Silent Push empowers security teams, threat hunters, and researchers to analyze and mitigate threats by querying and enriching data across the global IPv4 and IPv6 address spaces. Our IPv6 query capabilities provide detailed insights into IPv6 addresses, including Autonomous System Number (ASN) details, reputation scores, certificate information, Tor and IPFS node associations, geographic location, subnet data, and proprietary risk scores.
These tools help users identify adversary infrastructure, detect phishing campaigns, and monitor malicious activity before attacks are launched.
Key Features
Our IPv6 query tools allow users to retrieve both granular information and risk assessments for IPv6 addresses, leveraging a proprietary scanning engine and first-party data to generate actionable intelligence.
The platform supports two primary query types: Information Queries and Risk Score Queries, with options for single and bulk queries.
Information Queries
Purpose: Retrieve comprehensive data about an IPv6 address, including:
Autonomous System Number (ASN): Identifies the AS managing the IP address.
ASN Reputation Scores: Evaluates the trustworthiness of the ASN based on historical data and malicious activity.
Certificate Information: Details SSL/TLS certificates associated with the IP.
Tor and IPFS Nodes: Flags connections to anonymity networks or decentralized file systems.
Geographic Location: Provides the physical location of the IP’s infrastructure.
Subnet Data: Maps the IP to its network subnet.
Process: Users navigate to Advanced Query Builder > IPv6 Queries > Information, specify an IPv6 address, and optionally select Explain to view score calculation details or Sparse to filter specific data (e.g., ASN, AS Name, or risk score). Bulk queries are supported via Information - Bulk query for analyzing multiple IPs simultaneously.
Use Case: Ideal for mapping attacker infrastructure, identifying misconfigured networks, or investigating suspicious IPs in threat intelligence workflows.
Risk Score Queries
Purpose: Assigns a Silent Push Risk Score to an IPv6 address based on a proprietary algorithm that analyzes DNS records and associated threat indicators. The score reflects the likelihood of the IP being linked to malicious infrastructure, such as phishing or command-and-control (C2) servers.
Process: Users navigate to Advanced Query Builder > IPv6 Queries > Risk Score, enter an IPv6 address, and click Search. Bulk risk score queries are available via Risk Score - Bulk query, supporting up to 100 IPs per request.
Use Case: Enables rapid prioritization of high-risk IPs for further investigation, reducing alert fatigue and enhancing incident response.
Save and Collaboration
Organizational users can save queries in the Private Queries menu for reuse or sharing. After specifying query parameters, users click Save Query, provide a name and description, and store the query for future analysis. This feature streamlines workflows and fosters collaboration among security teams.
Integration with Silent Push’s Ecosystem
Our platform integrates with tools like Splunk SOAR and Cortex XSOAR, allowing users to enrich DNS data, perform live URL scans, and fetch Indicators of Future Attack (IOFAâ„¢) feeds. These integrations enhance automation and provide contextual insights, such as name server reputation and ASN takedown history, to track adversary tactics.
For example, the Silent Push API enables programmatic access to IPv6 data, returning detailed responses like ASN allocation age, reputation scores, and subnet information. An example API request for the IPv6 address 2606:4700:4700::1111 might return:
ASN: 13335 (CLOUDFLARENET, US)
Risk Score: 0 (low risk)
Subnet: 2606:4700:4700::/48
Geographic Data: US-based infrastructure