Summary: this is just a red herring. Wakatime owner likely registered the domains just after this article was published as a publicity stunt. Fair play though.
As raised at: news.ycombinator.com/item?id=36280666, many, but not all, of the domains currently redirect to wakatime.com/ as of 2023, and apparently they were taken up in 2013 (TODO how to confirm that). TODO what is the explanation for that? Some examples that do:But some failed resolution examples:Even more suspiciously, according to his LinkedIn: www.linkedin.com/in/alanhamlett/, the owner of Wakatime, Alan Hamlett, worked at WhiteHat Security, Inc from Aug 2011 - Sep 2013. The company was then acquired by Synopsys in 2022. Holy crap!!! As shown at: web.archive.org/web/20131013193406/https://www.whitehatsec.com/ that company made website security tools. Did that dude use the tools to find the vulnerabilty and then just gobble up all the domains??? What a fucking legend if he did!!!
Let's try:
Running e.g.
gives:
so we see that he must have setup redirection with Namecheap as mentioned at: www.namecheap.com/support/knowledgebase/article.aspx/385/2237/how-to-redirect-a-url-for-a-domain/
curl -vvv dedrickonline.com
* Trying 162.255.119.197:80...
* Connected to dedrickonline.com (162.255.119.197) port 80 (#0)
> GET / HTTP/1.1
> Host: dedrickonline.com
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 12 Jun 2023 20:30:19 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 55
< Connection: keep-alive
< Location: https://wakatime.com
< X-Served-By: Namecheap URL Forward
< Server: namecheap-nginx
<
<a href='https://wakatime.com'>Moved Permanently</a>.
* Connection #0 to host dedrickonline.com left intact
Let's also try DNS history
- whoisrequest.com/history/:
- dedrickonline.com: registered: 1 Nov, 2010, dropped: 24 Nov, 2013
- activegaminginfo.com : registered: 1 Feb, 2010, dropped: 1 Apr, 2012
- tools.whoisxmlapi.com/whois-history-search
- dedrickonline.com:
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
- Created Date: October 27, 2010 00:00:00 UTC
- Updated Date: October 28, 2013 00:00:00 UTC
- Expires Date: October 27, 2014 00:00:00 UTC
- Alan (namecheap):
- Created Date: June 11, 2023 09:59:25 UTC
- Expires Date: June 11, 2024 09:59:25 UTC
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
- activegaminginfo.com:
- CIA (Network Solutions, registrant name: LLC. Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions)
- Created Date: January 26, 2010 00:00:00 UTC
- Updated Date: November 27, 2010 00:00:00 UTC
- Expires Date: January 26, 2012 00:00:00 UTC
- Alan:
- Created Date: June 11, 2023 09:59:40 UTC
- Expires Date: June 11, 2024 09:59:40 UTC
- CIA (Network Solutions, registrant name: LLC. Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions)
- iraniangoalkicks.com:
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
- Created Date: April 9, 2007 00:00:00 UTC
- Updated Date: March 2, 2011 00:00:00 UTC
- Expires Date: April 9, 2011 00:00:00 UTC
- Alan:
- Created Date: June 11, 2023 09:59:20 UTC
- Expires Date: June 11, 2024 09:59:20 UTC
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
- iraniangoals.com:
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com):
- Created Date: March 6, 2008 00:00:00 UTC
- Updated Date: March 7, 2011 00:00:00 UTC
- Expires Date: March 6, 2014 00:00:00 UTC
- Reuters:
- Created Date: September 29, 2022 11:16:09 UTC
- Updated Date: September 29, 2022 11:16:09 UTC
- Expires Date: September 29, 2023 11:16:09 UTC
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com):
- dedrickonline.com:
So these suggest Alan might have just come along in 2023 way after the 2022 Reuters article and did the same basic IP range search that Ciro is doing now, so possibly no new tech. Let's ask... twitter.com/cirosantilli/status/1668369786865164289
The domain name history presented is however of interest, and could lead to patterns being found.
Searching tools.whoisxmlapi.com/reverse-whois-search with term "Corral, Elizabeth" gave no results unfortunately.
Basic search under tools.whoisxmlapi.com/reverse-whois-search for "Corral" also empty. They can't see their own data? Ah, need advanced. Marked "Historic" and selected "Corral, Elizabeth", ony one hit, activegaminginfo.com.
Some dumps from us looking for patterns, but could not find any.
whoisxmlapi WHOIS history April 11, 2011:Folowed by reuters registration in 2022.
- Created Date: March 6, 2008 00:00:00 UTC
- Updated Date: March 7, 2011 00:00:00 UTC
- Expires Date: March 6, 2014 00:00:00 UTC
- Registrant Name: domainsbyproxy.com.
- Registrant Organization: Domains by Proxy, Inc.
- Registrant Street: 15111 N. Hayden Rd., Ste 160,
- Registrant City: Scottsdale
- Registrant State/Province: Arizona
- Registrant Postal Code: 85260
- Registrant Country: UNITED STATES
- Name servers: NS29.WORLDNIC.COM|NS30.WORLDNIC.COM
whoisrequest.com/history/ mentions:
- 1 Apr, 2008: Domain created*, nameservers added. Nameservers:
- ns1.webhostingpad.com
- ns2.webhostingpad.com
whoisxmlapi WHOIS history March 23, 2011:
- Created Date: April 9, 2007 00:00:00 UTC
- Updated Date: March 2, 2011 00:00:00 UTC
- Expires Date: April 9, 2011 00:00:00 UTC
- Registrant Name: domainsbyproxy.com
- Name servers: dns1.registrar-servers.com|dns2.registrar-servers.com
whoisrequest.com/history/ mentions:
1 May, 2007: Domain created*, nameservers added. Nameservers:
- ns1.qwknetllc.com
- ns2.qwknetllc.com
whoisxmlapi WHOIS history March 22, 2011:
- Registrar Name: NETWORK SOLUTIONS, LLC.
- Created Date: January 26, 2010 00:00:00 UTC
- Updated Date: November 27, 2010 00:00:00 UTC
- Expires Date: January 26, 2012 00:00:00 UTC
- Registrant Name: Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions
- Registrant Street: PO Box 459
- Registrant City: PA
- Registrant State/Province: US
- Registrant Postal Code: 18222
- Registrant Country: UNITED STATES
- Administrative Name: Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions
- Administrative Street: PO Box 459
- Administrative City: Drums
- Administrative State/Province: PA
- Administrative Postal Code: 18222
- Administrative Country: UNITED STATES
- Administrative Email: xc2mv7ur8cw@networksolutionsprivateregistration.com
- Administrative Phone: 5707088780
- Name servers: NS23.DOMAINCONTROL.COM|NS24.DOMAINCONTROL.COM
whoisxmlapi WHOIS record on April 28, 2011
- Registrar Name: GODADDY.COM, INC
- Created Date: February 9, 2010 00:00:00 UTC
- Updated Date: February 9, 2010 00:00:00 UTC
- Expires Date: February 9, 2015 00:00:00 UTC
- Registrant Name: domainsbyproxy.com
- Name servers: NS55.DOMAINCONTROL.COM|NS56.DOMAINCONTROL.COM
whoisxmlapi WHOIS record on September 13, 2011
- Registrar Name: NETWORK SOLUTIONS, LLC
- Created Date: February 17, 2010 00:00:00 UTC
- Updated Date: February 17, 2010 00:00:00 UTC
- Expires Date: February 17, 2015 00:00:00 UTC
- Registrant Name: See, Megan|ATTN NOTICIASMUSICA.NET|care of Network Solutions
- Registrant Street: PO Box 459
- Registrant City: PA
- Registrant State/Province: US
- Registrant Postal Code: 18222
- Registrant Country: UNITED STATES
- Administrative Contact
- Administrative Name: See, Megan|ATTN NOTICIASMUSICA.NET|care of Network Solutions
- Administrative Street: PO Box 459
- Administrative City: Drums
- Administrative State/Province: PA
- Administrative Postal Code: 18222
- Administrative Country: UNITED STATES
- Administrative Email: hf3eg77c4nn@networksolutionsprivateregistration.com
- Administrative Phone: 5707088780
- Name Servers: NS45.WORLDNIC.COM|NS46.WORLDNIC.COM
2012:
- Registrant Country: PANAMA
whoisxmlapi WHOIS record on April 17, 2011
- Created Date: April 9, 2010 00:00:00 UTC
- Updated Date: April 9, 2010 00:00:00 UTC
- Expires Date: April 9, 2012 00:00:00 UTC
- Registrant Name: domainsbyproxy.com
- Name servers: NS33.DOMAINCONTROL.COM|NS34.DOMAINCONTROL.COM
Articles by others on the same topic
There are currently no matching articles.