3rdattackgroup.org - robtex.com

3rdattackgroup.org

DNSSEC⚠️ Not signed
A2606:4700:3030::6815:5509πŸ‡ΊπŸ‡Έ Cloudflare2606:4700:3030::/48 , Inc. 101 Townsend Street, San Francisco, California 94107, US βœ“ In HTTPS hints
A2606:4700:3034::ac43:c870πŸ‡ΊπŸ‡Έ Cloudflare2606:4700:3034::/48 , Inc. 101 Townsend Street, San Francisco, California 94107, US βœ“ In HTTPS hints
A104.21.85.9Cloudflare104.21.80.0/20 , Inc. 101 Townsend Street, San Francisco, California 94107, US βœ“ In HTTPS hints
A172.67.200.112πŸ‡ΊπŸ‡Έ Cloudflare172.67.192.0/20 , Inc. 101 Townsend Street, San Francisco, California 94107, US βœ“ In HTTPS hints
NScandy.ns.cloudflare.com ⭐
A2606:4700:50::adf5:3a4fπŸ‡ΊπŸ‡Έ Cloudflare2606:4700:50::/44 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRcandy.ns.cloudflare.com
A2803:f800:50::6ca2:c04fπŸ‡¨πŸ‡· Cloudflare2803:f800:50::/45 LACNIC generated route6 for CloudFlare Latin America S.R.L
PTRcandy.ns.cloudflare.com
A2a06:98c1:50::ac40:204fπŸ‡ΊπŸ‡Έ Cloudflare2a06:98c1:50::/45
PTRcandy.ns.cloudflare.com
A108.162.192.79πŸ‡ΊπŸ‡Έ Cloudflare108.162.192.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRcandy.ns.cloudflare.com
A172.64.32.79πŸ‡ΊπŸ‡Έ Cloudflare172.64.32.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRcandy.ns.cloudflare.com
A173.245.58.79πŸ‡ΊπŸ‡Έ Cloudflare173.245.58.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRcandy.ns.cloudflare.com
NSjonah.ns.cloudflare.com
A2606:4700:58::adf5:3bbaπŸ‡ΊπŸ‡Έ Cloudflare2606:4700:50::/44 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRjonah.ns.cloudflare.com
A2803:f800:50::6ca2:c1baπŸ‡¨πŸ‡· Cloudflare2803:f800:50::/45 LACNIC generated route6 for CloudFlare Latin America S.R.L
PTRjonah.ns.cloudflare.com
A2a06:98c1:50::ac40:21baπŸ‡ΊπŸ‡Έ Cloudflare2a06:98c1:50::/45
PTRjonah.ns.cloudflare.com
A108.162.193.186πŸ‡ΊπŸ‡Έ Cloudflare108.162.193.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRjonah.ns.cloudflare.com
A172.64.33.186πŸ‡ΊπŸ‡Έ Cloudflare172.64.33.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRjonah.ns.cloudflare.com
A173.245.59.186πŸ‡ΊπŸ‡Έ Cloudflare173.245.59.0/24 , Inc. 101 Townsend Street, San Francisco, California 94107, US
PTRjonah.ns.cloudflare.com
HTTPSHTTP/3, HTTP/2 βœ“ hints match
IPv4 hints104.21.85.9, 172.67.200.112
IPv6 hints2606:4700:3030::6815:5509, 2606:4700:3034::ac43:c870
ECHX25519, HKDF-SHA256 + AES-128-GCM draft, id=43, name=cloudflare-ech.com
SOAcandy.ns.cloudflare.comdns@cloudflare.com serial=2401792619

org

DNSSECπŸ”’ Signed (DS record present)
NSa0.org.afilias-nst.info ⭐ ⚠️ Not in parent delegation
NSa2.org.afilias-nst.info ⚠️ Not in parent delegation
NSb0.org.afilias-nst.org
NSb2.org.afilias-nst.org
NSc0.org.afilias-nst.info ⚠️ Not in parent delegation
NSd0.org.afilias-nst.org
SOAa0.org.afilias-nst.infohostmaster@donuts.email serial=1778617019

Same first word

3rdattackgroup.org

DNS History

17 records (6 active, 11 former)

20162017201820192020202120222023202420252026NScandy.ns.cloudflare.comjonah.ns.cloudflare.compdns1.ultradns.netpdns2.ultradns.netpdns3.ultradns.orgpdns4.ultradns.orgpdns5.ultradns.infopdns6.ultradns.co.ukA104.21.85.9172.67.200.1122606:4700:3030::6815:55092606:4700:3034::ac43:c870104.27.160.104104.27.161.1042400:cb00:2048:1::681b:a0682400:cb00:2048:1::681b:a16872.52.4.95
●NScandy.ns.cloudflare.com2015-11-01 β†’ 2026-05-12 Β· 3 obs
β—‹ 2015-06-26 05:20:52
● 2015-11-01 16:07:38
● 2026-05-12 20:27:02
●NSjonah.ns.cloudflare.com2015-11-01 β†’ 2026-05-12 Β· 3 obs
β—‹ 2015-06-26 05:20:52
● 2015-11-01 16:07:38
● 2026-05-12 20:27:02
β—‹NSpdns1.ultradns.net2015-06-26 β†’ 2015-06-26 Β· 3 obs
● 2015-06-26 05:20:52
β—‹ 2015-11-01 16:07:38
β—‹ 2026-05-12 20:27:02
β—‹NSpdns2.ultradns.net2015-06-26 β†’ 2015-06-26 Β· 3 obs
● 2015-06-26 05:20:52
β—‹ 2015-11-01 16:07:38
β—‹ 2026-05-12 20:27:02
β—‹NSpdns3.ultradns.org2015-06-26 β†’ 2015-06-26 Β· 3 obs
● 2015-06-26 05:20:52
β—‹ 2015-11-01 16:07:38
β—‹ 2026-05-12 20:27:02
β—‹NSpdns4.ultradns.org2015-06-26 β†’ 2015-06-26 Β· 3 obs
● 2015-06-26 05:20:52
β—‹ 2015-11-01 16:07:38
β—‹ 2026-05-12 20:27:02
β—‹NSpdns5.ultradns.info2015-06-26 β†’ 2015-06-26 Β· 3 obs
● 2015-06-26 05:20:52
β—‹ 2015-11-01 16:07:38
β—‹ 2026-05-12 20:27:02
β—‹NSpdns6.ultradns.co.uk2015-06-26 β†’ 2015-06-26 Β· 3 obs
● 2015-06-26 05:20:52
β—‹ 2015-11-01 16:07:38
β—‹ 2026-05-12 20:27:02
●A104.21.85.92026-04-14 β†’ 2026-05-12 Β· 3 obs
β—‹ 2017-01-08 13:46:28
● 2026-04-14 11:33:24
● 2026-05-12 20:27:02
β—‹A104.27.160.1042015-11-01 β†’ 2017-01-08 Β· 5 obs
β—‹ 2015-06-26 05:20:52
● 2015-11-01 16:07:38
● 2017-01-08 13:46:28
β—‹ 2026-04-14 11:33:24
β—‹ 2026-05-12 20:27:02
β—‹A104.27.161.1042015-11-01 β†’ 2017-01-08 Β· 5 obs
β—‹ 2015-06-26 05:20:52
● 2015-11-01 16:07:38
● 2017-01-08 13:46:28
β—‹ 2026-04-14 11:33:24
β—‹ 2026-05-12 20:27:02
●A172.67.200.1122026-04-14 β†’ 2026-05-12 Β· 3 obs
β—‹ 2017-01-08 13:46:28
● 2026-04-14 11:33:24
● 2026-05-12 20:27:02
β—‹A2400:cb00:2048:1::681b:a0682015-11-01 β†’ 2017-01-08 Β· 5 obs
β—‹ 2015-06-26 05:20:52
● 2015-11-01 16:07:38
● 2017-01-08 13:46:28
β—‹ 2026-04-14 11:33:24
β—‹ 2026-05-12 20:27:02
β—‹A2400:cb00:2048:1::681b:a1682015-11-01 β†’ 2017-01-08 Β· 5 obs
β—‹ 2015-06-26 05:20:52
● 2015-11-01 16:07:38
● 2017-01-08 13:46:28
β—‹ 2026-04-14 11:33:24
β—‹ 2026-05-12 20:27:02
●A2606:4700:3030::6815:55092026-04-14 β†’ 2026-05-12 Β· 3 obs
β—‹ 2017-01-08 13:46:28
● 2026-04-14 11:33:24
● 2026-05-12 20:27:02
●A2606:4700:3034::ac43:c8702026-04-14 β†’ 2026-05-12 Β· 3 obs
β—‹ 2017-01-08 13:46:28
● 2026-04-14 11:33:24
● 2026-05-12 20:27:02
β—‹A72.52.4.952015-06-26 β†’ 2015-06-26 Β· 3 obs
● 2015-06-26 05:20:52
β—‹ 2015-11-01 16:07:38
β—‹ 2026-05-12 20:27:02

πŸ” DNS Trace

πŸ“‹ Delegation Chain

ZoneNameserversGlue
orgb0.org.afilias-nst.org, b2.org.afilias-nst.org, d0.org.afilias-nst.org-
3rdattackgroup.orgjonah.ns.cloudflare.com, candy.ns.cloudflare.com-

βœ… Authoritative Response

Server:173.245.58.79

NS records: jonah.ns.cloudflare.com, candy.ns.cloudflare.com

πŸ”’ DNSSEC Status

⚠️ Insecure (no DNSSEC)

No DS record for 3rdattackgroup.org (unsigned zone)

⏱️ Timing

Total: 975ms | Queries: -

πŸ“„ Records

TypeCountSample Data
A2172.67.200.112, 104.21.85.9
AAAA22606:4700:3030::6815:5509, 2606:4700:3034::ac43:c870
NS2candy.ns.cloudflare.com, jonah.ns.cloudflare.com
HTTPS1{"priority":1,"target":".","alpn":["h3",
SOA1candy.ns.cloudflare.com dns.cloudflare.c

Analysis

IP Addresses

Four IP numbers are pointed to by 3rdattackgroup.org: 2606:4700:3030::6815:5509, 2606:4700:3034::ac43:c870, 104.21.85.9 and 172.67.200.112.

other host names including status.bholmes.net, www.dahrouge.com, alfia-europe.com, losangelesgalaxyfansclub.com and idy01.com share IP numbers with 3rdattackgroup.org.

Name Servers

3rdattackgroup.org is delegated to two name servers candy.ns.cloudflare.com and jonah.ns.cloudflare.com.

3rdattackgroup.org shares the same name server setup as other domains, for instance crypxq.com, crypzz.vip, plusminus.io, crypqq.com and crypbwn.com.

3rdattackgroup.org at least partially shares name servers with other domains, for instance external-intelligence.com, usafp.org, krabi5.cc, dailyblogsupdate.com and womenintheworld.net.

These name servers are commonly used alongside henry.ns.cloudflare.com and andy.ns.cloudflare.com.

Host names with six IP numbers:

Host name candy.ns.cloudflare.com points to: 2606:4700:50::adf5:3a4f, 2803:f800:50::6ca2:c04f, 2a06:98c1:50::ac40:204f, 108.162.192.79, 172.64.32.79 and 173.245.58.79.

Host name jonah.ns.cloudflare.com points to: 2606:4700:58::adf5:3bba, 2803:f800:50::6ca2:c1ba, 2a06:98c1:50::ac40:21ba, 108.162.193.186, 172.64.33.186 and 173.245.59.186.