The page documents an alternate version of events regarding the Cicada 3301 puzzle in 2012 which has been documented by a few sources.
During the 2012 puzzle, a website named "845145127" was visited leading to a series of puzzles. In this version of events, the website was
845145127.com (rather than
845145127.tk), although much of the history is documented as being the same regardless of the site (including coordinates to global QR code posters, etc).
Where the stories diverge, however, is on January 12th when
845145127.com's content is stated to have changed from coordinates to whitespace:
which when interpreting this as tabs/spaces for binary yielded a PGP-verified message:
The numbers were found to correspond to image URLs on the website, which when OutGuessed, would provide the same messages as the QR codes gained previously from real-world coordinates.
The Other "Second Chance"
Some time after emails were sent out to participants who put in their emails on the first Onion, a user posted the domain
1853143003544.tk in a chat room on n0v4, although there is no direct indication this website was created by Cicada.
This URL was the sum of the largest factor of each picture name on the QR codes:
29-vol: 162667212858: 2 3 3 11503 785627 316744223127: 3 127 14243 58369 414974253863: 13 31921096451 427566844663: 7 61169 998561 598852142735: 5 7 11 263 1109 5333 889296759263: 11 227 1699 209621 fading death: 644169769482: 2 3 19 53 106615321 876873892385: 5 131 1338738767 935691396441: 3 499 625044353 963846244281: 3 19 23 29 103 246133
The TXT record for the website said “Go to my largest part”. The largest prime factor of the number in the URL was 33091839349, so solvers went to
33091839349.tk. The website's DNS entry contained no TXT, and the site itself was some HTML with a black background and this picture: http://i.imgur.com/NHYLD.jpg.
The image, when outguessed, provided the following PGP-verified message from Cicada:
Solving this bookcode (using this page as a source) led to another Onion similar to the first one where participants were asked to enter their email addresses:
According to the documented sources, users who either submitted their email through either
sq6wmgv2zcsrix6t.onion (as seen on part 1) or
cginiziglyaobyph.onion (from this path) would eventually receive the same RSA-encrypted message.
Please see Part 2 for that message and what happened after this.