Contents x
      Obtain domain infratag
      • 16 May 2023
      • 1 Minute to read
      • Print
      • Dark
        Light
      Contents

      Obtain domain infratag

      • Updated on 16 May 2023
      • 1 Minute to read
      • Print
      • Dark
        Light
      Article Summary

      An infratag is a custom text string generated by Silent Push that contains the following information on a domain (in order, on one line, with values separate by a colon):

      1. MX - The domain portion of the domain's first MX record
      2. NS - The domain portion of the top last-seen nameserver
      3. AS - The AS name of the assigned IP address of the A record
      4. Reg - The registrar mentioned in available WHOIS data

      For example, the infratag for silentpush.com resolves to outlook.com:cloudflare.com:cloudflarenet:enom

      Domain infratags allow organization's to search threat feeds and DNS records for similair tags, allowing security teams to identify malicious infrastructure before it becomes weaponised, and familiarise themselves with broad attack surfaces without the need to run complex queries.

      1. Navigate to Advanced Query Builder > Domain Queries > Infratag

      2. Specify a domain

      3. Under the mode field, choose live or padns to populate the infratag with live data, or passive data respectively

      4. Click Search

      Saving queries

      Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

      1. Specify the query parameters

      2. Click Save Query

      3. Give your query a Name

      4. Specify a Description to add more context

      5. Click Save

      Was this article helpful?
      What's Next