JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charl

1. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
2. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
3. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
4.  
5. http://www.americannaziparty.com/
6. americannaziparty.com
7.  
8. #######################################################################################################################################
9.  
10. whois americannaziparty.com
11. Domain Name: AMERICANNAZIPARTY.COM
12. Registry Domain ID: 9550948_DOMAIN_COM-VRSN
13. Registrar WHOIS Server: whois.dreamhost.com
14. Registrar URL: http://www.DreamHost.com
15. Updated Date: 2017-08-08T02:24:55Z
16. Creation Date: 1999-08-27T20:59:21Z
17. Registry Expiry Date: 2018-08-27T20:59:18Z
18. Registrar: DreamHost, LLC
19. Registrar IANA ID: 431
20. Registrar Abuse Contact Email:
21. Registrar Abuse Contact Phone:
22. Domain Status: ok https://icann.org/epp#ok
23. Name Server: NS1.DREAMHOST.COM
24. Name Server: NS2.DREAMHOST.COM
25. Name Server: NS3.DREAMHOST.COM
26. DNSSEC: unsigned
27.  
28.  
29. Domain Name: AMERICANNAZIPARTY.COM
30. Registry Domain ID: 9550948_DOMAIN_COM-VRSN
31. Registrar WHOIS Server: whois.dreamhost.com
32. Registrar URL: www.dreamhost.com
33. Updated Date: 2015-07-27T21:05:30.00Z
34. Creation Date: 1999-08-27T20:59:00.00Z
35. Registrar Registration Expiration Date: 2018-08-27T20:59:18.00Z
36. Registrar: DREAMHOST
37. Registrar IANA ID: 431
38. Domain Status: ok https://www.icann.org/epp#ok
39. Registry Registrant ID:
40. Registrant Name: PROXY PROTECTION LLC
41. Registrant Organization: PROXY PROTECTION LLC
42. Registrant Street: 417 ASSOCIATED RD #324
43. Registrant Street: C/O AMERICANNAZIPARTY.COM
44. Registrant City: BREA
45. Registrant State/Province: CA
46. Registrant Postal Code: 92821
47. Registrant Country: US
48. Registrant Phone: +1.7147064182
49. Registrant Phone Ext:
50. Registrant Fax:
51. Registrant Fax Ext:
52. Registrant Email: 8ZMB8WSMSWWVUQU@PROXY.DREAMHOST.COM
53. Registry Admin ID:
54. Admin Name: PROXY PROTECTION LLC
55. Admin Organization: PROXY PROTECTION LLC
56. Admin Street: 417 ASSOCIATED RD #324
57. Admin Street: C/O AMERICANNAZIPARTY.COM
58. Admin City: BREA
59. Admin State/Province: CA
60. Admin Postal Code: 92821
61. Admin Country: US
62. Admin Phone: +1.7147064182
63. Admin Phone Ext:
64. Admin Fax:
65. Admin Fax Ext:
66. Admin Email: GK7JRCFURSLEU2R@PROXY.DREAMHOST.COM
67. Registry Tech ID:
68. Tech Name: PROXY PROTECTION LLC
69. Tech Organization: PROXY PROTECTION LLC
70. Tech Street: 417 ASSOCIATED RD #324
71. Tech Street: C/O AMERICANNAZIPARTY.COM
72. Tech City: BREA
73. Tech State/Province: CA
74. Tech Postal Code: 92821
75. Tech Country: US
76. Tech Phone: +1.7147064182
77. Tech Phone Ext:
78. Tech Fax:
79. Tech Fax Ext:
80. Tech Email: GK7JRCFURSLEU2R@PROXY.DREAMHOST.COM
81. Name Server: NS1.DREAMHOST.COM
82. Name Server: NS2.DREAMHOST.COM
83. Name Server: NS3.DREAMHOST.COM
84. DNSSEC: unSigned
85. Registrar Abuse Contact Email: domain-abuse@dreamhost.com
86. Registrar Abuse Contact Phone: +1.2132719359
87.  
88.  
89. ;; ANSWER SECTION:
90. americannaziparty.com. 14400 IN A 66.33.207.59
91. americannaziparty.com. 14400 IN SOA ns1.dreamhost.com. hostmaster.dreamhost.com. 2017061500 19112 1800 1814400 14400
92. americannaziparty.com. 14400 IN MX 0 vade-in2.mail.dreamhost.com.
93. americannaziparty.com. 14400 IN MX 0 vade-in1.mail.dreamhost.com.
94. americannaziparty.com. 14400 IN NS ns2.dreamhost.com.
95. americannaziparty.com. 14400 IN NS ns1.dreamhost.com.
96. americannaziparty.com. 14400 IN NS ns3.dreamhost.com.
97.  
98. ;
99.  
100. #######################################################################################################################################
101.  
102. tcptraceroute -i eth0 americannaziparty.com
103.  
104. Running:
105. traceroute -T -O info -i eth0 americannaziparty.com
106. traceroute to americannaziparty.com (66.33.207.59), 30 hops max, 60 byte packets
107. 1 gateway (192.168.1.254) 0.535 ms 0.728 ms 0.893 ms
108. 2 10.135.18.1 (10.135.18.1) 9.387 ms 10.315 ms 19.352 ms
109. 3 75.154.223.222 (75.154.223.222) 29.810 ms 29.996 ms 30.065 ms
110. 4 v704.core1.nyc4.he.net (209.51.184.241) 30.207 ms 30.277 ms 30.337 ms
111. 5 100ge14-1.core1.tor1.he.net (184.105.80.10) 149.012 ms 149.023 ms 149.446 ms
112. 6 100ge6-1.core1.ywg1.he.net (184.105.64.102) 61.810 ms 62.196 ms 66.509 ms
113. 7 100ge10-1.core1.yyc1.he.net (184.105.222.98) 74.403 ms 74.383 ms 74.527 ms
114. 8 100ge10-2.core1.yvr1.he.net (184.105.64.113) 84.744 ms 84.745 ms 84.743 ms
115. 9 100ge10-2.core1.sea1.he.net (184.105.64.109) 88.755 ms 88.849 ms 88.898 ms
116. 10 100ge14-1.core1.pdx1.he.net (184.105.64.138) 90.466 ms 90.596 ms 90.535 ms
117. 11 dreamhost.10gigabitethernet10-5.core1.pdx1.he.net (65.49.80.226) 92.209 ms 92.259 ms 92.317 ms
118. 12 pdx1-cr-1.sd.dreamhost.com (66.33.200.2) 90.977 ms 91.047 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3) 91.433 ms
119. 13 pdx1-c1u56-acc.sd.dreamhost.com (66.33.200.17) 91.567 ms 92.048 ms 91.608 ms
120. 14 ds8317.dreamservers.com (66.33.207.59) <syn,ack> 91.197 ms 90.996 ms 91.221 ms
121.  
122.  
123. dnstracer americannaziparty.com
124.  
125. Tracing to americannaziparty.com[a] via 192.168.1.254, maximum of 3 retries
126. 192.168.1.254 (192.168.1.254) Got answer
127.  
128. #######################################################################################################################################
129.  
130.  
131. Checking for HTTP-Loadbalancing [Date]: 03:56:41, 03:56:41, 03:56:42, 03:56:43, 03:56:44, 03:56:44, 03:56:45, 03:56:45, 03:56:46, 03:56:47, 03:56:47, 03:56:48, 03:56:48, 03:56:49, 03:56:49, 03:56:50, 03:56:50, 03:56:51, 03:56:51, 03:56:52, 03:56:53, 03:56:53, 03:56:54, 03:56:55, 03:56:55, 03:56:56, 03:56:56, 03:56:57, 03:57:01, 03:57:07, 03:57:08, 03:57:10, 03:57:16, 03:57:16, 03:57:17, 03:57:17, 03:57:18, 03:57:22, 03:57:24, 03:57:28, 03:57:29, 03:57:29, 03:57:30, 03:57:30, 03:57:31, 03:57:33, 03:57:38, 03:57:43, 03:57:46, 03:57:52, NOT FOUND
132.  
133. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
134.  
135. americannaziparty.com does NOT use Load-balancing.
136.  
137. #######################################################################################################################################
138.  
139. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
140.  
141.  
142. #######################################################################################################################################
143.  
144. nmap -PN -n -F -T4 -sV -A -oG temp.txt americannaziparty.com
145.  
146. Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-12 23:58 EDT
147. Nmap scan report for americannaziparty.com (66.33.207.59)
148. Host is up (0.26s latency).
149. Not shown: 96 filtered ports
150. PORT STATE SERVICE VERSION
151. 21/tcp open ftp ProFTPD
152. 22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1.9 (Ubuntu Linux; protocol 2.0)
153. | ssh-hostkey:
154. | 1024 69:68:ba:0f:f2:c5:21:aa:c3:39:0b:a9:e3:73:44:52 (DSA)
155. |_ 2048 a7:20:a0:94:93:e6:0f:1c:87:4b:9f:e8:51:ef:39:ad (RSA)
156. 80/tcp open http Apache httpd
157. |_http-server-header: Apache
158. |_http-title: Did not follow redirect to http://www.americannaziparty.com/
159. 3306/tcp open mysql MySQL (unauthorized)
160. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
161. Device type: firewall|general purpose|media device
162. Running (JUST GUESSING): Linux 3.X|2.6.X (90%), IPCop 2.X (90%), Tiandy embedded (89%)
163. OS CPE: cpe:/o:linux:linux_kernel:3.4 cpe:/o:ipcop:ipcop:2 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.2
164. Aggressive OS guesses: IPCop 2 firewall (Linux 3.4) (90%), Linux 2.6.32 (89%), Linux 3.2 (89%), Tiandy NVR (89%), Linux 2.6.18 - 2.6.22 (86%)
165. No exact OS matches for host (test conditions non-ideal).
166. Network Distance: 19 hops
167. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
168.  
169. TRACEROUTE (using port 22/tcp)
170. HOP RTT ADDRESS
171. 1 112.12 ms 10.13.0.1
172. 2 112.57 ms 37.187.24.252
173. 3 112.14 ms 178.33.103.231
174. 4 113.37 ms 10.95.33.10
175. 5 218.05 ms 213.251.128.65
176. 6 218.02 ms 213.251.130.121
177. 7 217.99 ms 195.66.236.76
178. 8 218.04 ms 64.125.27.49
179. 9 218.08 ms 64.125.31.194
180. 10 243.95 ms 64.125.30.236
181. 11 244.75 ms 64.125.29.126
182. 12 245.01 ms 64.125.29.209
183. 13 244.25 ms 64.125.29.26
184. 14 244.01 ms 64.125.29.1
185. 15 244.30 ms 64.125.30.26
186. 16 261.21 ms 64.125.69.26
187. 17 260.53 ms 66.33.200.2
188. 18 ...
189. 19 261.20 ms 66.33.207.59
190.  
191. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
192. Nmap done: 1 IP address (1 host up) scanned in 37.31 seconds
193.  
194. #######################################################################################################################################
195.  
196. amap -i temp.txt
197. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-12 23:59:01 - APPLICATION MAPPING mode
198.  
199. Protocol on 66.33.207.59:3306/tcp matches mysql
200. Protocol on 66.33.207.59:3306/tcp matches mysql-secured
201. Protocol on 66.33.207.59:80/tcp matches http
202. Protocol on 66.33.207.59:21/tcp matches ftp
203. Protocol on 66.33.207.59:21/tcp matches smtp
204. Protocol on 66.33.207.59:80/tcp matches http-apache-2
205. Protocol on 66.33.207.59:22/tcp matches ssh
206. Protocol on 66.33.207.59:22/tcp matches ssh-openssh
207.  
208.  
209. NetRange: 66.33.192.0 - 66.33.223.255
210. CIDR: 66.33.192.0/19
211. NetName: DREAMHOST-BLK1
212. NetHandle: NET-66-33-192-0-1
213. Parent: NET66 (NET-66-0-0-0-0)
214. NetType: Direct Allocation
215. OriginAS:
216. Organization: New Dream Network, LLC (NDN)
217. RegDate: 2002-04-26
218. Updated: 2015-08-31
219. Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
220. Comment: ** For abuse issues, please contact abuse@dreamhost.com **
221. Ref: https://whois.arin.net/rest/net/NET-66-33-192-0-1
222.  
223.  
224. OrgName: New Dream Network, LLC
225. OrgId: NDN
226. Address: 417 Associated Rd.
227. Address: PMB #257
228. City: Brea
229. StateProv: CA
230. PostalCode: 92821
231. Country: US
232. RegDate: 2001-04-16
233. Updated: 2017-01-28
234. Comment: Address location was created regardless of geographic location.
235. Ref: https://whois.arin.net/rest/org/NDN
236.  
237.  
238. OrgNOCHandle: NETOP274-ARIN
239. OrgNOCName: NetOPs
240. OrgNOCPhone: +1-714-706-4182
241. OrgNOCEmail: netops@dreamhost.com
242. OrgNOCRef: https://whois.arin.net/rest/poc/NETOP274-ARIN
243.  
244. OrgAbuseHandle: DAT5-ARIN
245. OrgAbuseName: DreamHost Abuse Team
246. OrgAbusePhone: +1-714-706-4182
247. OrgAbuseEmail: abuse@dreamhost.com
248. OrgAbuseRef: https://whois.arin.net/rest/poc/DAT5-ARIN
249.  
250. OrgTechHandle: NETOP274-ARIN
251. OrgTechName: NetOPs
252. OrgTechPhone: +1-714-706-4182
253. OrgTechEmail: netops@dreamhost.com
254. OrgTechRef: https://whois.arin.net/rest/poc/NETOP274-ARIN
255.  
256.  
257. ftp.americannaziparty.com
258. IP address #1: 66.33.207.59
259.  
260. mail.americannaziparty.com
261. IP address #1: 69.163.253.7
262.  
263. ssh.americannaziparty.com
264. IP address #1: 66.33.207.59
265.  
266. webmail.americannaziparty.com
267. IP address #1: 208.97.187.139
268.  
269. www.americannaziparty.com
270. IPv6 address #1: 2400:cb00:2048:1::681b:89f4
271. IPv6 address #2: 2400:cb00:2048:1::681b:88f4
272.  
273. www.americannaziparty.com
274. IP address #1: 104.27.136.244
275. IP address #2: 104.27.137.244
276.  
277. [+] 6 (sub)domains and 8 IP address(es) found
278. +] Emails found:
279. ------------------
280. AXL@americannaziparty.com
281. advisoryboard@americannaziparty.com
282. axl@americannaziparty.com
283. outreach@americannaziparty.com
284. pixel-1502596637928337-web-@americannaziparty.com
285. pixel-1502596643824090-web-@americannaziparty.com
286. staff@americannaziparty.com
287. webmaster@americannaziparty.com
288.  
289. [+] Hosts found in search engines:
290. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
291. [-] Resolving hostnames IPs...
292. 208.97.187.139:webmail.americannaziparty.com
293. 104.27.136.244:www.americannaziparty.com
294. [+] Virtual hosts:
295. ==================
296. 208.97.187.139 offres.peugeot.fr
297. 208.97.187.139 www.qarson.fr
298. 208.97.187.139 www.auto-ies.com
299. 208.97.187.139 webmail.pasco.sante.gouv.km
300. 208.97.187.139 webmail.differentkindofsmart.com
301. 208.97.187.139 promopascher.com
302. 208.97.187.139 www.promoneuve.fr
303. 208.97.187.139 www.lacentrale.fr
304. 208.97.187.139 webmail.dreamhost.com
305. 104.27.136.244 www.city-life.fr
306. 104.27.136.244 nice.city-life
307. 104.27.136.244 johnmagna.com
308. 104.27.136.244 wwwhaodiaoxiu.com
309. 104.27.136.244 maidtocleanus.com
310. 104.27.136.244 www.rusticlens
311. 104.27.136.244 www.nailsaloninschaumburgil.com
312. 104.27.136.244 www.carserv.com
313. 104.27.136.244 www.controlsme.com
314. 104.27.136.244 dumpsterrentaloffer.com
315. 104.27.136.244 www.loveforsale
316. 104.27.136.244 bluecolibrifilm.com
317. 104.27.136.244 business-sherpa.com
318. 104.27.136.244 www.americannaziparty
319. 104.27.136.244 www.linkogre.com
320. 104.27.136.244 centsai.com
321. 104.27.136.244 fifty-shades-of-black.tk
322. 104.27.136.244 www.praneat.com
323. 104.27.136.244 www.rusticlens.com
324. 104.27.136.244 www.brandedresponse.us
325. 104.27.136.244 www.estatesalesinchattanoogatn.com
326. 104.27.136.244 www.prikaz-start.info
327. 104.27.136.244 nunslane.com
328. 104.27.136.244 www.frame-systems.com
329. 104.27.136.244 harvestoneagritech.com
330. 104.27.136.244 abiggeryou.site
331. 104.27.136.244 www.americannaziparty.com
332. 104.27.136.244 nunslane
333. 104.27.136.244 www.kostube.com
334. 104.27.136.244 www.susansretailreview.com
335. 104.27.136.244 www.loveforsale.org
336. 104.27.136.244 www.theseahawksfanstore.com
337. 104.27.136.244 thevalleyparkhotel
338. 104.27.136.244 milanlykeil.tk
339. 104.27.136.244 www.nowdll
340. 104.27.136.244 www.daymusik.tk
341. 104.27.136.244 cooldup2go.ga
342. 104.27.136.244 www.apartmentsbaska.com.hr
343. 104.27.136.244 www.fxgraphics.ca
344. 104.27.136.244 urlink.co
345. 104.27.136.244 kostube.com
346. 104.27.136.244 www.controls
347. 104.27.136.244 www.amilsaudesp.com
348. 104.27.136.244 coolxloadqdu.ga
349. 104.27.136.244 www.waffeninspektion.cx
350. 104.27.136.244 www.bluesmagfw.cf
351. 104.27.136.244 ssfonsterputs.se
352. 104.27.136.244 lankalisted.com
353. 104.27.136.244 www.libertyvilleteambuilding.com
354. 104.27.136.244 risttip.xyz
355. 104.27.136.244 atuttobio.altervista.org
356. 104.27.136.244 smuw.pl
357. 104.27.136.244 www.kotcunion.org
358. 104.27.136.244 www.nowdll.net
359. 104.27.136.244 www.memorycmj.com.br
360. 104.27.136.244 www.ce0001.com
361. 104.27.136.244 zinkkerkrade.nl
362. Warning: can't load Net::Whois::IP module, whois queries disabled.
363.  
364. ----- americannaziparty.com -----
365.  
366.  
367. Host's addresses:
368. __________________
369.  
370. americannaziparty.com. 14317 IN A 66.33.207.59
371.  
372.  
373. Name Servers:
374. ______________
375.  
376. ns3.dreamhost.com. 14400 IN A 66.33.205.230
377. ns2.dreamhost.com. 14400 IN A 208.97.182.10
378. ns1.dreamhost.com. 14400 IN A 64.90.62.230
379.  
380.  
381. Mail (MX) Servers:
382. ___________________
383.  
384. vade-in2.mail.dreamhost.com. 14400 IN A 66.33.205.213
385. vade-in1.mail.dreamhost.com. 14400 IN A 66.33.205.212
386.  
387. Google Results:
388. ________________
389.  
390. www.americannaziparty.com. 294 IN CNAME (
391. www.americannaziparty.com.cdn.cloudflare.net. 594 IN A 104.27.137.244
392. www.americannaziparty.com.cdn.cloudflare.net. 594 IN A 104.27.136.244
393. ---------------------------------------------------------------------------------------------------------------------------------------
394. + Target IP: 66.33.207.59
395. + Target Hostname: americannaziparty.com
396. + Target Port: 80
397. + Start Time: 2017-08-12 23:57:12 (GMT-4)
398. ---------------------------------------------------------------------------------------------------------------------------------------
399. + Server: Apache
400. + The anti-clickjacking X-Frame-Options header is not present.
401. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
402. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
403. + Root page / redirects to: http://www.americannaziparty.com/
404. + No CGI Directories found (use '-C all' to force check all possible dirs)
405. + Server leaks inodes via ETags, header found with file /com.cer, fields: 0x304 0x506c4687e0800
406. + ERROR: Error limit (20) reached for host, giving up. Last error:
407. + Scan terminated: 0 error(s) and 4 item(s) reported on remote host
408. + End Time: 2017-08-13 00:10:13 (GMT-4) (781 seconds)
409. ---------------------------------------------------------------------------------------------------------------------------------------
410. + 1 host(s) tested
411.  
412. stormfront.org
413.  
414. #######################################################################################################################################
415.  
416. whois stormfront.org
417. Domain Name: STORMFRONT.ORG
418. Registry Domain ID: D904136-LROR
419. Registrar WHOIS Server:
420. Registrar URL: http://www.networksolutions.com
421. Updated Date: 2017-05-31T20:28:37Z
422. Creation Date: 1995-01-11T05:00:00Z
423. Registry Expiry Date: 2018-01-10T05:00:00Z
424. Registrar Registration Expiration Date:
425. Registrar: Network Solutions, LLC
426. Registrar IANA ID: 2
427. Registrar Abuse Contact Email:
428. Registrar Abuse Contact Phone:
429. Reseller:
430. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
431. Registry Registrant ID: C150139027-LROR
432. Registrant Name: Perfect Privacy, LLC
433. Registrant Organization: Stormfront.org
434. Registrant Street: 12808 Gran Bay Parkway West
435. Registrant Street: care of Network Solutions
436. Registrant Street: PO Box 459
437. Registrant City: Jacksonville
438. Registrant State/Province: FL
439. Registrant Postal Code: 32258
440. Registrant Country: US
441. Registrant Phone: +1.5707088780
442. Registrant Phone Ext:
443. Registrant Fax:
444. Registrant Fax Ext:
445. Registrant Email: vz3wa47z3y5@networksolutionsprivateregistration.com
446. Registry Admin ID: C150139026-LROR
447. Admin Name: Perfect Privacy, LLC
448. Admin Organization: NO ORG NAME
449. Admin Street: 12808 Gran Bay Parkway West
450. Admin Street: care of Network Solutions
451. Admin Street: PO Box 459
452. Admin City: Jacksonville
453. Admin State/Province: FL
454. Admin Postal Code: 32258
455. Admin Country: US
456. Admin Phone: +1.5707088780
457. Admin Phone Ext:
458. Admin Fax:
459. Admin Fax Ext:
460. Admin Email: ah67f8w93ux@networksolutionsprivateregistration.com
461. Registry Tech ID: C150139026-LROR
462. Tech Name: Perfect Privacy, LLC
463. Tech Organization: NO ORG NAME
464. Tech Street: 12808 Gran Bay Parkway West
465. Tech Street: care of Network Solutions
466. Tech Street: PO Box 459
467. Tech City: Jacksonville
468. Tech State/Province: FL
469. Tech Postal Code: 32258
470. Tech Country: US
471. Tech Phone: +1.5707088780
472. Tech Phone Ext:
473. Tech Fax:
474. Tech Fax Ext:
475. Tech Email: ah67f8w93ux@networksolutionsprivateregistration.com
476. Name Server: DAVE.NS.CLOUDFLARE.COM
477. Name Server: LINDA.NS.CLOUDFLARE.COM
478.  
479. ; <<>> DiG 9.10.3-P4-Debian <<>> stormfront.org any
480. ;; global options: +cmd
481. ;; Got answer:
482. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1164
483. ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
484.  
485. ;; OPT PSEUDOSECTION:
486. ; EDNS: version: 0, flags:; udp: 4096
487. ;; QUESTION SECTION:
488. ;stormfront.org. IN ANY
489.  
490. ;; ANSWER SECTION:
491. stormfront.org. 3789 IN RRSIG HINFO 13 2 3789 20170814050741 20170812030741 35273 stormfront.org. 8RUowiI5pxD9E1XrynG9P+BxgjXIfkMaPPcwUPKh3N7e/1xcuD5ZH97u uUO08R8m5LotTp/mQpkuCkFHZJpfFg==
492. stormfront.org. 3789 IN HINFO "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
493. stormfront.org. 45548 IN NS dave.ns.cloudflare.com.
494. stormfront.org. 45548 IN NS linda.ns.cloudflare.com.
495.  
496. ;; Query time: 33 msec
497. ;; SERVER: 192.168.1.254#53(192.168.1.254)
498. ;; WHEN: Sun Aug 13 00:07:37 EDT 2017
499. ;; MSG SIZE rcvd: 267
500.  
501. #######################################################################################################################################
502.  
503. host -l stormfront.org
504.  
505. ;; Connection to 192.168.1.254#53(192.168.1.254) for stormfront.org failed: connection refused.
506. Host stormfront.org not found: 9(NOTAUTH)
507. ; Transfer failed.
508.  
509. #######################################################################################################################################
510.  
511. tcptraceroute -i eth0 stormfront.org
512.  
513. Running:
514. traceroute -T -O info -i eth0 stormfront.org
515. traceroute to stormfront.org (104.20.32.134), 30 hops max, 60 byte packets
516. 1 gateway (192.168.1.254) 0.495 ms 0.703 ms 0.871 ms
517. 2 10.135.18.1 (10.135.18.1) 7.088 ms 7.551 ms 8.206 ms
518. 3 NYCMNYCIZR01.bb.telus.com (75.154.223.248) 29.541 ms 29.963 ms 30.028 ms
519. 4 de-cix-new-york.as13335.net (206.130.10.31) 30.539 ms 30.697 ms 30.763 ms
520. 5 104.20.32.134 (104.20.32.134) <syn,ack> 31.247 ms 31.410 ms 31.532 ms
521.  
522.  
523. #######################################################################################################################################
524.  
525. dnstracer stormfront.org
526.  
527. Tracing to stormfront.org[a] via 192.168.1.254, maximum of 3 retries
528. 192.168.1.254 (192.168.1.254) Got answer
529.  
530. Checking for HTTP-Loadbalancing [Date]: 04:08:05, 04:08:05, 04:08:05, 04:08:05, 04:08:06, 04:08:06, 04:08:06, 04:08:06, 04:08:07, 04:08:07, 04:08:07, 04:08:07, 04:08:08, 04:08:08, 04:08:08, 04:08:08, 04:08:09, 04:08:09, 04:08:09, 04:08:09, 04:08:10, 04:08:10, 04:08:10, 04:08:10, 04:08:11, 04:08:11, 04:08:11, 04:08:11, 04:08:12, 04:08:12, 04:08:12, 04:08:12, 04:08:13, 04:08:13, 04:08:13, 04:08:13, 04:08:14, 04:08:14, 04:08:14, 04:08:15, 04:08:15, 04:08:15, 04:08:15, 04:08:16, 04:08:16, 04:08:16, 04:08:16, 04:08:17, 04:08:17, 04:08:17, NOT FOUND
531.  
532. Checking for HTTP-Loadbalancing [Diff]: FOUND
533. < Expires: Sun, 13 Aug 2017 04:08:32 GMT
534. > Expires: Sun, 13 Aug 2017 04:08:33 GMT
535. < CF-RAY: 38d8cff7c3e11037-CDG
536. > CF-RAY: 38d8cff9562d68ae-CDG
537.  
538. s
539. Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-13 00:08 EDT
540. Nmap scan report for stormfront.org (104.20.32.134)
541. Host is up (0.21s latency).
542. Other addresses for stormfront.org (not scanned): 2400:cb00:2048:1::6814:1e86 2400:cb00:2048:1::6814:2086 104.20.30.134
543. Not shown: 96 filtered ports
544. PORT STATE SERVICE VERSION
545. 80/tcp open http Cloudflare nginx
546. |_http-server-header: cloudflare-nginx
547. |_http-title: Did not follow redirect to https://stormfront.org/
548. 443/tcp open ssl/http cloudflare-nginx
549. |_http-server-header: cloudflare-nginx
550. |_http-title: 400 The plain HTTP request was sent to HTTPS port
551. | ssl-cert: Subject: commonName=ssl418832.cloudflaressl.com
552. | Subject Alternative Name: DNS:ssl418832.cloudflaressl.com, DNS:*.stormfront.org, DNS:stormfront.org
553. | Not valid before: 2017-04-08T00:00:00
554. |_Not valid after: 2017-10-15T23:59:59
555. |_ssl-date: 2017-08-13T04:09:20+00:00; +3s from scanner time.
556. | tls-nextprotoneg:
557. | h2
558. | spdy/3.1
559. |_ http/1.1
560. 8080/tcp open http Cloudflare nginx
561. |_http-server-header: cloudflare-nginx
562. |_http-title: Did not follow redirect to https://stormfront.org/
563. 8443/tcp open ssl/http cloudflare-nginx
564. |_http-server-header: cloudflare-nginx
565. |_http-title: 400 The plain HTTP request was sent to HTTPS port
566. | ssl-cert: Subject: commonName=ssl418832.cloudflaressl.com
567. | Subject Alternative Name: DNS:ssl418832.cloudflaressl.com, DNS:*.stormfront.org, DNS:stormfront.org
568. | Not valid before: 2017-04-08T00:00:00
569. |_Not valid after: 2017-10-15T23:59:59
570. |_ssl-date: 2017-08-13T04:09:29+00:00; +3s from scanner time.
571. | tls-nextprotoneg:
572. | h2
573. | spdy/3.1
574. |_ http/1.1
575. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
576. Device type: general purpose
577. Running (JUST GUESSING): Linux 3.X|2.6.X (88%)
578. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
579. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%)
580. No exact OS matches for host (test conditions non-ideal).
581. Network Distance: 10 hops
582.  
583. Host script results:
584. |_clock-skew: mean: 2s, deviation: 0s, median: 2s
585.  
586. TRACEROUTE (using port 443/tcp)
587. HOP RTT ADDRESS
588. 1 1092.98 ms 10.13.0.1
589. 2 1102.00 ms 37.187.24.252
590. 3 1097.71 ms 178.33.103.231
591. 4 ... 9
592. 10 1105.53 ms 104.20.32.134
593.  
594. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
595. Nmap done: 1 IP address (1 host up) scanned in 89.35 seconds
596.  
597. #######################################################################################################################################
598.  
599. amap -i temp.txt
600. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-13 00:09:43 - APPLICATION MAPPING mode
601.  
602. Protocol on 104.20.32.134:80/tcp matches http
603. Protocol on 104.20.32.134:443/tcp matches http
604. Protocol on 104.20.32.134:8080/tcp matches http
605. Protocol on 104.20.32.134:8443/tcp matches http
606. Protocol on 104.20.32.134:8443/tcp matches ssl
607. Protocol on 104.20.32.134:443/tcp matches ssl
608.  
609.  
610. NetRange: 104.16.0.0 - 104.31.255.255
611. CIDR: 104.16.0.0/12
612. NetName: CLOUDFLARENET
613. NetHandle: NET-104-16-0-0-1
614. Parent: NET104 (NET-104-0-0-0-0)
615. NetType: Direct Assignment
616. OriginAS: AS13335
617. Organization: Cloudflare, Inc. (CLOUD14)
618. RegDate: 2014-03-28
619. Updated: 2017-02-17
620. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
621. Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
622.  
623.  
624.  
625. OrgName: Cloudflare, Inc.
626. OrgId: CLOUD14
627. Address: 101 Townsend Street
628. City: San Francisco
629. StateProv: CA
630. PostalCode: 94107
631. Country: US
632. RegDate: 2010-07-09
633. Updated: 2017-02-17
634. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
635. Ref: https://whois.arin.net/rest/org/CLOUD14
636.  
637.  
638. OrgAbuseHandle: ABUSE2916-ARIN
639. OrgAbuseName: Abuse
640. OrgAbusePhone: +1-650-319-8930
641. OrgAbuseEmail: abuse@cloudflare.com
642. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
643.  
644. OrgTechHandle: ADMIN2521-ARIN
645. OrgTechName: Admin
646. OrgTechPhone: +1-650-319-8930
647. OrgTechEmail: admin@cloudflare.com
648. OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
649.  
650. OrgNOCHandle: NOC11962-ARIN
651. OrgNOCName: NOC
652. OrgNOCPhone: +1-650-319-8930
653. OrgNOCEmail: noc@cloudflare.com
654. OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
655.  
656. RAbuseHandle: ABUSE2916-ARIN
657. RAbuseName: Abuse
658. RAbusePhone: +1-650-319-8930
659. RAbuseEmail: abuse@cloudflare.com
660. RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
661.  
662. RTechHandle: ADMIN2521-ARIN
663. RTechName: Admin
664. RTechPhone: +1-650-319-8930
665. RTechEmail: admin@cloudflare.com
666. RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
667.  
668. RNOCHandle: NOC11962-ARIN
669. RNOCName: NOC
670. RNOCPhone: +1-650-319-8930
671. RNOCEmail: noc@cloudflare.com
672. RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
673.  
674. www.stormfront.org
675. IPv6 address #1: 2400:cb00:2048:1::6814:1e86
676. IPv6 address #2: 2400:cb00:2048:1::6814:2086
677.  
678. www.stormfront.org
679. IP address #1: 104.20.30.134
680. IP address #2: 104.20.32.134
681.  
682. [+] 2 (sub)domains and 4 IP address(es) found
683. +] Emails found:
684. ------------------
685. bjorno@stormfront.org
686. dblack@mail.stormfront.org
687. don.black@stormfront.org
688. tintin@stormfront.org
689. vincent.breeding@stormfront.org
690.  
691. [+] Hosts found in search engines:
692. ------------------------------------
693. [-] Resolving hostnames IPs...
694. 104.20.30.134:www.stormfront.org
695. [+] Virtual hosts:
696. ==================
697. 104.20.30.134 www.lacentrale.fr
698. 104.20.30.134 www.murprotec.fr
699. 104.20.30.134 www.newpharma.fr
700. 104.20.30.134 www.PrixMoinsCher.com
701. 104.20.30.134 www.amazon.fr
702. ----- stormfront.org -----
703.  
704.  
705. Host's addresses:
706. __________________
707.  
708. stormfront.org. 237 IN A 104.20.30.134
709. stormfront.org. 237 IN A 104.20.32.134
710.  
711.  
712. Name Servers:
713. ______________
714.  
715. dave.ns.cloudflare.com. 20585 IN A 173.245.59.109
716. linda.ns.cloudflare.com. 86400 IN A 173.245.58.250
717.  
718.  
719. Mail (MX) Servers:
720. ___________________
721.  
722. saga.stormfront.org. 300 IN A 192.169.81.166
723.  
724.  
725.  
726. Google Results:
727. ________________
728.  
729. www.stormfront.org. 297 IN A 104.20.32.134
730. www.stormfront.org. 297 IN A 104.20.30.134
731.  
732. brute force file not specified, bay
733. - Nikto v2.1.6
734. ---------------------------------------------------------------------------------------------------------------------------------------
735. + Target IP: 104.20.30.134
736. + Target Hostname: stormfront.org
737. + Target Port: 80
738. + Start Time: 2017-08-13 01:37:17 (GMT-4)
739. ---------------------------------------------------------------------------------------------------------------------------------------
740. + Server: cloudflare-nginx
741. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
742. + Uncommon header 'cf-ray' found, with contents: 38d9526c95836932-CDG
743. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Operation now in progress
744. + Scan terminated: 20 error(s) and 2 item(s) reported on remote host
745. + End Time: 2017-08-13 01:46:46 (GMT-4) (569 seconds)
746. ---------------------------------------------------------------------------------------------------------------------------------------
747.  
748.  
749. npiamerica.org
750.  
751. #######################################################################################################################################
752.  
753. whois npiamerica.org
754. Domain Name: NPIAMERICA.ORG
755. Registry Domain ID: D162850178-LROR
756. Registrar WHOIS Server:
757. Registrar URL: http://www.tucows.com
758. Updated Date: 2017-03-13T04:58:21Z
759. Creation Date: 2011-07-22T18:34:06Z
760. Registry Expiry Date: 2019-07-22T18:34:06Z
761. Registrar Registration Expiration Date:
762. Registrar: Tucows Inc.
763. Registrar IANA ID: 69
764. Registrar Abuse Contact Email:
765. Registrar Abuse Contact Phone:
766. Reseller:
767. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
768. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
769. Registry Registrant ID: C140762647-LROR
770. Registrant Name: Contact Privacy Inc. Customer 0135276165
771. Registrant Organization: Contact Privacy Inc. Customer 0135276165
772. Registrant Street: 96 Mowat Ave
773. Registrant City: Toronto
774. Registrant State/Province: ON
775. Registrant Postal Code: M6K3M1
776. Registrant Country: CA
777. Registrant Phone: +1.4165385457
778. Registrant Phone Ext:
779. Registrant Fax:
780. Registrant Fax Ext:
781. Registrant Email: npiamerica.org@contactprivacy.com
782. Registry Admin ID: C140762647-LROR
783. Admin Name: Contact Privacy Inc. Customer 0135276165
784. Admin Organization: Contact Privacy Inc. Customer 0135276165
785. Admin Street: 96 Mowat Ave
786. Admin City: Toronto
787. Admin State/Province: ON
788. Admin Postal Code: M6K3M1
789. Admin Country: CA
790. Admin Phone: +1.4165385457
791. Admin Phone Ext:
792. Admin Fax:
793. Admin Fax Ext:
794. Admin Email: npiamerica.org@contactprivacy.com
795. Registry Tech ID: C140762647-LROR
796. Tech Name: Contact Privacy Inc. Customer 0135276165
797. Tech Organization: Contact Privacy Inc. Customer 0135276165
798. Tech Street: 96 Mowat Ave
799. Tech City: Toronto
800. Tech State/Province: ON
801. Tech Postal Code: M6K3M1
802. Tech Country: CA
803. Tech Phone: +1.4165385457
804. Tech Phone Ext:
805. Tech Fax:
806. Tech Fax Ext:
807. Tech Email: npiamerica.org@contactprivacy.com
808. Name Server: NS1.HOVER.COM
809. Name Server: NS2.HOVER.COM
810. IN ANY
811.  
812. ;; ANSWER SECTION:
813. npiamerica.org. 892 IN MX 10 mx.hover.com.cust.hostedemail.com.
814. npiamerica.org. 892 IN A 65.39.205.61
815. npiamerica.org. 892 IN NS ns2.hover.com.
816. npiamerica.org. 892 IN NS ns1.hover.com.
817.  
818. ;; Query time: 8 msec
819. ;; SERVER: 192.168.1.254#53(192.168.1.254)
820. ;; WHEN: Sun Aug 13 00:16:19 EDT 2017
821. ;; MSG SIZE rcvd: 150
822.  
823. #######################################################################################################################################
824.  
825. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
826.  
827.  
828. #######################################################################################################################################
829.  
830. tcptraceroute -i eth0 npiamerica.org
831.  
832. Running:
833. traceroute -T -O info -i eth0 npiamerica.org
834. traceroute to npiamerica.org (65.39.205.61), 30 hops max, 60 byte packets
835. 1 gateway (192.168.1.254) 0.505 ms 0.706 ms 0.868 ms
836. 2 10.135.18.1 (10.135.18.1) 13.157 ms 16.090 ms 16.554 ms
837. 3 75.154.223.222 (75.154.223.222) 29.631 ms 29.689 ms 29.746 ms
838. 4 ix-xe-1-0-1-0.tcore1.N75-New-York.as6453.net (66.110.96.1) 30.283 ms 30.428 ms 30.491 ms
839. 5 if-ae-12-2.tcore2.NTO-New-York.as6453.net (66.110.96.6) 36.224 ms 36.689 ms 36.690 ms
840. 6 if-ae-30-2.tcore1.AEQ-Ashburn.as6453.net (63.243.216.21) 45.616 ms 40.112 ms 40.516 ms
841. 7 66.198.154.66 (66.198.154.66) 34.540 ms 35.776 ms 34.203 ms
842. 8 a209-200-144-192.deploy.static.akamaitechnologies.com (209.200.144.192) 34.088 ms a209-200-144-194.deploy.static.akamaitechnologies.com (209.200.144.194) 34.460 ms a209-200-144-200.deploy.static.akamaitechnologies.com (209.200.144.200) 34.295 ms
843. 9 a209-200-144-205.deploy.static.akamaitechnologies.com (209.200.144.205) 36.467 ms 36.290 ms a209-200-144-197.deploy.static.akamaitechnologies.com (209.200.144.197) 36.560 ms
844. 10 a209-200-169-128.deploy.static.akamaitechnologies.com (209.200.169.128) 70.164 ms 70.079 ms a209-200-148-130.deploy.static.akamaitechnologies.com (209.200.148.130) 64.941 ms
845. 11 8.36.86.74 (8.36.86.74) 70.985 ms 71.060 ms 8.36.86.73 (8.36.86.73) 71.656 ms
846. 12 8.36.86.9 (8.36.86.9) 66.241 ms 198.185.159.9 (198.185.159.9) 67.692 ms 8.36.86.9 (8.36.86.9) 66.303 ms
847. 13 65.39.205.61 (65.39.205.61) <syn,ack> 66.198 ms 65.550 ms 64.580 ms
848.  
849. #######################################################################################################################################
850.  
851. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
852.  
853. #######################################################################################################################################
854.  
855. dnstracer npiamerica.org
856.  
857. Tracing to npiamerica.org[a] via 192.168.1.254, maximum of 3 retries
858. 192.168.1.254 (192.168.1.254) Got answer
859.  
860. Checking for HTTP-Loadbalancing [Date]: , ./lbd.sh: ligne 103: * 3600 + * 60 + : erreur de syntaxe : opérande attendu (le symbole erroné est « * 3600 + * 60 +  »)
861.  
862. Checking for HTTP-Loadbalancing [Diff]: FOUND
863. < date: Sun, 13 Aug 2017 04:17:25 UTC
864. < x-contextid: Jhonzr7u/ILgtNfMK
865. < x-via: 1.0 echo025
866. > date: Sun, 13 Aug 2017 04:17:26 UTC
867. > x-contextid: BGiHlEoD/Od0egifP
868. > x-via: 1.0 echo029
869.  
870. npiamerica.org does Load-balancing. Found via Methods: HTTP[Diff]
871.  
872. #######################################################################################################################################
873. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
874.  
875.  
876. #######################################################################################################################################
877.  
878. nmap -PN -n -F -T4 -sV -A -oG temp.txt npiamerica.org
879.  
880. Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-13 00:17 EDT
881. WARNING: Service 65.39.205.61:80 had already soft-matched rtsp, but now soft-matched sip; ignoring second value
882. WARNING: Service 65.39.205.61:443 had already soft-matched rtsp, but now soft-matched sip; ignoring second value
883. Nmap scan report for npiamerica.org (65.39.205.61)
884. Host is up (0.26s latency).
885. Not shown: 98 filtered ports
886. PORT STATE SERVICE VERSION
887. 80/tcp open rtsp
888. | fingerprint-strings:
889. | GetRequest:
890. | HTTP/1.0 400 Bad Request
891. | content-length: 378
892. | x-synthetic: true
893. | expires: Thu, 01 Jan 1970 00:00:00 UTC
894. | pragma: no-cache
895. | cache-control: no-cache, must-revalidate
896. | content-type: text/html; charset=UTF-8
897. | connection: close
898. | date: Sun, 13 Aug 2017 04:17:40 UTC
899. | x-contextid: w3LkUg53/gvLVSOxK
900. | x-via: 1.0 echo024
901. | <html>
902. | <head>
903. | <title>400 Bad Request</title>
904. | <style> body { background-color: #F2F2F2; color: #3E3E3E; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; } pre { word-wrap: break-word; } </style>
905. | </head>
906. | <body>
907. | <h1>400 Bad Request</h1>
908. | <p><pre>w3LkUg53/gvLVSOxK @ Sun, 13 Aug 2017 04:17:40 GMT</pre>
909. | <p><pre>SEC-43</pre>
910. | <p><pre></pre>
911. | </body>
912. | </html>
913. | HTTPOptions:
914. | HTTP/1.0 400 Bad Request
915. | content-length: 378
916. | x-synthetic: true
917. | expires: Thu, 01 Jan 1970 00:00:00 UTC
918. | pragma: no-cache
919. | cache-control: no-cache, must-revalidate
920. | content-type: text/html; charset=UTF-8
921. | connection: close
922. | date: Sun, 13 Aug 2017 04:17:40 UTC
923. | x-contextid: Kr95wT83/kkbqv2Xj
924. | x-via: 1.0 echo019
925. | <html>
926. | <head>
927. | <title>400 Bad Request</title>
928. | <style> body { background-color: #F2F2F2; color: #3E3E3E; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; } pre { word-wrap: break-word; } </style>
929. | </head>
930. | <body>
931. | <h1>400 Bad Request</h1>
932. | <p><pre>Kr95wT83/kkbqv2Xj @ Sun, 13 Aug 2017 04:17:40 GMT</pre>
933. | <p><pre>SEC-43</pre>
934. | <p><pre></pre>
935. | </body>
936. | </html>
937. | RTSPRequest:
938. | RTSP/1.0 501 Not Implemented
939. | content-length: 386
940. | x-synthetic: true
941. | expires: Thu, 01 Jan 1970 00:00:00 UTC
942. | pragma: no-cache
943. | cache-control: no-cache, must-revalidate
944. | content-type: text/html; charset=UTF-8
945. | connection: close
946. | date: Sun, 13 Aug 2017 04:17:41 UTC
947. | x-contextid: MZO9tPD1/Aj6agbVO
948. | <html>
949. | <head>
950. | <title>501 Not Implemented</title>
951. | <style> body { background-color: #F2F2F2; color: #3E3E3E; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; } pre { word-wrap: break-word; } </style>
952. | </head>
953. | <body>
954. | <h1>501 Not Implemented</h1>
955. | <p><pre>MZO9tPD1/Aj6agbVO @ Sun, 13 Aug 2017 04:17:41 GMT</pre>
956. | <p><pre>SEC-46</pre>
957. | <p><pre></pre>
958. | </body>
959. |_ </html>
960. | http-robots.txt: 32 disallowed entries (15 shown)
961. | /config /commerce/ /checkout$ /checkout/ /cart$ /cart/
962. | /account$ /account/ /api/ /static/ /*?author=* /*&author=*
963. |_/*?tag=* /*&tag=* /*?category=*
964. |_http-title: Did not follow redirect to http://www.npiamerica.org/
965. |_rtsp-methods: ERROR: Script execution failed (use -d to debug)
966. 443/tcp open ssl/rtsp
967. | fingerprint-strings:
968. | FourOhFourRequest:
969. | HTTP/1.0 400 Bad Request
970. | content-length: 378
971. | x-synthetic: true
972. | expires: Thu, 01 Jan 1970 00:00:00 UTC
973. | pragma: no-cache
974. | cache-control: no-cache, must-revalidate
975. | content-type: text/html; charset=UTF-8
976. | connection: close
977. | date: Sun, 13 Aug 2017 04:17:50 UTC
978. | x-contextid: HsQoFQbI/HmStyjAN
979. | x-via: 1.0 echo007
980. | <html>
981. | <head>
982. | <title>400 Bad Request</title>
983. | <style> body { background-color: #F2F2F2; color: #3E3E3E; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; } pre { word-wrap: break-word; } </style>
984. | </head>
985. | <body>
986. | <h1>400 Bad Request</h1>
987. | <p><pre>HsQoFQbI/HmStyjAN @ Sun, 13 Aug 2017 04:17:50 GMT</pre>
988. | <p><pre>SEC-43</pre>
989. | <p><pre></pre>
990. | </body>
991. | </html>
992. | GetRequest:
993. | HTTP/1.0 400 Bad Request
994. | content-length: 378
995. | x-synthetic: true
996. | expires: Thu, 01 Jan 1970 00:00:00 UTC
997. | pragma: no-cache
998. | cache-control: no-cache, must-revalidate
999. | content-type: text/html; charset=UTF-8
1000. | connection: close
1001. | date: Sun, 13 Aug 2017 04:17:47 UTC
1002. | x-contextid: HLAyKTV4/YNfLkCMR
1003. | x-via: 1.0 echo030
1004. | <html>
1005. | <head>
1006. | <title>400 Bad Request</title>
1007. | <style> body { background-color: #F2F2F2; color: #3E3E3E; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; } pre { word-wrap: break-word; } </style>
1008. | </head>
1009. | <body>
1010. | <h1>400 Bad Request</h1>
1011. | <p><pre>HLAyKTV4/YNfLkCMR @ Sun, 13 Aug 2017 04:17:47 GMT</pre>
1012. | <p><pre>SEC-43</pre>
1013. | <p><pre></pre>
1014. | </body>
1015. | </html>
1016. | HTTPOptions:
1017. | HTTP/1.0 400 Bad Request
1018. | content-length: 378
1019. | x-synthetic: true
1020. | expires: Thu, 01 Jan 1970 00:00:00 UTC
1021. | pragma: no-cache
1022. | cache-control: no-cache, must-revalidate
1023. | content-type: text/html; charset=UTF-8
1024. | connection: close
1025. | date: Sun, 13 Aug 2017 04:17:49 UTC
1026. | x-contextid: Vaa9j1Bo/jzygbBXf
1027. | x-via: 1.0 echo007
1028. | <html>
1029. | <head>
1030. | <title>400 Bad Request</title>
1031. | <style> body { background-color: #F2F2F2; color: #3E3E3E; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; } pre { word-wrap: break-word; } </style>
1032. | </head>
1033. | <body>
1034. | <h1>400 Bad Request</h1>
1035. | <p><pre>Vaa9j1Bo/jzygbBXf @ Sun, 13 Aug 2017 04:17:49 GMT</pre>
1036. | <p><pre>SEC-43</pre>
1037. | <p><pre></pre>
1038. | </body>
1039. |_ </html>
1040.  
1041. TRACEROUTE (using port 80/tcp)
1042. HOP RTT ADDRESS
1043. 1 112.59 ms 10.13.0.1
1044. 2 112.63 ms 37.187.24.252
1045. 3 112.63 ms 178.33.103.229
1046. 4 113.35 ms 10.95.33.8
1047. 5 115.60 ms 91.121.215.179
1048. 6 158.38 ms 195.66.236.31
1049. 7 158.36 ms 72.52.60.202
1050. 8 158.38 ms 72.52.60.205
1051. 9 ...
1052. 10 362.47 ms 209.200.148.130
1053. 11 349.41 ms 8.36.86.73
1054. 12 246.92 ms 198.185.159.9
1055. 13 253.11 ms 65.39.205.61
1056.  
1057. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1058. Nmap done: 1 IP address (1 host up) scanned in 70.98 seconds
1059.  
1060. #######################################################################################################################################
1061.  
1062. amap -i temp.txt
1063. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-13 00:18:33 - APPLICATION MAPPING mode
1064.  
1065. Protocol on 65.39.205.61:80/tcp matches http
1066. Protocol on 65.39.205.61:80/tcp matches http-proxy
1067. Protocol on 65.39.205.61:443/tcp matches ssl
1068.  
1069. Unidentified ports: none.
1070.  
1071.  
1072. NetRange: 65.39.205.0 - 65.39.205.255
1073. CIDR: 65.39.205.0/24
1074. NetName: SQUAR-30
1075. NetHandle: NET-65-39-205-0-1
1076. Parent: NET65 (NET-65-0-0-0-0)
1077. NetType: Direct Assignment
1078. OriginAS:
1079. Organization: Squarespace, Inc. (SQUAR-30)
1080. RegDate: 2017-04-10
1081. Updated: 2017-04-10
1082. Ref: https://whois.arin.net/rest/net/NET-65-39-205-0-1
1083.  
1084.  
1085. OrgName: Squarespace, Inc.
1086. OrgId: SQUAR-30
1087. Address: 225 Varick St
1088. City: New York
1089. StateProv: NY
1090. PostalCode: 10014
1091. Country: US
1092. RegDate: 2012-04-26
1093. Updated: 2017-01-04
1094. Comment: https://squarespace.com
1095. Ref: https://whois.arin.net/rest/org/SQUAR-30
1096.  
1097.  
1098. OrgNOCHandle: SYSTE409-ARIN
1099. OrgNOCName: Systems
1100. OrgNOCPhone: +1-347-758-4644
1101. OrgNOCEmail: systems-net@squarespace.com
1102. OrgNOCRef: https://whois.arin.net/rest/poc/SYSTE409-ARIN
1103.  
1104. OrgAbuseHandle: ABUSE5803-ARIN
1105. OrgAbuseName: Abuse
1106. OrgAbusePhone: +1-347-758-4644
1107. OrgAbuseEmail: abuse-network@squarespace.com
1108. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE5803-ARIN
1109.  
1110. OrgTechHandle: SYSTE409-ARIN
1111. OrgTechName: Systems
1112. OrgTechPhone: +1-347-758-4644
1113. OrgTechEmail: systems-net@squarespace.com
1114. OrgTechRef: https://whois.arin.net/rest/poc/SYSTE409-ARIN
1115.  
1116.  
1117. mail.npiamerica.org
1118. IP address #1: 216.40.42.134
1119.  
1120.  
1121. info@npiamerica.org
1122. richard@npiamerica.org
1123.  
1124. [+] Hosts found in search engines:
1125. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1126. [-] Resolving hostnames IPs...
1127. 65.39.205.61:www.npiamerica.org
1128. [+] Virtual hosts:
1129. ==================
1130. 65.39.205.61 www.amazon.fr
1131. 65.39.205.61 www.leguide.com
1132. 65.39.205.61 elisehameau.com
1133. 65.39.205.61 cyfac.fr
1134. 65.39.205.61 victordixen
1135. 65.39.205.61 lesclimats.fr
1136. 65.39.205.61 redrabbit7.com
1137. 65.39.205.61 mamacita.lu
1138. 65.39.205.61 lemoliere.net
1139. 65.39.205.61 dporthault
1140. 65.39.205.61 hiku
1141. 65.39.205.61 cloud9.gg
1142. 65.39.205.61 magic-arabia
1143. 65.39.205.61 lefebvreetfils.fr
1144. 65.39.205.61 www.scunci.com
1145. 65.39.205.61 www.peterguthrie
1146. 65.39.205.61 hystra
1147. 65.39.205.61 real-immo.fr
1148. 65.39.205.61 www.julie-robert
1149. 65.39.205.61 rifegolf
1150. 65.39.205.61 chateaubrondelle.com
1151. 65.39.205.61 www.bernheim-jeune.com
1152. 65.39.205.61 www.heatherhansen
1153. 65.39.205.61 scodec.fr
1154. 65.39.205.61 dicanns
1155. 65.39.205.61 www.craigallan.fr
1156. 65.39.205.61 stairrods
1157. 65.39.205.61 damienmacdonald.com
1158. 65.39.205.61 marcantoineserra.com
1159. 65.39.205.61 invuhairsalon.com
1160. 65.39.205.61 www.speakupafrica
1161. 65.39.205.61 victorwainwright
1162. 65.39.205.61 foxp2
1163. 65.39.205.61 forestcitybeerfest
1164. 65.39.205.61 thefarlanders
1165. 65.39.205.61 maker
1166. 65.39.205.61 mu-design
1167. 65.39.205.61 nomoretwist.be
1168. 65.39.205.61 nockco
1169. 65.39.205.61 rainorshine
1170. 65.39.205.61 ollymoss
1171. 65.39.205.61 www.jacquesdemersdesigner.com
1172. 65.39.205.61 schneid
1173. 65.39.205.61 ardentcraftales
1174. 65.39.205.61 www.officialboderek
1175. 65.39.205.61 jeffjensen
1176. 65.39.205.61 www.yogaeado
1177. 65.39.205.61 b11standards
1178. 65.39.205.61 southwoodestate
1179. 65.39.205.61 aokosu
1180. 65.39.205.61 www.dvgshapes
1181. 65.39.205.61 victoriahuffphotography
1182. 65.39.205.61 psrockschool.com
1183. 65.39.205.61 www.coexgroup.com
1184. 65.39.205.61 flagpaints
1185. 65.39.205.61 vivianfu
1186. 65.39.205.61 www.pbtex.com
1187. 65.39.205.61 mywifesfightwithbreastcancer.com
1188. 65.39.205.61 www.nightshiftbikes
1189. 65.39.205.61 republicguitars.com
1190. 65.39.205.61 waldenlocalmeat
1191. 65.39.205.61 www.crossfiteado
1192. 65.39.205.61 www.joannaplantinteriors
1193. 65.39.205.61 libertytrailboston
1194. 65.39.205.61 ghostcow
1195. 65.39.205.61 rammynarula
1196. 65.39.205.61 evo-tecture.com
1197. 65.39.205.61 srrtexas.com
1198. 65.39.205.61 mewnyc
1199. 65.39.205.61 artduchanvre.com
1200. 65.39.205.61 karltaylor
1201. 65.39.205.61 matthewstone
1202. 65.39.205.61 jollyrogeralaska.com
1203. 65.39.205.61 www.national-prayer-weekend.com
1204. 65.39.205.61 crowe
1205. 65.39.205.61 www.theglobeshowroom
1206. 65.39.205.61 expatriate
1207. 65.39.205.61 hammertonstudio
1208. 65.39.205.61 www.strogalski
1209. 65.39.205.61 peckhambazaar
1210. 65.39.205.61 monomoy
1211. 65.39.205.61 sunsearesort-muine
1212. 65.39.205.61 cu-bocan.com
1213. 65.39.205.61 babysallright
1214. 65.39.205.61 fpb.cc
1215. 65.39.205.61 kachka
1216. 65.39.205.61 galdones.com
1217. 65.39.205.61 tjclarkintl.com
1218. 65.39.205.61 www.kenjitoma
1219. 65.39.205.61 www.muskokachair.com
1220.  
1221. ----- npiamerica.org -----
1222.  
1223.  
1224. Host's addresses:
1225. __________________
1226.  
1227. npiamerica.org. 900 IN A 65.39.205.61
1228.  
1229.  
1230. Wildcard detection using: efkdcgpfsxak
1231. _______________________________________
1232.  
1233. efkdcgpfsxak.npiamerica.org. 900 IN A 65.39.205.61
1234.  
1235.  
1236.  
1237.  
1238. Name Servers:
1239. ______________
1240.  
1241. ns1.hover.com. 900 IN A 216.40.47.26
1242. ns2.hover.com. 900 IN A 64.98.148.13
1243.  
1244.  
1245. Mail (MX) Servers:
1246. ___________________
1247.  
1248. mx.hover.com.cust.hostedemail.com. 3600 IN A 216.40.42.4
1249.  
1250.  
1251. Trying Zone Transfers and getting Bind Versions:
1252. _________________________________________________
1253. ---------------------------------------------------------------------------------------------------------------------------------------
1254. + Target IP: 65.39.205.61
1255. + Target Hostname: npiamerica.org
1256. + Target Port: 80
1257. + Start Time: 2017-08-13 00:16:27 (GMT-4)
1258. ---------------------------------------------------------------------------------------------------------------------------------------
1259. + Server: No banner retrieved
1260. + The anti-clickjacking X-Frame-Options header is not present.
1261. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1262. + Uncommon header 'x-via' found, with contents: 1.1 echo009
1263. + Uncommon header 'x-servedby' found, with contents: web012
1264. + Uncommon header 'x-contextid' found, with contents: CdmStgVR/V721S6Hv
1265. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1266. + Root page / redirects to: http://www.npiamerica.org/
1267. + Uncommon header 'x-synthetic' found, with contents: true
1268. + No CGI Directories found (use '-C all' to force check all possible dirs)
1269. + Cookie crumb created without the httponly flag
1270. + "robots.txt" contains 32 entries which should be manually viewed.
1271. + Allowed HTTP Methods: GET, POST, HEAD, OPTIONS
1272. + 7490 requests: 13 error(s) and 10 item(s) reported on remote host
1273. + End Time: 2017-08-13 01:04:08 (GMT-4) (2861 seconds)
1274. -------------------------------------------------------------------------------------------------------------------------------------
1275. altright.com
1276.  
1277. #######################################################################################################################################
1278.  
1279. whois altright.com
1280. Domain Name: ALTRIGHT.COM
1281. Registry Domain ID: 1946587469_DOMAIN_COM-VRSN
1282. Registrar WHOIS Server: whois.godaddy.com
1283. Registrar URL: http://www.godaddy.com
1284. Updated Date: 2017-08-11T21:38:47Z
1285. Creation Date: 2015-07-13T15:20:52Z
1286. Registry Expiry Date: 2018-07-13T15:20:52Z
1287. Registrar: GoDaddy.com, LLC
1288. Registrar IANA ID: 146
1289. Registrar Abuse Contact Email: abuse@godaddy.com
1290. Registrar Abuse Contact Phone: 480-624-2505
1291. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
1292. Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
1293. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
1294. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
1295. Name Server: ELAINE.NS.CLOUDFLARE.COM
1296. Name Server: MAREK.NS.CLOUDFLARE.COM
1297.  
1298. Domain Name: altright.com
1299. Registrar URL: http://www.godaddy.com
1300. Registrant Name: Richard Spencer
1301. Registrant Organization:
1302. Name Server: ELAINE.NS.CLOUDFLARE.COM
1303. Name Server: MAREK.NS.CLOUDFLARE.COM
1304.  
1305. #######################################################################################################################################
1306.  
1307.  
1308.  
1309. ;; ANSWER SECTION:
1310. altright.com. 293 IN MX 0 altright-com.mail.protection.outlook.com.
1311. altright.com. 293 IN A 104.27.179.91
1312. altright.com. 293 IN A 104.27.178.91
1313. altright.com. 86393 IN NS marek.ns.cloudflare.com.
1314. altright.com. 86393 IN NS elaine.ns.cloudflare.com.
1315.  
1316. ;; Query time: 8 msec
1317. ;; SERVER: 192.168.1.254#53(192.168.1.254)
1318. ;; WHEN: Sun Aug 13 01:35:50 EDT 2017
1319. ;; MSG SIZE rcvd: 181
1320.  
1321. #######################################################################################################################################
1322.  
1323.  
1324. tcptraceroute -i eth0 altright.com
1325.  
1326. Running:
1327. traceroute -T -O info -i eth0 altright.com
1328. traceroute to altright.com (104.27.178.91), 30 hops max, 60 byte packets
1329. 1 gateway (192.168.1.254) 0.568 ms 0.771 ms 0.937 ms
1330. 2 10.135.18.1 (10.135.18.1) 6.878 ms 7.982 ms 8.305 ms
1331. 3 NYCMNYCIZR01.bb.telus.com (75.154.223.248) 29.852 ms 29.908 ms 30.429 ms
1332. 4 de-cix-new-york.as13335.net (206.130.10.31) 30.941 ms 31.055 ms 31.170 ms
1333. 5 104.27.178.91 (104.27.178.91) <syn,ack> 31.332 ms 31.426 ms 31.526 ms
1334.  
1335. #######################################################################################################################################
1336.  
1337.  
1338. #######################################################################################################################################
1339.  
1340.  
1341. Checking for HTTP-Loadbalancing [Date]: 05:53:43, 05:53:44, 05:53:44, 05:53:44, 05:53:44, 05:53:45, 05:53:45, 05:53:45, 05:53:45, 05:53:46, 05:53:46, 05:53:46, 05:53:46, 05:53:47, 05:53:47, 05:53:47, 05:53:47, 05:53:48, 05:53:48, 05:53:48, 05:53:48, 05:53:49, 05:53:49, 05:53:49, 05:53:49, 05:53:50, 05:53:50, 05:53:50, 05:53:50, 05:53:51, 05:53:51, 05:53:51, 05:53:51, 05:53:52, 05:53:52, 05:53:52, 05:53:52, 05:53:53, 05:53:53, 05:53:53, 05:53:53, 05:53:54, 05:53:54, 05:53:54, 05:53:54, 05:53:55, 05:53:55, 05:53:55, 05:53:55, 05:53:56, NOT FOUND
1342.  
1343. Checking for HTTP-Loadbalancing [Diff]: FOUND
1344. < CF-RAY: 38d96ab7357069ac-CDG
1345. > CF-RAY: 38d96ab8c3513c17-CDG
1346.  
1347. #######################################################################################################################################
1348.  
1349. nmap -PN -n -F -T4 -sV -A -oG temp.txt altright.com
1350.  
1351. Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-13 01:53 EDT
1352. Nmap scan report for altright.com (104.27.179.91)
1353. Host is up (0.12s latency).
1354. Other addresses for altright.com (not scanned): 2400:cb00:2048:1::681b:b25b 2400:cb00:2048:1::681b:b35b 104.27.178.91
1355. Not shown: 96 filtered ports
1356. PORT STATE SERVICE VERSION
1357. 80/tcp open http Cloudflare nginx
1358. |_http-title: Just a moment...
1359. 443/tcp open ssl/http Cloudflare nginx
1360. | ssl-cert: Subject: commonName=sni190556.cloudflaressl.com
1361. | Subject Alternative Name: DNS:sni190556.cloudflaressl.com, DNS:*.444ttg.com, DNS:*.66ddl.com, DNS:*.6yyl.com, DNS:*.altright.com, DNS:*.arktos.com, DNS:*.biseznamka.com, DNS:*.deitti-sivut.com, DNS:*.dsfredmdtom.cf, DNS:*.eggendk.cf, DNS:*.embroiddesigns.net, DNS:*.foragerproject.com, DNS:*.huntingdonmcdonalds.com, DNS:*.jomsey.altervista.org, DNS:*.joyeati.cf, DNS:*.lewfi.stream, DNS:*.minnehaha-kendo.org, DNS:*.minnehahakendodojo.org, DNS:*.mujeresbolivia.com, DNS:*.punkchat.co.za, DNS:*.smart-eas.ru, DNS:*.spankingchat.ca, DNS:*.teacoal.xyz, DNS:444ttg.com, DNS:66ddl.com, DNS:6yyl.com, DNS:altright.com, DNS:arktos.com, DNS:biseznamka.com, DNS:deitti-sivut.com, DNS:dsfredmdtom.cf, DNS:eggendk.cf, DNS:embroiddesigns.net, DNS:foragerproject.com, DNS:huntingdonmcdonalds.com, DNS:jomsey.altervista.org, DNS:joyeati.cf, DNS:lewfi.stream, DNS:minnehaha-kendo.org, DNS:minnehahakendodojo.org, DNS:mujeresbolivia.com, DNS:punkchat.co.za, DNS:smart-eas.ru, DNS:spankingchat.ca, DNS:teacoal.xyz
1362. | Not valid before: 2017-08-12T00:00:00
1363. |_Not valid after: 2018-02-18T23:59:59
1364. 8080/tcp open http Cloudflare nginx
1365. |_http-title: Just a moment...
1366. 8443/tcp open ssl/http Cloudflare nginx
1367. | ssl-cert: Subject: commonName=sni190556.cloudflaressl.com
1368. | Subject Alternative Name: DNS:sni190556.cloudflaressl.com, DNS:*.444ttg.com, DNS:*.66ddl.com, DNS:*.6yyl.com, DNS:*.altright.com, DNS:*.arktos.com, DNS:*.biseznamka.com, DNS:*.deitti-sivut.com, DNS:*.dsfredmdtom.cf, DNS:*.eggendk.cf, DNS:*.embroiddesigns.net, DNS:*.foragerproject.com, DNS:*.huntingdonmcdonalds.com, DNS:*.jomsey.altervista.org, DNS:*.joyeati.cf, DNS:*.lewfi.stream, DNS:*.minnehaha-kendo.org, DNS:*.minnehahakendodojo.org, DNS:*.mujeresbolivia.com, DNS:*.punkchat.co.za, DNS:*.smart-eas.ru, DNS:*.spankingchat.ca, DNS:*.teacoal.xyz, DNS:444ttg.com, DNS:66ddl.com, DNS:6yyl.com, DNS:altright.com, DNS:arktos.com, DNS:biseznamka.com, DNS:deitti-sivut.com, DNS:dsfredmdtom.cf, DNS:eggendk.cf, DNS:embroiddesigns.net, DNS:foragerproject.com, DNS:huntingdonmcdonalds.com, DNS:jomsey.altervista.org, DNS:joyeati.cf, DNS:lewfi.stream, DNS:minnehaha-kendo.org, DNS:minnehahakendodojo.org, DNS:mujeresbolivia.com, DNS:punkchat.co.za, DNS:smart-eas.ru, DNS:spankingchat.ca, DNS:teacoal.xyz
1369. | Not valid before: 2017-08-12T00:00:00
1370. |_Not valid after: 2018-02-18T23:59:59
1371. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1372. Device type: general purpose
1373. Running (JUST GUESSING): Linux 3.X|2.6.X (88%)
1374. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
1375. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%)
1376. No exact OS matches for host (test conditions non-ideal).
1377. Network Distance: 8 hops
1378.  
1379. TRACEROUTE (using port 443/tcp)
1380. HOP RTT ADDRESS
1381. 1 112.24 ms 10.13.0.1
1382. 2 111.38 ms 37.187.24.252
1383. 3 112.26 ms 178.33.103.229
1384. 4 113.25 ms 10.95.33.8
1385. 5 116.73 ms 91.121.215.177
1386. 6 116.52 ms 37.187.36.214
1387. 7 117.04 ms 195.42.144.143
1388. 8 116.75 ms 104.27.179.91
1389.  
1390. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1391. Nmap done: 1 IP address (1 host up) scanned in 52.59 seconds
1392. ####################################################################################################################################
1393. #######################################################################################################################################
1394.  
1395. amap -i temp.txt
1396. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-13 01:54:45 - APPLICATION MAPPING mode
1397.  
1398. Protocol on 104.27.179.91:443/tcp matches http
1399. Protocol on 104.27.179.91:80/tcp matches http
1400. Protocol on 104.27.179.91:8080/tcp matches http
1401. Protocol on 104.27.179.91:8443/tcp matches http
1402. Protocol on 104.27.179.91:8443/tcp matches ssl
1403. Protocol on 104.27.179.91:443/tcp matches ssl
1404.  
1405.  
1406. NetRange: 104.16.0.0 - 104.31.255.255
1407. CIDR: 104.16.0.0/12
1408. NetName: CLOUDFLARENET
1409. NetHandle: NET-104-16-0-0-1
1410. Parent: NET104 (NET-104-0-0-0-0)
1411. NetType: Direct Assignment
1412. OriginAS: AS13335
1413. Organization: Cloudflare, Inc. (CLOUD14)
1414. RegDate: 2014-03-28
1415. Updated: 2017-02-17
1416. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
1417. Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
1418.  
1419.  
1420. OrgName: Cloudflare, Inc.
1421. OrgId: CLOUD14
1422. Address: 101 Townsend Street
1423. City: San Francisco
1424. StateProv: CA
1425. PostalCode: 94107
1426. Country: US
1427. RegDate: 2010-07-09
1428. Updated: 2017-02-17
1429. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
1430. Ref: https://whois.arin.net/rest/org/CLOUD14
1431.  
1432.  
1433. OrgTechHandle: ADMIN2521-ARIN
1434. OrgTechName: Admin
1435. OrgTechPhone: +1-650-319-8930
1436. OrgTechEmail: admin@cloudflare.com
1437. OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
1438.  
1439. OrgNOCHandle: NOC11962-ARIN
1440. OrgNOCName: NOC
1441. OrgNOCPhone: +1-650-319-8930
1442. OrgNOCEmail: noc@cloudflare.com
1443. OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
1444.  
1445. OrgAbuseHandle: ABUSE2916-ARIN
1446. OrgAbuseName: Abuse
1447. OrgAbusePhone: +1-650-319-8930
1448. OrgAbuseEmail: abuse@cloudflare.com
1449. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
1450.  
1451. RTechHandle: ADMIN2521-ARIN
1452. RTechName: Admin
1453. RTechPhone: +1-650-319-8930
1454. RTechEmail: admin@cloudflare.com
1455. RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
1456.  
1457. RNOCHandle: NOC11962-ARIN
1458. RNOCName: NOC
1459. RNOCPhone: +1-650-319-8930
1460. RNOCEmail: noc@cloudflare.com
1461. RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
1462.  
1463. RAbuseHandle: ABUSE2916-ARIN
1464. RAbuseName: Abuse
1465. RAbusePhone: +1-650-319-8930
1466. RAbuseEmail: abuse@cloudflare.com
1467.  
1468.  
1469. email.altright.com
1470. IP address #1: 97.74.135.45
1471. IP address #2: 97.74.135.133
1472. IP address #3: 173.201.193.5
1473. IP address #4: 97.74.135.55
1474. IP address #5: 173.201.192.133
1475. IP address #6: 72.167.218.183
1476. IP address #7: 173.201.192.148
1477. IP address #8: 72.167.218.173
1478. IP address #9: 72.167.218.45
1479. IP address #10: 97.74.135.148
1480. IP address #11: 72.167.218.55
1481. IP address #12: 173.201.193.133
1482. IP address #13: 173.201.192.5
1483. IP address #14: 173.201.193.148
1484. IP address #15: 173.201.193.20
1485. IP address #16: 173.201.192.20
1486.  
1487. ftp.altright.com
1488. IP address #1: 50.62.56.213
1489.  
1490. mail.altright.com
1491. IPv6 address #1: 2400:cb00:2048:1::681b:b25b
1492. IPv6 address #2: 2400:cb00:2048:1::681b:b35b
1493.  
1494. mail.altright.com
1495. IP address #1: 104.27.179.91
1496. IP address #2: 104.27.178.91
1497.  
1498. www.altright.com
1499. IPv6 address #1: 2400:cb00:2048:1::681b:b25b
1500. IPv6 address #2: 2400:cb00:2048:1::681b:b35b
1501.  
1502. www.altright.com
1503. IP address #1: 104.27.179.91
1504. IP address #2: 104.27.178.91
1505.  
1506. [+] 6 (sub)domains and 25 IP address(es) found
1507. [+] Emails found:
1508. ------------------
1509. Info@altright.com
1510.  
1511. [+] Hosts found in search engines:
1512. ------------------------------------
1513. [-] Resolving hostnames IPs...
1514. 104.27.178.91:nordic.altright.com
1515. 104.27.178.91:www.altright.com
1516. [+] Virtual hosts:
1517. ==================
1518. 104.27.178.91 etcher
1519. 104.27.178.91 www.filmifullhizliizle.com
1520. 104.27.178.91 www.sheepshop
1521. 104.27.178.91 www.thaiexpressbracknell.co.uk
1522. 104.27.178.91 www.lolpicomg
1523. 104.27.178.91 www.knightfightx.cf
1524. 104.27.178.91 coalfiredboiler
1525. 104.27.178.91 faithfamilyservices
1526. 104.27.178.91 www.dzwlwrongfuldeath.com
1527. 104.27.178.91 www.thebalibride.com
1528. 104.27.178.91 sophiashares
1529. 104.27.178.91 shopvintagesunglasses
1530. 104.27.178.91 www.glydermskincare.com
1531. 104.27.178.91 www.treeservicesinphoenix.com
1532. 104.27.178.91 www.zehllaw.com
1533. 104.27.178.91 www.larrysterzik.com
1534. 104.27.178.91 www.ayearintshirts
1535. 104.27.178.91 www.sheepshopcambridge.co.uk
1536. 104.27.178.91 ccs-fi.ru
1537. 104.27.178.91 support.mybookit.com.au
1538. 104.27.178.91 everesttravel.org
1539. 104.27.178.91 www.dreamworldmc.nl
1540. 104.27.178.91 dongengceritarakyat.com
1541. 104.27.178.91 condadodealhamaapartments.com
1542. 104.27.178.91 e2tac.org
1543. 104.27.178.91 www.lubeclean.ca
1544. 104.27.178.91 crsttribalhealth.com
1545. 104.27.178.91 www.the-bear-pit
1546. 104.27.178.91 www.e2tac.org
1547. 104.27.178.91 www.freemandentalpaducah.com
1548. 104.27.178.91 www.coalfiredboiler.com
1549. 104.27.178.91 etcher.io
1550. 104.27.178.91 doubleglazing-linconshire.uk
1551. 104.27.178.91 www.rbbkz.com
1552. 104.27.178.91 www.laurenzanesi.org
1553. 104.27.178.91 alexiousport.gr
1554. 104.27.178.91 www.beagoodwriter.com
1555. 104.27.178.91 www.murprotec.fr
1556. 104.27.178.91 www.the-bear-pit.org.uk
1557. 104.27.178.91 www.secretbaccarat.com
1558. 104.27.178.91 onewg.com.br
1559. 104.27.178.91 www.civicmind.org
1560. 104.27.178.91 bestbfile2ci.tk
1561. 104.27.178.91 jobinkrasnodar.ru
1562. 104.27.178.91 smf982.com
1563. ----- altright.com -----
1564.  
1565.  
1566. Host's addresses:
1567. __________________
1568.  
1569. altright.com. 300 IN A 104.27.178.91
1570. altright.com. 300 IN A 104.27.179.91
1571.  
1572.  
1573. Name Servers:
1574. ______________
1575.  
1576. marek.ns.cloudflare.com. 37541 IN A 173.245.59.202
1577. elaine.ns.cloudflare.com. 16316 IN A 173.245.58.152
1578.  
1579.  
1580. Mail (MX) Servers:
1581. ___________________
1582.  
1583. altright-com.mail.protection.outlook.com. 10 IN A 216.32.180.74
1584. altright-com.mail.protection.outlook.com. 10 IN A 216.32.180.106
1585.  
1586.  
1587. Trying Zone Transfers and getting Bind Versions:
1588. _________________________________________________
1589. Nikto v2.1.6
1590. ---------------------------------------------------------------------------------------------------------------------------------------
1591. + Target IP: 104.27.179.91
1592. + Target Hostname: altright.com
1593. + Target Port: 80
1594. + Start Time: 2017-08-13 01:35:57 (GMT-4)
1595. ---------------------------------------------------------------------------------------------------------------------------------------
1596. + Server: cloudflare-nginx
1597. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1598. + Uncommon header 'cf-ray' found, with contents: 38d95078f7f1693e-CDG
1599. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1600. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Operation now in progress
1601. + Scan terminated: 20 error(s) and 3 item(s) reported on remote host
1602. + End Time: 2017-08-13 01:47:14 (GMT-4) (677 seconds)
1603. ---------------------------------------------------------------------------------------------------------------------------------------
1604. + 1 host(s) tested
1605.  
1606. whitepower.com
1607.  
1608. #######################################################################################################################################
1609.  
1610. whois whitepower.com
1611. Domain Name: WHITEPOWER.COM
1612. Registry Domain ID: 5053055_DOMAIN_COM-VRSN
1613. Registrar WHOIS Server: whois.directnic.com
1614. Registrar URL: http://www.directnic.com
1615. Updated Date: 2015-03-09T15:19:24Z
1616. Creation Date: 1999-04-03T05:00:00Z
1617. Registry Expiry Date: 2022-04-03T04:00:00Z
1618. Registrar: DNC Holdings, Inc.
1619. Registrar IANA ID: 291
1620. Registrar Abuse Contact Email:
1621. Registrar Abuse Contact Phone:
1622. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
1623. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
1624. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
1625. Name Server: FAY.NS.CLOUDFLARE.COM
1626. Name Server: HUGH.NS.CLOUDFLARE.COM
1627.  
1628.  
1629. Domain Name: WHITEPOWER.COM
1630. Registry Domain ID: 5053055_DOMAIN_COM-VRSN
1631. Registrar WHOIS Server: whois.directnic.com
1632. Registrar URL: http://www.directnic.com
1633. Updated Date: 2015-03-09T15:19:24-05:00
1634. Creation Date: 1999-04-03T05:00:00-06:00
1635. Registrar Registration Expiration Date: 2022-04-03T04:00:00-05:00
1636. Registrar: DNC Holdings, Inc.
1637. Sponsoring Registrar IANA ID: 291
1638. Registrar Abuse Contact Email: abuse@directnic.com
1639. Registrar Abuse Contact Phone: +1.8778569598
1640. Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
1641. Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
1642. Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
1643. Registrant Name: Micetrap Distribution LLC
1644. Registrant Organization: Micetrap Distribution LLC
1645. Registrant Street: Post Office Box 55
1646. Registrant City: Maple Shade
1647. Registrant State/Province: NJ
1648. Registrant Postal Code: 08052
1649. Registrant Country: US
1650. Registrant Phone: +8885880578
1651. Registrant Phone Ext:
1652. Registrant Fax:
1653. Registrant Fax Ext:
1654. Registrant Email: micetrap14@aol.com
1655. Admin Name: Micetrap Distribution LLC
1656. Admin Organization: Micetrap Distribution LLC
1657. Admin Street: Post Office Box 55
1658. Admin City: Maple Shade
1659. Admin State/Province: NJ
1660. Admin Postal Code: 08052
1661. Admin Country: US
1662. Admin Phone: +8885880578
1663. Admin Phone Ext:
1664. Admin Fax:
1665. Admin Fax Ext:
1666. Admin Email: micetrap14@aol.com
1667. Tech Name: Micetrap Distribution LLC
1668. Tech Organization: Micetrap Distribution LLC
1669. Tech Street: Post Office Box 55
1670. Tech City: Maple Shade
1671. Tech State/Province: NJ
1672. Tech Postal Code: 08052
1673. Tech Country: US
1674. Tech Phone: +8885880578
1675. Tech Phone Ext:
1676. Tech Fax:
1677. Tech Fax Ext:
1678. Tech Email: micetrap14@aol.com
1679. Name Server: fay.ns.cloudflare.com
1680. Name Server: hugh.ns.cloudflare.com
1681. #######################################################################################################################################
1682.  
1683. dig whitepower.com any
1684.  
1685. ; <<>> DiG 9.10.3-P4-Debian <<>> whitepower.com any
1686. ;; global options: +cmd
1687. ;; Got answer:
1688. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11102
1689. ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
1690.  
1691. ;; OPT PSEUDOSECTION:
1692. ; EDNS: version: 0, flags:; udp: 4096
1693. ;; QUESTION SECTION:
1694. ;whitepower.com. IN ANY
1695.  
1696. ;; ANSWER SECTION:
1697. whitepower.com. 3789 IN HINFO "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
1698. whitepower.com. 297 IN A 104.24.125.166
1699. whitepower.com. 297 IN A 104.24.124.166
1700. whitepower.com. 172797 IN NS fay.ns.cloudflare.com.
1701. whitepower.com. 172797 IN NS hugh.ns.cloudflare.com.
1702.  
1703. ;; Query time: 32 msec
1704. ;; SERVER: 192.168.1.254#53(192.168.1.254)
1705. ;; WHEN: Sun Aug 13 02:03:25 EDT 2017
1706. ;; MSG SIZE rcvd: 184
1707.  
1708. #######################################################################################################################################
1709.  
1710. host -l whitepower.com
1711.  
1712. ;; Connection to 192.168.1.254#53(192.168.1.254) for whitepower.com failed: connection refused.
1713. Host whitepower.com not found: 9(NOTAUTH)
1714. ; Transfer failed.
1715.  
1716. #######################################################################################################################################
1717.  
1718. tcptraceroute -i eth0 whitepower.com
1719.  
1720. Running:
1721. traceroute -T -O info -i eth0 whitepower.com
1722. traceroute to whitepower.com (104.24.124.166), 30 hops max, 60 byte packets
1723. 1 gateway (192.168.1.254) 0.542 ms 0.742 ms 0.906 ms
1724. 2 10.135.18.1 (10.135.18.1) 9.529 ms 10.611 ms 11.247 ms
1725. 3 NYCMNYCIZR01.bb.telus.com (75.154.223.248) 29.628 ms 30.183 ms 30.339 ms
1726. 4 de-cix-new-york.as13335.net (206.130.10.31) 30.835 ms 31.020 ms 31.078 ms
1727. 5 104.24.124.166 (104.24.124.166) <syn,ack> 31.216 ms 31.283 ms 31.507 ms
1728.  
1729. dnstracer whitepower.com
1730.  
1731. Tracing to whitepower.com[a] via 192.168.1.254, maximum of 3 retries
1732. 192.168.1.254 (192.168.1.254) Got answer
1733.  
1734. #######################################################################################################################################
1735.  
1736.  
1737. Checking for HTTP-Loadbalancing [Date]: 06:21:43, 06:21:44, 06:21:45, 06:21:46, 06:21:46, 06:21:47, 06:21:48, 06:21:49, 06:21:49, 06:21:50, 06:21:51, 06:21:52, 06:21:53, 06:21:53, 06:21:54, 06:21:55, 06:21:56, 06:21:57, 06:21:57, 06:21:58, 06:21:59, 06:22:00, 06:22:01, 06:22:02, 06:22:02, 06:22:03, 06:22:04, 06:22:05, 06:22:06, 06:22:07, 06:22:08, 06:22:08, 06:22:09, 06:22:10, 06:22:11, 06:22:12, 06:22:13, 06:22:13, 06:22:14, 06:22:15, 06:22:16, 06:22:17, 06:22:18, 06:22:19, 06:22:19, 06:22:20, 06:22:21, 06:22:22, 06:22:23, 06:22:23, NOT FOUND
1738.  
1739. Checking for HTTP-Loadbalancing [Diff]: FOUND
1740. < Expires: Sun, 13 Aug 2017 06:22:39 GMT
1741. > Expires: Sun, 13 Aug 2017 06:22:40 GMT
1742. < CF-RAY: 38d9946cc7311025-CDG
1743. > CF-RAY: 38d9947311c614d3-CDG
1744.  
1745.  
1746.  
1747. #######################################################################################################################################
1748.  
1749. nmap -PN -n -F -T4 -sV -A -oG temp.txt whitepower.com
1750.  
1751. Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-13 02:22 EDT
1752. Nmap scan report for whitepower.com (104.24.125.166)
1753. Host is up (0.41s latency).
1754. Other addresses for whitepower.com (not scanned): 104.24.124.166
1755. Not shown: 96 filtered ports
1756. PORT STATE SERVICE VERSION
1757. 80/tcp open http Cloudflare nginx
1758. |_http-title: Just a moment...
1759. 443/tcp open ssl/http Cloudflare nginx
1760. |_http-title: 400 The plain HTTP request was sent to HTTPS port
1761. | ssl-cert: Subject: commonName=sni63120.cloudflaressl.com
1762. | Subject Alternative Name: DNS:sni63120.cloudflaressl.com, DNS:*.1stamendment-hosting.com, DNS:*.8814.com, DNS:*.cronteen.com, DNS:*.ebonybird.com, DNS:*.ernserhirthe.cf, DNS:*.freespeechhosting.com, DNS:*.gospiel.review, DNS:*.helena-andersson.ga, DNS:*.hotelweilia.com, DNS:*.kathaleenaawimage.tk, DNS:*.kunstundbrot.de, DNS:*.lamf.la, DNS:*.neukfeest.nl, DNS:*.rapeporn.cc, DNS:*.serkan.ga, DNS:*.sjdrums.com, DNS:*.tipfacete.cf, DNS:*.whitepower.com, DNS:*.whitepride.com, DNS:*.whitepride.net, DNS:*.wpww.net, DNS:*.wtwcnwyh1i6.ml, DNS:1stamendment-hosting.com, DNS:8814.com, DNS:cronteen.com, DNS:ebonybird.com, DNS:ernserhirthe.cf, DNS:freespeechhosting.com, DNS:gospiel.review, DNS:helena-andersson.ga, DNS:hotelweilia.com, DNS:kathaleenaawimage.tk, DNS:kunstundbrot.de, DNS:lamf.la, DNS:neukfeest.nl, DNS:rapeporn.cc, DNS:serkan.ga, DNS:sjdrums.com, DNS:tipfacete.cf, DNS:whitepower.com, DNS:whitepride.com, DNS:whitepride.net, DNS:wpww.net, DNS:wtwcnwyh1i6.ml
1763. | Not valid before: 2017-07-25T00:00:00
1764. |_Not valid after: 2018-01-31T23:59:59
1765. 8080/tcp open http Cloudflare nginx
1766. |_http-title: Just a moment...
1767. 8443/tcp open ssl/http Cloudflare nginx
1768. |_http-title: 400 The plain HTTP request was sent to HTTPS port
1769. | ssl-cert: Subject: commonName=sni63120.cloudflaressl.com
1770. | Subject Alternative Name: DNS:sni63120.cloudflaressl.com, DNS:*.1stamendment-hosting.com, DNS:*.8814.com, DNS:*.cronteen.com, DNS:*.ebonybird.com, DNS:*.ernserhirthe.cf, DNS:*.freespeechhosting.com, DNS:*.gospiel.review, DNS:*.helena-andersson.ga, DNS:*.hotelweilia.com, DNS:*.kathaleenaawimage.tk, DNS:*.kunstundbrot.de, DNS:*.lamf.la, DNS:*.neukfeest.nl, DNS:*.rapeporn.cc, DNS:*.serkan.ga, DNS:*.sjdrums.com, DNS:*.tipfacete.cf, DNS:*.whitepower.com, DNS:*.whitepride.com, DNS:*.whitepride.net, DNS:*.wpww.net, DNS:*.wtwcnwyh1i6.ml, DNS:1stamendment-hosting.com, DNS:8814.com, DNS:cronteen.com, DNS:ebonybird.com, DNS:ernserhirthe.cf, DNS:freespeechhosting.com, DNS:gospiel.review, DNS:helena-andersson.ga, DNS:hotelweilia.com, DNS:kathaleenaawimage.tk, DNS:kunstundbrot.de, DNS:lamf.la, DNS:neukfeest.nl, DNS:rapeporn.cc, DNS:serkan.ga, DNS:sjdrums.com, DNS:tipfacete.cf, DNS:whitepower.com, DNS:whitepride.com, DNS:whitepride.net, DNS:wpww.net, DNS:wtwcnwyh1i6.ml
1771. | Not valid before: 2017-07-25T00:00:00
1772. |_Not valid after: 2018-01-31T23:59:59
1773. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1774. Device type: general purpose
1775. Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (88%)
1776. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4
1777. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.4 (85%)
1778. No exact OS matches for host (test conditions non-ideal).
1779. Network Distance: 8 hops
1780.  
1781. TRACEROUTE (using port 8080/tcp)
1782. HOP RTT ADDRESS
1783. 1 398.44 ms 10.13.0.1
1784. 2 407.16 ms 37.187.24.252
1785. 3 402.92 ms 178.33.103.229
1786. 4 ...
1787. 5 507.16 ms 91.121.215.177
1788. 6 507.18 ms 37.187.36.214
1789. 7 507.16 ms 37.49.237.49
1790. 8 507.15 ms 104.24.125.166
1791.  
1792. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1793. Nmap done: 1 IP address (1 host up) scanned in 69.21 seconds
1794.  
1795. #######################################################################################################################################
1796.  
1797. amap -i temp.txt
1798. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-13 02:23:31 - APPLICATION MAPPING mode
1799.  
1800. Protocol on 104.24.125.166:80/tcp matches http
1801. Protocol on 104.24.125.166:443/tcp matches http
1802. Protocol on 104.24.125.166:8080/tcp matches http
1803. Protocol on 104.24.125.166:8443/tcp matches http
1804. Protocol on 104.24.125.166:443/tcp matches ssl
1805. Protocol on 104.24.125.166:8443/tcp matches ssl
1806.  
1807.  
1808.  
1809. NetRange: 104.16.0.0 - 104.31.255.255
1810. CIDR: 104.16.0.0/12
1811. NetName: CLOUDFLARENET
1812. NetHandle: NET-104-16-0-0-1
1813. Parent: NET104 (NET-104-0-0-0-0)
1814. NetType: Direct Assignment
1815. OriginAS: AS13335
1816. Organization: Cloudflare, Inc. (CLOUD14)
1817. RegDate: 2014-03-28
1818. Updated: 2017-02-17
1819. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
1820. Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
1821.  
1822.  
1823.  
1824. OrgName: Cloudflare, Inc.
1825. OrgId: CLOUD14
1826. Address: 101 Townsend Street
1827. City: San Francisco
1828. StateProv: CA
1829. PostalCode: 94107
1830. Country: US
1831. RegDate: 2010-07-09
1832. Updated: 2017-02-17
1833. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
1834. Ref: https://whois.arin.net/rest/org/CLOUD14
1835.  
1836.  
1837. OrgTechHandle: ADMIN2521-ARIN
1838. OrgTechName: Admin
1839. OrgTechPhone: +1-650-319-8930
1840. OrgTechEmail: admin@cloudflare.com
1841. OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
1842.  
1843. OrgAbuseHandle: ABUSE2916-ARIN
1844. OrgAbuseName: Abuse
1845. OrgAbusePhone: +1-650-319-8930
1846. OrgAbuseEmail: abuse@cloudflare.com
1847. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
1848.  
1849. OrgNOCHandle: NOC11962-ARIN
1850. OrgNOCName: NOC
1851. OrgNOCPhone: +1-650-319-8930
1852. OrgNOCEmail: noc@cloudflare.com
1853. OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
1854.  
1855. RNOCHandle: NOC11962-ARIN
1856. RNOCName: NOC
1857. RNOCPhone: +1-650-319-8930
1858. RNOCEmail: noc@cloudflare.com
1859. RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
1860.  
1861. RTechHandle: ADMIN2521-ARIN
1862. RTechName: Admin
1863. RTechPhone: +1-650-319-8930
1864. RTechEmail: admin@cloudflare.com
1865. RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
1866.  
1867. RAbuseHandle: ABUSE2916-ARIN
1868. RAbuseName: Abuse
1869. RAbusePhone: +1-650-319-8930
1870. RAbuseEmail: abuse@cloudflare.com
1871.  
1872.  
1873. ftp.whitepower.com
1874. IP address #1: 104.24.124.166
1875. IP address #2: 104.24.125.166
1876.  
1877. localhost.whitepower.com
1878. IP address #1: 127.0.0.1
1879. [+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)
1880.  
1881. mail.whitepower.com
1882. IP address #1: 104.24.124.166
1883. IP address #2: 104.24.125.166
1884.  
1885. test.whitepower.com
1886. IP address #1: 104.24.125.166
1887. IP address #2: 104.24.124.166
1888.  
1889. www.whitepower.com
1890. IP address #1: 104.24.125.166
1891. IP address #2: 104.24.124.166
1892.  
1893. [+] 5 (sub)domains and 9 IP address(es) found
1894. +] Emails found:
1895. ------------------
1896. bigsby@whitepower.com
1897. white...@whitepower.com
1898.  
1899. [+] Hosts found in search engines:
1900. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1901. [-] Resolving hostnames IPs...
1902. 104.24.124.166:www.whitepower.com
1903. [+] Virtual hosts:
1904. ==================
1905. 104.24.124.166 www.lacentrale.fr
1906. 104.24.124.166 fr.spoofmyemail.com
1907. 104.24.124.166 meownime.com
1908. 104.24.124.166 timothyeverest
1909. 104.24.124.166 titanbor.com
1910. 104.24.124.166 fatapedesign
1911. 104.24.124.166 lansdaleroofers
1912. 104.24.124.166 dl.meownime.com
1913. 104.24.124.166 www.dailyintakeblog.com
1914. 104.24.124.166 white-cactus
1915. 104.24.124.166 www.juliemerrillcpa
1916. 104.24.124.166 thenmovies.cf
1917. 104.24.124.166 funlobby.com
1918. 104.24.124.166 www.arjunafurniturejepara.com
1919. 104.24.124.166 hu.spoofmyemail.com
1920. 104.24.124.166 italiangoldshop.com
1921. 104.24.124.166 vi.spoofmyemail.com
1922. 104.24.124.166 www.juliemerrillcpa.com
1923. 104.24.124.166 ericcarraway.net
1924. 104.24.124.166 th.spoofmyemail.com
1925. 104.24.124.166 da.spoofmyemail.com
1926. 104.24.124.166 www.southwestrda.org.uk
1927. 104.24.124.166 equators.space
1928. 104.24.124.166 aemilias.eu
1929. 104.24.124.166 www.trueselfholisticchiropractic.com
1930. 104.24.124.166 www.whitepower.com
1931. 104.24.124.166 fatapedesign.com
1932. 104.24.124.166 funlobby
1933. 104.24.124.166 www.spoofmyemail
1934. 104.24.124.166 www.darinkaforjanart
1935. 104.24.124.166 www.absbuildingsupply.com
1936. 104.24.124.166 el.spoofmyemail.com
1937. 104.24.124.166 www.tobaccoshopinkahuluihi.com
1938. 104.24.124.166 get-hired-now
1939. 104.24.124.166 patriotnewsreport.com
1940. 104.24.124.166 www.singaporecabbooking
1941. 104.24.124.166 www.commentfer.fr
1942. 104.24.124.166 Amazon.fr
1943. 104.24.124.166 www.xtremeyouthcamp.com
1944. 104.24.124.166 forexinvestigation.com
1945. 104.24.124.166 www.spoofmyemail.com
1946. 104.24.124.166 secureyourstuff
1947. 104.24.124.166 dentasnap.ga
1948. 104.24.124.166 nl.spoofmyemail.com
1949. 104.24.124.166 www.tljforsenate.com
1950. 104.24.124.166 zh.spoofmyemail.com
1951. 104.24.124.166 secureyourstuff.com
1952. 104.24.124.166 ru.spoofmyemail.com
1953. 104.24.124.166 it.spoofmyemail.com
1954. 104.24.124.166 es.spoofmyemail.com
1955. 104.24.124.166 www.darinkaforjanart.com
1956. 104.24.124.166 www.top100beautytips
1957. 104.24.124.166 www.firstfivelake.org
1958. 104.24.124.166 www.testsns.com
1959. 104.24.124.166 www.vitansa.gr
1960. 104.24.124.166 search.torrentmania.ru
1961. 104.24.124.166 somamarket.com
1962. 104.24.124.166 www.airqualitytest.ca
1963. 104.24.124.166 www.soulchaw.com
1964. 104.24.124.166 www.risvaslaw.gr
1965. 104.24.124.166 www.patrickvogt.nl
1966. 104.24.124.166 ro.spoofmyemail.com
1967. 104.24.124.166 ja.spoofmyemail.com
1968. 104.24.124.166 che562.com
1969. 104.24.124.166 ko.spoofmyemail.com
1970. 104.24.124.166 www.parolaanalizi.com
1971. 104.24.124.166 www.3danimatorasim.info
1972. 104.24.124.166 tr.spoofmyemail.com
1973. ----- whitepower.com -----
1974. ####################################################################################################################################
1975.  
1976. Host's addresses:
1977. __________________
1978.  
1979. whitepower.com. 295 IN A 104.24.125.166
1980. whitepower.com. 295 IN A 104.24.124.166
1981.  
1982.  
1983. Name Servers:
1984. ______________
1985.  
1986. hugh.ns.cloudflare.com. 11562 IN A 173.245.59.117
1987. fay.ns.cloudflare.com. 11962 IN A 173.245.58.115
1988.  
1989.  
1990. Mail (MX) Servers:
1991. ___________________
1992.  
1993. dc-df6d8124903a.whitepower.com. 300 IN A 50.31.100.21
1994.  
1995.  
1996. Trying Zone Transfers and getting Bind Versions:
1997. _________________________________________________
1998. ---------------------------------------------------------------------------------------------------------------------------------------
1999. + Target IP: 104.24.125.166
2000. + Target Hostname: whitepower.com
2001. + Target Port: 80
2002. + Start Time: 2017-08-13 06:04:28 (GMT-4)
2003. ---------------------------------------------------------------------------------------------------------------------------------------
2004. + Server: cloudflare-nginx
2005. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
2006. + Uncommon header 'cf-ray' found, with contents: 38dad9d2442c2186-EWR
2007. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
2008. + All CGI directories 'found', use '-C none' to test none
2009. + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
2010. + 26097 requests: 0 error(s) and 3 item(s) reported on remote host
2011. + End Time: 2017-08-13 06:20:45 (GMT-4) (977 seconds)
2012. ---------------------------------------------------------------------------------------------------------------------------------------
2013. + 1 host(s) tested
2014.  
2015. whitehonor.com
2016.  
2017. #######################################################################################################################################
2018.  
2019. whois whitehonor.com
2020. Domain Name: WHITEHONOR.COM
2021. Registry Domain ID: 225322189_DOMAIN_COM-VRSN
2022. Registrar WHOIS Server: whois.dreamhost.com
2023. Registrar URL: http://www.DreamHost.com
2024. Updated Date: 2016-09-12T04:38:50Z
2025. Creation Date: 2005-10-08T02:52:27Z
2026. Registry Expiry Date: 2017-10-08T02:52:27Z
2027. Registrar: DreamHost, LLC
2028. Registrar IANA ID: 431
2029. Registrar Abuse Contact Email:
2030. Registrar Abuse Contact Phone:
2031. Domain Status: ok https://icann.org/epp#ok
2032. Name Server: TIM.NS.CLOUDFLARE.COM
2033. Name Server: ZARA.NS.CLOUDFLARE.COM
2034.  
2035. Domain Name: WHITEHONOR.COM
2036. Registry Domain ID: 225322189_DOMAIN_COM-VRSN
2037. Registrar WHOIS Server: whois.dreamhost.com
2038. Registrar URL: www.dreamhost.com
2039. Updated Date: 2013-12-17T20:56:10.00Z
2040. Creation Date: 2005-10-07T19:52:27.00Z
2041. Registrar Registration Expiration Date: 2017-10-08T02:52:27.00Z
2042. Registrar: DREAMHOST
2043. Registrar IANA ID: 431
2044. Domain Status: ok https://www.icann.org/epp#ok
2045. Registry Registrant ID:
2046. Registrant Name: PROXY PROTECTION LLC
2047. Registrant Organization: PROXY PROTECTION LLC
2048. Registrant Street: 417 ASSOCIATED RD #324
2049. Registrant Street: C/O WHITEHONOR.COM
2050. Registrant City: BREA
2051. Registrant State/Province: CA
2052. Registrant Postal Code: 92821
2053. Registrant Country: US
2054. Registrant Phone: +1.7147064182
2055. Registrant Phone Ext:
2056. Registrant Fax:
2057. Registrant Fax Ext:
2058. Registrant Email: ENE5KW7EVQL9LB8@PROXY.DREAMHOST.COM
2059. Registry Admin ID:
2060. Admin Name: PROXY PROTECTION LLC
2061. Admin Organization: PROXY PROTECTION LLC
2062. Admin Street: 417 ASSOCIATED RD #324
2063. Admin Street: C/O WHITEHONOR.COM
2064. Admin City: BREA
2065. Admin State/Province: CA
2066. Admin Postal Code: 92821
2067. Admin Country: US
2068. Admin Phone: +1.7147064182
2069. Admin Phone Ext:
2070. Admin Fax:
2071. Admin Fax Ext:
2072. Admin Email: WHITEHONOR.COM@PROXY.DREAMHOST.COM
2073. Registry Tech ID:
2074. Tech Name: PROXY PROTECTION LLC
2075. Tech Organization: PROXY PROTECTION LLC
2076. Tech Street: 417 ASSOCIATED RD #324
2077. Tech Street: C/O WHITEHONOR.COM
2078. Tech City: BREA
2079. Tech State/Province: CA
2080. Tech Postal Code: 92821
2081. Tech Country: US
2082. Tech Phone: +1.7147064182
2083. Tech Phone Ext:
2084. Tech Fax:
2085. Tech Fax Ext:
2086. Tech Email: WHITEHONOR.COM@PROXY.DREAMHOST.COM
2087. Name Server: TIM.NS.CLOUDFLARE.COM
2088. Name Server: ZARA.NS.CLOUDFLARE.COM
2089. DNSSEC: unSigned
2090. Registrar Abuse Contact Email: domain-abuse@dreamhost.com
2091. Registrar Abuse Contact Phone: +1.2132719359
2092.  
2093. #######################################################################################################################################
2094.  
2095. dig whitehonor.com any
2096.  
2097. ; <<>> DiG 9.10.3-P4-Debian <<>> whitehonor.com any
2098. ;; global options: +cmd
2099. ;; Got answer:
2100. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12095
2101. ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
2102.  
2103. ;; OPT PSEUDOSECTION:
2104. ; EDNS: version: 0, flags:; udp: 4096
2105. ;; QUESTION SECTION:
2106. ;whitehonor.com. IN ANY
2107.  
2108. ;; ANSWER SECTION:
2109. whitehonor.com. 83014 IN NS zara.ns.cloudflare.com.
2110. whitehonor.com. 83014 IN NS tim.ns.cloudflare.com.
2111.  
2112. ;; Query time: 8 msec
2113. ;; SERVER: 192.168.1.254#53(192.168.1.254)
2114. ;; WHEN: Sun Aug 13 03:02:16 EDT 2017
2115. ;; MSG SIZE rcvd: 94
2116.  
2117.  
2118.  
2119. #######################################################################################################################################
2120.  
2121. tcptraceroute -i eth0 whitehonor.com
2122.  
2123. Running:
2124. traceroute -T -O info -i eth0 whitehonor.com
2125. traceroute to whitehonor.com (104.27.154.50), 30 hops max, 60 byte packets
2126. 1 gateway (192.168.1.254) 0.575 ms 0.774 ms 0.936 ms
2127. 2 10.135.18.1 (10.135.18.1) 23.578 ms 24.834 ms 25.344 ms
2128. 3 NYCMNYCIZR01.bb.telus.com (75.154.223.248) 30.341 ms 30.414 ms 30.475 ms
2129. 4 de-cix-new-york.as13335.net (206.130.10.31) 30.736 ms 30.799 ms 30.859 ms
2130. 5 104.27.154.50 (104.27.154.50) <syn,ack> 31.415 ms 31.510 ms 31.846 ms
2131.  
2132. #######################################################################################################################################
2133.  
2134. Checking for HTTP-Loadbalancing [Date]: 07:03:31, 07:03:33, 07:03:34, 07:03:35, 07:03:36, 07:03:38, 07:03:39, 07:03:40, 07:03:42, 07:03:43, 07:03:44, 07:03:45, 07:03:47, 07:03:48, 07:03:49, 07:03:50, 07:03:52, 07:03:53, 07:03:54, 07:03:56, 07:03:57, 07:03:58, 07:03:59, 07:04:01, 07:04:02, 07:04:03, 07:04:05, 07:04:06, 07:04:07, 07:04:08, 07:04:10, 07:04:11, 07:04:12, 07:04:13, 07:04:14, 07:04:15, 07:04:16, 07:04:17, 07:04:18, 07:04:19, 07:04:20, 07:04:21, 07:04:21, 07:04:22, 07:04:23, 07:04:24, 07:04:25, 07:04:26, 07:04:27, 07:04:28, NOT FOUND
2135.  
2136. Checking for HTTP-Loadbalancing [Diff]: FOUND
2137. < Expires: Sun, 13 Aug 2017 07:04:44 GMT
2138. > Expires: Sun, 13 Aug 2017 07:04:45 GMT
2139. < CF-RAY: 38d9d21064900c59-AMS
2140. > CF-RAY: 38d9d21406502c36-AMS
2141.  
2142. ------------------------------------------------------------------------------------------------------------------------
2143. nmap -PN -n -F -T4 -sV -A -oG temp.txt whitehonor.com
2144.  
2145. Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-13 03:04 EDT
2146. Nmap scan report for whitehonor.com (104.27.154.50)
2147. Host is up (0.45s latency).
2148. Other addresses for whitehonor.com (not scanned): 2400:cb00:2048:1::681b:9b32 2400:cb00:2048:1::681b:9a32 104.27.155.50
2149. Not shown: 96 filtered ports
2150. PORT STATE SERVICE VERSION
2151. 80/tcp open http Cloudflare nginx
2152. |_http-generator: WordPress 4.8
2153. |_http-title: WhiteHonor &#8211; White Power! Affiliated With The American N...
2154. 443/tcp open ssl/http Cloudflare nginx
2155. |_http-title: 400 The plain HTTP request was sent to HTTPS port
2156. | ssl-cert: Subject: commonName=sni52050.cloudflaressl.com
2157. | Subject Alternative Name: DNS:sni52050.cloudflaressl.com, DNS:*.a-mi-eskuvonk.hu, DNS:*.barswithdarts.com, DNS:*.busho.hu, DNS:*.compu.mobi, DNS:*.compuproperties.com, DNS:*.compusitelock.com, DNS:*.ftsoft.com.br, DNS:*.goshhungary.com, DNS:*.hedef610.com, DNS:*.investinquest.ru, DNS:*.kuranhalkalari.org, DNS:*.mybro.ru, DNS:*.pubswithdarts.co.uk, DNS:*.pubswithdarts.com, DNS:*.qspond.com, DNS:*.quest-quest.ru, DNS:*.questquest.by, DNS:*.questquest.es, DNS:*.questquest.eu, DNS:*.questquest.kz, DNS:*.questquest.sk, DNS:*.questscenarios.ru, DNS:*.radthorne.nl, DNS:*.rdthrne.com, DNS:*.realfranchise.ru, DNS:*.rosiebubbles.com, DNS:*.smokehunt.ru, DNS:*.social-health.info, DNS:*.stock-loans.com, DNS:*.telegramgame.ru, DNS:*.termeszetesgyogymod.info, DNS:*.tiketik.ru, DNS:*.tothgabriella.hu, DNS:*.vedox.hu, DNS:*.whitehonor.com, DNS:*.xn--eskv-fots-d7a7gv4c.hu, DNS:*.zoldborokaspanzio.hu, DNS:a-mi-eskuvonk.hu, DNS:barswithdarts.com, DNS:busho.hu, DNS:compu.mobi, DNS:compuproperties.com, DNS:compusitelock.com, DNS:ftsoft.com.br, DNS:goshhungary.com, DNS:hedef610.com, DNS:investinquest.ru, DNS:kuranhalkalari.org, DNS:mybro.ru, DNS:pubswithdarts.co.uk, DNS:pubswithdarts.com, DNS:qspond.com, DNS:quest-quest.ru, DNS:questquest.by, DNS:questquest.es, DNS:questquest.eu, DNS:questquest.kz, DNS:questquest.sk, DNS:questscenarios.ru, DNS:radthorne.nl, DNS:rdthrne.com, DNS:realfranchise.ru, DNS:rosiebubbles.com, DNS:smokehunt.ru, DNS:social-health.info, DNS:stock-loans.com, DNS:telegramgame.ru, DNS:termeszetesgyogymod.info, DNS:tiketik.ru, DNS:tothgabriella.hu, DNS:vedox.hu, DNS:whitehonor.com, DNS:xn--eskv-fots-d7a7gv4c.hu, DNS:zoldborokaspanzio.hu
2158. | Not valid before: 2017-07-24T00:00:00
2159. |_Not valid after: 2018-01-30T23:59:59
2160. 8080/tcp open http Cloudflare nginx
2161. 8443/tcp open ssl/http Cloudflare nginx
2162. |_http-server-header: cloudflare-nginx
2163. |_http-title: 400 The plain HTTP request was sent to HTTPS port
2164. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2165. Device type: general purpose
2166. Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (88%)
2167. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4
2168. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.4 (85%)
2169. No exact OS matches for host (test conditions non-ideal).
2170. Network Distance: 7 hops
2171.  
2172. TRACEROUTE (using port 8080/tcp)
2173. HOP RTT ADDRESS
2174. 1 442.97 ms 10.13.0.1
2175. 2 555.89 ms 37.187.24.252
2176. 3 447.70 ms 178.33.103.231
2177. 4 ...
2178. 5 555.89 ms 213.251.128.67
2179. 6 555.88 ms 80.249.211.140
2180. 7 555.80 ms 104.27.154.50
2181.  
2182. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2183. Nmap done: 1 IP address (1 host up) scanned in 136.17 seconds
2184.  
2185. #######################################################################################################################################
2186.  
2187. amap -i temp.txt
2188. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-13 03:06:42 - APPLICATION MAPPING mode
2189.  
2190. Protocol on 104.27.154.50:80/tcp matches http
2191. Protocol on 104.27.154.50:8080/tcp matches http
2192. Protocol on 104.27.154.50:8443/tcp matches http
2193. Protocol on 104.27.154.50:443/tcp matches http
2194. Protocol on 104.27.154.50:443/tcp matches ssl
2195. Protocol on 104.27.154.50:8443/tcp matches ssl
2196.  
2197. Unidentified ports: none.
2198.  
2199. amap v5.4 finished at 2017-08-13 03:06:51
2200.  
2201. #######################################################################################################################################
2202.  
2203.  
2204. NetRange: 104.16.0.0 - 104.31.255.255
2205. CIDR: 104.16.0.0/12
2206. NetName: CLOUDFLARENET
2207. NetHandle: NET-104-16-0-0-1
2208. Parent: NET104 (NET-104-0-0-0-0)
2209. NetType: Direct Assignment
2210. OriginAS: AS13335
2211. Organization: Cloudflare, Inc. (CLOUD14)
2212. RegDate: 2014-03-28
2213. Updated: 2017-02-17
2214. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
2215. Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
2216.  
2217.  
2218.  
2219. OrgName: Cloudflare, Inc.
2220. OrgId: CLOUD14
2221. Address: 101 Townsend Street
2222. City: San Francisco
2223. StateProv: CA
2224. PostalCode: 94107
2225. Country: US
2226. RegDate: 2010-07-09
2227. Updated: 2017-02-17
2228. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
2229. Ref: https://whois.arin.net/rest/org/CLOUD14
2230.  
2231.  
2232. OrgNOCHandle: NOC11962-ARIN
2233. OrgNOCName: NOC
2234. OrgNOCPhone: +1-650-319-8930
2235. OrgNOCEmail: noc@cloudflare.com
2236. OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
2237.  
2238. OrgTechHandle: ADMIN2521-ARIN
2239. OrgTechName: Admin
2240. OrgTechPhone: +1-650-319-8930
2241. OrgTechEmail: admin@cloudflare.com
2242. OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
2243.  
2244. OrgAbuseHandle: ABUSE2916-ARIN
2245. OrgAbuseName: Abuse
2246. OrgAbusePhone: +1-650-319-8930
2247. OrgAbuseEmail: abuse@cloudflare.com
2248. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
2249.  
2250. RNOCHandle: NOC11962-ARIN
2251. RNOCName: NOC
2252. RNOCPhone: +1-650-319-8930
2253. RNOCEmail: noc@cloudflare.com
2254. RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
2255.  
2256. RTechHandle: ADMIN2521-ARIN
2257. RTechName: Admin
2258. RTechPhone: +1-650-319-8930
2259. RTechEmail: admin@cloudflare.com
2260. RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
2261.  
2262. RAbuseHandle: ABUSE2916-ARIN
2263. RAbuseName: Abuse
2264. RAbusePhone: +1-650-319-8930
2265. RAbuseEmail: abuse@cloudflare.com
2266. RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
2267.  
2268. cpanel.whitehonor.com
2269. IP address #1: 23.88.58.104
2270.  
2271. localhost.whitehonor.com
2272. IP address #1: 127.0.0.1
2273. [+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)
2274.  
2275. mail.whitehonor.com
2276. IP address #1: 23.88.58.104
2277.  
2278. webmail.whitehonor.com
2279. IP address #1: 23.88.58.104
2280.  
2281. www.whitehonor.com
2282. IPv6 address #1: 2400:cb00:2048:1::681b:9b32
2283. IPv6 address #2: 2400:cb00:2048:1::681b:9a32
2284.  
2285. www.whitehonor.com
2286. IP address #1: 104.27.154.50
2287. IP address #2: 104.27.155.50
2288. [+] Emails found:
2289. ------------------
2290. No emails found
2291.  
2292. [+] Hosts found in search engines:
2293. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2294. [-] Resolving hostnames IPs...
2295. 104.27.155.50:www.whitehonor.com
2296. [+] Virtual hosts:
2297. ==================
2298. 104.27.155.50 basketsporouen.com
2299. 104.27.155.50 siteshoptop
2300. 104.27.155.50 alsatech.info
2301. 104.27.155.50 www.csgolowrisk
2302. 104.27.155.50 wisatadunia.net
2303. 104.27.155.50 www.sadecemp3.net
2304. 104.27.155.50 londonstampcompany
2305. 104.27.155.50 starpizza
2306. 104.27.155.50 fueforum
2307. 104.27.155.50 timesmanager
2308. 104.27.155.50 www.bugsec.com
2309. 104.27.155.50 sadecemp3.net
2310. 104.27.155.50 csgolowrisk.com
2311. 104.27.155.50 gdiscountcoupona.cf
2312. 104.27.155.50 www.thesilverline.org.uk
2313. 104.27.155.50 www.palmerstonpaint
2314. 104.27.155.50 performblue.com
2315. 104.27.155.50 www.baseideal.top
2316. 104.27.155.50 whitehonor.com
2317. 104.27.155.50 www.carefulcoin.com
2318. 104.27.155.50 rugs2.warrenpadar.com
2319. 104.27.155.50 willy-t.com
2320. 104.27.155.50 nocorelo.com
2321. 104.27.155.50 www.pemmz.com
2322. 104.27.155.50 theholyspirit
2323. 104.27.155.50 www.counselling
2324. 104.27.155.50 www.palmerstonpaint.com.au
2325. 104.27.155.50 horizon
2326. 104.27.155.50 www.invito.co
2327. 104.27.155.50 ussearchinsurance.com
2328. 104.27.155.50 adaptercarda.com
2329. 104.27.155.50 www.libercell.info
2330. 104.27.155.50 weddinginspiration.net
2331. 104.27.155.50 www.cartolafcsportv.com
2332. 104.27.155.50 cartolafcsportv.com
2333. 104.27.155.50 www.murprotec.fr
2334. 104.27.155.50 www.counsellinginwales
2335. 104.27.155.50 Amazon.fr
2336. 104.27.155.50 www.commentfer.fr
2337. 104.27.155.50 Rencontre-des-Coquines.com
2338. 104.27.155.50 Grip17565R15.prixmoinscher.com
2339. 104.27.155.50 version-gratuit.com
2340. ----- whitehonor.com -----
2341.  
2342.  
2343. Host's addresses:
2344. __________________
2345.  
2346. whitehonor.com. 295 IN A 104.27.154.50
2347. whitehonor.com. 295 IN A 104.27.155.50
2348.  
2349.  
2350. Name Servers:
2351. ______________
2352.  
2353. tim.ns.cloudflare.com. 34975 IN A 173.245.59.145
2354. zara.ns.cloudflare.com. 86400 IN A 173.245.58.148
2355.  
2356.  
2357. Mail (MX) Servers:
2358. ___________________
2359.  
2360. dc-4565bbf265e2.whitehonor.com. 300 IN A 23.88.58.104
2361.  
2362.  
2363. Trying Zone Transfers and getting Bind Versions:
2364. _________________________________________________
2365. ---------------------------------------------------------------------------------------------------------------------------------------
2366. + Target IP: 104.27.154.50
2367. + Target Hostname: whitehonor.com
2368. + Target Port: 80
2369. + Start Time: 2017-08-13 06:05:42 (GMT-4)
2370. ---------------------------------------------------------------------------------------------------------------------------------------
2371. + Server: cloudflare-nginx
2372. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
2373. + Uncommon header 'cf-ray' found, with contents: 38dadb9f213d471c-EWR
2374. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
2375. + All CGI directories 'found', use '-C none' to test none
2376. + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
2377. + 26097 requests: 0 error(s) and 3 item(s) reported on remote host
2378. + End Time: 2017-08-13 06:21:51 (GMT-4) (969 seconds)
2379. ---------------------------------------------------------------------------------------------------------------------------------------
2380. whiteresister.com
2381.  
2382. #######################################################################################################################################
2383.  
2384. whois whiteresister.com
2385. Domain Name: WHITERESISTER.COM
2386. Registry Domain ID: 1687576179_DOMAIN_COM-VRSN
2387. Registrar WHOIS Server: whois.godaddy.com
2388. Registrar URL: http://www.godaddy.com
2389. Updated Date: 2016-10-27T16:45:28Z
2390. Creation Date: 2011-11-17T05:15:02Z
2391. Registry Expiry Date: 2017-11-17T05:15:02Z
2392. Registrar: GoDaddy.com, LLC
2393. Registrar IANA ID: 146
2394. Registrar Abuse Contact Email: abuse@godaddy.com
2395. Registrar Abuse Contact Phone: 480-624-2505
2396. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
2397. Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
2398. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
2399. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
2400. Name Server: NS73.DOMAINCONTROL.COM
2401. Name Server: NS74.DOMAINCONTROL.COM
2402.  
2403. The Registry database contains ONLY .COM, .NET, .EDU domains and
2404. Registrars.
2405. Domain Name: WHITERESISTER.COM
2406. Registrar URL: http://www.godaddy.com
2407. Registrant Name: Registration Private
2408. Registrant Organization: Domains By Proxy, LLC
2409. Name Server: NS73.DOMAINCONTROL.COM
2410. Name Server: NS74.DOMAINCONTROL.COM
2411.  
2412. #######################################################################################################################################
2413. IN ANY
2414.  
2415. ;; ANSWER SECTION:
2416. whiteresister.com. 1713 IN A 108.167.181.191
2417. whiteresister.com. 3513 IN NS ns74.domaincontrol.com.
2418. whiteresister.com. 3513 IN NS ns73.domaincontrol.com.
2419.  
2420. ;; Query time: 8 msec
2421. ;; SERVER: 192.168.1.254#53(192.168.1.254)
2422. ;; WHEN: Sun Aug 13 06:46:03 EDT 2017
2423. ;; MSG SIZE rcvd: 114
2424.  
2425. #######################################################################################################################################
2426. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
2427.  
2428. #######################################################################################################################################
2429.  
2430. tcptraceroute -i eth0 whiteresister.com
2431.  
2432. Running:
2433. traceroute -T -O info -i eth0 whiteresister.com
2434. traceroute to whiteresister.com (108.167.181.191), 30 hops max, 60 byte packets
2435. 1 gateway (192.168.1.254) 0.509 ms 1.243 ms 1.541 ms
2436. 2 10.135.18.1 (10.135.18.1) 8.468 ms 8.916 ms 10.627 ms
2437. 3 75.154.223.222 (75.154.223.222) 30.398 ms 30.443 ms 30.989 ms
2438. 4 Global-Reach.plalca01gr00.bb.telus.com (154.11.3.138) 31.134 ms 31.594 ms 31.724 ms
2439. 5 hu-2-0-0-1-cr02.newyork.ny.ibone.comcast.net (68.86.84.210) 33.092 ms hu-1-3-0-5-cr02.newyork.ny.ibone.comcast.net (68.86.85.85) 32.594 ms hu-1-3-0-7-cr02.newyork.ny.ibone.comcast.net (68.86.85.189) 32.770 ms
2440. 6 be-10203-cr01.newark.nj.ibone.comcast.net (68.86.85.185) 33.156 ms 31.439 ms 30.928 ms
2441. 7 be-10102-cr02.ashburn.va.ibone.comcast.net (68.86.85.161) 36.192 ms 36.263 ms 36.320 ms
2442. 8 be-10114-cr02.56marietta.ga.ibone.comcast.net (68.86.85.10) 50.371 ms 49.942 ms 48.912 ms
2443. 9 be-11424-cr02.dallas.tx.ibone.comcast.net (68.86.85.22) 68.599 ms 68.663 ms 68.730 ms
2444. 10 be-12493-pe01.houston.tx.ibone.comcast.net (68.86.84.158) 74.112 ms 74.365 ms 74.283 ms
2445. 11 as8075-1.2001sixthave.wa.ibone.comcast.net (75.149.230.54) 68.139 ms 68.285 ms 67.094 ms
2446. 12 216.117.50.134 (216.117.50.134) 66.691 ms 66.776 ms 66.835 ms
2447. 13 aut.authormedia.net (108.167.133.82) 67.301 ms 67.377 ms 108.167.133.90 (108.167.133.90) 67.635 ms
2448. 14 108.167.181.191 (108.167.181.191) <syn,ack> 66.196 ms 67.289 ms 66.771 ms
2449.  
2450.  
2451. #######################################################################################################################################
2452.  
2453. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK
2454.  
2455.  
2456.  
2457. nmap -PN -n -F -T4 -sV -A -oG temp.txt whiteresister.com
2458.  
2459. Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-13 06:48 EDT
2460. Nmap scan report for whiteresister.com (108.167.181.191)
2461. Host is up (0.27s latency).
2462. Not shown: 81 closed ports
2463. PORT STATE SERVICE VERSION
2464. 21/tcp open ftp Pure-FTPd
2465. 22/tcp filtered ssh
2466. 25/tcp filtered smtp
2467. 26/tcp open smtp Exim smtpd 4.87
2468. | smtp-commands: gator4197.hostgator.com Hello ip29.ip-87-98-166.eu [87.98.166.29], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
2469. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
2470. 53/tcp open domain ISC BIND 9.8.2rc1
2471. | dns-nsid:
2472. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3
2473. 80/tcp open http nginx 1.12.1
2474. 110/tcp open pop3 Dovecot pop3d
2475. 135/tcp filtered msrpc
2476. 139/tcp filtered netbios-ssn
2477. 143/tcp open imap Dovecot imapd
2478. 443/tcp open ssl/ssl Apache httpd (SSL-only mode)
2479. | ssl-cert: Subject: commonName=*.hostgator.com
2480. | Subject Alternative Name: DNS:*.hostgator.com, DNS:hostgator.com
2481. | Not valid before: 2015-10-16T00:00:00
2482. |_Not valid after: 2018-10-15T23:59:59
2483. |_ssl-date: 2017-08-13T10:49:00+00:00; 0s from scanner time.
2484. 445/tcp filtered microsoft-ds
2485. 465/tcp filtered smtps
2486. 587/tcp filtered submission
2487. 993/tcp open ssl/imap Dovecot imapd
2488. | ssl-cert: Subject: commonName=*.hostgator.com
2489. | Subject Alternative Name: DNS:*.hostgator.com, DNS:hostgator.com
2490. | Not valid before: 2015-10-16T00:00:00
2491. |_Not valid after: 2018-10-15T23:59:59
2492. |_ssl-date: 2017-08-13T10:49:07+00:00; +4s from scanner time.
2493. 995/tcp open ssl/pop3 Dovecot pop3d
2494. | ssl-cert: Subject: commonName=*.hostgator.com
2495. | Subject Alternative Name: DNS:*.hostgator.com, DNS:hostgator.com
2496. | Not valid before: 2015-10-16T00:00:00
2497. |_Not valid after: 2018-10-15T23:59:59
2498. |_ssl-date: 2017-08-13T10:49:08+00:00; +2s from scanner time.
2499. 3306/tcp open mysql MySQL 5.5.51-38.2
2500. | mysql-info:
2501. | Protocol: 10
2502. | Version: 5.5.51-38.2
2503. | Thread ID: 64448007
2504. | Capabilities flags: 65535
2505. | Some Capabilities: Support41Auth, FoundRows, Speaks41ProtocolOld, InteractiveClient, SupportsTransactions, IgnoreSpaceBeforeParenthesis, SupportsCompression, LongColumnFlag, SwitchToSSLAfterHandshake, Speaks41ProtocolNew, ConnectWithDatabase, IgnoreSigpipes, LongPassword, SupportsLoadDataLocal, DontAllowDatabaseTableColumn, ODBCClient, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
2506. | Status: Autocommit
2507. | Salt: wX1,)'&+E[wdr06^WwrX
2508. |_ Auth Plugin Name: 84
2509. 8080/tcp open http nginx 1.12.1
2510. 8443/tcp open ssl/http nginx 1.12.1
2511. | ssl-cert: Subject: commonName=*.hostgator.com
2512. | Subject Alternative Name: DNS:*.hostgator.com, DNS:hostgator.com
2513. | Not valid before: 2015-10-16T00:00:00
2514. |_Not valid after: 2018-10-15T23:59:59
2515. |_ssl-date: 2017-08-13T10:49:00+00:00; 0s from scanner time.
2516. | tls-nextprotoneg:
2517. |_ http/1.1
2518. Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (94%), Tomato 1.27 - 1.28 (Linux 2.4.20) (91%), Linux 3.11 - 4.1 (91%), MikroTik RouterOS 6.15 (Linux 3.3.5) (91%), Linux 2.6.23 (90%), Linux 4.4 (90%), DD-WRT v23 (Linux 2.4.36) (89%), Netgear ReadyNAS Duo NAS device (RAIDiator 4.1.4) (89%), Tomato firmware (Linux 2.6.22) (88%), Linux 3.2 - 3.8 (87%)
2519. No exact OS matches for host (test conditions non-ideal).
2520. Network Distance: 16 hops
2521. Service Info: Host: gator4197.hostgator.com; OS: Red Hat Enterprise Linux 6; CPE: cpe:/o:redhat:enterprise_linux:6
2522.  
2523. Host script results:
2524. |_clock-skew: mean: 1s, deviation: 1s, median: 0s
2525.  
2526. TRACEROUTE (using port 8888/tcp)
2527. HOP RTT ADDRESS
2528. 1 111.16 ms 10.13.0.1
2529. 2 ...
2530. 3 111.19 ms 178.33.103.229
2531. 4 ...
2532. 5 114.58 ms 91.121.215.179
2533. 6 114.12 ms 195.66.236.76
2534. 7 504.35 ms 64.125.21.21
2535. 8 525.34 ms 64.125.30.234
2536. 9 514.64 ms 64.125.29.131
2537. 10 549.80 ms 64.125.29.49
2538. 11 535.86 ms 64.125.30.239
2539. 12 546.40 ms 64.125.30.213
2540. 13 564.84 ms 64.124.202.50
2541. 14 560.42 ms 216.117.50.138
2542. 15 568.48 ms 108.167.133.86
2543. 16 572.97 ms 108.167.181.191
2544.  
2545.  
2546. #######################################################################################################################################
2547. Protocol on 108.167.181.191:21/tcp matches ftp
2548. Protocol on 108.167.181.191:26/tcp matches smtp
2549. Protocol on 108.167.181.191:80/tcp matches http
2550. Protocol on 108.167.181.191:80/tcp matches http-apache-2
2551. Protocol on 108.167.181.191:8443/tcp matches http
2552. Protocol on 108.167.181.191:443/tcp matches ssl
2553. Protocol on 108.167.181.191:993/tcp matches ssl
2554. Protocol on 108.167.181.191:110/tcp matches pop3
2555. Protocol on 108.167.181.191:3306/tcp matches mysql
2556. Protocol on 108.167.181.191:143/tcp matches imap
2557. Protocol on 108.167.181.191:8080/tcp matches http
2558. Protocol on 108.167.181.191:8080/tcp matches http-apache-2
2559. Protocol on 108.167.181.191:443/tcp matches http
2560. Protocol on 108.167.181.191:995/tcp matches ssl
2561. Protocol on 108.167.181.191:8443/tcp matches ssl
2562. Protocol on 108.167.181.191:53/tcp matches dns
2563. ##############################################################################################################################################################################################################################################################################
2564. ##############################################################################################################################################################################################################################################################################
2565.  
2566.  
2567. NetRange: 108.167.128.0 - 108.167.191.255
2568. CIDR: 108.167.128.0/18
2569. NetName: HGBLOCK-4
2570. NetHandle: NET-108-167-128-0-1
2571. Parent: NET108 (NET-108-0-0-0-0)
2572. NetType: Direct Allocation
2573. OriginAS:
2574. Organization: WEBSITEWELCOME.COM (BO)
2575. RegDate: 2011-12-27
2576. Updated: 2015-09-30
2577. Ref: https://whois.arin.net/rest/net/NET-108-167-128-0-1
2578.  
2579.  
2580. OrgName: WEBSITEWELCOME.COM
2581. OrgId: BO
2582. Address: 5005 Mitchelldale
2583. Address: Suite #100
2584. City: Houston
2585. StateProv: TX
2586. PostalCode: 77092
2587. Country: US
2588. RegDate: 2011-02-16
2589. Updated: 2016-06-10
2590. Ref: https://whois.arin.net/rest/org/BO
2591.  
2592. ReferralServer: rwhois://rwhois.websitewelcome.com:4321
2593.  
2594. OrgNOCHandle: IPADM551-ARIN
2595. OrgNOCName: IP Admin
2596. OrgNOCPhone: +1-866-964-2867
2597. OrgNOCEmail: ipadmin@websitewelcome.com
2598. OrgNOCRef: https://whois.arin.net/rest/poc/IPADM551-ARIN
2599.  
2600. OrgAbuseHandle: IPADM551-ARIN
2601. OrgAbuseName: IP Admin
2602. OrgAbusePhone: +1-866-964-2867
2603. OrgAbuseEmail: ipadmin@websitewelcome.com
2604. OrgAbuseRef: https://whois.arin.net/rest/poc/IPADM551-ARIN
2605.  
2606. OrgTechHandle: IPADM551-ARIN
2607. OrgTechName: IP Admin
2608. OrgTechPhone: +1-866-964-2867
2609. OrgTechEmail: ipadmin@websitewelcome.com
2610. OrgTechRef: https://whois.arin.net/rest/poc/IPADM551-ARIN
2611.  
2612. RNOCHandle: IPADM551-ARIN
2613. RNOCName: IP Admin
2614. RNOCPhone: +1-866-964-2867
2615. RNOCEmail: ipadmin@websitewelcome.com
2616. RNOCRef: https://whois.arin.net/rest/poc/IPADM551-ARIN
2617.  
2618. RAbuseHandle: IPADM551-ARIN
2619. RAbuseName: IP Admin
2620. RAbusePhone: +1-866-964-2867
2621. RAbuseEmail: ipadmin@websitewelcome.com
2622. RAbuseRef: https://whois.arin.net/rest/poc/IPADM551-ARIN
2623.  
2624. RTechHandle: IPADM551-ARIN
2625. RTechName: IP Admin
2626. RTechPhone: +1-866-964-2867
2627. RTechEmail: ipadmin@websitewelcome.com
2628. RTechRef: https://whois.arin.net/rest/poc/IPADM551-ARIN
2629.  
2630.  
2631. %rwhois V-1.5:003eff:00 rwhois.websitewelcome.com (by Network Solutions, Inc. V-1.5.9.5)
2632. network:Class-Name:network
2633. network:ID:NETBLK-BO.108.167.181.191/32
2634. network:Auth-Area:108.167.128.0/18
2635. network:Network-Name:BO-108.167.181.191/32
2636. network:IP-Network:108.167.181.191/32
2637. network:IP-Network-Block:108.167.181.191 - 108.167.181.191
2638. network:Organization;I:prolinux55.hostgator.com
2639. network:Tech-Contact;I:support@websitewelcome.com
2640. network:Admin-Contact;I:support@websitewelcome.com
2641. network:Created:20120406
2642. network:Updated:20130513
2643. network:Updated-By:support@websitewelcome.com
2644.  
2645. network:Class-Name:network
2646. network:ID:NETBLK-BO.108.167.128.0/18
2647. network:Auth-Area:108.167.128.0/18
2648. network:Network-Name:BO-108.167.128.0/18
2649. network:IP-Network:108.167.128.0/18
2650. network:IP-Network-Block:108.167.128.0 - 108.167.191.255
2651. network:Organization;I:WEBSITEWELCOME.COM
2652. network:Tech-Contact;I:support@websitewelcome.com
2653. network:Admin-Contact;I:support@websitewelcome.com
2654. network:Created:20120403
2655. network:Updated:20120403
2656. network:Updated-By:support@websitewelcome.com
2657. [+] searching (sub)domains for whiteresister.com using built-in wordlist
2658. [+] using maximum random delay of 10 millisecond(s) between requests
2659.  
2660. email.whiteresister.com
2661. IP address #1: 173.201.192.148
2662. IP address #2: 97.74.135.45
2663. IP address #3: 173.201.193.20
2664. IP address #4: 173.201.192.20
2665. IP address #5: 72.167.218.45
2666. IP address #6: 173.201.192.5
2667. IP address #7: 97.74.135.148
2668. IP address #8: 97.74.135.133
2669. IP address #9: 173.201.193.148
2670. IP address #10: 173.201.193.5
2671. IP address #11: 173.201.192.133
2672. IP address #12: 72.167.218.55
2673. IP address #13: 72.167.218.173
2674. IP address #14: 97.74.135.55
2675. IP address #15: 72.167.218.183
2676. IP address #16: 173.201.193.133
2677.  
2678. ftp.whiteresister.com
2679. IP address #1: 108.167.181.191
2680.  
2681. www.whiteresister.com
2682. IP address #1: 108.167.181.191
2683.  
2684. [+] 3 (sub)domains and 18 IP address(es) found
2685. [+] Hosts found in search engines:
2686. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2687. [-] Resolving hostnames IPs...
2688. 108.167.181.191:www.whiteresister.com
2689. [+] Virtual hosts:
2690. ==================
2691. 108.167.181.191 ibcfrance.org
2692. 108.167.181.191 www.esportsgarage.com
2693. 108.167.181.191 justenforme.com
2694. 108.167.181.191 www.patrolmarketing.com
2695. 108.167.181.191 www.whiteresister
2696. 108.167.181.191 delishpizza
2697. 108.167.181.191 www.bathhausspa
2698. 108.167.181.191 www.anothertimebegins.com
2699. 108.167.181.191 www.littleguylending
2700. 108.167.181.191 grandparentsintoaction
2701. 108.167.181.191 justincrediblephotography
2702. 108.167.181.191 rimgolf
2703. 108.167.181.191 4u2beresponsible
2704. 108.167.181.191 grandparentsintoaction.com
2705. 108.167.181.191 bioprocessreview.com
2706. 108.167.181.191 whiteresister.com
2707. 108.167.181.191 www.elitegreenteamchemdry
2708. 108.167.181.191 granito.partners
2709. 108.167.181.191 seedpr
2710. 108.167.181.191 amercincorp
2711. 108.167.181.191 greatorganiclife
2712. 108.167.181.191 jeffhochberg
2713. 108.167.181.191 amiraeskandaraniworld.com
2714. 108.167.181.191 mickelsongolfproperties
2715. 108.167.181.191 rodselectricandairconditioning
2716. 108.167.181.191 meyerdecor.com
2717. 108.167.181.191 moveyourmoneyproject.org
2718. 108.167.181.191 lifespringchurchfranklinnc.org
2719. 108.167.181.191 flippingceramics.com
2720. 108.167.181.191 www.shahriarsteel
2721. 108.167.181.191 mickelsonprivategolf
2722. 108.167.181.191 samanthalorissa.com
2723. 108.167.181.191 powerproof
2724. 108.167.181.191 cpascrm.com
2725. 108.167.181.191 midsouthphoto
2726. 108.167.181.191 electrolaze.com
2727. 108.167.181.191 agent-living.com
2728. 108.167.181.191 priceactiontracker
2729. 108.167.181.191 www.roliderltd
2730. 108.167.181.191 capitaltrustunion.com
2731. 108.167.181.191 dinuinfotech
2732. 108.167.181.191 amokgamers
2733. 108.167.181.191 bellsbailbonds.com
2734. 108.167.181.191 frontpagemeews
2735. 108.167.181.191 thepharmacistmom
2736. 108.167.181.191 northstardiving.com
2737. 108.167.181.191 priceactiontracker.com
2738. 108.167.181.191 dezlim
2739. 108.167.181.191 ganpatsinhvasava.com
2740. 108.167.181.191 raghu007.com
2741. 108.167.181.191 oldschoolroomgallery
2742. 108.167.181.191 webgraphicdesignhub
2743. 108.167.181.191 hubslinks
2744. 108.167.181.191 singlemansparadise
2745. 108.167.181.191 sdyouthfoundation
2746. 108.167.181.191 www.delishpizza.biz
2747. 108.167.181.191 fortmyersatm
2748. 108.167.181.191 altaredspaces
2749. 108.167.181.191 delishpizza.com
2750. 108.167.181.191 zarahospital
2751. 108.167.181.191 www.spiritvape
2752. 108.167.181.191 granito.capital
2753. 108.167.181.191 thisoldcan
2754. 108.167.181.191 thomasvilleareaboardofrealtors
2755. 108.167.181.191 childrensadvocacyctr.org
2756. 108.167.181.191 breedrockmusic.com
2757. 108.167.181.191 justincrediblephotography.net
2758. 108.167.181.191 lou
2759. 108.167.181.191 www.reksame.com
2760. 108.167.181.191 pausebreathesucceed
2761. 108.167.181.191 allcanadianaccounting
2762. 108.167.181.191 themeforces
2763. 108.167.181.191 www.shahriarsteel.com
2764. 108.167.181.191 seedprcommunications.com
2765. 108.167.181.191 bmo
2766. 108.167.181.191 viberealtyinc
2767. 108.167.181.191 rimgolf.com
2768. 108.167.181.191 www.bathhausspa.com
2769. 108.167.181.191 greengearengineer
2770. 108.167.181.191 www.stephenshappyman
2771. 108.167.181.191 www.heidijowayco
2772. 108.167.181.191 elearning
2773. 108.167.181.191 www.ethicalcapitalismgroup
2774. 108.167.181.191 proverbialhearts
2775. 108.167.181.191 sdyouthfoundation.org
2776. 108.167.181.191 www.revivcoaching.com.au
2777. 108.167.181.191 powerproofqatar.com
2778. 108.167.181.191 naturalgreencleanup
2779. 108.167.181.191 www.amassfitness
2780. 108.167.181.191 webwitchdev.com
2781. 108.167.181.191 www.stephenshappyman.com
2782. 108.167.181.191 lazathemes.com
2783. 108.167.181.191 frontpagemeews.com
2784. 108.167.181.191 walkertechsolutions
2785. ----- whiteresister.com -----
2786.  
2787.  
2788. Host's addresses:
2789. __________________
2790.  
2791. whiteresister.com. 1712 IN A 108.167.181.191
2792.  
2793.  
2794. Name Servers:
2795. ______________
2796.  
2797. ns74.domaincontrol.com. 28408 IN A 208.109.255.47
2798. ns73.domaincontrol.com. 32992 IN A 216.69.185.47
2799.  
2800.  
2801. Mail (MX) Servers:
2802. ___________________
2803.  
2804. mailstore1.europe.secureserver.net. 3600 IN A 188.121.52.57
2805. smtp.europe.secureserver.net. 3600 IN A 188.121.52.56
2806.  
2807.  
2808.  
2809. Google Results:
2810. ________________
2811.  
2812. www.whiteresister.com. 3600 IN CNAME whiteresister.com.
2813. whiteresister.com. 1709 IN A 108.167.181.191
2814.  
2815. ---------------------------------------------------------------------------------------------------------------------------------------
2816. + Target IP: 108.167.181.191
2817. + Target Hostname: whiteresister.com
2818. + Target Port: 80
2819. + Start Time: 2017-08-13 06:45:33 (GMT-4)
2820. ---------------------------------------------------------------------------------------------------------------------------------------
2821. + Server: nginx/1.12.1
2822. + The anti-clickjacking X-Frame-Options header is not present.
2823. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
2824. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
2825. + Entry '/administrator/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2826. + Entry '/bin/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2827. + Entry '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2828. + Entry '/cli/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2829. + Entry '/components/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2830. + Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2831. + Entry '/language/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2832. + Entry '/layouts/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2833. + Entry '/libraries/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2834. + Entry '/logs/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2835. + Entry '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2836. + Entry '/plugins/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2837. + Entry '/tmp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
2838. + "robots.txt" contains 14 entries which should be manually viewed.
2839. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
2840. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
2841. + /cgi-sys/formmail.cgi: The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.
2842. + /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
2843. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
2844. + /securecontrolpanel/: Web Server Control Panel
2845. + /webmail/: Web based mail package installed.
2846. + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
2847. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
2848. + OSVDB-2117: /cpanel/: Web-based control panel
2849. + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
2850. + OSVDB-3092: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
2851. + OSVDB-3092: /administrator/: This might be interesting...
2852. + OSVDB-3092: /bin/: This might be interesting...
2853. + OSVDB-3092: /includes/: This might be interesting...
2854. + OSVDB-3092: /logs/: This might be interesting...
2855. + OSVDB-3092: /tmp/: This might be interesting...
2856. + OSVDB-3092: /bin/: This might be interesting... possibly a system shell found.
2857. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
2858. + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
2859. + OSVDB-3093: /webmail/lib/emailreader_execute_on_each_page.inc.php: This might be interesting... has been seen in web logs from an unknown scanner.
2860. + OSVDB-3092: /LICENSE.txt: License file found may identify site software.
2861. + /htaccess.txt: Default Joomla! htaccess.txt file found. This should be removed or renamed.
2862. + /administrator/index.php: Admin login page/section found.
2863. + /controlpanel/: Admin login page/section found.
2864. + Server leaks inodes via ETags, header found with file /bin/c99.php, fields: 0x56a83370 0x16e2
2865. + 9894 requests: 0 error(s) and 43 item(s) reported on remote host
2866. + End Time: 2017-08-13 07:45:46 (GMT-4) (3613 seconds)
2867. ---------------------------------------------------------------------------------------------------------------------------------------
2868.  
2869. nsm88.org
2870.  
2871. #######################################################################################################################################
2872.  
2873. whois nsm88.org
2874. Domain Name: NSM88.ORG
2875. Registry Domain ID: D110103517-LROR
2876. Registrar WHOIS Server:
2877. Registrar URL: http://www.networksolutions.com
2878. Updated Date: 2016-10-29T08:03:59Z
2879. Creation Date: 2005-12-29T03:13:53Z
2880. Registry Expiry Date: 2017-12-29T03:13:53Z
2881. Registrar Registration Expiration Date:
2882. Registrar: Network Solutions, LLC
2883. Registrar IANA ID: 2
2884. Registrar Abuse Contact Email:
2885. Registrar Abuse Contact Phone:
2886. Reseller:
2887. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
2888. Registry Registrant ID: C28612202-LROR
2889. Registrant Name: jeff schoep
2890. Registrant Organization: NSM88 Records LLC
2891. Registrant Street: PO BOX 13768
2892. Registrant City: Detroit
2893. Registrant State/Province: MI
2894. Registrant Postal Code: 48213-0768
2895. Registrant Country: US
2896. Registrant Phone: +1.3136712583
2897. Registrant Phone Ext:
2898. Registrant Fax:
2899. Registrant Fax Ext:
2900. Registrant Email: commander@newsaxon.org
2901. Registry Admin ID: C41790948-LROR
2902. Admin Name: J SCHOEP
2903. Admin Organization:
2904. Admin Street: NSM NETWORK HOSTMASTER
2905. Admin Street: PO BOX 13768
2906. Admin City: DETROIT
2907. Admin State/Province: MI
2908. Admin Postal Code: 48213
2909. Admin Country: US
2910. Admin Phone: +1.888642967
2911. Admin Phone Ext:
2912. Admin Fax:
2913. Admin Fax Ext:
2914. Admin Email: commander@newsaxon.org
2915. Registry Tech ID: C30057174-LROR
2916. Tech Name: VikingRage NetworkConsultant
2917. Tech Organization: VikingRage Hosting
2918. Tech Street: PO BOX 13768
2919. Tech City: DETROIT
2920. Tech State/Province: MI
2921. Tech Postal Code: 48213
2922. Tech Country: US
2923. Tech Phone: +011.16516596307
2924. Tech Phone Ext:
2925. Tech Fax:
2926. Tech Fax Ext:
2927. Tech Email: merlin@newsaxon.org
2928. Name Server: NS95.WORLDNIC.COM
2929. Name Server: NS96.WORLDNIC.COM
2930. DNSSEC: unsigned
2931. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
2932. IN ANY
2933.  
2934. ;; ANSWER SECTION:
2935. nsm88.org. 874 IN TXT "v=spf1 ip4:208.98.12.130 mx a:asgard.vikingragenetwork.net mx:vikingragenetwork.net ~all"
2936. nsm88.org. 874 IN MX 10 asgard.vikingragenetwork.net.
2937. nsm88.org. 874 IN SOA NS95.WORLDNIC.COM. namehost.WORLDNIC.COM. 110050423 10800 3600 604800 3600
2938. nsm88.org. 860 IN A 208.98.12.145
2939. nsm88.org. 874 IN NS NS95.WORLDNIC.COM.
2940. nsm88.org. 874 IN NS ns96.WORLDNIC.COM.
2941.  
2942. ;; Query time: 8 msec
2943. ;; SERVER: 192.168.1.254#53(192.168.1.254)
2944. ;; WHEN: Sun Aug 13 08:27:43 EDT 2017
2945. ;; MSG SIZE rcvd: 294
2946.  
2947.  
2948.  
2949. #######################################################################################################################################
2950.  
2951. tcptraceroute -i eth0 nsm88.org
2952.  
2953. Running:
2954. traceroute -T -O info -i eth0 nsm88.org
2955. traceroute to nsm88.org (208.98.12.145), 30 hops max, 60 byte packets
2956. 1 gateway (192.168.1.254) 0.541 ms 0.752 ms 0.918 ms
2957. 2 10.135.18.1 (10.135.18.1) 7.062 ms 15.010 ms 22.997 ms
2958. 3 75.154.223.222 (75.154.223.222) 30.084 ms 29.993 ms 30.158 ms
2959. 4 Global-Reach.plalca01gr00.bb.telus.com (154.11.3.138) 31.534 ms 31.604 ms 31.667 ms
2960. 5 hu-1-3-0-3-cr02.newyork.ny.ibone.comcast.net (68.86.83.101) 31.826 ms hu-1-3-0-4-cr02.newyork.ny.ibone.comcast.net (68.86.83.105) 31.751 ms hu-2-0-0-0-cr02.newyork.ny.ibone.comcast.net (68.86.86.233) 32.431 ms
2961. 6 be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202) 51.757 ms 48.633 ms 50.172 ms
2962. 7 hu-0-17-0-1-pe04.350ecermak.il.ibone.comcast.net (68.86.87.218) 48.830 ms 50.379 ms 50.441 ms
2963. 8 edge01.po4.comcast.chi.sharktech.net.0.98.208.in-addr.arpa (208.98.0.33) 78.564 ms 71.646 ms 62.498 ms
2964. 9 * * *
2965. 10 208.98.12.145 (208.98.12.145) <syn,ack> 49.039 ms 49.179 ms 49.453 ms
2966. ####################################################################################################################################
2967. ####################################################################################################################################
2968. NetRange: 208.98.0.0 - 208.98.63.255
2969. CIDR: 208.98.0.0/18
2970. NetName: SHARKTECH-INC
2971. NetHandle: NET-208-98-0-0-1
2972. Parent: NET208 (NET-208-0-0-0-0)
2973. NetType: Direct Allocation
2974. OriginAS: AS46844
2975. Organization: Sharktech (SHARK-7)
2976. RegDate: 2006-01-23
2977. Updated: 2014-01-22
2978. Ref: https://whois.arin.net/rest/net/NET-208-98-0-0-1
2979.  
2980.  
2981. OrgName: Sharktech
2982. OrgId: SHARK-7
2983. Address: 3315 E. Russel Rd A4 #112
2984. City: Las Vegas
2985. StateProv: NV
2986. PostalCode: 89120
2987. Country: US
2988. RegDate: 2012-01-20
2989. Updated: 2017-01-28
2990. Comment: FOR ABUSE RELATED QUESTIONS PLEASE EMAIL ABUSE AT SHARKTECH.NET
2991. Ref: https://whois.arin.net/rest/org/SHARK-7
2992.  
2993. ReferralServer: rwhois://rwhois.sharktech.net:4321
2994.  
2995. OrgAbuseHandle: ABUSE1080-ARIN
2996. OrgAbuseName: ABUSE Department
2997. OrgAbusePhone: +1-844-706-7383
2998. OrgAbuseEmail: abuse@sharktech.net
2999. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE1080-ARIN
3000.  
3001. OrgNOCHandle: NOC2002-ARIN
3002. OrgNOCName: Network Operations Center
3003. OrgNOCPhone: +1-844-706-7383
3004. OrgNOCEmail: support@sharktech.net
3005. OrgNOCRef: https://whois.arin.net/rest/poc/NOC2002-ARIN
3006.  
3007. OrgTechHandle: NOC2002-ARIN
3008. OrgTechName: Network Operations Center
3009. OrgTechPhone: +1-844-706-7383
3010. OrgTechEmail: support@sharktech.net
3011. OrgTechRef: https://whois.arin.net/rest/poc/NOC2002-ARIN
3012.  
3013. # end
3014.  
3015.  
3016. # start
3017.  
3018. NetRange: 208.98.0.0 - 208.98.63.255
3019. CIDR: 208.98.0.0/18
3020. NetName: ST-CHI
3021. NetHandle: NET-208-98-0-0-2
3022. Parent: SHARKTECH-INC (NET-208-98-0-0-1)
3023. NetType: Reallocated
3024. OriginAS: AS46844
3025. Organization: Sharktech (SHARK-8)
3026. RegDate: 2014-01-22
3027. Updated: 2014-01-22
3028. Comment: FOR ABUSE RELATED QUESTIONS PLEASE EMAIL ABUSE AT SHARKTECH.NET
3029. Ref: https://whois.arin.net/rest/net/NET-208-98-0-0-2
3030.  
3031.  
3032. OrgName: Sharktech
3033. OrgId: SHARK-8
3034. Address: 427 S La Salle St
3035. City: Chicago
3036. StateProv: IL
3037. PostalCode: 60605
3038. Country: US
3039. RegDate: 2014-01-21
3040. Updated: 2016-12-21
3041. Comment: FOR ABUSE RELATED QUESTIONS PLEASE EMAIL ABUSE AT SHARKTECH.NET
3042. Ref: https://whois.arin.net/rest/org/SHARK-8
3043.  
3044. ReferralServer: rwhois://rwhois.sharktech.net:4321
3045.  
3046. OrgNOCHandle: NOC2002-ARIN
3047. OrgNOCName: Network Operations Center
3048. OrgNOCPhone: +1-844-706-7383
3049. OrgNOCEmail: support@sharktech.net
3050. OrgNOCRef: https://whois.arin.net/rest/poc/NOC2002-ARIN
3051.  
3052. OrgAbuseHandle: ABUSE1080-ARIN
3053. OrgAbuseName: ABUSE Department
3054. OrgAbusePhone: +1-844-706-7383
3055. OrgAbuseEmail: abuse@sharktech.net
3056. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE1080-ARIN
3057.  
3058. OrgTechHandle: NOC2002-ARIN
3059. OrgTechName: Network Operations Center
3060. OrgTechPhone: +1-844-706-7383
3061. OrgTechEmail: support@sharktech.net
3062. OrgTechRef: https://whois.arin.net/rest/poc/NOC2002-ARIN
3063.  
3064. ca.nsm88.org
3065. IP address #1: 208.98.12.145
3066.  
3067. gallery.nsm88.org
3068. IP address #1: 208.98.12.146
3069.  
3070. ny.nsm88.org
3071. IP address #1: 208.98.12.145
3072.  
3073. wd.nsm88.org
3074. IP address #1: 208.98.12.141
3075.  
3076. www.nsm88.org
3077. IP address #1: 208.98.12.145
3078.  
3079. [+] Emails found:
3080. ------------------
3081. commander@nsm88.org
3082.  
3083. [+] Hosts found in search engines:
3084. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
3085. [-] Resolving hostnames IPs...
3086. 208.98.12.146:Gallery.nsm88.org
3087. 208.98.12.146:gallery.nsm88.org
3088. 208.98.12.141:wd.nsm88.org
3089. 208.98.12.145:www.nsm88.org
3090. 208.98.12.131:wwww.nsm88.org
3091. [+] Virtual hosts:
3092. ==================
3093. 208.98.12.146 offres.peugeot.fr
3094. 208.98.12.146 gallery.nsm88.org
3095. 208.98.12.146 www.qarson.fr
3096. 208.98.12.146 www.auto-ies.com
3097. 208.98.12.146 www.promoneuve.fr
3098. 208.98.12.146 www.lacentrale.fr
3099. 208.98.12.141 offres.peugeot.fr
3100. 208.98.12.141 www.qarson.fr
3101. 208.98.12.145 offres.peugeot.fr
3102. 208.98.12.145 www.nsm88.org
3103. 208.98.12.145 Norauto.fr
3104. 208.98.12.145 www.qarson.fr
3105. 208.98.12.145 www.auto-ies.com
3106. 208.98.12.145 www.promoneuve.fr
3107. 208.98.12.131 offres.peugeot.fr
3108. 208.98.12.131 www.vikingragenetwork
3109. 208.98.12.131 vikingragenetwork
3110. 208.98.12.131 vikingragenetwork.net
3111.  
3112. ----- nsm88.org -----
3113.  
3114.  
3115. Host's addresses:
3116. __________________
3117.  
3118. nsm88.org. 7181 IN A 208.98.12.145
3119.  
3120.  
3121. Wildcard detection using: nhvchhnjrlpd
3122. _______________________________________
3123.  
3124. nhvchhnjrlpd.nsm88.org. 7200 IN A 208.98.12.131
3125.  
3126.  
3127.  
3128. Name Servers:
3129. ______________
3130.  
3131. ns96.WORLDNIC.COM. 6928 IN A 207.204.21.148
3132. NS95.WORLDNIC.COM. 6928 IN A 207.204.40.148
3133.  
3134.  
3135. Mail (MX) Servers:
3136. ___________________
3137.  
3138. asgard.vikingragenetwork.net. 14400 IN A 208.98.12.130
3139.  
3140.  
3141. Trying Zone Transfers and getting Bind Versions:
3142. _________________________________________________
3143. ---------------------------------------------------------------------------------------------------------------------------------------
3144. + Target IP: 208.98.12.145
3145. + Target Hostname: nsm88.org
3146. + Target Port: 80
3147. + Start Time: 2017-08-13 06:42:04 (GMT-4)
3148. ---------------------------------------------------------------------------------------------------------------------------------------
3149. + Server: Wookiesoft-Chewbacca-v2
3150. + The anti-clickjacking X-Frame-Options header is not present.
3151. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
3152. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
3153. + Root page / redirects to: http://www.nsm88.org/
3154. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Operation now in progress
3155. + Scan terminated: 20 error(s) and 3 item(s) reported on remote host
3156. + End Time: 2017-08-13 06:49:28 (GMT-4) (444 seconds)
3157. ---------------------------------------------------------------------------------------------------------------------------------------
3158. Target
3159. http://www.americannaziparty.com/
3160.  
3161. https://www.stormfront.org/
3162.  
3163. www.npiamerica.org
3164.  
3165. https://altright.com
3166.  
3167. https://www.whitepower.com/
3168.  
3169. http://whitehonor.com/
3170.  
3171. http://www.nsm88.org/
3172.  
3173. http://whiteresister.com/
3174.  
3175.  
3176.  
3177. JTSEC1333 full recon Anonymous #OpDomesticTerrorism #Charlottesville #OpAltRight #DDoS #Attack #KKK