The change is now completely applied and many ranges are open
Scan and find them out

Based on the traffic we observed in Iran, it appears that TCI has started implementing domain whitelisting on their DNS servers.
This might be a configuration mistake, but according to our logs, since this morning most domains have been resolving to the internal IP 10.10.34.35.
Some of the most frequently used domains were occasionally corrected, but many services such as bale.ai, zarebin.ir, and several others have still not been fixed.

Updated: every thing got normal in later check.

Th changes came back on TCi. Dns request for most of the sites get the same ip and
They also started blocking other dns-servers even local ones.

Looks like somone need to pass network+ again...

Below is a list of new dns servers list in TCP(port 53), which hasn't been restricted by firewall yet.
With proper set-up (multiplexing, mtu and dns-size) you can make your dead connections alive again.
We also add new UDP dns servers beside the list we published before that may help.

After a few days of silence...
We're back with something massive.
Some fresh leaks coming...

After weeks of continuous internet shutdowns in Iran, we have decided to take action.
We have split our team into two parallel projects to expose the regime’s horrific tactics against the Iranian people:
Team 1 has extracted highly confidential government reports and internal orders. These documents reveal systematic strategies to:

Control and manipulate public opinion
Trick and trap citizens
Hunt down Starlink terminals
Target people selling VPN configurations
Seize control of news channels and proxy groups

Team 2 has focused on the mafia networks behind the “white internet” (filtered internet) business. They sell access to the poor at exorbitant prices while working hand-in-hand with the censorship infrastructure (TIC). They actively help block DNS and develop new filtering methods just to make their illegal business more profitable.
So far, we have extracted over 750 gigabytes of sensitive data, including:

Detailed logs and filtering strategies
User profiling systems
Internal orders to enforce nationwide censorship
And much more...

We are now carefully organizing and analyzing this massive archive. In the coming steps, we will publish key findings and develop effective strategies to bypass this digital oppression.

We also discovered concrete evidence in the leaked data that the regime has attempted to block public DNS servers on a large scale.
According to the extracted configurations and Cloudflare Radar data (see attached image), they deployed strict DNS blocking rules. However, the documents clearly show that they failed to fully block DNS requests to the outside world.
Most of their own servers collapsed during the first tests, forcing them to reroute traffic and rely on DNS forwarding instead. Meanwhile, several ISPs were unable to implement the blocking properly.
We have published the relevant files below. You can scan them yourself and discover the servers and configurations.

Another draft paper we found suggests that Iran is planning to control third-party applications such as X (Twitter), Telegram, and Instagram in order to influence public opinion and conduct what could be described as a cognitive war. Although these projects were initially introduced under positive or protective frameworks—appearing to aim at preventing external manipulation—they ultimately seem to offer more advanced methods of control. Much of this work has reportedly been carried out by universities in Tehran, whose names we are not disclosing. The projects have progressed through the use of AI platforms and teams of researchers, with the apparent goal of preventing people from organizing around ideas that conflict with official positions.