Ciro Santilli @cirosantilli 37

 Incoming links: CIA 2010 covert communication websites / "Mass Deface III" pastebin

CIA 2010 covert communication websites / Data sources  Updated 2025-05-29  +Created 1970-01-01

This is a dark art, and many of the sources are shady as fuck! We often have no idea of their methodology. Also no source is fully complete. We just piece up as best we can.

In order to explore IPs in known IP ranges, what we need are good DNS databases.

www.zone-h.org/archive/ip=208.76.80.93/page=11?hz=1 mentions newsupdatesite.com and mentions "defacement", the "Mass Deface III" pastebin comes to mind. No other nearby hits on quick inspection.

 Read the full article

CIA 2010 covert communication websites / Hits with nearby IP hits  Updated 2025-05-29  +Created 1970-01-01

 View more

62.22.60.49: telecom-headlines.com. UUNET in Spain. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just before worldnewsnetworking.com. Tested viewdns.info range: 62.22.60.34 - 62.22.60.66

62.22.60.33: newsperk.com. Almost certainly a hit. Stylistically perfect, rss-item. But no comms not found. Ennerving! 2011. English. Egypt. news. Later legitimately reused.
62.22.60.34: freeslideshow.net. Legit? Attempting to open any HTML archives leads to an infinite page load loop, e.g. 2010. A subpage however exists: web.archive.org/web/20101230001640/http://freeslideshow.net/index_files/a.htm and appears legit.
62.22.60.40: travel-passage.com. Hit.
62.22.60.42: newsupdatesite.com. Hit.
62.22.60.46: flyingtimeline.com. Hit.
62.22.60.47: globalemergenceadvisorsbkserver.com. Legit.
62.22.60.48: currentcommunique.com. Hit.
62.22.60.49: telecom-headlines.com. Hit.
62.22.60.52: collectedmedias.com. Hit.
62.22.60.54: romulusactualites.com. Hit.
62.22.60.55: thefilmcentre.com. Hit.
62.22.60.56: traveltimenews.com. Hit.

62.22.61.206 worldnewsnetworking.com. UUNET in Spain. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 62.22.61.188 - 62.22.61.224

62.22.61.193: awfaoi.org. Hit.
62.22.61.197: rc5sports.com. Hit.
62.22.61.198: inside-vc.com. Hit.
62.22.61.200: zerosandonesnews.com. Hit.
62.22.61.202: bailsnboots.com. Hit.
62.22.61.203: the-cricketer-online.com. Hit.
62.22.61.204: hollywoodscreen.net. Hit.
62.22.61.206: worldnewsnetworking.com. Hit.
62.22.61.212: nuestrasfinanzas.com. Hit.
62.22.61.213: sandstormnews.com. Hit.
62.22.61.215: the-tech-mind.com. Hit.
62.22.61.217: court-masters.com. Hit.
62.22.61.219: allworldstatistics.com. Hit.
62.22.61.220: newsjaka.com. Hit.
62.22.61.221: biochemresource.com. Archive broken/empty. One archive: contains an epically long URL that might shed light into something: web.archive.org/web/20120529121245/http://www.biochemresource.com/?fp=iboHtuxnjLG66y52DkK1xCFuZDBnVC8wovQepLt2Tk%2Bo1JIgIdVb6WL8kv6sSOEtxwcq4EbiJ0GxFY9N6HSWlg%3D%3D&prvtof=97vgfKVqt1Sd68qgNDPXB0o7Rwo%2FO3GKiiMG7fane6A%3D&poru=Zd9DHFaHFZ6ZrRLm8SW3egagqvdpzHhWb%2FoulRGeEYIUSVATB5gwTIDhluetONjG7xovtb%2FrvDStoqiAF1O8wA%3D%3D&. Asked at: stackoverflow.com/questions/47310661/any-idea-what-are-fp-prvtof-poru-in-a-url but no reply so far. One day my friend, one day. cqcounter.com/whois/www/biochemresource.com.html not found.
62.22.61.222: www.news-blitz-ar.com (ipinf.ru). No archives. Perfect domain name theme match. cqcounter.com/whois/www/news-blitz-ar.com.html not found.

65.218.91.17 alljohnny.com. UUNET in United States. One of the Reuters websites.

208.91.197.132: rdns source: viewdns.info. Big virtual.
65.218.91.17: rdns source? : viewdns.info. Tested viewdns.info range: 65.218.91.13 - 65.218.91. 17
- 65.218.91.9: welcometonyc.net. Hit. rdns source: ipinf.ru. Later also at 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-10-21 by viewdns.info
  - rolling-in-rapids.com. Hit.
- 65.218.91.17
  - international-smallbusiness.com. Stylitsic match, but some uncommon features like the country seelctor dropdown.
    Archives:
    web.archive.org/web/20110202031627/http://international-smallbusiness.com/
    web.archive.org/web/20120114080103/http://www.international-smallbusiness.com:80/sa.html
    web.archive.org/web/20110202031657/http://international-smallbusiness.com/style.css
    Also a potential unarchived CGI comms: web.archive.org/web/20110202031627/https://ssl.international-smallbusiness.com/cgi-bin/starting.cgi Perhaps with some better HTML reversing we could confirm a hit. Same registrar as alljohnny "L. Glaze" fuck me.
    208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-10-19. Big virtual.
    65.218.91.17 United States UUNET 2013-09-06
216.168.229.50: whoisxmlapi 2008-09-01 (15 years) 2010-04-17. Checked viewdns.info range: 216.168.229.45 - 216.168.229.55. viewdns.info/reverseip/?t=1&host=216.168.229.50 3k domains.

63.131.229.12 cyberreportagenews.com. ADHOST in Coeur d'Alene - United States. Tested viewdns.info range: 63.131.228.248 - 63.131.229.30

63.131.229.2: fightskillsresource.com. Hit
63.131.229.4: unitedterritorynews.com. Hit
63.131.229.9: show-dustry.com. Hit
63.131.229.10: afghanpoetry.net. Hit. Also at 74.254.12.166 in another range.
63.131.229.11: mythriftytrip.com. Hit
63.131.229.12: cyberreportagenews.com. Hit.
63.131.229.13: sunrise-news.com. Hit.
63.131.229.15: cricketnewsforindia.com. Hit.
63.131.229.16:
- nutricion-saludable.info. No archives. cqcounter.com/whois/www/nutricion-saludable.info.html has the exact same screenshot at the .net one, so also hit.
- nutricion-saludable.net. Hit.
63.131.229.18: itnl-xchange.com. Hit.
63.131.229.20:
- fixashion.net. Hit.
- a few others

63.130.160.50 theglobalheadlines.com. CW Vodafone Group PLC in United States. Found with: 2013 DNS census secureserver.net MX records intersection 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 63.130.160.35 - 63.130.160.75

63.130.160.50: theglobalheadlines.com. Hit.
63.130.160.51:
- hai-pow.com. Hit.
- secudenetworksecurity.com. No archives. cqcounter.com/whois/www/secudenetworksecurity.com.html blank image.
63.130.160.53: echessnews.com. Hit.
63.130.160.59: technologiewissen.com. No archives from the time. Would be Technology knowledge in German, so another likely German hit. Shame. cqcounter.com/whois/www/technologiewissen.com.html empty
63.130.160.60: boxingstop.net. Hit.
63.130.160.61: bookmarksthis.com. Hit.
63.130.160.62: azerinews.org. Hit.

64.16.204.55 holein1news.com. Saudi Telecom Company JSC in Saudi Arabia. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 64.16.204.50 - 64.16.204.63. With did Wayback Machine have so few archives here? TODO stopping viewdns.info exploration a bit short due to that.

64.16.204.35: ironcityfootball.com. web.archive.org/web/20080510230549/ironcityfootball.com Legit/broke. cqcounter.com/whois/www/ironcityfootball.com.html from 2011 could be in style though... "Iron City" is a historical nickname for Pittsburgh, Pennsylvania.
64.16.204.51: africannewsandsports.com. No archives. rdns source: viewdns.info. cqcounter.com/whois/www/africannewsandsports.com.html not found.
64.16.204.53: bosniakbusinessnews.com. Hit.
64.16.204.54: affairesdumonde.com. Hit.
64.16.204.55: holein1news.com. Hit.
64.16.204.56: fightorgohome.com. Uncertain. domainsbyproxy.com. Created: 2011-03-28. No archives. rdns source: viewdns.info cqcounter.com/whois/www/fightorgohome.com.html from 2011 not very typical but possible. Has a "Login" link visible for possible comms. The domain name is typical...
64.16.204.58: tech-topix.com. Hit.
64.16.204.60: pakpoldaily.com. No archives. rdns source: viewdns.info. TODO meaning? Might be Indonesian, maybe linked to police: www.facebook.com/watch/?v=880204266271955 cqcounter.com/whois/www/pakpoldaily.com.html not found.

65.61.127.163 capture-nature.com. ADHOST in Greenacres - United States. whois.arin.net/rest/net/NET-65-61-96-0-1/pft?s=65.61.127.163: Net Range: 65.61.96.0 - 65.61.127.255. Organization. Name: TierPoint, LLC. Tested viewdns.info range: 65.61.127.149 -

65.61.127.46: anahuacchamber.com 2012-12-22T14:59:01
65.61.127.117: medicaresupplementalinsurance.com, 2013-08-21T09:49:41. Legit.
65.61.127.121: counter-images.com 2013-08-22T11:14:44: web.archive.org/web/20110208173132/http://www.counter-images.com/ Empty.
65.61.127.125 zaphound.com 2013-08-21T02:25:40. Legit.
65.61.127.130: ambitions.org 2013-08-22T01:43:40. Legit.
65.61.127.161: european-footballer.com. Hit.
65.61.127.163: capture-nature.com. Hit.
65.61.127.164: futbolistico.net. 2012-02-20T03:25:33. Legit. web.archive.org/web/20130509004058/http://futbolistico.net/
65.61.127.165: travelconnectionsonline.com. Ciro initially though this might be a hit. But upon Googling it, there's now a mirror at: travelconn.tripod.com/. Combined with the lack of a standard communications mechanism and the 2001 copyright, maybe it isn't a hit after all
65.61.127.166: globalnewsbulletin.com: Hit.
65.61.127.167: internationalwhiskylounge.com. Hit.
65.61.127.168: the-golden-rule.info 2013-09-20T02:13:52. Hit.
65.61.127.169: crossovernews.net. Hit.
65.61.127.170: newsidori.com. Hit.
65.61.127.171: nrgconsultingandnews.com. Hit. 2013-08-13T18:45:05
65.61.127.172: premierstriker.com. Hit. 2012-01-11
65.61.127.174: dedrickonline.com. Hit.
65.61.127.175: altworldnews.com. Hit.
65.61.127.176: american-historyonline.com. Hit. 2011-09-08
65.61.127.177: material-science.org. Hit.
65.61.127.178: tee-shot.net. Hit.
65.61.127.180: screencentral.info. Hit.
65.61.127.181: worldnewsandtravel.com. Hit. 2011-11-13
65.61.127.182: pangawana.com. Hit.
65.61.127.183: cutabovenews.com. Hit.
65.61.127.184: worldwildlifeadventure.com. Hit.
65.61.127.186: explorealtmeds.com. Hit.
65.61.127.194: 16 domains, so unclear.
- about-video-games.com: web.archive.org/web/20121013013710/http://about-video-games.com/ off
- aboutfaceonline.com: web.archive.org/web/20120701000000*/aboutfaceonline.com off
65.61.127.200: cdl-link.com (ipinf.ru). Legit.
65.61.127.222: asianwhitecoffee.com 2012-07-16T09:21:05 web.archive.org/web/20110903080036/http://asianwhitecoffee.com/. Could be legit.

66.45.179.205 noticiasporjanua.com. ADHOST in Edmonds - United States. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 66.45.179.187 - 66.45.179.223

66.45.179.187: mail03.gatesfoundation.org. Legit.
66.45.179.192: thegraceofislam.com. Hit.
66.45.179.193: arabicnewsunfiltered.com. Hit.
66.45.179.194: raulsonsglobalnews.com. Hit.
66.45.179.195: aryannews.net. Hit.
66.45.179.199: attivitaestremi.com. Hit.
66.45.179.200: foodwineandsuch.com. Hit.
66.45.179.201: hitthepavementnow.com. Hit.
66.45.179.203: noticiascontinental.com. Hit.
66.45.179.205: noticiasporjanua.com. Hit.
66.45.179.206: podisticamondiale.com. Hit.
66.45.179.207: reflectordenoticias.com. Hit.
66.45.179.208: havenofgamerz.com. Hit.
66.45.179.209: vejaaeuropa.com. Hit.
66.45.179.210: sa-michigan.com. Hit.
66.45.179.211: absolutebearing.net. Hit.
66.45.179.212: grandretirement.net. No archives. cqcounter.com/whois/www/grandretirement.net.html blank image.
66.45.179.213: myportaltonews.com. Hit.
66.45.179.214: investmentintellect.com. Hit.
66.45.179.215: nigeriastar.net 2012-03-12. Hit.

66.104.169.184 bcenews.com. XO-AS15 in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.169.158 - 66.104.169.189

66.104.169.162: bestsportsnews.net. Archive broken. cqcounter.com/whois/www/bestsportsnews.net.html error not found.
66.104.169.163: doctorsoncallsite.com. Hit. domainsbyproxy.com
66.104.169.164: lightandshadowonline.com. Hit. domainsbyproxy.com. Created: 2007-11-27. Updated: 2012-06-06.
66.104.169.168: plugged-into-news.net. Hit. Network Solutions, LLC. Registrant: Godfrey Hubbard.
66.104.169.169: worldsportsite.com. Hit. domainsbyproxy.com. Created: 2009-05-20.
66.104.169.171: golf-on-holiday.com. Hit. Network Solutions, LLC. Registrant: Tammy Pulley.
66.104.169.172: perspectiva-noticias.com. Hit. domainsbyproxy.com. Created: 2009-04-28.
66.104.169.175: aquaswimming.com. Hit. domainsbyproxy.com
66.104.169.177: dojo-temple.com. Hit. domainsbyproxy.com
66.104.169.179: neighbour-news.com. Hit. domainsbyproxy.com
66.104.169.180: medicatechinfo.com. Hit. Network Solutions, LLC. Registrant: Jason Noll.
- 205.178.189.131: securitytrails.com 2009-06-25 - 2009-07-02 Network Solutions, LLC., "ip_count": 726755. Moved to new one 2009-07-02 - 2010-11-03
66.104.169.181: brickmanfinancialnews.com. Hit. domainsbyproxy.com
66.104.169.182: casanewsnow.com. Hit. domainsbyproxy.com
66.104.169.183: aworldofnews.com. No archives. cqcounter.com/whois/www/aworldofnews.com.html blank image
66.104.169.184: bcenews.com. Hit.
66.104.169.197: teamshula.com. Legit.

66.104.173.186 myworldlymusic.com. XO-AS15 in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.173.158 - 66.104.173.194

66.104.173.161: fanatic-pc-gamers.com. domainsbyproxy.com. 2013: Welcome to the US Petabox. cqcounter.com/whois/www/fanatic-pc-gamers.com.html somewhat in-style with large "Login to our Members Forum" message and copyright 2005.
66.104.173.163: runakonews.com. Hit.
66.104.173.164: shoppingadventure.net. Hit.
66.104.173.165: entertaining-ly.com. Hit. Network Solutions, LLC for Matthew Sorrell. tools.whoisxmlapi.com/reverse-whois-search hits:
- premier-fishing-tips.com. Legit with photos and mention of Matthew Sorrell: web.archive.org/web/20110129024453/http://www.premier-fishing-tips.com/ Still live as of 2025.
  Sincerely,
  Matthew Sorrell
  Webmaster, Premier-Fishing-Tips.com
- entertaining-ly.com
66.104.173.166: zubeenews.com. Hit. domainsbyproxy.com
66.104.173.169: smart-financeology.com. Hit. domainsbyproxy.com
66.104.173.173: remarkably has two potential hits, both shown in viewdns.info, and one of them was also in the 2013 DNS Census.
- worldfeedstoday.com. Hit. Network Solutions, LLC + Perfect Privacy LLC.
- world-newsfeeds.com. No archives. cqcounter.com/whois/www/world-newsfeeds.com.html blank image.
66.104.173.175: media-coverage-now.com. Hit. domainsbyproxy.com
66.104.173.176: jbc-online-news.com. Hit. domainsbyproxy.com
66.104.173.177: webscooper.com. Hit.
66.104.173.178: dk-dcinvestment.com. Hit. domainsbyproxy.com
66.104.173.179: newsforthetech.com. Hit. domainsbyproxy.com
66.104.173.180: stara-turistick.com. Hit. domainsbyproxy.com
66.104.173.181: playbackpolitics.com. Hit. domainsbyproxy.com
66.104.173.182: snapnewsfront.net. Hit. domainsbyproxy.com
66.104.173.183: ingenuitytrendz.com. Hit. domainsbyproxy.com
66.104.173.184: armashoy.com. Hit. domainsbyproxy.com
66.104.173.185: baocontact.com. Hit. Godaddy for a "Denise Welch":
```
"name": "Denise Welch",
"organization": null,
"street": "Box 288",
"city": "Macdona",
"state": "Texas",
"postalCode": "78054",
"country": "UNITED STATES",
```
tools.whoisxmlapi.com/reverse-whois-search has 151 results, some inspections:
- web.archive.org/web/20160610031345/http://socialmediamagazine.biz/ legit Denise Welch, President
- web.archive.org/web/20211126033925/http://allofmywishes.com/ no relevant archives
- web.archive.org/web/20110208070523/pet-a-bration.com no archives
Reducing a bit searching for Macdona as city gives only 19 hits:
- web.archive.org/web/20111126163259/http://tamilupgraded.com/ 19 Archives broken. cqcounter.com/whois/www/tamilupgraded.com.html off style.
- web.archive.org/web/20080115063123/http://www.zirnitrasports.com/ suspicious but quite broken. Arabic. Split images. Comms not found. cqcounter.com/whois/www/zirnitrasports.com.html in-style. viewdns.info/iphistory/?domain=zirnitrasports.com. Members/register at top linking to web.archive.org/web/20080115220218/http://www.zirnitrasports.com/reg.html
  - 216.180.224.58 British Virgin Islands NTHL 2012-01-11. viewdns.info/reverseip/?t=1&host=216.180.224.58 small virtual. Also searched 216.180.224.50 - 216.180.224.65
    dare2wearts.com 2012-06-29 No archives.
    keralaaicuf.com 2012-09-21. No archives.
    kids-ireland.com 2011-11-13 web.archive.org/web/20110128075525/http://kids-ireland.com/ off
    makeupbyjadab.com 2012-11-12. Off
    socalfitnessbootcamp.com 2012-06-29. Off
    unitedwelfareservices.com 2012-11-12. No archives.
    zirnitrasports.com 2012-01-11
- bontonphoto.com web.archive.org/web/20100605033030/http://www.bontonphoto.com/ suspicious with members linking to web.archive.org/web/20130826142257/https://bonto001.secure.omnis.com/cgi-bin/main.cgi www.omnis.com/ is a hosting service.
  - web.archive.org/web/20130528074647/http://bontonphoto.com/ better screenshot has a news link.. cqcounter.com/whois/www/bontonphoto.com.html empty
- olqhchurch.com web.archive.org/web/20110201182208/http://olqhchurch.com/ dead, cqcounter.com/whois/www/olqhchurch.com.html not found
66.104.173.186: myworldlymusic.com. Hit.
66.104.173.189: hitpoint-gaming.com. Hit. Network Solutions, LLC + perfect privacy.

66.104.175.40 beyondnetworknews.com. XO-AS15 in United States. whois.arin.net/rest/net/NET-66-104-0-0-1/pft?s=66.104.175.40. Net Range:66.104.0.0 - 66.107.255.255. 2012 Internet Census puts most/all hits in this range under ip66-104-175-34.z175-104-66.customer.algx.net, algx.net redirects to verizon.com as of 2023. Related: superuser.com/questions/956568/why-are-my-pings-going-to-customer-algx-net. Tested viewdns.info range: 66.104.175.24 - unknown

66.104.175.34: itwebtoday.com. Hit. domainsbyproxy.com
66.104.175.35: drglobalnews.com. Hit.
66.104.175.36: adilnews.net. Hit.
66.104.175.37: technewstogo.com. web.archive.org/web/20110201205946/http://technewstogo.com/ "UNDER CONSTRUCTION" cqcounter.com/whois/www/technewstogo.com.html same.
66.104.175.40: beyondnetworknews.com. Hit.
66.104.175.41: grubbersworldrugbynews.com. Hit. domainsbyproxy.com
66.104.175.42: news-and-sports.com. Hit.
66.104.175.44: yourtripfinder.net. Hit. domainsbyproxy.com
66.104.175.45: rollinsnetwork.com. Hit. domainsbyproxy.com
66.104.175.46: infosharenews.com. Hit.
66.104.175.47: southasiaheadlines.com. Hit.
66.104.175.48: worlddispatch.net. Hit.
66.104.175.49: webworldsports.com. Hit.
66.104.175.50: fly-bybirdies.com. Hit.
66.104.175.51: businessexchangetoday.com. Hit.
66.104.175.52: mensajeradenoticias.com. Hit. domainsbyproxy.com
66.104.175.53: info-ology.net. Hit.
66.104.175.54: marketflows.net. Hit. domainsbyproxy.com
66.104.175.57: metanewsdaily.com. Hit.
66.104.175.218: remote.taxconsultantsgroup.com. No archives. cqcounter.com/whois/www/taxconsultantsgroup.com.html commercial so unlikely

66.175.106.148 activegaminginfo.com. UUNET in United States. whois.arin.net/rest/net/NET-66-175-106-128-1/pft?s=66.175.106.148: Net Range: 66.175.106.128 - 66.175.106.159. Customer Name: DIAMOND-COLESON. Tested viewdns.info range: 66.175.106.131 - 66.175.106.178

66.175.106.10: nationalchecktrust.com. Legit?
66.175.106.134: paddlescoop.com. Hit.
66.175.106.137: kessingerssportsnews.com. Hit. Network Solutions: Latimer, Daniel
```
"name": "Latimer, Daniel|ATTN KESSINGERSSPORTSNEWS.COM|care of Network Solutions",
"organization": null,
"street": "PO Box 459",
"city": "PA",
"state": "US",
"postalCode": "18222",
"country": "UNITED STATES",
```
12 hits for name but nothing else looks promissing:
- element42.au
- refugeministryoils.com
- element42.com.au
- refugeloveministry.net
- refugeloveministry.com
- boysofrockingham.com
- daniellatimer.net
- thejourneytoyourheart.com. web.archive.org/web/20130925191623/http://thejourneytoyourheart.com/ empty cqcounter.com/whois/www/thejourneytoyourheart.com.html not found
- latimerstudio.com
- latimerstudios.com
- danlatimer.com
- kessingerssportsnews.com
66.175.106.138: factorforcenews.com. Hit. domainsbyproxy.com
66.175.106.140: aroundthemiddleeast.com. No Wayback Machine hits. Last resolved: 2012-06-29. cqcounter.com/whois/www/aroundthemiddleeast.com.html not found.
66.175.106.142: kanata-news.com. Hit. domainsbyproxy.com
66.175.106.143: thecricketfan.com. Hit.
66.175.106.146: inews-today.com. Initially found with 2013 DNS Census virtual host cleanup heuristic keyword searches which gave IP address 193.203.49.212. But that has no nearby hits. 66.175.106.146 was later found on viewdns.info, and slotted into this other existing IP range.
- 193.203.49.211 datingso.com: legit? Russian dating website
- 193.203.49.212 inews-today.com. Hit.
- 193.203.49.223 zatysi.net: legit
- 193.203.49.226 kinotopik.com: legit? Russian
- 193.203.49.229 rotor-volgograd.com. Legit.
- 193.203.49.233 ordercytotec.com. Broken. cqcounter.com/whois/www/ordercytotec.com.html not found.
66.175.106.147: starwarsweb.net. Hit.
66.175.106.148: activegaminginfo.com. Hit. Network Solutions, LLC for Elizabeth Corral. tools.whoisxmlapi.com/reverse-whois-search reverse search "Corral, Elizabeth" only has that hit
66.175.106.149: feedsdemexicoyelmundo.com. Hit.
66.175.106.150: noticiasmusica.net. Hit. Network Solutions, LLC for Megan See. tools.whoisxmlapi.com/reverse-whois-search only this hit.
66.175.106.155: atomworldnews.com. Hit. domainsbyproxy.com
66.175.106.158: nouvellesetdesrapports.com. Hit.
66.175.106.166: exchange.katzbarron.com. Legit. Reverse IP source: 2012 Internet Census
66.175.106.183: mail.lfdatacenter.com. No archives.

66.237.236.247 comunidaddenoticias.com. XO-AS15 in United States. Tested viewdns.info range: 66.237.236.222 - 66.237.236.254

66.237.236.227: newsandmusicminute.com. Hit. Network Solutions, LLC for:
```
"name": "Alger, Jennifer",
"organization": null,
"street": "PO Box 459",
"city": "Drums",
"state": "PA",
"postalCode": "18222",
"country": "UNITED STATES",
```
tools.whoisxmlapi.com/reverse-whois-search search for "Alger, Jennifer" has four domain:
- preparedtoact.com: parked domain girl web.archive.org/web/20130831091701/http://www.preparedtoact.com/
- prepared2act.com
- newsandmusicminute.com
- jennisdish.com web.archive.org/web/20110207105346/http://jennisdish.com/ godaddy
but more interestingly this address is the same as other hits: activegameinfo.com and noticiasmusica.net! "PO Box 459" anywhere search has 10k+ domains and so does Drums so not helping.
66.237.236.229: pearls-playlist.com 2011-11-13. Hit. domainsbyproxy.com

66.237.236.230: beyondthefringe.info 2013-01-02. Hit. GoDaddy.com for

"registrantContact": {
  "name": "Nathan Stock",
  "organization": null,
  "street": "PO Box 61654",
  "city": "Savannah",
  "state": "Georgia",
  "postalCode": "31420",
  "country": "UNITED STATES",
  "email": "nathanstock@earthlink.net",
  "telephone": "19129206355",

no hits for that name of reversed.

66.237.236.231: primetimemovies.net 2011-06-22. Hit. No whois records.
66.237.236.235: persephneintl.com. Hit. domainsbyproxy.com
66.237.236.236: directoalgrano.net 2012-01-23. Hit.
66.237.236.240: actualizaciondebeisbol.com. Hit. domainsbyproxy.com
66.237.236.243: mygadgettech.com. Hit.
66.237.236.247: comunidaddenoticias.com. Hit. domainsbyproxy.com
66.237.236.249: sumerjaseahora.com. Hit. domainsbyproxy.com

69.84.156.90 stickshiftnews.com. COLOSPACE in Methuen - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 69.84.156.64 - 69.84.156.95

69.84.156.69: al-ashak-news-me.com. Hit.
69.84.156.70: theventurenews.info. Hit.
69.84.156.71: worldfinancetoday.net. Hit.
69.84.156.72: autonewsarabia.com. Hit.
69.84.156.74: blue-moon-news.com. Hit.
69.84.156.75: theoutergreen.com. No archives. Might have been another golf hit. cqcounter.com/whois/www/theoutergreen.com.html not found.
69.84.156.76: tnc-urdu.com. Hit.
69.84.156.79: jassimnews.com. No archives/broken. cqcounter.com/whois/www/jassimnews.com.html blank.
69.84.156.80: noticiasdenuestromundo.com. Hit.
69.84.156.82: arabicnewsonline.com. Hit.
69.84.156.83: unganadormundial.com. Hit.
69.84.156.84: focusonbokeh.com. Hit. Network Solutions, LLC.
69.84.156.85: classic-rocktopia.com. Hit. domainsbyproxy.com.
69.84.156.87: i7diver.com. Hit.
69.84.156.88: diariodeelmundo.com. Hit.
69.84.156.89: todaysarabnews.com. Hit.
69.84.156.90: stickshiftnews.com. Hit.
69.84.156.91: theinternationalgoal.com. Hit.

72.34.53.174 technologytodayandtomorrow.com. IHNET in United States. This IP is special. This IP is somehow closely linked to the "Mass Deface III" pastebin as it seems to have been hosted by Condor hosting. They also have many old sites, and links to Russia which is apparently where this was hosted.

viewdns.info/iphistory/?domain=technologytodayandtomorrow.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-11-13 virtual
- 72.34.53.174 United States IHNET 2011-09-08. Tested viewdns.info range: 72.34.53.164 72.34.53.184 viewdns.info/reverseip/?t=1&host=72.34.53.174 went through all of them;
  - hits
    electronictechreviews.com 2011-09-08 domainsbyproxy.com
    recursosdenoticias.com 2012-06-29 domainsbyproxy.com
    todaysnewsandweather-ru.com 2012-01-11 domainsbyproxy.com
    myonlinegamesource.com 2012-01-11 Godaddy:
    "name": "Brandon Stiltner", "organization": null, "street": "1200 Brookstone Centre Pkwy", "city": "Columbus", "state": "Georgia", "postalCode": "31904", "country": "UNITED STATES",
    has two domains:
    sandshomerepairs.com. web.archive.org/web/20110207105346/sandshomerepairs.com no archives, cqcounter.com/whois/www/sandshomerepairs.com.html not found
    myonlinegamesource.com
    mytravelopian.com 2011-04-04 domainsbyproxy.com
  - possible hits
    * intloil.org 2012-04-27. 2011, Possible hit, a bit off style, but possibly because too broken. rss-item. Copyright 2005. Present at pastebin.com/CTXnhjeSp (now lost without archives I'm an idiot). cqcounter.com/whois/www/intloil.org.html from 2011 somewhat in style but interestingly also similarly broken. The "Login" button leads to another domain: "condorsecure.com": web.archive.org/web/20110721052801/https://condorsecure.com/~intloilo/alternativefuels.html which is megaweird and is what is mentioned in the "Mass Deface III" pastebin. domainsbyproxy.com. A similar thing happens in europeantravelcafe.com but to another domain.
    * islamicnewsonline.com 2013-03-23. No archives in date range. cqcounter.com/whois/www/islamicnewsonline.com.html not found, sad
  - not hits
    businesscardprinternyc.info 2012-04-18. Legit web.archive.org/web/20110925172844/http://businesscardprinternyc.info/
    dermozamsoe106.com 2011-07-02
    glialcells2009paris.com 2012-11-12
    hysfreedom.net 2013-07-08. Legit. web.archive.org/web/20111014185727/http://hysfreedom.net/
    integrativetherapiesec.com 2013-06-30. Parked domain girl. cqcounter.com/whois/www/integrativetherapiesec.com.html not found
    larumbaknox.com 2012-01-11. Parked domain girl
    theebizguy.com 2022-12-26 web.archive.org/web/20250000000000*/theebizguy.com many archives
    nofatchics.com 2012-01-11
    bjellaagency.com 2023-03-07
securitytrails.com/domain/technologytodayandtomorrow.com/history/a same

74.116.72.236 techtopnews.com. OPTIMUM-WIFI2 in Brooklyn - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.116.72.215 - 74.116.72.254

74.116.72.199: newsungraphics.com. Legit.
74.116.72.209: newsung.com. Legit/broken. cqcounter.com/whois/www/newsung.com.html not found
74.116.72.214: ofinancialinc.com. Legit.
74.116.72.219: stockpromoters.com. Legit.
74.116.72.227: dayenews.com. Hit.
74.116.72.229: guide-daventure.com. Hit.
74.116.72.230: spaceage-exchange.com. No archives. cqcounter.com/whois/www/spaceage-exchange.com.html blank image.
74.116.72.231: bleachersfootballnews.com. Hit.
74.116.72.232: indirectfreekick.com. Hit.
74.116.72.233: wwiichronicles.net. Hit.
74.116.72.234: petroleumagenews.com. Hit.
74.116.72.235: the-open-book-online.com. Hit.
74.116.72.236: techtopnews.com. Hit.
74.116.72.237: noticiasdiariasdedeportes.com. No archives. Sad, another potential Brazil hit. cqcounter.com/whois/www/noticiasdiariasdedeportes.com.html not found.
74.116.72.238: pohandakhbar.com. Hit. domainsbyproxy.com.
74.116.72.239: crickettoday.info. Hit.
74.116.72.240: zafernews.com. Hit.
74.116.72.241: itechnewstoday.com. Hit. domainsbyproxy.com.
74.116.72.242: gdgtsource.com. Hit.
74.116.72.243: waronfilmonline.com. Hit.
74.116.72.244: arborstribune.org. Hit. arborstribune.org. Godaddy without domainsbyproxy.com. Registrant: Ryan Binder, email rkbinder@copper.net Reverse hits for name:
- arborstribune.org
- phaseintl.us
- rblab.us
- bindersynthetics.com
- ryanbinder.com
- finalmarch.com. No archives. cqcounter.com/whois/www/finalmarch.com.html not found.
- finalmarch.info.
- mydrunknews.com. Godaddy parked: web.archive.org/web/20110207181833/http://mydrunknews.com/. cqcounter.com/whois/www/mydrunknews.com.html not found.
74.116.72.245: wineenthusiastonline.com. Welcome to the US Petabox. cqcounter.com/whois/www/wineenthusiastonline.com.html not found.
74.116.72.246: vuvuzelanews.com. Hit.
74.116.72.247: ballbatstumpsandbails.com. Hit.
74.116.72.248: kioni-sailing.com. Hit.
74.116.72.249: round-trip-travel.com. Hit.
74.116.72.250: arabicnewsource.com. Hit.

74.254.12.168 non-stop-news.net. BELLSOUTH-NET-BLK in Atlantic Beach - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.254.12.158 - 74.254.12.195. This domain exceptionally also has a second IP also with multihits: 207.239.196.230. The fact that the range has rdns sources with hits from both 2013 DNS Census and viewdns.info suggests this range is correct.

74.254.12.163: half-court.net. Hit.
74.254.12.163: dailywellnessnews.com. Hit.
74.254.12.165: dylandon.net. Hit. rdns source: viewdns.info.
74.254.12.166: afghanpoetry.net. Hit.
74.254.12.168: non-stop-news.net. Hit.
74.254.12.169: soldiersofsouthasia.com. Hit.
74.254.12.170: greek-news.info. Hit.
74.254.12.171: autism-news.org. Hit.
74.254.12.172: thesportsguidebook.com. rdns source: 2013 DNS Census. Only has archive of one subpage: 2009. English. sports. cqcounter.com/whois/www/thesportsguidebook.com.html not found.
74.254.12.173: thefreshnews.com. Hit.
74.254.12.174: reliefline.info. web.archive.org/web/20090416064302/http://www.reliefline.info:80/ Archive too broken. cqcounter.com/whois/www/reliefline.info.html broken.
74.254.12.176: pakcricketgrd.com. Hit.
74.254.12.177: networkofnews.com. Hit.
74.254.12.179: wineconnaisseur.net. Hit.
74.254.12.180: helpinghandssite.com. Hit.
74.254.12.185: newskwest.com. No archives. cqcounter.com/whois/www/newskwest.com.html broken.
74.254.12.187: efiinvestment.com. Hit.
74.254.12.188: first-tee-golf.com. Hit.
74.254.12.189: fabu-foto.com. Hit.
74.254.12.190: viptravelabroad.com. Hit.

173.208.81.2 LEASEWEB-USA-CHI in Lombard - United States:

weblognewsinfo.com:
- dnshistory.org/historical-dns-records/a/weblognewsinfo.com 2010-05-10 -> 2010-10-07 64.120.20.234 viewdns.info/reverseip/?t=1&host=64.120.20.234 small virtual:
  - web.archive.org/web/20101229135149/http://knightsofx.net/ off
  - marvel-mail.com/ no archives, dawhois.com/site/marvel-mail.com.html no results
- viewdns.info/iphistory/?domain=weblognewsinfo.com
  - 208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2013-09-26 virtual
  - 173.208.81.2 Lombard - United States LEASEWEB-USA-CHI 2013-06-30 virtual with newsincirculation.com viewdns.info/reverseip/?t=1&host=173.208.81.2
    web.archive.org/web/20110131042438/http://underground-basement.com/ off
    web.archive.org/web/20110623044033/http://www.mypolitiki.com/ off
newsincirculation.com
- dnshistory.org/historical-dns-records/a/newsincirculation.com
  - 2010-03-10 -> 2010-08-15 64.120.20.234 virtual with weblognewsinfo.com
  - 2013-11-26 -> 2013-11-26 70.32.43.226
- viewdns.info/iphistory/?domain=newsincirculation.com
  - 70.32.43.226 Lombard - United States LEASEWEB-USA-CHI 2014-01-31
  - 50.63.202.77 United States AS-26496-GO-DADDY-COM-LLC 2013-10-19. virutal?
  - 70.32.43.226 Lombard - United States LEASEWEB-USA-CHI 2013-09-26 virtual?
  - 69.147.228.5 Chicago - United States LEASEWEB-USA-CHI 2012-11-12 unknown. Tested viewdns.info range: 69.147.228.1 69.147.228.15. Nope.
  - 173.208.81.2 Lombard - United States LEASEWEB-USA-CHI 2011-04-04 virtual

199.19.110.7 theworldnewsfeeds.com. Los Angeles - United States FIBER-LOGIC.

dnshistory.org/historical-dns-records/a/theworldnewsfeeds.com no hits
viewdns.info/iphistory/?domain=theworldnewsfeeds.com
- 199.19.110.7 2012-01-11 unknown range viewdns.info/reverseip/?t=1&host=199.19.110.7 small virtual:
  - Hits
    classymotors.net
    russiansportsworld.com
    urbestbod.com
  - Not hits:
    angelesmesapc.org: web.archive.org/web/20110623222054/http://angelesmesapc.org/ seems legit.
    web.archive.org/web/20110701070546/http://www.gralnickandsale.com/ broken
    web.archive.org/web/20110208064143/http://magnoliahousephotography.com/ commercial
    web.archive.org/web/20101229224456/http://rdns13.net/ cgi bin
- 74.200.252.212 United States RACKSPACE 2011-11-13 unknown range. viewdns.info/reverseip/?t=1&host=74.200.252.212 small virtual fully explored:
  - web.archive.org/web/20110202113450/http://vhserver2.com/ Joomla
  - web.archive.org/web/20110207191522/http://haugofamily.com/ redirecting

199.85.212.118 just-kidding-news.com. ATT-INTERNET4 in United States.

199.85.212.118 rdns source: 2013 DNS Census virtual host cleanup heuristic keyword searches, dnshistory.org (2009-09-23 -> 2011-01-25) and viewdns.info: "location": "United States", "owner": "VIMRO, LLC", "lastseen": "2012-01-11". Tested viewdns.info range: 199.85.212.95 - 199.85.212.128. Not sure worth it given the many 2013 DNS Census misses surrounding.
- 199.85.212.98: colorsxpress.com. Legit
- 199.85.212.104:
  - jobindons.com 2013-10-19.
  - piogroup.org 2012-12-29.
- 199.85.212.105: mide-news.com. Hit.
- 199.85.212.109: game2be.com. Infinite load loop: web.archive.org/web/20080102074404/http://www.game2be.com/ cqcounter.com/whois/www/game2be.com.html error not found.
- 199.85.212.111:
  - newsandsportscentral.com. Hit.
  - and many many others, not bothering with it
- 199.85.212.115: veryperi.com. Legit? 2011. Style is similar.
- 199.85.212.116: approselect.com. Legit?
- 199.85.212.117: innovative-software-solutions.com. broken/legit cqcounter.com/whois/www/innovative-software-solutions.com.html broken.
- 199.85.212.118: just-kidding-news.com. Hit.
- 199.85.212.119: invisus.com. Legit
- 199.85.212.120: allurebyjustine.com. Legit?
- 199.85.212.121: stockprouniversity.com cqcounter.com/whois/www/stockprouniversity.com.html legit?
- 199.85.212.122: stjosephswoodshop.com Legit?
- 199.85.212.125: time-spacer.net. Welcome to the US Petabox. cqcounter.com/whois/www/time-spacer.net.html service unavailable
- 199.85.212.132: qualitytrans.net. Legit?
- 199.85.212.134: mywellnessminder.com. Legit?
- 199.85.212.138: crystalglassinc.com
- 199.85.212.140: davistech-llc.com
68.178.232.100: see rastadirect.net. rdns source: viewdns.info: "location": "United States", "owner": "GoDaddy.com, LLC", "lastseen": "2012-06-29"
209.85.45.84. Tested viewdns.info range: 209.85.45.74 - 209.85.45.94.
- 209.85.45.2: dz8.dailyrazor.com
- 209.85.45.2: jr4consulting.com
- 209.85.45.41: guitarzza.com. No archives of time.
- 209.85.45.46: evergraindecking.com. No archives of time.
- 209.85.45.114: mauritiuspropertyconsultant.com. Legit/ broken.
- 209.85.45.160: bieltvedt.net. No archives of time.
- 209.85.45.160: golfstats.dk. No archives.
- 209.85.45.225: infokus.ca
- 209.85.45.225: mail.tomlatham.net
- 209.85.45.225: mail.tomlatham.org
- 209.85.45.239: flavacationcenter.com

204.176.38.143 noticiassofisticadas.com. UUNET in United States. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 204.176.38.125 - 204.176.38.154

204.176.38.130: i-pressnews.com. Hit.
204.176.38.132: turkishnewslinks.com. Hit.
204.176.38.134: photographyarecord.com. Hit.
204.176.38.135: breakingthewicket.com. Hit.
204.176.38.136: politicalworldtoday.com. Hit.
204.176.38.137: hi-tech-today.com. Hit.
204.176.38.138: continental-business-news.com. TODO. rss-item, split images. 2011. Cannot find comms. Also header and footer are not limited width which is unusual. Further HTML similarity reversing would be needed.
204.176.38.139: bigscreenbattles.com. Hit.
204.176.38.141: rakotafootball.com. Hit.
204.176.38.142: senderosdemontana.com. Hit.
204.176.38.143: noticiassofisticadas.com. Hit.
204.176.38.144: techno-today.com. Hit.
204.176.38.145: tickettonews.com. Hit.
204.176.38.146: dps-digitalphotosharing.com. Hit.
204.176.38.147: theputtingreen.com. Hit.
204.176.38.149: sportsnewstodayar.com. Hit.
204.176.38.150: kairuafricanews.com. Hit.

204.176.39.115 globalprovincesnews.com. UUNET in United States. Tested viewdns.info range: 204.176.39.93 - 204.176.39.124

204.176.39.97: beamingnews.com. Hit.
204.176.39.98: cubriendonoticias.com. Hit.
204.176.39.100: rowleyworldpost.com. Hit.
204.176.39.101: noticiastopicas.com. No archives. cqcounter.com/whois/www/noticiastopicas.com.html not found.
204.176.39.103: economicnewsbuzz.com. Hit.
204.176.39.104: spectranewsonline.com. Hit.
204.176.39.105: entertainmentnewscompany.com. Hit.
204.176.39.107: guidetoelectronics.net. Uncertain. 2010. English. tech, electronics. Split images, rss-items. Comms not found, likely CGI comms variant on unarchived login page:. web.archive.org/web/20101230025246/http://guidetoelectronics.net/login.html
204.176.39.110: arabnewsatdawn.com. Hit.
204.176.39.114: messengergalaxy.com. Uncertain. 2011. Would be the first example of something more commercial/service offering we've seen so far. Possible CGI comms variant.
204.176.39.115: globalprovincesnews.com. Hit.
204.176.39.116: mahparah-news.com. Hit.
204.176.39.119: commercialspacedesign.com. Hit.

207.150.191.68 technologypresstoday.com. Saudi Telecom Company JSC in Saudi Arabia.

technologypresstoday.com. Hit. 2011. JAR. Farsi. RSS, split images.
- viewdns.info/iphistory/?domain=technologypresstoday.com says 72.13.93.206 Santa Clara - United States EGIHOSTING 2012-01-11. viewdns.info/reverseip/?host=72.13.93.206&t=1 says large virtual.
- dnshistory.org/dns-records/technologypresstoday.com says empty
- securitytrails.com/domain/technologypresstoday.com/history/a
  - 72.13.93.203 EGIHosting 2009-07-20 (16 years) 2009-07-27 (16 years) 7 days
  - 64.13.159.156 Wave Broadband 2009-05-30 (16 years) 2009-07-16 (16 years) 2 months. viewdns.info/reverseip/?t=1&host=64.13.159.156 empty.
  - 207.150.191.68 Saudi Telecom Company JSC 2009-01-21 (16 years) 2009-05-22 (16 years) 4 months
  - 68.178.232.100 GoDaddy.com, LLC 2009-01-14 (16 years) 2009-01-20 (16 years) 6 days
worldofonlinenews.com. Hit.
- dnshistory.org/historical-dns-records/a/worldofonlinenews.com 2015-12-15 -> 2016-04-21 108.167.161.90 presumably from the legit era
- viewdns.info/iphistory/?domain=worldofonlinenews.com
  - 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-02 virtual
  - 207.150.191.68 Saudi Arabia Saudi Telecom Company JSC 2011-04-04 virtual
mywebofnews.com. Hit.
- dnshistory.org/historical-dns-records/a/mywebofnews.com 2010-03-09 -> 2010-08-14 207.150.191.68 But this has several hits for the same IP on DNS Census 2013 which is unusual:
```
3xhunter.com|2012-04-12T07:53:24|207.150.191.68
dreamersoul.net|2012-04-11T22:06:18|207.150.191.68
exdump.com|2012-02-03T11:42:44|207.150.191.68
```
viewdns.info/reverseip/?host=207.150.191.68&t=1 is medium virtual:
- world-high.info: cqcounter.com/whois/www/world-high.info.html legit wordpress
- viewdns.info/iphistory/?domain=mywebofnews.com no hits
  68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2011-07-27 virtual
  207.150.191.68 Saudi kkkArabia Saudi Telecom Company JSC 2011-06-22 virtual
viewdns.info/reverseip/?host=207.150.191.68&t=1
- kickofffootballnews.com. Hit. viewdns.info/iphistory/?domain=kickofffootballnews.com to that IP alone
- ithaiproperty.com. Legit. web.archive.org/web/20111001231548/http://www.ithaiproperty.com/
- themaconnightlife.com: no archives: web.archive.org/web/20250000000000*/themaconnightlife.com. cqcounter.com/whois/www/themaconnightlife.com.html sems legit.
- web.archive.org/web/20110202093639/http://theadvancompany.com/ cgi-bin directory
- web.archive.org/web/20091212001404/http://www.toddlerbedrailshop.com/ off
- cqcounter.com/whois/www/texasdavisfive.com.html off
- web.archive.org/web/20250000000000*/geldherrin-lady-estefania.com no archives.

207.210.250.132 aeronet-news.com. AS17378 in United States. This is the Autonomous System Number for TierPoint, LLC. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 207.210.250.126 - 207.210.250.157

207.210.250.131: starrynightnews.com. Hit.
207.210.250.132: aeronet-news.com. Hit.
207.210.250.133: bakaribulletin.com. Hit.
207.210.250.134: deprensaenlarevisiondehoy.com. Hit.
207.210.250.135: icwb-news.com. Hit.
207.210.250.136: sportsreelhighlights.com. Hit.
207.210.250.137: fashionforward.info. No archives. cqcounter.com/whois/www/fashionforward.info.html innovative but has a "Member" section. Stock lady visible somwhere at westlahairgrowth.com/?page_id=12158 according to Google images but I couldn't find it easily in the page.
207.210.250.138: inquiry-human-past.com. Hit.
207.210.250.139: thefairwaysaregreen.com. Hit.
207.210.250.142: russiaupdate.com. Hit.
207.210.250.143: archaeologyreview.net. Hit.
207.210.250.144: highspeed-news.com. No archives. cqcounter.com/whois/www/highspeed-news.com.html not found.
207.210.250.146: noticias-caracas.com. Hit.
207.210.250.147: bailandstump.com. Hit.
207.210.250.148: classicalmusic4arab.com. Hit.
207.210.250.149: globalventurestat.com. Hit.
207.210.250.152: al-rashidrealestate.com. Hit.
207.210.250.153: newsintheworld-ru.com. Hit.
207.210.250.154: news-unlimited.info. Hit.

208.93.112.105 fastnews-online.com. TULIP-SYSTEMS in United States. Checked viewdns.info range: 208.93.112.90 - 208.93.112.155

208.93.112.101: cketnews.com: web.archive.org/web/20070612034201/http://cketnews.com/. Archives from 2007 and off style. cqcounter.com/whois/www/cketnews.com.html not found.
208.93.112.105: fastnews-online.com. Hit.
208.93.112.106: travelxtreme.net. Hit.
208.93.112.108: nbanewsroundup.com. Hit.
208.93.112.110: luxuryfive.net. Hit.
208.93.112.111: topfootballnewsonline.com. Hit.
208.93.112.112: todaysportscores.com. Hit.
208.93.112.113: mostefficientself.com. Uncertain. cqcounter.com/whois/www/mostefficientself.com.html hard to tell. One is reminded of fightorgohome.com.
208.93.112.114: dynamicworldnews.com. Hit.
208.93.112.116: gazingvoyage.com. Hit.
208.93.112.123: garundipost.com. Hit.
208.93.112.125: theradioamateurs.com: no archives. cqcounter.com/whois/www/theradioamateurs.com.html not found.

208.254.38.39 todaysengineering.com. COLO-PREM-VZB in United States.

Tested viewdns.info range: 208.254.38.9 - 208.254.38.86. Weirdly empty, doesn't even show the domain iteslf!
- 208.254.38.39: todaysengineering.com. Hit. rdns source: both viewdns.info and 2013 DNS Census
- 208.254.38.56: nejadnews.com. Hit.
68.178.232.100: source: securitytrails.com. 2009-11-24 - 2009-12-11, GoDaddy.com, LLC

208.254.40.117 worldnewsandent.com. COLO-PREM-VZB in United States. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117: Net Range 208.192.0.0 - 208.255.255.255. Tested viewdns.info range: 208.254.40.92 - 208.254.40.135

208.254.40.96: sixty2media.com. Hit.
208.254.40.99: newspoliticssource.com. Hit.
208.254.40.110 musical-fortune.net. Hit.
208.254.40.113: ashoka-gemstones.com. Hit.
208.254.40.117: worldnewsandent.com. Hit.
208.254.40.124: riskandrewardnews.com. Hit.
208.254.40.129: mailb.casella.com. Legit.

208.254.42.205 driversinternationalgolf.com. COLO-PREM-VZB in United States. Tested viewdns.info range: 208.254.42.178 - 208.254.42.233.

208.254.42.35: mystorytimefriends.com. Broken/legit.
208.254.42.194: it-proonline.com. Hit.
208.254.42.200: riccs.mwcog.org. Legit. Reverse IP source: 2012 Internet Census, 2012-05-14.
208.254.42.205: driversinternationalgolf.com. Hit.
208.254.42.209: mardelsurnoticias.com. Hit. Reverse IP source: viewdns.info
208.254.42.215: nowfreshfinances.com. Hit.
208.254.42.216: circulatingnews.net. Hit.
208.254.42.219: westingtonpassnews.com. Hit. Reverse IP source: 2013 DNS Census
208.254.44.155: brandimpact.com. Legit/broken: web.archive.org/web/20070801000000*/brandimpact.com
208.254.45.105: operatorenum.com. Legit/broken: web.archive.org/web/20100301000000*/operatorenum.com

209.162.192.49 rastadirect.net. DF-PTL2-3 in Gresham - United States. Source: securitytrails.com and cqcounter.com/site/rastadirect.net.html. Tested viewdns.info: 209.162.192.30 209.162.192.70
* 209.162.192.44: thejewelofsouthamerica.com. Hit.
* 209.162.192.49: rastadirect.net. Hit.
* 209.162.192.51: yellow-chair-report.com. Hit.
* 209.162.192.54: tutkulu-turu.com. Possible hit. domainsbyproxy.com 2008-03-04. Weird style made up exclusively of cut up images, including the text itself where links would normally be. Turkish. Archive a bit weird with images on top of text. 2011 Copyright 2006. Unarchived link to web.archive.org/web/20110129065840/http://tutkulu-turu.com/login.html with title "Kullanıcı adı" (Username). Headline "Online seyahat etmek acenta" translates to "Online travel agency".
* 209.162.192.57: globalnewsreports.net. Hit.
* 209.162.192.59: easytravelsite.net. Hit.
* 209.162.192.70: phrio.com. Off date. viewdns.info/reverseip/?t=1&host=209.162.192.70

68.178.232.100 - United States - GoDaddy.com - 2011-05-02. Reverse IP source: viewdns.info
- +-20 range: several domains on each IP, but can't find any hits easily
There are actualy talk pages about this IP
- community.spiceworks.com/
- talk.plesk.com/threads/warning-the-domain-resolves-to-another-ip-address.77764/
- support.google.com/cloudidentity/answer/2579934?hl=en actually used as an example here?

210.80.75.55 philippinenewsonline.net. UUNET in Australia. Tested viewdns.info range: 210.80.75.30 - 210.80.75.67

210.80.75.35: aroundtheworldnews.net. No archives. ipinf.ru/domains/210.80.75.33/ disagrees and places it at .33.
210.80.75.36: e-commodities.net. Hit.
210.80.75.37: trekkingtoday.com. Hit.
210.80.75.41: multinews-33.com. Hit.
210.80.75.42: movimientodenticias.com. No archives. cqcounter.com/whois/www/movimientodenticias.com.html blank.
210.80.75.43: gulfandmiddleeastnews.com. Hit.
210.80.75.44: whirlybirdinflight.com. Hit.
210.80.75.45: kings-game.net. Hit.
210.80.75.46: topglobalnewsdaily.com. Hit.
210.80.75.49: recipe-dujour.com. Hit.
210.80.75.53: sportsman-elite.com. Hit.
210.80.75.55: philippinenewsonline.net. Hit.
210.80.75.56: technewsforme.com. Hit.
210.80.75.59: goldeportesnoticias.com. Hit.
210.80.75.68: gigabyte-usa.com. Legit.

212.4.16.232 mynewscheck.com. UUNET in Cassano d'Adda - Italy. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.16.214 - 212.4.17.198. ipinf.ru/domains/?search=212.4.17.125&cust=1 says they are /19, so .16 and .17 are both the same range from a registration perspective::

212.4.16.224: lanoticiasdehoyelinforme.com. Hit.
212.4.16.232: mynewscheck.com. Hit.
212.4.16.239: saktimarsgolf.com 2012-06-29. Broken/legit/no archives of relevant date: web.archive.org/web/20081031060207/http://saktimarsgolf.com/. cqcounter.com/whois/www/saktimarsgolf.com.html blank.
212.4.16.245: financial-crisis-news.com. Hit.
212.4.16.252: minutosdenoticias.com. Hit. web.archive.org/web/20100517151612/http://minutosdenoticias.com/

212.4.17.38 fightwithoutrules.com. UUNET in Cassano d'Adda - Italy. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117. Net Range: 208.192.0.0 - 208.255.255.255. Organization: Name: Verizon Business. Tested viewdns.info range: see 212.4.16.* above

212.4.17.38: fightwithoutrules.com. Hit.
212.4.17.41: newtechfrontier.com. Hit.
212.4.17.43: smart-travel-consultant.com. Hit.
212.4.17.46: atentlaloc.com. Hit.
212.4.17.53: newsresolution.net. Hit.
212.4.17.56: lesummumdelafinance.com. Hit.
212.4.17.56: thepinnacleoffinance.com. No Wayback machine archives. cqcounter.com/whois/www/thepinnacleoffinance.com.html blank.
212.4.17.61: tech-stop.org. Archive: 2011. Feels likely. No commons found. .org hit? Has subdomain "gear.tech-stop.org" according to 2013 DNS Census, which suggests CGI comms, but no links to it
212.4.17.98: topbillingsite.com. Hit.
212.4.17.122: b2bworldglobal.com. Hit.
212.4.17.125: worldaroundyunnan.com. Hit.
212.4.17.160: localtoglobalnews.com. Hit.

There were also some other reverse IP hits for fightwithoutrules.com, but no CIA websites there:

204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26. Many domains.
208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20. Many domains.

Other hits:

208.91.197.132. rdns source: viewdns.info: "location" : "British Virgin Islands", "owner" : "Confluence Networks Inc", "lastseen" : "2013-09-26". So this is after the previous one, unlikely to be correct.
205.178.189.131. source: securitytrails.com

212.4.18.129 sightseeingnews.com. UUNET in Cassano d'Adda - Italy. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.18.115 - 212.4.18.148. TODO expand. Interesting wide/sparse range? Or perhaps it's two separate ranges?

212.4.18.129: sightseeingnews.com. Hit. Presumably also present under fgnl.net on its second IP range, since this is near 212.4.18.133? viewdns.info gives this as the only IP for the domain.
212.4.30.210: iprintitaly.com. Legit: web.archive.org/web/20230000000000*/http://www.iprintitaly.com/

212.209.74.105 globalbaseballnews.com. UUNET in Sweden. Tested viewdns.info range: 212.209.74.100 - 212.209.74.132. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches

212.209.74.105: globalbaseballnews.com. Hit.
212.209.74.106: football-de-luxe.com. Hit.
212.209.74.111: worldconcerns.info. No archives. cqcounter.com/whois/www/worldconcerns.info.html empty.
212.209.74.112: developmental-league.com. Unclear. CGI comms variant? 2010. English. CGI. American football.
212.209.74.115: mediocampodefutbol.com. Hit.
212.209.74.117: myengineeringaffinity.com. Hit.
212.209.74.122: atthemovies.biz. Hit.
212.209.74.123: worldfinancialexchangenews.com. Hit.
212.209.74.124: urouttahere.com. Hit.
212.209.74.125: avoilurefixe.com. Hit.
212.209.74.126: headlines2day.com. Hit.
- 118.139.174.11. Reverse IP source: viewdns.info
  - 118.139.174.11: 712 domain hits on it
  - 118.139.174.21: theargentineanwineco.com 2013-09-26. No Wayback machine archive. cqcounter.com/whois/www/theargentineanwineco.com.html not found.
  - nothing else on the +-20 range
- 184.168.221.91. Reverse IP source: 2013 DNS Census
  - 184.168.221.91: 40k hits on 2013 DNS Census
212.209.74.127: construction-zones.com. Unclear. CGI comms variant? 2009. No known comms found. English. construction. Has a login page: web.archive.org/web/20091130144158/http://construction-zones.com/login.html so maybe CGI comms variant

212.209.79.40 hydradraco.com. UUNET in Sweden. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just after globalbaseballnews.com. Tested viewdns.info range: 212.209.79.35 - 212.209.79.63

212.209.79.34: fgnl.net. Hit. securitytrails.com provides IP history:
- 212.209.79.34: 2008-09-01 - 2010-04-19.
- 212.4.18.133: 2010-04-19 - 2019-06-19. Tested viewdns.info range: 212.4.18.122 - 212.4.18.148
both under MCI Communications Services, Inc. d/b/a Verizon Business.
212.209.79.37: fitness-sources.com. Hit.
212.209.79.40: hydradraco.com. Hit.
212.209.79.41: noticiasdelmundolatino.com. Hit.
212.209.79.42: suparakuvi.com. Hit.
212.209.79.44: myigadgets.net. Unclear. 2010. tech. Contains some helpers to: iGoogle. This page is very interesting. and quite different from the others, as it contains highly specialized functionality. No known comms found. The choice of homepage languages is also very suspicious: Arabic, Farsi, French, Chinese and Spanish.
212.209.79.46: cetusdelph.com. Hit.
212.209.79.47: willtoworship.com. Hit. domainsbyproxy.com
212.209.79.48: themvconnection.com. Hit.
212.209.79.51: pi-resources.net. Hit.
212.209.79.52: newel-adserver.com. Redirects to newel.com which is legit. cqcounter.com/whois/www/newel-adserver.com.html blank.
212.209.79.53: ourscubaworld.com. Hit.
212.209.79.58: tech-love-home.com. Hit.
212.209.79.60: first-solo-aviation.com. Hit.
212.209.79.61: china-destinations.org. Hit.

212.209.90.84 thenewseditor.com. UUNET in Sweden. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.209.90.64 - 212.209.90.99

212.209.90.69: worldedgenews.com. Hit.
212.209.90.72: talkingpointnews.info. Hit.
212.209.90.74: globalinvestmentnews.net. Hit.
212.209.90.75: prebitinvestment.com. Hit.
212.209.90.77: energy-bulb.com 2011. English. energy. Comms not found, but has unarchived link to: web.archive.org/web/20110128182345/https://webmail.energy-bulb.com/login.html. CGI comms variant?
212.209.90.79: freeblink.com. No archives for timerange, then legit. cqcounter.com/whois/www/freeblink.com.html off-style
212.209.90.80: nsmovies.net. Hit.
212.209.90.82: middleeastjournal.net. Hit.
212.209.90.84: thenewseditor.com. Hit.
212.209.90.87: newsandweathersource.com. Hit.
212.209.90.89: pakisports.com. Hit.
212.209.90.90: vriha-aesthetics.com. Hit.
212.209.90.92: amishkanews.com. Hit.
212.209.90.93: theentertainbiz.com. Hit.
212.209.90.94: eurosportssummary.com. Hit.
212.209.91.14: teracom.net. Legit

216.93.248.194 esmundonoticias.com. TWDX in Chelmsford - United States.

dnshistory.org/historical-dns-records/a/esmundonoticias.com 2010-02-05 -> 2010-08-02 216.93.248.194. Tested viewdns.info range: 216.93.248.184 216.93.248.204. viewdns.info/reverseip/?host=216.93.248.194&t=1 gives:
- hits:
  - esmundonoticias.com 2012-01-11
  - kukrinews.com 2011-06-22
    dnshistory.org/historical-dns-records/a/kukrinews.com 2010-02-26 -> 2010-08-07 216.93.248.194
    viewdns.info/iphistory/?domain=kukrinews.com 216.93.248.194 Malden - United States TWDX 2011-06-22
  - lasthournews.com 2010-02-27 -> 2010-08-07
  - tech-geek-news.com 2012-01-11
- not hits;
  - 216.93.248.194: coxsackielive.com 2012-06-29. No archives. dawhois.com/www/coxsackielive.com.html off.
  - 216.93.248.194: datapakassociates.org 2012-04-27. No rachives. dawhois.com/www/datapakassociates.org.html off.
  - 216.93.248.194: easywebworld.net 2012-02-27. Broken: web.archive.org/web/20101229051406/http://easywebworld.net/ "This Site Is Under Construction. Come Back Soon!" so seems legit. dawhois.com/www/easywebworld.net.html same.
  - 216.93.248.194: librarianhelper.com 2013-06-30. Parked domain girl. dawhois.com/www/librarianhelper.com.html not found.
  - 216.93.248.194: ualbanycornerstone.org 2012-04-13. Legit.
viewdns.info/iphistory/?domain=esmundonoticias.com 216.93.248.194 Malden - United States TWDX 2012-01-11. Tested. viewdns.info/reverseip/?t=1&host=216.93.248.194 small virtual.

216.104.38.114 all-sport-headlines.com. SINGLEHOP-LLC in United States.

viewdns.info/iphistory/?domain=all-sport-headlines.com
- 68.178.232.100 United States AS-26496-GO-DADDY-COM-LLC 2012-11-12 virtual
- 216.104.38.114 United States SINGLEHOP-LLC 2012-09-21. Tested viewdns.info range: 216.104.38.104 216.104.38.124
  - viewdns.info/reverseip/?t=1&host=216.104.38.114
    hits:
    * wahidfutbol.com
    * wildbirds-seasia.com
    not hits:
    web.archive.org/web/0/oaksathighlandlakes.com no archives
    web.archive.org/web/20110208080756/http://www.weathersbyhoa.com/cgi-bin/index.pl?action=main
    web.archive.org/web/20110202205540/http://www.themeadowssubdivisionhoa.com/cgi-bin/index.pl?action=main
    web.archive.org/web/20110208074306/http://bsheroics.com/ humm off there is a chance. They have actual twitter: x.com/bsheroics nevermind. And: www.facebook.com/profile.php?id=100078200499209
    afterawhilecrocodile.info 2011-07-26. Legit.
securitytrails.com/domain/all-sport-headlines.com/history/a adds
- 66.246.218.219 Cologix, Inc 2008-09-01 (17 years) 2008-11-25 (16 years) 3 months. viewdns.info/reverseip/?t=1&host=66.246.218.219 empty.

216.105.98.152: modernarabicnews.com. SAVVY-NET in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 216.105.98.125 - 216.105.98.167

216.105.98.118:
- estudashboard.com: broken cqcounter.com/whois/www/estudashboard.com.html not found
- fintrade.us: legit
216.105.98.132: europeantravelcafe.com. Hit.
216.105.98.134: fuenteneta.com. Hit.
216.105.98.135: ilat-news.com. Hit.
216.105.98.136: etherealinspirations.net. Hit.
216.105.98.137: the-news-zone.com. Hit.
216.105.98.138: photozoomnews.com. No archives. cqcounter.com/whois/www/photozoomnews.com.html empty
216.105.98.139: cultura-digital.net. Hit.
216.105.98.140: uaeshoppingspree.com. Hit.
216.105.98.141: jabarifootball.com. No archives. "Jabari" is a Swahili/Arabic name ^[ref]. cqcounter.com/whois/www/jabarifootball.com.html not found.
216.105.98.142: globalreview-ar.com. No archives. Shame, could have been our first Argentinian site. cqcounter.com/whois/www/globalreview-ar.com.html empty.
216.105.98.144: garanziadellasicurezza.com. Hit.
216.105.98.145: montanismoaventura.com. Hit.
216.105.98.146: large-format-news.com. Hit.
216.105.98.147: nepalnewsbrief.com. Hit. dnshistory.org marks it as having IP 2010-03-10 -> 2010-08-15 216.169.148.94 ^[ref]. This range does feel a bit different from the others, too many broken archives, and relatively early ones too. Explored viewdns.info range: 216.169.148.84 - 216.169.148.104, empty for period. domainsbyproxy.com.
216.105.98.148: teclafinance.com. Hit.
216.105.98.149: entreman.com. Hit.
216.105.98.152: modernarabicnews.com. Hit.
216.105.98.153: global-headlines.com. Hit.
216.105.98.154: everythingcricket.org. Hit.
216.105.98.156: familyhealthonline.net. Hit.
216.105.98.157: delacorne.com. Hit.
216.105.98.158: econfutures.com. Hit.
216.105.98.161: kstcloud.com. No archives. cqcounter.com/whois/www/kstcloud.com.html not found

219.90.61.123 journeystravelled.com. UUNET in Taiwan. Tested viewdns.info range: 219.90.61.100 - 219.90.61.133

219.90.61.100: pressstory.com: "Under construction". web.archive.org/web/20110128124548/http://pressstory.com/. cqcounter.com/whois/www/pressstory.com.html same
219.90.61.103: bet2plays.com. "Under construction". Unlikely thematic, too spicy. cqcounter.com/whois/www/bet2plays.com.html same
219.90.61.110: surya-brahma.com. Hit
219.90.61.111: classicalmusicboxonline.com. Hit.
219.90.61.116: athletepro.net. Hit.
219.90.61.117: lajornadanow.com. Hit.
219.90.61.119: aviation-navigation.com. Hit.
219.90.61.120: theinternationalworld.com. Hit.
219.90.61.121: thepyramidnews.com. Hit.
219.90.61.122: iran-newslink-today.com. Hit.
219.90.61.123: journeystravelled.com. Hit.

219.90.62.243 fitness-dawg.com. UUNET in Taiwan. whois.arin.net/rest/net/NET-219-0-0-0-1/pft?s=219.90.62.243. Net Type: Allocated to APNIC. Tested viewdns.info range: unknown - 219.90.62.255

219.90.62.173:
- dominatingduos.com: 2013-08-12T17:53:09. No archive. cqcounter.com/whois/www/dominatingduos.com.html empty
- has other domains
219.90.62.193: centralnewsreleasers.com. Only a 2018 of the robots.txt: web.archive.org/web/*/http://centralnewsreleasers.com/* so likely not a hit. cqcounter.com/whois/www/centralnewsreleasers.com.html not found.
219.90.62.209: penniesbythemillions.com. No archives. cqcounter.com/whois/www/penniesbythemillions.com.html not found.
219.90.62.229: information-junky.com. Hit.
219.90.62.231: todosperuahora.com. Hit.
219.90.62.232: race26point2.com. Hit. No archives, but has subdomain: secure.race26point2.com, so likely CGI comms. cqcounter.com/whois/www/race26point2.com.html somewaht in-style and also a "members" link, presumably linking to secure.race26point2.com. The "26" and "2" are not very clear, but tagline clarifies "leading the race on the latest running news and events" so it's a running news website
219.90.62.233: theworld-news.net. Hit.
219.90.62.234: recuerdosdeviajeonline.com. Hit
219.90.62.235: ordenpolicial.com. Hit.
219.90.62.240: cityworldnewsnow.com. Hit. No archives but has subdomain: secure.cityworldnewsnow.com so likely CGI comms. cqcounter.com/whois/www/cityworldnewsnow.com.html in-style, arab world mentions.
219.90.62.237: elcorreodenoticias.com. Hit.
219.90.62.238: freshtechonline.com. Hit.
219.90.62.240: cityworldnewsnow.com. Hit.
219.90.62.241: newscentertoday.com. Hit.
219.90.62.242: ride-captain.com. Hit.
219.90.62.244: easytraveleurope.com. Hit.
219.90.62.245: world-news-now.net. Hit.
219.90.62.246: negativeaperture.com. Hit.
219.90.62.247: conquermstoday.com. Hit
219.90.62.249: forensic-exchange.com. 2013 archive: web.archive.org/web/20130714094026/http://forensic-exchange.com/. Appears to be a buggy Wayback Machine archive somehow, so inconclusive. cqcounter.com/whois/www/forensic-exchange.com.html in-style, clarifies focus on computer.

 Read the full article

CIA 2010 covert communication websites / List of websites  Updated 2025-05-29  +Created 1970-01-01

 View more

This section contains a list of all the websites that we consider belong to the network beyond reasonable doubt.

The list is also available in JSON format at: github.com/cirosantilli/media/blob/master/cia-2010-covert-communication-websites/hits.json. When there are new additions we keep the JSON up to date with the help of the following OurBigBook Markup to JSON conversion helper cia-2010-covert-communication-websites/bigb-to-json:

cia-2010-covert-communication-websites/bigb-to-json cia-2010-covert-communication-websites.bigb

and new results that have been added to the list below can automatically be merged with cia-2010-covert-communication-websites/bigb-to-json-merge:

cia-2010-covert-communication-websites/bigb-to-json-merge > tmp.json
mv tmp.json ../media/cia-2010-covert-communication-websites/hits.json

We have also made a dump of the websites extracted from the Wayback Machine at: github.com/cirosantilli/cia-2010-websites-dump

The main criteria to consider a website as a hit is for it to have a Wayback Machine archive with an archived communication mechanism. JS comms are always quickly visually inspected, other mechanisms we look only at filename patterns for now. We also consider as hits websites that don't have archived comms, often the case for CGI comms, but which have two ore more of the following supporting evidence:

shares an IP range with other website
a Wayback Machine archive or cqcounter screenshot strongly confirming visual style
an archived broken link to the possible comms

Commented edge cases that didn't make the cut can be found mostly under Section "IP range search" and Section "2013 DNS Census virtual host cleanup heuristic keyword searches".

ip	domain	Wayback Machine	language	country mentions	comms	theme	notes
?	24hoursprimenews.com	2009	English		JAR	news	split images ^[ref]^[ref]
?	cyhiraeth-intlnews.com	2011	English		JAR	news	en.wikipedia.org/wiki/Cyhyraeth "The cyhyraeth is a ghostly spirit in Welsh mythology, a disembodied moaning voice that sounds before a person's death." WTF! So the serious looking black actress lady is meant to represent the voice of death?. Split images ^[ref]^[ref]. `rss-items`. Here she is on Getty Images: www.istockphoto.com/photo/natural-style-for-the-individual-gm171403107-26684547 by Urilux
?	dailynewsandsports.com	2013	English		JAR	sports
?	differentviewtoday.com	2011	English		JAR	news	split images, JAR unarchived
?	euronewsonline.net	2010	English		JAR	news	a.newslink. The image of the woman reading newspapers reverse searches to www.istockphoto.com/photo/news-gm101581053-7410445, iStock from Getty images. Copyright 2007.
?	europeannewsflash.com	2011	English		JAR	news	Split images ^[ref]^[ref]
?	farsi-newsandweather.com	2011	Farsi	Iran	JAR	news	split images ^[ref]^[ref]
?	financecentraltoday.com	2011	English		JAR	news, finance	unusual `td > p > strong` article list. Copyright 2008.
?	firstnewssource.com	2011	Farsi	Iran	JAR	news	Copyright 2009. Split images. `rss-items`.
?	global-view-news.com	2011	English		JAR	news	split images ^[ref]^[ref]
?	globaltourist.net	2010	English		JAR	travel	split images ^[ref]^[ref], `rss-items`. speed.jar "speed test" JAR pattern. The split headers have a weird style however `<li><a id="banner1"> </a></li>` and then filled with a CSS background image. This is a weird one, there is some chance that it is a legit website in the CIA style. Notably, at least as of August 2012 it had become a wordpress site marked "Just another Media Network Online Sites site", which is a bit early. Likely they just watch for good domain drops and take over quickly. The last in-style archive is from March 2012, which is first followed by a Godaddy parked domain on April 2012. This domain also has a 2003 archive which is almost certainly from the same authors as it also has a link to globaltourist.net/speed.jar and the upper left image is the same. Its history does however remember us of alljohnny.com, which had its 2004 version and then a 2010 rehash. Both of these versions contain `ImageReady Slices` mentions in them, characteristic of the split header images fingerprint.
?	hassannews.net	2010	Arabic		SWF	news	CSS or archive quite broken. Split images ^[ref]^[ref]. `rss-items`. cqcounter.com/whois/www/hassannews.net.html not found. The arabic title is "حسن الأخبار" (good news) and the domain seems to be a transliteration of it.
?	health-men-today.com	2011	Arabic		JAR	news	`rss-items`. Encoding broken. cqcounter.com/whois/www/health-men-today.com.html also broken. Same registrar as medicatechinfo.com: Jason Noll IP and DNS metadata. Closely related stock model image comically used as the image of the Gay Arab Central community on the. Copyright 2008.
?	inkfreenews.com	2011	English		JAR	news	split images, JAR unarchived
?	internationalnewsworthiness.com	2011	English		JAR	news	RSS, split images, JAR unarchived
?	intlnewsdaily.com	2011	English		JAR	news	`rss-items`
?	intoworldnews.com	2011	English		JAR	news	split images. Links to news websites from frontpage, not news themselves.
?	iranfootballsource.com	2011	Farsi		JS	sports, football
?	iraniangoalkicks.com	2008	Farsi	Iran	JAR	sports, football
?	iraniangoals.com	2009	Farsi	Iran	JS	sports, football
?	latinamericanewsbeat.com	2010	English		JAR	news	split images. Also has an archived "register" link at the bottom: web.archive.org/web/20101114045007/http://latinamericanewsbeat.com/register.html but it reads "We are currently unable to register new members while we upgrade our site. Please check back soon."
?	magneticfieldnews.com	2010	English		JAR	news	rss, split images
?	middle-east-newstoday.com	2010	Farsi		JS	news	rss, split images
?	mideasttoday.net	2010	Farsi		JAR	news	a.rss-item, split images, copyright 2008
?	mydailynewsreport.com	2011	Pashto	Afghanistan	JAR	news	rss, split images
?	mynepalnews.com	2011	English		JAR	news	Split images with `<li><a id="banner1"> </a></li>` style. Nice swimsuit ad. The bottom bar "Copyright © 2008 My Nepal News, LLC. All Rights Reserved." is also kind of typical, see e.g. web.archive.org/web/20110208042144/http://helpinghandssite.com/, both have `<!-- begin #footer -->` and `<div id="footer">`. ingenuitytrendz.com is another closely related template. One ridiculously mind blowing thing about this website is the presence of Webalizer reports under /stats e.g.: /stats. This fact is so mind blowing that it makes us question if this an actual hit or just style coincidence. Particularly ridiculous is the presence of `inurl:cgi server_software` at web.archive.org/web/20110204095809/http://mynepalnews.com:80/stats/usage_200805.html which is almost certainly a Google dork search, which we know is something that the Iranians used to find the websites. Also of interest are link backs from at web.archive.org/web/20110204095815/http://mynepalnews.com:80/stats/usage_200806.html from whois.domaintools.com/mynepalnews.com and www.whois.sc/mynepalnews.com That search hits under /cgi-bin/check.cgi. That page is itself os some interest containing `SERVER_ADMIN = mmadev@mmadev.com`. web.archive.org/web/20110204095815/http://mynepalnews.com:80/stats/usage_200806.html also reveals several request IPs. Even if this is not a CIA website, there's a chance we could find the IP of the Iranian counter-intelligence in these IP list, it's mind blowing. And if legit, we could also find IPs used by CIA handlers to see if the website is working. Lot's of referrer spam too as well.
?	newdaynewsonline.com	2011	English		JAR	news
?	networkconnectionsite.com	2011	English		JS	news	rss, split images
?	news-latina.com	2011	English		JAR	news	copyright 2007
?	newsdelivered.net	2010	English		JAR	news	rss, split images, JAR unarchived
?	newsincirculation.com	2011	Arabic		JAR	news
?	newsworldsite.com	2011	Pashto	Afghanistan	JAR	news
?	opensourcenewstoday.com	2010	Arabic		JAR	news	copyright 2010
?	outlooknewscast.com	2011	Farsi	Iran	JAR	news
?	pars-technews.com	2011	Farsi	Iran	JAR	news	"pars" presumably means "Parsi" or something of the same root
?	pondernews.net	2011	Arabic		JAR	news	rss. Some archived pages use unusual paths such as /lldwg/qlaqft.php?fc=282910.
?	profile-news.com	2011	English		JAR	news	a.newslink
?	purlicue-news.com	2011	English		JAR	news	split images, rss
?	segomonews.com	2011	English		JAR	news	rss, split images. TODO meaning of "segomo"? The main Wikipedia hit is a Gallo-Roman God, but the website is focused on Asia?
?	shadesofnews.com	2011	Arabic		JAR	news	a.rss-item, split images. Also has a second from 2013 JAR at: web.archive.org/web/20131229092754/http://shadesofnews.com/sptgms213.jar and a raw .class crime.Business.class which replies with "The requested document was not found on this server". Copyright 2009.
?	sportsnewsfinder.com	2011	Chinese	China	JAR	news	体育新闻发现者 (sports news finder)
?	techwatchtoday.com	2011	English		JAR	tech, news	Marked copyright 2008. Split images ^[ref]^[ref]. Later legit.
?	terrain-news.com	2011	Pashto	Afghanistan	JAR	news
?	todayoutdoors.com	2011	English		JAR	sports, travel	split images ^[ref]^[ref]
?	todaysnewsreports.net	2010	Arabic		JAR	news
?	weblognewsinfo.com	2011	English		JAR	news	Split images, `rss-items`.
?	wiredworldnews.com	2011	English		JAR	tech	split images, copyright 2008
62.22.60.40	travel-passage.com	2011	English, Chinese			travel	No Wayback Machine archives of toplevel, only of the 航空 Flight Reservations subpage: web.archive.org/web/20091118013330/http://travel-passage.com:80/service-flights.htm. The link to it can be seen from the cqcounter screenshot. The page contain an unusual mixture of Chinese and English. The Chinese title is 游行连接 (lit. travel connection)
62.22.60.42	newsupdatesite.com	2011	English		JAR	news	split images, rss-item. JAR unarchived.
62.22.60.46	flyingtimeline.com	2011	English		JAR	airplanes
62.22.60.48	currentcommunique.com	2011	English	Egypt	SWF	news
62.22.60.49	telecom-headlines.com	2011	English		JS	tech
62.22.60.52	collectedmedias.com	2011	French		JS	news	Marked copyright 2008
62.22.60.54	romulusactualites.com	2011	French	France		news
62.22.60.55	thefilmcentre.com	2011	English		JS	films
62.22.60.56	traveltimenews.com	2011	English		JS	news
62.22.61.193	awfaoi.org	2010	Arabic	Iraq	JAR	not-for-profit	This was the first clear .org hit with comms we've been able to find. Title translation: "Arab women to help Iraq", so perhaps "awfaoi" stands for "Arab Women For A O? Iraq". This fits well into the .org theme. Marked copyright 2008.
62.22.61.197	rc5sports.com	2011	English		JAR	sports
62.22.61.198	inside-vc.com	2011	English		CGI	finance	"vc" is a standard abbreviation for venture capital. Previously legit circa 2004: web.archive.org/web/20030306171752/http://www.inside-vc.com/
62.22.61.200	zerosandonesnews.com	2011	English		SWF	news	rss, split images
62.22.61.202	bailsnboots.com	2011	English		SWF	sports, cricket	"Bail" is one part of the thing your're supposed to hit with th eball in cricket.^[ref]
62.22.61.203	the-cricketer-online.com	2011	English		JAR	sports, cricket	marked copyright 2009.
62.22.61.204	hollywoodscreen.net	2011	English		JS	films
62.22.61.206	worldnewsnetworking.com	2011	Arabic		JAR	news
62.22.61.212	nuestrasfinanzas.com	2011	Spanish		JAR	finance
62.22.61.213	sandstormnews.com	2011	Arabic		SWF	news	rss, split images
62.22.61.215	the-tech-mind.com	2011	English			technology, news	Welcome to the US Petabox on Wayback Machine.
62.22.61.217	court-masters.com	2011	English		JAR	sports, tennis
62.22.61.219	allworldstatistics.com	2011	English		JS	statistics
62.22.61.220	newsjaka.com	2011	English	Indonesia	JS	news	"jaka" presumably means Jakarta, the capital of Indonesia. There is a Indonesia section on the left sidebar. But the news are quite global however. Photo source: www.shutterstock.com/image-photo/little-boat-on-bratan-lake-front-5860873 depicts "Bratan lake in front of the Pura Ulu Danau temple" by Ine Beerten. Pinged her at: portfolio.inebeerten.be/#Contact
63.131.229.2	fightskillsresource.com	2011	English		JS	sports, martial arts	Getty Images for the karate dude: www.istockphoto.com/photo/take-off-gm98702037-1196239
63.131.229.4	unitedterritorynews.com	2011	English		JS	news
63.131.229.9	show-dustry.com	2011	English		CGI	entertainment	The website name is a neologism with "show" and "industry".
63.131.229.11	mythriftytrip.com	2010	English		CGI	travel	thrifty means: "using money and other resources carefully and not wastefully"
63.131.229.12	cyberreportagenews.com	2011	English		JAR	news	rdns source
63.131.229.13	sunrise-news.com	2011	English		JAR	news	rdns source
63.131.229.15	cricketnewsforindia.com	2013	English	India	JS	sports, cricket	archive quite broken, lots of missing files, including the JS. cqcounter.com/whois/www/cricketnewsforindia.com.html in style.
63.131.229.16	nutricion-saludable.net	2010	Spanish		CGI	health	Also under nutricion-saludable.info. There is weirdly a single page archived from 2008: epages/nutricion-saludable_net.sf with this weird `.sf` extension. It is HTML however. It says: "Lo sentimos, la tienda está actualmente cerrada por razones técnicas. Pronto estaremos a tu disposición. Si lo deseas puedes ponerte en contacto con nosotros en el tel: 651 80 76 19". This appears to be a spanish phone number: without country code, which would be +34^[ref].
63.131.229.20	fixashion.net	2011	English		JS	fashion
63.130.160.50	theglobalheadlines.com	2010	English		JAR	news	this has several archives from 2013, marked as Live Web Proxy Crawls and explained "mostly by the Save Page Now", so presumably by counter intelligence or amateurs
63.130.160.51	hai-pow.com	2011	English		JAR	sports, martial arts
63.130.160.53	echessnews.com	2011	Chinese	China	JAR	sports, boxing	Chinese title: 我的象棋世界 (My Chinese Chess world). rdns source. Split images ^[ref]^[ref]
63.130.160.60	boxingstop.net	2010	Polish	Poland	JAR	sports, boxing
63.130.160.61	bookmarksthis.com	2010	English		JAR	books	A book review website. Shows a stock model reading a book and their signature black print over decorations on top
63.130.160.62	azerinews.org	2009	Azerbaijani	Azerbaijan	JAR	news	rdns source. Split images, `rss-items`. "Azeri" is a word that denotes the people from the region of Azerbaijan.
64.16.204.53	bosniakbusinessnews.com	2011	English	Bosnia		business	A Bosniak is someone from an ethnicity from Bosnia
64.16.204.54	affairesdumonde.com	2011	French			news
64.16.204.55	holein1news.com	2010	English		JAR	sports, golf
64.16.204.58	tech-topix.com	2013	English		CGI	tech	Archive quite broken, but link to CGI comms. Copyright 2010. cqcounter.com/whois/www/tech-topix.com.html not found.
65.61.127.161	european-footballer.com	2011	Croatian			Sports, football	Broken Wayback Machine archive: web.archive.org/web/20110319111233/http://european-footballer.com/. The title was "Europski Nogometaš" (European football player). The CQ Counter screenshot clarifies that the surviving Wayback Machine archive contains only a sidebar. It is unlikely to contain comms therefore.
65.61.127.163	capture-nature.com	2011	English		JAR	photography	Reuters example. Since became legitimate, Ciro contacted the owner, and he was unaware of the domain's history.
65.61.127.166	globalnewsbulletin.com	2013	English	Tunisia, Afghanistan, Iran, Egypt	CGI	news	PHP pages, images `/images/index_01.jpg`
65.61.127.167	internationalwhiskylounge.com	2011	English		CGI	news	No Wayback Machine archives. There's a "Log-in" tab so CGI comms likely. Stock image used of young woman with a glass of Whisky: www.istockphoto.com/photo/the-girl-with-glass-of-whisky-gm94997193-11328059 by alarich
65.61.127.168	the-golden-rule.info	2011	English			finance, news	Website error archived at: web.archive.org/web/20131011012026/http://the-golden-rule.info/
65.61.127.169	crossovernews.net	2011	English		JAR	sports, basketball
65.61.127.170	newsidori.com	2011	English			news	Very broken 2013 archive: web.archive.org/web/20130714134510/http://www.newsidori.com/. "Idori" sounds Japanese, but the meaning is unclear even after the cqcounter screenshot! It's just random US news, nothing to do with Japan.
65.61.127.171	nrgconsultingandnews.com	2011	English			news	It is in English but contains several mentions of Brazil. Entitled: "Energy Consulting News Forum"
65.61.127.171	premierstriker.com	2011	English			sports, football	No Wayback Machine archives from the time, and has been since parked by something apparently as of 2022 onwards. Entiled "Premier striker"
65.61.127.174	dedrickonline.com	2010	German		JS	sports
65.61.127.175	altworldnews.com	2013	English		CGI	news	Epoch times link, PHP pages
65.61.127.176	american-historyonline.com	2011	English			history	No Wayback Machine archives
65.61.127.177	material-science.org	2009	English			science, material science	No comms found, and slightly innovative design. Comms could be CGI under web.archive.org/web/20091213032538/http://material-science.org/services.htm or web.archive.org/web/20091213032538/http://material-science.org/equipment.htm. But marking it as hit because .rss-item + IP range.
65.61.127.178	tee-shot.net	2011	English		SWF	sports, golf	nice domain name
65.61.127.180	screencentral.inf	2011	English	Afghanistan		cinema	Rather innovative design, but hit likely. Welcome to US Petabox: web.archive.org/web/20130713224951/http://screencentral.info/.
65.61.127.181	worldnewsandtravel.com	2011	English			news	No Wayback Machine archives
65.61.127.182	pangawana.com	2011	Arabic	Afghanistan	JS	news
65.61.127.183	cutabovenews.com	2011	English	Algeria, various others	JS	sports, basketball	The globe on Shutterstock: www.shutterstock.com/image-illustration/creative-drawing-charts-graphs-business-success-211092952 by rzoze19. Pinged him at: x.com/cirosantilli/status/1899748328549609700
65.61.127.184	worldwildlifeadventure.com	2011	English		JAR	travel
65.61.127.186	explorealtmeds.com	2013	English		JAR	health	the JAR was not archived, but there's a link to it
65.218.91.9	rolling-in-rapids.com	2010	English			sports, kayak	Found by searching for "Glaze, L.", registrar of alljohnny.com, on tools.whoisxmlapi.com/reverse-whois-search
65.218.91.9	welcometonyc.net	2010	English		CGI	travel
65.218.91.17	alljohnny.com	2004	English		CGI	fansite	mega early hit from 2004 to 2005. Then a gap, then they redid the domain: 2011. Same authors given content similarities e.g. "Submit Your Favorite Carson Moment". Reusing the domain after all these years, the lack of OPSEC is just mind blowing! New website marked Copyright 2003. Part of Oleg Shakirov's findings. One of the Reuters websites. Search documented at: Searching for Carson. Carson is also featured, although less proeminently, at `webofcheer.com`. There must have been some massive Johnny Carson fan among the contractors a that time!
66.45.179.192	thegraceofislam.com	2011	English		CGI	religion, Islam
66.45.179.193	arabicnewsunfiltered.com	2011	Arabic		JAR	news	rdns source
66.45.179.194	raulsonsglobalnews.com	2011	English		JAR	news
66.45.179.195	aryannews.net	2010	Pashto	Afghanistan	JAR	news	rdns source. Heil.
66.45.179.199	attivitaestremi.com	2011	Italian		CGI	sports
66.45.179.200	foodwineandsuch.com	2011	English			food	No Wayback Machine archives. Entitled "Food, wine & such".
66.45.179.201	hitthepavementnow.com	2011	English		CGI	sports, running
66.45.179.202	newimages.org	2011	Turkish	Turkey	JAR	photography	JAR unarchived
66.45.179.203	noticiascontinental.com	2011	Spanish	South America	CGI	news
66.45.179.205	noticiasporjanua.com	2011	Spanish		JAR	news
66.45.179.206	podisticamondiale.com	2010	Italian	Italy	JAR	sports, running	marked copyright 2010
66.45.179.207	reflectordenoticias.com	2011	Spanish		JAR	news
66.45.179.208	havenofgamerz.com	2011	English		CGI	gaming	marked copyright 2009
66.45.179.209	vejaaeuropa.com	2011	Brazilian Portuguese	Brazil		travel	web.archive.org/web/20130810131440/http://www.vejaaeuropa.com/: Welcome to the US Petabox. cqcounter.com/whois/www/vejaaeuropa.com.html confirms Brazilian Portuguese. Entitled "Veja a Europa" (Visit Europe, lit. See Europe)
66.45.179.210	sa-michigan.com	2011	English		JAR	sports	"sa" is an abbreviation for the site title "Sports Alive"
66.45.179.211	absolutebearing.net	2010	English		CGI	travel, sports, boats
66.45.179.213	myportaltonews.com	2011	English		JS	news
66.45.179.214	investmentintellect.com	2011	English		JAR	finance
66.45.179.215	nigeriastar.net	2011	English	Nigeria	JAR	news	Contains link to unarchived JAR
66.104.169.163	doctorsoncallsite.com	2011	English		JAR	health
66.104.169.164	lightandshadowonline.com	2010	English		JAR	photography
66.104.169.168	plugged-into-news.net	2010	English		JAR	news	JAR uses .zip extension! First instance, wow
66.104.169.169	worldsportsite.com	2011	Arabic			sports	Comms not found. rss-items, split images. Has some apparently unrelated archives from 2008: web.archive.org/web/20080617213238/http://www.worldsportsite.com:80/
66.104.169.171	golf-on-holiday.com	2011	English		JAR	sports, golf
66.104.169.172	perspectiva-noticias.com	2011	Spanish		JS	news
66.104.169.175	aquaswimming.com	2009	English		JAR	sports, swimming
66.104.169.177	dojo-temple.com	2011	English		CGI	sports, martial arts	TODO meaning of "kama"? Kama lol?
66.104.169.179	neighbour-news.com	2010	English	Germany	JAR	news	Mentions of Goethe-Institut and Germany all over. JAR unarchived
66.104.169.180	medicatechinfo.com	2010	English		JS	health
66.104.169.181	brickmanfinancialnews.com	2011	English		JS	finance
66.104.169.182	casanewsnow.com	2011	English		JAR	JAR unarchived. TODO why "casa"? Doesn't seem to have any link to Spanish or Portuguese.
66.104.169.184	bcenews.com	2011	Albanian	Albania	JAR	news	Used to be a legit Korean website circa 2004: web.archive.org/web/20030401214602/http://www.bcenews.com/
66.104.173.163	runakonews.com	2011	English	Africa	CGI	news	"Runako" is an African given name.
66.104.173.164	shoppingadventure.net	2010	English		JAR	travel, shopping	JAR unarchived
66.104.173.165	entertaining-ly.com	2011	English		JAR	entertainment
66.104.173.166	zubeenews.com	2011	English		JS	news	"Zubee" is a Muslim name: muslimnames.com/zubee.
66.104.173.169	smart-financeology.com	2011	English		JAR	finance
66.104.173.173	worldfeedstoday.com	2011	English			news	No main page Wayback Machine archives. Subpage archive: 2011 has `a.newslink`. Slightly innovative style with multi-language tabs. There is some potential for error, but let's consider it. `world-newsfeeds.com` also known on same IP but with no known archives.
66.104.173.175	media-coverage-now.com	2010	English		SWF	news
66.104.173.176	jbc-online-news.com	2011	English		JS	news	TODO meaning of "JCB". JS unarchived.
66.104.173.177	webscooper.com	2011	English		JAR	news
66.104.173.178	dk-dcinvestment.com	2010	English		JAR	finance	TODO meaning of "dk;dc".
66.104.173.179	newsforthetech.com	2011	English			news, tech	Welcome to the US Petabox.
66.104.173.180	stara-turistick.com	2011	Croatian		JAR	tourism
66.104.173.181	playbackpolitics.com	2011	English		JS	news
66.104.173.182	snapnewsfront.net	2011	English	Japan	JS	news
66.104.173.183	ingenuitytrendz.com	2011	English		JAR	tech
66.104.173.184	armashoy.com	2011	Spanish	Spain	SWF	guns	meaning: "Weapons Today". In First World countries the CIA felt it would be safe to touch edgier subjects like guns
66.104.173.185	baocontact.com		English		JAR		HTML archive almost empty, but JAR was archived. One wonders what "bao" refers to, could be Chinese, but the small snippet of visible website is in English.
66.104.173.186	myworldlymusic.com	2011	English	Pakistan	JAR	music	JAR unarchived
66.104.173.189	hitpoint-gaming.com	2011	English		JS	gaming	Marked copyright 2010
66.104.175.34	itwebtoday.com	2011	English		JS	tech
66.104.175.35	drglobalnews.com	2011	English		JAR	news	TODO meaning of "dr"? rdns source.
66.104.175.36	adilnews.net	2010	Arabic		SWF	news	Adil is an Arabic masculine name
66.104.175.40	beyondnetworknews.com	2011	English	Egypt	CGI	news
66.104.175.41	grubbersworldrugbynews.com	2011	English		JS	sports, rugby
66.104.175.42	news-and-sports.com	2011	English		JAR	news	rss, split images
66.104.175.44	yourtripfinder.net	2010	English			travel	comms not found, CGI from unarchived subpage assumed
66.104.175.45	rollinsnetwork.com	2011	English		CGI	tech	Archive quite broken. CGI linked to but not archived. Seems to have been legit circa 2006. cqcounter.com/whois/www/rollinsnetwork.com.html empty from 2025.
66.104.175.46	infosharenews.com	2011	English		JAR	news
66.104.175.47	southasiaheadlines.com	2011	English	Bangladesh, Bhutan, India, Maldives, Nepal, Pakistan, Sri Lanka Tibet	JAR	travel	JAR linked to but missing from archive
66.104.175.48	worlddispatch.net	2010	Arabic		SWF	news
66.104.175.49	webworldsports.com	2011	Arabic		JAR	sports
66.104.175.50	fly-bybirdies.com	2011	English		JAR	travel
66.104.175.51	businessexchangetoday.com	2011	English		CGI	news, finance	PHP pages
66.104.175.52	mensajeradenoticias.com	2011	Spanish		CGI	news	CGI unarchived
66.104.175.53	info-ology.net	2010	English		JAR	news
66.104.175.54	marketflows.net	2011	English		JAR	finance
66.104.175.57	metanewsdaily.com	2010	English		CGI	news
66.175.106.134	paddlescoop.com	2011	English	Bangladesh, Pakistan, India, England	JAR	sports, cricket
66.175.106.137	kessingerssportsnews.com	2010	English		JS	sports
66.175.106.138	factorforcenews.com	2009	English		JAR	news
66.175.106.142	kanata-news.com	2010	English	Canada	JS	news	"Kanata" is a place in Ottawa, Canada. The name is likely of Indigenous origin.
66.175.106.143	thecricketfan.com	2011	English		JAR	news
66.175.106.146	inews-today.com	2011	English	Egypt	JAR	news	Marked copyright 2008
66.175.106.147	starwarsweb.net	2010	English		SWF	fansite	well, not even the CIA can escape Star Wars. TODO identify boy.
66.175.106.148	activegaminginfo.com	2011	Chinese		JAR	gaming	the website is entitled "活跃游戏" which means "Lively games", or "active games" as in the domain name itself. The center character seems to be from one of the infinitely many Romance of the Three Kingdoms games that must exist: www.gamersky.com/news/200711/82611.shtml
66.175.106.149	feedsdemexicoyelmundo.com	2011	Spanish	Mexico	JS	news
66.175.106.150	noticiasmusica.net	2010	Brazilian Portuguese	Brazil	JAR	music
66.175.106.155	atomworldnews.com	2011	English	Egypt	JAR	news
66.175.106.158	nouvellesetdesrapports.com	2011	French	Egypt, Tunisia	JAR	news
66.237.236.227	newsandmusicminute.com	2011	Pashto		JS	music
66.237.236.229	pearls-playlist.com	2011	English		SWF	music
66.237.236.230	beyondthefringe.info	2012	English		JAR	rugs	JAR unarchived
66.237.236.231	primetimemovies.net	2009	English		JS	films	JS unarchived
66.237.236.235	persephneintl.com	2013			JAR		archive very broken, JAR unarchived. Full title: "Persephne International", reference to Greek Goddess of "spring, the dead, the underworld, grain, and nature". cqcounter.com/whois/www/persephneintl.com.html shows us how it would have looked like.
66.237.236.236	directoalgrano.net	2010	Spanish		JAR	news
66.237.236.240	actualizaciondebeisbol.com	2011	Spanish		JS	sports, baseball
66.237.236.243	mygadgettech.com	2009	Chinese		CGI	tech	Archive very broken. cqcounter.com/whois/www/mygadgettech.com.html shows it better. The Chinese title was "我的灵巧技术".
66.237.236.247	comunidaddenoticias.com	2011	Spanish	Ecuador	JAR	news
66.237.236.249	sumerjaseahora.com	2011	Spanish		CGI	sports, SCUBA diving	submerge yourself now
69.84.156.69	al-ashak-news-me.com	2011	Arabic		JS	news
69.84.156.70	theventurenews.info	2011	English			news
69.84.156.71	worldfinancetoday.net	2011	English		JAR	finance
69.84.156.72	autonewsarabia.com	2011	Arabic		JAR	cars
69.84.156.74	blue-moon-news.com	2011	Arabic		JS	news
69.84.156.76	tnc-urdu.com	2011	Urdu		JAR	tech	TODO meaning of "tnc"?
69.84.156.80	noticiasdenuestromundo.com	2011	Spanish			news	South America focus
69.84.156.82	arabicnewsonline.com	2011	Arabic		JAR	news	rdns source. Some very similar domains: modernarabicnews.com, arabicnewsource.com. Needed more creativity here! Later legit.
69.84.156.83	unganadormundial.com	2010	Spanish		CGI	sports, fitness
69.84.156.84	focusonbokeh.com	2011	English			photography	No Wayback Machine archives or broken. The design is a bit innovative, but fuck it I'll mark it as a hit. Only a "Sony" logo remains: web.archive.org/web/20110207222330/http://focusonbokeh.com/images/logo_014.jpg A photography website "Focus on Bokeh" as suggested by the domain name. reimaginepeacefulparenting.com/make-kids-happy/ contains the cute stock Asian girl. "Login" link visible suggesting CGI comms.
69.84.156.85	classic-rocktopia.com	2011	English			music, rock	Stock image e.g. at: www.dissection.nu/frames.htm
69.84.156.87	i7diver.com	2011	English			diving
69.84.156.88	diariodeelmundo.com	2011	Spanish		JAR	news
69.84.156.89	todaysarabnews.com	2011	Arabic		JAR	news	JAR unarchived.
69.84.156.90	stickshiftnews.com	2011	English		JAR	cars
69.84.156.91	theinternationalgoal.com	2011	Spanish		CGI	news
72.34.53.174	electronictechreviews.com	2011	English		JAR	tech	JAR unarchived. Split images, `rss-items`. Present at "Mass Deface III" pastebin.
72.34.53.174	just-the-news.com	2011	Arabic		JAR	news	copyright 2009. Present at "Mass Deface III" pastebin. JAR unarchived.
72.34.53.174	kickitnews.com	2010	Arabic		JAR	sports, football	copyright 2009. Present at "Mass Deface III" pastebin.
72.34.53.174	moyistochnikonlaynovykhigr.com	2011	Russian	Russia		fansite	copy of myonlinegamesource.com, but on a Russian transliterated domain rather than the English one, very interesting
72.34.53.174	myhealthlibrary.net	2011	English		JAR	health	present at: "Mass Deface III" pastebin.
72.34.53.174	myonlinegamesource.com	2011	Russian	Russia		gaming	Can't find comms, but stylistically perfect. `rss-items`. Present at "Mass Deface III" pastebin.
72.34.53.174	mytravelopian.com	2011	English		JAR	travel
72.34.53.174	recursosdenoticias.com	2011	Spanish		JAR	news	Split images, `rss-items`. Present at "Mass Deface III" pastebin.
72.34.53.174	sayaara-auto.com	2010	Arabic		JAR	cars
72.34.53.174	technologytodayandtomorrow.com	2011	English		JAR	tech	`rss-items`. Present at "Mass Deface III" pastebin.
72.34.53.174	todaysnewsandweather-ru.com	2011	Russian	Russia	JS	news	JavaScript with SHAs
74.116.72.227	dayenews.com	2011	English		JAR	news	rdns source. Previously 69.74.45.67.
74.116.72.229	guide-daventure.com	2011	French	France	JAR	travel
74.116.72.231	bleachersfootballnews.com	2011	English		JAR	sports, football	TODO meaning of "Bleacher"? Possible reference to Bleacher Report.
74.116.72.232	indirectfreekick.com	2011	English		JAR	sports, football
74.116.72.233	wwiichronicles.net	2011	English		CGI	history
74.116.72.234	petroleumagenews.com	2011	English		JAR	oil
74.116.72.235	the-open-book-online.com	2011	English		JS	literature
74.116.72.236	techtopnews.com	2011	English		JAR	tech
74.116.72.238	pohandakhbar.com	2011	Arabic			news	Arabic titlel: "خبرونه پوهاند" translates as "News Professor", and the domain name seems to be a transliteration of that.
74.116.72.239	crickettoday.info	2013	Pashto		JS	sports, cricket	JS unarchived. The requested URL /cricket.js was not found on this server
74.116.72.240	zafernews.com	2011	Arabic		JAR	news
74.116.72.241	itechnewstoday.com	2011	English			news	"IT Tech News Today". Broken/GoDaddy takeover.
74.116.72.242	gdgtsource.com	2011	English		CGI	tech	Presumably "gdgt" stands for "GaDGeT", which is mentioned on subtitle
74.116.72.243	waronfilmonline.com	2011	English			cinema
74.116.72.244	arborstribune.org	2011				news	TODO what is "Arbors"?
74.116.72.246	vuvuzelanews.com	2011	English		JAR	sports, football	Vuvuzela is this plastic horn, popular in football stadiums. The term is of African origin. Later legit. rdns source. Previously at 69.74.45.86.
74.116.72.247	ballbatstumpsandbails.com	2011	English		JAR	sports, cricket
74.116.72.248	kioni-sailing.com	2011				sports, sailing
74.116.72.249	round-trip-travel.com	2010	English		CGI	travel	this got archived a lot of times, though all seem to be Alexa crawls.
74.116.72.250	arabicnewsource.com	2011	Arabic		CGI	news
74.254.12.163	half-court.net	2010	English	Philippines	JAR	sports, basketball
74.254.12.164	dailywellnessnews.com	2011	English		JAR	health	rdns source. split images ^[ref]^[ref].
74.254.12.165	dylandon.net	2011	Chinese		SWF	music	"Dylan" presumably a reference to Bob Dylan? "Don" unclear. Maybe Don McLean? But it is all a bit weird given that the actual contents of the website don't seem to have anything to do with music, it appears to just be a news aggregator.
74.254.12.166	afghanpoetry.net	2010	English	Afghanistan	SWF	poetry	Also at 63.131.229.10 ^[ref] in a range.
74.254.12.168	non-stop-news.net	2010	Farsi		JAR	news
74.254.12.169	soldiersofsouthasia.com	2011	English		JAR	history
74.254.12.170	greek-news.info	2011	English	Greece		news	Welcome to the US Petabox.
74.254.12.171	autism-news.org	2011	English		SWF	health	copyright 2007. Split images. `rss-items`. Previously at 69.74.45.67.
74.254.12.173	thefreshnews.com	2009	English		SWF	news	rss, split images
74.254.12.176	pakcricketgrd.com	2011	Urdu		JAR	sports, cricket	TODO meaning of "grd"
74.254.12.177	networkofnews.com	2011	English		JAR	news	rdns source. Later legit.
74.254.12.179	wineconnaisseur.net	2010	English		JS	wine
74.254.12.187	efiinvestment.com	2011	English			finance, news	TODO meaning of EFI
74.254.12.180	helpinghandssite.com	2011	English		JAR	news
74.254.12.188	first-tee-golf.com	2011	English		JAR	sports, golf
74.254.12.189	fabu-foto.com	2011	English		CGI	photography
74.254.12.190	viptravelabroad.com	2011	English		JS	travel
174.133.70.18	dryterrainnews.com	2011	English	Africa	JAR	news	rss
174.133.70.18	thefootball-life.com	2011	English		JS	sports, football	rss, split images
174.133.70.18	thenewsofpakistan.com	2009	English	Pakistan	JAR	news	a.rss-item, split images
174.133.70.18	totallynewsnow.com	2011	English		JS	news	rss
199.19.110.7	classymotors.net	2011	English		JS	cars	rss-items
199.19.110.7	russiansportsworld.com	2010	English		JS	sports	Split headers. Unarchived middle frame, visible at: dawhois.com/www/russiansportsworld.com.html. Russian title: "Русский мир спорта" (Russian world of sport)
199.19.110.7	theworldnewsfeeds.com	2011	English		JAR	news	`rss-items`. Split images ^[ref]^[ref]
199.19.110.7	urbestbod.com	2011	Chinese		CGI	sports, fitness	No Wayback Machine archives. Broken Chinese site as usual for their archives. The headline: "你最好的身体.最好的健康和健身信息" translates as "Your Best Body The best health and fitness information", so we understand that the domain name is a super broken "your best body". Visible is a link to "论坛" (forum), so likely CGI
199.85.212.105	mide-news.com	2010	English		CGI	news	"MIDE" stands for "Middle East". Comms not archived, presumably CGI comms variant.
199.85.212.111	newsandsportscentral.com	2009	English		JAR	news	rdns source
199.85.212.118	just-kidding-news.com	2011	English		JAR	news	epic name
199.187.208.12	webofcheer.com	2011	English		JAR	fansite, comedy	has a an unarchived "members only!" section pointing to webofcheer.com/member.html, CGI comms variant. Copyright 2005! Features Johnny Carson, Charles Chaplin, Rowan Atkins, The Three Stooges and some other Americans no one knows about anymore. There must have been a massive Johnny Carson amongst the CIA contractors at that time given `alljohnny.com`! The HTML page is weirdly titled `pg1c`. Interesting, feels like a leak of the site generation system.
199.187.208.12	world-news-online.net	2010	English		JAR	news	a.rss-item, split images
204.176.38.130	i-pressnews.com	2011	English		JAR	news
204.176.38.132	turkishnewslinks.com	2011	English	Turkey	JAR	news
204.176.38.133	globalcitizennews.net	2010	English		JAR	news	rss, split images
204.176.38.134	photographyarecord.com	2011	English		CGI	photography	Cute
204.176.38.135	breakingthewicket.com	2011	English		CGI	sports, cricket
204.176.38.136	politicalworldtoday.com	2011	English	Egypt	JAR	news
204.176.38.137	hi-tech-today.com	2011	English		JAR	tech
204.176.38.139	bigscreenbattles.com	2011	English		JAR	films
204.176.38.141	rakotafootball.com	2011	English		JAR	sports, football	"Rakota" is an Indian family name
204.176.38.143	noticiassofisticadas.com	2011	Spanish		CGI	news
204.176.38.142	senderosdemontana.com	2011	Spanish		JS	sports, cycling	Talks about mountain biking and Eurobike 2010, so likely Spain focused, but it is not direct enough to be certain. JS unarchived.
204.176.38.144	techno-today.com	2011	English		JAR	tech	was legit previously.
204.176.38.145	tickettonews.com	2011	English		JAR	news	rdns source. Epoch times link.
204.176.38.146	dps-digitalphotosharing.com	2011	English		JAR	photography
204.176.38.147	theputtingreen.com	2011	English		JAR	sports, golf
204.176.38.149	sportsnewstodayar.com	2011	Arabic	Lebanon, others	JAR	sports	"ar" on domain name presumably means "Arabic"
204.176.38.159	kairuafricanews.com	2011	English	Africa	JAR	news	what is "Kairu"? en.wikipedia.org/wiki/Kairu a place in India? en.wiktionary.org/wiki/kairu "frog" in Japanese? rdns source
204.176.39.97	beamingnews.com	2011	Arabic		JAR	news	Nice design. rdns source
204.176.39.98	cubriendonoticias.com	2011	Spanish		JAR	news	archive quite broken. JAR unarchived. cqcounter.com/whois/www/cubriendonoticias.com.html not found.
204.176.39.100	rowleyworldpost.com	2011	English	Egypt, others	JAR	news
204.176.39.103	economicnewsbuzz.com	2011	Korean		CGI	finance	Love the kawaii style
204.176.39.104	spectranewsonline.com	2011	English		CGI	news	marked copyright 2010.
204.176.39.105	entertainmentnewscompany.com	2011	Chinese		SWF	films, music	Title: "娱乐新闻公司", lit. Entertainment News Company
204.176.39.110	arabnewsatdawn.com	2011	Arabic		CGI	news	cute, the Arab chick's ice cream actually has a cocktail umbrella on it. Marked copyright 2010. Here she is: www.shutterstock.com/image-photo/young-veiled-woman-reading-newspaper-eating-4836766 by Anneka. Pinged her privately on www.facebook.com/Anyka.Fotografie.
204.176.39.115	globalprovincesnews.com	2010	Arabic		JS	news	The largest HTML by far so far at 328 KiB
204.176.39.116	mahparah-news.com	2011	Farsi		JS	news
204.176.39.119	commercialspacedesign.com	2013	Farsi		CGI	architecture	C O N C E P T U A L design. A rare example of a fake company website.
207.150.191.68	kickofffootballnews.com	2010	English		CGI	sports, football	rss-item. archive quite broken, comms not found. "login" link web.archive.org/web/20100512232600/http://kickofffootballnews.com/login.html to unarchived, so CGI comms likely. cqcounter.com/whois/www/kickofffootballnews.com.html in-style.
207.150.191.68	mywebofnews.com	2011	Arabic		JAR	news	Split images ^[ref]^[ref]. `rss-items`.
207.150.191.68	technologypresstoday.com	2011	Farsi		JAR	news	split images, RSS
207.150.191.68	worldofonlinenews.com	2011	English		JAR	news	split images ^[ref]^[ref]. Later legit.
207.210.250.131	starrynightnews.com	2011	Arabic		JS	news	interesting design
207.210.250.132	aeronet-news.com	2011	English		JAR	airplanes
207.210.250.133	bakaribulletin.com	2011	English	Africa	JS	news	Bakari could either be a given name, or a village in Togo
207.210.250.134	deprensaenlarevisiondehoy.com	2011	Spanish		JAR	news
207.210.250.135	icwb-news.com	2011	English		JAR	news	ICWB stands for "Inner Circle Worldwide Business (News)", the title of the website
207.210.250.136	sportsreelhighlights.com	2011	English		JAR	sports
207.210.250.138	inquiry-human-past.com	2011	English		JAR	history
207.210.250.139	thefairwaysaregreen.com	2011	Thai		JAR	sports, golf
207.210.250.142	russiaupdate.com	2011	Russian			news	Older unrelated archive: web.archive.org/web/20010429003443/http://russiaupdate.com/. Visible but possibly cut title "Россия Обновление" (Russia Update)
207.210.250.143	archaeologyreview.net	2010	English		JAR	history, archeology
207.210.250.146	noticias-caracas.com	2011	Spanish	Venezuela	CGI	news	Caracas is the capital of Venezuela. But you knew that, right?
207.210.250.147	bailandstump.com	2011	English		JS	sports, cricket	"Bail" and "Stump" are the two parts of the thing your're supposed to hit with the ball in cricket.^[ref]
207.210.250.148	classicalmusic4arab.com	2011				music	The first words in the title are "كلاسيكيات الموسيقى العربية" (Arabic music classics)
207.210.250.149	globalventurestat.com	2008	English		SWF	news
207.210.250.152	al-rashidrealestate.com	2010	Arabic	Egypt	CGI	finance, real-estate
207.210.250.153	newsintheworld-ru.com	2011	Russian		JAR	news
207.210.250.154	news-unlimited.info	2011	English			news	"members" link visible so likely GI comms.
208.93.112.105	fastnews-online.com	2009	English		JAR	news	a.newslink
208.93.112.106	travelxtreme.net	2008	English		JAR	travel	split images
208.93.112.108	nbanewsroundup.com	2013	English		CGI	sports, basketball	quite broken with only HTML archived in 2013, but we're counting it due to coms link and IP range. cqcounter.com/whois/www/nbanewsroundup.com.html shows it well.
208.93.112.110	luxuryfive.net	2011	English			travel	Title: "Luxury five"
208.93.112.111	topfootballnewsonline.com	2011	English			sports, footbal	"Top Football News Online".
208.93.112.112	todaysportscores.com	2011	English			sports
208.93.112.114	dynamicworldnews.com	2011	English			news
208.93.112.116	gazingvoyage.com	2011	English			travel
208.93.112.123	garundipost.com	2011	English			news	TODO meaning of "Garundi"
208.254.38.39	todaysengineering.com	2011	English		CGI	engineering
208.254.38.56	nejadnews.com	2011	Arabic		JAR	news	rss, JAR unarchived
208.254.40.96	sixty2media.com	2011	English	Various	JAR	news	Epoch times link
208.254.40.99	newspoliticssource.com	2013	Arabic		JAR	news	One of the news mentions Snowden
208.254.40.110	musical-fortune.net	2010	English		CGI	music	images `/images/banner-02.jpg`
208.254.40.113	ashoka-gemstones.com	2010	English		JAR	jewelry
208.254.40.117	worldnewsandent.com	2010	Arabic	Egypt	CGI	mews
208.254.40.124	riskandrewardnews.com	2013	English		CGI	finance
208.254.42.194	it-proonline.com	2011	English		CGI	tech	images `/images/header_01.jpg`
208.254.42.205	driversinternationalgolf.com	2011	English		CGI	sports, golf
208.254.42.209	mardelsurnoticias.com	2011	Spanish		JAR	news	weird mixture of Portuguese and Spanish language external links
208.254.42.215	nowfreshfinances.com	2011	English		CGI	finance	CGI unarchived
208.254.42.216	circulatingnews.net	2010	English		JAR	travel
208.254.42.219	westingtonpassnews.com	2011	English		JAR	news
209.162.192.44	thejewelofsouthamerica.com	2010	Spanish		CGI	nature, birds	rss-item, split images. CGI unarchived but likely under the "Foro" (Forum) link. Talks about the Amazon river and rainforest which it refers to in the Spanish title of the English domain: "La Joya de Sudamerica" (The Jewl of South America).
209.162.192.49	rastadirect.net	2010	English		JAR	fansite
209.162.192.51	yellow-chair-report.com	2011	English		CGI	news	rss-item, split images. CGI unarchived likely under "Members" link.
209.162.192.57	globalnewsreports.net	2010	English		CGI	news	rss-item. Copyright 2008. CGI unarchived. Comms unarchived likely CGI under "Forum" link
209.162.192.59	easytravelsite.net	2009	English		CGI	news	Split headers. CGI unarchived, likely under "Login" link.
209.51.136.178	cellar-notes.com	2011	English		JAR	wine	rss, split images, JAR unarchived
209.51.136.178	the-news-scene.com	2011	English		JAR	news	split images, RSS
210.80.75.36	e-commodities.net	2011	English		JAR	finance
210.80.75.37	trekkingtoday.com	2011	English		JAR	sports, running	split images ^[ref]^[ref]. rdns source.
210.80.75.41	multinews-33.com				JAR	news	No archives of the HTML, but the JAR was archived
210.80.75.43	gulfandmiddleeastnews.com	2011	Arabic		JS	news
210.80.75.44	whirlybirdinflight.com	2011	English		JAR	helicopters
210.80.75.45	kings-game.net	2011	English		JAR	gaming, chess	JAR unarchived
210.80.75.46	topglobalnewsdaily.com	2011	English		JS	news
210.80.75.49	recipe-dujour.com	2011	English		JAR	cooking	nice design
210.80.75.53	sportsman-elite.com	2011	English			sports
210.80.75.55	philippinenewsonline.net	2010	Philippines		JAR	news
210.80.75.56	technewsforme.com	2011	Farsi		JAR	tech
210.80.75.59	goldeportesnoticias.com	2011	Spanish			sports, football
212.4.16.224	lanoticiasdehoyelinforme.com	2010	Spanish		JAR	news
212.4.16.232	mynewscheck.com	2011	English	Canada	JAR	news	rdns source
212.4.16.245	financial-crisis-news.com	2011	Russian	Russia	JAR	news	rdns source
212.4.16.252	minutosdenoticias.com	2010	Spanish		CGI	news	CSS
212.4.17.38	fightwithoutrules.com	2011	Russian		JAR	sports, combat sports	The photo on top middle can be seen e.g. at spfightingtalk.wordpress.com/2013/01/18/breaking-down-mixed-martial-arts-what-is-mma/. The fither on top is Mac Danzig, TODO find bottom one lazy now.
212.4.17.41	newtechfrontier.com	2010	English		CGI	tech	since became legit: newtechfrontier.com/
212.4.17.43	smart-travel-consultant.com	2011	Chinese		CGI	travel	ajaxtax.js may be of interest for fingerprinting. Title: "智能旅行顾问", lit. Smart Travel Consultant
212.4.17.46	atentlaloc.com	2009	English	Quatar, Lebanon, Israel, Iran	JS	jewelry	Tlaloc is an Aztec deity, and Aten is an Egyptian deity. Both appear to be somewhat linked to gold, thus their usage in a jewelry website. Creative domain name.
212.4.17.53	newsresolution.net	2010	English	Côte d'Ivoire, Lebanon, Sudan	JAR	news, UN Peacekeeping
212.4.17.56	lesummumdelafinance.com	2010	French	France	JAR	finance
212.4.17.98	topbillingsite.com	2011	English		CGI	films
212.4.17.122	b2bworldglobal.com	2011	English		CGI	news
212.4.17.125	worldaroundyunnan.com	2011	Chinese		JAR	news	rss, split images, JAR
212.4.17.160	localtoglobalnews.com	2010	English		JAR	news	rss, split images
212.4.18.14	football-enthusiast.com	2011	English	Europe	JS	sports, football
212.4.18.129	sightseeingnews.com	2010	English		JAR	travel
212.209.74.105	globalbaseballnews.com	2011	English		JS	sports, baseball
212.209.74.106	football-de-luxe.com	2010	French	France	JAR	sports, football
212.209.74.112	developmental-league.com	2010	English		CGI	sports, American football	CGI comms variant?
212.209.74.115	mediocampodefutbol.com	2010	Spanish		JAR	sports, football
212.209.74.117	myengineeringaffinity.com	2011	English		JAR	tech
212.209.74.122	atthemovies.biz	2011	English		JAR	cinema	Archive very broken with no text and rather only images in a table. But it has a link to unarchived JAR. The only .biz domain found so far as of writing. There are also some broken redirect archives from 2003.
212.209.74.123	worldfinancialexchangenews.com	2010	English		SWF	finance	SWF unarchived.
212.209.74.124	urouttahere.com	2011	English			Travel	The title means "you're out of here", a reference to this being a travel website. A closely stock image of the same child models is visible at: www.hammockbeach.com/play/kids-crew-resort-program/
212.209.74.125	avoilurefixe.com	2011	French	Tunisia	JAR	airplanes	"à voilure fixe" is French for "with fixed wing", i.e. fixed wing aircraft
212.209.74.126	headlines2day.com	2011	Farsi		JAR	news	marked copyright 2009
212.209.79.34	fgnl.net	2011	English	Iran	CGI	news	four letter domain! FGNL stands for "Farsi Global News Links" Marked copyright 2009.
212.209.79.37	fitness-sources.com	2010	English		JS	sports, fitness
212.209.79.40	hydradraco.com	2011	English		JAR	sports, American football	TODO meaning of the name?
212.209.79.41	noticiasdelmundolatino.com	2011	Spanish		JAR	news
212.209.79.42	suparakuvi.com	2011	French	France	JAR	news	a Tour Eiffel image, and young people stuff, i.e. first world stuff. It's for France alright. But TODO meaning of domain name? Ciro's second language French didn't cut it this time.
212.209.79.46	cetusdelph.com	2011	English		JS	sports, scuba
212.209.79.47	willtoworship.com	2011	English		JAR	religion, Christianity	marked copyright 2007
212.209.79.48	themvconnection.com	2011	English		JAR	music
212.209.79.51	pi-resources.net	2010	English		JS	private investigators	"pi" stands for Private Investigators. The CIA must have had some fun making this one.
212.209.79.53	ourscubaworld.com	2011	English		JS	sports, scuba
212.209.79.58	tech-love-home.com	2011	Chinese		JS	tech	Title: "消费类电子产品", lit. Consummer Electronics
212.209.79.60	first-solo-aviation.com	2010	English		JAR	airplanes
212.209.79.61	china-destinations.org	2011	Chinese		JS	travel	title: "中国目的地指南", lit. "China Destination Guide"
212.209.90.69	worldedgenews.com	2011	English		JAR	news
212.209.90.72	talkingpointnews.info	2011	English			news
212.209.90.74	globalinvestmentnews.net	2010	English		JAR	news	rss, split images
212.209.90.75	prebitinvestment.com	2011	English			finance	Title: "Pre-BIT Investment". TODO meaning of "BIT".
212.209.90.80	nsmovies.net	2010	English		JAR	films	"ns" stands for "Nirguna Saguna", two separate Hindu names/deities. But there are no other Indian references beyond those.
212.209.90.82	middleeastjournal.net	2010	Arabic		JS	news
212.209.90.84	thenewseditor.com	2011	English		JAR	news
212.209.90.87	newsandweathersource.com	2009	English		JAR	news	marked copyright 2009.
212.209.90.89	pakisports.com	2010	English	Pakistan	SWF	sports
212.209.90.90	vriha-aesthetics.com	2011	Arabic		JS	news
212.209.90.92	amishkanews.com	2011	English	India	JS	news	Amishka is an Indian name, plus some prominent mentions of Bollywood both point to India specifically
212.209.90.93	theentertainbiz.com	2011	English		JAR	entertainment
212.209.90.94	eurosportssummary.com	2011	English		JAR	sports
216.93.248.194	esmundonoticias.com	2011	Spanish		JAR	news	`rss-items`. Shares IP with kukrinews.com.
216.93.248.194	kukrinews.com	2010	English		JS	News	JavaScript with SHAs. Talks to `/cgi-bin/news.cgi`. A Kukri is the national weapon of Nepal. Slogan: "Nepal's Sharp Edge", thus matching the website name. Split image header. Copyright 2009. Shares IP with esmundonoticias.com.
216.93.248.194	lasthournews.com	2010	Urdu		jAR	news	split images
216.93.248.194	tech-geek-news.com	2010	Arabic		JS	news	Split images, rss-item. Comms unarchived. Wayback machine archive very broken but cqcounter.com/whois/www/tech-geek-news.com.html perfectly in style.
216.104.38.114	all-sport-headlines.com	2011	Arabic		JAR	news	split images ^[ref]^[ref]Arabic-looking alphabet, image only so can't Google translate easily.
216.104.38.114	wahidfutbol.com	2011	Arabic		JS	football	Wayback Machine very broken. cqcounter.com/whois/www/wahidfutbol.com.html somewhat in-style, but not very typical.
216.104.38.114	wildbirds-seasia.com	2011	English		JAR	nature, birds	Slit headers, rss-item. "Birds of Southeast Asia". Stock image match example at: fr.pinterest.com/pin/745627282030750518/, possibly a greater bird-of-paradise.
216.105.98.132	europeantravelcafe.com	2010	English			travel	rss-items, split images. Marked copyright 2009. Comms not found. There's a currency converter at: web.archive.org/web/20100724024644/http://www.europeantravelcafe.com/tools.html which could be suspicious. The "plan your trip" link links to a different website: secure-cert.net/~etc/transport.html which is unusual. A similar thing happens in intloil.org. That link was removed from the next archive: web.archive.org/web/20110201192245/http://europeantravelcafe.com/ which is quite funny, looks like a bug and is possibly a link used by the CIA operators to manage the website? "secure-cert.net" is obscure, the only other surviving online mention of it is www.leewillis.co.uk/wordpress-plugins/#comment-6513
216.105.98.134	fuenteneta.com	2011	Spanish			news	Google says: "Fuente neta" in Spanish translates to "truth" or "for real" in a colloquial, Mexican context, emphasizing the truthfulness of what is being said
216.105.98.135	ilat-news.com	2011	English			news	The domain stands for : "International Law Enforcement & Anti Terrorism", also on page "Law Enforcement and Anti Terrorism news".
216.105.98.136	etherealinspirations.net	2011	English			religion	Title: "Ethereal Inspirations"
216.105.98.137	the-news-zone.com	2011	English		JAR	news	There is a broken archive: web.archive.org/web/20130814194744/http://the-news-zone.com/ which contains just the middle frame. But by chance the broken JAR link was there further confirming the hit!
216.105.98.139	cultura-digital.net	2008	Spanish		CGI	news	Marked copyright 2008. Previously legit.
216.105.98.140	uaeshoppingspree.com	2013	English	UAE	JAR	shopping	Archive quite broken, but has link to unarchived JAR. Has an unusually personal touch "As you can probably tell from the title of my website, shopping is my very favorite pastime." cqcounter.com/whois/www/uaeshoppingspree.com.html shows it well.
216.105.98.144	garanziadellasicurezza.com.	2011	Italian		JAR	commercial	The archive is quite broken with toplevel archiving a frame rather than the actual website. JAR unarchived. web.archive.org/web/20110822020341/http://www.garanziadellasicurezza.com:80/news.html has rss-item. I'm counting this one it's too much.
216.105.98.145	montanismoaventura.com	2012	Spanish	Spain	JS	sports, mountaineering	JS unarchived. Marked copyright 2010. More visible archive at: cqcounter.com/whois/www/montanismoaventura.com.html
216.105.98.146	large-format-news.com	2011	English			photography
216.105.98.147	nepalnewsbrief.com	2008	English	Nepal	JAR	news	Marked copyright 2006 (!) Registered 2007-01-18.
216.105.98.148	teclafinance.com	2011	Chinese			finance	CQ Counter screenshot rather broken but in a similar way as another Chinese website: cqcounter.com/whois/site/activegaminginfo.com.html so it seems that simply their screenshot mechanism of the time didn't have proper Chinese encoding support. The title is "特科拉财经" which Google Translate translates to "Tekola Finance", the first word apparently being the phonetic transliteration of a foreign name, but it is unclear what it references exactlyh.
216.105.98.149	entreman.com	2011	Englsh		CGI	business	Comms unarchived. Marked Copyright 2011. Archive a bit broken, original styling more clearly visible at: cqcounter.com/whois/www/entreman.com.html. Tis is the only website found so far that stores its custom fonts on the site e.g. /M-1c-fontfacekit/mplus-1c-black-webfont.svg. Stock of office workers at: www.shutterstock.com/image-photo/presentation-business-people-working-office-2-4767229 by Marcin Balcerzak. Light bulb stock at: www.bigstockphoto.com/image-4406416/stock-photo-money-light by PhilipO.
216.105.98.152	modernarabicnews.com	2013	Arabic		JAR	news	HTML archive quite broken, but JAR was archived thankfully. cqcounter.com/whois/www/modernarabicnews.com.html shows it well. Original title: "أخبار عربية حديثة قياسي"
216.105.98.153	global-headlines.com	2011	English			news	Was a legitimate WordPress website for a while in 2020.
216.105.98.154	everythingcricket.org	2011	English		JAR	sports, cricket	Also has archives from 2009, but they were a bit broken. The 2011 one is marked copyright 2011, so they actually bothered to updated that.
216.105.98.156	familyhealthonline.net	2011	English		CGI	health
216.105.98.157	delacorne.com	2011	French			news	The title is french "Corne de l'Afrique Nouvelles" and "de la Corne", the French name for the Horn of Africa. So French but not France.
216.105.98.158	econfutures.com	2011	English			finance	Africa focus. Stock image source: www.istockphoto.com/photo/asian-helpdesk-support-operator-gm147050715-12052374 by imabase
219.90.61.110	surya-brahma.com	2011	Spanish		JAR	news	Surya and Brahman are Hindu concepts, but the website appears to have nothing to do with India or Hinduism. Interesting.
219.90.61.111	classicalmusicboxonline.com	2010	English		CGI	music
219.90.61.116	athletepro.net	2010	English		JAR	sports
219.90.61.117	lajornadanow.com	2010	Spanish		JAR	news
219.90.61.119	aviation-navigation.com	2011	English			aviation
219.90.61.120	theinternationalworld.com	2011	English		JAR	news	rdns source. `rss-items`.
219.90.61.121	thepyramidnews.com	2011	Farsi	Iran	JAR	news
219.90.61.122	iran-newslink-today.com	2011	Farsi	Iran	JAR	news
219.90.61.123	journeystravelled.com	2011	English		JAR	travel
219.90.62.229	information-junky.com	2011	English	Ghana	JAR	news
219.90.62.231	todosperuahora.com	2011	Spanish	Peru	CGI	news
219.90.62.233	theworld-news.net	2010	Urdu		CGI	news
219.90.62.234	recuerdosdeviajeonline.com	2011	Spanish		SWF	travel	marked "Copyright 2009"
219.90.62.235	ordenpolicial.com	2011	Spanish	Spain		news, security
219.90.62.237	elcorreodenoticias.com	2011	Spanish	Venezuela	JAR	news
219.90.62.238	freshtechonline.com	2011	English		CGI	tech
219.90.62.240	cityworldnewsnow.com	2011	English			news	Has subdomain secure.cityworldnewsnow.com so likely CGI comms. in-style, arab world mentions.
219.90.62.241	newscentertoday.com	2011	English		JAR	news	Copyright 2008. rdns source. `rss-items`. Later legit. In 2016: The domain name you have entered is not available. It has been taken down because the email address of the domain holder (Registrant) has not been verified..
219.90.62.242	ride-captain.com	2011	English		JAR	sports, motorcyles
219.90.62.243	fitness-dawg.com	2021	English		JAR	sports, fitness	Original Reuters article sample. Pushup dude stock: www.istockphoto.com/photo/sweating-young-man-doing-push-ups-gm115455429-645125 by Mike R. Manzano, pinged at: x.com/cirosantilli/status/1899750172260806711. Dude was an ex-Sr. Software engineer at Coinbase from 2019-2022, he likely retired with the Bitcoin boom already legend. Still making apps as of 2024 though: www.facebook.com/leftspin. Dog at: www.istockphoto.com/photo/english-bulldog-gm92095947-2629950 by GlobalP.
219.90.62.244	easytraveleurope.com	2012	English		JAR	travel	nice design
219.90.62.245	world-news-now.net	2011	English		JAR	news
219.90.62.246	negativeaperture.com	2011	English		CGI	photography	nice domain name
219.90.62.247	conquermstoday.com	2011	English		CGI	health	MS means multiple sclerosis. Comms not found, CGI from unarchived subpage assumed. Has a subdomain "heal.conquermstoday.com" according to 2013 DNS Census, but no links to it in the archive.

 Read the full article

CIA 2010 covert communication websites / Oleg Shakirov's findings  Updated 2025-05-29  +Created 1970-01-01

 View more

Starting at twitter.com/shakirov2036/status/1746729471778988499, Russian expat Oleg Shakirov comments "Let me know if you are still looking for the Carson website".

He then proceeded to give Carson and 5 other domains in private communication. His name is given here with his consent. His advances besides not being blind were Yandexing for some of the known hits which led to pages that contained other hits:

moyistochnikonlaynovykhigr.com contains a copy of myonlinegamesource.com, and both are present at www.seomastering.com/audit/pefl.ru/, an SEO tracker, because both have backlinks to pefl.ru, which is apparently a niche fantasy football website
4 previously unknown hits from: "Mass Deface III" pastebin. He missed one which Ciro then found after inspecting all URLs on Wayback Machine, so leading to a total of 5 new hits from that source.

Unfortunately, these methods are not very generalizable, and didn't lead to a large number of other hits. But every domain counts!

 Read the full article