Reputation Queries

Updated
  • Updated on Jan 6, 2026
  • Published on Aug 15, 2025
  • 3 minute(s) read
Prev Next

Reputation query tools in Silent Push help security teams, threat hunters, and researchers quickly assess the trustworthiness of network elements such as ASNs, IPv4 addresses, subnets, and nameservers. These tools provide reputation scores and takedown metrics based on historical data, malicious links, and security practices — letting you prioritize threats, spot risky infrastructure, and defend against phishing, malware, and other attacks.

How to Check ASN Reputation Score

Quick Purpose: Rates an ASN's trustworthiness based on past malicious activity, threat-involved IPs, and security measures.

  1. From the left navigation menu, select Advanced Query Builder > Reputation Queries.

  2. Enter the ASN (e.g., AS12345).

  3. Run the query to view the reputation score.

    • Optional: Use the “explain” feature for a detailed breakdown of the score calculation.

How-To Use Case: Prioritizing Monitoring for High-Risk ASNs

  1. Query an ASN suspected of hosting threats.

  2. If the score is low (e.g., below 50), flag all associated IPs and domains for enhanced monitoring.

  3. Set up SIEM alerts for traffic originating from this ASN.

  4. Result: Proactively block or investigate phishing and malware campaigns early.

How to Evaluate ASN Takedown Reputation

Quick Purpose: Measures how quickly a provider responds to abuse reports and mitigates threats.

  1. From the left navigation menu, select Advanced Query Builder > Reputation Queries.

  2. Input the ASN (e.g., AS67890).

  3. Execute the query to get the takedown reputation score.

    • Optional: Use “explain” to see historical responsiveness data.

How-To Use Case: Choosing Reliable Hosting Partners

  1. Query ASNs of potential cloud or hosting providers.

  2. Prefer providers with high takedown scores (80+).

  3. Avoid or add extra controls for low-scoring ASNs.

  4. Result: Reduce risk of prolonged exposure to malicious activity.

How to Assess IPv4 Reputation Score

Quick Purpose: Evaluates an individual IP (or range) based on links to threats via DNS, hosting, or traffic patterns.

  1. From the left navigation menu, select Advanced Query Builder > Reputation Queries.

  2. Enter the IPv4 address or range (e.g., 192.168.1.1).

  3. Run the query to retrieve the reputation score.

    • Optional: Enable “explain” for threat linkage details.

How-To Use Case: Blocking Suspicious IPs

  1. Query an IP appearing in recent logs or alerts.

  2. If the score is low, immediately add it to firewall blocklists.

  3. Cross-reference associated domains for further action.

  4. Result: Prevent phishing pages or malware delivery from reaching users.

How to Measure Subnet Reputation Score

Quick Purpose: Scores an entire subnet or IP range to identify broader malicious patterns early.

  1. From the left navigation menu, select Advanced Query Builder > Reputation Queries.

  2. Provide the subnet and netmask (e.g., 192.168.1.0/24).

  3. Run the query for the reputation score.

    • Optional: Use “explain” to review the underlying factors.

How-To Use Case: Focusing Resources on High-Risk Subnets

  1. Query subnets linked to unusual or suspicious traffic.

  2. Prioritize low-score subnets for in-depth investigation.

  3. Allocate monitoring or isolation resources accordingly.

  4. Result: Efficient threat mitigation without spreading resources too thin.

How to Check Nameserver Reputation Score

Quick Purpose: Rates nameservers based on historical activity, malicious domain associations, and security practices.

  1. From the left navigation menu, select Advanced Query Builder > Reputation Queries.

  2. Enter the nameserver hostname (e.g., ns1.example.com).

  3. Run the query to obtain the reputation score.

    • Optional: Use “explain” for calculation details.

How-To Use Case: Spotting Risky Domains Early

  1. Extract nameservers from a suspicious domain’s WHOIS or DNS records.

  2. Query the nameserver reputation.

  3. If low, investigate or block all domains it serves.

  4. Result: Detect phishing or malware infrastructure before it becomes active against your organization.

How to Save Query

  1. Specify query parameters.

  2. Click Save Query.

  3. Provide a Name and Description for context.

  4. Click Save. The query appears in Private Queries.

How-To Use Case: Streamlining Team Threat Hunting

  1. Save common reputation queries (e.g., known bulletproof ASNs).

  2. Share with analysts for daily or incident-specific checks.

  3. Update saved queries as threat landscapes evolve.

  4. Result: Faster, consistent team workflows.

How to Integrate Reputation Queries

Quick Purpose: Automate reputation checks in SOAR platforms or custom scripts.

  1. Connect Silent Push via API to tools like Splunk SOAR or Cortex XSOAR.

  2. Use the API endpoint to fetch reputation scores programmatically.

  3. Parse JSON responses containing scores and metadata.

How-To Use Case: Automated Alert Enrichment

  1. Add a Silent Push API call to your SOAR playbook.

  2. Automatically query IPs, subnets, or ASNs from incoming alerts.

  3. Use the returned score to auto-triage (e.g., escalate low-score hits).

  4. Result: Faster incident response with enriched context.

Example API Response:

    Querying subnet 192.168.1.0/24 might return:

  •     Reputation Score: 70 (moderate trustworthiness)

  •    Metadata: List of associated domains, historical malicious activity

Tip

Combine reputation scores with other Silent Push queries (e.g., PADNS or feed data) for even higher-confidence threat detections.

Related articles