CAUGHT IN THE ACT OF DECEPTION
and manipulation



Traceroute / Geolocation / NMap outputs for NCCG cult "satanist" impersonator (linked from: deception-main.html)


Thursday, November 9, 2006:


213.66.1.199 - - [09/Nov/2006:11:55:55 -0600] "GET /photo003.jpg HTTP/1.1" 200 4936 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"




 8  nyk-bb1-pos0-3-0.telia.net (213.248.80.154)  63.525 ms nyk-bb2-pos7-1-0.telia.net (213.248.80.74)  59.041 ms nyk-bb1-pos0-3-0.telia.net (213.248.80.154)  61.373 ms
 9  kbn-bb2-link.telia.net (213.248.82.102)  150.180 ms  139.069 ms kbn-bb1-pos1-3-0.telia.net (213.248.64.21)  139.395 ms
10  s-bb2-link.telia.net (213.248.65.165)  145.748 ms s-bb1-link.telia.net (213.248.65.141)  142.492 ms  139.712 ms
11  s-b3-pos4-0.telia.net (213.248.66.10)  135.999 ms s-b4-pos12-0.telia.net (213.248.66.6)  129.598 ms s-b3-pos4-0.telia.net (213.248.66.10)  136.377 ms
12  fre-c1-pos11-0.se.telia.net (213.248.101.137)  133.724 ms hy-peer1-pos4-0.se.telia.net (213.248.101.141)  133.319 ms fre-c1-pos11-0.se.telia.net (213.248.101.137)  132.030 ms
13  hy-c1-link.se.telia.net (81.228.72.70)  123.430 ms  125.656 ms hy-c1-link.se.telia.net (81.228.72.64)  128.439 ms
14  oer3-c1-link.se.telia.net (81.228.72.53)  157.800 ms  157.272 ms  161.918 ms
15  ks-d4-link.se.telia.net (81.228.73.190)  274.463 ms  344.871 ms  221.936 ms
16  * * *






Insufficient responses for TCP sequencing (0), OS detection may be less accurate
Interesting ports on 213-66-1-199-no26.tbcn.telia.com (213.66.1.199):
(The 1670 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE
113/tcp  closed auth
1720/tcp open   H.323/Q.931
Device type: broadband router
Running: Level One embedded
OS details: Fingerprint LevelOne WBR-3406TX Wireless Broadband router


213.66.1.199 - - [09/Nov/2006:15:12:45 -0600] "GET /articles/lawrevisited.htm HTTP/1.1" 404 312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
213.66.1.199 - - [09/Nov/2006:15:12:51 -0600] "GET / HTTP/1.1" 403 5044 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
213.66.1.199 - - [09/Nov/2006:15:12:51 -0600] "GET /icons/apache_pb2.gif HTTP/1.1" 200 2414 "http://www.setapartplace.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
213.66.1.199 - - [09/Nov/2006:15:12:51 -0600] "GET /icons/powered_by_rh.png HTTP/1.1" 200 1213 "http://www.setapartplace.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"


Friday, November 10, 2006:

Session Start (drumpler:kati_kit2000): Fri Nov 10 23:22:27 2006
[23:22] *** NOTE: This user is offline.  Your messages will be received when he/she logs into Yahoo! Messenger.
[23:23] drumpler: Okay, the image works now. :) I also uploaded another I thought was downright hillarious: (Link: http://www.setapartplace.org/nofalseprophets.jpg
)(Link: http://www.setapartplace.org/nofalseprophets.jpg)http://www.setapartplace.org/nofalseprophets.jpg Tell me if it makes you laugh. I also sent you an e-mail and I hope you can respond soon. I do miss our convos. Take care!


Saturday, November 11, 2006:

Jannicke:

13:39:11.379986 IP xxx.xxx.xxx.xxx.3508 > 81.229.105.239.32972: . ack 53 win 65483
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  0028 059f 4000 8006 77b0 c0a8 0104 51e5  .(..@...w.....Q.
        0x0020:  69ef 0db4 80cc d5fe d84d db65 c40e 5010  i........M.e..P.
        0x0030:  ffcb 7d9b 0000                           ..}...
13:39:12.102815 IP 81.229.105.239.32972 > xxx.xxx.xxx.xxx.3508: P 53:57(4) ack 61 wi
n 65475
        0x0000:  000c 6ea3 d933 0013 4947 7ba6 0800 4500  ..n..3..IG{...E.
        0x0010:  002c ecfc 4000 7006 a04e 51e5 69ef c0a8  .,..@.p..NQ.i...
        0x0020:  0104 80cc 0db4 db65 c40e d5fe d84d 5018  .......e.....MP.
        0x0030:  ffc3 9e40 0000 b801 0000 0000            ...@........
13:39:12.254992 IP xxx.xxx.xxx.xxx.3508 > 81.229.105.239.32972: . ack 57 win 65479
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  0028 05a1 4000 8006 77ae c0a8 0104 51e5  .(..@...w.....Q.
        0x0020:  69ef 0db4 80cc d5fe d84d db65 c412 5010  i........M.e..P.
        0x0030:  ffc7 7d9b 0000                           ..}...
13:39:12.284837 IP 81.229.105.239.32972 > xxx.xxx.xxx.xxx.3508: P 57:497(440) ack 61
 win 65475
        0x0000:  000c 6ea3 d933 0013 4947 7ba6 0800 4500  ..n..3..IG{...E.
        0x0010:  01e0 ecfd 4000 7006 9e99 51e5 69ef c0a8  ....@.p...Q.i...
        0x0020:  0104 80cc 0db4 db65 c412 d5fe d84d 5018  .......e.....MP.
        0x0030:  ffc3 8e50 0000 0000 0000 30c0 7800 0000  ...P......0.x...
        0x0040:  0000 0000 0000 8801 0000 0000 0000 8801  ................
        0x0050:  0000 0000 0000 4df9 9f05 0000 0000 0000  ......M.........
13:39:12.285250 IP xxx.xxx.xxx.xxx.3508 > 81.229.105.239.32972: P 61:65(4) ack 497 w
in 65039
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  002c 05a2 4000 8006 77a9 c0a8 0104 51e5  .,..@...w.....Q.
        0x0020:  69ef 0db4 80cc d5fe d84d db65 c5ca 5018  i........M.e..P.
        0x0030:  fe0f 7d9f 0000 3000 0000                 ..}...0...
13:39:12.470641 IP 81.229.105.239.32972 > xxx.xxx.xxx.xxx.3508: . ack 65 win 65471
        0x0000:  000c 6ea3 d933 0013 4947 7ba6 0800 4500  ..n..3..IG{...E.
        0x0010:  0028 ecfe 4000 7006 a050 51e5 69ef c0a8  .(..@.p..PQ.i...
        0x0020:  0104 80cc 0db4 db65 c5ca d5fe d851 5010  .......e.....QP.
        0x0030:  ffbf 5492 0000 0000 0000 0000            ..T.........
13:39:12.470693 IP xxx.xxx.xxx.xxx.3508 > 81.229.105.239.32972: P 65:113(48) ack 497
 win 65039
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  0058 05a3 4000 8006 777c c0a8 0104 51e5  .X..@...w|....Q.
        0x0020:  69ef 0db4 80cc d5fe d851 db65 c5ca 5018  i........Q.e..P.
        0x0030:  fe0f 7dcb 0000 0000 0000 84e6 6101 0000  ..}.........a...
        0x0040:  0000 0000 0000 8801 0000 0000 0000 0000  ................
        0x0050:  0000 0200 0000 30c0 7800 4df9 9f05 8801  ......0.x.M.....
13:39:12.670921 IP 81.229.105.239.32972 > xxx.xxx.xxx.xxx.3508: . ack 113 win 65423
        0x0000:  000c 6ea3 d933 0013 4947 7ba6 0800 4500  ..n..3..IG{...E.
        0x0010:  0028 ecff 4000 7006 a04f 51e5 69ef c0a8  .(..@.p..OQ.i...
        0x0020:  0104 80cc 0db4 db65 c5ca d5fe d881 5010  .......e......P.
        0x0030:  ff8f 5492 0000 0000 0000 0000            ..T.........
13:39:16.363354 IP xxx.xxx.xxx.xxx.3508 > 81.229.105.239.32972: P 113:117(4) ack 497
 win 65039
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  002c 05a6 4000 8006 77a5 c0a8 0104 51e5  .,..@...w.....Q.
        0x0020:  69ef 0db4 80cc d5fe d881 db65 c5ca 5018  i..........e..P.
        0x0030:  fe0f 7d9f 0000 8f01 0000                 ..}.......
13:39:16.594055 IP 81.229.105.239.32972 > xxx.xxx.xxx.xxx.3508: . ack 117 win 65419
        0x0000:  000c 6ea3 d933 0013 4947 7ba6 0800 4500  ..n..3..IG{...E.
        0x0010:  0028 ed00 4000 7006 a04e 51e5 69ef c0a8  .(..@.p..NQ.i...
        0x0020:  0104 80cc 0db4 db65 c5ca d5fe d885 5010  .......e......P.
        0x0030:  ff8b 5492 0000 0000 0000 0000            ..T.........
13:39:16.594109 IP xxx.xxx.xxx.xxx.3508 > 81.229.105.239.32972: P 117:516(399) ack 4
97 win 65039
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  01b7 05a7 4000 8006 7619 c0a8 0104 51e5  ....@...v.....Q.
        0x0020:  69ef 0db4 80cc d5fe d885 db65 c5ca 5018  i..........e..P.
        0x0030:  fe0f 7f2a 0000 0000 0000 85e6 6101 0000  ...*........a...
        0x0040:  0000 0000 0000 5f01 0000 0000 0000 5f01  ......_......._.
        0x0050:  0000 0000 0000 911e cd01 0000 0000 0000  ................
13:39:16.648986 IP 81.229.105.239.32972 > xxx.xxx.xxx.xxx.3508: P 497:501(4) ack 516
 win 65020
        0x0000:  000c 6ea3 d933 0013 4947 7ba6 0800 4500  ..n..3..IG{...E.
        0x0010:  002c ed01 4000 7006 a049 51e5 69ef c0a8  .,..@.p..IQ.i...
        0x0020:  0104 80cc 0db4 db65 c5ca d5fe da14 5018  .......e......P.
        0x0030:  fdfc 2486 0000 3000 0000 0000            ..$...0.....
13:39:16.848747 IP xxx.xxx.xxx.xxx.3508 > 81.229.105.239.32972: . ack 501 win 65035
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  0028 05a8 4000 8006 77a7 c0a8 0104 51e5  .(..@...w.....Q.
        0x0020:  69ef 0db4 80cc d5fe da14 db65 c5ce 5010  i..........e..P.
        0x0030:  fe0b 7d9b 0000                           ..}...
13:39:16.873120 IP 81.229.105.239.32972 > xxx.xxx.xxx.xxx.3508: P 501:549(48) ack 51
6 win 65020
        0x0000:  000c 6ea3 d933 0013 4947 7ba6 0800 4500  ..n..3..IG{...E.
        0x0010:  0058 ed02 4000 7006 a01c 51e5 69ef c0a8  .X..@.p...Q.i...
        0x0020:  0104 80cc 0db4 db65 c5ce d5fe da14 5018  .......e......P.
        0x0030:  fdfc 048c 0000 0000 0000 31c0 7800 0000  ..........1.x...
        0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0050:  0000 0200 0000 85e6 6101 911e cd01 5f01  ........a....._.
13:39:17.067494 IP xxx.xxx.xxx.xxx.3508 > 81.229.105.239.32972: . ack 549 win 64987
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  0028 05a9 4000 8006 77a6 c0a8 0104 51e5  .(..@...w.....Q.
        0x0020:  69ef 0db4 80cc d5fe da14 db65 c5fe 5010  i..........e..P.
        0x0030:  fddb 7d9b 0000                           ..}...

Sharon Harvey:

13:44:19.549988 IP xxx.xxx.xxx.xxx.3564 > 81.229.105.239.17862: . ack 546 win 64990
        0x0000:  0013 4947 7ba6 000c 6ea3 d933 0800 4500  ..IG{...n..3..E.
        0x0010:  0028 0a64 4000 8006 72eb c0a8 0104 51e5  .(.d@...r.....Q.
        0x0020:  69ef 0dec 45c6 1a3b 2fe2 560d 857e 5010  i...E..;/.V..~P.
        0x0030:  fdde 7d9b 0000                           ..}...


 8  nyk-bb1-pos0-3-0.telia.net (213.248.80.154)  40.617 ms *  57.214 ms
 9  kbn-bb2-pos1-3-0.telia.net (213.248.64.33)  150.673 ms  127.652 ms kbn-bb1-pos1-3-0.telia.net (213.248.64.21)  122.500 ms
10  s-bb2-link.telia.net (213.248.65.165)  143.514 ms s-bb1-pos7-0-0.telia.net (213.248.65.26)  131.737 ms  128.549 ms
11  s-b4-pos5-0.telia.net (213.248.66.14)  136.768 ms s-b4-pos12-0.telia.net (213.248.66.6)  131.592 ms s-b4-pos5-0.telia.net (213.248.66.14)  137.680 ms
12  hy-peer1-pos4-0.se.telia.net (213.248.101.141)  141.837 ms  136.418 ms  142.421 ms
13  hy-c1-link.se.telia.net (81.228.72.70)  128.147 ms  127.254 ms  131.792 ms
14  oer3-c1-link.se.telia.net (81.228.72.53)  148.861 ms  157.682 ms  158.591 ms
15  ks-d4-link.se.telia.net (81.228.73.190)  234.044 ms  179.970 ms *
16  * * *









Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-11-11 13:53 CST
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Interesting ports on 81-229-105-239-no26.tbcn.telia.com (81.229.105.239):
(The 1670 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE
113/tcp  closed auth
1720/tcp open   H.323/Q.931
Device type: broadband router
Running: Level One embedded
OS details: Fingerprint LevelOne WBR-3406TX Wireless Broadband router



Sunday, November 12, 2006:


81.229.105.239 - - [12/Nov/2006:06:53:42 -0600] "GET /sig1.jpg HTTP/1.1" 200 631 "http://us.f569.mail.yahoo.com/ym/ShowLetter?MsgId=8871_98756_697_1603_379_0_5_-1_0&Idx=0&YY=92491&y5beta=yes&y5beta=yes&inc=25&order=down&sort=date&pos=0&view=&head=&box=Inbox" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
81.229.105.239 - - [12/Nov/2006:06:57:35 -0600] "GET /sig1.jpg HTTP/1.1" 304 - "http://us.f368.mail.yahoo.com/ym/ShowLetter?MsgId=172_4806044_455474_1655_1017_0_63185_2387_3086667384&Idx=1&YY=24816&y5beta=yes&y5beta=yes&inc=25&order=down&sort=date&pos=0&view=&head=&box=Inbox" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

81.229.105.239 - - [12/Nov/2006:07:04:42 -0600] "GET /nofalseprophets.jpg HTTP/1.1" 200 12868 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"



Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-11-12 08:41 CST
Insufficient responses for TCP sequencing (0), OS detection may be less accurate
Interesting ports on 81-229-105-239-no26.tbcn.telia.com (81.229.105.239):
(The 1670 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE
113/tcp  closed auth
1720/tcp open   H.323/Q.931
Device type: broadband router
Running: Level One embedded
OS details: Fingerprint LevelOne WBR-3406TX Wireless Broadband router