Ciro Santilli @cirosantilli 40

Ciro Santilli 40 Created 2024-06-26 Updated 2025-07-16

 Read the full article

Lasers vs other light sources by

Ciro Santilli 40 Created 2024-06-26 Updated 2025-07-16

 View more

The key advantages of lasers over other light sources are:

lasers emit a narrow spectrum
it can be efficient collimated, while still emitting a lot of output power: Section "Why can't you collimate incoherent light as well as a laser?"
can be phase and polarization coherent, though it is not always the case? TODO.

One cool thing about lasers is that they rely on one specific atomic energy level transition to produce light. This is why they are able to to be so monchromatic. Compare this to:

incandescent bulbs: wide black-body radiation spectrum
LED: has a wider spectrum fundamentally related to an energy distribution, related: Why aren't LEDs monochromatic
TODO think a bit about fluorescent lamps. These also rely on atomic energy transitions, but many of them are present at once, which makes the spectrum very noisy. But would individual lines be very narrow?

As such, lasers manage to largely overcome "temperature distribution-like" effects that create wider wave spectrum

Video 1.

Crazy difference between 5W laser and 5W LED by Brainiac75

. Source. Baseic but good. Uses a laser photometer.

 Read the full article

Laser spectrum by

Ciro Santilli 40 Created 2024-06-26 Updated 2025-07-16

 View more

Video 1.

Spectrum of laser light by Shaoul Ezekiel

. Source. 2008, MIT.

 Read the full article

Twisted pair by

Ciro Santilli 40 Created 2024-06-26 Updated 2025-07-16

 View more

Video 1. Source. Cat 5e cable stripped

 Read the full article

Education of André-Marie Ampère by

Ciro Santilli 40 Created 2024-06-26 Updated 2025-07-16

 View more

en.wikipedia.org/w/index.php?title=Andr%C3%A9-Marie_Amp%C3%A8re&oldid=1211946256:

Jean-Jacques Ampère, a successful merchant, was an admirer of the philosophy of Jean-Jacques Rousseau, whose theories of education (as outlined in his treatise Émile) were the basis of Ampère's education. Rousseau believed that young boys should avoid formal schooling and pursue instead a "direct education from nature." Ampère's father actualized this ideal by allowing his son to educate himself within the walls of his well-stocked library.

TODO find the source for this.

 Read the full article

André-Marie Ampère by

Ciro Santilli 40 Created 2024-06-26 Updated 2025-07-16

 View more

 Read the full article

Electrical cable by

Ciro Santilli 40 Created 2024-06-26 Updated 2025-07-16

 View more

One more more electrical wires surrounded by an insulator.

 Read the full article

Oliver Heaviside by

Ciro Santilli 40 Created 2024-06-26 Updated 2025-07-16

 View more

He participated in the development of the electrical telegraph, and he did some good modeling work that improved the foundations of the field, notably creating the telegrapher's equations.

He was one of those idealists who just want to do some cool work even if they have to starve for it, people had to get a state pension for him for his contributions. Nice guy. en.wikipedia.org/w/index.php?title=Oliver_Heaviside&oldid=1230097796#Later_years_and_views:

In 1896, FitzGerald and John Perry obtained a civil list pension of £120 per year for Heaviside, who was now living in Devon, and persuaded him to accept it, after he had rejected other charitable offers from the Royal Society.

He also never married: www.nndb.com/people/627/000204015/

Figure 1.
Oliver Heaviside c. 1900
. Source.

 Read the full article

CIA 2010 covert communication websites / 2013 DNS census secureserver.net MX records intersection 2013 DNS Census virtual host cleanup by

Ciro Santilli 40 Created 2023-07-19 Updated 2025-07-16

 View more

We intersect 2013 DNS Census virtual host cleanup with 2013 DNS census MX records and that leaves 460k hits. We did lose a third on the the MX records as of 260 hits since secureserver.net is only used in 1/3 of sites, but we also concentrate 9x, so it may be worth it.

Then we Wayback Machine CDX scanning. it takes about 5 days, but it is manageale.

We did a full Wayback Machine CDX scanning for JAR, SWF and cgi-bin in those, but only found a single new hit:

63.130.160.50 theglobalheadlines.com. Just barely missed with our 2013 DNS Census virtual host cleanup heuristic keyword searches as we did think of both "global" and "headlines" in the "news" themes!

 Read the full article

CIA 2010 covert communication websites / iraniangoals.com by

Ciro Santilli 40 Updated 2025-07-16

 View more

whoisxmlapi WHOIS history April 11, 2011:

Created Date: March 6, 2008 00:00:00 UTC
Updated Date: March 7, 2011 00:00:00 UTC
Expires Date: March 6, 2014 00:00:00 UTC
Registrant Name: domainsbyproxy.com.
Registrant Organization: Domains by Proxy, Inc.
Registrant Street: 15111 N. Hayden Rd., Ste 160,
Registrant City: Scottsdale
Registrant State/Province: Arizona
Registrant Postal Code: 85260
Registrant Country: UNITED STATES
Name servers: NS29.WORLDNIC.COM|NS30.WORLDNIC.COM

Folowed by reuters registration in 2022.

whoisrequest.com/history/ mentions:

1 Apr, 2008: Domain created*, nameservers added. Nameservers:
ns1.webhostingpad.com
ns2.webhostingpad.com

 Read the full article

CIA 2010 covert communication websites / iraniangoalkicks.com by

Ciro Santilli 40 Updated 2025-07-16

 View more

whoisxmlapi WHOIS history March 23, 2011:

Created Date: April 9, 2007 00:00:00 UTC
Updated Date: March 2, 2011 00:00:00 UTC
Expires Date: April 9, 2011 00:00:00 UTC
Registrant Name: domainsbyproxy.com
Name servers: dns1.registrar-servers.com|dns2.registrar-servers.com

whoisrequest.com/history/ mentions:
1 May, 2007: Domain created*, nameservers added. Nameservers:

ns1.qwknetllc.com
ns2.qwknetllc.com

 Read the full article

CIA 2010 covert communication websites / activegameinfo.com by

Ciro Santilli 40 Updated 2025-07-16

 View more

whoisxmlapi WHOIS history March 22, 2011:

Registrar Name: NETWORK SOLUTIONS, LLC.
Created Date: January 26, 2010 00:00:00 UTC
Updated Date: November 27, 2010 00:00:00 UTC
Expires Date: January 26, 2012 00:00:00 UTC
Registrant Name: Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions
Registrant Street: PO Box 459
Registrant City: PA
Registrant State/Province: US
Registrant Postal Code: 18222
Registrant Country: UNITED STATES
Administrative Name: Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions
Administrative Street: PO Box 459
Administrative City: Drums
Administrative State/Province: PA
Administrative Postal Code: 18222
Administrative Country: UNITED STATES
Administrative Email: xc2mv7ur8cw@networksolutionsprivateregistration.com
Administrative Phone: 5707088780
Name servers: NS23.DOMAINCONTROL.COM|NS24.DOMAINCONTROL.COM

 Read the full article

CIA 2010 covert communication websites / feedsdemexicoyelmundo.com by

Ciro Santilli 40 Updated 2025-07-16

 View more

whoisxmlapi WHOIS record on April 28, 2011

Registrar Name: GODADDY.COM, INC
Created Date: February 9, 2010 00:00:00 UTC
Updated Date: February 9, 2010 00:00:00 UTC
Expires Date: February 9, 2015 00:00:00 UTC
Registrant Name: domainsbyproxy.com
Name servers: NS55.DOMAINCONTROL.COM|NS56.DOMAINCONTROL.COM

 Read the full article

CIA 2010 covert communication websites / noticiasmusica.net by

Ciro Santilli 40 Updated 2025-07-16

 View more

whoisxmlapi WHOIS record on September 13, 2011

Registrar Name: NETWORK SOLUTIONS, LLC
Created Date: February 17, 2010 00:00:00 UTC
Updated Date: February 17, 2010 00:00:00 UTC
Expires Date: February 17, 2015 00:00:00 UTC
Registrant Name: See, Megan|ATTN NOTICIASMUSICA.NET|care of Network Solutions
Registrant Street: PO Box 459
Registrant City: PA
Registrant State/Province: US
Registrant Postal Code: 18222
Registrant Country: UNITED STATES
Administrative Contact
Administrative Name: See, Megan|ATTN NOTICIASMUSICA.NET|care of Network Solutions
Administrative Street: PO Box 459
Administrative City: Drums
Administrative State/Province: PA
Administrative Postal Code: 18222
Administrative Country: UNITED STATES
Administrative Email: hf3eg77c4nn@networksolutionsprivateregistration.com
Administrative Phone: 5707088780
Name Servers: NS45.WORLDNIC.COM|NS46.WORLDNIC.COM

2012:

Registrant Country: PANAMA

 Read the full article

CIA 2010 covert communication websites / atomworldnews.com by

Ciro Santilli 40 Updated 2025-07-16

 View more

whoisxmlapi WHOIS record on April 17, 2011

Created Date: April 9, 2010 00:00:00 UTC
Updated Date: April 9, 2010 00:00:00 UTC
Expires Date: April 9, 2012 00:00:00 UTC
Registrant Name: domainsbyproxy.com
Name servers: NS33.DOMAINCONTROL.COM|NS34.DOMAINCONTROL.COM

 Read the full article

CIA 2010 covert communication websites / iranfootballsource.com by

Ciro Santilli 40 Updated 2025-07-16

 Read the full article

CIA 2010 covert communication websites / Hits without nearby IP hits by

Ciro Santilli 40 Updated 2025-07-16

 View more

Here we list of suspected domains for which the correct IP was apparently not found since there are no neighbouring hits.

These are suspicious, and suggest either that we didn't obtain the correct reverse IP, or a change in CIA methodology from an older time at which they were not yet using the obscene IP ranges.

For example, in the case of inews-today.com, 2013 DNS Census gave one IP 193.203.49.212, but then viewdns.info gave another one 66.175.106.146 which fit into an existing IP range, and which assumed to be the correct IP of interest.

A similar case happened when we found IP 212.209.74.126 for headlines2day.com with dnshistory.org: dnshistory.org/historical-dns-records/a/headlines2day.com.

It is also possible that some of them are simply false positives so they should be taken with a grain of salt. Further reverse engineering e.g. of comms or HTML analysis might be able to exclude some of them.

It is interesting to note that Reuters seems to have featured disproportionately many hits from that range, one wonders why that happened. It is possible that they chose these because they actually didn't have any nearby hits to give away less obvious information, though they did pick some from the ranges as wel.

In what follows we list the domains with possible reverse IPs and what was explored so far for each. We consider IPs not in a range to be uncertain, and that instead their domains might have been previously in a range which we

dailynewsandsports.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches

216.119.129.94. rdns source: viewdns.info "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2012-04-13". Tested viewdns.info range: 216.119.129.85 - 216.119.129.86, 216.119.129.89 - 216.119.129.99, ran out of queries for 87 and 88
- 216.119.129.90: eastdairies.com 2011-04-04. Promising name and date, but no archives alas.
- 216.119.129.97: miideaco.com 2016-02-01
216.119.129.114 Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches, also present on viewdns.info but at a later date from previous "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2013-11-29". Tested viewdns.info range: 216.119.129.109 - 216.119.129.119
- 216.119.129.110: dommoejmechty.com.ua. Legit.
- 216.119.129.111: dailybeatz.com: Legit
- 216.119.129.113:
  - audreygeneve.com
  - reyzheng.com
  - jacintorey.com
- 216.119.129.114: dailynewsandsports.com. hit.
- 216.119.129.115: afxchange.com legit/broken
- 216.119.129.116: danafunkfinancial.com: legit
208.73.33.194 on securitytrails.com
- 69.64.155.77 Amazon.com, Inc. 2008-12-10 (16 years) 2008-12-19 (16 years) 9 days
- 68.178.232.100 GoDaddy.com, LLC 2008-10-04 (16 years) 2008-11-02 (16 years) 29 days
- 208.73.33.194 Jumpline Inc 2008-09-01 (17 years) 2008-10-03 (16 years) 1 month

iranfootballsource.com:

34.98.99.30 Kansas City - United States Google LLC 2021-05-24
184.168.221.94 United States GoDaddy.com 2020-07-21
50.63.202.66 United States GoDaddy.com 2020-07-07
50.63.202.86 United States GoDaddy.com 2020-05-28
184.168.221.94 United States GoDaddy.com 2020-05-13
50.63.202.74 United States GoDaddy.com 2020-04-29
50.18.223.191 San Jose - United States Amazon.com 2015-03-23. Sources: 2013 DNS Census and viewdns.info
- no viewdns.info hits +- 10
85.13.200.108 United Kingdom Coreix Dedicated Customer Allocation 2013-06-30. Source: viewdns.info
- 85.13.200.108: 1000 hits, so unlikely to be the one

iraniangoalkicks.com:

68.178.232.100: treverse IP source: viewdns.info. see rastadirect.net.
208.71.138.130 2010-02-22 -> 2010-08-06, QWK.net Hosting, L.L.C.. source: dnshistory.org/historical-dns-records/a/iraniangoalkicks.com. Large shared hosting domain, no good nearby hits, several legit sites.
securitytrails.com/domain/iraniangoalkicks.com/history/a says:
- 2011-03-31 68.178.232.100
- 2008-09-01 208.71.138.130

iraniangoals.com:

68.178.232.100: see rastadirect.net
69.65.33.21 - Flushing - United States - GigeNET - 2011-09-08. Also at: dnshistory.org/historical-dns-records/a/iraniangoals.com 2009-08-03 -> 2011-01-12 69.65.33.21 viewdns.info/reverseip/?t=1&host=69.65.33.21 80 virtual nothing pops to eye on quick read:
- 69.65.33.2: onemincustomerservice.com. web.archive.org/web/20091015044922/http://www.onemincustomerservice.com/. Doesn't feel like a hit. cqcounter.com/whois/www/onemincustomerservice.com.html error
- 69.65.33.5: 400+ domains
- 69.65.33.6: 4 domains but recent resolutions only
- similar status for everything else withing +-20. A couple of domains, no easy hits
securitytrails.com/domain/iraniangoals.com/history/a same from 2008-09-17

football-enthusiast.com:

212.4.18.14: Tested viewdns.info range: 212.4.18.1 - 212.4.18.29. This is a curious case, rather close to 212.4.18.129 sightseeingnews.com, but not quite in the same range apparently. Viewdns.info also agrees on its history with only "212.4.18.14", "location" : "Milan - Italy", "owner" : "MCI Worldcom Italy Spa", "lastseen" : "2013-06-30" of interest.

cyhiraeth-intlnews.com:

dnshistory.org/historical-dns-records/a/cyhiraeth-intlnews.com 2009-07-31 -> 2011-01-05 0.0.0.0 WTF?
viewdns.info/iphistory/?domain=cyhiraeth-intlnews.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-27 virtual
- 0.0.0.0 Unknown Unknown 2011-07-02. Hmm also the 0.0.0.0. Weird!

news-latina.com: domainsbyproxy.com 2007-12-17

dnshistory.org/historical-dns-records/a/news-latina.com 2010-03-11 -> 2010-08-16 64.92.111.3. this has several hits for the same IP on DNS Census 2013 which is unusual. Tested viewdns.info range: 64.92.111.1 - 64.92.111.13
- 64.92.111.2 virtual
- 64.92.111.3 virtual
viewdns.info/iphistory/?domain=news-latina.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-08-11 virtual
- 64.92.111.3 United States MASSIVE-NETWORKS 2011-07-27 mdeium virtual viewdns.info/reverseip/?t=1&host=64.92.111.3

europeannewsflash.com:

viewdns.info/iphistory/?domain=europeannewsflash.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-10-09 virtual
- 216.131.66.209 San Francisco - United States STRTEC 2011-09-08. Tested viewdns.info range: 216.131.66.201 216.131.66.219
dnshistory.org/historical-dns-records/a/europeannewsflash.com 2010-02-06 -> 2010-08-02 216.131.66.209. Tested.

outlooknewscast.com:

dnshistory.org/historical-dns-records/a/outlooknewscast.com
- 2009-08-08 -> 2011-02-11 74.53.159.130. Tested viewdns.info range: 74.53.159.120 - 74.53.159.140
  - 74.53.159.130: aeromedhistory.org 2014-11-29
  - 74.53.159.130: mariposahorticultural.com 2022-11-28
  - 74.53.159.130: thewritestuffresume.com 2011-04-04. Legit.
viewdns.info/iphistory/?domain=outlooknewscast.com
- 204.93.178.121 Chicago - United States SERVERCENTRAL 2011-09-08. Tested viewdns.info range: 204.93.178.111 - 204.93.178.131. Skimmed through, nothing of great interest.
- 74.53.159.130 United States SOFTLAYER 2011-04-04. Tested.

24hoursprimenews.com:

dnshistory.org/historical-dns-records/a/24hoursprimenews.com 2009-12-14 -> 2011-10-04 216.9.68.24. Mid virtual: viewdns.info/reverseip/?t=1&host=216.9.68.24 had a quick look but no hits:
- web.archive.org/web/20110208211446/http://mynews-togo.com/ invalid page. dawhois.com/www/mynews-togo.com.html same.
- web.archive.org/web/20110207202025/http://nefiexpo.com/
viewdns.info/iphistory/?domain=24hoursprimenews.com 216.9.68.24 United States VONAGE-BUSINESS 2012-01-11. Tested.
securitytrails.com/domain/24hoursprimenews.com/history/a same

farsi-newsandweather.com:

dnshistory.org/historical-dns-records/a/farsi-newsandweather.com 2010-02-07 -> 2010-08-03 69.49.101.19. Tested viewdns.info range: 69.49.101.9 - 69.49.101.19
viewdns.info/iphistory/?domain=farsi-newsandweather.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-01-11 virtual
- 69.49.101.19 Canada INFB-AS 2011-11-13. Tested.

global-view-news.com:

dnshistory.org/historical-dns-records/a/global-view-news.com 2010-02-13 -> 2010-08-04 67.220.228.130. Tested viewdns.info range: 67.220.228.120 - 67.220.228.160:
- 67.220.228.150: investfromhome.co.uk 2011-09-05. No archives.
viewdns.info/iphistory/?domain=global-view-news.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-01-11 virtual
- 69.90.161.195 Canada COGECO-PEER1 2011-09-08. Unknown. Tested viewdns.info range: 69.90.161.185 69.90.161.205. Some virtual misses. viewdns.info/reverseip/?t=1&host=69.90.161.195 medium virtual, canada.

health-men-today.com:

dnshistory.org/historical-dns-records/a/health-men-today.com
- 2011-01-07 -> 2011-01-07 69.90.162.165. Tested viewdns.info range: 69.90.162.155 - 69.90.162.175. Virtuals.
- 2009-11-30 -> 2010-05-27 67.220.228.224. New range with global-view-news.com? Tested viewdns.info range: 67.220.228.214 67.220.228.234
  - 67.220.228.223: stagedwithdistinction.com 2011-10-09. One archive of godaddy only.
- 2009-08-01 -> 2009-09-19 69.42.58.50. Tested viewdns.info range: 69.42.58.40 - 69.42.58.60. Virtuals, canada.
viewdns.info/iphistory/?domain=health-men-today.com
- 204.11.56.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2014-04-19. Virtuals.
- 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Unknown range.
- 69.90.162.165 Canada COGECO-PEER1 2012-06-29. Tested.
securitytrails.com/domain/health-men-today.com/history/a
- 69.42.58.50 Aptum Technologies 2008-09-01 (17 years) 2008-09-04 (17 years) 3 days

firstnewssource.com:

dnshistory.org/historical-dns-records/a/firstnewssource.com
- 2010-02-09 -> 2010-02-09 67.220.228.150 TODO new range with global-view-news.com? Tested.
- 2010-08-03 -> 2010-08-03 69.90.162.70 TODO new range with global-view-news.com?

pars-technews.com:

dnshistory.org/historical-dns-records/a/pars-technews.com 2009-08-08 -> 2011-02-13 74.220.219.104 Tested viewdns.info range: 74.220.219.94 74.220.219.114. viewdns.info/reverseip/?t=1&host=74.220.219.104 medium virtual haven't bothered much.
viewdns.info/iphistory/?domain=pars-technews.com 74.220.219.104 United States UNIFIEDLAYER-AS-1 2012-11-12. Tested.

newdaynewsonline.com:

dnshistory.org/historical-dns-records/a/newdaynewsonline.com 2010-03-10 -> 2010-08-15 76.163.54.16. Tested viewdns.info range: 76.163.54.6 76.163.54.26. viewdns.info/reverseip/?t=1&host=76.163.54.16 empty.
- 76.163.54.23: leewoodwork.com 2014-07-05
viewdns.info/iphistory/?domain=newdaynewsonline.com
- 74.91.154.56 United States INTERNAP-BLOCK-4 2012-11-12 unknown range. Tested viewdns.info range: 74.91.154.46 74.91.154.66
  - 74.91.154.61: benefitsla.com 2013-04-21. Legit.
- 76.163.54.16 United States WINDSTREAM 2011-09-08 unknown range. Tested.

sportsnewsfinder.com:

dnshistory.org/historical-dns-records/a/sportsnewsfinder.com 2009-08-11 -> 2011-02-24 66.113.196.128. Tested viewdns.info range: 66.113.196.118 66.113.196.138. viewdns.info/reverseip/?t=1&host=66.113.196.128 empty.
viewdns.info/iphistory/?domain=sportsnewsfinder.com
- 50.63.202.58 United States AS-26496-GO-DADDY-COM-LLC 2013-03-23 some similar hits on other sites, possibly all flukes
- 207.150.219.159 United States AFFINITY-INTER 2013-03-02
- 66.113.196.128 United States NETNATION 2012-01-11. Tested.

newsworldsite.com:

viewdns.info/iphistory/?domain=newsworldsite.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2013-05-20 big virtual
- 204.93.159.80 Chicago - United States SERVERCENTRAL 2013-04-21. Tested viewdns.info range: 204.93.159.70 204.93.159.90. viewdns.info/reverseip/?t=1&host=204.93.159.80 medium virtual.
  - 204.93.159.84: team-merk.com 2011-08-11. No archives.

todaysnewsreports.net:

viewdns.info/iphistory/?domain=todaysnewsreports.net
- 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-07-01
- 205.178.189.129 United States NETWORK-SOLUTIONS-HOSTING 2013-05-20 likely virtual
- 173.255.131.72 Reno - United States UK-2 Limited 2012-08-27. Tested viewdns.info range: 173.255.131.62 173.255.131.82. Virtual and modern hits only.
- 67.213.211.232 United States UK-2 Limited 2011-09-07 unknown. Tested viewdns.info range: 67.213.211.222 67.213.211.242. viewdns.info/reverseip/?t=1&host=67.213.211.232 empty.
  - 67.213.211.236: icf-finan.com 2015-01-20
  - 67.213.211.237: playinside.me 2016-02-04. Nice domain hack, but no.
  - 67.213.211.239: reality-sexxx.com 2011-09-08

hassannews.net:

viewdns.info/iphistory/?domain=hassannews.net
- 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-07-08
- 205.178.189.131 United States NETWORK-SOLUTIONS-HOSTING 2013-07-01. Likely virtual.

todayoutdoors.com:

dnshistory.org/historical-dns-records/a/todayoutdoors.com
- 2009-08-11 -> 2010-07-07 174.133.44.90. Tested viewdns.info range: 174.133.44.80 174.133.44.100. Virtual and modern. viewdns.info/reverseip/?t=1&host=174.133.44.90 two modern domains.
- 2011-03-01 -> 2011-03-01 174.123.172.82 unknown. Tested viewdns.info range: 174.123.172.72 174.123.172.92. Virtuals.
viewdns.info/iphistory/?domain=todayoutdoors.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-02 virtual
- 174.123.172.82 United States SOFTLAYER 2011-04-04. Tested.

globaltourist.net:

dnshistory.org/historical-dns-records/a/ 2009-07-30 -> 2011-01-01 69.59.20.215 unknown. Tested viewdns.info range: 69.59.20.205 69.59.20.225. Virtuals.
viewdns.info/iphistory/?domain=globaltourist.net
- 216.172.170.14 United States NETWORK-SOLUTIONS-HOSTING 2013-07-08
- 216.21.239.197 United States NETWORK-SOLUTIONS-HOSTING 2012-06-25
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-04-09 big virtual
- 174.136.34.154 United States IHNET 2012-03-12 unknown. Tested viewdns.info range: 174.136.34.144 174.136.34.164
- 74.119.145.101 Frankfurt am Main - Germany PERFORMIVE 2011-09-07. Tested viewdns.info range: 74.119.145.91 74.119.145.111. One virtual.
- 69.59.20.215 United States ATLRETAIL 2011-06-22. Tested viewdns.info/reverseip/?t=1&host=69.59.20.215
  - web.archive.org/web/20080521063605/http://piasawine.com/ index of

terrain-news.com:

JAR
viewdns.info/iphistory/?domain=terrain-news.com None in simple ranges.
- 204.11.56.25 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-11-08. Virtuals.
- 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Virtual 167. viewdns.info/reverseip/?host=208.91.197.19&t=1 not very promising.
  - eurotravelnyc.com legit web.archive.org/web/20110201195411/http://eurotravelnyc.com/
- 208.187.167.20 United States DATANOC 2012-01-11. Tested viewdns.info range: 208.187.167.10 208.187.167.30. Newer domains. viewdns.info/reverseip/?t=1&host=208.187.167.20 only has one conck.ooo. WTF.
securitytrails.com/domain/terrain-news.com/history/a same:
- 208.91.197.19 Confluence Networks Inc 2012-05-12 (13 years) 2012-05-31 (13 years) 19 days
- 208.187.167.20 Lanset America Corporation 2008-11-12 (16 years) 2009-12-09 (15 years) 1 year

intlnewsdaily.com

dnshistory.org/historical-dns-records/a/intlnewsdaily.com 2010-02-21 -> 2010-08-06 75.126.136.179. unknown range. viewdns.info/reverseip/?t=1&host=75.126.136.179 empty checked 75.126.136.171 - 75.126.136.179
viewdns.info/iphistory/?domain=intlnewsdaily.com
- 208.91.197.19 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-05-20. Virtual. Tested.
- 63.247.95.50 Austell - United States NTHL 2012-06-29 unknown. Tested viewdns.info range: 63.247.95.40 63.247.95.60
  - 63.247.95.50: 2b-sports.com 2013-04-21
  - 63.247.95.50: caldentalinsurance.com 2014-07-05
  - 63.247.95.50: cameronbal-photography.com 2012-06-29
  - 63.247.95.50: congbetham.com 2014-07-05
  - 63.247.95.50: essentialintelligenceagency.com 2023-03-07
  - 63.247.95.50: isabellavalentina.com 2014-07-05
  - 63.247.95.50: jhraccounting.com.au 2021-05-03
  - 63.247.95.50: missouribreaks294.com 2012-06-29
  - 63.247.95.50: startorganize.com 2011-08-11
  - 63.247.95.50: tifocus.net 2011-08-11
  - 63.247.95.50: tifocus.org 2011-08-10
  - 63.247.95.50: whitepartyorlando.com 2012-01-11
- 204.11.56.25 (ipinf.ru) viewdns.info/reverseip/?t=1&host=204.11.56.25 Virtual 2,999
securitytrails.com/domain/intlnewsdaily.com/history/a empty on dates

opensourcenewstoday.com:

viewdns.info/iphistory/?domain=opensourcenewstoday.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-11-13 virtual
- 64.16.193.48 Riyadh - Saudi Arabia Saudi Telecom Company JSC 2011-09-08. Tested viewdns.info range: 64.16.193.38 64.16.193.55. Ran out. viewdns.info/reverseip/?t=1&host=64.16.193.48 virtual 55, lots of porn
securitytrails.com/domain/opensourcenewstoday.com/history/a
- 64.16.193.48 Saudi Telecom Company JSC 2010-05-04 (15 years) 2010-05-20 (15 years) 16 days

techwatchtoday.com:

viewdns.info/iphistory/?domain=techwatchtoday.com
- 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-11-29 virtual
- 66.11.225.226 United States TNWEB-LEW-001 2012-01-11 unknown. Checked 66.11.225.220 - 66.11.225.233
dnshistory.org/historical-dns-records/a/techwatchtoday.com 2009-08-11 -> 2011-02-26 66.11.225.226 big shared host
securitytrails.com/domain/techwatchtoday.com/history/a same
- 66.11.225.226 TNWEB LLC 2008-11-04 (16 years) 2009-04-10 (16 years) 5 months

 Read the full article

CIA 2010 covert communication websites / Hits with nearby IP hits by

Ciro Santilli 40 Updated 2025-08-08

 View more

62.22.60.49: telecom-headlines.com. UUNET in Spain. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just before worldnewsnetworking.com. Tested viewdns.info range: 62.22.60.34 - 62.22.60.66

62.22.60.33: newsperk.com. Almost certainly a hit. Stylistically perfect, rss-item. But no comms not found. Ennerving! 2011. English. Egypt. news. Later legitimately reused.
62.22.60.34: freeslideshow.net. Legit? Attempting to open any HTML archives leads to an infinite page load loop, e.g. 2010. A subpage however exists: web.archive.org/web/20101230001640/http://freeslideshow.net/index_files/a.htm and appears legit.
62.22.60.40: travel-passage.com. Hit.
62.22.60.42: newsupdatesite.com. Hit.
62.22.60.46: flyingtimeline.com. Hit.
62.22.60.47: globalemergenceadvisorsbkserver.com. Legit.
62.22.60.48: currentcommunique.com. Hit.
62.22.60.49: telecom-headlines.com. Hit.
62.22.60.52: collectedmedias.com. Hit.
62.22.60.54: romulusactualites.com. Hit.
62.22.60.55: thefilmcentre.com. Hit.
62.22.60.56: traveltimenews.com. Hit.

62.22.61.206 worldnewsnetworking.com. UUNET in Spain. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 62.22.61.188 - 62.22.61.224

62.22.61.193: awfaoi.org. Hit.
62.22.61.197: rc5sports.com. Hit.
62.22.61.198: inside-vc.com. Hit.
62.22.61.200: zerosandonesnews.com. Hit.
62.22.61.202: bailsnboots.com. Hit.
62.22.61.203: the-cricketer-online.com. Hit.
62.22.61.204: hollywoodscreen.net. Hit.
62.22.61.206: worldnewsnetworking.com. Hit.
62.22.61.212: nuestrasfinanzas.com. Hit.
62.22.61.213: sandstormnews.com. Hit.
62.22.61.215: the-tech-mind.com. Hit.
62.22.61.217: court-masters.com. Hit.
62.22.61.219: allworldstatistics.com. Hit.
62.22.61.220: newsjaka.com. Hit.
62.22.61.221: biochemresource.com. Archive broken/empty. One archive: contains an epically long URL that might shed light into something: web.archive.org/web/20120529121245/http://www.biochemresource.com/?fp=iboHtuxnjLG66y52DkK1xCFuZDBnVC8wovQepLt2Tk%2Bo1JIgIdVb6WL8kv6sSOEtxwcq4EbiJ0GxFY9N6HSWlg%3D%3D&prvtof=97vgfKVqt1Sd68qgNDPXB0o7Rwo%2FO3GKiiMG7fane6A%3D&poru=Zd9DHFaHFZ6ZrRLm8SW3egagqvdpzHhWb%2FoulRGeEYIUSVATB5gwTIDhluetONjG7xovtb%2FrvDStoqiAF1O8wA%3D%3D&. Asked at: stackoverflow.com/questions/47310661/any-idea-what-are-fp-prvtof-poru-in-a-url but no reply so far. One day my friend, one day. cqcounter.com/whois/www/biochemresource.com.html not found.
62.22.61.222: www.news-blitz-ar.com (ipinf.ru). No archives. Perfect domain name theme match. cqcounter.com/whois/www/news-blitz-ar.com.html not found.

65.218.91.17 alljohnny.com. UUNET in United States. One of the Reuters websites.

208.91.197.132: rdns source: viewdns.info. Big virtual.
65.218.91.17: rdns source? : viewdns.info. Tested viewdns.info range: 65.218.91.13 - 65.218.91. 17
- 65.218.91.9: welcometonyc.net. Hit. rdns source: ipinf.ru. Later also at 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-10-21 by viewdns.info
  - rolling-in-rapids.com. Hit.
- 65.218.91.17
  - international-smallbusiness.com. Stylitsic match, but some uncommon features like the country seelctor dropdown.
    Archives:
    web.archive.org/web/20110202031627/http://international-smallbusiness.com/
    web.archive.org/web/20120114080103/http://www.international-smallbusiness.com:80/sa.html
    web.archive.org/web/20110202031657/http://international-smallbusiness.com/style.css
    Also a potential unarchived CGI comms: web.archive.org/web/20110202031627/https://ssl.international-smallbusiness.com/cgi-bin/starting.cgi Perhaps with some better HTML reversing we could confirm a hit. Same registrar as alljohnny "L. Glaze" fuck me.
    208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-10-19. Big virtual.
    65.218.91.17 United States UUNET 2013-09-06
216.168.229.50: whoisxmlapi 2008-09-01 (15 years) 2010-04-17. Checked viewdns.info range: 216.168.229.45 - 216.168.229.55. viewdns.info/reverseip/?t=1&host=216.168.229.50 3k domains.

63.131.229.12 cyberreportagenews.com. ADHOST in Coeur d'Alene - United States. Tested viewdns.info range: 63.131.228.248 - 63.131.229.30

63.131.229.2: fightskillsresource.com. Hit
63.131.229.4: unitedterritorynews.com. Hit
63.131.229.9: show-dustry.com. Hit
63.131.229.10: afghanpoetry.net. Hit. Also at 74.254.12.166 in another range.
63.131.229.11: mythriftytrip.com. Hit
63.131.229.12: cyberreportagenews.com. Hit.
63.131.229.13: sunrise-news.com. Hit.
63.131.229.15: cricketnewsforindia.com. Hit.
63.131.229.16:
- nutricion-saludable.info. No archives. cqcounter.com/whois/www/nutricion-saludable.info.html has the exact same screenshot at the .net one, so also hit.
- nutricion-saludable.net. Hit.
63.131.229.18: itnl-xchange.com. Hit.
63.131.229.20:
- fixashion.net. Hit.
- a few others

63.130.160.50 theglobalheadlines.com. CW Vodafone Group PLC in United States. Found with: 2013 DNS census secureserver.net MX records intersection 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 63.130.160.35 - 63.130.160.75

63.130.160.50: theglobalheadlines.com. Hit.
63.130.160.51:
- hai-pow.com. Hit.
- secudenetworksecurity.com. No archives. cqcounter.com/whois/www/secudenetworksecurity.com.html blank image.
63.130.160.53: echessnews.com. Hit.
63.130.160.59: technologiewissen.com. No archives from the time. Would be Technology knowledge in German, so another likely German hit. Shame. cqcounter.com/whois/www/technologiewissen.com.html empty
63.130.160.60: boxingstop.net. Hit.
63.130.160.61: bookmarksthis.com. Hit.
63.130.160.62: azerinews.org. Hit.

64.16.204.55 holein1news.com. Saudi Telecom Company JSC in Saudi Arabia. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 64.16.204.50 - 64.16.204.63. With did Wayback Machine have so few archives here? TODO stopping viewdns.info exploration a bit short due to that.

64.16.204.35: ironcityfootball.com. web.archive.org/web/20080510230549/ironcityfootball.com Legit/broke. cqcounter.com/whois/www/ironcityfootball.com.html from 2011 could be in style though... "Iron City" is a historical nickname for Pittsburgh, Pennsylvania.
64.16.204.51: africannewsandsports.com. No archives. rdns source: viewdns.info. cqcounter.com/whois/www/africannewsandsports.com.html not found.
64.16.204.53: bosniakbusinessnews.com. Hit.
64.16.204.54: affairesdumonde.com. Hit.
64.16.204.55: holein1news.com. Hit.
64.16.204.56: fightorgohome.com. Uncertain. domainsbyproxy.com. Created: 2011-03-28. No archives. rdns source: viewdns.info cqcounter.com/whois/www/fightorgohome.com.html from 2011 not very typical but possible. Has a "Login" link visible for possible comms. The domain name is typical...
64.16.204.58: tech-topix.com. Hit.
64.16.204.60: pakpoldaily.com. No archives. rdns source: viewdns.info. TODO meaning? Might be Indonesian, maybe linked to police: www.facebook.com/watch/?v=880204266271955 cqcounter.com/whois/www/pakpoldaily.com.html not found.

65.61.127.163 capture-nature.com. ADHOST in Greenacres - United States. whois.arin.net/rest/net/NET-65-61-96-0-1/pft?s=65.61.127.163: Net Range: 65.61.96.0 - 65.61.127.255. Organization. Name: TierPoint, LLC. Tested viewdns.info range: 65.61.127.149 -

65.61.127.46: anahuacchamber.com 2012-12-22T14:59:01
65.61.127.117: medicaresupplementalinsurance.com, 2013-08-21T09:49:41. Legit.
65.61.127.121: counter-images.com 2013-08-22T11:14:44: web.archive.org/web/20110208173132/http://www.counter-images.com/ Empty.
65.61.127.125 zaphound.com 2013-08-21T02:25:40. Legit.
65.61.127.130: ambitions.org 2013-08-22T01:43:40. Legit.
65.61.127.161: european-footballer.com. Hit.
65.61.127.163: capture-nature.com. Hit.
65.61.127.164: futbolistico.net. 2012-02-20T03:25:33. Legit. web.archive.org/web/20130509004058/http://futbolistico.net/
65.61.127.165: travelconnectionsonline.com. Ciro initially though this might be a hit. But upon Googling it, there's now a mirror at: travelconn.tripod.com/. Combined with the lack of a standard communications mechanism and the 2001 copyright, maybe it isn't a hit after all
65.61.127.166: globalnewsbulletin.com: Hit.
65.61.127.167: internationalwhiskylounge.com. Hit.
65.61.127.168: the-golden-rule.info 2013-09-20T02:13:52. Hit.
65.61.127.169: crossovernews.net. Hit.
65.61.127.170: newsidori.com. Hit.
65.61.127.171: nrgconsultingandnews.com. Hit. 2013-08-13T18:45:05
65.61.127.172: premierstriker.com. Hit. 2012-01-11
65.61.127.174: dedrickonline.com. Hit.
65.61.127.175: altworldnews.com. Hit.
65.61.127.176: american-historyonline.com. Hit. 2011-09-08
65.61.127.177: material-science.org. Hit.
65.61.127.178: tee-shot.net. Hit.
65.61.127.180: screencentral.info. Hit.
65.61.127.181: worldnewsandtravel.com. Hit. 2011-11-13
65.61.127.182: pangawana.com. Hit.
65.61.127.183: cutabovenews.com. Hit.
65.61.127.184: worldwildlifeadventure.com. Hit.
65.61.127.186: explorealtmeds.com. Hit.
65.61.127.194: 16 domains, so unclear.
- about-video-games.com: web.archive.org/web/20121013013710/http://about-video-games.com/ off
- aboutfaceonline.com: web.archive.org/web/20120701000000*/aboutfaceonline.com off
65.61.127.200: cdl-link.com (ipinf.ru). Legit.
65.61.127.222: asianwhitecoffee.com 2012-07-16T09:21:05 web.archive.org/web/20110903080036/http://asianwhitecoffee.com/. Could be legit.

66.45.179.205 noticiasporjanua.com. ADHOST in Edmonds - United States. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 66.45.179.187 - 66.45.179.223

66.45.179.187: mail03.gatesfoundation.org. Legit.
66.45.179.192: thegraceofislam.com. Hit.
66.45.179.193: arabicnewsunfiltered.com. Hit.
66.45.179.194: raulsonsglobalnews.com. Hit.
66.45.179.195: aryannews.net. Hit.
66.45.179.199: attivitaestremi.com. Hit.
66.45.179.200: foodwineandsuch.com. Hit.
66.45.179.201: hitthepavementnow.com. Hit.
66.45.179.203: noticiascontinental.com. Hit.
66.45.179.205: noticiasporjanua.com. Hit.
66.45.179.206: podisticamondiale.com. Hit.
66.45.179.207: reflectordenoticias.com. Hit.
66.45.179.208: havenofgamerz.com. Hit.
66.45.179.209: vejaaeuropa.com. Hit.
66.45.179.210: sa-michigan.com. Hit.
66.45.179.211: absolutebearing.net. Hit.
66.45.179.212: grandretirement.net. No archives. cqcounter.com/whois/www/grandretirement.net.html blank image.
66.45.179.213: myportaltonews.com. Hit.
66.45.179.214: investmentintellect.com. Hit.
66.45.179.215: nigeriastar.net 2012-03-12. Hit.

66.104.169.184 bcenews.com. XO-AS15 in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.169.158 - 66.104.169.189

66.104.169.162: bestsportsnews.net. Archive broken. cqcounter.com/whois/www/bestsportsnews.net.html error not found.
66.104.169.163: doctorsoncallsite.com. Hit. domainsbyproxy.com
66.104.169.164: lightandshadowonline.com. Hit. domainsbyproxy.com. Created: 2007-11-27. Updated: 2012-06-06.
66.104.169.168: plugged-into-news.net. Hit. Network Solutions, LLC. Registrant: Godfrey Hubbard.
66.104.169.169: worldsportsite.com. Hit. domainsbyproxy.com. Created: 2009-05-20.
66.104.169.171: golf-on-holiday.com. Hit. Network Solutions, LLC. Registrant: Tammy Pulley.
66.104.169.172: perspectiva-noticias.com. Hit. domainsbyproxy.com. Created: 2009-04-28.
66.104.169.175: aquaswimming.com. Hit. domainsbyproxy.com
66.104.169.177: dojo-temple.com. Hit. domainsbyproxy.com
66.104.169.179: neighbour-news.com. Hit. domainsbyproxy.com
66.104.169.180: medicatechinfo.com. Hit. Network Solutions, LLC. Registrant: Jason Noll.
- 205.178.189.131: securitytrails.com 2009-06-25 - 2009-07-02 Network Solutions, LLC., "ip_count": 726755. Moved to new one 2009-07-02 - 2010-11-03
66.104.169.181: brickmanfinancialnews.com. Hit. domainsbyproxy.com
66.104.169.182: casanewsnow.com. Hit. domainsbyproxy.com
66.104.169.183: aworldofnews.com. No archives. cqcounter.com/whois/www/aworldofnews.com.html blank image
66.104.169.184: bcenews.com. Hit.
66.104.169.197: teamshula.com. Legit.

66.104.173.186 myworldlymusic.com. XO-AS15 in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.173.158 - 66.104.173.194

66.104.173.161: fanatic-pc-gamers.com. domainsbyproxy.com. 2013: Welcome to the US Petabox. cqcounter.com/whois/www/fanatic-pc-gamers.com.html somewhat in-style with large "Login to our Members Forum" message and copyright 2005.
66.104.173.163: runakonews.com. Hit.
66.104.173.164: shoppingadventure.net. Hit.
66.104.173.165: entertaining-ly.com. Hit. Network Solutions, LLC for Matthew Sorrell. tools.whoisxmlapi.com/reverse-whois-search hits:
- premier-fishing-tips.com. Legit with photos and mention of Matthew Sorrell: web.archive.org/web/20110129024453/http://www.premier-fishing-tips.com/ Still live as of 2025.
  Sincerely,
  Matthew Sorrell
  Webmaster, Premier-Fishing-Tips.com
- entertaining-ly.com
66.104.173.166: zubeenews.com. Hit. domainsbyproxy.com
66.104.173.169: smart-financeology.com. Hit. domainsbyproxy.com
66.104.173.173: remarkably has two potential hits, both shown in viewdns.info, and one of them was also in the 2013 DNS Census.
- worldfeedstoday.com. Hit. Network Solutions, LLC + Perfect Privacy LLC.
- world-newsfeeds.com. No archives. cqcounter.com/whois/www/world-newsfeeds.com.html blank image.
66.104.173.175: media-coverage-now.com. Hit. domainsbyproxy.com
66.104.173.176: jbc-online-news.com. Hit. domainsbyproxy.com
66.104.173.177: webscooper.com. Hit.
66.104.173.178: dk-dcinvestment.com. Hit. domainsbyproxy.com
66.104.173.179: newsforthetech.com. Hit. domainsbyproxy.com
66.104.173.180: stara-turistick.com. Hit. domainsbyproxy.com
66.104.173.181: playbackpolitics.com. Hit. domainsbyproxy.com
66.104.173.182: snapnewsfront.net. Hit. domainsbyproxy.com
66.104.173.183: ingenuitytrendz.com. Hit. domainsbyproxy.com
66.104.173.184: armashoy.com. Hit. domainsbyproxy.com
66.104.173.185: baocontact.com. Hit. Godaddy for a "Denise Welch":
```
"name": "Denise Welch",
"organization": null,
"street": "Box 288",
"city": "Macdona",
"state": "Texas",
"postalCode": "78054",
"country": "UNITED STATES",
```
tools.whoisxmlapi.com/reverse-whois-search has 151 results, some inspections:
- web.archive.org/web/20160610031345/http://socialmediamagazine.biz/ legit Denise Welch, President
- web.archive.org/web/20211126033925/http://allofmywishes.com/ no relevant archives
- web.archive.org/web/20110208070523/pet-a-bration.com no archives
Reducing a bit searching for Macdona as city gives only 19 hits:
- web.archive.org/web/20111126163259/http://tamilupgraded.com/ 19 Archives broken. cqcounter.com/whois/www/tamilupgraded.com.html off style.
- web.archive.org/web/20080115063123/http://www.zirnitrasports.com/ suspicious but quite broken. Arabic. Split images. Comms not found. cqcounter.com/whois/www/zirnitrasports.com.html in-style. viewdns.info/iphistory/?domain=zirnitrasports.com. Members/register at top linking to web.archive.org/web/20080115220218/http://www.zirnitrasports.com/reg.html
  - 216.180.224.58 British Virgin Islands NTHL 2012-01-11. viewdns.info/reverseip/?t=1&host=216.180.224.58 small virtual. Also searched 216.180.224.50 - 216.180.224.65
    dare2wearts.com 2012-06-29 No archives.
    keralaaicuf.com 2012-09-21. No archives.
    kids-ireland.com 2011-11-13 web.archive.org/web/20110128075525/http://kids-ireland.com/ off
    makeupbyjadab.com 2012-11-12. Off
    socalfitnessbootcamp.com 2012-06-29. Off
    unitedwelfareservices.com 2012-11-12. No archives.
    zirnitrasports.com 2012-01-11
- bontonphoto.com web.archive.org/web/20100605033030/http://www.bontonphoto.com/ suspicious with members linking to web.archive.org/web/20130826142257/https://bonto001.secure.omnis.com/cgi-bin/main.cgi www.omnis.com/ is a hosting service.
  - web.archive.org/web/20130528074647/http://bontonphoto.com/ better screenshot has a news link.. cqcounter.com/whois/www/bontonphoto.com.html empty
- olqhchurch.com web.archive.org/web/20110201182208/http://olqhchurch.com/ dead, cqcounter.com/whois/www/olqhchurch.com.html not found
66.104.173.186: myworldlymusic.com. Hit.
66.104.173.189: hitpoint-gaming.com. Hit. Network Solutions, LLC + perfect privacy.

66.104.175.40 beyondnetworknews.com. XO-AS15 in United States. whois.arin.net/rest/net/NET-66-104-0-0-1/pft?s=66.104.175.40. Net Range:66.104.0.0 - 66.107.255.255. 2012 Internet Census puts most/all hits in this range under ip66-104-175-34.z175-104-66.customer.algx.net, algx.net redirects to verizon.com as of 2023. Related: superuser.com/questions/956568/why-are-my-pings-going-to-customer-algx-net. Tested viewdns.info range: 66.104.175.24 - unknown

66.104.175.34: itwebtoday.com. Hit. domainsbyproxy.com
66.104.175.35: drglobalnews.com. Hit.
66.104.175.36: adilnews.net. Hit.
66.104.175.37: technewstogo.com. web.archive.org/web/20110201205946/http://technewstogo.com/ "UNDER CONSTRUCTION" cqcounter.com/whois/www/technewstogo.com.html same.
66.104.175.40: beyondnetworknews.com. Hit.
66.104.175.41: grubbersworldrugbynews.com. Hit. domainsbyproxy.com
66.104.175.42: news-and-sports.com. Hit.
66.104.175.44: yourtripfinder.net. Hit. domainsbyproxy.com
66.104.175.45: rollinsnetwork.com. Hit. domainsbyproxy.com
66.104.175.46: infosharenews.com. Hit.
66.104.175.47: southasiaheadlines.com. Hit.
66.104.175.48: worlddispatch.net. Hit.
66.104.175.49: webworldsports.com. Hit.
66.104.175.50: fly-bybirdies.com. Hit.
66.104.175.51: businessexchangetoday.com. Hit.
66.104.175.52: mensajeradenoticias.com. Hit. domainsbyproxy.com
66.104.175.53: info-ology.net. Hit.
66.104.175.54: marketflows.net. Hit. domainsbyproxy.com
66.104.175.57: metanewsdaily.com. Hit.
66.104.175.218: remote.taxconsultantsgroup.com. No archives. cqcounter.com/whois/www/taxconsultantsgroup.com.html commercial so unlikely

66.175.106.148 activegaminginfo.com. UUNET in United States. whois.arin.net/rest/net/NET-66-175-106-128-1/pft?s=66.175.106.148: Net Range: 66.175.106.128 - 66.175.106.159. Customer Name: DIAMOND-COLESON. Tested viewdns.info range: 66.175.106.131 - 66.175.106.178

66.175.106.10: nationalchecktrust.com. Legit?
66.175.106.134: paddlescoop.com. Hit.
66.175.106.137: kessingerssportsnews.com. Hit. Network Solutions: Latimer, Daniel
```
"name": "Latimer, Daniel|ATTN KESSINGERSSPORTSNEWS.COM|care of Network Solutions",
"organization": null,
"street": "PO Box 459",
"city": "PA",
"state": "US",
"postalCode": "18222",
"country": "UNITED STATES",
```
12 hits for name but nothing else looks promissing:
- element42.au
- refugeministryoils.com
- element42.com.au
- refugeloveministry.net
- refugeloveministry.com
- boysofrockingham.com
- daniellatimer.net
- thejourneytoyourheart.com. web.archive.org/web/20130925191623/http://thejourneytoyourheart.com/ empty cqcounter.com/whois/www/thejourneytoyourheart.com.html not found
- latimerstudio.com
- latimerstudios.com
- danlatimer.com
- kessingerssportsnews.com
66.175.106.138: factorforcenews.com. Hit. domainsbyproxy.com
66.175.106.140: aroundthemiddleeast.com. No Wayback Machine hits. Last resolved: 2012-06-29. cqcounter.com/whois/www/aroundthemiddleeast.com.html not found.
66.175.106.142: kanata-news.com. Hit. domainsbyproxy.com
66.175.106.143: thecricketfan.com. Hit.
66.175.106.146: inews-today.com. Initially found with 2013 DNS Census virtual host cleanup heuristic keyword searches which gave IP address 193.203.49.212. But that has no nearby hits. 66.175.106.146 was later found on viewdns.info, and slotted into this other existing IP range.
- 193.203.49.211 datingso.com: legit? Russian dating website
- 193.203.49.212 inews-today.com. Hit.
- 193.203.49.223 zatysi.net: legit
- 193.203.49.226 kinotopik.com: legit? Russian
- 193.203.49.229 rotor-volgograd.com. Legit.
- 193.203.49.233 ordercytotec.com. Broken. cqcounter.com/whois/www/ordercytotec.com.html not found.
66.175.106.147: starwarsweb.net. Hit.
66.175.106.148: activegaminginfo.com. Hit. Network Solutions, LLC for Elizabeth Corral. tools.whoisxmlapi.com/reverse-whois-search reverse search "Corral, Elizabeth" only has that hit
66.175.106.149: feedsdemexicoyelmundo.com. Hit.
66.175.106.150: noticiasmusica.net. Hit. Network Solutions, LLC for Megan See. tools.whoisxmlapi.com/reverse-whois-search only this hit.
66.175.106.155: atomworldnews.com. Hit. domainsbyproxy.com
66.175.106.158: nouvellesetdesrapports.com. Hit.
66.175.106.166: exchange.katzbarron.com. Legit. Reverse IP source: 2012 Internet Census
66.175.106.183: mail.lfdatacenter.com. No archives.

66.237.236.247 comunidaddenoticias.com. XO-AS15 in United States. Tested viewdns.info range: 66.237.236.222 - 66.237.236.254

66.237.236.227: newsandmusicminute.com. Hit. Network Solutions, LLC for:
```
"name": "Alger, Jennifer",
"organization": null,
"street": "PO Box 459",
"city": "Drums",
"state": "PA",
"postalCode": "18222",
"country": "UNITED STATES",
```
tools.whoisxmlapi.com/reverse-whois-search search for "Alger, Jennifer" has four domain:
- preparedtoact.com: parked domain girl web.archive.org/web/20130831091701/http://www.preparedtoact.com/
- prepared2act.com
- newsandmusicminute.com
- jennisdish.com web.archive.org/web/20110207105346/http://jennisdish.com/ godaddy
but more interestingly this address is the same as other hits: activegameinfo.com and noticiasmusica.net! "PO Box 459" anywhere search has 10k+ domains and so does Drums so not helping.
66.237.236.229: pearls-playlist.com 2011-11-13. Hit. domainsbyproxy.com

66.237.236.230: beyondthefringe.info 2013-01-02. Hit. GoDaddy.com for

"registrantContact": {
  "name": "Nathan Stock",
  "organization": null,
  "street": "PO Box 61654",
  "city": "Savannah",
  "state": "Georgia",
  "postalCode": "31420",
  "country": "UNITED STATES",
  "email": "nathanstock@earthlink.net",
  "telephone": "19129206355",

no hits for that name of reversed.

66.237.236.231: primetimemovies.net 2011-06-22. Hit. No whois records.
66.237.236.235: persephneintl.com. Hit. domainsbyproxy.com
66.237.236.236: directoalgrano.net 2012-01-23. Hit.
66.237.236.240: actualizaciondebeisbol.com. Hit. domainsbyproxy.com
66.237.236.243: mygadgettech.com. Hit.
66.237.236.247: comunidaddenoticias.com. Hit. domainsbyproxy.com
66.237.236.249: sumerjaseahora.com. Hit. domainsbyproxy.com

69.84.156.90 stickshiftnews.com. COLOSPACE in Methuen - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 69.84.156.64 - 69.84.156.95

69.84.156.69: al-ashak-news-me.com. Hit.
69.84.156.70: theventurenews.info. Hit.
69.84.156.71: worldfinancetoday.net. Hit.
69.84.156.72: autonewsarabia.com. Hit.
69.84.156.74: blue-moon-news.com. Hit.
69.84.156.75: theoutergreen.com. No archives. Might have been another golf hit. cqcounter.com/whois/www/theoutergreen.com.html not found.
69.84.156.76: tnc-urdu.com. Hit.
69.84.156.79: jassimnews.com. No archives/broken. cqcounter.com/whois/www/jassimnews.com.html blank.
69.84.156.80: noticiasdenuestromundo.com. Hit.
69.84.156.82: arabicnewsonline.com. Hit.
69.84.156.83: unganadormundial.com. Hit.
69.84.156.84: focusonbokeh.com. Hit. Network Solutions, LLC.
69.84.156.85: classic-rocktopia.com. Hit. domainsbyproxy.com.
69.84.156.87: i7diver.com. Hit.
69.84.156.88: diariodeelmundo.com. Hit.
69.84.156.89: todaysarabnews.com. Hit.
69.84.156.90: stickshiftnews.com. Hit.
69.84.156.91: theinternationalgoal.com. Hit.

72.34.53.174 technologytodayandtomorrow.com. IHNET in United States. This IP is special. This IP is somehow closely linked to the "Mass Deface III" pastebin as it seems to have been hosted by Condor hosting. They also have many old sites, and links to Russia which is apparently where this was hosted.

viewdns.info/iphistory/?domain=technologytodayandtomorrow.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-11-13 virtual
- 72.34.53.174 United States IHNET 2011-09-08. Tested viewdns.info range: 72.34.53.164 72.34.53.184 viewdns.info/reverseip/?t=1&host=72.34.53.174 went through all of them;
  - hits
    electronictechreviews.com 2011-09-08 domainsbyproxy.com
    recursosdenoticias.com 2012-06-29 domainsbyproxy.com
    todaysnewsandweather-ru.com 2012-01-11 domainsbyproxy.com
    myonlinegamesource.com 2012-01-11 Godaddy:
    "name": "Brandon Stiltner", "organization": null, "street": "1200 Brookstone Centre Pkwy", "city": "Columbus", "state": "Georgia", "postalCode": "31904", "country": "UNITED STATES",
    has two domains:
    sandshomerepairs.com. web.archive.org/web/20110207105346/sandshomerepairs.com no archives, cqcounter.com/whois/www/sandshomerepairs.com.html not found
    myonlinegamesource.com
    mytravelopian.com 2011-04-04 domainsbyproxy.com
  - possible hits
    * intloil.org 2012-04-27. 2011, Possible hit, a bit off style, but possibly because too broken. rss-item. Copyright 2005. Present at pastebin.com/CTXnhjeSp (now lost without archives I'm an idiot). cqcounter.com/whois/www/intloil.org.html from 2011 somewhat in style but interestingly also similarly broken. The "Login" button leads to another domain: "condorsecure.com": web.archive.org/web/20110721052801/https://condorsecure.com/~intloilo/alternativefuels.html which is megaweird and is what is mentioned in the "Mass Deface III" pastebin. domainsbyproxy.com. A similar thing happens in europeantravelcafe.com but to another domain.
    * islamicnewsonline.com 2013-03-23. No archives in date range. cqcounter.com/whois/www/islamicnewsonline.com.html not found, sad
  - not hits
    businesscardprinternyc.info 2012-04-18. Legit web.archive.org/web/20110925172844/http://businesscardprinternyc.info/
    dermozamsoe106.com 2011-07-02
    glialcells2009paris.com 2012-11-12
    hysfreedom.net 2013-07-08. Legit. web.archive.org/web/20111014185727/http://hysfreedom.net/
    integrativetherapiesec.com 2013-06-30. Parked domain girl. cqcounter.com/whois/www/integrativetherapiesec.com.html not found
    larumbaknox.com 2012-01-11. Parked domain girl
    theebizguy.com 2022-12-26 web.archive.org/web/20250000000000*/theebizguy.com many archives
    nofatchics.com 2012-01-11
    bjellaagency.com 2023-03-07
securitytrails.com/domain/technologytodayandtomorrow.com/history/a same

74.116.72.236 techtopnews.com. OPTIMUM-WIFI2 in Brooklyn - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.116.72.215 - 74.116.72.254

74.116.72.199: newsungraphics.com. Legit.
74.116.72.209: newsung.com. Legit/broken. cqcounter.com/whois/www/newsung.com.html not found
74.116.72.214: ofinancialinc.com. Legit.
74.116.72.219: stockpromoters.com. Legit.
74.116.72.227: dayenews.com. Hit.
74.116.72.229: guide-daventure.com. Hit.
74.116.72.230: spaceage-exchange.com. No archives. cqcounter.com/whois/www/spaceage-exchange.com.html blank image.
74.116.72.231: bleachersfootballnews.com. Hit.
74.116.72.232: indirectfreekick.com. Hit.
74.116.72.233: wwiichronicles.net. Hit.
74.116.72.234: petroleumagenews.com. Hit.
74.116.72.235: the-open-book-online.com. Hit.
74.116.72.236: techtopnews.com. Hit.
74.116.72.237: noticiasdiariasdedeportes.com. No archives. Sad, another potential Brazil hit. cqcounter.com/whois/www/noticiasdiariasdedeportes.com.html not found.
74.116.72.238: pohandakhbar.com. Hit. domainsbyproxy.com.
74.116.72.239: crickettoday.info. Hit.
74.116.72.240: zafernews.com. Hit.
74.116.72.241: itechnewstoday.com. Hit. domainsbyproxy.com.
74.116.72.242: gdgtsource.com. Hit.
74.116.72.243: waronfilmonline.com. Hit.
74.116.72.244: arborstribune.org. Hit. arborstribune.org. Godaddy without domainsbyproxy.com. Registrant: Ryan Binder, email rkbinder@copper.net Reverse hits for name:
- arborstribune.org
- phaseintl.us
- rblab.us
- bindersynthetics.com
- ryanbinder.com
- finalmarch.com. No archives. cqcounter.com/whois/www/finalmarch.com.html not found.
- finalmarch.info.
- mydrunknews.com. Godaddy parked: web.archive.org/web/20110207181833/http://mydrunknews.com/. cqcounter.com/whois/www/mydrunknews.com.html not found.
74.116.72.245: wineenthusiastonline.com. Welcome to the US Petabox. cqcounter.com/whois/www/wineenthusiastonline.com.html not found.
74.116.72.246: vuvuzelanews.com. Hit.
74.116.72.247: ballbatstumpsandbails.com. Hit.
74.116.72.248: kioni-sailing.com. Hit.
74.116.72.249: round-trip-travel.com. Hit.
74.116.72.250: arabicnewsource.com. Hit.

74.254.12.168 non-stop-news.net. BELLSOUTH-NET-BLK in Atlantic Beach - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.254.12.158 - 74.254.12.195. This domain exceptionally also has a second IP also with multihits: 207.239.196.230. The fact that the range has rdns sources with hits from both 2013 DNS Census and viewdns.info suggests this range is correct.

74.254.12.163: half-court.net. Hit.
74.254.12.163: dailywellnessnews.com. Hit.
74.254.12.165: dylandon.net. Hit. rdns source: viewdns.info.
74.254.12.166: afghanpoetry.net. Hit.
74.254.12.168: non-stop-news.net. Hit.
74.254.12.169: soldiersofsouthasia.com. Hit.
74.254.12.170: greek-news.info. Hit.
74.254.12.171: autism-news.org. Hit.
74.254.12.172: thesportsguidebook.com. rdns source: 2013 DNS Census. Only has archive of one subpage: 2009. English. sports. cqcounter.com/whois/www/thesportsguidebook.com.html not found.
74.254.12.173: thefreshnews.com. Hit.
74.254.12.174: reliefline.info. web.archive.org/web/20090416064302/http://www.reliefline.info:80/ Archive too broken. cqcounter.com/whois/www/reliefline.info.html broken.
74.254.12.176: pakcricketgrd.com. Hit.
74.254.12.177: networkofnews.com. Hit.
74.254.12.179: wineconnaisseur.net. Hit.
74.254.12.180: helpinghandssite.com. Hit.
74.254.12.185: newskwest.com. No archives. cqcounter.com/whois/www/newskwest.com.html broken.
74.254.12.187: efiinvestment.com. Hit.
74.254.12.188: first-tee-golf.com. Hit.
74.254.12.189: fabu-foto.com. Hit.
74.254.12.190: viptravelabroad.com. Hit.

173.208.81.2 LEASEWEB-USA-CHI in Lombard - United States:

weblognewsinfo.com:
- dnshistory.org/historical-dns-records/a/weblognewsinfo.com 2010-05-10 -> 2010-10-07 64.120.20.234 viewdns.info/reverseip/?t=1&host=64.120.20.234 small virtual:
  - web.archive.org/web/20101229135149/http://knightsofx.net/ off
  - marvel-mail.com/ no archives, dawhois.com/site/marvel-mail.com.html no results
- viewdns.info/iphistory/?domain=weblognewsinfo.com
  - 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-09-26 virtual
  - 173.208.81.2 Lombard - United States LEASEWEB-USA-CHI 2013-06-30 virtual with newsincirculation.com viewdns.info/reverseip/?t=1&host=173.208.81.2
    web.archive.org/web/20110131042438/http://underground-basement.com/ off
    web.archive.org/web/20110623044033/http://www.mypolitiki.com/ off
newsincirculation.com
- dnshistory.org/historical-dns-records/a/newsincirculation.com
  - 2010-03-10 -> 2010-08-15 64.120.20.234 virtual with weblognewsinfo.com
  - 2013-11-26 -> 2013-11-26 70.32.43.226
- viewdns.info/iphistory/?domain=newsincirculation.com
  - 70.32.43.226 Lombard - United States LEASEWEB-USA-CHI 2014-01-31
  - 50.63.202.77 United States AS-26496-GO-DADDY-COM-LLC 2013-10-19. virutal?
  - 70.32.43.226 Lombard - United States LEASEWEB-USA-CHI 2013-09-26 virtual?
  - 69.147.228.5 Chicago - United States LEASEWEB-USA-CHI 2012-11-12 unknown. Tested viewdns.info range: 69.147.228.1 69.147.228.15. Nope.
  - 173.208.81.2 Lombard - United States LEASEWEB-USA-CHI 2011-04-04 virtual

199.19.110.7 theworldnewsfeeds.com. Los Angeles - United States FIBER-LOGIC.

dnshistory.org/historical-dns-records/a/theworldnewsfeeds.com no hits
viewdns.info/iphistory/?domain=theworldnewsfeeds.com
- 199.19.110.7 2012-01-11 unknown range viewdns.info/reverseip/?t=1&host=199.19.110.7 small virtual:
  - Hits
    classymotors.net
    russiansportsworld.com
    urbestbod.com
  - Not hits:
    angelesmesapc.org: web.archive.org/web/20110623222054/http://angelesmesapc.org/ seems legit.
    web.archive.org/web/20110701070546/http://www.gralnickandsale.com/ broken
    web.archive.org/web/20110208064143/http://magnoliahousephotography.com/ commercial
    web.archive.org/web/20101229224456/http://rdns13.net/ cgi bin
- 74.200.252.212 United States RACKSPACE 2011-11-13 unknown range. viewdns.info/reverseip/?t=1&host=74.200.252.212 small virtual fully explored:
  - web.archive.org/web/20110202113450/http://vhserver2.com/ Joomla
  - web.archive.org/web/20110207191522/http://haugofamily.com/ redirecting

199.85.212.118 just-kidding-news.com. ATT-INTERNET4 in United States.

199.85.212.118 rdns source: 2013 DNS Census virtual host cleanup heuristic keyword searches, dnshistory.org (2009-09-23 -> 2011-01-25) and viewdns.info: "location": "United States", "owner": "VIMRO, LLC", "lastseen": "2012-01-11". Tested viewdns.info range: 199.85.212.95 - 199.85.212.128. Not sure worth it given the many 2013 DNS Census misses surrounding.
- 199.85.212.98: colorsxpress.com. Legit
- 199.85.212.104:
  - jobindons.com 2013-10-19.
  - piogroup.org 2012-12-29.
- 199.85.212.105: mide-news.com. Hit.
- 199.85.212.109: game2be.com. Infinite load loop: web.archive.org/web/20080102074404/http://www.game2be.com/ cqcounter.com/whois/www/game2be.com.html error not found.
- 199.85.212.111:
  - newsandsportscentral.com. Hit.
  - and many many others, not bothering with it
- 199.85.212.115: veryperi.com. Legit? 2011. Style is similar.
- 199.85.212.116: approselect.com. Legit?
- 199.85.212.117: innovative-software-solutions.com. broken/legit cqcounter.com/whois/www/innovative-software-solutions.com.html broken.
- 199.85.212.118: just-kidding-news.com. Hit.
- 199.85.212.119: invisus.com. Legit
- 199.85.212.120: allurebyjustine.com. Legit?
- 199.85.212.121: stockprouniversity.com cqcounter.com/whois/www/stockprouniversity.com.html legit?
- 199.85.212.122: stjosephswoodshop.com Legit?
- 199.85.212.125: time-spacer.net. Welcome to the US Petabox. cqcounter.com/whois/www/time-spacer.net.html service unavailable
- 199.85.212.132: qualitytrans.net. Legit?
- 199.85.212.134: mywellnessminder.com. Legit?
- 199.85.212.138: crystalglassinc.com
- 199.85.212.140: davistech-llc.com
68.178.232.100: see rastadirect.net. rdns source: viewdns.info: "location": "United States", "owner": "GoDaddy.com, LLC", "lastseen": "2012-06-29"
209.85.45.84. Tested viewdns.info range: 209.85.45.74 - 209.85.45.94.
- 209.85.45.2: dz8.dailyrazor.com
- 209.85.45.2: jr4consulting.com
- 209.85.45.41: guitarzza.com. No archives of time.
- 209.85.45.46: evergraindecking.com. No archives of time.
- 209.85.45.114: mauritiuspropertyconsultant.com. Legit/ broken.
- 209.85.45.160: bieltvedt.net. No archives of time.
- 209.85.45.160: golfstats.dk. No archives.
- 209.85.45.225: infokus.ca
- 209.85.45.225: mail.tomlatham.net
- 209.85.45.225: mail.tomlatham.org
- 209.85.45.239: flavacationcenter.com

204.176.38.143 noticiassofisticadas.com. UUNET in United States. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 204.176.38.125 - 204.176.38.154

204.176.38.130: i-pressnews.com. Hit.
204.176.38.132: turkishnewslinks.com. Hit.
204.176.38.134: photographyarecord.com. Hit.
204.176.38.135: breakingthewicket.com. Hit.
204.176.38.136: politicalworldtoday.com. Hit.
204.176.38.137: hi-tech-today.com. Hit.
204.176.38.138: continental-business-news.com. TODO. rss-item, split images. 2011. Cannot find comms. Also header and footer are not limited width which is unusual. Further HTML similarity reversing would be needed.
204.176.38.139: bigscreenbattles.com. Hit.
204.176.38.141: rakotafootball.com. Hit.
204.176.38.142: senderosdemontana.com. Hit.
204.176.38.143: noticiassofisticadas.com. Hit.
204.176.38.144: techno-today.com. Hit.
204.176.38.145: tickettonews.com. Hit.
204.176.38.146: dps-digitalphotosharing.com. Hit.
204.176.38.147: theputtingreen.com. Hit.
204.176.38.149: sportsnewstodayar.com. Hit.
204.176.38.150: kairuafricanews.com. Hit.

204.176.39.115 globalprovincesnews.com. UUNET in United States. Tested viewdns.info range: 204.176.39.93 - 204.176.39.124

204.176.39.97: beamingnews.com. Hit.
204.176.39.98: cubriendonoticias.com. Hit.
204.176.39.100: rowleyworldpost.com. Hit.
204.176.39.101: noticiastopicas.com. No archives. cqcounter.com/whois/www/noticiastopicas.com.html not found.
204.176.39.103: economicnewsbuzz.com. Hit.
204.176.39.104: spectranewsonline.com. Hit.
204.176.39.105: entertainmentnewscompany.com. Hit.
204.176.39.107: guidetoelectronics.net. Uncertain. 2010. English. tech, electronics. Split images, rss-items. Comms not found, likely CGI comms variant on unarchived login page:. web.archive.org/web/20101230025246/http://guidetoelectronics.net/login.html
204.176.39.110: arabnewsatdawn.com. Hit.
204.176.39.114: messengergalaxy.com. Uncertain. 2011. Would be the first example of something more commercial/service offering we've seen so far. Possible CGI comms variant.
204.176.39.115: globalprovincesnews.com. Hit.
204.176.39.116: mahparah-news.com. Hit.
204.176.39.119: commercialspacedesign.com. Hit.

207.150.191.68 technologypresstoday.com. Saudi Telecom Company JSC in Saudi Arabia.

technologypresstoday.com. Hit. 2011. JAR. Farsi. RSS, split images.
- viewdns.info/iphistory/?domain=technologypresstoday.com says 72.13.93.206 Santa Clara - United States EGIHOSTING 2012-01-11. viewdns.info/reverseip/?host=72.13.93.206&t=1 says large virtual.
- dnshistory.org/dns-records/technologypresstoday.com says empty
- securitytrails.com/domain/technologypresstoday.com/history/a
  - 72.13.93.203 EGIHosting 2009-07-20 (16 years) 2009-07-27 (16 years) 7 days
  - 64.13.159.156 Wave Broadband 2009-05-30 (16 years) 2009-07-16 (16 years) 2 months. viewdns.info/reverseip/?t=1&host=64.13.159.156 empty.
  - 207.150.191.68 Saudi Telecom Company JSC 2009-01-21 (16 years) 2009-05-22 (16 years) 4 months
  - 68.178.232.100 GoDaddy.com, LLC 2009-01-14 (16 years) 2009-01-20 (16 years) 6 days
worldofonlinenews.com. Hit.
- dnshistory.org/historical-dns-records/a/worldofonlinenews.com 2015-12-15 -> 2016-04-21 108.167.161.90 presumably from the legit era
- viewdns.info/iphistory/?domain=worldofonlinenews.com
  - 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-02 virtual
  - 207.150.191.68 Saudi Arabia Saudi Telecom Company JSC 2011-04-04 virtual
mywebofnews.com. Hit.
- dnshistory.org/historical-dns-records/a/mywebofnews.com 2010-03-09 -> 2010-08-14 207.150.191.68 But this has several hits for the same IP on DNS Census 2013 which is unusual:
```
3xhunter.com|2012-04-12T07:53:24|207.150.191.68
dreamersoul.net|2012-04-11T22:06:18|207.150.191.68
exdump.com|2012-02-03T11:42:44|207.150.191.68
```
viewdns.info/reverseip/?host=207.150.191.68&t=1 is medium virtual:
- world-high.info: cqcounter.com/whois/www/world-high.info.html legit wordpress
- viewdns.info/iphistory/?domain=mywebofnews.com no hits
  68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-27 virtual
  207.150.191.68 Saudi kkkArabia Saudi Telecom Company JSC 2011-06-22 virtual
viewdns.info/reverseip/?host=207.150.191.68&t=1
- kickofffootballnews.com. Hit. viewdns.info/iphistory/?domain=kickofffootballnews.com to that IP alone
- ithaiproperty.com. Legit. web.archive.org/web/20111001231548/http://www.ithaiproperty.com/
- themaconnightlife.com: no archives: web.archive.org/web/20250000000000*/themaconnightlife.com. cqcounter.com/whois/www/themaconnightlife.com.html sems legit.
- web.archive.org/web/20110202093639/http://theadvancompany.com/ cgi-bin directory
- web.archive.org/web/20091212001404/http://www.toddlerbedrailshop.com/ off
- cqcounter.com/whois/www/texasdavisfive.com.html off
- web.archive.org/web/20250000000000*/geldherrin-lady-estefania.com no archives.

207.210.250.132 aeronet-news.com. AS17378 in United States. This is the Autonomous System Number for TierPoint, LLC. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 207.210.250.126 - 207.210.250.157

207.210.250.131: starrynightnews.com. Hit.
207.210.250.132: aeronet-news.com. Hit.
207.210.250.133: bakaribulletin.com. Hit.
207.210.250.134: deprensaenlarevisiondehoy.com. Hit.
207.210.250.135: icwb-news.com. Hit.
207.210.250.136: sportsreelhighlights.com. Hit.
207.210.250.137: fashionforward.info. No archives. cqcounter.com/whois/www/fashionforward.info.html innovative but has a "Member" section. Stock lady visible somwhere at westlahairgrowth.com/?page_id=12158 according to Google images but I couldn't find it easily in the page.
207.210.250.138: inquiry-human-past.com. Hit.
207.210.250.139: thefairwaysaregreen.com. Hit.
207.210.250.142: russiaupdate.com. Hit.
207.210.250.143: archaeologyreview.net. Hit.
207.210.250.144: highspeed-news.com. No archives. cqcounter.com/whois/www/highspeed-news.com.html not found.
207.210.250.146: noticias-caracas.com. Hit.
207.210.250.147: bailandstump.com. Hit.
207.210.250.148: classicalmusic4arab.com. Hit.
207.210.250.149: globalventurestat.com. Hit.
207.210.250.152: al-rashidrealestate.com. Hit.
207.210.250.153: newsintheworld-ru.com. Hit.
207.210.250.154: news-unlimited.info. Hit.

208.93.112.105 fastnews-online.com. TULIP-SYSTEMS in United States. Checked viewdns.info range: 208.93.112.90 - 208.93.112.155

208.93.112.101: cketnews.com: web.archive.org/web/20070612034201/http://cketnews.com/. Archives from 2007 and off style. cqcounter.com/whois/www/cketnews.com.html not found.
208.93.112.105: fastnews-online.com. Hit.
208.93.112.106: travelxtreme.net. Hit.
208.93.112.108: nbanewsroundup.com. Hit.
208.93.112.110: luxuryfive.net. Hit.
208.93.112.111: topfootballnewsonline.com. Hit.
208.93.112.112: todaysportscores.com. Hit.
208.93.112.113: mostefficientself.com. Uncertain. cqcounter.com/whois/www/mostefficientself.com.html hard to tell. One is reminded of fightorgohome.com.
208.93.112.114: dynamicworldnews.com. Hit.
208.93.112.116: gazingvoyage.com. Hit.
208.93.112.123: garundipost.com. Hit.
208.93.112.125: theradioamateurs.com: no archives. cqcounter.com/whois/www/theradioamateurs.com.html not found.

208.254.38.39 todaysengineering.com. COLO-PREM-VZB in United States.

Tested viewdns.info range: 208.254.38.9 - 208.254.38.86. Weirdly empty, doesn't even show the domain iteslf!
- 208.254.38.39: todaysengineering.com. Hit. rdns source: both viewdns.info and 2013 DNS Census
- 208.254.38.56: nejadnews.com. Hit.
68.178.232.100: source: securitytrails.com. 2009-11-24 - 2009-12-11, GoDaddy.com, LLC

208.254.40.117 worldnewsandent.com. COLO-PREM-VZB in United States. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117: Net Range 208.192.0.0 - 208.255.255.255. Tested viewdns.info range: 208.254.40.92 - 208.254.40.135

208.254.40.96: sixty2media.com. Hit.
208.254.40.99: newspoliticssource.com. Hit.
208.254.40.110 musical-fortune.net. Hit.
208.254.40.113: ashoka-gemstones.com. Hit.
208.254.40.117: worldnewsandent.com. Hit.
208.254.40.124: riskandrewardnews.com. Hit.
208.254.40.129: mailb.casella.com. Legit.

208.254.42.205 driversinternationalgolf.com. COLO-PREM-VZB in United States. Tested viewdns.info range: 208.254.42.178 - 208.254.42.233.

208.254.42.35: mystorytimefriends.com. Broken/legit.
208.254.42.194: it-proonline.com. Hit.
208.254.42.200: riccs.mwcog.org. Legit. Reverse IP source: 2012 Internet Census, 2012-05-14.
208.254.42.205: driversinternationalgolf.com. Hit.
208.254.42.209: mardelsurnoticias.com. Hit. Reverse IP source: viewdns.info
208.254.42.215: nowfreshfinances.com. Hit.
208.254.42.216: circulatingnews.net. Hit.
208.254.42.219: westingtonpassnews.com. Hit. Reverse IP source: 2013 DNS Census
208.254.44.155: brandimpact.com. Legit/broken: web.archive.org/web/20070801000000*/brandimpact.com
208.254.45.105: operatorenum.com. Legit/broken: web.archive.org/web/20100301000000*/operatorenum.com

209.162.192.49 rastadirect.net. DF-PTL2-3 in Gresham - United States. Source: securitytrails.com and cqcounter.com/site/rastadirect.net.html. Tested viewdns.info: 209.162.192.30 209.162.192.70
* 209.162.192.44: thejewelofsouthamerica.com. Hit.
* 209.162.192.49: rastadirect.net. Hit.
* 209.162.192.51: yellow-chair-report.com. Hit.
* 209.162.192.54: tutkulu-turu.com. Possible hit. domainsbyproxy.com 2008-03-04. Weird style made up exclusively of cut up images, including the text itself where links would normally be. Turkish. Archive a bit weird with images on top of text. 2011 Copyright 2006. Unarchived link to web.archive.org/web/20110129065840/http://tutkulu-turu.com/login.html with title "Kullanıcı adı" (Username). Headline "Online seyahat etmek acenta" translates to "Online travel agency".
* 209.162.192.57: globalnewsreports.net. Hit.
* 209.162.192.59: easytravelsite.net. Hit.
* 209.162.192.70: phrio.com. Off date. viewdns.info/reverseip/?t=1&host=209.162.192.70

68.178.232.100 - United States - GoDaddy.com - 2011-05-02. Reverse IP source: viewdns.info
- +-20 range: several domains on each IP, but can't find any hits easily
There are actualy talk pages about this IP
- community.spiceworks.com/
- talk.plesk.com/threads/warning-the-domain-resolves-to-another-ip-address.77764/
- support.google.com/cloudidentity/answer/2579934?hl=en actually used as an example here?

210.80.75.55 philippinenewsonline.net. UUNET in Australia. Tested viewdns.info range: 210.80.75.30 - 210.80.75.67

210.80.75.35: aroundtheworldnews.net. No archives. ipinf.ru/domains/210.80.75.33/ disagrees and places it at .33.
210.80.75.36: e-commodities.net. Hit.
210.80.75.37: trekkingtoday.com. Hit.
210.80.75.41: multinews-33.com. Hit.
210.80.75.42: movimientodenticias.com. No archives. cqcounter.com/whois/www/movimientodenticias.com.html blank.
210.80.75.43: gulfandmiddleeastnews.com. Hit.
210.80.75.44: whirlybirdinflight.com. Hit.
210.80.75.45: kings-game.net. Hit.
210.80.75.46: topglobalnewsdaily.com. Hit.
210.80.75.49: recipe-dujour.com. Hit.
210.80.75.53: sportsman-elite.com. Hit.
210.80.75.55: philippinenewsonline.net. Hit.
210.80.75.56: technewsforme.com. Hit.
210.80.75.59: goldeportesnoticias.com. Hit.
210.80.75.68: gigabyte-usa.com. Legit.

212.4.16.232 mynewscheck.com. UUNET in Cassano d'Adda - Italy. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.16.214 - 212.4.17.198. ipinf.ru/domains/?search=212.4.17.125&cust=1 says they are /19, so .16 and .17 are both the same range from a registration perspective::

212.4.16.224: lanoticiasdehoyelinforme.com. Hit.
212.4.16.232: mynewscheck.com. Hit.
212.4.16.239: saktimarsgolf.com 2012-06-29. Broken/legit/no archives of relevant date: web.archive.org/web/20081031060207/http://saktimarsgolf.com/. cqcounter.com/whois/www/saktimarsgolf.com.html blank.
212.4.16.245: financial-crisis-news.com. Hit.
212.4.16.252: minutosdenoticias.com. Hit. web.archive.org/web/20100517151612/http://minutosdenoticias.com/

212.4.17.38 fightwithoutrules.com. UUNET in Cassano d'Adda - Italy. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117. Net Range: 208.192.0.0 - 208.255.255.255. Organization: Name: Verizon Business. Tested viewdns.info range: see 212.4.16.* above

212.4.17.38: fightwithoutrules.com. Hit.
212.4.17.41: newtechfrontier.com. Hit.
212.4.17.43: smart-travel-consultant.com. Hit.
212.4.17.46: atentlaloc.com. Hit.
212.4.17.53: newsresolution.net. Hit.
212.4.17.56: lesummumdelafinance.com. Hit.
212.4.17.56: thepinnacleoffinance.com. No Wayback machine archives. cqcounter.com/whois/www/thepinnacleoffinance.com.html blank.
212.4.17.61: tech-stop.org. Archive: 2011. Feels likely. No commons found. .org hit? Has subdomain "gear.tech-stop.org" according to 2013 DNS Census, which suggests CGI comms, but no links to it
212.4.17.98: topbillingsite.com. Hit.
212.4.17.122: b2bworldglobal.com. Hit.
212.4.17.125: worldaroundyunnan.com. Hit.
212.4.17.160: localtoglobalnews.com. Hit.

There were also some other reverse IP hits for fightwithoutrules.com, but no CIA websites there:

204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26. Many domains.
208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20. Many domains.

Other hits:

208.91.197.132. rdns source: viewdns.info: "location" : "British Virgin Islands", "owner" : "Confluence Networks Inc", "lastseen" : "2013-09-26". So this is after the previous one, unlikely to be correct.
205.178.189.131. source: securitytrails.com

212.4.18.129 sightseeingnews.com. UUNET in Cassano d'Adda - Italy. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.18.115 - 212.4.18.148. TODO expand. Interesting wide/sparse range? Or perhaps it's two separate ranges?

212.4.18.129: sightseeingnews.com. Hit. Presumably also present under fgnl.net on its second IP range, since this is near 212.4.18.133? viewdns.info gives this as the only IP for the domain.
212.4.30.210: iprintitaly.com. Legit: web.archive.org/web/20230000000000*/http://www.iprintitaly.com/

212.209.74.105 globalbaseballnews.com. UUNET in Sweden. Tested viewdns.info range: 212.209.74.100 - 212.209.74.132. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches

212.209.74.105: globalbaseballnews.com. Hit.
212.209.74.106: football-de-luxe.com. Hit.
212.209.74.111: worldconcerns.info. No archives. cqcounter.com/whois/www/worldconcerns.info.html empty.
212.209.74.112: developmental-league.com. Unclear. CGI comms variant? 2010. English. CGI. American football.
212.209.74.115: mediocampodefutbol.com. Hit.
212.209.74.117: myengineeringaffinity.com. Hit.
212.209.74.122: atthemovies.biz. Hit.
212.209.74.123: worldfinancialexchangenews.com. Hit.
212.209.74.124: urouttahere.com. Hit.
212.209.74.125: avoilurefixe.com. Hit. Domains By Proxy, LLC.^[ref]
212.209.74.126: headlines2day.com. Hit.
- 118.139.174.11. Reverse IP source: viewdns.info
  - 118.139.174.11: 712 domain hits on it
  - 118.139.174.21: theargentineanwineco.com 2013-09-26. No Wayback machine archive. cqcounter.com/whois/www/theargentineanwineco.com.html not found.
  - nothing else on the +-20 range
- 184.168.221.91. Reverse IP source: 2013 DNS Census
  - 184.168.221.91: 40k hits on 2013 DNS Census
212.209.74.127: construction-zones.com. Unclear. CGI comms variant? 2009. No known comms found. English. construction. Has a login page: web.archive.org/web/20091130144158/http://construction-zones.com/login.html so maybe CGI comms variant

212.209.79.40 hydradraco.com. UUNET in Sweden. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just after globalbaseballnews.com. Tested viewdns.info range: 212.209.79.35 - 212.209.79.63

212.209.79.34: fgnl.net. Hit. securitytrails.com provides IP history:
- 212.209.79.34: 2008-09-01 - 2010-04-19.
- 212.4.18.133: 2010-04-19 - 2019-06-19. Tested viewdns.info range: 212.4.18.122 - 212.4.18.148
both under MCI Communications Services, Inc. d/b/a Verizon Business.
212.209.79.37: fitness-sources.com. Hit.
212.209.79.40: hydradraco.com. Hit.
212.209.79.41: noticiasdelmundolatino.com. Hit.
212.209.79.42: suparakuvi.com. Hit.
212.209.79.44: myigadgets.net. Unclear. 2010. tech. Contains some helpers to: iGoogle. This page is very interesting. and quite different from the others, as it contains highly specialized functionality. No known comms found. The choice of homepage languages is also very suspicious: Arabic, Farsi, French, Chinese and Spanish.
212.209.79.46: cetusdelph.com. Hit.
212.209.79.47: willtoworship.com. Hit. domainsbyproxy.com
212.209.79.48: themvconnection.com. Hit.
212.209.79.51: pi-resources.net. Hit.
212.209.79.52: newel-adserver.com. Redirects to newel.com which is legit. cqcounter.com/whois/www/newel-adserver.com.html blank.
212.209.79.53: ourscubaworld.com. Hit.
212.209.79.58: tech-love-home.com. Hit.
212.209.79.60: first-solo-aviation.com. Hit.
212.209.79.61: china-destinations.org. Hit.

212.209.90.84 thenewseditor.com. UUNET in Sweden. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.209.90.64 - 212.209.90.99

212.209.90.69: worldedgenews.com. Hit.
212.209.90.72: talkingpointnews.info. Hit.
212.209.90.74: globalinvestmentnews.net. Hit.
212.209.90.75: prebitinvestment.com. Hit.
212.209.90.77: energy-bulb.com 2011. English. energy. Comms not found, but has unarchived link to: web.archive.org/web/20110128182345/https://webmail.energy-bulb.com/login.html. CGI comms variant?
212.209.90.79: freeblink.com. No archives for timerange, then legit. cqcounter.com/whois/www/freeblink.com.html off-style
212.209.90.80: nsmovies.net. Hit.
212.209.90.82: middleeastjournal.net. Hit.
212.209.90.84: thenewseditor.com. Hit.
212.209.90.87: newsandweathersource.com. Hit.
212.209.90.89: pakisports.com. Hit.
212.209.90.90: vriha-aesthetics.com. Hit.
212.209.90.92: amishkanews.com. Hit.
212.209.90.93: theentertainbiz.com. Hit.
212.209.90.94: eurosportssummary.com. Hit.
212.209.91.14: teracom.net. Legit

216.93.248.194 esmundonoticias.com. TWDX in Chelmsford - United States.

dnshistory.org/historical-dns-records/a/esmundonoticias.com 2010-02-05 -> 2010-08-02 216.93.248.194. Tested viewdns.info range: 216.93.248.184 216.93.248.204. viewdns.info/reverseip/?host=216.93.248.194&t=1 gives:
- hits:
  - esmundonoticias.com 2012-01-11
  - kukrinews.com 2011-06-22
    dnshistory.org/historical-dns-records/a/kukrinews.com 2010-02-26 -> 2010-08-07 216.93.248.194
    viewdns.info/iphistory/?domain=kukrinews.com 216.93.248.194 Malden - United States TWDX 2011-06-22
  - lasthournews.com 2010-02-27 -> 2010-08-07
  - tech-geek-news.com 2012-01-11
- not hits;
  - 216.93.248.194: coxsackielive.com 2012-06-29. No archives. dawhois.com/www/coxsackielive.com.html off.
  - 216.93.248.194: datapakassociates.org 2012-04-27. No rachives. dawhois.com/www/datapakassociates.org.html off.
  - 216.93.248.194: easywebworld.net 2012-02-27. Broken: web.archive.org/web/20101229051406/http://easywebworld.net/ "This Site Is Under Construction. Come Back Soon!" so seems legit. dawhois.com/www/easywebworld.net.html same.
  - 216.93.248.194: librarianhelper.com 2013-06-30. Parked domain girl. dawhois.com/www/librarianhelper.com.html not found.
  - 216.93.248.194: ualbanycornerstone.org 2012-04-13. Legit.
viewdns.info/iphistory/?domain=esmundonoticias.com 216.93.248.194 Malden - United States TWDX 2012-01-11. Tested. viewdns.info/reverseip/?t=1&host=216.93.248.194 small virtual.

216.104.38.114 all-sport-headlines.com. SINGLEHOP-LLC in United States.

viewdns.info/iphistory/?domain=all-sport-headlines.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-11-12 virtual
- 216.104.38.114 United States SINGLEHOP-LLC 2012-09-21. Tested viewdns.info range: 216.104.38.104 216.104.38.124
  - viewdns.info/reverseip/?t=1&host=216.104.38.114
    hits:
    * wahidfutbol.com
    * wildbirds-seasia.com
    not hits:
    web.archive.org/web/0/oaksathighlandlakes.com no archives
    web.archive.org/web/20110208080756/http://www.weathersbyhoa.com/cgi-bin/index.pl?action=main
    web.archive.org/web/20110202205540/http://www.themeadowssubdivisionhoa.com/cgi-bin/index.pl?action=main
    web.archive.org/web/20110208074306/http://bsheroics.com/ humm off there is a chance. They have actual twitter: x.com/bsheroics nevermind. And: www.facebook.com/profile.php?id=100078200499209
    afterawhilecrocodile.info 2011-07-26. Legit.
securitytrails.com/domain/all-sport-headlines.com/history/a adds
- 66.246.218.219 Cologix, Inc 2008-09-01 (17 years) 2008-11-25 (16 years) 3 months. viewdns.info/reverseip/?t=1&host=66.246.218.219 empty.

216.105.98.152: modernarabicnews.com. SAVVY-NET in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 216.105.98.125 - 216.105.98.167

216.105.98.118:
- estudashboard.com: broken cqcounter.com/whois/www/estudashboard.com.html not found
- fintrade.us: legit
216.105.98.132: europeantravelcafe.com. Hit.
216.105.98.134: fuenteneta.com. Hit.
216.105.98.135: ilat-news.com. Hit.
216.105.98.136: etherealinspirations.net. Hit.
216.105.98.137: the-news-zone.com. Hit.
216.105.98.138: photozoomnews.com. No archives. cqcounter.com/whois/www/photozoomnews.com.html empty
216.105.98.139: cultura-digital.net. Hit.
216.105.98.140: uaeshoppingspree.com. Hit.
216.105.98.141: jabarifootball.com. No archives. "Jabari" is a Swahili/Arabic name ^[ref]. cqcounter.com/whois/www/jabarifootball.com.html not found.
216.105.98.142: globalreview-ar.com. No archives. Shame, could have been our first Argentinian site. cqcounter.com/whois/www/globalreview-ar.com.html empty.
216.105.98.144: garanziadellasicurezza.com. Hit.
216.105.98.145: montanismoaventura.com. Hit.
216.105.98.146: large-format-news.com. Hit.
216.105.98.147: nepalnewsbrief.com. Hit. dnshistory.org marks it as having IP 2010-03-10 -> 2010-08-15 216.169.148.94 ^[ref]. This range does feel a bit different from the others, too many broken archives, and relatively early ones too. Explored viewdns.info range: 216.169.148.84 - 216.169.148.104, empty for period. domainsbyproxy.com.
216.105.98.148: teclafinance.com. Hit.
216.105.98.149: entreman.com. Hit.
216.105.98.152: modernarabicnews.com. Hit.
216.105.98.153: global-headlines.com. Hit.
216.105.98.154: everythingcricket.org. Hit.
216.105.98.156: familyhealthonline.net. Hit.
216.105.98.157: delacorne.com. Hit.
216.105.98.158: econfutures.com. Hit.
216.105.98.161: kstcloud.com. No archives. cqcounter.com/whois/www/kstcloud.com.html not found

219.90.61.123 journeystravelled.com. UUNET in Taiwan. Tested viewdns.info range: 219.90.61.100 - 219.90.61.133

219.90.61.100: pressstory.com: "Under construction". web.archive.org/web/20110128124548/http://pressstory.com/. cqcounter.com/whois/www/pressstory.com.html same
219.90.61.103: bet2plays.com. "Under construction". Unlikely thematic, too spicy. cqcounter.com/whois/www/bet2plays.com.html same
219.90.61.110: surya-brahma.com. Hit
219.90.61.111: classicalmusicboxonline.com. Hit.
219.90.61.116: athletepro.net. Hit.
219.90.61.117: lajornadanow.com. Hit.
219.90.61.119: aviation-navigation.com. Hit.
219.90.61.120: theinternationalworld.com. Hit.
219.90.61.121: thepyramidnews.com. Hit.
219.90.61.122: iran-newslink-today.com. Hit.
219.90.61.123: journeystravelled.com. Hit.

219.90.62.243 fitness-dawg.com. UUNET in Taiwan. whois.arin.net/rest/net/NET-219-0-0-0-1/pft?s=219.90.62.243. Net Type: Allocated to APNIC. Tested viewdns.info range: unknown - 219.90.62.255

219.90.62.173:
- dominatingduos.com: 2013-08-12T17:53:09. No archive. cqcounter.com/whois/www/dominatingduos.com.html empty
- has other domains
219.90.62.193: centralnewsreleasers.com. Only a 2018 of the robots.txt: web.archive.org/web/*/http://centralnewsreleasers.com/* so likely not a hit. cqcounter.com/whois/www/centralnewsreleasers.com.html not found.
219.90.62.209: penniesbythemillions.com. No archives. cqcounter.com/whois/www/penniesbythemillions.com.html not found.
219.90.62.229: information-junky.com. Hit.
219.90.62.231: todosperuahora.com. Hit.
219.90.62.232: race26point2.com. Hit. No archives, but has subdomain: secure.race26point2.com, so likely CGI comms. cqcounter.com/whois/www/race26point2.com.html somewaht in-style and also a "members" link, presumably linking to secure.race26point2.com. The "26" and "2" are not very clear, but tagline clarifies "leading the race on the latest running news and events" so it's a running news website
219.90.62.233: theworld-news.net. Hit.
219.90.62.234: recuerdosdeviajeonline.com. Hit
219.90.62.235: ordenpolicial.com. Hit.
219.90.62.240: cityworldnewsnow.com. Hit. No archives but has subdomain: secure.cityworldnewsnow.com so likely CGI comms. cqcounter.com/whois/www/cityworldnewsnow.com.html in-style, arab world mentions.
219.90.62.237: elcorreodenoticias.com. Hit.
219.90.62.238: freshtechonline.com. Hit.
219.90.62.240: cityworldnewsnow.com. Hit.
219.90.62.241: newscentertoday.com. Hit.
219.90.62.242: ride-captain.com. Hit.
219.90.62.244: easytraveleurope.com. Hit.
219.90.62.245: world-news-now.net. Hit.
219.90.62.246: negativeaperture.com. Hit.
219.90.62.247: conquermstoday.com. Hit
219.90.62.249: forensic-exchange.com. 2013 archive: web.archive.org/web/20130714094026/http://forensic-exchange.com/. Appears to be a buggy Wayback Machine archive somehow, so inconclusive. cqcounter.com/whois/www/forensic-exchange.com.html in-style, clarifies focus on computer.

 Read the full article

CIA 2010 covert communication websites / secure subdomain search on 2013 DNS Census by

Ciro Santilli 40 Updated 2025-07-16

 View more

Grepping the 2013 DNS Census first by overused CGI comms subdomains secure. and ssl. leaves 200k lines. Grepping for the overused "news" led to hits:

secure.worldnewsandent.com,2012-02-13T21:28:15,208.254.40.117
ssl.beyondnetworknews.com,2012-02-13T20:10:13,66.104.175.40

Also tried but failed:

sports:
- secure.motorsportdealers.com,2012-04-10T20:19:09,64.73.117.38 web.archive.org/web/20110501000000*/motorsportdealers.com

OK, after the initial successes in secure., we went a bit more data intensive:

took all secure.* ssl.* URLs in the 2013 DNS Census, 70k entries
cleaned up a bit, e.g. only .com or .net. this left only, 30k entries only
lopped over all of them in archive CDX: Wayback Machine CDX scanning, searching for those that also end in .cgi web.archive.org/cdx/search/cdx?url=$domain&matchType=domain&filter=urlkey:.*.cgi&to=20140101000000. Took an afternoon, but no rate limit block.
this leaves about 1000, so we loop over all of them manually on web archive with a script, and opened any that had the pattern of very vew hits between 2010 and 2013 only, and on those check for visual/thematic style match. Careful not to make more than 15 requests per minute or else 5 min blacklist!

New results: only one...

208.254.42.205 secure.driversinternationalgolf.com,2012-02-13T10:42:20,

After 2013 DNS Census virtual host cleanup heuristic keyword searches we later understood why there were so few hits here: the 2013 DNS Census didn't capture the secure. subdomains of many domains it had for some reason. Shame, because if it had, this method would have yielded many more results.

 Read the full article

CIA 2010 covert communication websites / Communication mechanism by

Ciro Santilli 40 Updated 2025-07-16

 View more

There are four main types of communication mechanisms found:

Java JAR
There is also one known instance where a .zip extension was used! web.archive.org/web/20131101104829*/http://plugged-into-news.net/weatherbug.zip as:
```
<applet codebase="/web/20101229222144oe_/http://plugged-into-news.net/" archive="/web/20101229222144oe_/http://plugged-into-news.net/weatherbug.zip"
```
JAR is the most common comms, and one of the most distinctive, making it a great fingerprint.
Several of the JAR files are named something like either:
- meter.jar
- bandwidth.jar
- speed.jar
as if to pose as Internet speed testing tools? The wonderful subtleties of the late 2000s Internet are a bit over our heads.
All JARs are directly under root, not in subdirectories, and the basename usually consist of one word, though sometimes two camel cased.
JavaScript file. There are two subtypes:
- JavaScript with SHAs. Rare. Likely older. Way more fingerprintable.
- JavaScript without SHAs. They have all been obfuscated slightly different and compressed. But the file sizes are all very similar from 8kB to 10kB, and they all look similar, so visually it is very easy to detect a match with good likelyhood.
Adobe Flash swf file. In all instances found so far, the name of the SWF matches the name of the second level domain exactly, e.g.:
```
http://tee-shot.net/tee-shot.swf
```
While this is somewhat of a fingerprint, it is worth noting that is was a relatively commonly used pattern. But it is also the rarest of the mechanisms. This is a at a dissonance with the rest of the web, which circa 2010 already had way more SWF than JAR apparently.
Some of the SWF websites have archives for empty /servlet pages:
```
./bailsnboots.com/20110201234509/servlet/teammate/index.html
./currentcommunique.com/20110130162713/servlet/summer/index.html
./mynepalnews.com/20110204095758/servlet/SnoopServlet/index.html
./mynepalnews.com/20110204095403/servlet/release/index.html
./www.hassannews.net/20101230175421/servlet/jordan/index.html
./zerosandonesnews.com/20110209084339/servlet/technews/index.html
```
which makes us think that it is a part of the SWF system.
CGI comms

These have short single word names with some meaning linked to their website.

Because the communication mechanisms are so crucial, they tend to be less varied, and serve as very good fingerprints. It is not ludicrous, e.g. identical files, but one look at a few and you will know the others.

 Read the full article

 Unlisted articles are being shown, click here to show only listed articles.