[joelcollinsdc]

Curious if the https certs for these sites have some common characteristics that could indicate what sites are related as well.

[cirosantilli]

I have found that one of the communication mechanisms used does use HTTPS on subdomains, typically secure.*, as explained at: https://cirosantilli.com/cia-2010-covert-communication-websi... E.g.: https://secure.globalnewsbulletin.com However my quick and naive searches on https://search.censys.io/ for other certificates with the same public key failed.

[cirosantilli]

If anyone has any more precise information on this, do let me know. I do suspect there's some kind of "protocol legel" fingerprint, as I can't find anything in the content that would be searchable so far.