PADNS¶
PADNS endpoints¶
These endpoints return Passive DNS data
forward PADNS lookup¶
- GET /explore/padns/lookup/query/{qtype}/{qname}
Forward lookup of Passive DNS data
- Query Parameters
qtype (string) (required) –
the following qypes are supported:
a
aaaa
cname
mx
ns
ptr4
ptr6
any
anyipv4
anyipv6
soa
txt
qname (string) (required) –
specify a name or IP address to lookup
name - wildcards (*) are supported in name string
IPv4
IPv6
netmask =<n> (int) (optional) –
net mask may be given for qtypes ptr4 or ptr6
defaults: IPv4 = 32, IPv6 = 128
subdomains =<n> (int) (optional) –
include or exclude subdomains from qtype a or aaaa results
0 = exclude
1 = include
regex =<pattern> (pattern) (optional) –
re2 regular expression
pattern must be a valid re2 regular expression
match =<strict|self> (string) (optional) –
limit results to self-hosted infrastructure for qtype mx or ns
strict (default) - find all matching results
self - only show results where mx or ns records are in the same domain as qname
first_seen_after =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
first_seen_before =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_after =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_before =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
as_of =<date|epoch|sec|period> (optional) –
only return records where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
sort =<sort/order> (optional) –
order results in specified order - parameter may be repeated with different column names to produce a nested sorting effect
sort:
last_seen/last/time_last - synonyms for last_seen column
first_seen/first/time_first - synonyms for first_seen column
query/rrname - synonyms for query column
answer/rdata - synonyms for answer_seen column
order:
asc/+/up - synonyms for ascending order
desc/-/down - synonyms for descending order
output_format =<padns|cof> (optional) –
padns (default) - Silent Push padns output format
cof - common output format
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Note
Wildcards (*) are supported in qname
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/query/ns/sil*push.*
Note
Regular expression patterns must follow the re2 specification - backtracking and look-around assertions are not supported
Note
Using a regular expression overrides the qname parameter including any wildcards - when using the regex query parameter, qname may optionally be substituted by an underscore:
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/query/ns/_?regex=^sil[[:alpha:]]{3}\.[a-z]{2,}$
Note
For best performance, regular expressions should begin with ^ and end with $ - i.e. match from beginning of name to end of name
Warning
Regular expressions are slower than exact or wildcard match - wildcards should be used instead, whenever possible
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/query/ns/silentpush.com \
?last_seen_after=-172800 \
&sort=last_seen/desc
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"answer": "vida.ns.cloudflare.com",
"count": 236,
"first_seen": "2020-12-24 19:04:43",
"last_seen": "2021-07-09 16:39:51",
"nshash": "850c47a684c9ea9c32ece18e7be4cddc",
"query": "silentpush.com",
"ttl": 172800,
"type": "NS"
},
{
"answer": "henry.ns.cloudflare.com",
"count": 236,
"first_seen": "2020-12-24 19:04:43",
"last_seen": "2021-07-09 16:39:51",
"nshash": "850c47a684c9ea9c32ece18e7be4cddc",
"query": "silentpush.com",
"ttl": 172800,
"type": "NS"
}
]
}
}
reverse PADNS lookup¶
- GET /explore/padns/lookup/answer/{qtype}/{qname}
Reverse lookup of Passive DNS data
- Query Parameters
qtype (string) (required) –
the following qypes are supported:
a
aaaa
cname
mx
ns
ptr4
ptr6
soa
txt
mxhash
nshash
soahash
txthash
qname (string) (required) –
specify a name or IP address to lookup
name - wildcards (*) are supported in name string
IPv4
IPv6
netmask =<n> (int) (optional) –
net mask may be given for qtypes a or aaaa
defaults: IPv4 = 32, IPv6 = 128
subdomains =<n> (int) (optional) –
include or exclude subdomains from qtype a or aaaa results
0 = exclude
1 = include
regex =<pattern> (pattern) (optional) –
re2 regular expression
pattern must be a valid re2 regular expression
first_seen_after =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
first_seen_before =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_after =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_before =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
as_of =<date|epoch|sec|period> (optional) –
only return records where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
sort =<sort/order> (optional) –
order results in specified order - parameter may be repeated with different column names to produce a nested sorting effect
sort:
last_seen/last/time_last - synonyms for last_seen column
first_seen/first/time_first - synonyms for first_seen column
query/rrname - synonyms for query column
answer/rdata - synonyms for answer_seen column
order:
asc/+/up - synonyms for ascending order
desc/-/down - synonyms for descending order
output_format =<padns|cof> (optional) –
padns (default) - Silent Push padns output format
cof - common output format
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Note
Wildcards (*) are supported in qname
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/ns/vida.ns.cloudflare.com
Note
The reverse txt lookup will look for the string given in qname anywhere in the txt record value
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/txt/verification-code=70c3e598
Note
Wildcards (*) may be used in qname for reverse txt lookup
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/txt/verification*=70c3e598
Note
The reverse soa lookup will look for the string given in qname anywhere in the soa record value
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/soa/jomax
Note
Wildcards (*) may be used in qname for reverse soa lookup
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/soa/jomax.net*20210725
Note
Regular expression patterns must follow the re2 specification - backtracking and look-around assertions are not supported
Note
Using a regular expression overrides the qname parameter including any wildcards - when using the regex query parameter, qname may optionally be substituted by an underscore:
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/mx/_?regex=^.*sil[[:alpha:]]{3}\.[a-z]{2,}$
Note
For best performance, regular expressions should begin with ^ and end with $ - i.e. match from beginning of name to end of name
Warning
Regular expressions are slower than exact or wildcard match - wildcards should be used instead, whenever possible
Warning
Regular expressions are not supported for qtype=txt or qtype=soa
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/ns/vida.ns.cloudflare.com \
?last_seen_after=2021-07-01 \
&limit=2
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"answer": "vida.ns.cloudflare.com",
"count": 58,
"first_seen": "2021-04-30 18:29:30",
"last_seen": "2021-07-10 18:32:14",
"nshash": "7659b08bfceced5ef1ad24c26d2e8078",
"query": "gsjjyzs.com",
"ttl": 86400,
"type": "NS"
},
{
"answer": "vida.ns.cloudflare.com",
"count": 7,
"first_seen": "2021-07-05 19:42:44",
"last_seen": "2021-07-10 18:32:11",
"nshash": "28e44562b64c3a4f355a877e97cb6fa4",
"query": "gscooling.com",
"ttl": 86400,
"type": "NS"
}
]
}
}
multi-condition PADNS lookup¶
- GET /explore/padns/lookup/both/{qtype}/{qname}/{qanswer}
Search passive DNS data for records of <qtype> where query is <qname> and answer is <qanswer> - wildcards are supported in both qname and qanswer
- Query Parameters
qtype (string) (required) –
the following qypes are supported:
a
aaaa
cname
mx
ns
ptr4
ptr6
qname (string) (required) –
specify a name or IP address to lookup
name - wildcards (*) are supported in name string
IPv4
IPv6
qanswer (string) (required) –
specify a name or IP address to lookup
name - wildcards (*) are supported in name string
IPv4
IPv6
match =<eq|noteq> (string) (optional) –
find records where query = <qname> and answer equal or not equal to <qanswer>
eq (default) - answer must match <qanswer>
neq - answer must not match <qanswer>
name =<name|pattern> (string) (optional) –
additional name to match qanswer
up to 5 additional names may be given - wildcards are supported
netmask =<n> (int) (optional) –
net mask may be given for qtypes a or aaaa
use to find records in the same subnet
defaults: IPv4 = 32, IPv6 = 128
net =<in|notin> (string) (optional) –
find ptr4 or a records where ipv4 in or not in subnet defined by netmask
in (default) - find records in subnet
notin - find records not in subnet
network =<subnet> (string) (optional) –
additional network and net mask
give option as 1.1.1.1/24
up to 5 additional networks may be given
asnum =<n> (int) (optional) –
AS number to search, may be repeated multiple time for additional AS numbers
parameter may be used with qtype=a or qtype=ptr4
use to find records in the same AS number
asn =<in|notin> (string) (optional) –
find ptr4 or a records where ipv4 in or not in ASN defined by asnum
in (default) - find records in ASN
notin - find records not in ASN
asname =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_starts_with =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_contains =<name> (string) (optional) –
search all AS numbers where the AS Name contains <name>
first_seen_after =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
first_seen_before =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_after =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_before =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
as_of =<date|epoch|sec|period> (optional) –
only return records where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
sort =<sort/order> (optional) –
order results in specified order - parameter may be repeated with different column names to produce a nested sorting effect
sort:
last_seen/last/time_last - synonyms for last_seen column
first_seen/first/time_first - synonyms for first_seen column
query/rrname - synonyms for query column
answer/rdata - synonyms for answer_seen column
order:
asc/+/up - synonyms for ascending order
desc/-/down - synonyms for descending order
output_format =<padns|cof> (optional) –
padns (default) - Silent Push padns output format
cof - common output format
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Note
Wildcards (*) are supported in qname and qanswer
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/both/ns/sil*push.*/*.ns.cloudflare.com
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/both/ns/sil*push.*/*.ns.cloudflare.com \
?last_seen_after=2021-07-01 \
&limit=2
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"answer": "vida.ns.cloudflare.com",
"count": 236,
"first_seen": "2020-12-24 19:04:43",
"last_seen": "2021-07-09 16:39:51",
"nshash": "850c47a684c9ea9c32ece18e7be4cddc",
"query": "silentpush.com",
"ttl": 172800,
"type": "NS"
},
{
"answer": "henry.ns.cloudflare.com",
"count": 236,
"first_seen": "2020-12-24 19:04:43",
"last_seen": "2021-07-09 16:39:51",
"nshash": "850c47a684c9ea9c32ece18e7be4cddc",
"query": "silentpush.com",
"ttl": 172800,
"type": "NS"
}
]
}
}
Tip
Example exclusion search - similar domains not on given name servers:
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/both/ns/sil*push.*/*.ns.cloudflare.com \ ?last_seen_after=2021-07-01 \ &limit=2 \ &match=neq{ "status_code": 200, "error": null, "response": { "records": [ { "answer": "dns1.registrar-servers.com", "count": 299, "first_seen": "2020-12-25 22:55:52", "last_seen": "2021-07-10 19:03:43", "nshash": "12241179c5fb5626e98315c13551f23a", "query": "silverpush.co", "ttl": 3600, "type": "NS" }, { "answer": "dns2.registrar-servers.com", "count": 299, "first_seen": "2020-12-25 22:55:52", "last_seen": "2021-07-10 19:03:43", "nshash": "12241179c5fb5626e98315c13551f23a", "query": "silverpush.co", "ttl": 3600, "type": "NS" } ] } }
Live Unsanctioned Assets PADNS lookup¶
- GET /explore/padns/lookup/uld/{qtype}/{qname}/{qanswer}
Similar A records in similar domains in/not in networks specified by qanswer, netmask and network parameters where the similar domain is on/not on name servers specified by one or more nsname parameters
The default is to look at new records with a first_seen timestamp within the last 30 days, but the exact time period can be defined explicitly
This can be used to find spoofing domains hosted on unsanctioned infrastructure
- Query Parameters
qtype (string) (required) –
the following qypes are supported:
a
aaaa
qname (string) (required) –
specify a name to lookup
name - wildcards (*) are required in name string
_ - use underscore as placeholder if regex is given
regex =<pattern> (pattern) (optional) –
re2 regular expression
pattern must be a valid re2 regular expression
regex overrides any qname given
qanswer (string) (required) –
IP address to look for records - use in combination with netmask parameter to specify subnet
IPv4 address
IPv6 address
_ - use underscore as placeholder if no IP match is required
nsname =<name|pattern> (string) (optional) –
nsname specifies name or pattern of name server where a domain is/is not hosted
up to 5 nsname parameters may be given - wildcards are supported
match =<eq|noteq> (string) (optional) –
finds domains not on (neq) or on (eq) name servers given as nsname parameters
eq - domains on name servers
neq (default) - domains not on name servers
netmask =<n> (int) (optional) –
net mask may be given for qtypes a or aaaa
used in combination with qanswer to define subnet
use to find records in the same subnet
defaults: IPv4 = 32, IPv6 = 128
net =<in|notin> (string) (optional) –
find records where ip not in (default) or in subnet defined by netmask and additional network parameters
in - find records in subnet
notin (default) - find records not in subnet
network =<subnet> (string) (optional) –
additional network and net mask
give option as 1.1.1.1/24
up to 5 additional networks may be given
asnum =<n> (int) (optional) –
AS number to search, may be repeated multiple time for additional AS numbers
parameter may be used with qtype=a or qtype=ptr4
use to find records in the same AS number
asn =<in|notin> (string) (optional) –
find ptr4 or a records where ipv4 in or not in ASN defined by asnum
in - find records in ASN
notin (default) - find records not in ASN
asname =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_starts_with =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_contains =<name> (string) (optional) –
search all AS numbers where the AS Name contains <name>
reduce =<full|host> (string) (optional) –
aggregate timestamps for qname only (host) or for each qname=>qanswer observation (full)
full (default) - show timestamps for qname=>qanswer observations
host - show timestamps for distinct qname only
first_seen_after =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or after this time
default=-2592000 - look back 30 days
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
first_seen_before =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_after =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_before =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
as_of =<date|epoch|sec|period> (optional) –
only return records where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
sort =<sort/order> (optional) –
order results in specified order - parameter may be repeated with different column names to produce a nested sorting effect
sort:
last_seen/last/time_last - synonyms for last_seen column
first_seen/first/time_first - synonyms for first_seen column
query/rrname - synonyms for query column
answer/rdata - synonyms for answer_seen column
order:
asc/+/up - synonyms for ascending order
desc/-/down - synonyms for descending order
output_format =<padns|cof> (optional) –
padns (default) - Silent Push padns output format
cof - common output format
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Note
reduce=host gives aggregation on hostname without pairing with IP resolutions - this gives observation dates for the hostname regardless of IP history
Note
Wildcards (*) are supported in qname and nsname parameters
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/uld/a/well*rgo.*/159.45.71.0 \
?netmask=20 \
&network=159.45.170.0/20 \
&nsname=*.wf.com \
&nsname=*.wellsfargo.com \
&nsname=*.markmonitor.com \
&asname_starts_with=wellsfargo \
&asn=notin \
&net=notin \
&match=neq \
&last_seen_after=2021-07-01 \
&limit=2
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"answer": "192.187.111.222",
"asn": 33387,
"count": 3,
"domain": "wellxsfargo.com",
"first_seen": "2021-06-25 20:27:29",
"last_seen": "2021-07-10 19:56:31",
"query": "wellxsfargo.com",
"type": "A"
},
{
"answer": "63.141.242.44",
"asn": 33387,
"count": 2,
"domain": "wellsfaprgo.com",
"first_seen": "2021-07-07 10:51:36",
"last_seen": "2021-07-10 19:56:30",
"query": "wellsfaprgo.com",
"type": "A"
}
]
}
}
translate hash to server names¶
- GET /explore/padns/lookup/translate/{qtype}/{query}
Show server names that belong to an nshash or mxhash
- Query Parameters
qtype (string) (required) –
the following qypes are supported:
nshash
mxhash
query (string) (required) –
specify a hash value to translate
nshash or mxhash
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/translate/nshash/850c47a684c9ea9c32ece18e7be4cddc
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"nshash": "850c47a684c9ea9c32ece18e7be4cddc"
},
[
{
"nssrv": "henry.ns.cloudflare.com"
},
{
"nssrv": "vida.ns.cloudflare.com"
}
]
]
}
}
density lookup¶
- GET /explore/padns/lookup/density/{qtype}/{query}
Get density (number of domains) for qtype
- Query Parameters
qtype (string) (required) –
the following qypes are supported:
nssrv
mxsrv
nshash
mxhash
ipv4
ipv6
asn
query (string) (required) –
specify a value to lookup
name of NS or MX server
hash of NS or MX server
IPv4 or IPv6 address
AS number
scope (string) (optional) –
exact or near match results by qtype
for qtype = ipv4
ip - exact match (default when qtype=ipv4)
subnet - summary of subnet for ipv4
subnet_ips - density for all ips in subnet
asn - summary of asn for ipv4
asn_subnets - summary for all subnets in asn
for qtype = asn
asn - summary of asn (default when qtype=asn)
asn_subnets - summary for all subnets in asn
for qtype = nssrv or qtype = mxsrv
host - exact match (default when qtype=nssrv or qtype=mxsrv)
domain - match all hosts in this domain (domain extracted from {query})
subdomain - match all hosts at this subdomain level (i.e. *.{query})
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/density/nssrv/vida.ns.cloudflare.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"density": 64082,
"nssrv": "vida.ns.cloudflare.com"
}
]
}
}
Tip
Example subnet scope from IPv4 address:
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/density/ipv4/1.1.1.1?scope=subnet{ "status_code": 200, "error": null, "response": { "records": [ { "asn": 13335, "density_avg": 187.9, "density_max": 37852, "density_stddev": 2630.6, "ips_active": 206, "subnet": "1.1.1.0/24", "subnet_size": 256 } ] } }
IP diversity lookup¶
- GET /explore/padns/lookup/ipdiversity/{qtype}/{query}
Get ip diversity (number of ip addresses pointed to over time) for query of qtype
- Query Parameters
qtype (string) (required) –
the following qypes are supported:
a
aaaa
query (string) (required) –
specify a value to lookup
name of A or AAAA record
window =<n> (int) (optional) –
use records with a last_seen more recently than <n> days ago
default = 30
asn =<0|1> (int) (optional) –
include asn diversity
0 = do not include
1 (default) = include asn diversity
timeline =<0|1> (int) (optional) –
include timeline of {ip, first_seen, last_seen} (+asn if asn=1)
0 (default) = do not include
1 = include timeline
verbose =<0|1> (int) (optional) –
return ips, dates, timeline, (and asns if asn=1)
0 (default) = do not include
1 = include all data
scope (string) (optional) –
exact or near match results by qtype
scope=live is automatically set when timeline=1 or verbose=1
for qtype = a
host - exact match (default when qtype=a)
domain - match all hosts in this domain (domain extracted from {query})
subdomain - match all hosts at this subdomain level (i.e. *.{query})
live - calculate values from live data instead of pre-aggregated values - also switches to exact match only
for qtype = aaaa
live - only this mode is supported for qtype=aaaa
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/ipdiversity/a/elbigiddim.xyz
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"asn_diversity": 2,
"host": "elbigiddim.xyz",
"ip_diversity_all": 2,
"ip_diversity_groups": 2
}
]
}
}
Tip
Example timeline:
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/ipdiversity/a/elbigiddim?timeline=1{ "status_code": 200, "error": null, "response": { "records": [ { "asn_diversity": 2, "host": "elbigiddim.xyz", "ip_diversity_all": 2, "ip_diversity_groups": 2, "timeline": [ { "asn": "28753", "asname": "LEASEWEB-DE-FRA-10, DE", "first_seen": "2021-07-06 18:06:58", "ip": "5.61.43.191", "last_seen": "2021-07-10 17:58:31" }, { "asn": "202015", "asname": "HZ-US-AS, BG", "first_seen": "2021-07-03 14:31:37", "ip": "79.141.163.35", "last_seen": "2021-07-05 14:56:16" } ] } ] } }
search ipdiversity patterns¶
- GET /explore/padns/search/ipdiversity
Search for IP Diversity patterns, with optional name server and domain name pattern matching
- Query Parameters
nsname =<name|pattern|self> (string) (optional) –
name server name or wildcard pattern of name server used by domains
use nsname=self to find domains hosting their own nameservers
domain =<name|pattern> (string) (optional) –
name or wildcard pattern of domain names to search for
domain_regex =<pattern> (pattern) (optional) –
re2 regular expression - overrides domain parameter
pattern must be a valid re2 regular expression
mxname =<name|pattern|self> (string) (optional) –
mx server name or wildcard pattern of mx server used by domains
use mxname=self to find domains hosting their own mailservers
asn_diversity =<n> (int) (optional) –
asn diversity - exact match
asn_diversity_min =<n> (int) (optional) –
minimum diversity limit
asn_diversity_max =<n> (int) (optional) –
maximum diversity limit
ip_diversity_all =<n> (int) (optional) –
ip diversity all - exact match
ip_diversity_all_min =<n> (int) (optional) –
minimum diversity limit
ip_diversity_all_max =<n> (int) (optional) –
maximum diversity limit
ip_diversity_groups =<n> (int) (optional) –
ip diversity groups - exact match
ip_diversity_groups_min =<n> (int) (optional) –
minimum diversity limit
ip_diversity_groups_max =<n> (int) (optional) –
maximum diversity limit
first_seen_min =<yyyy-mm-dd> (string) (optional) –
only domains that have A records seen for the first time after the given date
first_seen_max =<yyyy-mm-dd> (string) (optional) –
only domains that have A records seen for the first time before the given date
first_seen_min_mode =<strict|any> (string) (optional) –
match mode for first_seen_min parameter
strict (default) - select A records that do not have any timestamps before first_seen_min
any - select A records that have at least one timestamp after first_seen_min
first_seen_max_mode =<strict|any> (string) (optional) –
match mode for first_seen_max parameter
strict (default) - select A records that do not have any timestamps after first_seen_max
any - select A records that have at least one timestamp before first_seen_max
last_seen_min =<yyyy-mm-dd> (string) (optional) –
only domains that have A records last seen more recently than the given date
last_seen_max =<yyyy-mm-dd> (string) (optional) –
only domains that have A records last seen earlier than the given date
last_seen_min_mode =<strict|any> (string) (optional) –
match mode for last_seen_min parameter
strict - select A records that do not have any timestamps before last_seen_min
any (default) - select A records that have at least one timestamp after first_seen_min
last_seen_max_mode =<strict|any> (string) (optional) –
match mode for last_seen_max parameter
strict (default) - select A records that do not have any timestamps after last_seen_max
any - select A records that have at least one timestamp before last_seen_max
asnum =<n> (int) (optional) –
AS number to search, may be repeated multiple time for additional AS numbers
asn =<in|notin> (int) (optional) –
search for IP addresses in or not in the given AS numbers
default = in
asname =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_starts_with =<name> (string) (optional) –
search all AS numbers where the AS Name begins with <name>
asname_contains =<name> (string) (optional) –
search all AS numbers where the AS Name contains <name>
asn_match =<type> (string) (optional) –
how to match AS numbers
any (default) - match on any asnum given or derived from asname
all - asn diversity timeline must contain all asnums given as asnum parameter or derived from asname
limit - apply min and/or max limits as specified by optional asn_match_min and asn_match_max parameters
asn_match_max =<n> (int) (optional) –
maximum <n> of the asnums given as asnum or derived from asname must appear in asn diversity timeline
asn_match_min =<n> (int) (optional) –
minimum <n> of the asnums given as asnum or derived from asname must appear in asn diversity timeline
network =<subnet> (string) (optional) –
additional network and net mask
give option as 1.1.1.1/24
network parameter may be given multiple times and the search will be performed as an ‘or’ condition
timeline =<0|1> (int) (optional) –
include details of IPs, ASNs, first_seen and last_seen for each domain
0 (default) = do not include
1 = include timeline
first_seen_after =<yyyy-mm-dd> (string) (optional) –
only domains that have been seen using the NS server in the “nsname=” parameter for the first time after the given date
first_seen_before =<yyyy-mm-dd> (string) (optional) –
only domains that have been seen using the NS server in the “nsname=” parameter for the first time before the given date
registrar =<name> (string) (optional) –
name or partial name of registrar used to register domains - no wildcards, the given string is used in partial match - this is a slow search option and should only be used in combination with the domain match option
email =<email> (string) (optional) –
email used to register domains - no wildcards, the given string is used in exact match - this is a slow search option and should only be used in combination with the domain match option
whois_date_after =<yyyy-mm-dd> (string) (optional) –
only domains that have a created date in Whois after this date – this limits the search to domains for which we have Whois data and makes the search perform slowly – all of the whois specific options should be avoided if at all possible
nschange_from_ns =<name|pattern|self> (string) (optional) –
domain has changed name server from nsname
exact match, wildcards and ‘self’ options supported
nschange_to_ns =<name|pattern|self> (string) (optional) –
domain has changed name server to nsname
exact match, wildcards and ‘self’ options supported
nschange_date_after =<yyyy-mm-dd> (string) (optional) –
only domains with name server changes that occurred after the given date
if nschange_date_after is not given, the default is to find name server changes in the last 30 days, if nschange_date_before is not given
nschange_date_before =<yyyy-mm-dd> (string) (optional) –
only domains with name server changes that occurred before the given date
cert_date_min =<yyyy-mm-dd> (string) (optional) –
only domains that have had ssl certificates issued on or after the given date
cert_date_max =<yyyy-mm-dd> (string) (optional) –
only domains that have had ssl certificates issued on or before the given date
cert_issuer =<name|pattern> (string) (optional) –
only domains that have had ssl certificates issued using the named certificate issuer
wildcards (*) are supported
spaces in name may be represented by ‘+’
infratag =<infratag> (string) (optional) –
search by infratag
infratag must include mx part, ns part, asname part, or registrar part
overrides mxname, nsname and registrar parameters, if infratag contains these parts
can be combined with all other parameters
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Note
At least one of the following optional parameters is required:
asn_diversity
asn_diversity_min
asn_diversity_max
ip_diversity_all
ip_diversity_all_min
ip_diversity_all_max
ip_diversity_groups
ip_diversity_groups_min
ip_diversity_groups_max
Warning
The registrar option is a slow search option and should only be used in combination with the domain match option
Warning
The whois_date_after option limits the search to domains for which we have Whois data and makes the search perform slowly
Warning
All of the whois specific options should be avoided if at all possible
registrar
whois_date_after
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/search/ipdiversity \
?nsname=*.bodis.com \
&asn_diversity_min=5 \
&limit=3
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"asn_diversity": 5,
"host": "089.org",
"ip_diversity_all": 5,
"ip_diversity_groups": 3
},
{
"asn_diversity": 5,
"host": "6645.org",
"ip_diversity_all": 5,
"ip_diversity_groups": 3
},
{
"asn_diversity": 5,
"host": "aerialbytes.com",
"ip_diversity_all": 5,
"ip_diversity_groups": 3
}
]
}
}
Tip
Example timeline:
https://api.silentpush.com/api/v1/merge-api/explore/padns/search/ipdiversity \ ?nsname=*.bodis.com \ &asn_diversity_min=5 \ &limit=3 \ &timeline=1{ "status_code": 200, "error": null, "response": { "records": [ { "asn_diversity": 5, "host": "089.org", "ip_diversity_all": 5, "ip_diversity_groups": 3, "timeline": [ { "asn": 3842, "first_seen": "2021-06-23 15:00:05", "ip": "107.161.23.204", "last_seen": "2021-06-26 13:25:30" }, { "asn": 8100, "first_seen": "2021-06-23 15:00:05", "ip": "192.161.187.200", "last_seen": "2021-06-26 13:25:30" }, { "asn": 53667, "first_seen": "2021-06-23 15:00:05", "ip": "209.141.38.71", "last_seen": "2021-06-26 13:25:30" }, { "asn": 395082, "first_seen": "2021-06-28 22:20:59", "ip": "199.59.242.153", "last_seen": "2021-07-09 15:04:46" }, { "asn": 16509, "first_seen": "2021-03-10 17:07:19", "ip": "52.58.78.16", "last_seen": "2021-06-21 13:19:25" } ] }, { "asn_diversity": 5, "host": "6645.org", "ip_diversity_all": 5, "ip_diversity_groups": 3, "timeline": [ { "asn": 3842, "first_seen": "2020-12-23 14:02:19", "ip": "107.161.23.204", "last_seen": "2021-06-26 16:52:24" }, { "asn": 16509, "first_seen": "2021-05-22 11:35:33", "ip": "99.81.40.78", "last_seen": "2021-06-21 17:28:31" }, { "asn": 395082, "first_seen": "2021-06-27 13:52:52", "ip": "199.59.242.153", "last_seen": "2021-07-09 14:02:15" }, { "asn": 53667, "first_seen": "2020-12-23 14:02:19", "ip": "209.141.38.71", "last_seen": "2021-06-26 16:52:24" }, { "asn": 8100, "first_seen": "2020-12-23 14:02:19", "ip": "192.161.187.200", "last_seen": "2021-06-26 16:52:24" } ] }, { "asn_diversity": 5, "host": "aerialbytes.com", "ip_diversity_all": 5, "ip_diversity_groups": 3, "timeline": [ { "asn": 19994, "first_seen": "2020-12-28 17:30:52", "ip": "23.253.58.227", "last_seen": "2021-06-11 12:34:58" }, { "asn": 395082, "first_seen": "2021-07-09 11:10:00", "ip": "199.59.242.153", "last_seen": "2021-07-09 11:10:00" }, { "asn": 16509, "first_seen": "2020-12-28 17:30:52", "ip": "176.34.241.253", "last_seen": "2021-06-11 12:34:58" }, { "asn": 33070, "first_seen": "2020-12-28 17:30:52", "ip": "162.242.150.89", "last_seen": "2021-06-11 12:34:58" }, { "asn": 19324, "first_seen": "2021-06-12 11:35:27", "ip": "52.128.23.27", "last_seen": "2021-07-07 16:14:05" } ] } ] } }
search self-hosted domains¶
- GET /explore/padns/search/selfhosted/{qtype}
Search self-hosted domains, i.e. NS servers are in the queried domain and hosted on the same IP as the domain A record (where A records have been seen as active within the last 30 days)
- Query Parameters
qtype (string) (required) –
record type to search
the following qtypes are supported:
ns
domain =<name|pattern> (string) (optional) –
name or wildcard pattern of domain names to search for
regex =<pattern> (pattern) (optional) –
re2 regular expression
pattern must be a valid re2 regular expression
domain_asnum =<n> (int) (optional) –
AS number of domain A records to search, may be repeated multiple time for additional AS numbers
nssrv_asnum =<n> (int) (optional) –
AS number of name server A records to search, may be repeated multiple time for additional AS numbers
asn =<in|notin> (int) (optional) –
search for IP addresses in or not in the given AS numbers
default = in
asname =<name> (string) (optional) –
search for domain and name server A records in all AS numbers where the AS Name begins with <name>, may be repeated multiple time for additional AS names
asname_starts_with =<name> (string) (optional) –
search for domain and name server A records in all AS numbers where the AS Name begins with <name>, may be repeated multiple time for additional AS names
asname_contains =<name> (string) (optional) –
search for domain and name server A records in all AS numbers where the AS Name contains <name>, may be repeated multiple time for additional AS names
asn_match =<type> (string) (optional) –
how to match AS numbers
any (default) - match on any asnum given or derived from asname
all - asn diversity timeline must contain all asnums given as asnum parameter or derived from asname
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Note
AS numbers derived from asname, asname_starts_with and asname_contains parameters will be appended to the AS numbers given as domain_asnum and nssrv_asnum parameters - i.e. asname, asname_starts_with and asname_contains are appended to both the domain_asnum and nssrv_asnum lists
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/search/selfhosted/ns \
?asname=uunet \
&asn=notin \
&domain=sil* \
&limit=3
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"domain": "sil-core.com",
"domain_asns": {
"394695": "PUBLIC-DOMAIN-REGISTRY, US"
},
"domain_ips": [
"199.79.62.211"
],
"nssrv": [
"ns.sil-core.com"
],
"nssrv_asns": {
"394695": "PUBLIC-DOMAIN-REGISTRY, US"
},
"nssrv_ips": [
"199.79.62.211"
]
},
{
"domain": "sil-more.com",
"domain_asns": {
"3462": "HINET Data Communication Business Group, TW"
},
"domain_ips": [
"220.130.141.85"
],
"nssrv": [
"dns2.sil-more.com",
"dns1.sil-more.com"
],
"nssrv_asns": {
"3462": "HINET Data Communication Business Group, TW"
},
"nssrv_ips": [
"220.128.102.156",
"220.130.141.85"
]
},
{
"domain": "sil-tec.gr",
"domain_asns": {
"3329": "HOL-GR Athens, Greece, GR"
},
"domain_ips": [
"91.138.180.85"
],
"nssrv": [
"ns1.sil-tec.gr",
"ns3.sil-tec.gr"
],
"nssrv_asns": {
"3329": "HOL-GR Athens, Greece, GR",
"55405": "EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY"
},
"nssrv_ips": [
"91.138.180.85",
"202.157.182.142"
]
}
]
}
}
search SOA records¶
- GET /explore/padns/search/soa
Search SOA records - search by individual components of the SOA record
the following record components are searchable:
domain
ns
mbox
serial
refresh
retry
expire
min_ttl
- Query Parameters
domain =<name|pattern> (string) (optional) –
name or wildcard pattern of domain names to search for
regex =<pattern> (pattern) (optional) –
re2 regular expression - may be used for complex matching on domain names
overrides domain parameter
pattern must be a valid re2 regular expression
ns =<name|pattern|self> (string) (optional) –
name or wildcard pattern of ns component
self - only show results where domain of ns component matches name of the record’s domain
mbox =<name|pattern|self> (string) (optional) –
name or wildcard pattern of mbox component
self - only show results where domain of mbox component matches name of the record’s domain
serial =<n> (int) (optional) –
serial number - exact match
serial_min =<n> (int) (optional) –
serial number - minimum value of serial number
serial_max =<n> (int) (optional) –
serial number - maximum value of serial number
refresh =<n> (int) (optional) –
refresh value - exact match
refresh_min =<n> (int) (optional) –
refresh value - minimum value of refresh
refresh_max =<n> (int) (optional) –
refresh value - maximum value of refresh
retry =<n> (int) (optional) –
retry value - exact match
retry_min =<n> (int) (optional) –
retry value - minimum value of retry
retry_max =<n> (int) (optional) –
retry value - maximum value of retry
expire =<n> (int) (optional) –
expire value - exact match
expire_min =<n> (int) (optional) –
expire value - minimum value of expire
expire_max =<n> (int) (optional) –
expire value - maximum value of expire
min_tll =<n> (int) (optional) –
min_ttl value - exact match
min_ttl_min =<n> (int) (optional) –
min_ttl value - minimum value of min_ttl
min_ttl_max =<n> (int) (optional) –
min_ttl value - maximum value of min_ttl
first_seen_after =<date|epoch|sec|period> (optional) –
first_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
first_seen_before =<date|epoch|se|periodc> (optional) –
first_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_after =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or after this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
last_seen_before =<date|epoch|sec|period> (optional) –
last_seen timestamp must be on or before this time
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
as_of =<date|epoch|sec|period> (optional) –
only return records where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp
date: yyyy-mm-dd (2021-07-09) - fixed date
epoch: number (1625834953) - fixed time in epoch format
sec: negative number (-172800) - relative time <sec> seconds ago
time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time <nX> ago
h : hours
d : days
w : weeks
m : months
sort =<sort/order> (optional) –
order results in specified order - parameter may be repeated with different column names to produce a nested sorting effect
sort:
last_seen/last/time_last - synonyms for last_seen column
first_seen/first/time_first - synonyms for first_seen column
query/rrname - synonyms for query column
answer/rdata - synonyms for answer_seen column
order:
asc/+/up - synonyms for ascending order
desc/-/down - synonyms for descending order
output_format =<padns|cof> (optional) –
padns (default) - Silent Push padns output format
cof - common output format
limit =<n> (int) (optional) –
number of results to return
default = 100
skip =<n> (int) (optional) –
number of results to skip
limit_by_n =<n> (int) (optional) –
number of results to return for each domain
should be used in combination with the sort option to order results by domain name:
sort=query/asc&limit_by_n=<n>
sort=query/desc&limit_by_n=<n>
prefer =<result|job_id> (string) (optional) –
result (default) - return results if available before max_wait timeout, otherwise return job_id
job_id - return job_id immediately
max_wait =<n> (int) (optional) –
number of seconds to wait for results before returning job_id
default = 25
value in the range from 0 to 25
with_metadata =<0|1> (int) (optional) –
include metadata object in response : returned results, total results, job_id
0 (default) = do not include
1 = include metadata
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/search/soa \
?ns=self \
&mbox=self \
&refresh_max=3600 \
&as_of=2021-09-05 \
&sort=query/asc \
&limit_by_n=1 \
&limit=3
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"answer": "0-0.tokyo postmaster.0-0.tokyo 1628480066 3600 1800 604800 3600",
"count": 22,
"first_seen": "2021-08-16 14:16:16",
"last_seen": "2021-09-11 15:33:34",
"query": "0-0.tokyo",
"soahash": "9368183172799169125",
"type": "SOA"
},
{
"answer": "0-00.jp postmaster.0-00.jp 1578118944 3600 1800 604800 3600",
"count": 21,
"first_seen": "2021-08-15 19:31:47",
"last_seen": "2021-09-09 21:19:44",
"query": "0-00.jp",
"soahash": "5082557450419466557",
"type": "SOA"
},
{
"answer": "0-0b.com postmaster.0-0b.com 1523681376 3600 1800 604800 3600",
"count": 23,
"first_seen": "2021-08-16 11:00:49",
"last_seen": "2021-09-09 11:00:56",
"query": "0-0b.com",
"soahash": "2864770382402869468",
"type": "SOA"
}
]
}
}
ASNs seen for domain¶
- GET /explore/padns/lookup/domain/asns/{domain}
Show ASNs that have been used by A records for a domain within the last 30 days, includes subdomains
- Query Parameters
domain (string) (required) –
name of domain to search for
result_format (string) (optional) –
format of returned results
compact (default) = return ASN and AS Name only
full = return details of domain hosts in each ASN
- Request Headers
X-API-KEY – api-key
Example Request
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/domain/asns/example.com
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"domain": "example.com",
"domain_asns": {
"15133": "EDGECAST, US"
}
}
]
}
}
Example Request with detailed response
https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/domain/asns/example.com?result_format=full
Example Response
{
"status_code": 200,
"error": null,
"response": {
"records": [
{
"asn": 15133,
"asn_size": 134400,
"asname": "EDGECAST, US",
"domain_hosts_in_asn": 2
}
]
}
}