Source: cirosantilli/cia-2010-covert-communication-websites/ip-range-search

= IP range search

One promising way to find more of those would be with <IP> searches, since it was stated in the <Reuters article> that the <CIA> made the terrible mistake of using several contiguous IP blocks for those website. What a phenomenal <OPSEC> failure!!!

The easiest way would be if <Wayback Machine> itself had an IP search function, but we couldn't find one: <Search Wayback Machine by IP>.

https://viewdns.info was the first easily accessible website that <Ciro Santilli> could find that contained such information.

Our current results indicate that the typical IP range is about 30 IPs wide.

E.g. searching: https://viewdns.info/iphistory[] and considering only hits from 2011 or earlier we obtain:
* capture-nature.com
  * 65.61.127.163 - Greenacres - United States - TierPoint - 2013-10-19
* activegaminginfo.com
  * 66.175.106.148 - United States - Verizon Business - 2012-03-03
* iraniangoals.com
  * 68.178.232.100 - United States - GoDaddy.com - 2011-11-13
  * 69.65.33.21 - Flushing - United States - GigeNET - 2011-09-08
* rastadirect.net
  * 68.178.232.100 - United States - GoDaddy.com - 2011-05-02
* iraniangoalkicks.com
  * 68.178.232.100 - United States - GoDaddy.com - 2011-04-04
* headlines2day.com
  * 118.139.174.1 - Singapore - Web Hosting Service - 2013-06-30. Source: viewdns.info
  * 184.168.221.91 2013-08-12T06:17:39. Source: <2013 DNS Census> grep
* fightwithoutrules.com
  * 204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26
  * 208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20
  * 212.4.17.38 - Milan - Italy - MCI Worldcom Italy Spa - 2012-03-03
* fitness-dawg.com
  * 219.90.62.243 - Taiwan - Verizon Taiwan Co. Limited - 2012-01-11

Neither of these seem to be in the same ranges, the only common nearby hit amongst these ranges is the exact `68.178.232.100`, and doing reverse IP search at https://viewdns.info/reverseip/?host=68.178.232.100&t=1 states that it has 2.5 million hostnames associated to it, so it must be some kind of https://en.wikipedia.org/wiki/Shared_web_hosting_service[Shared web hosting service], see also: https://superuser.com/questions/577070/is-it-possible-for-many-domain-names-to-share-one-ip-address[], which makes search hard.

Ciro then tried some of the other IPs, and soon hit gold.

Initially, Ciro started by doing manual queries to viewdns.info/reversip until his IP was blocked. Then he created an account and used his 250 free queries with the following helper script: \a[cia-2010-covert-communication-websites/viewdns-info.sh]. The output of that script can be seen at: https://github.com/cirosantilli/media/blob/master/cia-2010-covert-communication-websites/viewdns-info.sh[].

Ciro then found <2013 DNS Census> which contained data highly disjoint form the viewdns-info one!

Summaries of the IP range exploration done so far follows, combined data from all databases above.

Back to article page