nshash
and mxhash
are types of hash values that are used to identify and track changes to DNS information.
nshash
is based on the authoritative nameservers associated with a domain. By computing the nshash
for a domain, it's possible to identify changes to the authoritative nameservers, such as when a domain is transferred to a new registrar or hosting provider.
mxhash
, on the other hand, is based on the MX servers associated with a domain. By computing the MX hash
value for a domain, organizations can identify changes to the mail exchange servers, such as when a domain starts sending or receiving email from a new email provider.
Both values can be used to track changes to DNS infrastructure that may indicate malicious activity. For example, suppose a domain suddenly changes its authoritative nameservers or starts sending email from a new mail exchange server. In that case, it may be an indication of phishing or other malicious activity.
Silent Push allows organizations to quickly obtain information on server names that belong to an nshash
or mxhash
.
Hash Values
Navigate to Advanced Query Builder > PADNS Queries > Translate Hash To Server Names.
Specify a hash type: NSHASH or MXHASH.
Enter a hash value in query.
Click Search.
Use Case: Identify changes in authoritative nameservers or MX servers to detect domain transfers or new email providers linked to malicious activity.
Save Queries
Organizational users can save queries for future use or sharing.
Specify query parameters.
Click Save Query.
Provide a Name and Description for context.
Click Save. The query appears in Private Queries.