iranfootballsource.com by Ciro Santilli 35 Updated +Created
Hits without nearby IP hits by Ciro Santilli 35 Updated +Created
Here we list domains for which the correct IP was apparently not found since there are no neighbouring hits.
These are suspicious, and suggest either that we didn't obtain the correct reverse IP, or a change in CIA methodology from an older time at which they were not yet using the obscene IP ranges.
For example, in the case of inews-today.com, 2013 DNS Census gave one IP 193.203.49.212, but then viewdns.info gave another one 66.175.106.146 which fit into an existing IP range, and which assumed to be the correct IP of interest.
A similar case happened when we found IP 212.209.74.126 for headlines2day.com with dnshistory.org: dnshistory.org/historical-dns-records/a/headlines2day.com.
It is interesting to note that Reuters seems to have featured disproportionately many hits from that range, one wonders why that happened. It is possible that they chose these because they actually didn't have any nearby hits to give away less obvious information, though they did pick some from the ranges as wel.
In what follows we list the domains with possible reverse IPs and what was explored so far for each. We consider IPs not in a range to be uncertain, and that instead their domains might have been previously in a range which we
dailynewsandsports.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches
  • 216.119.129.94. rdns source: viewdns.info "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2012-04-13". Tested viewdns.info range: 216.119.129.85 - 216.119.129.86, 216.119.129.89 - 216.119.129.99, ran out of queries for 87 and 88
    • 216.119.129.90: eastdairies.com 2011-04-04. Promising name and date, but no archives alas.
    • 216.119.129.97: miideaco.com 2016-02-01
  • 216.119.129.114 Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches, also present on viewdns.info but at a later date from previous "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2013-11-29". Tested viewdns.info range: 216.119.129.109 - 216.119.129.119
    • 216.119.129.110: dommoejmechty.com.ua. Legit.
    • 216.119.129.111: dailybeatz.com: Legit
    • 216.119.129.113:
      • audreygeneve.com
      • reyzheng.com
      • jacintorey.com
    • 216.119.129.114: dailynewsandsports.com. hit.
    • 216.119.129.115: afxchange.com legit/broken
    • 216.119.129.116: danafunkfinancial.com: legit
  • 208.73.33.194 on securitytrails.com
iranfootballsource.com:
  • 34.98.99.30 Kansas City - United States Google LLC 2021-05-24
  • 184.168.221.94 United States GoDaddy.com 2020-07-21
  • 50.63.202.66 United States GoDaddy.com 2020-07-07
  • 50.63.202.86 United States GoDaddy.com 2020-05-28
  • 184.168.221.94 United States GoDaddy.com 2020-05-13
  • 50.63.202.74 United States GoDaddy.com 2020-04-29
  • 50.18.223.191 San Jose - United States Amazon.com 2015-03-23. Sources: 2013 DNS Census and viewdns.info
    • no viewdns.info hits +- 10
  • 85.13.200.108 United Kingdom Coreix Dedicated Customer Allocation 2013-06-30. Source: viewdns.info
    • 85.13.200.108: 1000 hits, so unlikely to be the one
iraniangoalkicks.com:
iraniangoals.com:
football-enthusiast.com:
  • 212.4.18.14: Tested viewdns.info range: 212.4.18.1 - 212.4.18.29. This is a curious case, rather close to 212.4.18.129 sightseeingnews.com, but not quite in the same range apparently. Viewdns.info also agrees on its history with only "212.4.18.14", "location" : "Milan - Italy", "owner" : "MCI Worldcom Italy Spa", "lastseen" : "2013-06-30" of interest.
rastadirect.net:
todaysengineering.com:
  • 208.254.38.39. rdns source: both viewdns.info and 2013 DNS Census. Tested viewdns.info range: 208.254.38.34 - 208.254.38.44. Weirdly empty, doesn't even show the domain iteslf!
  • 68.178.232.100: source: securitytrails.com. 2009-11-24 - 2009-12-11, GoDaddy.com, LLC
worldofonlinenews.com:
mywebofnews.com:
cyhiraeth-intlnews.com:
news-latina.com:
europeannewsflash.com:
outlooknewscast.com:
  • dnshistory.org/historical-dns-records/a/outlooknewscast.com
    • 2009-08-08 -> 2011-02-11 74.53.159.130. Tested viewdns.info range: 74.53.159.120 - 74.53.159.140
      • 74.53.159.130: aeromedhistory.org 2014-11-29
      • 74.53.159.130: mariposahorticultural.com 2022-11-28
      • 74.53.159.130: thewritestuffresume.com 2011-04-04. Legit.
  • viewdns.info/iphistory/?domain=outlooknewscast.com
    • 204.93.178.121 Chicago - United States SERVERCENTRAL 2011-09-08. Tested viewdns.info range: 204.93.178.111 - 204.93.178.131. Skimmed through, nothing of great interest.
    • 74.53.159.130 United States SOFTLAYER 2011-04-04. Tested.
24hoursprimenews.com:
farsi-newsandweather.com:
global-view-news.com:
health-men-today.com:
  • dnshistory.org/historical-dns-records/a/health-men-today.com
    • 2009-11-30 -> 2010-05-27 67.220.228.224. New range with global-view-news.com? Tested viewdns.info range: 67.220.228.214 67.220.228.234
      • 67.220.228.223: stagedwithdistinction.com 2011-10-09. One archive of godaddy only.
    • 2009-08-01 -> 2009-09-19 69.42.58.50. Tested viewdns.info range: 69.42.58.40 - 69.42.58.60. Virtuals, canada.
    • 2011-01-07 -> 2011-01-07 69.90.162.165. Tested viewdns.info range: 69.90.162.155 - 69.90.162.175. Virtuals.
  • viewdns.info/iphistory/?domain=health-men-today.com
    • 204.11.56.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2014-04-19. Virtuals.
    • 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Unknown range.
    • 69.90.162.165 Canada COGECO-PEER1 2012-06-29. Tested.
firstnewssource.com:
theworldnewsfeeds.com:
pars-technews.com:
newdaynewsonline.com:
sportsnewsfinder.com:
newsworldsite.com:
  • viewdns.info/iphistory/?domain=newsworldsite.com
    • 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2013-05-20 big virtual
    • 204.93.159.80 Chicago - United States SERVERCENTRAL 2013-04-21. Tested viewdns.info range: 204.93.159.70 204.93.159.90
      • 204.93.159.84: team-merk.com 2011-08-11. No archives.
todaysnewsreports.net:
  • viewdns.info/iphistory/?domain=todaysnewsreports.net
    • 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-07-01
    • 205.178.189.129 United States NETWORK-SOLUTIONS-HOSTING 2013-05-20 likely virtual
    • 173.255.131.72 Reno - United States UK-2 Limited 2012-08-27. Tested viewdns.info range: 173.255.131.62 173.255.131.82. Virtual and modern hits only.
    • 67.213.211.232 United States UK-2 Limited 2011-09-07 unknown. Tested viewdns.info range: 67.213.211.222 67.213.211.242
      • 67.213.211.236: icf-finan.com 2015-01-20
      • 67.213.211.237: playinside.me 2016-02-04. Nice domain hack, but no.
      • 67.213.211.239: reality-sexxx.com 2011-09-08
hassannews.net:
weblognewsinfo.com:
newsincirculation.com
  • dnshistory.org/historical-dns-records/a/newsincirculation.com
    • 2010-03-10 -> 2010-08-15 64.120.20.234 virtual with weblognewsinfo.com
    • 2013-11-26 -> 2013-11-26 70.32.43.226
  • viewdns.info/iphistory/?domain=newsincirculation.com
    • 70.32.43.226 Lombard - United States LEASEWEB-USA-CHI 2014-01-31
    • 50.63.202.77 United States AS-26496-GO-DADDY-COM-LLC 2013-10-19. virutal?
    • 70.32.43.226 Lombard - United States LEASEWEB-USA-CHI 2013-09-26 virtual?
    • 69.147.228.5 Chicago - United States LEASEWEB-USA-CHI 2012-11-12 unknown. Tested viewdns.info range: 69.147.228.1 69.147.228.15. Nope.
    • 173.208.81.2 Lombard - United States LEASEWEB-USA-CHI 2011-04-04 virtual
todayoutdoors.com:
esmundonoticias.com:
globaltourist.net:
  • dnshistory.org/historical-dns-records/a/ 2009-07-30 -> 2011-01-01 69.59.20.215 unknown. Tested viewdns.info range: 69.59.20.205 69.59.20.225. Virtuals.
  • viewdns.info/iphistory/?domain=globaltourist.net
    • 216.172.170.14 United States NETWORK-SOLUTIONS-HOSTING 2013-07-08
    • 216.21.239.197 United States NETWORK-SOLUTIONS-HOSTING 2012-06-25
    • 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-04-09 big virtual
    • 174.136.34.154 United States IHNET 2012-03-12 unknown. Tested viewdns.info range: 174.136.34.144 174.136.34.164
    • 74.119.145.101 Frankfurt am Main - Germany PERFORMIVE 2011-09-07. Tested viewdns.info range: 74.119.145.91 74.119.145.111. One virtual.
    • 69.59.20.215 United States ATLRETAIL 2011-06-22. Tested
all-sport-headlines.com:
  • viewdns.info/iphistory/?domain=all-sport-headlines.com
    • 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-11-12 virtual
    • 216.104.38.114 United States SINGLEHOP-LLC 2012-09-21. Tested viewdns.info range: 216.104.38.104 216.104.38.124
      • 216.104.38.110: afterawhilecrocodile.info 2011-07-26. Legit.
technologytodayandtomorrow.com:
  • viewdns.info/iphistory/?domain=technologytodayandtomorrow.com
    • 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-11-13 virtual
    • 72.34.53.174 United States IHNET 2011-09-08. Tested viewdns.info range: 72.34.53.164 72.34.53.184
      • 72.34.53.166: bjellaagency.com 2023-03-07
      • 72.34.53.174: businesscardprinternyc.info 2012-04-18
      • 72.34.53.174: dermozamsoe106.com 2011-07-02
      • 72.34.53.174: electronictechreviews.com 2011-09-08. Hit.
      • 72.34.53.174: glialcells2009paris.com 2012-11-12
      • 72.34.53.174: hysfreedom.net 2013-07-08. Legit.
      • 72.34.53.174: integrativetherapiesec.com 2013-06-30
      • 72.34.53.174: intloil.org 2012-04-27. Possible hit, a bit off style, but possibly because too broken. Copyright 2005. Present at pastebin.com/CTXnhjeSp.
      • 72.34.53.174: islamicnewsonline.com 2013-03-23. No archives in date range.
      • 72.34.53.174: larumbaknox.com 2012-01-11. Parked domain girl
      • 72.34.53.174: myonlinegamesource.com 2012-01-11
      • 72.34.53.174: mytravelopian.com 2011-04-04. Feels legit, but there's some chance.
      • 72.34.53.174: recursosdenoticias.com 2012-06-29. Hit.
      • 72.34.53.174: todaysnewsandweather-ru.com 2012-01-11. Hit.
      • 72.34.53.181: theebizguy.com 2022-12-26
      • 72.34.53.183: nofatchics.com 2012-01-11
terrain-news.com:
intlnewsdaily.com
  • dnshistory.org/historical-dns-records/a/intlnewsdaily.com 2010-02-21 -> 2010-08-06 75.126.136.179. unknown range.
  • viewdns.info/iphistory/?domain=intlnewsdaily.com
    • 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Virtual. Tested.
    • 63.247.95.50 Austell - United States NTHL 2012-06-29 unknown. Tested viewdns.info range: 63.247.95.40 63.247.95.60
      • 63.247.95.50: 2b-sports.com 2013-04-21
      • 63.247.95.50: caldentalinsurance.com 2014-07-05
      • 63.247.95.50: cameronbal-photography.com 2012-06-29
      • 63.247.95.50: congbetham.com 2014-07-05
      • 63.247.95.50: essentialintelligenceagency.com 2023-03-07
      • 63.247.95.50: isabellavalentina.com 2014-07-05
      • 63.247.95.50: jhraccounting.com.au 2021-05-03
      • 63.247.95.50: missouribreaks294.com 2012-06-29
      • 63.247.95.50: startorganize.com 2011-08-11
      • 63.247.95.50: tifocus.net 2011-08-11
      • 63.247.95.50: tifocus.org 2011-08-10
      • 63.247.95.50: whitepartyorlando.com 2012-01-11
    • 204.11.56.25 (ipinf.ru)
opensourcenewstoday.com:
techwatchtoday.com:
Hits with nearby IP hits by Ciro Santilli 35 Updated +Created
alljohnny.com: one of the Reuters websites.
62.22.60.49: telecom-headlines.com. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just before worldnewsnetworking.com. Tested viewdns.info range: 62.22.60.34 - 62.22.60.66
  • 62.22.60.33: newsperk.com. Unclear. Stylistically perfect, but no comms not found. 2011. English. Egypt. news.
  • 62.22.60.34: freeslideshow.net. Legit? Attempting to open any HTML archives leads to an infinite page load loop, e.g. 2010. A subpage however exists: web.archive.org/web/20101230001640/http://freeslideshow.net/index_files/a.htm and appears legit.
  • 62.22.60.40: travel-passage.com. Unclear. No archives of toplevel, only subpage: 2009. No clear comms. Chinese.
  • 62.22.60.42: newsupdatesite.com. Hit.
  • 62.22.60.46: flyingtimeline.com. Hit.
  • 62.22.60.47: globalemergenceadvisorsbkserver.com. Legit.
  • 62.22.60.48: currentcommunique.com. Hit.
  • 62.22.60.49: telecom-headlines.com. Hit.
  • 62.22.60.52: collectedmedias.com. Hit.
  • 62.22.60.54: romulusactualites.com. No archives.
  • 62.22.60.55: thefilmcentre.com. Hit.
  • 62.22.60.56: traveltimenews.com. Hit.
62.22.61.206 worldnewsnetworking.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 62.22.61.188 - 62.22.61.224
63.131.229.12 cyberreportagenews.com. Tested viewdns.info range: 63.131.228.248 - 63.131.229.30
  • 63.131.229.2: fightskillsresource.com. Hit
  • 63.131.229.4: unitedterritorynews.com. Hit
  • 63.131.229.9: show-dustry.com. Hit
  • 63.131.229.10: afghanpoetry.net. Hit. Also at 74.254.12.166 in another range.
  • 63.131.229.11: mythriftytrip.com. Hit
  • 63.131.229.12: cyberreportagenews.com. Hit.
  • 63.131.229.13: sunrise-news.com. Hit.
  • 63.131.229.15: cricketnewsforindia.com. Archive quite broken, likely hit.
  • 63.131.229.16:
    • nutricion-saludable.info. No archives.
    • nutricion-saludable.net. Hit.
  • 63.131.229.18: itnl-xchange.com. Hit.
  • 63.131.229.20:
    • fixashion.net. Hit.
    • a few others
63.130.160.50 theglobalheadlines.com. Found with: 2013 DNS census secureserver.net MX records intersection 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 63.130.160.35 - 63.130.160.75
  • 63.130.160.50: theglobalheadlines.com. Hit.
  • 63.130.160.51:
    • hai-pow.com. Hit.
    • secudenetworksecurity.com. No archives.
  • 63.130.160.53: echessnews.com. Hit.
  • 63.130.160.59: technologiewissen.com. No archives from the time. Would be Technology knowledge in German, so another likely German hit. Shame.
  • 63.130.160.60: boxingstop.net. Hit.
  • 63.130.160.61: bookmarksthis.com. No archives.
  • 63.130.160.62: azerinews.org. Hit.
64.16.204.55 holein1news.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 64.16.204.50 - 64.16.204.63. With did Wayback Machine have so few archives here? TODO stopping viewdns.info exploration a bit short due to that.
  • 64.16.204.35: ironcityfootball.com. Legit/broke.
  • 64.16.204.51: africannewsandsports.com. No archives. rdns source: viewdns.info
  • 64.16.204.53: bosniakbusinessnews.com. No archives. A Bosniak is someone from an ethnicity from Bosnia.
  • 64.16.204.54: affairesdumonde.com. No archives. rdns source: viewdns.info
  • 64.16.204.55: holein1news.com. Hit.
  • 64.16.204.56: fightorgohome.com. No archives. rdns source: viewdns.info
  • 64.16.204.58: tech-topix.com. Hit.
  • 64.16.204.60: pakpoldaily.com. No archives. rdns source: viewdns.info. TODO meaning? Might be Indonesian, maybe linked to police: www.facebook.com/watch/?v=880204266271955
65.61.127.163 capture-nature.com. whois.arin.net/rest/net/NET-65-61-96-0-1/pft?s=65.61.127.163: Net Range: 65.61.96.0 - 65.61.127.255. Organization. Name: TierPoint, LLC. Tested viewdns.info range: 65.61.127.149 -
66.45.179.205 noticiasporjanua.com. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 66.45.179.187 - 66.45.179.223
  • 66.45.179.187: mail03.gatesfoundation.org. Legit.
  • 66.45.179.192: thegraceofislam.com. Hit.
  • 66.45.179.193: arabicnewsunfiltered.com. Hit.
  • 66.45.179.194: raulsonsglobalnews.com. Hit.
  • 66.45.179.195: aryannews.net. Hit.
  • 66.45.179.199: attivitaestremi.com. Hit.
  • 66.45.179.200: foodwineandsuch.com. No archives.
  • 66.45.179.201: hitthepavementnow.com. Hit.
  • 66.45.179.203: noticiascontinental.com. Hit.
  • 66.45.179.205: noticiasporjanua.com. Hit.
  • 66.45.179.206: podisticamondiale.com. Hit.
  • 66.45.179.207: reflectordenoticias.com. Hit.
  • 66.45.179.208: havenofgamerz.com. Hit.
  • 66.45.179.209: vejaaeuropa.com. web.archive.org/web/20130810131440/http://www.vejaaeuropa.com/: Welcome to the US Petabox. Shame, could be another Brazil hit since "veja" (look in Brazilian Portuguese) would be "mira" in Spanish, not "veja".
  • 66.45.179.210: sa-michigan.com. Hit.
  • 66.45.179.211: absolutebearing.net. Hit.
  • 66.45.179.212: grandretirement.net. No archives.
  • 66.45.179.213: myportaltonews.com. Hit.
  • 66.45.179.214: investmentintellect.com. Hit.
  • 66.45.179.215: nigeriastar.net 2012-03-12. Hit.
66.104.169.184 bcenews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.169.158 - 66.104.169.189
  • 66.104.169.162: bestsportsnews.net. Archive broken.
  • 66.104.169.163: doctorsoncallsite.com. Hit.
  • 66.104.169.164: lightandshadowonline.com. Hit.
  • 66.104.169.168: plugged-into-news.net. Hit.
  • 66.104.169.169: worldsportsite.com. Likely hit, but comms not found. 2011. Arabic. . sports. has some apparently unrelated archives from 2008.
  • 66.104.169.171: golf-on-holiday.com. Hit.
  • 66.104.169.172: perspectiva-noticias.com. Hit.
  • 66.104.169.175: aquaswimming.com. Hit.
  • 66.104.169.177: dojo-temple.com. Hit.
  • 66.104.169.179: neighbour-news.com. Hit.
  • 66.104.169.180: medicatechinfo.com. Hit.
    • 205.178.189.131: securitytrails.com 2009-06-25 - 2009-07-02 Network Solutions, LLC., "ip_count": 726755. Moved to new one 2009-07-02 - 2010-11-03
  • 66.104.169.181: brickmanfinancialnews.com. Hit.
  • 66.104.169.182: casanewsnow.com. Hit.
  • 66.104.169.183: aworldofnews.com. No archives.
  • 66.104.169.184: bcenews.com. Hit.
  • 66.104.169.197: teamshula.com. Legit.
66.104.173.186 myworldlymusic.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.173.158 - 66.104.173.194
  • 66.104.173.161: fanatic-pc-gamers.com. 2013: Welcome to the US Petabox
  • 66.104.173.163: runakonews.com. Hit.
  • 66.104.173.164: shoppingadventure.net. Hit.
  • 66.104.173.165: entertaining-ly.com. Hit.
  • 66.104.173.166: zubeenews.com. Hit.
  • 66.104.173.169: smart-financeology.com. Hit.
  • 66.104.173.173: remarkably has two potential hits, both shown in viewdns.info, and one of them was also in the 2013 DNS Census.
    • worldfeedstoday.com. No main page archives. Subpage archive: 2011. English. news.
    • world-newsfeeds.com. No archives.
  • 66.104.173.175: media-coverage-now.com. Hit.
  • 66.104.173.176: jbc-online-news.com. Hit.
  • 66.104.173.177: webscooper.com. Hit.
  • 66.104.173.178: dk-dcinvestment.com. Hit.
  • 66.104.173.179: newsforthetech.com. Welcome to the US Petabox.
  • 66.104.173.180: stara-turistick.com. Hit.
  • 66.104.173.181: playbackpolitics.com. Hit.
  • 66.104.173.182: snapnewsfront.net. Hit.
  • 66.104.173.183: ingenuitytrendz.com. Hit.
  • 66.104.173.184: armashoy.com. Hit.
  • 66.104.173.185: baocontact.com. Hit.
  • 66.104.173.186: myworldlymusic.com. Hit.
  • 66.104.173.189: hitpoint-gaming.com. Hit.
66.104.175.40 beyondnetworknews.com. whois.arin.net/rest/net/NET-66-104-0-0-1/pft?s=66.104.175.40. Net Range:66.104.0.0 - 66.107.255.255. 2012 Internet Census puts most/all hits in this range under ip66-104-175-34.z175-104-66.customer.algx.net, algx.net redirects to verizon.com as of 2023. Related: superuser.com/questions/956568/why-are-my-pings-going-to-customer-algx-net. Tested viewdns.info range: 66.104.175.24 - unknown
  • 66.104.175.34: itwebtoday.com. Hit.
  • 66.104.175.35: drglobalnews.com. Hit.
  • 66.104.175.36: adilnews.net. Hit.
  • 66.104.175.37: technewstogo.com. web.archive.org/web/20110201205946/http://technewstogo.com/ "UNDER CONSTRUCTION"
  • 66.104.175.40: beyondnetworknews.com. Hit.
  • 66.104.175.41: grubbersworldrugbynews.com. Hit.
  • 66.104.175.44: yourtripfinder.net. Hit.
  • 66.104.175.45: rollinsnetwork.com. Hit.
  • 66.104.175.46: infosharenews.com. Hit.
  • 66.104.175.47: southasiaheadlines.com. Hit.
  • 66.104.175.48: worlddispatch.net. Hit.
  • 66.104.175.49: webworldsports.com. Hit.
  • 66.104.175.50: fly-bybirdies.com. Hit.
  • 66.104.175.51: businessexchangetoday.com. Hit.
  • 66.104.175.52: mensajeradenoticias.com. Hit.
  • 66.104.175.53: info-ology.net. Hit.
  • 66.104.175.54: marketflows.net. Hit.
  • 66.104.175.57: metanewsdaily.com. Hit.
  • 66.104.175.218: remote.taxconsultantsgroup.com. No archives.
66.175.106.148 activegaminginfo.com. whois.arin.net/rest/net/NET-66-175-106-128-1/pft?s=66.175.106.148: Net Range: 66.175.106.128 - 66.175.106.159. Customer Name: DIAMOND-COLESON. Tested viewdns.info range: 66.175.106.131 - 66.175.106.178
  • 66.175.106.10: nationalchecktrust.com. Legit?
  • 66.175.106.134: paddlescoop.com. Hit.
  • 66.175.106.137: kessingerssportsnews.com. Hit.
  • 66.175.106.138: factorforcenews.com. Hit.
  • 66.175.106.140: aroundthemiddleeast.com. No Wayback Machine hits. Last resolved: 2012-06-29.
  • 66.175.106.142: kanata-news.com. Hit.
  • 66.175.106.143: thecricketfan.com. Hit.
  • 66.175.106.146: inews-today.com. Initially found with 2013 DNS Census virtual host cleanup heuristic keyword searches which gave IP address 193.203.49.212. But that has no nearby hits. 66.175.106.146 was later found on viewdns.info, and slotted into this other existing IP range.
    • 193.203.49.211 datingso.com: legit? Russian dating website
    • 193.203.49.212 inews-today.com. Hit.
    • 193.203.49.223 zatysi.net: legit
    • 193.203.49.226 kinotopik.com: legit? Russian
    • 193.203.49.229 rotor-volgograd.com. Legit.
    • 193.203.49.233 ordercytotec.com. Broken.
  • 66.175.106.147: starwarsweb.net. Hit.
  • 66.175.106.149: feedsdemexicoyelmundo.com. Hit.
  • 66.175.106.150: noticiasmusica.net. Hit.
  • 66.175.106.155: atomworldnews.com. Hit.
  • 66.175.106.158: nouvellesetdesrapports.com. Hit.
  • 66.175.106.166: exchange.katzbarron.com. Legit. Reverse IP source: 2012 Internet Census
  • 66.175.106.183: mail.lfdatacenter.com. No archives.
66.237.236.247 comunidaddenoticias.com. Tested viewdns.info range: 66.237.236.222 - 66.237.236.254
  • 66.237.236.227: newsandmusicminute.com. Hit.
  • 66.237.236.229: pearls-playlist.com 2011-11-13. Hit.
  • 66.237.236.230: beyondthefringe.info 2013-01-02. Hit.
  • 66.237.236.231: primetimemovies.net 2011-06-22. Hit.
  • 66.237.236.235: persephneintl.com. Hit.
  • 66.237.236.236: directoalgrano.net 2012-01-23. Hit.
  • 66.237.236.240: actualizaciondebeisbol.com. Hit.
  • 66.237.236.243: mygadgettech.com. Hit.
  • 66.237.236.247: comunidaddenoticias.com. Hit.
  • 66.237.236.249: sumerjaseahora.com. Hit.
69.84.156.90 stickshiftnews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 69.84.156.64 - 69.84.156.95
  • 69.84.156.69: al-ashak-news-me.com. Hit.
  • 69.84.156.70: theventurenews.info. No archives. business.
  • 69.84.156.71: worldfinancetoday.net. Hit.
  • 69.84.156.72: autonewsarabia.com. Hit.
  • 69.84.156.74: blue-moon-news.com. Hit.
  • 69.84.156.75: theoutergreen.com. No archives. Might have been another golf hit.
  • 69.84.156.76: tnc-urdu.com. Hit.
  • 69.84.156.79: jassimnews.com. No archives/broken.
  • 69.84.156.80: noticiasdenuestromundo.com. No archives. Spanish. news.
  • 69.84.156.82: arabicnewsonline.com. Hit.
  • 69.84.156.83: unganadormundial.com. Hit.
  • 69.84.156.84: focusonbokeh.com. No archives/broken. Only a "Sony" logo remains: web.archive.org/web/20110207222330/http://focusonbokeh.com/images/logo_014.jpg
  • 69.84.156.85: classic-rocktopia.com. No archives. Presumably rock climbing.
  • 69.84.156.87: i7diver.com. No archives.
  • 69.84.156.88: diariodeelmundo.com. Hit.
  • 69.84.156.89: todaysarabnews.com. Hit.
  • 69.84.156.90: stickshiftnews.com. Hit.
  • 69.84.156.91: theinternationalgoal.com. Hit.
74.116.72.236 techtopnews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.116.72.215 - 74.116.72.254
  • 74.116.72.199: newsungraphics.com. Legit.
  • 74.116.72.209: newsung.com. Legit/broken.
  • 74.116.72.214: ofinancialinc.com. Legit.
  • 74.116.72.219: stockpromoters.com. Legit.
  • 74.116.72.227: dayenews.com. hit.
  • 74.116.72.229: guide-daventure.com. Hit.
  • 74.116.72.230: spaceage-exchange.com. No archives.
  • 74.116.72.231: bleachersfootballnews.com. Hit.
  • 74.116.72.232: indirectfreekick.com. Hit.
  • 74.116.72.233: wwiichronicles.net. Hit.
  • 74.116.72.234: petroleumagenews.com. Hit.
  • 74.116.72.235: the-open-book-online.com. Hit.
  • 74.116.72.236: techtopnews.com. Hit.
  • 74.116.72.237: noticiasdiariasdedeportes.com. No archives. Sad, another potential Brazil hit.
  • 74.116.72.238: pohandakhbar.com. No archives. TODO meaning. "akhbar" is news in Arabic. But what is "Poh"? Sounds like a South Asian name.
  • 74.116.72.239: crickettoday.info. Hit.
  • 74.116.72.240: zafernews.com. Hit.
  • 74.116.72.241: itechnewstoday.com. Broken/GoDaddy takeover
  • 74.116.72.242: gdgtsource.com. Hit.
  • 74.116.72.243: waronfilmonline.com. No archives.
  • 74.116.72.244: arborstribune.org. No archives.
  • 74.116.72.245: wineenthusiastonline.com. Welcome to the US Petabox.
  • 74.116.72.246: vuvuzelanews.com. Hit.
  • 74.116.72.247: ballbatstumpsandbails.com. Hit.
  • 74.116.72.248: kioni-sailing.com. No archives.
  • 74.116.72.249: round-trip-travel.com. Hit.
  • 74.116.72.250: arabicnewsource.com. Hit.
74.254.12.168 non-stop-news.net. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.254.12.158 - 74.254.12.195. This domain exceptionally also has a second IP also with multihits: 207.239.196.230. The fact that the range has rdns sources with hits from both 2013 DNS Census and viewdns.info suggests this range is correct.
  • 74.254.12.163: half-court.net. Hit.
  • 74.254.12.163: dailywellnessnews.com. Hit.
  • 74.254.12.165: dylandon.net. Hit. rdns source: viewdns.info.
  • 74.254.12.166: afghanpoetry.net. Hit.
  • 74.254.12.168: non-stop-news.net. Hit.
  • 74.254.12.169: soldiersofsouthasia.com. Hit.
  • 74.254.12.170: greek-news.info. 2013. Welcome to the US Petabox. rdns source: viewdns.info
  • 74.254.12.171: autism-news.org. Hit.
  • 74.254.12.172: thesportsguidebook.com. rdns source: 2013 DNS Census. Only has archive of one subpage: 2009. English. sports.
  • 74.254.12.174: reliefline.info. web.archive.org/web/20090416064302/http://www.reliefline.info:80/ Archive too broken.
  • 74.254.12.176: pakcricketgrd.com. Hit.
  • 74.254.12.177: networkofnews.com. Hit.
  • 74.254.12.179: wineconnaisseur.net. Hit.
  • 74.254.12.180: helpinghandssite.com. Hit.
  • 74.254.12.185: newskwest.com. No archives.
  • 74.254.12.187: efiinvestment.com. No archives.
  • 74.254.12.188: first-tee-golf.com. Hit.
  • 74.254.12.189: fabu-foto.com. Hit.
  • 74.254.12.190: viptravelabroad.com. Hit.
199.85.212.118 just-kidding-news.com
  • 199.85.212.118 rdns source: 2013 DNS Census virtual host cleanup heuristic keyword searches, dnshistory.org (2009-09-23 -> 2011-01-25) and viewdns.info: "location": "United States", "owner": "VIMRO, LLC", "lastseen": "2012-01-11". Tested viewdns.info range: 199.85.212.95 - 199.85.212.128. Not sure worth it given the many 2013 DNS Census misses surrounding.
    • 199.85.212.98: colorsxpress.com. Legit
    • 199.85.212.104:
      • jobindons.com 2013-10-19.
      • piogroup.org 2012-12-29.
    • 199.85.212.105: mide-news.com. Hit.
    • 199.85.212.109: game2be.com. Infinite load loop: web.archive.org/web/20080102074404/http://www.game2be.com/
    • 199.85.212.111:
      • newsandsportscentral.com. Hit.
      • and many many others, not bothering with it
    • 199.85.212.115: veryperi.com. Legit? 2011. Style is similar.
    • 199.85.212.116: approselect.com. Legit?
    • 199.85.212.117: innovative-software-solutions.com. broken/legit
    • 199.85.212.118: just-kidding-news.com. Hit.
    • 199.85.212.119: invisus.com. Legit
    • 199.85.212.120: allurebyjustine.com. Legit?
    • 199.85.212.121: stockprouniversity.com
    • 199.85.212.122: stjosephswoodshop.com Legit?
    • 199.85.212.125: time-spacer.net. Welcome to the US Petabox.
    • 199.85.212.132: qualitytrans.net. Legit?
    • 199.85.212.134: mywellnessminder.com. Legit?
    • 199.85.212.138: crystalglassinc.com
    • 199.85.212.140: davistech-llc.com
  • 68.178.232.100: see rastadirect.net. rdns source: viewdns.info: "location": "United States", "owner": "GoDaddy.com, LLC", "lastseen": "2012-06-29"
  • 209.85.45.84. Tested viewdns.info range: 209.85.45.74 - 209.85.45.94.
    • 209.85.45.2: dz8.dailyrazor.com
    • 209.85.45.2: jr4consulting.com
    • 209.85.45.41: guitarzza.com. No archives of time.
    • 209.85.45.46: evergraindecking.com. No archives of time.
    • 209.85.45.114: mauritiuspropertyconsultant.com. Legit/ broken.
    • 209.85.45.160: bieltvedt.net. No archives of time.
    • 209.85.45.160: golfstats.dk. No archives.
    • 209.85.45.225: infokus.ca
    • 209.85.45.225: mail.tomlatham.net
    • 209.85.45.225: mail.tomlatham.org
    • 209.85.45.239: flavacationcenter.com
204.176.38.143 noticiassofisticadas.com. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 204.176.38.125 - 204.176.38.154
  • 204.176.38.130: i-pressnews.com. Hit.
  • 204.176.38.132: turkishnewslinks.com. Hit.
  • 204.176.38.134: photographyarecord.com. Hit.
  • 204.176.38.135: breakingthewicket.com. Hit.
  • 204.176.38.136: politicalworldtoday.com. Hit.
  • 204.176.38.137: hi-tech-today.com. Hit.
  • 204.176.38.138: continental-business-news.com. TODO. 2011. Cannot find comms. Also header and footer are not limited width which is unusual. Further HTML similarity reversing would be needed.
  • 204.176.38.139: bigscreenbattles.com. Hit.
  • 204.176.38.141: rakotafootball.com. Hit.
  • 204.176.38.142: senderosdemontana.com. Hit.
  • 204.176.38.143: noticiassofisticadas.com. Hit.
  • 204.176.38.144: techno-today.com. Hit.
  • 204.176.38.145: tickettonews.com. Hit.
  • 204.176.38.146: dps-digitalphotosharing.com. Hit.
  • 204.176.38.147: theputtingreen.com. Hit.
  • 204.176.38.149: sportsnewstodayar.com. Hit.
  • 204.176.38.150: kairuafricanews.com. Hit.
204.176.39.115 globalprovincesnews.com. Tested viewdns.info range: 204.176.39.93 - 204.176.39.124
  • 204.176.39.97: beamingnews.com. Hit.
  • 204.176.39.98: cubriendonoticias.com. Hit.
  • 204.176.39.100: rowleyworldpost.com. Hit.
  • 204.176.39.101: noticiastopicas.com. No archives.
  • 204.176.39.103: economicnewsbuzz.com. Hit.
  • 204.176.39.104: spectranewsonline.com. Hit.
  • 204.176.39.105: entertainmentnewscompany.com. Hit.
  • 204.176.39.107: guidetoelectronics.net. Uncertain. 2010. English. tech, electronics. Possible CGI comms variant.
  • 204.176.39.110: arabnewsatdawn.com. Hit.
  • 204.176.39.114: messengergalaxy.com. Uncertain. 2011. Would be the first example of something more commercial/service offering we've seen so far. Possible CGI comms variant.
  • 204.176.39.115: globalprovincesnews.com. Hit.
  • 204.176.39.116: mahparah-news.com. Hit.
  • 204.176.39.119: commercialspacedesign.com. Hit.
207.210.250.132 aeronet-news.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 207.210.250.126 - 207.210.250.157
  • 207.210.250.131: starrynightnews.com. Hit.
  • 207.210.250.132: aeronet-news.com. Hit.
  • 207.210.250.133: bakaribulletin.com. Hit.
  • 207.210.250.134: deprensaenlarevisiondehoy.com. Hit.
  • 207.210.250.135: icwb-news.com. Hit.
  • 207.210.250.136: sportsreelhighlights.com. Hit.
  • 207.210.250.137: fashionforward.info. No archives.
  • 207.210.250.138: inquiry-human-past.com. Hit.
  • 207.210.250.139: thefairwaysaregreen.com. Hit.
  • 207.210.250.142: russiaupdate.com 2011-11-13. No archives of the time, only older unrelated archives: web.archive.org/web/20010429003443/http://russiaupdate.com/.
  • 207.210.250.143: archaeologyreview.net. Hit.
  • 207.210.250.144: highspeed-news.com. No archives.
  • 207.210.250.146: noticias-caracas.com. Hit.
  • 207.210.250.147: bailandstump.com. Hit.
  • 207.210.250.148: classicalmusic4arab.com. No archives.
  • 207.210.250.149: globalventurestat.com. Hit.
  • 207.210.250.152: al-rashidrealestate.com. Hit.
  • 207.210.250.153: newsintheworld-ru.com. Hit.
  • 207.210.250.154: news-unlimited.info. No archives. Shame, as perfect theme, and has per ipinf.ru/domains/207.210.250.154/
208.254.40.117 worldnewsandent.com. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117: Net Range 208.192.0.0 - 208.255.255.255. Tested viewdns.info range: 208.254.40.92 - 208.254.40.135
  • 208.254.40.96: sixty2media.com. Hit.
  • 208.254.40.99: newspoliticssource.com. Hit.
  • 208.254.40.110 musical-fortune.net. Hit.
  • 208.254.40.113: ashoka-gemstones.com. Hit.
  • 208.254.40.117: worldnewsandent.com. Hit.
  • 208.254.40.124: riskandrewardnews.com. Hit.
  • 208.254.40.129: mailb.casella.com. Legit.
208.254.42.205 driversinternationalgolf.com. Not too far from 208.254.40.117 right? Tested viewdns.info range: 208.254.42.178 - 208.254.42.233.
210.80.75.55 philippinenewsonline.net. Tested viewdns.info range: 210.80.75.30 - 210.80.75.67
  • 210.80.75.35: aroundtheworldnews.net. No archives. ipinf.ru/domains/210.80.75.33/ disagrees and places it at .33.
  • 210.80.75.36: e-commodities.net. Hit.
  • 210.80.75.37: trekkingtoday.com. Hit.
  • 210.80.75.41: multinews-33.com. Hit.
  • 210.80.75.42: movimientodenticias.com. No archives.
  • 210.80.75.43: gulfandmiddleeastnews.com. Hit.
  • 210.80.75.44: whirlybirdinflight.com. Hit.
  • 210.80.75.45: kings-game.net. Hit.
  • 210.80.75.46: topglobalnewsdaily.com. Hit.
  • 210.80.75.49: recipe-dujour.com. Hit.
  • 210.80.75.53: sportsman-elite.com. No archives.
  • 210.80.75.55: philippinenewsonline.net. Hit.
  • 210.80.75.56: technewsforme.com. Hit.
  • 210.80.75.59: goldeportesnoticias.com. No archives.
  • 210.80.75.68: gigabyte-usa.com. Legit.
212.4.16.232 mynewscheck.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.16.214 - 212.4.17.10.
Other hits:
  • 208.91.197.132. rdns source: viewdns.info: "location" : "British Virgin Islands", "owner" : "Confluence Networks Inc", "lastseen" : "2013-09-26". So this is after the previous one, unlikely to be correct.
  • 205.178.189.131. source: securitytrails.com
212.4.17.38 fightwithoutrules.com. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117. Net Range: 208.192.0.0 - 208.255.255.255. Organization: Name: Verizon Business. Tested viewdns.info range: 212.4.17.8 - 212.4.17.79
  • 212.4.17.41: newtechfrontier.com. Hit.
  • 212.4.17.43: smart-travel-consultant.com. Hit.
  • 212.4.17.46: atentlaloc.com. Hit.
  • 212.4.17.53: newsresolution.net. Hit.
  • 212.4.17.56: lesummumdelafinance.com. Hit.
  • 212.4.17.56: thepinnacleoffinance.com. No Wayback machine archives.
  • 212.4.17.61: tech-stop.org. Archive: 2011. Feels likely. No commons found. .org hit? Has subdomain "gear.tech-stop.org" according to 2013 DNS Census, which suggests CGI comms, but no links to it
  • 212.4.17.98: topbillingsite.com. Hit.
  • 212.4.17.122: b2bworldglobal.com. Hit.
There were also some other reverse IP hits for fightwithoutrules.com, but no CIA websites there:
  • 204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26. Many domains.
  • 208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20. Many domains.
212.4.18.129 sightseeingnews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.18.115 - 212.4.18.148. TODO expand. Interesting wide/sparse range? Or perhaps it's two separate ranges?
212.209.74.105 globalbaseballnews.com. Tested viewdns.info range: 212.209.74.100 - 212.209.74.132. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches
  • 212.209.74.105: globalbaseballnews.com. Hit.
  • 212.209.74.106: football-de-luxe.com. Hit.
  • 212.209.74.111: worldconcerns.info. No archives.
  • 212.209.74.112: developmental-league.com. Unclear. CGI comms variant? 2010. English. CGI. American football.
  • 212.209.74.115: mediocampodefutbol.com. Hit.
  • 212.209.74.117: myengineeringaffinity.com. Hit.
  • 212.209.74.122: atthemovies.biz. Archive very broken. Has link to unarchived JAR: web.archive.org/web/20110809232811oe_/http://www.atthemovies.biz/movieslides.jar. Would have been the fist .biz hit found: Non .com .net TLDs
  • 212.209.74.123: worldfinancialexchangenews.com. Hit.
  • 212.209.74.124: urouttahere.com. No archives. Meaning presumably "you're out of here"? One wonders what the theme would have been!
  • 212.209.74.125: avoilurefixe.com. Hit.
  • 212.209.74.126: headlines2day.com. Hit.
    • 118.139.174.11. Reverse IP source: viewdns.info
      • 118.139.174.11: 712 domain hits on it
      • 118.139.174.21: theargentineanwineco.com 2013-09-26. No Wayback machine archive.
      • nothing else on the +-20 range
    • 184.168.221.91. Reverse IP source: 2013 DNS Census
  • 212.209.74.127: construction-zones.com. Unclear. CGI comms variant? 2009. No known comms found. English. construction. Has a login page: web.archive.org/web/20091130144158/http://construction-zones.com/login.html so maybe CGI comms variant
212.209.79.40 hydradraco.com. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just after globalbaseballnews.com. Tested viewdns.info range: 212.209.79.35 - 212.209.79.63
  • 212.209.79.34: fgnl.net. Hit. securitytrails.com provides IP history:
    • 212.209.79.34: 2008-09-01 - 2010-04-19.
    • 212.4.18.133: 2010-04-19 - 2019-06-19. Tested viewdns.info range: 212.4.18.122 - 212.4.18.148
    both under MCI Communications Services, Inc. d/b/a Verizon Business.
  • 212.209.79.37: fitness-sources.com. Hit.
  • 212.209.79.40: hydradraco.com. Hit.
  • 212.209.79.41: noticiasdelmundolatino.com. Hit.
  • 212.209.79.42: suparakuvi.com. Hit.
  • 212.209.79.44: myigadgets.net. Unclear. 2010. tech. Contains some helpers to: iGoogle. This page is very interesting. and quite different from the others, as it contains highly specialized functionality. No known comms found. The choice of homepage languages is also very suspicious: Arabic, Farsi, French, Chinese and Spanish.
  • 212.209.79.46: cetusdelph.com. Hit.
  • 212.209.79.47: willtoworship.com. Hit.
  • 212.209.79.48: themvconnection.com. Hit.
  • 212.209.79.51: pi-resources.net. Hit.
  • 212.209.79.52: newel-adserver.com. Redirects to newel.com which is legit.
  • 212.209.79.53: ourscubaworld.com. Hit.
  • 212.209.79.58: tech-love-home.com. Hit.
  • 212.209.79.60: first-solo-aviation.com. Hit.
  • 212.209.79.61: china-destinations.org. Hit.
212.209.90.84 thenewseditor.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.209.90.64 - 212.209.90.99
  • 212.209.90.69: worldedgenews.com. Hit.
  • 212.209.90.72: talkingpointnews.info. No archives.
  • 212.209.90.75: prebitinvestment.com. No archives.
  • 212.209.90.77: energy-bulb.com 2011. English. energy. Comms not found, but has unarchived link to: web.archive.org/web/20110128182345/https://webmail.energy-bulb.com/login.html. CGI comms variant?
  • 212.209.90.79: freeblink.com. No archives for timerange, then legit.
  • 212.209.90.80: nsmovies.net. Hit.
  • 212.209.90.82: middleeastjournal.net. Hit.
  • 212.209.90.84: thenewseditor.com. Hit.
  • 212.209.90.87: newsandweathersource.com. Hit.
  • 212.209.90.89: pakisports.com. Hit.
  • 212.209.90.90: vriha-aesthetics.com. Hit.
  • 212.209.90.92: amishkanews.com. Hit.
  • 212.209.90.93: theentertainbiz.com. Hit.
  • 212.209.90.94: eurosportssummary.com. Hit.
  • 212.209.91.14: teracom.net. Legit
216.105.98.152: modernarabicnews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 216.105.98.125 - 216.105.98.167
  • 216.105.98.118:
    • estudashboard.com: broken
    • fintrade.us: legit
  • 216.105.98.132: europeantravelcafe.com. Likely a hit, but comms not found. 2010. English. Europe. travel. Marked copyright 2009. There's a currency converter at: web.archive.org/web/20100724024644/http://www.europeantravelcafe.com/tools.html which could be suspicious.
  • 216.105.98.134: fuenteneta.com. No archives.
  • 216.105.98.135: ilat-news.com. No archives.
  • 216.105.98.136: etherealinspirations.net. No archives.
  • 216.105.98.137: the-news-zone.com. Archive very broken: web.archive.org/web/20130814194744/http://the-news-zone.com/
  • 216.105.98.138: photozoomnews.com. No archives.
  • 216.105.98.139: cultura-digital.net. Hit.
  • 216.105.98.140: uaeshoppingspree.com. Hit.
  • 216.105.98.141: jabarifootball.com. No archives. "Jabari" is a Swahili/Arabic name[ref]
  • 216.105.98.142: globalreview-ar.com. No archives. Shame, could have been our first Argentinian site.
  • 216.105.98.144: garanziadellasicurezza.com. Archives quite broken: web.archive.org/web/20110424044637/http://www.garanziadellasicurezza.com:80/ Unarchived JAR: /web/20110424044637oe_/http://www.garanziadellasicurezza.com/garanzia.jar Would be another precious Italy hit...
  • 216.105.98.145: montanismoaventura.com. Hit.
  • 216.105.98.146: large-format-news.com. No archives.
  • 216.105.98.147: nepalnewsbrief.com. Hit. dnshistory.org marks it as having IP 2010-03-10 -> 2010-08-15 216.169.148.94 [ref]. This range does feel a bit different from the others, too many broken archives, and relatively early ones too. Explored viewdns.info range: 216.169.148.84 - 216.169.148.104, empty for period.
  • 216.105.98.148: teclafinance.com. No archives. One wonders what "tecla" would have stood for. It is Portuguese for "keyboard key", but finance is English so.
  • 216.105.98.149: entreman.com: legit? web.archive.org/web/20110128212738/http://entreman.com/
  • 216.105.98.152: modernarabicnews.com. Hit.
  • 216.105.98.153: global-headlines.com. No archives of the period, then was a legitimate WordPress website for a while.
  • 216.105.98.154: everythingcricket.org. Hit.
  • 216.105.98.156: familyhealthonline.net. Hit.
  • 216.105.98.157: delacorne.com. No archives.
  • 216.105.98.158: econfutures.com. No archives.
  • 216.105.98.161: kstcloud.com. No archives.
219.90.61.123 journeystravelled.com Tested viewdns.info range: 219.90.61.100 - 219.90.61.133
  • 219.90.61.100: pressstory.com: "Under construction". web.archive.org/web/20110128124548/http://pressstory.com/
  • 219.90.61.103: bet2plays.com. "Under construction". Unlikely thematic, too spicy.
  • 219.90.61.110: surya-brahma.com. Hit
  • 219.90.61.111: classicalmusicboxonline.com. Hit.
  • 219.90.61.116: athletepro.net. Hit.
  • 219.90.61.117: lajornadanow.com. Hit.
  • 219.90.61.119: aviation-navigation.com. No archives.
  • 219.90.61.120: theinternationalworld.com. Hit.
  • 219.90.61.121: thepyramidnews.com. Hit.
  • 219.90.61.122: iran-newslink-today.com. Hit.
  • 219.90.61.123: journeystravelled.com. Hit.
219.90.62.243 fitness-dawg.com. whois.arin.net/rest/net/NET-219-0-0-0-1/pft?s=219.90.62.243. Net Type: Allocated to APNIC. Tested viewdns.info range: unknown - 219.90.62.255
  • 219.90.62.173:
    • dominatingduos.com: 2013-08-12T17:53:09. No archive
    • has other domains
  • 219.90.62.193: centralnewsreleasers.com. Only a 2018 of the robots.txt: web.archive.org/web/*/http://centralnewsreleasers.com/* so likely not a hit
  • 219.90.62.209: penniesbythemillions.com. No archives.
  • 219.90.62.229: information-junky.com. Hit.
  • 219.90.62.231: todosperuahora.com. Hit.
  • 219.90.62.232: race26point2.com. Hit. No archives, but has subdomain: secure.race26point2.com, so likely CGI comms.
  • 219.90.62.233: theworld-news.net. Hit.
  • 219.90.62.234: recuerdosdeviajeonline.com. Hit
  • 219.90.62.235: ordenpolicial.com. No Wayback Machine archives. Last resolved: 2012-01-11.
  • 219.90.62.237: elcorreodenoticias.com. Hit.
  • 219.90.62.238: freshtechonline.com. Hit.
  • 219.90.62.240: cityworldnewsnow.com. Hit. No archives but has subdomain: secure.cityworldnewsnow.com so likely CGI comms.
  • 219.90.62.241: newscentertoday.com. Hit.
  • 219.90.62.242: ride-captain.com. Hit.
  • 219.90.62.244: easytraveleurope.com. Hit.
  • 219.90.62.245: world-news-now.net. Hit.
  • 219.90.62.246: negativeaperture.com. Hit.
  • 219.90.62.247: conquermstoday.com. Hit
  • 219.90.62.249: forensic-exchange.com. 2013 archive: web.archive.org/web/20130714094026/http://forensic-exchange.com/. Appears to be a buggy Wayback Machine archive somehow, so inconclusive.
secure subdomain search on 2013 DNS Census by Ciro Santilli 35 Updated +Created
Grepping the 2013 DNS Census first by overused CGI comms subdomains secure. and ssl. leaves 200k lines. Grepping for the overused "news" led to hits:
  • secure.worldnewsandent.com,2012-02-13T21:28:15,208.254.40.117
  • ssl.beyondnetworknews.com,2012-02-13T20:10:13,66.104.175.40
Also tried but failed:
OK, after the initial successes in secure., we went a bit more data intensive:
New results: only one...
  • 208.254.42.205 secure.driversinternationalgolf.com,2012-02-13T10:42:20,
After 2013 DNS Census virtual host cleanup heuristic keyword searches we later understood why there were so few hits here: the 2013 DNS Census didn't capture the secure. subdomains of many domains it had for some reason. Shame, because if it had, this method would have yielded many more results.
Figure 1.
You can never have enough Wayback Machine tabs open
.
Communication mechanism by Ciro Santilli 35 Updated +Created
There are four main types of communication mechanisms found:
  • There is also one known instance where a .zip extension was used! web.archive.org/web/20131101104829*/http://plugged-into-news.net/weatherbug.zip as:
    <applet codebase="/web/20101229222144oe_/http://plugged-into-news.net/" archive="/web/20101229222144oe_/http://plugged-into-news.net/weatherbug.zip"
    JAR is the most common comms, and one of the most distinctive, making it a great fingerprint.
    Several of the JAR files are named something like either:
    • meter.jar
    • bandwidth.jar
    • speed.jar
    as if to pose as Internet speed testing tools? The wonderful subtleties of the late 2000s Internet are a bit over our heads.
    All JARs are directly under root, not in subdirectories, and the basename usually consist of one word, though sometimes two camel cased.
  • JavaScript file. There are two subtypes:
    • JavaScript with SHAs. Rare. Likely older. Way more fingerprintable.
    • JavaScript without SHAs. They have all been obfuscated slightly different and compressed. But the file sizes are all very similar from 8kB to 10kB, and they all look similar, so visually it is very easy to detect a match with good likelyhood.
  • Adobe Flash swf file. In all instances found so far, the name of the SWF matches the name of the second level domain exactly, e.g.:
    http://tee-shot.net/tee-shot.swf
    While this is somewhat of a fingerprint, it is worth noting that is was a relatively commonly used pattern. But it is also the rarest of the mechanisms. This is a at a dissonance with the rest of the web, which circa 2010 already had way more SWF than JAR apparently.
  • CGI comms
These have short single word names with some meaning linked to their website.
Because the communication mechanisms are so crucial, they tend to be less varied, and serve as very good fingerprints. It is not ludicrous, e.g. identical files, but one look at a few and you will know the others.
CGI comms by Ciro Santilli 35 Updated +Created
We've come across a few shallow and stylistically similar websites on suspicious ranges with this pattern.
No JS/JAR/SWF comms, but rather a subdomain, and an HTTPS page with .cgi extension that leads to a login page. Some names seen for this subdomain:
  • secure.: most common
  • ssl.: also common
  • various other more creative ones linked to the website theme itself, e.g.:
    • musical-fortune.net has a backstage.musical-fortune.net
The question is, is this part of some legitimate tooling that created such patterns? And if so which? Or are they actual hits with a new comms mechanism not previously seen?
The fact that:
  • hits of this type are so dense in the suspicious ranges
  • they are so stylistically similar between on another
  • citizenlabs specifically mentioned a "CGI" comms method
suggests to Ciro that they are an actual hit.
In particular, the secure and ssl ones are overused, and together with some heuristics allowed us to find our first two non Reuters ranges! Section "secure subdomain search on 2013 DNS Census"
JavaScript reverse engineering by Ciro Santilli 35 Updated +Created
Searching for Carson by Ciro Santilli 35 Updated +Created
Edit: Carson was found Oleg Shakirov's findingsby Oleg Shakirov: alljohnny.com, communicated at: twitter.com/shakirov2036/status/1746729471778988499, earliest archive from 2004 (!): web.archive.org/web/20040113025122/http://alljohnny.com/, The domain was hidden in plain sight, it was present in a not very visible watermark visible in the Reuters article screenshot! The watermark was added to the CIA to the background image, it is actually present on the website. In retrospect, it was actually present at on the expired domain trackers dataset, but the mega discrete all second word made Ciro Santilli miss it: github.com/cirosantilli/expired-domain-names-by-day-2015/blob/9d504f3b85364a64f7db93311e70011344cff788/07/05/02#L1572
What follows is the previous
The fact that the Reuters article has a screenshot of it, and therefore a Wayback Machine link, plus the specificity of the website topic, will likely keep Ciro awake at night for a while until someone finds that domain.
Some text visible on the Reuters screenshot:
  • Johnny Carson and The Tonight Show
  • Your Favorite Host and Comedic Genius
  • Submit Your Favorite Carson Moment
  • Heeere's Johnny!
    Holy crap, the "Here's Johnny" line from The Shining (1980) is a reference to Johnny Carson: www.youtube.com/watch?v=WDpipB4yehk, www.youtube.com/watch?v=aYnyPAkgyvc, Ciro never knew that... but every American would have understood it at the time.
It is unclear however if this text is plaintext or part of a an image.
Some failed attempts, either dry guesses or from DNS grepping dataset searches:
Searching the Wayback Machine proved fruitless. There is no full text search: Wayback Machine full text search, and a heuristic web.archive.org/web/20230000000000*/Johnny%20Carson search has relevant hits but not the one we want.
Another attempt was to search for "carson" on webmasterhome.cn which lists expired domains in bulk by expiration day, and it search engine friendly. It contains most of the domains we've found so far. Google either doesn't support partial word search or requires you to be a God to find itso we settle for DuckDuckGo which supports it: duckduckgo.com/?q=site%3Awebmasterhome.cn+%22carson%22&t=h_&ia=web Adding years also helps: duckduckgo.com/?q=site%3Awebmasterhome.cn+%22carson%22+2011&ia=web with this we might be getting all possible results. Ciro went through all in 2011, 2012 and 2013 but no luck. Also fuck en.wikipedia.org/wiki/Carson_City,_Nevada and en.wikipedia.org/wiki/Carson,_California :-)
Let's search tools.whoisxmlapi.com/reverse-whois-search for "carson" contained in any historic domain name. 10,001 lines. Grepping those, no good Wayback machine hits for those that also contain "johnny" or "show". Data at: raw.githubusercontent.com/cirosantilli/media/master/cia-2010-covert-communication-websites/tools.whoisxmlapi.com_reverse-whois-search_carson.csv in case anyone want to try and dig...
Let's also search the fortuitously timed 2013 DNS Census.
Find missing hits in IP ranges by Ciro Santilli 35 Updated +Created
All IP ranges have some holes in them for which we don't have a domain name.
It is because there was nothing there, or just because we don't have a good enough reverse IP database?
How did Alexa find the domains? by Ciro Santilli 35 Updated +Created
It can't be HTML crawl because presumably there wouldn't have been links to those websites? Presumably this is why Common Crawl doesn't seem to have any hits.
So they must have had some kind of DNS A record database?
Or would IPv4 sweep have worked, without the Host header with the CIA's setup?
The same question also applies to the 2013 DNS Census. It has less hits, but still has many.
Whatever they did, we are so so glad that they did!
Non .com .net TLDs by Ciro Santilli 35 Updated +Created
.com and .net are very dominant. Here we list other choices made:
  • .info: has a few hits:
    • archived comms:
      • beyondthefringe.info
    • unarchived comms:
      • crickettoday.info
    • unarchived:
      • talkingpointnews.info
      • theventurenews.info
      • worldconcerns.info
    Did a full Wayback Machine CDX scanning on .info after:
    grep -e news -e noticias -e nouvelles -e world -e global
    That makes about 10k domains, so it's about the right size.
  • .org: has a least one hit, see: Are there .org hits?
  • .biz:
    • unarchived comms:
      • atthemovies.biz
AppImage by Ciro Santilli 35 Updated +Created
Crow intelligence experiment by Ciro Santilli 35 Updated +Created
Video 1.
Causal understanding of water displacement by a crow by PLOS Media (2014)
Source.
Cumbridge by Ciro Santilli 35 Updated +Created
DeepMind project by Ciro Santilli 35 Updated +Created
Epoch (deep learning) by Ciro Santilli 35 Updated +Created
Batch size (deep learning) by Ciro Santilli 35 Updated +Created
Anyon by Ciro Santilli 35 Updated +Created
The name actually comes from "any". Amazing.
Can only exist in 2D surfaces, not 3D, where fermions and bosons are the only options.
All known anyons are quasiparticles.
The Spiders' Web: Britain's Second Empire by Ciro Santilli 35 Updated +Created
Video 1.
The Spider's Web: Britain's Second Empire
. Source.
2017. Directed by Michael Oswald. Adam Curtis vibes.
Some notable points:
Fighting game AI by Ciro Santilli 35 Updated +Created
Video 1.
AI in Melee is broken by Melee Moments (2023)
Source.

Unlisted articles are being shown, click here to show only listed articles.