Live Unsanctioned Assets PADNS lookup

Updated
  • Updated on Oct 24, 2025
  • 5 minute(s) read
Prev Next 
GET /explore/padns/lookup/uld/{qtype}/{qname}/{qanswer}

Similar A records in similar domains in/not in networks specified by qanswer, netmask, and network parameters, where the similar domain is on/not on name servers specified by one or more nsname parameters.

The default is to look at new records with a first_seen timestamp within the last 30 days, but the exact time period can be defined explicitly.

This can be used to find spoofing domains hosted on unsanctioned infrastructure.

Parameter

Type

Required

Description

qtype

string

Yes

The following qtypes are supported: a, aaaa

qname

string

Yes

Specify a name to lookup. Wildcards (*) are required in name string. Use underscore (_) as placeholder if regex is given.

regex

pattern

No

RE2 regular expression. Pattern must be a valid RE2 regular expression. Regex overrides any qname given.

qanswer

string

Yes

IP address to look for records - use in combination with netmask parameter to specify subnet. IPv4 address, IPv6 address, or use underscore (_) as placeholder if no IP match is required.

nsname

string

No

Specifies name or pattern of name server where a domain is/is not hosted. Up to 5 nsname parameters may be given - wildcards are supported.

match

string

No

Finds domains not on (neq) or on (eq) name servers given as nsname parameters. eq - domains on name servers; neq (default) - domains not on name servers.

netmask

int

No

Net mask may be given for qtypes a or aaaa. Used in combination with qanswer to define subnet. Use to find records in the same subnet. Defaults: IPv4 = 32, IPv6 = 128.

net

string

No

Find records where IP not in (default) or in subnet defined by netmask and additional network parameters. in

  • find records in subnet; notin (default)

  • find records not in subnet.

network

string

No

Additional network and net mask. Give option as 1.1.1.1/24. Up to 5 additional networks may be given.

asnum

int

No

AS number to search, may be repeated multiple times for additional AS numbers. Parameter may be used with qtype=a or qtype=ptr4. Use to find records in the same AS number.

asn

string

No

Find ptr4 or a records where IPv4 in or not in ASN defined by asnum. in

  • find records in ASN; notin (default)

  • find records not in ASN.

asname

string

No

Search all AS numbers where the AS Name begins with.

asname_starts_with

string

No

Search all AS numbers where the AS Name begins with.

asname_contains

string

No

Search all AS numbers where the AS Name contains.

reduce

string

No

Aggregate timestamps for qname only (host) or for each qname=>qanswer observation (full). full (default)

  • show timestamps for qname=>qanswer observations; host

  • show timestamps for distinct qname only.

first_seen_after

string

No

First_seen timestamp must be on or after this time. Default=-2592000 (look back 30 days).

Formats: date (yyyy-mm-dd, e.g., 2021-07-09)

  • fixed date; epoch (number, e.g., 1625834953)

  • fixed time in epoch format; sec (negative number, e.g., -172800) relative time seconds ago; time period (negative number with time period, e.g., -36h / -5d / -3w / -6m)

  • relative time ago. h: hours, d: days, w: weeks, m: months.

first_seen_before

string

No

First_seen timestamp must be on or before this time.

Formats: date (yyyy-mm-dd, e.g., 2021-07-09)

  • fixed date; epoch (number, e.g., 1625834953)

  • fixed time in epoch format; sec (negative number, e.g., -172800)

  • relative time seconds ago; time period (negative number with time period, e.g., -36h / -5d / -3w / -6m)

  • relative time ago. h: hours, d: days, w: weeks, m: months.

last_seen_after

string

No

Last_seen timestamp must be on or after this time.

Formats: date (yyyy-mm-dd, e.g., 2021-07-09)

  • fixed date; epoch (number, e.g., 1625834953)

  • fixed time in epoch format; sec (negative number, e.g., -172800)

  • relative time seconds ago; time period (negative number with time period, e.g., -36h / -5d / -3w / -6m)

  • relative time ago. h: hours, d: days, w: weeks, m: months.

last_seen_before

string

No

Last_seen timestamp must be on or before this time.

Formats: date (yyyy-mm-dd, e.g., 2021-07-09)

fixed date; epoch (number, e.g., 1625834953)

fixed time in epoch format; sec (negative number, e.g., -172800)

relative time seconds ago; time period (negative number with time period, e.g., -36h / -5d / -3w / -6m)

relative time ago. h: hours, d: days, w: weeks, m: months.

as_of

string

No

Only return records where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp.

Formats: date (yyyy-mm-dd, e.g., 2021-07-09)

  • fixed date; epoch (number, e.g., 1625834953)

  • fixed time in epoch format; sec (negative number, e.g., -172800)

  • relative time seconds ago; time period (negative number with time period, e.g., -36h / -5d / -3w / -6m)

  • relative time ago. h: hours, d: days, w: weeks, m: months.

sort

string

No

Order results in specified order - parameter may be repeated with different column names to produce a nested sorting effect.

Sort:

  • last_seen/last/time_last (synonyms for last_seen column),

  • first_seen/first/time_first (synonyms for first_seen column),

  • query/rrname (synonyms for query column),

  • answer/rdata (synonyms for answer_seen column).

Order:

  • asc/+/up (synonyms for ascending order),

  • desc/-/down (synonyms for descending order).

output_format

string

No

padns (default) - Silent Push padns output format; cof - common output format.

limit

int

No

Number of results to return. Default = 100.

skip

int

No

Number of results to skip.

prefer

string

No

result (default) - return results if available before max_wait timeout, otherwise return job_id; job_id - return job_id immediately.

max_wait

int

No

Number of seconds to wait for results before returning job_id. Default = 25. Value in the range from 0 to 25.

with_metadata

int

No

Include metadata object in response (returned results, total results, job_id).

  • 0 (default) = do not include;

  • 1 = include metadata.

Request headers

Header

Description

X-API-KEY

API key for authentication.

Note

reduce=host gives aggregation on hostname without pairing the IP resolutions - this gives observation dates for the hostname regardless of IP history.

Note

Wildcards (*) are supported in qname and nsname parameters.

Example request

https://api.silentpush.com/api/v1/merge-api/explore/padns/lookup/uld/a/well*rgo.*/159.45.71.0 \
     ?netmask=20 \
     &network=159.45.170.0/20 \
     &nsname=*.wf.com \
     &nsname=*.wellsfargo.com \
     &nsname=*.markmonitor.com \
     &asname_starts_with=wellsfargo \
     &asn=notin \
     &net=notin \
     &match=neq \
     &last_seen_after=2021-07-01 \
     &limit=2

Example response

{
    "status_code": 200,
    "error": null,
    "response": {
        "records": [
            {
                "answer": "192.187.111.222",
                "asn": 33387,
                "count": 3,
                "domain": "wellxsfargo.com",
                "first_seen": "2021-06-25 20:27:29",
                "last_seen": "2021-07-10 19:56:31",
                "query": "wellxsfargo.com",
                "type": "A"
            },
            {
                "answer": "63.141.242.44",
                "asn": 33387,
                "count": 2,
                "domain": "wellsfaprgo.com",
                "first_seen": "2021-07-07 10:51:36",
                "last_seen": "2021-07-10 19:56:30",
                "query": "wellsfaprgo.com",
                "type": "A"
            }
        ]
    }
}