Another crucial point to highlight is that the page has nearly 11 million backlinks. However, most of them are spam, which was quite predictable. Interestingly, some “legitimate” pages have fallen into the trap and link to this domain instead of the .org.
We begin our real investigation First, we look for who is behind the wikipedia.sudomain. We don’t find the name, but we do find the server and the owner’s email.
* Small note: Normally, domain owner information is public (name, address, email, etc.), although it can be made private upon request. In the case of private information, you can only obtain it with a court order.
For example, if we try to find out who is behind wikipedia.org, we see that much of the information is not public.
We continue our investigation… Who is behind the email email@example.com? Searching on Google, we see that this person has developed an Android application, Hak1. Not very interesting…
However, we have a surprise. This person is listed as the owner of the “Officialnii Sait” porn website. Just by reading the Google results, we can already tell what the page is about, so there’s no need to visit it. We have another lead to follow… we’ll do that later. For now, let’s continue with the main investigation. If we search for one of the domains we found earlier on Who.is, we can see the IP address, which is 22.214.171.124.
And with the IP, we can determine the location, which, surprisingly, is in Russia. Specifically, in Moscow.
If we look up the second domain we found, we see that it is in a different location. We find this a bit suspicious, so we use another tool to perform the same process, and sure enough, the surprise is revealed: the domain is hosted in Moscow.