Previously, mistakenly deleted at https://voat.co/v/pizzagate/1527919
I'm the current admin of the Pizzagate Wiki: http://pizzagate.wiki
I have evidence that an IP, 162.212.171.37, accessed our DynCorp page and proceeded to create the same spam attack situation which had brought down the Pizzagate Review but was unsuccessful this second time.
When I looked into our analytics the page itself was being accessed by Waltham, Massachusetts. As it turns out, that's the headquarters for Raytheon. "The Raytheon Company is a major U.S. defense contractor and industrial corporation with core manufacturing concentrations in weapons and military and commercial electronics" and additionally cyberdefense. They are deeply connected to DynCorp, and a quick search can prove that. "DynCorp is also interested in participating with Raytheon, as either a prime or a subcontractor" for instance (https://washingtontechnology.com/Articles/2012/06/11/Top-100-DynCorp.aspx))
A literal "Raytheon/Dyncorp" Facebook listing for a company of that name: https://www.facebook.com/pages/RaytheonDyncorp/309472955842252
I don't know how many have followed the story of the Wiki thus far, but this isn't the first time the website has been targeted. This time, however, we were prepared.
Keep up the good fight, fellow pizzagators,
RebelSkum
Update: FUCK DYNCORP http://pizzagate.wiki/DynCorp
Will publish analytics information tomorrow if necessary, but I also have the IP accessing the DynCorp page and subsequently becoming spam. Honestly, it's safe to say whoever started the attack attempted to do so from Waltham.
Update 2: Next attack came from 162.212.173.137 from the DynCorp page again.
So far, both IP addresses can be found listed at Wilmington, Delaware here:
https://www.iplocation.net/
Update 3: Next attack came from another address, 107.150.64.136, but still listed as Wilmington, DE. This time, I could find whois information saying this is at 1521 Concord Pike in Wilmington, Delaware
https://archive.is/ti5jD
Note: Every one of these attacks starts with a direct landing on the DynCorp page
Update 4 - User JrSlimss points out a recent update which appears to be the possible motive for the attack:
I think I know why I pissed them off. I think it related to my comment on Voat which had the Pizzagate.Wiki link. Repasted as follows:
" Fun fact: As many know, Claude D'Estree, who is murdered researcher Monica Petersen's colleague and is the most outspoken about her not investigating the Clinton Foundation, previously worked for DynCorp. However, D'Estree didn't just work for DynCorp - he was their direct link to the US Attorney's Office during DynCorp's biggest child trafficking scandal which took place in Bosnia in 1999. The US Attorney's Office that should have been prosecuting DynCorp, but never did. That whole incident was so big it literally got turned into a Hollywood movie called the Whistleblower with Rachel Weisz. (Link) "
Ok, so why that pissed them off. The thing we linked that it doesn't seem like anyone else really focused on? That DynCorp had its employees working within the US Attorney's Office as contractors at the time DynCorp should have been under investigation by the office for the 1999 Bosnia child/women trafficking scandal. After finding this (Link) and if my guess is correct, this should have been a major conflict of interest by the US Attorney's Office and the issue should have left the US Attorney's Offices' control and gone to the Office of the Inspector General - an independent party. It doesn't seem like that transfer ever happened. If correct, this is the sort of thing that deserves a congressional investigation.
Note: To those defending DynCorp as a "decent" company that "protects us", they have several scandals involving the rape and trafficking of minors. So many that we had to separate them by country. Get educated: http://pizzagate.wiki/DynCorp#DynCorp.27s_Child_Trafficking_Incidents_by_Country
Update 5: Moderator kevdude informed me the previous post was deleted by a mod, numbchuck, who was themselves deleted. Glad to be back! Must be getting warmer!
view the rest of the comments →
bolus ago
Still want to see how you tied this to waltham...I'm trying, but missing something. When you get a chance, can you share the evidence on archive.org, or sli.mg?
Archive of the /24 registry, for example, goes to Delaware. Hidden by cachenet:
http://archive.is/OIgtQ
And the arin registration for the ip of the last hop off a tracert to them shows "trans-media" and passes through an att-cable address :
104-160-16-2.cable.attcabletv.com
http://archive.is/kSwyC
Which isn't telling of anything in particular, but i wouldn't expect dyncorp to run out of an apparent consumer-grade connection.
Still looking, though, this is interesting stuff.
Ha!
And the geo location of the last hop before your attackers subnet is in Dublin.
Funny business.
RebelSkum ago
Waltham was what appeared in Google Analytics as the traffic source for that page during the initial attack, but is now listed as (not set): http://imgur.com/a/kCvbs
All "users" with avg time of 0 were attempts on the page. Tell me what you think of those locations.
bolus ago
dunno about those locations - i would instantly suspect a botnet (whether corporate "professional" or underground "hacker") and a coordinated ddos.
the link i posted is really relevant - http://archive.is/OIgtQ - it shows that the /24 block of your first IP addy listed (162.212.171.0/24) is associated with a company called CachedNet. it appears to be the kind of company which a professional botnet could hide behind. (i'll follow up with some info about them...need to dig to be sure...but spamhaus thinks it's leased out to spammers: http://archive.is/rzKYp not ruling out dyn, but definitely blurring the lines of ownership)
then, i ran a tracert to your 162.212.171.37, and it looked like this: https://i.sli.mg/ST4JEg.gif
i use a site called mxtoolbox. it's an amazing resource for ip based information.
see the second to last hop? 104.160.16.2 resolves as an att cable modem node. this indicates that the .37 address is somewhere in a consumer-grade network, not a real corporate network.
I know, I KNOW that based on the stories/reports/info posted about Dyn's history that they are involved in the pizzagate/pedocracy story...but my gut tells me that the spamming/ddos you're experiencing is made to look like Dyn, and not really from them. (now we're stuck in the princess bride conundrum. you can't trust the IP in front of me, and you clearly cannot trust the IP in front of Dyn...)
safe assumption: both bad.
hth, keep Dyn on the list, but they're not alone.
RebelSkum ago
You sir, might be able to help with this: https://docs.google.com/spreadsheets/d/1g8-VfzrdVemShGVS2QbCoShVgUABn2AYFC6TLVlf0Sk/edit?usp=sharing
Started digging into CachedNet LLC more too, and I did find that a Kristian Hokka has an address at [email protected]
Also found this interesting link regarding them being involved with an inaccessible VPN: https://www.privateinternetaccess.com/forum/discussion/18802/new-zealand-vpn-not-working . It was listed as "New Zealand" but was found to be the same folks from Wilmington, DE.
bolus ago
Oh, and this needs to be stressed. Do not launch any portscans or assault of any kind on any of the cachednet ip addresses.
1) each individual node is housed in compromised networks, you'll only really affect one or two people (innocent bystanders? ) at a time.
2) you know they're expecting it and will be logging inbound traffic. Malicious honey pots, potential legal issues for anyone involved.
Just like our older refutation of violence post, it should be published that we refuse to engage in any type of cyber warfare activity. Ddos spammers, we are not.
RebelSkum ago
mos def
Definitely not work poking the beast outside of legal means. Keep it white hat, folks.
DarkMath ago
I'm curious as well how you tied this attack to Waltham MA. That's real important. Did you take a screen shot when it first happened? Without that this Waltham evidence can't be trusted. Sorry.