Postmortem Site compromised 10-Sep-2019

  • 🇵🇦 Nuestro primer dominio localizado está en español en kiwifarms.pa. Our first localized domain is on Spanish on kiwifarms.pa.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
Estado
No está abierto para más respuestas.
Wow, that's an awful lot of posts from people implicated with the same IP all at once, at the same timezone. I'm gonna have to put my thinking cap on for this one. How do we solve this mystery?
 
Wow, that's an awful lot of posts from people implicated with the same IP all at once, at the same timezone. I'm gonna have to put my thinking cap on for this one. How do we solve this mystery?

Why would I have multiple accounts on this site and one of them would use a username that leads to my real identity and Why would I use a throw away email address, but use a username I used elsewhere?

:story:
 
That's a PIA server, rétard.
Código:
dig +short https-us-newyorkcity.privateinternetaccess.com
107.182.230.240

It only means both null and some random dude used the same VPN service with their location set to NY. You can take any PIA gw and there's a good chance of finding hits.

FWIW here was my thinking, I'm sure @Philosophy Phil can back me up on this based on what I've shown him.

Null has used multiple IP addresses. Only one of those IP addresses was used by multiple accounts. My assumption is that whoever hacked null, didn't think to remove the IP address they used during the hack.

That IP address was used by multiple accounts. I narrowed that list down, and told this dude. I told him to keep me updated and we'll look into it together.

He went rambo and posted a whole bunch of shit based on a whim, despite my cautioning him not to.

Still a perfectly valid lead, even if Shanghaiguy isn't the dude (he wasn't on the list I sent).

Hint: look up other IPs used by the same shared IP null used.
 
Didn't even need IP addresses/whatever nerd bullshit to debunk this tho. You could just look at their profiles and tell they're not the same people, none of them.

And sorry if this is too bitchy but when someone's first reaction to a picture of a human is "does this look AI generated to you??"... they have crippling autism and you should proceed with caution.
 
FWIW here was my thinking, I'm sure @Philosophy Phil can back me up on this based on what I've shown him.

Nope not dealing with this babby's first dox+breadcrumb bullshit.
Good luck to @Null in finding your guy.
jJmiG2h.gif
 
This is reminding me of the zoosadists doxing a year ago when people were doxing in the plain open and not in a PM chat. This is embarrassing.
 
FWIW here was my thinking, I'm sure @Philosophy Phil can back me up on this based on what I've shown him.

Null has used multiple IP addresses. Only one of those IP addresses was used by multiple accounts. My assumption is that whoever hacked null, didn't think to remove the IP address they used during the hack.

That IP address was used by multiple accounts. I narrowed that list down, and told this dude. I told him to keep me updated and we'll look into it together.

He went rambo and posted a whole bunch of shit based on a whim, despite my cautioning him not to.

Still a perfectly valid lead, even if Shanghaiguy isn't the dude (he wasn't on the list I sent).

Hint: look up other IPs used by the same shared IP null used.
Right, and the shared IP is a PIA address, which Null is known to use. Had he chosen to go through the Vancouver PIA server (ca-vancouver.privateinternetaccess.com -> 107.181.189.x), @OhTheBliss would be trying to dox a different set of innocent users.

It's a legitimate address used by Null and of no significance.
 
Right, and the shared IP is a PIA address, which Null is known to use. Had he chosen to go through the Vancouver PIA server (ca-vancouver.privateinternetaccess.com -> 107.181.189.x), @OhTheBliss would be trying to dox a different set of innocent users.

It's a legitimate address used by Null and of no significance.
Mate, I told this dude not to post anything unless sure. It was a lead into a commonality. None of Nulls other IPs were used by anyone else, only that one.

Legit I told this cunt to keep it quiet unless sure, he decided to go rambo. Want me to post messages?
 
I'm on the list, and I kinda feel bad for Johnson & Johnson getting doxxed from my IP address, considering I don't live or work there. But, someone needs to fall on that sword.
 
Not useful on its own. Someone attempting to link known someone or someones by the IP of their KF account and maybe their e-mail. Of course if you're a Silicon Valley connected tool, you probably can do a lot with those two.

If you're Silicon Valley connected (tool or not), you won't do gay ops like that. My (plebian) understanding of Silicon Valley that it's nepotism and dick tugging of the highest order. You'd just meet a fellow high-flying faggot in Pasadena and would just target a particular Kiwitard.
 
Estado
No está abierto para más respuestas.
Atrás
Top Abajo