The past few weeks have seen a large number of new domain registrations beginning with the word “reopen” and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to “liberate” themselves from new gun control measures and state leaders who’ve enacted strict social distancing restrictions in the face of the COVID-19 pandemic. Here’s a closer look at who and what appear to be behind these domains.
KrebsOnSecurity began this research after reading a fascinating Reddit thread over the weekend on several “reopen” sites that seemed to be engaged in astroturfing, which involves masking the sponsors of a message or organization to make it appear as though it originates from and is supported by grassroots participants.
The Reddit discussion focused on a handful of new domains — including reopenmn.com, reopenpa.com, and reopenva.com — that appeared to be tied to various gun rights groups in those states. Their registrations have roughly coincided with contemporaneous demonstrations in Minnesota, California and Tennessee where people showed up to protest quarantine restrictions over the past few days.
Suspecting that these were but a subset of a larger corpus of similar domains registered for every state in the union, KrebsOnSecurity ran a domain search report at DomainTools [an advertiser on this site], requesting any and all domains registered in the past month that begin with “reopen” and end in “.com.”
That lookup returned approximately 150 domains; in addition to those named after the individual 50 states, some of the domains refer to large American cities or counties, and others to more general concepts, such as “reopeningchurch.com” or “reopenamericanbusiness.com.”
Many of the domains are still dormant, leading to parked pages and registration records obscured behind privacy protection services. But a review of other details about these domains suggests a majority of them are tied to various gun rights groups, state Republican Party organizations, and conservative think tanks, religious and advocacy groups.
For example, reopenmn.com forwards to minnesotagunrights.org, but the site’s WHOIS registration records (obscured since the Reddit thread went viral) point to an individual living in Florida. That same Florida resident registered reopenpa.com, a site that forwards to the Pennsylvania Firearms Association, and urges the state’s residents to contact their governor about easing the COVID-19 restrictions.
Reopenpa.com is tied to a Facebook page called Pennsylvanians Against Excessive Quarantine, which sought to organize an “Operation Gridlock” protest at noon today in Pennsylvania among its 68,000 members.
Both the Minnesota and Pennsylvania gun advocacy sites include the same Google Analytics tracker in their source code: UA-60996284. A cursory Internet search on that code shows it also is present on reopentexasnow.com, reopenwi.com and reopeniowa.com.
More importantly, the same code shows up on a number of other anti-gun control sites registered by the Dorr Brothers, real-life brothers who have created nonprofits (in name only) across dozens of states that are so extreme in their stance they make the National Rifle Association look like a liberal group by comparison.
This 2019 article at cleveland.com quotes several 2nd Amendment advocates saying the Dorr brothers simply seek “to stir the pot and make as much animosity as they can, and then raise money off that animosity.” The site dorrbrotherscams.com also is instructive here.
A number of other sites — such as reopennc.com — seem to exist merely to sell t-shirts, decals and yard signs with such slogans as “Know Your Rights,” “Live Free or Die,” and “Facts not Fear.” WHOIS records show the same Florida resident who registered this North Carolina site also registered one for New York — reopenny.com — just a few minutes later.
Some of the concept reopen domains — including reopenoureconomy.com (registered Apr. 15) and reopensociety.com (Apr. 16) — trace back to FreedomWorks, a conservative group that the Associated Press says has been holding weekly virtual town halls with members of Congress, “igniting an activist base of thousands of supporters across the nation to back up the effort.”
Reopenoc.com — which advocates for lifting social restrictions in Orange County, Calif. — links to a Facebook page for Orange County Republicans, and has been chronicling the street protests there. The messaging on Reopensc.com — urging visitors to digitally sign a reopen petition to the state governor — is identical to the message on the Facebook page of the Horry County, SC Conservative Republicans.
Reopenmississippi.com was registered on April 16 to In Pursuit of LLC, an Arlington, Va.-based conservative group with a number of former employees who currently work at the White House or in cabinet agencies. A 2016 story from USA Today says In Pursuit Of LLC is a for-profit communications agency launched by billionaire industrialist Charles Koch.
Many of the reopen sites that have redacted names and other information about their registrants nevertheless hold other clues, mainly based on precisely when they were registered. Each domain registration record includes a date and timestamp down to the second that the domain was registered. By grouping the timestamps for domains that have obfuscated registration details and comparing them to domains that do include ownership data, we can infer more information.
For example, more than 50 reopen domains were registered within an hour of each other on April 17 — between 3:25 p.m. ET and 4:43 ET. Most of these lack registration details, but a handful of them did (until the Reddit post went viral) include the registrant name Michael Murphy, the same name tied to the aforementioned Minnesota and Pennsylvania gun rights domains (reopenmn.com and reopenpa.com) that were registered within seconds of each other on April 8.
A Google spreadsheet documenting much of the domain information sourced in this story is available here.
No one responded to the email addresses and phone numbers tied to Mr. Murphy, who may or may not have been involved in this domain registration scheme. Those contact details suggest he runs a store in Florida that makes art out of reclaimed or discarded items.
Update, April 21, 6:40 a.m. ET: Mother Jones has published a compelling interview with Mr. Murphy, who says he registered thousands of dollars worth of “reopen” and “liberate” domains to keep them out of the hands of people trying to organize protests. KrebsOnSecurity has not be able to validate this report, but it’s a fascinating twist to this tale: How an ‘Old Hippie’ Got Accused of Astroturfing the Right-Wing Campaign to Reopen the Economy
Update, April 22, 1:52 p.m. ET: Mr. Murphy told Jacksonville.com he did not register reopenmn.com or reopenpa.com, contrary to data in the spreadsheet linked above. I looked up each of the records in that spreadsheet manually, but did have some help from another source in compiling and sorting the information. It is possible the registration data for those domains got transposed with reopenmd.com and reopenva.com, which included Mr. Murphy’s information prior to being redacted by the domain registrar.
Original story:
As much as President Trump likes to refer to stories critical of him and his administration as “fake news,” this type of astroturfing is not only dangerous to public health, but it’s reminiscent of the playbook used by Russia to sow discord, create phony protest events, and spread disinformation across America in the lead-up to the 2016 election.
This entire astroturfing campaign also brings to mind a “local news” network called Local Government Information Services (LGIS), an organization founded in 2018 which operates a huge network of hundreds of sites that purport to be local news sites in various states. However, most of the content is generated by automated computer algorithms that consume data from reports released by U.S. executive branch federal agencies.
The relatively scarce actual bylined content on these LGIS sites is authored by freelancers who are in most cases nowhere near the localities they cover. Other content not drawn from government reports often repurpose press releases from conservative Web sites, including gunrightswatch.com, taxfoundation.org, and The Heritage Foundation. For more on LGIS, check out the 2018 coverage from The Chicago Tribune and the Columbia Journalism Review.
Okay Brian, you have gone completely off the rails. Lets stick to security rather than politics.
There is no doubt that Democrats want to destroy Trumps economy and the shut down has become their next “insurance policy”. There is also no doubt that people can only take so much of the shut down. Its time to reopen no matter the loss of life. Everyone dies eventually. In fact, more people die of the flu in a bad year and that has a vaccine. The people have been educated and will be more cautious. Unless the government pushes their luck, then all bets are off. The correct move is for the government to back down and free the people. The correct move for you is to stick with security rather than apply the “Bacon factor” to domain names as a political stunt.
Tony…….Trump doesn’t need the Democrats to destroy his economy. He has eviscerated it on his own. Open your eyes, you sheep.
Spoken like a true liberal CNN-brainwashed moron. How naive and repugnant your ignorance is. Trump saved this country by enacting an early travel restriction while dems cried racism – trying to get him to lift it and let more americans die for their political agenda.
Look how saved we are with our world record number of cases.
Also, “How naive your ignorance is”? Awful.
Source on any of those claims?
None – he might have pulled that from a thoroughly debunked Dan Crenshaw video
https://www.washingtonpost.com/politics/2020/04/20/dan-crenshaw-trump-coronavirus-defense/
Sources:
1. r/not_fake_news_so_you_know_its_real
2. Some guy wearing an American Flag Tuxedo with a mask that read “Science is a Hoax” at a State House protest.
3. His Uncle Doug.
4. It was in a dream he had while on meth.
5. The President of the United States of America.
6. OAN.
7. 4chan.
8. A video tape of a retweeted youtube video posted on facebook before it was secretly removed by Bill Gates. (Just like Hilary’s Emails!)
9. Watching Fox News backwards.
10. Qanon.
You absolute buffoon. Trump played golf while the American people were unaware of the horrors to come from this pandemic. And instead of fessing up to that fact he just stands there telling news reporters to keep their voice down. This country was going downhill since 2016 but the virus sped that up a little for us and now we’re able to see just how screwed we are for voting this incompetent, racist, sexist, washed up Hollywood actor into office. He didn’t save anyone, he condemned every American with his selfish actions and this time not even the people from Fox News are standing beside him.
+1
Trump only restricted travel by foreign nationals coming from China, not US nationals. Which was objectively stupid and racist because the US nationals posed exactly the same risk of carrying coronavirus as the foreign nationals.
Get a clue. Your ignorance is inexcusable.
Yeah, I’d like to have seen the reaction when the president of the United States left US citizens stranded in foreign countries during a pandemic.. They were all met at the airport by the CDC to be screened. What a dumb talking point.
Screened how? For a virus that is proven to show no symptoms in many people while remaining contagious? For a virus that can be contagious for several days before symptoms show?
What are you talking about?
at the time it happened, we, and the world, didn’t know that the virus could show no symptoms for weeks .. however, screening should have still shown them to have it, even though no symptoms. I admit while I read there was screening being done, I’m not sure of the type. A LOT has changed since February when things really started to become evident in China that this was a problem .. you can’t blame the US for not handling things poorly based on information that was discovered after the fact. Hindsight is 20/20, but it doesn’t change the past.
So are you arguing that the president of the United States should have left US citizens stranded in a foreign country during a pandemic? Or just that we shouldn’t have shut down travel from the epicenter of said pandemic..?
The CDC met the repatriated citizens at the airport to screen them, what a dumb talking point.
Early? He was months late, retard.
Spoken like a true conservative FOX-brainwashed moron. Your naivety and ignorance are repugnant. (Connor?) Trump destroyed this country by not enacting early lock-downs and coordination efforts while pubes cried fake constitution tears – trying to get him to do nothing and let more Americans die for their political agenda.
Spoken like a true conservative Fox News-brainwashed moron. How naive and repugnant your ignorance is. Trump ruined this country by denying the virus existed and Fox and Friends went along with his rhetoric driving home that it is the best time to travel.
Ya like soy, Jack?
Early travel ban? You mean the “ban” that only restricted Chinese nationals and not the thousands of citizens from coming?
Don’t you see that Tony and Jack are the same person? All it took was two disposable email addresses and two posts to derail the conversation and not you all are enraged. He won, he probably even got paid for it in some way or another.
Please protect yourself and society by not engaging with this type of commentary. You’re shouting into the void.
You don’t reply expecting to tell Tony or Jack anything. You reply to show others who may read the comments that your side has stronger support. You’re trying to show that your side is in the majority and the other side is the minority position. You “win” if your your side has an order of magnitude more comments supporting your position.
Lol Will Rubin is also Tony and Jack. For a minute I thought I was having a stroke when I saw “naive and repugnant” for the third time in a row.
“It’s time to re open no matter the loss of life”
Found the brainwashed conservative. Go ahead, go outside, get sick. Just rolling the dice on your life, no big deal right?
You forgot a /s, right?
Okay, Don, apparently you are part of the problem, supporting a “faith-based” opening rather than using facts.
Let’s leave it to the medical professional instead of the storm-troopers to decide when to re-open.
I though preppers were in it for the long term, and now here they are whining about staying home after a couple weeks.
The correct move for you is to stay home, and not try to pretend that security has nothing to do with politics. Security is ALL about politics.
As a European, and looking at the response to this article, I can only say “Godspeed, America!’.
You’re going to need it in the coming months and 4 more years of Trumpism.
Just two months in with the Corona virus rampage, and it already collapsed the entire fabric of US society, showing all its ugly bits.
The US is not ready for what is to come, when the shops, stores and factories are opening again, and winter season will hit hard again.
History will judge this US time period harshly……
What you say is true. What happens now is what the people of United States will be judged by forever in history. Lets hope that the correct decisions are made by all. History does not forgive and usually shows all.
Someone’s a salty right-wing troll, huh?
For the entire 2018-2019 Flu season, there were 34,200 deaths.
COVID-19 has caused 42,500 deaths in 60 days. Almost 2k of those were from YESTERDAY.
So yes, this is worse than the flu.
It’s been here since last year, and soon we’ll see how low the mortality rate actually is. Disgusting how complacent people have become.
Sarcasm?
If not – what a stupid premise. Because one is educated and knowledgeable in one field means their opinions are not valid? I bet you also love anything Scott Adams writes, and I’m sure the irony there will be lost on you.
I think you need to get help if this is your response to a slightly political post. The post doesn’t seem to make any outrageous claims.
You seem very uneducated about our current situation. Death rates are low because we’ve taken preventative measures. Also coronavirus has only been active in the US for months and has already met or exceeded the average deaths from the flu – and that is with strict social distancing.
You’re fighting against yourself here. If it is Trump or millions of Americans dying – I’m going to have to side with Americans here. I would hope that even Trump supporters would do the same.
Who will take responsibility if your gamble doesn’t pay off? If millions of Americans die, the healthcare system is overwhelmed, and the economy collapses because of the massive loss of life and social upset?
Will you? Will a president who doesn’t take responsibility for anything? Who?
One lazy google search says you don’t know what you’re talking about. Lurk more and STFU. https://i.insider.com/5e81f6460c2a6261b1771b05?width=1100&format=jpeg&auto=webp
I think our number one priority should be saving lives.
THESE ARE PREVENTABLE DEATHS, if you think Trump has handled this situation correctly then you must have a very skewed view of what he is doing.
He views the Corona Virus as a method for boosting his own political gain and that is it. You can see this as he insisted that his name be on any stimulus check. He doesn’t care about saving lives.
Also typically people only die from the flu are people who are extremely overweight or refuse to go see a doctor because they don’t have health insurance.
“FREEING THE PEOPLE” will involved lengthening the crisis for a long time. You have no expertise with which to base your opinion. Use some information to base your opinion and not your obvious political biases.
I think this article is very important and shows that people behind this movement may just be out to make a quick buck rather than looking out for people’s rights.
Tony, your protest — that Brian has somehow failed to “stick to security” but offensively or mistakenly veered into politics, is one of the silliest messages I’ve seen in a long time. But then, I don’t watch Fox news, not do I follow the conspiracy sites.
Here’s a newsflash: Donald Trump is a two-bit hustler who is preying on vulnerable U.S. citizens to enrich himself. Having no ethical or moral principles at all, he is also using the office of the presidency to endanger public health.
I would ask that, if you have any expertise related to Internet security at all, you will please limit your comments to that subject. If you do not, then be quiet. Do not insult one of the world’s real experts, who offers his insights for the good of all, on an international basis.
I think the only one going of the rails here is you Tony. between the 2018 – 2019 flu season there were around 34,200 deaths based on the CDC website:
https://www.cdc.gov/flu/about/burden/2018-2019.html
The current death count from COVID-19 is 42,364. That took only 4 months. This isnt over and it will get worse before it gets better if you think rushing to open the country back up with fix everything. China is already experiencing a second wave and initiating another lockdown.
Sweden seems to be doing ok overall and could achieve herd immunity by mid-May. Time will tell but in the words of their own epidemiologist.
‘I am very sceptical of lockdowns altogether but if you ever do them, you should do them at an early stage,’ Dr Tegnell
https://www.dailymail.co.uk/news/article-8233783/Sweden-herd-immunity-month-claims-infectious-diseases-chief.html
Right on Tony. Interesting how the “lead” was buried…
“Murphy, who says he registered thousands of dollars worth of “reopen” and “liberate” domains to keep them out of the hands of people trying to organize protests.”
Also interesting how “AstroTurf” is perceived by the author. One woman was credited as a hero for MADD (and should be), but if one man started a movement to lift the over oppressive hand of government, that is AstroTurf.
This is such a complex topic for a feedback forum, I’ll spare the R0 and Whatnot. Brian does great reporting, but is clearly my political polar opposite. Unbiased reporting has been shown of late to be completely out of the grasp of many media types. I’d be happier if they just owned their positions, instead of AstroTurfing the readers.
ledes are buried, not leads.
What’s political about it exactly? He pointed out it’s an obvious astroturfing effort by individuals with a clear history of stoking fires who have no roots in the individual states where they organize protests. He’s not saying “Don’t reopen” or “Do reopen”. But somehow this agitates you.
Does being manipulated for money agitate you equally as much?
“Its time to reopen no matter the loss of life. ”
Except, according to the Trump administration guidelines NO state or municipality should open until they have a downward trend for 14 straight days AND that only opens ‘Phase 1″ which still limits gatherings to 10 or less and unnecessary travel.
https://www.scribd.com/document/456756096/White-House-guidelines-for-reopening-economy#from_embed
https://www.foxnews.com/politics/trump-announces-new-coronavirus-guidelines-for-opening-up-america-again
Nothing personal, but you are a crazy person.
Lock downs are happening in red and blue states, and all around the world. This has nothing to do with anyone trying to “destroy Trump’s economy.” That’s something only a crazy person would think.
Tony,
I like when you say “lets stick to security rather than politics,” and then immediately delve into politics.
I also liked this one: “Its time to reopen no matter the loss of life. Everyone dies eventually.” Though, to be clear, I did not like this for their on-the-nose value, but for the fact that its such a stupid thought it’s hard not to laugh.
Excellent article. This is a detailed recitation of who is actively using websites and social media to accomplish social goals. Most importantly, the inability of brainwashed people (like Tony here) to see the difference between information and opinion, indicates just how unable we are to simply acknowledge facts.
“Its time to reopen no matter the loss of life.”
You first then.
Tony, clearly you fail to see that information security is about confidentiality, INTEGRITY and availability. This is a risk to the integrity of information, thoroughly within the realm of information security. Brian is responsible in his reporting and provides actual facts. You see Tony, security isn’t just about what system was hacked or card skimmers. The world of information security is far broader than that. If you fail to see that and acknowledge it, then you are part of the problem.
hmm Tony… I’m going to go out on a limb here and say you are a fervent supporter of the border wall because you want to save American lives, yet in the statement above you don’t seem to care about them anymore. Almost as if the wall isn’t about security…
Either that or you are a pathetic troll. In either case, brains clearly are not your strong suit and thus should take your own advice and die sometime soon.
https://www.cdc.gov/coronavirus/2019-ncov/cases-updates/cases-in-us.html
So 40,000 more deaths are A okay? Did Russia pay you directly or are you just this stupid?
You’re politically compromised. Listen to yourself. Krebs is doing great work as always.
Krebs is reporting the facts of the issue. YOU on the other hand, introduced a political rant. So who is introducing politics into a security discussion?
You’re comparing deaths over the course of a year (with no measures to keep the population isolated) , to an virus that we’ve dealt with for a couple months (where the people are staying isolated). Unless your retort is that all the news is fake, surely, you see the fallacy in your reasoning.
Concure with Tony 100%. What does this have to do with Info Sec?
Integrity of websites is infosec. Astroturfing web domains is something Brian has always covered.
Just like all the domains and malware that popped up for COVID-19 related things. The ReOpen domain names are also being astroturfed.
Infosec minded people have a right to know if there is an information warfare campaign happening on the web. Mass domain registrations is important to infosec.
Yoooo Tony where you buy your tinfoil man? I need a new hat!
so this is okay as long as it’s your “team” doing it?
Dude some people don’t watch CNN or any main stream news and can still tell trump did this to himself. Constantly trying to deflect and saying people are “CNN brainwashed” is just ignorant and pathetic. You do not have to be even an iota of intelligent to be able to understand that trump did not prepare the country and this rests entirely on his shoulders. He can try to blame the governors all he wants but he wastes the entire month of February and his “travel ban” only banned Chinese nationals, a total of over 40,000 people have come in and out of China to America SINCE he put the ban in place. Not exactly air tight, right? So he wants to claim credit for the ban and the time it bought but he did NOTHING with that time. He only delayed the inevitable instead of PREPARING for the inevitable. These protests are being pushed by false information and dangerous sense of “Trump can do no wrong.” Where are the millions of tests we need in order to reopen? Trump says they’re available, so where are they?
So you’re not social distancing, wearing a face mask or avoiding public meetings with strangers? My sympathies to your family.
First the security relevance of the article: astroturfing (or any other directed misinformation campaign) impacts the INTEGRITY of information flow by introducing noise into the channel. Enough noise and it overwhelms the signal.
Get a clue folks. The trolls veer the discussion away from facts and analysis into opinions and emotions. Personally, I don’t give a crap about either if they aren’t mine, and I bet you don’t either.
The piece that probably alerted the troll’s web targeting filter was Brian’s reference to Russian meddling in 2016 and the leftover IOCs indicating the possibility that a Russian-controlled sock-puppet was doing the astro-turfing domain registration. What a coincidence that the Russians might see an opportunity to stoke discord in the US!
There. See how easy that was.
Tony hates science. Don’t be like Tony.
Fuck off, Tony. Not everyone has your bloodlust. Stay at home, watch some Netflix, wait until it’s safe. Human lives matter to some people.
Thank you Brian for the research!!
Tony is a pawn.
Great article, thank you, and keep up the awesome work!
Russians did it
Tony, sounds to me like you should be attending protests along with your fellow cult members. Many of them are starting to get sick, which makes this an I told you so situation. You pretend to be well informed, but of course we know better. If you beleived in facts you would not be a trump supporter. Try thinking for yourself for once in your life, although by what I just read from you that’s not possible. Just do like what you have been doing so far, which is to submit and obey.
Wow, interesting article, thanks for sharing.
Sidenote, as I read through this article and got down to the bottom, I came across 65 comments from mostly ignorant morons. I’m not sure who subscribes to this site and reads its content, but it’s clear from the comments that the majority of them are sheep and suffer from TDS.
I’d wage mental warfare with you, but I won’t fight someone out of ammo.
Definition – Trump Derangement Syndrom (TDS) : Believing the constant stream of lies and half truths from tRump.
Keep up to good work Brian. I have learned so much from your hard work.
Doug, don’t try to turn your TDS around on those who coined the term. Just like when you psycho lefties trip to steal NPC meme and make it your own by putting a MAGA hat on him, that’s not how it works.
Nice touch with the capital R in Trump’s name though, I’ve definitely never seen that one! /s
“it’s reminiscent of the playbook…” I was thinking of this at the beginning of your article , funny you should mention it.
Regardless of which side of the isle you sit on people need to learn about the value of a statistical life. The government has pegged the value of a statistical life at $10 Million. That means that most Americans would accept spending $10 Million to save a/their life.
A lot of estimates indicate that COVID-19 would kill in the neighborhood of 1 Million Americans if nothing were done to stop the spread. This means that the government is justified in incurring $10 TRILLION in economic impact and spending to alleviate the crisis. American has lost in excess of 40,000 souls in spite of everything that has been done.
Ok, there’s plenty of political vitriol here. I personally really wish we could give the “open” folks exactly what they want. That’s how Darwinism works. Unfortunately, for every one of those asking to roll the dice, we have to accept 2-3 more infections. It just ain’t worth that.
I didn’t take Brian’s piece as particularly political. The focus here is how just a few people manipulating controls meant for security of domains can make it appear that there is a huge groundswell of support for an idea.
It’s also an interesting aside that for all of the screaming about russian interference in our electoral process, these right wing idiots are happy to use the same tactics the first chance they get.
Thing is the operatives on the right used the tactics before too, so it’s really nothing new.
What I see happening is things will be forced “open” and many of these people are saying fine if you don’t feel safe, stay home. And thus the new economic divide happens. If you don’t believe it’s ok to be out, you will lose your economic life because your job etc will be taken by someone willing to be out.
So hey cool we got that to look forward to. But I suppose it’s not different from how it is for folks with anxiety issues already.
My username says it all
Brian, you are a great security guru not politician. Stick to what you do best.
All, stop blaming president, local and state government. Stop watching/reading news. Find yourself a good and reliable source of information and do not depend on twitter, facebook etc.
Work from home if you can, stay at home as much as possible, support economy, wear protective gear if you really have to leave your home and stay out of the way for experts to do their job.
Thanks for the article. As a lifetime member of the NRA, folks who go the nutcase extreme ruin for the rest of the common-sense populace.
As for most of the commentators that I’ve read so far…really, who is bringing politics into the picture?
A bad flu has a death rate of 1 in 500 people. COVID-19 has a death rate of 1 in 7 people. Go lick the republicans boots somewhere else and be sure to never reproduce. We don’t need more of your offspring ruining the world for the rest of us.
Further evidence to investigate, it seems some of these newly registered domains are linked to IP’s with a history of further nefarious activity. Someone has been collecting and sharing evidence in github that so far has not been linked to your research, but certainly appears to be just reinforcement of your suggestion of astroturfing.
https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
https://www.abuseipdb.com/check/184.168.221.57
https://www.abuseipdb.com/check/50.63.202.59
Thanks for your work, Brian. I hope that the brainwashed Trumpers commenting on this story won’t deter you from continuing to investigate matters of this sort. I would expect the same if liberals were astroturfing in this manner.
Will krebs, the highly…giggle…internet sleuth now print a retraction?
https://www.dailydot.com/debug/reddit-coronavirus-reopen-liberation-domain-names-astroturfing/
Half of these comments read like GPT-2 model output.
2 million people died from smoking since January, we should ban smoking and take cigarettes off the self! 5 million abortion since Jan , we should outlaw abortions! 3 million people died from alcoholism, we should make alcohol consumption illegal! 40,000 people out of 356, 000,000 people died from covid 19 who already had poor health, compromised immune systems, diabetes, heart disease, high blood pressure, etc, etc and we shut america down. Why didn’t we shut down every flu season, and practice social distancing, all lives matter, even if it’s 30,000, rite?
“2 million people died from smoking”
This is not contagious! Smoking really only kills the willing. Second hand smoking does harm, which is why smoking IS BANNED in public places.
Abortions? Well, that’s a very different topic and requires consensus on whether a human being died or not.
“3 million people died from alcoholism”
Again, not contagious. Only the individual is harmed.
Drunk driving, the point where alcoholism starts to put others at risk… IS ILLEGAL.
And no, not everyone who died had pre-existing conditions. It’s much worse than the flu already. And its only April.
Hey Shane. A basic statistics class will fix all your problems. Good luck, thoughts and prayers!
When we like the message then it’s a “grass roots” campaign.
When we don’t like the message then it’s “astroturfing”.
And yes, almost all grass roots campaigns have silent or hidden backers with deep pockets.
Astroturfing has a very specific definition. And it is not just having an anonymous donor.
It’s kinda like how Occupy Wallstreet was true grassroots, with no wealthy donors… and the Tea Party movement was entirely funded by the wealthy. Very different results from both. One got arrested and disbursed, and the other got many seats in Congress.
It’s important to follow the money, and follow the strings.
I didn’t write anonymous, I wrote silent/hidden. And I didn’t mean donors but entities with deep pockets setting the agenda while remaining “unknown”.
Brian,
An unfortunate venture into politics. Love your technical coverage.
A real shame you decided to use your site as a liberal pulpit. Please stick to actual security topics. There’s plenty enough finger pointing and demagoguery from every side already. I’ve already had to stop reading several sites that couldn’t resist joining the fray, please don’t add yours to the list.
Phil, if facts prove too upsetting for you, we are awash in a sea of fake news that can provide whatever tailored bubble of bias you’d prefer.
Yes, Derek, and I’d prefer this site did not become one of them.
Brian, when the relevant powers-that-be finally award the Pulitzer Prize to you for all of your excellent investigative journalism, perhaps your acceptance speech (however it’s delivered) will prove both insightful and humorous in explaining how those traces of “astroturfing” and “gaslighting” you exposed serve as breadcrumbs to establish a petard upon which the heads of scam artists (whether of the ‘patriot’ or ‘miscreant’ flavor) can be mounted.
Another great post!
Brian,
Thank you for the article. Sorry for the politics that followed.
Very interesting analysis, and not as political of a statement as most of the comments are crying out. There is definitely value from a security standpoint when looking into who is behind a sudden spike of very similar websites all being registered within minutes of each other.
It would be cool to make a scraper to look for any other anomalies/patterns that appear in domain registries
I really cannot believe that people who dedicate their lives to keeping up to date on FACTS are believing this garbage about COVID. Do some due diligence and if you really don’t think this is bad, PLEASE go outside, get sick, and prove Darwin was right. PLEASE.
Good cautionary article on domain registrations. We took an accounting of our domains and those that start and end with the word “reopen”, just to keep the scammers and squatters at bay.
thank you.
Brian,
Do you have statistics on who comment from where?
Some reactions are puzzling.
Good article.
The politics here at a site I depend on for security news sickens me.
If ignorance is bliss, this thread just proves there are a lot of happy people in this world.