---
title: "API Feature Overview"
slug: "silent-push-api-highlights"
updated: 2026-03-23T14:13:14Z
published: 2026-03-23T14:13:14Z
canonical: "help.silentpush.com/silent-push-api-highlights"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.silentpush.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Feature Overview

This article serves as an introductory resource for integrating Silent Push's powerful threat intelligence APIs into your security workflows. Whether you're enriching indicators, performing DNS lookups, or automating feeds, these endpoints provide actionable insights into domains, IPs, and emerging threats.

## Prerequisites

- Obtain your Silent Push API key from the Silent Push dashboard.
- Replace `api_key = ""` in the code examples below with your actual key.

All examples use Python with the requests, json, and pandas libraries for simplicity. Adapt as needed for your environment.

We provide a large collection of APIs that customers use to access a wide range of cybersecurity information and to improve their own cyber defenses.

With our APIs, you can:

- **Access an extensive data set**, including information types such as domain, IPv4, IPv6, reputation, PADNS, enrichment, feeds, and scoring.
- **Access threat intelligence**: Threat rankings, Indicators of Future Attacks (IOFAs), and threat feeds from Silent Push and third parties.
- **Analyze DNS data**: Numerous endpoints dedicated to granular analysis.
- **Capture Live Screenshots**: Live screenshots of URLs.
- **Perform Live Scans**: Information types like HTML data, favicon data, body data, SSL data, domain risk score, and redirect chains.
- **Integrate with security tools**: Our APIs are specifically designed to integrate with existing security stacks.
- **Monitor API usage**: API usage and quotas.
- **Retrieve raw scan data**: The original data we scanned.
- **Use SPQL**: Advanced users can use **Silent Push Query Language (SPQL)** to query multiple datasets.

## Top APIs and Endpoints

We offer a wide range of APIs for various use cases, along with numerous endpoints that support hundreds of use cases.

To start, begin with our most popular APIs and endpoints among our customers:

| API Name | Endpoint | Method | Data | Description |
| --- | --- | --- | --- | --- |
| Explore | [/api/v1/merge-api/explore/domain/whois](https://app.silentpush.com/api/v1/merge-api/explore/domain/whois) | GET | WHOIS | Retrieve WHOIS information about domain owners. For example, name or address of the owner associated with a domain. |
| Explore | [/api/v1/merge-api/explore/padns/lookup/query/a](https://app.silentpush.com/api/v1/merge-api/explore/padns/lookup/query/a) | GET | PADNS, Enrichment, Reputation | Retrieve DNS information. For example, domain data and IP address data. |
| Threat Ranking | [/api/v2/iocs/threat-ranking](https://app.silentpush.com/api/v2/iocs/threat-ranking/) | GET | Threat Feeds | Retrieve threat intelligence data to prioritize threats. For example, threat feeds. |
| Live Scan | [/api/v2/live-scan/scan-on-demand](https://api.silentpush.com/api/v1/merge-api/explore/tools/scanondemand?url=%7Burl%7D&platform=%7Bplatform%7D&OS=%7Bos%7D&browser=%7Bbrowser%7D&region=%7Bregion%7D%E2%80%8B) | GET | API Limits | Initiate a real-time Live Scan of a URL to retrieve scan results (HTML, favicon, SSL, risk scores, redirect chains, etc.), configurable by platform, OS, browser, and region. Consumes API credits per scan. |
| Live Scan | [/api/v2/live-scan/screenshot-on-demand](https://api.silentpush.com/api/v1/merge-api/explore/tools/screenshotondemand?url=%7Burl%7D) | GET | Live Endpoint Scan | Retrieve information about a real-time scan of a URL. |
| Explore recipes | [/api/v1/explore-recipes/domain-on-a-server-recipes/query](https://api.silentpush.com/api/v1/explore-recipes/domain-on-a-server-recipes/query/) | GET | Live Screenshot Scan | Retrieve information about a real-time screenshot of a URL. |
| SPQL | [/api/v1/merge-api/explore/scandata/search/raw](https://api.silentpush.com/api/v1/merge-api/explore/scandata/search/raw) | GET | IP Scanning | Query data through multiple datasets within the Silent Push Explore API. |

## Use Cases

We offer a suite of APIs for our customers to enhance their cybersecurity operations with various Silent Push solutions, for example:

- Brand impersonation
- Intelligence feeds
- Proactive threat hunting

### Brand Impersonation

**Use case**: An e-commerce platform wants to safeguard its brand reputation by detecting and mitigating instances of brand impersonation that could deceive customers. **Implementation**: They implement the following relevant solutions using our API's:

1. **Domain impersonation detection**: The e-commerce platform uses Silent Push’s Explore Recipes API to identify domains that closely resemble its own, a common tactic in phishing attacks.
2. **Comprehensive asset monitoring**: The API scans for more than domain impersonation; it allows customers to investigate impersonations involving email addresses, HTML titles, and favicons.
3. **Automated alerts and response**: Upon detecting impersonation attempts, the Silent Push system triggers alerts, enabling the security team to take swift action.

### Intelligence Feeds

**Use case**: A financial institution seeks to strengthen its cybersecurity defenses by integrating real-time threat intelligence into its existing security infrastructure. **Implementation**: They implement the following relevant solutions using our API’s:

1. **Integration of early-detection feeds**: The financial institution uses Silent Push's API to ingest enriched data on domains, IPs, and URLs associated with malicious activity, including command-and-control (C2) infrastructure and phishing campaigns.
2. **Real-Time monitoring**: Security teams gain real-time insights into emerging threats through early-detection feeds. This enables them to proactively adjust their defenses.
3. **Prioritization of threats**: The enriched data provides context and risk scores, allowing the team to focus on the most critical threats and respond swiftly to potential incidents.

### Proactive Threat Hunting

**Use case**: A technology company wants to identify and mitigate threats before they impact operations by uncovering the threatening infrastructure during the planning stages of an attack. **Implementation**: They implement the following relevant solutions using our APIs:

1. **Utilization of Indicators of Future Attack (IOFAs)**: The technology company leverages Silent Push's APIs to access IOFAs, which include data on domains, IPs, and URLs associated with potential malicious infrastructure.
2. **Behavioral analysis**: Security analysts use this data to create behavioral fingerprints that map adversary Tactics, Techniques, and Procedures (TTPs) before they are weaponized.
3. **Preemptive defense measures**: Armed with this intelligence, the technology company implements security measures to block or monitor the identified infrastructure, thereby neutralizing threats before they materialize.

## Enrich Indicator

Enriching an indicator (domain, IPv4, or IPv6) provides details on its origin, function, and risk level, including ASN data, reputation scores, and geolocation.

**Endpoint**: `GET /api/v1/merge-api/explore/enrich/{indicator_type}/{indicator}?explain=1`

**Example Code**:

```python
import requests
import json

indicator = "157.119.237.12"
indicator_type = "ipv4"

url = f"https://api.silentpush.com/api/v1/merge-api/explore/enrich/{indicator_type}/{indicator}?explain=1"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)
print(json_data)
```

**Sample Response (Excerpt)**:

```json
{
  "status_code": 200,
  "error": None,
  "response": {
    "ip2asn": [
      {
        "asn": 134990,
        "asname": "CITYCOMNETWORK-AS-AP CiTYCOM Network, BD",
        "ip_reputation": 0,
        "ip_reputation_score": 0,
        "ip_flags": {
          "is_proxy": True,
          "proxy_tags": ["residential_proxy", "922proxy", "711proxy"]
        },
        "ip_location": {
          "continent_code": "AS",
          "country_code": "BD",
          "country_name": "Bangladesh"
        },
        "sp_risk_score": 0,
        "sp_risk_score_explain": {"sp_risk_score_decider": "ip_reputation"}
      }
    ]
  }
}
```

This response highlights the IP's proxy status and low risk score, aiding in triage.

## Bulk Enrich Indicators

Bulk enrichment supports up to 100 indicators at once for efficient processing. There are separate examples for domains, IPv4, and IPv6.

### Domains

**Endpoint**: `POST /api/v1/merge-api/explore/bulk/summary/domain?`

**Example Code**:

```python
import requests
import json
import pandas as pd

domains = ["google.com", "facebook.com", "twitter.com"]
api_url = "https://app.silentpush.com/api/v1/merge-api/explore/bulk/summary/domain?"
headers = {'X-API-KEY': api_key}
params = {"explain": 1, "scan_data": 0}
body = {'domains': domains}
bulk_response_data = requests.post(api_url, headers=headers, json=body, params=params)
bulk_response_json = json.loads(bulk_response_data.content)
bulk_response_df = pd.DataFrame(bulk_response_json)['response']
df = pd.json_normalize(bulk_response_df)
print(df)
```

**Sample Output**: A normalized DataFrame with enrichment details like reputation and listings for each domain.

### IPv4

**Endpoint**: `POST /api/v1/merge-api/explore/bulk/ip2asn/ipv4?`

**Example Code**: Similar to domains, but with `ips` in the body and IPv4 list (e.g., `["172.67.70.13", "104.26.10.149", "104.26.11.149"]`).

**Sample Output**: DataFrame showing ASN, reputation, and geolocation for each IP.

### IPv6

**Endpoint**: `POST /api/v1/merge-api/explore/bulk/ip2asn/ipv6?`

**Example Code**: Analogous to IPv4, using IPv6 addresses (e.g., `["2a02:4780:37:b262:f807:71a8:e3ee:9b64", ...]`).

**Sample Output**: Similar DataFrame structure, adapted for IPv6.

### Forward DNS Lookup

Query forward DNS records for a domain, supporting types like A, AAAA, CNAME, MX, NS, PTR4, PTR6, ANY, SOA, and TXT.

**Endpoint**: `GET /api/v1/merge-api/explore/padns/lookup/query/{record}/{domain}?limit=1000`

**Example Code**:

```python
import requests
import json
import pandas as pd

domain = "silentpush.com"
record = "any"

url = f"https://app.silentpush.com/api/v1/merge-api/explore/padns/lookup/query/{record}/{domain}?limit=1000"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)['response']['records']
response = pd.DataFrame(json_data)
print(response)
```

**Sample Output**: DataFrame with columns like type, value, first_seen, and last_seen for matching records.

### Reverse DNS Lookup

Reverse lookups on passive DNS data, supporting similar record types plus MXHASH, NSHASH, SOAHASH, and TXTHASH.

**Endpoint**: `GET /api/v1/merge-api/explore/padns/lookup/answer/{record}/{ip}?limit=1000`

**Example Code**:

```python
import requests
import json
import pandas as pd

ip = "104.26.10.149"
record = "a"

url = f"https://app.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/{record}/{ip}?limit=1000"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)['response']['records']
response = pd.DataFrame(json_data)
print(response)
```

**Sample Output**: DataFrame detailing resolved domains, timestamps, and counts.

### Domain Search

Search domains with filters for name servers, Whois, networks, and patterns. Supports parameters like domain, asnum, registrar, and whois_date_after.

**Endpoint**: `GET /api/v1/merge-api/explore/domain/search?...`

**Example Code**:

```python
import requests
import json
import pandas as pd

domain = "*.ru"
asnum = "207713"
registrar = "REGRU-RU"
whois_date_after = "2020-01-01"

url = f"https://api.silentpush.com/api/v1/merge-api/explore/domain/search?domain={domain}&first_seen_min_mode=strict&first_seen_max_mode=strict&last_seen_min_mode=any&last_seen_max_mode=strict&asnum={asnum}&asn=in&asn_match=any&registrar={registrar}&whois_date_after={whois_date_after}&limit=100&timeline=1&ip_diversity_all_min=5&prefer=result&max_wait=25"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)['response']['records']
records = pd.DataFrame(json_data)
print(records)
```

**Sample Output (Excerpt)**:

| Row | asn_diversity | host | ip_diversity_all | ip_diversity_groups | timeline |
| --- | --- | --- | --- | --- | --- |
| 0 | 4 | 1004539663.bulot.ru | 6 | 6 | [{'asn': 53667, 'asname': 'PONYNET, US', 'firs... |
| 1 | 4 | 1056804114.bulot.ru | 7 | 7 | [{'asn': 198983, 'asname': 'TORNADODATACENTER,... |
| 2 | 4 | 1156206008.cupata.ru | 5 | 5 | [{'asn': 63949, 'asname': 'AKAMAI-LINODE-AP Ak... |
| 3 | 6 | 1282855944.bulot.ru | 6 | 6 | [{'asn': 14956, 'asname': 'ROUTERHOSTING, US',... |
| 4 | 4 | 1336911229.bulot.ru | 5 | 5 | [{'asn': 14956, 'asname': 'ROUTERHOSTING, US',... |
| … | … | … | … | … | … |
| 95 | 3 | position73.ozaharso.ru | 5 | 5 | [{'asn': 63949, 'asname': 'AKAMAI-LINODE-AP Ak... |
| 96 | 5 | read77.acaenaso.ru | 7 | 7 | [{'asn': 46261, 'asname': 'QUICKPACKET, US', '... |
| 97 | 4 | redim39.acaenaso.ru | 7 | 7 | [{'asn': 14956, 'asname': 'ROUTERHOSTING, US',... |
| 98 | 5 | responsebody42.nubiumbi.ru | 7 | 7 | [{'asn': 14956, 'asname': 'ROUTERHOSTING, US',... |
| 99 | 4 | responsebody45.nubiumbi.ru | 7 | 7 | [{'asn': 14956, 'asname': 'ROUTERHOSTING, US',... |

100 rows × 5 columns

### Search Scan Data

Query scan data using Silent Push Query Language (SPQL) across various sources, including Webscan, Torscan, WebResources, Opendirectory, services, and Whois.

**Endpoint**: `POST /api/v1/merge-api/explore/scandata/search/raw?limit=100&with_metadata=1`

**Example Code**:

```python
import requests
import pandas as pd
import json

data_source = "webscan,torscan"
query = "favicon_murmur3 = 309020573 AND domain != \"pptanupdate.info\""
full_query = f"datasource={data_source} AND {query}"
url = "https://api.silentpush.com/api/v1/merge-api/explore/scandata/search/raw?limit=100&with_metadata=1"

payload = json.dumps({"query": full_query})
headers = {
    'Content-Type': 'application/json',
    'x-api-key': api_key,
    'meta-data': '1'
}

response = requests.request("POST", url, headers=headers, data=payload)
results = json.loads(response.text)['response']['scandata_raw']
results = pd.DataFrame(results)
print(results)
```

**Sample Output (Excerpt)**:

**Summary Section**

This section provides a high-level overview of key metadata for each scan entry.

| Index | URL | Domain | Subdomain | TLD | Scan Date | Response | Scheme |
| --- | --- | --- | --- | --- | --- | --- | --- |
| 0 | https://www.paypal.com/nl/home | paypal.com | www | com | 2025-04-14T21:58:40Z | 200 | https |
| 1 | https://www.paypal.com/nl/home | paypal.com | www | com | 2025-04-14T21:58:39Z | 200 | https |
| 2 | https://mr-perfmon-qa-us-east-2.dev.braintree-... | N/A | N/A | N/A | 2025-04-14T18:26:35Z | 200 | https |
| 3 | https://3.38.115.217/ | N/A | N/A | N/A | 2025-04-13T23:39:31Z | 200 | https |
| 4 | https://167.172.99.54/ | N/A | N/A | N/A | 2025-04-13T08:25:01Z | 200 | https |
| … | … | … | … | … | … | … | … |
| 95 | https://173.0.93.205/us/home | N/A | N/A | N/A | 2025-04-06T21:13:20Z | 200 | https |
| 96 | https://conspiracydistillery.com/ | conspiracydistillery.com |  | com | 2025-04-06T19:56:48Z | 200 | https |
| 97 | https://www.paypal.com/signin/?returnUri=%2Fin... | paypal.com | www | com | 2025-04-06T11:03:36Z | 200 | https |
| 98 | https://www.paypal.com/webapps/hermes?token=8H... | paypal.com | www | com | 2025-04-05T18:12:16Z | 200 | https |
| 99 | https://www.paypal.com/webapps/hermes?token=22... | paypal.com | www | com | 2025-04-05T18:12:15Z | 200 | https |

### **Security and Analysis Section**

This section focuses on adtech, body analysis, SSL details, and data hashes.

| Index | Adtech | Body Analysis (excerpt) | SSL (excerpt) | Datahash |
| --- | --- | --- | --- | --- |
| 0 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': 'f8e3360fbb86311b21... | {'CHV': '9d3012837ff54293cbd8a53027bb549269494... | d6b890afc1fd928b891dc6807e9d0c2c4307ce7c11d3a3... |
| 1 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': 'f8e3360fbb86311b21... | {'CHV': '9d3012837ff54293cbd8a53027bb549269494... | 15fc3cc3a792dc2bfc853fe8225cdc4480285fb408f282... |
| 2 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': 'c61e67bfe3c7644aa2... | {'CHV': '7ef117b4ce58f51d63e20c1422bb549269494... | cbeaa5b610ac37a3e0af468ea7bcf93152d7305dc0c753... |
| 3 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': '187a20769a1d32735a... | {'CHV': '14d4f1737b7ab14d4f1737b7ab6aec86565e2... | bcf72c673547835e69fd54cf635ff39ac31a38a71bf83f... |
| 4 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': '187a20769a1d32735a... | {'CHV': '14d4f1737b7ab14d4f1737b7ab6aec86565e2... | 68ea86092361dc5358e0c314c3072d6bd9754a6ee140b2... |
| … | … | … | … | … |
| 95 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': '30712700976f863af2... | {'CHV': '9d3012837ff5451d63e20c1422bb549269494... | bbde4d050f570dbd66b4284e1dbc3e52c176eb2cdc34c3... |
| 96 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': '37837d21b7a9745013... | {'CHV': '7ef117b4ce58f14d4f1737b7ab00d702c1a37... | d9bc0d8360fefdb1f4af770f52adc1202c3e414a5d85a9... |
| 97 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': 'ec41809030de8ab146... | {'CHV': '9d3012837ff54293cbd8a53027bb549269494... | caa7b6c6cbe3516d91d3fdd62b64ebdd880c0a648b76b7... |
| 98 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': 'bc8420d9065fdab55d... | {'CHV': '9d3012837ff54293cbd8a53027bb549269494... | d11db89ecfe59c201bcb8ca6e3dee76e5d8166353c2b85... |
| 99 | {'ads_txt': False, 'ads_txt_sha256': '', 'app-... | {'ICP_license': '', 'SHV': 'bc8420d9065fdab55d... | {'CHV': '9d3012837ff54293cbd8a53027bb549269494... | f57e5a987d1590c6c9e090cade42859e2e1841c4e24e65... |

### **Assets and Hashes Section**

This section covers favicon details, HHV, and related paths/hashes.

| Index | HHV | Favicon2 MD5 | Favicon2 Murmur3 | Favicon2 Path |
| --- | --- | --- | --- | --- |
| 0 | 25d209cadf8f19cd399014a34f | 6ba0933d57939edac031f8b3177876d2 | 2080897632 | https://www.paypalobjects.com/webstatic/icon/p... |
| 1 | 25d209cadf8f19cd399014a34f | 6ba0933d57939edac031f8b3177876d2 | 2080897632 | https://www.paypalobjects.com/webstatic/icon/p... |
| 2 | 9a1cd69b80a0d142ab00e9e12a |  |  |  |
| 3 | 83ba7c184364fece31d5a66831 | 6ba0933d57939edac031f8b3177876d2 | 2080897632 | https://www.paypalobjects.com/webstatic/icon/p... |
| 4 | 83ba7c184364fece31d5a66831 | 6ba0933d57939edac031f8b3177876d2 | 2080897632 | https://www.paypalobjects.com/webstatic/icon/p... |
| … | … | … | … | … |
| 95 | 1e58d8459b25cbe3aae676f20c | 6ba0933d57939edac031f8b3177876d2 | 2080897632 | https://www.paypalobjects.com/webstatic/icon/p... |
| 96 | 9c5a9fc6282c4e19fc0503949e | 6ba0933d57939edac031f8b3177876d2 | 2080897632 | https://www.paypalobjects.com/webstatic/icon/p... |
| 97 | 0f99373769daf53d90c023626e |  |  |  |
| 98 | 28dd549f6e8aa10e73aca41f21 |  |  |  |
| 99 | 28dd549f6e8aa10e73aca41f21 |  |  |  |

**Network and Miscellaneous Section**

This section includes resolves_to, datasource, user-agent (excerpt), and screenshot.

| Index | Datasource | Resolves To (excerpt) | User-Agent (excerpt) | Screenshot |
| --- | --- | --- | --- | --- |
| 0 | webscan | [151.101.3.1, 151.101.195.1, 162.159.141.96] | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| 1 | webscan | [151.101.3.1, 151.101.195.1, 162.159.141.96] | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| 2 | webscan | [18.216.164.195] | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| 3 | webscan | [3.38.115.217] | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| 4 | webscan | [167.172.99.54] | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| … | … | … | … | … |
| 95 | webscan | [173.0.93.205] | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| 96 | webscan | [193.58.105.92, 2a02:4780:37:4b12:1061:6c1b:fc... | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| 97 | webscan | [193.58.105.63, 2a02:4780:37:a0c:9360:5ca9:af7... | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| 98 | webscan | [192.185.139.173] | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |
| 99 | webscan | [192.185.139.173] | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53... | NaN |

### Live Scan

Initiate a real-time scan of a URL, configurable by OS, region, platform, and browser.

**Endpoint**: `GET /api/v1/merge-api/explore/tools/scanondemand?url={url}&platform={platform}&OS={os}&browser={browser}®ion={region}`

**Example Code**:

```python
import requests
import json
import pandas as pd

url = "https://www.espn.com/"
os = "Windows"
region = "US"
platform = "Desktop"
browser = "Chrome"

api_url = f"https://api.silentpush.com/api/v1/merge-api/explore/tools/scanondemand?url={url}&platform={platform}&OS={os}&browser={browser}&region={region}"
data = requests.get(api_url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)['response']
df = pd.DataFrame(json_data)
print(df)
```

**Sample Output (Excerpt)**

| scan | HHV | adtech | body_analysis | datahash | domain | favicon_murmur3 | … | response | url |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| 0 | 483b66ebe5e37ca2... | {'ads_txt': True, ...} | {'SHV': '1f6b0ebb93f647396a65e45d0e', ...} | 37ee9daa87302976b0342c6dd19e346721fcf32903317e... | espn.com | -1403218946 | … | 200 | https://www.espn.com |

(Includes JARM fingerprints, HTML analysis, and resolves_to IPs.)

### Get Indicator of Future Attack (IOFA) Feed

Automate exports of IOFA indicators via Feed UUID for integration with your security stack.

**Endpoint**: `GET /api/v2/iocs/threat-ranking/?page=1&limit=10000&distinct=false&source_uuids={feed_uuid}&order=-total_ioc,-total_source_score&state=Feed&advanced=advanced`

**Example Code**:

```python
import requests
import json
import pandas as pd

feed_uuid = "324c613c-8b4e-4b2e-8f69-9c86fea78077"
data = requests.get(f'https://app.silentpush.com/api/v2/iocs/threat-ranking/?page=1&limit=10000&distinct=false&source_uuids={feed_uuid}&order=-total_ioc,-total_source_score&state=Feed&advanced=advanced', headers={'x-api-key': api_key})
json_data = json.loads(data.content)
response = pd.DataFrame(json_data)
# Optionally export to JSON/CSV
```

**Sample Output**: DataFrame of indicators with scores and sources.

### Add Indicators to Feed

Programmatically add indicators and tags to a feed using its UUID.

**Example Code**:

```python
import requests

feed_uuid = "a03f3a69-ac84-4fd8-a7d7-71dafd2bf3f2"
indicators = ["microsoft.com", "apple.com"]
tags = "malware, test"

def add_indicators():
    url = f"https://app.silentpush.com/api/v1/feeds/{feed_uuid}/indicators/"
    payload = {"indicators": indicators}
    headers = {"x-api-key": api_key, "Content-Type": "application/json"}
    response = requests.post(url, json=payload, headers=headers, verify=False)
    print("Status Code:", response.status_code)
    print("Response JSON:", response.json())

def add_tags(indicator):
    url = f"https://app.silentpush.com/api/v1/feeds/{feed_uuid}/indicators/{indicator}/update-tags/"
    payload = {"tags": tags}
    headers = {"x-api-key": api_key, "Content-Type": "application/json"}
    response = requests.put(url, json=payload, headers=headers, verify=False)
    print("Status Code:", response.status_code)
    print("Response JSON:", response.json())

add_indicators()
for indicator in indicators:
    add_tags(indicator)
```

**Sample Output**:

```plaintext
Status Code: 201
Response JSON: {'created_or_updated': [{'uuid': 'bed9608aca5a28c3', 'name': '8.8.8.1', 'tags': ''}, ...], 'invalid_indicators': []}
```

### Get Feeds

Retrieve a list of all available feeds.

**Endpoint**: `GET /api/v1/feeds/?page_size=200`

**Example Code**:

```python
import requests

url = "https://app.silentpush.com/api/v1/feeds/?page_size=200"
headers = {"x-api-key": api_key, "Content-Type": "application/json"}
response = requests.get(url, headers=headers, verify=False)
print("Status Code:", response.status_code)
print("Response JSON:", response.json())
```

**Sample Output**: JSON array of feeds with UUIDs, names, and metadata.

## Get Data Export

Download custom exports from Feed Scanner as CSV, enriched with metadata.

**Endpoint**: `https://app.silentpush.com/app/v1/export/`

### Example: Get Organization Export

`GET /api/v2/export/organisation-feeds/{feed_uuid}_enriched.csv`

**Example Code**:

```python
import requests
import pandas as pd
import io

feed_uuid = "7a7aa058-699a-4bc4-88bd-5256787c313b"
data = requests.get(f'https://app.silentpush.com/api/v2/export/organisation-feeds/{feed_uuid}_enriched.csv', headers={'x-api-key': api_key})
df = pd.read_csv(io.BytesIO(data.content))
print(df)
```

**Sample Output (Excerpt)**:

| domain | sp_risk_score | tags | type | … |
| --- | --- | --- | --- | --- |
| securedmicrosoft365.com | 100 | [‘malware’] | domain | … |
| id-reservation.com | 100 | [‘malware’] | domain | … |
| … | … | … | … | … |

(Up to 51 rows across 123 columns, including certificates, NS changes, and risk explanations.)

### Threat Check

For enterprise users: Check whether an IP address or hostname appears in an IOFA feed. Returns a boolean with optional text.

Endpoint: `GET /v1/?t={indicator_type}&d=iofa&u={access_key}&q={indicator}`

**Example Code**:

```python
import requests
import json

access_key = ""  # Your ThreatCheck access key
indicator = "mahombres.ru"
indicator_type = "name"

data = requests.get(f'https://api.threatcheck.silentpush.com/v1/?t={indicator_type}&d=iofa&u={access_key}&q={indicator}')
json_data = json.loads(data.content)
print(json_data)
```

**Sample Response**:

```json
{
  "query": "mahombres.ru",
  "is_listed": True,
  "listed_txt": "listed on Silent Push IOFA feed"
}
```

Ideal for high-volume integrations like email gateways or SIEMs.

## Additional Endpoints

Silent Push offers more endpoints for advanced use cases, such as live WHOIS lookups and dangling DNS detection.

### Get ASNs for a Domain

**Endpoint**: `GET /api/v1/explore-recipes/hosting-infra-asns-recipes/query/?limit=100&domain={domain}&type=hosting_infrastructure_asn&queryType=hosting_infrastructure_asn`

**Example Code**:

```python
import requests
import json
import pandas as pd

url = "https://app.silentpush.com/api/v1/explore-recipes/hosting-infra-asns-recipes/query/?limit=100&domain=fox.com&type=hosting_infrastructure_asn&queryType=hosting_infrastructure_asn"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)
response = pd.DataFrame(json_data)['response']
print(response)
```

**Sample Output**:

```plaintext
records    [{'asn': 16625, 'asn_size': 7696128, 'asname': 'AOL, US', ...}]
dtype: object
```

A feature in threat intelligence platforms that enables users to investigate DNS history and navigate related network infrastructure, facilitating the discovery of potential threats or connections.

A real-time analysis tool that scans a specific URL to capture current data, such as screenshots, HTML titles, favicons, redirect chains, and SSL details, for immediate threat validation.

A real-time security analysis of a specified endpoint (e.g., URL or IP) to identify vulnerabilities or malicious behavior, performed using Silent Push’s On-Demand Endpoint Scan tool for rapid threat assessment.

Autonomous System Number, a unique numeric identifier assigned to an Autonomous System (AS) for managing IP address routing within and between networks on the internet

A feature leveraging passive DNS data to investigate and correlate related threats, such as associated IPs, domains, or other indicators.

A DNS request (resource record name, rrname) used to retrieve information about a domain, IP, or other network entity for threat analysis.

Publicly available data collected during domain registration or DNS updates, used to analyze domain ownership and history.

Host scanning data retrieved through enrichment queries, including details like certificates, open directories, or favicons, used to validate and analyze potential threats.

A data repository containing web data from public IPv4 and IPv6 ranges, including HTML, favicons, and SSL data, used for querying website-related threat intelligence.

A data repository containing data from .onion sites on the Tor network, used to analyze dark web infrastructure and detect malicious activities.

A data repository containing metadata from open directories, including file and directory details, used to detect exposed or misconfigured resources that may indicate security risks.

The IP address or subnet used in typosquatting queries to identify domains mimicking legitimate ones, aiding in the detection of phishing or fraudulent infrastructure.

A predictive threat signal derived from Silent Push’s analysis of attacker behavior and infrastructure, enabling proactive mitigation of potential cyberattacks before they occur.

A unique universal identifier assigned to a threat intelligence feed, enabling precise tracking and referencing of the feed within a cybersecurity platform.