Ex

1. Site http://exsecret.com
2. Netblock Owner Cyber Cast International, S.A.
3. Domain exsecret.com
4. Nameserver ns1.cybercastco.com
5. IP address 190.97.166.197
6. DNS admin root@ccipanama.com
7. Reverse DNS host-190-97-166-197.ccipanama.com
8. Nameserver organisation whois.register.com
9. Hosting company cybercastco.com
10. Top Level Domain Commercial entities (.com)
11. Hosting country PA (Panama)
12. Linux
13. Apache 2.4.16 OpenSSL/1.0.1e-fips mod_bwlimited
14.  
15. Has MAJOR DNS issues hence the fucker keeps going down
16.  
17. TRACE method is enabled
18. TRACE /1P1FajA7Hb HTTP/1.1 Cookie: wfvt_1125249679=5682ea0774bf1 Host: exsecret.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
19.  
20. All run off the same ip 190.97.166.197 So if this ip is ddosed all these other services go down as well!!!
21. mysql.exsecret.com
22. www.exsecret.com
23. webmail.exsecret.com
24. server.exsecret.com
25. ftp.exsecret.com
26. mail.exsecret.com
27. lists.exsecret.com
28. exsecret.com
29.  
30. Admin Name: Santos Roberto (I think this is a smoke screen)
31. Admin Street: De heer Jan Voogt Overtoom 74 (Here I think is a mix of his name & address)
32. Admin City: Drachten
33. Admin State/Province: Holland
34. Admin Postal Code: 9203 PA
35. Admin Country: PH (This is bullshit)
36. Admin Phone: +639278243910 (I Think this is bullshit)
37. Admin Fax:
38. Admin Email: ex.secret@yahoo.com (Unverified)
39.  
40. These below are assuming his real name is Jan Voogt
41. Possible social media accounts
42. https://twitter.com/Jvoogt
43. https://twitter.com/JanVoogt
44. https://nl.linkedin.com/in/jan-voogt-37b93488/en
45.  
46. Possible email accounts
47. jan.voogt@gmail.com 
48. janvoogt@gmail.com 
49.  
50. List of open TCP ports
51.  
52. Open Port 21 / ftp
53. Port Banner:
54.  
55. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
56. 220-You are user number 1 of 50 allowed.
57. 220-Local time is now 15:15. Server port: 21.
58. 220-This is a private system - No anonymous login
59. 220-IPv6 connections are also welcome on this s ...
60. --------------------------------------------------------------------------------
61. Open Port 25 / smtp No port banner available.
62. --------------------------------------------------------------------------------
63. Open Port 53 / domain No port banner available.
64. --------------------------------------------------------------------------------
65. Open Port 80 / http
66. Port Banner:
67.  
68. HTTP/1.1 200 OK
69. Date: Tue, 29 Dec 2015 20:15:48 GMT
70. Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
71. Last-Modified: Sat, 22 Nov 2014 10:34:08 GMT
72. ETag: "12e18e1-d1-5087019eee800"
73. Accept-Ranges: bytes
74. Content-Length: 209
75. Conne ...
76. --------------------------------------------------------------------------------
77. Open Port 110 / pop3
78. Port Banner:
79.  
80. +OK Dovecot ready.
81. --------------------------------------------------------------------------------
82. Open Port 119 / nntp
83. Port Banner:
84.  
85. 400 Cannot connect to NNTP server 190.97.166.197 (190.97.166.197:119), connect error 10061
86. --------------------------------------------------------------------------------
87. Open Port 143 / imap
88. Port Banner:
89.  
90. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
91. --------------------------------------------------------------------------------
92. Open Port 443 / https
93. Port Banner:
94.  
95. HTTP/1.1 400 Bad Request
96. Date: Tue, 29 Dec 2015 20:16:38 GMT
97. Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
98. Accept-Ranges: bytes
99. Connection: close
100. Content-Type: text/html
101.  
102. <!DOCTYPE html>
103. <html>
104. <head>
105. <meta http ...
106. --------------------------------------------------------------------------------
107. Open Port 465 / smtps No port banner available.
108. --------------------------------------------------------------------------------
109. Open Port 563 / snews No port banner available.
110. --------------------------------------------------------------------------------
111. Open Port 587 / submission
112. Port Banner:
113.  
114. 220-shared-30.ccihosting.com ESMTP Exim 4.86 #2 Tue, 29 Dec 2015 15:17:01 -0500
115. 220-We do not authorize the use of this system to transport unsolicited,
116. 220 and/or bulk e-mail.
117. EHLO returns:
118. 250-shared-30.ccihosting.com Hello mtg95-h04-195-36-173-62.dsl.sta.abo.bbox.fr [195.36.173.62]
119. 250-SIZE 52428800
120. 250-8BITMIME
121. 250-PIPELINING
122. 250-AUTH PLAIN LOGIN
123. 250-STARTTLS
124. 250 HELP
125. HELP returns:
126. 214-Commands supported:
127. 214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
128. --------------------------------------------------------------------------------
129. Open Port 993 / imaps No port banner available.
130. --------------------------------------------------------------------------------
131. Open Port 995 / pop3s No port banner available.
132. --------------------------------------------------------------------------------
133. Open Port 3306 / mysql
134. Port Banner:
135. N###
136. 5.5.46-cll##4##dSU15T*q###################}Aky<]@fc?PT#mysql_native_password#
137. Server version: 5.5.46-cll
138. Protocol version: 10
139. Server capabilities: LONG_PASSWORD, FOUND_ROWS, LONG_FLAG, CONNECT_WITH_DB, NO_SCHEMA, COMPRESS, ODBC, LOCAL_FILES, IGNORE_SPACE, PROTOCOL_41, INTERACTIVE, IGNORE_SIGPIPE, TRANSACTIONS, SECURE_CONNECTION, MULTI_STATEMENTS
140. Language code: 8
141. Thread ID: 0xf3525
142. Status: AUTOCOMMIT
143. --------------------------------------------------------------------------------
144.  
145. Open Port 10000 / snet-sensor-mgmt No port banner available.