This morning we were surprised by the recent news announcing that Cloudflare is going to shut down the popular website 8chan (8chan.net) from their infrastructure.
Created in 2013 by Fredrick Brennan and envisioned as a free speech utopia (an irony of what it is now), 8chan is a website where users can create and moderate “boards” on topics ranging from video games, politics, or anime.
Most of its participants and members publish content anonymously, and according to the website’s conditions the only “rule” is to avoid publishing content that is labeled as illegal in the US, for example child pornography.
Reading that, you might think it doesn’t look too harmful, right? The thing is, 8Chan has become much more than just a community with their boards. Due to the lack of moderation and their claims of anonymity, it is now one of the most popular places on the Internet to share hatred, violence, terrorism, white-supremacist, and intolerance-based messages.
The Christchurch massacre in New Zealand, the attack on a synagogue in Poway, California, and the shooting this past weekend in El Paso, Texas are not only acts of hatred and violence against ethnic minorities innocents, they share another interesting fact: the three attackers’ manifestos were announced in 8chan boards.
All the related hatred speech shared by the suspects of these three massacres over this social network alarmed legal authorities, and of course, this was directly related to Cloudflare, the popular service that offers proxy services and DDOS protection to 8Chan.
In a new blog post titled Terminating Service for 8Chan¹, Matthew Prince, current CEO of Cloudflare, stated literally:
“We just sent notice that we are terminating 8chan as a customer effective at midnight tonight Pacific Time. The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit”
What’s next? Based on our previous investigations of similar websites such as when Cloudflare kicked off The Daily Stormer from their service, it’s pretty logical that they will start receiving a lot of DDOS attacks.
Tracking 8chan domain history
We thought it would be interesting to do a quick research on the 8chan DNS history, where they have been, what providers support their infrastructure, and probably discover who’s the next hosting provider, or anti DDOS service they will be using.
Our enterprise-platform, SurfaceBrowser™ has the perfect tools and features to investigate this.
Stay in the loop with the best infosec news, tips and tools
Follow us on Twitter to receive updates!Follow @SecurityTrails
Current 8ch.net DNS records
As you can see, at the time of writing, 8ch.net is still pointing to Cloudflare NameServers, clearly evidenced by these records. Further down, you can see there are two CNAMES pointing to the 8ch.net website: www.8chan.co and www.noviden.net.
While analyzing their DNS historical records, we found that they’ve been using Cloudflare since 4 years ago:
Web Hosting provider
Before enabling Cloudflare, they were using a web hosting provider called N.T. Technology, Inc, and chances are that the real hosting provider is still the same company, seeing as they are the ones controlling the MX records to the present day.
After further research, we found that N.T. Technology Inc. is operated by the same owner as 8ch.net, Jim Watkins. This detail is also evident in their SOA records:
Exploring the NS records found for ns1 and ns2.nttec.com gave us enough information about other related websites to Jim Watkins, including another “chan” domain name: 9ch.net (not active right now), as well as many other projects:
When it comes to subdomain mapping, our subdomain scanner found there are at least 23 active subdomains, and all of them point to Cloudflare at the moment.
Whois historical records
Exploring the current WHOIS records showed ‘REDACTED FOR PRIVACY’ texts instead of the real owner information. Browsing the historical Whois timeline led us back to 2014 to the latest known details about the whois information on this domain name.
In this case, it’s not really needed because due to the public implications of 8chan.net in hatred, white-supremacy speeches, and related stuff, it’s publicly known that the site is operated by Jim Watkins.
The historical Whois feature is really useful when you are chasing down unknown actors behind domains involved in different types of cybercrime.
Hatred is a never-ending story, in both offline and online reality. Unfortunately, there are a lot of other providers that are willing to host and protect these types of questionable websites.
Cloudflare has been accused many times of helping pirates and other types of crime-based websites because of their proxy services. It’s clear that they have a commitment with their moral obligations as a service provider, something that was really direct in their original service termination notice released on their blog. Although there was a lot of controversy around this case, as Cloudflare knew about 8chan activities much earlier, and it actually only shut it down after considerable pressure from the industry and possibly from federal agencies as well.
We believe that the 8chan banning, along with the previous Daily Stormer ban, will not solve all the hatred problems in the digital world, but it might have an impact on mass racism-based organizations.
If you are a security researcher or work for a legal cybersecurity team, you can take advantage of our free API and the SurfaceBrowser™ platform to discover any DNS and IP history for any website in the world: start crossing data between IPs, associated domains, Whois historical information and the people behind malicious websites in just seconds! Book a demo with our sales team today.