= Possible cute internal information leaks on a few sites
I'm not sure about this and it's not very useful, but the following were cute.
216.105.98.132 europeantravelcafe.com is a very likely hit that:
* had a "Plan Your Trip" link in 2010: https://web.archive.org/web/20100724024623/http://www.europeantravelcafe.com/ linking to an external website: https://secure-cert.net/~etc/transport.html
* and had the link removed in 2011: https://web.archive.org/web/20110201192245/http://europeantravelcafe.com/
This suggests that this was an internal site management link for the site operators which was later noticed and removed across versions, leaking the management method in the process.
\Image[https://github.com/cirosantilli/media/blob/master/cia-2010-covert-communication-websites/screenshots/www.europeantravelcafe.com-arrow.jpg?raw=true]
{title=2010 <Wayback Machine> archive of https://web.archive.org/web/20100724024623/http://www.europeantravelcafe.com/[www.europeantravelcafe.com]}
{description=The suspicious "Plan Your Trip" link that https://web.archive.org/web/20110201192245/http://europeantravelcafe.com/[was later removed] is highlighted with an arrow made by us.}
{height=1024}
{source=https://web.archive.org/web/20100724024623/http://www.europeantravelcafe.com/}
https://web.archive.org/web/20110207150839/http://webofcheer.com/[199.187.208.12 webofcheer.com] has an exceedingly weird HTML page title:
> pg1c
which feels like it could be a leak of an internal identifier for this website, or perhaps even worse, for the CIA program itself.
Back to article page