The Daily Stormer has just become one of the most censored websites by all major domain and web hosting providers. They've been jumping between new TLD domain names, web hosting and dns server providers since they got kicked off from their original network.
But for those who don't know about this website… What is The Daily Stormer? It is an American neo-nazi – white supremacist website founded by Andrew Anglin, its current editor.
The website is one of the most popular neo-nazi websites who share news and comments worldwide for all white supremacist members, spreading racist memes & messages across the Internet.
Anglin has received support from many white nationalist activists, however, some others don't really like the way he handles the neo-nazi ideology and overall messages.
The Daily Stormer has been using lot of domain providers lately, and of course, none of the registrars and service providers want to be related to them. On August 14, 2017, Godaddy, the popular domain register provider announced on Twitter their plan to kick off TDS from using their services:
"We have informed The Daily Stormer that they have 24 hours to move the domain to another provider, as they have violated our terms of service."
Days after that, they were kicked off from Cloudflare, the popular proxy CDN service, not because they were violating any Cloudflare term of service, but because they said Cloudflare was secretly supporting their racist ideology. Matthew Prince, CEO of Cloudflare announced on their blog:
"We've stopped proxying their traffic and stopped answering DNS requests for their sites. We've taken measures to ensure that they cannot sign up for Cloudflare's services ever again."
And the story doesn't finish there: they were also kicked off from DreamHost, a popular web hosting provider known for "allowing hosting for all kinds of content as long as it is legal in the United States of America".
Stay in the loop with the best infosec news, tips and tools
Follow us on Twitter to receive updates!Follow @SecurityTrails
A few hours after getting back online, Dreamhost suffered a massive DDOS because of their lack of action against hosting these kinds of racist websites. And days after that, Dreamhost claimed to have shut down the TDS hosting account because they opened a second account, which is specifically forbidden in their terms of service.
This is just a resume of their massive rejection by most hosting companies like Dreamhost, domain registrars like Godaddy, NameCheap, easyDNS, and other internet related service providers. At the end, they moved to the dark web, the only place where they actually can be online.
Getting website information from The Daily Stormer using our DNS record history
Here at SecurityTrails we follow this TDS stuff very closely, as it is important not only to know the state of the Internet service providers regarding their TOS, but also because of the free speech ideology, which we also support.
Web Hosting providers and domain registrars who host these kinds of websites must take into consideration if they are violating any US laws, their free speech support, and the level of violence that these kinds of sites freely transmit over the internet.
SecurityTrails is the World's Largest Repository of historical DNS data.
So, it is normal that these kinds of websites will be jumping and subsequently getting banned from one place to another to keep their information live. The good thing is that here at SecurityTrails we can track down all their movements. We host information from all the DNS changes and records on any website. This also works with The Daily Stormer.
What are the domains related to TDS?
As far as we know, these are all the domain names The Daily Stormer have ever used:
dstormer6em3i4km.onion (current dark web domain)
Dailystormer.com (active until August 15, 2017 using Cloudflare)
Dailystormer.wang (active around August 15, 2017 for less than 24 hours)
dailystormer.ru (active around August 16, 2017)
Dailystormer.lol (active around august 18, 2017, shutted down by registrar after only 2 days)
Punishedstormer.com (active around August 24, 2017 and later deleted)
Dailystormer.al (active around August 27, 2017 and deleted by the registrar somewhere after August 30)
How can I track DNS servers, hosts & technology used by TDS?
SecurityTrails is the World's Largest Repository of historical DNS data. We track more than 413,396,673 hosts (including domains and subdomains). By using our web interface you can run a simple search that will retrieve all the domain historical data from our DNS and Domain name database.
This is specially useful for tracking and tracing websites who promote violence and other illegal activities because you will get all their DNS records ever used, even the previous ones before "protecting" their real IP address behind proxy based services like Cloudflare, Incapsula, etc.
SecurityTrails is simple but also highly effective: type the domain name you want to track, and it will retrieve all the information related to this it. You will be able to get valuable information regarding all DNS record types like A, AAAA, MX, NS, SOA and TXT records. In this case it's quite clear that dailystormer.com was using Cloudflare DNS services, as seen on the A record values and NameServers used. We also see some interesting information regarding their MX services (Zoho).
Our database not only offers DNS information, but also WHOIS contact information about domain registrar, domain age, domain creation, last update, and estimated expiration date. You will also be able to find out complete contact information about Admin and Technical contacts for the given domain name.
The great thing about SecurityTrails DNS historical data is the fact that it not only stores data about common @ or www A records, but also for all kind of dns record types like AAAA, MX, NS, SOA and TXT. In this particular case we are retrieving MX records from dailystormer.com domain name, and we found it used Zoho Mail services since December 29, 2016 until August 15, 2017.
We also offer the possibility to track information from all available subdomains present in the dns records. As you see below, you will be able to select any subdomain to get the information regarding IP addresses, Organization who hosted the subdomain, as well as the First seen and Last seen dates.
The Daily Stormer may be shut down from the Internet and moved to the dark web, where only a few people have access. However, other "daily stormers" will appear in the future, or are already there. Luckily, with SecurityTrails advanced DNS historical data, it is easy to get any domain critical information when you are tracking down abusive or highly offensive content websites like this.