We named ourselves triangleblogblog.com for a few reasons. One, we wanted a unique name that was easy to remember. Two, we thought it was funny. Three, we wanted to make it clear we were a blog. And at the time, practically-speaking, the domain triangleblog.com was taken.
TriangleBlogBlog became our name.
Two days ago, we googled ourselves, just to see what popped up – and were surprised to see this:
The site looked like this:
Not much to look at. A WordPress site 404 page. But we looked at the cached version of the site, and were surprised to see content from October 19, 2023. It looked like this:
A logo, for something called Triangle Blog, and very faint lyrics to a Randy Newman song called “It’s a jungle out there.” (archive copy.)
Not a lot to go on. But there was a logo. Our next step was to inspect the logo. You might expect that this logo would be called “Triangle Blog.” But it wasn’t. It was called “TriangleBlogBlog_logostacked_300.png.” The alt text for screen readers said “Triangle Blog Blog.”
That’s our name.
Our spidey sense was raised. But the website triangleblog.com had existed on and off for over a decade. So it wasn’t super strange that someone would resurrect it.
On a whim, we typed in triangleblogblogblog.com into google. It redirected to triangleblog.com.
Someone had registered the domains triangleblogblogblog.com and triangleblog.com, and redirected the former to the latter. The site triangleblog.com could be legit, but there’s no way the website triangleblogblogblog.com was.
Now we had a real mystery on our hands.
A word about copycat domains
As long as the Internet has existed, there have been look-like or copycat domains. This kind of tomfoolery is as old as the internet. Sometimes, it is done to spoof; sometimes the intent is more sinister. Bad actors have registered domains to look like banks and credit card issuers, or to make a similar page look like a real organization’s page.
We were and are concerned that someone is planning to do something that could confuse or mislead our readers. We’ve spent over 18 months working on our very local, very civically engaged blog, which we’re very proud of. Our name is purposefully unique.
Who registered triangleblogblogblog.com?
We wanted to know who registered triangleblogblogblog.com.
This is not the easiest mystery to solve in the world. When you register a domain, you can choose to keep your registration private. Such was the case for triangleblogblogblog.com. This is what we saw on the WHOIS for the domain.
This tells us a few things. It tells us that whoever registered the domain did so through GoDaddy on October 4. And whoever did so decided to keep their contact information private. When we looked at the registration for triangleblog.com, it was also registered on October 4. This further confirmed that the two domains were registered by the same person.
We also learned that the person who registered both domains was using DNS name servers called DOMAINCONTROL.com. This simply means they were using GoDaddy to host their websites.
Each website has an IP address and a host record. A host record tells you a little bit about the host of a domain. The IP address tells you where that host lives. Sometimes there are multiple websites living on the same host.
The IP address for triangleblog.com and triangleblogblogblog.com were the same: 160.153.74.***.
We used a tool to examine other websites hosted at the same IP address. Immediately, one website stood out to us. It was the professional website of someone closely affiliated with a current political campaign. In other words, all three websites – the professional site, and the two sites that resembled our blog domain – shared the same IP address yesterday. We checked some other markers. All the same.
So we reached out to this person and their spouse, via email, at 1:01 pm Sunday. We explained the similarities we found, and asked the following:
Could you explain why these two websites, which closely resemble the name of our website Triangle Blog Blog, share an IP address with the personal website of someone working closely with a political campaign in [redacted]? Was this a campaign expense?
And then we waited. We did not have to wait long.
A very short time after we sent the email, all three websites – the professional website, and the two website variants of our domain – were taken offline. For a few hours, the site for triangleblog.com looked like this:
Similarly, the professional website “was not found on this server.” Notably, this website had not been down in years prior to yesterday.
A few hours later, however, all three sites were back online. Triangleblog.com and triangleblogblogblog.com were now linked to a brand new server (https://p3plzcpnl503698.prod.phx3.secureserver.net:2083/). Triangleblog.com now looks like this:
secureserver.net is the name GoDaddy uses as the reverse DNS for IP addresses used for dedicated/virtual server hosting. The professional website is also now back online, with a different IP address.
We have received no response to our email.
So far, triangleblog.com and triangleblogblogblog.com have not gone online. We plan to continue to monitor them. We have emailed a copy of all of our documentation, with archival links, to our lawyer. Our brand is important to us and our readers, and we have worked to build our blog’s readership. We have a distinct brand and identity.
We’ll note: the static database we used to examine the IP addresses of all three sites still shows them as the same – it’s only updated monthly.
This piece was written and researched by John Rees and Melody Kramer.