false) indicating if the country is part of the European Union (EU).
SilentPush.Enrichment.ip2asn.ip_location.country_nameStringThe full name of the country where the IP is registered.
SilentPush.Enrichment.ip2asn.ip_ptrStringThe reverse DNS (PTR) record for the IP.
SilentPush.Enrichment.ip2asn.listing_scoreNumberMeasures how frequently the IP appears in threat intelligence or blacklist databases.
SilentPush.Enrichment.ip2asn.listing_score_explainUnknownA breakdown of why the listing score is assigned.
SilentPush.Enrichment.ip2asn.malscoreNumberMalicious activity score for the IP.
SilentPush.Enrichment.ip2asn.scan_data.certificates.hostnameStringHostname associated with the SSL certificate.
SilentPush.Enrichment.ip2asn.scan_data.certificates.domainStringDomain for which the SSL certificate was issued.
SilentPush.Enrichment.ip2asn.scan_data.certificates.fingerprint_sha1StringSHA-1 fingerprint of the SSL certificate.
SilentPush.Enrichment.ip2asn.scan_data.certificates.issuer_common_nameStringCommon name of the certificate issuer.
SilentPush.Enrichment.ip2asn.scan_data.certificates.issuer_organizationStringOrganization that issued the SSL certificate.
SilentPush.Enrichment.ip2asn.scan_data.certificates.not_beforeStringStart date of SSL certificate validity.
SilentPush.Enrichment.ip2asn.scan_data.certificates.not_afterStringExpiration date of SSL certificate validity.
SilentPush.Enrichment.ip2asn.scan_data.certificates.domainsUnknownOther domains for which the SSL certificate was issued.
SilentPush.Enrichment.ip2asn.scan_data.certificates.is_expiredBooleanIs certificate expired.
SilentPush.Enrichment.ip2asn.scan_data.certificates.scan_dateStringScan date of the certificate.
SilentPush.Enrichment.ip2asn.scan_data.favicon.favicon2_md5StringMD5 hash of the second favicon.
SilentPush.Enrichment.ip2asn.scan_data.favicon.favicon2_mmh3NumberMurmurHash3 value of the second favicon.
SilentPush.Enrichment.ip2asn.scan_data.favicon.favicon_md5StringMD5 hash of the favicon.
SilentPush.Enrichment.ip2asn.scan_data.favicon.favicon_mmh3NumberMurmurHash3 value of the favicon.
SilentPush.Enrichment.ip2asn.scan_data.favicon.favicon2_pathStringPath to the second favicon file.
SilentPush.Enrichment.ip2asn.scan_data.favicon.scan_dateStringScan date of favicon file.
SilentPush.Enrichment.ip2asn.scan_data.headers.responseStringHTTP response code from the scan.
SilentPush.Enrichment.ip2asn.scan_data.headers.scan_dateStringThe date and time when the scan was performed.
SilentPush.Enrichment.ip2asn.scan_data.headers.headers.serverStringServer header from the HTTP response.
SilentPush.Enrichment.ip2asn.scan_data.headers.headers.content-typeStringContent-Type header from the HTTP response.
SilentPush.Enrichment.ip2asn.scan_data.headers.headers.content-lengthStringContent-Length header from the HTTP response.
SilentPush.Enrichment.ip2asn.scan_data.headers.headers.cache-controlStringCache-control header from the HTTP response.
SilentPush.Enrichment.ip2asn.scan_data.headers.headers.dateStringDate header from the HTTP response.
SilentPush.Enrichment.ip2asn.scan_data.html.html_titleStringTitle of the scanned HTML page.
SilentPush.Enrichment.ip2asn.scan_data.html.html_body_murmur3StringMurmurHash3 of the HTML body content.
SilentPush.Enrichment.ip2asn.scan_data.html.html_body_ssdeepStringSSDEEP fuzzy hash of the HTML body content.
SilentPush.Enrichment.ip2asn.scan_data.html.scan_dateStringThe date and time when the scan was performed.
SilentPush.Enrichment.ip2asn.scan_data.jarm.scan_dateStringThe date and time when the scan was performed.
SilentPush.Enrichment.ip2asn.scan_data.jarm.jarm_hashStringJARM fingerprint hash for TLS analysis.
SilentPush.Enrichment.ip2asn.sp_risk_scoreNumberSecurity risk score for the IP.
SilentPush.Enrichment.ip2asn.sp_risk_score_explain.sp_risk_score_deciderStringFactor that determined the final risk score.
SilentPush.Enrichment.ip2asn.subnetStringSubnet associated with the IP.
SilentPush.Enrichment.ip2asn.sinkhole_info.known_sinkhole_ipBooleanIndicates whether the IP is part of a sinkhole (a controlled system that captures malicious traffic).
SilentPush.Enrichment.ip2asn.sinkhole_info.tagsUnknownIf the IP were a known sinkhole, this field would contain tags describing its purpose.
SilentPush.Enrichment.ip2asn.subnet_allocation_ageNumberRepresents the age (in days) since the subnet was allocated.
SilentPush.Enrichment.ip2asn.subnet_allocation_dateNumberThe date when the subnet was assigned to an organization or ISP.
SilentPush.Enrichment.ip2asn.subnet_reputationNumberA measure of how frequently IPs from this subnet appear in threat intelligence databases.
SilentPush.Enrichment.ip2asn.subnet_reputation_explainUnknownA breakdown of why the subnet received its reputation score.
SilentPush.Enrichment.ip2asn.subnet_reputation_scoreNumberA numerical risk score (typically 0-100, with higher values indicating higher risk).

Command Example#

!silentpush-get-enrichment-data resource="ipv4" value="142.251.188.102"

Context Example#

{
"resource": "ipv4",
"value": "142.251.188.102",
"enrichment_data": {
"asn": "15169",
"asn_allocation_age": 9140,
"asn_allocation_date": "2000-03-30",
"asn_rank": 0,
"asn_rank_score": 0,
"asn_reputation": 0,
"asn_reputation_score": 0,
"asn_takedown_reputation": 80,
"asn_takedown_reputation_score": 80,
"as_name": "GOOGLE, US",
"benign_info": {
"actor": "",
"known_benign": false
},
"tags": [],
"date": "2025-04-08",
"density": 0,
"ip": "142.251.188.102",
"ip_flags": {
"is_proxy": false,
"is_sinkhole": false,
"is_vpn": false
},
"ip_has_expired_certificate": false,
"ip_has_open_directory": false,
"ip_is_dsl_dynamic": false,
"ip_is_dsl_dynamic_score": 0,
"ip_is_ipfs_node": false
}
}

Human Readable Output#

Result#

FieldValue
ASN15169
ASN Allocation Age9140 days
ASN Allocation Date2000-03-30
ASN Rank0
ASN Rank Score0
ASN Reputation0
ASN Reputation Score0
ASN Takedown Reputation80
ASN Takedown Reputation Score80
AS NameGOOGLE, US
Known BenignNo
Date2025-04-08
Density0
IP Flags (Proxy, Sinkhole, VPN)No, No, No
Expired CertificateNo
Open DirectoryNo
DSL DynamicNo
DSL Dynamic Score0
IPFS NodeNo

silentpush-get-future-attack-indicators#


This command fetch indicators of potential future attacks using a feed UUID.

Base Command#

silentpush-get-future-attack-indicators

Input#

Argument NameDescriptionRequired
feed_uuidUnique ID for the feed.Required
page_noThe page number to fetch results from.Optional
page_sizeThe number of indicators to fetch per page.Optional

Context Output#

PathTypeDescription
SilentPush.FutureAttackIndicators.feed_uuidStringUnique identifier for the feed.
SilentPush.FutureAttackIndicators.page_noNumberCurrent page number for pagination.
SilentPush.FutureAttackIndicators.page_sizeNumberNumber of items to be retrieved per page.
SilentPush.FutureAttackIndicators.indicators.total_iocNumberTotal number of Indicators of Compromise (IOCs) associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.totalNumberTotal occurrences of the indicator across all sources.
SilentPush.FutureAttackIndicators.indicators.total_source_scoreNumberCumulative score assigned to the indicator by all sources.
SilentPush.FutureAttackIndicators.indicators.nameStringName associated with the indicator, such as a domain name.
SilentPush.FutureAttackIndicators.indicators.total_customNumberTotal number of custom indicators for the specific entry.
SilentPush.FutureAttackIndicators.indicators.source_nameStringName of the source providing the indicator.
SilentPush.FutureAttackIndicators.indicators.first_seen_onStringDate and time when the indicator was first observed.
SilentPush.FutureAttackIndicators.indicators.last_seen_onStringDate and time when the indicator was last observed.
SilentPush.FutureAttackIndicators.indicators.typeStringType of the indicator (e.g., domain, IP address, URL).
SilentPush.FutureAttackIndicators.indicators.uuidStringUnique identifier assigned to the indicator.
SilentPush.FutureAttackIndicators.indicators.ioc_templateStringTemplate type describing the indicator (e.g., domain template).
SilentPush.FutureAttackIndicators.indicators.ioc_uuidStringUnique identifier for the IOC related to the indicator.
SilentPush.FutureAttackIndicators.indicators.source_vendor_nameStringName of the vendor providing the indicator source (e.g., Silent Push).
SilentPush.FutureAttackIndicators.indicators.source_uuidStringUnique identifier for the source of the indicator.
SilentPush.FutureAttackIndicators.indicators.total_iocNumberTotal count of Indicators of Compromise associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.collected_tagsUnknownTags associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.listing_scoreNumberScore assigned by the source indicating the severity or importance of the indicator.
SilentPush.FutureAttackIndicators.indicators.sp_risk_scoreNumberRisk score calculated by the source for the indicator, reflecting its potential threat level.
SilentPush.FutureAttackIndicators.indicators.ip_is_tor_exit_nodeBooleanIndicates whether the IP address is a known TOR exit node.
SilentPush.FutureAttackIndicators.indicators.ip_is_dsl_dynamicBooleanIndicates whether the IP address is a DSL dynamic IP.
SilentPush.FutureAttackIndicators.indicators.ip_reputation_scoreNumberReputation score assigned to the IP address based on its history and activities.
SilentPush.FutureAttackIndicators.indicators.known_sinkhole_ipStringIndicates if the IP address is associated with a known sinkhole.
SilentPush.FutureAttackIndicators.indicators.known_benignNumberIndicates whether the indicator is known to be benign or harmless.
SilentPush.FutureAttackIndicators.indicators.asn_rank_scoreNumberScore indicating the reputation rank of the ASN.
SilentPush.FutureAttackIndicators.indicators.asn_reputation_scoreNumberReputation score assigned to the ASN based on its activities.
SilentPush.FutureAttackIndicators.indicators.ip_is_dsl_dynamic_scoreNumberScore indicating the likelihood of the IP being a DSL dynamic IP.
SilentPush.FutureAttackIndicators.indicators.subnet_reputation_scoreNumberReputation score assigned to a subnet based on its history and activities.
SilentPush.FutureAttackIndicators.indicators.asn_takedown_reputation_scoreNumberReputation score of the ASN considering takedown activities or abuse reports.
SilentPush.FutureAttackIndicators.indicators.asnNumberAutonomous System Number (ASN) associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.densityNumberIndicator density score based on traffic or other relevant factors.
SilentPush.FutureAttackIndicators.indicators.asn_rankNumberRank of the ASN indicating its reputation or trustworthiness.
SilentPush.FutureAttackIndicators.indicators.malscoreNumberMaliciousness score assigned to the indicator based on threat analysis.
SilentPush.FutureAttackIndicators.indicators.asn_reputationNumberReputation score associated with the ASN.
SilentPush.FutureAttackIndicators.indicators.subnet_reputationNumberReputation score associated with the subnet.
SilentPush.FutureAttackIndicators.indicators.asn_allocation_ageNumberAge of the ASN allocation in days.
SilentPush.FutureAttackIndicators.indicators.subnet_allocation_ageNumberAge of the subnet allocation in days.
SilentPush.FutureAttackIndicators.indicators.asn_takedown_reputationNumberReputation score of the ASN considering takedown reports or abuse.
SilentPush.FutureAttackIndicators.indicators.ipv4StringIPv4 address associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.asnameStringAutonomous System Name (ASName) associated with the ASN.
SilentPush.FutureAttackIndicators.indicators.ip_ptrStringPTR (reverse DNS) record associated with the IP address.
SilentPush.FutureAttackIndicators.indicators.subnetStringSubnet associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.country_codeNumberCountry code associated with the indicator (e.g., US, CA).
SilentPush.FutureAttackIndicators.indicators.continent_codeNumberContinent code associated with the indicator (e.g., NA, EU).
SilentPush.FutureAttackIndicators.indicators.it_existsBooleanIndicates if the indicator currently exists in the dataset.
SilentPush.FutureAttackIndicators.indicators.is_newBooleanIndicates if the indicator is newly detected.
SilentPush.FutureAttackIndicators.indicators.is_alexa_top10kBooleanIndicates if the domain is part of the Alexa Top 10K list.
SilentPush.FutureAttackIndicators.indicators.is_dynamic_domainBooleanIndicates if the domain is classified as dynamic.
SilentPush.FutureAttackIndicators.indicators.is_url_shortenerBooleanIndicates if the URL is associated with a URL shortener service.
SilentPush.FutureAttackIndicators.indicators.is_parkedBooleanIndicates if the domain is a parked domain.
SilentPush.FutureAttackIndicators.indicators.is_expiredBooleanIndicates if the domain registration has expired.
SilentPush.FutureAttackIndicators.indicators.is_sinkholedBooleanIndicates if the domain is associated with a sinkhole operation.
SilentPush.FutureAttackIndicators.indicators.ns_entropy_scoreNumberEntropy score of the nameserver, indicating randomness or irregularity.
SilentPush.FutureAttackIndicators.indicators.age_scoreNumberScore indicating the age of the domain, with higher scores for older domains.
SilentPush.FutureAttackIndicators.indicators.is_new_scoreBooleanScore indicating the likelihood of the domain being newly registered.
SilentPush.FutureAttackIndicators.indicators.ns_avg_ttl_scoreNumberScore representing the average TTL of the nameservers.
SilentPush.FutureAttackIndicators.indicators.ns_reputation_maxNumberMaximum reputation score of the nameservers.
SilentPush.FutureAttackIndicators.indicators.ns_reputation_scoreNumberOverall reputation score of the nameservers.
SilentPush.FutureAttackIndicators.indicators.avg_probability_scoreNumberAverage probability score indicating the likelihood of malicious activity.
SilentPush.FutureAttackIndicators.indicators.alexa_top10k_scoreNumberScore indicating the rank within the Alexa Top 10K list.
SilentPush.FutureAttackIndicators.indicators.url_shortener_scoreNumberScore indicating the likelihood of the URL being a URL shortener.
SilentPush.FutureAttackIndicators.indicators.dynamic_domain_scoreNumberScore indicating the likelihood of the domain being dynamic.
SilentPush.FutureAttackIndicators.indicators.ns_entropyNumberEntropy value of the nameserver, indicating randomness or irregularity.
SilentPush.FutureAttackIndicators.indicators.ageNumberAge of the domain in days.
SilentPush.FutureAttackIndicators.indicators.whois_ageNumberAge of the domain based on the WHOIS creation date.
SilentPush.FutureAttackIndicators.indicators.alexa_rankNumberAlexa rank of the domain, indicating its popularity.
SilentPush.FutureAttackIndicators.indicators.asn_diversityNumberDiversity score of the ASN, indicating the variety of ASNs associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.ip_diversity_allNumberCount of all unique IP addresses associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.ip_diversity_groupsNumberCount of unique IP address groups associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.avg_probabilityNumberAverage probability indicating the likelihood of malicious activity.
SilentPush.FutureAttackIndicators.indicators.whois_created_dateStringCreation date of the domain from WHOIS records.
SilentPush.FutureAttackIndicators.indicators.domainStringDomain name associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.subdomainStringSubdomain associated with the indicator, if applicable.
SilentPush.FutureAttackIndicators.indicators.hostStringHost associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.nameservers_tagsStringTags related to the nameservers associated with the indicator.
SilentPush.FutureAttackIndicators.indicators.source_false_positive_ratioNumberRatio of false positives reported by the source.
SilentPush.FutureAttackIndicators.indicators.source_true_positive_ratioNumberRatio of true positives reported by the source.
SilentPush.FutureAttackIndicators.indicators.source_last_updated_scoreNumberScore indicating the last update time of the source.
SilentPush.FutureAttackIndicators.indicators.source_frequency_scoreNumberScore representing the frequency of updates from the source.
SilentPush.FutureAttackIndicators.indicators.source_accuracy_scoreNumberScore indicating the accuracy of the source reporting.
SilentPush.FutureAttackIndicators.indicators.source_geographic_spread_scoreNumberScore indicating the geographic spread of the indicator.
SilentPush.FutureAttackIndicators.indicators.source_custom_scoreNumberCustom score provided by the source for the indicator.
SilentPush.FutureAttackIndicators.indicators.source_scoreNumberOverall score assigned by the source to the indicator.
SilentPush.FutureAttackIndicators.indicators.source_frequencyNumberFrequency of the indicator appearance in the source data.
SilentPush.FutureAttackIndicators.indicators.source_geographic_spread_explainUnknownExplanation of the geographic spread of the indicator as provided by the source.

Command Example#

!silentpush-get-future-attack-indicators feed_uuid="99da9b6a-146b-4a4d-9929-5fd5c6e2c257"

Context Example#

{
"feed_uuid": "99da9b6a-146b-4a4d-9929-5fd5c6e2c257",
"future_attack_indicators": {
"total_source_score": 100,
"total_ioc": 100,
"total_custom": 0,
"total": 100,
"name": "capital-gainers.com",
"uuid": "560ee6da03f56cec",
"ioc_uuid": "f2556a5a18607c70",
"type": "domain",
"ioc_template": "domain",
"last_seen_on": "2025-04-08T01:24:57",
"source_uuid": "99da9b6a-146b-4a4d-9929-5fd5c6e2c257",
"source_name": "AI Generated Investment/Banks Domains",
"source_vendor_name": "Silent Push",
"first_seen_on": "2025-04-07T07:24:36"
}
}

Human Readable Output#

Result#

FieldValue
Feed Namecapital-gainers.com
Feed UUID560ee6da03f56cec
IOC UUIDf2556a5a18607c70
TypeDomain
IOC TemplateDomain
Source UUID99da9b6a-146b-4a4d-9929-5fd5c6e2c257
Source NameAI Generated Investment/Banks Domains
Source Vendor NameSilent Push
First Seen2025-04-07T07:24:36
Last Seen2025-04-08T01:24:57
Total Source Score100
Total IOCs100
Total Custom IOCs0
Total IOCs Reported100

silentpush-get-ipv4-reputation#


This command retrieve the reputation information for an IPv4.

Base Command#

silentpush-get-ipv4-reputation

Input#

Argument NameDescriptionRequired
ipv4IPv4 address for which information needs to be retrieved.Required
explainShow the information used to calculate the reputation score.Optional
limitThe maximum number of reputation history to retrieve.Optional

Context Output#

PathTypeDescription
SilentPush.IPv4Reputation.dateNumberDate when the reputation information was retrieved.
SilentPush.IPv4Reputation.ipStringIPv4 address for which the reputation is calculated.
SilentPush.IPv4Reputation.reputation_scoreNumberReputation score for the given IP address.
SilentPush.IPv4Reputation.ip_reputation_explain.ip_densityNumberThe number of domain names or services associated with this IP. A higher value may indicate shared hosting or potential abuse.
SilentPush.IPv4Reputation.ip_reputation_explain.names_num_listedNumberThe number of domain names linked to this IP that are flagged or listed in security threat databases.

Command Example#

!silentpush-get-nameserver-reputation nameserver="a.dns-servers.net.ru" limit="5"

Context Example#

{
"nameserver": "a.dns-servers.net.ru",
"limit": 5,
"nameserver_reputation_data": {
"date": "2025-04-05",
"ns_server": "a.dns-servers.net.ru",
"ns_server_reputation": 0
}
}

Human Readable Output#

Result#

FieldValue
Nameservera.dns-servers.net.ru
Date2025-04-05
Nameserver Reputation0

silentpush-get-job-status#


This command retrieve status of running job or results from completed job.

Base Command#

silentpush-get-job-status

Input#

Argument NameDescriptionRequired
job_idID of the job returned by Silent Push actions.Required
max_waitNumber of seconds to wait for results (0-25 seconds).Optional
status_onlyReturn job status, even if job is complete.Optional
force_metadata_onAlways return query metadata, even if original request did not include metadata.Optional
force_metadata_offNever return query metadata, even if original request did include metadata.Optional

Context Output#

PathTypeDescription
SilentPush.JobStatus.getStringURL to retrieve the job status.
SilentPush.JobStatus.job_idStringUnique identifier for the job.
SilentPush.JobStatus.statusStringCurrent status of the job.

Command Example#

!silentpush-get-job-status job_id="d4067541-eafb-424c-98d3-de12d7a91331"

Context Example#

{
"job_id": "d4067541-eafb-424c-98d3-de12d7a91331",
"job_status": {
"job_id": "d4067541-eafb-424c-98d3-de12d7a91331",
"status": "PENDING"
}
}

Human Readable Output#

Result#

FieldValue
Job IDd4067541-eafb-424c-98d3-de12d7a91331
StatusPENDING

silentpush-get-nameserver-reputation#


This command retrieve historical reputation data for a specified nameserver, including reputation scores and optional detailed calculation information.

Base Command#

silentpush-get-nameserver-reputation

Input#

Argument NameDescriptionRequired
nameserverNameserver name for which information needs to be retrieved.Required
explainShow the information used to calculate the reputation score.Optional
limitThe maximum number of reputation history to retrieve.Optional

Context Output#

PathTypeDescription
SilentPush.NameserverReputation.nameserverNumberThe nameserver associated with the reputation history entry.
SilentPush.NameserverReputation.reputation_data.dateNumberDate of the reputation history entry (in YYYYMMDD format).
SilentPush.NameserverReputation.reputation_data.ns_serverStringName of the nameserver associated with the reputation history entry.
SilentPush.NameserverReputation.reputation_data.ns_server_reputationNumberReputation score of the nameserver on the specified date.
SilentPush.NameserverReputation.reputation_data.ns_server_reputation_explain.ns_server_domain_densityNumberNumber of domains associated with the nameserver.
SilentPush.NameserverReputation.reputation_data.ns_server_reputation_explain.ns_server_domains_listedNumberNumber of domains listed in reputation databases.

Command Example#

!silentpush-get-nameserver-reputation nameserver="a.dns-servers.net.ru" limit="5"

Context Example#

{
"nameserver": "a.dns-servers.net.ru",
"limit": 5,
"nameserver_reputation_data": {
"date": "2025-04-05",
"ns_server": "a.dns-servers.net.ru",
"ns_server_reputation": 0
}
}

Human Readable Output#

Result#

FieldValue
Nameservera.dns-servers.net.ru
Date2025-04-05
Nameserver Reputation0

silentpush-get-subnet-reputation#


This command retrieves the reputation history for a specific subnet.

Base Command#

silentpush-get-subnet-reputation

Input#

Argument NameDescriptionRequired
subnetIPv4 subnet for which reputation information needs to be retrieved.Required
explainShow the detailed information used to calculate the reputation score.Optional
limitMaximum number of reputation history entries to retrieve.Optional

Context Output#

PathTypeDescription
SilentPush.SubnetReputation.subnetStringThe subnet associated with the reputation history.
SilentPush.SubnetReputation.reputation_history.dateNumberThe date of the subnet reputation record.
SilentPush.SubnetReputation.reputation_history.subnetStringThe subnet associated with the reputation record.
SilentPush.SubnetReputation.reputation_history.subnet_reputationNumberThe reputation score of the subnet.
SilentPush.SubnetReputation.reputation_history.subnet_reputation_explain.ips_in_subnetNumberTotal number of IPs in the subnet.
SilentPush.SubnetReputation.reputation_history.subnet_reputation_explain.ips_num_activeNumberNumber of active IPs in the subnet.
SilentPush.SubnetReputation.reputation_history.subnet_reputation_explain.ips_num_listedNumberNumber of listed IPs in the subnet.

Command Example#

!silentpush-get-subnet-reputation subnet="192.168.0.0/16"

Context Example#

{
"subnet": "192.168.0.0/16",
"subnet_reputation_data": {
"date": "2025-04-08",
"subnet": "192.168.0.0/16",
"subnet_reputation": 0
}
}

Human Readable Output#

Result#

FieldValue
Subnet192.168.0.0/16
Date2025-04-08
Subnet Reputation0

silentpush-list-domain-information#


This command get domain information along with Silent Push risk score and live whois information for multiple domains.

Base Command#

silentpush-list-domain-information

Input#

Argument NameDescriptionRequired
domainsComma-separated list of domains to query.Required
fetch_risk_scoreWhether to fetch risk scores for the domains.Optional
fetch_whois_infoWhether to fetch WHOIS information for the domains.Optional

Context Output#

PathTypeDescription
SilentPush.Domain.domainStringThe domain name queried.
SilentPush.Domain.last_seenNumberThe last seen date of the domain in YYYYMMDD format.
SilentPush.Domain.queryStringThe domain name used for the query.
SilentPush.Domain.whois_ageNumberThe age of the domain in days based on WHOIS creation date.
SilentPush.Domain.first_seenNumberThe first seen date of the domain in YYYYMMDD format.
SilentPush.Domain.is_newBooleanIndicates whether the domain is newly observed.
SilentPush.Domain.zoneStringThe top-level domain (TLD) or zone of the queried domain.
SilentPush.Domain.registrarStringThe registrar responsible for the domain registration.
SilentPush.Domain.age_scoreNumberA risk score based on the domain's age.
SilentPush.Domain.whois_created_dateStringThe WHOIS creation date of the domain in YYYY-MM-DD HH:MM:SS format.
SilentPush.Domain.is_new_scoreNumberA risk score indicating how new the domain is.
SilentPush.Domain.ageNumberThe age of the domain in days.

Command Example#

!silentpush-list-domain-information domains="silentpush.com"

Context Example#

{
"domains": ["silentpush.com"],
"domain_information": {
"domain": "silentpush.com",
"age": 1904,
"age_score": 0,
"first_seen": "2020-01-21",
"is_new": false,
"is_new_score": 0,
"last_seen": "2025-04-08",
"registrar": "ENOM, INC.",
"whois_age": 1904,
"whois_created_date": "2020-01-20 08:14:27",
"zone": "com"
}
}

Human Readable Output#

Results#

FieldValue
Domainsilentpush.com
Age1904 years
Age Score0
First Seen2020-01-21
Is NewNo
Is New Score0
Last Seen2025-04-08
RegistrarENOM, INC.
WHOIS Age1904 years
WHOIS Created Date2020-01-20 08:14:27
Zonecom

silentpush-list-domain-infratags#


This command get infratags for multiple domains with optional clustering.

Base Command#

silentpush-list-domain-infratags

Input#

Argument NameDescriptionRequired
domainsComma-separated list of domains.Required
clusterWhether to cluster the results.Optional
modeMode for lookup (live/padns). Defaults to "live". Default is live.Optional
matchHandling of self-hosted infrastructure. Defaults to "self". Default is self.Optional
as_ofBuild infratags from padns data where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp - automatically sets mode to padns. Example :- date: yyyy-mm-dd (2021-07-09) - fixed date, epoch: number (1625834953) - fixed time in epoch format, sec: negative number (-172800) - relative time <sec> seconds ago. Default is self.Optional

Context Output#

PathTypeDescription
SilentPush.InfraTags.infratags.domainStringThe domain associated with the infratag.
SilentPush.InfraTags.infratags.modeStringThe mode associated with the domain infratag.
SilentPush.InfraTags.infratags.tagStringThe tag associated with the domain infratag.
SilentPush.InfraTags.tag_clusters.25.domainsUnknownList of domains in the tag cluster with score 25.
SilentPush.InfraTags.tag_clusters.25.matchStringThe match string associated with the domains in the tag cluster with score 25.
SilentPush.InfraTags.tag_clusters.50.domainsUnknownList of domains in the tag cluster with score 50.
SilentPush.InfraTags.tag_clusters.50.matchStringThe match string associated with the domains in the tag cluster with score 50.
SilentPush.InfraTags.tag_clusters.75.domainsUnknownList of domains in the tag cluster with score 75.
SilentPush.InfraTags.tag_clusters.75.matchStringThe match string associated with the domains in the tag cluster with score 75.
SilentPush.InfraTags.tag_clusters.100.domainsUnknownList of domains in the tag cluster with score 100.
SilentPush.InfraTags.tag_clusters.100.matchStringThe match string associated with the domains in the tag cluster with score 100.

Command Example#

!silentpush-list-domain-infratags domains="silentpush.com" mode="live" match="self" as_of="self"

Context Example#

{
"domains": ["silentpush.com"],
"mode": "live",
"match": "self",
"as_of": "self",
"infratags": {
"domain": "silentpush.com",
"mode": "padns",
"tags": ["outlook.com", "cloudflare.com", "cloudflarenet", "enom"]
}
}

Human Readable Output#

Results#

FieldValue
Domainsilentpush.com
Modepadns
Tagsoutlook.com, cloudflare.com, cloudflarenet, enom

silentpush-list-ip-information#


This command get IP information for multiple IPv4s and IPv6s.

Base Command#

silentpush-list-ip-information

Input#

Argument NameDescriptionRequired
ipsComma-separated list of IP addresses.Required

Context Output#

PathTypeDescription
SilentPush.IPInformation.ip_is_dsl_dynamicBooleanIndicates if the IP is a DSL dynamic IP.
SilentPush.IPInformation.ip_has_expired_certificateBooleanIndicates if the IP has an expired certificate.
SilentPush.IPInformation.subnet_allocation_ageStringAge of the subnet allocation.
SilentPush.IPInformation.asn_rank_scoreNumberRank score of the ASN.
SilentPush.IPInformation.asn_allocation_ageNumberAge of the ASN allocation in days.
SilentPush.IPInformation.sp_risk_scoreNumberRisk score of the service provider (SP).
SilentPush.IPInformation.asn_takedown_reputation_explain.ips_activeNumberNumber of active IPs in the ASN takedown reputation.
SilentPush.IPInformation.asn_takedown_reputation_explain.ips_in_asnNumberTotal number of IPs in the ASN.
SilentPush.IPInformation.asn_takedown_reputation_explain.ips_num_listedNumberNumber of IPs listed in the ASN takedown reputation.
SilentPush.IPInformation.asn_takedown_reputation_explain.items_num_listedNumberNumber of items listed in the ASN takedown reputation.
SilentPush.IPInformation.asn_takedown_reputation_explain.lifetime_avgNumberAverage lifetime of items in the ASN takedown reputation.
SilentPush.IPInformation.asn_takedown_reputation_explain.lifetime_maxNumberMaximum lifetime of items in the ASN takedown reputation.
SilentPush.IPInformation.asn_takedown_reputation_explain.lifetime_totalNumberTotal lifetime of items in the ASN takedown reputation.
SilentPush.IPInformation.ip_reputation_scoreNumberReputation score of the IP.
SilentPush.IPInformation.listing_score_feeds_explainStringExplanation of the listing score feeds.
SilentPush.IPInformation.ipStringThe IP address being evaluated.
SilentPush.IPInformation.densityNumberDensity score of the IP.
SilentPush.IPInformation.benign_info.actorStringActor associated with the benign info.
SilentPush.IPInformation.benign_info.known_benignBooleanIndicates if the IP is known benign.
SilentPush.IPInformation.benign_info.tagsStringTags associated with the benign info.
SilentPush.IPInformation.ip_reputation_explainStringExplanation of the IP reputation.
SilentPush.IPInformation.asn_allocation_dateNumberThe ASN allocation date.
SilentPush.IPInformation.subnet_allocation_dateStringThe subnet allocation date.
SilentPush.IPInformation.asn_takedown_reputationNumberReputation score of ASN takedown.
SilentPush.IPInformation.ip_location.continent_codeStringContinent code of the IP location.
SilentPush.IPInformation.ip_location.continent_nameStringContinent name of the IP location.
SilentPush.IPInformation.ip_location.country_codeStringCountry code of the IP location.
SilentPush.IPInformation.ip_location.country_is_in_european_unionBooleanIndicates if the country is in the European Union.
SilentPush.IPInformation.ip_location.country_nameStringCountry name of the IP location.
SilentPush.IPInformation.dateNumberDate associated with the IP data.
SilentPush.IPInformation.subnet_reputation_scoreNumberReputation score of the subnet.
SilentPush.IPInformation.asn_rankNumberRank of the ASN.
SilentPush.IPInformation.listing_score_explainStringExplanation of the listing score.
SilentPush.IPInformation.asn_reputation_scoreNumberReputation score of the ASN.
SilentPush.IPInformation.ip_is_ipfs_nodeBooleanIndicates if the IP is an IPFS node.
SilentPush.IPInformation.ip_reputationNumberReputation score of the IP.
SilentPush.IPInformation.subnet_reputation_explainStringExplanation of the subnet reputation.
SilentPush.IPInformation.ip_is_dsl_dynamic_scoreNumberScore indicating if the IP is a DSL dynamic IP.
SilentPush.IPInformation.asn_reputation_explainStringExplanation of the ASN reputation.
SilentPush.IPInformation.ip_has_open_directoryBooleanIndicates if the IP has an open directory.
SilentPush.IPInformation.ip_ptrStringPointer (PTR) record for the IP.
SilentPush.IPInformation.listing_scoreNumberListing score of the IP.
SilentPush.IPInformation.malscoreNumberMalware score associated with the IP.
SilentPush.IPInformation.sinkhole_info.known_sinkhole_ipBooleanIndicates if the IP is a known sinkhole IP.
SilentPush.IPInformation.sinkhole_info.tagsStringTags associated with the sinkhole information.
SilentPush.IPInformation.subnet_reputationNumberReputation score of the subnet.
SilentPush.IPInformation.asn_reputationNumberReputation score of the ASN.
SilentPush.IPInformation.asnNumberAutonomous System Number (ASN) of the IP.
SilentPush.IPInformation.sp_risk_score_explain.sp_risk_score_deciderStringDecider for the service provider risk score.
SilentPush.IPInformation.asnameStringName of the ASN.
SilentPush.IPInformation.subnetStringThe subnet the IP belongs to.
SilentPush.IPInformation.ip_is_tor_exit_nodeBooleanIndicates if the IP is a TOR exit node.
SilentPush.IPInformation.asn_takedown_reputation_scoreNumberReputation score of ASN takedown.
SilentPush.IPInformation.ip_flags.is_proxyBooleanIndicates if the IP is a proxy (True/False).
SilentPush.IPInformation.ip_flags.is_sinkholeBooleanIndicates if the IP is a sinkhole (True/False).
SilentPush.IPInformation.ip_flags.is_vpnBooleanIndicates if the IP is a VPN (True/False).
SilentPush.IPInformation.ip_flags.proxy_tagsUnknownList of proxy-related tags or null if not a proxy.
SilentPush.IPInformation.ip_flags.vpn_tagsUnknownList of VPN-related tags or null if not a VPN.

Command Example#

!silentpush-list-ip-information ips="142.251.188.102"

Context Example#

{
"ips": ["142.251.188.102"],
"ip_information": {
"asn": "15169",
"asn_allocation_age": 9140,
"asn_allocation_date": "2000-03-30",
"asn_rank": 0,
"asn_rank_score": 0,
"asn_reputation": 0,
"asn_reputation_score": 0,
"asn_takedown_reputation": 10,
"asn_takedown_reputation_explain": "ips_active: 327064, ips_in_asn: 15309568, ips_num_listed: 5",
"asn_takedown_reputation_score": 10,
"as_name": "GOOGLE, US",
"benign_info": {
"actor": "",
"known_benign": false
},
"tags": [],
"date": "2025-04-08",
"density": 0,
"ip": "142.251.188.102",
"ip_flags": {
"is_proxy": false,
"is_sinkhole": false,
"is_vpn": false
},
"ip_has_expired_certificate": false,
"ip_has_open_directory": false,
"ip_is_dsl_dynamic": false,
"ip_is_dsl_dynamic_score": 0
}
}

Human Readable Output#

Results#

FieldValue
ASN15169
ASN Allocation Age9140 days
ASN Allocation Date2000-03-30
ASN Rank0
ASN Rank Score0
ASN Reputation0
ASN Reputation Score0
ASN Takedown Reputation10
Takedown Explanationips_active: 327064, ips_in_asn: 15309568, ips_num_listed: 5
ASN Takedown Reputation Score10
AS NameGOOGLE, US
Known BenignNo
Date2025-04-08
Density0
IP Flags (Proxy, Sinkhole, VPN)No, No, No
Expired CertificateNo
Open DirectoryNo
DSL DynamicNo
DSL Dynamic Score0

silentpush-live-url-scan#


This command scan a URL to retrieve hosting metadata..

Base Command#

silentpush-live-url-scan

Input#

Argument NameDescriptionRequired
urlURL to scan.Required
platformPlatform to scan the URL on.Optional
osOperating system to scan the URL on.Optional
browserBrowser to scan the URL on.Optional
regionRegion to scan the URL in.Optional

Context Output#

PathTypeDescription
SilentPush.URLScan.HHVStringUnique identifier for HHV.
SilentPush.URLScan.adtech.ads_txtBooleanIndicates if ads_txt is present.
SilentPush.URLScan.adtech.app_ads_txtBooleanIndicates if app_ads_txt is present.
SilentPush.URLScan.adtech.sellers_jsonBooleanIndicates if sellers_json is present.
SilentPush.URLScan.datahashStringHash value of the data.
SilentPush.URLScan.domainStringThe domain name.
SilentPush.URLScan.favicon2_avgStringHash value for favicon2 average.
SilentPush.URLScan.favicon2_md5StringMD5 hash for favicon2.
SilentPush.URLScan.favicon2_murmur3NumberMurmur3 hash for favicon2.
SilentPush.URLScan.favicon2_pathStringPath to favicon2 image.
SilentPush.URLScan.favicon_avgStringHash value for favicon average.
SilentPush.URLScan.favicon_md5StringMD5 hash for favicon.
SilentPush.URLScan.favicon_murmur3StringMurmur3 hash for favicon.
SilentPush.URLScan.favicon_pathStringPath to favicon image.
SilentPush.URLScan.favicon_urlsUnknownList of favicon URLs.
SilentPush.URLScan.header.cache-controlStringCache control header value.
SilentPush.URLScan.header.content-encodingStringContent encoding header value.
SilentPush.URLScan.header.content-typeStringContent type header value.
SilentPush.URLScan.header.serverStringServer header value.
SilentPush.URLScan.header.x-powered-byStringX-Powered-By header value.
SilentPush.URLScan.hostnameStringThe hostname of the server.
SilentPush.URLScan.html_body_lengthNumberLength of the HTML body.
SilentPush.URLScan.html_body_murmur3NumberMurmur3 hash for the HTML body.
SilentPush.URLScan.html_body_sha256StringSHA256 hash for the HTML body.
SilentPush.URLScan.html_body_similarityNumberSimilarity score of the HTML body.
SilentPush.URLScan.html_body_ssdeepStringssdeep hash for the HTML body.
SilentPush.URLScan.htmltitleStringThe HTML title of the page.
SilentPush.URLScan.ipStringIP address associated with the domain.
SilentPush.URLScan.jarmStringJARM (TLS fingerprint) value.
SilentPush.URLScan.mobile_enabledBooleanIndicates if the mobile version is enabled.
SilentPush.URLScan.opendirectoryBooleanIndicates if open directory is enabled.
SilentPush.URLScan.origin_domainStringOrigin domain of the server.
SilentPush.URLScan.origin_hostnameStringOrigin hostname of the server.
SilentPush.URLScan.origin_ipStringOrigin IP address of the server.
SilentPush.URLScan.origin_jarmStringJARM (TLS fingerprint) value for the origin.
SilentPush.URLScan.origin_pathStringOrigin path for the URL.
SilentPush.URLScan.origin_portNumberPort used for the origin server.
SilentPush.URLScan.origin_ssl.CHVStringSSL Certificate Chain Value (CHV).
SilentPush.URLScan.origin_ssl.SHA1StringSHA1 hash of the SSL certificate.
SilentPush.URLScan.origin_ssl.SHA256StringSHA256 hash of the SSL certificate.
SilentPush.URLScan.origin_ssl.authority_key_idStringAuthority Key Identifier for SSL certificate.
SilentPush.URLScan.origin_ssl.expiredBooleanIndicates if the SSL certificate is expired.
SilentPush.URLScan.origin_ssl.issuer.common_nameStringIssuer common name for SSL certificate.
SilentPush.URLScan.origin_ssl.issuer.countryStringIssuer country for SSL certificate.
SilentPush.URLScan.origin_ssl.issuer.organizationStringIssuer organization for SSL certificate.
SilentPush.URLScan.origin_ssl.not_afterStringExpiration date of the SSL certificate.
SilentPush.URLScan.origin_ssl.not_beforeStringStart date of the SSL certificate validity.
SilentPush.URLScan.origin_ssl.sansUnknownList of Subject Alternative Names (SANs) for the SSL certificate.
SilentPush.URLScan.origin_ssl.sans_countNumberCount of SANs for the SSL certificate.
SilentPush.URLScan.origin_ssl.serial_numberStringSerial number of the SSL certificate.
SilentPush.URLScan.origin_ssl.sigalgStringSignature algorithm used for the SSL certificate.
SilentPush.URLScan.origin_ssl.subject.common_nameStringSubject common name for the SSL certificate.
SilentPush.URLScan.origin_ssl.subject_key_idStringSubject Key Identifier for SSL certificate.
SilentPush.URLScan.origin_ssl.validBooleanIndicates if the SSL certificate is valid.
SilentPush.URLScan.origin_ssl.wildcardBooleanIndicates if the SSL certificate is a wildcard.
SilentPush.URLScan.origin_subdomainStringSubdomain of the origin.
SilentPush.URLScan.origin_tldStringTop-level domain of the origin.
SilentPush.URLScan.origin_urlStringComplete URL of the origin.
SilentPush.URLScan.pathStringPath for the URL.
SilentPush.URLScan.portNumberPort for the URL.
SilentPush.URLScan.proxy_enabledBooleanIndicates if the proxy is enabled.
SilentPush.URLScan.redirectBooleanIndicates if a redirect occurs.
SilentPush.URLScan.redirect_countNumberCount of redirects.
SilentPush.URLScan.redirect_listUnknownList of redirect URLs.
SilentPush.URLScan.resolves_toUnknownList of IPs the domain resolves to.
SilentPush.URLScan.responseNumberHTTP response code.
SilentPush.URLScan.schemeStringURL scheme (e.g., https).
SilentPush.URLScan.screenshotStringURL for the domain screenshot.
SilentPush.URLScan.ssl.CHVStringSSL Certificate Chain Value (CHV).
SilentPush.URLScan.ssl.SHA1StringSHA1 hash of the SSL certificate.
SilentPush.URLScan.ssl.SHA256StringSHA256 hash of the SSL certificate.
SilentPush.URLScan.ssl.authority_key_idStringAuthority Key Identifier for SSL certificate.
SilentPush.URLScan.ssl.expiredBooleanIndicates if the SSL certificate is expired.
SilentPush.URLScan.ssl.issuer.common_nameStringIssuer common name for SSL certificate.
SilentPush.URLScan.ssl.issuer.countryStringIssuer country for SSL certificate.
SilentPush.URLScan.ssl.issuer.organizationStringIssuer organization for SSL certificate.
SilentPush.URLScan.ssl.not_afterStringExpiration date of the SSL certificate.
SilentPush.URLScan.ssl.not_beforeStringStart date of the SSL certificate validity.
SilentPush.URLScan.ssl.sansUnknownList of Subject Alternative Names (SANs) for the SSL certificate.
SilentPush.URLScan.ssl.sans_countNumberCount of SANs for the SSL certificate.
SilentPush.URLScan.ssl.serial_numberStringSerial number of the SSL certificate.
SilentPush.URLScan.ssl.sigalgStringSignature algorithm used for the SSL certificate.
SilentPush.URLScan.ssl.subject.common_nameStringSubject common name for the SSL certificate.
SilentPush.URLScan.ssl.subject_key_idStringSubject Key Identifier for SSL certificate.
SilentPush.URLScan.ssl.validBooleanIndicates if the SSL certificate is valid.
SilentPush.URLScan.ssl.wildcardBooleanIndicates if the SSL certificate is a wildcard.
SilentPush.URLScan.body_analysis.SHVStringUnique identifier for body analysis.
SilentPush.URLScan.body_analysis.body_sha256StringSHA-256 hash of the body content.
SilentPush.URLScan.body_analysis.google-GA4UnknownList of Google GA4 tracking IDs.
SilentPush.URLScan.body_analysis.google-UAUnknownList of Google Universal Analytics tracking IDs.
SilentPush.URLScan.body_analysis.google-adstagUnknownList of Google Adstag tracking IDs.
SilentPush.URLScan.body_analysis.js_sha256UnknownList of SHA-256 hashes of JavaScript files.
SilentPush.URLScan.body_analysis.js_ssdeepUnknownList of ssdeep fuzzy hashes of JavaScript files.

Command Example#

!silentpush-live-url-scan url="https://silentpush.com"

Context Example#

{
"url": "https://silentpush.com",
"scan_results": {
"status": "No scan results found",
"url": "https://silentpush.com"
}
}

Human Readable Output#

Results#

FieldValue
URLhttps://silentpush.com
Scan StatusNo scan results found

silentpush-reverse-padns-lookup#


This command retrieve reverse Passive DNS data for specific DNS record types.

Base Command#

silentpush-reverse-padns-lookup

Input#

Argument NameDescriptionRequired
qtypeType of DNS record.Required
qnameThe DNS record name to lookup.Required
netmaskThe netmask for the lookup.Optional
subdomainsWhether to include subdomains in the lookup.Optional
regexRegular expression to filter the DNS records.Optional
first_seen_afterFilter for records first seen after a specific date/time.Optional
first_seen_beforeFilter for records first seen before a specific date/time.Optional
last_seen_afterFilter for records last seen after a specific date/time.Optional
last_seen_beforeFilter for records last seen before a specific date/time.Optional
as_ofSpecify a date/time for the PADNS lookup.Optional
sortSort the results by specified criteria.Optional
output_formatFormat for the output (e.g., JSON, XML).Optional
preferPreference for certain record types during the lookup.Optional
with_metadataInclude metadata in the results.Optional
max_waitMaximum wait time in seconds for the lookup results.Optional
skipNumber of results to skip in pagination.Optional
limitLimit the number of results returned.Optional

Context Output#

PathTypeDescription
SilentPush.ReversePADNSLookup.qnameStringThe DNS record name looked up.
SilentPush.ReversePADNSLookup.qtypeStringThe type of the DNS record.
SilentPush.ReversePADNSLookup.records.answerStringThe answer for the DNS query.
SilentPush.ReversePADNSLookup.records.countNumberThe number of occurrences of the DNS record.
SilentPush.ReversePADNSLookup.records.first_seenStringTimestamp of when the record was first seen.
SilentPush.ReversePADNSLookup.records.last_seenStringTimestamp of the most recent occurrence of the record.
SilentPush.ReversePADNSLookup.records.nshashStringThe hash of the NS record.
SilentPush.ReversePADNSLookup.records.queryStringThe DNS query associated with the record.
SilentPush.ReversePADNSLookup.records.ttlNumberTime-to-live (TTL) of the DNS record.
SilentPush.ReversePADNSLookup.records.typeStringThe type of DNS record (e.g., NS).

Command Example#

!silentpush-reverse-padns-lookup qtype="ns" qname="vida.ns.cloudflare.com"

Context Example#

{
"qtype": "ns",
"qname": "vida.ns.cloudflare.com",
"reverse_padns_lookup": {
"answer": "vida.ns.cloudflare.com",
"count": 541,
"first_seen": "2023-10-25 18:46:27",
"last_seen": "2025-04-08 09:37:41",
"nshash": "9448b4ad541f0e539d2f5ad271d6d581",
"query": "ernestchadwick.com"
}
}

Human Readable Output#

Results#

FieldValue
Answervida.ns.cloudflare.com
Query Count541
First Seen2023-10-25 18:46:27
Last Seen2025-04-08 09:37:41
NS Hash9448b4ad541f0e539d2f5ad271d6d581
Query Domainernestchadwick.com

silentpush-screenshot-url#


This commandGenerate screenshot of a URL.

Base Command#

silentpush-screenshot-url

Input#

Argument NameDescriptionRequired
urlURL for the screenshot.Required

Context Output#

PathTypeDescription
SilentPush.Screenshot.file_idStringUnique identifier for the generated screenshot file.
SilentPush.Screenshot.file_nameStringName of the screenshot file.
SilentPush.Screenshot.screenshot_urlStringURL to access the generated screenshot.
SilentPush.Screenshot.statusStringStatus of the screenshot generation process.
SilentPush.Screenshot.status_codeNumberHTTP status code of the response.
SilentPush.Screenshot.urlStringThe URL that was used to generate the screenshot.

Command Example#

!silentpush-screenshot-url url="https://www.virustotal.com/gui/domain/tbibank-bg.com"

Context Example#

{
"url": "https://www.virustotal.com/gui/domain/tbibank-bg.com",
"screenshot_data": {
"status": "Success",
"screenshot_url": "https://fs.silentpush.com/screenshots/virustotal.com/f2fa9440ee769ad6f6702529c006522b.jpg",
"file_name": "www.virustotal.com_screenshot.jpg"
}
}

Human Readable Output#

Results#

FieldValue
URLhttps://www.virustotal.com/gui/domain/tbibank-bg.com
StatusSuccess
Screenshot URLView Screenshot
File Namewww.virustotal.com_screenshot.jpg

silentpush-search-domains#


This command search for domains with optional filters.

Base Command#

silentpush-search-domains

Input#

Argument NameDescriptionRequired
domainName or wildcard pattern of domain names to search for.Optional
domain_regexA valid RE2 regex pattern to match domains. Overrides the domain argument.Optional
name_serverName server name or wildcard pattern of the name server used by domains.Optional
asnumAutonomous System (AS) number to filter domains.Optional
asnameSearch for all AS numbers where the AS Name begins with the specified value.Optional
min_ip_diversityMinimum IP diversity limit to filter domains.Optional
registrarName or partial name of the registrar used to register domains.Optional
min_asn_diversityMinimum ASN diversity limit to filter domains.Optional
certificate_issuerFilter domains that had SSL certificates issued by the specified certificate issuer. Wildcards supported.Optional
whois_date_afterFilter domains with a WHOIS creation date after this date (YYYY-MM-DD).Optional
skipNumber of results to skip in the search query.Optional
limitNumber of results to return. Defaults to the SilentPush API's behavior.Optional

Context Output#

PathTypeDescription
SilentPush.Domain.asn_diversityNumberThe diversity of Autonomous System Numbers (ASNs) associated with the domain.
SilentPush.Domain.hostStringThe domain name (host) associated with the record.
SilentPush.Domain.ip_diversity_allNumberThe total number of unique IPs associated with the domain.
SilentPush.Domain.ip_diversity_groupsNumberThe number of unique IP groups associated with the domain.

Command Example#

!silentpush-search-domains

Context Example#

{
"domain_search_results": [
{
"asn_diversity": 1,
"host": "0-------------------------------------------------------------0.com",
"ip_diversity_all": 1,
"ip_diversity_groups": 1
}
]
}

Human Readable Output#

Results#

FieldValue
ASN Diversity1
Host0-------------------------------------------------------------0.com
IP Diversity (All)1
IP Diversity Groups1

silentpush-search-scan-data#


This command search Silent Push scan data repositories using SPQL queries.

Base Command#

silentpush-search-scan-data

Input#

Argument NameDescriptionRequired
querySPQL query string.Required
fieldsFields to return in the response.Optional
sortSorting criteria for results.Optional
skipNumber of records to skip in the response.Optional
limitMaximum number of results to return.Optional
with_metadataWhether to include metadata in the response.Optional

Context Output#

PathTypeDescription
SilentPush.ScanData.HHVStringUnique identifier for the scan data entry.
SilentPush.ScanData.adtechUnknownAdtech information for the scan data entry.
SilentPush.ScanData.adtech.ads_txtBooleanIndicates if ads.txt is used.
SilentPush.ScanData.adtech.app_ads_txtBooleanIndicates if app_ads.txt is used.
SilentPush.ScanData.adtech.sellers_jsonBooleanIndicates if sellers.json is used.
SilentPush.ScanData.body_analysisUnknownBody analysis for the scan data entry.
SilentPush.ScanData.body_analysis.body_sha256StringSHA256 hash of the body.
SilentPush.ScanData.body_analysis.languageUnknownLanguages detected in the body.
SilentPush.ScanData.body_analysis.ICP_licenseStringICP License information.
SilentPush.ScanData.body_analysis.SHVStringServer Hash Verification value.
SilentPush.ScanData.body_analysis.adsenseUnknownList of AdSense data.
SilentPush.ScanData.body_analysis.footer_sha256StringSHA-256 hash of the footer content.
SilentPush.ScanData.body_analysis.google-GA4UnknownList of Google GA4 identifiers.
SilentPush.ScanData.body_analysis.google-UAUnknownList of Google Universal Analytics identifiers.
SilentPush.ScanData.body_analysis.google-adstagUnknownList of Google adstag identifiers.
SilentPush.ScanData.body_analysis.header_sha256UnknownSHA-256 hash of the header content.
SilentPush.ScanData.body_analysis.js_sha256UnknownList of JavaScript files with SHA-256 hash values.
SilentPush.ScanData.body_analysis.js_ssdeepUnknownList of JavaScript files with SSDEEP hash values.
SilentPush.ScanData.body_analysis.onionUnknownList of Onion URLs detected.
SilentPush.ScanData.body_analysis.telegramUnknownList of Telegram-related information.
SilentPush.ScanData.datahashStringHash of the data.
SilentPush.ScanData.datasourceStringSource of the scan data.
SilentPush.ScanData.domainStringDomain associated with the scan data.
SilentPush.ScanData.geoipUnknownGeoIP information related to the scan.
SilentPush.ScanData.geoip.city_nameStringCity where the scan data was retrieved.
SilentPush.ScanData.geoip.country_nameStringCountry name from GeoIP information.
SilentPush.ScanData.geoip.locationUnknownGeo-location coordinates.
SilentPush.ScanData.geoip.location.latNumberLatitude from GeoIP location.
SilentPush.ScanData.geoip.location.lonNumberLongitude from GeoIP location.
SilentPush.ScanData.headerUnknownHTTP header information for the scan.
SilentPush.ScanData.header.content-lengthStringContent length from HTTP response header.
SilentPush.ScanData.header.locationStringLocation from HTTP response header.
SilentPush.ScanData.header.connectionStringConnection type used, e.g., keep-alive.
SilentPush.ScanData.header.serverStringServer software used to serve the content, e.g., openresty.
SilentPush.ScanData.hostnameStringHostname associated with the scan data.
SilentPush.ScanData.html_body_sha256StringSHA256 hash of the HTML body.
SilentPush.ScanData.htmltitleStringTitle of the HTML page scanned.
SilentPush.ScanData.ipStringIP address associated with the scan.
SilentPush.ScanData.jarmStringJARM hash value.
SilentPush.ScanData.mobile_enabledBooleanIndicates if the page is mobile-enabled.
SilentPush.ScanData.origin_domainStringOrigin domain associated with the scan.
SilentPush.ScanData.origin_geoipUnknownGeoIP information of the origin domain.
SilentPush.ScanData.origin_geoip.city_nameStringCity of the origin domain from GeoIP information.
SilentPush.ScanData.origin_hostnameStringOrigin hostname associated with the scan data.
SilentPush.ScanData.origin_ipStringOrigin IP address of the scan.
SilentPush.ScanData.origin_jarmStringJARM hash value of the origin domain.
SilentPush.ScanData.origin_sslUnknownSSL certificate information for the origin domain.
SilentPush.ScanData.origin_ssl.SHA256StringSHA256 of the SSL certificate.
SilentPush.ScanData.origin_ssl.subjectUnknownSubject of the SSL certificate.
SilentPush.ScanData.origin_ssl.subject.common_nameStringCommon name in the SSL certificate.
SilentPush.ScanData.portNumberPort used during the scan.
SilentPush.ScanData.redirectBooleanIndicates if a redirect occurred during the scan.
SilentPush.ScanData.redirect_countNumberCount of redirects encountered.
SilentPush.ScanData.redirect_listUnknownList of redirect URLs encountered during the scan.
SilentPush.ScanData.responseNumberHTTP response code received during the scan.
SilentPush.ScanData.scan_dateStringTimestamp of the scan date.
SilentPush.ScanData.schemeStringURL scheme used in the scan.
SilentPush.ScanData.sslUnknownSSL certificate details for the scan.
SilentPush.ScanData.ssl.SHA256StringSHA256 of the SSL certificate.
SilentPush.ScanData.ssl.subjectUnknownSubject of the SSL certificate.
SilentPush.ScanData.ssl.subject.common_nameStringCommon name in the SSL certificate.
SilentPush.ScanData.subdomainStringSubdomain associated with the scan data.
SilentPush.ScanData.tldStringTop-level domain (TLD) of the scanned URL.
SilentPush.ScanData.urlStringThe URL scanned.

Command Example#

!silentpush-search-scan-data query="tld=cool" limit="5"

Context Example#

{
"query": "tld=cool",
"limit": 5,
"scan_data": [
{
"domain": "volunteering.cool",
"ip": "44.227.65.245",
"asn": "16509",
"asn_org": "AMAZON-02",
"city": "Boardman",
"country": "United States",
"region": "Oregon",
"latitude": 45.8401,
"longitude": -119.705,
"timezone": "America/Los_Angeles",
"server": "openresty",
"ssl": "http",
"favicon": "http://volunteering.cool/favicon.ico",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.3",
"scan_date": "2025-04-08T09:12:45Z",
"status_code": 200
}
]
}

Human Readable Output#

Results#

FieldValue
Domainvolunteering.cool
IP Address44.227.65.245
ASN16509
ASN OrganizationAMAZON-02
CityBoardman
CountryUnited States
RegionOregon
Latitude45.8401
Longitude-119.705
TimezoneAmerica/Los_Angeles
Serveropenresty
SSL/TLS StatusHTTP (No SSL)
FaviconFavicon
User AgentMozilla/5.0 (Linux x86_64)
Scan Date2025-04-08T09:12:45Z
HTTP Status Code200