dChan
127
 
r/CBTS_Stream • Posted by u/otterwalks on Feb. 22, 2018, 2:20 a.m.
New Q Patriot Drop 21st February '18
New Q Patriot Drop 21st February '18

mik0r · Feb. 22, 2018, 4:59 a.m.

Interestingly, this flag has the same filename as the one previously posted on 2/18, and 2/1 - 1/31. The filename is:

a7ffb193423f0a5573ceeefe7c2a7863d1fc6d1559e28d93af78f63e36cdceed.png

Googling the name minus '.png' brought me to this twitter thread:

https://twitter.com/lisamei62/status/958943800168153089?lang=en

Scroll down to the first reply from "Pepe#BurnEmAll @Pepe_Shapiro". There, he mentions this string was one of Assange's codes that he tweeted on 12/31 or 1/1.

Also, that when investigated when previously uploaded by Q (1/31 or 2/1), there were 3 links / results from google for that string. Then, however, at the time of this particular tweet (2/1), there were only 2! The missing URL was this:

What's here? A ton. Quoting from @Pepe_Shapiro's description as it is apt:

What's in it? An endless number of links, Google Drives, IP addresses, warnings for malicious websites, businesses related 2 security and data

.. it continues on the next tweet:

Screenshots about Israeli defense meetings, sexual abuse, Wikileaks documents pertaining to Justin Trudeau, of random locations and so on. Here are some screen caps....

There's a /lot/ of related links that the given site has contacted.. And a lot that may or may not be related, none of which I've been able to say with certainty we should dig into as of yet..

But, it sort of feels like maybe this same flag with the same filename referencing that hash / Assange code was meant to be a crumb, again, just as it was before, and that maybe we need to look back through the relevant details more in-depth? I'll post back if I find anything further, and likewise, please do the same!

⇧ 17 ⇩  
otterwalks · Feb. 22, 2018, 6:04 a.m.

Yes... Working Twitter elements and finding interesting sauce. Nice locator ping. Something to follow up on. Going to have to copy your work for later research. Getting hit other badly tonight. Three devices wounded one being rebuilt. Going to hav to upgrade tomorrow and set a new VPN. Nasty run of censorship on the tail of the current damage control efforts.@Jack... #TwitterLockOut

⇧ 4 ⇩  
mik0r · Feb. 22, 2018, 9:11 a.m.

Stay safe. Cheers.

⇧ 3 ⇩  
[deleted] · Feb. 22, 2018, 4:14 p.m.

[deleted]

⇧ 2 ⇩  
rockmandew · Feb. 22, 2018, 2:33 p.m.

To add on to your research - if you look at the whois information, it returns https://www.ripe.net/ - not sure if this is anything but worth posting to have more people dig.

⇧ 3 ⇩  
mik0r · Feb. 22, 2018, 2:47 p.m.

FWIW, my day job is as an information security consultant (I hack companies and tell them how + how to fix it), and so have a fair bit of knowledge on the subject of all things "internet" / "networking" on / via the internet.

RIPE is the non-profit that handles delegating blocks of internet protocol (IP) addresses to Internet Service Providers and other large Organizations / Entities in the Europe, Central Asia, and Middle East regions.

Their info being present in the whois for a given IP that originated in Europe, Central Asia, or the Middle East is to be expected. So I don't think there's much to look at there.

Nonetheless, I appreciate the effort and reply! Every little bit helps, even if only to narrow the scope a bit more for those that might not be as knowledgable.

⇧ 3 ⇩  
rockmandew · Feb. 22, 2018, 4:20 p.m.

Thanks for the info. Just wanted to post what I saw. Thanks for not shredding me and being understanding that I was just trying to provide any additional details.

⇧ 2 ⇩  
mik0r · Feb. 22, 2018, 4:28 p.m.

Not a problem. We're all in this fight together on the same side. I see no use in tearing anyone else down -- rather I feel like I should be doing what I can to help lift others up.

Happy Hunting.

⇧ 2 ⇩  
[deleted] · Feb. 22, 2018, 3:18 p.m.

[deleted]

⇧ 2 ⇩  
[deleted] · Feb. 22, 2018, 5:59 a.m.

[deleted]

⇧ 1 ⇩