ejd4500 ago

I updated the post...tracked down another screen shot.

BTW, I personally visited this page and tried to get past it - understand how it was put together. It was a big deal on /pol

But, shortly after the page was removed. I say this because someone with minimal know-how could have faked the page and pasted the screenshot, but it was indeed actually a page on their site.

InIt2WingIt ago

just to add my 2 cents, anybody considered that MK could be the head of the Los Angeles FBI field office's child sex crimes and human trafficking division, i read they go by MK

dindonufin ago

Passwords can be hidden in the headers of the emails or in image files.

SChalice ago

I believe this is the software used to create the website:

http://www.jimdo.com/

PizzaPoop ago

In my previous testing it would return an XML that would tell me that my key was invalid.

Use ` and ` to enclose code :) (that or 4 spaces)

4740127360

SChalice ago

pizza is a codeword—not only was “cheese pizza” (CP) used on 4chan but many pedophile circles use it on the darkweb. They then use the word “slices” to describe how many images they want see

https://i.sli.mg/3tJhM5.png

PizzaPoop ago

Nope, just that menu and then the BRUNCH menu :)

Thank you. If I had TailsOS on me right now I'd run the script all night for a much wider range :D

But my current range should include 3-4 files if there aren't any other files it can find [2 copies of menu, 1 or 2 copies of brunch menu]. ;)

Petri_Krohn ago

IT IS A PIZZA MENU! -- UPDATE: NO, IT IS NOT!

I did a Google search with the first filename on the list: 6ss92y91o2piwf77 I found two relevant discussions, both on 4chan:

Anonymous (ID: iH8VgJop) 11/22/16(Tue) 12:10:17 No.99710491

Related. I have a new lead on Pizzagate.

Some anon found a bunch of secret files on Comet Ping Pong's site. Another anon found a way to download them but nobody can open them because they're disguised as .zip files but nobody knows what file type they really are.

I opened it up in notepad++ and did some looking and it looks like they're secretly .pdfs. Only problem is I have no idea how to open a potentially malicious pdf without it phoning home or attacking the computer. Any anons know? This could be the smoking gun.

http://s742dd563442b66d6.jimcontent.com/download/version/0/module/4741080860/name/6ss92y91o2piwf77.zip

Somebody please try that one.

I downloaded the 7.7 MB file. Opened it in VI in a Linux terminal. The first lines showed it was a PDF file. I then changed the file extension to .pdf. The Ubuntu file manager immediately displayed a preview thumbnail of a PDF file. Zooming in shows it is a Comet Ping Pong menu. I opened the file to confirm.

The title of the file is COMET_11_10_06. The metadata says it was created on October 6, 2011.

I have no idea how the anon managed to download the file. Maybe by brute force trying different keys.

One detail does not match up. The member area list says the size of the file is 24 MB. Is this really the same file?

The other post on 4chan only exist in on archive.is.

Anonymous (ID: 2oEMGqbG) 11/08/16(Tue)23:12:34 No.97050343▶

97046854

Here is a few example links for downloads:

http://www.cometpingpong.com/app/download/4750801860/Comet+Ping+Pong+menu.pdf

http://www.cometpingpong.com/app/download/4741080860/0gu0rgihy78uep6a.zip

If we try http://www.cometpingpong.com/app/download/4750801859/Comet+Ping+Pong+menu.pdf we get "<Message>The specified key does not exist.</Message>"

I think it's fair to assume that the key they would ask you for if you were to download the menu from the filelist would be 4750801860 in this case.

So basically to try and fetch the first file in the list from the printscreen we could try to bruteforce this URL:

http://www.cometpingpong.com/app/download/[10 DIGIT KEY]/6ss92y91o2piwf77.zip

To get amp.txt one would assume you'd have to bruteforce:

http://www.cometpingpong.com/app/download/[10 DIGIT KEY]/amp.txt

The file 0gu0rgihy78uep6a.zip is also a Ping Pong menu in PDF format.

UPDATE 1

In response to PizzaPoop below: The only part of the URL that matters is the 10-digit code. It does not matter what the filename is in the, the server will always return the same file, but rename it accorting to the request.

This explains the wrong size and wrong file type. Someone tried the 10-digit code for the November 10 menu with the filename of the 24 MB .zip file. The server served the menu, but gave it the name of the .zip file.

If you splice together a URL like this: http://www.cometpingpong.com/app/download/4750801860/Super-secret-kiddie-pr0n.pdf you will get the same menu with a different name.

It is possible to download the .zip files if one has the correct 10-digit code. It is however difficult to know what file one has downloaded. The only way of knowing is if the file has the correct size and the correct file type. (The file extension is irrelevant. What matters is the magic number at the start of the file.)

UPDATE 2

The 10-digit code may be based on the date. Here is a list of all valid URLs I have found on the site and via Google.

http://www.cometpingpong.com/app/download/4741080860/MENU.pdf?t=1317991351 (October 10, 2011?) http://www.cometpingpong.com/app/download/4741082460/SPECIALS.pdf?t=1317991370 (October 24, 2011?) http://www.cometpingpong.com/app/download/4750801860/Comet+Ping+Pong+menu.pdf?t=1437072342 (October 1, 2015?) http://www.cometpingpong.com/app/download/4750802660/BRUNCH_menu.pdf?t=1392393404 (October 2, 2015?)

The timestamp / version parameter can be missing or zero, it has no effect on the result.

Ohdrat ago

Seems like this investigation has stopped. I take it this is a dead end and those downloaded files are nothing? Please update thanks.

SChalice ago

Something fishy about this.....

PizzaPoop ago

http://www.cometpingpong.com/app/download/4750801860/WHATEVERFILENAMEHERE

Is always returning a menu for me, always 189.9 kB files. So it seems like the key here, in this case: 4750801860 is the main factor when considering which file to download. It's just that specifying a name afterwards will give you a file named whatever you put in.

For example:

http://www.cometpingpong.com/app/download/4750801860/menu.pdf = comet menu

and

http://www.cometpingpong.com/app/download/4750801860/amp.txt = comet menu (same size)

I guess this is where you were heading with this tho

EDIT: I also found something interesting here: http://s742dd563442b66d6.jimcontent.com/

The downloaded filename is : x7Z_5CbN

???

PizzaPoop ago

It's weird tho, like I it was suggested, it only gives me the menu (when I change it to pdf) no matter if I put amps.txt or whatever. Here's the url:

http://s742dd563442b66d6.jimcontent.com/download/version/0/module/47######60/name/file

And then you can replace the numbers on the inside for the file you want? I'm not technologically advanced but couldn't somebody look through all the numbers on google or something? I've just been messing around haha :)

Petri_Krohn ago

This explains the wrong size and wrong file type. Someone tried the 10-digit code for the November 10 menu with the filename of the 24 MB .zip file. The server served the menu, but gave it the name of the .zip file.

If you splice together a URL like this: http://www.cometpingpong.com/app/download/4750801860/Super-secret-kiddie-pr0n.pdf you will get the same menu with a different name.

It is possible to download the .zip files if one has the correct 10-digit code. It is however difficult to know what file one has downloaded. The only way of knowing is if the file has the correct size and the correct file type. (The file extension is irrelevant. What matters is the magic number at the start of the file.)

Ohdrat ago

Super encrypted pizza menus? I am not getting the gist of what you're saying.

28leinad82 ago

Not so sure about that, as they are both very small text files. Not sure why those 2 would be text files and the rest larger zips? And they don't have crazy names, they are just called "amp". Maybe LGL means legal, like some sort of rules or instructions for the users? Like a readme type thing.

SChalice ago

I am an IT guy. Pizza places don't have backdoors like this on their website. There wouldn't be a DL Key for each file. The zip file names would not be obfuscated. They would have names like CometLogo.zip if it was for marketing so that people could actually find what they wanted. And marketing files wouldn't be protected...

I suggest that this is a smoking gun.

devnulll ago

Pretty much - yeah. The download key is to track who of their clients downloaded what - in case shit leaks. Files names are random keyboard typed junk. These are NOT marketing materials folks - stop making names like Marketing and other bullshit. This looks exactly how a ped0 site serving ped0 demo shit should look like.

throwaway_ ago

Yeah, so right. I also don't see why a legitimate pizzeria would need such complicated codes and cyphered naming of files... this is very suspicious. Hope skilled people are on it.

Guy_Fawkes1984 ago

who ever was able to get into the download page certainly downloaded the files, right? Why wouldn't they?? WTF

noworldorder ago

MK ULTRA would be my guess. Rape and torture of children is part of the process. I'm thinking Alefantis's could be part of, or a contractor for, the CIA.

Guy_Fawkes1984 ago

the site is still up: http://www.cometpingpong.com/protected/

someone needs to hack the password ASAP

joe_hill ago

There is a Moloch in Mortal Kombat : http://mortalkombat.wikia.com/wiki/Moloch

Ohdrat ago

Archive this. I doubt they would leave this up with this type of investigation going on. Marketing and Legal may be what it is.

joe_hill ago

Moloch kill maybe

joe_hill ago

Mk = Moloch - something ?

Hanshan ago

This is really intriguimg. Are the credentials public?

Please, help me update the wiki of the case at http://www.pizzagate.review/

Thanks!

IgnorantBliss ago

Mercy killing?

InIt2WingIt ago

Dumb question I know but thought I'd ask nonetheless, has anybody tried appending .zip for .onion? To see if it throws any pages up over tor? Or using a Tor search engine such as NotEvil or DuckDuckGo to search for the files? Been lurking a few days and just registered

pg47_ ago

Just did. Nothing came up. I'll keep looking.

TopGun ago

A bluepill explanation would be "LGL" stands for "legal" and "MK" stands for "marketing". Just throwing it out there what other people may say.

The directory distribution of MK and LGL makes more sense for a couple of "legal" files and bunch of "marketing" files than for one or two "little girl lover" files and a bunch of miscellaneous pedophilia that fits into whatever "MK" is.

Also note that LGL are all .txt files while MK are all .zip files. So LGL and MK are clearly not symmetric in terms of content.

JustinMiles ago

MK could stand for MKUltra in reference of the mind control programs: https://www.youtube.com/watch?v=Nir9mOWkj5c https://en.wikipedia.org/wiki/Project_MKUltra

There could be connections between this program and the pizzagate. Here are a few excerpts from Wikipedia:

"MKUltra used numerous methodologies to manipulate people's mental states and alter brain functions, including the surreptitious administration of drugs (especially LSD) and other chemicals, hypnosis,[10] sensory deprivation, isolation, verbal and sexual abuse, as well as other forms of psychological torture."

"The song, "MK Ultra", by progressive metal band Periphery makes direct reference to the project in the title and speaks of the abuse children received from the CIA during the experiments."

"Conspiracy theorist Cathy O'Brien claims to have been subjected to the program since childhood. She names several prominent government participants in her book Trance Formation of America."

This could also explain why the PizzaGate cover-up would take place at the Government level.

ejd4500 ago

These are all good points - I don't think it's a smoking gun necessarily. I think I originally found this screen shot on 4chan/8ch. I think it's strange to have a download page with 'DL keys' for legal and marketing. Every job I've ever had - never did it this way, ever.

DarkOne ago

If i remember correctly; the anon's "sniffed" the security and said that there was no way they where able to crack it unless they had "quantum computing"... which they said doesn't make any sense. Why would the site have such heavy security?

SChalice ago

"Why would the site have such heavy security?"

LOL passwords are not heavy security just good cheap security. :)

Cracking the strong password of a zip file could take dedicated desktop computer years to crack. And yet anyone can make a strong password protected .zip file for free.

DarkOne ago

i was paraphrasing there discussion from the chan board. i personally would not know. also remember someone mentioning .gov, but might have bean Shills or Trolls. i don't know. think it archived somewhere.

ejd4500 ago

That was the supposed GB sized file that the other anon supposedly mirrored off of one of their hard drives. Can't be cracked. These files don't appear to be encrypted. They are just located by random download keys - a ten digit number. However they do seem to be clustered around the same area in that 10 digit space...

Ohdrat ago

Can you explain what that would imply?

micha_ ago

"discovered " download page? How was it discovered? HTML page available? Without a source it could only be a picture every amateur could make in Photoshop.

Rigg5 ago

It was there. I loaded up the page before it got wiped.

Skanda ago

Or Mortal Kombat.

This is a dead end.

party1981 ago

Please tell me - what does MK mean?

Did people actually download these files? Are they archived?

9217 ago

MK-ULTRA reference?

Ohdrat ago

This right here could be the smoking gun. I need a refresher on this aspect. So, in the members area of the Comet website there were allegedly enormous files available for download but they are not there anymore?. Also, I saw another post asking if anyone could decrypt these files. Why hasn't a hacker gotten on this case? When this was mentioned in another post, the .jpg attached to one of the emails was supposed to be encrypted as well? If anyone could elaborate more on this case it would be greatly appreciated.

quantokitty ago

There was someone on Twitter that said s/he was doing just that. He said he downloaded the menu. He also asked: "why would a pizza place have a .gov subdomain?" https://twitter.com/search?src=typd&q=sye_phan

anonmoose ago

Wait wait wait, I appear to have missed this revelation, do you you have an archive or link please and thanks?