What is Reddit's opinion of ViewDNS.info?

From 3.5 billion Reddit comments

Did a reverse lookup on globalresearch.ca

The WHOIS didn't show anything interesting, but the IP address....

http://viewdns.info/reverseip/?host=104.24.3.84&t=1

Domain Last Resolved Date

essentialsoftskin.com 2017-07-30

gcefresh.com 2017-07-30

gcslim.com 2017-07-30

globalresearch.ca 2017-08-02

miracleafricanmango.com 2017-07-30

nitricdominator.com 2017-07-30

readovka.ru 2017-08-02

secretskinsuccess.com 2017-07-30

slimcoffeecaps.com 2017-07-30

slimgce.com 2017-07-30

testoboostxl.com 2017-07-30

thinmangosecret.com 2017-07-30

wihardja.com.sg 2017-07-28

A bit more digging on registered websites.

Image
OR
Aphria

If you're bored or curious, play around with it yourself. Just enter a company you are interested in.

Tweed Inc

psst! /u/droots2 & /u/reibl12 you like this kinda stuff

if it is their first time seeing that domain, the website calls for the domain records

http://viewdns.info/dnsrecord/?domain=opayq.com

and sees the obvious mx.junkemailfilter.org redirect to a known disposable email website

Proof is in the pudding...

"Between November 2010 and May 2011, the US Department of Justice (DoJ), under many banners including the US Immigration and Customs Enforcement (ICE) and the Federal Bureau of Investigations (FBI), seized over 140 domain names from sites allegedly engaged in the 'illegal sale and distribution of counterfeit goods and copyrighted works' or other illegal activities. But what exactly happens when domains are seized in such a manner? This article provides insight into the takedown process as well as providing a unique look into the DoJ's domain name graveyard."

EDIT: BTW the US has TOTAL control of the TLDs .com, .net, and .org, meaning that moving your domain names under those TLDs to other countries will NOT protect you from domain name blocking/seizure by the DoJ. They don't even need to invoke SOPA.

Some unfortunate realities:

• It's really easy to get a lot of sites to leak their IP addresses via a variety of targeted side channels (like pingbacks or image thumbnailing or contact forms etc), especially things like WordPress.
• IP history sites are a thing (like http://viewdns.info/iphistory/ or Robtex)
• Even if you put a firewall on your server, it doesn't really matter if you get hit with a volumetric DoS. The traffic has to be dropped a lot earlier (on a network with a bigger pipe) in order not to suffer the effects. Luckily the chance of randomly being targeted by a volumetric DoS is not very high.

Thought I'd attempt to give myself a smile on this dreary sector stock day. (Oh um, excluding the regulations that were released, it appears they're pretty damn good overall.)

Anyhow, instead of a smile I am left scratching my head. Is someone playing games with Aphria?

Image grab or visit direct link

Odd. This says otherwise:

http://www.greatfirewallofchina.org/index.php?siteurl=reddit.com

Are you on a VPN or something?

EDIT: Another test here returns the opposite result:

http://viewdns.info/chinesefirewall/?domain=reddit.com

So I'm guessing if there's a mistake being made here, it's non-trivial.

EDIT x2: This says it is blocked.

http://www.blockedinchina.net/?siteurl=reddit.com

So anecdotal evidence and one web-test says it's not blocked, and 2 other web tests says it is. Odd.

> individual pages

Also the wikipedia subdomains don't seem to be in the DNS record. It seems the webserver is routing subdomain requests if I'm not mistaken. Meaning you can only block the whole domain via DNS block.

http://viewdns.info/dnsreport/?domain=wikipedia.org

It looks like some domains that legitimately link to valid Trump sites are registered with that typo:

http://viewdns.info/reversewhois/?q=Trump+Orgainzation

Note trumpescape.com and trumpnews.com both forward to the seemingly-valid trumphotels.com, with the referrer domain indicated in a query.

No need to panic from looks of things:

IP for ceretropic.com: 192.200.179.16

IP for store-htchdgxs.mybigcommerce.com: 192.200.179.16

IP used for ceretropic.com since at least 19th September (incidentally, this is Talk like a Pirate day).

I would imagine something has happened with their Big Commerce account (SSL certificate expired), and so the site redirects to the BigCommerce subdomain.

EDIT: I feel confident that the bigcommerce URL is fine. I can't attest to these two domains however:

IP for 5edge5.com: 109.201.132.10 (Netherlands) (redirects to bigcommerce.com when you try to login)

IP for zgjdyhxt.com: 104.18.41.186 (IP owned by cloudflare, could be obscured now)

I'd be especially worried if I owned one of the other 1000+ domains hosted on the same server at JustHost! What are the odds that the box itself is compromised?!

Well how about this then. I RAN THE TRACE MYSELF!

http://viewdns.info/iphistory/?domain=www.sjwiki.org

http://viewdns.info/iphistory/?domain=www.laurelai.info

http://viewdns.info/iphistory/?domain=www.starrevolution.org

All three of these sites WERE in fact at one point on the same IP. Did I somehow fake that?

We find the origin web server at:

194.247.45.66.in-addr.arpa domain name pointer btc-e.com

OrgName: Interserver, Inc OrgId: INTER-83 Address: 110 Meadowlands Pkwy Address: 1st Floor City: Secaucus StateProv: NJ PostalCode: 07094 Country: US

We can verify the sanity of this claim using a publicly available DNS history tool, which shows that in 2012 the service was directly hosted at Interserver (though at a different IP address), a cheap web and dedicated host in New Jersey, United States, before they moved it behind the CloudFlare proxy. It's more than likely it stayed there until it was taken down.

http://viewdns.info/iphistory/ might work to get the old IP address. No need to use another domain, simply add a line or two to your hosts file and point the current domain to the old IP address on your machine only.

Site was only privately registered on 4/9 too. Fishy, considering the other rapid responses have been around longer. I think this is an attempt to confuse people with incorrect info and diminish any actual marches.

http://viewdns.info/whois/?domain=Projectredline.org

Could be more of the same shady Russian/Republican tactics.

edit: After more investigation I'm not as convinced this is posted in bad faith, but probably better to just go with the existing sites you can find by searching "Mueller rapid response"

Let's maybe not fall too far down the conspiratorial rabbit-hole. Take a quick look at the Reverse IP Lookup and there are hundreds of websites that share the same domain as the Save Vancouver page. See for yourself: http://viewdns.info/reverseip/?host=savevan-2018.com&t=1

And I say this as someone who's no fan of the NPA and agree that Bremner's got too many developer ties.

It could also be that the owner let it exipre, but the server is still active. If so, there may the the chance that you could look up the IP adress of where the domain used to point to, then on your machine put an entry in your hosts file so it forces the browser to go to the old ip when you hit the domain. If so, you may be able to at least go grab your old data.

Another alternative, check archive. org to see of they have any content archived.

EDIT: see here for old IPs http://viewdns.info/iphistory/?domain=morningpages.net

I don't have that POST request at all, here's what I'm seeing.

External requests like you're making to Facebook have never been particularly sprightly, but the biggest performance factor here is that your site is hosted on a fairly heavily oversold shared server.

I'd like verification that NYT is banned in China. Let's count all parts of China, including Hong Kong. Perhaps the ban expired and Chinese users are suddenly flooding in. Perhaps Alexa broke their GEO location system.

By the way, is Alexa gathering this data from ISP snooping or what?

Edit: looks like they're blocked from mainland China (source) but Hong Kong isn't subject to the great firewall.

This is a shared hosting cpanel server hosted at hostgator, there are a lot of domains on it http://viewdns.info/reverseip/?host=192.185.46.76&t=1

edit: it's a subaccount of thelazymama.net - this domain resolves http://sherripapini.thelazymama.net/ so I guess she hosted the site on behalf of someone...

that is unrelated to his problem, VAC auth errors have nothing to do with visited sites.

Anyways, simple domain lookup returned:

• IP: 66.96.149.1

Reverse ip lookup returned hundreds of thousands domains linked to that static cache server: http://viewdns.info/reverseip/?host=66.96.149.1&t=1

Chances are there is something russian govt doesn't like in there.

it's under new domain now with https we will post it later as a new post. Its https://www.myetherwallet.com/ you can verify its hosted at github by using http://viewdns.info/dnsrecord/?domain=myetherwallet.com last two A record IPs are owned by github for their custom domain hosting! let us know if you run in to any issues

I've used http://viewdns.info/reversens/?ns=pan.spacex.com that is the 4th that i've found, seams that the others are on a different DNS. The 4 domains that /u/Traumfahrer said about, their names server that propagates the domain is the spacex.com servers via pan.spacex.com and tyche.spacex.com.

Yea, this guy has read some articles and is trying to talk himself up to a league that is at least 4 or 5 steps higher than his understanding.

> And governments control the DNS.

Yes, some govts do control the nameservers. The link goes to an article about the DOJ seizing domains... By asking the registrar via court order to hand them over. There is a huge step between a govt 'owning' the DNSSEC keys for a TLD and a govt (using the laws and courts of their country) having a private company redirect a domain that uses a TLD that country controls. Now I am not arguing the laws are correct, just what they did.

> Had DNSSEC been deployed 5 years ago, Muammar Gaddafi would have controlled BIT.LY’s TLS keys.

This while possibly true (I do not know Libya's TLD setup and contracts) is not a flaw in DNSSEC, but a reminder that you may not want to use a TLD for a country you do not trust. Just like I would not store my savings in a Libyan bank, I would not trust them with my domain names.

The funniest part is he is trying to complain about the USG having control over DNSSEC yet he fails to mention the 1 thing they do technically have control over... The location of the signing keys for the root zones... There are 2 locations, both on military bases in the US (to be protected from physical attack). However the actual key holders that are required to change the keys are not not all from the US and it takes multiple people to change the keys. It is actually a very interesting read if you like that kind of thing, read all about it at http://www.root-dnssec.org/documentation/

> Apparently they were registered by the same company that registered Nintendo's own website

Anyone can use that company to register a site. That's why they also registered a bunch of porn sites

http://viewdns.info/reversewhois/?q=CSC+Corporate+Domains

Puhh....
Du müsstest den ältesten Nameserver Eintrag mit der Subdomain finden...
Dazu kenne ich nur Tools die dir das für Hauptdomänen anzeigen, keine Subdomains.

Und WhoIs zeigt nur das letzte Änderungsdatum...

Das Problem ist ja, das die Subdomains in den lokalen Nameservern erstellt werden. Das propagiert ja nicht allzuweit, und hat somit keine Public Records...

Knifflig.

I am wondering how 'Reverse IP Lookup' works; for example here: http://viewdns.info/reverseip/?host=serverfault.com&t=1

• it lists all domains on the same 'hosting'?
• is there an internal database on viewdns.info which is needed for this to be possible?
• is there any way to achieve the same result with dig?

Complete List Of Domains Owned By The Guy

Seems like he's a techie

You can run a whois on each of these domains.

All the best

• Double check permissions
• If its a client hand over, make sure the production version can add new plugins (if that is the intention) and can upload media (two things that need correct permissions)
• Make sure you aren't using "admin" as a username, nor the name of your site as your login name - both common attack vectors.
• Analytics switched on and working (verify in analytics page)
• A and C Name records correctly set and propagated (use something like http://viewdns.info/)
• HTTPS enabled (Chrome, and soon Firefox are becoming more strict around this, especially if you have a login form anywhere on your site). If you have enabled HTTPS, verify with https://ssllabs.com/ssltest/ .
• Turn off comments, unless you really want comments
• Test your contact form on the production server (common enough for the mail server not to be correctly configured - better still, use something like mailgun)
• Speed test (optional) with https://tools.pingdom.com
• Submit site maps to Google, Bing and Yahoo
• Add your new property (ie site) with Google webmaster tools
• Set up scheduled backups with whatever system suits best for your situation
• Add uptimerobot (uptimerobot.com)

Other domains registered to T&C Network Solutions:

playoverwatch.us surely belongs to blizzard just look at this it's reverse whois of blizzard domains that don't have whois guard. Do you really think that they wouldn't register playoverwatch.us when they have diablo 7 domains?

Ah no it's fine, I host all my sites/startups on there, I have nothing to hide, these are the other domains. I'm not doing any shady stuff, so happy to share. These are mostly my 12 startups (https://levels.io/12-startups-12-months/)

http://viewdns.info/reverseip/?host=178.79.152.100&t=1

Domain Last Resolved Date

appletablet.net 2015-06-01 (dead)

asustablet.com 2015-06-05 (dead)

blameparis.com 2015-05-24 (my friend's portfolio site)

drumandbasstshirt.com 2015-03-23 (dead)

dubstepshirt.com 2015-03-23 (dead)

gofuckingdoit.com 2015-03-23 (12 startups)

nomadlist.com 2015-03-23 (12 startups)

playmyinbox.com 2015-05-28 (12 startups)

retakemanhattan.com 2015-03-23 (my music album)

startup-video.com 2015-03-23 (my friend's site)

startupretreats.com 2015-03-23 (12 startups)

Not from what I can tell. edit: news article.

> I swear when I checked http://viewdns.info/chinesefirewall/?domain=github.com a few hours ago, it said that Github is blocked in China. Very Strange.

The status on that website seems to vary with each refresh, weird. Could ask a guy on IRC that’s in China though.

Edit: github.com seems to have two IPs, and that website only checks one of them at a time so when the other one is resolved it will fail.

> As for my other points, it seems like you know Github much better than me, and I stand corrected. I read further in the Github documentations. Organizations are a far more powerful tool than I thought, and I didn't know about all those APIs. > Thank you for your helpful response, I should have researched more before judging Github.

Yeah, you can do quite a lot of cool things with them, for instance I have a service on my server that get’s a notification whenever anyone pushes to the GitHub repos and pulls the changes into the mirrors on my server.

(Have yet to do the other way around though.)

I recommend using http://dns.he.net

Free dns by one of the largest transit providers in the world. You can see a DNS report on a domain using thier DNS here - http://viewdns.info/dnsreport/?domain=viewdns.info

FYI, the link to your portfolio site doesn't work. There doesn't appear to be an A record (meaning the hostname of mila-carter.com doesn't actually point to an IP address in the DNS record).

http://viewdns.info/ismysitedown/?domain=mila-carter.com

Where is this list? I also know the Mire Good Foundation owns over 400 domains registered and they get funding from the LDS church.

Edit: sorry that's the More Good Foundation not Mire.

Link to list.

Last update from the OP:

"I've done a reverse whois lookup on their website, and found a ton of domains registered under the same email (not same IP) in their whois. the domains look super damn scammy by the way, you can check them out yourself here: https://i.imgur.com/HG31eie.png And for the actual list if you don't wanna see a picture, here: http://viewdns.info/reversewhois/?q=xiangliao%40gmail.com I got the email from: https://www.whois.com/whois/btcgpu.org BTG is, without a doubt, a complete scam."

fakebitcoin.net 2017-03-25 GODADDY.COM, LLC fakebitcoin.org 2017-03-25 GODADDY.COM, LLC

literally part of that list mentioned by op; http://viewdns.info/reversewhois/?q=xiangliao%40gmail.com

we need to reiterate and red flagging every coin mentioned on that lists all over the place now.

I am wondering how 'Reverse IP Lookup' works; for example here: http://viewdns.info/reverseip/?host=serverfault.com&t=1

• it lists all domains on the same 'hosting'?
• is there an internal database on viewdns.info which is needed for this to be possible?
• is there any way to achieve the same result with dig?

Add an entry (or a few) for the IP address of www.example.com in /etc/hosts and it will redirect as long as it's in there. For example, http://viewdns.info/dnsrecord/?domain=pihole.net and look at the "A" record/"type" for the IP address.

The site seems to still be running at 70.32.73.25 but the links are all fully-coded to feministe.us and www.feministe.us and broken because of the DNS (as is 70.32.73.25/blog won't load but it's there).

I put feministe.us and www.feministe.us in my hosts file and it loads.

So if someone buys the domain and sets the DNS to that IP it might come alive again.

Ref: http://viewdns.info/iphistory/?domain=feministe.us

And this is different from what we already do in the USA?

http://viewdns.info/research/inside-the-dojs-domain-name-graveyards/

> it's very likely

How would you know at this point? ICANN doesn't control that anyway. The registrars control that.

--Sorry this is kinda scattered, just typing off the top of my head:

I would look at other social media accounts too. I've seen people find a target's circle of friends, then create a near exact copy of the friend's Google+ account (for example) and use that to contact them. If they copy pictures, pretty sure the picture shows up in the recipient's email too. Plus, if you follow someone on Google+ you can text them through Google Hangouts without knowing their number.

Maltego is a good resource. Not exactly a website, but uses publicly accessible web stuff.

Any photos can be helpful, so Instagram, Tumblr, whatever. Check for metadata that might reveal location data.

You can often pull street addresses and potentially spouse information from local government GIS databases which have property tax info.

If you're close enough to them (physically) to pick up their wifi, you can look at what SSID's they're beaconing to see where they have previously connected to wifi (e.g. Hooter's Wifi -- send Hooter's 'offer').

http://www.opensecrets.org tracks political contributions by individual, which can clue you into which campaign

Court records might be useful, especially if they have any pending actions, or anything embarrassing in their past.

You can use http://viewdns.info/ to do a reverse whois and find any domains that might be registered to their name or their email address.

Local libraries might have access to LEXUS/NEXUS, which is pay-walled and not indexed in a typical Google search. Also, you can run a background check on them, or even buy their personal info on .onion, like ssn, DL#, CC#, etc.

I swear when I checked http://viewdns.info/chinesefirewall/?domain=github.com a few hours ago, it said that Github is blocked in China. Very Strange.

As for my other points, it seems like you know Github much better than me, and I stand corrected. I read further in the Github documentations. Organizations are a far more powerful tool than I thought, and I didn't know about all those APIs.
Thank you for your helpful response, I should have researched more before judging Github.

I've just performed some tests from china and everything seems to be fine on various sources.

You're an idiot. China's firewall is the same nationwide.

http://viewdns.info/chinesefirewall/?domain=www.sina.com.cn

>By the way, you can call of your internet water army. If you haven't gotten caught yet for sockpuppeting and vote brigading, you will soon enough.

hahahahahahaha. let me correct myself, you're not just an idiot, you're a fucking deluded idiot.

DNS stands for Domain Name Server. Basically what it does is convert a hostname like google.com or phrack.org into an IP address like 127.0.0.1. Well, it's a bit more complicated than that, but that's the main idea. Right now you're probably using your ISP's DNS servers. This can be a problem if you're from a country like Egypt or China. Check out this article on DNS cache poisoning: http://viewdns.info/research/dns-cache-poisoning-in-the-peoples-republic-of-china/.

DNS cache poisoning is when a device along the path of a returning response of a DNS query is changed into something else. Let's say you typed in your browser google.com, and instead of giving you one of the correct IPs like 74.125.230.230 it gave you 66.29.212.73. Your ISP does this in a way too..check out the link.

You can perform a DNS Record Lookup if you like to view the individual records that exist for each domain name. As meekamo has already described the meaning of the most common ones, theres no point repeating that. The full list of DNS record types can be found at http://en.wikipedia.org/wiki/List_of_DNS_record_types