An infratag is a custom text string generated by Silent Push that contains the following information on a domain (in order, on one line, with values separate by a colon):
MX- The domain portion of the domain's first MX recordNS- The domain portion of the top last-seen nameserverAS- The AS name of the assigned IP address of the A recordReg- The registrar mentioned in available WHOIS data
For example, the infratag for silentpush.com resolves to outlook.com:cloudflare.com:cloudflarenet:enom
Domain infratags allow organization's to search threat feeds and DNS records for similair tags, allowing security teams to identify malicious infrastructure before it becomes weaponised, and familiarise themselves with broad attack surfaces without the need to run complex queries.
-
Navigate to
Advanced Query Builder > Domain Queries > Infratag -
Specify a
domain -
Under the
modefield, chooseliveorpadnsto populate the infratag with live data, or passive data respectively -
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.
-
Specify the query parameters
-
Click
Save Query -
Give your query a
Name -
Specify a
Descriptionto add more context -
Click
Save