Map a blast radius
Take one compromised asset and trace how far the damage reaches — co-tenants on its IP, the IPs they spread to, and the network behind it.
Layers traversed
- DNS
- BGP / routing
The reach of a compromise is reconstructed by hand, one reverse-lookup at a time.
- reverse-IP
- passive DNS
- manual prefix lookups
Using WhisperGraph over MCP, treat 100.50.108.88 as compromised and map its blast radius: every domain co-tenanted on it, the IPs those co-tenants spread to, and the network it sits in.
Paste into any MCP-connected LLM.
What you get back
If this host falls, what else is exposed? A flat lookup never follows the reach. Whisper traces it layer by layer — every domain co-tenanted on the asset’s IP (compromise one, expose all), the other IPs those co-tenants resolve to, and the ASN that announces the asset — each layer bounded so the traversal never explodes.
Dig deeper
Go deeper
The full how-to — the procedure explained, with the Cypher you can run.
Open the full how-to →Related
Find every domain on the same infrastructure
Reverse a single IP, nameserver, or registrant into every domain that shares it — the co-tenancy pivot, in one hop.
Enrich an indicator in one query
One IP, domain, or ASN in — verdict, owning network, GeoIP, listing feeds, and co-hosted neighbours out, in a single traversal.
Forward threat intelligence: find the unflagged siblings
Pivot from one known-bad domain to the campaign's not-yet-flagged infrastructure — domains that share its registrant fingerprint but sit in no threat feed.
Map a blast radius
Take one compromised asset and trace how far the damage reaches — every domain co-tenanted on its IP, the sibling IPs in its prefix, and the downstream hosts beyond — bounded layer by layer so the depth never runs away. The reach a flat lookup never follows.
Try it on your own infrastructure
Run anonymous queries against the live graph, or connect your AI agent over MCP — free, no credit card.