I first heard of this technique on a discussion on Lowendtalk from a hoster discussing how pressure campaigns were orchestrated.

The host used to host VMs for a customer that was not well liked but otherwise within the bounds of free speech in the US (I guess something on the order of KF/SaSu/SF), so a given user would upload CSAM on the forum, then report the same CSAM to the hoster. They used to use the same IP address for their entire operation. When the host and the customer compared notes, they'd find about these details.

Honestly at the time I thought the story was bunk, in the age of residential proxies and VPNs and whatnot, surely whoever did this wouldn't just upload said CSAM from their own IP, but one possible explanation would be that the forum probably just blocked datacenter IPs wholesale and the person orchestrating the campaign wasn't willing to risk the legal fallout of uploading CSAM out of some regular citizen's infected device.

In this case, I assume law enforcement just sets up a website with said CSAM, gets archive.is to crawl it, and then pressurize DNS providers about it.

That in itself is quite shocking really.

It is even more interesting the US government is coming after archive.today at the same time, or maybe that is just a coincidence, and this is just a tech-savvy philanderer trying to hide something from his wife.