CIA 2010 covert communication websites / feedsdemexicoyelmundo.com JavaScript reverse engineering Updated 2025-07-16
View more
The JavaScript of each website appears to be quite small and similarly sized. They are all minimized, but have reordered things around a bit.
First we have to know that the Wayback Machine adds some stuff before and after the original code. The actual code there starts at:
ap={fg:['MSXML2.XMLHTTP
and ends in:
ck++;};return fu;};
We can use a JavaScript beautifier such as beautifier.io/ to be abe to better read the code.
It is worth noting that there's a lot of <script> tags inline as well, which seem to matter.
Further analysis would be needed.
Read the full article
CIA 2010 covert communication websites / Hits with nearby IP hits Updated 2025-08-08
View more
62.22.60.49: telecom-headlines.com. UUNET in Spain. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just before worldnewsnetworking.com. Tested viewdns.info range: 62.22.60.34 - 62.22.60.66
  • 62.22.60.33: newsperk.com. Almost certainly a hit. Stylistically perfect, rss-item. But no comms not found. Ennerving! 2011. English. Egypt. news. Later legitimately reused.
  • 62.22.60.34: freeslideshow.net. Legit? Attempting to open any HTML archives leads to an infinite page load loop, e.g. 2010. A subpage however exists: web.archive.org/web/20101230001640/http://freeslideshow.net/index_files/a.htm and appears legit.
  • 62.22.60.40: travel-passage.com. Hit.
  • 62.22.60.42: newsupdatesite.com. Hit.
  • 62.22.60.46: flyingtimeline.com. Hit.
  • 62.22.60.47: globalemergenceadvisorsbkserver.com. Legit.
  • 62.22.60.48: currentcommunique.com. Hit.
  • 62.22.60.49: telecom-headlines.com. Hit.
  • 62.22.60.52: collectedmedias.com. Hit.
  • 62.22.60.54: romulusactualites.com. Hit.
  • 62.22.60.55: thefilmcentre.com. Hit.
  • 62.22.60.56: traveltimenews.com. Hit.
62.22.61.206 worldnewsnetworking.com. UUNET in Spain. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 62.22.61.188 - 62.22.61.224
65.218.91.17 alljohnny.com. UUNET in United States. One of the Reuters websites.
63.131.229.12 cyberreportagenews.com. ADHOST in Coeur d'Alene - United States. Tested viewdns.info range: 63.131.228.248 - 63.131.229.30
  • 63.131.229.2: fightskillsresource.com. Hit
  • 63.131.229.4: unitedterritorynews.com. Hit
  • 63.131.229.9: show-dustry.com. Hit
  • 63.131.229.10: afghanpoetry.net. Hit. Also at 74.254.12.166 in another range.
  • 63.131.229.11: mythriftytrip.com. Hit
  • 63.131.229.12: cyberreportagenews.com. Hit.
  • 63.131.229.13: sunrise-news.com. Hit.
  • 63.131.229.15: cricketnewsforindia.com. Hit.
  • 63.131.229.16:
  • 63.131.229.18: itnl-xchange.com. Hit.
  • 63.131.229.20:
    • fixashion.net. Hit.
    • a few others
63.130.160.50 theglobalheadlines.com. CW Vodafone Group PLC in United States. Found with: 2013 DNS census secureserver.net MX records intersection 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 63.130.160.35 - 63.130.160.75
64.16.204.55 holein1news.com. Saudi Telecom Company JSC in Saudi Arabia. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 64.16.204.50 - 64.16.204.63. With did Wayback Machine have so few archives here? TODO stopping viewdns.info exploration a bit short due to that.
65.61.127.163 capture-nature.com. ADHOST in Greenacres - United States. whois.arin.net/rest/net/NET-65-61-96-0-1/pft?s=65.61.127.163: Net Range: 65.61.96.0 - 65.61.127.255. Organization. Name: TierPoint, LLC. Tested viewdns.info range: 65.61.127.149 -
  • 65.61.127.46: anahuacchamber.com 2012-12-22T14:59:01
  • 65.61.127.117: medicaresupplementalinsurance.com, 2013-08-21T09:49:41. Legit.
  • 65.61.127.121: counter-images.com 2013-08-22T11:14:44: web.archive.org/web/20110208173132/http://www.counter-images.com/ Empty.
  • 65.61.127.125 zaphound.com 2013-08-21T02:25:40. Legit.
  • 65.61.127.130: ambitions.org 2013-08-22T01:43:40. Legit.
  • 65.61.127.161: european-footballer.com. Hit.
  • 65.61.127.163: capture-nature.com. Hit.
  • 65.61.127.164: futbolistico.net. 2012-02-20T03:25:33. Legit. web.archive.org/web/20130509004058/http://futbolistico.net/
  • 65.61.127.165: travelconnectionsonline.com. Ciro initially though this might be a hit. But upon Googling it, there's now a mirror at: travelconn.tripod.com/. Combined with the lack of a standard communications mechanism and the 2001 copyright, maybe it isn't a hit after all
  • 65.61.127.166: globalnewsbulletin.com: Hit.
  • 65.61.127.167: internationalwhiskylounge.com. Hit.
  • 65.61.127.168: the-golden-rule.info 2013-09-20T02:13:52. Hit.
  • 65.61.127.169: crossovernews.net. Hit.
  • 65.61.127.170: newsidori.com. Hit.
  • 65.61.127.171: nrgconsultingandnews.com. Hit. 2013-08-13T18:45:05
  • 65.61.127.172: premierstriker.com. Hit. 2012-01-11
  • 65.61.127.174: dedrickonline.com. Hit.
  • 65.61.127.175: altworldnews.com. Hit.
  • 65.61.127.176: american-historyonline.com. Hit. 2011-09-08
  • 65.61.127.177: material-science.org. Hit.
  • 65.61.127.178: tee-shot.net. Hit.
  • 65.61.127.180: screencentral.info. Hit.
  • 65.61.127.181: worldnewsandtravel.com. Hit. 2011-11-13
  • 65.61.127.182: pangawana.com. Hit.
  • 65.61.127.183: cutabovenews.com. Hit.
  • 65.61.127.184: worldwildlifeadventure.com. Hit.
  • 65.61.127.186: explorealtmeds.com. Hit.
  • 65.61.127.194: 16 domains, so unclear.
  • 65.61.127.200: cdl-link.com (ipinf.ru). Legit.
  • 65.61.127.222: asianwhitecoffee.com 2012-07-16T09:21:05 web.archive.org/web/20110903080036/http://asianwhitecoffee.com/. Could be legit.
66.45.179.205 noticiasporjanua.com. ADHOST in Edmonds - United States. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 66.45.179.187 - 66.45.179.223
  • 66.45.179.187: mail03.gatesfoundation.org. Legit.
  • 66.45.179.192: thegraceofislam.com. Hit.
  • 66.45.179.193: arabicnewsunfiltered.com. Hit.
  • 66.45.179.194: raulsonsglobalnews.com. Hit.
  • 66.45.179.195: aryannews.net. Hit.
  • 66.45.179.199: attivitaestremi.com. Hit.
  • 66.45.179.200: foodwineandsuch.com. Hit.
  • 66.45.179.201: hitthepavementnow.com. Hit.
  • 66.45.179.203: noticiascontinental.com. Hit.
  • 66.45.179.205: noticiasporjanua.com. Hit.
  • 66.45.179.206: podisticamondiale.com. Hit.
  • 66.45.179.207: reflectordenoticias.com. Hit.
  • 66.45.179.208: havenofgamerz.com. Hit.
  • 66.45.179.209: vejaaeuropa.com. Hit.
  • 66.45.179.210: sa-michigan.com. Hit.
  • 66.45.179.211: absolutebearing.net. Hit.
  • 66.45.179.212: grandretirement.net. No archives. cqcounter.com/whois/www/grandretirement.net.html blank image.
  • 66.45.179.213: myportaltonews.com. Hit.
  • 66.45.179.214: investmentintellect.com. Hit.
  • 66.45.179.215: nigeriastar.net 2012-03-12. Hit.
66.104.169.184 bcenews.com. XO-AS15 in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.169.158 - 66.104.169.189
66.104.173.186 myworldlymusic.com. XO-AS15 in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 66.104.173.158 - 66.104.173.194
66.104.175.40 beyondnetworknews.com. XO-AS15 in United States. whois.arin.net/rest/net/NET-66-104-0-0-1/pft?s=66.104.175.40. Net Range:66.104.0.0 - 66.107.255.255. 2012 Internet Census puts most/all hits in this range under ip66-104-175-34.z175-104-66.customer.algx.net, algx.net redirects to verizon.com as of 2023. Related: superuser.com/questions/956568/why-are-my-pings-going-to-customer-algx-net. Tested viewdns.info range: 66.104.175.24 - unknown
66.175.106.148 activegaminginfo.com. UUNET in United States. whois.arin.net/rest/net/NET-66-175-106-128-1/pft?s=66.175.106.148: Net Range: 66.175.106.128 - 66.175.106.159. Customer Name: DIAMOND-COLESON. Tested viewdns.info range: 66.175.106.131 - 66.175.106.178
66.237.236.247 comunidaddenoticias.com. XO-AS15 in United States. Tested viewdns.info range: 66.237.236.222 - 66.237.236.254
69.84.156.90 stickshiftnews.com. COLOSPACE in Methuen - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 69.84.156.64 - 69.84.156.95
  • 69.84.156.69: al-ashak-news-me.com. Hit.
  • 69.84.156.70: theventurenews.info. Hit.
  • 69.84.156.71: worldfinancetoday.net. Hit.
  • 69.84.156.72: autonewsarabia.com. Hit.
  • 69.84.156.74: blue-moon-news.com. Hit.
  • 69.84.156.75: theoutergreen.com. No archives. Might have been another golf hit. cqcounter.com/whois/www/theoutergreen.com.html not found.
  • 69.84.156.76: tnc-urdu.com. Hit.
  • 69.84.156.79: jassimnews.com. No archives/broken. cqcounter.com/whois/www/jassimnews.com.html blank.
  • 69.84.156.80: noticiasdenuestromundo.com. Hit.
  • 69.84.156.82: arabicnewsonline.com. Hit.
  • 69.84.156.83: unganadormundial.com. Hit.
  • 69.84.156.84: focusonbokeh.com. Hit. Network Solutions, LLC.
  • 69.84.156.85: classic-rocktopia.com. Hit. domainsbyproxy.com.
  • 69.84.156.87: i7diver.com. Hit.
  • 69.84.156.88: diariodeelmundo.com. Hit.
  • 69.84.156.89: todaysarabnews.com. Hit.
  • 69.84.156.90: stickshiftnews.com. Hit.
  • 69.84.156.91: theinternationalgoal.com. Hit.
72.34.53.174 technologytodayandtomorrow.com. IHNET in United States. This IP is special. This IP is somehow closely linked to the "Mass Deface III" pastebin as it seems to have been hosted by Condor hosting. They also have many old sites, and links to Russia which is apparently where this was hosted.
74.116.72.236 techtopnews.com. OPTIMUM-WIFI2 in Brooklyn - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.116.72.215 - 74.116.72.254
74.254.12.168 non-stop-news.net. BELLSOUTH-NET-BLK in Atlantic Beach - United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 74.254.12.158 - 74.254.12.195. This domain exceptionally also has a second IP also with multihits: 207.239.196.230. The fact that the range has rdns sources with hits from both 2013 DNS Census and viewdns.info suggests this range is correct.
173.208.81.2 LEASEWEB-USA-CHI in Lombard - United States:
199.85.212.118 just-kidding-news.com. ATT-INTERNET4 in United States.
204.176.38.143 noticiassofisticadas.com. UUNET in United States. Found with: 2013 DNS Census virtual host cleanup. Tested viewdns.info range: 204.176.38.125 - 204.176.38.154
  • 204.176.38.130: i-pressnews.com. Hit.
  • 204.176.38.132: turkishnewslinks.com. Hit.
  • 204.176.38.134: photographyarecord.com. Hit.
  • 204.176.38.135: breakingthewicket.com. Hit.
  • 204.176.38.136: politicalworldtoday.com. Hit.
  • 204.176.38.137: hi-tech-today.com. Hit.
  • 204.176.38.138: continental-business-news.com. TODO. rss-item, split images. 2011. Cannot find comms. Also header and footer are not limited width which is unusual. Further HTML similarity reversing would be needed.
  • 204.176.38.139: bigscreenbattles.com. Hit.
  • 204.176.38.141: rakotafootball.com. Hit.
  • 204.176.38.142: senderosdemontana.com. Hit.
  • 204.176.38.143: noticiassofisticadas.com. Hit.
  • 204.176.38.144: techno-today.com. Hit.
  • 204.176.38.145: tickettonews.com. Hit.
  • 204.176.38.146: dps-digitalphotosharing.com. Hit.
  • 204.176.38.147: theputtingreen.com. Hit.
  • 204.176.38.149: sportsnewstodayar.com. Hit.
  • 204.176.38.150: kairuafricanews.com. Hit.
204.176.39.115 globalprovincesnews.com. UUNET in United States. Tested viewdns.info range: 204.176.39.93 - 204.176.39.124
207.150.191.68 technologypresstoday.com. Saudi Telecom Company JSC in Saudi Arabia.
207.210.250.132 aeronet-news.com. AS17378 in United States. This is the Autonomous System Number for TierPoint, LLC. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 207.210.250.126 - 207.210.250.157
  • 207.210.250.131: starrynightnews.com. Hit.
  • 207.210.250.132: aeronet-news.com. Hit.
  • 207.210.250.133: bakaribulletin.com. Hit.
  • 207.210.250.134: deprensaenlarevisiondehoy.com. Hit.
  • 207.210.250.135: icwb-news.com. Hit.
  • 207.210.250.136: sportsreelhighlights.com. Hit.
  • 207.210.250.137: fashionforward.info. No archives. cqcounter.com/whois/www/fashionforward.info.html innovative but has a "Member" section. Stock lady visible somwhere at westlahairgrowth.com/?page_id=12158 according to Google images but I couldn't find it easily in the page.
  • 207.210.250.138: inquiry-human-past.com. Hit.
  • 207.210.250.139: thefairwaysaregreen.com. Hit.
  • 207.210.250.142: russiaupdate.com. Hit.
  • 207.210.250.143: archaeologyreview.net. Hit.
  • 207.210.250.144: highspeed-news.com. No archives. cqcounter.com/whois/www/highspeed-news.com.html not found.
  • 207.210.250.146: noticias-caracas.com. Hit.
  • 207.210.250.147: bailandstump.com. Hit.
  • 207.210.250.148: classicalmusic4arab.com. Hit.
  • 207.210.250.149: globalventurestat.com. Hit.
  • 207.210.250.152: al-rashidrealestate.com. Hit.
  • 207.210.250.153: newsintheworld-ru.com. Hit.
  • 207.210.250.154: news-unlimited.info. Hit.
208.93.112.105 fastnews-online.com. TULIP-SYSTEMS in United States. Checked viewdns.info range: 208.93.112.90 - 208.93.112.155
208.254.38.39 todaysengineering.com. COLO-PREM-VZB in United States.
  • Tested viewdns.info range: 208.254.38.9 - 208.254.38.86. Weirdly empty, doesn't even show the domain iteslf!
  • 68.178.232.100: source: securitytrails.com. 2009-11-24 - 2009-12-11, GoDaddy.com, LLC
208.254.40.117 worldnewsandent.com. COLO-PREM-VZB in United States. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117: Net Range 208.192.0.0 - 208.255.255.255. Tested viewdns.info range: 208.254.40.92 - 208.254.40.135
  • 208.254.40.96: sixty2media.com. Hit.
  • 208.254.40.99: newspoliticssource.com. Hit.
  • 208.254.40.110 musical-fortune.net. Hit.
  • 208.254.40.113: ashoka-gemstones.com. Hit.
  • 208.254.40.117: worldnewsandent.com. Hit.
  • 208.254.40.124: riskandrewardnews.com. Hit.
  • 208.254.40.129: mailb.casella.com. Legit.
208.254.42.205 driversinternationalgolf.com. COLO-PREM-VZB in United States. Tested viewdns.info range: 208.254.42.178 - 208.254.42.233.
209.162.192.49 rastadirect.net. DF-PTL2-3 in Gresham - United States. Source: securitytrails.com and cqcounter.com/site/rastadirect.net.html. Tested viewdns.info: 209.162.192.30 209.162.192.70
* 209.162.192.44: thejewelofsouthamerica.com. Hit.
* 209.162.192.49: rastadirect.net. Hit.
* 209.162.192.51: yellow-chair-report.com. Hit.
* 209.162.192.54: tutkulu-turu.com. Possible hit. domainsbyproxy.com 2008-03-04. Weird style made up exclusively of cut up images, including the text itself where links would normally be. Turkish. Archive a bit weird with images on top of text. 2011 Copyright 2006. Unarchived link to web.archive.org/web/20110129065840/http://tutkulu-turu.com/login.html with title "Kullanıcı adı" (Username). Headline "Online seyahat etmek acenta" translates to "Online travel agency".
* 209.162.192.57: globalnewsreports.net. Hit.
* 209.162.192.59: easytravelsite.net. Hit.
* 209.162.192.70: phrio.com. Off date. viewdns.info/reverseip/?t=1&host=209.162.192.70
210.80.75.55 philippinenewsonline.net. UUNET in Australia. Tested viewdns.info range: 210.80.75.30 - 210.80.75.67
  • 210.80.75.35: aroundtheworldnews.net. No archives. ipinf.ru/domains/210.80.75.33/ disagrees and places it at .33.
  • 210.80.75.36: e-commodities.net. Hit.
  • 210.80.75.37: trekkingtoday.com. Hit.
  • 210.80.75.41: multinews-33.com. Hit.
  • 210.80.75.42: movimientodenticias.com. No archives. cqcounter.com/whois/www/movimientodenticias.com.html blank.
  • 210.80.75.43: gulfandmiddleeastnews.com. Hit.
  • 210.80.75.44: whirlybirdinflight.com. Hit.
  • 210.80.75.45: kings-game.net. Hit.
  • 210.80.75.46: topglobalnewsdaily.com. Hit.
  • 210.80.75.49: recipe-dujour.com. Hit.
  • 210.80.75.53: sportsman-elite.com. Hit.
  • 210.80.75.55: philippinenewsonline.net. Hit.
  • 210.80.75.56: technewsforme.com. Hit.
  • 210.80.75.59: goldeportesnoticias.com. Hit.
  • 210.80.75.68: gigabyte-usa.com. Legit.
212.4.16.232 mynewscheck.com. UUNET in Cassano d'Adda - Italy. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.16.214 - 212.4.17.198. ipinf.ru/domains/?search=212.4.17.125&cust=1 says they are /19, so .16 and .17 are both the same range from a registration perspective::
212.4.17.38 fightwithoutrules.com. UUNET in Cassano d'Adda - Italy. whois.arin.net/rest/net/NET-208-192-0-0-1/pft?s=208.254.40.117. Net Range: 208.192.0.0 - 208.255.255.255. Organization: Name: Verizon Business. Tested viewdns.info range: see 212.4.16.* above
  • 212.4.17.38: fightwithoutrules.com. Hit.
  • 212.4.17.41: newtechfrontier.com. Hit.
  • 212.4.17.43: smart-travel-consultant.com. Hit.
  • 212.4.17.46: atentlaloc.com. Hit.
  • 212.4.17.53: newsresolution.net. Hit.
  • 212.4.17.56: lesummumdelafinance.com. Hit.
  • 212.4.17.56: thepinnacleoffinance.com. No Wayback machine archives. cqcounter.com/whois/www/thepinnacleoffinance.com.html blank.
  • 212.4.17.61: tech-stop.org. Archive: 2011. Feels likely. No commons found. .org hit? Has subdomain "gear.tech-stop.org" according to 2013 DNS Census, which suggests CGI comms, but no links to it
  • 212.4.17.98: topbillingsite.com. Hit.
  • 212.4.17.122: b2bworldglobal.com. Hit.
  • 212.4.17.125: worldaroundyunnan.com. Hit.
  • 212.4.17.160: localtoglobalnews.com. Hit.
There were also some other reverse IP hits for fightwithoutrules.com, but no CIA websites there:
  • 204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26. Many domains.
  • 208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20. Many domains.
Other hits:
  • 208.91.197.132. rdns source: viewdns.info: "location" : "British Virgin Islands", "owner" : "Confluence Networks Inc", "lastseen" : "2013-09-26". So this is after the previous one, unlikely to be correct.
  • 205.178.189.131. source: securitytrails.com
212.4.18.129 sightseeingnews.com. UUNET in Cassano d'Adda - Italy. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.4.18.115 - 212.4.18.148. TODO expand. Interesting wide/sparse range? Or perhaps it's two separate ranges?
212.209.74.105 globalbaseballnews.com. UUNET in Sweden. Tested viewdns.info range: 212.209.74.100 - 212.209.74.132. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches
212.209.79.40 hydradraco.com. UUNET in Sweden. Found with: visual inspection of full 2013 DNS Census virtual host cleanup list just after globalbaseballnews.com. Tested viewdns.info range: 212.209.79.35 - 212.209.79.63
  • 212.209.79.34: fgnl.net. Hit. securitytrails.com provides IP history:
    • 212.209.79.34: 2008-09-01 - 2010-04-19.
    • 212.4.18.133: 2010-04-19 - 2019-06-19. Tested viewdns.info range: 212.4.18.122 - 212.4.18.148
    both under MCI Communications Services, Inc. d/b/a Verizon Business.
  • 212.209.79.37: fitness-sources.com. Hit.
  • 212.209.79.40: hydradraco.com. Hit.
  • 212.209.79.41: noticiasdelmundolatino.com. Hit.
  • 212.209.79.42: suparakuvi.com. Hit.
  • 212.209.79.44: myigadgets.net. Unclear. 2010. tech. Contains some helpers to: iGoogle. This page is very interesting. and quite different from the others, as it contains highly specialized functionality. No known comms found. The choice of homepage languages is also very suspicious: Arabic, Farsi, French, Chinese and Spanish.
  • 212.209.79.46: cetusdelph.com. Hit.
  • 212.209.79.47: willtoworship.com. Hit. domainsbyproxy.com
  • 212.209.79.48: themvconnection.com. Hit.
  • 212.209.79.51: pi-resources.net. Hit.
  • 212.209.79.52: newel-adserver.com. Redirects to newel.com which is legit. cqcounter.com/whois/www/newel-adserver.com.html blank.
  • 212.209.79.53: ourscubaworld.com. Hit.
  • 212.209.79.58: tech-love-home.com. Hit.
  • 212.209.79.60: first-solo-aviation.com. Hit.
  • 212.209.79.61: china-destinations.org. Hit.
212.209.90.84 thenewseditor.com. UUNET in Sweden. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 212.209.90.64 - 212.209.90.99
  • 212.209.90.69: worldedgenews.com. Hit.
  • 212.209.90.72: talkingpointnews.info. Hit.
  • 212.209.90.74: globalinvestmentnews.net. Hit.
  • 212.209.90.75: prebitinvestment.com. Hit.
  • 212.209.90.77: energy-bulb.com 2011. English. energy. Comms not found, but has unarchived link to: web.archive.org/web/20110128182345/https://webmail.energy-bulb.com/login.html. CGI comms variant?
  • 212.209.90.79: freeblink.com. No archives for timerange, then legit. cqcounter.com/whois/www/freeblink.com.html off-style
  • 212.209.90.80: nsmovies.net. Hit.
  • 212.209.90.82: middleeastjournal.net. Hit.
  • 212.209.90.84: thenewseditor.com. Hit.
  • 212.209.90.87: newsandweathersource.com. Hit.
  • 212.209.90.89: pakisports.com. Hit.
  • 212.209.90.90: vriha-aesthetics.com. Hit.
  • 212.209.90.92: amishkanews.com. Hit.
  • 212.209.90.93: theentertainbiz.com. Hit.
  • 212.209.90.94: eurosportssummary.com. Hit.
  • 212.209.91.14: teracom.net. Legit
216.93.248.194 esmundonoticias.com. TWDX in Chelmsford - United States.
216.104.38.114 all-sport-headlines.com. SINGLEHOP-LLC in United States.
216.105.98.152: modernarabicnews.com. SAVVY-NET in United States. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches. Tested viewdns.info range: 216.105.98.125 - 216.105.98.167
  • 216.105.98.118:
  • 216.105.98.132: europeantravelcafe.com. Hit.
  • 216.105.98.134: fuenteneta.com. Hit.
  • 216.105.98.135: ilat-news.com. Hit.
  • 216.105.98.136: etherealinspirations.net. Hit.
  • 216.105.98.137: the-news-zone.com. Hit.
  • 216.105.98.138: photozoomnews.com. No archives. cqcounter.com/whois/www/photozoomnews.com.html empty
  • 216.105.98.139: cultura-digital.net. Hit.
  • 216.105.98.140: uaeshoppingspree.com. Hit.
  • 216.105.98.141: jabarifootball.com. No archives. "Jabari" is a Swahili/Arabic name[ref]. cqcounter.com/whois/www/jabarifootball.com.html not found.
  • 216.105.98.142: globalreview-ar.com. No archives. Shame, could have been our first Argentinian site. cqcounter.com/whois/www/globalreview-ar.com.html empty.
  • 216.105.98.144: garanziadellasicurezza.com. Hit.
  • 216.105.98.145: montanismoaventura.com. Hit.
  • 216.105.98.146: large-format-news.com. Hit.
  • 216.105.98.147: nepalnewsbrief.com. Hit. dnshistory.org marks it as having IP 2010-03-10 -> 2010-08-15 216.169.148.94 [ref]. This range does feel a bit different from the others, too many broken archives, and relatively early ones too. Explored viewdns.info range: 216.169.148.84 - 216.169.148.104, empty for period. domainsbyproxy.com.
  • 216.105.98.148: teclafinance.com. Hit.
  • 216.105.98.149: entreman.com. Hit.
  • 216.105.98.152: modernarabicnews.com. Hit.
  • 216.105.98.153: global-headlines.com. Hit.
  • 216.105.98.154: everythingcricket.org. Hit.
  • 216.105.98.156: familyhealthonline.net. Hit.
  • 216.105.98.157: delacorne.com. Hit.
  • 216.105.98.158: econfutures.com. Hit.
  • 216.105.98.161: kstcloud.com. No archives. cqcounter.com/whois/www/kstcloud.com.html not found
219.90.61.123 journeystravelled.com. UUNET in Taiwan. Tested viewdns.info range: 219.90.61.100 - 219.90.61.133
219.90.62.243 fitness-dawg.com. UUNET in Taiwan. whois.arin.net/rest/net/NET-219-0-0-0-1/pft?s=219.90.62.243. Net Type: Allocated to APNIC. Tested viewdns.info range: unknown - 219.90.62.255
Read the full article
CIA 2010 covert communication websites / Hits without nearby IP hits Updated 2025-07-16
View more
Here we list of suspected domains for which the correct IP was apparently not found since there are no neighbouring hits.
These are suspicious, and suggest either that we didn't obtain the correct reverse IP, or a change in CIA methodology from an older time at which they were not yet using the obscene IP ranges.
For example, in the case of inews-today.com, 2013 DNS Census gave one IP 193.203.49.212, but then viewdns.info gave another one 66.175.106.146 which fit into an existing IP range, and which assumed to be the correct IP of interest.
A similar case happened when we found IP 212.209.74.126 for headlines2day.com with dnshistory.org: dnshistory.org/historical-dns-records/a/headlines2day.com.
It is also possible that some of them are simply false positives so they should be taken with a grain of salt. Further reverse engineering e.g. of comms or HTML analysis might be able to exclude some of them.
It is interesting to note that Reuters seems to have featured disproportionately many hits from that range, one wonders why that happened. It is possible that they chose these because they actually didn't have any nearby hits to give away less obvious information, though they did pick some from the ranges as wel.
In what follows we list the domains with possible reverse IPs and what was explored so far for each. We consider IPs not in a range to be uncertain, and that instead their domains might have been previously in a range which we
dailynewsandsports.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches
  • 216.119.129.94. rdns source: viewdns.info "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2012-04-13". Tested viewdns.info range: 216.119.129.85 - 216.119.129.86, 216.119.129.89 - 216.119.129.99, ran out of queries for 87 and 88
    • 216.119.129.90: eastdairies.com 2011-04-04. Promising name and date, but no archives alas.
    • 216.119.129.97: miideaco.com 2016-02-01
  • 216.119.129.114 Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches, also present on viewdns.info but at a later date from previous "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2013-11-29". Tested viewdns.info range: 216.119.129.109 - 216.119.129.119
    • 216.119.129.110: dommoejmechty.com.ua. Legit.
    • 216.119.129.111: dailybeatz.com: Legit
    • 216.119.129.113:
      • audreygeneve.com
      • reyzheng.com
      • jacintorey.com
    • 216.119.129.114: dailynewsandsports.com. hit.
    • 216.119.129.115: afxchange.com legit/broken
    • 216.119.129.116: danafunkfinancial.com: legit
  • 208.73.33.194 on securitytrails.com
iranfootballsource.com:
iraniangoalkicks.com:
iraniangoals.com:
football-enthusiast.com:
  • 212.4.18.14: Tested viewdns.info range: 212.4.18.1 - 212.4.18.29. This is a curious case, rather close to 212.4.18.129 sightseeingnews.com, but not quite in the same range apparently. Viewdns.info also agrees on its history with only "212.4.18.14", "location" : "Milan - Italy", "owner" : "MCI Worldcom Italy Spa", "lastseen" : "2013-06-30" of interest.
cyhiraeth-intlnews.com:
europeannewsflash.com:
outlooknewscast.com:
farsi-newsandweather.com:
global-view-news.com:
health-men-today.com:
firstnewssource.com:
pars-technews.com:
newdaynewsonline.com:
sportsnewsfinder.com:
newsworldsite.com:
todaysnewsreports.net:
hassannews.net:
todayoutdoors.com:
globaltourist.net:
terrain-news.com:
intlnewsdaily.com
opensourcenewstoday.com:
Read the full article
CIA 2010 covert communication websites / iraniangoalkicks.com Updated 2025-07-16
View more
whoisxmlapi WHOIS history March 23, 2011:
  • Created Date: April 9, 2007 00:00:00 UTC
  • Updated Date: March 2, 2011 00:00:00 UTC
  • Expires Date: April 9, 2011 00:00:00 UTC
  • Registrant Name: domainsbyproxy.com
  • Name servers: dns1.registrar-servers.com|dns2.registrar-servers.com
whoisrequest.com/history/ mentions:
1 May, 2007: Domain created*, nameservers added. Nameservers:
  • ns1.qwknetllc.com
  • ns2.qwknetllc.com
Read the full article
CIA 2010 covert communication websites / iraniangoals.com Updated 2025-07-16
View more
whoisxmlapi WHOIS history April 11, 2011:
  • Created Date: March 6, 2008 00:00:00 UTC
  • Updated Date: March 7, 2011 00:00:00 UTC
  • Expires Date: March 6, 2014 00:00:00 UTC
  • Registrant Name: domainsbyproxy.com.
  • Registrant Organization: Domains by Proxy, Inc.
  • Registrant Street: 15111 N. Hayden Rd., Ste 160,
  • Registrant City: Scottsdale
  • Registrant State/Province: Arizona
  • Registrant Postal Code: 85260
  • Registrant Country: UNITED STATES
  • Name servers: NS29.WORLDNIC.COM|NS30.WORLDNIC.COM
Folowed by reuters registration in 2022.
whoisrequest.com/history/ mentions:
  • 1 Apr, 2008: Domain created*, nameservers added. Nameservers:
  • ns1.webhostingpad.com
  • ns2.webhostingpad.com
Read the full article
CIA 2010 covert communication websites / iraniangoals.com JavaScript reverse engineering Updated 2025-07-16
View more
Notably, the password is hardcoded and its hash is stored in the JavaScript itself. The result is then submitted back via a POST request to /cgi-bin/goal.cgi.
TODO: how is the SHA calculated? Appears to be manual.
Read the full article
CIA 2010 covert communication websites / JavaScript reverse engineering Updated 2025-07-16
Read the full article
CIA 2010 covert communication websites / Wayback Machine CDX scanning with Tor parallelization Updated 2025-07-16
View more
First we must start the tor servers with the tor-army command from: stackoverflow.com/questions/14321214/how-to-run-multiple-tor-processes-at-once-with-different-exit-ips/76749983#76749983
tor-army 100
and then use it on a newline separated domain name list to check;
./cdx-tor.sh infile.txt
This creates a directory infile.txt.cdx/ containing:
  • infile.txt.cdx/out00, out01, etc.: the suspected CDX lines from domains from each tor instance based on the simple criteria that the CDX can handle directly. We split the input domains into 100 piles, and give one selected pile per tor instance.
  • infile.txt.cdx/out: the final combined CDX output of out00, out01, ...
  • infile.txt.cdx/out.post: the final output containing only domain names that match further CLI criteria that cannot be easily encoded on the CDX query. This is the cleanest domain name list you should look into at the end basically.
Since archive is so abysmal in its data access, e.g. a Google BigQuery would solve our issues in seconds, we have to come up with creative ways of getting around their IP throttling.
The CIA doesn't play fair. They're actually the exact opposite of fair. So neither shall we.
This should allow a full sweep of the 4.5M records in 2013 DNS Census virtual host cleanup in a reasonable amount of time. After JAR/SWF/CGI filtering we obtained 5.8k domains, so a reduction factor of about 1 million with likely very few losses. Not bad.
5.8k is still a bit annoying to fully go over however, so we can also try to count CDX hits to the domains and remove anything with too many hits, since the CIA websites basically have very few archives:
cd 2013-dns-census-a-novirt-domains.txt.cdx
./cdx-tor.sh -d out.post domain-list.txt
cd out.post.cdx
cut -d' ' -f1 out | uniq -c | sort -k1 -n | awk 'match($2, /([^,]+),([^)]+)/, a) {printf("%s.%s %d\n", a[2], a[1], $1)}' > out.count
This gives us something like:
12654montana.com 1
aeronet-news.com 1
atohms.com 1
av3net.com 1
beechstreetas400.com 1
sorted by increasing hit counts, so we can go down as far as patience allows for!
New results from a full CDX scan of 2013-dns-census-a-novirt.csv:
  • 219.90.61.123 journeystravelled.com
Read the full article
cirosantilli.com Updated 2025-07-16
View more
Ciro Santilli's website is a dump of his brain, see also: braindumping.
However it won't remain like that for long, because it will be migrated to OurBigBook.com, and therefore become a brain dump of society itself.
Video 1.
Who Wants To Live Forever by Queen (1986)
Source.
Read the full article
Ciro Santilli Myers-Briggs Type Indicator Updated 2025-07-16
View more
Ciro Santilli feels that Ciro Santilli Myers-Briggs Type Indicator is much more random/hard to determine than the Big Five personality traits
Upon a quick look Ciro Santilli evaluates himself as INTJ.
Read the full article
Ciro Santilli's cooking / Roast chicken Updated 2025-07-16
View more
2020-12: large-ish chicken, www.youtube.com/watch?v=bJeUb8ToRIw worked very well. Just that after 1 hour it was slightly uncooked in the middle, and 10 minutes later, the top skin burnt a little bit. So next time, use some aluminium foil.
Read the full article
Ciro Santilli's dreams Updated 2025-07-16
View more
Ciro Santilli's dreams almost all include the following aspect: Ciro is trying to do something mundane, like climbing a hill, walking across town, etc. but doing so it extremely difficult. The hill is too steep, he gets lost, and things which are easy to use in real life are impossibly hard to use in the dream.
So they are a bit like nightmares, but not that bad. Just really annoying and tiresome. Still, Ciro does enjoy o visiting the semi-real places those dreams bring him to, much for the same reasons he enjoys cycling.
Ciro attributes this type of dream to his occupation as a software engineer, because that's basically the feeling you get all day from it: why isn't this working!!! It is so basic!!!
Read the full article
Grand Commander Hou releases the 108 demons Updated 2025-07-16
Read the full article
Graph representation Updated 2025-07-16
Read the full article
Gridworld AI game Updated 2025-07-16
View more
Read the full article
Ciro Santilli's hardware / 2017-04 Nike Flex Experience RN 6 Grey running shoes Updated 2025-07-16
View more
Amazing shoes! Wore them to their destruction.
Shoestring length: 1.185m
Replaced with after bicycle ate it: 1.0m, also worked but at limit.
Size: EUR 45.
Read the full article
Ciro Santilli's hardware / 2023 laptop buy research Updated 2025-07-16
View more
The P51 is a bit too heavy, and the battery could be better!
Read the full article
Ciro Santilli's hardware / Bicycle products Updated 2025-07-16
View more
2022-02: lost my Karrimor REFLEKT, must have fallen off from trouses somewhere.
2022-02: bought Burg Wachter Sold Secure Bike Chain, Lock and Ground Anchor Kit 1m, 10mm chain width: www.amazon.co.uk/Burg-Wachter-Sold-Secure-Gold-Chain/dp/B09MMGL9B7
2022-02 bought Kryptonite Kryptoflex double loop cable 1.2m length 10mm diameter braided steel cable: www.kryptonitelock.com/en/products/product-information/current-key/210818.html
2022-02: bought a Trelock BC 115/110/4 chain white for my saddle after Liv Flourish 2 (2018) the saddle of was stolen at home. Same as this but white: www.trelock.com/en/lock/locks/chain-locks/bc-115-110-4-green. The keys are a bit larger than I'd like.
2021-11: buying a Cateye ViZ450 www.cateye.com/intl/products/safety_lights/TL-LD820/ 51 dollars after CatEye RAPID X2 was stolen. Unfortunately, it is not very compatible with my Topeak saddle bag... the attachment is to wide to fit the saddble bag, and even if it did it is slanted to account for seat tube slant so it would not be very verfical. Arghh, they have futher options on the website: www.cateye.com/intl/products/parts/5342460/ that is the one I need, Clip C-2 or Clip C-1N. On Amazon it didn't have clear choices for that... mine came with the BracketSP-15. Ah, can buy on Amazon for 3 dollars, OK then.
2021-11: COZYROOMY multitool broke apart already, like before, but much sooner this time. What a piece of junk!!! Buying the Topeak Mini 18+ Bike Multitool www.topeak.com/global/en/products/75-Mini-Tools/173-mini-18+ Has a spoke wrench.
2021-09: COZYROOMY multitool stolen, even though it was completely in pieces already. 2021-09-21 12:30PM discovered, seat bag open, one tool on floor, and some leftovers inside, but black bag gone. Bicycle last seen 2021-09-20 6PM. Would likely have spotted it if it had happened before. Bicycle last used: 2021-09-19 6PM. Would almost for sure have seen it if it had happened by then. Rebought it.
2021-07 Topeak MTS Trunkbag EX Strap Type www.topeak.com/global/en/products/192-Rear-Rack-Bags/859-MTX-TRUNKBAG-EX Fit nicely on the back of the Kross bicycle (2017). 8L. Originally to carry some extra food and water on a long summer trip. 36 pounds.
2020-11-30: Bought more "Finish Line DRY Teflon Bicycle Chain Lube" 8oz/240ml www.amazon.com/dp/B00Z779GMO/ after previous disaster with the bottle because lock is a bit hard to open.
2020-11-30 WD-40 Bike, All Conditions Lube Bicycle Lubricant, 250ml. Markings: "Contains PTFE". www.amazon.com/dp/B00O8QF3PY Sprays out of bottle, so very thin.
2020-02: CatEye AMPP500 45 pounds www.cateye.com/intl/products/headlights/HL-EL085RC/ High mode 500 lumens: 1.5hrs, Daytime HyperConstant mode 500/250 lumens: 5hrs. 2020-11: noticed it was cracked on top front between button and light, I think I dropped it the other day from waist height.
2020-02: Karrimor REFLEKT Band 2 pounds from Sports Direct to replace old that I destroyed by playing with it with hands on work desk www.karrimor.com/karrimor-reflect-band-765007
2020-01: Halfords Microfibre Heavy Duty Cloths www.halfords.com/motoring/car-cleaning/sponges-brushes-buckets/halfords-microfibre-heavy-duty-cloths (archive) 87% polyester, 13% polyamide.
2019-12: www.amazon.co.uk/gp/product/B07GQSXN8B SENZEAL Bicycle Spoke Wrench Tool Spoke Key Spanner 6 in 1 for Bike Wheel Cycle Wrench 10-15 Gauge. TODO 2024: can't find those for the life in me.
2019-11: Multitool: www.amazon.co.uk/dp/B07MW3K2GK "COZYROOMY Bike Repair Kits - Bicycle tool kit with 10 in 1 Multi-Function Bike Tool, multi-purpose bone wrench And related spare tools, 1 Portable tool bag, 6 Month Warranty". No spoke wrench unfortunately. But does have 15mm bone wrench, which opens Kross front wheel. Some months later, the thing came apart, quality was a bit shit. But I kept it in the saddle bag anyways for a long time, and just used it by putting part of it manually together.
2019-11: "CatEye RAPID X2" real lights, 40 dollars. Hopefully to increase side visibility at night, and day visibility on fast roads when cycling further on weekends. www.cateye.com/intl/products/safety_lights/TL-LD710-R/ (archive) USB rechargeable. 80 lumens in high mode lasting 1 hour, 5 hours in low mode, 30 hours flashing, 16 hours rapid/pulse. Lost 2021-11 in a big city, didn't know the path well, had to cross a bunch of streets, was on back of back bag, likely stolen.
2019-10 WD-40 Smart Straw 450ml www.amazon.com/dp/B01MEHN4VC (archive)
2019-10 Finish Line Dry Teflon Tube www.amazon.com/dp/B00B704LZW (archive) Tube broke while opening the first day. I glued it with some superglue, but two months later found it leaked into my "oils bag", so I threw it away... it must have penetrated through the super glue.
2019-08: "CatEye CA475RAPMIN Rapid Mini Rear Lights and Reflectors, Black" stolen: www.amazon.co.uk/dp/B01I4193PY (archive). Very good quality. Those USB rechargeable lights you just have got to take off with you whenever parked in town or else drug addicts will steal them because they are easy to remove for recharging. Tempted to just stick to dynamo ones that are screwed in. Re-bought original back light: AXA Basta, was a bit different from previous one, cannot take in lamps anymore, even though there is the plastic casing for them! Just not metal / wires.
Read the full article
Ciro Santilli's hardware / ELEGOO Upgraded Electronics Fun Kit Updated 2025-07-27
View more
  • Elegoo Breadboard power supply module MB‐V2:
    • Input voltage: 6.5-9v (DC) via 5.5mm x 2.1mm plug
    • Output voltage: 3.3V/5v
    • Maximum output current: 700 mA
    TODO center positive or center negative?
    Does not come with AC adapter, getting this one: www.amazon.co.uk/dp/B08ZN476FW output: DC 9V 1A Power Supply Adapter, Plug 5.5mm x 2.1mm, Center Positive,B rand: Security-01, input: AC 100-240V 50/60 Hz, Cable length: 1.8m
    Parts list from the ZIP:
  • resistors:
    • 10x each:
    • 30x 220
  • 1n4007 General Purpose Rectifier
  • 22pf 104 Ceramic Capacitor
  • 4N35 optocoupler
  • 74HC595 8-bit serial-in, serial or parallel-out shift register with output latches; 3-state
  • Active buzzer
  • Buttons
  • CDS-55 Photoresistor
  • Electrolytic Capacitor
  • Focusens MF52D 103f 3950 thermistor. Beta value 25/50 Celcius: 3950. R_25: I measured 9.61 k Ohms. The number 103 they document as:
    These descriptions are weird, but ChatGPT has the theory that the first two digits are actual values, and the last is multiplier, so which makes 10k.
    but I have no idea how that maps to 10 k Ohms.
  • PN2222 General Purpose Transistor
  • Passive buzzer
  • 3386p Bourns Precision Potentiometer - 1 103T: from 0 to 10k Ohms, measured with multimeter. According to the manual the "103" mean 10 k oms, which is consistent with our measurement. "P 103" is etched into the part.
  • LEDs:
    • White LED 10x
    • Kingbright RGB LEDs 10x red, green, yellow, blue:
      • maximum Continuous Forward Current: 30 mA for read and blue, 25 mA for green
      • 303025
      • under 20 mA
      20 mA appears to be the typical operation. So with the 2.0 V drop on 5 V power we want a resistor such that:
      (1)
      for the max 50 mA we would instead have 60 Ohms
Read the full article
Ciro Santilli's hardware / Mechanical and electrical tools Updated 2025-07-16
View more
2020-01 "Heat Gun, SEEKONE Professional 2000W 50℃- 600℃ Variable Temperature Control Hot Air Gun Kit with 2 Temperature Modes 7 Accessories for D" www.amazon.com/dp/B078S5QMFG Initially for for cell phone repair, but later learnt they are also useful for heat shrink.
2019-09 "Draper Redline 68001 160 mm Heavy Duty Pliers Set with Soft Grip Handles (3-Piece)" web.archive.org/web/20190903191215/https://www.amazon.co.uk/dp/B071JL6LLL (archive)
2019-08: www.amazon.co.uk/dp/B000LFRYG2 (archive) "Silverline SP1236 Combination Spanner, 8-19 mm - 12 Pieces" 8.48 pounds. Because I needed the 15mm for bike pedal, and the price of 1 and the full set were very close.
6 10/11/12/13/14/17 mm Combination Wrench Set WRENCH SET COMBINATION Open-Ended Spanner/Ring Spanner Set www.amazon.co.uk/dp/B07BZLVGX8 (archive) But they sent one wrong, 8 instead of 11. Chrome Vanadium Steel. Markings: "DROP FORGED A". Quality feels crappy, not very smooth.
2017: Teng 621011 Double Open Ended Spanner 10x11mm www.amazon.co.uk/dp/B0001P0VP8 (archive)
2017: Magnusson AMS49 5M TAPE MEASURE 5m retractable flexible rule. www.screwfix.com/p/magnusson-ams49-5m-tape-measure/5315v (archive)
Read the full article

There are unlisted articles, also show them or only show them.