suspicious-coinbase.com - robtex.com

suspicious-coinbase.com

DNSSEC⚠️ Not signed
A2606:4700:3035::6815:205bπŸ‡ΊπŸ‡Έ Cloudflare2606:4700:3035::/48 , Inc. 101 Townsend Street, San Francisco, California 94107, US βœ“ In HTTPS hints
A2606:4700:3037::ac43:b950πŸ‡ΊπŸ‡Έ Cloudflare2606:4700:3037::/48 , Inc. 101 Townsend Street, San Francisco, California 94107, US βœ“ In HTTPS hints
A104.21.32.91Cloudflare104.21.32.0/20 , Inc. 101 Townsend Street, San Francisco, California 94107, US βœ“ In HTTPS hints
A172.67.185.80πŸ‡ΊπŸ‡Έ Cloudflare172.67.176.0/20 , Inc. 101 Townsend Street, San Francisco, California 94107, US βœ“ In HTTPS hints
NSashley.ns.cloudflare.com ⭐
A2606:4700:50::adf5:3a47πŸ‡ΊπŸ‡Έ Cloudflare2606:4700:50::/44 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRashley.ns.cloudflare.com
A2803:f800:50::6ca2:c047πŸ‡¨πŸ‡· Cloudflare2803:f800:50::/45 LACNIC generated route6 for CloudFlare Latin America S.R.L
PTRashley.ns.cloudflare.com
A2a06:98c1:50::ac40:2047πŸ‡ΊπŸ‡Έ Cloudflare2a06:98c1:50::/45
PTRashley.ns.cloudflare.com
A108.162.192.71πŸ‡ΊπŸ‡Έ Cloudflare108.162.192.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRashley.ns.cloudflare.com
A172.64.32.71πŸ‡ΊπŸ‡Έ Cloudflare172.64.32.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRashley.ns.cloudflare.com
A173.245.58.71πŸ‡ΊπŸ‡Έ Cloudflare173.245.58.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRashley.ns.cloudflare.com
NStodd.ns.cloudflare.com
A2606:4700:58::adf5:3b92πŸ‡ΊπŸ‡Έ Cloudflare2606:4700:50::/44 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRtodd.ns.cloudflare.com
A2803:f800:50::6ca2:c192πŸ‡¨πŸ‡· Cloudflare2803:f800:50::/45 LACNIC generated route6 for CloudFlare Latin America S.R.L
PTRtodd.ns.cloudflare.com
A2a06:98c1:50::ac40:2192πŸ‡ΊπŸ‡Έ Cloudflare2a06:98c1:50::/45
PTRtodd.ns.cloudflare.com
A108.162.193.146πŸ‡ΊπŸ‡Έ Cloudflare108.162.193.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRtodd.ns.cloudflare.com
A172.64.33.146πŸ‡ΊπŸ‡Έ Cloudflare172.64.33.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRtodd.ns.cloudflare.com
A173.245.59.146πŸ‡ΊπŸ‡Έ Cloudflare173.245.59.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRtodd.ns.cloudflare.com
HTTPSHTTP/3, HTTP/2 βœ“ hints match
IPv4 hints104.21.32.91, 172.67.185.80
IPv6 hints2606:4700:3035::6815:205b, 2606:4700:3037::ac43:b950
ECHX25519, HKDF-SHA256 + AES-128-GCM draft, id=231, name=cloudflare-ech.com
SOAashley.ns.cloudflare.comdns@cloudflare.com serial=2400988430

com

DNSSECπŸ”’ Signed (DS record present)
NSa.gtld-servers.net ⭐
NSb.gtld-servers.net
NSc.gtld-servers.net
NSd.gtld-servers.net
NSe.gtld-servers.net
NSf.gtld-servers.net
NSg.gtld-servers.net
NSh.gtld-servers.net
NSi.gtld-servers.net
NSj.gtld-servers.net
NSk.gtld-servers.net
NSl.gtld-servers.net
NSm.gtld-servers.net
SOAa.gtld-servers.netnstld@verisign-grs.com serial=1778524296
⚠️ On DNS blocklist: tif

Same first word

suspicious-coinbase.com

DNS History

6 records (6 active, 0 former)

NSashley.ns.cloudflare.comtodd.ns.cloudflare.comA104.21.32.91172.67.185.802606:4700:3035::6815:205b2606:4700:3037::ac43:b950
●NSashley.ns.cloudflare.com2026-04-12 β†’ 2026-05-11 Β· 2 obs
● 2026-04-12 23:37:04
● 2026-05-11 18:58:28
●NStodd.ns.cloudflare.com2026-04-12 β†’ 2026-05-11 Β· 2 obs
● 2026-04-12 23:37:04
● 2026-05-11 18:58:28
●A104.21.32.912026-04-12 β†’ 2026-05-11 Β· 2 obs
● 2026-04-12 23:37:04
● 2026-05-11 18:58:28
●A172.67.185.802026-04-12 β†’ 2026-05-11 Β· 2 obs
● 2026-04-12 23:37:04
● 2026-05-11 18:58:28
●A2606:4700:3035::6815:205b2026-04-12 β†’ 2026-05-11 Β· 2 obs
● 2026-04-12 23:37:04
● 2026-05-11 18:58:28
●A2606:4700:3037::ac43:b9502026-04-12 β†’ 2026-05-11 Β· 2 obs
● 2026-04-12 23:37:04
● 2026-05-11 18:58:28

πŸ” DNS Trace

πŸ“‹ Delegation Chain

ZoneNameserversGlue
coma.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net...-
suspicious-coinbase.comtodd.ns.cloudflare.com, ashley.ns.cloudflare.com12 records

βœ… Authoritative Response

Server:108.162.192.71

NS records: todd.ns.cloudflare.com, ashley.ns.cloudflare.com

πŸ”’ DNSSEC Status

⚠️ Insecure (no DNSSEC)

No DS record for suspicious-coinbase.com (unsigned zone)

⏱️ Timing

Total: 147ms | Queries: -

πŸ“„ Records

TypeCountSample Data
A2172.67.185.80, 104.21.32.91
AAAA22606:4700:3035::6815:205b, 2606:4700:3037::ac43:b950
NS2ashley.ns.cloudflare.com, todd.ns.cloudflare.com
HTTPS1{"priority":1,"target":".","alpn":["h3",
SOA1ashley.ns.cloudflare.com dns.cloudflare.

πŸ“Œ Glue Records Collected

Total: 12

Out-of-bailiwick: 12 (todd.ns.cloudflare.com, todd.ns.cloudflare.com, todd.ns.cloudflare.com...)

Analysis

IP Addresses

suspicious-coinbase.com maps to four IP numbers: 2606:4700:3035::6815:205b, 2606:4700:3037::ac43:b950, 104.21.32.91 and 172.67.185.80.

Other host names, for instance rickynunez.top, beubeu.fr, intellinet-network.com, adsservices.uk and ns2.armorcoded.net share IP numbers with suspicious-coinbase.com.

Name Servers

Two name servers ashley.ns.cloudflare.com and todd.ns.cloudflare.com are delegated to suspicious-coinbase.com.

suspicious-coinbase.com uses the same name server configuration as other domains, such as meta-adspro.com, pr-en1firstsecure.pages.dev, villamarketim.com.tr, thewordnerd.info and vang-24h.com.vn.

suspicious-coinbase.com at least partially shares name servers with other domains such as jig.media, casinospelare.nu, autino.pl, onequity.com and fantut.ru.

these name servers are commonly used with the name servers brodie.ns.cloudflare.com.

Host names with six IP numbers: Host name ashley.ns.cloudflare.com points to 2606:4700:50::adf5:3a47, 2803:f800:50::6ca2:c047, 2a06:98c1:50::ac40:2047, 108.162.192.71, 172.64.32.71 and 173.245.58.71; host name todd.ns.cloudflare.com points to 2606:4700:58::adf5:3b92, 2803:f800:50::6ca2:c192, 2a06:98c1:50::ac40:2192, 108.162.193.146, 172.64.33.146 and 173.245.59.146.