Tracking the RIAA Source
John Young
jya at pipeline.com
Thu Oct 11 13:11:40 PDT 2001
>From 14 users of Safeweb scattered around the US and
several overseas, the same range of IP addresses
were used. Which makes sense if all users logged into
the same Safeweb home page and from there logged
onto Cryptome. A few users logged in from their own
addresses just before or after using Safeweb for
comparison.
No triangulation with that method.
One thing my co-cpunk found by pinging Safeweb is that
the last couple of hops were in the NYC area:
13 lga1-ord2-oc48-2.lga1.above.net (208.185.156.158) 112.562 ms 111.984
ms 112.53 ms
14 core2-lga1-oc192.lga2.above.net (208.184.232.198) 114.423 ms 113.431
ms 112.688 ms
15 main1colo45-core2-oc48.lga2.above.net (216.200.127.174) 113.138 ms
113.855 ms 111.581 ms
16 208.184.48.189.safeweb.com (208.184.48.189) 113.78 ms 115.876 ms
113.534 ms
17 64.124.150.130.safeweb.com (64.124.150.130) 112.797 ms 112.937 ms
112.228 ms
This is on the assumption that "lga2" refers to "La Guardia,"
but that is not certain for the tag may have nothing to do with
physical location. However other above.net hops used airport
tags.
If you would like to ping Safeweb we would appreciate getting
the logs for comparison. Just be alert to this being a scam to snarf
your true identity, so leave off the first hop if you like, or just send in
the
last four or five hops leading up to Safeweb.
The IP addresses of 64.124.150.130 et seq. is what we are tracking, but
note the other Safeweb address in the ping log. So we would like to get any
fresh safeweb addresses in ping logs beyond this range and altogether
different domains:
64.124.150.130 - 64.124.150.144
Thanks.
More information about the cypherpunks-legacy
mailing list