CIA 2010 covert communication websites Searching for Carson Updated 2025-07-16
Edit: Carson was found Oleg Shakirov's findingsby Oleg Shakirov:
alljohnny.com, communicated at: twitter.com/shakirov2036/status/1746729471778988499, earliest archive from 2004 (!): web.archive.org/web/20040113025122/http://alljohnny.com/, The domain was hidden in plain sight, it was present in a not very visible watermark visible in the Reuters article screenshot! The watermark was added to the CIA to the background image, it is actually present on the website. In retrospect, it was actually present at on the expired domain trackers dataset, but the mega discrete all second word made Ciro Santilli miss it: github.com/cirosantilli/expired-domain-names-by-day-2015/blob/9d504f3b85364a64f7db93311e70011344cff788/07/05/02#L1572
2004 Wayback Machine archive of alljohnny.com
. What follows is the previous
The fact that the Reuters article has a screenshot of it, and therefore a Wayback Machine link, plus the specificity of the website topic, will likely keep Ciro awake at night for a while until someone finds that domain.
Some text visible on the Reuters screenshot:It is unclear however if this text is plaintext or part of a an image.
Johnny Carson and The Tonight Show
Your Favorite Host and Comedic Genius
Submit Your Favorite Carson Moment
Heeere's Johnny!
Holy crap, the "Here's Johnny" line from The Shining (1980) is a reference to Johnny Carson: www.youtube.com/watch?v=WDpipB4yehk, www.youtube.com/watch?v=aYnyPAkgyvc, Ciro never knew that... but every American would have understood it at the time.
Some failed attempts, either dry guesses or from DNS grepping dataset searches:
- johnnycarson.com: official
- johnnycarson.net: fan site: web.archive.org/web/20010501225614/http://johnnycarson.net/
- johnnycarsontonight.com
- carson-johnny.com: legit
- johnnycarsonshow.com: web.archive.org/web/20110208005558/http://johnnycarsonshow.com/captcha/index.php?d=johnnycarsonshow.com your IP has been blocked
- tributetojohnnycarson.com: only one archive web.archive.org/web/20180805132430/http://tributetojohnnycarson.com/
- bestofjohnnycarson.com: web.archive.org/web/20130525035938/http://bestofjohnnycarson.com/ Lived past 2013.
- bestofjohnny.com/: web.archive.org/web/20130506011824/http://bestofjohnny.com/ empty
- johnnycarsonvideo.com: dead early 2000s web.archive.org/web/20130605152818/http://johnnycarsonvideo.com/
- johnnycarsontv.com: web.archive.org/web/20230000000000*/johnnycarsontv.com
- thejohnnycarsonshow.com: web.archive.org/web/20230000000000*/thejohnnycarsonshow.com
- carsonsbest.com: web.archive.org/web/20230000000000*/carsonsbest.com
- johnnycarsonfans.com: web.archive.org/web/20230000000000*/johnnycarsonfans.com
- web.archive.org/web/20230000000000*/carsonified.com
- night:
- amazing:
- johnnyamazing.com: broken archives: web.archive.org/web/*/http://johnnyamazing.com/*
- carson
- johnneycarson.com: no archives
- johnnycarson.co: no archives
- johnnycarsons.info
- johnnycarsons.com
- johnnycarson.org
- johnnycarsonsdesk.com
- johnny-carson-video.com
- johnnycarsondvd.org
- johnnycarsondvds.org
- johnnycarsondvd.net
- johnnycarsondvd.tv
- johnnycarsondvds.net
- johnnycarsondvds.tv
- johnnycarson.tv
- johnnyguitarcarson.com
- johnnycarsonmovie.com
- hookedonjohnnycarson.com
- johnnycarsonbook.com
- licensingjohnnycarson.com
- johnnnycarson.com
- johnnycarson360.com
- koalajohnnycarson.com
- johnny-carson.com
- johnnycarsonbirthplace.com
- johnnycarsonbirthplace.net
- johnny:
- heres:
- heresjohnnyfilm.com: web.archive.org/web/20131011115733/http://www.heresjohnnyfilm.com/ legit
- hereisjohnny.net: no archives
- heresjohnnyradioshow.com: web.archive.org/web/20130509042107/http://heresjohnnyradioshow.com/, Legit most likely: web.archive.org/web/20140517103512/http://heresjohnnyradioshow.com/
- wherejohnnylives.net: broken archives
- heresjohnny.com: squat web.archive.org/web/20130607145841/http://heresjohnny.com/ Many other TlD like .net, .co.uk
- heeeeresjohnny.com: web.archive.org/web/20130612211448/http://heeeeresjohnny.com/: legit
- night:
- johnnylatenight.com: web.archive.org/web/20150801132622/http://johnnylatenight.com/ Legit broken
- web.archive.org/web/20110208161513/http://www.johnnysnight.com/
- heres:
- johnnycarson.org: squatted past 2013, nothing before
- carsonshow.com: squat: web.archive.org/web/20110224211714/http://carsonshow.com/
- tonightshow247.net: web.archive.org/web/20101226190209/http://tonightshow247.net/: squat
- tonightshow.tv: web.archive.org/web/20141221222442/http://www.tonightshow.tv/: legit
Searching the Wayback Machine proved fruitless. There is no full text search: Wayback Machine full text search, and a heuristic web.archive.org/web/20230000000000*/Johnny%20Carson search has relevant hits but not the one we want.
Another attempt was to search for "carson" on webmasterhome.cn which lists expired domains in bulk by expiration day, and it search engine friendly. It contains most of the domains we've found so far. Google either doesn't support partial word search or requires you to be a God to find it
so we settle for DuckDuckGo which supports it: duckduckgo.com/?q=site%3Awebmasterhome.cn+%22carson%22&t=h_&ia=web Adding years also helps: duckduckgo.com/?q=site%3Awebmasterhome.cn+%22carson%22+2011&ia=web with this we might be getting all possible results. Ciro went through all in 2011, 2012 and 2013 but no luck. Also fuck en.wikipedia.org/wiki/Carson_City,_Nevada and en.wikipedia.org/wiki/Carson,_California :-)
Let's search tools.whoisxmlapi.com/reverse-whois-search for "carson" contained in any historic domain name. 10,001 lines. Grepping those, no good Wayback machine hits for those that also contain "johnny" or "show". Data at: raw.githubusercontent.com/cirosantilli/media/master/cia-2010-covert-communication-websites/tools.whoisxmlapi.com_reverse-whois-search_carson.csv in case anyone want to try and dig...
CIA 2010 covert communication websites secure subdomain search on 2013 DNS Census Updated 2025-07-16
Grepping the 2013 DNS Census first by overused CGI comms subdomains
secure. and ssl. leaves 200k lines. Grepping for the overused "news" led to hits:- secure.worldnewsandent.com,2012-02-13T21:28:15,208.254.40.117
- ssl.beyondnetworknews.com,2012-02-13T20:10:13,66.104.175.40
Also tried but failed:
sports:- secure.motorsportdealers.com,2012-04-10T20:19:09,64.73.117.38 web.archive.org/web/20110501000000*/motorsportdealers.com
OK, after the initial successes in New results: only one...
secure., we went a bit more data intensive:- took all
secure.*ssl.*URLs in the 2013 DNS Census, 70k entries - cleaned up a bit, e.g. only
.comor.net. this left only, 30k entries only - lopped over all of them in archive CDX: Wayback Machine CDX scanning, searching for those that also end in
.cgiweb.archive.org/cdx/search/cdx?url=$domain&matchType=domain&filter=urlkey:.*.cgi&to=20140101000000. Took an afternoon, but no rate limit block. - this leaves about 1000, so we loop over all of them manually on web archive with a script, and opened any that had the pattern of very vew hits between 2010 and 2013 only, and on those check for visual/thematic style match. Careful not to make more than 15 requests per minute or else 5 min blacklist!
- 208.254.42.205 secure.driversinternationalgolf.com,2012-02-13T10:42:20,
After 2013 DNS Census virtual host cleanup heuristic keyword searches we later understood why there were so few hits here: the 2013 DNS Census didn't capture the
secure. subdomains of many domains it had for some reason. Shame, because if it had, this method would have yielded many more results. CIA 2010 covert communication websites securitytrails.com Updated 2025-07-16
They appear to piece together data from various sources. This is the most complete historical domain -> IP database we have so far. They don't have hugely more data than viewdns.info, but many times do offer something new. It feels like the key difference is that their data goes further back in the critical time period a bit.
TODO do they have historical reverse IP? The fact that they don't seem to have it suggests that they are just making historical reverse IP requests to a third party via some API?
E.g. searching
thefilmcentre.com under historical data at securitytrails.com/domain/thefilmcentre.com/history/al gives the correct IP 62.22.60.55.Account creation blacklists common email providers such as gmail to force users to use a "corporate" email address. But using random domains like
ciro@cirosantilli.com works fine.Their data seems to date back to 2008 for our searches.
CIA 2010 covert communication websites Wayback Machine crawl date search Updated 2025-07-16
CIA 2010 covert communication websites SSL certificate Updated 2025-07-16
The CGI comms websites contain the only occurrence of HTTPS, so it might open up the door for a certificate fingerprint as proposed by user joelcollinsdc at: news.ycombinator.com/item?id=36280801!
crt.sh appears to be a good way to look into this:They all appear to use either of:
- backstage.musical-fortune.net:
- clients.smart-travel-consultant.com
- members.it-proonline.com
- members.metanewsdaily.com
- miembros.todosperuahora.com
- secure.altworldnews.com
- secure.driversinternationalgolf.com
- secure.freshtechonline.com
- secure.globalnewsbulletin.com
- secure.negativeaperture.com
- secure.riskandrewardnews.com
- secure.theworld-news.net
- secure.topbillingsite.com
- secure.worldnewsandent.com
- ssl.beyondnetworknews.com
- ssl.newtechfrontier.com
- www.businessexchangetoday.com
- heal.conquermstoday.com
- Go Daddy
- Thawte DV SSL CA
- Starfield Technologies, Inc.
crt.sh/?q=globalnewsbulletin.com has a hit to: crt.sh/?id=774803. With login we can see: search.censys.io/certificates/5078bce356a8f8590205ae45350b27f58f4ac04478ed47a389a55b539065cee8. Issued by www.thawte.com/repository/index.html. No hits for certificates with same public key: search.censys.io/search?resource=certificates&q=parsed.subject_key_info.fingerprint_sha256%3A+714b4a3e8b2f555d230a92c943ced4f34b709b39ed590a6a230e520c273705af or any other "same" queries though.
Let's try another one for secure.altworldnews.com: search.censys.io/certificates/e88f8db87414401fd00728db39a7698d874dbe1ae9d88b01c675105fabf69b94. Nope, no direct mega hits here either.
CIA 2010 covert communication websites tb0hdan/domains Updated 2025-07-16
Domain list only, no IPs and no dates. We haven't been able to extract anything of interest from this source so far.
Domain hit count when we were at 69 hits: only 9, some of which had been since reused. Likely their data collection did not cover the dates of interest.
CIA 2010 covert communication websites The Reuters websites Updated 2025-07-16
But by looking at the URLs of the screenshots they provided from other websites we can easily uncover all others that had screenshots, except for the Johnny Carson one, which is just generically named. E.g. the image for the Chinese one is www.reuters.com/investigates/special-report/assets/usa-spies-iran/screencap-activegaminginfo.com.jpg?v=192516290922 which leads us to domain activegaminginfo.com.
Oleg Shakirov later discovered that the Carson one had its domain written right on the screenshot, as part of a watermark present on the original website itself. Therefore the URLs of all the websites were in one way or another essentially given on the article.
The full list of domains from screenshots is:
- 2011 archive: web.archive.org/web/20110208113503/http://activegaminginfo.com/. Contains mentions of 2010.
- As of 2023, it seemed to be an actual legit photography website by German (amateur?) photographer Klaus Wägele. Archive: web.archive.org/web/20230323102504/https://www.capture-nature.com/Ciro Santilli actually sent him a message to let him know about the CIA thing in case he didn't, and he replied that he wasn't aware of it.
- 2011 archive: web.archive.org/web/20110201164741/https://www.headlines2day.com/. Dated "Copyright 2009".
fitness-dawg.com: English fitness website.2021 archive: web.archive.org/web/20110207104044/http://fitness-dawg.com/.rastadirect.net: English Rastafari culture website.- 2011 archive: web.archive.org/web/20110203021315/http://fightwithoutrules.com/. Contains mentions of 2009 news.
- 2004 archive: web.archive.org/web/20040113025122/http://alljohnny.com/.
CIA 2010 covert communication websites USA spying on its own allies Updated 2025-08-08
Being Brazilian, Ciro Santilli was particularly curious about the existence of a Brazil-focused mentioned in the Reuters article, as well as in other democracies.
WTF the CIA was doing in Brazil in the early 2010s! Wasn't helping to install the Military dictatorship in Brazil enough!
Here are the websites likely targeting democracies based on their language and content found so far, defining a democracy as a country with score 7.0 or more in the Democracy index 2010:In English, so more deniable:"Almost democracies":Ciro couldn't help but feel as if looking through the Eyes of Sauron himself!
- France (6: affairesdumonde.com, guide-daventure.com, lesummumdelafinance.com, football-de-luxe.com, romulusactualites.com, suparakuvi.com)
- Germany(2: dedrickonline.com, neighbour-news.com)
- Italy (2: attivitaestremi.com, garanziadellasicurezza.com, podisticamondiale.com)
- Spain (3: armashoy.com, montanismoaventura.com, ordenpolicial.com)
- Brazil (2: noticiasmusica.net, vejaaeuropa.com)
- South Korea (1: economicnewsbuzz.com)
- Poland (1: boxingstop.net)
- Japan (1: snapnewsfront.net)
- Canada (2: kanata-news.com, mynewscheck.com)
- Philippines (1: half-court.net)
- India (1: amishkanews.com)
- Croatia (2: european-footballer.com, stara-turistick.com)
- Thailand (1: thefairwaysaregreen.com)
- Peru (1: todosperuahora.com)
It is worth noting that democracies represent just a small minority of the websites found. The Middle East, and Spanish language sites (presumably for Venezuela + war on drugs countries?) were the huge majority. But Americans have to understand that democracies have to work together and build mutual trust, and not spy on one another. Even some of the enlightened people from Hacker News seem to not grasp this point. The USA cannot single handedly maintain world order as it once could. Collaboration based on trust is the only way.
Snowden's 2013 revelations particularly shocked USA "allies" with the fact that they were being spied upon, and as of the 2020's, everybody knows this and has "stopped caring", and or moved to end-to-end encryption by default. This is beautifully illustrated in the 2016 film "Snowden" when Snowden talks about his time in Japan working for Dell as an undercover NSA operative:
NSA wanted to impress the Japanese. Show them our reach. They loved the live video from drones. This is Pakistan right now [video shows American agents demonstrating drone footage to Japanese officials]. They were not as excited about that we wanted their help to spy on the Japanese population. They said it was against their laws.And we did not stop there. Once we owned their communications systems, we started going after the physical infrastructure.We'd slip these little sleeper programs into power grids, dams, hospitals. The idea was that if the day came when Japan was no longer an ally, it would be "lights out".But Austria?!
But Austria?! scene from Snowden (2016)
. Source. Another noteworthy scene from that movie is Video 2. "Aptitude test on communication networks scene from the 2016 Snowden film", where a bunch of new CIA recruits are told that:thus somewhat mirroring what actually happened with these real world websites.
Each of you is going to build a covert communications network in your home city [i.e. their fictitious foreign target location written on each person's desk such as Berlin, Istanbul and Bangkok, not necessarily where they were actually born], you're going to deploy it, backup your site, destroy it, and restore it again.
CIA 2010 covert communication websites viewdns.info Updated 2025-07-16
Their historic DNS and reverse DNS info was very valuable, and served as Ciro's the initial entry point to finding hits in the IP ranges given by Reuters.
Generic information about the website not specific on this project will be stored at: Section "viewdns.info".
Since this source is so scarce and valuable, we have been quite careful to note down all the domain and IP ranges that have been explored.
At news.ycombinator.com/item?id=38496244, the creator of the viewdns.info, "Hughesey", also stated that he'd able to give some free credits for public research projects such as this one. This would have saved up going to quite a few Cafes to get those sweet extra IPs! But it was more fun in hardmode, no doubt.
We do API access to IP ranges with this simple helper: ../cia-2010-covert-communication-websites/viewdns-info.sh, usage:e.g.:
./viewdns-info.sh <apikey> <start-ipv-address> <end-ipv-address>./viewdns-info.sh 8b890b00b17ed2d66bbed878d51200b58d43d014 66.45.179.187 66.45.179.210For domain to IP queries from the API you should use "iphistory" viewdns.info/api/docs/ip-history.php:
curl 'https://api.viewdns.info/iphistory/?domain=todaysengineering.com&apikey=$APIKEY&output=json'Just beware of the viewdns.info reverse IP bug, that really sucks and led to us missing a ton of domains.
CIA 2010 covert communication websites Wayback Machine Updated 2025-07-16
D'oh.
But to be serious. The Wayback Machine contains a very large proportion of all sites. It does happen sometime that a Wayback Machine archive is missing or broken and cqcounter has the screenshot. But the Wayback Machine is still the most complete database we have found so far. Some archives are very broken. But those are rare.
The only problem with the Wayback Machine is that there is no known efficient way to query its archives across domains. You have to have a domain in hand for CDX queries: Wayback Machine CDX scanning.
The Common Crawl project attempts in part to address this lack of querriability, but we haven't managed to extract any hits from it.
CDX + 2013 DNS Census + heuristics however has been fruitful however.
We have dumped all Wayback Machine archives of known websites to: github.com/cirosantilli/cia-2010-websites-dump using ../cia-2010-covert-communication-websites/download-websites.sh. This allows for better grepping and serves as a backup in case they ever go down.
Classical Indian musical instrument Updated 2025-07-16
CIFAR-10 Updated 2025-07-16
Circuit-based quantum computer Updated 2025-07-16
Circuit board Updated 2025-07-16
Circulatory system Updated 2025-07-16
Cirocoin Updated 2025-07-16
Cirocoins can only be issued by Ciro Santilli.
Cirocoins are strictly nominal, and cannot be traded by recipients with anyone but Ciro, i.e. they are extremely illiquid.
Cirocoins can be removed from recipients at any point if they commit non-Cirist acts.
It is not possible to give a precise number to how many Cirocoins anyone owns. This is decided on a transaction by transaction basis. Ciro can therefore only inform you if your Cirocoin balance increased or decreased, but any attached number has no value, and thus are equivalent to expressions of type "you gained/lost a Cirocoin".
Ciro Duran Santilli Updated 2025-07-16
Ciro Santilli's full birth name is "Ciro Duran Santilli", with mother's last name "Duran" in the middle as per Brazilian tradition.
But Ciro's usage of "Duran" got gradually dropped to "Ciro Santilli", Ciro's official Italian name, as Ciro moved more and more definitively to Europe.
It can still however be seen in certain online places where Ciro didn't have the patience or power to change it e.g. some old École Polytechnique stuff: gitlab.binets.fr/ciro.duran-santilli/china-dictatorship
Ciro Santilli Updated 2025-07-16
Quick facts:
- Nationalities: Italian and Brazilian
- Grew up in: Brazil
- Relationship status 2017-: married
- Given name pronunciation: take your pick from Ciro Santilli's given name
- Chinese name: 三西猴, means "three western monkeys". Phonetic approximation to SANtilli CIRO. More info at: Ciro Santilli's Chinese name. Semi-unintentionally reminds Chinese people of Sun Wukong (孙悟空). This association is further slightly strengthened by the phonetic choice of 三 San, which Ciro later noticed matches the middle character of Tang Sanzang (唐三藏), the monk in Journey to the West. The given name 西猴 was given by Ciro Santilli's wife, then recent girlfriend, as a semi-joke, and he took it up because the best way to take a joke is to play along with the joker. 三 was chosen by Ciro himself.
- laptop: high end Lenovo ThinkPad
- distro: latest Ubuntu release
- Vim or Emacs: vi/vim. But for The Love, will someone please make an open source C++ integrated development environment that actually just works?
- tabs or spaces: spaces
- Mailing list or Git(Hub|Lab): Git(Hub|Lab), with passion, see Section "Mailing list"
- system or unit tests: system
- programming languages: Python and C++. He'll learn Rust and Haskell once he's rich. As of the 2020s, Rust was picking up some serious steam, so Ciro might end up eating his own words there.
- musical instruments to listen: Chinese Guqin and electric Jazz-fusion guitar
- metric or imperial: metric, for The Love. Science? Standardization? 21st century anyone?
- QWERTY or Dvorak: QWERTY, alas
- birth name: Ciro Duran Santilli
Other people with the same name are listed at Section "Ciro Santilli's homonyms".
Sun Wukong (孙悟空) is a playful and obscenely powerful monkey Journey to the West. He protects Buddhist monk Tang Sanzang, and likes eating fruit, just like Ciro. Oh, and Goku from Dragon Ball is based on him. His japanese name is "Sun Wukong" (same Chinese characters with different Japanese pronunciation) for the love. His given name "Wukong" means literally "the one who mastered the void", which is clearly a Dharma name and fucking awesome in multiple ways. This is another sad instance of a Chinese thing better known in the West as Japanese.
It is worth noting however that although Wukong is extremely charming, Ciro's favorite novel of the Four Great Classic Novels is Water Margin. Journey to the West is just a monster of the week for kids, but Water Margin is a fight for justice saga. Sorry Wukong!
The photo was taken in an open event organized by the awesome Cambridge Synthetic Biology outreach group, more or less the same people who organize: www.meetup.com/Cambridge-Synthetic-Biology-Meetup/ and who helped organize Section "How to use an Oxford Nanopore MinION to extract DNA from river water and determine which bacteria live in it".
Taking part in such activities is what Ciro tries to do to overcome his lifelong regret of not having done more experimental stuff at university. Would he have had the patience to handle all the bullshit of the physical word without going back to the informational sciences? Maybe, maybe not. But now he will probably never know?!
Notice the orange high visibility cycling jersey under the lab coat, from someone who had just ridden in from work as fast as possible as part of his "lunch break". It is more fun when it is hard.
Ciro Santilli fantasizes that he would have make a good scribe in the middle ages, partly due to his self diagnosed graphomania, but also appreciation for foreign languages, and his mild obsession with the natural sciences.
OurBigBook.com is Ciro's view of a modern day scriptorium, except that now the illuminations are YouTube videos.
Chill and eat your bread in peace comes to mind. A scribe, in a library, reading and writing the entire day in peace and quiet. The life!
The job of a Internet-age scribe is basically that of making knowledge more open, legally extracting it from closed copyrighted sources, and explaining your understanding of it to the wider world under Creative Commons licenses on the web. And in the process of greater openness, given a well organized system, we are able combine the knowledge of many different people, and thus make things more understandable than any single/few creator closed source source could ever achieve.
Ciro Santilli waving hello in infrared.
More info at: Figure "Ciro Santilli waving hello in infrared". Ciro Santilli Big Five Personality traits Updated 2025-07-16
This is how Ciro Santilli evaluates himself on the Big Five personality traits:
- Openness to experience; very high, see: Ciro Santilli's self perceived creative personality
- Conscientiousness: low, Ciro is driven very strongly by internal passion rather than external expectations
- Extraversion: high online, e.g. Ciro Santilli's campaign for freedom of speech in China, but much lower in the real world, no patience for something he's not Googled for in the last 5 seconds
- Agreeableness: high, see e.g. Ciro Santilli's self perceived compassionate personality. But Ciro has built some tolerance disagreement online for it online during Ciro Santilli's campaign for freedom of speech in China, you've got to fight for what is right.
- Neuroticism: medium high, Ciro does have some anxiety. It does help get things done sometimes, but it also sometimes gets in the way.
cirosantilli.com Updated 2025-07-16
However it won't remain like that for long, because it will be migrated to OurBigBook.com, and therefore become a brain dump of society itself.
There are unlisted articles, also show them or only show them.