OPDeathEathers Anonymous JTSEC full recon #13

1. ######################################################################################################################################
2.  
3. OPDeathEathers Anonymous JTSEC full recon #13
4. #######################################################################################################################################
5. hostname img.jpg4.net ISP SAKURA Internet Inc. (AS9370)
6. Continent Asia Flag
7. JP
8. Country Japan Country Code JP (JPN)
9. Region 32 Local time 16 Aug 2017 19:09 JST
10. Metropolis Unknown Postal Code 540-0008
11. City Osaka Latitude 34.686
12. IP Address 153.121.64.174 Longitude 135.52
13. img.jpg4.net
14.  
15. #######################################################################################################################################
16.  
17. dig img.jpg4.net any
18.  
19. ; <<>> DiG 9.10.3-P4-Debian <<>> img.jpg4.net any
20. ;; global options: +cmd
21. ;; Got answer:
22. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27534
23. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
24.  
25. ;; OPT PSEUDOSECTION:
26. ; EDNS: version: 0, flags:; udp: 4096
27. ;; QUESTION SECTION:
28. ;img.jpg4.net. IN ANY
29.  
30. ;; ANSWER SECTION:
31. img.jpg4.net. 1461 IN A 153.121.64.174
32.  
33. ;; Query time: 8 msec
34. ;; SERVER: 192.168.1.254#53(192.168.1.254)
35. ;; WHEN: Wed Aug 16 06:07:55 EDT 2017
36. ;; MSG SIZE rcvd: 57
37.  
38.  
39.  
40. #######################################################################################################################################
41.  
42.  
43. traceroute to img.jpg4.net (153.121.64.174), 30 hops max, 60 byte packets
44. 1 gateway (192.168.1.254) 0.446 ms 0.637 ms 0.796 ms
45. 2 10.135.18.1 (10.135.18.1) 7.009 ms 7.362 ms 7.433 ms
46. 3 STTLWAWBCI01.bb.telus.com (75.154.217.108) 72.459 ms 72.548 ms 73.156 ms
47. 4 sea001bf00.iij.net (206.81.80.237) 73.376 ms 73.638 ms 73.702 ms
48. 5 tky001bb10.IIJ.Net (58.138.88.129) 200.193 ms tky001bb11.IIJ.Net (58.138.88.133) 199.645 ms tky001bb10.IIJ.Net (58.138.88.129) 200.275 ms
49. 6 tky001ip56.IIJ.Net (58.138.102.106) 202.107 ms tky001ip57.IIJ.Net (58.138.102.110) 197.871 ms tky001ip57.IIJ.Net (58.138.102.102) 195.750 ms
50. 7 210.138.107.34 (210.138.107.34) 205.185 ms 205.255 ms 202.232.9.206 (202.232.9.206) 206.420 ms
51. 11 www6160up.sakura.ne.jp (153.121.64.174) <syn,ack> 205.330 ms 205.408 ms 205.794 ms
52. HOST: whatismyip Loss% Snt Last Avg Best Wrst StDev
53. 1.|-- 107.170.238.254 0.0% 3 0.3 1.8 0.3 4.5 2.2
54. 2.|-- 138.197.248.220 0.0% 3 0.3 0.5 0.3 0.8 0.0
55. 3.|-- ae-13.r05.plalca01.us.bb.gin.ntt.net 0.0% 3 1.6 1.4 1.2 1.6 0.0
56. 4.|-- ae-15.r01.snjsca04.us.bb.gin.ntt.net 0.0% 3 108.5 108.6 108.5 108.7 0.0
57. 5.|-- ae-10.r23.snjsca04.us.bb.gin.ntt.net 0.0% 3 2.0 2.2 2.0 2.4 0.0
58. 6.|-- ae-21.r30.tokyjp05.jp.bb.gin.ntt.net 0.0% 3 108.9 109.1 108.7 109.7 0.0
59. 7.|-- ae-2.r02.tokyjp05.jp.bb.gin.ntt.net 0.0% 3 108.8 108.7 108.5 108.8 0.0
60. 8.|-- ce-0-15-0-3.r02.tokyjp05.jp.ce.gin.ntt.net 0.0% 3 108.6 108.5 108.3 108.6 0.0
61. 9.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
62. 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
63. 11.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
64. 12.|-- www6160up.sakura.ne.jp 33.3% 3 109.0 109.1 109.0 109.2 0.0
65.  
66.  
67.  
68. #######################################################################################################################################
69.  
70.  
71. Checking for HTTP-Loadbalancing [Date]: 10:08:58, 10:08:59, 10:08:59, 10:09:00, 10:09:01, 10:09:02, 10:09:02, 10:09:03, 10:09:04, 10:09:05, 10:09:05, 10:09:06, 10:09:07, 10:09:08, 10:09:09, 10:09:09, 10:09:10, 10:09:11, 10:09:12, 10:09:12, 10:09:13, 10:09:14, 10:09:15, 10:09:15, 10:09:16, 10:09:17, 10:09:18, 10:09:18, 10:09:19, 10:09:20, 10:09:21, 10:09:21, 10:09:22, 10:09:23, 10:09:24, 10:09:24, 10:09:25, 10:09:26, 10:09:27, 10:09:27, 10:09:28, 10:09:29, 10:09:30, 10:09:31, 10:09:32, 10:09:33, 10:09:33, 10:09:34, 10:09:35, 10:09:36, NOT FOUND
72.  
73. ######################################################################################################################################
74.  
75.  
76. Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-16 06:10 EDT
77. Nmap scan report for img.jpg4.net (153.121.64.174)
78. Host is up (0.36s latency).
79. Not shown: 96 filtered ports
80. PORT STATE SERVICE VERSION
81. 21/tcp closed ftp
82. 80/tcp open http Apache httpd 2.2.15 ((CentOS))
83. |_http-server-header: Apache/2.2.15 (CentOS)
84. |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
85. 631/tcp closed ipp
86. 3306/tcp closed mysql
87. Device type: general purpose
88. Running: Linux 2.6.X
89. OS CPE: cpe:/o:linux:linux_kernel:2.6.39
90. OS details: Linux 2.6.39
91. Network Distance: 18 hops
92. Starting Nmap 7.01 ( https://nmap.org ) at 2017-08-16 12:40 UTC
93. Nmap scan report for img.jpg4.net (153.121.64.174)
94. Host is up (0.15s latency).
95. rDNS record for 153.121.64.174: www6160up.sakura.ne.jp
96. PORT STATE SERVICE VERSION
97. 21/tcp closed ftp
98. 22/tcp filtered ssh
99. 23/tcp filtered telnet
100. 25/tcp filtered smtp
101. 80/tcp open http Apache httpd 2.2.15 ((CentOS))
102. 110/tcp filtered pop3
103. 143/tcp filtered imap
104. 443/tcp filtered https
105. 445/tcp filtered microsoft-ds
106. 3389/tcp filtered ms-wbt-server
107.  
108. TRACEROUTE (using port 3306/tcp)
109. HOP RTT ADDRESS
110. 1 111.99 ms 10.13.0.1
111. 2 112.56 ms 37.187.24.252
112. 3 112.01 ms 178.33.103.229
113. 4 113.34 ms 10.95.33.8
114. 5 115.34 ms 91.121.215.179
115. 6 183.65 ms 192.99.146.127
116. 7 194.40 ms 198.27.73.204
117. 8 209.90 ms 198.27.73.207
118. 9 258.66 ms 198.27.73.148
119. 10 ...
120. 11 258.45 ms 124.211.34.125
121. 12 369.74 ms 203.181.100.209
122. 13 367.99 ms 118.155.197.42
123. 14 376.23 ms 124.211.10.42
124. 15 ... 17
125. 18 378.06 ms 153.121.64.174
126.  
127.  
128.  
129. ######################################################################################################################################
130.  
131.  
132.  
133. Protocol on 153.121.64.174:80/tcp matches http
134. Protocol on 153.121.64.174:80/tcp matches http-apache-2
135.  
136. Unidentified ports: none.
137.  
138. amap v5.4 finished at 2017-08-16 06:10:56
139.  
140. inetnum: 153.121.32.0 - 153.121.95.255
141. netname: SAKURA
142. descr: SAKURA Internet Inc.
143. descr: Grandfront Osaka Bldg. Tower-A 35F, 4-20, Ofukacho, Kita-ku, Osaka 530-0011 Japan
144. country: JP
145. admin-c: JNIC1-AP
146. tech-c: JNIC1-AP
147. status: ALLOCATED PORTABLE
148. remarks: Email address for spam or abuse complaints : abuse@sakura.ad.jp
149. mnt-irt: IRT-JPNIC-JP
150. mnt-by: MAINT-JPNIC
151. mnt-lower: MAINT-JPNIC
152. changed: hm-changed@apnic.net 20121220
153. changed: ip-apnic@nic.ad.jp 20170703
154. source: APNIC
155.  
156. irt: IRT-JPNIC-JP
157. address: Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
158. address: Chiyoda-ku, Tokyo 101-0047, Japan
159. e-mail: hostmaster@nic.ad.jp
160. abuse-mailbox: hostmaster@nic.ad.jp
161. admin-c: JNIC1-AP
162. tech-c: JNIC1-AP
163. auth: # Filtered
164. mnt-by: MAINT-JPNIC
165. changed: abuse@apnic.net 20101108
166. changed: hm-changed@apnic.net 20101111
167. changed: ip-apnic@nic.ad.jp 20140702
168. source: APNIC
169.  
170. role: Japan Network Information Center
171. address: Urbannet-Kanda Bldg 4F
172. address: 3-6-2 Uchi-Kanda
173. address: Chiyoda-ku, Tokyo 101-0047,Japan
174. country: JP
175. phone: +81-3-5297-2311
176. fax-no: +81-3-5297-2312
177. e-mail: hostmaster@nic.ad.jp
178. admin-c: JI13-AP
179. tech-c: JE53-AP
180. nic-hdl: JNIC1-AP
181. mnt-by: MAINT-JPNIC
182. changed: hm-changed@apnic.net 20041222
183. changed: hm-changed@apnic.net 20050324
184. changed: ip-apnic@nic.ad.jp 20051027
185. changed: ip-apnic@nic.ad.jp 20120828
186. source: APNIC
187.  
188. % Information related to '153.121.64.0 - 153.121.64.255'
189.  
190. inetnum: 153.121.64.0 - 153.121.64.255
191. netname: SAKURA-NET
192. descr: SAKURA Internet Inc.
193. country: JP
194. admin-c: KT749JP
195. tech-c: JP00072233
196. remarks: This information has been partially mirrored by APNIC from
197. remarks: JPNIC. To obtain more specific information, please use the
198. remarks: JPNIC WHOIS Gateway at
199. remarks: http://www.nic.ad.jp/en/db/whois/en-gateway.html or
200. remarks: whois.nic.ad.jp for WHOIS client. (The WHOIS client
201. remarks: defaults to Japanese output, use the /e switch for English
202. remarks: output)
203. changed: apnic-ftp@nic.ad.jp 20140404
204. source: JPNIC
205.  
206. % This query was served by the APNIC Whois Service version 1.88.15-35 (WHOIS-US4)
207.  
208. Host's addresses:
209. __________________
210.  
211. img.jpg4.net. 1464 IN A 153.121.64.174
212.  
213.  
214. Name Servers:
215. ______________
216. ---------------------------------------------------------------------------------------------------------------------------------------
217. + Target IP: 153.121.64.174
218. + Target Hostname: img.jpg4.net.
219. + Target Port: 80
220. + Start Time: 2017-08-16 06:24:33 (GMT-4)
221. ---------------------------------------------------------------------------------------------------------------------------------------
222. + Server: Apache/2.2.15 (CentOS)
223. + Retrieved x-powered-by header: PHP/7.0.7
224. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
225. + Uncommon header 'proxuri' found, with contents: /
226. + Uncommon header 'xline' found, with contents: 184http://img.jpg4.club/
227. + Uncommon header 'line' found, with contents: 203
228. + Uncommon header 'cf-ray' found, with contents: 38f3af77323e0b50-NRT
229. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
230. + All CGI directories 'found', use '-C none' to test none
231. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
232. + IP address found in the 'imghost' header. The IP is "87.98.166.29".
233. + Uncommon header 'imghost' found, with contents: 153.121.64.174mh---rm:87.98.166.29
234. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
235. + ERROR: Error limit (20) reached for host, giving up. Last error:
236. + Scan terminated: 2 error(s) and 11 item(s) reported on remote host
237. + End Time: 2017-08-16 06:39:32 (GMT-4) (899 seconds)
238. ##############################################################################################################################################################################################################################################################################
239. #######################################################################################################################################
240. Hostname nudepetitegirls.net ISP Iws Networks LLC (AS199968)
241. Continent Europe Flag
242. NL
243. Country Netherlands Country Code NL (NLD)
244. Region Unknown Local time 20 Aug 2017 12:19 CEST
245. City Unknown Latitude 52.382
246. IP Address 91.223.82.42 Longitude 4.899
247. nudepetitegirls.net
248.  
249. ######################################################################################################################################
250.  
251. whois nudepetitegirls.net
252. Domain Name: NUDEPETITEGIRLS.NET
253. Registry Domain ID: 1984424080_DOMAIN_NET-VRSN
254. Registrar WHOIS Server: whois.name.com
255. Registrar URL: http://www.name.com
256. Updated Date: 2017-07-14T19:13:49Z
257. Creation Date: 2015-11-28T15:07:58Z
258. Registry Expiry Date: 2017-11-28T15:07:58Z
259. Registrar: Name.com, Inc.
260. Registrar IANA ID: 625
261. Registrar Abuse Contact Email: abuse@name.com
262. Registrar Abuse Contact Phone: 7202492374
263. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
264. Name Server: DNS5.WAREZ-HOST.COM
265. Name Server: DNS6.WAREZ-HOST.COM
266. DNSSEC: unsigned
267. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
268.  
269. Domain Name: NUDEPETITEGIRLS.NET
270. Registry Domain ID: 1984424080_DOMAIN_NET-VRSN
271. Registrar WHOIS Server: whois.name.com
272. Registrar URL: http://www.name.com
273. Updated Date: 2017-07-14T19:13:49Z
274. Creation Date: 2015-11-28T15:07:58Z
275. Registrar Registration Expiration Date: 2017-11-28T15:07:58Z
276. Registrar: Name.com, Inc.
277. Registrar IANA ID: 625
278. Reseller:
279. Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
280. Registry Registrant ID: Not Available From Registry
281. Registrant Name: Domino Soto
282. Registrant Organization: Sotos
283. Registrant Street: Esa Street
284. Registrant City: Peru
285. Registrant State/Province: Peru
286. Registrant Postal Code: 6785
287. Registrant Country: PE
288. Registrant Phone: +51.44563456
289. Registrant Email: elcarlos_89_4@hotmail.com
290. Registry Admin ID: Not Available From Registry
291. Admin Name: Domino Soto
292. Admin Organization: Sotos
293. Admin Street: Esa Street
294. Admin City: Peru
295. Admin State/Province: Peru
296. Admin Postal Code: 6785
297. Admin Country: PE
298. Admin Phone: +51.44563456
299. Admin Email: elcarlos_89_4@hotmail.com
300. Registry Tech ID: Not Available From Registry
301. Tech Name: Domino Soto
302. Tech Organization: Sotos
303. Tech Street: Esa Street
304. Tech City: Peru
305. Tech State/Province: Peru
306. Tech Postal Code: 6785
307. Tech Country: PE
308. Tech Phone: +51.44563456
309. Tech Email: elcarlos_89_4@hotmail.com
310. Name Server: dns5.warez-host.com
311. Name Server: dns6.warez-host.com
312. DNSSEC: unSigned
313. Registrar Abuse Contact Email: abuse@name.com
314. Registrar Abuse Contact Phone: +1.7203101849
315.  
316. ######################################################################################################################################
317. #################################################################################################################################
318.  
319. ;; ANSWER SECTION:
320. nudepetitegirls.net. 14393 IN MX 0 nudepetitegirls.net.
321. nudepetitegirls.net. 14222 IN A 91.223.82.42
322. nudepetitegirls.net. 38466 IN NS dns9.hostplay.com.
323. nudepetitegirls.net. 38466 IN NS dns10.hostplay.com.
324. nudepetitegirls.net. 38466 IN NS dns5.warez-host.com.
325. nudepetitegirls.net. 38466 IN NS dns6.warez-host.com.
326. #################################################################################################################################
327.  
328. tcptraceroute -i eth0 nudepetitegirls.net
329.  
330. Running:
331. traceroute -T -O info -i eth0 nudepetitegirls.net
332. traceroute to nudepetitegirls.net (91.223.82.42), 30 hops max, 60 byte packets
333. 1 gateway (192.168.1.254) 0.544 ms 0.741 ms 0.911 ms
334. 2 10.135.18.1 (10.135.18.1) 6.937 ms 7.342 ms 7.561 ms
335. 3 NYCMNYCIZR01.bb.telus.com (75.154.223.248) 29.898 ms 30.032 ms 30.159 ms
336. 4 ae4-1.nyk10.core-backbone.com (206.130.10.42) 30.399 ms 30.523 ms 30.915 ms
337. 5 ae3-2072.ams10.core-backbone.com (80.255.15.165) 106.907 ms 107.041 ms 107.113 ms
338. 6 core-backbone.serverius.nl (81.95.2.106) 111.535 ms 111.691 ms core-backbone.serverius.nl (81.95.2.222) 113.491 ms
339. 7 178.21.17.21 (178.21.17.21) 106.468 ms 107.430 ms 178.21.17.23 (178.21.17.23) 107.692 ms
340. 8 nld-net-ip.as51430.net (37.46.123.250) 137.777 ms 119.706 ms 131.000 ms
341. 9 green.warez-host.com (91.223.82.42) <syn,ack> 106.036 ms 106.142 ms 112.602 ms
342. #####################################################################################################################################
343. ######################################################################################################################################
344.  
345.  
346. Checking for HTTP-Loadbalancing [Date]: 10:17:19, 10:17:19, 10:17:19, 10:17:19, 10:17:20, 10:17:20, 10:17:20, 10:17:21, 10:17:21, 10:17:21, 10:17:21, 10:17:22, 10:17:22, 10:17:22, 10:17:22, 10:17:23, 10:17:23, 10:17:23, 10:17:23, 10:17:24, 10:17:24, 10:17:24, 10:17:24, 10:17:25, 10:17:25, 10:17:25, 10:17:26, 10:17:26, 10:17:26, 10:17:26, 10:17:27, 10:17:27, 10:17:27, 10:17:27, 10:17:28, 10:17:28, 10:17:28, 10:17:28, 10:17:29, 10:17:29, 10:17:29, 10:17:30, 10:17:30, 10:17:30, 10:17:30, 10:17:31, 10:17:31, 10:17:31, 10:17:31, 10:17:32, NOT FOUND
347.  
348.  
349. ######################################################################################################################################
350.  
351.  
352.  
353. nmap -PN -n -F -T4 -sV -A -oG temp.txt nudepetitegirls.net
354.  
355. Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-20 06:17 EDT
356. Nmap scan report for nudepetitegirls.net (91.223.82.42)
357. Host is up (0.23s latency).
358. Not shown: 80 closed ports
359. PORT STATE SERVICE VERSION
360. 21/tcp open ftp Pure-FTPd
361. 25/tcp filtered smtp
362. 26/tcp open smtp Exim smtpd 4.89
363. | smtp-commands: green.warez-host.com Hello ip29.ip-87-98-166.eu [87.98.166.29], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
364. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
365. 53/tcp open domain ISC BIND 9.8.2rc1
366. | dns-nsid:
367. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4
368. 80/tcp open http nginx
369. 110/tcp open pop3 Dovecot pop3d
370. 111/tcp open rpcbind 2-4 (RPC #100000)
371. 135/tcp filtered msrpc
372. 139/tcp filtered netbios-ssn
373. 143/tcp open imap Dovecot imapd
374. | ssl-cert: Subject: commonName=green.warez-host.com
375. | Subject Alternative Name: DNS:green.warez-host.com, DNS:www.green.warez-host.com
376. | Not valid before: 2017-04-03T00:00:00
377. |_Not valid after: 2018-04-03T23:59:59
378. 443/tcp open ssl/http Apache httpd 2.4.27 ((Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4)
379. |_http-title: Did not follow redirect to https://91.223.82.42/~abc24/
380. | ssl-cert: Subject: commonName=nudepetitegirls.net
381. | Subject Alternative Name: DNS:nudepetitegirls.net, DNS:www.nudepetitegirls.net
382. | Not valid before: 2017-07-29T00:00:00
383. |_Not valid after: 2017-10-27T23:59:59
384. |_ssl-date: 2017-08-20T10:18:38+00:00; -1s from scanner time.
385. 445/tcp filtered microsoft-ds
386. 465/tcp filtered smtps
387. 587/tcp filtered submission
388. 993/tcp open ssl/imap Dovecot imapd
389. | ssl-cert: Subject: commonName=green.warez-host.com
390. | Subject Alternative Name: DNS:green.warez-host.com, DNS:www.green.warez-host.com
391. | Not valid before: 2017-04-03T00:00:00
392. |_Not valid after: 2018-04-03T23:59:59
393. |_ssl-date: 2017-08-20T10:18:34+00:00; -1s from scanner time.
394. 995/tcp open ssl/pop3 Dovecot pop3d
395. | ssl-cert: Subject: commonName=green.warez-host.com
396. | Subject Alternative Name: DNS:green.warez-host.com, DNS:www.green.warez-host.com
397. | Not valid before: 2017-04-03T00:00:00
398. |_Not valid after: 2018-04-03T23:59:59
399. |_ssl-date: 2017-08-20T10:18:34+00:00; -1s from scanner time.
400. 3306/tcp open mysql MySQL (blocked - too many connection errors)
401. 5666/tcp open tcpwrapped
402. 8888/tcp open http Apache httpd 2.4.27 ((Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4)
403. 49152/tcp filtered unknown
404. Device type: general purpose|storage-misc|firewall|WAP
405. Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (94%), Synology DiskStation Manager 5.X (90%), WatchGuard Fireware 11.X (89%)
406. OS CPE: cpe:/o:linux:linux_kernel:2.6.39 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel:4.2 cpe:/o:linux:linux_kernel:2.4
407. Aggressive OS guesses: Linux 2.6.39 (94%), Linux 2.6.32 (90%), Linux 3.10 (90%), Linux 3.4 (90%), Linux 3.1 - 3.2 (90%), Synology DiskStation Manager 5.1 (90%), Linux 2.6.32 or 3.10 (89%), WatchGuard Fireware 11.8 (89%), Linux 2.6.32 - 2.6.39 (88%), Linux 3.2 - 3.8 (86%)
408. No exact OS matches for host (test conditions non-ideal).
409. Network Distance: 12 hops
410. Service Info: Host: green.warez-host.com; OS: Red Hat Enterprise Linux 6; CPE: cpe:/o:redhat:enterprise_linux:6
411.  
412. Host script results:
413. |_clock-skew: mean: -1s, deviation: 0s, median: -1s
414.  
415. TRACEROUTE (using port 199/tcp)
416. HOP RTT ADDRESS
417. 1 ... 2
418. 3 3994.96 ms 178.33.103.229
419. 4 ...
420. 5 3999.67 ms 213.186.32.213
421. 6 4005.71 ms 94.23.122.218
422. 7 ... 9
423. 10 4011.71 ms 178.21.17.23
424. 11 ...
425. 12 4147.97 ms 91.223.82.42
426.  
427. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
428. Nmap done: 1 IP address (1 host up) scanned in 80.42 seconds
429.  
430. ######################################################################################################################################
431.  
432.  
433.  
434. Protocol on 91.223.82.42:21/tcp matches ftp
435. Protocol on 91.223.82.42:80/tcp matches http
436. Protocol on 91.223.82.42:143/tcp matches imap
437. Protocol on 91.223.82.42:110/tcp matches pop3
438. Protocol on 91.223.82.42:26/tcp matches smtp
439. Protocol on 91.223.82.42:8888/tcp matches http
440. Protocol on 91.223.82.42:8888/tcp matches http-apache-2
441. Protocol on 91.223.82.42:443/tcp matches http
442. Protocol on 91.223.82.42:443/tcp matches http-apache-2
443. Protocol on 91.223.82.42:3306/tcp matches mysql
444. this connect
445. this connect
446. Protocol on 91.223.82.42:111/tcp matches rpc
447. Protocol on 91.223.82.42:53/tcp matches dns
448. Protocol on 91.223.82.42:111/tcp matches rpc-rpcbind-v4
449.  
450. o'
451.  
452. inetnum: 91.223.82.0 - 91.223.82.255
453. netname: IWS-NETWORK
454. country: NL
455. org: ORG-INL21-RIPE
456. admin-c: IIWS-RIPE
457. tech-c: IIWS-RIPE
458. status: ASSIGNED PI
459. mnt-by: RIPE-NCC-END-MNT
460. mnt-by: IWSCO-MNT
461. mnt-routes: IWSCO-MNT
462. mnt-domains: IWSCO-MNT
463. created: 2011-02-03T15:46:53Z
464. last-modified: 2016-04-14T10:47:00Z
465. source: RIPE # Filtered
466. sponsoring-org: ORG-AI49-RIPE
467.  
468. organisation: ORG-INL21-RIPE
469. org-name: IWS NETWORKS LLC
470. org-type: other
471. address: 09 Aghayan str
472. address: Yerevan
473. address: Armenia
474. phone: +971 56 653 9955
475. abuse-c: AR33870-RIPE
476. remarks: *************************************************************
477. remarks: | We are Internet Services Provider
478. remarks: *-----------------------------------------------------------*
479. remarks: | In case of Spam/Virus/Portscans/Attacks/Fraud Activity etc
480. remarks: | please send an email to abuse@iws.co
481. remarks: | for any other questions info@iws.co
482. remarks: | Be friendly ...!
483. remarks: | Unfriendly emails will be ignored!
484. remarks: *************************************************************
485. mnt-ref: IWSCO-MNT
486. mnt-by: IWSCO-MNT
487. created: 2015-10-09T10:21:22Z
488. last-modified: 2015-10-16T13:03:30Z
489. source: RIPE # Filtered
490.  
491. person: IWS Networks Ltd
492. address: International Widespread Services Limited
493. address: Ras Al Khaimah
494. address: P.O. Box 10559
495. address: UAE
496. phone: +971 56 653 9955
497. abuse-mailbox: abuse@iws.co
498. abuse-mailbox: abuse@hostplay.com
499. nic-hdl: IIWS-RIPE
500. mnt-by: IWS-NETWORK
501. created: 2013-09-16T11:32:43Z
502. last-modified: 2013-09-16T11:32:43Z
503. source: RIPE
504.  
505. % Information related to '91.223.82.0/24AS199968'
506.  
507. route: 91.223.82.0/24
508. descr: International Widespread Services Limited
509. origin: AS199968
510. mnt-by: IWSCO-MNT
511. created: 2014-05-29T20:29:02Z
512. last-modified: 2014-05-29T20:29:02Z
513. source: RIPE
514.  
515. % This query was served by the RIPE Database Query Service version 1.89.2 (HEREFORD)
516. +] using maximum random delay of 10 millisecond(s) between requests
517.  
518. cpanel.nudepetitegirls.net
519. IP address #1: 91.223.82.42
520.  
521. ftp.nudepetitegirls.net
522. IP address #1: 91.223.82.42
523.  
524. mail.nudepetitegirls.net
525. IP address #1: 91.223.82.42
526.  
527. webmail.nudepetitegirls.net
528. IP address #1: 91.223.82.42
529.  
530. www.nudepetitegirls.net
531. IP address #1: 91.223.82.42
532.  
533. [+] 5 (sub)domains and 5 IP address(es) found
534. ----- nudepetitegirls.net -----
535.  
536.  
537. Host's addresses:
538. __________________
539.  
540. nudepetitegirls.net. 14230 IN A 91.223.82.42
541.  
542.  
543. Name Servers:
544. ______________
545.  
546. dns6.warez-host.com. 14230 IN A 91.223.82.41
547. dns10.hostplay.com. 14230 IN A 91.223.82.41
548. dns5.warez-host.com. 14230 IN A 91.223.82.41
549. dns9.hostplay.com. 14230 IN A 91.223.82.41
550.  
551.  
552. Mail (MX) Servers:
553. ___________________
554.  
555. nudepetitegirls.net. 14229 IN A 91.223.82.42
556.  
557.  
558. Trying Zone Transfers and getting Bind Versions:
559. _________________________________________________
560. ---------------------------------------------------------------------------------------------------------------------------------------
561. + Target IP: 91.223.82.42
562. + Target Hostname: nudepetitegirls.net
563. + Target Port: 80
564. + Start Time: 2017-08-20 06:17:01 (GMT-4)
565. ---------------------------------------------------------------------------------------------------------------------------------------
566. + Server: nginx
567. + Retrieved x-powered-by header: PHP/5.5.38
568. + The anti-clickjacking X-Frame-Options header is not present.
569. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
570. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
571. + Server leaks inodes via ETags, header found with file /, fields: 0x5896b116 0x264
572. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
573. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
574. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
575. + /securecontrolpanel/: Web Server Control Panel
576. + /webmail/: Web based mail package installed.
577. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
578. + OSVDB-2117: /cpanel/: Web-based control panel
579. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
580. + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
581. + OSVDB-3093: /webmail/lib/emailreader_execute_on_each_page.inc.php: This might be interesting... has been seen in web logs from an unknown scanner.
582. + OSVDB-3268: /images/: Directory indexing found.
583. + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found.
584. + /controlpanel/: Admin login page/section found.
585. + 8263 requests: 3 error(s) and 18 item(s) reported on remote host
586. + End Time: 2017-08-20 07:03:07 (GMT-4) (2766 seconds)
587. ---------------------------------------------------------------------------------------------------------------------------------------
588. teenieporn.net
589.  
590. ######################################################################################################################################
591.  
592. whois teenieporn.net
593. Domain Name: TEENIEPORN.NET
594. Registry Domain ID: 1953013232_DOMAIN_NET-VRSN
595. Registrar WHOIS Server: whois.evonames.com
596. Registrar URL: http://www.danesconames.com
597. Updated Date: 2017-08-14T17:56:25Z
598. Creation Date: 2015-08-14T17:41:31Z
599. Registry Expiry Date: 2018-08-14T17:41:31Z
600. Registrar: Danesco Trading Ltd.
601. Registrar IANA ID: 1418
602. Registrar Abuse Contact Email:
603. Registrar Abuse Contact Phone:
604. Domain Status: ok https://icann.org/epp#ok
605. Name Server: HUGH.NS.CLOUDFLARE.COM
606. Name Server: LADY.NS.CLOUDFLARE.COM
607. DNSSEC: unsigned
608.  
609.  
610. Domain Name: TEENIEPORN.NET
611. Registry Domain ID:
612. Registrar WHOIS Server: whois.evonames.com
613. Registrar URL: https://evonames.com/
614. Updated Date: 2017-08-14 17:57:23.413192
615. Creation Date: 2015-08-14
616. Registrar Registration Expiration Date: 2018-08-14
617. Registrar: DANESCO TRADING LTD
618. Registrar IANA ID: 1418
619. Registrar Abuse Contact Email: abuse@evonames.com
620. Registrar Abuse Contact Phone: +357.95713635
621. Reseller: AHnames.com https://www.AHnames.com/
622. Domain Status: ok
623. Registry Registrant ID: MR_7296006WP
624. Registrant Name: WhoisProtectService.net
625. Registrant Organization: PROTECTSERVICE, LTD.
626. Registrant Street: Agios Fylaxeos 66 and Chr. Perevou 2, Kalia Court, off. 601
627. Registrant City: Limassol
628. Registrant State/Province:
629. Registrant Postal Code: 3025
630. Registrant Country: Cyprus
631. Registrant Phone: +357.95713635
632. Registrant Phone Ext:
633. Registrant Fax: +357.95713635
634. Registrant Fax Ext:
635. Registrant Email: teenieporn.net@whoisprotectservice.net
636. Registry Admin ID: MR_7296006WP
637. Admin Name: WhoisProtectService.net
638. Admin Organization: PROTECTSERVICE, LTD.
639. Admin Street: Agios Fylaxeos 66 and Chr. Perevou 2, Kalia Court, off. 601
640. Admin City: Limassol
641. Admin State/Province:
642. Admin Postal Code: 3025
643. Admin Country: Cyprus
644. Admin Phone: +357.95713635
645. Admin Phone Ext:
646. Admin Fax: +357.95713635
647. Admin Fax Ext:
648. Admin Email: teenieporn.net@whoisprotectservice.net
649. Registry Tech ID: MR_7296006WP
650. Tech Name: WhoisProtectService.net
651. Tech Organization: PROTECTSERVICE, LTD.
652. Tech Street: Agios Fylaxeos 66 and Chr. Perevou 2, Kalia Court, off. 601
653. Tech City: Limassol
654. Tech State/Province:
655. Tech Postal Code: 3025
656. Tech Country: Cyprus
657. Tech Phone: +357.95713635
658. Tech Phone Ext:
659. Tech Fax: +357.95713635
660. Tech Fax Ext:
661. Tech Email: teenieporn.net@whoisprotectservice.net
662. Registry Billing ID: MR_7296006WP
663. Billing Name: WhoisProtectService.net
664. Billing Organization: PROTECTSERVICE, LTD.
665. Billing Street: Agios Fylaxeos 66 and Chr. Perevou 2, Kalia Court, off. 601
666. Billing City: Limassol
667. Billing State/Province:
668. Billing Postal Code: 3025
669. Billing Country: Cyprus
670. Billing Phone: +357.95713635
671. Billing Phone Ext:
672. Billing Fax: +357.95713635
673. Billing Fax Ext:
674. Billing Email: teenieporn.net@whoisprotectservice.net
675. Name Server: HUGH.NS.CLOUDFLARE.COM
676. Name Server: LADY.NS.CLOUDFLARE.COM
677. DNSSEC: unsigned
678. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
679. >>> Last update of WHOIS database: 2017-08-14 17:58:10 <<<
680.  
681. Abuse email: abuse@ahnames.com
682.  
683. ######################################################################################################################################
684.  
685. teenieporn.net. 3789 IN RRSIG HINFO 13 2 3789 20170821112930 20170819092930 35273 teenieporn.net. eI6Yde+blf23MbKQra7z1hsb6qb6EfrYY21qWzM3I+uQ7xkQIBVkpv4F lCZ7MmjFgnPPOJvYlBh97/HgTicrsQ==
686. teenieporn.net. 3789 IN HINFO "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
687. teenieporn.net. 76960 IN NS lady.ns.cloudflare.com.
688. teenieporn.net. 76960 IN NS hugh.ns.cloudflare.com.
689.  
690. ;; Query time: 35 msec
691. ;; SERVER: 192.168.1.254#53(192.168.1.254)
692. ;; WHEN: Sun Aug 20 06:29:29 EDT 2017
693. ;; MSG SIZE rcvd: 266
694.  
695.  
696. ######################################################################################################################################
697.  
698. tcptraceroute -i eth0 teenieporn.net
699.  
700. Running:
701. traceroute -T -O info -i eth0 teenieporn.net
702. traceroute to teenieporn.net (104.24.98.72), 30 hops max, 60 byte packets
703. 1 gateway (192.168.1.254) 1.383 ms 1.570 ms 1.830 ms
704. 2 10.135.18.1 (10.135.18.1) 8.380 ms 8.741 ms 9.035 ms
705. 3 NYCMNYCIZR01.bb.telus.com (75.154.223.248) 31.363 ms 31.515 ms 31.636 ms
706. 4 de-cix-new-york.as13335.net (206.130.10.31) 32.162 ms 32.237 ms 32.309 ms
707. 5 104.24.98.72 (104.24.98.72) <syn,ack> 32.851 ms 33.047 ms 33.213 ms
708.  
709. ######################################################################################################################################
710.  
711.  
712. Checking for HTTP-Loadbalancing [Date]: 10:29:50, 10:29:50, 10:29:50, 10:29:51, 10:29:51, 10:29:51, 10:29:51, 10:29:52, 10:29:52, 10:29:52, 10:29:52, 10:29:53, 10:29:53, 10:29:53, 10:29:53, 10:29:54, 10:29:54, 10:29:54, 10:29:54, 10:29:55, 10:29:55, 10:29:55, 10:29:55, 10:29:56, 10:29:56, 10:29:56, 10:29:56, 10:29:57, 10:29:57, 10:29:57, 10:29:57, 10:29:58, 10:29:58, 10:29:58, 10:29:58, 10:29:59, 10:29:59, 10:29:59, 10:29:59, 10:30:00, 10:30:00, 10:30:00, 10:30:00, 10:30:01, 10:30:01, 10:30:01, 10:30:01, 10:30:02, 10:30:02, 10:30:02, NOT FOUND
713.  
714. Checking for HTTP-Loadbalancing [Diff]: FOUND
715. < Expires: Sun, 20 Aug 2017 10:30:21 GMT
716. > Expires: Sun, 20 Aug 2017 10:30:25 GMT
717. < CF-RAY: 3914ace04459693e-CDG
718. > CF-RAY: 3914acf912591049-CDG
719.  
720. teenieporn.net does Load-balancing. Found via Methods: DNS HTTP[Diff]
721.  
722.  
723. ######################################################################################################################################
724.  
725. nmap -PN -n -F -T4 -sV -A -oG temp.txt teenieporn.net
726.  
727. Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-20 06:30 EDT
728. Nmap scan report for teenieporn.net (104.24.98.72)
729. Host is up (0.21s latency).
730. Other addresses for teenieporn.net (not scanned): 2400:cb00:2048:1::6818:6348 2400:cb00:2048:1::6818:6248 104.24.99.72
731. Not shown: 96 filtered ports
732. PORT STATE SERVICE VERSION
733. 80/tcp open http Cloudflare nginx
734. |_http-server-header: cloudflare-nginx
735. 443/tcp open ssl/http Cloudflare nginx
736. | ssl-cert: Subject: commonName=sni217184.cloudflaressl.com
737. | Subject Alternative Name: DNS:sni217184.cloudflaressl.com, DNS:*.ammomporn.pro, DNS:*.ampornvideo.com, DNS:*.asipornteens.com, DNS:*.bouvtkablirome.cf, DNS:*.celebritybeautypics.com, DNS:*.centgutlemota.gq, DNS:*.coahytergbyber.tk, DNS:*.enmenalanba.gq, DNS:*.freeteens-tube.com, DNS:*.freeteensvideo.net, DNS:*.ghetharhealthmingca.cf, DNS:*.hotmomporn.pro, DNS:*.inonnomocho.tk, DNS:*.inteenporn.com, DNS:*.inteensvideo.com, DNS:*.ltimgeoverquirob.ga, DNS:*.momsonporn.pro, DNS:*.pornomom.pro, DNS:*.pornoteenvideo.com, DNS:*.pornoteenxxx.net, DNS:*.pornoxxxteens.com, DNS:*.pornteensclips.com, DNS:*.proce2.net, DNS:*.sailndream.com, DNS:*.sednasystem.fr, DNS:*.sexypornmom.com, DNS:*.sexypornteen.com, DNS:*.starelisearde.cf, DNS:*.taraduncan.ru, DNS:*.teenieporn.net, DNS:*.teenspornovideo.com, DNS:*.tv-live-xp.ru, DNS:*.younginporn.com, DNS:*.youngsexporn.pro, DNS:ammomporn.pro, DNS:ampornvideo.com, DNS:asipornteens.com, DNS:bouvtkablirome.cf, DNS:celebritybeautypics.com, DNS:centgutlemota.gq, DNS:coahytergbyber.tk, DNS:enmenalanba.gq, DNS:freeteens-tube.com, DNS:freeteensvideo.net, DNS:ghetharhealthmingca.cf, DNS:hotmomporn.pro, DNS:inonnomocho.tk, DNS:inteenporn.com, DNS:inteensvideo.com, DNS:ltimgeoverquirob.ga, DNS:momsonporn.pro, DNS:pornomom.pro, DNS:pornoteenvideo.com, DNS:pornoteenxxx.net, DNS:pornoxxxteens.com, DNS:pornteensclips.com, DNS:proce2.net, DNS:sailndream.com, DNS:sednasystem.fr, DNS:sexypornmom.com, DNS:sexypornteen.com, DNS:starelisearde.cf, DNS:taraduncan.ru, DNS:teenieporn.net, DNS:teenspornovideo.com, DNS:tv-live-xp.ru, DNS:younginporn.com, DNS:youngsexporn.pro
738. | Not valid before: 2017-06-27T00:00:00
739. |_Not valid after: 2018-01-03T23:59:59
740. 8080/tcp open http Cloudflare nginx
741. |_http-server-header: cloudflare-nginx
742. |_http-title: teenieporn.net | 521: Web server is down
743. 8443/tcp open ssl/http Cloudflare nginx
744. |_http-title: 400 The plain HTTP request was sent to HTTPS port
745. | ssl-cert: Subject: commonName=sni217184.cloudflaressl.com
746. | Subject Alternative Name: DNS:sni217184.cloudflaressl.com, DNS:*.ammomporn.pro, DNS:*.ampornvideo.com, DNS:*.asipornteens.com, DNS:*.bouvtkablirome.cf, DNS:*.celebritybeautypics.com, DNS:*.centgutlemota.gq, DNS:*.coahytergbyber.tk, DNS:*.enmenalanba.gq, DNS:*.freeteens-tube.com, DNS:*.freeteensvideo.net, DNS:*.ghetharhealthmingca.cf, DNS:*.hotmomporn.pro, DNS:*.inonnomocho.tk, DNS:*.inteenporn.com, DNS:*.inteensvideo.com, DNS:*.ltimgeoverquirob.ga, DNS:*.momsonporn.pro, DNS:*.pornomom.pro, DNS:*.pornoteenvideo.com, DNS:*.pornoteenxxx.net, DNS:*.pornoxxxteens.com, DNS:*.pornteensclips.com, DNS:*.proce2.net, DNS:*.sailndream.com, DNS:*.sednasystem.fr, DNS:*.sexypornmom.com, DNS:*.sexypornteen.com, DNS:*.starelisearde.cf, DNS:*.taraduncan.ru, DNS:*.teenieporn.net, DNS:*.teenspornovideo.com, DNS:*.tv-live-xp.ru, DNS:*.younginporn.com, DNS:*.youngsexporn.pro, DNS:ammomporn.pro, DNS:ampornvideo.com, DNS:asipornteens.com, DNS:bouvtkablirome.cf, DNS:celebritybeautypics.com, DNS:centgutlemota.gq, DNS:coahytergbyber.tk, DNS:enmenalanba.gq, DNS:freeteens-tube.com, DNS:freeteensvideo.net, DNS:ghetharhealthmingca.cf, DNS:hotmomporn.pro, DNS:inonnomocho.tk, DNS:inteenporn.com, DNS:inteensvideo.com, DNS:ltimgeoverquirob.ga, DNS:momsonporn.pro, DNS:pornomom.pro, DNS:pornoteenvideo.com, DNS:pornoteenxxx.net, DNS:pornoxxxteens.com, DNS:pornteensclips.com, DNS:proce2.net, DNS:sailndream.com, DNS:sednasystem.fr, DNS:sexypornmom.com, DNS:sexypornteen.com, DNS:starelisearde.cf, DNS:taraduncan.ru, DNS:teenieporn.net, DNS:teenspornovideo.com, DNS:tv-live-xp.ru, DNS:younginporn.com, DNS:youngsexporn.pro
747. | Not valid before: 2017-06-27T00:00:00
748. |_Not valid after: 2018-01-03T23:59:59
749. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
750. Device type: general purpose
751. Running (JUST GUESSING): Linux 3.X|2.6.X (88%)
752. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
753. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%)
754. No exact OS matches for host (test conditions non-ideal).
755. Network Distance: 8 hops
756.  
757. TRACEROUTE (using port 8080/tcp)
758. HOP RTT ADDRESS
759. 1 314.53 ms 10.13.0.1
760. 2 319.03 ms 37.187.24.252
761. 3 322.52 ms 178.33.103.229
762. 4 326.81 ms 10.95.33.8
763. 5 335.53 ms 91.121.215.177
764. 6 344.73 ms 37.187.36.214
765. 7 431.06 ms 195.42.144.143
766. 8 341.54 ms 104.24.98.72
767.  
768. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
769. Nmap done: 1 IP address (1 host up) scanned in 121.55 seconds
770.  
771. ######################################################################################################################################
772.  
773. amap -i temp.txt
774. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-20 06:32:11 - APPLICATION MAPPING mode
775.  
776. Protocol on 104.24.98.72:80/tcp matches http
777. Protocol on 104.24.98.72:443/tcp matches http
778. Protocol on 104.24.98.72:8443/tcp matches http
779. Protocol on 104.24.98.72:8080/tcp matches http
780. Protocol on 104.24.98.72:443/tcp matches ssl
781. Protocol on 104.24.98.72:8443/tcp matches ssl
782.  
783. Unidentified ports: none.
784.  
785. amap v5.4 finished at 2017-08-20 06:32:16
786.  
787.  
788. NetRange: 104.16.0.0 - 104.31.255.255
789. CIDR: 104.16.0.0/12
790. NetName: CLOUDFLARENET
791. NetHandle: NET-104-16-0-0-1
792. Parent: NET104 (NET-104-0-0-0-0)
793. NetType: Direct Assignment
794. OriginAS: AS13335
795. Organization: Cloudflare, Inc. (CLOUD14)
796. RegDate: 2014-03-28
797. Updated: 2017-02-17
798. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
799. Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
800.  
801.  
802.  
803. OrgName: Cloudflare, Inc.
804. OrgId: CLOUD14
805. Address: 101 Townsend Street
806. City: San Francisco
807. StateProv: CA
808. PostalCode: 94107
809. Country: US
810. RegDate: 2010-07-09
811. Updated: 2017-02-17
812. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
813. Ref: https://whois.arin.net/rest/org/CLOUD14
814.  
815.  
816. OrgTechHandle: ADMIN2521-ARIN
817. OrgTechName: Admin
818. OrgTechPhone: +1-650-319-8930
819. OrgTechEmail: admin@cloudflare.com
820. OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
821.  
822. OrgAbuseHandle: ABUSE2916-ARIN
823. OrgAbuseName: Abuse
824. OrgAbusePhone: +1-650-319-8930
825. OrgAbuseEmail: abuse@cloudflare.com
826. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
827.  
828. OrgNOCHandle: NOC11962-ARIN
829. OrgNOCName: NOC
830. OrgNOCPhone: +1-650-319-8930
831. OrgNOCEmail: noc@cloudflare.com
832. OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
833.  
834. RNOCHandle: NOC11962-ARIN
835. RNOCName: NOC
836. RNOCPhone: +1-650-319-8930
837. RNOCEmail: noc@cloudflare.com
838. RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
839.  
840. RTechHandle: ADMIN2521-ARIN
841. RTechName: Admin
842. RTechPhone: +1-650-319-8930
843. RTechEmail: admin@cloudflare.com
844. RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
845.  
846. RAbuseHandle: ABUSE2916-ARIN
847. RAbuseName: Abuse
848. RAbusePhone: +1-650-319-8930
849. RAbuseEmail: abuse@cloudflare.com
850. RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
851.  
852. www.teenieporn.net
853. IPv6 address #1: 2400:cb00:2048:1::6818:6248
854. IPv6 address #2: 2400:cb00:2048:1::6818:6348
855.  
856. www.teenieporn.net
857. IP address #1: 104.24.99.72
858. IP address #2: 104.24.98.72
859.  
860. [+] 2 (sub)domains and 4 IP address(es) found
861. [+] Hosts found in search engines:
862. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
863. [-] Resolving hostnames IPs...
864. 104.24.99.72:Www.teenieporn.net
865. 104.24.98.72:www.teenieporn.net
866. [+] Virtual hosts:
867. ==================
868. 104.24.99.72 IpnEn.prixmoinscher.com
869. 104.24.99.72 theveter.org
870. 104.24.99.72 mamecanique.com
871. 104.24.99.72 www.waterhouses
872. 104.24.99.72 www.algeriatourismawards
873. 104.24.99.72 nordichrct.org
874. 104.24.99.72 pasimm
875. 104.24.99.72 kisahafrakids.com
876. 104.24.99.72 www.diunduh.id
877. 104.24.99.72 filamfitnessforlife
878. 104.24.99.72 www.kafflbd.com
879. 104.24.99.72 www.bookshelfguys
880. 104.24.99.72 shopwatersports.site
881. 104.24.99.72 www.missionhillsranch
882. 104.24.99.72 veclajme.com
883. 104.24.99.72 www.secretivelaravel.com
884. 104.24.99.72 www.seocompanydehradun.in
885. 104.24.99.72 www.getswing.in
886. 104.24.99.72 www.palmswestperio.com
887. 104.24.99.72 www.authstar
888. 104.24.99.72 lecollecteur.xyz
889. 104.24.99.72 www.missionhillsranchoc.com
890. 104.24.99.72 www.girlswithnaturalhair.com
891. 104.24.99.72 pasimm.com
892. 104.24.99.72 www.smart
893. 104.24.99.72 www.waterhouses.com
894. 104.24.99.72 www.marshalloralsurgery.com
895. 104.24.99.72 www.bitrepository
896. 104.24.99.72 www.infusionlogisticsllc
897. 104.24.99.72 www.nmrglue.com
898. 104.24.99.72 mpetackle
899. 104.24.99.72 www.sitedechatenlignegratuit.xyz
900. 104.24.99.72 tamsuchiase.net
901. 104.24.99.72 carpetmarketone.com
902. 104.24.99.72 trkclk.xyz
903. 104.24.99.72 www.porouswalker.com
904. 104.24.99.72 www.whitebeartransport.com
905. 104.24.99.72 findlayyfc.org
906. 104.24.99.72 www.commentfer.fr
907. 104.24.99.72 www.longmontdomesticviolence.org
908. 104.24.99.72 www.desko.nl
909. 104.24.99.72 filamfitnessforlife.org
910. 104.24.99.72 samanthapress.com
911. 104.24.99.72 www.unitedfeather
912. 104.24.99.72 www.unitedfeather.com
913. 104.24.99.72 www.villafracanzanpiovene.com
914. 104.24.99.72 muslimananny.us
915. 104.24.99.72 www.obedientpaws.com
916. 104.24.99.72 www.cromo.com.au
917. 104.24.99.72 greenleaf.com.ua
918. 104.24.99.72 www.microless
919. 104.24.99.72 www.bookshelfguys.com
920. 104.24.99.72 www.smarttravel.store
921. 104.24.99.72 www.authstar.com
922. 104.24.99.72 filmovi.pl
923. 104.24.99.72 www.webdesignsolution.altervista.org
924. 104.24.99.72 innovativeshopblogger.club
925. 104.24.99.72 www.ringtonesgalore.co.uk
926. 104.24.99.72 www.sicherespasswort.rocks
927. 104.24.99.72 ilfalsodemetrio.com
928. 104.24.99.72 dom-kino.top
929. 104.24.99.72 www.lospueblosmasbonitos.net
930. 104.24.99.72 lojamybaby.com.br
931. 104.24.99.72 brunnbyec.se
932. 104.24.99.72 www.pritzzz.info
933. 104.24.98.72 www.whitebeartransport
934. 104.24.98.72 www.crushersgrinder.com
935. 104.24.98.72 www.girlswithnaturalhair
936. 104.24.98.72 www.veclajme.com
937. 104.24.98.72 samanthapress
938. 104.24.98.72 www.kafflbd.com
939. 104.24.98.72 www.infusionlogisticsllc
940. 104.24.98.72 carpetmarketone.com
941. 104.24.98.72 www.bitrepository.com
942. 104.24.98.72 bayuangora.com
943. 104.24.98.72 www.sitedechatenlignegratuit.xyz
944. 104.24.98.72 www.getswing.in
945. 104.24.98.72 www.unitedfeather.com
946. 104.24.98.72 mpetackle.com
947. 104.24.98.72 veclajme.com
948. 104.24.98.72 pasimm.com
949. 104.24.98.72 www.nmrglue
950. 104.24.98.72 findlayyfc.org
951. 104.24.98.72 nordichrct.org
952. 104.24.98.72 www.obedientpaws.com
953. 104.24.98.72 www.missionhillsranchoc.com
954. 104.24.98.72 www.authstar.com
955. 104.24.98.72 www.girlswithnaturalhair.com
956. 104.24.98.72 www.waterhouses
957. 104.24.98.72 autorepairmanuals.club
958. 104.24.98.72 yaxmobi
959. 104.24.98.72 www.gaigoihang.net
960. 104.24.98.72 www.whitebeartransport.com
961. 104.24.98.72 www.waterhouses.com
962. 104.24.98.72 overclocking
963. 104.24.98.72 samanthapress.com
964. 104.24.98.72 www.cromo
965. 104.24.98.72 corebet.com
966. 104.24.98.72 www.marshalloralsurgery.com
967. 104.24.98.72 www.porouswalker.com
968. 104.24.98.72 www.palmswestperio.com
969. 104.24.98.72 www.cromo.com.au
970. 104.24.98.72 www.villafracanzanpiovene.com
971. 104.24.98.72 www.longmontdomesticviolence.org
972. 104.24.98.72 hsxjhome.com
973. 104.24.98.72 www.desko.nl
974. 104.24.98.72 writingwriters
975. 104.24.98.72 greenleaf.com.ua
976. 104.24.98.72 vesmirtut.tk
977. 104.24.98.72 rosesschool
978. 104.24.98.72 www.railroadlocomodels.com
979. 104.24.98.72 lojamybaby.com.br
980. 104.24.98.72 www.ringtonesgalore.co.uk
981. 104.24.98.72 dom-kino.top
982. 104.24.98.72 www.normalerrohre.bid
983. 104.24.98.72 www.motocyklerozrywka.info
984. 104.24.98.72 cuttacksuperreport.tk
985. 104.24.98.72 www.webdesignsolution.altervista.org
986. 104.24.98.72 pralem.pt
987. 104.24.98.72 vip.autolikerbrasil.com.br
988. 104.24.98.72 www.lospueblosmasbonitos.net
989. 104.24.98.72 pss-16.ru
990. 104.24.98.72 dothanteambuilding.com
991. 104.24.98.72 damebeger.no
992. 104.24.98.72 brunnbyec.se
993. 104.24.98.72 mobiletechsolutions
994. 104.24.98.72 www.commentfer.fr
995. 104.24.98.72 IpnEn.prixmoinscher.com
996. ----- teenieporn.net -----
997.  
998.  
999. Host's addresses:
1000. __________________
1001.  
1002. teenieporn.net. 253 IN A 104.24.99.72
1003. teenieporn.net. 253 IN A 104.24.98.72
1004.  
1005.  
1006. Name Servers:
1007. ______________
1008.  
1009. lady.ns.cloudflare.com. 712 IN A 173.245.58.127
1010. hugh.ns.cloudflare.com. 82203 IN A 173.245.59.117
1011.  
1012.  
1013. Mail (MX) Servers:
1014. ___________________
1015.  
1016.  
1017.  
1018. Trying Zone Transfers and getting Bind Versions:
1019. ___------------------------------------------------------------------------------------------------------------------------------------
1020. + Target IP: 104.24.99.72
1021. + Target Hostname: teenieporn.net
1022. + Target Port: 80
1023. + Start Time: 2017-08-20 14:35:12 (GMT-4)
1024. ---------------------------------------------------------------------------------------------------------------------------------------
1025. + Server: cloudflare-nginx
1026. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1027. + Uncommon header 'cf-ray' found, with contents: 39177380745b08e4-CDG
1028. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1029. + All CGI directories 'found', use '-C none' to test none
1030. + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
1031.  
1032. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
1033. + Scan terminated: 20 error(s) and 3 item(s) reported on remote host
1034. + End Time: 2017-08-20 16:11:02 (GMT-4) (5750 seconds)
1035. ---------------------------------------------------------------------------------------------------------------------------------------
1036. ______________________________________________
1037. Hostname www.pretty-youngs.biz ISP Quasi Networks LTD. (AS29073)
1038. Continent Africa Flag
1039. SC
1040. Country Seychelles Country Code SC (SYC)
1041. Region Unknown Local time 20 Aug 2017 22:54 +04
1042. City Unknown Latitude -4.583
1043. IP Address 94.102.48.34 Longitude 55.667
1044. pretty-youngs.biz
1045.  
1046. ######################################################################################################################################
1047.  
1048. whois pretty-youngs.biz
1049. Domain Name: PRETTY-YOUNGS.BIZ
1050. Domain ID: D42665769-BIZ
1051. Sponsoring Registrar: ENOM, LLC
1052. Sponsoring Registrar IANA ID: 48
1053. Registrar URL (registration services): whois.enom.com
1054. Domain Status: clientTransferProhibited
1055. Registrant ID: 8C86D9920FA58007
1056. Registrant Name: Mike Zeleznick
1057. Registrant Organization: -
1058. Registrant Address1: Headquarters 2055
1059. Registrant City: Ogden
1060. Registrant State/Province: UT
1061. Registrant Postal Code: 84217
1062. Registrant Country: United States
1063. Registrant Country Code: US
1064. Registrant Phone Number: +1.8013411638
1065. Registrant Email: lavashin56@gmail.com
1066. Administrative Contact ID: 8C86D9920FA58007
1067. Administrative Contact Name: Mike Zeleznick
1068. Administrative Contact Organization: -
1069. Administrative Contact Address1: Headquarters 2055
1070. Administrative Contact City: Ogden
1071. Administrative Contact State/Province: UT
1072. Administrative Contact Postal Code: 84217
1073. Administrative Contact Country: United States
1074. Administrative Contact Country Code: US
1075. Administrative Contact Phone Number: +1.8013411638
1076. Administrative Contact Email: lavashin56@gmail.com
1077. Billing Contact ID: 8C86D9920FA58007
1078. Billing Contact Name: Mike Zeleznick
1079. Billing Contact Organization: -
1080. Billing Contact Address1: Headquarters 2055
1081. Billing Contact City: Ogden
1082. Billing Contact State/Province: UT
1083. Billing Contact Postal Code: 84217
1084. Billing Contact Country: United States
1085. Billing Contact Country Code: US
1086. Billing Contact Phone Number: +1.8013411638
1087. Billing Contact Email: lavashin56@gmail.com
1088. Technical Contact ID: 8C86D9920FA58007
1089. Technical Contact Name: Mike Zeleznick
1090. Technical Contact Organization: -
1091. Technical Contact Address1: Headquarters 2055
1092. Technical Contact City: Ogden
1093. Technical Contact State/Province: UT
1094. Technical Contact Postal Code: 84217
1095. Technical Contact Country: United States
1096. Technical Contact Country Code: US
1097. Technical Contact Phone Number: +1.8013411638
1098. Technical Contact Email: lavashin56@gmail.com
1099. Name Server: DNS5.NAME-SERVICES.COM
1100. Name Server: DNS4.NAME-SERVICES.COM
1101. Name Server: DNS3.NAME-SERVICES.COM
1102. Name Server: DNS2.NAME-SERVICES.COM
1103. Name Server: DNS1.NAME-SERVICES.COM
1104. Created by Registrar: ENOM, LLC
1105. Last Updated by Registrar: ENOM, LLC
1106. Domain Registration Date: Thu Dec 09 11:31:11 GMT 2010
1107. Domain Expiration Date: Fri Dec 08 23:59:59 GMT 2017
1108. Domain Last Updated Date: Sat Mar 11 00:55:17 GMT 2017
1109. IN ANY
1110.  
1111. ;; ANSWER SECTION:
1112. pretty-youngs.biz. 1793 IN A 94.102.48.34
1113. pretty-youngs.biz. 3596 IN NS dns1.name-services.com.
1114. pretty-youngs.biz. 3596 IN NS dns2.name-services.com.
1115. pretty-youngs.biz. 3596 IN NS dns3.name-services.com.
1116. pretty-youngs.biz. 3596 IN NS dns5.name-services.com.
1117. pretty-youngs.biz. 3596 IN NS dns4.name-services.com.
1118.  
1119. ;; Query time: 8 msec
1120. ;; SERVER: 192.168.1.254#53(192.168.1.254)
1121. ;; WHEN: Sun Aug 20 14:38:07 EDT 2017
1122. ;; MSG SIZE rcvd: 174
1123.  
1124. ######################################################################################################################################
1125.  
1126.  
1127. traceroute -T -O info -i eth0 pretty-youngs.biz
1128. traceroute to pretty-youngs.biz (94.102.48.34), 30 hops max, 60 byte packets
1129. 1 gateway (192.168.1.254) 0.567 ms 0.750 ms 0.907 ms
1130. 2 10.135.18.1 (10.135.18.1) 11.128 ms 11.876 ms 15.361 ms
1131. 3 75.154.223.222 (75.154.223.222) 32.854 ms 32.938 ms 33.022 ms
1132. 4 lag-113.ear3.NewYork1.Level3.net (4.15.212.245) 95.618 ms 95.775 ms 95.934 ms
1133. 5 ae-240-3616.edge6.Amsterdam1.Level3.net (4.69.162.254) 104.504 ms 104.848 ms 104.981 ms
1134. 6 * * *
1135. 7 no-reverse-dns-configured.com (94.102.48.34) <syn,ack> 103.479 ms 103.621 ms 103.974 ms
1136.  
1137. ######################################################################################################################################
1138.  
1139.  
1140.  
1141. Checking for HTTP-Loadbalancing [Date]: 16:38:08, 16:38:08, 16:38:09, 16:38:09, 16:38:10, 16:38:10, 16:38:11, 16:38:11, 16:38:12, 16:38:13, 16:38:13, 16:38:14, 16:38:14, 16:38:15, 16:38:15, 16:38:16, 16:38:16, 16:38:17, 16:38:17, 16:38:18, 16:38:18, 16:38:19, 16:38:20, 16:38:20, 16:38:21, 16:38:21, 16:38:22, 16:38:22, 16:38:23, 16:38:23, 16:38:24, 16:38:24, 16:38:25, 16:38:25, 16:38:26, 16:38:26, 16:38:27, 16:38:27, 16:38:28, 16:38:29, 16:38:29, 16:38:29, 16:38:30, 16:38:31, 16:38:31, 16:38:32, 16:38:32, 16:38:32, 16:38:33, 16:38:33, NOT FOUND
1142.  
1143. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
1144.  
1145. pretty-youngs.biz does NOT use Load-balancing.
1146.  
1147. ######################################################################################################################################
1148.  
1149.  
1150. ######################################################################################################################################
1151.  
1152. nmap -PN -n -F -T4 -sV -A -oG temp.txt pretty-youngs.biz
1153.  
1154. Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-20 14:40 EDT
1155. Nmap scan report for pretty-youngs.biz (94.102.48.34)
1156. Host is up (0.20s latency).
1157. Not shown: 84 closed ports
1158. PORT STATE SERVICE VERSION
1159. 21/tcp filtered ftp
1160. 22/tcp filtered ssh
1161. 25/tcp filtered smtp
1162. 53/tcp open domain ISC BIND 9.8.2rc1
1163. | dns-nsid:
1164. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4
1165. 80/tcp open http nginx 1.12.1
1166. |_http-server-header: nginx/1.12.1
1167. |_http-title: Did not follow redirect to http://www.pretty-youngs.biz/new.html
1168. 81/tcp filtered hosts2-ns
1169. 110/tcp open pop3 Dovecot pop3d
1170. | ssl-cert: Subject: commonName=imap.example.com
1171. | Not valid before: 2015-06-12T12:04:14
1172. |_Not valid after: 2016-06-11T12:04:14
1173. |_ssl-date: 2017-08-20T16:39:28+00:00; -2h01m06s from scanner time.
1174. 135/tcp filtered msrpc
1175. 139/tcp filtered netbios-ssn
1176. 143/tcp open imap Dovecot imapd
1177. |_imap-capabilities: IDLE ENABLE completed LITERAL+ AUTH=LOGIN AUTH=CRAM-MD5A0001 SASL-IR AUTH=PLAIN Capability AUTH=DIGEST-MD5 STARTTLS LOGIN-REFERRALS IMAP4rev1 OK ID
1178. | ssl-cert: Subject: commonName=imap.example.com
1179. | Not valid before: 2015-06-12T12:04:14
1180. |_Not valid after: 2016-06-11T12:04:14
1181. |_ssl-date: 2017-08-20T16:39:27+00:00; -2h01m07s from scanner time.
1182. 445/tcp filtered microsoft-ds
1183. 465/tcp filtered smtps
1184. 587/tcp filtered submission
1185. 993/tcp open ssl/imap Dovecot imapd
1186. | ssl-cert: Subject: commonName=imap.example.com
1187. | Not valid before: 2015-06-12T12:04:14
1188. |_Not valid after: 2016-06-11T12:04:14
1189. |_ssl-date: 2017-08-20T16:39:23+00:00; -2h01m07s from scanner time.
1190. 995/tcp open ssl/pop3 Dovecot pop3d
1191. | ssl-cert: Subject: commonName=imap.example.com
1192. | Not valid before: 2015-06-12T12:04:14
1193. |_Not valid after: 2016-06-11T12:04:14
1194. |_ssl-date: 2017-08-20T16:39:22+00:00; -2h01m07s from scanner time.
1195. 3306/tcp open mysql MySQL (unauthorized)
1196. Aggressive OS guesses: Linux 2.6.39 (99%), Linux 2.6.32 (95%), WatchGuard Fireware 11.8 (95%), Synology DiskStation Manager 5.1 (94%), Linux 3.10 (94%), Linux 2.6.32 or 3.10 (94%), Linux 3.4 (94%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 - 2.6.39 (93%), Linux 3.2 - 3.8 (91%)
1197. No exact OS matches for host (test conditions non-ideal).
1198. Network Distance: 10 hops
1199. Service Info: OS: Red Hat Enterprise Linux 6; CPE: cpe:/o:redhat:enterprise_linux:6
1200.  
1201. Host script results:
1202. |_clock-skew: mean: -2h01m06s, deviation: 0s, median: -2h01m07s
1203.  
1204. TRACEROUTE (using port 199/tcp)
1205. HOP RTT ADDRESS
1206. 1 138.20 ms 10.13.0.1
1207. 2 152.92 ms 37.187.24.252
1208. 3 142.69 ms 178.33.103.229
1209. 4 147.16 ms 10.95.33.8
1210. 5 156.67 ms 213.186.32.213
1211. 6 ...
1212. 7 169.68 ms 176.10.83.128
1213. 8 165.21 ms 176.10.83.119
1214. 9 ...
1215. 10 162.71 ms 94.102.48.34
1216.  
1217. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1218. Nmap done: 1 IP address (1 host up) scanned in 36.51 seconds
1219.  
1220. ######################################################################################################################################
1221.  
1222. amap -i temp.txt
1223. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-20 14:40:41 - APPLICATION MAPPING mode
1224.  
1225. Protocol on 94.102.48.34:80/tcp matches http
1226. Protocol on 94.102.48.34:80/tcp matches http-apache-2
1227. Protocol on 94.102.48.34:110/tcp matches pop3
1228. Protocol on 94.102.48.34:3306/tcp matches mysql
1229. Protocol on 94.102.48.34:3306/tcp matches mysql-secured
1230. Protocol on 94.102.48.34:143/tcp matches imap
1231. Protocol on 94.102.48.34:993/tcp matches ssl
1232. Protocol on 94.102.48.34:995/tcp matches ssl
1233. Protocol on 94.102.48.34:53/tcp matches dns
1234.  
1235. Unidentified ports: none.
1236.  
1237. amap v5.4 finished at 2017-08-20 14:40:59
1238.  
1239.  
1240. inetnum: 94.102.48.0 - 94.102.48.150
1241. netname: SC-QUASI58
1242. descr: QUASI
1243. country: SC
1244. org: ORG-QNL3-RIPE
1245. admin-c: QNL1-RIPE
1246. tech-c: QNL1-RIPE
1247. status: ASSIGNED PA
1248. mnt-by: QUASINETWORKS-MNT
1249. mnt-lower: QUASINETWORKS-MNT
1250. mnt-routes: QUASINETWORKS-MNT
1251. created: 2011-05-07T22:25:22Z
1252. last-modified: 2016-01-23T22:29:27Z
1253. source: RIPE
1254.  
1255. organisation: ORG-QNL3-RIPE
1256. org-name: Quasi Networks LTD.
1257. org-type: OTHER
1258. address: Suite 1, Second Floor
1259. address: Sound & Vision House, Francis Rachel Street
1260. address: Victoria, Mahe, SEYCHELLES
1261. remarks: *****************************************************************************
1262. remarks: IMPORTANT INFORMATION
1263. remarks: *****************************************************************************
1264. remarks: We are a high bandwidth network provider offering bandwidth solutions.
1265. remarks: Government agencies can sent their requests to gov.request@quasinetworks.com
1266. remarks: Please only use abuse@quasinetworks.com for abuse reports.
1267. remarks: For all other requests, please see the details on our website.
1268. remarks: *****************************************************************************
1269. abuse-mailbox: abuse@quasinetworks.com
1270. abuse-c: AR34302-RIPE
1271. mnt-ref: QUASINETWORKS-MNT
1272. mnt-by: QUASINETWORKS-MNT
1273. created: 2015-11-08T22:25:26Z
1274. last-modified: 2015-11-27T09:37:50Z
1275. source: RIPE # Filtered
1276.  
1277. role: Quasi Networks LTD
1278. address: Suite 1, Second Floor
1279. address: Sound & Vision House, Francis Rachel Street
1280. address: Victoria, Mahe, SEYCHELLES
1281. remarks: *****************************************************************************
1282. remarks: IMPORTANT INFORMATION
1283. remarks: *****************************************************************************
1284. remarks: We are a high bandwidth network provider offering bandwidth solutions.
1285. remarks: Government agencies can sent their requests to gov.request@quasinetworks.com
1286. remarks: Please only use abuse@quasinetworks.com for abuse reports.
1287. remarks: For all other requests, please see the details on our website.
1288. remarks: *****************************************************************************
1289. abuse-mailbox: abuse@quasinetworks.com
1290. nic-hdl: QNL1-RIPE
1291. mnt-by: QUASINETWORKS-MNT
1292. created: 2015-11-07T22:43:04Z
1293. last-modified: 2015-11-07T23:04:49Z
1294. source: RIPE # Filtered
1295.  
1296. % Information related to '94.102.48.0/20AS29073'
1297.  
1298. route: 94.102.48.0/20
1299. descr: Quasi Networks LTD (IBC)
1300. origin: AS29073
1301. mnt-by: QUASINETWORKS-MNT
1302. created: 2008-09-02T11:55:23Z
1303. last-modified: 2016-01-23T22:40:05Z
1304. source: RIPE
1305.  
1306. % This query was served by the RIPE Database Query Service version 1.89.2 (HEREFORD)
1307. [+] using maximum random delay of 10 millisecond(s) between requests
1308.  
1309. b.pretty-youngs.biz
1310. IP address #1: 94.102.52.195
1311.  
1312. www.pretty-youngs.biz
1313. IP address #1: 94.102.48.34
1314.  
1315. [+] 2 (sub)domains and 2 IP address(es) found
1316.  
1317. [+] Hosts found in search engines:
1318. ------------------------------------
1319. [-] Resolving hostnames IPs...
1320. 94.102.48.34:Www.pretty-youngs.biz
1321. 94.102.52.195:b.pretty-youngs.biz
1322. 94.102.48.34:www.pretty-youngs.biz
1323. [+] Virtual hosts:
1324. ==================
1325. 94.102.48.34 pretty-youngs.biz
1326. 94.102.48.34 www.cute-models.name
1327. 94.102.48.34 top.top-dolls.net
1328. 94.102.48.34 add.top-dolls.net
1329. 94.102.48.34 www.prix.net
1330. 94.102.48.34 CombiEnregistreur.prixmoinscher.com
1331. 94.102.48.34 www.commentfer.fr
1332.  
1333. ----- pretty-youngs.biz -----
1334.  
1335.  
1336. Host's addresses:
1337. __________________
1338.  
1339. pretty-youngs.biz. 1797 IN A 94.102.48.34
1340.  
1341.  
1342. Name Servers:
1343. ______________
1344.  
1345. dns5.name-services.com. 3600 IN A 162.88.61.41
1346. dns1.name-services.com. 3600 IN A 162.88.61.23
1347. dns3.name-services.com. 3600 IN A 162.88.61.39
1348. dns2.name-services.com. 3600 IN A 162.88.60.23
1349. dns4.name-services.com. 3600 IN A 162.88.60.39
1350.  
1351.  
1352. Mail (MX) Servers:
1353. ___________________
1354.  
1355.  
1356.  
1357. Trying Zone Transfers and getting Bind Versions:
1358. _________________________________________________
1359. - Nikto v2.1.6
1360. ---------------------------------------------------------------------------------------------------------------------------------------
1361. + Target IP: 94.102.48.34
1362. + Target Hostname: pretty-youngs.biz
1363. + Target Port: 80
1364. + Start Time: 2017-08-20 14:38:01 (GMT-4)
1365. ---------------------------------------------------------------------------------------------------------------------------------------
1366. + Server: nginx/1.12.1
1367. + The anti-clickjacking X-Frame-Options header is not present.
1368. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1369. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1370. + Root page / redirects to: http://www.pretty-youngs.biz/new.html
1371. + Server leaks inodes via ETags, header found with file /favicon.ico, inode: 21898235, size: 0, mtime: Sat Jun 13 23:10:33 2015
1372. + OSVDB-3092: /manager/: May be a web server or site manager.
1373. + OSVDB-3268: /icons/: Directory indexing found.
1374. + OSVDB-3233: /icons/README: Apache default file found.
1375. + Retrieved x-powered-by header: PHP/5.3.3
1376. + /myadmin/: Admin login page/section found.
1377. + 8262 requests: 1 error(s) and 9 item(s) reported on remote host
1378. + End Time: 2017-08-20 15:17:43 (GMT-4) (2382 seconds)
1379. ---------------------------------------------------------------------------
1380. Hostname rose.modelsartcenter.com ISP Quasi Networks LTD. (AS29073)
1381. Continent Africa Flag
1382. SC
1383. Country Seychelles Country Code SC (SYC)
1384. Region Unknown Local time 21 Aug 2017 00:49 +04
1385. City Unknown Latitude -4.583
1386. IP Address 94.102.55.194 Longitude 55.667
1387. rose.modelsartcenter.com
1388.  
1389. ######################################################################################################################################
1390.  
1391. dig rose.modelsartcenter.com any
1392.  
1393. ; <<>> DiG 9.10.3-P4-Debian <<>> rose.modelsartcenter.com any
1394. ;; global options: +cmd
1395. ;; Got answer:
1396. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6613
1397. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
1398.  
1399. ;; OPT PSEUDOSECTION:
1400. ; EDNS: version: 0, flags:; udp: 4096
1401. ;; QUESTION SECTION:
1402. ;rose.modelsartcenter.com. IN ANY
1403.  
1404. ;; ANSWER SECTION:
1405. rose.modelsartcenter.com. 511 IN A 94.102.55.194
1406.  
1407. ;; Query time: 8 msec
1408. ;; SERVER: 192.168.1.254#53(192.168.1.254)
1409. ;; WHEN: Sun Aug 20 16:52:48 EDT 2017
1410. ;; MSG SIZE rcvd: 69
1411.  
1412.  
1413.  
1414. ######################################################################################################################################
1415.  
1416. tcptraceroute -i eth0 rose.modelsartcenter.com
1417.  
1418. Running:
1419. traceroute -T -O info -i eth0 rose.modelsartcenter.com
1420. traceroute to rose.modelsartcenter.com (94.102.55.194), 30 hops max, 60 byte packets
1421. 1 gateway (192.168.1.254) 0.465 ms 0.712 ms 0.933 ms
1422. 2 10.135.18.1 (10.135.18.1) 7.433 ms 7.808 ms 8.074 ms
1423. 3 75.154.223.222 (75.154.223.222) 30.001 ms 29.901 ms 30.103 ms
1424. 4 * * *
1425. 5 ae-237-3613.edge6.Amsterdam1.Level3.net (4.69.162.242) 104.900 ms 104.984 ms 105.098 ms
1426. 6 * * *
1427. 7 stark2-ip7.idfnv.net (94.102.55.194) <syn,ack> 103.962 ms 103.804 ms 104.385 ms
1428.  
1429.  
1430. Checking for HTTP-Loadbalancing [Date]: 20:51:52, 20:51:52, 20:51:52, 20:51:53, 20:51:53, 20:51:53, 20:51:54, 20:51:54, 20:51:54, 20:51:55, 20:51:55, 20:51:55, 20:51:56, 20:51:56, 20:51:56, 20:51:56, 20:51:57, 20:51:57, 20:51:58, 20:51:58, 20:51:58, 20:51:59, 20:51:59, 20:51:59, 20:51:59, 20:52:00, 20:52:00, 20:52:00, 20:52:00, 20:52:01, 20:52:01, 20:52:01, 20:52:01, 20:52:02, 20:52:02, 20:52:02, 20:52:03, 20:52:03, 20:52:03, 20:52:03, 20:52:04, 20:52:04, 20:52:04, 20:52:04, 20:52:05, 20:52:05, 20:52:05, 20:52:05, 20:52:06, 20:52:06, NOT FOUND
1431.  
1432. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
1433.  
1434. rose.modelsartcenter.com does NOT use Load-balancing.
1435.  
1436.  
1437.  
1438.  
1439. ######################################################################################################################################
1440. nmap -PN -n -F -T4 -sV -A -oG temp.txt rose.modelsartcenter.com
1441.  
1442. Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-20 16:53 EDT
1443. Nmap scan report for rose.modelsartcenter.com (94.102.55.194)
1444. Host is up (2.6s latency).
1445. Not shown: 62 closed ports, 36 filtered ports
1446. PORT STATE SERVICE VERSION
1447. 80/tcp open http Apache httpd 2.2.15 ((CentOS))
1448. |_http-title: Rose model. Preteen models paradise.
1449. 443/tcp open ssl/https?
1450. |_http-title: Apache HTTP Server Test Page powered by CentOS
1451. | ssl-cert: Subject: commonName=b08s04/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
1452. | Not valid before: 2016-01-05T16:28:07
1453. |_Not valid after: 2017-01-04T16:28:07
1454. |_ssl-date: 2017-08-20T20:53:32+00:00; -1m26s from scanner time.
1455. Device type: general purpose
1456. Running (JUST GUESSING): Linux 2.6.X (86%)
1457. OS CPE: cpe:/o:linux:linux_kernel:2.6.39
1458. Aggressive OS guesses: Linux 2.6.39 (86%)
1459. No exact OS matches for host (test conditions non-ideal).
1460. Network Distance: 11 hops
1461.  
1462. Host script results:
1463. |_clock-skew: mean: -1m27s, deviation: 0s, median: -1m27s
1464.  
1465. TRACEROUTE (using port 9999/tcp)
1466. HOP RTT ADDRESS
1467. 1 4387.09 ms 10.13.0.1
1468. 2 ...
1469. 3 4391.54 ms 178.33.103.231
1470. 4 4396.04 ms 10.95.33.10
1471. 5 ... 8
1472. 9 5039.61 ms 176.10.83.119
1473. 10 ...
1474. 11 3480.99 ms 94.102.55.194
1475.  
1476. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1477. Nmap done: 1 IP address (1 host up) scanned in 91.86 seconds
1478.  
1479. ######################################################################################################################################
1480.  
1481. amap -i temp.txt
1482. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-20 16:55:17 - APPLICATION MAPPING mode
1483.  
1484. Protocol on 94.102.55.194:80/tcp matches http
1485. Protocol on 94.102.55.194:80/tcp matches http-apache-2
1486. Protocol on 94.102.55.194:443/tcp matches ntp
1487. Protocol on 94.102.55.194:443/tcp matches ssl
1488. Protocol on 94.102.55.194:443/tcp matches http
1489. Protocol on 94.102.55.194:443/tcp matches http-apache-2
1490. 55.255
1491. netname: SC-QUASI64
1492. descr: QUASI
1493. country: SC
1494. org: ORG-QNL3-RIPE
1495. admin-c: QNL1-RIPE
1496. tech-c: QNL1-RIPE
1497. status: ASSIGNED PA
1498. mnt-by: QUASINETWORKS-MNT
1499. mnt-lower: QUASINETWORKS-MNT
1500. mnt-routes: QUASINETWORKS-MNT
1501. created: 2009-08-13T00:17:48Z
1502. last-modified: 2016-01-23T22:34:29Z
1503. source: RIPE
1504.  
1505. organisation: ORG-QNL3-RIPE
1506. org-name: Quasi Networks LTD.
1507. org-type: OTHER
1508. address: Suite 1, Second Floor
1509. address: Sound & Vision House, Francis Rachel Street
1510. address: Victoria, Mahe, SEYCHELLES
1511. remarks: *****************************************************************************
1512. remarks: IMPORTANT INFORMATION
1513. remarks: *****************************************************************************
1514. remarks: We are a high bandwidth network provider offering bandwidth solutions.
1515. remarks: Government agencies can sent their requests to gov.request@quasinetworks.com
1516. remarks: Please only use abuse@quasinetworks.com for abuse reports.
1517. remarks: For all other requests, please see the details on our website.
1518. remarks: *****************************************************************************
1519. abuse-mailbox: abuse@quasinetworks.com
1520. abuse-c: AR34302-RIPE
1521. mnt-ref: QUASINETWORKS-MNT
1522. mnt-by: QUASINETWORKS-MNT
1523. created: 2015-11-08T22:25:26Z
1524. last-modified: 2015-11-27T09:37:50Z
1525. source: RIPE # Filtered
1526.  
1527. role: Quasi Networks LTD
1528. address: Suite 1, Second Floor
1529. address: Sound & Vision House, Francis Rachel Street
1530. address: Victoria, Mahe, SEYCHELLES
1531. remarks: *****************************************************************************
1532. remarks: IMPORTANT INFORMATION
1533. remarks: *****************************************************************************
1534. remarks: We are a high bandwidth network provider offering bandwidth solutions.
1535. remarks: Government agencies can sent their requests to gov.request@quasinetworks.com
1536. remarks: Please only use abuse@quasinetworks.com for abuse reports.
1537. remarks: For all other requests, please see the details on our website.
1538. remarks: *****************************************************************************
1539. abuse-mailbox: abuse@quasinetworks.com
1540. nic-hdl: QNL1-RIPE
1541. mnt-by: QUASINETWORKS-MNT
1542. created: 2015-11-07T22:43:04Z
1543. last-modified: 2015-11-07T23:04:49Z
1544. source: RIPE # Filtered
1545.  
1546. % Information related to '94.102.48.0/20AS29073'
1547.  
1548. route: 94.102.48.0/20
1549. descr: Quasi Networks LTD (IBC)
1550. origin: AS29073
1551. mnt-by: QUASINETWORKS-MNT
1552. created: 2008-09-02T11:55:23Z
1553. last-modified: 2016-01-23T22:40:05Z
1554. source: RIPE
1555.  
1556. % This query was served by the RIPE Database Query Service version 1.89.2 (ANGUS)
1557.  
1558.  
1559. ----- rose.modelsartcenter.com -----
1560.  
1561.  
1562. Host's addresses:
1563. __________________
1564.  
1565. rose.modelsartcenter.com. 512 IN A 94.102.55.194
1566.  
1567.  
1568. Name Servers:
1569. ______________
1570.  
1571. ---------------------------------------------------------------------------------------------------------------------------------------
1572. + Target IP: 94.102.55.194
1573. + Target Hostname: rose.modelsartcenter.com
1574. + Target Port: 80
1575. + Start Time: 2017-08-20 16:52:58 (GMT-4)
1576. ---------------------------------------------------------------------------------------------------------------------------------------
1577. + Server: Apache/2.2.15 (CentOS)
1578. + Retrieved x-powered-by header: PHP/5.3.3
1579. + The anti-clickjacking X-Frame-Options header is not present.
1580. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1581. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1582. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
1583. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
1584. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
1585. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
1586. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
1587. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
1588. + OSVDB-3268: /icons/: Directory indexing found.
1589. + Server leaks inodes via ETags, header found with file /icons/README, inode: 41092339, size: 5108, mtime: Tue Aug 28 06:48:10 2007
1590. + OSVDB-3233: /icons/README: Apache default file found.
1591. + 8321 requests: 3 error(s) and 13 item(s) reported on remote host
1592. + End Time: 2017-08-20 17:48:14 (GMT-4) (3316 seconds)
1593. ---------------------------------------------------------------------------------------------------------------------------------------
1594. + 1 host(s) tested
1595. Hostname justlittlestars.com ISP Unknown
1596. Continent Unknown Flag
1597. US
1598. Country United States Country Code US
1599. Region Unknown Local time 20 Aug 2017 17:43 CDT
1600. City Unknown Latitude 37.751
1601. IP Address (IPv6) 2400:cb00:2048:1::6812:3460 Longitude -97.822
1602.  
1603. justlittlestars.com
1604.  
1605. ######################################################################################################################################
1606.  
1607. whois justlittlestars.com
1608. Domain Name: JUSTLITTLESTARS.COM
1609. Registry Domain ID: 1700558925_DOMAIN_COM-VRSN
1610. Registrar WHOIS Server: whois.directnic.com
1611. Registrar URL: http://www.directnic.com
1612. Updated Date: 2017-02-20T19:33:19Z
1613. Creation Date: 2012-02-05T14:58:58Z
1614. Registry Expiry Date: 2018-02-05T14:58:58Z
1615. Registrar: DNC Holdings, Inc.
1616. Registrar IANA ID: 291
1617. Registrar Abuse Contact Email:
1618. Registrar Abuse Contact Phone:
1619. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
1620. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
1621. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
1622. Name Server: ADA.NS.CLOUDFLARE.COM
1623. Name Server: JONAH.NS.CLOUDFLARE.COM
1624. DNSSEC: unsigned
1625.  
1626. Domain Name: JUSTLITTLESTARS.COM
1627. Registry Domain ID: 1700558925_DOMAIN_COM-VRSN
1628. Registrar WHOIS Server: whois.directnic.com
1629. Registrar URL: http://www.directnic.com
1630. Updated Date: 2017-02-20T19:33:19-06:00
1631. Creation Date: 2012-02-05T14:58:58-06:00
1632. Registrar Registration Expiration Date: 2018-02-05T14:58:58-06:00
1633. Registrar: DNC Holdings, Inc.
1634. Sponsoring Registrar IANA ID: 291
1635. Registrar Abuse Contact Email: abuse@directnic.com
1636. Registrar Abuse Contact Phone: +1.8778569598
1637. Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
1638. Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
1639. Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
1640. Domain Status: transferPeriod (https://www.icann.org/epp#transferPeriod)
1641. Registrant Name: Andrew Kornilov
1642. Registrant Organization: person
1643. Registrant Street: 127/1 Schorsa Str
1644. Registrant City: Odessa
1645. Registrant State/Province: Odessa Oblast
1646. Registrant Postal Code: 65036
1647. Registrant Country: UA
1648. Registrant Phone: +380.380674830000
1649. Registrant Phone Ext:
1650. Registrant Fax:
1651. Registrant Fax Ext:
1652. Registrant Email: webmaster@hotglamworld.com
1653. Admin Name: Andrew Kornilov
1654. Admin Organization: person
1655. Admin Street: 127/1 Schorsa Str
1656. Admin City: Odessa
1657. Admin State/Province: Odessa Oblast
1658. Admin Postal Code: 65036
1659. Admin Country: UA
1660. Admin Phone: +380.380674830000
1661. Admin Phone Ext:
1662. Admin Fax:
1663. Admin Fax Ext:
1664. Admin Email: webmaster@hotglamworld.com
1665. Tech Name: Andrew Kornilov
1666. Tech Organization: person
1667. Tech Street: 127/1 Schorsa Str
1668. Tech City: Odessa
1669. Tech State/Province: Odessa Oblast
1670. Tech Postal Code: 65036
1671. Tech Country: UA
1672. Tech Phone: +380.380674830000
1673. Tech Phone Ext:
1674. Tech Fax:
1675. Tech Fax Ext:
1676. Tech Email: webmaster@hotglamworld.com
1677. Name Server: ADA.NS.CLOUDFLARE.COM
1678. Name Server: JONAH.NS.CLOUDFLARE.COM
1679.  
1680. ######################################################################################################################################
1681.  
1682. dig justlittlestars.com any
1683.  
1684. ; <<>> DiG 9.10.3-P4-Debian <<>> justlittlestars.com any
1685. ;; global options: +cmd
1686. ;; Got answer:
1687. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28014
1688. ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
1689.  
1690. ;; OPT PSEUDOSECTION:
1691. ; EDNS: version: 0, flags:; udp: 4096
1692. ;; QUESTION SECTION:
1693. ;justlittlestars.com. IN ANY
1694.  
1695. ;; ANSWER SECTION:
1696. justlittlestars.com. 299 IN A 104.18.52.96
1697. justlittlestars.com. 299 IN A 104.18.53.96
1698. justlittlestars.com. 3449 IN NS ada.ns.cloudflare.com.
1699. justlittlestars.com. 3449 IN NS jonah.ns.cloudflare.com.
1700.  
1701. ;; Query time: 8 msec
1702. ;; SERVER: 192.168.1.254#53(192.168.1.254)
1703. ;; WHEN: Sun Aug 20 18:42:53 EDT 2017
1704. ;; MSG SIZE rcvd: 132
1705.  
1706.  
1707. tcptraceroute -i eth0 justlittlestars.com
1708.  
1709. Running:
1710. traceroute -T -O info -i eth0 justlittlestars.com
1711. traceroute to justlittlestars.com (104.18.53.96), 30 hops max, 60 byte packets
1712. 1 gateway (192.168.1.254) 0.516 ms 0.719 ms 0.897 ms
1713. 2 10.135.18.1 (10.135.18.1) 7.064 ms 7.149 ms 7.698 ms
1714. 3 NYCMNYCIZR01.bb.telus.com (75.154.223.248) 29.791 ms 32.328 ms 32.408 ms
1715. 4 de-cix-new-york.as13335.net (206.130.10.31) 31.892 ms 32.023 ms 32.147 ms
1716. 5 104.18.53.96 (104.18.53.96) <syn,ack> 31.040 ms 31.181 ms 31.509 ms
1717.  
1718.  
1719.  
1720. Checking for HTTP-Loadbalancing [Date]: 23:00:49, 23:00:49, 23:00:50, 23:00:50, 23:00:51, 23:00:51, 23:00:52, 23:00:52, 23:00:52, 23:00:53, 23:00:53, 23:00:53, 23:00:54, 23:00:54, 23:00:55, 23:00:55, 23:00:55, 23:00:56, 23:00:57, 23:00:57, 23:00:58, 23:00:58, 23:00:58, 23:00:59, 23:00:59, 23:01:00, 23:01:00, 23:01:00, 23:01:01, 23:01:01, 23:01:02, 23:01:02, 23:01:03, 23:01:03, 23:01:04, 23:01:04, 23:01:05, 23:01:05, 23:01:06, 23:01:06, 23:01:06, 23:01:07, 23:01:07, 23:01:08, 23:01:08, 23:01:08, 23:01:09, 23:01:09, 23:01:10, 23:01:10, NOT FOUND
1721.  
1722. Checking for HTTP-Loadbalancing [Diff]: FOUND
1723. < CF-RAY: 3918f919b18d1055-CDG
1724. > CF-RAY: 3918f91ba54e691a-CDG
1725.  
1726. justlittlestars.com does Load-balancing. Found via Methods: DNS HTTP[Diff]
1727.  
1728.  
1729.  
1730. ######################################################################################################################################
1731.  
1732. nmap -PN -n -F -T4 -sV -A -oG temp.txt justlittlestars.com
1733.  
1734. Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-20 19:01 EDT
1735. Nmap scan report for justlittlestars.com (104.18.53.96)
1736. Host is up (0.18s latency).
1737. Other addresses for justlittlestars.com (not scanned): 2400:cb00:2048:1::6812:3460 2400:cb00:2048:1::6812:3560 104.18.52.96
1738. Not shown: 96 filtered ports
1739. PORT STATE SERVICE VERSION
1740. 80/tcp open http Cloudflare nginx
1741. |_http-title: JustLittleStars.com - Hot webcam teens!
1742. 443/tcp open ssl/http Cloudflare nginx
1743. | ssl-cert: Subject: commonName=sni201751.cloudflaressl.com
1744. | Subject Alternative Name: DNS:sni201751.cloudflaressl.com, DNS:*.24dose.com, DNS:*.callrandazzo.com, DNS:*.cryptly.co, DNS:*.dolls4fuck.com, DNS:*.e-cuties.ws, DNS:*.eggformr.cf, DNS:*.fanideae.xyz, DNS:*.gottateens.com, DNS:*.ivptvariance.ml, DNS:*.jeffreyscottharris.co, DNS:*.jeffreysharris.com, DNS:*.justlittlestars.com, DNS:*.mudwhya.cf, DNS:*.opktech.co, DNS:*.opktech.website, DNS:*.pdf-masters.cf, DNS:*.sector4.co, DNS:*.shy-cams.com, DNS:*.sirtryc.cf, DNS:*.texas86rxns.ml, DNS:*.tiny-cams.com, DNS:*.young-and-virg.in, DNS:24dose.com, DNS:callrandazzo.com, DNS:cryptly.co, DNS:dolls4fuck.com, DNS:e-cuties.ws, DNS:eggformr.cf, DNS:fanideae.xyz, DNS:gottateens.com, DNS:ivptvariance.ml, DNS:jeffreyscottharris.co, DNS:jeffreysharris.com, DNS:justlittlestars.com, DNS:mudwhya.cf, DNS:opktech.co, DNS:opktech.website, DNS:pdf-masters.cf, DNS:sector4.co, DNS:shy-cams.com, DNS:sirtryc.cf, DNS:texas86rxns.ml, DNS:tiny-cams.com, DNS:young-and-virg.in
1745. | Not valid before: 2017-08-16T00:00:00
1746. |_Not valid after: 2018-02-22T23:59:59
1747. 8080/tcp open http Cloudflare nginx
1748. 8443/tcp open ssl/http Cloudflare nginx
1749. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1750. Device type: general purpose
1751. Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (88%)
1752. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4
1753. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.4 (85%)
1754. No exact OS matches for host (test conditions non-ideal).
1755. Network Distance: 8 hops
1756.  
1757. TRACEROUTE (using port 443/tcp)
1758. HOP RTT ADDRESS
1759. 1 218.58 ms 10.13.0.1
1760. 2 257.14 ms 37.187.24.252
1761. 3 222.87 ms 178.33.103.229
1762. 4 227.36 ms 10.95.33.8
1763. 5 236.35 ms 91.121.215.177
1764. 6 242.36 ms 37.187.36.214
1765. 7 253.89 ms 195.42.144.143
1766. 8 248.16 ms 104.18.53.96
1767.  
1768. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1769. Nmap done: 1 IP address (1 host up) scanned in 78.71 seconds
1770.  
1771. ######################################################################################################################################
1772.  
1773. amap -i temp.txt
1774. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-20 19:02:29 - APPLICATION MAPPING mode
1775.  
1776. Protocol on 104.18.53.96:80/tcp matches http
1777. Protocol on 104.18.53.96:443/tcp matches http
1778. Protocol on 104.18.53.96:8080/tcp matches http
1779. Protocol on 104.18.53.96:443/tcp matches ssl
1780. Protocol on 104.18.53.96:8443/tcp matches http
1781. Protocol on 104.18.53.96:8443/tcp matches ssl
1782.  
1783. Unidentified ports: none.
1784.  
1785. amap v5.4 finished at 2017-08-20 19:02:35
1786.  
1787. ######################################################################################################################################
1788.  
1789. ######################################################################################################################################
1790.  
1791. localhost.justlittlestars.com
1792. IP address #1: 127.0.0.1
1793. [+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)
1794.  
1795. www.justlittlestars.com
1796. IPv6 address #1: 2400:cb00:2048:1::6812:3560
1797. IPv6 address #2: 2400:cb00:2048:1::6812:3460
1798.  
1799. www.justlittlestars.com
1800. IP address #1: 104.18.53.96
1801. IP address #2: 104.18.52.96
1802.  
1803.  
1804. ----- justlittlestars.com -----
1805.  
1806.  
1807. Host's addresses:
1808. __________________
1809.  
1810. justlittlestars.com. 300 IN A 104.18.53.96
1811. justlittlestars.com. 300 IN A 104.18.52.96
1812.  
1813.  
1814. Wildcard detection using: sdelaoewvdfx
1815. _______________________________________
1816.  
1817. sdelaoewvdfx.justlittlestars.com. 300 IN A 5.45.77.42
1818.  
1819.  
1820.  
1821. Name Servers:
1822. ______________
1823.  
1824. jonah.ns.cloudflare.com. 40100 IN A 173.245.59.186
1825. ada.ns.cloudflare.com. 86400 IN A 173.245.58.54
1826.  
1827.  
1828. Mail (MX) Servers:
1829. ___________________
1830.  
1831.  
1832.  
1833. Trying Zone Transfers and getting Bind Versions:
1834. _________________________________________________
1835. ---------------------------------------------------------------------------------------------------------------------------------------
1836. + Target IP: 104.18.52.96
1837. + Target Hostname: justlittlestars.com
1838. + Target Port: 80
1839. + Start Time: 2017-08-20 18:43:22 (GMT-4)
1840. ---------------------------------------------------------------------------------------------------------------------------------------
1841. + Server: cloudflare-nginx
1842. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1843. + Uncommon header 'cf-ray' found, with contents: 3918df0d70261055-CDG
1844. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1845. + All CGI directories 'found', use '-C none' to test none
1846. + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
1847. + OSVDB-8103: /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php
1848. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
1849. + Scan terminated: 18 error(s) and 4 item(s) reported on remote host
1850. + End Time: 2017-08-20 19:15:19 (GMT-4) (1917 seconds)
1851. ---------------------------------------------------------------------------------------------------------------------------------------
1852. Hostname 24dose.com ISP Unknown
1853. Continent Unknown Flag
1854. US
1855. Country United States Country Code US
1856. Region Unknown Local time 20 Aug 2017 18:23 CDT
1857. City Unknown Latitude 37.751
1858. IP Address (IPv6) 2400:cb00:2048:1::681f:5d5a Longitude -97.822
1859.  
1860. NetRange: 104.16.0.0 - 104.31.255.255
1861. CIDR: 104.16.0.0/12
1862. NetName: CLOUDFLARENET
1863. NetHandle: NET-104-16-0-0-1
1864. Parent: NET104 (NET-104-0-0-0-0)
1865. NetType: Direct Assignment
1866. OriginAS: AS13335
1867. Organization: Cloudflare, Inc. (CLOUD14)
1868. RegDate: 2014-03-28
1869. Updated: 2017-02-17
1870. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
1871. Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
1872.  
1873.  
1874.  
1875. OrgName: Cloudflare, Inc.
1876. OrgId: CLOUD14
1877. Address: 101 Townsend Street
1878. City: San Francisco
1879. StateProv: CA
1880. PostalCode: 94107
1881. Country: US
1882. RegDate: 2010-07-09
1883. Updated: 2017-02-17
1884. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
1885. Ref: https://whois.arin.net/rest/org/CLOUD14
1886.  
1887.  
1888. OrgTechHandle: ADMIN2521-ARIN
1889. OrgTechName: Admin
1890. OrgTechPhone: +1-650-319-8930
1891. OrgTechEmail: admin@cloudflare.com
1892. OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
1893.  
1894. OrgAbuseHandle: ABUSE2916-ARIN
1895. OrgAbuseName: Abuse
1896. OrgAbusePhone: +1-650-319-8930
1897. OrgAbuseEmail: abuse@cloudflare.com
1898. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
1899.  
1900. OrgNOCHandle: NOC11962-ARIN
1901. OrgNOCName: NOC
1902. OrgNOCPhone: +1-650-319-8930
1903. OrgNOCEmail: noc@cloudflare.com
1904. OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
1905.  
1906. RNOCHandle: NOC11962-ARIN
1907. RNOCName: NOC
1908. RNOCPhone: +1-650-319-8930
1909. RNOCEmail: noc@cloudflare.com
1910. RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
1911.  
1912. RAbuseHandle: ABUSE2916-ARIN
1913. RAbuseName: Abuse
1914. RAbusePhone: +1-650-319-8930
1915. RAbuseEmail: abuse@cloudflare.com
1916. RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
1917.  
1918. RTechHandle: ADMIN2521-ARIN
1919. RTechName: Admin
1920. RTechPhone: +1-650-319-8930
1921. RTechEmail: admin@cloudflare.com
1922. RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
1923.  
1924. in.24dose.com
1925. IPv6 address #1: 2400:cb00:2048:1::681f:5c5a
1926. IPv6 address #2: 2400:cb00:2048:1::681f:5d5a
1927.  
1928. in.24dose.com
1929. IP address #1: 104.31.92.90
1930. IP address #2: 104.31.93.90
1931.  
1932. localhost.24dose.com
1933. IP address #1: 127.0.0.1
1934. [+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)
1935.  
1936. mail.24dose.com
1937. IPv6 address #1: 2400:cb00:2048:1::681f:5d5a
1938. IPv6 address #2: 2400:cb00:2048:1::681f:5c5a
1939.  
1940. mail.24dose.com
1941. IP address #1: 104.31.92.90
1942. IP address #2: 104.31.93.90
1943.  
1944. www.24dose.com
1945. IPv6 address #1: 2400:cb00:2048:1::681f:5c5a
1946. IPv6 address #2: 2400:cb00:2048:1::681f:5d5a
1947.  
1948. www.24dose.com
1949. IP address #1: 104.31.92.90
1950. IP address #2: 104.31.93.90
1951. ----- 24dose.com -----
1952.  
1953.  
1954. Host's addresses:
1955. __________________
1956.  
1957. 24dose.com. 19 IN A 104.31.92.90
1958. 24dose.com. 19 IN A 104.31.93.90
1959.  
1960.  
1961. Wildcard detection using: aeskbrzqktgn
1962. _______________________________________
1963.  
1964. aeskbrzqktgn.24dose.com. 300 IN A 5.45.77.42
1965.  
1966.  
1967.  
1968. Name Servers:
1969. ______________
1970.  
1971. jonah.ns.cloudflare.com. 39211 IN A 173.245.59.186
1972. ada.ns.cloudflare.com. 86400 IN A 173.245.58.54
1973.  
1974.  
1975. Mail (MX) Servers:
1976. ___________________
1977.  
1978.  
1979.  
1980. Trying Zone Transfers and getting Bind Versions:
1981. _________________________________________________
1982.  
1983. ---------------------------------------------------------------------------------------------------------------------------------------
1984. + Target IP: 104.31.92.90
1985. + Target Hostname: 24dose.com
1986. + Target Port: 80
1987. + Start Time: 2017-08-21 19:17:58 (GMT-4)
1988. ---------------------------------------------------------------------------------------------------------------------------------------
1989. + Server: cloudflare-nginx
1990. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1991. + Uncommon header 'cf-ray' found, with contents: 39214f1f46c469b2-CDG
1992. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1993. + All CGI directories 'found', use '-C none' to test none
1994. + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
1995. tiny-cams.com
1996.  
1997. ######################################################################################################################################
1998.  
1999. whois tiny-cams.com
2000. Domain Name: TINY-CAMS.COM
2001. Registry Domain ID: 1688339232_DOMAIN_COM-VRSN
2002. Registrar WHOIS Server: whois.PublicDomainRegistry.com
2003. Registrar URL: http://www.publicdomainregistry.com
2004. Updated Date: 2016-11-21T23:41:04Z
2005. Creation Date: 2011-11-21T23:52:22Z
2006. Registry Expiry Date: 2017-11-21T23:52:22Z
2007. Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
2008. Registrar IANA ID: 303
2009. Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
2010. Registrar Abuse Contact Phone: +1.2013775952
2011. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
2012. Name Server: ADA.NS.CLOUDFLARE.COM
2013. Name Server: JONAH.NS.CLOUDFLARE.COM
2014. DNSSEC: unsigned
2015. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
2016. .
2017. Domain Name: TINY-CAMS.COM
2018. Registry Domain ID: 1688339232_DOMAIN_COM-VRSN
2019. Registrar WHOIS Server: whois.publicdomainregistry.com
2020. Registrar URL: www.publicdomainregistry.com
2021. Updated Date: 2016-11-21T23:41:04Z
2022. Creation Date: 2011-11-21T23:52:22Z
2023. Registrar Registration Expiration Date: 2017-11-21T23:52:22Z
2024. Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
2025. Registrar IANA ID: 303
2026. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
2027. Registry Registrant ID: Not Available From Registry
2028. Registrant Name: Mark
2029. Registrant Organization:
2030. Registrant Street: Plantage Muidergracht 11
2031. Registrant City: Amsterdam
2032. Registrant State/Province: Limburg
2033. Registrant Postal Code: 1018
2034. Registrant Country: NL
2035. Registrant Phone: +31.205258749
2036. Registrant Phone Ext:
2037. Registrant Fax:
2038. Registrant Fax Ext:
2039. Registrant Email: adultprojects@gmail.com
2040. Registry Admin ID: Not Available From Registry
2041. Admin Name: Mark
2042. Admin Organization:
2043. Admin Street: Plantage Muidergracht 11
2044. Admin City: Amsterdam
2045. Admin State/Province: Limburg
2046. Admin Postal Code: 1018
2047. Admin Country: NL
2048. Admin Phone: +31.205258749
2049. Admin Phone Ext:
2050. Admin Fax:
2051. Admin Fax Ext:
2052. Admin Email: adultprojects@gmail.com
2053. Registry Tech ID: Not Available From Registry
2054. Tech Name: Mark
2055. Tech Organization:
2056. Tech Street: Plantage Muidergracht 11
2057. Tech City: Amsterdam
2058. Tech State/Province: Limburg
2059. Tech Postal Code: 1018
2060. Tech Country: NL
2061. Tech Phone: +31.205258749
2062. Tech Phone Ext:
2063. Tech Fax:
2064. Tech Fax Ext:
2065. Tech Email: adultprojects@gmail.com
2066. Name Server: ada.ns.cloudflare.com
2067. Name Server: jonah.ns.cloudflare.com
2068. DNSSEC:Unsigned
2069. Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
2070. Registrar Abuse Contact Phone: +1.2013775952
2071. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
2072.  
2073.  
2074. ######################################################################################################################################
2075.  
2076. dig tiny-cams.com any
2077.  
2078. ; <<>> DiG 9.10.3-P4-Debian <<>> tiny-cams.com any
2079. ;; global options: +cmd
2080. ;; Got answer:
2081. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45677
2082. ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
2083.  
2084. ;; OPT PSEUDOSECTION:
2085. ; EDNS: version: 0, flags:; udp: 4096
2086. ;; QUESTION SECTION:
2087. ;tiny-cams.com. IN ANY
2088.  
2089. ;; ANSWER SECTION:
2090. tiny-cams.com. 3789 IN HINFO "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
2091. tiny-cams.com. 144970 IN NS jonah.ns.cloudflare.com.
2092. tiny-cams.com. 144970 IN NS ada.ns.cloudflare.com.
2093.  
2094. ;; Query time: 35 msec
2095. ;; SERVER: 192.168.1.254#53(192.168.1.254)
2096. ;; WHEN: Mon Aug 21 19:45:50 EDT 2017
2097. ;; MSG SIZE rcvd: 152
2098.  
2099.  
2100. #################################################################################################################################
2101. ######################################################################################################################################
2102.  
2103. tcptraceroute -i eth0 tiny-cams.com
2104.  
2105. Running:
2106. traceroute -T -O info -i eth0 tiny-cams.com
2107. traceroute to tiny-cams.com (104.27.188.107), 30 hops max, 60 byte packets
2108. 1 gateway (192.168.1.254) 0.527 ms 0.813 ms 1.020 ms
2109. 2 10.135.18.1 (10.135.18.1) 8.248 ms 8.634 ms 9.159 ms
2110. 3 NYCMNYCIZR01.bb.telus.com (75.154.223.248) 30.919 ms 30.994 ms 31.070 ms
2111. 4 de-cix-new-york.as13335.net (206.130.10.31) 31.835 ms 31.993 ms 32.366 ms
2112. 5 104.27.188.107 (104.27.188.107) <syn,ack> 32.252 ms 32.523 ms 32.709 ms
2113.  
2114.  
2115.  
2116. ######################################################################################################################################
2117.  
2118. cd /pentest/enumeration/lbd
2119. ./lbd.sh tiny-cams.com
2120. ./Recon.sh: ligne 65 : cd: /pentest/enumeration/lbd: Aucun fichier ou dossier de ce type
2121.  
2122. lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing.
2123. Written by Stefan Behte (http://ge.mine.nu)
2124. Proof-of-concept! Might give false positives.
2125.  
2126. Checking for DNS-Loadbalancing: FOUND
2127. tiny-cams.com has address 104.27.189.107
2128. tiny-cams.com has address 104.27.188.107
2129.  
2130. Checking for HTTP-Loadbalancing [Server]:
2131.  
2132. cloudflare-nginx
2133. NOT FOUND
2134.  
2135. Checking for HTTP-Loadbalancing [Date]: 00:03:45, 00:03:45, 00:03:46, 00:03:46, 00:03:47, 00:03:47, 00:03:48, 00:03:48, 00:03:49, 00:03:49, 00:03:50, 00:03:50, 00:03:50, 00:03:51, 00:03:51, 00:03:52, 00:03:52, 00:03:52, 00:03:53, 00:03:53, 00:03:54, 00:03:54, 00:03:55, 00:03:55, 00:03:55, 00:03:56, 00:03:56, 00:03:57, 00:03:57, 00:03:57, 00:03:58, 00:03:58, 00:03:59, 00:03:59, 00:03:59, 00:04:00, 00:04:00, 00:04:01, 00:04:01, 00:04:02, 00:04:02, 00:04:03, 00:04:03, 00:04:03, 00:04:04, 00:04:04, 00:04:05, 00:04:05, 00:04:06, 00:04:06, NOT FOUND
2136.  
2137. Checking for HTTP-Loadbalancing [Diff]: FOUND
2138. < Expires: Tue, 22 Aug 2017 00:04:21 GMT
2139. > Expires: Tue, 22 Aug 2017 00:04:22 GMT
2140. < CF-RAY: 392192a7856e694a-CDG
2141. > CF-RAY: 392192aae6353bc3-CDG
2142.  
2143. tiny-cams.com does Load-balancing. Found via Methods: DNS HTTP[Diff]
2144.  
2145.  
2146. ######################################################################################################################################
2147.  
2148. nmap -PN -n -F -T4 -sV -A -oG temp.txt tiny-cams.com
2149.  
2150. Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-21 20:04 EDT
2151. Nmap scan report for tiny-cams.com (104.27.188.107)
2152. Host is up (0.13s latency).
2153. Other addresses for tiny-cams.com (not scanned): 2400:cb00:2048:1::681b:bd6b 2400:cb00:2048:1::681b:bc6b 104.27.189.107
2154. Not shown: 96 filtered ports
2155. PORT STATE SERVICE VERSION
2156. 80/tcp open http Cloudflare nginx
2157. 443/tcp open ssl/http Cloudflare nginx
2158. | ssl-cert: Subject: commonName=sni201751.cloudflaressl.com
2159. | Subject Alternative Name: DNS:sni201751.cloudflaressl.com, DNS:*.24dose.com, DNS:*.callrandazzo.com, DNS:*.cryptly.co, DNS:*.dolls4fuck.com, DNS:*.e-cuties.ws, DNS:*.eggformr.cf, DNS:*.fanideae.xyz, DNS:*.gottateens.com, DNS:*.ivptvariance.ml, DNS:*.jeffreyscottharris.co, DNS:*.jeffreysharris.com, DNS:*.justlittlestars.com, DNS:*.mudwhya.cf, DNS:*.opktech.co, DNS:*.opktech.website, DNS:*.pdf-masters.cf, DNS:*.sector4.co, DNS:*.shy-cams.com, DNS:*.sirtryc.cf, DNS:*.texas86rxns.ml, DNS:*.tiny-cams.com, DNS:*.young-and-virg.in, DNS:24dose.com, DNS:callrandazzo.com, DNS:cryptly.co, DNS:dolls4fuck.com, DNS:e-cuties.ws, DNS:eggformr.cf, DNS:fanideae.xyz, DNS:gottateens.com, DNS:ivptvariance.ml, DNS:jeffreyscottharris.co, DNS:jeffreysharris.com, DNS:justlittlestars.com, DNS:mudwhya.cf, DNS:opktech.co, DNS:opktech.website, DNS:pdf-masters.cf, DNS:sector4.co, DNS:shy-cams.com, DNS:sirtryc.cf, DNS:texas86rxns.ml, DNS:tiny-cams.com, DNS:young-and-virg.in
2160. | Not valid before: 2017-08-16T00:00:00
2161. |_Not valid after: 2018-02-22T23:59:59
2162. 8080/tcp open http Cloudflare nginx
2163. 8443/tcp open ssl/http Cloudflare nginx
2164. | ssl-cert: Subject: commonName=sni201751.cloudflaressl.com
2165. | Subject Alternative Name: DNS:sni201751.cloudflaressl.com, DNS:*.24dose.com, DNS:*.callrandazzo.com, DNS:*.cryptly.co, DNS:*.dolls4fuck.com, DNS:*.e-cuties.ws, DNS:*.eggformr.cf, DNS:*.fanideae.xyz, DNS:*.gottateens.com, DNS:*.ivptvariance.ml, DNS:*.jeffreyscottharris.co, DNS:*.jeffreysharris.com, DNS:*.justlittlestars.com, DNS:*.mudwhya.cf, DNS:*.opktech.co, DNS:*.opktech.website, DNS:*.pdf-masters.cf, DNS:*.sector4.co, DNS:*.shy-cams.com, DNS:*.sirtryc.cf, DNS:*.texas86rxns.ml, DNS:*.tiny-cams.com, DNS:*.young-and-virg.in, DNS:24dose.com, DNS:callrandazzo.com, DNS:cryptly.co, DNS:dolls4fuck.com, DNS:e-cuties.ws, DNS:eggformr.cf, DNS:fanideae.xyz, DNS:gottateens.com, DNS:ivptvariance.ml, DNS:jeffreyscottharris.co, DNS:jeffreysharris.com, DNS:justlittlestars.com, DNS:mudwhya.cf, DNS:opktech.co, DNS:opktech.website, DNS:pdf-masters.cf, DNS:sector4.co, DNS:shy-cams.com, DNS:sirtryc.cf, DNS:texas86rxns.ml, DNS:tiny-cams.com, DNS:young-and-virg.in
2166. | Not valid before: 2017-08-16T00:00:00
2167. |_Not valid after: 2018-02-22T23:59:59
2168. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2169. Device type: general purpose
2170. Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (88%)
2171. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4
2172. Aggressive OS guesses: Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.4 (85%)
2173. No exact OS matches for host (test conditions non-ideal).
2174. Network Distance: 8 hops
2175.  
2176. TRACEROUTE (using port 80/tcp)
2177. HOP RTT ADDRESS
2178. 1 112.99 ms 10.13.0.1
2179. 2 113.00 ms 37.187.24.252
2180. 3 113.00 ms 178.33.103.229
2181. 4 ...
2182. 5 117.24 ms 91.121.215.177
2183. 6 126.30 ms 37.187.36.214
2184. 7 126.29 ms 195.42.144.143
2185. 8 117.26 ms 104.27.188.107
2186.  
2187. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2188. Nmap done: 1 IP address (1 host up) scanned in 82.68 seconds
2189.  
2190. ######################################################################################################################################
2191.  
2192. amap -i temp.txt
2193. amap v5.4 (www.thc.org/thc-amap) started at 2017-08-21 20:05:28 - APPLICATION MAPPING mode
2194.  
2195. Protocol on 104.27.188.107:80/tcp matches http
2196. Protocol on 104.27.188.107:443/tcp matches http
2197. Protocol on 104.27.188.107:8080/tcp matches http
2198. Protocol on 104.27.188.107:8443/tcp matches http
2199. Protocol on 104.27.188.107:443/tcp matches ssl
2200. Protocol on 104.27.188.107:8443/tcp matches ssl
2201.  
2202. Unidentified ports: none.
2203.  
2204. amap v5.4 finished at 2017-08-21 20:05:33
2205.  
2206.  
2207. Hostname tiny-cams.com ISP Unknown
2208. Continent Unknown Flag
2209. US
2210. Country United States Country Code US
2211. Region Unknown Local time 21 Aug 2017 18:50 CDT
2212. City Unknown Latitude 37.751
2213. IP Address (IPv6) 2400:cb00:2048:1::681b:bc6b Longitude -97.822
2214.  
2215.  
2216. NetRange: 104.16.0.0 - 104.31.255.255
2217. CIDR: 104.16.0.0/12
2218. NetName: CLOUDFLARENET
2219. NetHandle: NET-104-16-0-0-1
2220. Parent: NET104 (NET-104-0-0-0-0)
2221. NetType: Direct Assignment
2222. OriginAS: AS13335
2223. Organization: Cloudflare, Inc. (CLOUD14)
2224. RegDate: 2014-03-28
2225. Updated: 2017-02-17
2226. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
2227. Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
2228.  
2229.  
2230.  
2231. OrgName: Cloudflare, Inc.
2232. OrgId: CLOUD14
2233. Address: 101 Townsend Street
2234. City: San Francisco
2235. StateProv: CA
2236. PostalCode: 94107
2237. Country: US
2238. RegDate: 2010-07-09
2239. Updated: 2017-02-17
2240. Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
2241. Ref: https://whois.arin.net/rest/org/CLOUD14
2242.  
2243.  
2244. OrgNOCHandle: NOC11962-ARIN
2245. OrgNOCName: NOC
2246. OrgNOCPhone: +1-650-319-8930
2247. OrgNOCEmail: noc@cloudflare.com
2248. OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
2249.  
2250. OrgTechHandle: ADMIN2521-ARIN
2251. OrgTechName: Admin
2252. OrgTechPhone: +1-650-319-8930
2253. OrgTechEmail: admin@cloudflare.com
2254. OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
2255.  
2256. OrgAbuseHandle: ABUSE2916-ARIN
2257. OrgAbuseName: Abuse
2258. OrgAbusePhone: +1-650-319-8930
2259. OrgAbuseEmail: abuse@cloudflare.com
2260. OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
2261.  
2262. RAbuseHandle: ABUSE2916-ARIN
2263. RAbuseName: Abuse
2264. RAbusePhone: +1-650-319-8930
2265. RAbuseEmail: abuse@cloudflare.com
2266. RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
2267.  
2268. RNOCHandle: NOC11962-ARIN
2269. RNOCName: NOC
2270. RNOCPhone: +1-650-319-8930
2271. RNOCEmail: noc@cloudflare.com
2272. RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
2273.  
2274. RTechHandle: ADMIN2521-ARIN
2275. RTechName: Admin
2276. RTechPhone: +1-650-319-8930
2277. RTechEmail: admin@cloudflare.com
2278. RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
2279.  
2280.  
2281.  
2282. [+] Emails found:
2283. ------------------
2284. pixel-1503359231368598-web-@tiny-cams.com
2285. pixel-1503359236888682-web-@tiny-cams.com
2286.  
2287. [+] Hosts found in search engines:
2288. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2289. [-] Resolving hostnames IPs...
2290. 5.45.77.42:253Dwww.tiny-cams.com
2291. 104.27.188.107:Www.tiny-cams.com
2292. 104.27.189.107:www.tiny-cams.com
2293. [+] Virtual hosts:
2294. ==================
2295. 5.45.77.42 www.idealo.fr
2296. 5.45.77.42 unrealgalls.com
2297. 5.45.77.42 www.teensdefloration.net
2298. 5.45.77.42 www.justlittlestars.com
2299. 5.45.77.42 justlittlestars.com
2300. 5.45.77.42 www.freeteenpornmovs.com
2301. 5.45.77.42 www.prix.net
2302. 104.27.188.107 www.chefsresource.com
2303. 104.27.188.107 www.bourin.pro
2304. 104.27.188.107 www.onsaitcequonveutquonsache.com
2305. 104.27.188.107 onsaitcequonveutquonsache.com
2306. 104.27.188.107 www.getprelude.net
2307. 104.27.188.107 thefemmeblog.com
2308. 104.27.188.107 gumboserum.com
2309. 104.27.188.107 www.youtube-me.com
2310. 104.27.188.107 getonthemapdentist
2311. 104.27.188.107 www.theltwcriminallawattorneys.com
2312. 104.27.188.107 www.anantarahuahinwedding.com
2313. 104.27.188.107 www.pacificshores
2314. 104.27.188.107 www.pacificshoresproperties.com
2315. 104.27.188.107 www.foxlandharvestore
2316. 104.27.188.107 cougardaily.org
2317. 104.27.188.107 www.supereights.co.uk
2318. 104.27.188.107 iati.ir
2319. 104.27.188.107 www.potteryclassesinduluthmn.com
2320. 104.27.188.107 foxlandharvestore.com
2321. 104.27.188.107 www.itblackhats.com
2322. 104.27.188.107 www.iranresident.com
2323. 104.27.188.107 bomtan.tv
2324. 104.27.188.107 southamptonsailingclub
2325. 104.27.188.107 m.bomtan.tv
2326. 104.27.188.107 www.bombaytrading
2327. 104.27.188.107 www.quality-quails.co.uk
2328. 104.27.188.107 northwoodfamilydentalcenter
2329. 104.27.188.107 pokerbook.info
2330. 104.27.188.107 hostpayday.us
2331. 104.27.188.107 clipwud
2332. 104.27.188.107 ethnotronik.com
2333. 104.27.188.107 glassbrookdesigns
2334. 104.27.188.107 paradisekebabhouse
2335. 104.27.188.107 simracingresources
2336. 104.27.188.107 professionalwishwp
2337. 104.27.188.107 idemize.com
2338. 104.27.188.107 idhlaw.com
2339. 104.27.188.107 www.lacentrale.fr
2340. 104.27.188.107 holyjustice.com
2341. 104.27.188.107 www.zenza.com.au
2342. 104.27.188.107 glassbrookdesigns.com
2343. 104.27.188.107 rhondasnailsalon.com
2344. 104.27.188.107 www.rhondasnailsalon.com
2345. 104.27.188.107 pizzeriakosmos.com
2346. 104.27.188.107 ciparkfoundation.org
2347. 104.27.188.107 www.bombaytradingcorpn.co.in
2348. 104.27.188.107 eurohealthsystems.com
2349. 104.27.188.107 when-in-china
2350. 104.27.188.107 www.mizeghaza.com
2351. 104.27.188.107 southamptonsailingclub.com
2352. 104.27.188.107 when-in-china.com
2353. 104.27.188.107 veji-win.tk
2354. 104.27.188.107 tribenhphukhoa.vn
2355. 104.27.188.107 www.s8mgcw8.bid
2356. 104.27.188.107 marcoding021.com
2357. 104.27.188.107 www.winterbekleidung-outlet.de
2358. 104.27.188.107 www.museumsquartier.ch
2359. 104.27.188.107 partyplacestostay.com
2360. 104.27.188.107 bleguk.net
2361. 104.27.188.107 www.scienceshot
2362. 104.27.188.107 fotografoenproyecto.com
2363. 104.27.188.107 chickencottage
2364. 104.27.188.107 www.scienceshot.com
2365. 104.27.188.107 www.hotelcataguases.com.br
2366. 104.27.188.107 www.123flashchat.it
2367. 104.27.188.107 tech.justmaik.nl
2368. 104.27.189.107 www.onsaitcequonveutquonsache.com
2369. 104.27.189.107 cougardaily.org
2370. 104.27.189.107 onsaitcequonveutquonsache.com
2371. 104.27.189.107 gumboserum.com
2372. 104.27.189.107 foxlandharvestore
2373. 104.27.189.107 paradisekebabhouse
2374. 104.27.189.107 burritoparty
2375. 104.27.189.107 www.pacificshoresproperties.com
2376. 104.27.189.107 katebristow
2377. 104.27.189.107 www.getprelude.net
2378. 104.27.189.107 www.nearvendors
2379. 104.27.189.107 www.rhondasnailsalon
2380. 104.27.189.107 aharisolutions
2381. 104.27.189.107 www.quality-quails
2382. 104.27.189.107 sdfloat.com
2383. 104.27.189.107 foxlandharvestore
2384. 104.27.189.107 www.supereights.co.uk
2385. 104.27.189.107 www.draser
2386. 104.27.189.107 chromeincognitobutton
2387. 104.27.189.107 www.inquiringmindsacademy.com
2388. 104.27.189.107 thefemmeblog.com
2389. 104.27.189.107 trystemrefresh
2390. 104.27.189.107 northwoodfamilydentalcenter
2391. 104.27.189.107 airtimepaint
2392. 104.27.189.107 www.itblackhats
2393. 104.27.189.107 www.zenza.com.au
2394. 104.27.189.107 www.anantarahuahinwedding.com
2395. 104.27.189.107 www.quality-quails.co.uk
2396. 104.27.189.107 bomtan.tv
2397. 104.27.189.107 ciparkfoundation.org
2398. 104.27.189.107 northwoodfamilydentalcenter.com
2399. 104.27.189.107 idhlaw.com
2400. 104.27.189.107 sizlers
2401. 104.27.189.107 iranresident.com
2402. 104.27.189.107 www.potteryclassesinduluthmn.com
2403. 104.27.189.107 m.bomtan.tv
2404. 104.27.189.107 glassbrookdesigns
2405. 104.27.189.107 Amazon.fr
2406. 104.27.189.107 holyjustice.com
2407. 104.27.189.107 glassbrookdesigns.com
2408. 104.27.189.107 desitalemope.com
2409. 104.27.189.107 eurohealthsystems.com
2410. 104.27.189.107 airtimepaint.co.uk
2411. 104.27.189.107 www.niftylifestyle.com
2412. 104.27.189.107 pizzeriakosmos.com
2413. 104.27.189.107 thebookonit.com
2414. 104.27.189.107 zadevelopment.xyz
2415. 104.27.189.107 simracingresources
2416. 104.27.189.107 southamptonsailingclub.com
2417. 104.27.189.107 www.mizeghaza.com
2418. 104.27.189.107 justmaik.nl
2419. 104.27.189.107 tribenhphukhoa.vn
2420. 104.27.189.107 www.youtube-me.com
2421. 104.27.189.107 when-in-china.com
2422. 104.27.189.107 www.winterbekleidung-outlet.de
2423. 104.27.189.107 www.sonhoeartpijamas.com.br
2424. 104.27.189.107 www.scienceshot
2425. 104.27.189.107 vozrogdeniya.com
2426. 104.27.189.107 marcoding021.com
2427. 104.27.189.107 www.neuroventasbootcamp.com
2428. 104.27.189.107 schickfleisig.bid
2429. 104.27.189.107 nakashingraphic.com
2430. 104.27.189.107 www.museumsquartier.ch
2431. 104.27.189.107 www.scienceshot.com
2432. 104.27.189.107 www.arystalifescience.com.co
2433. 104.27.189.107 www.hotelcataguases.com.br
2434.  
2435. localhost.tiny-cams.com
2436. IP address #1: 127.0.0.1
2437. [+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)
2438.  
2439. www.tiny-cams.com
2440. IPv6 address #1: 2400:cb00:2048:1::681b:bc6b
2441. IPv6 address #2: 2400:cb00:2048:1::681b:bd6b
2442.  
2443. www.tiny-cams.com
2444. IP address #1: 104.27.188.107
2445. IP address #2: 104.27.189.107
2446.  
2447. [+] 3 (sub)domains and 5 IP address(es) found
2448. ----- tiny-cams.com -----
2449.  
2450.  
2451. Host's addresses:
2452. __________________
2453.  
2454. tiny-cams.com. 226 IN A 104.27.189.107
2455. tiny-cams.com. 226 IN A 104.27.188.107
2456.  
2457.  
2458. Wildcard detection using: audfekshbcfs
2459. _______________________________________
2460.  
2461. audfekshbcfs.tiny-cams.com. 300 IN A 5.45.77.42
2462.  
2463.  
2464. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
2465.  
2466. Wildcards detected, all subdomains will point to the same IP address
2467. Omitting results containing 5.45.77.42.
2468. Maybe you are using OpenDNS servers.
2469.  
2470. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
2471.  
2472.  
2473. Name Servers:
2474. ______________
2475.  
2476. jonah.ns.cloudflare.com. 37661 IN A 173.245.59.186
2477. ada.ns.cloudflare.com. 84883 IN A 173.245.58.54
2478.  
2479.  
2480. Mail (MX) Servers:
2481. ___________________
2482.  
2483.  
2484.  
2485. Trying Zone Transfers and getting Bind Versions:
2486. _________________________________________________
2487.  
2488. ---------------------------------------------------------------------------------------------------------------------------------------
2489. + Target IP: 104.27.189.107
2490. + Target Hostname: tiny-cams.com
2491. + Target Port: 80
2492. + Start Time: 2017-08-21 20:59:09 (GMT-4)
2493. ---------------------------------------------------------------------------------------------------------------------------------------
2494. + Server: cloudflare-nginx
2495. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
2496. + Uncommon header 'cf-ray' found, with contents: 3921e352c07708f0-CDG
2497. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
2498. + All CGI directories 'found', use '-C none' to test none
2499. + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
2500. #######################################################################################################################################
2501. OPDeathEathers Anonymous JTSEC full recon #13
2502. OPDeathEathers Anonymous JTSEC full recon #13 OPDeathEathers Anonymous JTSEC full recon #13 OPDeathEathers Anonymous JTSEC full recon #13 OPDeathEathers Anonymous JTSEC full recon #13 OPDeathEathers Anonymous JTSEC full recon #13