---
title: "Obtain Domain Infratag"
slug: "obtain-domain-infratag"
description: "An infratag is a custom text string generated by Silent Push that contains the following information on a domain (in order, on one line, with values separate by a colon)."
tags: ["DNS record queries", "Domain queries"]
updated: 2025-12-31T15:07:10Z
published: 2025-12-31T15:07:10Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.silentpush.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Obtain Domain Infratag

An Infratag****is a custom text string generated by Silent Push that contains the following information on a domain (in order, on one line, with values separated by a colon):

1. **MX** - The domain portion of the domain's first MX record
2. **NS** - The domain portion of the top last-seen nameserver
3. **AS** - The AS Name of the assigned IP address of the A record
4. **Reg** - The registrar mentioned in the available Whois data

For example, the infratag for silentpush.com resolves to **outlook.com:cloudflare.com:cloudflare.net:enom**

Domain infratags enable organizations to search threat feeds and DNS records for similar tags, helping security teams identify malicious infrastructure before it becomes weaponized and familiarize themselves with broad attack surfaces without the need for complex queries.

## Obtain domain infratag

1. From the left navigation menu, select**Advanced Query Builder >** **Domain Queries > Infratag**.
2. Specify a **domain**.
3. Under **mode**, select **live** for current data or **PADNS** for passive data.
4. Click **Search**.

## Save Query

1. Specify query parameters.
2. Click **Save Query**.
3. Provide a **Name** and **Description** for context.
4. Click **Save**. The query appears in [**Private Queries**](https://help.silentpush.com/docs/private-queries).

This identifies malicious infrastructure before weaponization.

A custom text string generated by Silent Push, combining a domain’s MX record, nameserver, AS name, and registrar, is used to identify similar threat infrastructure patterns.

The descriptive name assigned to an Autonomous System (AS), a collection of IP routing prefixes under the control of one or more network operators, used to identify the network in routing operations.

Publicly available data collected during domain registration or DNS updates, used to analyze domain ownership and history.