John on October 25, 2006 at 8:56 am
Last night I was really struck by a post over at Michelle Malkin’s blog and a related one at My Pet Jawa. Both posts referred to this site, which is purportedly the website of a Jihadi sniper in Iraq who claims to have killed several American soldiers. Needless to say this pisses me off.
I ran some standard DNS lookup stuff and came up with a name and address in Van Nuys. I posted that info over at Jawa in the comments. However, checking the address in Google revealed that it was a strip mall in Van Nuys. The specific address seemed to belong to a UPS store.
I then installed a nifty little Firefox plugin called Active Whois that can pull an IP address from a given site. Using this I came up with: 126.96.36.199. Searching out info on this IP using Samspade, I came up with the name of the host: Site Genie, LLC in Rochester, MN. I went online and found their home page including contact info. By this time it was after 11PM. I posted what I’d learned over at Jawa and went to bed.
This morning I called Site Genie LLC. The person I spoke with confirmed that they are the host for IP 188.8.131.52. I asked him if he was aware what the site’s content was. He said no. I told him, calmly, that it was the site of an Iraqi sniper who claimed to have killed serveral American soldiers and who was using the site to promote his videos of same. The man from Site Genie agreed that this was not acceptable and promised to look into it immediately. He took my name, number and e-mail and promised to get back to me shortly with an update.
It’s too early to count this as done, but it seems like we’re making progress. If anyone notices Juba’s site go offline, let me know. If it’s still there tomorrow, I’ll be making more calls.
Update: Another tech mystery solved. Last night I noticed that the IP above was also related to a server labelled “server.wcdhost.com”. DNS stuff said it could be bogus because it couldn’t resolve it. I tracked wcdhost.com down to a company in Modesto called Web Catchers Design (hence wcd…). Anyway, I called Web Catchers. Turns out they rent servers from Site Genie in Rochester, MN. The woman I spoke to was shocked that their name was coming up in relation to Jubaonline (after I explained what it was). She then recalled that in the past they had rented a server under that name. It’s probable that when they stopped using that particular box, it was re-tasked by Site Genie but the old label was left behind. Hence it still comes up related to the juba IP. But Web Catchers had nothing to do with the site, she assured me.
The woman at Web Catchers also said they have worked with Site Genie for years and that they are good people. She assured me they would address jubaonline.org in short order. I recommended that she call them (since she has a business relationship with them) and provide some more impetus for Site Genie to address this immediately. She agreed it was a good idea.
Based on her vouching for the character of the people at Site Genie, I would expect jubaonline.org to be gone by the end of the day.
Update 2 – 11AM: It has been about two hours since I called Site Genie. The Juba site appears to have become very, very sluggish. Can someone else confirm it. It barely loads on my browser. Hopefully this is the beginning of the end.
Update 3 – 11:39AM: A response just came in from Site Genie LLC via e-mail:
The sites are hosted on a server of one of our resellers. We have notified them that they need to remove the content and we’ll be working with them to that end.
The people at WebCatcher’s are actually not related to these servers, it was just some old DNS records that had not been updated that may have pointed you in that direction.
Good news. Juba’s hours are numbered. And as I noted, the Web Catchers thing was a glitch related to an old server box. The reference to “sites” in the e-mail is because there is more than one. I noticed that if you click on the Juba poster on the right sidebar it is actually hosted on another site http://www.al-boraq.com. That site is IP: 184.108.40.206. I also mentioned to Site Genie that if their reseller has any info on the site owner, the FBI might be interested in it.
Update 4 – 2:30PM: Got another message from Site Genie saying they were handling this very seriously. Seems so because this is what you get if you go to jubaonline right now:
That means it’s time to put up this:
Hey, Juba, you just got sniped. Bastard.
Final Update: Credit where due. Turns out the guys over at Jawa were also contacting Site Genie this afternoon. So it was a group effort (though I’m still claiming the first call until someone shows me otherwise). Congrats to all who weighted in! We won. Juba’s site sleeps with the fishes.
Category: Islamic Jihad |