And how the hell are we gonna know that? You need to have someone you trust with your account creds so they can let us know if they drop the heat on you.
Readjust your editing to reposition the ** bold marks, bro. must be NO spaces in front of the closing ones, and they must be on each line - they do not cross over line breaks.
It's because the program you are using to translate IPv6 to IPv4 is wrong. You can't just take the last 4 bytes of an IPv6 address and turn it into IPv4. That's not how IPv6 works.
Yes, I saw you posted this in another thread, checked it, and found that it's just taking the last 4 bytes of the IPv6 address, and turning it into IPv4. That's not correct. Not all IPv6 addresses can be turned into IPv4.
I will try to explain IPv6 and IPv4 a bit, I hope you'll try to understand what I'm trying to say.
IPv4 is 32-bits long. This means there can be a total of 2^32 IPv4 addresses in the world. That's 4,294,967,296 total. That's not a lot. And as you can imagine, we ran out after a while.
As a result, IPv6 was created. IPv6 addresses are 128-bits long. That means there can be 2^128 of them. I'm not going to try to write out this number, suffice it to say, it is way, way bigger than the number of IPv4 addresses.
Here's the problem: since there are way more IPv6 addresses than IPv4 addresses, the majority of IPv6 addresses can't be converted to IPv4 addresses.
What the script you used is doing, is it takes the 128-bit IPv6 address, completely ditches the first 96-bits, and uses the last 32-bits to convert to IPv4. That is not valid.
Here's how you can verify that I'm correct. You were converting fe80::792b:3e74:df1b:c565, and the script told you it translates to 223.27.197.101. Now try a totally different address, keeping only the last 32-bits, say, 0000::0000:0000:df1b:c565. See what you get.
Mesa county is in Colorado, it's more than 45 minutes away from Phoenix (Maricopa county), unless you are talking about flight time? But thanks for your research, this is HUGE!
The mainstream media is doing the worst job for the people. This needs to be at the top of every news outlet. The machine not only connect to the internet, but here is proof that someone remotely connected on election day. Absolute proof the election was stolen. Instead we get crickets from the media. Do your job media and stand up for the people! Otherwise we know you are playing a role in the steal. Time to stand up for what is right media!
Is that in the torrent? Did they release just the locked forensic image or the whole dd of the disk? if there's a dd or a vmdisk i can set it up within my red network where i do pentesting and exploit, curious to see what a good round of owasp and metasploit would find
Yep it started to seed then, yesterday was still dead, good, found something to do to maintain the mood once the symposium is over lol, plus it's a while i don't boot up the evil stack, could be funny
both images so we can even make a full comparison of the disks structure, yesterday they spoke about the password being missing, if it's windows 7 or boots up via bios should be quickly bypassable with no need to crack them
That is awesome, I'm happy to hear that. I was it for 20 years and have since changed professions. It does my heart good to see more nerds in the fold.🇺🇸😁👍🇺🇸
It's always worth pointing put these signposts for others to follow up. If it has been then no harm no foul, but if it was missed due to the mountain of data to trawl through then it's an invaluable reference.
If I ever get my hands on the pcap files I will create some tutorials and pointers on how to isolate data streams and interpret the results. My wireshark filters with 30-50 terms are frightening ;)
Someone from the audience on day two did mention looking into the IIS logs. It was when they were going over the forensic image. I'm sure they're looking at it.
The Sec State is in Phoenix, which is the largest city in Maricopa County so I'm not sure what you mean about 45 minute drive to Maricopa? Do you mean the city of Maricopa, which is about an hour away from Phoenix? If so, it is not an issue, unless you found the calls originating from the city of Maricopa?
What? That doesn't make sense. I can't tell if you are joking or not.
Ultimately, if someone from Phoenix AZ was in their system, they were doing it from Maricopa County. Seeing as I live here, I would say that my statement is a factual statement and you may be confused
This is an impressive source because it's a pretty standard log showing incoming traffic. It's not captured network traffic or something obscure, this is pretty straightforward evidence of not just being connected to the internet, but being accessed by some outside source.
I'm not as network savvy but do you know what the line about .NET CLR is? That's a .NET plugin that can be called in a SQL Server Database. Secure databases should limit who has access to install a CLR, but why is this showing in this log file, is a call being made in this server from a CLR function or is the call coming from a CLR function?
The part that references .Net CLR is called the User Agent, it's basically a relatively generic set of information about the system that is making the request. When it's not being tampered with (which is very easy to do), it generally can be used to determine some details and features of systems/browsers making the request. I.e. Is it a phone or desktop, windows/linux/osx, google chrome/firefox/internet explorer, etc.
That .Net CLR line specifically is there because is using a tool/client developed with a .Net language and that's how it's choosing to identify itself via the User Agent.
CLR itself isn't anything nefarious, it's ultimately just a bunch of libraries/code that Microsoft created to simplify developing with .Net languages (C#, VB.net, etc). Think of it as a code infrastructure/toolkit that you use as building blocks to make something.
I didn't examine the log entries too closely, but it appears that a file is being submitted/uploaded through a SOAP api call.
Curious what pairing the logs up with whatever data Lindell was supposed to have captured shows. In theory should be able to filter the TCP stack pretty easily with that information.
It has no geolocation because it's reserved for multicast traffic, i.e. sending the same stream of data to multiple recipients. There's no technical reason it couldn't be used for something else, but it would not be used in any typical or default configuration, as it's reserved for specific purpose. It's interesting to see an HTTP POST to an IP reserved for multicast...
Posting this is suicidal brutha
And how the hell are we gonna know that? You need to have someone you trust with your account creds so they can let us know if they drop the heat on you.
Excellent, trust is probably the most undervalued commodity in the world. There isn't much else I can think of that's more valuable.
Good luck Fren and God Bless!
Dude….make a countdown timer to the deadman switch right now.
Runbeck election services? Ballot printers, receives returned ballots mailed out, and prints extra ballots on demand?
Could be a hacking attempt with that many connections.
You Digital Soldiers are much appreciated and will ensure the war is won! Thank you.
Imgur compresses the fuck out of their pictures. It’s still unreadable
Readjust your editing to reposition the ** bold marks, bro. must be NO spaces in front of the closing ones, and they must be on each line - they do not cross over line breaks.
Whether people ever learn who the Autistics are or not, you OP are part of the group of people who will inevitably save this country.
You are a fucking hero to me. Thank you for putting in the time.
They will rue the day they decided to pick on the geeks.
Nerds (not geeks) 🤓
But didn't Jesus say the Geek would inherit the Earth?
You inherit after someone dies off, that is what we are all expecting with the vax aren't we? /s
I don't know what ANY of this means, but I thank God that the autists do!! God bless you all and thank you for sharing your wonderful knowledge!!
I'm praying they won't need it! May God send angels to protect you and yours!
fe80:: means the IPv6 address is a link-local address.
Here's a primer: https://labs.ripe.net/author/philip_homburg/whats-the-deal-with-ipv6-link-local-addresses/
It's because the program you are using to translate IPv6 to IPv4 is wrong. You can't just take the last 4 bytes of an IPv6 address and turn it into IPv4. That's not how IPv6 works.
Yes, I saw you posted this in another thread, checked it, and found that it's just taking the last 4 bytes of the IPv6 address, and turning it into IPv4. That's not correct. Not all IPv6 addresses can be turned into IPv4.
In fact, if you read the code, you see the comment at the top sends you to this Stackoverflow answer: https://stackoverflow.com/a/23147817/11404332
The explanation is there as well.
I will try to explain IPv6 and IPv4 a bit, I hope you'll try to understand what I'm trying to say.
IPv4 is 32-bits long. This means there can be a total of 2^32 IPv4 addresses in the world. That's 4,294,967,296 total. That's not a lot. And as you can imagine, we ran out after a while.
As a result, IPv6 was created. IPv6 addresses are 128-bits long. That means there can be 2^128 of them. I'm not going to try to write out this number, suffice it to say, it is way, way bigger than the number of IPv4 addresses.
Here's the problem: since there are way more IPv6 addresses than IPv4 addresses, the majority of IPv6 addresses can't be converted to IPv4 addresses.
What the script you used is doing, is it takes the 128-bit IPv6 address, completely ditches the first 96-bits, and uses the last 32-bits to convert to IPv4. That is not valid.
Here's how you can verify that I'm correct. You were converting fe80::792b:3e74:df1b:c565, and the script told you it translates to 223.27.197.101. Now try a totally different address, keeping only the last 32-bits, say, 0000::0000:0000:df1b:c565. See what you get.
Thank God for computer peeps like you.
If it started/went thru AZ everywhere...
Then we have everything with Maricopa. Everything. EVERYTHING.
thats why they were the first for cyber ninja audit.
Mesa county is in Colorado, it's more than 45 minutes away from Phoenix (Maricopa county), unless you are talking about flight time? But thanks for your research, this is HUGE!
No problem, it is very confusing to have a city named Maricopa and a county, lol. Great research, thanks for all you do!
The mainstream media is doing the worst job for the people. This needs to be at the top of every news outlet. The machine not only connect to the internet, but here is proof that someone remotely connected on election day. Absolute proof the election was stolen. Instead we get crickets from the media. Do your job media and stand up for the people! Otherwise we know you are playing a role in the steal. Time to stand up for what is right media!
This is why the symposium was important. This is why we win. Anons can’t be stopped.
Is that in the torrent? Did they release just the locked forensic image or the whole dd of the disk? if there's a dd or a vmdisk i can set it up within my red network where i do pentesting and exploit, curious to see what a good round of owasp and metasploit would find
CMZ magnet? What's the total size?
Yep it started to seed then, yesterday was still dead, good, found something to do to maintain the mood once the symposium is over lol, plus it's a while i don't boot up the evil stack, could be funny
both images so we can even make a full comparison of the disks structure, yesterday they spoke about the password being missing, if it's windows 7 or boots up via bios should be quickly bypassable with no need to crack them
How's booting up? old Bios or U/EFI?
You can reset the root password with linux. chntpw is the command.
If you need I can use passware to crack it
Ugh, curse my slow speeds. It will be too late I'm sure, but I'll be getting 1gb/1gb here in mid sept and can seed the crap out of this then.
That is awesome, I'm happy to hear that. I was it for 20 years and have since changed professions. It does my heart good to see more nerds in the fold.🇺🇸😁👍🇺🇸
You are a rockstar (NNJ)
magnet:?xt=urn:btih:dc654b50ec08a8ad5d8f6275f9cd4fcae29686c1&dn=CnuDA4EHJS0glXNC.zip&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce
magnet:?xt=urn:btih:ef534e78bbe71b3908ccf074d6d40077a3a63074&dn=ic9WLQaUKTRWV2Sv.zip&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce
This thread should be forwarded to their cyber crew IMO.
Dayum Anon!
Great catch!
What do you want to bet that someone on the red team already caught this?
It's always worth pointing put these signposts for others to follow up. If it has been then no harm no foul, but if it was missed due to the mountain of data to trawl through then it's an invaluable reference.
If I ever get my hands on the pcap files I will create some tutorials and pointers on how to isolate data streams and interpret the results. My wireshark filters with 30-50 terms are frightening ;)
Someone from the audience on day two did mention looking into the IIS logs. It was when they were going over the forensic image. I'm sure they're looking at it.
Wow. Thank you 🙏
Need to sticky
Ye as the other guy was saying, this isnt a public IP.
Finally someone who knows how to use a windows machine
AUTISTS, ASSEMBLE!
Looks like it may not be accurate.
It seems the IP doesn't actually come from AZ but from the local network as indicated by the fe80:: prefix meaning it's a link local address.
Explained in this comment thread:
https://greatawakening.win/p/12jvyq4O1w/x/c/4JDDS9R8ROh
Phoenix is in Maricopa County.
The Sec State is in Phoenix, which is the largest city in Maricopa County so I'm not sure what you mean about 45 minute drive to Maricopa? Do you mean the city of Maricopa, which is about an hour away from Phoenix? If so, it is not an issue, unless you found the calls originating from the city of Maricopa?
Hobbs is a POS, deep state, anti-Trump, treasonous b!@tch and I can't wait to see her go down for this.
She ain't no mastermind, but she's a foul, lying goon, for sure.
What? That doesn't make sense. I can't tell if you are joking or not.
Ultimately, if someone from Phoenix AZ was in their system, they were doing it from Maricopa County. Seeing as I live here, I would say that my statement is a factual statement and you may be confused
Yes, your search gave you distance from Maricopa city from Phoenix.
Can’t say I understand what this means. Can say I’m am exceedingly happy there are those of you who do. Hat’s off!
This is an impressive source because it's a pretty standard log showing incoming traffic. It's not captured network traffic or something obscure, this is pretty straightforward evidence of not just being connected to the internet, but being accessed by some outside source.
I'm not as network savvy but do you know what the line about .NET CLR is? That's a .NET plugin that can be called in a SQL Server Database. Secure databases should limit who has access to install a CLR, but why is this showing in this log file, is a call being made in this server from a CLR function or is the call coming from a CLR function?
The part that references .Net CLR is called the User Agent, it's basically a relatively generic set of information about the system that is making the request. When it's not being tampered with (which is very easy to do), it generally can be used to determine some details and features of systems/browsers making the request. I.e. Is it a phone or desktop, windows/linux/osx, google chrome/firefox/internet explorer, etc.
That .Net CLR line specifically is there because is using a tool/client developed with a .Net language and that's how it's choosing to identify itself via the User Agent.
CLR itself isn't anything nefarious, it's ultimately just a bunch of libraries/code that Microsoft created to simplify developing with .Net languages (C#, VB.net, etc). Think of it as a code infrastructure/toolkit that you use as building blocks to make something.
I didn't examine the log entries too closely, but it appears that a file is being submitted/uploaded through a SOAP api call.
Any chance it started in China and went through AZ to make it look like AZ?
Is there any encryption ?
Thank you !!!. Like some I have no idea how this works. Thank you explaining this to us.
Curious what pairing the logs up with whatever data Lindell was supposed to have captured shows. In theory should be able to filter the TCP stack pretty easily with that information.
Yeah, saw all that...and my head exploded.
It has no geolocation because it's reserved for multicast traffic, i.e. sending the same stream of data to multiple recipients. There's no technical reason it couldn't be used for something else, but it would not be used in any typical or default configuration, as it's reserved for specific purpose. It's interesting to see an HTTP POST to an IP reserved for multicast...
Did you use a VPN to download? Have a VPN that's reputable?
Is that not a Chinese vpn? Or otherwise not a safe one?
Thanks! I won't have time so may not look until next week if I do. Would be fun to piddle around tho.
I know this is a bit old, but I use Tunnel Bear.
Find a VPN service that you can pay for in cryptocurrency. Preferably Monero
Where are those AZ routers again?
Where can I download the CodeMonkeyZ files?
I cant do much with the data, wish I knew how to seed.
Thanks fren. I'm assuming the first is pre-dominion update and the second magnet is post-update?
I just want to know why we went from "The voting machines were not connected to the internet" to "Here are the connections" without a batting an eye