Site will be messed up for a bit as I work on things/break them.
DNL

Feds Used an IP Logger to Catch a Pedophile

A 47-year-old man from Dwight, Nebraska, was sentenced to a total 500 months in prison for production and possession of child pornography. The defendant shared thousands of self-produced child abuse content on various chat rooms and darkweb forums.

According to an announcement by the U.S. Attorney’s Office District of Nebraska, the investigation against 47-year-old Michael Dean McCullar began in February 2019. Homeland Security Investigations (HSI) Special Agents in Omaha started the investigation after they received a lead regarding the possible production of child pornography by a suspect in Dwight, Nebraska, from agents in Massachusetts.

The Boston agents were investigating individuals using darkweb forums and chat rooms to discuss and exchange child pornography images and videos. During the course of the investigation, the agents came across McCullar who was sharing self-produced child abuse images and started messaging him on an undisclosed platform (based on other information available, it appears as if law enforcement first made contact over Ricochet). McCullar sent an undisclosed number of child pornography images to the agents.

It was during conversations with McCullar–who used the name “dadotlolibaby” online–that investigators obtained the defendant’s IP address.

From the plea agreement:

“[T]he individual using the screen name “dadotlolibaby” engaged in a conversation with an undercover officer regarding the sexual abuse of children and their “mutual” likes of pornography available on the open web. During the course of this conversation, the undercover officer provided the individual using the screen name “dadotlolibaby” with a URL that was created using the IP Logger service. An IP Logger is a free and publicly available service that will provide the IP address of an individual that visits the URL as a method to identify the IP address of the computer user. On February 7, 2019 17:37:23 (EST), the link sent using the IP Logger service was accessed indicating that the individual accessing a particular website was doing so using the TOR browser.”

The plea agreement detailed the investigation

The plea agreement described the investigation

And after obtaining the IP address, according to court documents, they grabbed it one more time:

“On February 8, 2018, HSI Boston agents sent a summons to Windstream Communications requesting the account details of the individual assigned IP address 75.88.41.114 on February 7, 2019 17:37:54 (EST) and February 7, 2019 17:48:33 (EST). On February 8, 2019, Windstream Communications provided the information that the user assigned that IP address was the Defendant with a residential address in Dwight, Nebraska. A check of the Butler County, Nebraska assessor’s office found Defendant and his wife own the address referenced by Windstream”

In late February, the agents executed a search warrant on McCullar’s residence and established that McCullar was on a business trip in Tampa, Florida. The agents went to Tampa, arrested McCullar, and took him back to Nebraska. The agents seized McCullar’s electronic devices and recovered more than 30,000 child pornography images and 1,500 videos. On being questioned the defendant admitted that he produced and shared the child pornography images.

Defendant stated he created the “dadoflolibaby” username approximately IO years ago. Defendant accessed the internet through the TOR network, a means and facility of interstate and foreign commerce. Defendant said the reason for creating this account was to browse for child pornography. Defendant stated he had an account in a dark web forum called, “BabyHeart.” Defendant stated he recently started using, Ricochet, a chat function on the TOR network, to communicate with an individual with the username “NorthernDad.”

On February 19, 2020, Chief United States District Judge John M. Gerrard sentenced McCullar to 360 months in prison for production of child pornography and 140 months for possession of child pornography. The judge also ordered McCullar to pay $154,136 in restitution and assessments of $30,200. In addition to registering as a sex offender, the defendant will be placed under supervised release for the rest of his life after being released from prison.

As some have pointed out in the comments, there is likely much more to this story than we know. How did an IP logger grab the actual IP address of someone using the Tor Browser?

22 Comments
It's Called We Engage In A Mild Amount of Tomfoolery
21d5ba1f
f8efff10 Thu, Feb 27, 2020

What a sick fuck good riddance. Was he fucking his own kids lol.

103f4647
ff605880 Thu, Feb 27, 2020

I don’t understand how he got caught if he was using TOR. It said he opened the link and they knew he was accessing it via TOR, then they contacted the ISP, they had this guy’s info available like he wasn’t using TOR. It makes no sense to me unless I’m missing something.

9ebbb8d6
516b8320 Thu, Feb 27, 2020

This did is a sick fuck and deserves to rot in prison. However there is way more to this story as far as how the feds received the info they did.

a73d0da9
14171050 Thu, Feb 27, 2020

I don’t understand how he got caught if he was using TOR. It said he opened the link and they >knew he was accessing it via TOR, then they contacted the ISP, they had this guy’s info available >like he wasn’t using TOR. It makes no sense to me unless I’m missing something.

If you want real anonymity you cant just rely on Tor hiding your IP.

008d7636
fe473e00 Thu, Feb 27, 2020

Could he have used the tor browser to log into the forum at the same time using it to log into a clear net website?

ece685ae
f559ab60 Thu, Feb 27, 2020

I don’t understand how he got caught if he was using TOR.
February 7, 2019 17:37:23 he accessed using Tor.
February 7, 2019 17:37:54 he accessed with his clearnet IP.

Conjecture: as soon as they saw him accessing, they pulled the plug on the honeypot or arbitrarily made the website slower (“self DDoSed”). the boomer thought it was a problem with the Tor network and trusted the agent enough at that point so accessed the link on a clearnet browser.

cfbda4fa
cce917b0 Thu, Feb 27, 2020

i was confused at first. but it seems like he accessed the image once through TOR, then very soon afterwards accessed the same image through his normal browser.

sounds like some sick fuck deserved his 40yrs in jail.

7003c332
d9bbafe0 Thu, Feb 27, 2020

Looks more like a social hack to get him out of Tor one way or the other like Frosty Bureau said…sounds like they had been hunting this sicko for a good while.

ef2a037d
c93bb330 Thu, Feb 27, 2020

Misconfiguration, VPN drop or no VPN, or most likely user error

the importance of these articles is not the specific crime but how YOUR GOVERNMENT is actively surveillance your activities.

private companies will always protect themselves, they are people after all.
to expect anyone to care about your privacy but yourself is looney tunes

33f77a61
934d0110 Fri, Feb 28, 2020

12 years for possession???
America is so fucked lol.

c791c411
cef3aa90 Fri, Feb 28, 2020

“How did an IP logger grab the actual IP address of someone using the Tor Browser?”

they used an exploit?

first they discover he used tor browser. second link they brought out the big guns.

32b256b9
23ab32b0 Fri, Feb 28, 2020

HEY, YOU HAVE A TYPO!

Looks like the screen name this piece of shit used is actually ‘dadoFlolibaby’, not ‘dadoTlolibaby’ - capital letters are what needs changed…

I was looking at the name trying to figure out wtf it would possibly mean or how to say it, but then after reading the somewhat blurry image of the plea it became apparent that it has a F vs T. Incredibly fucking dirty gross scummy name, but I guess it makes sense for the bastard.

c7bbc30f
cbf3a2d0 Fri, Feb 28, 2020

Reading the sentence he got made me really happy, fuck those sick bastards

d857bd38
7306cd40 Fri, Feb 28, 2020

41 years in prison for a pedophile, that’s good to see.

dd9e6945
feaa5790 Sat, Feb 29, 2020

So u cool with ppl monitoring your online shit?

ends justify the means?

Innocent until proven guilty

97d63b2f
53f9a0f0 Sat, Feb 29, 2020

What the actual fuck is wrong with humans. I hope he dies in jail from aids

24de085b
52377960 Sun, Mar 1, 2020

Can we please genocide these people. I’m serious. They know it themselves, they should not live. Imagine the lengths of torment this man caused and how the psychological issues will spider web. Will any of his victims commit suicide? Commit acts of pedophilia themselves because of this? How far does something like this stretch? How many people are currently in possession of his self made photos/videos. As a father myself, I would tie him to a rubber tire and set on fire. This man will live cushy in prison for the rest of his life. His crimes effect more than capital murders where ppl are currently on death row. Prejudice pedophilia and end them and any possibility of them creating offspring. Only through extreme prejudiced.

3e16702f
e872a440 Sun, Mar 1, 2020

I would give up my right to internet privacy and my ability to access and use DNM to rid the world of all these people. Without a second thought. My privacy is NOT more important than destroying all these pedophiles. Give up everyone’s IP, give up war on drugs, lasso up all child abusers, kill them and let’s slowly remove the pedophile genome from the human Gene pool by pure genocide.

ad0cf9c6
d0147f50 Sun, Mar 1, 2020

lmao until you are falsely accused

HK BELONGS TO PRC

09313b06
c4aea470 Mon, Mar 2, 2020

Just what the big government is hoping you morons will say.

ba32245d
94b68110 Mon, Mar 2, 2020

One up to Frosty_Iglo. Just because there are criminals does not mean that I get to lose my right to privacy. Not even sure if those above comments are real or just trolls…

cd364ab4
700eab20 Wed, Mar 4, 2020

I suspect the FEDs uploaded the bait image to a site that blocks all tor exit nodes.

Pedo loades underage.jpg.com in Tor, Image doesnt load ‘Tor access blocked for this site etc’
pedo loads image in Clearnet.

The is a great reason to use a VPN Router at home, using offshore, non 14 eyes servers, VPN on system, and Tor browser. QUBES WHONIX

New comments are disabled after ten days in an attempt to limit spam.