An old Jihad Watch thread on the jihad rap video produced in Britain has just received a new comment from a person giving the obviously false email address "obl@hotmail.com":
All of you bastards you can't even handle the truth can you ?More videos come out like this one the better...
uktul yahoodPosted by: Mujah1deen at March 17, 2004 11:26 AM
"Uktul yahood" is Arabic for "Kill the Jews."
This post came in from Amsterdam, Netherlands (his IP address is 62.252.96.4). Welcome to the new Europe.
ADDENDUM: I am not all that technically adept, and several people have told me that this poster actually hails from Great Britain, as you can see in the comments.
Your post says the IP is from Amsterdam, Netherlands, but www.geektools.com/whois.php says the IP address is:
descr: NTL Internet
descr: Huddersfield site
country: GB (UK)
For abuse notifications: www.ntlworld.com/netreport
That's very interesting. I don't know much about how this works. I went to ARIN WHOIS (http://ws.arin.net/cgi-bin/whois.pl)
and got this information:
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL
I don't know what to make of the difference. Can anyone help?
Unfortunately, what people have failed to learn in history is that the Jewish people are the miner's canary. What starts out with the Jews, ends up affecting everybody else later on. Just like Hitler - first, it will be death to the Jews, next it will be death to the European infidels. How sad that people never learn from history.
Mr. Spencer,
The IP traces to:
role: NTLI Network Management Centre
address: NTL Internet
address: Crawley Court
address: Winchester
address: Hampshire
This person is apparently in Great Britain.
Another lost soul with an anonymous e-mail. Not much of a man at all. Just a scared little boy. Hiding somewhere spewing out his trash.
U have to call us bastards? Sissy boy. We're Americans, lame ass. We've been called everything since we have to clean up the world's messes, and have become immune to it. Speaking of messes, you're included in that category.
See how easy it is to track you? Dummy.
Sticks and Stones, little one. Jihadis are weak, dumb, and led by their noses. When's the last time UBL strapped a bomb on? Wise up ding dong.
There are no virgins waiting on you.
There is no paradise for killers in the name of a death cult. Convert and denounce.
Coward. Doesn't even have the stones to leave a legit email addy. He has no clue about the Truth, having been deluded by the Koran and its' lies. Another brainless, gutless moron. His words have all the impact of a dog barking at the moon.
Robert, this is the info. i come up with(sorry about the length):
This is the RIPE Whois server.
The objects are in RPSL format.
Rights restricted by copyright.
See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 62.252.96.0 - 62.252.127.255
netname: NTL
descr: NTL Internet
descr: Huddersfield site
country: GB
admin-c: NNMC1-RIPE
tech-c: NNMC1-RIPE
status: ASSIGNED PA
mnt-by: AS5089-MNT
changed: hostmaster@ntli.net 20001219
changed: hostmaster@ntli.net 20020815
source: RIPE
route: 62.252.0.0/14
descr: NTL-UK-IP-BLOCK-3
origin: AS5089
mnt-by: AS5089-MNT
changed: bob.procter@ntli.net 20010205
source: RIPE
role: NTLI Network Management Centre
address: NTL Internet
address: Crawley Court
address: Winchester
address: Hampshire
address: SO21 2QA
trouble: -------------------------------------------------------
trouble: For abuse notifications please -
trouble: file an online case @ http://www.ntlworld.com/netreport
trouble: +44 2920 305142
trouble: -------------------------------------------------------
trouble: For peering issues/requests please -
trouble: email : peering@ntli.net
trouble: -------------------------------------------------------
admin-c: MH22007-RIPE
admin-c: CF2297-RIPE
admin-c: CM1377-RIPE
tech-c: MH22007-RIPE
tech-c: CF2297-RIPE
tech-c: CM1377-RIPE
nic-hdl: NNMC1-RIPE
mnt-by: AS5089-MNT
notify: data.planning@ntl.com
e-mail: data.planning@ntl.com
changed: hostmaster@ntli.net 20020815
changed: hostmaster@ntli.net 20020913
changed: hostmaster@ntli.net 20030328
changed: hostmaster@ntli.net 20030401
changed: hostmaster@ntli.net 20030603
changed: hostmaster@ntli.net 20030707
changed: hostmaster@ntli.net 20040303
changed: hostmaster@ntli.net 20040312
How do you get the ip of a poster?
I found the same two addresses. There is a possiblity he used a proxy though. There are other tools that can be used to track the originating message to see if the ip is a spoof.
Addendum:
Mr. Spencer, email a message to the tech support and see if they can be of any help. They may have more information on the hard drive of the server the message came through.
quark2 did you pop over because my post on lgf about this thread
Curious,
Internet connections are as traceable as phone connections.
Robert,
Evidently the IP database you used is not as detailed as the other IP databases. In the results for 62.252.96.4 at:
http://ws.arin.net/cgi-bin/whois.pl
It says: "These addresses have been further assigned to users in the RIPE NCC region. Contact information can be found in the RIPE database at: http://www.ripe.net/whois"
So, evidently, the network is run out of the Netherlands, but the subnet is in GB UK).
So, from now on, do not use the Ripe.net IP Query database, use this one: http://www.ripe.net/ripencc/pub-services/db/whois/whois.html
or this one: www.geektools.com/whois.php
This is a little off topic, but we are talking about email. I haven't received any jihadist email since I started posting regularly. I HAVE received 4 emails for variations of the Nigeria-type scams - "Someone died. We need your help moving money out of the country. Send us your bank account details." These were allegedly coming from Sierra Leone, Ghana, the Ivory Coast, and the Republic of Togo.
Has this happened to anyone else? I only use this email account here.
jay
Jay, the Jihad Watch email box receives those appeals fairly frequently. Some are even embedded in comments in old threads, at least until I have a chance to clear them out. I think they see "Jihad" and send me the Islamic version, because I usually get promises of all kinds of blessings from Allah if I just send them my bank account details.
well, i cant provide any info about where he is, but i can tell you which ports he currently has wide open:
22
25
53
80
110
1090
5617
5619
6060
6061
7070
7272
7808
7878
8080
8081
8083
8084
8088
8090
8888
9090
9231
9999
20098
28000
28003
28004
28005
28006
28007
28008
28009
28010
28011
28012
28013
28020 through 28049
32768
32769
what everyone else does with this info is none of my business *whistles innocently*