l2extreme FBI shutdown? Now questionable. - Anthony's Blog - AbleNET IRC Network

So this weekend there's been a hub-bub on the internet about one of the more popular lineage2 public servers being shut down. At first it appeared legit; we even posted a news item on AbleNET, being the first to break the story in print.... All that being said.. I am beginning to suspect that something is amiss.

A few curious details have popped up:

1. The FBI being listed as controlling the domain:

I have never seen the FBI before listed as the owner of a 'taken' domain. I find it equally suspicious that the FBI would leave a domain under the control or a private registrar... however, this is speculation.

Here is the whois record:

Domain Name: L2EXTREME.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com
   Name Server: DNS2.NAME-SERVICES.COM
   Name Server: DNS1.NAME-SERVICES.COM
   Name Server: DNS5.NAME-SERVICES.COM
   Name Server: DNS3.NAME-SERVICES.COM
   Name Server: DNS4.NAME-SERVICES.COM
   Status: REGISTRAR-LOCK
   EPP Status: clientDeleteProhibited
   EPP Status: clientTransferProhibited
   Updated Date: 16-Nov-2006
   Creation Date: 21-Dec-2004
   Expiration Date: 21-Dec-2006

Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: http://www.namecheap.com/

Domain name: l2extreme.com

Registrant Contact:
   Department of Justice
   Federal Bureau of Investigation (info@fbi.gov)
   +1.2023243000
   Fax: +1.2023243000
   J. Edgar Hoover Building
   Washington, DC 20535
   US

Administrative Contact:
   Department of Justice
   Federal Bureau of Investigation (info@fbi.gov)
   +1.2023243000
   Fax: +1.2023243000
   J. Edgar Hoover Building
   Washington, DC 20535
   US

Technical Contact:
   Department of Justice
   Federal Bureau of Investigation (info@fbi.gov)
   +1.2023243000
   Fax: +1.2023243000
   J. Edgar Hoover Building
   Washington, DC 20535
   US

Status: Locked

Name Servers:
   dns1.name-services.com
   dns2.name-services.com
   dns3.name-services.com
   dns4.name-services.com
   dns5.name-services.com

Creation date: 21 Dec 2004 16:54:44
Expiration date: 21 Dec 2006 16:54:44

2. The changing of the FBI pages:

The original page was a rip/copy of the official FBI page found at : http://www.fbi.gov/ipr/

Then the page was a low budget generic white page with bold lettering and an anti-piracy logo.

Finally it has been changed to the red 'design' we currently see it as.

3. Revolving door of IPs:

whois 64.74.96.243
Internap Network Services PNAP-SEA-BLOCK4 (NET-64-74-0-0-1)
                                  64.74.0.0 - 64.74.255.255
eNom PNAP-CHG-ENOM-RM-01 (NET-64-74-96-224-1)
                                  64.74.96.224 - 64.74.96.255

# ARIN WHOIS database, last updated 2006-11-17 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

whois 72.32.58.190

OrgName:    Rackspace.com, Ltd.
OrgID:      RSPC
Address:    112 E. Pecan St.
Address:    Suite 600
City:       San Antonio
StateProv: TX
PostalCode: 78205
Country:    US

NetRange:   72.32.0.0 - 72.32.191.255
CIDR:       72.32.0.0/17, 72.32.128.0/18
NetName:    RSCP-NET-4
NetHandle: NET-72-32-0-0-1
Parent:     NET-72-0-0-0-0
NetType:    Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
Comment:
RegDate:    2005-02-25
Updated:    2006-05-23

RTechHandle: IPADM17-ARIN
RTechName:   IPADMIN
RTechPhone: +1-210-892-4000
RTechEmail: ipadmin@rackspace.com

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName:   Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail: abuse@rackspace.com

OrgTechHandle: IPADM17-ARIN
OrgTechName:   IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail: ipadmin@rackspace.com

OrgTechHandle: ZR9-ARIN
OrgTechName:   Rackspace, com
OrgTechPhone: +1-210-892-4000
OrgTechEmail: hostmaster@rackspace.com

# ARIN WHOIS database, last updated 2006-11-17 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

4. The lack of any credible news coverage of what would be considered newsworthy in gamer circles as well as copyright infringement circles. The news would have been on top of what could be considered a 'government victory against piracy' and yet... it was never touched. Why? I'd consider this a biggie.

5. The www. domain points to the first IP (above) and apparently redirects to the second.

The root domain still points to: 216.52.184.240

6. Random Information:

dig l2extreme.com

; <> DiG 9.2.4 <> l2extreme.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27068
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;l2extreme.com.                 IN      A

;; ANSWER SECTION:
l2extreme.com.          1203    IN      A       216.52.184.240

;; AUTHORITY SECTION:
l2extreme.com.          3003    IN      NS      dns4.name-services.com.
l2extreme.com.          3003    IN      NS      dns5.name-services.com.
l2extreme.com.          3003    IN      NS      dns1.name-services.com.
l2extreme.com.          3003    IN      NS      dns2.name-services.com.
l2extreme.com.          3003    IN      NS      dns3.name-services.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 19 00:12:11 2006
;; MSG SIZE rcvd: 156

dig www.l2extreme.com

; <> DiG 9.2.4 <> www.l2extreme.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29510
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;www.l2extreme.com.             IN      A

;; ANSWER SECTION:
www.l2extreme.com.      1800    IN      A       69.25.142.3

;; AUTHORITY SECTION:
l2extreme.com.          2952    IN      NS      dns1.name-services.com.
l2extreme.com.          2952    IN      NS      dns2.name-services.com.
l2extreme.com.          2952    IN      NS      dns3.name-services.com.
l2extreme.com.          2952    IN      NS      dns4.name-services.com.
l2extreme.com.          2952    IN      NS      dns5.name-services.com.

;; Query time: 171 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 19 00:13:02 2006
;; MSG SIZE rcvd: 160

I think we're really see it all once brought to light and completion; we will know for sure... Only time will tell...

Del.icio.us

Add to Fark Reddit

Technorati Furl

Furl

Stumble Upon

← Prev | Anthony's Blog Home | Next →

Anthony's Messages

Comments (5)

by Anthony on Sun, 19 Nov 2006 at 12:34 AM

I'd also like to point out that even ibackup who IS government shut down has had changes in the Name Servers and not Domain registrant info:

whois ibackups.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: IBACKUPS.NET
Registrar: TUCOWS INC.
Whois Server: whois.opensrs.net
Referral URL: http://domainhelp.tucows.com
Name Server: NS22.USDOJ.GOV
Name Server: JUSTICE2.USDOJ.GOV
Status: ACTIVE
EPP Status: ok
Updated Date: 13-Sep-2006
Creation Date: 14-Apr-2003
Expiration Date: 14-Apr-2007

>>> Last update of whois database: Sun, 19 Nov 2006 00:30:43 EST <<<

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registrant:
iBackups Inc
26893 Boquet Cyn. Rd.
Suite C # 331
Saugus, CA 91350
US

Domain name: IBACKUPS.NET

Administrative Contact:
Inc, iBackups support@ibackups.net
26893 Boquet Cyn. Rd.
Suite C #331
Saugus, CA 91350
US
661-260-3679
Technical Contact:
Inc, iBackups support@ibackups.net
26893 Boquet Cyn. Rd.
Suite C #331
Saugus, CA 91350
US
661-260-3679

Registration Service Provider:
Misk.com Support, support@misk.com
845-896-4602
845-896-2535 (fax)
http://www.misk.com
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.

Registrar of Record: TUCOWS, INC.
Record last updated on 13-Sep-2006.
Record expires on 14-Apr-2007.
Record created on 14-Apr-2003.

Domain servers in listed order:
JUSTICE2.USDOJ.GOV
NS22.USDOJ.GOV

Domain status: ok

(Reply)

by kgptzac on Sun, 19 Nov 2006 at 01:04 PM

ahh... i don't know how to read those technical info xD

(Reply)

by Anthony on Sun, 19 Nov 2006 at 10:47 PM

hah basically it means that they still control their domain. It's a fake.

(Reply)

by melov on Sat, 26 May 2007 at 02:12 PM

You're forgetting an extremely important fact. NCsoft made a news post on www.lineage2.com confirming that the FBI had brought down the server. NCsoft would have never talked to Schmee. It's also extremely illegal to pretend your website was shut down by the FBI. Nice fine with it too. It's still up to this day, the FBI would have said something by now.

(Reply)

by Riddick on Tue, 19 Jun 2007 at 07:33 AM

The Matrix has you guys!! There is no escape... >:

(Reply)

Would you like to comment?

→ Join AbleNET Community for a free account, or Login if you are already a member.

For Channel Owners: Register a Channel | Your Channels | Java Chat

For Users: AbleNET Quotables | Pictures | Join Groups