"9. IP download logs of any Python Package Index (PyPI) packages uploaded by the given usernames"
This was the point where I was wondering if this is really about some malicious packages or something more along the lines of copyright infringement software.
This definitely seems like a significant element of the ask, but for any popular package a list of all the downloaders would be pretty overwhelming in size (and I think of very limited utility). I'm guessing that some versions of some more obscure package(s) were identified as being used in an attack and they're either trying to identify potential attackers or other victims (or both) of that attack.
From a 2021 article[1] about packages used to deliver malware
"we have alerted PyPI about the existence of the malicious packages which promptly removed them. Based on data from pepy.tech, we estimate the malicious packages were downloaded about 30,000 times."
For comparison yt-dlp has tens of millions of total downloads and gets downloaded over 70,000 times every day [2]
This was the point where I was wondering if this is really about some malicious packages or something more along the lines of copyright infringement software.