CIA 2010 covert communication websites / Wakatime redirects Updated +Created
Summary: this is just a red herring. Wakatime owner likely registered the domains just after this article was published as a publicity stunt. Fair play though.
As raised at: news.ycombinator.com/item?id=36280666, many, but not all, of the domains currently redirect to wakatime.com/ as of 2023, and apparently they were taken up in 2013 (TODO how to confirm that). TODO what is the explanation for that? Some examples that do:But some failed resolution examples:Even more suspiciously, according to his LinkedIn: www.linkedin.com/in/alanhamlett/, the owner of Wakatime, Alan Hamlett, worked at WhiteHat Security, Inc from Aug 2011 - Sep 2013. The company was then acquired by Synopsys in 2022. Holy crap!!! As shown at: web.archive.org/web/20131013193406/https://www.whitehatsec.com/ that company made website security tools. Did that dude use the tools to find the vulnerabilty and then just gobble up all the domains??? What a fucking legend if he did!!!
Running e.g.
curl -vvv dedrickonline.com
gives:
*   Trying 162.255.119.197:80...
* Connected to dedrickonline.com (162.255.119.197) port 80 (#0)
> GET / HTTP/1.1
> Host: dedrickonline.com
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 12 Jun 2023 20:30:19 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 55
< Connection: keep-alive
< Location: https://wakatime.com
< X-Served-By: Namecheap URL Forward
< Server: namecheap-nginx
<
<a href='https://wakatime.com'>Moved Permanently</a>.

* Connection #0 to host dedrickonline.com left intact
so we see that he must have setup redirection with Namecheap as mentioned at: www.namecheap.com/support/knowledgebase/article.aspx/385/2237/how-to-redirect-a-url-for-a-domain/
Let's also try DNS history
  • whoisrequest.com/history/:
    • dedrickonline.com: registered: 1 Nov, 2010, dropped: 24 Nov, 2013
    • activegaminginfo.com : registered: 1 Feb, 2010, dropped: 1 Apr, 2012
  • tools.whoisxmlapi.com/whois-history-search
    • dedrickonline.com:
      • CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
        • Created Date: October 27, 2010 00:00:00 UTC
        • Updated Date: October 28, 2013 00:00:00 UTC
        • Expires Date: October 27, 2014 00:00:00 UTC
      • Alan (namecheap):
        • Created Date: June 11, 2023 09:59:25 UTC
        • Expires Date: June 11, 2024 09:59:25 UTC
    • activegaminginfo.com:
      • CIA (Network Solutions, registrant name: LLC. Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions)
        • Created Date: January 26, 2010 00:00:00 UTC
        • Updated Date: November 27, 2010 00:00:00 UTC
        • Expires Date: January 26, 2012 00:00:00 UTC
      • Alan:
        • Created Date: June 11, 2023 09:59:40 UTC
        • Expires Date: June 11, 2024 09:59:40 UTC
    • iraniangoalkicks.com:
      • CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
        • Created Date: April 9, 2007 00:00:00 UTC
        • Updated Date: March 2, 2011 00:00:00 UTC
        • Expires Date: April 9, 2011 00:00:00 UTC
      • Alan:
        • Created Date: June 11, 2023 09:59:20 UTC
        • Expires Date: June 11, 2024 09:59:20 UTC
    • iraniangoals.com:
      • CIA (registrar: Godaddy, registrant name: domainsbyproxy.com):
        • Created Date: March 6, 2008 00:00:00 UTC
        • Updated Date: March 7, 2011 00:00:00 UTC
        • Expires Date: March 6, 2014 00:00:00 UTC
      • Reuters:
        • Created Date: September 29, 2022 11:16:09 UTC
        • Updated Date: September 29, 2022 11:16:09 UTC
        • Expires Date: September 29, 2023 11:16:09 UTC
So these suggest Alan might have just come along in 2023 way after the 2022 Reuters article and did the same basic IP range search that Ciro is doing now, so possibly no new tech. Let's ask... twitter.com/cirosantilli/status/1668369786865164289
The domain name history presented is however of interest, and could lead to patterns being found.
Searching tools.whoisxmlapi.com/reverse-whois-search with term "Corral, Elizabeth" gave no results unfortunately.
Basic search under tools.whoisxmlapi.com/reverse-whois-search for "Corral" also empty. They can't see their own data? Ah, need advanced. Marked "Historic" and selected "Corral, Elizabeth", ony one hit, activegaminginfo.com.
Cool data embedded in the Bitcoin blockchain / Themes Updated +Created
In this section we document events that led to a large number of thematically related messages being added to the chain e.g. referencing some current event that happened, as opposed to the media encoding/type like images and text sections.
The "Hitler did nothing wrong" meme[ref] is repeated several times, e.g.: tx 41967a7d75e9e1ca8c142a45ce29ea08b451a3b55c3e33538f5cc8a389ec66ab (2015-07-20):
EW Hitler did nothing wrong.
This one is also an Eternity Wall message. The message had also been previously Base58 encoded at address 1HitLerDidNothingWrongggggghJewfv in two different instances:
Brazil:
  • tx 1c05bb7c0a8c9498d33a1e6d4a91bbb4c651daa5ea5a21aa5c8c600d3300b8bb Viva Brazil's Impeachment!
  • tx 105fb3a0be8ab50bfa36012e0319a752dee39702cb44f3904cf423eb20367d57 contains a misogenous joke:
    A mulher feia so tem uma coisa a oferecer,uma boa foda(Diego Silva de Oliveira)
    which translates to:
    Ugly women only have one thing to offer, a good fuck
    It is attributed to Diego Silva de Oliveira, possibly this football player: en.wikipedia.org/wiki/Diego_Silva_(footballer,_born_1990)
  • c72dc315a5504362d01f2dcdfe77826d14a9eb3411b83edd7aa782e95e4a7794 via cryptograffiti.info:
    NÓS DISSEMOS SIM
    AGÊNCIA TRANSITIVA 2015
    
    Nota pública de reconhecimento do Acordo Reconformado, assinado pela Agência Transitiva e 
    pela Escola de Artes Visuais do Parque Lage, em 22 de Abril de 2015.
    
    #ENCRUZILHADA
    EAV PARQUE LAGE
    22.04.2015
  • 1c05bb7c0a8c9498d33a1e6d4a91bbb4c651daa5ea5a21aa5c8c600d3300b8bb via cryptograffiti.info:
    Viva Brazil's Impeachment!
Our indexer does not handle UTF-8, here's a collection of some UTF-8 messages we've stumbled upon somewhat randomly:
Arabic:
  • 7eb561f2139761064de20033fa4843f1f3e1a9551268704b36f84d94e66fd91a
    يا سلم!
    شعرك جميل
    و عينيك حلوة
    انا عطشان
    اِروني من عينيك
    O peace!
    Your hair is beautiful
    And your eyes are beautiful
    I'm thirsty
    Show me from your eyes
  • b7376cae03b88392e5fd0292bcb43105386fbb534fc9be68c1e3d0b8f39e5ba4 via cryptograffiti.info
    sjalom, salaam, peace!
    الدين
  • 7a898b7e6b2145f4f887e1ff890d0b613e3008fbe350aa92662735e3acd0c0bc
    هذه رسالة من المستقبل
    إلى الماضي ...
    الحياة صعبة في المستقبل
    رعاية العالم
    وتحمل المسؤولية
    /y
    This is a message from the future
    To the past...
    Life is difficult in the future
    Caring for the world
    And take responsibility
    /y
Russian:
  • 1dcd62c922eb1ddbc1f58615b6271d64736bf55e83408cef02a7d0ac6707e423 via cryptograffiti.info
    А на Земле Быть Добру!
    And on Earth To Be Good!
  • 596cc6e905a5fc8248cf59198a19ce5070228b302a9f3a993197e2c87ddcaf14 via cryptograffiti.info
    Книга Вечно Живущих открыта
    The Book of the Ever-Living is open
  • 596cc6e905a5fc8248cf59198a19ce5070228b302a9f3a993197e2c87ddcaf14 via cryptograffiti.info
    Это тест, сука блять.
    This is a test, motherfucker.
  • ed56ef68ccbfb1d47bc159fb62fab6807ee4d7363d0ad4cded2e922a5b47362e via cryptograffiti.info
    Путин хуйло лалалалалалалалалал
    Putin sucks lalalalalalalalala
Chinese:
Japanese:
  • ac2ad7c15162a8e461387b0d0d681bb5f81f2db1138b8f200b81bbc585bd0b8f via cryptograffiti.info:
    モキーのフラッシュバン許すな
    Don't forgive Moky's flashbang
Hebrew:
  • 0b32736592ce7abdd4d971bc4591544e1610ff51f498c9a14a6ba34a3abcad5d via cryptograffiti.info
    חתימה טובה לכולם בכלל ולחברי ביטקוין ישראלי בפרט.
    A good signature for everyone in general and Israeli Bitcoin members in particular.
  • d7b80c8fefc88cc3f06d74f8496e2dc6f44b5f5f0a59f9ba1ba27266848a8666 via cryptograffiti.info contains what appears to be UTF-8 Hebrew text on my terminal, but Google Translate couldn't translate it, so we are unsure.
Davinci Jeremie Updated +Created
Video 1.
Just buy $1 worth of Bitcoin please! by Davinci Jeremie (2013)
Source.
Digital quantum computer Updated +Created
As of 2022, this tends to be the more "default" when you talk about a quantum computer.
But there are some serious analog quantum computer contestants in the field as well.
Histogram Updated +Created
Instruction pipelining Updated +Created
The first thing you must understand is the Classic RISC pipeline with a concrete example.
Puzzle script Updated +Created
Amazon Redshift Updated +Created
Amazon S3 Updated +Created
Android Open Source Project Updated +Created
Bitcoin input script Updated +Created
Bitcoin script operator Updated +Created
Bitcoin script type Updated +Created
Calcite Updated +Created
CIA 2010 covert communication websites / Selected screenshots Updated +Created
This section contains some of the most interesting and a few representative screenshots of the websites found.
We intentionally omit the screenshots already reported by the Reuters article.
Figure 1. .
The Star Wars one. Clearly branded websites like this are rare, which makes finding them all the much more fun. The Reuters article had two of them (Carson and rastadirect.net), so these were probably manually selected from the full hit dataset, and did not serve specifically as entry points. Most of the websites are quite boring and forgetful as you'd expect.
The subtitle "Beyond The Unknown" may be a reference to the Unknown Regions, an unexplored area of the galaxy in the Star Wars fictional universe.
Figure 2.
Stock photo of a Jedi boy from Getty Images used on starwarsweb.net
. Source.
The photo can still be licensed today as of 2025: www.gettyimages.co.uk/detail/photo/little-jedi-royalty-free-image/172984439. We found it by searching for "jedi boy" on gettyimages.co.uk. The photo is credited to a madisonwi, presumably an alias based on the location Madison, Wisconsin. Here's a random website about adoption that uses it: www.adoptionadvocates.net/star-wars-adoption-language/ and where it can be seen without the watermarks.
The droids can be seen e.g. at: www.amazon.co.uk/04-Kampf-Droiden-Superheftig-Jedi/dp/B004TINSW6, a promotional material for a 2008 The Clone Wars television series audio CD and available as transparent PNGs without background in several sources. The Yoda art also seems to come from that show: rpggamer.org/page.php?page=4229. One can picture the contractor's children watching that show when a lightbulb popped over their heads.
Figure 3. . Source. Although alljohnny.com is one of the original Reuters examples, we are highlighting this screenshot here because the Reuters provided screenshot is from the extremely early 2004 version of the site, and it is interesting to see how this unique example was later updated in this 2011 version, the only known such case so far. The lack of OPSEC awareness is mind blowing, them reusing a domain like that after so many years in a completely new threat environment and possibly for a new asset.
Figure 4.
2011 Wayback Machine archive of webofcheer.com scrolled to show Johnny Carson
. Source. This website is a fansite for various comedians. It is the second known reference to Johnny Carson after alljohnny.com, which was one of the original screenshots given in the Reuters article. There must have been some massive Johnny Carson fan among the CIA contractors a that time!
Figure 5. .
The third Iranian football on top of the two other published by Reuters: iraniangoalkicks.com and iraniangoals.com! Admittedly, this one is the most generic and less well designed one. But still. They pushed the theme too far!
The goalkeeper can be seen at: www.pixtastock.com/illustration/7323632.
Figure 6. .
The German one.
The CIA has had a few Germany espionage scandals in the 2010s:
Figure 7. .
A French one. Because it mentions VTT (Mountain Biking in French), it must focus France.
The arrow graph is very popular can be seen at: www.financialexpress.com/money/top-4-global-market-risks-for-2024-that-may-impact-your-finances-3346284/ and many other sites. Source unknown.
Figure 8. . An Italian one about extreme sports.
Figure 10. . The Korean one. Love the kawaii style!
Figure 12. . The Philippine one one.
Figure 13. . The Mexican one.
Figure 15. . One of the many golf-themed sites. Golf appears to be quite popular over in Langley. It's exactly what you'd expect for a mid-level spook to do in their free time!
Electron transport chain Updated +Created
Erwin Coumans Updated +Created
F-Droid Updated +Created

There are unlisted articles, also show them or only show them.