Start detecting threats BEFORE they’re weaponized: Sign up for our free Community Edition today: https://www.silentpush.com/community.
Release 4.4 is here and its our biggest one yet. Learn how to navigate the new ‘Total View’, preempt shifts in attacker infrastructure with our new Infrastructure Variance tool, and deep dive into domain comparisons with Context Similarity.
Silent Push Community and Enterprise users have access to four powerful Brand Impersonation queries that locate malicious Indicator of Future Attack (IOFA) infrastructure, targeting four distinct areas of your online presence: domains, favicons, emails and HTML titles.
In this video, Director of Sales Engineering Maulik Limbachiya gives a short overview of three key tools for defending against brand impersonators in Silent Push: Domain Impersonation, Email Impersonation, Favicon Impersonation and HMTL Title Impersonation.
Start detecting threats BEFORE they’re weaponized: Sign up for our free Community Edition today: https://www.silentpush.com/community
Release 4.3 has arrived! Learn how to utilize our expanded Brand Impersonation capabilities, and check out useful updates to Web Scanner, Live Scan and the UI!
Start detecting threats BEFORE they’re weaponized. Use our Web Scanner tool for free with Silent Push Community Edition: www.silentpush.com/community.
In this video, Director of Sales Engineering Maulik Limbachiya takes you through how to perform one-click pivots from within the Web Scanner results table, and how to customize your results table to best suit your use case.
On July 1, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Aeza Group, two affiliated companies, and four individuals for providing bulletproof hosting services that enabled global cybercriminal activity — including ransomware operations, data theft, and darknet drug trafficking.
Bulletproof hosting (BPH) refers to resilient server infrastructure used by threat actors to operate outside the reach of law enforcement. In response to the sanctions, the U.S. government froze Aeza Group’s U.S.-based assets and prohibited U.S. persons from engaging in transactions with them.
Silent Push Threat Analysts identified Aeza Group (AS216246 and AS210644) as a bulletproof hosting provider in early 2025. On July 20, 2025, Silent Push’s IOFA (Indicators of Future Attack)™ feed automatically detected a significant infrastructure shift: IP ranges from Aeza’s AS210644 began migrating to AS211522, a new autonomous system operated by Hypercore LTD.
This shift suggests an attempt to evade sanctions enforcement and continue malicious operations under new infrastructure.
One such example is IP address 83.147.192[.]5, which was previously associated with AS210644. On July 20, this IP was automatically reclassified in the Bulletproof Hosting IOFA™ feed to reflect its new association with AS211522.
BGP data from bgp.tools confirms that the 83.147.192.0/24 subnet has been announced by both ASNs, supporting the attribution.
According to Silent Push data, ASN 211522 was allocated on July 10, 2025, as confirmed by a search within the Total View platform. The data also shows that the ASN already contains over 2,100 IP addresses, indicating an unusually rapid ramp-up for a newly allocated ASN — a pattern not typically observed.
Silent Push Threat Analysts will continue to investigate ASN 211522 and welcome any leads related to suspicious bulletproof hosting infrastructure or additional context surrounding the Aeza Group IP migration.
Through continuous infrastructure monitoring, Silent Push is able to detect and track emerging BPH providers before they’re widely used in active campaigns. The migration to AS211522 is likely either a rebrand by Aeza or a handoff to a closely aligned cybercriminal entity.
Silent Push IOFA™ feeds are designed to identify attacker infrastructure — before it’s operationalized. From bulletproof hosting to phishing domains, malware C2s, and more, Silent Push provides security teams with early, actionable visibility into the infrastructure behind tomorrow’s threats.
Missed our recent webinar on Bulletproof Hosting?
It’s now available on-demand. Access it here.
Want to explore Silent Push IOFA™ feeds?
Black Hat USA 2025 is just around the corner, and the cybersecurity community is gearing up for one of the most important events of the year. While many organizations will be showcasing their latest products and services on the expo floor, our team is taking a different approach — focusing on meaningful, one-on-one conversations about the future of cyber defense.
Preemptive cyber defense is no longer just a buzzword; leading security teams are actively shifting their strategies to stop threats before they happen, rather than reacting after the fact. At Black Hat this year, we’ll be holding short, focused 1:1 sessions designed to help security teams assess their readiness and explore how to build stronger, proactive defenses.
If your team is struggling with alert fatigue, difficulty measuring ROI on detection tools, or relying heavily on post-breach intelligence, these sessions are for you. We’ll guide you through practical steps to move beyond reactive tactics and embrace a proactive, data-driven approach to security.
Why meet with us at Black Hat 2025?
Spaces are limited, so we encourage teams attending Black Hat to book their session early. Make Black Hat 2025 the turning point for your proactive cyber defense strategy.
Book your session today and begin shifting from reactive to preemptive defense.
We’ll also compare traditional passive DNS (PDNS) data with Silent Push’s unique Passive Aggressive DNS (PADNS) data, which has enabled leading organizations across the world to detect threats earlier than ever before.
Bulletproof Hosting (BPH) providers offer IP infrastructure that ignores abuse complaints, enabling some of the web’s most dangerous malicious traffic. While the community broadly agrees on what makes a host “Bulletproof,” identifying specific ASN ranges or providers requires deep expertise and nuance. This session will equip you with the knowledge to identify and combat these shadowy enablers.
This session will equip you with the knowledge to identify and combat these shadowy enablers.
Ready to dive deeper into the world of preemptive threat intelligence? Begin your journey with the Silent Push free Community Edition today.
In this episode of CyberScoop’s podcast, our CEO Ken Bagnall joins Greg Otto to explore the evolving cybercrime ecosystem. Ken discusses how much of today’s infrastructure is run by affiliate networks leveraging existing technologies — and how this model is shaping threats globally.
Ken also highlights how these operations are increasingly fueled by actors from Africa and other developing regions, offering a unique look at lesser-known aspects of the global cybercrime economy. Also featured in this episode: Greg Otto and Matt Kapko discuss the growing issue of remote IT workers tied to North Korea.
Listen to the original episode on CyberScoop Radio: https://cyberscoop.com/radio/in-this-episode-greg-otto-talks-with-ken-bagnall-ceo-of-silent-push-ken-sheds-light-on-the-dynamics-of-the-current-cybercrime-ecosystem/
Read more: The North Korea worker problem is bigger than you think https://cyberscoop.com/north-korea-technical-workers-full-time-jobs/
Cyber defense data is only as useful as the context that surrounds it.
Threat actors shift tactics daily and infrastructure spins up and vanishes in days or even hours. Isolated Indicators of Compromise (IOCs) aren’t enough. Security teams need connected intelligence – insight that illuminates not just a single alert, but the full shape of the infrastructure behind it.
By linking Silent Push’s unrivalled visibility of global threat infrastructure with OpenCTI’s powerful threat intelligence framework, teams can enrich their existing datasets with high-fidelity context – helping to reveal 100% of an adversary’s digital footprint, including elements that go unnoticed by traditional toolsets.
OpenCTI (Open Cyber Threat Intelligence) is an open-source platform built to centralize, visualize, and correlate Cyber Threat Intelligence (CTI).
The platform supports structured intelligence sharing and collaboration using open standards such as STIX 2.1 and TAXII 2.1, and is used globally by SOCs, CERTs, and threat analysts to manage complex threat data in real time.
OpenCTI includes support for TAXII feeds, file-based imports, API integrations, and offers a flexible way for organizations to analyze threat intelligence at enterprise level.
Silent Push provides a uniquely preemptive view of attacker infrastructure, including unseen elements in the staging and early deployment phases
Instead of chasing post-breach IOCs, our platform exposes Indicators of Future Attack (IOFA)™ – early warning signals based on attacker behavioral patterns, observed across our proprietary DNS and web content database.
By integrating Silent Push with OpenCTI, organizations gain the ability to:
Our bi-directional integration enables analysts to move from reactive to proactive defense, and from juggling alerts to proactive action.
At the heart of the integration is support for STIX (Structured Threat Information Expression) and TAXII (Trusted Automated Exchange of Indicator Information).
Silent Push exposes TAXII endpoints that allow OpenCTI to pull in curated indicators, fully mapped to STIX 2.1 objects.
This ensures that indicators from Silent Push – domains, IPs, or URLs – arrive in a standardized format, automatically enriched with threat scoring, and metadata such as hosting details, DNS context, and campaign links.
Our integration enables correlation at scale. Indicators brought in through TAXII can be immediately cross-referenced with existing data inside OpenCTI, powering visualizations, alerts, and investigative timelines.
The Silent Push Enrichment Connector, officially part of the OpenCTI ecosystem, is designed to deliver contextual intelligence precisely when analysts need it – during investigations.
Once deployed, the connector monitors domains, IPs and URLs already present in OpenCTI and, on a scheduled or manual basis, retrieves matching enrichment from the Silent Push API.
Enrichment is delivered in the form of STIX 2.1 bundles, integrated into OpenCTI via its internal processes. This means analysts don’t need to leave the platform or perform manual queries – context flows directly into their workflows.
Enriched categories include:
The result is faster triage, better attribution, and higher confidence in decision-making.
In addition to structured indicators, Silent Push also supports RSS-based ingestion of threat reports, providing strategic context and narrative intelligence directly within OpenCTI.
These feeds enable organizations to:
This allows analysts to see the bigger picture: not just what indicators exist, but why they matter, how they relate to ongoing campaigns, and what tactics they support.
Once ingested, Silent Push data comes to life through OpenCTI’s powerful visualization features, allowing analysts to:
These views make it easier to spot trends, detect anomalies, prioritize threats, and make it easier to collaborate on threat investigations across internal security teams.
Deploying the Silent Push connector is straightforward, whether via Docker or manual setup. Once installed, the connector:
Ingested data is transformed into STIX 2.1, ensuring native compatibility from the get-go.
Whether you’re pulling indicators via TAXII or enriching observables in place, Silent Push fits directly into the OpenCTI data standards – no extra parsing, no manual translation.
Ready to transform your threat intelligence workflows? Get in touch to see how the Silent Push and OpenCTI integration brings attacker infrastructure into full view, before it becomes an incident.
We’ll show you how to enrich your existing threat data with IOFA™ insights, automate observable enrichment via STIX/TAXII, and visualize connected infrastructure inside OpenCTI.
