`redteam-ioc-test.com`

DNSSEC	🔒 Signed (DS record present)
A	2606:4700:3034::6815:fb9^{🇺🇸 Cloudflare2606:4700:3034::/48 , Inc. 101 Townsend Street, San Francisco, California 94107, US} ✓ In HTTPS hints
A	2606:4700:3037::ac43:a3c4^{🇺🇸 Cloudflare2606:4700:3037::/48 , Inc. 101 Townsend Street, San Francisco, California 94107, US} ✓ In HTTPS hints
A	104.21.15.185^{Cloudflare104.21.0.0/20 , Inc. 101 Townsend Street, San Francisco, California 94107, US} ✓ In HTTPS hints
A	172.67.163.196^{🇺🇸 Cloudflare172.67.160.0/20 , Inc. 101 Townsend Street, San Francisco, California 94107, US} ✓ In HTTPS hints
NS	`jill.ns.cloudflare.com` ⭐
		A	2606:4700:50::adf5:3a7a^{🇺🇸 Cloudflare2606:4700:50::/44 , Inc. 101 Townsend Street, San Francisco, California 94107, US}
			PTR	`jill.ns.cloudflare.com`
		A	2803:f800:50::6ca2:c07a^{🇨🇷 Cloudflare2803:f800:50::/45 LACNIC generated route6 for CloudFlare Latin America S.R.L}
			PTR	`jill.ns.cloudflare.com`
		A	2a06:98c1:50::ac40:207a^{🇺🇸 Cloudflare2a06:98c1:50::/45}
			PTR	`jill.ns.cloudflare.com`
		A	108.162.192.122^{🇺🇸 Cloudflare108.162.192.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US}
			PTR	`jill.ns.cloudflare.com`
		A	172.64.32.122^{🇺🇸 Cloudflare172.64.32.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US}
			PTR	`jill.ns.cloudflare.com`
		A	173.245.58.122^{🇺🇸 Cloudflare173.245.58.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US}
			PTR	`jill.ns.cloudflare.com`
NS	`kip.ns.cloudflare.com`
		A	2606:4700:58::adf5:3b80^{🇺🇸 Cloudflare2606:4700:50::/44 , Inc. 101 Townsend Street, San Francisco, California 94107, US}
			PTR	`kip.ns.cloudflare.com`
		A	2803:f800:50::6ca2:c180^{🇨🇷 Cloudflare2803:f800:50::/45 LACNIC generated route6 for CloudFlare Latin America S.R.L}
			PTR	`kip.ns.cloudflare.com`
		A	2a06:98c1:50::ac40:2180^{🇺🇸 Cloudflare2a06:98c1:50::/45}
			PTR	`kip.ns.cloudflare.com`
		A	108.162.193.128^{🇺🇸 Cloudflare108.162.193.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US}
			PTR	`kip.ns.cloudflare.com`
		A	172.64.33.128^{🇺🇸 Cloudflare172.64.33.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US}
			PTR	`kip.ns.cloudflare.com`
		A	173.245.59.128^{🇺🇸 Cloudflare173.245.59.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US}
			PTR	`kip.ns.cloudflare.com`
TXT	`ca3-91871583c7b94975aa068c6d25b56494`
HTTPS	HTTP/3, HTTP/2 ✓ hints match
		IPv4 hints	104.21.15.185, 172.67.163.196
		IPv6 hints	2606:4700:3034::6815:fb9, 2606:4700:3037::ac43:a3c4
		ECH	X25519, HKDF-SHA256 + AES-128-GCM draft, id=91, name=cloudflare-ech.com
SOA	`jill.ns.cloudflare.com`dns@cloudflare.com serial=2403527750

`com`

	DNSSEC	🔒 Signed (DS record present)
	NS	`a.gtld-servers.net` ⭐
	NS	`b.gtld-servers.net`
	NS	`c.gtld-servers.net`
	NS	`d.gtld-servers.net`
	NS	`e.gtld-servers.net`
	NS	`f.gtld-servers.net`
	NS	`g.gtld-servers.net`
	NS	`h.gtld-servers.net`
	NS	`i.gtld-servers.net`
	NS	`j.gtld-servers.net`
	NS	`k.gtld-servers.net`
	NS	`l.gtld-servers.net`
	NS	`m.gtld-servers.net`
	SOA	`a.gtld-servers.net`nstld@verisign-grs.com serial=1778465366

Same first word

redteam-ioc-test.com

DNS History

6 records (6 active, 0 former)

●NSjill.ns.cloudflare.com2026-04-10 → 2026-05-11 · 2 obs

● 2026-04-10 11:54:06
● 2026-05-11 02:23:52

●NSkip.ns.cloudflare.com2026-04-10 → 2026-05-11 · 2 obs

● 2026-04-10 11:54:06
● 2026-05-11 02:23:52

●A104.21.15.1852026-04-10 → 2026-05-11 · 2 obs

● 2026-04-10 11:54:06
● 2026-05-11 02:23:52

●A172.67.163.1962026-04-10 → 2026-05-11 · 2 obs

● 2026-04-10 11:54:06
● 2026-05-11 02:23:52

●A2606:4700:3034::6815:fb92026-04-10 → 2026-05-11 · 2 obs

● 2026-04-10 11:54:06
● 2026-05-11 02:23:52

●A2606:4700:3037::ac43:a3c42026-04-10 → 2026-05-11 · 2 obs

● 2026-04-10 11:54:06
● 2026-05-11 02:23:52

🔍 DNS Trace

📋 Delegation Chain

Zone	Nameservers	Glue
com	l.gtld-servers.net, j.gtld-servers.net, h.gtld-servers.net, d.gtld-servers.net...	-
redteam-ioc-test.com	jill.ns.cloudflare.com, kip.ns.cloudflare.com	12 records

✅ Authoritative Response

Server:108.162.192.122

NS records: jill.ns.cloudflare.com, kip.ns.cloudflare.com

🔒 DNSSEC Status

🔐 Secure (DNSSEC validated)

Chain of trust verified from root to domain

⏱️ Timing

Total: 255ms | Queries: -

📄 Records

Type	Count	Sample Data
A	2	`104.21.15.185, 172.67.163.196`
AAAA	2	`2606:4700:3037::ac43:a3c4, 2606:4700:3034::6815:fb9`
NS	2	`jill.ns.cloudflare.com, kip.ns.cloudflare.com`
TXT	1	`ca3-91871583c7b94975aa068c6d25b56494`
HTTPS	1	`{"priority":1,"target":".","alpn":["h3",`
SOA	1	`jill.ns.cloudflare.com dns.cloudflare.co`

📌 Glue Records Collected

Total: 12

Out-of-bailiwick: 12 (jill.ns.cloudflare.com, jill.ns.cloudflare.com, jill.ns.cloudflare.com...)

Analysis

IP Addresses

redteam-ioc-test.com maps to four IP numbers: 2606:4700:3034::6815:fb9, 2606:4700:3037::ac43:a3c4, 104.21.15.185 and 172.67.163.196.

other host names include nikioporsesh.tatblog.ir, ns1.misr365.net, chasebet-au.net, olx.pi-32656433.rest and pppcouncil.ca; they share IP numbers with redteam-ioc-test.com.

Name Servers

Two name servers jill.ns.cloudflare.com and kip.ns.cloudflare.com handle the delegation for redteam-ioc-test.com.

redteam-ioc-test.com shares the same name server setup as other domains, for instance geoisp.com, eatseasonably.co.uk, opentibia.pl, kdkschickenandwaffles.com and culthub.com.

redteam-ioc-test.com at least partially shares name servers with other domains, for instance blackhandmusic.net, apodacapromotions.com, ncev.com.au, abea.co.jp and 90866.cc.

These name servers are commonly used alongside roman.ns.cloudflare.com, andy.ns.cloudflare.com and cody.ns.cloudflare.com.

Six IP addresses per host:

jill.ns.cloudflare.com points to 2606:4700:50::adf5:3a7a, 2803:f800:50::6ca2:c07a, 2a06:98c1:50::ac40:207a, 108.162.192.122, 172.64.32.122 and 173.245.58.122; kip.ns.cloudflare.com points to 2606:4700:58::adf5:3b80, 2803:f800:50::6ca2:c180, 2a06:98c1:50::ac40:2180, 108.162.193.128, 172.64.33.128 and 173.245.59.128

redteam-ioc-test.com - robtex.com