CIA 2010 covert communication websites / Hits without nearby IP hits Updated 2025-07-16
View more
Here we list of suspected domains for which the correct IP was apparently not found since there are no neighbouring hits.
These are suspicious, and suggest either that we didn't obtain the correct reverse IP, or a change in CIA methodology from an older time at which they were not yet using the obscene IP ranges.
For example, in the case of inews-today.com, 2013 DNS Census gave one IP 193.203.49.212, but then viewdns.info gave another one 66.175.106.146 which fit into an existing IP range, and which assumed to be the correct IP of interest.
A similar case happened when we found IP 212.209.74.126 for headlines2day.com with dnshistory.org: dnshistory.org/historical-dns-records/a/headlines2day.com.
It is also possible that some of them are simply false positives so they should be taken with a grain of salt. Further reverse engineering e.g. of comms or HTML analysis might be able to exclude some of them.
It is interesting to note that Reuters seems to have featured disproportionately many hits from that range, one wonders why that happened. It is possible that they chose these because they actually didn't have any nearby hits to give away less obvious information, though they did pick some from the ranges as wel.
In what follows we list the domains with possible reverse IPs and what was explored so far for each. We consider IPs not in a range to be uncertain, and that instead their domains might have been previously in a range which we
dailynewsandsports.com. Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches
  • 216.119.129.94. rdns source: viewdns.info "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2012-04-13". Tested viewdns.info range: 216.119.129.85 - 216.119.129.86, 216.119.129.89 - 216.119.129.99, ran out of queries for 87 and 88
    • 216.119.129.90: eastdairies.com 2011-04-04. Promising name and date, but no archives alas.
    • 216.119.129.97: miideaco.com 2016-02-01
  • 216.119.129.114 Found with: 2013 DNS Census virtual host cleanup heuristic keyword searches, also present on viewdns.info but at a later date from previous "location": "United States", "owner": "A2 Hosting, Inc.", "lastseen": "2013-11-29". Tested viewdns.info range: 216.119.129.109 - 216.119.129.119
    • 216.119.129.110: dommoejmechty.com.ua. Legit.
    • 216.119.129.111: dailybeatz.com: Legit
    • 216.119.129.113:
      • audreygeneve.com
      • reyzheng.com
      • jacintorey.com
    • 216.119.129.114: dailynewsandsports.com. hit.
    • 216.119.129.115: afxchange.com legit/broken
    • 216.119.129.116: danafunkfinancial.com: legit
  • 208.73.33.194 on securitytrails.com
iranfootballsource.com:
iraniangoalkicks.com:
iraniangoals.com:
football-enthusiast.com:
  • 212.4.18.14: Tested viewdns.info range: 212.4.18.1 - 212.4.18.29. This is a curious case, rather close to 212.4.18.129 sightseeingnews.com, but not quite in the same range apparently. Viewdns.info also agrees on its history with only "212.4.18.14", "location" : "Milan - Italy", "owner" : "MCI Worldcom Italy Spa", "lastseen" : "2013-06-30" of interest.
cyhiraeth-intlnews.com:
europeannewsflash.com:
outlooknewscast.com:
farsi-newsandweather.com:
global-view-news.com:
health-men-today.com:
firstnewssource.com:
pars-technews.com:
newdaynewsonline.com:
sportsnewsfinder.com:
newsworldsite.com:
todaysnewsreports.net:
hassannews.net:
todayoutdoors.com:
globaltourist.net:
terrain-news.com:
intlnewsdaily.com
opensourcenewstoday.com:
Read the full article
CIA 2010 covert communication websites / iraniangoalkicks.com Updated 2025-07-16
View more
whoisxmlapi WHOIS history March 23, 2011:
  • Created Date: April 9, 2007 00:00:00 UTC
  • Updated Date: March 2, 2011 00:00:00 UTC
  • Expires Date: April 9, 2011 00:00:00 UTC
  • Registrant Name: domainsbyproxy.com
  • Name servers: dns1.registrar-servers.com|dns2.registrar-servers.com
whoisrequest.com/history/ mentions:
1 May, 2007: Domain created*, nameservers added. Nameservers:
  • ns1.qwknetllc.com
  • ns2.qwknetllc.com
Read the full article
CIA 2010 covert communication websites / iraniangoals.com Updated 2025-07-16
View more
whoisxmlapi WHOIS history April 11, 2011:
  • Created Date: March 6, 2008 00:00:00 UTC
  • Updated Date: March 7, 2011 00:00:00 UTC
  • Expires Date: March 6, 2014 00:00:00 UTC
  • Registrant Name: domainsbyproxy.com.
  • Registrant Organization: Domains by Proxy, Inc.
  • Registrant Street: 15111 N. Hayden Rd., Ste 160,
  • Registrant City: Scottsdale
  • Registrant State/Province: Arizona
  • Registrant Postal Code: 85260
  • Registrant Country: UNITED STATES
  • Name servers: NS29.WORLDNIC.COM|NS30.WORLDNIC.COM
Folowed by reuters registration in 2022.
whoisrequest.com/history/ mentions:
  • 1 Apr, 2008: Domain created*, nameservers added. Nameservers:
  • ns1.webhostingpad.com
  • ns2.webhostingpad.com
Read the full article
CIA 2010 covert communication websites / iraniangoals.com JavaScript reverse engineering Updated 2025-07-16
View more
Notably, the password is hardcoded and its hash is stored in the JavaScript itself. The result is then submitted back via a POST request to /cgi-bin/goal.cgi.
TODO: how is the SHA calculated? Appears to be manual.
Read the full article
CIA 2010 covert communication websites / JavaScript reverse engineering Updated 2025-07-16
Read the full article
CIA 2010 covert communication websites / Wayback Machine CDX scanning with Tor parallelization Updated 2025-07-16
View more
First we must start the tor servers with the tor-army command from: stackoverflow.com/questions/14321214/how-to-run-multiple-tor-processes-at-once-with-different-exit-ips/76749983#76749983
tor-army 100
and then use it on a newline separated domain name list to check;
./cdx-tor.sh infile.txt
This creates a directory infile.txt.cdx/ containing:
  • infile.txt.cdx/out00, out01, etc.: the suspected CDX lines from domains from each tor instance based on the simple criteria that the CDX can handle directly. We split the input domains into 100 piles, and give one selected pile per tor instance.
  • infile.txt.cdx/out: the final combined CDX output of out00, out01, ...
  • infile.txt.cdx/out.post: the final output containing only domain names that match further CLI criteria that cannot be easily encoded on the CDX query. This is the cleanest domain name list you should look into at the end basically.
Since archive is so abysmal in its data access, e.g. a Google BigQuery would solve our issues in seconds, we have to come up with creative ways of getting around their IP throttling.
The CIA doesn't play fair. They're actually the exact opposite of fair. So neither shall we.
This should allow a full sweep of the 4.5M records in 2013 DNS Census virtual host cleanup in a reasonable amount of time. After JAR/SWF/CGI filtering we obtained 5.8k domains, so a reduction factor of about 1 million with likely very few losses. Not bad.
5.8k is still a bit annoying to fully go over however, so we can also try to count CDX hits to the domains and remove anything with too many hits, since the CIA websites basically have very few archives:
cd 2013-dns-census-a-novirt-domains.txt.cdx
./cdx-tor.sh -d out.post domain-list.txt
cd out.post.cdx
cut -d' ' -f1 out | uniq -c | sort -k1 -n | awk 'match($2, /([^,]+),([^)]+)/, a) {printf("%s.%s %d\n", a[2], a[1], $1)}' > out.count
This gives us something like:
12654montana.com 1
aeronet-news.com 1
atohms.com 1
av3net.com 1
beechstreetas400.com 1
sorted by increasing hit counts, so we can go down as far as patience allows for!
New results from a full CDX scan of 2013-dns-census-a-novirt.csv:
  • 219.90.61.123 journeystravelled.com
Read the full article
cirosantilli.com Updated 2025-07-16
View more
Ciro Santilli's website is a dump of his brain, see also: braindumping.
However it won't remain like that for long, because it will be migrated to OurBigBook.com, and therefore become a brain dump of society itself.
Video 1.
Who Wants To Live Forever by Queen (1986)
Source.
Read the full article
Ciro Santilli Myers-Briggs Type Indicator Updated 2025-07-16
View more
Ciro Santilli feels that Ciro Santilli Myers-Briggs Type Indicator is much more random/hard to determine than the Big Five personality traits
Upon a quick look Ciro Santilli evaluates himself as INTJ.
Read the full article
Ciro Santilli's cooking / Roast chicken Updated 2025-07-16
View more
2020-12: large-ish chicken, www.youtube.com/watch?v=bJeUb8ToRIw worked very well. Just that after 1 hour it was slightly uncooked in the middle, and 10 minutes later, the top skin burnt a little bit. So next time, use some aluminium foil.
Read the full article
Ciro Santilli's dreams Updated 2025-07-16
View more
Ciro Santilli's dreams almost all include the following aspect: Ciro is trying to do something mundane, like climbing a hill, walking across town, etc. but doing so it extremely difficult. The hill is too steep, he gets lost, and things which are easy to use in real life are impossibly hard to use in the dream.
So they are a bit like nightmares, but not that bad. Just really annoying and tiresome. Still, Ciro does enjoy o visiting the semi-real places those dreams bring him to, much for the same reasons he enjoys cycling.
Ciro attributes this type of dream to his occupation as a software engineer, because that's basically the feeling you get all day from it: why isn't this working!!! It is so basic!!!
Read the full article
Grand Commander Hou releases the 108 demons Updated 2025-07-16
Read the full article
Graph representation Updated 2025-07-16
Read the full article
Ciro Santilli's hardware / 2017-04 Nike Flex Experience RN 6 Grey running shoes Updated 2025-07-16
View more
Amazing shoes! Wore them to their destruction.
Shoestring length: 1.185m
Replaced with after bicycle ate it: 1.0m, also worked but at limit.
Size: EUR 45.
Read the full article
Ciro Santilli's hardware / 2023 laptop buy research Updated 2025-07-16
View more
The P51 is a bit too heavy, and the battery could be better!
Read the full article
Ciro Santilli's hardware / ELEGOO Upgraded Electronics Fun Kit Updated 2025-07-27
View more
  • Elegoo Breadboard power supply module MB‐V2:
    • Input voltage: 6.5-9v (DC) via 5.5mm x 2.1mm plug
    • Output voltage: 3.3V/5v
    • Maximum output current: 700 mA
    TODO center positive or center negative?
    Does not come with AC adapter, getting this one: www.amazon.co.uk/dp/B08ZN476FW output: DC 9V 1A Power Supply Adapter, Plug 5.5mm x 2.1mm, Center Positive,B rand: Security-01, input: AC 100-240V 50/60 Hz, Cable length: 1.8m
    Parts list from the ZIP:
  • resistors:
    • 10x each:
    • 30x 220
  • 1n4007 General Purpose Rectifier
  • 22pf 104 Ceramic Capacitor
  • 4N35 optocoupler
  • 74HC595 8-bit serial-in, serial or parallel-out shift register with output latches; 3-state
  • Active buzzer
  • Buttons
  • CDS-55 Photoresistor
  • Electrolytic Capacitor
  • Focusens MF52D 103f 3950 thermistor. Beta value 25/50 Celcius: 3950. R_25: I measured 9.61 k Ohms. The number 103 they document as:
    These descriptions are weird, but ChatGPT has the theory that the first two digits are actual values, and the last is multiplier, so which makes 10k.
    but I have no idea how that maps to 10 k Ohms.
  • PN2222 General Purpose Transistor
  • Passive buzzer
  • 3386p Bourns Precision Potentiometer - 1 103T: from 0 to 10k Ohms, measured with multimeter. According to the manual the "103" mean 10 k oms, which is consistent with our measurement. "P 103" is etched into the part.
  • LEDs:
    • White LED 10x
    • Kingbright RGB LEDs 10x red, green, yellow, blue:
      • maximum Continuous Forward Current: 30 mA for read and blue, 25 mA for green
      • 303025
      • under 20 mA
      20 mA appears to be the typical operation. So with the 2.0 V drop on 5 V power we want a resistor such that:
      (1)
      for the max 50 mA we would instead have 60 Ohms
Read the full article
Ciro Santilli's hardware / Motorola Moto G6 Play (2018) Updated 2025-07-16
View more
Circa 2020, a bowl fell on it from about 25 cm height and broke the screen. £159.99.
2023-10: unable to connect to Giffgaff. "Network unavailable". Same SIM works in other phones. So annoying. Update APN to match: www.giffgaff.com/help/articles/internet-apn-settings-guide. Went next to a tower and then got signal. So the receiver is much worse than the pixel one. Vibration appears to be broken.
Authy sync worked: 2023.
Read the full article
Group of Lie type Updated 2025-07-16
View more
In the classification of finite simple groups, groups of Lie type are a set of infinite families of simple lie groups. These are the other infinite families besides te cyclic groups and alternating groups.
A decent list at: en.wikipedia.org/wiki/List_of_finite_simple_groups, en.wikipedia.org/wiki/Group_of_Lie_type is just too unclear. The groups of Lie type can be subdivided into:
The first in this family discovered were a subset of the Chevalley groups by Galois: , so it might be a good first one to try and understand what it looks like.
TODO understand intuitively why they are called of Lie type. Their names , seem to correspond to the members of the classification of simple Lie groups which are also named like that.
But they are of course related to Lie groups, and as suggested at Video "Yang-Mills 1 by David Metzler (2011)" part 2, the continuity actually simplifies things.
Read the full article
Ciro Santilli's hardware / Prestige 7.5L Stainless Stell Pressure Cooker (2020) Updated 2025-07-16
View more
Primarily bought to make borlotti beans!!!
Read the full article
Ciro Santilli's hardware / Samsung MZVLB512HAJQ-000L7 512GB SSD Updated 2025-07-16
View more
PCIe TLC OPAL2.
sudo hdparm -Tt /dev/nvme0n1p5 on Ubuntu 20.04:
 Timing cached reads:   29812 MB in  1.99 seconds = 15007.00 MB/sec
 HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 Timing buffered disk reads: 6328 MB in  3.00 seconds = 2109.00 MB/sec
Nominal maximum sequential read speed: 3,000 MB/s
Read the full article
Ciro Santilli's hardware / Skullcandy Smokin' Buds 2 Updated 2025-07-16
View more
Skullcandy earphones, first one circa. 2016 most likely. Used them a lot, these are good.
2023-07: one of the sides broke near center, rebuying.
2021-07: wire half broke near connector, only works in some positions. The funny thing is: only voices seem to be blocked out! Rebuying.
2021-06: a small bottom piece of the left earpiece broke. Wire seems find, that is like a little extension to protect wire. Let's see for how long.
2020-20: wires at one of ears broke, not sure how.
Tech specs:
Connection Type: 3.5mm AUX Cable
Impedence: 32 ohms
Driver Diameter: 9mm
THD: <0.1% (1mW/500Hz) (0.0234)
Sound Pressure Level: 95 dB (1mW/500Hz)
Frequency Response: 20kHz - 20Hz
Headphone Type: In-Ear
Read the full article

Unlisted articles are being shown, click here to show only listed articles.