`malicious-site.com`

DNSSEC	⚠️ Not signed
A	103.224.182.212^{🇦🇺 TRELLIAN-AS-AP103.224.182.0/23 Trellian Pty. Limited 8 East Concourse}
		PTR	`lb-182-212.above.com`
NS	`ns15.abovedomains.com` ⭐
		A	103.224.182.37^{🇦🇺 TRELLIAN-AS-AP103.224.182.0/23 Trellian Pty. Limited 8 East Concourse}
			PTR	`ns15.above.com`
NS	`ns1.abovedomains.com`
		A	103.224.182.9^{🇦🇺 TRELLIAN-AS-AP103.224.182.0/23 Trellian Pty. Limited 8 East Concourse}
			PTR	`ns1.above.com`
		A	103.224.212.9^{🇦🇺 TRELLIAN-AS-AP103.224.212.0/23 Trellian Pty. Limited 8 East Concourse}
			PTR	`ns1.above.com`
NS	`ns16.abovedomains.com`
		A	103.224.212.37^{🇦🇺 TRELLIAN-AS-AP103.224.212.0/23 Trellian Pty. Limited 8 East Concourse}
			PTR	`ns16.above.com`
MX	`park-mx.above.com` ⭐
		A	103.224.212.34^{🇦🇺 TRELLIAN-AS-AP103.224.212.0/23 Trellian Pty. Limited 8 East Concourse}
			PTR	`park-mx.above.com`
TXT	`v=spf1 ip6:fdcf:abda:4154::/48 -all`
SOA	`ns1.abovedomains.com`hostmaster@trellian.com 2026-03-25 #1

`com`

	DNSSEC	🔒 Signed (DS record present)
	NS	`a.gtld-servers.net` ⭐
	NS	`b.gtld-servers.net`
	NS	`c.gtld-servers.net`
	NS	`d.gtld-servers.net`
	NS	`e.gtld-servers.net`
	NS	`f.gtld-servers.net`
	NS	`g.gtld-servers.net`
	NS	`h.gtld-servers.net`
	NS	`i.gtld-servers.net`
	NS	`j.gtld-servers.net`
	NS	`k.gtld-servers.net`
	NS	`l.gtld-servers.net`
	NS	`m.gtld-servers.net`
	SOA	`a.gtld-servers.net`nstld@verisign-grs.com serial=1774398522

Same first word

malicious-site.com

DNS History

16 records (5 active, 11 former)

○NSns-us.1and1-dns.com2015-05-11 → 2016-03-18 · 4 obs

● 2015-05-11 10:30:16
● 2016-03-18 11:27:38
○ 2016-08-11 03:34:02
○ 2026-03-25 00:45:42

○NSns-us.1and1-dns.de2015-05-11 → 2016-03-18 · 4 obs

● 2015-05-11 10:30:16
● 2016-03-18 11:27:38
○ 2016-08-11 03:34:02
○ 2026-03-25 00:45:42

○NSns-us.1and1-dns.org2015-05-11 → 2016-03-18 · 4 obs

● 2015-05-11 10:30:16
● 2016-03-18 11:27:38
○ 2016-08-11 03:34:02
○ 2026-03-25 00:45:42

○NSns-us.1and1-dns.us2015-05-11 → 2016-03-18 · 4 obs

● 2015-05-11 10:30:16
● 2016-03-18 11:27:38
○ 2016-08-11 03:34:02
○ 2026-03-25 00:45:42

●NSns1.abovedomains.com2026-03-12 → 2026-03-25 · 3 obs

○ 2017-06-25 17:08:18
● 2026-03-12 16:58:56
● 2026-03-25 00:45:42

●NSns15.abovedomains.com2026-03-12 → 2026-03-25 · 3 obs

○ 2017-06-25 17:08:18
● 2026-03-12 16:58:56
● 2026-03-25 00:45:42

●NSns16.abovedomains.com2026-03-12 → 2026-03-25 · 3 obs

○ 2017-06-25 17:08:18
● 2026-03-12 16:58:56
● 2026-03-25 00:45:42

○NSns19.domaincontrol.com2017-06-25 → 2017-06-25 · 4 obs

○ 2016-08-11 03:34:02
● 2017-06-25 17:08:18
○ 2026-03-12 16:58:56
○ 2026-03-25 00:45:42

○NSns20.domaincontrol.com2017-06-25 → 2017-06-25 · 4 obs

○ 2016-08-11 03:34:02
● 2017-06-25 17:08:18
○ 2026-03-12 16:58:56
○ 2026-03-25 00:45:42

○MXmx00.1and1.com2015-05-11 → 2016-03-18 · 4 obs

● 2015-05-11 10:30:16
● 2016-03-18 11:27:38
○ 2016-08-11 03:34:02
○ 2026-03-25 00:45:42

○MXmx01.1and1.com2015-05-11 → 2016-03-18 · 4 obs

● 2015-05-11 10:30:16
● 2016-03-18 11:27:38
○ 2016-08-11 03:34:02
○ 2026-03-25 00:45:42

●MXpark-mx.above.com2026-03-12 → 2026-03-25 · 3 obs

○ 2016-08-11 03:34:02
● 2026-03-12 16:58:56
● 2026-03-25 00:45:42

●A103.224.182.2122026-03-12 → 2026-03-25 · 3 obs

○ 2017-06-25 17:08:18
● 2026-03-12 16:58:56
● 2026-03-25 00:45:42

○A108.175.5.312015-05-11 → 2016-03-18 · 4 obs

● 2015-05-11 10:30:16
● 2016-03-18 11:27:38
○ 2016-08-11 03:34:02
○ 2026-03-25 00:45:42

○A2607:f1c0:1000:6080:69ba:56a4:27a7:e2015-05-11 → 2016-03-18 · 4 obs

● 2015-05-11 10:30:16
● 2016-03-18 11:27:38
○ 2016-08-11 03:34:02
○ 2026-03-25 00:45:42

○A50.63.202.542017-06-25 → 2017-06-25 · 4 obs

○ 2016-08-11 03:34:02
● 2017-06-25 17:08:18
○ 2026-03-12 16:58:56
○ 2026-03-25 00:45:42

🔍 DNS Trace

📋 Delegation Chain

Zone	Nameservers	Glue
com	k.gtld-servers.net, j.gtld-servers.net, l.gtld-servers.net, d.gtld-servers.net...	-
malicious-site.com	ns15.abovedomains.com, ns16.abovedomains.com	2 records

✅ Authoritative Response

Server:103.224.212.37

NS records: ns15.abovedomains.com, ns16.abovedomains.com

🔒 DNSSEC Status

⚠️ Insecure (no DNSSEC)

No DS record for malicious-site.com (unsigned zone)

⏱️ Timing

Total: 302ms | Queries: -

📄 Records

Type	Count	Sample Data
A	1	`103.224.182.212`
NS	2	`ns16.abovedomains.com, ns15.abovedomains.com`
MX	1	`park-mx.above.com (pri: 10)`
TXT	1	`v=spf1 ip6:fdcf:abda:4154::/48 -all`
SOA	1	`ns1.abovedomains.com hostmaster.trellian`

📌 Glue Records Collected

Total: 2

Out-of-bailiwick: 2 (ns15.abovedomains.com, ns16.abovedomains.com)

Analysis

IP Addresses

malicious-site.com points to a single IP number: 103.224.182.212.

Other host names, for instance nasmork.pro, www.ashazkawg.com, chat-whatsappqigh2cm.gxscv.com, m34.xuatrlr.com and hyacint.info share IP numbers with malicious-site.com.

Name Servers

The delegation for malicious-site.com is handled by three name servers: ns15.abovedomains.com, ns16.abovedomains.com and ns1.abovedomains.com.

malicious-site.com at least partially shares name servers with other domains, for instance owes.com, 203-121-213-63.e-wire.net.au, timbrado6.meinastrohoroskop.com, crushphoto-sample.ch.vu and www.(0x78766964656f73)1.com.

These name servers are often used together with ns2.abovedomains.com, ns3.abovedomains.com, ns4.abovedomains.com, 421.ns1.abovedomains.com and 421.ns2.abovedomains.com.

Host names with two IP numbers:

ns1.abovedomains.com points to 103.224.182.9 and 103.224.212.9.

Host names with one IP number:

ns15.abovedomains.com points to 103.224.182.37.

ns16.abovedomains.com points to 103.224.212.37.

Mail Servers

malicious-site.com is handled by a single mail server, park-mx.above.com.

malicious-site.com uses the same mail server configuration as other domains, such as localhost.leggy.com.au, financiero.de, myspectrumbusiness.com, www.azleisd.com and www.rules.it.

park-mx.above.com points to a single IP: 103.224.212.34.

malicious-site.com - robtex.com