An infratag is a custom text string generated by Silent Push that contains the following information on a domain (in order, on one line, with values separated by a colon):
MX - The domain portion of the domain's first MX record
NS - The domain portion of the top last-seen nameserver
AS - The AS name of the assigned IP address of the A record
Reg - The registrar mentioned in the available WHOIS data
For example, the infratag for silentpush.com resolves to outlook.com:cloudflare.com:cloudflare.net:enom
Domain infratags enable organizations to search threat feeds and DNS records for similar tags, helping security teams identify malicious infrastructure before it becomes weaponized and familiarize themselves with broad attack surfaces without the need for complex queries.
Obtain domain infratag
Navigate to Advanced Query Builder > Domain Queries > Infratag.
Specify a domain.
Under mode, choose live for current data or padns for passive data.
Click Search.
Save queries
Organizational users can save queries for future use or sharing.
Specify query parameters.
Click Save Query.
Provide a Name and Description for context.
Click Save. The query appears in Private Queries.
This identifies malicious infrastructure before weaponization.