Scan for JARM data

Updated
  • Updated on Aug 14, 2025
  • Published on Apr 11, 2023
  • 1 minute(s) read
Prev Next

Silent Push allows you to search through data from our daily scans of the Internet's IPv4 range to obtain JARM data.

JARM (Just Another Ruby Mod) is a tool used to identify TLS servers based on their behavior and configuration, allowing security teams to identify servers that are using outdated or insecure TLS configurations.

JARM works by sending a series of TLS messages to a server and analyzing the server's response. The tool then generates a unique fingerprint based on the response, which can be used to identify the server even if it is using a different IP address or domain name.

By comparing the JARM fingerprint of a server against a database of known malicious fingerprints, security teams can quickly identify potential threats and malicious servers engaged in phishing and/or malware operations, and take appropriate action.

JARM fingerprints also allow threat analysts to identify traffic patterns and connections across different attack vectors, and pinpoint infrastructure and resources used by specific threat actors.

JARM data

  1. Navigate to Advanced Query Builder > IPv4 Queries > Scan Data - JARM Usage.

  2. Specify an IPv4 address.

  3. (Optional) Add a netmask for a range.

  4. (Optional) Enter a jarm_hash.

  5. (Optional) Set a window (days) for recent results.

  6. (Optional) Skip results.

  7. Click Search.

Save Queries

Organizational users can save queries for future use or sharing.

  1. Specify query parameters.

  2. Click Save Query.

  3. Provide a Name and Description for context.

  4. Click Save. The query appears in Private Queries.