Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Blunter.xyz Information gathering (PRE DOMINATION OF BLUNTER.XYZ)
- In here you will find just simple information on blunter.xyz such
- as its SSL certificates as well as its backend. etc etc..
- Blunter.xyz no longer exists. Here is why.
- They came onto our stresser (supremestresser.net) and messaged
- the live support chat. (I answered) They threatened me saying to
- give them a free plan or they would ddos our website so I nulled
- the kids home connection and hit his hotspots multiple times before
- he was able to take down our stresser with blunter.xyz via a L7 attack
- method. SO, that pissed us off. I then procceded to file abuse reports
- to nic xyz reporting their domain and how it was conducting the illegal
- use of botnet ddos attacks and selling their services. Doing that
- had their SSL revoked by cloudflare as well as go the domain Blunter.xyz
- banned. Prior to the actual suspension of the domain we found their
- vps backend which can be found in this document. We then slapped their
- supposidly unhittable 250gb ddos protected dedicated vps and null routed it.
- now the kid @djflash97 on instagram is making several claims saying
- he is taking down supremestresser.net while we are doing work on our server
- and our source. How pathetic right? :)
- DOMAIN INFORMATION
- Domain:blunter.xyz
- Registrar:OVH
- Registration Date:2017-06-01
- Expiration Date:2018-06-01
- Updated Date:2018-01-31
- Status:clientTransferProhibited
- clientDeleteProhibited
- Name Servers:lady.ns.cloudflare.com
- tony.ns.cloudflare.com
- REGISTRANT CONTACT
- Name:Giuseppe Marino
- Street:office #10443228
- c/o OwO, BP80157
- City:Roubaix Cedex 1
- Postal Code:59053
- Country:FR
- Phone:+33.972101007
- Email:email@u.o-w-o.info
- ADMINISTRATIVE CONTACT
- Name:Carmelo Melindo
- Street:office #10443228
- c/o OwO, BP80157
- City:Roubaix Cedex 1
- Postal Code:59053
- Country:FR
- Phone:+33.972101007
- Email:email@m.o-w-o.info
- TECHNICAL CONTACT
- Name:Carmelo Melindo
- Street:office #10443228
- c/o OwO, BP80157
- City:Roubaix Cedex 1
- Postal Code:59053
- Country:FR
- Phone:+33.972101007
- Email:email@m.o-w-o.info
- BILLING CONTACT
- Name:Carmelo Melindo
- Street:office #10443228
- c/o OwO, BP80157
- City:Roubaix Cedex 1
- Postal Code:59053
- Country:FR
- Phone:+33.972101007
- Email:email@m.o-w-o.info
- 1 BACKEND 185.25.207.41
- Whois: 185.25.207.41
- #
- # ARIN WHOIS data and services are subject to the Terms of Use
- # available at: https://www.arin.net/whois_tou.html
- #
- # If you see inaccuracies in the results, please report at
- # https://www.arin.net/public/whoisinaccuracy/index.xhtml
- #
- #
- # Query terms are ambiguous. The query is assumed to be:
- # "n 185.25.207.41"
- #
- # Use "?" to get help.
- #
- #
- # The following results may also be obtained via:
- # https://whois.arin.net/rest/nets;q=185.25.207.41?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
- #
- NetRange: 185.0.0.0 - 185.255.255.255
- CIDR: 185.0.0.0/8
- NetName: RIPE-185
- NetHandle: NET-185-0-0-0-1
- Parent: ()
- NetType: Allocated to RIPE NCC
- OriginAS:
- Organization: RIPE Network Coordination Centre (RIPE)
- RegDate: 2011-01-04
- Updated: 2011-02-08
- Comment: These addresses have been further assigned to users in
- Comment: the RIPE NCC region. Contact information can be found in
- Comment: the RIPE database at http://www.ripe.net/whois
- Ref: https://whois.arin.net/rest/net/NET-185-0-0-0-1
- ResourceLink: https://apps.db.ripe.net/search/query.html
- ResourceLink: whois.ripe.net
- OrgName: RIPE Network Coordination Centre
- OrgId: RIPE
- Address: P.O. Box 10096
- City: Amsterdam
- StateProv:
- PostalCode: 1001EB
- Country: NL
- RegDate:
- Updated: 2013-07-29
- Ref: https://whois.arin.net/rest/org/RIPE
- ReferralServer: whois://whois.ripe.net
- ResourceLink: https://apps.db.ripe.net/search/query.html
- OrgTechHandle: RNO29-ARIN
- OrgTechName: RIPE NCC Operations
- OrgTechPhone: +31 20 535 4444
- OrgTechEmail: hostmaster@ripe.net
- OrgTechRef: https://whois.arin.net/rest/poc/RNO29-ARIN
- OrgAbuseHandle: ABUSE3850-ARIN
- OrgAbuseName: Abuse Contact
- OrgAbusePhone: +31205354444
- OrgAbuseEmail: abuse@ripe.net
- OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE3850-ARIN
- {
- "25": {
- "smtp": {
- "starttls": {
- "ehlo": "250-UNKNOWN\r\n250-PIPELINING\r\n250-SIZE 10240000\r\n250-VRFY\r\n250-ETRN\r\n250-STARTTLS\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250 DSN",
- "tls": {
- "server_key_exchange": {
- "ecdh_params": {
- "curve_id": {
- "id": 23,
- "name": "secp256r1"
- }
- }
- },
- "certificate": {
- "parsed": {
- "tbs_noct_fingerprint": "ab80e9f75347446205478dd61f88e729ff0754c5f72faa5fbe948e799482bc63",
- "subject_dn": "CN=localhost.localdomain",
- "subject": {
- "common_name": [
- "localhost.localdomain"
- ]
- },
- "signature_algorithm": {
- "oid": "1.2.840.113549.1.1.11",
- "name": "SHA256WithRSA"
- },
- "redacted": false,
- "serial_number": "13514623486610423638",
- "validation_level": "unknown",
- "issuer_dn": "CN=localhost.localdomain",
- "fingerprint_sha1": "2d67ff4ec3c271575acbb8f2a9eeef42c3dc8da5",
- "version": 3,
- "fingerprint_sha256": "d03c38d1a3b61256198fc6218b404b5af474c49b668975abdadf5a89a57a30e7",
- "names": [
- "localhost.localdomain"
- ],
- "tbs_fingerprint": "ab80e9f75347446205478dd61f88e729ff0754c5f72faa5fbe948e799482bc63",
- "validity": {
- "start": "2017-10-06T12:36:17Z",
- "length": 315360000,
- "end": "2027-10-04T12:36:17Z"
- },
- "extensions": {
- "basic_constraints": {
- "is_ca": false
- }
- },
- "fingerprint_md5": "28814a4a0484d8c06785427ac173573a",
- "subject_key_info": {
- "fingerprint_sha256": "76ce581d242f158f09ad74bc039133badaa55a38d8b07e334301b4deb9ffc131",
- "key_algorithm": {
- "name": "RSA"
- },
- "rsa_public_key": {
- "length": 2048,
- "modulus": "yIiwLFdgEjhrSt61mULISWKUuegfHN/s9uXqaUpTpyO87N7Nk2GD61QcDxY6hjl0cdGn6uDnXQ2LI8T+hX4+WsO1xyFiphrKWMY0x3ZvY504CfKhUAYQPoDQQxQeQBnIfpVDizYyLZ7X93/H10SD+j+RibiOU9C+hXEPNQ2mKh0Z5+t0kD6R9S2GYhENGivWJZPh4Lg3tW+kLyemA0ejXcuWmpxGXf13pPR5KwFqBqJthgXA6Hsw4zck2YWeIWi39GW0v83os2ibDqhMNnWhz4hF5eRzQiThJOp2nrG60mMHKufX9eOluvwz7PvFsVbboVylhPgcVrpfDrf4aY0VRw==",
- "exponent": 65537
- }
- },
- "signature": {
- "self_signed": true,
- "valid": false,
- "value": "CvRb3/Ihg0vqH14nIiLdb2LgQ6E5VD0PMcuddYqLlGqNfkrkBNrNQqPzMwOC/ARptFi+zwBQSjJOQpHZHUsqNtI/z4wt9syNgQIA53OqaZ2ja2Dlv/+wbYV2+m18d9K4Fhztl+4e7IPw5KgAJfVxbdny+cIJvNhvfq+6tiUG7Yl7LZRVBfYeurfSccTqgWjzLJWb+1ODLGBHsnPfs1d/k5bxEayTT9Qk6BK5qo2ZK6LCbs+DRvxUSEAxZ2+fo1kXfDx+UoZiZSRmL2CWZj2end27NHuWQ7Ie4l/5/EW+amMVZ+YhV0vsi7jQ0c3zvkIECwO+JfQGRUS+Bi4NIkBsIQ==",
- "signature_algorithm": {
- "oid": "1.2.840.113549.1.1.11",
- "name": "SHA256WithRSA"
- }
- },
- "spki_subject_fingerprint": "3515143d312c00ac7d80d872dc0e8bbe64d9309cf3e7a6cb356cda189960766b",
- "issuer": {
- "common_name": [
- "localhost.localdomain"
- ]
- }
- }
- },
- "cipher_suite": {
- "id": "0xC02F",
- "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- },
- "version": "TLSv1.2",
- "ocsp_stapling": false,
- "signature": {
- "hash_algorithm": "sha512",
- "valid": true,
- "signature_algorithm": "rsa"
- },
- "validation": {
- "browser_trusted": false,
- "browser_error": "x509: unknown error"
- }
- },
- "starttls": "220 2.0.0 Ready to start TLS",
- "banner": "220 UNKNOWN ESMTP Postfix (Debian/GNU)",
- "metadata": {
- "product": "Postfix",
- "description": "Postfix"
- }
- }
- }
- },
- "tags": [
- "http",
- "smtp"
- ],
- "ip": "185.25.207.41",
- "updated_at": "2018-03-01T03:03:35+00:00",
- "ports": [
- "25",
- "80"
- ],
- "location": {
- "country": "Italy",
- "longitude": 12.1097,
- "registered_country": "Italy",
- "registered_country_code": "IT",
- "country_code": "IT",
- "latitude": 43.1479,
- "timezone": "Europe/Rome",
- "continent": "Europe"
- },
- "80": {
- "http": {
- "get": {
- "body": "Visit now our stresser ;D\r\n\r\nhttps://blunter.xyz/",
- "headers": {
- "content_length": "49",
- "unknown": [
- {
- "value": "Thu, 01 Mar 2018 03:03:35 GMT",
- "key": "date"
- }
- ],
- "content_type": "text/html; charset=UTF-8",
- "server": "Apache/2.4.10 (Debian)"
- },
- "status_code": 200,
- "status_line": "200 OK",
- "body_sha256": "15abade42b857b72e04f9feae978f9ec3a0944b53e0c77bd400408331f7ab17a",
- "metadata": {
- "product": "httpd",
- "version": "2.4.10",
- "description": "Apache httpd 2.4.10",
- "manufacturer": "Apache"
- }
- }
- }
- },
- "autonomous_system": {
- "description": "ASSERVEREASY, IT",
- "rir": "unknown",
- "routed_prefix": "185.25.204.0/22",
- "country_code": "IT",
- "path": [
- 7018,
- 3257,
- 60798
- ],
- "asn": 60798,
- "name": "ASSERVEREASY"
- },
- "protocols": [
- "80/http",
- "25/smtp"
- ],
- "metadata": {
- "os": "Debian",
- "os_description": "Debian"
- }
- }
- Domain Name: BLUNTER.XYZ
- Registry Domain ID: D48230944-CNIC
- Registrar WHOIS Server: whois.ovh.com
- Registrar URL: http://www.ovh.com
- Updated Date: 2018-01-31T20:12:10.0Z
- Creation Date: 2017-06-01T15:10:10.0Z
- Registry Expiry Date: 2018-06-01T23:59:59.0Z
- Registrar: OVH
- Registrar IANA ID: 433
- Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
- Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
- Registry Registrant ID: C176429358-CNIC
- Registrant Name: Giuseppe Marino
- Registrant Organization:
- Registrant Street: office #10443228
- Registrant Street: c/o OwO, BP80157
- Registrant City: Roubaix Cedex 1
- Registrant State/Province:
- Registrant Postal Code: 59053
- Registrant Country: FR
- Registrant Phone: +33.972101007
- Registrant Fax:
- Registrant Email: email@u.o-w-o.info
- Registry Admin ID: C176429368-CNIC
- Admin Name: Carmelo Melindo
- Admin Organization:
- Admin Street: office #10443228
- Admin Street: c/o OwO, BP80157
- Admin City: Roubaix Cedex 1
- Admin State/Province:
- Admin Postal Code: 59053
- Admin Country: FR
- Admin Phone: +33.972101007
- Admin Fax:
- Admin Email: email@m.o-w-o.info
- Registry Tech ID: C176429368-CNIC
- Tech Name: Carmelo Melindo
- Tech Organization:
- Tech Street: office #10443228
- Tech Street: c/o OwO, BP80157
- Tech City: Roubaix Cedex 1
- Tech State/Province:
- Tech Postal Code: 59053
- Tech Country: FR
- Tech Phone: +33.972101007
- Tech Fax:
- Tech Email: email@m.o-w-o.info
- Name Server: LADY.NS.CLOUDFLARE.COM
- Name Server: TONY.NS.CLOUDFLARE.COM
- DNSSEC: unsigned
- Registry Billing ID: C176429368-CNIC
- Billing Name: Carmelo Melindo
- Billing Organization:
- Billing Street: office #10443228
- Billing Street: c/o OwO, BP80157
- Billing City: Roubaix Cedex 1
- Billing State/Province:
- Billing Postal Code: 59053
- Billing Country: FR
- Billing Phone: +33.972101007
- Billing Fax:
- Billing Email: email@m.o-w-o.info
- Registrar Abuse Contact Email: email@domain.ovh.net
- Registrar Abuse Contact Phone: +33.974530814
- The response was:
- 521 No Redirect Entry for this address
- Final-Recipient: rfc822; email@u.o-w-o.info
- Action: failed
- Status: 5.0.0
- Remote-MTA: dns; redirect.ovh.net. (213.186.33.5, the server for the domain u.o-w-o.info.)
- Diagnostic-Code: smtp; 521 No Redirect Entry for this address
- Last-Attempt-Date: Mon, 05 Mar 2018 11:05:58 -0800 (PST)
- blunter.xyz receives about 550 unique visitors and 2,200 (4.00 per visitor) page views per day
- which should earn about $1.91/day from advertising revenue. Estimated site value is $725.30.
- According to Alexa Traffic Rank blunter.xyz is ranked number 438,433 in the world and 0.00011% of
- global Internet users visit it. Site is hosted in San Francisco, CA, 94107, United States and links to
- network IP address 104.27.30.43. This server doesn't support HTTPS and doesn't support HTTP/2.
- Users%Pageviews%Rank
- Poland 32.8%35.4%54636
- Morocco 19.8%18.9%15944
- Russian Federation 4.5%4.2%573197
- Ukraine 1.7%2.4%248957
- blunter.xyz resolves to 104.28.11.247
- Server Type: cloudflare
- The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
- The certificate was issued by Comodo.
- The certificate will expire in 184 days.
- The hostname (blunter.xyz) is correctly listed in the certificate.
- Common name: sni143952.cloudflaressl.com
- SANs: sni143952.cloudflaressl.com, *.bdmusic4u.com, *.beachpaderno.it, *.blueebookvaluedownlaod.tk, *.blunter.xyz, *.blunternoreply.info, *.buytime.pk, *.crestphuket.com, *.dalcerotermoformature.com, *.freesoftquesto57.cf, *.grisoni.it, *.hdupload.me, *.hdupload.net, *.hdworlds.pw, *.ishqwood.com, *.lauraepifani.it, *.lavillettaristorante.com, *.montrealenhistoires.ca, *.mxcp51.org, *.mxcp96.org, *.mxcp98.org, *.oxc0w1hp5.ga, *.rintiklagu.tk, *.rosariopgdisorda.tk, *.stclineevita.it, *.tseng.cc, *.tube-superstar.com, *.usedtextbooksonlinefree.tk, *.worldsapart.com, bdmusic4u.com, beachpaderno.it, blueebookvaluedownlaod.tk, blunter.xyz, blunternoreply.info, buytime.pk, crestphuket.com, dalcerotermoformature.com, freesoftquesto57.cf, grisoni.it, hdupload.me, hdupload.net, hdworlds.pw, ishqwood.com, lauraepifani.it, lavillettaristorante.com, montrealenhistoires.ca, mxcp51.org, mxcp96.org, mxcp98.org, oxc0w1hp5.ga, rintiklagu.tk, rosariopgdisorda.tk, stclineevita.it, tseng.cc, tube-superstar.com, usedtextbooksonlinefree.tk, worldsapart.com
- Valid from February 26, 2018 to September 5, 2018
- Serial Number: 8d74563ea2bddbdcd3936c94b578e794
- Signature Algorithm: ecdsa-with-SHA256
- Issuer: COMODO ECC Domain Validation Secure Server CA 2
- Common name: COMODO ECC Domain Validation Secure Server CA 2
- Organization: COMODO CA Limited
- Location: Salford, Greater Manchester, GB
- Valid from September 24, 2014 to September 24, 2029
- Serial Number: 5b25ce6907c4265566d3390c99a954ad
- Signature Algorithm: ecdsa-with-SHA384
- Issuer: COMODO ECC Certification Authority
- Common name: COMODO ECC Certification Authority
- Organization: COMODO CA Limited
- Location: Salford, Greater Manchester, GB
- Valid from May 30, 2000 to May 30, 2020
- Serial Number: 4352023ffaa8901f139fe3f4e5c1444e
- Signature Algorithm: sha384WithRSAEncryption
- Issuer: AddTrust External CA Root
- Domain: blunter.xyz
- Cloudflare
- DNS IPv4 IPv6
- mail.blunter.xyz No DNS record No DNS record
- mobile.blunter.xyz No DNS record No DNS record
- m.blunter.xyz No DNS record No DNS record
- direct.blunter.xyz No DNS record No DNS record
- direct-connect.blunter.xyz No DNS record No DNS record
- cpanel.blunter.xyz No DNS record No DNS record
- ftp.blunter.xyz No DNS record No DNS record
- vpn.blunter.xyz No DNS record No DNS record
- admin.blunter.xyz No DNS record No DNS record
- dev.blunter.xyz No DNS record No DNS record
- pop.blunter.xyz No DNS record No DNS record
- imap.blunter.xyz No DNS record No DNS record
- forum.blunter.xyz No DNS record No DNS record
- admin.blunter.xyz No DNS record No DNS record
- beta.blunter.xyz No DNS record No DNS record
- portal.blunter.xyz No DNS record No DNS record
- www.blunter.xyz 104.28.11.247 2400:cb00:2048:1::681c:bf7
- remote.blunter.xyz No DNS record No DNS record
- test.blunter.xyz No DNS record No DNS record
- server.blunter.xyz No DNS record No DNS record
- host.blunter.xyz No DNS record No DNS record
- webmail.blunter.xyz No DNS record No DNS record
- blog.blunter.xyz No DNS record No DNS record
- news.blunter.xyz No DNS record No DNS record
- stmp.blunter.xyz No DNS record No DNS record
- mx.blunter.xyz No DNS record No DNS record
- secure.blunter.xyz No DNS record No DNS record
- status.blunter.xyz No DNS record No DNS record
- ns.blunter.xyz No DNS record No DNS record
- ns1.blunter.xyz No DNS record No DNS record
- ns2.blunter.xyz No DNS record No DNS record
- Is the domain: blunter.xyz using CloudFlare?
- Using CloudFlare: Yes
- Current Cloudflare Domain IP: 104.28.11.247
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement