SHARE
TWEET

HunterUnit JTSEC pedo link for save child full recon #73

a guest May 23rd, 2018 733 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. Hostname    www.small-models.com        ISP     Quasi Networks LTD.
  3. Continent   Africa      Flag    
  4. SC
  5. Country     Seychelles      Country Code    SC
  6. Region  Unknown         Local time  23 May 2018 17:15 +04
  7. City    Unknown         Postal Code     Unknown
  8. IP Address  94.102.48.102       Latitude    -4.583
  9.             Longitude   55.667
  10. ######################################################################################################################################
  11. HostIP:94.102.48.102
  12. HostName:small-models.com
  13.  
  14. Gathered Inet-whois information for 94.102.48.102
  15. ---------------------------------------------------------------------------------------------------------------------------------------
  16.  
  17.  
  18. inetnum:        94.102.48.0 - 94.102.48.150
  19. netname:        SC-QUASI58
  20. descr:          QUASI
  21. country:        SC
  22. org:            ORG-QNL3-RIPE
  23. admin-c:        QNL1-RIPE
  24. tech-c:         QNL1-RIPE
  25. status:         ASSIGNED PA
  26. mnt-by:         QUASINETWORKS-MNT
  27. mnt-lower:      QUASINETWORKS-MNT
  28. mnt-routes:     QUASINETWORKS-MNT
  29. created:        2011-05-07T22:25:22Z
  30. last-modified:  2016-01-23T22:29:27Z
  31. source:         RIPE
  32.  
  33. organisation:   ORG-QNL3-RIPE
  34. org-name:       Quasi Networks LTD.
  35. org-type:       OTHER
  36. address:        Suite 1, Second Floor
  37. address:        Sound & Vision House, Francis Rachel Street
  38. address:        Victoria, Mahe, SEYCHELLES
  39. remarks:        *****************************************************************************
  40. remarks:        IMPORTANT INFORMATION
  41. remarks:        *****************************************************************************
  42. remarks:        We are a high bandwidth network provider offering bandwidth solutions.
  43. remarks:        Government agencies can sent their requests to gov.request@quasinetworks.com
  44. remarks:        Please only use abuse@quasinetworks.com for abuse reports.
  45. remarks:        For all other requests, please see the details on our website.
  46. remarks:        *****************************************************************************
  47. abuse-c:        AR34302-RIPE
  48. mnt-ref:        QUASINETWORKS-MNT
  49. mnt-by:         QUASINETWORKS-MNT
  50. created:        2015-11-08T22:25:26Z
  51. last-modified:  2017-10-30T14:35:39Z
  52. source:         RIPE # Filtered
  53.  
  54. role:           Acasia Networks Limited
  55. address:        VICTORIA
  56. address:        MAHE
  57. address:        SEYCHELLES
  58. remarks:        *****************************************************************************
  59. remarks:        IMPORTANT INFORMATION
  60. remarks:        *****************************************************************************
  61. remarks:        We are a high bandwidth network provider offering bandwidth solutions.
  62. remarks:        Government agencies can sent their requests to gov.request@quasinetworks.com
  63. remarks:        Please only use abuse@quasinetworks.com for abuse reports.
  64. remarks:        For all other requests, please see the details on our website.
  65. remarks:        *****************************************************************************
  66. abuse-mailbox:  abuse@quasinetworks.com
  67. nic-hdl:        QNL1-RIPE
  68. mnt-by:         QUASINETWORKS-MNT
  69. created:        2015-11-07T22:43:04Z
  70. last-modified:  2017-12-26T21:03:04Z
  71. source:         RIPE # Filtered
  72.  
  73. % Information related to '94.102.48.0/20AS29073'
  74.  
  75. route:          94.102.48.0/20
  76. descr:          Quasi Networks LTD (IBC)
  77. origin:         AS29073
  78. mnt-by:         QUASINETWORKS-MNT
  79. created:        2008-09-02T11:55:23Z
  80. last-modified:  2016-01-23T22:40:05Z
  81. source:         RIPE
  82.  
  83. % This query was served by the RIPE Database Query Service version 1.91.2 (BLAARKOP)
  84.  
  85.  
  86.  
  87. Gathered Inic-whois information for small-models.com
  88. ---------------------------------------------------------------------------------------------------------------------------------------
  89.    Domain Name: SMALL-MODELS.COM
  90.    Registry Domain ID: 1778162676_DOMAIN_COM-VRSN
  91.    Registrar WHOIS Server: whois.ordertld.com
  92.    Registrar URL: http://www.ordertld.com
  93.    Updated Date: 2018-01-22T08:14:14Z
  94.    Creation Date: 2013-02-03T21:24:44Z
  95.    Registry Expiry Date: 2019-02-03T21:24:44Z
  96.    Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED
  97.    Registrar IANA ID: 3254
  98.    Registrar Abuse Contact Email: contact@ordertld.com
  99.    Registrar Abuse Contact Phone: 852.8192 6949
  100.    Domain Status: clientTransferProhibited https�U@://ic���גan�n.org/7�-d�epU@p#cli=�-d�en�U@tTran�������sferPro�U@hibited
  101.    Name Server: NS23.CLOUDNS.NET
  102.    Name Server: PNS21.CLOUDNS.NET
  103.    Name Server: PNS23.CLOUDNS.NET
  104.    Name Server: PNS24.CLOUDNS.NET
  105.    Name Server: PNS28.CLOUDNS.NET
  106.    Name Server: PNS30.CLOUDNS.NET
  107.    DNSSEC: unsigned
  108.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  109. >>> Last update of whois database: 2018-05-23T13:19:28Z <<<
  110.  
  111. For more information on Whois status codes, pleajV@se viF��גsi�t https��-d�:/iV@/ican��-d�n.pV@org/e��������pp
  112.  
  113. NOTICE: The expiration date displayed in this record is the date the
  114. registrar's sponsorship of the domain name registration in the registry is
  115. currently set to expire. This date does not necessarily reflect the expiration
  116. date of the domain name registrant's agreement with the sponsoring
  117. registrar.  Users may consult the sponsoring reg�U@istra���גr'hs WhoisT�-d� dU@atabaZ�-d�se�U@ to
  118. view the registrar's reported date of expiration for this registration.
  119.  
  120. TERMS OF USE: You are not authorized to access or query our Whois
  121. database through the use of electronic processes that are high-volume and
  122. automated except as reasonably necessary to register domain names or
  123. modify existing registrations; the Data in VeriSign Global Registry
  124. Services' ("VeriSign") Whois database is provided by VeriSign for
  125. information purposes only, and to assist persons�U@ in o���גbt�aining ��-d�inU@forma��-d�ti�U@on
  126. about or related to a domain name registration record. VeriSign does not
  127. guarantee its accuracy. By submitting a Whois query, you agree to abide
  128. by the following terms of use: You agree that you may use this Data only
  129. for lawful purposes and that under no circumstances will you use this Data
  130. to: (1) allow, enable, or otherwise support the transmission of mass
  131. �nsolicited, commercial advertising or solicitat�U@phone���ג,
  132. or facsimile; or (2) enable high volume, automated, electronic processes
  133. that apply to VeriSign (or its computer systems). The compilation,
  134. repackaging, dissemination or other use of this Data is expressly
  135. prohibited without the prior written consent of VeriSign. You agree not to
  136. use electronic processes that are automated and jV@high-F��גvoTlume to access or
  137. query the Whois database except as reasonably necessary to register
  138. domain names or modify existing registrations. VeriSign reserves the right
  139. to restrict your access to the Whois database in its sole discretion to ensure
  140. operational stability.  VeriSign may restrict or terminate your access to the
  141. Whois database for failure to abide by these terms of use. VeriSign
  142. reserves the right to modify these terms at any time.
  143.  
  144. The Registry database contains ONLY .COM, .NET, �U@.EDU ���גdomains a��-d�ndU@
  145. Registrars.
  146.  
  147. Gathered Netcraft information for small-models.com
  148. ---------------------------------------------------------------------------------------------------------------------------------------
  149.  
  150. Retrieving Netcraft.com information for small-models.com
  151. Netcraft.com Information gathered
  152.  
  153. Gathered Subdomain information for small-models.com
  154. --------------------------------------------------------------------------------------------------------------------------------------
  155. Searching Google.com:80...
  156. HostName:francinamodels.small-models.com
  157. HostIP:94.102.48.102
  158. Searching Altavista.com:80...
  159. Found 1 possible subdomain(s) for host small-models.com, Searched 0 pages containing 0 results
  160.  
  161. Gathered E-Mail information for small-models.com
  162. ---------------------------------------------------------------------------------------------------------------------------------------
  163. Searching Google.com:80...
  164. Searching Altavista.com:80...
  165. Found 0 E-Mail(s) for host small-models.com, Searched 0 pages containing 0 results
  166.  
  167. Gathered TCP Port information for 94.102.48.102
  168. ---------------------------------------------------------------------------------------------------------------------------------------
  169.  
  170.  Port       State
  171.  
  172. 21/tcp      open
  173. 22/tcp      open
  174. 53/tcp      open
  175. 80/tcp      open
  176. 111/tcp     open
  177.  
  178. Portscan Finished: Scanned 150 ports, 138 ports were in state closed
  179.  
  180. #######################################################################################################################################
  181. [i] Scanning Site: http://small-models.com
  182.  
  183.  
  184.  
  185. B A S I C   I N F O
  186. =======================================================================================================================================
  187.  
  188.  
  189. [+] Site Title: Young Teen Pictures
  190. [+] IP address: 94.102.48.102
  191. [+] Web Server: nginx
  192. [+] CMS: Could Not Detect
  193. [+] Cloudflare: Not Detected
  194. [+] Robots File: Could NOT Find robots.txt!
  195.  
  196.  
  197.  
  198.  
  199. W H O I S   L O O K U P
  200. =======================================================================================================================================
  201.  
  202.        Domain Name: SMALL-MODELS.COM
  203.    Registry Domain ID: 1778162676_DOMAIN_COM-VRSN
  204.    Registrar WHOIS Server: whois.ordertld.com
  205.    Registrar URL: http://www.ordertld.com
  206.    Updated Date: 2018-01-22T08:14:14Z
  207.    Creation Date: 2013-02-03T21:24:44Z
  208.    Registry Expiry Date: 2019-02-03T21:24:44Z
  209.    Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED
  210.    Registrar IANA ID: 3254
  211.    Registrar Abuse Contact Email: contact@ordertld.com
  212.    Registrar Abuse Contact Phone: 852.8192 6949
  213.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  214.    Name Server: NS23.CLOUDNS.NET
  215.    Name Server: PNS21.CLOUDNS.NET
  216.    Name Server: PNS23.CLOUDNS.NET
  217.    Name Server: PNS24.CLOUDNS.NET
  218.    Name Server: PNS28.CLOUDNS.NET
  219.    Name Server: PNS30.CLOUDNS.NET
  220.    DNSSEC: unsigned
  221.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  222. >>> Last update of whois database: 2018-05-23T13:19:59Z <<<
  223.  
  224. For more information on Whois status codes, please visit https://icann.org/epp
  225.  
  226.  
  227.  
  228. The Registry database contains ONLY .COM, .NET, .EDU domains and
  229. Registrars.
  230.  
  231.  
  232.  
  233.  
  234. G E O  I P  L O O K  U P
  235. =======================================================================================================================================
  236.  
  237. [i] IP Address: 94.102.48.102
  238. [i] Country: SC
  239. [i] State: N/A
  240. [i] City: N/A
  241. [i] Latitude: -4.583300
  242. [i] Longitude: 55.666698
  243.  
  244.  
  245.  
  246.  
  247. H T T P   H E A D E R S
  248. =======================================================================================================================================
  249.  
  250.  
  251. [i]  HTTP/1.1 200 OK
  252. [i]  Server: nginx
  253. [i]  Date: Wed, 23 May 2018 13:25:25 GMT
  254. [i]  Content-Type: text/html
  255. [i]  Connection: close
  256. [i]  Vary: Accept-Encoding
  257. [i]  X-Powered-By: PHP/5.4.45-0+deb7u11
  258. [i]  Vary: Accept-Encoding
  259.  
  260.  
  261.  
  262.  
  263. D N S   L O O K U P
  264. =======================================================================================================================================
  265.  
  266. ;; Truncated, retrying in TCP mode.
  267. small-models.com.   3600    IN  NS  pns21.cloudns.net.
  268. small-models.com.   300 IN  A   94.102.48.102
  269. small-models.com.   3600    IN  NS  ns21.cloudns.net.
  270. small-models.com.   3600    IN  SOA ns21.cloudns.net. support.cloudns.net. 2018021201 7200 1800 1209600 3600
  271. small-models.com.   3600    IN  NS  pns24.cloudns.net.
  272. small-models.com.   3600    IN  NS  pns30.cloudns.net.
  273. small-models.com.   3600    IN  NS  ns24.cloudns.net.
  274. small-models.com.   3600    IN  NS  ns23.cloudns.net.
  275. small-models.com.   3600    IN  NS  ns22.cloudns.net.
  276. small-models.com.   3600    IN  NS  pns23.cloudns.net.
  277. small-models.com.   3600    IN  NS  pns29.cloudns.net.
  278. small-models.com.   3600    IN  NS  pns27.cloudns.net.
  279. small-models.com.   3600    IN  NS  pns25.cloudns.net.
  280. small-models.com.   3600    IN  NS  pns28.cloudns.net.
  281. small-models.com.   3600    IN  NS  pns22.cloudns.net.
  282. small-models.com.   3600    IN  NS  pns26.cloudns.net.
  283.  
  284.  
  285.  
  286.  
  287. S U B N E T   C A L C U L A T I O N
  288. =======================================================================================================================================
  289.  
  290. Address       = 94.102.48.102
  291. Network       = 94.102.48.102 / 32
  292. Netmask       = 255.255.255.255
  293. Broadcast     = not needed on Point-to-Point links
  294. Wildcard Mask = 0.0.0.0
  295. Hosts Bits    = 0
  296. Max. Hosts    = 1   (2^0 - 0)
  297. Host Range    = { 94.102.48.102 - 94.102.48.102 }
  298.  
  299.  
  300.  
  301. N M A P   P O R T   S C A N
  302. =======================================================================================================================================
  303.  
  304.  
  305. Starting Nmap 7.01 ( https://nmap.org ) at 2018-05-23 13:20 UTC
  306. Nmap scan report for small-models.com (94.102.48.102)
  307. Host is up (0.082s latency).
  308. rDNS record for 94.102.48.102: server2.anonymous-hosting-service.com
  309. PORT     STATE  SERVICE       VERSION
  310. 21/tcp   open   ftp           vsftpd 3.0.2
  311. 22/tcp   open   ssh           OpenSSH 6.0p1 Debian 4+deb7u6 (protocol 2.0)
  312. 23/tcp   closed telnet
  313. 25/tcp   closed smtp
  314. 80/tcp   open   http          nginx
  315. 110/tcp  closed pop3
  316. 143/tcp  closed imap
  317. 443/tcp  closed https
  318. 445/tcp  closed microsoft-ds
  319. 3389/tcp closed ms-wbt-server
  320. Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  321.  
  322. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  323. Nmap done: 1 IP address (1 host up) scanned in 7.11 seconds
  324.  
  325. #######################################################################################################################################
  326. [!] IP Address : 94.102.48.102
  327. [!] Server: nginx
  328. [!] Powered By: PHP/5.4.45-0+deb7u11
  329. [+] Clickjacking protection is not in place.
  330. [+] Operating System : Debian
  331. [!] www.small-models.com doesn't seem to use a CMS
  332. [+] Honeypot Probabilty: 0%
  333. ---------------------------------------------------------------------------------------------------------------------------------------
  334. [~] Trying to gather whois information for www.small-models.com
  335. [+] Whois information found
  336. Updated Date : 2018-01-22 08:14:14
  337. Status : clientTransferProhibited https://icann.org/epp#clientTransferProhibited, clientDeleteProhibited (http://www.icann.org/epp#clientDeleteProhibited), clientTransferProhibited (http://www.icann.org/epp#clientTransferProhibited)
  338. Name : Wuxi Yilian LLC
  339. Dnssec : unsigned, unsignedDelegation
  340. City : Xiamen
  341. Expiration Date : 2019-02-03 21:24:44
  342. Address : No.1001 Anling Road
  343. Zipcode : 361008
  344. Domain Name : SMALL-MODELS.COM, small-models.com
  345. Whois Server : whois.ordertld.com
  346. State : Fujian
  347. Registrar : CNOBIN INFORMATION TECHNOLOGY LIMITED
  348. Referral Url : None
  349. Country : cn
  350. Name Servers : NS23.CLOUDNS.NET, PNS21.CLOUDNS.NET, PNS23.CLOUDNS.NET, PNS24.CLOUDNS.NET, PNS28.CLOUDNS.NET, PNS30.CLOUDNS.NET, pns23.cloudns.net, pns24.cloudns.net, pns21.cloudns.net, pns28.cloudns.net, pns30.cloudns.net, ns23.cloudns.net
  351. Org : Wuxi Yilian LLC
  352. Creation Date : 2013-02-03 21:24:44
  353. Emails : contact@ordertld.com, abuse@ordertld.com, whoisprivacyprotect@whoisservices.cn
  354. ---------------------------------------------------------------------------------------------------------------------------------------
  355. PORT     STATE  SERVICE       VERSION
  356. 21/tcp   open   ftp           vsftpd 3.0.2
  357. 22/tcp   open   ssh           OpenSSH 6.0p1 Debian 4+deb7u6 (protocol 2.0)
  358. 23/tcp   closed telnet
  359. 25/tcp   closed smtp
  360. 80/tcp   open   http          nginx
  361. 110/tcp  closed pop3
  362. 143/tcp  closed imap
  363. 443/tcp  closed https
  364. 445/tcp  closed microsoft-ds
  365. 3389/tcp closed ms-wbt-server
  366. ---------------------------------------------------------------------------------------------------------------------------------------
  367.  
  368. [+] DNS Records
  369.  
  370. [+] Host Records (A)
  371. www.small-models.comHTTP: (server2.anonymous-hosting-service.com) (94.102.48.102) AS29073 Quasi Networks LTD. Netherlands
  372.  
  373. [+] TXT Records
  374.  
  375. [+] DNS Map: https://dnsdumpster.com/static/map/small-models.com.png
  376.  
  377. [>] Initiating 3 intel modules
  378. [>] Loading Alpha module (1/3)
  379. [>] Beta module deployed (2/3)
  380. [>] Gamma module initiated (3/3)
  381.  
  382.  
  383. [+] Emails found:
  384. ---------------------------------------------------------------------------------------------------------------------------------------
  385. pixel-1527081635908838-web-@www.small-models.com
  386. pixel-1527081644351116-web-@www.small-models.com
  387. No hosts found
  388. [+] Virtual hosts:
  389. ---------------------------------------------------------------------------------------------------------------------------------------
  390. [~] Crawling the target for fuzzable URLs
  391. [+] Found 40 fuzzable URLs
  392. http://www.small-models.com//search.php?agency=2&model=6
  393. [~] Using SQLMap api to check for SQL injection vulnerabilities. Don't worry we are using an online service and it doesn't depend on your internet connection. This scan will take 2-3 minutes.
  394. [-] None of parameters is vulnerable to SQL injection
  395. [+] These are the URLs having parameters:
  396. http://www.small-models.com//search.php?agency=2&model=6
  397. http://www.small-models.com//search.php?agency=2&model=4
  398. http://www.small-models.com//search.php?agency=16&model=4
  399. http://www.small-models.com//search.php?agency=2&model=3
  400. http://www.small-models.com//search.php?agency=16&model=8
  401. http://www.small-models.com//search.php?agency=10&model=1
  402. http://www.small-models.com//search.php?agency=10&model=2
  403. http://www.small-models.com//search.php?agency=16&model=1
  404. http://www.small-models.com//search.php?agency=18&model=11
  405. http://www.small-models.com//search.php?agency=3&model=11
  406. http://www.small-models.com//search.php?agency=9&model=23
  407. http://www.small-models.com//search.php?agency=3&model=3
  408. http://www.small-models.com//search.php?agency=9&model=13
  409. http://www.small-models.com//search.php?agency=18&model=3
  410. http://www.small-models.com//search.php?agency=4&model=5
  411. http://www.small-models.com//search.php?agency=9&model=5
  412. http://www.small-models.com//search.php?agency=16&model=7
  413. http://www.small-models.com//search.php?agency=4&model=13
  414. http://www.small-models.com///search.php?agency=11&model=14
  415. http://www.small-models.com//search.php?agency=9&model=24
  416. http://www.small-models.com//search.php?agency=16&model=3
  417. http://www.small-models.com//search.php?agency=9&model=27
  418. http://www.small-models.com//search.php?agency=9&model=2
  419. http://www.small-models.com//search.php?agency=1&model=14
  420. http://www.small-models.com//search.php?agency=9&model=28
  421. http://www.small-models.com//search.php?agency=16&model=6
  422. http://www.small-models.com//search.php?agency=10&model=10
  423. http://www.small-models.com//search.php?agency=18&model=15
  424. http://www.small-models.com//search.php?agency=9&model=31
  425. http://www.small-models.com//search.php?agency=10&model=7
  426. http://www.small-models.com//search.php?agency=3&model=1
  427. http://www.small-models.com//search.php?agency=9&model=29
  428. http://www.small-models.com//search.php?agency=18&model=9
  429. http://www.small-models.com//search.php?agency=16&model=2
  430. http://www.small-models.com///search.php?agency=11&model=17
  431. http://www.small-models.com//search.php?agency=3&model=8
  432. http://www.small-models.com//search.php?agency=18&model=8
  433. http://www.small-models.com//search.php?agency=9&model=22
  434. http://www.small-models.com//search.php?agency=16&model=5
  435. http://www.small-models.com//search.php?agency=10&model=11
  436. #######################################################################################################################################
  437. Server:     10.211.254.254
  438. Address:    10.211.254.254#53
  439.  
  440. Non-authoritative answer:
  441. Name:   small-models.com
  442. Address: 94.102.48.102
  443.  
  444. small-models.com has address 94.102.48.102
  445. #######################################################################################################################################
  446. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  447.  
  448. [+] Target is small-models.com
  449. [+] Loading modules.
  450. [+] Following modules are loaded:
  451. [x] [1] ping:icmp_ping  -  ICMP echo discovery module
  452. [x] [2] ping:tcp_ping  -  TCP-based ping discovery module
  453. [x] [3] ping:udp_ping  -  UDP-based ping discovery module
  454. [x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
  455. [x] [5] infogather:portscan  -  TCP and UDP PortScanner
  456. [x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
  457. [x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
  458. [x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
  459. [x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
  460. [x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
  461. [x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
  462. [x] [12] fingerprint:smb  -  SMB fingerprinting module
  463. [x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
  464. [+] 13 modules registered
  465. [+] Initializing scan engine
  466. [+] Running scan engine
  467. [-] ping:tcp_ping module: no closed/open TCP ports known on 94.102.48.102. Module test failed
  468. [-] ping:udp_ping module: no closed/open UDP ports known on 94.102.48.102. Module test failed
  469. [-] No distance calculation. 94.102.48.102 appears to be dead or no ports known
  470. [+] Host: 94.102.48.102 is up (Guess probability: 50%)
  471. [+] Target: 94.102.48.102 is alive. Round-Trip Time: 1.01157 sec
  472. [+] Selected safe Round-Trip Time value is: 2.02313 sec
  473. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
  474. [-] fingerprint:smb need either TCP port 139 or 445 to run
  475. [+] Primary guess:
  476. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  477. [+] Other guesses:
  478. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  479. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  480. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  481. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  482. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  483. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  484. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  485. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  486. [+] Host 94.102.48.102 Running OS: 0:��U (Guess probability: 88%)
  487. [+] Cleaning up scan engine
  488. [+] Modules deinitialized
  489. [+] Execution completed.
  490. #######################################################################################################################################
  491.    Domain Name: SMALL-MODELS.COM
  492.    Registry Domain ID: 1778162676_DOMAIN_COM-VRSN
  493.    Registrar WHOIS Server: whois.ordertld.com
  494.    Registrar URL: http://www.ordertld.com
  495.    Updated Date: 2018-01-22T08:14:14Z
  496.    Creation Date: 2013-02-03T21:24:44Z
  497.    Registry Expiry Date: 2019-02-03T21:24:44Z
  498.    Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED
  499.    Registrar IANA ID: 3254
  500.    Registrar Abuse Contact Email: contact@ordertld.com
  501.    Registrar Abuse Contact Phone: 852.8192 6949
  502.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  503.    Name Server: NS23.CLOUDNS.NET
  504.    Name Server: PNS21.CLOUDNS.NET
  505.    Name Server: PNS23.CLOUDNS.NET
  506.    Name Server: PNS24.CLOUDNS.NET
  507.    Name Server: PNS28.CLOUDNS.NET
  508.    Name Server: PNS30.CLOUDNS.NET
  509.    DNSSEC: unsigned
  510.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  511. >>> Last update of whois database: 2018-05-23T13:18:44Z <<<
  512.  
  513. For more information on Whois status codes, please visit https://icann.org/epp
  514.  
  515. NOTICE: The expiration date displayed in this record is the date the
  516. registrar's sponsorship of the domain name registration in the registry is
  517. currently set to expire. This date does not necessarily reflect the expiration
  518. date of the domain name registrant's agreement with the sponsoring
  519. registrar.  Users may consult the sponsoring registrar's Whois database to
  520. view the registrar's reported date of expiration for this registration.
  521.  
  522. TERMS OF USE: You are not authorized to access or query our Whois
  523. database through the use of electronic processes that are high-volume and
  524. automated except as reasonably necessary to register domain names or
  525. modify existing registrations; the Data in VeriSign Global Registry
  526. Services' ("VeriSign") Whois database is provided by VeriSign for
  527. information purposes only, and to assist persons in obtaining information
  528. about or related to a domain name registration record. VeriSign does not
  529. guarantee its accuracy. By submitting a Whois query, you agree to abide
  530. by the following terms of use: You agree that you may use this Data only
  531. for lawful purposes and that under no circumstances will you use this Data
  532. to: (1) allow, enable, or otherwise support the transmission of mass
  533. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  534. or facsimile; or (2) enable high volume, automated, electronic processes
  535. that apply to VeriSign (or its computer systems). The compilation,
  536. repackaging, dissemination or other use of this Data is expressly
  537. prohibited without the prior written consent of VeriSign. You agree not to
  538. use electronic processes that are automated and high-volume to access or
  539. query the Whois database except as reasonably necessary to register
  540. domain names or modify existing registrations. VeriSign reserves the right
  541. to restrict your access to the Whois database in its sole discretion to ensure
  542. operational stability.  VeriSign may restrict or terminate your access to the
  543. Whois database for failure to abide by these terms of use. VeriSign
  544. reserves the right to modify these terms at any time.
  545.  
  546. The Registry database contains ONLY .COM, .NET, .EDU domains and
  547. Registrars.
  548. Domain name: small-models.com
  549. Registry Domain ID: 1778162676_DOMAIN_COM-VRSN
  550. Registrar WHOIS Server: whois.ordertld.com
  551. Registrar URL: http://www.ordertld.com
  552. Updated Date: 2018-01-22T08:14:14Z
  553. Creation Date: 2013-02-03T21:24:44Z
  554. Registrar Registration Expiration Date: 2019-02-03T21:24:44Z
  555. Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED
  556. Registrar IANA ID: 3254
  557. Registrar Abuse Contact Email: abuse@ordertld.com
  558. Registrar Abuse Contact Phone: +852.81926949
  559. Reseller:
  560. Domain Status: clientDeleteProhibited (http://www.icann.org/epp#clientDeleteProhibited)
  561. Domain Status: clientTransferProhibited (http://www.icann.org/epp#clientTransferProhibited)
  562. Registry Registrant ID: Not Available From Registry
  563. Registrant Name: Wuxi Yilian LLC
  564. Registrant Organization: Wuxi Yilian LLC
  565. Registrant Street: No.1001 Anling Road
  566. Registrant City: Xiamen
  567. Registrant State/Province: Fujian
  568. Registrant Postal Code: 361008
  569. Registrant Country: cn
  570. Registrant Phone: +86.5922577888
  571. Registrant Phone Ext:
  572. Registrant Fax: +86.5922179606
  573. Registrant Fax Ext:
  574. Registrant Email: whoisprivacyprotect@whoisservices.cn
  575. Registry Admin ID: Not Available From Registry
  576. Admin Name: Wuxi Yilian LLC
  577. Admin Organization: Wuxi Yilian LLC
  578. Admin Street: No.1001 Anling Road
  579. Admin City: Xiamen
  580. Admin State/Province: Fujian
  581. Admin Postal Code: 361008
  582. Admin Country: cn
  583. Admin Phone: +86.5922577888
  584. Admin Phone Ext:
  585. Admin Fax: +86.5922179606
  586. Admin Fax Ext:
  587. Admin Email: whoisprivacyprotect@whoisservices.cn
  588. Registry Tech ID: Not Available From Registry
  589. Tech Name: Wuxi Yilian LLC
  590. Tech Organization: Wuxi Yilian LLC
  591. Tech Street: No.1001 Anling Road
  592. Tech City: Xiamen
  593. Tech State/Province: Fujian
  594. Tech Postal Code: 361008
  595. Tech Country: cn
  596. Tech Phone: +86.5922577888
  597. Tech Phone Ext:
  598. Tech Fax: +86.5922179606
  599. Tech Fax Ext:
  600. Tech Email: whoisprivacyprotect@whoisservices.cn
  601. Name Server: pns23.cloudns.net
  602. Name Server: pns24.cloudns.net
  603. Name Server: pns21.cloudns.net
  604. Name Server: pns28.cloudns.net
  605. Name Server: pns30.cloudns.net
  606. Name Server: ns23.cloudns.net
  607. DNSSEC: unsignedDelegation
  608. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  609. >>> Last update of WHOIS database: 2018-05-23T13:18:55Z <<<
  610.  
  611. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
  612.  
  613. The data in this whois database is provided to you for information
  614. purposes only, that is, to assist you in obtaining information about or
  615. related to a domain name registration record. We make this information
  616. available "as is," and do not guarantee its accuracy. By submitting a
  617. whois query, you agree that you will use this data only for lawful
  618. purposes and that, under no circumstances will you use this data to: (1)
  619. enable high volume, automated, electronic processes that stress or load
  620. this whois database system providing you this information; or (2) allow,
  621. enable, or otherwise support the transmission of mass unsolicited,
  622. commercial advertising or solicitations via direct mail, electronic
  623. mail, or by telephone.  The compilation, repackaging, dissemination or
  624. other use of this data is expressly prohibited without prior written
  625. consent from us.  We reserve the right to modify these terms at any time.
  626. By submitting this query, you agree to abide by these terms.
  627. #######################################################################################################################################
  628. ; <<>> DiG 9.11.3-1-Debian <<>> -x small-models.com
  629. ;; global options: +cmd
  630. ;; Got answer:
  631. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48176
  632. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  633.  
  634. ;; OPT PSEUDOSECTION:
  635. ; EDNS: version: 0, flags:; udp: 512
  636. ;; QUESTION SECTION:
  637. ;com.small-models.in-addr.arpa. IN  PTR
  638.  
  639. ;; AUTHORITY SECTION:
  640. in-addr.arpa.       3600    IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2018013379 1800 900 604800 3600
  641.  
  642. ;; Query time: 831 msec
  643. ;; SERVER: 10.211.254.254#53(10.211.254.254)
  644. ;; WHEN: Wed May 23 09:18:56 EDT 2018
  645. ;; MSG SIZE  rcvd: 126
  646.  
  647. dnsenum VERSION:1.2.4
  648.  
  649. -----   small-models.com   -----
  650.  
  651.  
  652. Host's addresses:
  653. __________________
  654.  
  655. small-models.com.                        40       IN    A        94.102.48.102
  656.  
  657.  
  658. Wildcard detection using: kypklkhxjjma
  659. _______________________________________
  660.  
  661. kypklkhxjjma.small-models.com.           300      IN    A        94.102.48.102
  662.  
  663.  
  664. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  665.  
  666.  Wildcards detected, all subdomains will point to the same IP address
  667.  Omitting results containing 94.102.48.102.
  668.  Maybe you are using OpenDNS servers.
  669.  
  670. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  671.  
  672.  
  673. Name Servers:
  674. ______________
  675.  
  676. pns22.cloudns.net.                       88324    IN    A        185.136.97.96
  677. ns24.cloudns.net.                        90362    IN    A        46.165.221.164
  678. ns22.cloudns.net.                        92119    IN    A        108.59.2.202
  679. pns24.cloudns.net.                       94960    IN    A        185.136.99.96
  680. pns23.cloudns.net.                       86395    IN    A        185.136.98.96
  681. pns21.cloudns.net.                       95505    IN    A        185.136.96.96
  682. pns28.cloudns.net.                       172800   IN    A        185.136.99.96
  683. pns25.cloudns.net.                       172800   IN    A        185.136.96.96
  684. pns27.cloudns.net.                       172800   IN    A        185.136.98.96
  685. ns21.cloudns.net.                        86005    IN    A        109.201.133.61
  686. ns23.cloudns.net.                        85470    IN    A        79.137.84.65
  687. pns26.cloudns.net.                       172800   IN    A        185.136.97.96
  688. pns30.cloudns.net.                       172800   IN    A        185.136.96.96
  689. pns29.cloudns.net.                       172800   IN    A        185.136.96.96
  690.  
  691.  
  692. Mail (MX) Servers:
  693. ___________________
  694.  
  695.  
  696.  
  697. Trying Zone Transfers and getting Bind Versions:
  698. _________________________________________________
  699.  
  700.  
  701. Trying Zone Transfer for small-models.com on pns23.cloudns.net ...
  702.  
  703. Trying Zone Transfer for small-models.com on pns21.cloudns.net ...
  704.  
  705. Trying Zone Transfer for small-models.com on pns28.cloudns.net ...
  706.  
  707. Trying Zone Transfer for small-models.com on ns24.cloudns.net ...
  708.  
  709. Trying Zone Transfer for small-models.com on pns25.cloudns.net ...
  710.  
  711. Trying Zone Transfer for small-models.com on pns27.cloudns.net ...
  712.  
  713. Trying Zone Transfer for small-models.com on ns21.cloudns.net ...
  714.  
  715. Trying Zone Transfer for small-models.com on pns24.cloudns.net ...
  716.  
  717. Trying Zone Transfer for small-models.com on ns23.cloudns.net ...
  718.  
  719. Trying Zone Transfer for small-models.com on pns22.cloudns.net ...
  720.  
  721. Trying Zone Transfer for small-models.com on pns26.cloudns.net ...
  722.  
  723. Trying Zone Transfer for small-models.com on pns30.cloudns.net ...
  724.  
  725. Trying Zone Transfer for small-models.com on ns22.cloudns.net ...
  726.  
  727. Trying Zone Transfer for small-models.com on pns29.cloudns.net ...
  728.  
  729. brute force file not specified, bay.
  730. #######################################################################################################################################
  731.    
  732. [-] Enumerating subdomains now for small-models.com
  733. [-] verbosity is enabled, will show the subdomains results in realtime
  734. [-] Searching now in Baidu..
  735. [-] Searching now in Yahoo..
  736. [-] Searching now in Google..
  737. [-] Searching now in Bing..
  738. [-] Searching now in Ask..
  739. [-] Searching now in Netcraft..
  740. [-] Searching now in DNSdumpster..
  741. [-] Searching now in Virustotal..
  742. [-] Searching now in ThreatCrowd..
  743. [-] Searching now in SSL Certificates..
  744. [-] Searching now in PassiveDNS..
  745. Virustotal: www.small-models.com
  746. Yahoo: www.small-models.com
  747. [-] Saving results to file: /usr/share/sniper/loot/small-models.com/domains/domains-small-models.com.txt
  748. [-] Total Unique Subdomains Found: 1
  749. www.small-models.com
  750. #######################################################################################################################################
  751.   ____ _____ ___  ______ _/ /_____  ____  ___
  752.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  753. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  754. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  755.         /_/  discover v0.5.0 - by @michenriksen
  756.  
  757. Identifying nameservers for small-models.com... Done
  758. Using nameservers:
  759.  
  760.  - 185.136.96.96
  761.  - 108.59.2.202
  762.  - 185.136.96.96
  763.  - 79.137.84.65
  764.  - 185.136.96.96
  765.  - 185.136.98.96
  766.  - 185.136.97.96
  767.  - 185.136.99.96
  768.  - 109.201.133.61
  769.  - 46.165.221.164
  770.  - 185.136.98.96
  771.  - 185.136.96.96
  772.  - 185.136.97.96
  773.  - 185.136.99.96
  774.  
  775. Checking for wildcard DNS... Wildcard detected!
  776. Identifying wildcard IPs... Done
  777. Filtering out hosts resolving to wildcard IPs
  778.  
  779. Running collector: DNSDB... Done (1 host)
  780. Running collector: Netcraft... Done (0 hosts)
  781. Running collector: Dictionary... Done (26 hosts)
  782. Running collector: Wayback Machine... Done (4 hosts)
  783. Running collector: Shodan... Skipped
  784.  -> Key 'shodan' has not been set
  785. Running collector: VirusTotal... Skipped
  786.  -> Key 'virustotal' has not been set
  787. Running collector: PublicWWW... Done (0 hosts)
  788. Running collector: Censys... Skipped
  789.  -> Key 'censys_secret' has not been set
  790. Running collector: Threat Crowd... Done (0 hosts)
  791. Running collector: Certificate Search... Done (0 hosts)
  792. Running collector: PTRArchive... Error
  793.  -> PTRArchive returned unexpected response code: 502
  794. Running collector: Riddler... Skipped
  795.  -> Key 'riddler_username' has not been set
  796. Running collector: PassiveTotal... Skipped
  797.  -> Key 'passivetotal_key' has not been set
  798. Running collector: HackerTarget... Done (1 host)
  799. Running collector: Google Transparency Report... Done (0 hosts)
  800.  
  801. Resolving 30 unique hosts...
  802.  
  803.  
  804. Wrote 0 hosts to:
  805.  
  806.  - file:///root/aquatone/small-models.com/hosts.txt
  807.  - file:///root/aquatone/small-models.com/hosts.json
  808.                            __
  809.   ____ _____ ___  ______ _/ /_____  ____  ___
  810.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  811. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  812. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  813.         /_/  takeover v0.5.0 - by @michenriksen
  814.  
  815. Loaded 0 hosts from /root/aquatone/small-models.com/hosts.json
  816. Loaded 25 domain takeover detectors
  817.  
  818. Identifying nameservers for small-models.com... Done
  819. Using nameservers:
  820.  
  821.  - 185.136.96.96
  822.  - 108.59.2.202
  823.  - 185.136.96.96
  824.  - 79.137.84.65
  825.  - 185.136.96.96
  826.  - 185.136.98.96
  827.  - 185.136.97.96
  828.  - 185.136.99.96
  829.  - 109.201.133.61
  830.  - 46.165.221.164
  831.  - 185.136.98.96
  832.  - 185.136.96.96
  833.  - 185.136.97.96
  834.  - 185.136.99.96
  835.  
  836. Checking hosts for domain takeover vulnerabilities...
  837.  
  838. Finished checking hosts:
  839.  
  840.  - Vulnerable     : 0
  841.  - Not Vulnerable : 0
  842.  
  843. Wrote 0 potential subdomain takeovers to:
  844.  
  845.  - file:///root/aquatone/small-models.com/takeovers.json
  846.  
  847.                            __
  848.   ____ _____ ___  ______ _/ /_____  ____  ___
  849.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  850. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  851. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  852.         /_/  scan v0.5.0 - by @michenriksen
  853.  
  854. Loaded 0 hosts from /root/aquatone/small-models.com/hosts.json
  855.  
  856. Probing 0 ports...
  857.  
  858. Wrote open ports to file:///root/aquatone/small-models.com/open_ports.txt
  859. Wrote URLs to file:///root/aquatone/small-models.com/urls.txt
  860.                            __
  861.   ____ _____ ___  ______ _/ /_____  ____  ___
  862.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  863. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  864. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  865.         /_/  gather v0.5.0 - by @michenriksen
  866.  
  867. Processing 0 pages...
  868.  
  869. Finished processing pages:
  870.  
  871.  - Successful : 0
  872.  - Failed     : 0
  873.  
  874. Generating report...done
  875. Report pages generated:
  876. #######################################################################################################################################
  877. Total hosts: 5
  878.  
  879. [-] Resolving hostnames IPs...
  880.  
  881. .small-models.com : empty
  882. www.small-models.com : 94.102.48.102
  883. #######################################################################################################################################
  884. PING small-models.com (94.102.48.102) 56(84) bytes of data.
  885. 64 bytes from server2.anonymous-hosting-service.com (94.102.48.102): icmp_seq=1 ttl=46 time=703 ms
  886.  
  887. --- small-models.com ping statistics ---
  888. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  889. rtt min/avg/max/mdev = 703.057/703.057/703.057/0.000 ms
  890. #######################################################################################################################################
  891. Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 09:24 EDT
  892. Nmap scan report for small-models.com (94.102.48.102)
  893. Host is up (0.56s latency).
  894. rDNS record for 94.102.48.102: server2.anonymous-hosting-service.com
  895. Not shown: 465 closed ports, 6 filtered ports
  896. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  897. PORT    STATE SERVICE
  898. 21/tcp  open  ftp
  899. 22/tcp  open  ssh
  900. 53/tcp  open  domain
  901. 80/tcp  open  http
  902. 111/tcp open  rpcbind
  903.  
  904. Nmap done: 1 IP address (1 host up) scanned in 8.42 seconds
  905. #######################################################################################################################################
  906. Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 09:24 EDT
  907. Nmap scan report for small-models.com (94.102.48.102)
  908. Host is up (0.64s latency).
  909. rDNS record for 94.102.48.102: server2.anonymous-hosting-service.com
  910.  
  911. PORT     STATE         SERVICE
  912. 53/udp   open          domain
  913. 67/udp   open|filtered dhcps
  914. 68/udp   open|filtered dhcpc
  915. 69/udp   open|filtered tftp
  916. 88/udp   open|filtered kerberos-sec
  917. 123/udp  open|filtered ntp
  918. 137/udp  open|filtered netbios-ns
  919. 138/udp  open|filtered netbios-dgm
  920. 139/udp  open|filtered netbios-ssn
  921. 161/udp  open|filtered snmp
  922. 162/udp  open|filtered snmptrap
  923. 389/udp  open|filtered ldap
  924. 520/udp  open|filtered route
  925. 2049/udp open|filtered nfs
  926.  
  927. Nmap done: 1 IP address (1 host up) scanned in 4.61 seconds
  928. #######################################################################################################################################
  929.  + -- --=[Port 21 opened... running tests...
  930. Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 09:24 EDT
  931. Nmap scan report for small-models.com (94.102.48.102)
  932. Host is up (0.11s latency).
  933. rDNS record for 94.102.48.102: server2.anonymous-hosting-service.com
  934.  
  935. PORT   STATE    SERVICE VERSION
  936. 21/tcp filtered ftp
  937. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  938. Device type: firewall|general purpose
  939. Running: Linux 2.4.X|2.6.X, ISS embedded
  940. OS CPE: cpe:/o:linux:linux_kernel:2.4.18 cpe:/h:iss:proventia_gx3002 cpe:/o:linux:linux_kernel:2.6.22
  941. OS details: ISS Proventia GX3002 firewall (Linux 2.4.18), Linux 2.6.22 (Debian 4.0)
  942.  
  943. TRACEROUTE (using proto 1/icmp)
  944. HOP RTT    ADDRESS
  945. 1   ... 30
  946.  
  947. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  948. Nmap done: 1 IP address (1 host up) scanned in 11.88 seconds
  949.  
  950. Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
  951. EFLAGS: 00010046
  952. eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
  953. esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
  954. ds: 0018   es: 0018  ss: 0018
  955. Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
  956.  
  957.  
  958. Stack: 90909090990909090990909090
  959.        90909090990909090990909090
  960.        90909090.90909090.90909090
  961.        90909090.90909090.90909090
  962.        90909090.90909090.09090900
  963.        90909090.90909090.09090900
  964.        ..........................
  965.        cccccccccccccccccccccccccc
  966.        cccccccccccccccccccccccccc
  967.        ccccccccc.................
  968.        cccccccccccccccccccccccccc
  969.        cccccccccccccccccccccccccc
  970.        .................ccccccccc
  971.        cccccccccccccccccccccccccc
  972.        cccccccccccccccccccccccccc
  973.        ..........................
  974.        ffffffffffffffffffffffffff
  975.        ffffffff..................
  976.        ffffffffffffffffffffffffff
  977.        ffffffff..................
  978.        ffffffff..................
  979.        ffffffff..................
  980.  
  981.  
  982. Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
  983. Aiee, Killing Interrupt handler
  984. Kernel panic: Attempted to kill the idle task!
  985. In swapper task - not syncing
  986.  
  987.  
  988.        =[ metasploit v4.16.57-dev                         ]
  989. + -- --=[ 1767 exploits - 1007 auxiliary - 307 post       ]
  990. + -- --=[ 537 payloads - 41 encoders - 10 nops            ]
  991. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  992.  
  993. RHOST => small-models.com
  994. RHOSTS => small-models.com
  995. [*] small-models.com:21 - Banner: 220 (vsFTPd 3.0.2)
  996. [*] small-models.com:21 - USER: 331 Please specify the password.
  997. [*] Exploit completed, but no session was created.
  998. [*] Started reverse TCP double handler on 10.211.1.5:4444
  999. [*] small-models.com:21 - Sending Backdoor Command
  1000. [*] Exploit completed, but no session was created.
  1001.  + -- --=[Port 22 opened... running tests...
  1002. # general
  1003. (gen) banner: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
  1004. (gen) software: OpenSSH 6.0p1
  1005. (gen) compatibility: OpenSSH 5.9-6.0, Dropbear SSH 2013.62+ (some functionality from 0.52)
  1006. (gen) compression: enabled (zlib@openssh.com)
  1007.  
  1008. # key exchange algorithms
  1009. (kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
  1010.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1011. (kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
  1012.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1013. (kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
  1014.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1015. (kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
  1016.                                             `- [info] available since OpenSSH 4.4
  1017. (kex) diffie-hellman-group-exchange-sha1    -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1018.                                             `- [warn] using weak hashing algorithm
  1019.                                             `- [info] available since OpenSSH 2.3.0
  1020. (kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
  1021.                                             `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  1022. (kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1023.                                             `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  1024.                                             `- [warn] using small 1024-bit modulus
  1025.                                             `- [warn] using weak hashing algorithm
  1026.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  1027.  
  1028. # host-key algorithms
  1029. (key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  1030. (key) ssh-dss                               -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
  1031.                                             `- [warn] using small 1024-bit modulus
  1032.                                             `- [warn] using weak random number generator could reveal the key
  1033.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  1034. (key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
  1035.                                             `- [warn] using weak random number generator could reveal the key
  1036.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1037.  
  1038. # encryption algorithms (ciphers)
  1039. (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  1040. (enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
  1041. (enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  1042. (enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1043.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1044.                                             `- [warn] using weak cipher
  1045.                                             `- [info] available since OpenSSH 4.2
  1046. (enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1047.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1048.                                             `- [warn] using weak cipher
  1049.                                             `- [info] available since OpenSSH 4.2
  1050. (enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1051.                                             `- [warn] using weak cipher mode
  1052.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  1053. (enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1054.                                             `- [warn] using weak cipher
  1055.                                             `- [warn] using weak cipher mode
  1056.                                             `- [warn] using small 64-bit block size
  1057.                                             `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  1058. (enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1059.                                             `- [fail] disabled since Dropbear SSH 0.53
  1060.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1061.                                             `- [warn] using weak cipher mode
  1062.                                             `- [warn] using small 64-bit block size
  1063.                                             `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  1064. (enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1065.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1066.                                             `- [warn] using weak cipher mode
  1067.                                             `- [warn] using small 64-bit block size
  1068.                                             `- [info] available since OpenSSH 2.1.0
  1069. (enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1070.                                             `- [warn] using weak cipher mode
  1071.                                             `- [info] available since OpenSSH 2.3.0
  1072. (enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1073.                                             `- [warn] using weak cipher mode
  1074.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  1075. (enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1076.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1077.                                             `- [warn] using weak cipher
  1078.                                             `- [info] available since OpenSSH 2.1.0
  1079. (enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1080.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1081.                                             `- [warn] using weak cipher mode
  1082.                                             `- [info] available since OpenSSH 2.3.0
  1083.  
  1084. # message authentication code algorithms
  1085. (mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1086.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1087.                                             `- [warn] using encrypt-and-MAC mode
  1088.                                             `- [warn] using weak hashing algorithm
  1089.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  1090. (mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
  1091.                                             `- [warn] using weak hashing algorithm
  1092.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  1093. (mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
  1094.                                             `- [warn] using small 64-bit tag size
  1095.                                             `- [info] available since OpenSSH 4.7
  1096. (mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
  1097.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  1098. (mac) hmac-sha2-256-96                      -- [fail] removed since OpenSSH 6.1, removed from specification
  1099.                                             `- [warn] using encrypt-and-MAC mode
  1100.                                             `- [info] available since OpenSSH 5.9
  1101. (mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
  1102.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  1103. (mac) hmac-sha2-512-96                      -- [fail] removed since OpenSSH 6.1, removed from specification
  1104.                                             `- [warn] using encrypt-and-MAC mode
  1105.                                             `- [info] available since OpenSSH 5.9
  1106. (mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1107.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1108.                                             `- [warn] using encrypt-and-MAC mode
  1109.                                             `- [info] available since OpenSSH 2.5.0
  1110. (mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1111.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1112.                                             `- [warn] using encrypt-and-MAC mode
  1113.                                             `- [info] available since OpenSSH 2.1.0
  1114. (mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1115.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1116.                                             `- [warn] using encrypt-and-MAC mode
  1117.                                             `- [warn] using weak hashing algorithm
  1118.                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  1119. (mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1120.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1121.                                             `- [warn] using encrypt-and-MAC mode
  1122.                                             `- [warn] using weak hashing algorithm
  1123.                                             `- [info] available since OpenSSH 2.5.0
  1124.  
  1125. # algorithm recommendations (for OpenSSH 6.0)
  1126. (rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove
  1127. (rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove
  1128. (rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove
  1129. (rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove
  1130. (rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove
  1131. (rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove
  1132. (rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove
  1133. (rec) -ssh-dss                              -- key algorithm to remove
  1134. (rec) -arcfour                              -- enc algorithm to remove
  1135. (rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove
  1136. (rec) -blowfish-cbc                         -- enc algorithm to remove
  1137. (rec) -3des-cbc                             -- enc algorithm to remove
  1138. (rec) -aes256-cbc                           -- enc algorithm to remove
  1139. (rec) -arcfour256                           -- enc algorithm to remove
  1140. (rec) -cast128-cbc                          -- enc algorithm to remove
  1141. (rec) -aes192-cbc                           -- enc algorithm to remove
  1142. (rec) -arcfour128                           -- enc algorithm to remove
  1143. (rec) -aes128-cbc                           -- enc algorithm to remove
  1144. (rec) -hmac-md5-96                          -- mac algorithm to remove
  1145. (rec) -hmac-sha2-256-96                     -- mac algorithm to remove
  1146. (rec) -hmac-ripemd160                       -- mac algorithm to remove
  1147. (rec) -hmac-sha1-96                         -- mac algorithm to remove
  1148. (rec) -umac-64@openssh.com                  -- mac algorithm to remove
  1149. (rec) -hmac-md5                             -- mac algorithm to remove
  1150. (rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove
  1151. (rec) -hmac-sha1                            -- mac algorithm to remove
  1152. (rec) -hmac-sha2-512-96                     -- mac algorithm to remove
  1153.  
  1154. Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 09:25 EDT
  1155. Nmap scan report for small-models.com (94.102.48.102)
  1156. Host is up (0.051s latency).
  1157. rDNS record for 94.102.48.102: server2.anonymous-hosting-service.com
  1158.  
  1159. PORT   STATE    SERVICE VERSION
  1160. 22/tcp filtered ssh
  1161. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1162. Device type: firewall|general purpose
  1163. Running: Linux 2.4.X|2.6.X, ISS embedded
  1164. OS CPE: cpe:/o:linux:linux_kernel:2.4.18 cpe:/h:iss:proventia_gx3002 cpe:/o:linux:linux_kernel:2.6.22
  1165. OS details: ISS Proventia GX3002 firewall (Linux 2.4.18), Linux 2.6.22 (Debian 4.0)
  1166.  
  1167. TRACEROUTE (using proto 1/icmp)
  1168. HOP RTT    ADDRESS
  1169. 1   ... 30
  1170.  
  1171. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1172. Nmap done: 1 IP address (1 host up) scanned in 11.90 seconds
  1173. IIIIII    dTb.dTb        _.---._
  1174.   II     4'  v  'B   .'"".'/|\`.""'.
  1175.   II     6.     .P  :  .' / | \ `.  :
  1176.   II     'T;. .;P'  '.'  /  |  \  `.'
  1177.   II      'T; ;P'    `. /   |   \ .'
  1178. IIIIII     'YvP'       `-.__|__.-'
  1179.  
  1180. I love shells --egypt
  1181.  
  1182.  
  1183.        =[ metasploit v4.16.57-dev                         ]
  1184. + -- --=[ 1767 exploits - 1007 auxiliary - 307 post       ]
  1185. + -- --=[ 537 payloads - 41 encoders - 10 nops            ]
  1186. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  1187.  
  1188. USER_FILE => /BruteX/wordlists/simple-users.txt
  1189. RHOSTS => small-models.com
  1190. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  1191. RHOST => small-models.com
  1192. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
  1193. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
  1194. [+] 94.102.48.102:22      - SSH server version: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6 ( service.version=6.0p1 openssh.comment=Debian-4+deb7u6 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH os.vendor=Debian os.device=General os.family=Linux os.product=Linux os.version=7.0 service.protocol=ssh fingerprint_db=ssh.banner )
  1195. [*] small-models.com:22   - Scanned 1 of 1 hosts (100% complete)
  1196. [*] Auxiliary module execution completed
  1197.  + -- --=[Port 23 closed... skipping.
  1198.  + -- --=[Port 25 closed... skipping.
  1199.  + -- --=[Port 53 opened... running tests...
  1200. Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 09:25 EDT
  1201. Nmap scan report for small-models.com (94.102.48.102)
  1202. Host is up (0.47s latency).
  1203. rDNS record for 94.102.48.102: server2.anonymous-hosting-service.com
  1204.  
  1205. PORT   STATE SERVICE VERSION
  1206. 53/tcp open  domain  ISC BIND 9.8.4-rpz2+rl005.12-P1
  1207. |_dns-fuzz: Server didn't response to our probe, can't fuzz
  1208. | dns-nsec-enum:
  1209. |_  No NSEC records found
  1210. | dns-nsec3-enum:
  1211. |_  DNSSEC NSEC3 not supported
  1212. | dns-nsid:
  1213. |_  bind.version: 9.8.4-rpz2+rl005.12-P1
  1214. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1215. Device type: WAP|general purpose
  1216. Running (JUST GUESSING): D-Link embedded (98%), TRENDnet embedded (98%), Linux 2.6.X (93%)
  1217. OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp cpe:/o:linux:linux_kernel:2.6
  1218. Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 2.6.18 - 2.6.22 (93%)
  1219. No exact OS matches for host (test conditions non-ideal).
  1220. Network Distance: 1 hop
  1221.  
  1222. Host script results:
  1223. | dns-blacklist:
  1224. |   SPAM
  1225. |_    l2.apews.org - SPAM
  1226. | dns-brute:
  1227. |_  DNS Brute-force hostnames: No results.
  1228.  
  1229. TRACEROUTE (using port 53/tcp)
  1230. HOP RTT       ADDRESS
  1231. 1   642.00 ms server2.anonymous-hosting-service.com (94.102.48.102)
  1232.  
  1233. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1234. Nmap done: 1 IP address (1 host up) scanned in 34.74 seconds
  1235.  + -- --=[Port 67 closed... skipping.
  1236.  + -- --=[Port 68 closed... skipping.
  1237.  + -- --=[Port 69 closed... skipping.
  1238.  + -- --=[Port 79 closed... skipping.
  1239.  + -- --=[Port 80 opened... running tests...
  1240. #######################################################################################################################################
  1241. + -- --=[Checking if X-Content options are enabled on small-models.com...
  1242.  
  1243. + -- --=[Checking if X-Frame options are enabled on small-models.com...
  1244.  
  1245. + -- --=[Checking if X-XSS-Protection header is enabled on small-models.com...
  1246.  
  1247. + -- --=[Checking HTTP methods on small-models.com...
  1248.  
  1249. + -- --=[Checking if TRACE method is enabled on small-models.com...
  1250.  
  1251. + -- --=[Checking for META tags on small-models.com...
  1252.     <meta charset="utf-8">
  1253.  
  1254. + -- --=[Checking for open proxy on small-models.com...
  1255. <html><body><h1>It works!</h1>
  1256. <p>This is the default web page for this server.</p>
  1257. <p>The web server software is running but no content has been added, yet.</p>
  1258. </body></html>
  1259.  
  1260. + -- --=[Enumerating software on small-models.com...
  1261. Server: nginx
  1262. X-Powered-By: PHP/5.4.45-0+deb7u11
  1263.  
  1264. + -- --=[Checking if Strict-Transport-Security is enabled on small-models.com...
  1265.  
  1266. + -- --=[Checking for Flash cross-domain policy on small-models.com...
  1267. index.html
  1268. + -- --=[Checking for Silverlight cross-domain policy on small-models.com...
  1269. index.html
  1270. + -- --=[Checking for HTML5 cross-origin resource sharing on small-models.com...
  1271.  
  1272. + -- --=[Retrieving robots.txt on small-models.com...
  1273. index.html
  1274. + -- --=[Retrieving sitemap.xml on small-models.com...
  1275. index.html
  1276. + -- --=[Checking cookie attributes on small-models.com...
  1277.  
  1278. + -- --=[Checking for ASP.NET Detailed Errors on small-models.com...
  1279. #######################################################################################################################################
  1280. --------------------------------------------------------------------------------------------------------------------------------------
  1281.  
  1282. [ ! ] Starting SCANNER INURLBR 2.1 at [23-05-2018 09:28:29]
  1283. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  1284. It is the end user's responsibility to obey all applicable local, state and federal laws.
  1285. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1286.  
  1287. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-small-models.com.txt  ]
  1288. [ INFO ][ DORK ]::[ site:small-models.com ]
  1289. [ INFO ][ SEARCHING ]:: {
  1290. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.gh ]
  1291.  
  1292. [ INFO ][ SEARCHING ]::
  1293. -[:::]
  1294. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  1295.  
  1296. [ INFO ][ SEARCHING ]::
  1297. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1298. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.il ID: 012347377894689429761:wgkj5jn9ee4 ]
  1299.  
  1300. [ INFO ][ SEARCHING ]::
  1301. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1302.  
  1303. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
  1304. [ INFO ] Not a satisfactory result was found!
  1305.  
  1306.  
  1307. [ INFO ] [ Shutting down ]
  1308. [ INFO ] [ End of process INURLBR at [23-05-2018 09:28:48]
  1309. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  1310. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-small-models.com.txt  ]
  1311. |_________________________________________________________________________________________
  1312.  
  1313. #######################################################################################################################################
  1314. [*] Performing General Enumeration of Domain: small-models.com
  1315. [!] Wildcard resolution is enabled on this domain
  1316. [!] It is resolving to 94.102.48.102
  1317. [!] All queries will resolve to this address!!
  1318. [-] DNSSEC is not configured for small-models.com
  1319. [*]      SOA ns21.cloudns.net 109.201.133.61
  1320. [*]      NS ns24.cloudns.net 46.165.221.164
  1321. [*]      Bind Version for 46.165.221.164 unknown
  1322. [*]      NS ns24.cloudns.net 2a00:c98:2030:a006:2::1
  1323. [*]      Bind Version for 2a00:c98:2030:a006:2::1 unknown
  1324. [*]      NS ns22.cloudns.net 108.59.2.202
  1325. [*]      Bind Version for 108.59.2.202 unknown
  1326. [*]      NS ns22.cloudns.net 2604:9a00:2100:a006:4::1
  1327. [*]      Bind Version for 2604:9a00:2100:a006:4::1 unknown
  1328. [*]      NS pns25.cloudns.net 185.136.96.96
  1329. [*]      Bind Version for 185.136.96.96 unknown
  1330. [*]      NS pns25.cloudns.net 2a06:fb00:1::1:96
  1331. [*]      Bind Version for 2a06:fb00:1::1:96 unknown
  1332. [*]      NS pns24.cloudns.net 185.136.99.96
  1333. [*]      Bind Version for 185.136.99.96 unknown
  1334. [*]      NS pns24.cloudns.net 2a06:fb00:1::4:96
  1335. [*]      Bind Version for 2a06:fb00:1::4:96 unknown
  1336. [*]      NS pns21.cloudns.net 185.136.96.96
  1337. [*]      Bind Version for 185.136.96.96 unknown
  1338. [*]      NS pns21.cloudns.net 2a06:fb00:1::1:96
  1339. [*]      Bind Version for 2a06:fb00:1::1:96 unknown
  1340. [*]      NS ns23.cloudns.net 79.137.84.65
  1341. [*]      Bind Version for 79.137.84.65 unknown
  1342. [*]      NS ns23.cloudns.net 2001:41d0:401:3100::5784
  1343. [*]      Bind Version for 2001:41d0:401:3100::5784 unknown
  1344. [*]      NS ns21.cloudns.net 109.201.133.61
  1345. [*]      Bind Version for 109.201.133.61 unknown
  1346. [*]      NS ns21.cloudns.net 2a00:1768:1001:9::21
  1347. [*]      Bind Version for 2a00:1768:1001:9::21 unknown
  1348. [*]      NS pns23.cloudns.net 185.136.98.96
  1349. [*]      Bind Version for 185.136.98.96 unknown
  1350. [*]      NS pns23.cloudns.net 2a06:fb00:1::3:96
  1351. [*]      Bind Version for 2a06:fb00:1::3:96 unknown
  1352. [*]      NS pns27.cloudns.net 185.136.98.96
  1353. [*]      Bind Version for 185.136.98.96 unknown
  1354. [*]      NS pns27.cloudns.net 2a06:fb00:1::3:96
  1355. [*]      Bind Version for 2a06:fb00:1::3:96 unknown
  1356. [*]      NS pns29.cloudns.net 185.136.96.96
  1357. [*]      Bind Version for 185.136.96.96 unknown
  1358. [*]      NS pns29.cloudns.net 2a06:fb00:1::1:96
  1359. [*]      Bind Version for 2a06:fb00:1::1:96 unknown
  1360. [*]      NS pns26.cloudns.net 185.136.97.96
  1361. [*]      Bind Version for 185.136.97.96 unknown
  1362. [*]      NS pns26.cloudns.net 2a06:fb00:1::2:96
  1363. [*]      Bind Version for 2a06:fb00:1::2:96 unknown
  1364. [*]      NS pns30.cloudns.net 185.136.96.96
  1365. [*]      Bind Version for 185.136.96.96 unknown
  1366. [*]      NS pns30.cloudns.net 2a06:fb00:1::1:96
  1367. [*]      Bind Version for 2a06:fb00:1::1:96 unknown
  1368. [*]      NS pns22.cloudns.net 185.136.97.96
  1369. [*]      Bind Version for 185.136.97.96 unknown
  1370. [*]      NS pns22.cloudns.net 2a06:fb00:1::2:96
  1371. [*]      Bind Version for 2a06:fb00:1::2:96 unknown
  1372. [*]      NS pns28.cloudns.net 185.136.99.96
  1373. [*]      Bind Version for 185.136.99.96 unknown
  1374. [*]      NS pns28.cloudns.net 2a06:fb00:1::4:96
  1375. [*]      Bind Version for 2a06:fb00:1::4:96 unknown
  1376. [-] Could not Resolve MX Records for small-models.com
  1377. [*]      A small-models.com 94.102.48.102
  1378. [*] Enumerating SRV Records
  1379. [-] No SRV Records Found for small-models.com
  1380. #######################################################################################################################################
  1381. [*] Processing domain small-models.com
  1382. [+] Getting nameservers
  1383. 46.165.221.164 - ns24.cloudns.net
  1384. 185.136.98.96 - pns27.cloudns.net
  1385. 185.136.96.96 - pns25.cloudns.net
  1386. 185.136.97.96 - pns22.cloudns.net
  1387. 185.136.99.96 - pns24.cloudns.net
  1388. 185.136.96.96 - pns30.cloudns.net
  1389. 108.59.2.202 - ns22.cloudns.net
  1390. 185.136.96.96 - pns29.cloudns.net
  1391. 79.137.84.65 - ns23.cloudns.net
  1392. 185.136.96.96 - pns21.cloudns.net
  1393. 185.136.98.96 - pns23.cloudns.net
  1394. 185.136.97.96 - pns26.cloudns.net
  1395. 185.136.99.96 - pns28.cloudns.net
  1396. 109.201.133.61 - ns21.cloudns.net
  1397. [-] Zone transfer failed
  1398. [+] Wildcard domain found - 94.102.48.102
  1399. [*] Scanning small-models.com for A records
  1400. #######################################################################################################################################
  1401. Original*      small-models.com     94.102.48.102 NS:ns21.cloudns.net
  1402. Omission       smallmodels.com      54.174.212.152 NS:ns1.namebrightdns.com
  1403. Subdomain      sm.all-models.com    141.8.230.2
  1404. Subdomain      smal.l-models.com    68.178.213.61
  1405. #######################################################################################################################################
  1406. Ip Address  Status  Type    Domain Name         Server
  1407. ----------  ------  ----    -----------         ------
  1408. 94.102.48.102           host    manager.small-models.com   
  1409. 94.102.48.102           host    nt.small-models.com    
  1410. 94.102.48.102   200     host    www.small-models.com        nginx
  1411. #######################################################################################################################################
  1412. ---------------------------------------------------------------------------------------------------------------------------------------
  1413. + Target IP:          94.102.48.102
  1414. + Target Hostname:    www.small-models.com
  1415. + Target Port:        80
  1416. + Start Time:         2018-05-23 10:18:55 (GMT-4)
  1417. ---------------------------------------------------------------------------------------------------------------------------------------
  1418. + Server: nginx
  1419. + Retrieved x-powered-by header: PHP/5.4.45-0+deb7u11
  1420. + The anti-clickjacking X-Frame-Options header is not present.
  1421. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1422. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1423. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  1424. #######################################################################################################################################
  1425.                                               HunterUnit JTSEC pedo link for save child full recon #73
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top