IPv6 Queries

Updated
  • Updated on Sep 24, 2025
  • Published on Aug 15, 2025
  • 2 minute(s) read
Prev Next

Silent Push empowers security teams, threat hunters, and researchers to analyze and mitigate threats by querying and enriching data across the global IPv4 and IPv6 address spaces. Our IPv6 query capabilities provide detailed insights into IPv6 addresses, including Autonomous System Number (ASN) details, reputation scores, certificate information, Tor and IPFS node associations, geographic location, Subnet data, and proprietary risk scores.

These tools help users identify adversary infrastructure, detect phishing campaigns, and monitor malicious activity before attacks are launched.

Key features

Our IPv6 query tools allow users to retrieve both granular information and risk assessments for IPv6 addresses, leveraging a proprietary scanning engine and first-party data to generate Actionable Intelligence.

The platform supports two primary query types: Information queries and Risk Score queries, with options for single and bulk queries.

Information queries

  • Retrieve comprehensive data about an IPv6 address, including:

    • Autonomous System Number (ASN): Identifies the AS managing the IP address.

    • ASN Reputation Scores: Evaluates the trustworthiness of the ASN based on historical data and malicious activity.

    • Certificate information: Details SSL/TLS certificates associated with the IP.

    • Tor and IPFS nodes: Flags connections to anonymity networks or decentralized file systems.

    • Geographic location: Provides the physical location of the IP’s infrastructure.

    • Subnet data: Maps the IP to its network subnet.

  • Use case: Ideal for mapping attacker infrastructure, identifying misconfigured networks, or investigating suspicious IPs in threat intelligence workflows.

Risk Score queries

  • Purpose: Assigns a Silent Push Risk Score to an IPv6 address based on a proprietary algorithm that analyzes DNS records and associated threat indicators. The score reflects the likelihood that the IP address is linked to malicious infrastructure, such as phishing or command-and-control (C2) servers.

  • Use case: Enables rapid prioritization of high-risk IPs for further investigation, reducing alert fatigue and enhancing incident response.

Save and collaboration

Organizational users can save queries in the Private Queries menu for reuse or sharing. After specifying query parameters, users click Save Query, provide a name and description, and store the query for future analysis. This feature streamlines workflows and fosters collaboration among security teams.

Integrate with Silent Push’s ecosystem

Our platform integrates with tools like Splunk SOAR and Cortex XSOAR, enabling users to enrich DNS data, perform live URL scans, and retrieve Indicators of Future Attack (IOFA) feeds. These Integrations enhance automation and provide contextual insights, such as name server reputation and ASN takedown history, to track adversary tactics.

For example, the Silent Push API provides programmatic access to IPv6 data, returning detailed responses that include ASN Allocation Age, reputation scores, and subnet information. An example API request for the IPv6 address 2606:4700:4700::1111 might return:

  • ASN: 13335 (CLOUDFLARENET, US)

  • Risk Score: 0 (low risk)

  • Subnet: 2606:4700:4700::/48

  • Geographic data: US-based infrastructure