Looks like the forum automatically capitalizes the first letter of each word in the title. Can I get someone to change that, please?
At about 30 seconds in to the video: Not sure about the q7af7v87 part, could be: q7(a|s)f7v87(D|B|8|....) Added: scp syntax: $ scp [email protected]:foobar.txt /some/local/directory To copy foobar.txt from remote host to local folder.
Ha that is hard to spot vortic! I see q7af7v87B, but I could be wrong. Also, up there is dancing_ghosts.zip. Nice quiet shoutout to DTG. Edit: Also q7af7v87B is not her actual password :c
https://rosenbergclinic.com/patients/q7af7vstuff Leads to a real jewelry site run by HE. Probably not important, but worth pointing out, if for no other reason than for Anashel to close that link.
I not sure but I find the site this https://rosenbergclinic.com/patients/q7af7vstuff is pointing to rather suspicious... could it be paranoia? P.D.: I need to say it: I may be paranoid, but I'm not an android
Chrome is warning me to not go to the site because of an SSL error, so it may not be intentional. Also, it looks like you can actually buy jewelry on there so I'm gonna say its a real thing!
here ya go: http://www.humanequation.co/news/hu...the-release-of-the-new-lsm-ecommerce-website/ so that way of accessing that site should be closed off, we wouldn't want any of us accessing a non PARG HE related site.
yeah it warns you because if they done the site some time ago , it still may have heartbleed in it, nay ?
Vismal and I were poking at this a bit last night... I'm going to call the jewelry site a dead end (although I still see some potential for the host itself, and maybe even the /patients/ URL - see below). 1) There's no source for "q7af7vstuff". That was my shorthand for the string that appears to start with "q7af7v..." in Ruke's screenshot from the video: http://i.imgur.com/IC09fzP.png . 2) The redirect actually happens on any address under (and including) https://rosenbergclinic.com/ 3) https://bijouterielsm.com/ looks suspiciously like an HE site because... well... it is an HE site. Just not an ARG one. It appears that they've actually been cheating on us, going behind our backs and wasting time that should've been exclusively devoted to our entertainment on *shudder* serious contracts. For real businesses, even. http://www.humanequation.co/news/hu...the-release-of-the-new-lsm-ecommerce-website/ It looks like, since rosenbergclinic.com doesn't have a site configured on port 443, the server's falling back on another site it hosts that does have one defined - since both bijouterielsm.com and rosenbergclinic.com look to be hosted on equation1.multialtos.com - 69.51.202.77. The sharp-eyed (or better caffeinated than I) may notice that 69.51.202.77 is also where we see rrecchi logged in. No, it doesn't appear to allow telnet or ssh connections, unless they're on some non-standard port - so either he was connected locally, or we're looking at another ARGnix web-based terminal setup. (I suppose that means that what rrecchi's really doing there is moving files from the clinic's system... to the clinic's system. I'm not sure how intentional that bit is - it's a rather roundabout way to copy things from an account he clearly has access to - so I'm going to conveniently ignore it for the moment) It may still be worth looking at http://rosenbergclinic.com/patients/q7whatever_this_string_is, though. While /var/mnt/patients - where our old buddy Randy appears to be copying Miz Baup's files - doesn't seem like an entirely logical place for http://.../patients/ to sit on a real server, it's perfectly plausible based on what we've seen of ARGnix (which tends to bend *nix conventions rather freely to suit the plot or puzzle)... except that then we'd probably also be seeing http://rosenbergclinic.com/dancing_ghosts.zip, .../room(patient.1976).mp4 (the same as room.mp4, which we've seen?), and maybe .../breach.crack.pwd. So maybe I need to find some coffee and rethink this whole thing from the beginning. -Bats (or is that brunch.crack.pwd? maybe I need to find some food, too)
Err.. yeah. That's what I was taking all that time trying to say. -Bats (well, that and "look! rrecchi! vbaup! hax! coffee!")
I was way tired last night and a little tipsy and I really freaked when I heard the exorcism audio (muffled/modulated through my browser somehow) and was certain it wasn't supposed to be there as I thought it came from elsewhere. Also I tried so many combinations of the site, I even ran a Reaper on Rosenberg site (baring HTTPS) to see if there were any secret pixel links I didn't spot on the first go at it...and nothing, or rather, was too tired to care by that point. Good thing Bats was there to keep me grounded or I'd have gone on a paranoid-spree...ugh I need more coffee...
Just for future reference, I thought it was prudent to add the link to the Rosenberg doc we had going, as it might be beneficial to have handy, in case people start going looney over things others have already gone partially looney over before (initially it was only Nikel and I who heard the exorcism track, because it's connected to your computers clock, and plays between 11 p.m. and 6 a.m. - quite keepy going "why's nobody else hearing this!?") - although I'm sure Nikel's guide, which I believe he will move over here, will cover those aspects as well. Link's in "Rosenberg doc", but colour is the same as normal font, so just to avoid confusion, here's the url: https://docs.google.com/spreadsheets/d/1qwI1-dhICLm7wIM89r_Qp8WSLR5saZiw0VJGPKPs0QE/edit#gid=0
Yeah I knew the doc and the exorcism related to time, but I *thought* it shouldn't be showing on that page; because sleeplessness lol. But yeah, the doc and original Nikel guide should be reviewed for sure for all new agents/old agents wanting to catch up (and for reference before freaking out over nothing...)
Ok, tonight I'll try to put together a whole big catch-up guide for new folks but I'll probably need some help! My writing style is very terse and not pretty so it'll have to be a group effort.
Nikel, I would be happy to assist with the catch-up guide. I am getting caught up myself so reading it over while editing would benefit both of us. I'll message you as I run into questions.
You know you're off the rails when I start looking like a stabilizing influence. -Bats (I got a belfry full of 'em!)
This is why I love you guys. You get one video and imediately you start digging and searching for clues. And who knows-- maybe you might actually find something...
