API tools faq
paste
Advertisement
LilithsKitty

Blunter.xyz DROPPED

LilithsKitty
Mar 8th, 2018
2,008
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.89 KB | None | 0 0
raw download clone embed print report
  1. Blunter.xyz Information gathering (PRE DOMINATION OF BLUNTER.XYZ)
  2. In here you will find just simple information on blunter.xyz such
  3. as its SSL certificates as well as its backend. etc etc..
  4. Blunter.xyz no longer exists. Here is why.
  5. They came onto our stresser (supremestresser.net) and messaged
  6. the live support chat. (I answered) They threatened me saying to
  7. give them a free plan or they would ddos our website so I nulled
  8. the kids home connection and hit his hotspots multiple times before
  9. he was able to take down our stresser with blunter.xyz via a L7 attack
  10. method. SO, that pissed us off. I then procceded to file abuse reports
  11. to nic xyz reporting their domain and how it was conducting the illegal
  12. use of botnet ddos attacks and selling their services. Doing that
  13. had their SSL revoked by cloudflare as well as go the domain Blunter.xyz
  14. banned. Prior to the actual suspension of the domain we found their
  15. vps backend which can be found in this document. We then slapped their
  16. supposidly unhittable 250gb ddos protected dedicated vps and null routed it.
  17. now the kid @djflash97 on instagram is making several claims saying
  18. he is taking down supremestresser.net while we are doing work on our server
  19. and our source. How pathetic right? :)
  20.  
  21.  
  22. DOMAIN INFORMATION
  23. Domain:blunter.xyz
  24. Registrar:OVH
  25. Registration Date:2017-06-01
  26. Expiration Date:2018-06-01
  27. Updated Date:2018-01-31
  28. Status:clientTransferProhibited
  29. clientDeleteProhibited
  30. Name Servers:lady.ns.cloudflare.com
  31. tony.ns.cloudflare.com
  32. REGISTRANT CONTACT
  33. Name:Giuseppe Marino
  34. Street:office #10443228
  35. c/o OwO, BP80157
  36. City:Roubaix Cedex 1
  37. Postal Code:59053
  38. Country:FR
  39. Phone:+33.972101007
  40. Email:email@u.o-w-o.info
  41. ADMINISTRATIVE CONTACT
  42. Name:Carmelo Melindo
  43. Street:office #10443228
  44. c/o OwO, BP80157
  45. City:Roubaix Cedex 1
  46. Postal Code:59053
  47. Country:FR
  48. Phone:+33.972101007
  49. Email:email@m.o-w-o.info
  50. TECHNICAL CONTACT
  51. Name:Carmelo Melindo
  52. Street:office #10443228
  53. c/o OwO, BP80157
  54. City:Roubaix Cedex 1
  55. Postal Code:59053
  56. Country:FR
  57. Phone:+33.972101007
  58. Email:email@m.o-w-o.info
  59. BILLING CONTACT
  60. Name:Carmelo Melindo
  61. Street:office #10443228
  62. c/o OwO, BP80157
  63. City:Roubaix Cedex 1
  64. Postal Code:59053
  65. Country:FR
  66. Phone:+33.972101007
  67. Email:email@m.o-w-o.info
  68.  
  69. 1 BACKEND 185.25.207.41
  70. Whois: 185.25.207.41
  71.  
  72. #
  73. # ARIN WHOIS data and services are subject to the Terms of Use
  74. # available at: https://www.arin.net/whois_tou.html
  75. #
  76. # If you see inaccuracies in the results, please report at
  77. # https://www.arin.net/public/whoisinaccuracy/index.xhtml
  78. #
  79.  
  80.  
  81. #
  82. # Query terms are ambiguous. The query is assumed to be:
  83. # "n 185.25.207.41"
  84. #
  85. # Use "?" to get help.
  86. #
  87.  
  88. #
  89. # The following results may also be obtained via:
  90. # https://whois.arin.net/rest/nets;q=185.25.207.41?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
  91. #
  92.  
  93. NetRange: 185.0.0.0 - 185.255.255.255
  94. CIDR: 185.0.0.0/8
  95. NetName: RIPE-185
  96. NetHandle: NET-185-0-0-0-1
  97. Parent: ()
  98. NetType: Allocated to RIPE NCC
  99. OriginAS:
  100. Organization: RIPE Network Coordination Centre (RIPE)
  101. RegDate: 2011-01-04
  102. Updated: 2011-02-08
  103. Comment: These addresses have been further assigned to users in
  104. Comment: the RIPE NCC region. Contact information can be found in
  105. Comment: the RIPE database at http://www.ripe.net/whois
  106. Ref: https://whois.arin.net/rest/net/NET-185-0-0-0-1
  107.  
  108. ResourceLink: https://apps.db.ripe.net/search/query.html
  109. ResourceLink: whois.ripe.net
  110.  
  111. OrgName: RIPE Network Coordination Centre
  112. OrgId: RIPE
  113. Address: P.O. Box 10096
  114. City: Amsterdam
  115. StateProv:
  116. PostalCode: 1001EB
  117. Country: NL
  118. RegDate:
  119. Updated: 2013-07-29
  120. Ref: https://whois.arin.net/rest/org/RIPE
  121.  
  122. ReferralServer: whois://whois.ripe.net
  123. ResourceLink: https://apps.db.ripe.net/search/query.html
  124.  
  125. OrgTechHandle: RNO29-ARIN
  126. OrgTechName: RIPE NCC Operations
  127. OrgTechPhone: +31 20 535 4444
  128. OrgTechEmail: hostmaster@ripe.net
  129. OrgTechRef: https://whois.arin.net/rest/poc/RNO29-ARIN
  130.  
  131. OrgAbuseHandle: ABUSE3850-ARIN
  132. OrgAbuseName: Abuse Contact
  133. OrgAbusePhone: +31205354444
  134. OrgAbuseEmail: abuse@ripe.net
  135. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE3850-ARIN
  136.  
  137. {
  138. "25": {
  139. "smtp": {
  140. "starttls": {
  141. "ehlo": "250-UNKNOWN\r\n250-PIPELINING\r\n250-SIZE 10240000\r\n250-VRFY\r\n250-ETRN\r\n250-STARTTLS\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250 DSN",
  142. "tls": {
  143. "server_key_exchange": {
  144. "ecdh_params": {
  145. "curve_id": {
  146. "id": 23,
  147. "name": "secp256r1"
  148. }
  149. }
  150. },
  151. "certificate": {
  152. "parsed": {
  153. "tbs_noct_fingerprint": "ab80e9f75347446205478dd61f88e729ff0754c5f72faa5fbe948e799482bc63",
  154. "subject_dn": "CN=localhost.localdomain",
  155. "subject": {
  156. "common_name": [
  157. "localhost.localdomain"
  158. ]
  159. },
  160. "signature_algorithm": {
  161. "oid": "1.2.840.113549.1.1.11",
  162. "name": "SHA256WithRSA"
  163. },
  164. "redacted": false,
  165. "serial_number": "13514623486610423638",
  166. "validation_level": "unknown",
  167. "issuer_dn": "CN=localhost.localdomain",
  168. "fingerprint_sha1": "2d67ff4ec3c271575acbb8f2a9eeef42c3dc8da5",
  169. "version": 3,
  170. "fingerprint_sha256": "d03c38d1a3b61256198fc6218b404b5af474c49b668975abdadf5a89a57a30e7",
  171. "names": [
  172. "localhost.localdomain"
  173. ],
  174. "tbs_fingerprint": "ab80e9f75347446205478dd61f88e729ff0754c5f72faa5fbe948e799482bc63",
  175. "validity": {
  176. "start": "2017-10-06T12:36:17Z",
  177. "length": 315360000,
  178. "end": "2027-10-04T12:36:17Z"
  179. },
  180. "extensions": {
  181. "basic_constraints": {
  182. "is_ca": false
  183. }
  184. },
  185. "fingerprint_md5": "28814a4a0484d8c06785427ac173573a",
  186. "subject_key_info": {
  187. "fingerprint_sha256": "76ce581d242f158f09ad74bc039133badaa55a38d8b07e334301b4deb9ffc131",
  188. "key_algorithm": {
  189. "name": "RSA"
  190. },
  191. "rsa_public_key": {
  192. "length": 2048,
  193. "modulus": "yIiwLFdgEjhrSt61mULISWKUuegfHN/s9uXqaUpTpyO87N7Nk2GD61QcDxY6hjl0cdGn6uDnXQ2LI8T+hX4+WsO1xyFiphrKWMY0x3ZvY504CfKhUAYQPoDQQxQeQBnIfpVDizYyLZ7X93/H10SD+j+RibiOU9C+hXEPNQ2mKh0Z5+t0kD6R9S2GYhENGivWJZPh4Lg3tW+kLyemA0ejXcuWmpxGXf13pPR5KwFqBqJthgXA6Hsw4zck2YWeIWi39GW0v83os2ibDqhMNnWhz4hF5eRzQiThJOp2nrG60mMHKufX9eOluvwz7PvFsVbboVylhPgcVrpfDrf4aY0VRw==",
  194. "exponent": 65537
  195. }
  196. },
  197. "signature": {
  198. "self_signed": true,
  199. "valid": false,
  200. "value": "CvRb3/Ihg0vqH14nIiLdb2LgQ6E5VD0PMcuddYqLlGqNfkrkBNrNQqPzMwOC/ARptFi+zwBQSjJOQpHZHUsqNtI/z4wt9syNgQIA53OqaZ2ja2Dlv/+wbYV2+m18d9K4Fhztl+4e7IPw5KgAJfVxbdny+cIJvNhvfq+6tiUG7Yl7LZRVBfYeurfSccTqgWjzLJWb+1ODLGBHsnPfs1d/k5bxEayTT9Qk6BK5qo2ZK6LCbs+DRvxUSEAxZ2+fo1kXfDx+UoZiZSRmL2CWZj2end27NHuWQ7Ie4l/5/EW+amMVZ+YhV0vsi7jQ0c3zvkIECwO+JfQGRUS+Bi4NIkBsIQ==",
  201. "signature_algorithm": {
  202. "oid": "1.2.840.113549.1.1.11",
  203. "name": "SHA256WithRSA"
  204. }
  205. },
  206. "spki_subject_fingerprint": "3515143d312c00ac7d80d872dc0e8bbe64d9309cf3e7a6cb356cda189960766b",
  207. "issuer": {
  208. "common_name": [
  209. "localhost.localdomain"
  210. ]
  211. }
  212. }
  213. },
  214. "cipher_suite": {
  215. "id": "0xC02F",
  216. "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  217. },
  218. "version": "TLSv1.2",
  219. "ocsp_stapling": false,
  220. "signature": {
  221. "hash_algorithm": "sha512",
  222. "valid": true,
  223. "signature_algorithm": "rsa"
  224. },
  225. "validation": {
  226. "browser_trusted": false,
  227. "browser_error": "x509: unknown error"
  228. }
  229. },
  230. "starttls": "220 2.0.0 Ready to start TLS",
  231. "banner": "220 UNKNOWN ESMTP Postfix (Debian/GNU)",
  232. "metadata": {
  233. "product": "Postfix",
  234. "description": "Postfix"
  235. }
  236. }
  237. }
  238. },
  239. "tags": [
  240. "http",
  241. "smtp"
  242. ],
  243. "ip": "185.25.207.41",
  244. "updated_at": "2018-03-01T03:03:35+00:00",
  245. "ports": [
  246. "25",
  247. "80"
  248. ],
  249. "location": {
  250. "country": "Italy",
  251. "longitude": 12.1097,
  252. "registered_country": "Italy",
  253. "registered_country_code": "IT",
  254. "country_code": "IT",
  255. "latitude": 43.1479,
  256. "timezone": "Europe/Rome",
  257. "continent": "Europe"
  258. },
  259. "80": {
  260. "http": {
  261. "get": {
  262. "body": "Visit now our stresser ;D\r\n\r\nhttps://blunter.xyz/",
  263. "headers": {
  264. "content_length": "49",
  265. "unknown": [
  266. {
  267. "value": "Thu, 01 Mar 2018 03:03:35 GMT",
  268. "key": "date"
  269. }
  270. ],
  271. "content_type": "text/html; charset=UTF-8",
  272. "server": "Apache/2.4.10 (Debian)"
  273. },
  274. "status_code": 200,
  275. "status_line": "200 OK",
  276. "body_sha256": "15abade42b857b72e04f9feae978f9ec3a0944b53e0c77bd400408331f7ab17a",
  277. "metadata": {
  278. "product": "httpd",
  279. "version": "2.4.10",
  280. "description": "Apache httpd 2.4.10",
  281. "manufacturer": "Apache"
  282. }
  283. }
  284. }
  285. },
  286. "autonomous_system": {
  287. "description": "ASSERVEREASY, IT",
  288. "rir": "unknown",
  289. "routed_prefix": "185.25.204.0/22",
  290. "country_code": "IT",
  291. "path": [
  292. 7018,
  293. 3257,
  294. 60798
  295. ],
  296. "asn": 60798,
  297. "name": "ASSERVEREASY"
  298. },
  299. "protocols": [
  300. "80/http",
  301. "25/smtp"
  302. ],
  303. "metadata": {
  304. "os": "Debian",
  305. "os_description": "Debian"
  306. }
  307. }
  308.  
  309.  
  310. Domain Name: BLUNTER.XYZ
  311. Registry Domain ID: D48230944-CNIC
  312. Registrar WHOIS Server: whois.ovh.com
  313. Registrar URL: http://www.ovh.com
  314. Updated Date: 2018-01-31T20:12:10.0Z
  315. Creation Date: 2017-06-01T15:10:10.0Z
  316. Registry Expiry Date: 2018-06-01T23:59:59.0Z
  317. Registrar: OVH
  318. Registrar IANA ID: 433
  319. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  320. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
  321. Registry Registrant ID: C176429358-CNIC
  322. Registrant Name: Giuseppe Marino
  323. Registrant Organization:
  324. Registrant Street: office #10443228
  325. Registrant Street: c/o OwO, BP80157
  326. Registrant City: Roubaix Cedex 1
  327. Registrant State/Province:
  328. Registrant Postal Code: 59053
  329. Registrant Country: FR
  330. Registrant Phone: +33.972101007
  331. Registrant Fax:
  332. Registrant Email: email@u.o-w-o.info
  333. Registry Admin ID: C176429368-CNIC
  334. Admin Name: Carmelo Melindo
  335. Admin Organization:
  336. Admin Street: office #10443228
  337. Admin Street: c/o OwO, BP80157
  338. Admin City: Roubaix Cedex 1
  339. Admin State/Province:
  340. Admin Postal Code: 59053
  341. Admin Country: FR
  342. Admin Phone: +33.972101007
  343. Admin Fax:
  344. Admin Email: email@m.o-w-o.info
  345. Registry Tech ID: C176429368-CNIC
  346. Tech Name: Carmelo Melindo
  347. Tech Organization:
  348. Tech Street: office #10443228
  349. Tech Street: c/o OwO, BP80157
  350. Tech City: Roubaix Cedex 1
  351. Tech State/Province:
  352. Tech Postal Code: 59053
  353. Tech Country: FR
  354. Tech Phone: +33.972101007
  355. Tech Fax:
  356. Tech Email: email@m.o-w-o.info
  357. Name Server: LADY.NS.CLOUDFLARE.COM
  358. Name Server: TONY.NS.CLOUDFLARE.COM
  359. DNSSEC: unsigned
  360. Registry Billing ID: C176429368-CNIC
  361. Billing Name: Carmelo Melindo
  362. Billing Organization:
  363. Billing Street: office #10443228
  364. Billing Street: c/o OwO, BP80157
  365. Billing City: Roubaix Cedex 1
  366. Billing State/Province:
  367. Billing Postal Code: 59053
  368. Billing Country: FR
  369. Billing Phone: +33.972101007
  370. Billing Fax:
  371. Billing Email: email@m.o-w-o.info
  372. Registrar Abuse Contact Email: email@domain.ovh.net
  373. Registrar Abuse Contact Phone: +33.974530814
  374.  
  375. The response was:
  376. 521 No Redirect Entry for this address
  377.  
  378.  
  379. Final-Recipient: rfc822; email@u.o-w-o.info
  380. Action: failed
  381. Status: 5.0.0
  382. Remote-MTA: dns; redirect.ovh.net. (213.186.33.5, the server for the domain u.o-w-o.info.)
  383. Diagnostic-Code: smtp; 521 No Redirect Entry for this address
  384. Last-Attempt-Date: Mon, 05 Mar 2018 11:05:58 -0800 (PST)
  385.  
  386.  
  387.  
  388. blunter.xyz receives about 550 unique visitors and 2,200 (4.00 per visitor) page views per day
  389. which should earn about $1.91/day from advertising revenue. Estimated site value is $725.30.
  390. According to Alexa Traffic Rank blunter.xyz is ranked number 438,433 in the world and 0.00011% of
  391. global Internet users visit it. Site is hosted in San Francisco, CA, 94107, United States and links to
  392. network IP address 104.27.30.43. This server doesn't support HTTPS and doesn't support HTTP/2.
  393.  
  394. Users%Pageviews%Rank
  395. Poland 32.8%35.4%54636
  396. Morocco 19.8%18.9%15944
  397. Russian Federation 4.5%4.2%573197
  398. Ukraine 1.7%2.4%248957
  399.  
  400.  
  401. blunter.xyz resolves to 104.28.11.247
  402.  
  403. Server Type: cloudflare
  404.  
  405. The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
  406.  
  407. The certificate was issued by Comodo.
  408.  
  409. The certificate will expire in 184 days.
  410.  
  411. The hostname (blunter.xyz) is correctly listed in the certificate.
  412. Common name: sni143952.cloudflaressl.com
  413. SANs: sni143952.cloudflaressl.com, *.bdmusic4u.com, *.beachpaderno.it, *.blueebookvaluedownlaod.tk, *.blunter.xyz, *.blunternoreply.info, *.buytime.pk, *.crestphuket.com, *.dalcerotermoformature.com, *.freesoftquesto57.cf, *.grisoni.it, *.hdupload.me, *.hdupload.net, *.hdworlds.pw, *.ishqwood.com, *.lauraepifani.it, *.lavillettaristorante.com, *.montrealenhistoires.ca, *.mxcp51.org, *.mxcp96.org, *.mxcp98.org, *.oxc0w1hp5.ga, *.rintiklagu.tk, *.rosariopgdisorda.tk, *.stclineevita.it, *.tseng.cc, *.tube-superstar.com, *.usedtextbooksonlinefree.tk, *.worldsapart.com, bdmusic4u.com, beachpaderno.it, blueebookvaluedownlaod.tk, blunter.xyz, blunternoreply.info, buytime.pk, crestphuket.com, dalcerotermoformature.com, freesoftquesto57.cf, grisoni.it, hdupload.me, hdupload.net, hdworlds.pw, ishqwood.com, lauraepifani.it, lavillettaristorante.com, montrealenhistoires.ca, mxcp51.org, mxcp96.org, mxcp98.org, oxc0w1hp5.ga, rintiklagu.tk, rosariopgdisorda.tk, stclineevita.it, tseng.cc, tube-superstar.com, usedtextbooksonlinefree.tk, worldsapart.com
  414. Valid from February 26, 2018 to September 5, 2018
  415. Serial Number: 8d74563ea2bddbdcd3936c94b578e794
  416. Signature Algorithm: ecdsa-with-SHA256
  417. Issuer: COMODO ECC Domain Validation Secure Server CA 2
  418.  
  419. Common name: COMODO ECC Domain Validation Secure Server CA 2
  420. Organization: COMODO CA Limited
  421. Location: Salford, Greater Manchester, GB
  422. Valid from September 24, 2014 to September 24, 2029
  423. Serial Number: 5b25ce6907c4265566d3390c99a954ad
  424. Signature Algorithm: ecdsa-with-SHA384
  425. Issuer: COMODO ECC Certification Authority
  426.  
  427. Common name: COMODO ECC Certification Authority
  428. Organization: COMODO CA Limited
  429. Location: Salford, Greater Manchester, GB
  430. Valid from May 30, 2000 to May 30, 2020
  431. Serial Number: 4352023ffaa8901f139fe3f4e5c1444e
  432. Signature Algorithm: sha384WithRSAEncryption
  433. Issuer: AddTrust External CA Root
  434.  
  435.  
  436. Domain: blunter.xyz
  437. Cloudflare
  438. DNS IPv4 IPv6
  439. mail.blunter.xyz No DNS record No DNS record
  440. mobile.blunter.xyz No DNS record No DNS record
  441. m.blunter.xyz No DNS record No DNS record
  442. direct.blunter.xyz No DNS record No DNS record
  443. direct-connect.blunter.xyz No DNS record No DNS record
  444. cpanel.blunter.xyz No DNS record No DNS record
  445. ftp.blunter.xyz No DNS record No DNS record
  446. vpn.blunter.xyz No DNS record No DNS record
  447. admin.blunter.xyz No DNS record No DNS record
  448. dev.blunter.xyz No DNS record No DNS record
  449. pop.blunter.xyz No DNS record No DNS record
  450. imap.blunter.xyz No DNS record No DNS record
  451. forum.blunter.xyz No DNS record No DNS record
  452. admin.blunter.xyz No DNS record No DNS record
  453. beta.blunter.xyz No DNS record No DNS record
  454. portal.blunter.xyz No DNS record No DNS record
  455. www.blunter.xyz 104.28.11.247 2400:cb00:2048:1::681c:bf7
  456. remote.blunter.xyz No DNS record No DNS record
  457. test.blunter.xyz No DNS record No DNS record
  458. server.blunter.xyz No DNS record No DNS record
  459. host.blunter.xyz No DNS record No DNS record
  460. webmail.blunter.xyz No DNS record No DNS record
  461. blog.blunter.xyz No DNS record No DNS record
  462. news.blunter.xyz No DNS record No DNS record
  463. stmp.blunter.xyz No DNS record No DNS record
  464. mx.blunter.xyz No DNS record No DNS record
  465. secure.blunter.xyz No DNS record No DNS record
  466. status.blunter.xyz No DNS record No DNS record
  467. ns.blunter.xyz No DNS record No DNS record
  468. ns1.blunter.xyz No DNS record No DNS record
  469. ns2.blunter.xyz No DNS record No DNS record
  470. Is the domain: blunter.xyz using CloudFlare?
  471. Using CloudFlare: Yes
  472. Current Cloudflare Domain IP: 104.28.11.247
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!