noticiasmusica.net by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
whoisxmlapi WHOIS record on September 13, 2011
  • Registrar Name: NETWORK SOLUTIONS, LLC
  • Created Date: February 17, 2010 00:00:00 UTC
  • Updated Date: February 17, 2010 00:00:00 UTC
  • Expires Date: February 17, 2015 00:00:00 UTC
  • Registrant Name: See, Megan|ATTN NOTICIASMUSICA.NET|care of Network Solutions
  • Registrant Street: PO Box 459
  • Registrant City: PA
  • Registrant State/Province: US
  • Registrant Postal Code: 18222
  • Registrant Country: UNITED STATES
  • Administrative Contact
  • Administrative Name: See, Megan|ATTN NOTICIASMUSICA.NET|care of Network Solutions
  • Administrative Street: PO Box 459
  • Administrative City: Drums
  • Administrative State/Province: PA
  • Administrative Postal Code: 18222
  • Administrative Country: UNITED STATES
  • Administrative Email: hf3eg77c4nn@networksolutionsprivateregistration.com
  • Administrative Phone: 5707088780
  • Name Servers: NS45.WORLDNIC.COM|NS46.WORLDNIC.COM
2012:
  • Registrant Country: PANAMA
Read the full article
atomworldnews.com by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
whoisxmlapi WHOIS record on April 17, 2011
  • Created Date: April 9, 2010 00:00:00 UTC
  • Updated Date: April 9, 2010 00:00:00 UTC
  • Expires Date: April 9, 2012 00:00:00 UTC
  • Registrant Name: domainsbyproxy.com
  • Name servers: NS33.DOMAINCONTROL.COM|NS34.DOMAINCONTROL.COM
Read the full article
iranfootballsource.com by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
Read the full article
Hits without nearby IP hits by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
Here we list domains for which the correct IP was apparently not found since there are no neighbouring hits.
These are suspicious, and suggest either that we didn't obtain the correct reverse IP, or a change in CIA methodology from an older time at which they were not yet using the obscene IP ranges.
For example, in the case of inews-today.com, 2013 DNS Census gave one IP 193.203.49.212, but then viewdns.info gave another one 66.175.106.146 which fit into an existing IP range, and which assumed to be the correct IP of interest.
A similar case happened when we found IP 212.209.74.126 for headlines2day.com with dnshistory.org: dnshistory.org/historical-dns-records/a/headlines2day.com.
It is interesting to note that Reuters seems to have featured disproportionately many hits from that range, one wonders why that happened. It is possible that they chose these because they actually didn't have any nearby hits to give away less obvious information, though they did pick some from the ranges as wel.
In what follows we list the domains with possible reverse IPs and what was explored so far for each. We consider IPs not in a range to be uncertain, and that instead their domains might have been previously in a range which we
dailynewsandsports.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches
  • 216.119.129.94. rdns source: viewdns.info "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2012-04-13". Tested viewdns.info range: 216.119.129.85 - 216.119.129.86, 216.119.129.89 - 216.119.129.99, ran out of queries for 87 and 88
    • 216.119.129.90: eastdairies.com 2011-04-04. Promising name and date, but no archives alas.
    • 216.119.129.97: miideaco.com 2016-02-01
  • 216.119.129.114 Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches, also present on viewdns.info but at a later date from previous "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2013-11-29". Tested viewdns.info range: 216.119.129.109 - 216.119.129.119
    • 216.119.129.110: dommoejmechty.com.ua. Legit.
    • 216.119.129.111: dailybeatz.com: Legit
    • 216.119.129.113:
      • audreygeneve.com
      • reyzheng.com
      • jacintorey.com
    • 216.119.129.114: dailynewsandsports.com. hit.
    • 216.119.129.115: afxchange.com legit/broken
    • 216.119.129.116: danafunkfinancial.com: legit
  • 208.73.33.194 on securitytrails.com
    • 69.64.155.77 Amazon.com, Inc. 2008-12-10 (16 years) 2008-12-19 (16 years) 9 days
    • 68.178.232.100 GoDaddy.com, LLC 2008-10-04 (16 years) 2008-11-02 (16 years) 29 days
    • 208.73.33.194 Jumpline Inc 2008-09-01 (17 years) 2008-10-03 (16 years) 1 month
iranfootballsource.com:
  • 34.98.99.30 Kansas City - United States Google LLC 2021-05-24
  • 184.168.221.94 United States GoDaddy.com 2020-07-21
  • 50.63.202.66 United States GoDaddy.com 2020-07-07
  • 50.63.202.86 United States GoDaddy.com 2020-05-28
  • 184.168.221.94 United States GoDaddy.com 2020-05-13
  • 50.63.202.74 United States GoDaddy.com 2020-04-29
  • 50.18.223.191 San Jose - United States Amazon.com 2015-03-23. Sources: 2013 DNS Census and viewdns.info
    • no viewdns.info hits +- 10
  • 85.13.200.108 United Kingdom Coreix Dedicated Customer Allocation 2013-06-30. Source: viewdns.info
    • 85.13.200.108: 1000 hits, so unlikely to be the one
iraniangoalkicks.com:
iraniangoals.com:
football-enthusiast.com:
  • 212.4.18.14: Tested viewdns.info range: 212.4.18.1 - 212.4.18.29. This is a curious case, rather close to 212.4.18.129 sightseeingnews.com, but not quite in the same range apparently. Viewdns.info also agrees on its history with only "212.4.18.14", "location" : "Milan - Italy", "owner" : "MCI Worldcom Italy Spa", "lastseen" : "2013-06-30" of interest.
cyhiraeth-intlnews.com:
news-latina.com: domainsbyproxy.com 2007-12-17
europeannewsflash.com:
outlooknewscast.com:
  • dnshistory.org/historical-dns-records/a/outlooknewscast.com
    • 2009-08-08 -> 2011-02-11 74.53.159.130. Tested viewdns.info range: 74.53.159.120 - 74.53.159.140
      • 74.53.159.130: aeromedhistory.org 2014-11-29
      • 74.53.159.130: mariposahorticultural.com 2022-11-28
      • 74.53.159.130: thewritestuffresume.com 2011-04-04. Legit.
  • viewdns.info/iphistory/?domain=outlooknewscast.com
    • 204.93.178.121 Chicago - United States SERVERCENTRAL 2011-09-08. Tested viewdns.info range: 204.93.178.111 - 204.93.178.131. Skimmed through, nothing of great interest.
    • 74.53.159.130 United States SOFTLAYER 2011-04-04. Tested.
farsi-newsandweather.com:
global-view-news.com:
health-men-today.com:
  • dnshistory.org/historical-dns-records/a/health-men-today.com
    • 2011-01-07 -> 2011-01-07 69.90.162.165. Tested viewdns.info range: 69.90.162.155 - 69.90.162.175. Virtuals.
    • 2009-11-30 -> 2010-05-27 67.220.228.224. New range with global-view-news.com? Tested viewdns.info range: 67.220.228.214 67.220.228.234
      • 67.220.228.223: stagedwithdistinction.com 2011-10-09. One archive of godaddy only.
    • 2009-08-01 -> 2009-09-19 69.42.58.50. Tested viewdns.info range: 69.42.58.40 - 69.42.58.60. Virtuals, canada.
  • viewdns.info/iphistory/?domain=health-men-today.com
    • 204.11.56.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2014-04-19. Virtuals.
    • 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Unknown range.
    • 69.90.162.165 Canada COGECO-PEER1 2012-06-29. Tested.
  • securitytrails.com/domain/health-men-today.com/history/a
    • 69.42.58.50 Aptum Technologies 2008-09-01 (17 years) 2008-09-04 (17 years) 3 days
firstnewssource.com:
pars-technews.com:
newdaynewsonline.com:
sportsnewsfinder.com:
newsworldsite.com:
todaysnewsreports.net:
  • viewdns.info/iphistory/?domain=todaysnewsreports.net
    • 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-07-01
    • 205.178.189.129 United States NETWORK-SOLUTIONS-HOSTING 2013-05-20 likely virtual
    • 173.255.131.72 Reno - United States UK-2 Limited 2012-08-27. Tested viewdns.info range: 173.255.131.62 173.255.131.82. Virtual and modern hits only.
    • 67.213.211.232 United States UK-2 Limited 2011-09-07 unknown. Tested viewdns.info range: 67.213.211.222 67.213.211.242. viewdns.info/reverseip/?t=1&host=67.213.211.232 empty.
      • 67.213.211.236: icf-finan.com 2015-01-20
      • 67.213.211.237: playinside.me 2016-02-04. Nice domain hack, but no.
      • 67.213.211.239: reality-sexxx.com 2011-09-08
hassannews.net:
todayoutdoors.com:
globaltourist.net:
terrain-news.com:
intlnewsdaily.com
opensourcenewstoday.com:
techwatchtoday.com:
Read the full article
Hits with nearby IP hits by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
62.22.60.49: telecom-headlines.com. UUNET in Spain. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just before worldnewsnetworking.com. Tested viewdns.info range: 62.22.60.34 - 62.22.60.66
  • 62.22.60.33: newsperk.com. Almost certainly a hit. Stylistically perfect, rss-item. But no comms not found. Ennerving! 2011. English. Egypt. news. Later legitimately reused.
  • 62.22.60.34: freeslideshow.net. Legit? Attempting to open any HTML archives leads to an infinite page load loop, e.g. 2010. A subpage however exists: web.archive.org/web/20101230001640/http://freeslideshow.net/index_files/a.htm and appears legit.
  • 62.22.60.40: travel-passage.com. Unclear. No archives of toplevel, only subpage: 2009. No clear comms. Chinese. cqcounter.com/whois/www/travel-passage.com.html perfectly in style, almost certain hit! Shows a mixture of Chinese and English. The Chinese title is "游行连接"
  • 62.22.60.42: newsupdatesite.com. Hit.
  • 62.22.60.46: flyingtimeline.com. Hit.
  • 62.22.60.47: globalemergenceadvisorsbkserver.com. Legit.
  • 62.22.60.48: currentcommunique.com. Hit.
  • 62.22.60.49: telecom-headlines.com. Hit.
  • 62.22.60.52: collectedmedias.com. Hit.
  • 62.22.60.54: romulusactualites.com. Hit. cqcounter.com/whois/www/romulusactualites.com.html in-style. Innovative design but hit. French.
  • 62.22.60.55: thefilmcentre.com. Hit.
  • 62.22.60.56: traveltimenews.com. Hit.
62.22.61.206 worldnewsnetworking.com. UUNET in Spain. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 62.22.61.188 - 62.22.61.224
65.218.91.17 alljohnny.com. UUNET in Spain. One of the Reuters websites.
63.131.229.12 cyberreportagenews.com. ADHOST in Coeur d'Alene - United States. Tested viewdns.info range: 63.131.228.248 - 63.131.229.30
  • 63.131.229.2: fightskillsresource.com. Hit
  • 63.131.229.4: unitedterritorynews.com. Hit
  • 63.131.229.9: show-dustry.com. Hit
  • 63.131.229.10: afghanpoetry.net. Hit. Also at 74.254.12.166 in another range.
  • 63.131.229.11: mythriftytrip.com. Hit
  • 63.131.229.12: cyberreportagenews.com. Hit.
  • 63.131.229.13: sunrise-news.com. Hit.
  • 63.131.229.15: cricketnewsforindia.com. Hit.
  • 63.131.229.16:
  • 63.131.229.18: itnl-xchange.com. Hit.
  • 63.131.229.20:
    • fixashion.net. Hit.
    • a few others
63.130.160.50 theglobalheadlines.com. CW Vodafone Group PLC in United States. Found with: 2013 DNS census secureserver.net MX records intersection 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 63.130.160.35 - 63.130.160.75
  • 63.130.160.50: theglobalheadlines.com. Hit.
  • 63.130.160.51:
  • 63.130.160.53: echessnews.com. Hit.
  • 63.130.160.59: technologiewissen.com. No archives from the time. Would be Technology knowledge in German, so another likely German hit. Shame. cqcounter.com/whois/www/technologiewissen.com.html empty
  • 63.130.160.60: boxingstop.net. Hit.
  • 63.130.160.61: bookmarksthis.com. Hit.
  • 63.130.160.62: azerinews.org. Hit.
64.16.204.55 holein1news.com. Saudi Telecom Company JSC in Saudi Arabia. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 64.16.204.50 - 64.16.204.63. With did Wayback Machine have so few archives here? TODO stopping viewdns.info exploration a bit short due to that.
65.61.127.163 capture-nature.com. whois.arin.net/rest/net/NET-65-61-96-0-1/pft?s=65.61.127.163: Net Range: 65.61.96.0 - 65.61.127.255. Organization. Name: TierPoint, LLC. Tested viewdns.info range: 65.61.127.149 -
  • 65.61.127.46: anahuacchamber.com 2012-12-22T14:59:01
  • 65.61.127.117: medicaresupplementalinsurance.com, 2013-08-21T09:49:41. Legit.
  • 65.61.127.121: counter-images.com 2013-08-22T11:14:44: web.archive.org/web/20110208173132/http://www.counter-images.com/ Empty.
  • 65.61.127.125 zaphound.com 2013-08-21T02:25:40. Legit.
  • 65.61.127.130: ambitions.org 2013-08-22T01:43:40. Legit.
  • 65.61.127.161: european-footballer.com. Hit.
  • 65.61.127.163: capture-nature.com. Hit.
  • 65.61.127.164: futbolistico.net. 2012-02-20T03:25:33. Legit. web.archive.org/web/20130509004058/http://futbolistico.net/
  • 65.61.127.165: travelconnectionsonline.com. Ciro initially though this might be a hit. But upon Googling it, there's now a mirror at: travelconn.tripod.com/. Combined with the lack of a standard communications mechanism and the 2001 copyright, maybe it isn't a hit after all
  • 65.61.127.166: globalnewsbulletin.com: Hit.
  • 65.61.127.167: internationalwhiskylounge.com. Hit.
  • 65.61.127.168: the-golden-rule.info 2013-09-20T02:13:52. Hit.
  • 65.61.127.169: crossovernews.net. Hit.
  • 65.61.127.170: newsidori.com. Hit.
  • 65.61.127.171: nrgconsultingandnews.com. Hit. 2013-08-13T18:45:05
  • 65.61.127.172: premierstriker.com. Hit. 2012-01-11
  • 65.61.127.174: dedrickonline.com. Hit.
  • 65.61.127.175: altworldnews.com. Hit.
  • 65.61.127.176: american-historyonline.com. Hit. 2011-09-08
  • 65.61.127.177: material-science.org. Hit.
  • 65.61.127.178: tee-shot.net. Hit.
  • 65.61.127.180: screencentral.info. Buggy Wayback Machine archive from 2013: web.archive.org/web/20130713224951/http://screencentral.info/. Last resolved: 2013-05-08. cqcounter.com/whois/www/screencentral.info.html from 2011 possibly in style, but rather innovative design. Movie history and news website.
  • 65.61.127.181: worldnewsandtravel.com. Hit. 2011-11-13
  • 65.61.127.182: pangawana.com. Hit.
  • 65.61.127.183: cutabovenews.com. Hit.
  • 65.61.127.184: worldwildlifeadventure.com. Hit.
  • 65.61.127.186: explorealtmeds.com. Hit.
  • 65.61.127.194: 16 domains, so unclear.
  • 65.61.127.200: cdl-link.com (ipinf.ru). Legit.
  • 65.61.127.222: asianwhitecoffee.com 2012-07-16T09:21:05 web.archive.org/web/20110903080036/http://asianwhitecoffee.com/. Could be legit.
66.45.179.205 noticiasporjanua.com. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 66.45.179.187 - 66.45.179.223
  • 66.45.179.187: mail03.gatesfoundation.org. Legit.
  • 66.45.179.192: thegraceofislam.com. Hit.
  • 66.45.179.193: arabicnewsunfiltered.com. Hit.
  • 66.45.179.194: raulsonsglobalnews.com. Hit.
  • 66.45.179.195: aryannews.net. Hit.
  • 66.45.179.199: attivitaestremi.com. Hit.
  • 66.45.179.200: foodwineandsuch.com. Hit.
  • 66.45.179.201: hitthepavementnow.com. Hit.
  • 66.45.179.203: noticiascontinental.com. Hit.
  • 66.45.179.205: noticiasporjanua.com. Hit.
  • 66.45.179.206: podisticamondiale.com. Hit.
  • 66.45.179.207: reflectordenoticias.com. Hit.
  • 66.45.179.208: havenofgamerz.com. Hit.
  • 66.45.179.209: vejaaeuropa.com. Hit.
  • 66.45.179.210: sa-michigan.com. Hit.
  • 66.45.179.211: absolutebearing.net. Hit.
  • 66.45.179.212: grandretirement.net. No archives. cqcounter.com/whois/www/grandretirement.net.html blank image.
  • 66.45.179.213: myportaltonews.com. Hit.
  • 66.45.179.214: investmentintellect.com. Hit.
  • 66.45.179.215: nigeriastar.net 2012-03-12. Hit.
66.104.169.184 bcenews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.169.158 - 66.104.169.189
66.104.173.186 myworldlymusic.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.173.158 - 66.104.173.194
66.104.175.40 beyondnetworknews.com. whois.arin.net/rest/net/NET-66-104-0-0-1/pft?s=66.104.175.40. Net Range:66.104.0.0 - 66.107.255.255. 2012 Internet Census puts most/all hits in this range under ip66-104-175-34.z175-104-66.customer.algx.net, algx.net redirects to verizon.com as of 2023. Related: superuser.com/questions/956568/why-are-my-pings-going-to-customer-algx-net. Tested viewdns.info range: 66.104.175.24 - unknown
66.175.106.148 activegaminginfo.com. whois.arin.net/rest/net/NET-66-175-106-128-1/pft?s=66.175.106.148: Net Range: 66.175.106.128 - 66.175.106.159. Customer Name: DIAMOND-COLESON. Tested viewdns.info range: 66.175.106.131 - 66.175.106.178
66.237.236.247 comunidaddenoticias.com. Tested viewdns.info range: 66.237.236.222 - 66.237.236.254
69.84.156.90 stickshiftnews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 69.84.156.64 - 69.84.156.95
  • 69.84.156.69: al-ashak-news-me.com. Hit.
  • 69.84.156.70: theventurenews.info. Hit.
  • 69.84.156.71: worldfinancetoday.net. Hit.
  • 69.84.156.72: autonewsarabia.com. Hit.
  • 69.84.156.74: blue-moon-news.com. Hit.
  • 69.84.156.75: theoutergreen.com. No archives. Might have been another golf hit. cqcounter.com/whois/www/theoutergreen.com.html not found.
  • 69.84.156.76: tnc-urdu.com. Hit.
  • 69.84.156.79: jassimnews.com. No archives/broken. cqcounter.com/whois/www/jassimnews.com.html blank.
  • 69.84.156.80: noticiasdenuestromundo.com. Hit.
  • 69.84.156.82: arabicnewsonline.com. Hit.
  • 69.84.156.83: unganadormundial.com. Hit.
  • 69.84.156.84: focusonbokeh.com. Hit. Network Solutions, LLC.
  • 69.84.156.85: classic-rocktopia.com. Hit. domainsbyproxy.com.
  • 69.84.156.87: i7diver.com. Hit.
  • 69.84.156.88: diariodeelmundo.com. Hit.
  • 69.84.156.89: todaysarabnews.com. Hit.
  • 69.84.156.90: stickshiftnews.com. Hit.
  • 69.84.156.91: theinternationalgoal.com. Hit.
72.34.53.174 technologytodayandtomorrow.com. This IP is special. This IP is somehow closely linked to the "Mass Deface III" pastebin as it seems to have been hosted by Condor hosting. They also have many old sites, and links to Russia which is apparently where this was hosted.
74.116.72.236 techtopnews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.116.72.215 - 74.116.72.254
74.254.12.168 non-stop-news.net. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.254.12.158 - 74.254.12.195. This domain exceptionally also has a second IP also with multihits: 207.239.196.230. The fact that the range has rdns sources with hits from both 2013 DNS Census and viewdns.info suggests this range is correct.
173.208.81.2
199.19.110.7 theworldnewsfeeds.com:
199.85.212.118 just-kidding-news.com
  • 199.85.212.118 rdns source: 2013 DNS Census virtual host cleanup heuristic keyword searches, dnshistory.org (2009-09-23 -> 2011-01-25) and viewdns.info: "location": "United States", "owner": "VIMRO, LLC", "lastseen": "2012-01-11". Tested viewdns.info range: 199.85.212.95 - 199.85.212.128. Not sure worth it given the many 2013 DNS Census misses surrounding.
  • 68.178.232.100: see rastadirect.net. rdns source: viewdns.info: "location": "United States", "owner": "GoDaddy.com, LLC", "lastseen": "2012-06-29"
  • 209.85.45.84. Tested viewdns.info range: 209.85.45.74 - 209.85.45.94.
    • 209.85.45.2: dz8.dailyrazor.com
    • 209.85.45.2: jr4consulting.com
    • 209.85.45.41: guitarzza.com. No archives of time.
    • 209.85.45.46: evergraindecking.com. No archives of time.
    • 209.85.45.114: mauritiuspropertyconsultant.com. Legit/ broken.
    • 209.85.45.160: bieltvedt.net. No archives of time.
    • 209.85.45.160: golfstats.dk. No archives.
    • 209.85.45.225: infokus.ca
    • 209.85.45.225: mail.tomlatham.net
    • 209.85.45.225: mail.tomlatham.org
    • 209.85.45.239: flavacationcenter.com
204.176.38.143 noticiassofisticadas.com. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 204.176.38.125 - 204.176.38.154
  • 204.176.38.130: i-pressnews.com. Hit.
  • 204.176.38.132: turkishnewslinks.com. Hit.
  • 204.176.38.134: photographyarecord.com. Hit.
  • 204.176.38.135: breakingthewicket.com. Hit.
  • 204.176.38.136: politicalworldtoday.com. Hit.
  • 204.176.38.137: hi-tech-today.com. Hit.
  • 204.176.38.138: continental-business-news.com. TODO. rss-item, split images. 2011. Cannot find comms. Also header and footer are not limited width which is unusual. Further HTML similarity reversing would be needed.
  • 204.176.38.139: bigscreenbattles.com. Hit.
  • 204.176.38.141: rakotafootball.com. Hit.
  • 204.176.38.142: senderosdemontana.com. Hit.
  • 204.176.38.143: noticiassofisticadas.com. Hit.
  • 204.176.38.144: techno-today.com. Hit.
  • 204.176.38.145: tickettonews.com. Hit.
  • 204.176.38.146: dps-digitalphotosharing.com. Hit.
  • 204.176.38.147: theputtingreen.com. Hit.
  • 204.176.38.149: sportsnewstodayar.com. Hit.
  • 204.176.38.150: kairuafricanews.com. Hit.
204.176.39.115 globalprovincesnews.com. Tested viewdns.info range: 204.176.39.93 - 204.176.39.124
  • 204.176.39.97: beamingnews.com. Hit.
  • 204.176.39.98: cubriendonoticias.com. Hit.
  • 204.176.39.100: rowleyworldpost.com. Hit.
  • 204.176.39.101: noticiastopicas.com. No archives. cqcounter.com/whois/www/noticiastopicas.com.html not found.
  • 204.176.39.103: economicnewsbuzz.com. Hit.
  • 204.176.39.104: spectranewsonline.com. Hit.
  • 204.176.39.105: entertainmentnewscompany.com. Hit.
  • 204.176.39.107: guidetoelectronics.net. Uncertain. 2010. English. tech, electronics. Split images, rss-items. Comms not found, likely CGI comms variant on unarchived login page:. web.archive.org/web/20101230025246/http://guidetoelectronics.net/login.html
  • 204.176.39.110: arabnewsatdawn.com. Hit.
  • 204.176.39.114: messengergalaxy.com. Uncertain. 2011. Would be the first example of something more commercial/service offering we've seen so far. Possible CGI comms variant.
  • 204.176.39.115: globalprovincesnews.com. Hit.
  • 204.176.39.116: mahparah-news.com. Hit.
  • 204.176.39.119: commercialspacedesign.com. Hit.
207.150.191.68 technologypresstoday.com:
207.210.250.132 aeronet-news.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 207.210.250.126 - 207.210.250.157
208.93.112.105 2009. JAR. a.newslink / a.newslinkalt.
208.254.38.39 todaysengineering.com:
  • Tested viewdns.info range: 208.254.38.9 - 208.254.38.86. Weirdly empty, doesn't even show the domain iteslf!
  • 68.178.232.100: source: securitytrails.com. 2009-11-24 - 2009-12-11, GoDaddy.com, LLC
208.254.40.117 worldnewsandent.com. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117: Net Range 208.192.0.0 - 208.255.255.255. Tested viewdns.info range: 208.254.40.92 - 208.254.40.135
  • 208.254.40.96: sixty2media.com. Hit.
  • 208.254.40.99: newspoliticssource.com. Hit.
  • 208.254.40.110 musical-fortune.net. Hit.
  • 208.254.40.113: ashoka-gemstones.com. Hit.
  • 208.254.40.117: worldnewsandent.com. Hit.
  • 208.254.40.124: riskandrewardnews.com. Hit.
  • 208.254.40.129: mailb.casella.com. Legit.
208.254.42.205 driversinternationalgolf.com. Not too far from 208.254.40.117 right? Tested viewdns.info range: 208.254.42.178 - 208.254.42.233.
209.162.192.49 rastadirect.net. Source: securitytrails.com and cqcounter.com/site/rastadirect.net.html. Tested viewdns.info: 209.162.192.30 209.162.192.70
* 209.162.192.44: thejewelofsouthamerica.com. Hit.
* 209.162.192.49: rastadirect.net. Hit.
* 209.162.192.51: yellow-chair-report.com. Hit.
* 209.162.192.54: tutkulu-turu.com. Possible hit. domainsbyproxy.com 2008-03-04. Weird style made up exclusively of cut up images, including the text itself where links would normally be. Turkish. Archive a bit weird with images on top of text. 2011 Copyright 2006. Unarchived link to web.archive.org/web/20110129065840/http://tutkulu-turu.com/login.html with title "Kullanıcı adı" (Username). Headline "Online seyahat etmek acenta" translates to "Online travel agency".
* 209.162.192.57: globalnewsreports.net. Hit.
* 209.162.192.59: easytravelsite.net. Hit.
* 209.162.192.70: phrio.com. Off date. viewdns.info/reverseip/?t=1&host=209.162.192.70
210.80.75.55 philippinenewsonline.net. Tested viewdns.info range: 210.80.75.30 - 210.80.75.67
212.4.16.232 mynewscheck.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.16.214 - 212.4.17.198. ipinf.ru/domains/?search=212.4.17.125&cust=1 says they are /19, so .16 and .17 are both the same range from a registration perspective::
212.4.17.38 fightwithoutrules.com. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117. Net Range: 208.192.0.0 - 208.255.255.255. Organization: Name: Verizon Business. Tested viewdns.info range: see 212.4.16.* above
  • 212.4.17.38: fightwithoutrules.com. Hit.
  • 212.4.17.41: newtechfrontier.com. Hit.
  • 212.4.17.43: smart-travel-consultant.com. Hit.
  • 212.4.17.46: atentlaloc.com. Hit.
  • 212.4.17.53: newsresolution.net. Hit.
  • 212.4.17.56: lesummumdelafinance.com. Hit.
  • 212.4.17.56: thepinnacleoffinance.com. No Wayback machine archives. cqcounter.com/whois/www/thepinnacleoffinance.com.html blank.
  • 212.4.17.61: tech-stop.org. Archive: 2011. Feels likely. No commons found. .org hit? Has subdomain "gear.tech-stop.org" according to 2013 DNS Census, which suggests CGI comms, but no links to it
  • 212.4.17.98: topbillingsite.com. Hit.
  • 212.4.17.122: b2bworldglobal.com. Hit.
  • 212.4.17.125: worldaroundyunnan.com. Hit.
  • 212.4.17.160: localtoglobalnews.com. Hit.
There were also some other reverse IP hits for fightwithoutrules.com, but no CIA websites there:
  • 204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26. Many domains.
  • 208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20. Many domains.
Other hits:
  • 208.91.197.132. rdns source: viewdns.info: "location" : "British Virgin Islands", "owner" : "Confluence Networks Inc", "lastseen" : "2013-09-26". So this is after the previous one, unlikely to be correct.
  • 205.178.189.131. source: securitytrails.com
212.4.18.129 sightseeingnews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.18.115 - 212.4.18.148. TODO expand. Interesting wide/sparse range? Or perhaps it's two separate ranges?
212.209.74.105 globalbaseballnews.com. Tested viewdns.info range: 212.209.74.100 - 212.209.74.132. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches
212.209.79.40 hydradraco.com. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just after globalbaseballnews.com. Tested viewdns.info range: 212.209.79.35 - 212.209.79.63
  • 212.209.79.34: fgnl.net. Hit. securitytrails.com provides IP history:
    • 212.209.79.34: 2008-09-01 - 2010-04-19.
    • 212.4.18.133: 2010-04-19 - 2019-06-19. Tested viewdns.info range: 212.4.18.122 - 212.4.18.148
    both under MCI Communications Services, Inc. d/b/a Verizon Business.
  • 212.209.79.37: fitness-sources.com. Hit.
  • 212.209.79.40: hydradraco.com. Hit.
  • 212.209.79.41: noticiasdelmundolatino.com. Hit.
  • 212.209.79.42: suparakuvi.com. Hit.
  • 212.209.79.44: myigadgets.net. Unclear. 2010. tech. Contains some helpers to: iGoogle. This page is very interesting. and quite different from the others, as it contains highly specialized functionality. No known comms found. The choice of homepage languages is also very suspicious: Arabic, Farsi, French, Chinese and Spanish.
  • 212.209.79.46: cetusdelph.com. Hit.
  • 212.209.79.47: willtoworship.com. Hit. domainsbyproxy.com
  • 212.209.79.48: themvconnection.com. Hit.
  • 212.209.79.51: pi-resources.net. Hit.
  • 212.209.79.52: newel-adserver.com. Redirects to newel.com which is legit. cqcounter.com/whois/www/newel-adserver.com.html blank.
  • 212.209.79.53: ourscubaworld.com. Hit.
  • 212.209.79.58: tech-love-home.com. Hit.
  • 212.209.79.60: first-solo-aviation.com. Hit.
  • 212.209.79.61: china-destinations.org. Hit.
212.209.90.84 thenewseditor.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.209.90.64 - 212.209.90.99
216.93.248.194 esmundonoticias.com
216.104.38.110 all-sport-headlines.com:
216.105.98.152: modernarabicnews.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 216.105.98.125 - 216.105.98.167
219.90.61.123 journeystravelled.com Tested viewdns.info range: 219.90.61.100 - 219.90.61.133
219.90.62.243 fitness-dawg.com. whois.arin.net/rest/net/NET-219-0-0-0-1/pft?s=219.90.62.243. Net Type: Allocated to APNIC. Tested viewdns.info range: unknown - 219.90.62.255
Read the full article
secure subdomain search on 2013 DNS Census by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
Grepping the 2013 DNS Census first by overused CGI comms subdomains secure. and ssl. leaves 200k lines. Grepping for the overused "news" led to hits:
  • secure.worldnewsandent.com,2012-02-13T21:28:15,208.254.40.117
  • ssl.beyondnetworknews.com,2012-02-13T20:10:13,66.104.175.40
Also tried but failed:
OK, after the initial successes in secure., we went a bit more data intensive:
New results: only one...
  • 208.254.42.205 secure.driversinternationalgolf.com,2012-02-13T10:42:20,
After 2013 DNS Census virtual host cleanup heuristic keyword searches we later understood why there were so few hits here: the 2013 DNS Census didn't capture the secure. subdomains of many domains it had for some reason. Shame, because if it had, this method would have yielded many more results.
Read the full article
Communication mechanism by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
There are four main types of communication mechanisms found:
  • There is also one known instance where a .zip extension was used! web.archive.org/web/20131101104829*/http://plugged-into-news.net/weatherbug.zip as:
    <applet codebase="/web/20101229222144oe_/http://plugged-into-news.net/" archive="/web/20101229222144oe_/http://plugged-into-news.net/weatherbug.zip"
    JAR is the most common comms, and one of the most distinctive, making it a great fingerprint.
    Several of the JAR files are named something like either:
    • meter.jar
    • bandwidth.jar
    • speed.jar
    as if to pose as Internet speed testing tools? The wonderful subtleties of the late 2000s Internet are a bit over our heads.
    All JARs are directly under root, not in subdirectories, and the basename usually consist of one word, though sometimes two camel cased.
  • JavaScript file. There are two subtypes:
    • JavaScript with SHAs. Rare. Likely older. Way more fingerprintable.
    • JavaScript without SHAs. They have all been obfuscated slightly different and compressed. But the file sizes are all very similar from 8kB to 10kB, and they all look similar, so visually it is very easy to detect a match with good likelyhood.
  • Adobe Flash swf file. In all instances found so far, the name of the SWF matches the name of the second level domain exactly, e.g.:
    http://tee-shot.net/tee-shot.swf
    While this is somewhat of a fingerprint, it is worth noting that is was a relatively commonly used pattern. But it is also the rarest of the mechanisms. This is a at a dissonance with the rest of the web, which circa 2010 already had way more SWF than JAR apparently.
  • CGI comms
These have short single word names with some meaning linked to their website.
Because the communication mechanisms are so crucial, they tend to be less varied, and serve as very good fingerprints. It is not ludicrous, e.g. identical files, but one look at a few and you will know the others.
Read the full article
CGI comms by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
We've come across a few shallow and stylistically similar websites on suspicious ranges with this pattern.
No JS/JAR/SWF comms, but rather a subdomain, and an HTTPS page with .cgi extension that leads to a login page. Some names seen for this subdomain:
  • secure.: most common
  • ssl.: also common
  • various other more creative ones linked to the website theme itself, e.g.:
    • musical-fortune.net has a backstage.musical-fortune.net
The question is, is this part of some legitimate tooling that created such patterns? And if so which? Or are they actual hits with a new comms mechanism not previously seen?
The fact that:
  • hits of this type are so dense in the suspicious ranges
  • they are so stylistically similar between on another
  • citizenlabs specifically mentioned a "CGI" comms method
suggests to Ciro that they are an actual hit.
In particular, the secure and ssl ones are overused, and together with some heuristics allowed us to find our first two non Reuters ranges! Section "secure subdomain search on 2013 DNS Census"
Read the full article
JavaScript reverse engineering by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
Read the full article
Searching for Carson by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
Edit: Carson was found Oleg Shakirov's findingsby Oleg Shakirov: alljohnny.com, communicated at: twitter.com/shakirov2036/status/1746729471778988499, earliest archive from 2004 (!): web.archive.org/web/20040113025122/http://alljohnny.com/, The domain was hidden in plain sight, it was present in a not very visible watermark visible in the Reuters article screenshot! The watermark was added to the CIA to the background image, it is actually present on the website. In retrospect, it was actually present at on the expired domain trackers dataset, but the mega discrete all second word made Ciro Santilli miss it: github.com/cirosantilli/expired-domain-names-by-day-2015/blob/9d504f3b85364a64f7db93311e70011344cff788/07/05/02#L1572
Figure 1.
2004 Wayback Machine archive of alljohnny.com
.
What follows is the previous
The fact that the Reuters article has a screenshot of it, and therefore a Wayback Machine link, plus the specificity of the website topic, will likely keep Ciro awake at night for a while until someone finds that domain.
Some text visible on the Reuters screenshot:
  • Johnny Carson and The Tonight Show
  • Your Favorite Host and Comedic Genius
  • Submit Your Favorite Carson Moment
  • Heeere's Johnny!
    Holy crap, the "Here's Johnny" line from The Shining (1980) is a reference to Johnny Carson: www.youtube.com/watch?v=WDpipB4yehk, www.youtube.com/watch?v=aYnyPAkgyvc, Ciro never knew that... but every American would have understood it at the time.
It is unclear however if this text is plaintext or part of a an image.
Some failed attempts, either dry guesses or from DNS grepping dataset searches:
Searching the Wayback Machine proved fruitless. There is no full text search: Wayback Machine full text search, and a heuristic web.archive.org/web/20230000000000*/Johnny%20Carson search has relevant hits but not the one we want.
Another attempt was to search for "carson" on webmasterhome.cn which lists expired domains in bulk by expiration day, and it search engine friendly. It contains most of the domains we've found so far. Google either doesn't support partial word search or requires you to be a God to find it
so we settle for DuckDuckGo which supports it: duckduckgo.com/?q=site%3Awebmasterhome.cn+%22carson%22&t=h_&ia=web Adding years also helps: duckduckgo.com/?q=site%3Awebmasterhome.cn+%22carson%22+2011&ia=web with this we might be getting all possible results. Ciro went through all in 2011, 2012 and 2013 but no luck. Also fuck en.wikipedia.org/wiki/Carson_City,_Nevada and en.wikipedia.org/wiki/Carson,_California :-)
Let's search tools.whoisxmlapi.com/reverse-whois-search for "carson" contained in any historic domain name. 10,001 lines. Grepping those, no good Wayback machine hits for those that also contain "johnny" or "show". Data at: raw.githubusercontent.com/cirosantilli/media/master/cia-2010-covert-communication-websites/tools.whoisxmlapi.com_reverse-whois-search_carson.csv in case anyone want to try and dig...
Let's also search the fortuitously timed 2013 DNS Census.
Read the full article
Find missing hits in IP ranges by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
All IP ranges have some holes in them for which we don't have a domain name.
It is because there was nothing there, or just because we don't have a good enough reverse IP database?
It is possible that DomainTools could help with a more complete database, but its access is extremely expensive and out of reach at the moment.
Censys is another option that would be good to try.
Read the full article
How did Alexa find the domains? by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
It can't be HTML crawl because presumably there wouldn't have been links to those websites? Presumably this is why Common Crawl doesn't seem to have any hits.
So they must have had some kind of DNS A record database?
Or would IPv4 sweep have worked, without the Host header with the CIA's setup?
The same question also applies to the 2013 DNS Census. It has less hits, but still has many.
Whatever they did, we are so so glad that they did!
Read the full article
Non .com .net TLDs by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
.com and .net are very dominant. Here we list other choices made:
  • .info: has a few hits:
    • archived comms:
      • beyondthefringe.info
    • unarchived comms:
      • crickettoday.info
    • unarchived:
      • talkingpointnews.info
      • theventurenews.info
      • worldconcerns.info
    Did a full Wayback Machine CDX scanning on .info after:
    grep -e news -e noticias -e nouvelles -e world -e global
    That makes about 10k domains, so it's about the right size.
  • .org: has a least one hit, see: Are there .org hits?
  • .biz:
    • unarchived comms:
      • atthemovies.biz
Read the full article
AppImage by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
Read the full article
Crow intelligence experiment by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
Video 1.
Causal understanding of water displacement by a crow by PLOS Media (2014)
Source.
Read the full article
Cumbridge by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
The porn version of Crushbridge, died in 2020.
Read the full article
DeepMind project by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
Read the full article
Epoch (deep learning) by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
Read the full article
Batch size (deep learning) by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
Read the full article
Anyon by Ciro Santilli 35 Updated 2025-04-05 +Created 1970-01-01
View more
The name actually comes from "any". Amazing.
Can only exist in 2D surfaces, not 3D, where fermions and bosons are the only options.
All known anyons are quasiparticles.
Read the full article

There are unlisted articles, also show them or only show them.