`sayhellotomalware.shop`

DNSSEC	⚠️ Not signed
A	127.0.0.1
NS	`dns1.registrar-servers.com` ⭐
		A	2610:a1:1024::200^{🇺🇸 MAINT-ID-120082610:a1:1024::/48 Neustar}
			PTR	`dns1.namecheaphosting.com`
			PTR	`dns1.registrar-servers.com`
		A	156.154.132.200^{🇺🇸 MAINT-ID-12008156.154.132.0/24 Neustar}
			PTR	`dns1.namecheaphosting.com`
			PTR	`dns1.registrar-servers.com`
NS	`dns2.registrar-servers.com`
		A	2610:a1:1025::200^{🇺🇸 MAINT-ID-120082610:a1:1025::/48 Neustar}
			PTR	`dns2.namecheaphosting.com`
			PTR	`dns2.registrar-servers.com`
		A	156.154.133.200^{🇺🇸 MAINT-ID-12008156.154.133.0/24 Neustar}
			PTR	`dns2.namecheaphosting.com`
			PTR	`dns2.registrar-servers.com`
MX	`eforward1.registrar-servers.com` ⭐
		A	162.255.118.51^{🇺🇸 NAMCHEAP-PH162.255.118.0/24 Namecheap, Inc. 11400 W. Olympic Blvd. Suite 200 Los Angeles, CA 90064 UNITED STATES}
			PTR	`eforward1.registrar-servers.com`
			PTR	`eforward3.registrar-servers.com`
MX	`eforward2.registrar-servers.com` ⭐
		A	162.255.118.52^{🇺🇸 NAMCHEAP-PH162.255.118.0/24 Namecheap, Inc. 11400 W. Olympic Blvd. Suite 200 Los Angeles, CA 90064 UNITED STATES}
			PTR	`eforward2.registrar-servers.com`
MX	`eforward3.registrar-servers.com` ⭐
		A	162.255.118.51^{🇺🇸 NAMCHEAP-PH162.255.118.0/24 Namecheap, Inc. 11400 W. Olympic Blvd. Suite 200 Los Angeles, CA 90064 UNITED STATES}
			PTR	`eforward1.registrar-servers.com`
			PTR	`eforward3.registrar-servers.com`
MX	`eforward4.registrar-servers.com`⁽¹⁵⁾
		A	162.255.118.52^{🇺🇸 NAMCHEAP-PH162.255.118.0/24 Namecheap, Inc. 11400 W. Olympic Blvd. Suite 200 Los Angeles, CA 90064 UNITED STATES}
			PTR	`eforward2.registrar-servers.com`
MX	`eforward5.registrar-servers.com`⁽²⁰⁾
		A	162.255.118.51^{🇺🇸 NAMCHEAP-PH162.255.118.0/24 Namecheap, Inc. 11400 W. Olympic Blvd. Suite 200 Los Angeles, CA 90064 UNITED STATES}
			PTR	`eforward1.registrar-servers.com`
			PTR	`eforward3.registrar-servers.com`
TXT	`v=spf1 include:spf.efwd.registrar-servers.com ~all`
SOA	`dns1.registrar-servers.com`hostmaster@registrar-servers.com serial=1753904474

`shop`

	DNSSEC	🔒 Signed (DS record present)
	NS	`a.gmoregistry.net` ⭐
	NS	`b.gmoregistry.net`
	NS	`k.gmoregistry.net`
	NS	`l.gmoregistry.net`
	SOA	`a.gmoregistry.net`noc@gmoregistry.net serial=1778678417

Same first word

sayhellotomalware.shop

DNS History

8 records (8 active, 0 former)

●NSdns1.registrar-servers.com2026-05-08 → 2026-05-13 · 2 obs

● 2026-05-08 17:57:56
● 2026-05-13 13:43:56

●NSdns2.registrar-servers.com2026-05-08 → 2026-05-13 · 2 obs

● 2026-05-08 17:57:56
● 2026-05-13 13:43:56

●MXeforward1.registrar-servers.com2026-05-08 → 2026-05-13 · 2 obs

● 2026-05-08 17:57:56
● 2026-05-13 13:43:56

●MXeforward2.registrar-servers.com2026-05-08 → 2026-05-13 · 2 obs

● 2026-05-08 17:57:56
● 2026-05-13 13:43:56

●MXeforward3.registrar-servers.com2026-05-08 → 2026-05-13 · 2 obs

● 2026-05-08 17:57:56
● 2026-05-13 13:43:56

●MXeforward4.registrar-servers.com2026-05-08 → 2026-05-13 · 2 obs

● 2026-05-08 17:57:56
● 2026-05-13 13:43:56

●MXeforward5.registrar-servers.com2026-05-08 → 2026-05-13 · 2 obs

● 2026-05-08 17:57:56
● 2026-05-13 13:43:56

●A127.0.0.12026-05-08 → 2026-05-13 · 2 obs

● 2026-05-08 17:57:56
● 2026-05-13 13:43:56

🔍 DNS Trace

📋 Delegation Chain

Zone	Nameservers	Glue
shop	l.gmoregistry.net, b.gmoregistry.net, a.gmoregistry.net, k.gmoregistry.net	7 records
sayhellotomalware.shop	dns1.registrar-servers.com, dns2.registrar-servers.com	-

✅ Authoritative Response

Server:156.154.133.200

NS records: dns1.registrar-servers.com, dns2.registrar-servers.com

🔒 DNSSEC Status

⚠️ Insecure (no DNSSEC)

No DS record for sayhellotomalware.shop (unsigned zone)

⏱️ Timing

Total: 3325ms | Queries: -

📄 Records

Type	Count	Sample Data
A	1	`127.0.0.1`
NS	2	`dns1.registrar-servers.com, dns2.registrar-servers.com`
MX	5	`eforward1.registrar-servers.com (pri: 10, eforward2.registrar-servers.com (pri: 10...`
TXT	1	`v=spf1 include:spf.efwd.registrar-server`
SOA	1	`dns1.registrar-servers.com hostmaster.re`

📌 Glue Records Collected

Total: 7

Out-of-bailiwick: 7 (l.gmoregistry.net, k.gmoregistry.net, b.gmoregistry.net...)

Analysis

IP Addresses

sayhellotomalware.shop maps to IP address 127.0.0.1.

Other host names, for instance little-wwlk.applinzi.com, mail.svd.fr, mail.rechtsanwalt-mietrecht.ch, 254.245.200.static.quadranet.com and friendface.ca share IP numbers with sayhellotomalware.shop.

Name Servers

Two name servers dns1.registrar-servers.com and dns2.registrar-servers.com are delegated to sayhellotomalware.shop.

sayhellotomalware.shop uses the same name server configuration as other domains, such as arctosis.com, jibonsongi.com, jeffcanada.dev, viorn.com and cslsc.org.

sayhellotomalware.shop at least partially shares name servers with other domains such as finibusterrae.com, rogeliosamson.com, flipforum.com, alohathrive.com and coinfest.co.

These name servers are commonly used alongside dns3.registrar-servers.com, dns4.registrar-servers.com and dns5.registrar-servers.com.

Host names with two IPs:

dns1.registrar-servers.com points to 2610:a1:1024::200 and 156.154.132.200.

dns2.registrar-servers.com points to 2610:a1:1025::200 and 156.154.133.200.

Mail Servers

sayhellotomalware.shop is handled by five mail servers: eforward1.registrar-servers.com, eforward2.registrar-servers.com, eforward3.registrar-servers.com, eforward4.registrar-servers.com and eforward5.registrar-servers.com.

sayhellotomalware.shop shares mail servers with other domains at least in part, for instance 5minutesummaries.com, spcmnet.com, terms.guru, cognitivecloud.org and fly-ria.com.