Some dumps from us looking for patterns, but could not find any.
Sources of whois history include:
- whois-history.whoisxmlapi.com/ from whoisXMLAPI. Notably they also have historical reverse WHOIS... tools.whoisxmlapi.com/reverse-whois-search but it needs credits. TODO we need to squeeze this a but further at some point.
When that data comes in JSON format as from whoisXMLAPI, we are going to just dump it in github.com/cirosantilli/media/blob/master/cia-2010-covert-communication-websites/whois.json
The vast majority of domains seem to be registered either via domainsbyproxy.com which likely intgrates with Godaddy and is widely used, and seems to give zero infromation at all about the registrar.
A much smaller number however uses other methods, some of which sometimes leak a little bit of data:Big question: webmasters.stackexchange.com/questions/13237/how-do-you-view-domain-whois-history DomainTools also has it.
- Network Solutions, LLC. These sometimes give a tiny bit of information: one name. Other times they are hidden behind Perfect Privacy, LLC. Examples>Pulley, Tammy
- alljohnny.net: L. Glaze. tools.whoisxmlapi.com/reverse-whois-search "Glaze, L." has
- webstorageforme.com. web.archive.org/web/20130917230604/http://webstorageforme.com/ broken, cqcounter.com/whois/www/webstorageforme.com.html blank
- welcometonyc.net. Hit!
- international-smallbusiness.com. Same IP as alljohnny.net and quite possibly hit..
- alljohnny.com. Hit!
- locateontheweb.com. cqcounter.com/whois/www/locateontheweb.com.html broken/test page
- rolling-in-rapids.com. web.archive.org/web/20111101080224/rolling-in-rapids.com no archives but cqcounter.com/whois/www/rolling-in-rapids.com.html hit style! viewdns.info/iphistory/?domain=rolling-in-rapids.com puts it at:
- 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2014-01-31
- 65.218.91.9 United States UUNET 2013-12-20 so matchwith welcometonyc.com but not listed at viewdns.info/reverseip/?t=1&host=65.218.91.9 because of the viewdns.info reverse IP bug!
- differentviewtoday.com: tools.whoisxmlapi.com/whois-history-search kind of empty no name
but presumably these are the names of employees of the company? We are yet to see two identical names however, which also suggests fake names. Network Solutions appears to offer both hosting and domain registration, and the CIA seems to have used this service combo a lot.- golf-on-holiday.com: Pulley, Tammy. No tools.whoisxmlapi.com/whois-history-search reverse hits.
- intoworldnews.com: Benjamin McGrew. Only that hit for reverse name at tools.whoisxmlapi.com/reverse-whois-search
- magneticfieldnews.com: Sarah Lowell tools.whoisxmlapi.com/reverse-whois-search has 9 domains
- sarahlowell.com: web.archive.org/web/20110208130657/http://sarahlowell.com/ Yoga instructor.
- puppychallengesacademy.com
- sarahlowelldogtraining.com
- puppychallenges.com. web.archive.org/web/20130517151924/http://puppychallenges.com/ wordpress.
- puppychallenges.net
- realwomensduathlon.com. No archives of era: web.archive.org/web/20180808101430/http://realwomensduathlon.com/
- magneticfieldnews.com. Hit.
- highflyingagility.com. Legit? Service offer.
- ropies.com. web.archive.org/web/20111101080224/http://ropies.com/
- medicatechinfo.com: Jason Noll. Has the following hits at tools.whoisxmlapi.com/reverse-whois-search
- dreamschemedesigns.com. Legit
- dreamschemedesigns.net
- aviationturbinesinternational.com. No relevant archives.
- garysluhan.com. Seems legit.
- cjlogic.com: registrar Godaddy (not Network Services!) and contact:
Noll, Jason noll.jason@gmail.com 104 Southridge Ct. Marthasville, Missouri 63357 United States (660) 441-0780 Fax -- - medicatechinfo.com. Hit.
- health-men-today.com. Hit. Holy fuck it has two hits out of 7!!!
- mydailynewsreport.com: Rebecca Melancon on tools.whoisxmlapi.com/reverse-whois-search:
- rebecca-melancon.com. web.archive.org/web/20180808172531/http://rebecca-melancon.com/ pilates teacher
- swlabuyahome.net
- swlalistmyhome.net
- rebeccaworking4yousite.com
- mylakecharlescityguide.com
- swlalistmyhome.com
- rebeccaworking4you.com
- swlabuyahome.com
- calcasieuhouses.com web.archive.org/web/20111013212502/http://calcasieuhouses.com/. Wordpress. Copyright Rebecca Melancon, Equal Housing Opportunity.
Message from Rebecca
Welcome to Calcasieu Houses! Here you will find not only information about Real Estate in Calcasieu Parish & the Lake Charles area, but also information about the area itself. I am constantly adding content so please check back often. I can help you with relocation, buying, selling, as well as looking for a great restaurant or a new activity to do! There will be information on Lake Charles, Sulphur, Westlake, & Moss Bluff. If you have something you would like to see added to the website, please feel free to contact me!
- mydailynewsreport.com. Hit.
- plugged-into-news.net: Godfrey Hubbard. Searching tools.whoisxmlapi.com/reverse-whois-search for two terms "Godfrey" "Hubbard" gives a small list of 20 domains including plugged-into-news.net. They all appear to have both words in them. Searching just "Hubbard, Godfrey" has only 3 hits:so it seems to match the strings exactly!
- hubbardgodfrey.online
- plugged-into-news.net
- hubbardgodfrey.com
- alljohnny.net: L. Glaze. tools.whoisxmlapi.com/reverse-whois-search "Glaze, L." has
- godaddy without domainsbyproxy.com: a few of the websites are registered in Godaddy without domainsbyproxy. These might be the ones that gives out the most information:
- baocontact.com
How on Earth did did Citizen Labs find what seems to be a DNS fingerprint??? Are there simply some very rare badly registered domains? What did they see!
whoisxmlapi WHOIS history April 11, 2011:Folowed by reuters registration in 2022.
- Created Date: March 6, 2008 00:00:00 UTC
- Updated Date: March 7, 2011 00:00:00 UTC
- Expires Date: March 6, 2014 00:00:00 UTC
- Registrant Name: domainsbyproxy.com.
- Registrant Organization: Domains by Proxy, Inc.
- Registrant Street: 15111 N. Hayden Rd., Ste 160,
- Registrant City: Scottsdale
- Registrant State/Province: Arizona
- Registrant Postal Code: 85260
- Registrant Country: UNITED STATES
- Name servers: NS29.WORLDNIC.COM|NS30.WORLDNIC.COM
whoisrequest.com/history/ mentions:
- 1 Apr, 2008: Domain created*, nameservers added. Nameservers:
- ns1.webhostingpad.com
- ns2.webhostingpad.com
whoisxmlapi WHOIS history March 23, 2011:
- Created Date: April 9, 2007 00:00:00 UTC
- Updated Date: March 2, 2011 00:00:00 UTC
- Expires Date: April 9, 2011 00:00:00 UTC
- Registrant Name: domainsbyproxy.com
- Name servers: dns1.registrar-servers.com|dns2.registrar-servers.com
whoisrequest.com/history/ mentions:
1 May, 2007: Domain created*, nameservers added. Nameservers:
1 May, 2007: Domain created*, nameservers added. Nameservers:
- ns1.qwknetllc.com
- ns2.qwknetllc.com
whoisxmlapi WHOIS history March 22, 2011:
- Registrar Name: NETWORK SOLUTIONS, LLC.
- Created Date: January 26, 2010 00:00:00 UTC
- Updated Date: November 27, 2010 00:00:00 UTC
- Expires Date: January 26, 2012 00:00:00 UTC
- Registrant Name: Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions
- Registrant Street: PO Box 459
- Registrant City: PA
- Registrant State/Province: US
- Registrant Postal Code: 18222
- Registrant Country: UNITED STATES
- Administrative Name: Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions
- Administrative Street: PO Box 459
- Administrative City: Drums
- Administrative State/Province: PA
- Administrative Postal Code: 18222
- Administrative Country: UNITED STATES
- Administrative Email: xc2mv7ur8cw@networksolutionsprivateregistration.com
- Administrative Phone: 5707088780
- Name servers: NS23.DOMAINCONTROL.COM|NS24.DOMAINCONTROL.COM
whoisxmlapi WHOIS record on April 28, 2011
- Registrar Name: GODADDY.COM, INC
- Created Date: February 9, 2010 00:00:00 UTC
- Updated Date: February 9, 2010 00:00:00 UTC
- Expires Date: February 9, 2015 00:00:00 UTC
- Registrant Name: domainsbyproxy.com
- Name servers: NS55.DOMAINCONTROL.COM|NS56.DOMAINCONTROL.COM
whoisxmlapi WHOIS record on September 13, 2011
- Registrar Name: NETWORK SOLUTIONS, LLC
- Created Date: February 17, 2010 00:00:00 UTC
- Updated Date: February 17, 2010 00:00:00 UTC
- Expires Date: February 17, 2015 00:00:00 UTC
- Registrant Name: See, Megan|ATTN NOTICIASMUSICA.NET|care of Network Solutions
- Registrant Street: PO Box 459
- Registrant City: PA
- Registrant State/Province: US
- Registrant Postal Code: 18222
- Registrant Country: UNITED STATES
- Administrative Contact
- Administrative Name: See, Megan|ATTN NOTICIASMUSICA.NET|care of Network Solutions
- Administrative Street: PO Box 459
- Administrative City: Drums
- Administrative State/Province: PA
- Administrative Postal Code: 18222
- Administrative Country: UNITED STATES
- Administrative Email: hf3eg77c4nn@networksolutionsprivateregistration.com
- Administrative Phone: 5707088780
- Name Servers: NS45.WORLDNIC.COM|NS46.WORLDNIC.COM
2012:
- Registrant Country: PANAMA
whoisxmlapi WHOIS record on April 17, 2011
- Created Date: April 9, 2010 00:00:00 UTC
- Updated Date: April 9, 2010 00:00:00 UTC
- Expires Date: April 9, 2012 00:00:00 UTC
- Registrant Name: domainsbyproxy.com
- Name servers: NS33.DOMAINCONTROL.COM|NS34.DOMAINCONTROL.COM
Articles by others on the same topic
There are currently no matching articles.