Domain¶
Domain endpoints¶
These endpoints return information for a given domain name
domain information¶
- GET /explore/domain/domaininfo/{domain}
Get domain information
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/domaininfo/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"domaininfo": {
"age": 536,
"age_score": 0,
"domain": "silentpush.com",
"first_seen": 20200121,
"is_new": false,
"is_new_score": 0,
"last_seen": 20210709,
"query": "silentpush.com",
"whois_age": 536,
"whois_created_date": "2020-01-20 08:14:27",
"zone": "com"
}
}
}
Silent Push Risk Score for domain¶
- GET /explore/domain/riskscore/{domain}
Get Silent Push Risk Score for domain
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/riskscore/regardlessnotice.top
Example Response
{
"status_code": 200,
"error": null,
"response": {
"domain": "regardlessnotice.top",
"sp_risk_score": 95
}
}
bulk Silent Push Risk Score for a list of domains¶
- POST /explore/bulk/domain/riskscore
Get Silent Push Risk Score for multiple domains
a maximum of 100 domains may be submitted in a single request
- JSON Parameters
body (json) (required) –
a json object containing a list of domains
{"domains": ["<domain1>","<domain2>",...,"<domainN>"]}
- Request Headers
X-API-KEY – api-key
Content-Type – application/json
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/bulk/domain/riskscore \
-d '{"domains": ["2021olympicupdates.live","massgames.space","micros0ft0nline.one"]}'
Example Response
{
"status_code": 200,
"error": null,
"response": [
{
"domain": "micros0ft0nline.one",
"sp_risk_score": 100
},
{
"domain": "massgames.space",
"sp_risk_score": 100
},
{
"domain": "2021olympicupdates.live",
"sp_risk_score": 100
}
]
}
bulk domain information¶
- POST /explore/bulk/domaininfo
Get domain information for multiple domains
- JSON Parameters
body (json) (required) –
a json object containing a list of domains
{"domains": ["<domain1>","<domain2>",...,"<domainN>"]}
- Request Headers
X-API-KEY – api-key
Content-Type – application/json
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/bulk/domaininfo \
-d '{"domains": ["silentpush.com","google.com"]}'
Example Response
{
"status_code": 200,
"error": null,
"response": {
"domaininfo": [
{
"age": 536,
"age_score": 0,
"domain": "silentpush.com",
"first_seen": 20200121,
"is_new": false,
"is_new_score": 0,
"last_seen": 20210710,
"query": "silentpush.com",
"whois_age": 536,
"whois_created_date": "2020-01-20 08:14:27",
"zone": "com"
},
{
"age_score": 0,
"domain": "google.com",
"info": "Domain registered before 20170101",
"is_new": false,
"is_new_score": 0,
"last_seen": 20210710,
"query": "google.com",
"whois_age": "",
"whois_created_date": "",
"zone": "com"
}
]
}
}
domain infratag¶
- GET /explore/domain/infratag/{domain}
Get infratag for domain
- Query Parameters
domain (string) (required) –
domain name
mode =<live|padns> (string) (optional) –
build infratags from live lookup data or from PADNS data
live = (default) use live DNS lookups
padns = use collected Passive DNS data
match =<self|full> (string) (optional) –
handling of self-hosted infrastructure
self = (default) tag self-hosted NS and MX as ‘self’
full = tag self-hosted NS and MX as domain name
as_of =<date|epoch|sec> (optional) –
build infratags from padns data where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp - automatically sets mode to padns
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/infratag/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"infratag": {
"domain": "silentpush.com",
"mode": "live",
"tag": "outlook.com:cloudflare.com:cloudflarenet:enom"
}
}
}
bulk domain infratags¶
- POST /explore/bulk/domain/infratags
Get infratags for multiple domains with optional clustering
- JSON Parameters
body (json) (required) –
a json object containing a list of domains
{"domains": ["<domain1>","<domain2>",...,"<domainN>"]}
- Query Parameters
mode =<live|padns> (string) (optional) –
build infratags from live lookup data or from PADNS data
live = (default) use live DNS lookups
padns = use collected Passive DNS data
match =<self|full> (string) (optional) –
handling of self-hosted infrastructure
self = (default) tag self-hosted NS and MX as ‘self’
full = tag self-hosted NS and MX as domain name
as_of =<date|epoch|sec> (optional) –
build infratags from padns data where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp - automatically sets mode to padns
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
clusters =<0|1> (int) (optional) –
build clusters from infratags
0 = (default)
1 = build clusters of domains based on tag similarity
- Request Headers
X-API-KEY – api-key
Content-Type – application/json
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/bulk/domain/infratags \
?mode=live \
&match=self \
&clusters=1 \
-d '{"domains": ["silawatergim.club", "fooldinort.top", "elbigiddim.xyz"]}'
Example Response
{
"status_code": 200,
"error": null,
"response": {
"infratags": [
{
"domain": "silawatergim.club",
"mode": "live",
"tag": "_:cloudflare.com:hz:_"
},
{
"domain": "fooldinort.top",
"mode": "live",
"tag": "_:cloudflare.com:leaseweb:porkbunllc"
},
{
"domain": "elbigiddim.xyz",
"mode": "live",
"tag": "_:cloudflare.com:leaseweb:porkbunllc"
}
],
"tag_clusters": [
{
"25": [
{
"domains": [
"elbigiddim.xyz",
"silawatergim.club",
"fooldinort.top"
],
"match": "_:cloudflare.com:_:_"
}
]
},
{
"50": []
},
{
"75": [
{
"domains": [
"elbigiddim.xyz",
"fooldinort.top"
],
"match": "_:cloudflare.com:leaseweb:porkbunllc"
}
]
},
{
"100": []
}
]
}
}
name server changes¶
- GET /explore/domain/nschanges/{domain}
Get name server changes for domain
- Query Parameters
domain (string) (required) –
domain name
summary =<0|1> (int) (optional) –
return results summary only
0 = (default) return full result
1 = return summary only
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/nschanges/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"nschanges": {
"nschanges": [
{
"circular_change_to": false,
"date": 20200509,
"days_ago": 427,
"domain": "silentpush.com",
"from_expire": false,
"from_nameservers": [
"ns1.myhostns.com",
"ns2.myhostns.com",
"ns3.myhostns.com"
],
"from_ns_in_domain": false,
"from_ns_srv_domain_density": {
"ns1.myhostns.com": 596,
"ns2.myhostns.com": 596,
"ns3.myhostns.com": 577
},
"from_ns_srv_domain_density_low": false,
"from_parked": false,
"from_sinkhole": false,
"query": "silentpush.com",
"to_expire": false,
"to_nameservers": [
"henry.ns.cloudflare.com",
"vida.ns.cloudflare.com"
],
"to_ns_in_domain": false,
"to_ns_srv_domain_density": {
"henry.ns.cloudflare.com": 30983,
"vida.ns.cloudflare.com": 30947
},
"to_ns_srv_domain_density_low": false,
"to_parked": false,
"to_sinkhole": false
}
],
"results_summary": {
"changes_0_7_days": 0,
"changes_30_90_days": 0,
"changes_7_30_days": 0,
"changes_last_30_days": 0,
"changes_last_7_days": 0,
"changes_last_90_days": 0,
"has_change_circular": false,
"has_change_expire_from": false,
"has_change_expire_to": false,
"has_change_ns_in_domain_from": false,
"has_change_ns_in_domain_to": false,
"has_change_ns_srv_domain_density_low_from": false,
"has_change_ns_srv_domain_density_low_to": false,
"has_change_parked_from": false,
"has_change_parked_to": false,
"has_change_sinkhole_from": false,
"has_change_sinkhole_to": false,
"last_change": 20200509,
"last_change_circular_to": false,
"last_change_days_ago": 427,
"last_change_expire_from": false,
"last_change_expire_to": false,
"last_change_ns_in_domain_from": false,
"last_change_ns_in_domain_to": false,
"last_change_ns_srv_domain_density_low_from": false,
"last_change_ns_srv_domain_density_low_to": false,
"last_change_parked_from": false,
"last_change_parked_to": false,
"last_change_sinkhole_from": false,
"last_change_sinkhole_to": false,
"ns_entropy": 1,
"ns_entropy_score": 1,
"num_changes_all": 1
}
}
}
}
name server changes summary¶
- GET /explore/domain/nschangessummary/{domain}
Get summary of name server changes for domain
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/nschangessummary/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"nschanges": {
"results_summary": {
"changes_0_7_days": 0,
"changes_30_90_days": 0,
"changes_7_30_days": 0,
"changes_last_30_days": 0,
"changes_last_7_days": 0,
"changes_last_90_days": 0,
"domain": "silentpush.com",
"has_change_circular": false,
"has_change_expire_from": false,
"has_change_expire_to": false,
"has_change_ns_in_domain_from": false,
"has_change_ns_in_domain_to": false,
"has_change_ns_srv_domain_density_low_from": false,
"has_change_ns_srv_domain_density_low_to": false,
"has_change_parked_from": false,
"has_change_parked_to": false,
"has_change_sinkhole_from": false,
"has_change_sinkhole_to": false,
"last_change": 20200509,
"last_change_circular_to": false,
"last_change_days_ago": 427,
"last_change_expire_from": false,
"last_change_expire_to": false,
"last_change_ns_in_domain_from": false,
"last_change_ns_in_domain_to": false,
"last_change_ns_srv_domain_density_low_from": false,
"last_change_ns_srv_domain_density_low_to": false,
"last_change_parked_from": false,
"last_change_parked_to": false,
"last_change_sinkhole_from": false,
"last_change_sinkhole_to": false,
"ns_entropy": 1,
"ns_entropy_score": 1,
"num_changes_all": 1,
"query": "silentpush.com"
}
}
}
}
search name server changes¶
- GET /explore/query/nstransfer
Query for name server changes from/to name servers within time window for domains registered within time window, optionally for domains registered with registrar
- Query Parameters
from_ns =<name|pattern|self> (string) (required) –
name of previous name server, wildcard supported
use ‘self’ to search for self-hosted name servers
to_ns =<name|pattern|self> (string) (required) –
name of new name server, wildcard supported
use ‘self’ to search for self-hosted name servers
domain_regex =<pattern> (string) (optional) –
domain pattern to match
pattern must be a valid re2 regular expression
days =<n> (int) (optional) –
sets window for change_date_after and whois_date_after, if not explicitly set
default = 30
change_date_after =<yyyy-mm-dd> (string) (optional) –
only changes on or after this date, or last 30 days if not set
change_date_before =<yyyy-mm-dd> (string) (optional) –
only changes on or before this date
nschanges_only =<0|1> (int) (optional) –
ignore whois data unless specific whois options are set
default = 0
whois_date_after =<yyyy-mm-dd> (string) (optional) –
only domains registered on or after this date, or last 30 days if not set
whois_date_before =<yyyy-mm-dd> (string) (optional) –
only domains registered on or before this date
registrar =<name> (string) (optional) –
only domains registered using this registrar
partial string match, or any if not set
email =<registrant_email_address> (string) (optional) –
only domains using this registrant email address
exact match only, or any if not set
order =<asc|desc> (string) (optional) –
sort change dates in desc/asc order
default = desc
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
- Request Headers
X-API-KEY – api-key
Warning
Using any of the whois specific options limits the search to domains for which we have pre-collected Whois data
whois_date_after
whois_date_before
registrar
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/query/nstransfer \
?from_ns=*.ipage.com \
&to_ns=*.registrar-servers.com \
®istrar=namecheap \
&change_date_after=2021-05-01 \
&whois_date_after=2021-05-01 \
&limit=3
Example Response
{
"status_code": 200,
"error": null,
"response": {
"nstransfer": [
{
"change_date": "2021-06-17",
"domain": "ajitfhm.com",
"newnsrecs": [
"dns1.registrar-servers.com",
"dns2.registrar-servers.com"
],
"oldnsrecs": [
"ns1.ipage.com",
"ns2.ipage.com"
]
},
{
"change_date": "2021-06-12",
"domain": "mxnet.email",
"newnsrecs": [
"dns1.registrar-servers.com",
"dns2.registrar-servers.com"
],
"oldnsrecs": [
"ns1.ipage.com",
"ns2.ipage.com"
]
},
{
"change_date": "2021-06-03",
"domain": "picindex.info",
"newnsrecs": [
"dns1.registrar-servers.com",
"dns2.registrar-servers.com"
],
"oldnsrecs": [
"ns1.ipage.com",
"ns2.ipage.com"
]
}
]
}
}
Tip
Domains matching regular expression:
https://api.silentpush.com/api/v1/merge-api/explore/query/nstransfer \ ?from_ns=*.ipage.com \ &to_ns=*.registrar-servers.com \ &domain_regex=^[[:alnum:]]{3,7}\.[[:alpha:]]{2,}$ \ &change_date_after=2021-03-01 \ &limit=3{ "status_code": 200, "error": null, "response": { "nstransfer": [ { "change_date": "2021-04-03", "domain": "opti.red", "newnsrecs": [ "dns101.registrar-servers.com", "dns102.registrar-servers.com" ], "oldnsrecs": [ "ns1.ipage.com", "ns2.ipage.com" ] }, { "change_date": "2021-04-01", "domain": "giftme.xyz", "newnsrecs": [ "dns101.registrar-servers.com", "dns102.registrar-servers.com" ], "oldnsrecs": [ "ns1.ipage.com", "ns2.ipage.com" ] }, { "change_date": "2021-04-01", "domain": "noco.today", "newnsrecs": [ "dns101.registrar-servers.com", "dns102.registrar-servers.com" ], "oldnsrecs": [ "ns1.ipage.com", "ns2.ipage.com" ] } ] } }
domain search¶
- GET /explore/domain/search
Search for domains with optional name server, whois, network and domain name pattern matching
- Query Parameters
domain =<name|pattern> (string) (optional) –
name or wildcard pattern of domain names to search for
domain_regex =<pattern> (pattern) (optional) –
re2 regular expression - overrides domain parameter
pattern must be a valid re2 regular expression
nsname =<name|pattern|self> (string) (optional) –
name server name or wildcard pattern of name server used by domains
use nsname=self to find domains hosting their own nameservers
mxname =<name|pattern|self> (string) (optional) –
mx server name or wildcard pattern of mx server used by domains
use mxname=self to find domains hosting their own mailservers
first_seen_min =<yyyy-mm-dd> (string) (optional) –
only domains that have A records seen for the first time after the given date
first_seen_max =<yyyy-mm-dd> (string) (optional) –
only domains that have A records seen for the first time before the given date
first_seen_min_mode =<strict|any> (string) (optional) –
match mode for first_seen_min parameter
strict (default) - select A records that do not have any timestamps before first_seen_min
any - select A records that have at least one timestamp after first_seen_min
first_seen_max_mode =<strict|any> (string) (optional) –
match mode for first_seen_max parameter
strict (default) - select A records that do not have any timestamps after first_seen_max
any - select A records that have at least one timestamp before first_seen_max
last_seen_min =<yyyy-mm-dd> (string) (optional) –
only domains that have A records last seen more recently than the given date
last_seen_max =<yyyy-mm-dd> (string) (optional) –
only domains that have A records last seen earlier than the given date
last_seen_min_mode =<strict|any> (string) (optional) –
match mode for last_seen_min parameter
strict - select A records that do not have any timestamps before last_seen_min
any (default) - select A records that have at least one timestamp after first_seen_min
last_seen_max_mode =<strict|any> (string) (optional) –
match mode for last_seen_max parameter
strict (default) - select A records that do not have any timestamps after last_seen_max
any - select A records that have at least one timestamp before last_seen_max
asnum =<n> (int) (optional) –
AS number to search, may be repeated multiple time for additional AS numbers
asn =<in|notin> (int) (optional) –
search for IP addresses in or not in the given AS numbers
default = in
asname =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_starts_with =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_contains =<name> (string) (optional) –
search all AS numbers where the AS Name contains <name>
asn_match =<type> (string) (optional) –
how to match AS numbers
any (default) - match on any asnum given or derived from asname
all - asn diversity timeline must contain all asnums given as asnum parameter or derived from asname
limit - apply min and/or max limits as specified by optional asn_match_min and asn_match_max parameters
asn_match_max =<n> (int) (optional) –
maximum <n> of the asnums given as asnum or derived from asname must appear in asn diversity timeline
asn_match_min =<n> (int) (optional) –
minimum <n> of the asnums given as asnum or derived from asname must appear in asn diversity timeline
network =<subnet> (string) (optional) –
additional network and net mask
give option as 1.1.1.1/24
network parameter may be given multiple times and the search will be performed as an ‘or’ condition
timeline =<0|1> (int) (optional) –
include details of IPs, ASNs, first_seen and last_seen for each domain
0 (default) = do not include
1 = include timeline
first_seen_after =<yyyy-mm-dd> (string) (optional) –
only domains that have been seen using the NS server in the “nsname=” parameter for the first time after the given date
first_seen_before =<yyyy-mm-dd> (string) (optional) –
only domains that have been seen using the NS server in the “nsname=” parameter for the first time before the given date
registrar =<name> (string) (optional) –
name or partial name of registrar used to register domains - no wildcards, the given string is used in partial match - this is a slow search option and should only be used in combination with the domain match option
email =<email> (string) (optional) –
email used to register domains - no wildcards, the given string is used in exact match - this is a slow search option and should only be used in combination with the domain match option
whois_date_after =<yyyy-mm-dd> (string) (optional) –
only domains that have a created date in Whois after this date – this limits the search to domains for which we have Whois data and makes the search perform slowly – all of the whois specific options should be avoided if at all possible
nschange_from_ns =<name|pattern|self> (string) (optional) –
domain has changed name server from nsname
exact match, wildcards and ‘self’ options supported
nschange_to_ns =<name|pattern|self> (string) (optional) –
domain has changed name server to nsname
exact match, wildcards and ‘self’ options supported
nschange_date_after =<yyyy-mm-dd> (string) (optional) –
only domains with name server changes that occurred after the given date
if nschange_date_after is not given, the default is to find name server changes in the last 30 days, if nschange_date_before is not given
nschange_date_before =<yyyy-mm-dd> (string) (optional) –
only domains with name server changes that occurred before the given date
cert_date_min =<yyyy-mm-dd> (string) (optional) –
only domains that have had ssl certificates issued on or after the given date
cert_date_max =<yyyy-mm-dd> (string) (optional) –
only domains that have had ssl certificates issued on or before the given date
cert_issuer =<name|pattern> (string) (optional) –
only domains that have had ssl certificates issued using the named certificate issuer
wildcards (*) are supported
spaces in name may be represented by ‘+’
infratag =<infratag> (string) (optional) –
search by infratag
infratag must include mx part, ns part, asname part, or registrar part
overrides mxname, nsname and registrar parameters, if infratag contains these parts
can be combined with all other parameters
asn_diversity =<n> (int) (optional) –
asn diversity - exact match
asn_diversity_min =<n> (int) (optional) –
minimum diversity limit
asn_diversity_max =<n> (int) (optional) –
maximum diversity limit
ip_diversity_all =<n> (int) (optional) –
ip diversity all - exact match
ip_diversity_all_min =<n> (int) (optional) –
minimum diversity limit
default = 1
ip_diversity_all_max =<n> (int) (optional) –
maximum diversity limit
ip_diversity_groups =<n> (int) (optional) –
ip diversity groups - exact match
ip_diversity_groups_min =<n> (int) (optional) –
minimum diversity limit
ip_diversity_groups_max =<n> (int) (optional) –
maximum diversity limit
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Warning
Using any of the whois specific options limits the search to domains for which we have pre-collected Whois data
whois_date_after
registrar
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/search \
?nsname=*.bodis.com \
&asn_diversity_min=5 \
&limit=3
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"asn_diversity": 5,
"host": "089.org",
"ip_diversity_all": 5,
"ip_diversity_groups": 3
},
{
"asn_diversity": 5,
"host": "6645.org",
"ip_diversity_all": 5,
"ip_diversity_groups": 3
},
{
"asn_diversity": 5,
"host": "aerialbytes.com",
"ip_diversity_all": 5,
"ip_diversity_groups": 3
}
]
}
}
Tip
Example timeline:
https://api.silentpush.com/api/v1/merge-api/explore/domain/search \ ?nsname=*.bodis.com \ &asn_diversity_min=5 \ &limit=3 \ &timeline=1{ "status_code": 200, "error": null, "response": { "records": [ { "asn_diversity": 5, "host": "089.org", "ip_diversity_all": 5, "ip_diversity_groups": 3, "timeline": [ { "asn": 3842, "first_seen": "2021-06-23 15:00:05", "ip": "107.161.23.204", "last_seen": "2021-06-26 13:25:30" }, { "asn": 8100, "first_seen": "2021-06-23 15:00:05", "ip": "192.161.187.200", "last_seen": "2021-06-26 13:25:30" }, { "asn": 53667, "first_seen": "2021-06-23 15:00:05", "ip": "209.141.38.71", "last_seen": "2021-06-26 13:25:30" }, { "asn": 395082, "first_seen": "2021-06-28 22:20:59", "ip": "199.59.242.153", "last_seen": "2021-07-09 15:04:46" }, { "asn": 16509, "first_seen": "2021-03-10 17:07:19", "ip": "52.58.78.16", "last_seen": "2021-06-21 13:19:25" } ] }, { "asn_diversity": 5, "host": "6645.org", "ip_diversity_all": 5, "ip_diversity_groups": 3, "timeline": [ { "asn": 3842, "first_seen": "2020-12-23 14:02:19", "ip": "107.161.23.204", "last_seen": "2021-06-26 16:52:24" }, { "asn": 16509, "first_seen": "2021-05-22 11:35:33", "ip": "99.81.40.78", "last_seen": "2021-06-21 17:28:31" }, { "asn": 395082, "first_seen": "2021-06-27 13:52:52", "ip": "199.59.242.153", "last_seen": "2021-07-09 14:02:15" }, { "asn": 53667, "first_seen": "2020-12-23 14:02:19", "ip": "209.141.38.71", "last_seen": "2021-06-26 16:52:24" }, { "asn": 8100, "first_seen": "2020-12-23 14:02:19", "ip": "192.161.187.200", "last_seen": "2021-06-26 16:52:24" } ] }, { "asn_diversity": 5, "host": "aerialbytes.com", "ip_diversity_all": 5, "ip_diversity_groups": 3, "timeline": [ { "asn": 19994, "first_seen": "2020-12-28 17:30:52", "ip": "23.253.58.227", "last_seen": "2021-06-11 12:34:58" }, { "asn": 395082, "first_seen": "2021-07-09 11:10:00", "ip": "199.59.242.153", "last_seen": "2021-07-09 11:10:00" }, { "asn": 16509, "first_seen": "2020-12-28 17:30:52", "ip": "176.34.241.253", "last_seen": "2021-06-11 12:34:58" }, { "asn": 33070, "first_seen": "2020-12-28 17:30:52", "ip": "162.242.150.89", "last_seen": "2021-06-11 12:34:58" }, { "asn": 19324, "first_seen": "2021-06-12 11:35:27", "ip": "52.128.23.27", "last_seen": "2021-07-07 16:14:05" } ] } ] } }
Domain Typosquatting Search¶
- GET /explore/padns/search/typosquat
Find typosquatted variations of domain - optionally exclude selected infrastructure
The default is to look at new records with a first_seen timestamp within the last 7 days, but this can be reduced further to the last 24 hours and executed as a daily discovery search.
Only records that have been seen within the last 7 days will be considered in this search.
- Query Parameters
autospoof =<string> (string) (optional) –
domain name for which to find spoofed variations
automatically generates a regex used in search
is overridden by the regex parameter, if given
regex =<pattern> (pattern) (optional) –
re2 regular expression
pattern must be a valid re2 regular expression
regex overrides any autospoof domain given
nsname =<name|pattern> (string) (optional) –
nsname specifies name or pattern of name server where a domain is/is not hosted
up to 5 nsname parameters may be given - wildcards are supported
match =<eq|noteq> (string) (optional) –
finds domains not on (neq) or on (eq) name servers given as nsname parameters
eq - domains on name servers
neq (default) - domains not on name servers
net =<in|notin> (string) (optional) –
find records where ip not in (default) or in subnet defined by netmask and additional network parameters
in - find records in subnet
notin (default) - find records not in subnet
network =<subnet> (string) (optional) –
additional network and net mask
give option as 1.1.1.1/24
up to 5 additional networks may be given
asnum =<n> (int) (optional) –
AS number to search, may be repeated multiple time for additional AS numbers
parameter may be used with qtype=a or qtype=ptr4
use to find records in the same AS number
asn =<in|notin> (string) (optional) –
find ptr4 or a records where ipv4 in or not in ASN defined by asnum
in - find records in ASN
notin (default) - find records not in ASN
asname =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_starts_with =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_contains =<name> (string) (optional) –
search all AS numbers where the AS Name contains <name>
reduce =<full|host> (string) (optional) –
aggregate timestamps for qname only (host) or for each qname=>qanswer observation (full)
full (default) - show timestamps for qname=>qanswer observations
host - show timestamps for distinct qname only
first_seen_after =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or after this time
default=-2592000 - look back 30 days
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
first_seen_before =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_after =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_before =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
as_of =<date|epoch|sec|period> (optional) –
only return records where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
sort =<sort/order> (optional) –
order results in specified order - parameter may be repeated with different column names to produce a nested sorting effect
sort:
last_seen/last/time_last - synonyms for last_seen column
first_seen/first/time_first - synonyms for first_seen column
query/rrname - synonyms for query column
answer/rdata - synonyms for answer_seen column
order:
asc/+/up - synonyms for ascending order
desc/-/down - synonyms for descending order
output_format =<padns|cof> (optional) –
padns (default) - Silent Push padns output format
cof - common output format
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Note
reduce=host gives aggregation on hostname without pairing with IP resolutions - this gives observation dates for the hostname regardless of IP history
Note
Wildcards (*) are supported in nsname parameter
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/search/typosquat \
?autospoof=wellsfargo.com \
&network=159.45.170.0/20 \
&nsname=*.wf.com \
&nsname=*.wellsfargo.com \
&nsname=*.markmonitor.com \
&asname_starts_with=wellsfargo \
&asn=notin \
&net=notin \
&match=neq \
&first_seen_after=-7d \
&limit=2
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"answer": "162.255.119.116",
"asn": 22612,
"asname": "NAMECHEAP-NET, US",
"count": 1,
"domain": "pstel.net",
"first_seen": "2023-01-05 22:47:27",
"last_seen": "2023-01-05 22:47:27",
"query": "a3cbb1aff0.wellsfargo.com.dhcp01.pstel.net",
"type": "A"
},
{
"answer": "108.139.47.10",
"asn": 16509,
"asname": "AMAZON-02, US",
"count": 1,
"domain": "aspengroveinc.com",
"first_seen": "2023-01-05 22:46:47",
"last_seen": "2023-01-05 22:46:47",
"query": "iagent-wellsfargo.qa.aspengroveinc.com",
"type": "A"
}
]
}
}
whois information¶
- GET /explore/domain/whois/{domain}
Get previously collected whois information for domain
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/whois/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"whois": [
{
"address": "['PO Box 639', 'C/O silentpush.com']",
"city": "Kirkland",
"country": "US",
"created": "Mon, 20 Jan 2020 08:14:27 GMT",
"date": 20200527,
"domain": "silentpush.com",
"emails": [
"abuse@enom.com",
"mhjqhltw@whoisprivacyprotect.com"
],
"expires": "Wed, 20 Jan 2021 08:14:27 GMT",
"name": "Whois Agent (777024973)",
"nameservers": [
"henry.ns.cloudflare.com",
"vida.ns.cloudflare.com"
],
"org": "silentpush.com",
"query": "silentpush.com",
"registrar": "ENOM, INC.",
"state": "WA",
"updated": "Fri, 08 May 2020 13:09:11 GMT",
"whois_server": "WHOIS.ENOM.COM",
"zipcode": "98083"
}
]
}
}
whois live information¶
- GET /explore/domain/whoislive/{domain}
Get real-time whois information for domain
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/whoislive/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"whois_live": {
"address": [
"PO Box 639",
"C/O silentpush.com"
],
"city": "Kirkland",
"country": "US",
"created": "2020-01-20 09:14:27",
"date_seen": "2021-07-10 01:51:28",
"domain": "silentpush.com",
"emails": [
"mhjqhltw@whoisprivacyprotect.com",
"ABUSE@ENOM.COM"
],
"expires": "2022-01-20 09:14:27",
"name": "Whois Agent (777024973)",
"nameservers": [
"HENRY.NS.CLOUDFLARE.COM",
"VIDA.NS.CLOUDFLARE.COM"
],
"org": "Whois Privacy Protection Service, Inc.",
"raw": {
"address": [
"PO Box 639",
"C/O silentpush.com"
],
"city": "Kirkland",
"country": "US",
"creation_date": [
"2020-01-20 09:14:27",
"2020-01-20 09:14:00"
],
"dnssec": "unsigned",
"domain_name": [
"SILENTPUSH.COM",
"silentpush.com"
],
"emails": [
"mhjqhltw@whoisprivacyprotect.com",
"ABUSE@ENOM.COM"
],
"expiration_date": "2022-01-20 09:14:27",
"name": "Whois Agent (777024973)",
"name_servers": [
"HENRY.NS.CLOUDFLARE.COM",
"VIDA.NS.CLOUDFLARE.COM"
],
"org": "Whois Privacy Protection Service, Inc.",
"referral_url": null,
"registrar": "ENOM, INC.",
"state": "WA",
"status": [
"clientTransferProhibited https://icann.org/epp#clientTransferProhibited",
"clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited"
],
"updated_date": "2021-01-12 00:02:34",
"whois_server": "WHOIS.ENOM.COM",
"zipcode": "98083"
},
"registrar": "ENOM, INC.",
"state": "WA",
"updated": "2021-01-12 00:02:34",
"whois_server": "WHOIS.ENOM.COM",
"zipcode": "98083"
}
}
}
domain certificates¶
- GET /explore/domain/certificates/{domain}
Get certificates for domain
- Query Parameters
domain (string) (required) –
domain name - wildcards (*) are supported
domain_regex =<pattern> (pattern) (optional) –
re2 regular expression
pattern must be a valid re2 regular expression
overrides {domain}
cert_issuer =<string> (string) (optional) –
certificate issuer name - wildcards (*) are supported
spaces in <string> can be represented by ‘+’
date_min =<yyyy-mm-dd> (optional) –
certificates issued on or after this date
date: yyyy-mm-dd (2021-07-09) - fixed date
date_max =<yyyy-mm-dd> (optional) –
certificates issued on or before this date
date: yyyy-mm-dd (2021-07-09) - fixed date
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/certificates/silentpush.com \
?date_min=2022-02-01 \
&limit_by_n=1 \
&limit=1
Example Response
{
"status_code": 200,
"error": null,
"response": {
"domain_certificates": [
{
"cert_index": 32989943,
"chain": [
"Thawte RSA CA 2018",
"DigiCert Global Root CA"
],
"date": 20220227,
"domain": "silentpush.com",
"domains": [
"*.silentpush.com",
"silentpush.com"
],
"fingerprint": "F2:79:8D:63:90:B9:6E:15:CE:37:1D:74:AD:39:F7:83:4A:4F:FB:D8",
"fingerprint_md5": "8d89a47394eee0d8a6a7d113d16b4a40",
"fingerprint_sha1": "f2798d6390b96e15ce371d74ad39f7834a4ffbd8",
"fingerprint_sha256": "152f1caaa949d497e0bfdf71418e6dbf672a4dd346b45bf0b6e0a6eec2e37f2c",
"host": "*.silentpush.com",
"issuer": "Thawte RSA CA 2018",
"not_after": "2023-03-02T23:59:59",
"not_before": "2022-02-21T00:00:00",
"serial_dec": "6722621233961523147382361153951135781",
"serial_hex": "50EBAD1273E4892E72EF5224D767825",
"serial_number": "50EBAD1273E4892E72EF5224D767825",
"source_name": "Google 'Submariner' log",
"source_url": "ct.googleapis.com/submariner/",
"subject": "{'C': None, 'CN': '*.silentpush.com', 'L': None, 'O': None, 'OU': None, 'ST': None, 'aggregated': '/CN=*.silentpush.com', 'emailAddress': None}",
"wildcard": 1
}
]
}
}
Tip
Example domain_regex search:
https://api.silentpush.com/api/v1/merge-api/explore/domain/certificates/x \ ?domain_regex=^sil[[:alpha:]]{3,5}\.[a-z]{2,}$ \ &date_min=2022-02-01 \ &date_max=2022-03-01 \ &limit_by_n=1 \ &limit=3{ "status_code": 200, "error": null, "response": { "domain_certificates": [ { "cert_index": 859488329, "chain": [ "R3", "ISRG Root X1" ], "date": 20220301, "domain": "siltru.de", "domains": [ "*.siltru.de", "siltru.de" ], "fingerprint": "8F:FD:96:0C:3C:BF:23:A3:C7:83:A7:1F:CB:89:6D:4B:05:13:5A:B6", "fingerprint_md5": "10a1d3b4dcfd5afebcea0ac319d64a56", "fingerprint_sha1": "8ffd960c3cbf23a3c783a71fcb896d4b05135ab6", "fingerprint_sha256": "6a3a345bb93d87bc3298828cd90baff60bb4c65671ff8d5a4b8cd5659324c428", "host": "*.siltru.de", "issuer": "R3", "not_after": "2022-05-30T22:57:09", "not_before": "2022-03-01T22:57:10", "serial_dec": "353347564190657667972271714537123187494577", "serial_hex": "40E652977114EFC52567576D1B72BC78EB1", "serial_number": "40E652977114EFC52567576D1B72BC78EB1", "source_name": "Google 'Xenon2022' log", "source_url": "ct.googleapis.com/logs/xenon2022/", "subject": "{'C': None, 'CN': '*.siltru.de', 'L': None, 'O': None, 'OU': None, 'ST': None, 'aggregated': '/CN=*.siltru.de', 'emailAddress': None}", "wildcard": 1 }, { "cert_index": 28264370, "chain": [ "GeoTrust RSA CA 2018", "DigiCert Global Root CA" ], "date": 20220301, "domain": "silganbt.com", "domains": [ "*.silganbt.com", "silganbt.com" ], "fingerprint": "83:2D:8B:66:A3:05:9C:E1:9D:9E:05:89:78:07:00:35:10:BE:17:9C", "fingerprint_md5": "f302d39492fbc51061aacdcd67074966", "fingerprint_sha1": "832d8b66a3059ce19d9e05897807003510be179c", "fingerprint_sha256": "4c97de83f8c144d1661bf9e5ffca8672a2a7ea35feb76472161758d09a6226ea", "host": "*.silganbt.com", "issuer": "GeoTrust RSA CA 2018", "not_after": "2023-02-10T23:59:59", "not_before": "2022-03-01T00:00:00", "serial_dec": "10111626212837519373876429202705963405", "serial_hex": "79B6DA9B86230CF7AF9E1C6A225598D", "serial_number": "79B6DA9B86230CF7AF9E1C6A225598D", "source_name": "Google 'Argon2023' log", "source_url": "ct.googleapis.com/logs/argon2023/", "subject": "{'C': 'US', 'CN': '*.silganbt.com', 'L': 'Oconomowoc', 'O': 'Silgan Containers LLC', 'OU': None, 'ST': 'Wisconsin', 'aggregated': '/C=US/CN=*.silganbt.com/L=Oconomowoc/O=Silgan Containers LLC/ST=Wisconsin', 'emailAddress': None}", "wildcard": 1 }, { "cert_index": 859482403, "chain": [ "R3", "ISRG Root X1" ], "date": 20220301, "domain": "silkkin.co", "domains": [ "silkkin.co" ], "fingerprint": "1D:4A:BF:AB:27:43:1D:AC:AF:E2:97:51:3B:A0:6E:B5:C8:35:67:7D", "fingerprint_md5": "b835ef28069ceffd94655ada8ea05002", "fingerprint_sha1": "1d4abfab27431dacafe297513ba06eb5c835677d", "fingerprint_sha256": "670f2d4585642515983cedfe65620edc832c6dde0cb0c3695f072e84a8a1911c", "host": "silkkin.co", "issuer": "R3", "not_after": "2022-05-30T22:54:45", "not_before": "2022-03-01T22:54:46", "serial_dec": "277256332636704618564124101561131876473096", "serial_hex": "32EC87B5460C7BD074F02B650D6EB6BD908", "serial_number": "32EC87B5460C7BD074F02B650D6EB6BD908", "source_name": "Google 'Xenon2022' log", "source_url": "ct.googleapis.com/logs/xenon2022/", "subject": "{'C': None, 'CN': 'silkkin.co', 'L': None, 'O': None, 'OU': None, 'ST': None, 'aggregated': '/CN=silkkin.co', 'emailAddress': None}", "wildcard": 0 } ] } }
sibling domains¶
- GET /explore/domain/siblings/{domain}
Get sibling domains for domain
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/siblings/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"domain_siblings": {
"domain": "silentpush.com",
"query": "silentpush.com",
"results": 5,
"siblings": [
"*.silentpush.com",
"help.silentpush.com",
"ibandemo.silentpush.com",
"lookup.silentpush.com",
"websubmit.silentpush.com"
]
}
}
}
cousin domains¶
- GET /explore/domain/cousins/{domain}
Get cousin domains for domain
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/cousins/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"domain_cousins": {
"cousins": [
"*.silentpush.com",
"help.silentpush.com",
"ibandemo.silentpush.com",
"lookup.silentpush.com",
"websubmit.silentpush.com"
],
"domain": "silentpush.com",
"query": "silentpush.com",
"results": 5
}
}
}
name server reputation¶
- GET /explore/domain/nsreputation/{domain}
Get name server reputation for name servers for domain
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/nsreputation/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"ns_reputation": {
"is_expired": false,
"is_parked": false,
"is_sinkholed": false,
"ns_reputation_max": 0,
"ns_reputation_score": 0,
"ns_srv_reputation": [
{
"domain": "silentpush.com",
"ns_server": "henry.ns.cloudflare.com",
"ns_server_domain_density": 55264,
"ns_server_domains_listed": 1,
"ns_server_reputation": 0
},
{
"domain": "silentpush.com",
"ns_server": "vida.ns.cloudflare.com",
"ns_server_domain_density": 56779,
"ns_server_domains_listed": 1,
"ns_server_reputation": 0
}
]
}
}
}
DGA string probability score¶
- GET /explore/domain/string/{domain}
Get DGA string probability score for domain
- Query Parameters
domain (string) (required) –
domain name
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/domain/string/silentpush.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"domain_string_frequency_probability": {
"avg_probability": 6.79715,
"dga_probability_score": 0,
"domain": "silentpush.com",
"domain_string_freq_probabilities": [
7.1727,
6.4216
],
"query": "silentpush.com"
}
}
}