Obtain domain infratag
    • 16 May 2023
    • 1 Minute to read
    • Dark

    Obtain domain infratag

    • Dark

    Article Summary

    An infratag is a custom text string generated by Silent Push that contains the following information on a domain (in order, on one line, with values separate by a colon):

    1. MX - The domain portion of the domain's first MX record
    2. NS - The domain portion of the top last-seen nameserver
    3. AS - The AS name of the assigned IP address of the A record
    4. Reg - The registrar mentioned in available WHOIS data

    For example, the infratag for silentpush.com resolves to outlook.com:cloudflare.com:cloudflarenet:enom

    Domain infratags allow organization's to search threat feeds and DNS records for similair tags, allowing security teams to identify malicious infrastructure before it becomes weaponised, and familiarise themselves with broad attack surfaces without the need to run complex queries.

    1. Navigate to Advanced Query Builder > Domain Queries > Infratag

    2. Specify a domain

    3. Under the mode field, choose live or padns to populate the infratag with live data, or passive data respectively

    4. Click Search

    Saving queries

    Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

    1. Specify the query parameters

    2. Click Save Query

    3. Give your query a Name

    4. Specify a Description to add more context

    5. Click Save

    Was this article helpful?


    Eddy, a super-smart generative AI, opening up ways to have tailored queries and responses