IP and DNS metadata

ID: cia-2010-covert-communication-websites/ip-and-dns-metadata

CIA 2010 covert communication websites / IP and DNS metadata by Ciro Santilli 36 Updated +Created
Some dumps from us looking for patterns, but could not find any.
Sources of whois history include:
The vast majority of domains seem to be registered either via domainsbyproxy.com which likely intgrates with Godaddy and is widely used, and seems to give zero infromation at all about the registrar.
A much smaller number however uses other methods, some of which sometimes leak a little bit of data:
Big question: webmasters.stackexchange.com/questions/13237/how-do-you-view-domain-whois-history DomainTools also has it.
How on Earth did did Citizen Labs find what seems to be a DNS fingerprint??? Are there simply some very rare badly registered domains? What did they see!

New to topics? Read the docs here!