#OpYesBackpage

1. | |__ | | __ _ ___| | _| |__ __ _| |_ __ _| | ___ | |__ __ _| |
2. | '_ \| |/ _` |/ __| |/ / '_ \ / _` | __| / _` | |/ _ \| '_ \ / _` | |
3. | |_) | | (_| | (__| <| | | | (_| | |_ | (_| | | (_) | |_) | (_| | |
4. |_.__/|_|\__,_|\___|_|\_\_| |_|\__,_|\__| \__, |_|\___/|_.__/ \__,_|_|
5. |___/
6. TARGET: https://www.yesbackpage.com/
7.  
8. https://ibb.co/n8C3ptz
9. https://ibb.co/T8z65WP
10. https://ibb.co/g6pW0Lb
11. https://ibb.co/bXNc10w
12. https://ibb.co/3Tjb9y1
13. https://ibb.co/Rysf0ht
14. https://ibb.co/1MMNYb3
15. https://ibb.co/WkRCJJQ
16. https://ibb.co/612SRnT
17. https://ibb.co/7Cpm0SM
18.  
19. email address:
20. https://www.yesbackpage.com/contact-us
21.  
22. Registrar:
23. https://yesbackpage.com.ipaddress.com/
24.  
25. domain history:
26.  
27. https://securitytrails.com/domain/yesbackpage.com/history/a
28.  
29. What does that means?
30.  
31. Imagine the website originally had the IP Address:
32.  
33. 199.188.200.48
34.  
35. then passed to the next IP Address:
36.  
37. 136.144.132.31
38.  
39. We can ignore the IP Addresses that are shown as 1 day only cause they switched from one IP to the other.
40. So please ignore the 1 day IP Addresses history.
41.  
42. Finally they passed to the Cloudflare DNS.
43.  
44. Now the Cloudflare DNS masquerade the real IP Address of the website.
45.  
46. Cloudflare self doesn't host the website.
47. They only host the DNS of the website.
48.  
49. So everytime you navigate the website you'll always see Cloudflare DNS but the webhost is not there.
50.  
51.  
52. Domain Creation Date April 11, 2018
53.  
54. What are YesBackpage.com's nameservers?
55. DNS for YesBackpage.com is provided by the nameservers
56.  
57. clark.ns.cloudflare.com
58.  
59. and
60.  
61. liv.ns.cloudflare.com.
62.  
63. Who is the registrar for the YesBackpage.com domain?
64. The domain has been registered at Key-Systems GmbH. You can visit the registrar's website at http://www.key-systems.net.
65. The registrar's WHOIS server can be reached at whois.rrpproxy.net.
66.  
67. Site is registered in Germany by Key-Systems GmbH.
68.  
69. This is their WebHosting Company:
70.  
71. https://www.key-systems.net/
72.  
73. and this is the NameCheap for the Domain Name:
74.  
75. http://dc-7a362e5dec9e.yes back page.com/cgi-sys/defaultwebpage.cgi
76.  
77. IP address: 198.187.29.237
78.  
79. Reverse DNS (PTR record)
80.  
81. business17-1.web- hosting.com
82.  
83. https://www.shodan.io/host/198.187.29.237
84.  
85. https://www.ipneighbour.com/#/lookup/business17-1.web-hosting.com
86.  
87. https://www.dailydot.com/irl/mailchimp-sex-trafficking-lawsuit/
88.  
89.  
90. [*] Searching Twitter usernames using Google.
91.  
92. [*] Users found: 17
93. ---------------------
94. @Aryaunna_heart
95. @BeauchampNaomie
96. @Jessi4BBC1
97. @MistressMiaVon
98. @Nick_Ramsy
99. @RisaJenner
100. @TheMistressNova
101. @TheYesBackpage
102. @WarrenB850
103. @bigtsbitches
104. @dearmasarmando
105. @denisecouponer
106. @mabe_misty
107. @mskarinsin
108. @sinndatruth
109. @trt_FAMU
110.  
111.  
112. https://www.whatruns.com/website/yesbackpage.com
113.  
114. Technologies Used by Yesbackpage.com
115.  
116. Web Framework
117. Bootstrap
118.  
119. Tag Managers
120. Google Tag Manager
121.  
122. Javascript Frameworks
123. jQuery 1.4.1
124.  
125. Web Server
126. Apache 2.4.23
127.  
128.  
129. https://censys.io/ipv4/149.210.248.3
130. https://censys.io/ipv4/149.210.248.4
131. https://censys.io/ipv4/149.210.248.98
132. https://censys.io/ipv4/149.210.248.99
133.  
134.  
135.  
136. root@blackbox:/opt/WhatWeb# amass enum -d yesbackpage.de
137. mail.yesbackpage.de
138. sendmail.yesbackpage.de
139. webmail.yesbackpage.de
140. newhosting.yesbackpage.de
141. hostingserver.yesbackpage.de
142. dc-d3321fe7c60f.yesbackpage.de
143. yesbackpage.de
144. www.yesbackpage.de
145.  
146. OWASP Amass v3.1.10 https://github.com/OWASP/Amass
147. --------------------------------------------------------------------------------
148. 8 names discovered - api: 4, cert: 2, dns: 2
149. --------------------------------------------------------------------------------
150. ASN: 13335 - CLOUDFLARENET
151. 104.26.0.0/20 12 Subdomain Name(s)
152. 172.67.64.0/20 5 Subdomain Name(s)
153. 2606:4700:20::/44 15 Subdomain Name(s)
154. ASN: 22612 - NAMECHEAP-NET
155. 198.187.29.0/24 1 Subdomain Name(s)
156.  
157.  
158. https://www.shodan.io/search?query=hostingserver.yesbackpage.de
159.  
160. https://www.shodan.io/host/149.210.248.3
161.  
162. root@blackbox:/opt# dmitry -winsepfb host hostingserver.yesbackpage.de
163. Deepmagic Information Gathering Tool
164. "There be some deep magic going on"
165.  
166. HostIP:149.210.248.98
167. HostName:hostingserver.yesbackpage.de
168.  
169. Gathered Inet-whois information for 149.210.248.98
170. ---------------------------------
171.  
172.  
173. inetnum: 149.210.248.0 - 149.210.248.255
174. netname: TRANSIP-NL-VPS-POD5-AMS4-CUSTOMERS
175. descr:
176. country: NL
177. admin-c: IPRO1-RIPE
178. tech-c: IPRO1-RIPE
179. status: ASSIGNED PA
180. remarks: -------------------------------------------------------
181. remarks: Network abuse reports: abuse@transip.nl
182. remarks: NOC and contact details: http://www.transip.nl/contact/
183. remarks: -------------------------------------------------------
184. mnt-by: TRANSIP-MNT
185. mnt-lower: TRANSIP-MNT
186. mnt-routes: TRANSIP-MNT
187. created: 2018-02-05T15:01:34Z
188. last-modified: 2018-02-05T15:01:34Z
189. source: RIPE
190.  
191. role: TransIP B.V. Admin
192. address: Schipholweg 9B
193. address: 2316 XB Leiden
194. address: NL
195. remarks: -------------------------------------------------------
196. remarks: Network abuse reports: abuse@transip.nl
197. remarks: NOC and contact details: http://www.transip.nl/contact/
198. remarks: -------------------------------------------------------
199. phone: +31 71 524 1919
200. fax-no: +31 71 524 1918
201. abuse-mailbox: abuse@transip.nl
202. admin-c: RSK48-RIPE
203. tech-c: IPRS1-RIPE
204. nic-hdl: IPRO1-RIPE
205. mnt-by: TRANSIP-MNT
206. created: 2003-05-10T09:33:07Z
207. last-modified: 2018-02-18T14:20:18Z
208. source: RIPE # Filtered
209.  
210. % Information related to '149.210.128.0/17AS20857'
211.  
212. route: 149.210.128.0/17
213. descr: TransIP BV
214. descr: Amsterdam, The Netherlands
215. origin: AS20857
216. mnt-by: TRANSIP-MNT
217. mnt-lower: TRANSIP-MNT
218. mnt-routes: TRANSIP-MNT
219. created: 2013-04-12T15:07:15Z
220. last-modified: 2013-04-12T15:07:15Z
221. source: RIPE # Filtered
222.  
223. % This query was served by the RIPE Database Query Service version 1.97.1 (ANGUS)
224.  
225.  
226. Gathered TCP Port information for 149.210.248.98
227. ---------------------------------
228.  
229. Port State
230.  
231. 21/tcp open
232. >> 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
233. 220-You are user number 1 of 50 allowed.
234. 220-Local time is now 0���b
235. 22/tcp open
236. >> SSH-2.0-OpenSSH_7.4
237.  
238. 53/tcp open
239.  
240. Portscan Finished: Scanned 150 ports, 98 ports were in state closed
241.  
242.  
243.  
244. http://hostingserver.yesbackpage.de/domainnotknown.html
245. Hostnames newhosting.yesbackpage.de
246.  
247.  
248.  
249. root@blackbox:/opt# nmap -A -Pn 149.210.248.3
250. Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-05 14:05 CDT
251. Nmap scan report for newhosting.yesbackpage.de (149.210.248.3)
252. Host is up (0.13s latency).
253. Not shown: 988 filtered ports
254. PORT STATE SERVICE VERSION
255. 21/tcp open ftp Pure-FTPd
256. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
257. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
258. | Not valid before: 2019-11-06T19:23:11
259. |_Not valid after: 2020-11-05T19:23:11
260. |_ssl-date: TLS randomness does not represent time
261.  
262. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
263. | ssh-hostkey:
264. | 2048 4d:dd:1a:1e:36:7b:97:7e:64:43:6f:10:1e:d4:ae:7b (RSA)
265. | 256 23:b9:77:f9:3d:46:1c:26:e1:b4:82:29:c3:8f:8b:1a (ECDSA)
266. |_ 256 17:43:31:05:08:cd:e9:dc:90:b8:7e:74:67:90:a6:cb (ED25519)
267.  
268. 53/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
269. | dns-nsid:
270. |_ bind.version: 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6
271.  
272. 80/tcp open http Apache httpd
273. |_http-server-header: Apache
274. | http-title: 404 Not Found
275. |_Requested resource was http://hostingserver.yesbackpage.de/domainnotknown.html
276.  
277. 110/tcp open pop3 Dovecot pop3d
278. |_pop3-capabilities: CAPA USER PIPELINING SASL(PLAIN LOGIN) RESP-CODES TOP UIDL STLS AUTH-RESP-CODE
279. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
280. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
281. | Not valid before: 2019-11-06T19:23:10
282. |_Not valid after: 2020-11-05T19:23:10
283.  
284. 143/tcp open imap Dovecot imapd
285. |_imap-capabilities: LOGIN-REFERRALS AUTH=LOGINA0001 IMAP4rev1 more Pre-login have listed NAMESPACE AUTH=PLAIN STARTTLS OK ID ENABLE IDLE post-login SASL-IR LITERAL+ capabilities
286. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
287. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
288. | Not valid before: 2019-11-06T19:23:10
289. |_Not valid after: 2020-11-05T19:23:10
290.  
291. 443/tcp open http Apache httpd
292. |_http-server-header: Apache
293. |_http-title: Did not follow redirect to http://hostingserver.yesbackpage.de/domainnotknown.html
294.  
295. 465/tcp open ssl/smtp Exim smtpd 4.93
296. | smtp-commands: hostingserver.yesbackpage.de Hello newhosting.yesbackpage.de [82.102.16.196], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
297. |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
298. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
299. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
300. | Not valid before: 2019-11-06T19:23:10
301. |_Not valid after: 2020-11-05T19:23:10
302.  
303. 587/tcp open smtp Exim smtpd 4.93
304. | smtp-commands: hostingserver.yesbackpage.de Hello newhosting.yesbackpage.de [82.102.16.196], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
305. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
306. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
307. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
308. | Not valid before: 2019-11-06T19:23:10
309. |_Not valid after: 2020-11-05T19:23:10
310.  
311. 993/tcp open imaps?
312. |_imap-capabilities: LOGIN-REFERRALS AUTH=LOGINA0001 IMAP4rev1 more Pre-login have listed NAMESPACE post-login OK ID ENABLE IDLE AUTH=PLAIN SASL-IR LITERAL+ capabilities
313. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
314. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
315. | Not valid before: 2019-11-06T19:23:10
316. |_Not valid after: 2020-11-05T19:23:10
317.  
318. 995/tcp open pop3s?
319. |_pop3-capabilities: TOP PIPELINING SASL(PLAIN LOGIN) RESP-CODES USER UIDL AUTH-RESP-CODE CAPA
320. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
321. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
322. | Not valid before: 2019-11-06T19:23:10
323. |_Not valid after: 2020-11-05T19:23:10
324. Device type: general purpose|storage-misc|firewall
325. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (92%), Synology DiskStation Manager 5.X (85%), WatchGuard Fireware 11.X (85%)
326. OS CPE: cpe:/o:linux:linux_kernel:4.0 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8
327. Aggressive OS guesses: Linux 4.0 (92%), Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 3.10 (90%), Linux 3.10 - 3.16 (90%), Linux 4.9 (89%), Linux 3.11 - 4.1 (86%), Linux 3.16 (86%), Linux 2.6.32 or 3.10 (86%), Linux 4.2 (86%)
328. No exact OS matches for host (test conditions non-ideal).
329. Network Distance: 11 hops
330. Service Info: Host: hostingserver.yesbackpage.de; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
331.  
332. TRACEROUTE (using port 20/tcp)
333. HOP RTT ADDRESS
334. 1 150.55 ms 10.16.0.1
335. 2 ...
336. 3 150.67 ms vlan164.as11.fra4.de.m247.com (82.102.16.193)
337. 4 150.67 ms vlan2917.agg1.fra4.de.m247.com (212.103.51.190)
338. 5 150.70 ms vlan299.bb2.fra1.de.m247.com (185.206.226.92)
339. 6 150.70 ms te0-0-0-9.agr21.fra06.atlas.cogentco.com (149.11.20.249)
340. 7 150.72 ms be2844.rcr22.fra06.atlas.cogentco.com (130.117.0.29)
341. 8 150.72 ms be2846.ccr42.fra03.atlas.cogentco.com (154.54.37.29)
342. 9 ...
343. 10 79.39 ms be2456.rcr21.b015960-1.ams03.atlas.cogentco.com (130.117.49.146)
344. 11 137.41 ms newhosting.yesbackpage.de (149.210.248.3)
345.  
346. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
347. Nmap done: 1 IP address (1 host up) scanned in 174.33 seconds