Find the ip address of a seized website
So your favorite site is now displaying the following message:
This domain name has been seized by ICE – Homeland Security Investigations
In this example we will use the recently seized domain “torrent-finder.com”.
What “ICE” have done is changed the IP address that the domain resolved to, to one of their own.
The easiest way to see what the IP address currently is, is by using the “ping” command:
[hm2k@server~]$ ping torrent-finder.com
PING torrent-finder.com (74.81.170.110) 56(84) bytes of data.— torrent-finder.com ping statistics —
1 packets transmitted, 0 received, 100% packet loss, time 0ms
We can see that “torrent-finder.com” domain currently resolves to the “74.81.170.110” IP address.
We know this is the incorrect IP as visiting 74.81.170.110 in your browser beings up the “seized” notice.
So what’s the real IP? Here’s how you find out:
First of all you need to Whois the domain name. There are various ways you can do this, from using a program to sending raw commands to the whois server yourself. In this case we will use a whois website:
The Whois record should show the following details which we will find useful:
Domain servers in listed order:
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM
Now, here’s what you do to find the right IP:
[hm2k@server~]$ nslookup torrent-finder.com NS51.DOMAINCONTROL.COM
Server: NS51.DOMAINCONTROL.COM
Address: 216.69.185.26#53Name: torrent-finder.com
Address: 208.101.51.57
So, there you have it: the real IP. Let’s just check that by visiting 208.101.51.57 in our browser.
Ah yes, that’s it, the real site pops up.
Now it’s up to you. To make life easier for yourself you could now go ahead and add these newly found details to your hosts file so you don’t have to look them up again.
It doesn’t work!?
Unfortunately, this doesn’t work for every domain as “ICE” seem to have changed some domains (eg: cartoon77.com) to have NS1.SEIZEDSERVERS.COM and NS2.SEIZEDSERVERS.COM as the name servers.
A little set back, however a little fishing on Google and you will soon come across the correct name servers.
[hm2k@server ~]$ nslookup cartoon77.com NS1.DNSPOD.NET
Server: NS1.DNSPOD.NET
Address: 121.12.116.83#53Name: cartoon77.com
Address: 174.137.55.5
Again, that’s the real IP. However, with this one you’ll have to add it into your hosts file for this to work, which should look like this, for example:
174.137.55.5 cartoon77.com
174.137.55.5 www.cartoon77.com
Hey presto! Get to your favorite seized sites in a couple of clicks.
Update
Based on this I have now started a project that provides you with an alternative hosts file as a work around.
Enjoy!
Warning: Declaration of Social_Walker_Comment::start_lvl(&$output, $depth, $args) should be compatible with Walker_Comment::start_lvl(&$output, $depth = 0, $args = Array) in /Users/wade/Sites/hm2k.org/wp-content/plugins/social/lib/social/walker/comment.php on line 18
Warning: Declaration of Social_Walker_Comment::end_lvl(&$output, $depth, $args) should be compatible with Walker_Comment::end_lvl(&$output, $depth = 0, $args = Array) in /Users/wade/Sites/hm2k.org/wp-content/plugins/social/lib/social/walker/comment.php on line 42
Just what I was looking for thanks for this.
You sir are a tech-God. I’ve started to post your info all over the place in the hope of defeating these fascists.
Thank you so much, and I hope the DeICEr Project isn’t too time-consuming for you.
Wow, Thank you soooo much for posting this!
And thanks Rob8urcakes 😀 for linking me here!
[…] their page. It’s not a hard thing to get around, but you need a bit of technical savvy, or instructions. (If you are the paranoid type, you might want to save those instructions in case the next time […]
The hosts file at the link includes quite a few 127.0.0.1 entires. How will those get around the seisures? Or are they sites that are not available at all, and the 127.0.0.1 entry is to prevent you having your ip address harvested?
add this to your hosts file:
88.80.11.29 atdhe.net
88.80.11.29 http://www.atdhe.net
67.212.67.250 rojadirecta.com
67.212.67.250 http://www.rojadirecta.com
67.212.67.250 rojadirecta.org
67.212.67.250 http://www.rojadirecta.org
94.247.172.115 torrent-finder.com
94.247.172.115 http://www.torrent-finder.com
What is with all the loopbacks? Especially the ones that break known sites and conflict with some in the file like this…
208.101.51.57 torrent-finder.com #ns51.domaincontrol.com ns52.domaincontrol.com
127.0.0.1 http://www.torrent-finder.com #ns51.domaincontrol.com ns52.domaincontrol.com
Is someone poisoning the project?
[…] access a site whose domain was seized by typing the IP address of the site into the navigation bar. Here are instructions on how to find the IP address of a website that has been seized. […]
hi
How to get ip address of a user through comments ,if a user commented on website
without admin rights?
for eg-here i am commenting on this website,and if someone else want to know my
ip address through this comment ??
is it possible?
if yes please provide me the easiest method.
[…] project for example which was setup last year to work around sites seized a domain level. The accompanying blog post offers a way to access the information from such a seized site. Chinese users, who typically have […]