(pizzagate)
submitted 8.2 years ago by [deleted]
view the rest of the comments →
bolus 8.2 years ago
Can you share the evidence?
Archive of the /24 registry, for example, goes to Delaware. Hidden by cachenet:
http://archive.is/OIgtQ
And the arin registration for the ip of the last hop off a tracert to them shows "trans-media" and passes through an att-cable address :
104-160-16-2.cable.attcabletv.com
http://archive.is/kSwyC
Which isn't telling of anything in particular, but i wouldn't expect dyncorp to run out of an apparent consumer-grade connection.
Still looking, though, this is interesting stuff.
Ha!
And the geo location of the last hop before your attackers subnet is in Dublin.
Funny business.
RebelSkum 8.2 years ago
Beginning to compile logs for each spam user. Notice how everyone one has the same pattern. It is a currently on an easily read spreadsheet found here: https://docs.google.com/spreadsheets/d/1g8-VfzrdVemShGVS2QbCoShVgUABn2AYFC6TLVlf0Sk/edit?usp=sharing
All these users are also registered using @mail.ru addresses
Working on it currently. Got logs and everything, but I don't want to publish any information on legitimate users so I have to edit them out. I believe we're up to 7 different IPs attempting shenanigans, though.
view the rest of the comments →
bolus ago
Can you share the evidence?
Archive of the /24 registry, for example, goes to Delaware. Hidden by cachenet:
http://archive.is/OIgtQ
And the arin registration for the ip of the last hop off a tracert to them shows "trans-media" and passes through an att-cable address :
104-160-16-2.cable.attcabletv.com
http://archive.is/kSwyC
Which isn't telling of anything in particular, but i wouldn't expect dyncorp to run out of an apparent consumer-grade connection.
Still looking, though, this is interesting stuff.
Ha!
And the geo location of the last hop before your attackers subnet is in Dublin.
Funny business.
RebelSkum ago
Beginning to compile logs for each spam user. Notice how everyone one has the same pattern. It is a currently on an easily read spreadsheet found here: https://docs.google.com/spreadsheets/d/1g8-VfzrdVemShGVS2QbCoShVgUABn2AYFC6TLVlf0Sk/edit?usp=sharing
All these users are also registered using @mail.ru addresses
RebelSkum ago
Working on it currently. Got logs and everything, but I don't want to publish any information on legitimate users so I have to edit them out. I believe we're up to 7 different IPs attempting shenanigans, though.