CF1760850391767-tsm20251017082432

WWW.RTSAK.COM - threat.actor

Search for IP or hostnames:

threat.actor checked at 2025-10-19T05:06:31.754Z 175ms 99/99/99 100% R:14

threat.actor

NSdns1.registrar-servers.com
A2610:a1:1024::200 ๐Ÿ‡บ๐Ÿ‡ธ Neustar
PTRdns1.namecheaphosting.com
PTRdns1.registrar-servers.com
A156.154.132.200๐Ÿ‡บ๐Ÿ‡ธ Neustar
PTRdns1.namecheaphosting.com
PTRdns1.registrar-servers.com
NSdns2.registrar-servers.com
A2610:a1:1025::200 ๐Ÿ‡บ๐Ÿ‡ธ Neustar
PTRdns2.namecheaphosting.com
PTRdns2.registrar-servers.com
A156.154.133.200๐Ÿ‡บ๐Ÿ‡ธ Neustar
PTRdns2.namecheaphosting.com
PTRdns2.registrar-servers.com
MXthreat-actor.mail.protection.outlook.com
A2a01:111:f403:c902::14 ๐Ÿ‡บ๐Ÿ‡ธ Microsoft
PTRmail-byapr04cu00204.inbound.protection.outlook.com
A2a01:111:f403:c922::1 ๐Ÿ‡บ๐Ÿ‡ธ Microsoft
PTRmail-bl0pr05cu00501.inbound.protection.outlook.com
A2a01:111:f403:c946::3 ๐Ÿ‡บ๐Ÿ‡ธ Microsoft
PTRmail-ch0pr04cu00603.inbound.protection.outlook.com
A2a01:111:f403:f90f:: ๐Ÿ‡บ๐Ÿ‡ธ Microsoft
PTRmail-sa9pr04cu00100.inbound.protection.outlook.com
A52.101.9.11๐Ÿ‡บ๐Ÿ‡ธ Microsoft
PTRmail-bl2pr04cu00103.inbound.protection.outlook.com
A52.101.11.2๐Ÿ‡บ๐Ÿ‡ธ Microsoft
PTRmail-sn1pr03cu00102.inbound.protection.outlook.com
A52.101.40.2๐Ÿ‡บ๐Ÿ‡ธ Microsoft
PTRmail-cy1pr05cu00402.inbound.protection.outlook.com
A52.101.41.21๐Ÿ‡บ๐Ÿ‡ธ Microsoft
PTRmail-sj2pr05cu00305.inbound.protection.outlook.com
A34.174.57.102๐Ÿ‡บ๐Ÿ‡ธ Google
PTR102.57.174.34.bc.googleusercontent.com

actor

NSv0n0.nic.actor
NSv0n1.nic.actor
NSv0n2.nic.actor
NSv0n3.nic.actor
NSv2n0.nic.actor
NSv2n1.nic.actor

Starts with same word

Starts similarily

AI analysis

threat.actor points to an IP address: 34.174.57.102.

Other host names, for instance iamoffensive.com and 102.57.174.34.bc.googleusercontent.com, share IP numbers with threat.actor.

Two name servers dns1.registrar-servers.com and dns2.registrar-servers.com handle the delegation for threat.actor.

threat.actor shares the same name server setup as other domains, for instance spaspremium.com, clea.red, swsa.co, mbscpa.com and yannashtali.com.

threat.actor at least partially shares name servers with other domains, for instance doctorssecretseries.com, metroprewalk.com, likeamop.com, xzl.ca and raydedicoat.com.

These name servers are commonly used alongside dns3.registrar-servers.com, dns4.registrar-servers.com and dns5.registrar-servers.com.

Host names with two IP numbers:

dns1.registrar-servers.com points to 2610:a1:1024::200 and 156.154.132.200.

dns2.registrar-servers.com points to 2610:a1:1025::200 and 156.154.133.200.

threat.actor is handled by a single mail server, threat-actor.mail.protection.outlook.com.

Hostname threat-actor.mail.protection.outlook.com resolves to eight IP numbers: 2a01:111:f403:c902::14, 2a01:111:f403:c922::1, 2a01:111:f403:c946::3, 2a01:111:f403:f90f::, 52.101.9.11, 52.101.11.2, 52.101.40.2 and 52.101.41.21.

Perform reverse DNS lookup as well as normal forward DNS. Check Autonomous System Numbers (ASNs) and BGP connections between Internet Service Providers.
dbq

rnXLKVP CF johedugfp 2025-10-19