We're all just petri dishes with shoes.

biomedical engineer/computer graphics student
games, science & tea

The Survivor 2299 - compilation of doubts and hopes

So I decided to put all relevant information from reddit in one place, because hell, I don’t know what to think about this.
1. The site was registered through GoDaddy - most of Bethesda sites are registered through corporatedomains, but then again prepareforthefuture.com (the site found in the code of the survivor that is supposed to host some kind of posters) is registered by Zenimax through corporatedomains and redirects to fallout website. Plus stream.thesurvivor2299.com redirects to Bethsoft and is located in Maryland (where Bethesda is).
2. The date format is not american, but then again american date format is stupid (sorry for that xD no offense, really). Quote from /u/Partyboy690 from his post on /r/fallout:

"Open cmd on Windows or a Linux terminal and type in;

nslookup fallout.bethsoft.com

Note the resulting ip starting with 199!

Then type in;

nslookup thesurvivor2299.com

It too will start with 199, while this is not proof it definitely indicates that these sites are linked also one of the reasons why they chose European date formats is 11/12/13 looks pretty cool.”

3. The host IP is 5.133.13.121, which is located in Poland: https://www.robtex.com/dns/thesurvivor2299.com.html#record, but then again in code there are another IP adresses:¬† 199.15.249.30, 199.107.64.171 (the last one is Zenimax’s)

4. Quoting reddit user Commod0re:

  • bethesda’s domains resolve to ZeniMax owned IP address space:

    bethsoft.com, dishonored.com, and theevilwithin.com to go with your examples, all resolve to 199.107.64.171 which is within ZeniMax IP space

    A quick nmap scan reveals that this server is only available on ports 80 and 443 (HTTP/HTTPS). nmap’s best guess to OS is FreeBSD.

  • thesurvivor2299.com resolves to 199.15.249.30, which belongs to Reliable Hosting Services

    The server it’s running on is also serving DNS (a hallmark of a VPS) and possibly also outgoing mail. nmap’s best guess is some flavor of Linux. Pulling up an SSH connection with debug shows it is Debian Squeeze.

    The whois information shows the nameserver glue as ns1/ns2.thesurvivor2299.com (which both resolve to the same IP as thesurvivor2299.com) whereas all other Bethesda sites use ns1/ns2.zenimax.com

    The whois information is also subtly different:

  • The site itself is a hodgepodge of indiscriminate copy/paste work:

    • it looks like they copied/pasted a lot of useless javascript from other bethesda pages, including an age verification function that is never called and a fair amount of cookie generation material that references DOM elements that don’t exist.
    • This page, unlike fallout.bethsoft.com where it looks like they grabbed the aforementioned JavaScript from, is loading jquery from ajax.googleapis.com but doesn’t bother using it anywhere but in the countdown display and functions included in bscountdown.js
    • The cookie generation stuff also looks to be inert, as my request headers never populate a cookie, whereas they do with fallout.bethsoft.com
    • */js/ is a path never used on bethesda sites - they either have it in the root, or something more like “assets/js/”
    • There are no google analytics or doubleclick ad requests like with all other bethesda sites. You would think they would at least use the former to try to gauge the hype generated by this thing
    • Both pages are being served by nginx according to the headers, but the definitely legit fallout.bethsoft.com does not return the version in use


5. bscountdownjs is copy of http://krzysztof-furtak.pl/kk-countdown-jquery-plugin/
6. Different headers as pointed by beer_tree:

bethsoft.com

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 14 Nov 2013 22:37:33 GMT

Content-Type: text/html; charset=UTF-8

Connection: close

Set-Cookie: PHPSESSID=isooht7mnr21ova6gf00oc6ti5; path=/

Pragma: no-cache

Cache-Control: max-age=300

Expires: Thu, 14 Nov 2013 22:42:33 +0000

thesurvivor2299.com

HTTP/1.1 200 OK

Date: Thu, 14 Nov 2013 22:38:02 GMT

Server: Apache

X-Powered-By: PHP/5.4.4-14+deb7u5

Vary: Accept-Encoding

Content-Type: text/html

7. According to reddit user¬†msnthrpy: “There is a function “74aSliderLaunch” in the source. Javascript functions/variables MUST start with a letter or an underscore. There are also other errors in the code that would leave me to believe that this person is an amateur, and not a professional. The callback function for the countdown (what happens when timer reaches 0), will not doing anything because it doesn’t reference the correct element. HTML comments only need two dashes (<!— comment here —>) and not three. These are not mistakes a professional web developer would make.”

8. Generally speaking, it doesn’t look good. But to pump some hopes up - according to GI:

We heard back from Bethesda regarding TheSurvivor2299.com. The publisher declined to comment on this rumor as per policy

If it was a hoax, I want to believe that Bethesda would tell us.

  1. vault-0 reblogged this from quantum-dot
  2. drunken-empress reblogged this from quantum-dot
  3. whoisthelizardqueen reblogged this from quantum-dot
  4. t0x1ct3atim3 reblogged this from quantum-dot
  5. quantum-dot reblogged this from sturmtruppen and added:
    Better weak hope than none. I am enteriely convinced that it’s just a very good prank too, but I will cling to shreds of...
  6. tripropellant reblogged this from sturmtruppen
  7. sturmtruppen reblogged this from quantum-dot and added:
    I think that them declining to comment is pretty weak hope personally. They never comment on any rumors, and I doubt...
  8. sporecarrier reblogged this from quantum-dot