BMRF.us

'''NOTE: As of November 25, 2018, the brmf.us site displays a default nginx web server installation page. Its continued relevance to the ARG is not known at this time.'''

bmrf.us is a website that is believed to be connected to The Pizza Code Mystery ARG. On Reddit, Stormseeker (the ARG's creator) stated that the site "is an umbrella site for multiple paths of the arg." 

Originally, the website had the appearance of being the homepage of the Black Mesa Research Facility. A link on the page titled "DALsys employees login" led to a subsite located at terminal.bmrf.us, which displayed what appeared to be a terminal login screen showing error messages.

In more recent developments, however, the site has changed multiple times.

Recent developments
July 22, 2019: Since 11/25/18 (see below), the BMRF.us website has been down, once again displaying the "Welcome to nginx" page. The website was previously referred to as an "umbrella site" for the ARG by Storm, so it's either that the website is no longer needed (perhaps only its branching paths are required going forward), or Storm intends to get it back up and running at a later point/once the team has completed Xen.

November 25, 2018: forums.blackmesasource.com was migrated to a new forum platform and server. At some point during or after this event, bmrf.us changed to show a default nginx web server installation page.

September 20, 2018: A user on the Steam Forums reported that the site had changed. Investigation showed that the domain had again expired (as per usual this time of year). The site was restored a few days later.

November 3, 2017: The issue with bmrf.us was resolved.

October 26, 2017: bmrf.us appears to have been hijacked.

October 24, 2017: Cloudflare is reporting "Error 520: Web server is returning an unknown error".

October 22, 2017: DNS resolution fails for the bmrf.us domain, rendering the site unreachable.

October 20, 2017: Forum user CPU noted that the phone number (800-786-1410) "is no longer in service".

October 5, 2017: The domain registration was updated and renewed for another year.

October 19, 2016: The website was changed and now looks identical to the original site (which appeared in late 2013), with the exception of a new phone number, which is now a real number with an answering machine. The terminal.bmrf.us page is also back up, but slightly changed compared to the original page, and the user is now instructed to contact the IT department on extension 12.

October 3, 2016: The domain registration was renewed.

October 1, 2016: The domain name bmrf.us expired again on September 19, 2016 at 11:59:59 PM GMT, and was subsequently "parked" by the domain registrar. As of yet, the domain does not appear to have been renewed for another year.

September 22, 2015: The registration has been renewed.

September 19, 2015: The registration for the domain bmrf.us is expired. Given the importance of the site in the history of the ARG, it is unsure why Stormseeker and his fellow gamemasters allowed this expiration to occur.

May 5, 2015: The main page now redirects to a page playing launch trailer of the Steam Release of Black Mesa. Afterwards, the visitor is redirected to the Steam store page of Black Mesa.

May 4, 2015: A new Emergency Alert System (EAS) message is being broadcast while the countdown counter continues to count down to the event date.

May 1, 2015: The site now is a distorted video feed and has three glitching numbers in the middle, apparently, going Days, Hours, Minutes, counting down to 5 May 2015 08:47:00 UTC -6:00 as stated in source code of the page.

Feb 19, 2015: The site now goes to a news website called KXBM.net to an article about the incident.

Jan 1, 2015: The site is now "broadcasting" an Emergency Alert System (EAS) message. See below for more information.

www.bmrf.us
URL: [//www.bmrf.us/ http://www.bmrf.us/] (or [//bmrf.us/ http://bmrf.us/])

Discovery and history

 * In October, 2012, a forum user who was browsing the personal website of Josh Hubi (a member of the BM team a.k.a. Hubicorn), discovered a portfolio entry with the title "BMRF.us". The portfolio page had a facsimile screenshot of a website that looked identical to the site which is now online on www.bmrf.us. The name of the screenshot image file was . The portfolio entry was deleted shortly after it was mentioned on the forum.
 * When accessed with a web browser, bmrf.us would return a "403 Forbidden" error page. This remained the case up until the website was activated around November 5, 2013.
 * A whois search revealed that the bmrf.us domain was registered to Josh Hubi.
 * DNS lookups revealed that bmrf.us, gman.blackmesasource.com and terminal.blackmesasource.com all had the same IP address.
 * On December 11, 2012, Stormseeker did an administrative update of the original forum post. In his edits, he made a reference to BMRF.us: "BMRF.us (site down, due to unforseen circumstances)".
 * On November 5, 2013, it was discovered that a website had appeared on the bmrf.us domain.
 * The last-modified time of the initial page was "Thu, 04 Nov 2013 09:09:18 GMT". The page was updated again on November 7 with minor corrections. The last-modified time of the current page is "Thu, 07 Nov 2013 00:50:03 GMT".
 * In February, 2014, forum user CPU discovered that an Iranian domain ([//iranenvex.tums.ac.ir/ http://iranenvex.tums.ac.ir/]) was displaying the exact same page as [//www.bmrf.us/ http://www.bmrf.us/]. A DNS lookup showed that the domain was pointing to the same server IP address as bmrf.us.
 * On December 11, 2014, forum user CPU discovered that the bmrf.us site was showing an "Account Suspended" page. A few days later, the site was redirecting to a "Default Web Site Page" used by the web hosting provider for unknown domains/sites, indicating that the site might have been moved to a different server.
 * On December 17, 2014, the site was completely unreachable.
 * On December 25, 2014, the site was back up again, now running on a server with a different IP address than before.
 * On December 31, 2014, 23:51 GMT (as indicated by the last-modified time), the site was displaying a TV test pattern with the words "Emergency Broadcast System" written across it, and was playing an audio message on a loop containing what appeared to be an Emergency Alert System message (discovered by forum user UnhingedMouse0 ). Below is a transcription of the message (transcribed by forum user faed ):

The following message is transmitted at the request of local authorities. At 9:47 AM, Mountain Time, a disaster of unknown type has occurred at the Black Mesa Research Facility causing significant damage and failure to various power and communication systems in the surrounding areas. An immediate evacuation order has been issued for all residents within a 75 mile radius of the facility, and on-site military has been dispatched to provide assistance. Make sure to bring an emergency supply of food, water, clothing, first aid kit, flashlights with extra batteries, and battery powered radios. Follow local evacuation routes which have been marked by local authorities and only use one vehicle. Do not return to the warning area until the all clear has been given. If you are not in the evacuation zone stay where you are. If you are within the evacuation area and have no transportation locate your nearest police department or military officer. Do not use telephones or cell phones except in the case of emergencies. Stay tuned to local news media outlets for further details and information on this situation.


 * On February 19, 2015, the site now redirects to a news article on a news site called KXBM.net.
 * On May 1, 2015, the site now is a broken video feed with 3 numbers in the middle. Presumably, the three numbers are days, hours, minutes, counting down to Tue, 5 May 2015, 08:47:00 -0600 as stated in the HTML source code (at first, the timezone was missing from the timestamp, which caused some confusion as to the exact time of the countdown event, but this was later corrected). The video feed was the same as the one on the KXBM.net site.
 * On May 4, 2015, the distorted video feed was replaced with a new "Emergency Broadcast System" message similar to the one that was broadcast on December 31, 2014. The countdown counter is now counting down hours, minutes and seconds to the event date. Transcript of the EAS audio message follows:

The following message is transmitted at the request of the New Mexico Department of Emergency Services.

At 9:47 a.m., Mountain Standard Time, a disaster of unknown type has occurred at the Black Mesa Research Facility causing significant damage and failure to various power and communication systems in the surrounding areas. This message replaces the previous alert, which expired at 12:01 p.m., Mountain Standard Time, this afternoon.

A full quarantine has been issued for the Black Mesa area. In the interest of public safety, all residents within a 150 mile radius of Black Mesa, New Mexico are adviced to evacuate the area immediately. Take only essential supplies and a battery powered radio. Do not use more than one vehicle for traveling. Follow local evacuation routes which have been marked by local authorities. If you are within the evacuation area and have no transportation, locate your nearest police department.

If you begin experiencing a fever, coughing, nausea, dizziness, muscle ache, pneumonia, hair loss, or any such similar ailments, please contact your nearest disease control center immediately as these symptoms may be related to recent events.

Stay tuned to local news media outlets for further information on this ongoing emergency.


 * On May 5, 2015, upon the counter reaching zero, the site redirected to a page showing a low quality video of an infomercial about the Black Mesa Research Facility, highlighting the Tau Cannon, and with the image of the G-Man appearing near the end. Subsequently, the visitor was redirected to the Steam store page for the game Black Mesa. Black Mesa had now appeared on Steam, as an Early Access game. The video turned out to be the launch trailer. For some visitors, the site became inaccessible due to the heavy traffic on the site when the counter reached zero. A small mystery still remains surrounding the URL that was used for redirecting to the Black Mesa store page. The URL included a query part, which have no known function on Steam store pages. The full URL that was used was [//store.steampowered.com/app/362890?unforeseen-consequences http://store.steampowered.com/app/362890?unforeseen-consequences].
 * On October 19, 2016, it was discovered that the website had changed and had now been restored to look like the original site, which appeared in late 2013, however, with a minor but significant change: The telephone number listed in the contact details had been replaced with a real (toll free) number with an answering machine. The last-modified date of the page was "Wed, 19 Oct 2016 01:38:30 GMT" as stated in the HTTP response headers from the web server. The terminal.bmrf.us page was now also live, but slightly changed compared to the original page, and had a message instructing the user to contact the IT department on ext. 12.
 * On October 20, 2016, a new version of the HTML page of the main site was uploaded with a minor addition made to the HTML source code. The last-modified date was "Thu, 20 Oct 2016 20:29:01 GMT" (which is unchanged as of August 6, 2017.) The addition to the HTML source code was:
 * Following the discovery of the new phone number, players attempt to call the number. Upon calling the number, the caller would hear a recording of the original EAS message from Jan 1, 2015 being played back. Players try dialing different extensions like 12 and 21 with inconclusive results. This is what has been learned so far:
 * In some cases, the playback would cut off and then a sound clip from the Steam release launch trailer (from time index 01:16) would play back.
 * Sometimes, a female voice would ask for a password. Various passwords have been tried, with no luck. The answering machine will hang up quickly when the wrong numbers are typed.
 * At least two players would sometimes hear a sequence at the beginning of the playback of what sounded like someone sending morse code by tapping a key on a phone, before the recording would fade back into the EAS message. It quickly became clear that this was not morse code, but something else. A recording of the sequence can be found here. Analysis of the beeps showed that they were generated using a DTMF tone pair consisting of the frequencies 770 Hz and 1633 Hz, which corresponds to the B key, which is an unusual key not found on modern phones. As of yet, this beep code sequence has not been decoded or solved. An attempt has been made to measure the durations of the beeps in order to facilitate further analysis. The results of the measurements can be found in forum posts here and here.
 * The domain registration for bmrf.us was updated on October 5, 2017, and was renewed for another year.
 * On October 20, 2017, forum user CPU noted that the 800 number (800-786-1410) on the bmrf site "is no longer in service".
 * On October 20, 2017, forum user CPU noted that the 800 number (800-786-1410) on the bmrf site "is no longer in service".

ASCII art
In the HTML code of the main site, ASCII art resembling the Half-Life lambda logo (a circled λ) is found embedded in HTML comment tags.

?MMMI MMMMMMMNNNNNNNN OMMMMNNN. . ONNNNNNN MMMMN. .DDDD+ NMMNN                 DDD8 NMNN     DDDDDD         D888 MNNN        8888. ,OOO .NNN          8OOO          OZOO NNNO          OOZZ. $ZZ NNN          ZZZ$$$          777 .NDD         Z$$$7777         :II= DDD        $$77 III? ,??~     DD8        $77I. ??++       =++       D888      77II. ===.             =88O     7II? ::  ::::        8OOZ   7I??. ::::,.. ,,,,         OZ$$. ,,,,           $$7I? ....             :I?++=             ......                 +==::,,    ........                      ::,,............                            ........

The same ASCII art can also be found in the HTML code of www.blackmesasource.com with a comment below referencing www.bmrf.us (initially the comment below the ASCII art said "When It's Done, It Will Be Great", but was later changed to "www.bmrf.us"). www.blackmesasource.com was updated with a new design around the same time the BMRF page appeared.

The origin of the lambda ASCII art appears to trace back to another ARG, a fan-made Half-Life ARG called "The Black Mesa Incident ARG", where it also appeared in the HTML code of the main ARG site. 

terminal.bmrf.us
URL: [//terminal.bmrf.us/ http://terminal.bmrf.us/]

Discovery and history

 * At the bottom left of the webpage at www.bmrf.us, there is a link titled "DALsys employees login" which leads to terminal.bmrf.us.
 * A page at terminal.bmrf.us appeared on November 7, 2013 (last-modified: "Thu, 07 Nov 2013 00:50:03 GMT") . Prior to this, terminal.bmrf.us displayed a "403 Forbidden" error page.
 * The terminal.bmrf.us subdomain has been known since September, 2013, when it was discovered by user Gunsrequiem.
 * On May 1, 2015, the BMRF terminal site became unreachable when the www.bmrf.us site changed to display the countdown counter counting down towards the Steam Release.
 * On October 19, 2016, the DALsys terminal site was brought back online along with the main site. The text on the page, however, had slightly changed compared to the original text on the original site, which appeared in late 2013. The two versions of the page can be seen below on this page. The last-modified date of the page was "Wed, 19 Oct 2016 02:57:38 GMT" (which is unchanged as of August 6, 2017.)

Page contents
The page, as it appeared on November 7, 2013, displayed the following text:

 ____   _    _                   _                                             |___/
 * _ \ / \  | |    ___ _   _ ___| |_ ___ _ __ ___  ___
 * | | |/ _ \ | |  / __| | | / __| __/ _ \ '_ ` _ \/ __|
 * |_| / ___ \| |___\__ \ |_| \__ \ |_ __/ | | | | \__ \
 * ____/_/  \_\_____|___/\__, |___/\__\___|_| |_| |_|___/

DALsystems remote terminal module Copyright 200X, version 1.65

licensed to: Black Mesa Corporation

....... ....... ....... .......[CRITICAL FAULT]: CANNOT CONNECT TO LOGON SERVER '1.192.12.156:2828'

AUTOMATIC SYSTEM RECOVERY ENGAGED

....... .......[SYS MESSAGE]: Please try again later.

A new page was brought online on October 19, 2016, with a slightly different terminal text:

 ____   _    _                   _                      |  _ \  / \  | |    ___ _   _ ___| |_ ___ _ __ ___  ___  | | | |/ _ \ | |   / __| | | / __| __/ _ \ '_ ` _ \/ __| | |_| / ___ \| |___\__ \ |_| \__ \ |_  __/ | | | | \__ \ |____/_/   \_\_____|___/\__, |___/\__\___|_| |_| |_|___/                         |___/

DALsystems Remote Terminal Module Copyright 2000, Version 2.01

licensed to: Black Mesa Corporation

....... ....... ....... .......

[CRITICAL FAULT]: CANNOT CONNECT TO LOGON SERVER [SYS MESSAGE]: PLEASE CONTACT IT DEPARTMENT: EXT 12

Trivia

 * terminal.bmrf.us appeared one year to the day after HALOS.txt appeared, which contained the still unsolved 752 Hex Code.

Theories/Speculation

 * The solution to IRC clue 4 mentions BMRF and a login, which may be a reference to the www.bmrf.us site and the "DALsys employees login" located at terminal.bmrf.us.