Pizzagate Wiki being hacked from our DynCorp page by an IP in Waltham, MA, home of Raytheon/DynCorp - Round 2 (pizzagate)

submitted ago by RebelSkum

Previously, mistakenly deleted at https://voat.co/v/pizzagate/1527919

I'm the current admin of the Pizzagate Wiki: http://pizzagate.wiki

I have evidence that an IP, 162.212.171.37, accessed our DynCorp page and proceeded to create the same spam attack situation which had brought down the Pizzagate Review but was unsuccessful this second time.

When I looked into our analytics the page itself was being accessed by Waltham, Massachusetts. As it turns out, that's the headquarters for Raytheon. "The Raytheon Company is a major U.S. defense contractor and industrial corporation with core manufacturing concentrations in weapons and military and commercial electronics" and additionally cyberdefense. They are deeply connected to DynCorp, and a quick search can prove that. "DynCorp is also interested in participating with Raytheon, as either a prime or a subcontractor" for instance (https://washingtontechnology.com/Articles/2012/06/11/Top-100-DynCorp.aspx))

A literal "Raytheon/Dyncorp" Facebook listing for a company of that name: https://www.facebook.com/pages/RaytheonDyncorp/309472955842252

I don't know how many have followed the story of the Wiki thus far, but this isn't the first time the website has been targeted. This time, however, we were prepared.

Keep up the good fight, fellow pizzagators,

RebelSkum

Update: FUCK DYNCORP http://pizzagate.wiki/DynCorp

Will publish analytics information tomorrow if necessary, but I also have the IP accessing the DynCorp page and subsequently becoming spam. Honestly, it's safe to say whoever started the attack attempted to do so from Waltham.

Update 2: Next attack came from 162.212.173.137 from the DynCorp page again.

So far, both IP addresses can be found listed at Wilmington, Delaware here:

https://www.iplocation.net/

Update 3: Next attack came from another address, 107.150.64.136, but still listed as Wilmington, DE. This time, I could find whois information saying this is at 1521 Concord Pike in Wilmington, Delaware

https://archive.is/ti5jD

Note: Every one of these attacks starts with a direct landing on the DynCorp page

Update 4 - User JrSlimss points out a recent update which appears to be the possible motive for the attack:

I think I know why I pissed them off. I think it related to my comment on Voat which had the Pizzagate.Wiki link. Repasted as follows:

" Fun fact: As many know, Claude D'Estree, who is murdered researcher Monica Petersen's colleague and is the most outspoken about her not investigating the Clinton Foundation, previously worked for DynCorp. However, D'Estree didn't just work for DynCorp - he was their direct link to the US Attorney's Office during DynCorp's biggest child trafficking scandal which took place in Bosnia in 1999. The US Attorney's Office that should have been prosecuting DynCorp, but never did. That whole incident was so big it literally got turned into a Hollywood movie called the Whistleblower with Rachel Weisz. (Link) "

Ok, so why that pissed them off. The thing we linked that it doesn't seem like anyone else really focused on? That DynCorp had its employees working within the US Attorney's Office as contractors at the time DynCorp should have been under investigation by the office for the 1999 Bosnia child/women trafficking scandal. After finding this (Link) and if my guess is correct, this should have been a major conflict of interest by the US Attorney's Office and the issue should have left the US Attorney's Offices' control and gone to the Office of the Inspector General - an independent party. It doesn't seem like that transfer ever happened. If correct, this is the sort of thing that deserves a congressional investigation.

Note: To those defending DynCorp as a "decent" company that "protects us", they have several scandals involving the rape and trafficking of minors. So many that we had to separate them by country. Get educated: http://pizzagate.wiki/DynCorp#DynCorp.27s_Child_Trafficking_Incidents_by_Country

Update 5: Moderator kevdude informed me the previous post was deleted by a mod, numbchuck, who was themselves deleted. Glad to be back! Must be getting warmer!

You are viewing a single comment's thread.

view the rest of the comments →

bolus ago

Still want to see how you tied this to waltham...I'm trying, but missing something. When you get a chance, can you share the evidence on archive.org, or sli.mg?

Archive of the /24 registry, for example, goes to Delaware. Hidden by cachenet:

http://archive.is/OIgtQ

And the arin registration for the ip of the last hop off a tracert to them shows "trans-media" and passes through an att-cable address :

104-160-16-2.cable.attcabletv.com

http://archive.is/kSwyC

Which isn't telling of anything in particular, but i wouldn't expect dyncorp to run out of an apparent consumer-grade connection.

Still looking, though, this is interesting stuff.

Ha!

And the geo location of the last hop before your attackers subnet is in Dublin.

Funny business.

RebelSkum ago

Waltham was what appeared in Google Analytics as the traffic source for that page during the initial attack, but is now listed as (not set): http://imgur.com/a/kCvbs

All "users" with avg time of 0 were attempts on the page. Tell me what you think of those locations.

bolus ago

dunno about those locations - i would instantly suspect a botnet (whether corporate "professional" or underground "hacker") and a coordinated ddos.

the link i posted is really relevant - http://archive.is/OIgtQ - it shows that the /24 block of your first IP addy listed (162.212.171.0/24) is associated with a company called CachedNet. it appears to be the kind of company which a professional botnet could hide behind. (i'll follow up with some info about them...need to dig to be sure...but spamhaus thinks it's leased out to spammers: http://archive.is/rzKYp not ruling out dyn, but definitely blurring the lines of ownership)

then, i ran a tracert to your 162.212.171.37, and it looked like this: https://i.sli.mg/ST4JEg.gif

i use a site called mxtoolbox. it's an amazing resource for ip based information.

see the second to last hop? 104.160.16.2 resolves as an att cable modem node. this indicates that the .37 address is somewhere in a consumer-grade network, not a real corporate network.

I know, I KNOW that based on the stories/reports/info posted about Dyn's history that they are involved in the pizzagate/pedocracy story...but my gut tells me that the spamming/ddos you're experiencing is made to look like Dyn, and not really from them. (now we're stuck in the princess bride conundrum. you can't trust the IP in front of me, and you clearly cannot trust the IP in front of Dyn...)

safe assumption: both bad.

hth, keep Dyn on the list, but they're not alone.

RebelSkum ago

You sir, might be able to help with this: https://docs.google.com/spreadsheets/d/1g8-VfzrdVemShGVS2QbCoShVgUABn2AYFC6TLVlf0Sk/edit?usp=sharing

Started digging into CachedNet LLC more too, and I did find that a Kristian Hokka has an address at [email protected]

Also found this interesting link regarding them being involved with an inaccessible VPN: https://www.privateinternetaccess.com/forum/discussion/18802/new-zealand-vpn-not-working . It was listed as "New Zealand" but was found to be the same folks from Wilmington, DE.

bolus ago

Oh, and this needs to be stressed. Do not launch any portscans or assault of any kind on any of the cachednet ip addresses.

1) each individual node is housed in compromised networks, you'll only really affect one or two people (innocent bystanders? ) at a time.

2) you know they're expecting it and will be logging inbound traffic. Malicious honey pots, potential legal issues for anyone involved.

Just like our older refutation of violence post, it should be published that we refuse to engage in any type of cyber warfare activity. Ddos spammers, we are not.

RebelSkum ago

mos def

Definitely not work poking the beast outside of legal means. Keep it white hat, folks.

DarkMath ago

I'm curious as well how you tied this attack to Waltham MA. That's real important. Did you take a screen shot when it first happened? Without that this Waltham evidence can't be trusted. Sorry.

bolus ago

well, it's showing delaware because that's where the LLC is located. if you trace out all of the nodes, they're global. (which is why they're seeing the same thing in NZ) i found hokka too, he's in finland or denmark, or one of those stupid nordic states, relatively untouchable. i'm sure they use a dynamic dns registration...it's 101% likely that the .37 address you see hitting you is an infected computer/dvr/modem/router just hanging out in some unsuspectiong doofus' home, and they can't understand why their internet is going so slow tonight.

i'd love to help with your spreadsheet, but i'm not sure i trust you and google docs from unknown sources are a great way to spread malware. (hope you understand)

can you give me a screenshot of what you're looking at through some other means? static document, or maybe even just describe what you've got on your hands? (msg me if you are worried about doxxing, or black out the really sensitive bits)