Translate hash values to server names

  • Updated on May 16, 2023
  • Published on Apr 12, 2023
  • 1 minute(s) read
Prev Next

nshash and mxhash are types of hash values that are used to identify and track changes to DNS information.

nshash is based on the authoritative nameservers associated with a domain. By computing the nshash for a domain, it's possible to identify changes to the authoritative nameservers, such as when a domain is transferred to a new registrar or hosting provider.

mxhash, on the other hand, is based on the MX servers associated with a domain. By computing the mxhash value for a domain, organizations can identify changes to the mail exchange servers, such as when a domain starts sending or receiving email from a new email provider.

Both values can be used to track changes to DNS infrastructure that may indicate malicious activity. For example, if a domain suddenly changes its authoritative nameservers or starts sending email from a new mail exchange server, it may be an indication of phishing or other malicious activity.

Silent Push allows organizations to quickly obtain information on server names that belong to an nshash or mxhash.

  1. Navigate to Advanced Query Builder > PADNS Queries > Translate Hash To Server Names

  2. Specify a hash type (NSHASH, MXHASH)

  3. Use query to specify a hash value

  4. Click Search

Saving queries

Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

  1. Specify the query parameters

  2. Click Save Query

  3. Give your query a Name

  4. Specify a Description to add more context

  5. Click Save