Ciro Santilli
OurBigBook.comThis section is about possible real-world information leaks found in the HTML of the pages. Domain DNS metadata may of course expose more, and is more likely to do so, this section is only about in-page findings, notably in the HTML.
We haven found much so far, but the ones we have are curious.
The HTML rather than a more natural title like "Web of cheer" as is the case for the other website. This feels like a forgotten placeholder for an internal page identifier, e.g. "page 1C" sounds plausible. At Section "HTML title element" we riefly inspected the
<title> of webofcheer.com is cryptically set as:pg1c<title> of every other hit with a wayback machine archive, and unfortunately none other seemed to have any such interesting title.The 2010 archive of europeantravelcafe.com has a "plan your trip" link links to a different domain: secure-cert.net/~etc/transport.html. This appears to have been a link to the system used by CIA operators to manage the website. Furthermore, the link then was later removed from the 2011 version, so it was almost certainly a leak! "secure-cert.net" is obscure, the only other surviving online mention of it is www.leewillis.co.uk/wordpress-plugins/#comment-6513 to
secure-cert.net/~sayitint/products-page/bags-totes/duffel-bag/ We've grepped all the HTML downloaded as HTML analysis but no other links to it were found.
secure-cert.net/~sayitint/products-page/bags-totes/duffel-bag/ We've grepped all the HTML downloaded as HTML analysis but no other links to it were found.
2010 Wayback Machine archive of www.europeantravelcafe.com with "plan your trip" highlighted by us
. Source. Starting December 2004 the "Submit your favorid carlson quote" was mind blowingly switched to point to https://washington.serversecured.net/~alljohnn/cgi-bin/memlog.cgi thus likely leaking the control site URL. Beauty. It previously pointed to the more sensible: web.archive.org/web/20040901162621/https://secure.alljohnny.com/cgi-bin/memlog.cgi
A similar thing happened to alljohnny.com
A few separate websites have an archive with the same It is unclear what it means. All of them contain something like:so looks like an archival artifact only.
pid parameter:fightwithoutrules.com/20131220205811/?pid=2POQ7BC1G/index.html
half-court.net/20131223165013/?pid=2POQ7BC1G/index.html
health-men-today.com/20131223002237/?pid=2POQ7BC1G/index.html
intlnewsdaily.com/20131221121441/?pid=2POQ7BC1G/index.html
intoworldnews.com/20131217193621/?pid=2POQ7BC1G/index.html<html>
<head>
<meta name="robots" content="noarchive" />
<meta name="googlebot" content="nosnippet" />
</head>
<body>
<div align=center>
<h3>Error. Page cannot be displayed. Please contact your service provider for more details. (11)</h3>
</div>
</body>
</html>The following two websites have a
feeds.php system for their RSS:./mydailynewsreport.com/20110211111053/myrss/feeds.php?src=http:/www.refahemelli.com/pashto/news/rss.php&chan=y&desc=1&targ=y&utf=y
./magneticfieldnews.com/20110208063545/magneticfeeds/feeds.php?src=http:/www.bbc.co.uk/pashto/index.xml&chan=y&desc=1&targ=y&utf=y