Ciro Santilli @cirosantilli 35

 Articles  Discussions  Comments  Follows  Received likes

 New  Updated  Top  Announced  A-Z  Liked  Followed

s-orbital  Updated 2025-04-24  +Created 1970-01-01

CIA 2010 covert communication websites / Common Crawl  Updated 2025-04-24  +Created 1970-01-01

So far, no new domains have been found with Common Crawl, nor have any existing known domains been found to be present in Common Crawl. Our working theory is that Common Crawl never reached the domains How did Alexa find the domains?

Let's try and do something with Common Crawl.

Unfortunately there's no IP data apparently: github.com/commoncrawl/cc-index-table/issues/30, so let's focus on the URLs.

Using their Common Crawl Athena method: commoncrawl.org/2018/03/index-to-warc-files-and-urls-in-columnar-format/

Hello world:

select * from "ccindex"."ccindex" limit 100;

Data scanned: 11.75 MB

Sample first output line:

#                            2
url_surtkey                  org,whwheelers)/robots.txt
url                          https://whwheelers.org/robots.txt
url_host_name                whwheelers.org
url_host_tld                 org
url_host_2nd_last_part       whwheelers
url_host_3rd_last_part
url_host_4th_last_part
url_host_5th_last_part
url_host_registry_suffix     org
url_host_registered_domain   whwheelers.org
url_host_private_suffix      org
url_host_private_domain      whwheelers.org
url_host_name_reversed
url_protocol                 https
url_port
url_path                     /robots.txt
url_query
fetch_time                   2021-06-22 16:36:50.000
fetch_status                 301
fetch_redirect               https://www.whwheelers.org/robots.txt
content_digest               3I42H3S6NNFQ2MSVX7XZKYAYSCX5QBYJ
content_mime_type            text/html
content_mime_detected        text/html
content_charset
content_languages
content_truncated
warc_filename                crawl-data/CC-MAIN-2021-25/segments/1623488519183.85/robotstxt/CC-MAIN-20210622155328-20210622185328-00312.warc.gz
warc_record_offset           1854030
warc_record_length           639
warc_segment                 1623488519183.85
crawl                        CC-MAIN-2021-25
subset                       robotstxt

So url_host_3rd_last_part might be a winner for CGI comms fingerprinting!

Naive one for one index:

select * from "ccindex"."ccindex" where url_host_registered_domain = 'conquermstoday.com' limit 100;

have no results... data scanned: 5.73 GB

Let's see if they have any of the domain hits. Let's also restrict by date to try and reduce the data scanned:

select * from "ccindex"."ccindex" where
  fetch_time < TIMESTAMP '2014-01-01 00:00:00' AND
  url_host_registered_domain IN (
   'activegaminginfo.com',
   'altworldnews.com',
   ...
   'topbillingsite.com',
   'worldwildlifeadventure.com'
 )

Humm, data scanned: 60.59 GB and no hits... weird.

Sanity check:

select * from "ccindex"."ccindex" WHERE
  crawl = 'CC-MAIN-2013-20' AND
  subset = 'warc' AND
  url_host_registered_domain IN (
   'google.com',
   'amazon.com'
 )

has a bunch of hits of course. Data scanned: 212.88 MB, WHERE crawl and subset are a must! Should have read the article first.

Let's widen a bit more:

select * from "ccindex"."ccindex" WHERE
  crawl IN (
    'CC-MAIN-2013-20',
    'CC-MAIN-2013-48',
    'CC-MAIN-2014-10'
  ) AND
  subset = 'warc' AND
  url_host_registered_domain IN (
    'activegaminginfo.com',
    'altworldnews.com',
    ...
    'worldnewsandent.com',
    'worldwildlifeadventure.com'
 )

Still nothing found... they don't seem to have any of the URLs of interest?

 Read the full article

CIA 2010 covert communication websites / ipinf.ru  Updated 2025-04-24  +Created 1970-01-01

 View more

ipinf.ru

OK, Oleg Shakirov's findings inspired Ciro Santilli to try Yandexing a bit more...

alljohnny.com had a hit: ipinf.ru/domains/alljohnny.com/, and so Ciro started looking around... and a good number of other things have hits.

Not all of them, definitely less data than viewdns.info.

But they do reverse IP, and they show which nearby reverse IPs have hits on the same page, for free, which is great!

Shame their ordering is purely alphabetical, doesn't properly order the IPs so it is a bit of a pain, but we can handle it.

OMG, Russians!!!

The data here had a little bit of non-overlap from other sources. 4 new confirmed hits were found, plus 4 possible others that were left as candidates.

 Read the full article

CIA 2010 covert communication websites / Non Reuters ranges  Updated 2025-04-24  +Created 1970-01-01

 Read the full article

CIA 2010 covert communication websites / securitytrails.com  Updated 2025-04-24  +Created 1970-01-01

 View more

They appear to piece together data from various sources. This is the most complete historical domain -> IP database we have so far. They don't have hugely more data than viewdns.info, but many times do offer something new. It feels like the key difference is that their data goes further back in the critical time period a bit.

TODO do they have historical reverse IP? The fact that they don't seem to have it suggests that they are just making historical reverse IP requests to a third party via some API?

E.g. searching thefilmcentre.com under historical data at securitytrails.com/domain/thefilmcentre.com/history/al gives the correct IP 62.22.60.55.

But searching the IP 62.22.60.55 is empty and there's no historical data option?

Account creation blacklists common email providers such as gmail to force users to use a "corporate" email address. But using random domains like ciro@cirosantilli.com works fine.

Their data seems to date back to 2008 for our searches.

 Read the full article

CIA 2010 covert communication websites / tb0hdan/domains  Updated 2025-04-24  +Created 1970-01-01

 View more

Domain list only, no IPs and no dates. We haven't been able to extract anything of interest from this source so far.

Domain hit count when we were at 69 hits: only 9, some of which had been since reused. Likely their data collection did not cover the dates of interest.

 Read the full article

ROCm  Updated 2025-04-24  +Created 1970-01-01

 View more

Official hello world: github.com/ROCm/HIP-Examples/blob/ff8123937c8851d86b1edfbad9f032462c48aa05/HIP-Examples-Applications/HelloWorld/HelloWorld.cpp

 Read the full article

CIA 2010 covert communication websites / atomworldnews.com  Updated 2025-04-24  +Created 1970-01-01

 View more

whoisxmlapi WHOIS record on April 17, 2011

Created Date: April 9, 2010 00:00:00 UTC
Updated Date: April 9, 2010 00:00:00 UTC
Expires Date: April 9, 2012 00:00:00 UTC
Registrant Name: domainsbyproxy.com
Name servers: NS33.DOMAINCONTROL.COM|NS34.DOMAINCONTROL.COM

 Read the full article

CIA 2010 covert communication websites / Hits with nearby IP hits  Updated 2025-04-24  +Created 1970-01-01

 View more

62.22.60.49: telecom-headlines.com. UUNET in Spain. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just before worldnewsnetworking.com. Tested viewdns.info range: 62.22.60.34 - 62.22.60.66

62.22.60.33: newsperk.com. Almost certainly a hit. Stylistically perfect, rss-item. But no comms not found. Ennerving! 2011. English. Egypt. news. Later legitimately reused.
62.22.60.34: freeslideshow.net. Legit? Attempting to open any HTML archives leads to an infinite page load loop, e.g. 2010. A subpage however exists: web.archive.org/web/20101230001640/http://freeslideshow.net/index_files/a.htm and appears legit.
62.22.60.40: travel-passage.com. Hit.
62.22.60.42: newsupdatesite.com. Hit.
62.22.60.46: flyingtimeline.com. Hit.
62.22.60.47: globalemergenceadvisorsbkserver.com. Legit.
62.22.60.48: currentcommunique.com. Hit.
62.22.60.49: telecom-headlines.com. Hit.
62.22.60.52: collectedmedias.com. Hit.
62.22.60.54: romulusactualites.com. Hit.
62.22.60.55: thefilmcentre.com. Hit.
62.22.60.56: traveltimenews.com. Hit.

62.22.61.206 worldnewsnetworking.com. UUNET in Spain. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 62.22.61.188 - 62.22.61.224

62.22.61.193: awfaoi.org. Hit.
62.22.61.197: rc5sports.com. Hit.
62.22.61.198: inside-vc.com. Hit.
62.22.61.200: zerosandonesnews.com. Hit.
62.22.61.202: bailsnboots.com. Hit.
62.22.61.203: the-cricketer-online.com. Hit.
62.22.61.204: hollywoodscreen.net. Hit.
62.22.61.206: worldnewsnetworking.com. Hit.
62.22.61.212: nuestrasfinanzas.com. Hit.
62.22.61.213: sandstormnews.com. Hit.
62.22.61.215: the-tech-mind.com. Hit.
62.22.61.217: court-masters.com. Hit.
62.22.61.219: allworldstatistics.com. Hit.
62.22.61.220: newsjaka.com. Hit.
62.22.61.221: biochemresource.com. Archive broken/empty. One archive: contains an epically long URL that might shed light into something: web.archive.org/web/20120529121245/http://www.biochemresource.com/?fp=iboHtuxnjLG66y52DkK1xCFuZDBnVC8wovQepLt2Tk%2Bo1JIgIdVb6WL8kv6sSOEtxwcq4EbiJ0GxFY9N6HSWlg%3D%3D&prvtof=97vgfKVqt1Sd68qgNDPXB0o7Rwo%2FO3GKiiMG7fane6A%3D&poru=Zd9DHFaHFZ6ZrRLm8SW3egagqvdpzHhWb%2FoulRGeEYIUSVATB5gwTIDhluetONjG7xovtb%2FrvDStoqiAF1O8wA%3D%3D&. Asked at: stackoverflow.com/questions/47310661/any-idea-what-are-fp-prvtof-poru-in-a-url but no reply so far. One day my friend, one day. cqcounter.com/whois/www/biochemresource.com.html not found.
62.22.61.222: www.news-blitz-ar.com (ipinf.ru). No archives. Perfect domain name theme match. cqcounter.com/whois/www/news-blitz-ar.com.html not found.

65.218.91.17 alljohnny.com. UUNET in United States. One of the Reuters websites.

208.91.197.132: rdns source: viewdns.info. Big virtual.
65.218.91.17: rdns source? : viewdns.info. Tested viewdns.info range: 65.218.91.13 - 65.218.91. 17
- 65.218.91.9: welcometonyc.net. Hit. rdns source: ipinf.ru. Later also at 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-10-21 by viewdns.info
  - rolling-in-rapids.com. Hit.
- 65.218.91.17
  - international-smallbusiness.com. Stylitsic match, but some uncommon features like the country seelctor dropdown.
    Archives:
    web.archive.org/web/20110202031627/http://international-smallbusiness.com/
    web.archive.org/web/20120114080103/http://www.international-smallbusiness.com:80/sa.html
    web.archive.org/web/20110202031657/http://international-smallbusiness.com/style.css
    Also a potential unarchived CGI comms: web.archive.org/web/20110202031627/https://ssl.international-smallbusiness.com/cgi-bin/starting.cgi Perhaps with some better HTML reversing we could confirm a hit. Same registrar as alljohnny "L. Glaze" fuck me.
    208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-10-19. Big virtual.
    65.218.91.17 United States UUNET 2013-09-06
216.168.229.50: whoisxmlapi 2008-09-01 (15 years) 2010-04-17. Checked viewdns.info range: 216.168.229.45 - 216.168.229.55. viewdns.info/reverseip/?t=1&host=216.168.229.50 3k domains.

63.131.229.12 cyberreportagenews.com. ADHOST in Coeur d'Alene - United States. Tested viewdns.info range: 63.131.228.248 - 63.131.229.30

63.131.229.2: fightskillsresource.com. Hit
63.131.229.4: unitedterritorynews.com. Hit
63.131.229.9: show-dustry.com. Hit
63.131.229.10: afghanpoetry.net. Hit. Also at 74.254.12.166 in another range.
63.131.229.11: mythriftytrip.com. Hit
63.131.229.12: cyberreportagenews.com. Hit.
63.131.229.13: sunrise-news.com. Hit.
63.131.229.15: cricketnewsforindia.com. Hit.
63.131.229.16:
- nutricion-saludable.info. No archives. cqcounter.com/whois/www/nutricion-saludable.info.html has the exact same screenshot at the .net one, so also hit.
- nutricion-saludable.net. Hit.
63.131.229.18: itnl-xchange.com. Hit.
63.131.229.20:
- fixashion.net. Hit.
- a few others

63.130.160.50 theglobalheadlines.com. CW Vodafone Group PLC in United States. Found with: 2013 DNS census secureserver.net MX records intersection 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 63.130.160.35 - 63.130.160.75

63.130.160.50: theglobalheadlines.com. Hit.
63.130.160.51:
- hai-pow.com. Hit.
- secudenetworksecurity.com. No archives. cqcounter.com/whois/www/secudenetworksecurity.com.html blank image.
63.130.160.53: echessnews.com. Hit.
63.130.160.59: technologiewissen.com. No archives from the time. Would be Technology knowledge in German, so another likely German hit. Shame. cqcounter.com/whois/www/technologiewissen.com.html empty
63.130.160.60: boxingstop.net. Hit.
63.130.160.61: bookmarksthis.com. Hit.
63.130.160.62: azerinews.org. Hit.

64.16.204.55 holein1news.com. Saudi Telecom Company JSC in Saudi Arabia. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 64.16.204.50 - 64.16.204.63. With did Wayback Machine have so few archives here? TODO stopping viewdns.info exploration a bit short due to that.

64.16.204.35: ironcityfootball.com. web.archive.org/web/20080510230549/ironcityfootball.com Legit/broke. cqcounter.com/whois/www/ironcityfootball.com.html from 2011 could be in style though... "Iron City" is a historical nickname for Pittsburgh, Pennsylvania.
64.16.204.51: africannewsandsports.com. No archives. rdns source: viewdns.info. cqcounter.com/whois/www/africannewsandsports.com.html not found.
64.16.204.53: bosniakbusinessnews.com. Hit.
64.16.204.54: affairesdumonde.com. Hit.
64.16.204.55: holein1news.com. Hit.
64.16.204.56: fightorgohome.com. Uncertain. domainsbyproxy.com. Created: 2011-03-28. No archives. rdns source: viewdns.info cqcounter.com/whois/www/fightorgohome.com.html from 2011 not very typical but possible. Has a "Login" link visible for possible comms. The domain name is typical...
64.16.204.58: tech-topix.com. Hit.
64.16.204.60: pakpoldaily.com. No archives. rdns source: viewdns.info. TODO meaning? Might be Indonesian, maybe linked to police: www.facebook.com/watch/?v=880204266271955 cqcounter.com/whois/www/pakpoldaily.com.html not found.

65.61.127.163 capture-nature.com. ADHOST in Greenacres - United States. whois.arin.net/rest/net/NET-65-61-96-0-1/pft?s=65.61.127.163: Net Range: 65.61.96.0 - 65.61.127.255. Organization. Name: TierPoint, LLC. Tested viewdns.info range: 65.61.127.149 -

65.61.127.46: anahuacchamber.com 2012-12-22T14:59:01
65.61.127.117: medicaresupplementalinsurance.com, 2013-08-21T09:49:41. Legit.
65.61.127.121: counter-images.com 2013-08-22T11:14:44: web.archive.org/web/20110208173132/http://www.counter-images.com/ Empty.
65.61.127.125 zaphound.com 2013-08-21T02:25:40. Legit.
65.61.127.130: ambitions.org 2013-08-22T01:43:40. Legit.
65.61.127.161: european-footballer.com. Hit.
65.61.127.163: capture-nature.com. Hit.
65.61.127.164: futbolistico.net. 2012-02-20T03:25:33. Legit. web.archive.org/web/20130509004058/http://futbolistico.net/
65.61.127.165: travelconnectionsonline.com. Ciro initially though this might be a hit. But upon Googling it, there's now a mirror at: travelconn.tripod.com/. Combined with the lack of a standard communications mechanism and the 2001 copyright, maybe it isn't a hit after all
65.61.127.166: globalnewsbulletin.com: Hit.
65.61.127.167: internationalwhiskylounge.com. Hit.
65.61.127.168: the-golden-rule.info 2013-09-20T02:13:52. Hit.
65.61.127.169: crossovernews.net. Hit.
65.61.127.170: newsidori.com. Hit.
65.61.127.171: nrgconsultingandnews.com. Hit. 2013-08-13T18:45:05
65.61.127.172: premierstriker.com. Hit. 2012-01-11
65.61.127.174: dedrickonline.com. Hit.
65.61.127.175: altworldnews.com. Hit.
65.61.127.176: american-historyonline.com. Hit. 2011-09-08
65.61.127.177: material-science.org. Hit.
65.61.127.178: tee-shot.net. Hit.
65.61.127.180: screencentral.info. Hit.
65.61.127.181: worldnewsandtravel.com. Hit. 2011-11-13
65.61.127.182: pangawana.com. Hit.
65.61.127.183: cutabovenews.com. Hit.
65.61.127.184: worldwildlifeadventure.com. Hit.
65.61.127.186: explorealtmeds.com. Hit.
65.61.127.194: 16 domains, so unclear.
- about-video-games.com: web.archive.org/web/20121013013710/http://about-video-games.com/ off
- aboutfaceonline.com: web.archive.org/web/20120701000000*/aboutfaceonline.com off
65.61.127.200: cdl-link.com (ipinf.ru). Legit.
65.61.127.222: asianwhitecoffee.com 2012-07-16T09:21:05 web.archive.org/web/20110903080036/http://asianwhitecoffee.com/. Could be legit.

66.45.179.205 noticiasporjanua.com. ADHOST in Edmonds - United States. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 66.45.179.187 - 66.45.179.223

66.45.179.187: mail03.gatesfoundation.org. Legit.
66.45.179.192: thegraceofislam.com. Hit.
66.45.179.193: arabicnewsunfiltered.com. Hit.
66.45.179.194: raulsonsglobalnews.com. Hit.
66.45.179.195: aryannews.net. Hit.
66.45.179.199: attivitaestremi.com. Hit.
66.45.179.200: foodwineandsuch.com. Hit.
66.45.179.201: hitthepavementnow.com. Hit.
66.45.179.203: noticiascontinental.com. Hit.
66.45.179.205: noticiasporjanua.com. Hit.
66.45.179.206: podisticamondiale.com. Hit.
66.45.179.207: reflectordenoticias.com. Hit.
66.45.179.208: havenofgamerz.com. Hit.
66.45.179.209: vejaaeuropa.com. Hit.
66.45.179.210: sa-michigan.com. Hit.
66.45.179.211: absolutebearing.net. Hit.
66.45.179.212: grandretirement.net. No archives. cqcounter.com/whois/www/grandretirement.net.html blank image.
66.45.179.213: myportaltonews.com. Hit.
66.45.179.214: investmentintellect.com. Hit.
66.45.179.215: nigeriastar.net 2012-03-12. Hit.

66.104.169.184 bcenews.com. XO-AS15 in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.169.158 - 66.104.169.189

66.104.169.162: bestsportsnews.net. Archive broken. cqcounter.com/whois/www/bestsportsnews.net.html error not found.
66.104.169.163: doctorsoncallsite.com. Hit. domainsbyproxy.com
66.104.169.164: lightandshadowonline.com. Hit. domainsbyproxy.com. Created: 2007-11-27. Updated: 2012-06-06.
66.104.169.168: plugged-into-news.net. Hit. Network Solutions, LLC. Registrant: Godfrey Hubbard.
66.104.169.169: worldsportsite.com. Hit. domainsbyproxy.com. Created: 2009-05-20.
66.104.169.171: golf-on-holiday.com. Hit. Network Solutions, LLC. Registrant: Tammy Pulley.
66.104.169.172: perspectiva-noticias.com. Hit. domainsbyproxy.com. Created: 2009-04-28.
66.104.169.175: aquaswimming.com. Hit. domainsbyproxy.com
66.104.169.177: dojo-temple.com. Hit. domainsbyproxy.com
66.104.169.179: neighbour-news.com. Hit. domainsbyproxy.com
66.104.169.180: medicatechinfo.com. Hit. Network Solutions, LLC. Registrant: Jason Noll.
- 205.178.189.131: securitytrails.com 2009-06-25 - 2009-07-02 Network Solutions, LLC., "ip_count": 726755. Moved to new one 2009-07-02 - 2010-11-03
66.104.169.181: brickmanfinancialnews.com. Hit. domainsbyproxy.com
66.104.169.182: casanewsnow.com. Hit. domainsbyproxy.com
66.104.169.183: aworldofnews.com. No archives. cqcounter.com/whois/www/aworldofnews.com.html blank image
66.104.169.184: bcenews.com. Hit.
66.104.169.197: teamshula.com. Legit.

66.104.173.186 myworldlymusic.com. XO-AS15 in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.173.158 - 66.104.173.194

66.104.173.161: fanatic-pc-gamers.com. domainsbyproxy.com. 2013: Welcome to the US Petabox. cqcounter.com/whois/www/fanatic-pc-gamers.com.html somewhat in-style with large "Login to our Members Forum" message and copyright 2005.
66.104.173.163: runakonews.com. Hit.
66.104.173.164: shoppingadventure.net. Hit.
66.104.173.165: entertaining-ly.com. Hit. Network Solutions, LLC for Matthew Sorrell. tools.whoisxmlapi.com/reverse-whois-search hits:
- premier-fishing-tips.com. Legit with photos and mention of Matthew Sorrell: web.archive.org/web/20110129024453/http://www.premier-fishing-tips.com/ Still live as of 2025.
  Sincerely,
  Matthew Sorrell
  Webmaster, Premier-Fishing-Tips.com
- entertaining-ly.com
66.104.173.166: zubeenews.com. Hit. domainsbyproxy.com
66.104.173.169: smart-financeology.com. Hit. domainsbyproxy.com
66.104.173.173: remarkably has two potential hits, both shown in viewdns.info, and one of them was also in the 2013 DNS Census.
- worldfeedstoday.com. Hit. Network Solutions, LLC + Perfect Privacy LLC.
- world-newsfeeds.com. No archives. cqcounter.com/whois/www/world-newsfeeds.com.html blank image.
66.104.173.175: media-coverage-now.com. Hit. domainsbyproxy.com
66.104.173.176: jbc-online-news.com. Hit. domainsbyproxy.com
66.104.173.177: webscooper.com. Hit.
66.104.173.178: dk-dcinvestment.com. Hit. domainsbyproxy.com
66.104.173.179: newsforthetech.com. Hit. domainsbyproxy.com
66.104.173.180: stara-turistick.com. Hit. domainsbyproxy.com
66.104.173.181: playbackpolitics.com. Hit. domainsbyproxy.com
66.104.173.182: snapnewsfront.net. Hit. domainsbyproxy.com
66.104.173.183: ingenuitytrendz.com. Hit. domainsbyproxy.com
66.104.173.184: armashoy.com. Hit. domainsbyproxy.com
66.104.173.185: baocontact.com. Hit. Godaddy for a "Denise Welch":
```
"name": "Denise Welch",
"organization": null,
"street": "Box 288",
"city": "Macdona",
"state": "Texas",
"postalCode": "78054",
"country": "UNITED STATES",
```
tools.whoisxmlapi.com/reverse-whois-search has 151 results, some inspections:
- web.archive.org/web/20160610031345/http://socialmediamagazine.biz/ legit Denise Welch, President
- web.archive.org/web/20211126033925/http://allofmywishes.com/ no relevant archives
- web.archive.org/web/20110208070523/pet-a-bration.com no archives
Reducing a bit searching for Macdona as city gives only 19 hits:
- web.archive.org/web/20111126163259/http://tamilupgraded.com/ 19 Archives broken. cqcounter.com/whois/www/tamilupgraded.com.html off style.
- web.archive.org/web/20080115063123/http://www.zirnitrasports.com/ suspicious but quite broken. Arabic. Split images. Comms not found. cqcounter.com/whois/www/zirnitrasports.com.html in-style. viewdns.info/iphistory/?domain=zirnitrasports.com. Members/register at top linking to web.archive.org/web/20080115220218/http://www.zirnitrasports.com/reg.html
  - 216.180.224.58 British Virgin Islands NTHL 2012-01-11. viewdns.info/reverseip/?t=1&host=216.180.224.58 small virtual. Also searched 216.180.224.50 - 216.180.224.65
    dare2wearts.com 2012-06-29 No archives.
    keralaaicuf.com 2012-09-21. No archives.
    kids-ireland.com 2011-11-13 web.archive.org/web/20110128075525/http://kids-ireland.com/ off
    makeupbyjadab.com 2012-11-12. Off
    socalfitnessbootcamp.com 2012-06-29. Off
    unitedwelfareservices.com 2012-11-12. No archives.
    zirnitrasports.com 2012-01-11
- bontonphoto.com web.archive.org/web/20100605033030/http://www.bontonphoto.com/ suspicious with members linking to web.archive.org/web/20130826142257/https://bonto001.secure.omnis.com/cgi-bin/main.cgi www.omnis.com/ is a hosting service.
  - web.archive.org/web/20130528074647/http://bontonphoto.com/ better screenshot has a news link.. cqcounter.com/whois/www/bontonphoto.com.html empty
- olqhchurch.com web.archive.org/web/20110201182208/http://olqhchurch.com/ dead, cqcounter.com/whois/www/olqhchurch.com.html not found
66.104.173.186: myworldlymusic.com. Hit.
66.104.173.189: hitpoint-gaming.com. Hit. Network Solutions, LLC + perfect privacy.

66.104.175.40 beyondnetworknews.com. XO-AS15 in United States. whois.arin.net/rest/net/NET-66-104-0-0-1/pft?s=66.104.175.40. Net Range:66.104.0.0 - 66.107.255.255. 2012 Internet Census puts most/all hits in this range under ip66-104-175-34.z175-104-66.customer.algx.net, algx.net redirects to verizon.com as of 2023. Related: superuser.com/questions/956568/why-are-my-pings-going-to-customer-algx-net. Tested viewdns.info range: 66.104.175.24 - unknown

66.104.175.34: itwebtoday.com. Hit. domainsbyproxy.com
66.104.175.35: drglobalnews.com. Hit.
66.104.175.36: adilnews.net. Hit.
66.104.175.37: technewstogo.com. web.archive.org/web/20110201205946/http://technewstogo.com/ "UNDER CONSTRUCTION" cqcounter.com/whois/www/technewstogo.com.html same.
66.104.175.40: beyondnetworknews.com. Hit.
66.104.175.41: grubbersworldrugbynews.com. Hit. domainsbyproxy.com
66.104.175.42: news-and-sports.com. Hit.
66.104.175.44: yourtripfinder.net. Hit. domainsbyproxy.com
66.104.175.45: rollinsnetwork.com. Hit. domainsbyproxy.com
66.104.175.46: infosharenews.com. Hit.
66.104.175.47: southasiaheadlines.com. Hit.
66.104.175.48: worlddispatch.net. Hit.
66.104.175.49: webworldsports.com. Hit.
66.104.175.50: fly-bybirdies.com. Hit.
66.104.175.51: businessexchangetoday.com. Hit.
66.104.175.52: mensajeradenoticias.com. Hit. domainsbyproxy.com
66.104.175.53: info-ology.net. Hit.
66.104.175.54: marketflows.net. Hit. domainsbyproxy.com
66.104.175.57: metanewsdaily.com. Hit.
66.104.175.218: remote.taxconsultantsgroup.com. No archives. cqcounter.com/whois/www/taxconsultantsgroup.com.html commercial so unlikely

66.175.106.148 activegaminginfo.com. UUNET in United States. whois.arin.net/rest/net/NET-66-175-106-128-1/pft?s=66.175.106.148: Net Range: 66.175.106.128 - 66.175.106.159. Customer Name: DIAMOND-COLESON. Tested viewdns.info range: 66.175.106.131 - 66.175.106.178

66.175.106.10: nationalchecktrust.com. Legit?
66.175.106.134: paddlescoop.com. Hit.
66.175.106.137: kessingerssportsnews.com. Hit. Network Solutions: Latimer, Daniel
```
"name": "Latimer, Daniel|ATTN KESSINGERSSPORTSNEWS.COM|care of Network Solutions",
"organization": null,
"street": "PO Box 459",
"city": "PA",
"state": "US",
"postalCode": "18222",
"country": "UNITED STATES",
```
12 hits for name but nothing else looks promissing:
- element42.au
- refugeministryoils.com
- element42.com.au
- refugeloveministry.net
- refugeloveministry.com
- boysofrockingham.com
- daniellatimer.net
- thejourneytoyourheart.com. web.archive.org/web/20130925191623/http://thejourneytoyourheart.com/ empty cqcounter.com/whois/www/thejourneytoyourheart.com.html not found
- latimerstudio.com
- latimerstudios.com
- danlatimer.com
- kessingerssportsnews.com
66.175.106.138: factorforcenews.com. Hit. domainsbyproxy.com
66.175.106.140: aroundthemiddleeast.com. No Wayback Machine hits. Last resolved: 2012-06-29. cqcounter.com/whois/www/aroundthemiddleeast.com.html not found.
66.175.106.142: kanata-news.com. Hit. domainsbyproxy.com
66.175.106.143: thecricketfan.com. Hit.
66.175.106.146: inews-today.com. Initially found with 2013 DNS Census virtual host cleanup heuristic keyword searches which gave IP address 193.203.49.212. But that has no nearby hits. 66.175.106.146 was later found on viewdns.info, and slotted into this other existing IP range.
- 193.203.49.211 datingso.com: legit? Russian dating website
- 193.203.49.212 inews-today.com. Hit.
- 193.203.49.223 zatysi.net: legit
- 193.203.49.226 kinotopik.com: legit? Russian
- 193.203.49.229 rotor-volgograd.com. Legit.
- 193.203.49.233 ordercytotec.com. Broken. cqcounter.com/whois/www/ordercytotec.com.html not found.
66.175.106.147: starwarsweb.net. Hit.
66.175.106.148: activegaminginfo.com. Hit. Network Solutions, LLC for Elizabeth Corral. tools.whoisxmlapi.com/reverse-whois-search reverse search "Corral, Elizabeth" only has that hit
66.175.106.149: feedsdemexicoyelmundo.com. Hit.
66.175.106.150: noticiasmusica.net. Hit. Network Solutions, LLC for Megan See. tools.whoisxmlapi.com/reverse-whois-search only this hit.
66.175.106.155: atomworldnews.com. Hit. domainsbyproxy.com
66.175.106.158: nouvellesetdesrapports.com. Hit.
66.175.106.166: exchange.katzbarron.com. Legit. Reverse IP source: 2012 Internet Census
66.175.106.183: mail.lfdatacenter.com. No archives.

66.237.236.247 comunidaddenoticias.com. XO-AS15 in United States. Tested viewdns.info range: 66.237.236.222 - 66.237.236.254

66.237.236.227: newsandmusicminute.com. Hit. Network Solutions, LLC for:
```
"name": "Alger, Jennifer",
"organization": null,
"street": "PO Box 459",
"city": "Drums",
"state": "PA",
"postalCode": "18222",
"country": "UNITED STATES",
```
tools.whoisxmlapi.com/reverse-whois-search search for "Alger, Jennifer" has four domain:
- preparedtoact.com: parked domain girl web.archive.org/web/20130831091701/http://www.preparedtoact.com/
- prepared2act.com
- newsandmusicminute.com
- jennisdish.com web.archive.org/web/20110207105346/http://jennisdish.com/ godaddy
but more interestingly this address is the same as other hits: activegameinfo.com and noticiasmusica.net! "PO Box 459" anywhere search has 10k+ domains and so does Drums so not helping.
66.237.236.229: pearls-playlist.com 2011-11-13. Hit. domainsbyproxy.com

66.237.236.230: beyondthefringe.info 2013-01-02. Hit. GoDaddy.com for

"registrantContact": {
  "name": "Nathan Stock",
  "organization": null,
  "street": "PO Box 61654",
  "city": "Savannah",
  "state": "Georgia",
  "postalCode": "31420",
  "country": "UNITED STATES",
  "email": "nathanstock@earthlink.net",
  "telephone": "19129206355",

no hits for that name of reversed.

66.237.236.231: primetimemovies.net 2011-06-22. Hit. No whois records.
66.237.236.235: persephneintl.com. Hit. domainsbyproxy.com
66.237.236.236: directoalgrano.net 2012-01-23. Hit.
66.237.236.240: actualizaciondebeisbol.com. Hit. domainsbyproxy.com
66.237.236.243: mygadgettech.com. Hit.
66.237.236.247: comunidaddenoticias.com. Hit. domainsbyproxy.com
66.237.236.249: sumerjaseahora.com. Hit. domainsbyproxy.com

69.84.156.90 stickshiftnews.com. COLOSPACE in Methuen - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 69.84.156.64 - 69.84.156.95

69.84.156.69: al-ashak-news-me.com. Hit.
69.84.156.70: theventurenews.info. Hit.
69.84.156.71: worldfinancetoday.net. Hit.
69.84.156.72: autonewsarabia.com. Hit.
69.84.156.74: blue-moon-news.com. Hit.
69.84.156.75: theoutergreen.com. No archives. Might have been another golf hit. cqcounter.com/whois/www/theoutergreen.com.html not found.
69.84.156.76: tnc-urdu.com. Hit.
69.84.156.79: jassimnews.com. No archives/broken. cqcounter.com/whois/www/jassimnews.com.html blank.
69.84.156.80: noticiasdenuestromundo.com. Hit.
69.84.156.82: arabicnewsonline.com. Hit.
69.84.156.83: unganadormundial.com. Hit.
69.84.156.84: focusonbokeh.com. Hit. Network Solutions, LLC.
69.84.156.85: classic-rocktopia.com. Hit. domainsbyproxy.com.
69.84.156.87: i7diver.com. Hit.
69.84.156.88: diariodeelmundo.com. Hit.
69.84.156.89: todaysarabnews.com. Hit.
69.84.156.90: stickshiftnews.com. Hit.
69.84.156.91: theinternationalgoal.com. Hit.

72.34.53.174 technologytodayandtomorrow.com. IHNET in United States. This IP is special. This IP is somehow closely linked to the "Mass Deface III" pastebin as it seems to have been hosted by Condor hosting. They also have many old sites, and links to Russia which is apparently where this was hosted.

viewdns.info/iphistory/?domain=technologytodayandtomorrow.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-11-13 virtual
- 72.34.53.174 United States IHNET 2011-09-08. Tested viewdns.info range: 72.34.53.164 72.34.53.184 viewdns.info/reverseip/?t=1&host=72.34.53.174 went through all of them;
  - hits
    electronictechreviews.com 2011-09-08 domainsbyproxy.com
    recursosdenoticias.com 2012-06-29 domainsbyproxy.com
    todaysnewsandweather-ru.com 2012-01-11 domainsbyproxy.com
    myonlinegamesource.com 2012-01-11 Godaddy:
    "name": "Brandon Stiltner", "organization": null, "street": "1200 Brookstone Centre Pkwy", "city": "Columbus", "state": "Georgia", "postalCode": "31904", "country": "UNITED STATES",
    has two domains:
    sandshomerepairs.com. web.archive.org/web/20110207105346/sandshomerepairs.com no archives, cqcounter.com/whois/www/sandshomerepairs.com.html not found
    myonlinegamesource.com
    mytravelopian.com 2011-04-04 domainsbyproxy.com
  - possible hits
    * intloil.org 2012-04-27. 2011, Possible hit, a bit off style, but possibly because too broken. rss-item. Copyright 2005. Present at pastebin.com/CTXnhjeSp (now lost without archives I'm an idiot). cqcounter.com/whois/www/intloil.org.html from 2011 somewhat in style but interestingly also similarly broken. The "Login" button leads to another domain: "condorsecure.com": web.archive.org/web/20110721052801/https://condorsecure.com/~intloilo/alternativefuels.html which is megaweird and is what is mentioned in the "Mass Deface III" pastebin. domainsbyproxy.com. A similar thing happens in europeantravelcafe.com but to another domain.
    * islamicnewsonline.com 2013-03-23. No archives in date range. cqcounter.com/whois/www/islamicnewsonline.com.html not found, sad
  - not hits
    businesscardprinternyc.info 2012-04-18. Legit web.archive.org/web/20110925172844/http://businesscardprinternyc.info/
    dermozamsoe106.com 2011-07-02
    glialcells2009paris.com 2012-11-12
    hysfreedom.net 2013-07-08. Legit. web.archive.org/web/20111014185727/http://hysfreedom.net/
    integrativetherapiesec.com 2013-06-30. Parked domain girl. cqcounter.com/whois/www/integrativetherapiesec.com.html not found
    larumbaknox.com 2012-01-11. Parked domain girl
    theebizguy.com 2022-12-26 web.archive.org/web/20250000000000*/theebizguy.com many archives
    nofatchics.com 2012-01-11
    bjellaagency.com 2023-03-07
securitytrails.com/domain/technologytodayandtomorrow.com/history/a same

74.116.72.236 techtopnews.com. OPTIMUM-WIFI2 in Brooklyn - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.116.72.215 - 74.116.72.254

74.116.72.199: newsungraphics.com. Legit.
74.116.72.209: newsung.com. Legit/broken. cqcounter.com/whois/www/newsung.com.html not found
74.116.72.214: ofinancialinc.com. Legit.
74.116.72.219: stockpromoters.com. Legit.
74.116.72.227: dayenews.com. Hit.
74.116.72.229: guide-daventure.com. Hit.
74.116.72.230: spaceage-exchange.com. No archives. cqcounter.com/whois/www/spaceage-exchange.com.html blank image.
74.116.72.231: bleachersfootballnews.com. Hit.
74.116.72.232: indirectfreekick.com. Hit.
74.116.72.233: wwiichronicles.net. Hit.
74.116.72.234: petroleumagenews.com. Hit.
74.116.72.235: the-open-book-online.com. Hit.
74.116.72.236: techtopnews.com. Hit.
74.116.72.237: noticiasdiariasdedeportes.com. No archives. Sad, another potential Brazil hit. cqcounter.com/whois/www/noticiasdiariasdedeportes.com.html not found.
74.116.72.238: pohandakhbar.com. Hit. domainsbyproxy.com.
74.116.72.239: crickettoday.info. Hit.
74.116.72.240: zafernews.com. Hit.
74.116.72.241: itechnewstoday.com. Hit. domainsbyproxy.com.
74.116.72.242: gdgtsource.com. Hit.
74.116.72.243: waronfilmonline.com. Hit.
74.116.72.244: arborstribune.org. Hit. arborstribune.org. Godaddy without domainsbyproxy.com. Registrant: Ryan Binder, email rkbinder@copper.net Reverse hits for name:
- arborstribune.org
- phaseintl.us
- rblab.us
- bindersynthetics.com
- ryanbinder.com
- finalmarch.com. No archives. cqcounter.com/whois/www/finalmarch.com.html not found.
- finalmarch.info.
- mydrunknews.com. Godaddy parked: web.archive.org/web/20110207181833/http://mydrunknews.com/. cqcounter.com/whois/www/mydrunknews.com.html not found.
74.116.72.245: wineenthusiastonline.com. Welcome to the US Petabox. cqcounter.com/whois/www/wineenthusiastonline.com.html not found.
74.116.72.246: vuvuzelanews.com. Hit.
74.116.72.247: ballbatstumpsandbails.com. Hit.
74.116.72.248: kioni-sailing.com. Hit.
74.116.72.249: round-trip-travel.com. Hit.
74.116.72.250: arabicnewsource.com. Hit.

74.254.12.168 non-stop-news.net. BELLSOUTH-NET-BLK in Atlantic Beach - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.254.12.158 - 74.254.12.195. This domain exceptionally also has a second IP also with multihits: 207.239.196.230. The fact that the range has rdns sources with hits from both 2013 DNS Census and viewdns.info suggests this range is correct.

74.254.12.163: half-court.net. Hit.
74.254.12.163: dailywellnessnews.com. Hit.
74.254.12.165: dylandon.net. Hit. rdns source: viewdns.info.
74.254.12.166: afghanpoetry.net. Hit.
74.254.12.168: non-stop-news.net. Hit.
74.254.12.169: soldiersofsouthasia.com. Hit.
74.254.12.170: greek-news.info. Hit.
74.254.12.171: autism-news.org. Hit.
74.254.12.172: thesportsguidebook.com. rdns source: 2013 DNS Census. Only has archive of one subpage: 2009. English. sports. cqcounter.com/whois/www/thesportsguidebook.com.html not found.
74.254.12.173: thefreshnews.com. Hit.
74.254.12.174: reliefline.info. web.archive.org/web/20090416064302/http://www.reliefline.info:80/ Archive too broken. cqcounter.com/whois/www/reliefline.info.html broken.
74.254.12.176: pakcricketgrd.com. Hit.
74.254.12.177: networkofnews.com. Hit.
74.254.12.179: wineconnaisseur.net. Hit.
74.254.12.180: helpinghandssite.com. Hit.
74.254.12.185: newskwest.com. No archives. cqcounter.com/whois/www/newskwest.com.html broken.
74.254.12.187: efiinvestment.com. Hit.
74.254.12.188: first-tee-golf.com. Hit.
74.254.12.189: fabu-foto.com. Hit.
74.254.12.190: viptravelabroad.com. Hit.

173.208.81.2 LEASEWEB-USA-CHI in Lombard - United States:

weblognewsinfo.com:
- dnshistory.org/historical-dns-records/a/weblognewsinfo.com 2010-05-10 -> 2010-10-07 64.120.20.234 viewdns.info/reverseip/?t=1&host=64.120.20.234 small virtual:
  - web.archive.org/web/20101229135149/http://knightsofx.net/ off
  - marvel-mail.com/ no archives, dawhois.com/site/marvel-mail.com.html no results
- viewdns.info/iphistory/?domain=weblognewsinfo.com
  - 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-09-26 virtual
  - 173.208.81.2 Lombard - United States LEASEWEB-USA-CHI 2013-06-30 virtual with newsincirculation.com viewdns.info/reverseip/?t=1&host=173.208.81.2
    web.archive.org/web/20110131042438/http://underground-basement.com/ off
    web.archive.org/web/20110623044033/http://www.mypolitiki.com/ off
newsincirculation.com
- dnshistory.org/historical-dns-records/a/newsincirculation.com
  - 2010-03-10 -> 2010-08-15 64.120.20.234 virtual with weblognewsinfo.com
  - 2013-11-26 -> 2013-11-26 70.32.43.226
- viewdns.info/iphistory/?domain=newsincirculation.com
  - 70.32.43.226 Lombard - United States LEASEWEB-USA-CHI 2014-01-31
  - 50.63.202.77 United States AS-26496-GO-DADDY-COM-LLC 2013-10-19. virutal?
  - 70.32.43.226 Lombard - United States LEASEWEB-USA-CHI 2013-09-26 virtual?
  - 69.147.228.5 Chicago - United States LEASEWEB-USA-CHI 2012-11-12 unknown. Tested viewdns.info range: 69.147.228.1 69.147.228.15. Nope.
  - 173.208.81.2 Lombard - United States LEASEWEB-USA-CHI 2011-04-04 virtual

199.19.110.7 theworldnewsfeeds.com. Los Angeles - United States FIBER-LOGIC.

dnshistory.org/historical-dns-records/a/theworldnewsfeeds.com no hits
viewdns.info/iphistory/?domain=theworldnewsfeeds.com
- 199.19.110.7 2012-01-11 unknown range viewdns.info/reverseip/?t=1&host=199.19.110.7 small virtual:
  - Hits
    classymotors.net
    russiansportsworld.com
    urbestbod.com
  - Not hits:
    angelesmesapc.org: web.archive.org/web/20110623222054/http://angelesmesapc.org/ seems legit.
    web.archive.org/web/20110701070546/http://www.gralnickandsale.com/ broken
    web.archive.org/web/20110208064143/http://magnoliahousephotography.com/ commercial
    web.archive.org/web/20101229224456/http://rdns13.net/ cgi bin
- 74.200.252.212 United States RACKSPACE 2011-11-13 unknown range. viewdns.info/reverseip/?t=1&host=74.200.252.212 small virtual fully explored:
  - web.archive.org/web/20110202113450/http://vhserver2.com/ Joomla
  - web.archive.org/web/20110207191522/http://haugofamily.com/ redirecting

199.85.212.118 just-kidding-news.com. ATT-INTERNET4 in United States.

199.85.212.118 rdns source: 2013 DNS Census virtual host cleanup heuristic keyword searches, dnshistory.org (2009-09-23 -> 2011-01-25) and viewdns.info: "location": "United States", "owner": "VIMRO, LLC", "lastseen": "2012-01-11". Tested viewdns.info range: 199.85.212.95 - 199.85.212.128. Not sure worth it given the many 2013 DNS Census misses surrounding.
- 199.85.212.98: colorsxpress.com. Legit
- 199.85.212.104:
  - jobindons.com 2013-10-19.
  - piogroup.org 2012-12-29.
- 199.85.212.105: mide-news.com. Hit.
- 199.85.212.109: game2be.com. Infinite load loop: web.archive.org/web/20080102074404/http://www.game2be.com/ cqcounter.com/whois/www/game2be.com.html error not found.
- 199.85.212.111:
  - newsandsportscentral.com. Hit.
  - and many many others, not bothering with it
- 199.85.212.115: veryperi.com. Legit? 2011. Style is similar.
- 199.85.212.116: approselect.com. Legit?
- 199.85.212.117: innovative-software-solutions.com. broken/legit cqcounter.com/whois/www/innovative-software-solutions.com.html broken.
- 199.85.212.118: just-kidding-news.com. Hit.
- 199.85.212.119: invisus.com. Legit
- 199.85.212.120: allurebyjustine.com. Legit?
- 199.85.212.121: stockprouniversity.com cqcounter.com/whois/www/stockprouniversity.com.html legit?
- 199.85.212.122: stjosephswoodshop.com Legit?
- 199.85.212.125: time-spacer.net. Welcome to the US Petabox. cqcounter.com/whois/www/time-spacer.net.html service unavailable
- 199.85.212.132: qualitytrans.net. Legit?
- 199.85.212.134: mywellnessminder.com. Legit?
- 199.85.212.138: crystalglassinc.com
- 199.85.212.140: davistech-llc.com
68.178.232.100: see rastadirect.net. rdns source: viewdns.info: "location": "United States", "owner": "GoDaddy.com, LLC", "lastseen": "2012-06-29"
209.85.45.84. Tested viewdns.info range: 209.85.45.74 - 209.85.45.94.
- 209.85.45.2: dz8.dailyrazor.com
- 209.85.45.2: jr4consulting.com
- 209.85.45.41: guitarzza.com. No archives of time.
- 209.85.45.46: evergraindecking.com. No archives of time.
- 209.85.45.114: mauritiuspropertyconsultant.com. Legit/ broken.
- 209.85.45.160: bieltvedt.net. No archives of time.
- 209.85.45.160: golfstats.dk. No archives.
- 209.85.45.225: infokus.ca
- 209.85.45.225: mail.tomlatham.net
- 209.85.45.225: mail.tomlatham.org
- 209.85.45.239: flavacationcenter.com

204.176.38.143 noticiassofisticadas.com. UUNET in United States. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 204.176.38.125 - 204.176.38.154

204.176.38.130: i-pressnews.com. Hit.
204.176.38.132: turkishnewslinks.com. Hit.
204.176.38.134: photographyarecord.com. Hit.
204.176.38.135: breakingthewicket.com. Hit.
204.176.38.136: politicalworldtoday.com. Hit.
204.176.38.137: hi-tech-today.com. Hit.
204.176.38.138: continental-business-news.com. TODO. rss-item, split images. 2011. Cannot find comms. Also header and footer are not limited width which is unusual. Further HTML similarity reversing would be needed.
204.176.38.139: bigscreenbattles.com. Hit.
204.176.38.141: rakotafootball.com. Hit.
204.176.38.142: senderosdemontana.com. Hit.
204.176.38.143: noticiassofisticadas.com. Hit.
204.176.38.144: techno-today.com. Hit.
204.176.38.145: tickettonews.com. Hit.
204.176.38.146: dps-digitalphotosharing.com. Hit.
204.176.38.147: theputtingreen.com. Hit.
204.176.38.149: sportsnewstodayar.com. Hit.
204.176.38.150: kairuafricanews.com. Hit.

204.176.39.115 globalprovincesnews.com. UUNET in United States. Tested viewdns.info range: 204.176.39.93 - 204.176.39.124

204.176.39.97: beamingnews.com. Hit.
204.176.39.98: cubriendonoticias.com. Hit.
204.176.39.100: rowleyworldpost.com. Hit.
204.176.39.101: noticiastopicas.com. No archives. cqcounter.com/whois/www/noticiastopicas.com.html not found.
204.176.39.103: economicnewsbuzz.com. Hit.
204.176.39.104: spectranewsonline.com. Hit.
204.176.39.105: entertainmentnewscompany.com. Hit.
204.176.39.107: guidetoelectronics.net. Uncertain. 2010. English. tech, electronics. Split images, rss-items. Comms not found, likely CGI comms variant on unarchived login page:. web.archive.org/web/20101230025246/http://guidetoelectronics.net/login.html
204.176.39.110: arabnewsatdawn.com. Hit.
204.176.39.114: messengergalaxy.com. Uncertain. 2011. Would be the first example of something more commercial/service offering we've seen so far. Possible CGI comms variant.
204.176.39.115: globalprovincesnews.com. Hit.
204.176.39.116: mahparah-news.com. Hit.
204.176.39.119: commercialspacedesign.com. Hit.

207.150.191.68 technologypresstoday.com. Saudi Telecom Company JSC in Saudi Arabia.

technologypresstoday.com. Hit. 2011. JAR. Farsi. RSS, split images.
- viewdns.info/iphistory/?domain=technologypresstoday.com says 72.13.93.206 Santa Clara - United States EGIHOSTING 2012-01-11. viewdns.info/reverseip/?host=72.13.93.206&t=1 says large virtual.
- dnshistory.org/dns-records/technologypresstoday.com says empty
- securitytrails.com/domain/technologypresstoday.com/history/a
  - 72.13.93.203 EGIHosting 2009-07-20 (16 years) 2009-07-27 (16 years) 7 days
  - 64.13.159.156 Wave Broadband 2009-05-30 (16 years) 2009-07-16 (16 years) 2 months. viewdns.info/reverseip/?t=1&host=64.13.159.156 empty.
  - 207.150.191.68 Saudi Telecom Company JSC 2009-01-21 (16 years) 2009-05-22 (16 years) 4 months
  - 68.178.232.100 GoDaddy.com, LLC 2009-01-14 (16 years) 2009-01-20 (16 years) 6 days
worldofonlinenews.com. Hit.
- dnshistory.org/historical-dns-records/a/worldofonlinenews.com 2015-12-15 -> 2016-04-21 108.167.161.90 presumably from the legit era
- viewdns.info/iphistory/?domain=worldofonlinenews.com
  - 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-02 virtual
  - 207.150.191.68 Saudi Arabia Saudi Telecom Company JSC 2011-04-04 virtual
mywebofnews.com. Hit.
- dnshistory.org/historical-dns-records/a/mywebofnews.com 2010-03-09 -> 2010-08-14 207.150.191.68 But this has several hits for the same IP on DNS Census 2013 which is unusual:
```
3xhunter.com|2012-04-12T07:53:24|207.150.191.68
dreamersoul.net|2012-04-11T22:06:18|207.150.191.68
exdump.com|2012-02-03T11:42:44|207.150.191.68
```
viewdns.info/reverseip/?host=207.150.191.68&t=1 is medium virtual:
- world-high.info: cqcounter.com/whois/www/world-high.info.html legit wordpress
- viewdns.info/iphistory/?domain=mywebofnews.com no hits
  68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-27 virtual
  207.150.191.68 Saudi kkkArabia Saudi Telecom Company JSC 2011-06-22 virtual
viewdns.info/reverseip/?host=207.150.191.68&t=1
- kickofffootballnews.com. Hit. viewdns.info/iphistory/?domain=kickofffootballnews.com to that IP alone
- ithaiproperty.com. Legit. web.archive.org/web/20111001231548/http://www.ithaiproperty.com/
- themaconnightlife.com: no archives: web.archive.org/web/20250000000000*/themaconnightlife.com. cqcounter.com/whois/www/themaconnightlife.com.html sems legit.
- web.archive.org/web/20110202093639/http://theadvancompany.com/ cgi-bin directory
- web.archive.org/web/20091212001404/http://www.toddlerbedrailshop.com/ off
- cqcounter.com/whois/www/texasdavisfive.com.html off
- web.archive.org/web/20250000000000*/geldherrin-lady-estefania.com no archives.

207.210.250.132 aeronet-news.com. AS17378 in United States. This is the Autonomous System Number for TierPoint, LLC. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 207.210.250.126 - 207.210.250.157

207.210.250.131: starrynightnews.com. Hit.
207.210.250.132: aeronet-news.com. Hit.
207.210.250.133: bakaribulletin.com. Hit.
207.210.250.134: deprensaenlarevisiondehoy.com. Hit.
207.210.250.135: icwb-news.com. Hit.
207.210.250.136: sportsreelhighlights.com. Hit.
207.210.250.137: fashionforward.info. No archives. cqcounter.com/whois/www/fashionforward.info.html innovative but has a "Member" section. Stock lady visible somwhere at westlahairgrowth.com/?page_id=12158 according to Google images but I couldn't find it easily in the page.
207.210.250.138: inquiry-human-past.com. Hit.
207.210.250.139: thefairwaysaregreen.com. Hit.
207.210.250.142: russiaupdate.com. Hit.
207.210.250.143: archaeologyreview.net. Hit.
207.210.250.144: highspeed-news.com. No archives. cqcounter.com/whois/www/highspeed-news.com.html not found.
207.210.250.146: noticias-caracas.com. Hit.
207.210.250.147: bailandstump.com. Hit.
207.210.250.148: classicalmusic4arab.com. Hit.
207.210.250.149: globalventurestat.com. Hit.
207.210.250.152: al-rashidrealestate.com. Hit.
207.210.250.153: newsintheworld-ru.com. Hit.
207.210.250.154: news-unlimited.info. Hit.

208.93.112.105 fastnews-online.com. TULIP-SYSTEMS in United States. Checked viewdns.info range: 208.93.112.90 - 208.93.112.155

208.93.112.101: cketnews.com: web.archive.org/web/20070612034201/http://cketnews.com/. Archives from 2007 and off style. cqcounter.com/whois/www/cketnews.com.html not found.
208.93.112.105: fastnews-online.com. Hit.
208.93.112.106: travelxtreme.net. Hit.
208.93.112.108: nbanewsroundup.com. Hit.
208.93.112.110: luxuryfive.net. Hit.
208.93.112.111: topfootballnewsonline.com. Hit.
208.93.112.112: todaysportscores.com. Hit.
208.93.112.113: mostefficientself.com. Uncertain. cqcounter.com/whois/www/mostefficientself.com.html hard to tell. One is reminded of fightorgohome.com.
208.93.112.114: dynamicworldnews.com. Hit.
208.93.112.116: gazingvoyage.com. Hit.
208.93.112.123: garundipost.com. Hit.
208.93.112.125: theradioamateurs.com: no archives. cqcounter.com/whois/www/theradioamateurs.com.html not found.

208.254.38.39 todaysengineering.com. COLO-PREM-VZB in United States.

Tested viewdns.info range: 208.254.38.9 - 208.254.38.86. Weirdly empty, doesn't even show the domain iteslf!
- 208.254.38.39: todaysengineering.com. Hit. rdns source: both viewdns.info and 2013 DNS Census
- 208.254.38.56: nejadnews.com. Hit.
68.178.232.100: source: securitytrails.com. 2009-11-24 - 2009-12-11, GoDaddy.com, LLC

208.254.40.117 worldnewsandent.com. COLO-PREM-VZB in United States. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117: Net Range 208.192.0.0 - 208.255.255.255. Tested viewdns.info range: 208.254.40.92 - 208.254.40.135

208.254.40.96: sixty2media.com. Hit.
208.254.40.99: newspoliticssource.com. Hit.
208.254.40.110 musical-fortune.net. Hit.
208.254.40.113: ashoka-gemstones.com. Hit.
208.254.40.117: worldnewsandent.com. Hit.
208.254.40.124: riskandrewardnews.com. Hit.
208.254.40.129: mailb.casella.com. Legit.

208.254.42.205 driversinternationalgolf.com. COLO-PREM-VZB in United States. Tested viewdns.info range: 208.254.42.178 - 208.254.42.233.

208.254.42.35: mystorytimefriends.com. Broken/legit.
208.254.42.194: it-proonline.com. Hit.
208.254.42.200: riccs.mwcog.org. Legit. Reverse IP source: 2012 Internet Census, 2012-05-14.
208.254.42.205: driversinternationalgolf.com. Hit.
208.254.42.209: mardelsurnoticias.com. Hit. Reverse IP source: viewdns.info
208.254.42.215: nowfreshfinances.com. Hit.
208.254.42.216: circulatingnews.net. Hit.
208.254.42.219: westingtonpassnews.com. Hit. Reverse IP source: 2013 DNS Census
208.254.44.155: brandimpact.com. Legit/broken: web.archive.org/web/20070801000000*/brandimpact.com
208.254.45.105: operatorenum.com. Legit/broken: web.archive.org/web/20100301000000*/operatorenum.com

209.162.192.49 rastadirect.net. DF-PTL2-3 in Gresham - United States. Source: securitytrails.com and cqcounter.com/site/rastadirect.net.html. Tested viewdns.info: 209.162.192.30 209.162.192.70
* 209.162.192.44: thejewelofsouthamerica.com. Hit.
* 209.162.192.49: rastadirect.net. Hit.
* 209.162.192.51: yellow-chair-report.com. Hit.
* 209.162.192.54: tutkulu-turu.com. Possible hit. domainsbyproxy.com 2008-03-04. Weird style made up exclusively of cut up images, including the text itself where links would normally be. Turkish. Archive a bit weird with images on top of text. 2011 Copyright 2006. Unarchived link to web.archive.org/web/20110129065840/http://tutkulu-turu.com/login.html with title "Kullanıcı adı" (Username). Headline "Online seyahat etmek acenta" translates to "Online travel agency".
* 209.162.192.57: globalnewsreports.net. Hit.
* 209.162.192.59: easytravelsite.net. Hit.
* 209.162.192.70: phrio.com. Off date. viewdns.info/reverseip/?t=1&host=209.162.192.70

68.178.232.100 - United States - GoDaddy.com - 2011-05-02. Reverse IP source: viewdns.info
- +-20 range: several domains on each IP, but can't find any hits easily
There are actualy talk pages about this IP
- community.spiceworks.com/
- talk.plesk.com/threads/warning-the-domain-resolves-to-another-ip-address.77764/
- support.google.com/cloudidentity/answer/2579934?hl=en actually used as an example here?

210.80.75.55 philippinenewsonline.net. UUNET in Australia. Tested viewdns.info range: 210.80.75.30 - 210.80.75.67

210.80.75.35: aroundtheworldnews.net. No archives. ipinf.ru/domains/210.80.75.33/ disagrees and places it at .33.
210.80.75.36: e-commodities.net. Hit.
210.80.75.37: trekkingtoday.com. Hit.
210.80.75.41: multinews-33.com. Hit.
210.80.75.42: movimientodenticias.com. No archives. cqcounter.com/whois/www/movimientodenticias.com.html blank.
210.80.75.43: gulfandmiddleeastnews.com. Hit.
210.80.75.44: whirlybirdinflight.com. Hit.
210.80.75.45: kings-game.net. Hit.
210.80.75.46: topglobalnewsdaily.com. Hit.
210.80.75.49: recipe-dujour.com. Hit.
210.80.75.53: sportsman-elite.com. Hit.
210.80.75.55: philippinenewsonline.net. Hit.
210.80.75.56: technewsforme.com. Hit.
210.80.75.59: goldeportesnoticias.com. Hit.
210.80.75.68: gigabyte-usa.com. Legit.

212.4.16.232 mynewscheck.com. UUNET in Cassano d'Adda - Italy. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.16.214 - 212.4.17.198. ipinf.ru/domains/?search=212.4.17.125&cust=1 says they are /19, so .16 and .17 are both the same range from a registration perspective::

212.4.16.224: lanoticiasdehoyelinforme.com. Hit.
212.4.16.232: mynewscheck.com. Hit.
212.4.16.239: saktimarsgolf.com 2012-06-29. Broken/legit/no archives of relevant date: web.archive.org/web/20081031060207/http://saktimarsgolf.com/. cqcounter.com/whois/www/saktimarsgolf.com.html blank.
212.4.16.245: financial-crisis-news.com. Hit.
212.4.16.252: minutosdenoticias.com. Hit. web.archive.org/web/20100517151612/http://minutosdenoticias.com/

212.4.17.38 fightwithoutrules.com. UUNET in Cassano d'Adda - Italy. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117. Net Range: 208.192.0.0 - 208.255.255.255. Organization: Name: Verizon Business. Tested viewdns.info range: see 212.4.16.* above

212.4.17.38: fightwithoutrules.com. Hit.
212.4.17.41: newtechfrontier.com. Hit.
212.4.17.43: smart-travel-consultant.com. Hit.
212.4.17.46: atentlaloc.com. Hit.
212.4.17.53: newsresolution.net. Hit.
212.4.17.56: lesummumdelafinance.com. Hit.
212.4.17.56: thepinnacleoffinance.com. No Wayback machine archives. cqcounter.com/whois/www/thepinnacleoffinance.com.html blank.
212.4.17.61: tech-stop.org. Archive: 2011. Feels likely. No commons found. .org hit? Has subdomain "gear.tech-stop.org" according to 2013 DNS Census, which suggests CGI comms, but no links to it
212.4.17.98: topbillingsite.com. Hit.
212.4.17.122: b2bworldglobal.com. Hit.
212.4.17.125: worldaroundyunnan.com. Hit.
212.4.17.160: localtoglobalnews.com. Hit.

There were also some other reverse IP hits for fightwithoutrules.com, but no CIA websites there:

204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26. Many domains.
208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20. Many domains.

Other hits:

208.91.197.132. rdns source: viewdns.info: "location" : "British Virgin Islands", "owner" : "Confluence Networks Inc", "lastseen" : "2013-09-26". So this is after the previous one, unlikely to be correct.
205.178.189.131. source: securitytrails.com

212.4.18.129 sightseeingnews.com. UUNET in Cassano d'Adda - Italy. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.18.115 - 212.4.18.148. TODO expand. Interesting wide/sparse range? Or perhaps it's two separate ranges?

212.4.18.129: sightseeingnews.com. Hit. Presumably also present under fgnl.net on its second IP range, since this is near 212.4.18.133? viewdns.info gives this as the only IP for the domain.
212.4.30.210: iprintitaly.com. Legit: web.archive.org/web/20230000000000*/http://www.iprintitaly.com/

212.209.74.105 globalbaseballnews.com. UUNET in Sweden. Tested viewdns.info range: 212.209.74.100 - 212.209.74.132. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches

212.209.74.105: globalbaseballnews.com. Hit.
212.209.74.106: football-de-luxe.com. Hit.
212.209.74.111: worldconcerns.info. No archives. cqcounter.com/whois/www/worldconcerns.info.html empty.
212.209.74.112: developmental-league.com. Unclear. CGI comms variant? 2010. English. CGI. American football.
212.209.74.115: mediocampodefutbol.com. Hit.
212.209.74.117: myengineeringaffinity.com. Hit.
212.209.74.122: atthemovies.biz. Hit.
212.209.74.123: worldfinancialexchangenews.com. Hit.
212.209.74.124: urouttahere.com. Hit.
212.209.74.125: avoilurefixe.com. Hit.
212.209.74.126: headlines2day.com. Hit.
- 118.139.174.11. Reverse IP source: viewdns.info
  - 118.139.174.11: 712 domain hits on it
  - 118.139.174.21: theargentineanwineco.com 2013-09-26. No Wayback machine archive. cqcounter.com/whois/www/theargentineanwineco.com.html not found.
  - nothing else on the +-20 range
- 184.168.221.91. Reverse IP source: 2013 DNS Census
  - 184.168.221.91: 40k hits on 2013 DNS Census
212.209.74.127: construction-zones.com. Unclear. CGI comms variant? 2009. No known comms found. English. construction. Has a login page: web.archive.org/web/20091130144158/http://construction-zones.com/login.html so maybe CGI comms variant

212.209.79.40 hydradraco.com. UUNET in Sweden. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just after globalbaseballnews.com. Tested viewdns.info range: 212.209.79.35 - 212.209.79.63

212.209.79.34: fgnl.net. Hit. securitytrails.com provides IP history:
- 212.209.79.34: 2008-09-01 - 2010-04-19.
- 212.4.18.133: 2010-04-19 - 2019-06-19. Tested viewdns.info range: 212.4.18.122 - 212.4.18.148
both under MCI Communications Services, Inc. d/b/a Verizon Business.
212.209.79.37: fitness-sources.com. Hit.
212.209.79.40: hydradraco.com. Hit.
212.209.79.41: noticiasdelmundolatino.com. Hit.
212.209.79.42: suparakuvi.com. Hit.
212.209.79.44: myigadgets.net. Unclear. 2010. tech. Contains some helpers to: iGoogle. This page is very interesting. and quite different from the others, as it contains highly specialized functionality. No known comms found. The choice of homepage languages is also very suspicious: Arabic, Farsi, French, Chinese and Spanish.
212.209.79.46: cetusdelph.com. Hit.
212.209.79.47: willtoworship.com. Hit. domainsbyproxy.com
212.209.79.48: themvconnection.com. Hit.
212.209.79.51: pi-resources.net. Hit.
212.209.79.52: newel-adserver.com. Redirects to newel.com which is legit. cqcounter.com/whois/www/newel-adserver.com.html blank.
212.209.79.53: ourscubaworld.com. Hit.
212.209.79.58: tech-love-home.com. Hit.
212.209.79.60: first-solo-aviation.com. Hit.
212.209.79.61: china-destinations.org. Hit.

212.209.90.84 thenewseditor.com. UUNET in Sweden. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.209.90.64 - 212.209.90.99

212.209.90.69: worldedgenews.com. Hit.
212.209.90.72: talkingpointnews.info. Hit.
212.209.90.74: globalinvestmentnews.net. Hit.
212.209.90.75: prebitinvestment.com. Hit.
212.209.90.77: energy-bulb.com 2011. English. energy. Comms not found, but has unarchived link to: web.archive.org/web/20110128182345/https://webmail.energy-bulb.com/login.html. CGI comms variant?
212.209.90.79: freeblink.com. No archives for timerange, then legit. cqcounter.com/whois/www/freeblink.com.html off-style
212.209.90.80: nsmovies.net. Hit.
212.209.90.82: middleeastjournal.net. Hit.
212.209.90.84: thenewseditor.com. Hit.
212.209.90.87: newsandweathersource.com. Hit.
212.209.90.89: pakisports.com. Hit.
212.209.90.90: vriha-aesthetics.com. Hit.
212.209.90.92: amishkanews.com. Hit.
212.209.90.93: theentertainbiz.com. Hit.
212.209.90.94: eurosportssummary.com. Hit.
212.209.91.14: teracom.net. Legit

216.93.248.194 esmundonoticias.com. TWDX in Chelmsford - United States.

dnshistory.org/historical-dns-records/a/esmundonoticias.com 2010-02-05 -> 2010-08-02 216.93.248.194. Tested viewdns.info range: 216.93.248.184 216.93.248.204. viewdns.info/reverseip/?host=216.93.248.194&t=1 gives:
- hits:
  - esmundonoticias.com 2012-01-11
  - kukrinews.com 2011-06-22
    dnshistory.org/historical-dns-records/a/kukrinews.com 2010-02-26 -> 2010-08-07 216.93.248.194
    viewdns.info/iphistory/?domain=kukrinews.com 216.93.248.194 Malden - United States TWDX 2011-06-22
  - lasthournews.com 2010-02-27 -> 2010-08-07
  - tech-geek-news.com 2012-01-11
- not hits;
  - 216.93.248.194: coxsackielive.com 2012-06-29. No archives. dawhois.com/www/coxsackielive.com.html off.
  - 216.93.248.194: datapakassociates.org 2012-04-27. No rachives. dawhois.com/www/datapakassociates.org.html off.
  - 216.93.248.194: easywebworld.net 2012-02-27. Broken: web.archive.org/web/20101229051406/http://easywebworld.net/ "This Site Is Under Construction. Come Back Soon!" so seems legit. dawhois.com/www/easywebworld.net.html same.
  - 216.93.248.194: librarianhelper.com 2013-06-30. Parked domain girl. dawhois.com/www/librarianhelper.com.html not found.
  - 216.93.248.194: ualbanycornerstone.org 2012-04-13. Legit.
viewdns.info/iphistory/?domain=esmundonoticias.com 216.93.248.194 Malden - United States TWDX 2012-01-11. Tested. viewdns.info/reverseip/?t=1&host=216.93.248.194 small virtual.

216.104.38.114 all-sport-headlines.com. SINGLEHOP-LLC in United States.

viewdns.info/iphistory/?domain=all-sport-headlines.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-11-12 virtual
- 216.104.38.114 United States SINGLEHOP-LLC 2012-09-21. Tested viewdns.info range: 216.104.38.104 216.104.38.124
  - viewdns.info/reverseip/?t=1&host=216.104.38.114
    hits:
    * wahidfutbol.com
    * wildbirds-seasia.com
    not hits:
    web.archive.org/web/0/oaksathighlandlakes.com no archives
    web.archive.org/web/20110208080756/http://www.weathersbyhoa.com/cgi-bin/index.pl?action=main
    web.archive.org/web/20110202205540/http://www.themeadowssubdivisionhoa.com/cgi-bin/index.pl?action=main
    web.archive.org/web/20110208074306/http://bsheroics.com/ humm off there is a chance. They have actual twitter: x.com/bsheroics nevermind. And: www.facebook.com/profile.php?id=100078200499209
    afterawhilecrocodile.info 2011-07-26. Legit.
securitytrails.com/domain/all-sport-headlines.com/history/a adds
- 66.246.218.219 Cologix, Inc 2008-09-01 (17 years) 2008-11-25 (16 years) 3 months. viewdns.info/reverseip/?t=1&host=66.246.218.219 empty.

216.105.98.152: modernarabicnews.com. SAVVY-NET in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 216.105.98.125 - 216.105.98.167

216.105.98.118:
- estudashboard.com: broken cqcounter.com/whois/www/estudashboard.com.html not found
- fintrade.us: legit
216.105.98.132: europeantravelcafe.com. Hit.
216.105.98.134: fuenteneta.com. Hit.
216.105.98.135: ilat-news.com. Hit.
216.105.98.136: etherealinspirations.net. Hit.
216.105.98.137: the-news-zone.com. Hit.
216.105.98.138: photozoomnews.com. No archives. cqcounter.com/whois/www/photozoomnews.com.html empty
216.105.98.139: cultura-digital.net. Hit.
216.105.98.140: uaeshoppingspree.com. Hit.
216.105.98.141: jabarifootball.com. No archives. "Jabari" is a Swahili/Arabic name ^[ref]. cqcounter.com/whois/www/jabarifootball.com.html not found.
216.105.98.142: globalreview-ar.com. No archives. Shame, could have been our first Argentinian site. cqcounter.com/whois/www/globalreview-ar.com.html empty.
216.105.98.144: garanziadellasicurezza.com. Hit.
216.105.98.145: montanismoaventura.com. Hit.
216.105.98.146: large-format-news.com. Hit.
216.105.98.147: nepalnewsbrief.com. Hit. dnshistory.org marks it as having IP 2010-03-10 -> 2010-08-15 216.169.148.94 ^[ref]. This range does feel a bit different from the others, too many broken archives, and relatively early ones too. Explored viewdns.info range: 216.169.148.84 - 216.169.148.104, empty for period. domainsbyproxy.com.
216.105.98.148: teclafinance.com. Hit.
216.105.98.149: entreman.com. Hit.
216.105.98.152: modernarabicnews.com. Hit.
216.105.98.153: global-headlines.com. Hit.
216.105.98.154: everythingcricket.org. Hit.
216.105.98.156: familyhealthonline.net. Hit.
216.105.98.157: delacorne.com. Hit.
216.105.98.158: econfutures.com. Hit.
216.105.98.161: kstcloud.com. No archives. cqcounter.com/whois/www/kstcloud.com.html not found

219.90.61.123 journeystravelled.com. UUNET in Taiwan. Tested viewdns.info range: 219.90.61.100 - 219.90.61.133

219.90.61.100: pressstory.com: "Under construction". web.archive.org/web/20110128124548/http://pressstory.com/. cqcounter.com/whois/www/pressstory.com.html same
219.90.61.103: bet2plays.com. "Under construction". Unlikely thematic, too spicy. cqcounter.com/whois/www/bet2plays.com.html same
219.90.61.110: surya-brahma.com. Hit
219.90.61.111: classicalmusicboxonline.com. Hit.
219.90.61.116: athletepro.net. Hit.
219.90.61.117: lajornadanow.com. Hit.
219.90.61.119: aviation-navigation.com. Hit.
219.90.61.120: theinternationalworld.com. Hit.
219.90.61.121: thepyramidnews.com. Hit.
219.90.61.122: iran-newslink-today.com. Hit.
219.90.61.123: journeystravelled.com. Hit.

219.90.62.243 fitness-dawg.com. UUNET in Taiwan. whois.arin.net/rest/net/NET-219-0-0-0-1/pft?s=219.90.62.243. Net Type: Allocated to APNIC. Tested viewdns.info range: unknown - 219.90.62.255

219.90.62.173:
- dominatingduos.com: 2013-08-12T17:53:09. No archive. cqcounter.com/whois/www/dominatingduos.com.html empty
- has other domains
219.90.62.193: centralnewsreleasers.com. Only a 2018 of the robots.txt: web.archive.org/web/*/http://centralnewsreleasers.com/* so likely not a hit. cqcounter.com/whois/www/centralnewsreleasers.com.html not found.
219.90.62.209: penniesbythemillions.com. No archives. cqcounter.com/whois/www/penniesbythemillions.com.html not found.
219.90.62.229: information-junky.com. Hit.
219.90.62.231: todosperuahora.com. Hit.
219.90.62.232: race26point2.com. Hit. No archives, but has subdomain: secure.race26point2.com, so likely CGI comms. cqcounter.com/whois/www/race26point2.com.html somewaht in-style and also a "members" link, presumably linking to secure.race26point2.com. The "26" and "2" are not very clear, but tagline clarifies "leading the race on the latest running news and events" so it's a running news website
219.90.62.233: theworld-news.net. Hit.
219.90.62.234: recuerdosdeviajeonline.com. Hit
219.90.62.235: ordenpolicial.com. Hit.
219.90.62.240: cityworldnewsnow.com. Hit. No archives but has subdomain: secure.cityworldnewsnow.com so likely CGI comms. cqcounter.com/whois/www/cityworldnewsnow.com.html in-style, arab world mentions.
219.90.62.237: elcorreodenoticias.com. Hit.
219.90.62.238: freshtechonline.com. Hit.
219.90.62.240: cityworldnewsnow.com. Hit.
219.90.62.241: newscentertoday.com. Hit.
219.90.62.242: ride-captain.com. Hit.
219.90.62.244: easytraveleurope.com. Hit.
219.90.62.245: world-news-now.net. Hit.
219.90.62.246: negativeaperture.com. Hit.
219.90.62.247: conquermstoday.com. Hit
219.90.62.249: forensic-exchange.com. 2013 archive: web.archive.org/web/20130714094026/http://forensic-exchange.com/. Appears to be a buggy Wayback Machine archive somehow, so inconclusive. cqcounter.com/whois/www/forensic-exchange.com.html in-style, clarifies focus on computer.

 Read the full article

CIA 2010 covert communication websites / Hits without nearby IP hits  Updated 2025-04-24  +Created 1970-01-01

 View more

Here we list domains for which the correct IP was apparently not found since there are no neighbouring hits.

These are suspicious, and suggest either that we didn't obtain the correct reverse IP, or a change in CIA methodology from an older time at which they were not yet using the obscene IP ranges.

For example, in the case of inews-today.com, 2013 DNS Census gave one IP 193.203.49.212, but then viewdns.info gave another one 66.175.106.146 which fit into an existing IP range, and which assumed to be the correct IP of interest.

A similar case happened when we found IP 212.209.74.126 for headlines2day.com with dnshistory.org: dnshistory.org/historical-dns-records/a/headlines2day.com.

It is interesting to note that Reuters seems to have featured disproportionately many hits from that range, one wonders why that happened. It is possible that they chose these because they actually didn't have any nearby hits to give away less obvious information, though they did pick some from the ranges as wel.

In what follows we list the domains with possible reverse IPs and what was explored so far for each. We consider IPs not in a range to be uncertain, and that instead their domains might have been previously in a range which we

dailynewsandsports.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches

216.119.129.94. rdns source: viewdns.info "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2012-04-13". Tested viewdns.info range: 216.119.129.85 - 216.119.129.86, 216.119.129.89 - 216.119.129.99, ran out of queries for 87 and 88
- 216.119.129.90: eastdairies.com 2011-04-04. Promising name and date, but no archives alas.
- 216.119.129.97: miideaco.com 2016-02-01
216.119.129.114 Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches, also present on viewdns.info but at a later date from previous "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2013-11-29". Tested viewdns.info range: 216.119.129.109 - 216.119.129.119
- 216.119.129.110: dommoejmechty.com.ua. Legit.
- 216.119.129.111: dailybeatz.com: Legit
- 216.119.129.113:
  - audreygeneve.com
  - reyzheng.com
  - jacintorey.com
- 216.119.129.114: dailynewsandsports.com. hit.
- 216.119.129.115: afxchange.com legit/broken
- 216.119.129.116: danafunkfinancial.com: legit
208.73.33.194 on securitytrails.com
- 69.64.155.77 Amazon.com, Inc. 2008-12-10 (16 years) 2008-12-19 (16 years) 9 days
- 68.178.232.100 GoDaddy.com, LLC 2008-10-04 (16 years) 2008-11-02 (16 years) 29 days
- 208.73.33.194 Jumpline Inc 2008-09-01 (17 years) 2008-10-03 (16 years) 1 month

iranfootballsource.com:

34.98.99.30 Kansas City - United States Google LLC 2021-05-24
184.168.221.94 United States GoDaddy.com 2020-07-21
50.63.202.66 United States GoDaddy.com 2020-07-07
50.63.202.86 United States GoDaddy.com 2020-05-28
184.168.221.94 United States GoDaddy.com 2020-05-13
50.63.202.74 United States GoDaddy.com 2020-04-29
50.18.223.191 San Jose - United States Amazon.com 2015-03-23. Sources: 2013 DNS Census and viewdns.info
- no viewdns.info hits +- 10
85.13.200.108 United Kingdom Coreix Dedicated Customer Allocation 2013-06-30. Source: viewdns.info
- 85.13.200.108: 1000 hits, so unlikely to be the one

iraniangoalkicks.com:

68.178.232.100: treverse IP source: viewdns.info. see rastadirect.net.
208.71.138.130 2010-02-22 -> 2010-08-06, QWK.net Hosting, L.L.C.. source: dnshistory.org/historical-dns-records/a/iraniangoalkicks.com. Large shared hosting domain, no good nearby hits, several legit sites.
securitytrails.com/domain/iraniangoalkicks.com/history/a says:
- 2011-03-31 68.178.232.100
- 2008-09-01 208.71.138.130

iraniangoals.com:

68.178.232.100: see rastadirect.net
69.65.33.21 - Flushing - United States - GigeNET - 2011-09-08. Also at: dnshistory.org/historical-dns-records/a/iraniangoals.com 2009-08-03 -> 2011-01-12 69.65.33.21 viewdns.info/reverseip/?t=1&host=69.65.33.21 80 virtual nothing pops to eye on quick read:
- 69.65.33.2: onemincustomerservice.com. web.archive.org/web/20091015044922/http://www.onemincustomerservice.com/. Doesn't feel like a hit. cqcounter.com/whois/www/onemincustomerservice.com.html error
- 69.65.33.5: 400+ domains
- 69.65.33.6: 4 domains but recent resolutions only
- similar status for everything else withing +-20. A couple of domains, no easy hits
securitytrails.com/domain/iraniangoals.com/history/a same from 2008-09-17

football-enthusiast.com:

212.4.18.14: Tested viewdns.info range: 212.4.18.1 - 212.4.18.29. This is a curious case, rather close to 212.4.18.129 sightseeingnews.com, but not quite in the same range apparently. Viewdns.info also agrees on its history with only "212.4.18.14", "location" : "Milan - Italy", "owner" : "MCI Worldcom Italy Spa", "lastseen" : "2013-06-30" of interest.

cyhiraeth-intlnews.com:

dnshistory.org/historical-dns-records/a/cyhiraeth-intlnews.com 2009-07-31 -> 2011-01-05 0.0.0.0 WTF?
viewdns.info/iphistory/?domain=cyhiraeth-intlnews.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-27 virtual
- 0.0.0.0 Unknown Unknown 2011-07-02. Hmm also the 0.0.0.0. Weird!

news-latina.com: domainsbyproxy.com 2007-12-17

dnshistory.org/historical-dns-records/a/news-latina.com 2010-03-11 -> 2010-08-16 64.92.111.3. this has several hits for the same IP on DNS Census 2013 which is unusual. Tested viewdns.info range: 64.92.111.1 - 64.92.111.13
- 64.92.111.2 virtual
- 64.92.111.3 virtual
viewdns.info/iphistory/?domain=news-latina.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-08-11 virtual
- 64.92.111.3 United States MASSIVE-NETWORKS 2011-07-27 mdeium virtual viewdns.info/reverseip/?t=1&host=64.92.111.3

europeannewsflash.com:

viewdns.info/iphistory/?domain=europeannewsflash.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-10-09 virtual
- 216.131.66.209 San Francisco - United States STRTEC 2011-09-08. Tested viewdns.info range: 216.131.66.201 216.131.66.219
dnshistory.org/historical-dns-records/a/europeannewsflash.com 2010-02-06 -> 2010-08-02 216.131.66.209. Tested.

outlooknewscast.com:

dnshistory.org/historical-dns-records/a/outlooknewscast.com
- 2009-08-08 -> 2011-02-11 74.53.159.130. Tested viewdns.info range: 74.53.159.120 - 74.53.159.140
  - 74.53.159.130: aeromedhistory.org 2014-11-29
  - 74.53.159.130: mariposahorticultural.com 2022-11-28
  - 74.53.159.130: thewritestuffresume.com 2011-04-04. Legit.
viewdns.info/iphistory/?domain=outlooknewscast.com
- 204.93.178.121 Chicago - United States SERVERCENTRAL 2011-09-08. Tested viewdns.info range: 204.93.178.111 - 204.93.178.131. Skimmed through, nothing of great interest.
- 74.53.159.130 United States SOFTLAYER 2011-04-04. Tested.

24hoursprimenews.com:

dnshistory.org/historical-dns-records/a/24hoursprimenews.com 2009-12-14 -> 2011-10-04 216.9.68.24. Mid virtual: viewdns.info/reverseip/?t=1&host=216.9.68.24 had a quick look but no hits:
- web.archive.org/web/20110208211446/http://mynews-togo.com/ invalid page. dawhois.com/www/mynews-togo.com.html same.
- web.archive.org/web/20110207202025/http://nefiexpo.com/
viewdns.info/iphistory/?domain=24hoursprimenews.com 216.9.68.24 United States VONAGE-BUSINESS 2012-01-11. Tested.
securitytrails.com/domain/24hoursprimenews.com/history/a same

farsi-newsandweather.com:

dnshistory.org/historical-dns-records/a/farsi-newsandweather.com 2010-02-07 -> 2010-08-03 69.49.101.19. Tested viewdns.info range: 69.49.101.9 - 69.49.101.19
viewdns.info/iphistory/?domain=farsi-newsandweather.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-01-11 virtual
- 69.49.101.19 Canada INFB-AS 2011-11-13. Tested.

global-view-news.com:

dnshistory.org/historical-dns-records/a/global-view-news.com 2010-02-13 -> 2010-08-04 67.220.228.130. Tested viewdns.info range: 67.220.228.120 - 67.220.228.160:
- 67.220.228.150: investfromhome.co.uk 2011-09-05. No archives.
viewdns.info/iphistory/?domain=global-view-news.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-01-11 virtual
- 69.90.161.195 Canada COGECO-PEER1 2011-09-08. Unknown. Tested viewdns.info range: 69.90.161.185 69.90.161.205. Some virtual misses. viewdns.info/reverseip/?t=1&host=69.90.161.195 medium virtual, canada.

health-men-today.com:

dnshistory.org/historical-dns-records/a/health-men-today.com
- 2011-01-07 -> 2011-01-07 69.90.162.165. Tested viewdns.info range: 69.90.162.155 - 69.90.162.175. Virtuals.
- 2009-11-30 -> 2010-05-27 67.220.228.224. New range with global-view-news.com? Tested viewdns.info range: 67.220.228.214 67.220.228.234
  - 67.220.228.223: stagedwithdistinction.com 2011-10-09. One archive of godaddy only.
- 2009-08-01 -> 2009-09-19 69.42.58.50. Tested viewdns.info range: 69.42.58.40 - 69.42.58.60. Virtuals, canada.
viewdns.info/iphistory/?domain=health-men-today.com
- 204.11.56.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2014-04-19. Virtuals.
- 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Unknown range.
- 69.90.162.165 Canada COGECO-PEER1 2012-06-29. Tested.
securitytrails.com/domain/health-men-today.com/history/a
- 69.42.58.50 Aptum Technologies 2008-09-01 (17 years) 2008-09-04 (17 years) 3 days

firstnewssource.com:

dnshistory.org/historical-dns-records/a/firstnewssource.com
- 2010-02-09 -> 2010-02-09 67.220.228.150 TODO new range with global-view-news.com? Tested.
- 2010-08-03 -> 2010-08-03 69.90.162.70 TODO new range with global-view-news.com?

pars-technews.com:

dnshistory.org/historical-dns-records/a/pars-technews.com 2009-08-08 -> 2011-02-13 74.220.219.104 Tested viewdns.info range: 74.220.219.94 74.220.219.114. viewdns.info/reverseip/?t=1&host=74.220.219.104 medium virtual haven't bothered much.
viewdns.info/iphistory/?domain=pars-technews.com 74.220.219.104 United States UNIFIEDLAYER-AS-1 2012-11-12. Tested.

newdaynewsonline.com:

dnshistory.org/historical-dns-records/a/newdaynewsonline.com 2010-03-10 -> 2010-08-15 76.163.54.16. Tested viewdns.info range: 76.163.54.6 76.163.54.26. viewdns.info/reverseip/?t=1&host=76.163.54.16 empty.
- 76.163.54.23: leewoodwork.com 2014-07-05
viewdns.info/iphistory/?domain=newdaynewsonline.com
- 74.91.154.56 United States INTERNAP-BLOCK-4 2012-11-12 unknown range. Tested viewdns.info range: 74.91.154.46 74.91.154.66
  - 74.91.154.61: benefitsla.com 2013-04-21. Legit.
- 76.163.54.16 United States WINDSTREAM 2011-09-08 unknown range. Tested.

sportsnewsfinder.com:

dnshistory.org/historical-dns-records/a/sportsnewsfinder.com 2009-08-11 -> 2011-02-24 66.113.196.128. Tested viewdns.info range: 66.113.196.118 66.113.196.138. viewdns.info/reverseip/?t=1&host=66.113.196.128 empty.
viewdns.info/iphistory/?domain=sportsnewsfinder.com
- 50.63.202.58 United States AS-26496-GO-DADDY-COM-LLC 2013-03-23 some similar hits on other sites, possibly all flukes
- 207.150.219.159 United States AFFINITY-INTER 2013-03-02
- 66.113.196.128 United States NETNATION 2012-01-11. Tested.

newsworldsite.com:

viewdns.info/iphistory/?domain=newsworldsite.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2013-05-20 big virtual
- 204.93.159.80 Chicago - United States SERVERCENTRAL 2013-04-21. Tested viewdns.info range: 204.93.159.70 204.93.159.90. viewdns.info/reverseip/?t=1&host=204.93.159.80 medium virtual.
  - 204.93.159.84: team-merk.com 2011-08-11. No archives.

todaysnewsreports.net:

viewdns.info/iphistory/?domain=todaysnewsreports.net
- 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-07-01
- 205.178.189.129 United States NETWORK-SOLUTIONS-HOSTING 2013-05-20 likely virtual
- 173.255.131.72 Reno - United States UK-2 Limited 2012-08-27. Tested viewdns.info range: 173.255.131.62 173.255.131.82. Virtual and modern hits only.
- 67.213.211.232 United States UK-2 Limited 2011-09-07 unknown. Tested viewdns.info range: 67.213.211.222 67.213.211.242. viewdns.info/reverseip/?t=1&host=67.213.211.232 empty.
  - 67.213.211.236: icf-finan.com 2015-01-20
  - 67.213.211.237: playinside.me 2016-02-04. Nice domain hack, but no.
  - 67.213.211.239: reality-sexxx.com 2011-09-08

hassannews.net:

viewdns.info/iphistory/?domain=hassannews.net
- 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-07-08
- 205.178.189.131 United States NETWORK-SOLUTIONS-HOSTING 2013-07-01. Likely virtual.

todayoutdoors.com:

dnshistory.org/historical-dns-records/a/todayoutdoors.com
- 2009-08-11 -> 2010-07-07 174.133.44.90. Tested viewdns.info range: 174.133.44.80 174.133.44.100. Virtual and modern. viewdns.info/reverseip/?t=1&host=174.133.44.90 two modern domains.
- 2011-03-01 -> 2011-03-01 174.123.172.82 unknown. Tested viewdns.info range: 174.123.172.72 174.123.172.92. Virtuals.
viewdns.info/iphistory/?domain=todayoutdoors.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-02 virtual
- 174.123.172.82 United States SOFTLAYER 2011-04-04. Tested.

globaltourist.net:

dnshistory.org/historical-dns-records/a/ 2009-07-30 -> 2011-01-01 69.59.20.215 unknown. Tested viewdns.info range: 69.59.20.205 69.59.20.225. Virtuals.
viewdns.info/iphistory/?domain=globaltourist.net
- 216.172.170.14 United States NETWORK-SOLUTIONS-HOSTING 2013-07-08
- 216.21.239.197 United States NETWORK-SOLUTIONS-HOSTING 2012-06-25
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-04-09 big virtual
- 174.136.34.154 United States IHNET 2012-03-12 unknown. Tested viewdns.info range: 174.136.34.144 174.136.34.164
- 74.119.145.101 Frankfurt am Main - Germany PERFORMIVE 2011-09-07. Tested viewdns.info range: 74.119.145.91 74.119.145.111. One virtual.
- 69.59.20.215 United States ATLRETAIL 2011-06-22. Tested viewdns.info/reverseip/?t=1&host=69.59.20.215
  - web.archive.org/web/20080521063605/http://piasawine.com/ index of

terrain-news.com:

JAR
viewdns.info/iphistory/?domain=terrain-news.com None in simple ranges.
- 204.11.56.25 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-11-08. Virtuals.
- 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Virtual 167. viewdns.info/reverseip/?host=208.91.197.19&t=1 not very promising.
  - eurotravelnyc.com legit web.archive.org/web/20110201195411/http://eurotravelnyc.com/
- 208.187.167.20 United States DATANOC 2012-01-11. Tested viewdns.info range: 208.187.167.10 208.187.167.30. Newer domains. viewdns.info/reverseip/?t=1&host=208.187.167.20 only has one conck.ooo. WTF.
securitytrails.com/domain/terrain-news.com/history/a same:
- 208.91.197.19 Confluence Networks Inc 2012-05-12 (13 years) 2012-05-31 (13 years) 19 days
- 208.187.167.20 Lanset America Corporation 2008-11-12 (16 years) 2009-12-09 (15 years) 1 year

intlnewsdaily.com

dnshistory.org/historical-dns-records/a/intlnewsdaily.com 2010-02-21 -> 2010-08-06 75.126.136.179. unknown range. viewdns.info/reverseip/?t=1&host=75.126.136.179 empty checked 75.126.136.171 - 75.126.136.179
viewdns.info/iphistory/?domain=intlnewsdaily.com
- 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Virtual. Tested.
- 63.247.95.50 Austell - United States NTHL 2012-06-29 unknown. Tested viewdns.info range: 63.247.95.40 63.247.95.60
  - 63.247.95.50: 2b-sports.com 2013-04-21
  - 63.247.95.50: caldentalinsurance.com 2014-07-05
  - 63.247.95.50: cameronbal-photography.com 2012-06-29
  - 63.247.95.50: congbetham.com 2014-07-05
  - 63.247.95.50: essentialintelligenceagency.com 2023-03-07
  - 63.247.95.50: isabellavalentina.com 2014-07-05
  - 63.247.95.50: jhraccounting.com.au 2021-05-03
  - 63.247.95.50: missouribreaks294.com 2012-06-29
  - 63.247.95.50: startorganize.com 2011-08-11
  - 63.247.95.50: tifocus.net 2011-08-11
  - 63.247.95.50: tifocus.org 2011-08-10
  - 63.247.95.50: whitepartyorlando.com 2012-01-11
- 204.11.56.25 (ipinf.ru) viewdns.info/reverseip/?t=1&host=204.11.56.25 Virtual 2,999
securitytrails.com/domain/intlnewsdaily.com/history/a empty on dates

opensourcenewstoday.com:

viewdns.info/iphistory/?domain=opensourcenewstoday.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-11-13 virtual
- 64.16.193.48 Riyadh - Saudi Arabia Saudi Telecom Company JSC 2011-09-08. Tested viewdns.info range: 64.16.193.38 64.16.193.55. Ran out. viewdns.info/reverseip/?t=1&host=64.16.193.48 virtual 55, lots of porn
securitytrails.com/domain/opensourcenewstoday.com/history/a
- 64.16.193.48 Saudi Telecom Company JSC 2010-05-04 (15 years) 2010-05-20 (15 years) 16 days

techwatchtoday.com:

viewdns.info/iphistory/?domain=techwatchtoday.com
- 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-11-29 virtual
- 66.11.225.226 United States TNWEB-LEW-001 2012-01-11 unknown. Checked 66.11.225.220 - 66.11.225.233
dnshistory.org/historical-dns-records/a/techwatchtoday.com 2009-08-11 -> 2011-02-26 66.11.225.226 big shared host
securitytrails.com/domain/techwatchtoday.com/history/a same
- 66.11.225.226 TNWEB LLC 2008-11-04 (16 years) 2009-04-10 (16 years) 5 months

 Read the full article

CIA 2010 covert communication websites / iraniangoalkicks.com  Updated 2025-04-24  +Created 1970-01-01

 View more

whoisxmlapi WHOIS history March 23, 2011:

Created Date: April 9, 2007 00:00:00 UTC
Updated Date: March 2, 2011 00:00:00 UTC
Expires Date: April 9, 2011 00:00:00 UTC
Registrant Name: domainsbyproxy.com
Name servers: dns1.registrar-servers.com|dns2.registrar-servers.com

whoisrequest.com/history/ mentions:
1 May, 2007: Domain created*, nameservers added. Nameservers:

ns1.qwknetllc.com
ns2.qwknetllc.com

 Read the full article

CIA 2010 covert communication websites / JavaScript reverse engineering  Updated 2025-04-24  +Created 1970-01-01

 Read the full article

Classification of 3-transitive groups  Updated 2025-04-24  +Created 1970-01-01

 View more

Might be a bit complex: math.stackexchange.com/questions/698327/classification-of-triply-transitive-finite-groups

 Read the full article

Coinbase message  Updated 2025-04-24  +Created 1970-01-01

 View more

The input script of the Coinbase transaction can be anything, and this can be used as a Bitcoin inscription method.

Notable examples:

Genesis block message
Prayer side of the Prayer wars

 Read the full article

Classification of 4-transitive groups  Updated 2025-04-24  +Created 1970-01-01

 View more

en.wikipedia.org/w/index.php?title=Mathieu_group&oldid=1034060469#Multiply_transitive_groups is a nice characterization of 4 of the Mathieu groups.

 Read the full article

Collimated beam  Updated 2025-04-24  +Created 1970-01-01

 Read the full article

Cool data embedded in the Bitcoin blockchain / Images  Updated 2025-04-24  +Created 1970-01-01

 View more

Besides ASCII art, the huge majority of images is encoded with the AtomSea & EMBII system/format. All images in that system will be documented in that section.

 Read the full article

Cool data embedded in the Bitcoin blockchain / Politics  Updated 2025-04-24  +Created 1970-01-01

 Read the full article

Cool data embedded in the Bitcoin blockchain / Protests against larger block sizes  Updated 2025-04-24  +Created 1970-01-01

 View more

Protesters were posting large chunks of text multiple times into the blockchain as a way to protest against the controversial increase of block size.

tx 08893442680a20c4d0548dec2c8c421fa43336528b4e274dbf2652774f9c9f2d has the first copy of:

I like big blocks and I can not lie

which is the first line of a parody on:

I like big butts and I cannot lie

from the Baby Got Back hip-hop song.

tx 52159222289cd0a5afe0644150d0e23d5d272a57365627d5e869fdb458289858 has the first copy of:

Time to roll out bigger blocks

which is likely a copy of an email from the bitcoin development mailing list. This message is repeated dozens of times in other transactions.

 Read the full article

Cool data embedded in the Bitcoin blockchain / Rickrolling  Updated 2025-04-24  +Created 1970-01-01

 View more

Rickrolling lyrics were mined several times into the blockchain.

The first currently known instance is as a link right during the prayer wars on block 142573 (2011-08-25) as the miner message:

Militant atheists, bit.ly/naNhG2 -- happy now?"

which redirects to www.youtube.com/watch?v=mGDuExhS6Nw&blockchain

Around block block 246k (e.g. 27b7c526489dac8245747fa1c425a2e3eb07dea57b294eb4ae583fec9b859fcf, 2013-10-17) we note several transactions starting with a XML format <CG SZ="1156"><MG>... the first one being 0b4efe49ea1454020c4d51a163a93f726a20cd75ad50bb9ed0f4623c141a8008 As mentioned not very clearly at www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html#ref12 the content of the first <MG><payload></MG> is a Base64 encoded string

Catagory: Poetry
Title: Never Gonna Give You Up
Performer: Rick Astley
Writer: Mike Stock, Matt Aitken, Pete Waterman
Label: RCA Records

followed by lyrics also base64 encoded as part of the XML metadata. Hidden surprises in the Bitcoin blockchain by Ken Shirriff (2014) was not able to identify the exact format either. At twitter.com/EMBII4U/status/1655831533750562816 EMBII mentions that this was part of an upload test.

tx d29c9c0e8e4d2a9790922af73f0b8d51f0bd4bb19940d9cf910ead8fbe85bc9b (2013-11-13) contains a plaintext Rickroll lyric in an output script via OP_RETURN.

tx 15b11e8d4e5b9425f024b381ba0cb7a54a35e52389bb4855f505772ce685b39c (2014-06-24): starting from this transaction, the lyrics were inscribed several times via input scripts. Then again:

8bb9db70e24202fdfd0e48b57a11a407e6c8c0e76d879634b801b4345b8810b2
b881afa519804a3c93a3c99481517ca8ae070b84c04e8e7a2bfb808e043f9771
70c8405bd0ec10bea49b78a819dfbf46c1082e7e620588f9da65a90b71e52bbd
fc4e382793757858bec4b87527caa4bf2e6f71bb2f5a77bb41a45ddb9ed9d409
f011e71b711aa54a0c824244fff83fb8b1e1921804624fa0523a6e61612b7f6f
a8691cdbca5b82e4e48812e48b7a09e4757801fd3909a09975de957d1bfb52dc
d8946aa464be464674bba6d15729d75572ec75dda49fe7ff0ede1a25ca054941
d02864cd57c9d041dbd9d6f24327f347b92697a8bc3c86cdf8b738063c6ad002
9b78962d840f1ff681e5042264e4d0359cda98ce49d97569df14ce956622b966
7bdc22fb35f0a8eb6241782a306a8904fb6f793126ff106a04a96f9f223cb8e1
e24a4085c54a6362e615f8eab758c12d80e488b73757e6d2b8ab6bfc8be7007e
4257f4980955d8376ee1c6bccb4396da726e4ae13d758e47dc4e0775019723f5
a09b49e9374d43386a6a986944e3dcf515c7e1c38324836df5333b8adbe57797
03096688dbb874f7c571691e4241a298284bf4184be339b148f1b48f383a1d7c
62f8b228b6126354736d36d9f3b91882bb81eca7702b74fba6471abc7db96a03 (2015-09-30)

They were mega obnoxious!!! Who does this kind of crap for more than one year!!!

 Read the full article

 There are unlisted articles, also show them or only show them.