SHARE
TWEET

OP DeathEathers full recon JTSEC Anonymous #5

a guest May 16th, 2017 2,236 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Hostname    punylolly.club      ISP     JSC ISPsystem (AS29182)
  2. Continent   Europe      Flag    
  3. RU
  4. Country     Russian Federation      Country Code    RU (RUS)
  5. Region  Unknown         Local time  16 May 2017 04:52 MSK
  6. City    Unknown         Latitude    55.739
  7. IP Address  185.60.134.250      Longitude   37.607
  8. ################################################################################################################################################
  9. punylolly.club  
  10.  
  11. ###################################################################################################################################################
  12.  
  13. whois punylolly.club
  14. Domain Name: punylolly.club
  15. Domain ID: DBA07204CD2514F1288D2126BD5DB52DD-NSR
  16. WHOIS Server: whois.namecheap.com
  17. Referral URL: http://www.namecheap.com
  18. Updated Date: 2017-04-22T13:08:37Z
  19. Creation Date: 2017-04-07T14:14:16Z
  20. Registry Expiry Date: 2018-04-07T14:14:16Z
  21. Sponsoring Registrar: NameCheap, Inc.
  22. Sponsoring Registrar IANA ID: 1068
  23. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  24. Registrant ID: CC6D7C28F41CE44B783C364A2AF5A41A7-NSR
  25. Registrant Name: WhoisGuard Protected
  26. Registrant Organization: WhoisGuard, Inc.
  27. Registrant Street: P.O. Box 0823-03411
  28. Registrant Street:
  29. Registrant Street:
  30. Registrant City: Panama
  31. Registrant State/Province: Panama
  32. Registrant Postal Code: 0
  33. Registrant Country: PA
  34. Registrant Phone: +507.8365503
  35. Registrant Phone Ext:
  36. Registrant Fax: +51.17057182
  37. Registrant Fax Ext:
  38. Registrant Email: 8f6575c3721a4470abca44930cec37de.protect@whoisguard.com
  39. Admin ID: C7D54A552642B4E64883EB195F80EC9BC-NSR
  40. Admin Name: WhoisGuard Protected
  41. Admin Organization: WhoisGuard, Inc.
  42. Admin Street: P.O. Box 0823-03411
  43. Admin Street:
  44. Admin Street:
  45. Admin City: Panama
  46. Admin State/Province: Panama
  47. Admin Postal Code: 0
  48. Admin Country: PA
  49. Admin Phone: +507.8365503
  50. Admin Phone Ext:
  51. Admin Fax: +51.17057182
  52. Admin Fax Ext:
  53. Admin Email: 8f6575c3721a4470abca44930cec37de.protect@whoisguard.com
  54. Tech ID: C49D22D19CE044CAFA194BE1F445741EE-NSR
  55. Tech Name: WhoisGuard Protected
  56. Tech Organization: WhoisGuard, Inc.
  57. Tech Street: P.O. Box 0823-03411
  58. Tech Street:
  59. Tech Street:
  60. Tech City: Panama
  61. Tech State/Province: Panama
  62. Tech Postal Code: 0
  63. Tech Country: PA
  64. Tech Phone: +507.8365503
  65. Tech Phone Ext:
  66. Tech Fax: +51.17057182
  67. Tech Fax Ext:
  68. Tech Email: 8f6575c3721a4470abca44930cec37de.protect@whoisguard.com
  69. Name Server: ns3.zonomi.com
  70. Name Server: ns6.zonomi.com
  71. Name Server: ns1.zonomi.com
  72. Name Server: ns4.zonomi.com
  73. Name Server: ns5.zonomi.com
  74. Name Server: ns2.zonomi.com
  75.  
  76. ###################################################################################################################################################
  77.  
  78. dig punylolly.club any
  79. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  80.  
  81. ; <<>> DiG 9.10.3-P4-Debian <<>> punylolly.club any
  82. ;; global options: +cmd
  83. ;; Got answer:
  84. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17001
  85. ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
  86.  
  87. ;; OPT PSEUDOSECTION:
  88. ; EDNS: version: 0, flags:; udp: 4096
  89. ;; QUESTION SECTION:
  90. ;punylolly.club.            IN  ANY
  91.  
  92. ;; ANSWER SECTION:
  93. punylolly.club.     3600    IN  MX  0 punylolly.club.
  94. punylolly.club.     3180    IN  A   185.60.134.250
  95. punylolly.club.     3600    IN  NS  ns1.zonomi.com.
  96. punylolly.club.     3600    IN  NS  ns6.zonomi.com.
  97. punylolly.club.     86400   IN  SOA ns1.zonomi.com. soacontact.zonomi.com. 11 10800 3600 604800 3600
  98.  
  99. ;; Query time: 54 msec
  100. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  101. ;; WHEN: Mon May 15 21:52:43 EDT 2017
  102. ;; MSG SIZE  rcvd: 168
  103.  
  104. ###################################################################################################################################################
  105.  
  106. host -l punylolly.club
  107.  
  108. ;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for punylolly.club failed: connection refused.
  109.  
  110. ###################################################################################################################################################
  111.  
  112. tcptraceroute -i eth0 punylolly.club
  113.  
  114. Running:
  115.     traceroute -T -O info -i eth0 punylolly.club
  116. traceroute to punylolly.club (185.60.134.250), 30 hops max, 60 byte packets
  117. send: Opération non permise
  118.  
  119. ###################################################################################################################################################
  120.  
  121.  
  122.  
  123. ###################################################################################################################################################
  124.  
  125. dnstracer punylolly.club
  126.  
  127. Tracing to punylolly.club[a] via 192.168.1.254, maximum of 3 retries
  128. 192.168.1.254 (192.168.1.254)
  129.  
  130. ###################################################################################################################################################
  131.  
  132.  
  133. Checking for HTTP-Loadbalancing [Date]: 01:53:15, 01:53:15, 01:53:16, 01:53:16, 01:53:16, 01:53:17, 01:53:17, 01:53:17, 01:53:18, 01:53:18, 01:53:18, 01:53:19, 01:53:19, 01:53:19, 01:53:20, 01:53:20, 01:53:20, 01:53:21, 01:53:21, 01:53:21, 01:53:22, 01:53:22, 01:53:22, 01:53:23, 01:53:23, 01:53:23, 01:53:24, 01:53:24, 01:53:24, 01:53:25, 01:53:25, 01:53:25, 01:53:26, 01:53:26, 01:53:26, 01:53:27, 01:53:27, 01:53:27, 01:53:28, 01:53:28, 01:53:28, 01:53:29, 01:53:29, 01:53:29, 01:53:30, 01:53:30, 01:53:30, 01:53:31, 01:53:31, 01:53:31, NOT FOUND
  134.  
  135. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  136.  
  137. punylolly.club does NOT use Load-balancing.
  138.  
  139.  
  140. nmap -PN -n -F -T4 -sV -A -oG temp.txt punylolly.club
  141.  
  142. Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 21:53 EDT
  143. Nmap scan report for punylolly.club (185.60.134.250)
  144. Host is up (0.15s latency).
  145. Not shown: 96 closed ports
  146. PORT      STATE    SERVICE VERSION
  147. 22/tcp    open     ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
  148. | ssh-hostkey:
  149. |   1024 d5:fa:51:27:2a:f5:6b:68:ff:ca:97:fc:b4:fa:79:af (DSA)
  150. |   2048 e0:a2:e0:35:34:40:8b:f9:40:fe:2e:da:5c:72:67:d9 (RSA)
  151. |_  256 4b:0d:b4:8f:fe:2b:ba:39:d6:e9:74:06:c1:de:1e:d0 (ECDSA)
  152. 53/tcp    filtered domain
  153. 80/tcp    open     http    nginx 1.4.6 (Ubuntu)
  154. | http-server-header:
  155. |   Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30
  156. |_  nginx/1.4.6 (Ubuntu)
  157. |_http-title: Teen photo - fucklol
  158. 49152/tcp filtered unknown
  159. Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.32 - 3.1 (95%), Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%), Linux 3.10 (94%), Linux 3.2 (94%), HP P2000 G3 NAS device (93%), Linux 3.8 (93%), Linux 2.6.32 - 3.10 (92%)
  160. No exact OS matches for host (test conditions non-ideal).
  161. Network Distance: 12 hops
  162. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  163.  
  164. TRACEROUTE (using port 1723/tcp)
  165. HOP RTT       ADDRESS
  166. 1   30.44 ms  10.42.0.1
  167. 2   30.49 ms  162.247.73.3
  168. 3   38.56 ms  184.105.64.177
  169. 4   137.56 ms 184.105.81.78
  170. 5   114.50 ms 72.52.92.14
  171. 6   112.55 ms 216.66.89.226
  172. 7   151.83 ms 213.59.211.63
  173. 8   ...
  174. 9   154.31 ms 185.129.101.77
  175. 10  152.05 ms 92.63.108.98
  176. 11  151.87 ms 92.63.100.224
  177. 12  154.84 ms 185.60.134.250
  178.  
  179. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  180. Nmap done: 1 IP address (1 host up) scanned in 24.74 seconds
  181.  
  182. ###################################################################################################################################################
  183. amap -i temp.txt
  184. amap v5.4 (www.thc.org/thc-amap) started at 2017-05-15 21:54:01 - APPLICATION MAPPING mode
  185.  
  186. Protocol on 185.60.134.250:80/tcp matches http
  187. Protocol on 185.60.134.250:22/tcp matches ssh
  188. Protocol on 185.60.134.250:22/tcp matches ssh-openssh
  189.  
  190. Unidentified ports: none.
  191.  
  192. amap v5.4 finished at 2017-05-15 21:54:07
  193.  
  194. ###################################################################################################################################################
  195.  
  196.  
  197.  
  198. inetnum:        185.60.134.0 - 185.60.135.255
  199. netname:        THEFIRST-NET
  200. org:            ORG-FVDS1-RIPE
  201. descr:          TheFirst-RU customers WebDC colocation
  202. country:        RU
  203. admin-c:        FRST3-RIPE
  204. tech-c:         FRST3-RIPE
  205. status:         ASSIGNED PA
  206. mnt-by:         THEFIRST-MNT
  207. created:        2014-09-18T03:19:42Z
  208. last-modified:  2016-04-20T04:41:58Z
  209. source:         RIPE
  210.  
  211. organisation:   ORG-FVDS1-RIPE
  212. org-name:       CJSC THE FIRST
  213. org-type:       OTHER
  214. address:        CJSC The First, Raduzhny 34a
  215. address:        PoBox64, Irkutsk, 664017
  216. address:        Russian Federation
  217. abuse-mailbox:  abuse@abusehost.ru
  218. abuse-c:        AR34130-RIPE
  219. mnt-ref:        THEFIRST-MNT
  220. mnt-by:         THEFIRST-MNT
  221. created:        2012-02-14T06:27:22Z
  222. last-modified:  2016-03-30T08:08:41Z
  223. source:         RIPE # Filtered
  224.  
  225. role:           The First JSC Network Operations
  226. address:        The First JSC
  227. address:        Office 2, 34a, Raduzhny m-r
  228. address:        664017
  229. address:        Irkutsk
  230. address:        Russian Federation
  231. phone:          +7 (495) 663 73 72
  232. fax-no:         +7 (3952) 52 57 89
  233. remarks:        trouble: -------------------------------------------------------
  234. remarks:        trouble: Points of contact for The First CJSC Network Operations
  235. remarks:        trouble: -------------------------------------------------------
  236. remarks:        trouble: Routing and peering issues: noc@firstvds.ru
  237. remarks:        trouble: SPAM issues: abuse@abusehost.ru
  238. remarks:        trouble: Mail issues: abuse@abusehost.ru
  239. remarks:        trouble: General information: noc@firstvds.ru
  240. remarks:        trouble: -------------------------------------------------------
  241. admin-c:        AA26905-RIPE
  242. tech-c:         ST6386-RIPE
  243. nic-hdl:        FRST3-RIPE
  244. mnt-by:         THEFIRST-MNT
  245. created:        2014-09-12T07:34:10Z
  246. last-modified:  2016-12-08T09:16:51Z
  247. source:         RIPE # Filtered
  248. abuse-mailbox:  abuse@abusehost.ru
  249.  
  250. % Information related to '185.60.134.0/23AS29182'
  251.  
  252. route:          185.60.134.0/23
  253. descr:          TheFirst-RU
  254. origin:         AS29182
  255. mnt-by:         THEFIRST-MNT
  256. created:        2014-06-20T02:26:16Z
  257. last-modified:  2016-04-20T04:42:40Z
  258. source:         RIPE
  259. +] using maximum random delay of 10 millisecond(s) between requests
  260.  
  261. www.punylolly.club
  262. IP address #1: 185.60.134.250
  263.  
  264. [+] 1 (sub)domains and 1 IP address(es) found
  265. [+] Emails found:
  266. ------------------
  267. pixel-1494899625698393-web-@punylolly.club
  268. pixel-1494899626203411-web-@punylolly.club
  269.  
  270. [+] Hosts found in search engines:
  271. ------------------------------------
  272. [-] Resolving hostnames IPs...
  273. 185.60.134.250:www.punylolly.club
  274. [+] Virtual hosts:
  275. ==================
  276. 185.60.134.250  altupdate.ru › index.cgi?page=news › release.cgi&amp;GroupID=87
  277. 185.60.134.250  сроэксперт.рф
  278. 185.60.134.250  технопаркст.рф
  279. 185.60.134.250  сроэксперт.рф › lekarstvo-gipertonium-v-sredneuralske...
  280. 185.60.134.250  crystaldeluxe.ru
  281. 185.60.134.250  iwriteforyou.ru
  282. 185.60.134.250  m-reload.ru
  283. 185.60.134.250  altupdate.ru › index.cgi?page=news › release.cgi&amp;GroupID=104
  284. 185.60.134.250  nikita-tv.ru
  285. 185.60.134.250  snsite.ru
  286. 185.60.134.250  eurocubs.ru
  287. 185.60.134.250  cafe-arovana.ru
  288. 185.60.134.250  jaguar-boxing.ru
  289. Host's addresses:
  290. __________________
  291.  
  292. punylolly.club.                          3600     IN    A        185.60.134.250
  293.  
  294.  
  295. Name Servers:
  296. ______________
  297.  
  298. ns1.zonomi.com.                          5497     IN    A        45.79.211.52
  299. ns6.zonomi.com.                          5497     IN    A        106.186.121.42
  300.  
  301.  
  302. Mail (MX) Servers:
  303. ___________________
  304.  
  305. punylolly.club.                          3600     IN    A        185.60.134.250
  306. DNS Servers for punylolly.club:
  307.     ns1.zonomi.com
  308.     ns6.zonomi.com
  309.  
  310. Trying zone transfer first...
  311.     Testing ns1.zonomi.com
  312.         Request timed out or transfer not allowed.
  313.     Testing ns6.zonomi.com
  314.         Request timed out or transfer not allowed.
  315.  
  316. Unsuccessful in zone transfer (it was worth a shot)
  317. Okay, trying the good old fashioned way... brute force
  318.  
  319. Checking for wildcard DNS...
  320. Nope. Good.
  321. Now performing 2280 test(s)...
  322. 185.60.134.250  www.punylolly.club
  323.  
  324. Subnets found (may want to probe here using nmap or unicornscan):
  325.     185.60.134.0-255 : 1 hostnames found.
  326.  
  327. ---------------------------------------------------------------------------
  328. + Target IP:          185.60.134.250
  329. + Target Hostname:    punylolly.club
  330. + Target Port:        80
  331. + Start Time:         2017-05-15 21:53:34 (GMT-4)
  332. ---------------------------------------------------------------------------
  333. + Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30
  334. + Cookie PHPSESSID created without the httponly flag
  335. + Retrieved x-powered-by header: PHP/5.6.30
  336. + The anti-clickjacking X-Frame-Options header is not present.
  337. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  338. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  339. + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x18 0x54e6a12a1c2a1
  340. + Server banner has changed from 'Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30' to 'nginx/1.4.6 (Ubuntu)' which may suggest a WAF, load balancer or proxy is in place
  341. + OpenSSL/1.0.1e-fips appears to be outdated (current is at least 1.0.1j). OpenSSL 1.0.0o and 0.9.8zc are also current.
  342. + Apache/2.4.6 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
  343. + Multiple index files found: /index.html, /index.php
  344. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  345. + /config.php: PHP Config file may contain database IDs and passwords.
  346. + Uncommon header 'referrer-policy' found, with contents: no-referrer
  347. + Uncommon header 'x-ob_mode' found, with contents: 1
  348. + Uncommon header 'x-permitted-cross-domain-policies' found, with contents: none
  349. + Uncommon header 'x-robots-tag' found, with contents: noindex, nofollow
  350. + OSVDB-3268: /icons/: Directory indexing found.
  351. + OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version.
  352. + OSVDB-3233: /icons/README: Apache default file found.
  353. + Cookie n_tpl created without the httponly flag
  354. + /phpMyAdmin/: phpMyAdmin directory found
  355. + /phpmyadmin/: phpMyAdmin directory found
  356. + 8262 requests: 6 error(s) and 21 item(s) reported on remote host
  357. + End Time:           2017-05-15 22:31:10 (GMT-4) (2256 seconds)
  358. ---------------------------------------------------------------------------
  359. ################################################################################################################################################
  360. Hostname    sexygirlsporntube.net       ISP     CloudFlare (AS13335)
  361. Continent   North America       Flag    
  362. US
  363. Country     United States       Country Code    US (USA)
  364. Region  CA      Local time  15 May 2017 19:36 PDT
  365. Metropolis*     San Francisco-Oakland-San Jose          Postal Code     94107
  366. City    San Francisco       Latitude    37.77
  367. IP Address  104.28.4.162        Longitude   -122.393
  368. ################################################################################################################################################
  369. sexygirlsporntube.net
  370.  
  371. ###################################################################################################################################################
  372. whois sexygirlsporntube.net
  373.  
  374. Whois Server Version 2.0
  375.  
  376. Domain names in the .com and .net domains can now be registered
  377. with many different competing registrars. Go to http://www.internic.net
  378. for detailed information.
  379.  
  380.    Domain Name: SEXYGIRLSPORNTUBE.NET
  381.    Registrar: REGTIME LTD.
  382.    Sponsoring Registrar IANA ID: 1362
  383.    Whois Server: whois.webnames.ru
  384.    Referral URL: http://www.webnames.ru
  385.    Name Server: CRUZ.NS.CLOUDFLARE.COM
  386.    Name Server: RUDY.NS.CLOUDFLARE.COM
  387.    Status: ok https://icann.org/epp#ok
  388.    Updated Date: 31-dec-2016
  389.    Creation Date: 03-jan-2016
  390.    Expiration Date: 03-jan-2018
  391.  
  392.  
  393. Domain Name: SEXYGIRLSPORNTUBE.NET
  394. Registry Domain ID: 1991478488_DOMAIN_NET-VRSN
  395. Registrar WHOIS Server: whois.regtime.net
  396. Registrar URL: http://www.webnames.ru
  397. Updated Date: 2016-12-31T16:05:04Z
  398. Creation Date: 2016-01-04T00:00:00Z
  399. Registrar Registration Expiration Date: 2018-01-04T04:00:00Z
  400. Registrar: REGTIME LTD.
  401. Registrar IANA ID: 1362
  402. Registrar Abuse Contact Email: abuse@regtime.net
  403. Registrar Abuse Contact Phone: +7.8463733047
  404. Domain Status: OK
  405. Registry Registrant ID:
  406. Registrant Name: Aleksandr Sergeev
  407. Registrant Organization: Aleksandr Sergeev
  408. Registrant Street: Danchenko 11, kv.52
  409. Registrant City: Illyichevsk
  410. Registrant State/Province: Odeska
  411. Registrant Postal Code: 48001
  412. Registrant Country: UA
  413. Registrant Phone: +3.80930018743
  414. Registrant Email: kalif1980@mail.ru
  415. Registry Admin ID:
  416. Admin Name: Aleksandr Sergeev
  417. Admin Organization: Aleksandr Sergeev
  418. Admin Street: Danchenko 11, kv.52
  419. Admin City: Illyichevsk
  420. Admin State/Province: Odeska
  421. Admin Postal Code: 48001
  422. Admin Country: UA
  423. Admin Phone: +3.80930018743
  424. Admin Email: kalif1980@mail.ru
  425. Registry Tech ID:
  426. Tech Name: Aleksandr Sergeev
  427. Tech Organization: Aleksandr Sergeev
  428. Tech Street: Danchenko 11, kv.52
  429. Tech City: Illyichevsk
  430. Tech State/Province: Odeska
  431. Tech Postal Code: 48001
  432. Tech Country: UA
  433. Tech Phone: +3.80930018743
  434. Tech Email: kalif1980@mail.ru
  435. Name Server: RUDY.NS.CLOUDFLARE.COM
  436. Name Server: CRUZ.NS.CLOUDFLARE.COM
  437. ###################################################################################################################################################
  438.  
  439. dig sexygirlsporntube.net any
  440. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  441.  
  442. ; <<>> DiG 9.10.3-P4-Debian <<>> sexygirlsporntube.net any
  443. ;; global options: +cmd
  444. ;; Got answer:
  445. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5612
  446. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  447.  
  448. ;; OPT PSEUDOSECTION:
  449. ; EDNS: version: 0, flags:; udp: 4096
  450. ;; QUESTION SECTION:
  451. ;sexygirlsporntube.net.     IN  ANY
  452.  
  453. ;; ANSWER SECTION:
  454. sexygirlsporntube.net.  3789    IN  HINFO   "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
  455.  
  456. ;; Query time: 33 msec
  457. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  458. ;; WHEN: Mon May 15 22:33:20 EDT 2017
  459. ;; MSG SIZE  rcvd: 108
  460.  
  461.  
  462.  
  463. #######################################################################################################################
  464.  
  465. dnstracer sexygirlsporntube.net
  466.  
  467. Tracing to sexygirlsporntube.net[a] via 192.168.1.254, maximum of 3 retries
  468. 192.168.1.254 (192.168.1.254)
  469.  
  470. #######################################################################################################################################
  471.  
  472.  
  473.  
  474. Checking for HTTP-Loadbalancing [Date]: 02:33:40, 02:33:40, 02:33:40, 02:33:40, 02:33:40, 02:33:40, 02:33:40, 02:33:40, 02:33:40, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:45, 02:33:45, NOT FOUND
  475.  
  476. Checking for HTTP-Loadbalancing [Diff]: FOUND
  477. < CF-RAY: 35faef19e2f9185e-EWR
  478. > CF-RAY: 35faef1ac0091882-EWR
  479.  
  480. sexygirlsporntube.net does Load-balancing. Found via Methods: DNS HTTP[Diff]
  481.  
  482. #######################################################################################################################################
  483.  
  484. nmap -PN -n -F -T4 -sV -A -oG temp.txt sexygirlsporntube.net
  485.  
  486. Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 22:33 EDT
  487. Nmap scan report for sexygirlsporntube.net (104.28.4.162)
  488. Host is up (0.031s latency).
  489. Other addresses for sexygirlsporntube.net (not scanned): 2400:cb00:2048:1::681c:5a2 2400:cb00:2048:1::681c:4a2 104.28.5.162
  490. Not shown: 92 filtered ports
  491. PORT     STATE  SERVICE      VERSION
  492. 25/tcp   closed smtp
  493. 80/tcp   open   http         Cloudflare nginx
  494. |_http-server-header: cloudflare-nginx
  495. |_http-title: Sexy Girls Porn Tube
  496. 135/tcp  closed msrpc
  497. 139/tcp  closed netbios-ssn
  498. 443/tcp  open   ssl/http     Cloudflare nginx
  499. |_http-server-header: cloudflare-nginx
  500. |_http-title: Sexy Girls Porn Tube
  501. | ssl-cert: Subject: commonName=sni229477.cloudflaressl.com
  502. | Subject Alternative Name: DNS:sni229477.cloudflaressl.com, DNS:*.abmovies.xyz, DNS:*.chocolaterie-larra.fr, DNS:*.downloadmp3songs9.com, DNS:*.effitelecom.com, DNS:*.fahland.xyz, DNS:*.fivedaydetoxjumpstart.com, DNS:*.gaythetic.cf, DNS:*.lustdejasnodid.cf, DNS:*.markbestsearpibi.tk, DNS:*.methocontkersa.tk, DNS:*.msftexpress.com, DNS:*.natur.eu, DNS:*.naturalicious.uk.com, DNS:*.raimicdisppsychpor.ga, DNS:*.senatorevini.com, DNS:*.sexygirlsporntube.net, DNS:*.teenshottube.net, DNS:*.virginsex.biz, DNS:*.wordnobwilchdermutt.ga, DNS:*.wp7app.de, DNS:*.xhamstervideo.org, DNS:abmovies.xyz, DNS:chocolaterie-larra.fr, DNS:downloadmp3songs9.com, DNS:effitelecom.com, DNS:fahland.xyz, DNS:fivedaydetoxjumpstart.com, DNS:gaythetic.cf, DNS:lustdejasnodid.cf, DNS:markbestsearpibi.tk, DNS:methocontkersa.tk, DNS:msftexpress.com, DNS:natur.eu, DNS:naturalicious.uk.com, DNS:raimicdisppsychpor.ga, DNS:senatorevini.com, DNS:sexygirlsporntube.net, DNS:teenshottube.net, DNS:virginsex.biz, DNS:wordnobwilchdermutt.ga, DNS:wp7app.de, DNS:xhamstervideo.org
  503. | Not valid before: 2017-04-21T00:00:00
  504. |_Not valid after:  2017-10-28T23:59:59
  505. 445/tcp  closed microsoft-ds
  506. 8080/tcp open   http         Cloudflare nginx
  507. |_http-server-header: cloudflare-nginx
  508. |_http-title: sexygirlsporntube.net | 521: Web server is down
  509. 8443/tcp open   ssl/http     Cloudflare nginx
  510. |_http-server-header: cloudflare-nginx
  511. |_http-title: sexygirlsporntube.net | 521: Web server is down
  512. | ssl-cert: Subject: commonName=sni229477.cloudflaressl.com
  513. | Subject Alternative Name: DNS:sni229477.cloudflaressl.com, DNS:*.abmovies.xyz, DNS:*.chocolaterie-larra.fr, DNS:*.downloadmp3songs9.com, DNS:*.effitelecom.com, DNS:*.fahland.xyz, DNS:*.fivedaydetoxjumpstart.com, DNS:*.gaythetic.cf, DNS:*.lustdejasnodid.cf, DNS:*.markbestsearpibi.tk, DNS:*.methocontkersa.tk, DNS:*.msftexpress.com, DNS:*.natur.eu, DNS:*.naturalicious.uk.com, DNS:*.raimicdisppsychpor.ga, DNS:*.senatorevini.com, DNS:*.sexygirlsporntube.net, DNS:*.teenshottube.net, DNS:*.virginsex.biz, DNS:*.wordnobwilchdermutt.ga, DNS:*.wp7app.de, DNS:*.xhamstervideo.org, DNS:abmovies.xyz, DNS:chocolaterie-larra.fr, DNS:downloadmp3songs9.com, DNS:effitelecom.com, DNS:fahland.xyz, DNS:fivedaydetoxjumpstart.com, DNS:gaythetic.cf, DNS:lustdejasnodid.cf, DNS:markbestsearpibi.tk, DNS:methocontkersa.tk, DNS:msftexpress.com, DNS:natur.eu, DNS:naturalicious.uk.com, DNS:raimicdisppsychpor.ga, DNS:senatorevini.com, DNS:sexygirlsporntube.net, DNS:teenshottube.net, DNS:virginsex.biz, DNS:wordnobwilchdermutt.ga, DNS:wp7app.de, DNS:xhamstervideo.org
  514. | Not valid before: 2017-04-21T00:00:00
  515. |_Not valid after:  2017-10-28T23:59:59
  516. Aggressive OS guesses: OpenWrt Kamikaze 7.09 (Linux 2.6.22) (92%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), HP P2000 G3 NAS device (91%), Linux 3.18 (90%), Linux 2.6.32 (90%), Linux 3.0 (89%), ProVision-ISR security DVR (89%), Linux 3.12 - 3.18 (89%), Linux 2.4.18 (88%)
  517. No exact OS matches for host (test conditions non-ideal).
  518. Network Distance: 2 hops
  519.  
  520. TRACEROUTE (using port 25/tcp)
  521. HOP RTT      ADDRESS
  522. 1   31.19 ms 10.42.0.1
  523. 2   31.02 ms 104.28.4.162
  524.  
  525. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  526. Nmap done: 1 IP address (1 host up) scanned in 27.76 seconds
  527.  
  528. #######################################################################################################################################
  529.  
  530. amap -i temp.txt
  531. amap v5.4 (www.thc.org/thc-amap) started at 2017-05-15 22:34:00 - APPLICATION MAPPING mode
  532.  
  533. Protocol on 104.28.4.162:443/tcp matches http
  534. Protocol on 104.28.4.162:80/tcp matches http
  535. Protocol on 104.28.4.162:8080/tcp matches http
  536. Protocol on 104.28.4.162:8443/tcp matches http
  537. Protocol on 104.28.4.162:443/tcp matches ssl
  538. Protocol on 104.28.4.162:8443/tcp matches ssl
  539.  
  540. Unidentified ports: none.
  541.  
  542. amap v5.4 finished at 2017-05-15 22:34:06
  543.  
  544.  
  545.  
  546. NetRange:       104.16.0.0 - 104.31.255.255
  547. CIDR:           104.16.0.0/12
  548. NetName:        CLOUDFLARENET
  549. NetHandle:      NET-104-16-0-0-1
  550. Parent:         NET104 (NET-104-0-0-0-0)
  551. NetType:        Direct Assignment
  552. OriginAS:       AS13335
  553. Organization:   Cloudflare, Inc. (CLOUD14)
  554. RegDate:        2014-03-28
  555. Updated:        2017-02-17
  556. Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  557. Ref:            https://whois.arin.net/rest/net/NET-104-16-0-0-1
  558.  
  559.  
  560.  
  561. OrgName:        Cloudflare, Inc.
  562. OrgId:          CLOUD14
  563. Address:        101 Townsend Street
  564. City:           San Francisco
  565. StateProv:      CA
  566. PostalCode:     94107
  567. Country:        US
  568. RegDate:        2010-07-09
  569. Updated:        2017-02-17
  570. Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  571. Ref:            https://whois.arin.net/rest/org/CLOUD14
  572.  
  573.  
  574. OrgTechHandle: ADMIN2521-ARIN
  575. OrgTechName:   Admin
  576. OrgTechPhone:  +1-650-319-8930
  577. OrgTechEmail:  admin@cloudflare.com
  578. OrgTechRef:    https://whois.arin.net/rest/poc/ADMIN2521-ARIN
  579.  
  580. OrgAbuseHandle: ABUSE2916-ARIN
  581. OrgAbuseName:   Abuse
  582. OrgAbusePhone:  +1-650-319-8930
  583. OrgAbuseEmail:  abuse@cloudflare.com
  584. OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE2916-ARIN
  585.  
  586. OrgNOCHandle: NOC11962-ARIN
  587. OrgNOCName:   NOC
  588. OrgNOCPhone:  +1-650-319-8930
  589. OrgNOCEmail:  noc@cloudflare.com
  590. OrgNOCRef:    https://whois.arin.net/rest/poc/NOC11962-ARIN
  591.  
  592. RNOCHandle: NOC11962-ARIN
  593. RNOCName:   NOC
  594. RNOCPhone:  +1-650-319-8930
  595. RNOCEmail:  noc@cloudflare.com
  596. RNOCRef:    https://whois.arin.net/rest/poc/NOC11962-ARIN
  597.  
  598. RAbuseHandle: ABUSE2916-ARIN
  599. RAbuseName:   Abuse
  600. RAbusePhone:  +1-650-319-8930
  601. RAbuseEmail:  abuse@cloudflare.com
  602. RAbuseRef:    https://whois.arin.net/rest/poc/ABUSE2916-ARIN
  603.  
  604. RTechHandle: ADMIN2521-ARIN
  605. RTechName:   Admin
  606. RTechPhone:  +1-650-319-8930
  607. RTechEmail:  admin@cloudflare.com
  608. RTechRef:    https://whois.arin.net/rest/poc/ADMIN2521-ARIN
  609. DNS Servers for sexygirlsporntube.net:
  610.     cruz.ns.cloudflare.com
  611.     rudy.ns.cloudflare.com
  612.  
  613. Trying zone transfer first...
  614.     Testing cruz.ns.cloudflare.com
  615.         Request timed out or transfer not allowed.
  616.     Testing rudy.ns.cloudflare.com
  617.         Request timed out or transfer not allowed.
  618.  
  619. Unsuccessful in zone transfer (it was worth a shot)
  620. Okay, trying the good old fashioned way... brute force
  621. -----   sexygirlsporntube.net   -----
  622.  
  623.  
  624. Host's addresses:
  625. __________________
  626.  
  627. sexygirlsporntube.net.                   36       IN    A        104.28.4.162
  628. sexygirlsporntube.net.                   36       IN    A        104.28.5.162
  629.  
  630.  
  631. Name Servers:
  632. ______________
  633.  
  634. rudy.ns.cloudflare.com.                  85814    IN    A        173.245.59.229
  635. cruz.ns.cloudflare.com.                  85814    IN    A        173.245.58.88
  636.  
  637.  
  638. Mail (MX) Servers:
  639. ___________________
  640.  
  641.  
  642.  
  643. Trying Zone Transfers and getting Bind Versions:
  644. _________________________________________________
  645. ---------------------------------------------------------------------------
  646. + Target IP:          104.28.4.162
  647. + Target Hostname:    sexygirlsporntube.net
  648. + Target Port:        80
  649. + Start Time:         2017-05-15 22:33:39 (GMT-4)
  650. ---------------------------------------------------------------------------
  651. + Server: cloudflare-nginx
  652. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  653. + Uncommon header 'cf-ray' found, with contents: 35faef44666d183a-EWR
  654. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  655. + All CGI directories 'found', use '-C none' to test none
  656. + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
  657. + 26097 requests: 0 error(s) and 3 item(s) reported on remote host
  658. + End Time:           2017-05-15 22:53:32 (GMT-4) (1193 seconds)
  659. ---------------------------------------------------------------------------
  660. + 1 host(s) tested
  661. #######################################################################################################################################
  662. Hostname    hotbrunette.club        ISP     IT Outsourcing LLC (AS64439)
  663. Continent   Europe      Flag    
  664. RU
  665. Country     Russian Federation      Country Code    RU (RUS)
  666. Region  Unknown         Local time  16 May 2017 06:10 MSK
  667. City    Unknown         Latitude    55.739
  668. IP Address  185.159.131.171         Longitude   37.607
  669. hotbrunette.club
  670.  
  671. #######################################################################################################################################
  672.  
  673. whois hotbrunette.club
  674. Domain Name: hotbrunette.club
  675. Domain ID: D1BB3108DC0AD4F87BFE7A987DAE3C374-NSR
  676. WHOIS Server: whois.namecheap.com
  677. Referral URL: http://www.namecheap.com
  678. Updated Date: 2017-04-24T03:14:24Z
  679. Creation Date: 2017-04-19T03:14:22Z
  680. Registry Expiry Date: 2018-04-19T03:14:22Z
  681. Sponsoring Registrar: NameCheap, Inc.
  682. Sponsoring Registrar IANA ID: 1068
  683. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  684. Registrant ID: C514008EDBA474F6E829A1044CEAE7CE8-NSR
  685. Registrant Name: WhoisGuard Protected
  686. Registrant Organization: WhoisGuard, Inc.
  687. Registrant Street: P.O. Box 0823-03411
  688. Registrant Street:
  689. Registrant Street:
  690. Registrant City: Panama
  691. Registrant State/Province: Panama
  692. Registrant Postal Code:
  693. Registrant Country: PA
  694. Registrant Phone: +507.8365503
  695. Registrant Phone Ext:
  696. Registrant Fax: +51.17057182
  697. Registrant Fax Ext:
  698. Registrant Email: 7b8051f05acc43dfb20ae5938353daea.protect@whoisguard.com
  699. Admin ID: CAF702A51784145F9B42A9A5A80CE8706-NSR
  700. Admin Name: WhoisGuard Protected
  701. Admin Organization: WhoisGuard, Inc.
  702. Admin Street: P.O. Box 0823-03411
  703. Admin Street:
  704. Admin Street:
  705. Admin City: Panama
  706. Admin State/Province: Panama
  707. Admin Postal Code:
  708. Admin Country: PA
  709. Admin Phone: +507.8365503
  710. Admin Phone Ext:
  711. Admin Fax: +51.17057182
  712. Admin Fax Ext:
  713. Admin Email: 7b8051f05acc43dfb20ae5938353daea.protect@whoisguard.com
  714. Tech ID: CF4DE84B67F9C4296B06DF917A8A8CAD5-NSR
  715. Tech Name: WhoisGuard Protected
  716. Tech Organization: WhoisGuard, Inc.
  717. Tech Street: P.O. Box 0823-03411
  718. Tech Street:
  719. Tech Street:
  720. Tech City: Panama
  721. Tech State/Province: Panama
  722. Tech Postal Code:
  723. Tech Country: PA
  724. Tech Phone: +507.8365503
  725. Tech Phone Ext:
  726. Tech Fax: +51.17057182
  727. Tech Fax Ext:
  728. Tech Email: 7b8051f05acc43dfb20ae5938353daea.protect@whoisguard.com
  729. Name Server: joel.ns.cloudflare.com
  730. Name Server: molly.ns.cloudflare.com
  731.  
  732. ;; OPT PSEUDOSECTION:
  733. ; EDNS: version: 0, flags:; udp: 4096
  734. ;; QUESTION SECTION:
  735. ;hotbrunette.club.      IN  ANY
  736.  
  737. ;; ANSWER SECTION:
  738. hotbrunette.club.   3789    IN  HINFO   "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
  739.  
  740. ;; Query time: 34 msec
  741. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  742. ;; WHEN: Mon May 15 23:11:09 EDT 2017
  743. ;; MSG SIZE  rcvd: 103
  744.  
  745. #######################################################################################################################
  746.  
  747. host -l hotbrunette.club
  748.  
  749. ;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for hotbrunette.club failed: connection refused.
  750.  
  751. #######################################################################################################################
  752.  
  753. tcptraceroute -i eth0 hotbrunette.club
  754.  
  755. Running:
  756.     traceroute -T -O info -i eth0 hotbrunette.club
  757. traceroute to hotbrunette.club (185.159.131.171), 30 hops max, 60 byte packets
  758. send: Opération non permise
  759.  
  760. #######################################################################################################################
  761.  
  762. cd /pentest/enumeration/dnsenum
  763. perl dnsenum.pl --enum -f dns.txt --update a -r hotbrunette.club
  764.  
  765. ./Recon.sh: ligne 44 : cd: /pentest/enumeration/dnsenum: Aucun fichier ou dossier de ce type
  766. Can't open perl script "dnsenum.pl": Aucun fichier ou dossier de ce type
  767.  
  768. #######################################################################################################################################
  769.  
  770. dnstracer hotbrunette.club
  771.  
  772. Tracing to hotbrunette.club[a] via 192.168.1.254, maximum of 3 retries
  773. 192.168.1.254 (192.168.1.254)
  774.  
  775.  
  776.  
  777. Checking for HTTP-Loadbalancing [Date]: 03:10:35, 03:10:36, 03:10:36, 03:10:37, 03:10:37, 03:10:38, 03:10:39, 03:10:40, 03:10:41, 03:10:42, 03:10:42, 03:10:43, 03:10:44, 03:10:44, 03:10:45, 03:10:45, 03:10:46, 03:10:47, 03:10:48, 03:10:49, 03:10:49, 03:10:50, 03:10:50, 03:10:51, 03:10:52, 03:10:52, 03:10:53, 03:10:53, 03:10:54, 03:10:55, 03:10:55, 03:10:56, 03:10:56, 03:10:57, 03:10:58, 03:10:58, 03:10:59, 03:11:00, 03:11:00, 03:11:01, 03:11:01, 03:11:02, 03:11:05, 03:11:07, 03:11:07, 03:11:08, 03:11:09, 03:11:10, 03:11:12, 03:11:12, NOT FOUND
  778.  
  779. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  780.  
  781. hotbrunette.club does NOT use Load-balancing.
  782.  
  783.  
  784. nmap -PN -n -F -T4 -sV -A -oG temp.txt hotbrunette.club
  785.  
  786. Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 23:13 EDT
  787. Nmap scan report for hotbrunette.club (185.159.131.171)
  788. Host is up (0.10s latency).
  789. Not shown: 97 closed ports
  790. PORT   STATE    SERVICE VERSION
  791. 22/tcp open     ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
  792. | ssh-hostkey:
  793. |   1024 93:2c:e9:d1:ae:a1:01:ea:a8:9c:d3:8b:1c:8f:9a:b8 (DSA)
  794. |   2048 d7:1b:e1:19:2b:9e:df:ec:61:ec:a5:3c:b5:47:d3:5d (RSA)
  795. |_  256 0b:e1:66:21:42:47:f3:5d:86:bf:97:cc:2a:a2:c8:3e (ECDSA)
  796. 53/tcp filtered domain
  797. 80/tcp open     http    nginx 1.4.6 (Ubuntu)
  798. |_http-server-header: nginx/1.4.6 (Ubuntu)
  799. |_http-title: HOTBRUNETTE.CLUB
  800. Device type: general purpose|storage-misc|broadband router|router|WAP|media device
  801. Running (JUST GUESSING): Linux 2.6.X|3.X (95%), HP embedded (93%), MikroTik RouterOS 6.X (92%), Ubiquiti embedded (92%), Ubiquiti AirOS 5.X (92%), Infomir embedded (91%)
  802. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250
  803. Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.32 - 3.1 (95%), Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%), Linux 3.10 (94%), Linux 3.2 (94%), HP P2000 G3 NAS device (93%), Linux 3.8 (93%), Linux 2.6.32 - 3.10 (92%)
  804. No exact OS matches for host (test conditions non-ideal).
  805. Network Distance: 2 hops
  806. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  807.  
  808. TRACEROUTE (using port 139/tcp)
  809. HOP RTT      ADDRESS
  810. 1   31.39 ms 10.42.0.1
  811. 2   31.17 ms 185.159.131.171
  812.  
  813. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  814. Nmap done: 1 IP address (1 host up) scanned in 85.05 seconds
  815.  
  816. #######################################################################################################################
  817.  
  818. amap -i temp.txt
  819. amap v5.4 (www.thc.org/thc-amap) started at 2017-05-15 23:15:06 - APPLICATION MAPPING mode
  820.  
  821. Protocol on 185.159.131.171:22/tcp matches ssh
  822. Protocol on 185.159.131.171:22/tcp matches ssh-openssh
  823. Protocol on 185.159.131.171:80/tcp matches http
  824.  
  825. Unidentified ports: none.
  826.  
  827. amap v5.4 finished at 2017-05-15 23:15:13
  828.  
  829. ##############################################################################################################################################################################################################################################################################
  830.  
  831.  
  832.  
  833. inetnum:        185.159.131.0 - 185.159.131.255
  834. org:            ORG-IOL3-RIPE
  835. mnt-domains:    ru-itos-1-mnt
  836. netname:        SKYHOST_RUSSIAN_FACILITY
  837. remarks:        Professional webhosting solutions: https://skyhost.ru
  838. country:        RU
  839. admin-c:        SC18472-RIPE
  840. tech-c:         SC18472-RIPE
  841. status:         SUB-ALLOCATED PA
  842. mnt-routes:     MNT-SELECTEL
  843. mnt-by:         ru-itos-1-mnt
  844. created:        2016-07-18T11:26:04Z
  845. last-modified:  2016-08-31T07:24:12Z
  846. source:         RIPE
  847.  
  848. organisation:   ORG-IOL3-RIPE
  849. org-name:       IT Outsourcing LLC
  850. org-type:       LIR
  851. address:        Polushkina Rosha 16, building 3
  852. address:        150044
  853. address:        Yaroslavl
  854. address:        RUSSIAN FEDERATION
  855. admin-c:        SC18472-RIPE
  856. tech-c:         SC18472-RIPE
  857. abuse-c:        AR36943-RIPE
  858. mnt-ref:        ru-itos-1-mnt
  859. mnt-by:         RIPE-NCC-HM-MNT
  860. mnt-by:         ru-itos-1-mnt
  861. created:        2016-07-11T14:22:10Z
  862. last-modified:  2016-07-18T14:27:19Z
  863. source:         RIPE # Filtered
  864. phone:          +7  495 3691987
  865.  
  866. person:         Sergey Chekanov
  867. address:        Polushkina Rosha 16, building 3
  868. address:        150000
  869. address:        Yaroslavl
  870. address:        RUSSIAN FEDERATION
  871. phone:          +7 495 3691987
  872. nic-hdl:        SC18472-RIPE
  873. mnt-by:         ru-itos-1-mnt
  874. created:        2016-07-11T14:22:10Z
  875. last-modified:  2016-07-18T14:23:17Z
  876. source:         RIPE
  877.  
  878. % Information related to '185.159.130.0/23AS64439'
  879.  
  880. route:          185.159.130.0/23
  881. origin:         AS64439
  882. mnt-by:         ru-itos-1-mnt
  883. created:        2017-03-01T11:19:25Z
  884. last-modified:  2017-03-01T11:19:25Z
  885. source:         RIPE
  886. dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)
  887.  
  888. [+] searching (sub)domains for hotbrunette.club using built-in wordlist
  889. [+] using maximum random delay of 10 millisecond(s) between requests
  890.  
  891. www.hotbrunette.club
  892. IPv6 address #1: 2400:cb00:2048:1::6812:29c8
  893. IPv6 address #2: 2400:cb00:2048:1::6812:28c8
  894.  
  895. www.hotbrunette.club
  896. IP address #1: 104.18.41.200
  897. IP address #2: 104.18.40.200
  898.  
  899. [+] 2 (sub)domains and 4 IP address(es) found
  900. -----   hotbrunette.club   -----
  901.  
  902.  
  903. Host's addresses:
  904. __________________
  905.  
  906. hotbrunette.club.                        120      IN    A        185.159.131.171
  907.  
  908.  
  909. Name Servers:
  910. ______________
  911.  
  912. molly.ns.cloudflare.com.                 86399    IN    A        173.245.58.205
  913. joel.ns.cloudflare.com.                  86399    IN    A        173.245.59.184
  914.  
  915.  
  916. Mail (MX) Servers:
  917. ___________________
  918.  
  919.  
  920.  
  921. Trying Zone Transfers and getting Bind Versions:
  922. _________________________________________________
  923. DNS Servers for hotbrunette.club:
  924.     joel.ns.cloudflare.com
  925.     molly.ns.cloudflare.com
  926.  
  927. Trying zone transfer first...
  928.     Testing joel.ns.cloudflare.com
  929.         Request timed out or transfer not allowed.
  930.     Testing molly.ns.cloudflare.com
  931.         Request timed out or transfer not allowed.
  932.  
  933. Unsuccessful in zone transfer (it was worth a shot)
  934. Okay, trying the good old fashioned way... brute force
  935.  
  936. Checking for wildcard DNS...
  937. Nope. Good.
  938. Now performing 2280 test(s)...
  939. 104.18.40.200   www.hotbrunette.club
  940. 104.18.41.200   www.hotbrunette.club
  941.  
  942. Subnets found (may want to probe here using nmap or unicornscan):
  943.     104.18.40.0-255 : 1 hostnames found.104.18.41.0-255 : 1 hostnames found.
  944. ---------------------------------------------------------------------------
  945. + Target IP:          185.159.131.171
  946. + Target Hostname:    hotbrunette.club
  947. + Target Port:        80
  948. + Start Time:         2017-05-15 23:11:31 (GMT-4)
  949. ---------------------------------------------------------------------------
  950. + Server: nginx
  951. + Cookie PHPSESSID created without the httponly flag
  952. + Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.21
  953. + The anti-clickjacking X-Frame-Options header is not present.
  954. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  955. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  956. + No CGI Directories found (use '-C all' to force check all possible dirs)
  957. + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x58eaae56 0x41
  958. + Server banner has changed from 'nginx' to 'nginx/1.4.6 (Ubuntu)' which may suggest a WAF, load balancer or proxy is in place
  959. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  960. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  961. + ERROR: Error limit (20) reached for host, giving up. Last error: invalid HTTP response
  962. + Scan terminated:  4 error(s) and 8 item(s) reported on remote host
  963. + End Time:           2017-05-16 00:01:22 (GMT-4) (2991 seconds)
  964. ---------------------------------------------------------------------------
  965. #######################################################################################################################################
  966. Hostname    superteenz.com      ISP     Level 3 Communications, Inc. (AS3356)
  967. Continent   North America       Flag    
  968. PA
  969. Country     Panama      Country Code    PA (PAN)
  970. Region  Unknown         Local time  15 May 2017 23:01 EST
  971. City    Unknown         Latitude    9
  972. IP Address  200.74.240.209      Longitude   -80
  973. superteenz.com  
  974.  
  975. #######################################################################################################################
  976.  
  977. whois superteenz.com
  978.  
  979. Whois Server Version 2.0
  980.  
  981. Domain names in the .com and .net domains can now be registered
  982. with many different competing registrars. Go to http://www.internic.net
  983. for detailed information.
  984.  
  985.    Domain Name: SUPERTEENZ.COM
  986.    Registrar: BLUE RAZOR DOMAINS, LLC
  987.    Sponsoring Registrar IANA ID: 612
  988.    Whois Server: whois.bluerazor.com
  989.    Referral URL: http://www.bluerazor.com
  990.    Name Server: NS11.DOMAINCONTROL.COM
  991.    Name Server: NS12.DOMAINCONTROL.COM
  992.    Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
  993.    Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
  994.    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  995.    Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
  996.    Updated Date: 02-jan-2017
  997.    Creation Date: 28-apr-2014
  998.    Expiration Date: 28-apr-2018
  999.  
  1000.  
  1001. Domain Name: SUPERTEENZ.COM
  1002. Registry Domain ID: 1856449173_DOMAIN_COM-VRSN
  1003. Registrar WHOIS Server: whois.bluerazor.com
  1004. Registrar URL: http://www.bluerazor.com
  1005. Update Date: 2017-01-02T17:02:55Z
  1006. Creation Date: 2014-04-28T04:07:13Z
  1007. Registrar Registration Expiration Date: 2018-04-28T04:07:13Z
  1008. Registrar: Blue Razor Domains, LLC
  1009. Registrar IANA ID: 612
  1010. Registrar Abuse Contact Email: abuse@bluerazor.com
  1011. Registrar Abuse Contact Phone: +1.4806242505
  1012. Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
  1013. Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
  1014. Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
  1015. Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
  1016. Registry Registrant ID: Not Available From Registry
  1017. Registrant Name: Registration Private
  1018. Registrant Organization: Domains By Proxy, LLC
  1019. Registrant Street: DomainsByProxy.com
  1020. Registrant Street: 14455 N. Hayden Road
  1021. Registrant City: Scottsdale
  1022. Registrant State/Province: Arizona
  1023. Registrant Postal Code: 85260
  1024. Registrant Country: US
  1025. Registrant Phone: +1.4806242599
  1026. Registrant Phone Ext:
  1027. Registrant Fax: +1.4806242598
  1028. Registrant Fax Ext:
  1029. Registrant Email: SUPERTEENZ.COM@domainsbyproxy.com
  1030. Registry Admin ID: Not Available From Registry
  1031. Admin Name: Registration Private
  1032. Admin Organization: Domains By Proxy, LLC
  1033. Admin Street: DomainsByProxy.com
  1034. Admin Street: 14455 N. Hayden Road
  1035. Admin City: Scottsdale
  1036. Admin State/Province: Arizona
  1037. Admin Postal Code: 85260
  1038. Admin Country: US
  1039. Admin Phone: +1.4806242599
  1040. Admin Phone Ext:
  1041. Admin Fax: +1.4806242598
  1042. Admin Fax Ext:
  1043. Admin Email: SUPERTEENZ.COM@domainsbyproxy.com
  1044. Registry Tech ID: Not Available From Registry
  1045. Tech Name: Registration Private
  1046. Tech Organization: Domains By Proxy, LLC
  1047. Tech Street: DomainsByProxy.com
  1048. Tech Street: 14455 N. Hayden Road
  1049. Tech City: Scottsdale
  1050. Tech State/Province: Arizona
  1051. Tech Postal Code: 85260
  1052. Tech Country: US
  1053. Tech Phone: +1.4806242599
  1054. Tech Phone Ext:
  1055. Tech Fax: +1.4806242598
  1056. Tech Fax Ext:
  1057. Tech Email: SUPERTEENZ.COM@domainsbyproxy.com
  1058. Name Server: NS11.DOMAINCONTROL.COM
  1059. Name Server: NS12.DOMAINCONTROL.COM
  1060.  
  1061. #######################################################################################################################
  1062.  
  1063.  
  1064. ;; ANSWER SECTION:
  1065. superteenz.com.     3433    IN  A   200.74.240.209
  1066. superteenz.com.     3600    IN  NS  ns11.domaincontrol.com.
  1067. superteenz.com.     3600    IN  NS  ns12.domaincontrol.com.
  1068. superteenz.com.     3600    IN  SOA ns11.domaincontrol.com. dns.jomax.net. 2017051401 28800 7200 604800 600
  1069.  
  1070. ;; Query time: 671 msec
  1071. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  1072. ;; WHEN: Tue May 16 00:03:05 EDT 2017
  1073. ;; MSG SIZE  rcvd: 160
  1074.  
  1075. #######################################################################################################################
  1076.  
  1077. host -l superteenz.com
  1078.  
  1079. ;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for superteenz.com failed: connection refused.
  1080.  
  1081. ###################################################################################################################################################
  1082.  
  1083. tcptraceroute -i eth0 superteenz.com
  1084.  
  1085. Running:
  1086.     traceroute -T -O info -i eth0 superteenz.com
  1087. traceroute to superteenz.com (200.74.240.209), 30 hops max, 60 byte packets
  1088. send: Opération non permise
  1089.  
  1090. ###################################################################################################################################################
  1091.  
  1092.  
  1093. Checking for HTTP-Loadbalancing [Date]: 04:03:12, 04:03:13, 04:03:13, 04:03:13, 04:03:14, 04:03:14, 04:03:14, 04:03:15, 04:03:15, 04:03:16, 04:03:16, 04:03:16, 04:03:17, 04:03:17, 04:03:17, 04:03:18, 04:03:18, 04:03:19, 04:03:19, 04:03:19, 04:03:20, 04:03:20, 04:03:20, 04:03:21, 04:03:21, 04:03:22, 04:03:22, 04:03:22, 04:03:23, 04:03:23, 04:03:23, 04:03:24, 04:03:24, 04:03:25, 04:03:25, 04:03:25, 04:03:26, 04:03:26, 04:03:27, 04:03:27, 04:03:27, 04:03:28, 04:03:28, 04:03:28, 04:03:29, 04:03:29, 04:03:30, 04:03:30, 04:03:30, 04:03:31, NOT FOUND
  1094.  
  1095. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  1096.  
  1097. superteenz.com does NOT use Load-balancing.
  1098.  
  1099.  
  1100.  
  1101. nmap -PN -n -F -T4 -sV -A -oG temp.txt superteenz.com
  1102.  
  1103. Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-16 00:04 EDT
  1104. Nmap scan report for superteenz.com (200.74.240.209)
  1105. Host is up (0.16s latency).
  1106. Not shown: 97 closed ports
  1107. PORT     STATE    SERVICE VERSION
  1108. 53/tcp   filtered domain
  1109. 80/tcp   open     http    Apache httpd
  1110. |_http-server-header: Apache
  1111. |_http-title: SuperTeenz
  1112. 3306/tcp open     mysql   MySQL (unauthorized)
  1113. Device type: general purpose|storage-misc|broadband router|router|WAP|media device
  1114. Running (JUST GUESSING): Linux 2.6.X|3.X (95%), HP embedded (93%), MikroTik RouterOS 6.X (91%), Ubiquiti AirOS 5.X (91%), Infomir embedded (90%), Ubiquiti embedded (90%)
  1115. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/o:ubnt:airos:5.5.9 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/h:ubnt:airmax_nanostation
  1116. Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.32 - 3.1 (95%), Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 - 2.6.39 (93%), Linux 2.6.39 (93%), Linux 3.10 (93%), Linux 3.2 (93%), HP P2000 G3 NAS device (93%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%)
  1117. No exact OS matches for host (test conditions non-ideal).
  1118. Network Distance: 13 hops
  1119.  
  1120. TRACEROUTE (using port 587/tcp)
  1121. HOP RTT       ADDRESS
  1122. 1   30.23 ms  10.42.0.1
  1123. 2   30.58 ms  162.247.73.3
  1124. 3   30.99 ms  184.105.64.177
  1125. 4   ...
  1126. 5   32.37 ms  4.69.142.113
  1127. 6   ... 10
  1128. 11  142.14 ms 200.74.247.4
  1129. 12  143.62 ms 190.97.165.150
  1130. 13  165.95 ms 200.74.240.209
  1131.  
  1132. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1133. Nmap done: 1 IP address (1 host up) scanned in 21.72 seconds
  1134.  
  1135. ###################################################################################################################################################
  1136.  
  1137. amap -i temp.txt
  1138. amap v5.4 (www.thc.org/thc-amap) started at 2017-05-16 00:04:26 - APPLICATION MAPPING mode
  1139.  
  1140. Protocol on 200.74.240.209:3306/tcp matches mysql
  1141. Protocol on 200.74.240.209:3306/tcp matches mysql-secured
  1142. Protocol on 200.74.240.209:80/tcp matches http
  1143. Protocol on 200.74.240.209:80/tcp matches http-apache-2
  1144.  
  1145.  
  1146.  
  1147. inetnum:     200.74.240/21
  1148. status:      allocated
  1149. aut-num:     N/A
  1150. owner:       Cyber Cast International, S.A.
  1151. ownerid:     PA-CCIS-LACNIC
  1152. responsible: Cyber Cast Intl
  1153. address:     Addison House Plaza Suite 20, 507, 264-0852
  1154. address:     6-3783 - Panama - PA
  1155. country:     PA
  1156. phone:       +507  264-0852 []
  1157. owner-c:     CCS2
  1158. tech-c:      CCS2
  1159. abuse-c:     CCS2
  1160. inetrev:     200.74.240/24
  1161. nserver:     NS1.CYBERCASTCO.COM  
  1162. nsstat:      20170511 AA
  1163. nslastaa:    20170511
  1164. nserver:     NS2.CYBERCASTCO.COM  
  1165. nsstat:      20170511 AA
  1166. nslastaa:    20170511
  1167. created:     20090331
  1168. changed:     20090331
  1169.  
  1170. nic-hdl:     CCS2
  1171. person:      Cyber Cast International, S.A.
  1172. e-mail:      abuse@CCIPANAMA.COM
  1173. address:     Addison House Plaza Suite 20, 507, 264-0852
  1174. address:     6-3783 - panama - pa
  1175. country:     PA
  1176. phone:       +507  2640852 []
  1177. created:     20050405
  1178. changed:     20160415
  1179. [+] searching (sub)domains for superteenz.com using built-in wordlist
  1180. [+] using maximum random delay of 10 millisecond(s) between requests
  1181.  
  1182. test.superteenz.com
  1183. IP address #1: 185.145.131.176
  1184.  
  1185. www.superteenz.com
  1186. IP address #1: 200.74.240.209
  1187.  
  1188. [+] 2 (sub)domains and 2 IP address(es) found
  1189. [+] Emails found:
  1190. ------------------
  1191. No emails found
  1192.  
  1193. [+] Hosts found in search engines:
  1194. ------------------------------------
  1195. [-] Resolving hostnames IPs...
  1196. 200.74.240.209:Www.superteenz.com
  1197. 200.74.240.209:www.superteenz.com
  1198. [+] Virtual hosts:
  1199. ==================
  1200. 200.74.240.209  rapexxx.net
  1201. -----   superteenz.com   -----
  1202.  
  1203.  
  1204. Host's addresses:
  1205. __________________
  1206.  
  1207. superteenz.com.                          3600     IN    A        200.74.240.209
  1208.  
  1209.  
  1210. Name Servers:
  1211. ______________
  1212.  
  1213. ns11.domaincontrol.com.                  548      IN    A        216.69.185.6
  1214. ns12.domaincontrol.com.                  547      IN    A        208.109.255.6
  1215.  
  1216.  
  1217. Mail (MX) Servers:
  1218. ___________________
  1219. DNS Servers for superteenz.com:
  1220.     ns12.domaincontrol.com
  1221.     ns11.domaincontrol.com
  1222.  
  1223. Trying zone transfer first...
  1224.     Testing ns12.domaincontrol.com
  1225.         Request timed out or transfer not allowed.
  1226.     Testing ns11.domaincontrol.com
  1227.         Request timed out or transfer not allowed.
  1228.  
  1229. Unsuccessful in zone transfer (it was worth a shot)
  1230. Okay, trying the good old fashioned way... brute force
  1231.  
  1232. Checking for wildcard DNS...
  1233. Nope. Good.
  1234. Now performing 2280 test(s)...
  1235. 185.145.131.176 test.superteenz.com
  1236. 200.74.240.209  www.superteenz.com
  1237. ---------------------------------------------------------------------------
  1238. + Target IP:          200.74.240.209
  1239. + Target Hostname:    superteenz.com
  1240. + Target Port:        80
  1241. + Start Time:         2017-05-16 00:03:30 (GMT-4)
  1242. ---------------------------------------------------------------------------
  1243. + Server: Apache
  1244. + Retrieved x-powered-by header: PHP/5.2.17p1
  1245. + The anti-clickjacking X-Frame-Options header is not present.
  1246. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1247. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1248. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  1249. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
  1250. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1251. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1252. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1253. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1254. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  1255. + Scan terminated:  20 error(s) and 10 item(s) reported on remote host
  1256. + End Time:           2017-05-16 00:22:09 (GMT-4) (1119 seconds)
  1257. ---------------------------------------------------------------------------
  1258. ###############################################################################################################################################
  1259.  
  1260. Hostname    www.hotgirlsvids.com        ISP     Swiftway Sp. z o.o. (AS35017)
  1261. Continent   North America       Flag    
  1262. US
  1263. Country     United States       Country Code    US (USA)
  1264. Region  MT      Local time  15 May 2017 23:16 MDT
  1265. Metropolis  Unknown         Postal Code     Unknown
  1266. City    Unknown         Latitude    46.517
  1267. IP Address  37.1.213.109        Longitude   -112.121
  1268. hotgirlsvids.com
  1269.  
  1270. ###################################################################################################################################################
  1271.  
  1272. whois hotgirlsvids.com
  1273.  
  1274. Whois Server Version 2.0
  1275.  
  1276. Domain names in the .com and .net domains can now be registered
  1277. with many different competing registrars. Go to http://www.internic.net
  1278. for detailed information.
  1279.  
  1280.    Domain Name: HOTGIRLSVIDS.COM
  1281.    Registrar: TLD REGISTRAR SOLUTIONS LTD
  1282.    Sponsoring Registrar IANA ID: 1564
  1283.    Whois Server: whois.tldregistrarsolutions.com
  1284.    Referral URL: http://www.tldregistrarsolutions.com
  1285.    Name Server: NS-CANADA.TOPDNS.COM
  1286.    Name Server: NS-UK.TOPDNS.COM
  1287.    Name Server: NS-USA.TOPDNS.COM
  1288.    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  1289.    Updated Date: 21-apr-2017
  1290.    Creation Date: 15-may-2014
  1291.    Expiration Date: 15-may-2018
  1292.  
  1293.  
  1294. Domain Name: HOTGIRLSVIDS.COM
  1295. Registry Domain ID: 1858764190_DOMAIN_COM-VRSN
  1296. Registrar WHOIS Server: whois.tldregistrarsolutions.com
  1297. Registrar URL: http://www.tldregistrarsolutions.com
  1298. Updated Date: 2015-09-27T09:08:09Z
  1299. Creation Date: 2014-05-15T07:43:49Z
  1300. Registrar Registration Expiration Date: 2018-05-15T07:43:49Z
  1301. Registrar: TLD Registrar Solutions Ltd.
  1302. Registrar IANA ID: 1564
  1303. Registrar Abuse Contact Email: abuse@tldregistrarsolutions.com
  1304. Registrar Abuse Contact Phone: +1.5167401179
  1305. Reseller:
  1306. Domain Status: clientTransferProhibited - http://www.icann.org/epp#clientTransferProhibited
  1307. Registry Registrant ID:
  1308. Registrant Name: Domain Admin
  1309. Registrant Organization: Whois Privacy Corp.
  1310. Registrant Street: Ocean Centre, Montagu Foreshore, East Bay Street
  1311. Registrant City: Nassau
  1312. Registrant State/Province: New Providence
  1313. Registrant Postal Code:
  1314. Registrant Country: BS
  1315. Registrant Phone: +1.5163872248
  1316. Registrant Phone Ext:
  1317. Registrant Fax:
  1318. Registrant Fax Ext:
  1319. Registrant Email: hotgirlsvids.com-owner@customers.whoisprivacycorp.com
  1320. Registry Admin ID:
  1321. Admin Name: Domain Admin
  1322. Admin Organization: Whois Privacy Corp.
  1323. Admin Street: Ocean Centre, Montagu Foreshore, East Bay Street
  1324. Admin City: Nassau
  1325. Admin State/Province: New Providence
  1326. Admin Postal Code:
  1327. Admin Country: BS
  1328. Admin Phone: +1.5163872248
  1329. Admin Phone Ext:
  1330. Admin Fax:
  1331. Admin Fax Ext:
  1332. Admin Email: hotgirlsvids.com-admin@customers.whoisprivacycorp.com
  1333. Registry Tech ID:
  1334. Tech Name: Domain Admin
  1335. Tech Organization: Whois Privacy Corp.
  1336. Tech Street: Ocean Centre, Montagu Foreshore, East Bay Street
  1337. Tech City: Nassau
  1338. Tech State/Province: New Providence
  1339. Tech Postal Code:
  1340. Tech Country: BS
  1341. Tech Phone: +1.5163872248
  1342. Tech Phone Ext:
  1343. Tech Fax:
  1344. Tech Fax Ext:
  1345. Tech Email: hotgirlsvids.com-tech@customers.whoisprivacycorp.com
  1346. Name Server: ns-canada.topdns.com
  1347. Name Server: ns-uk.topdns.com
  1348. Name Server: ns-usa.topdns.com
  1349. DNSSEC: unsigned
  1350. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  1351. >>> Last update of WHOIS database: 2017-05-16T05:17:05Z <<<
  1352.  
  1353. #######################################################################################################################################
  1354.  
  1355. dig hotgirlsvids.com any
  1356. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  1357.  
  1358. ; <<>> DiG 9.10.3-P4-Debian <<>> hotgirlsvids.com any
  1359. ;; global options: +cmd
  1360. ;; Got answer:
  1361. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 324
  1362. ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
  1363.  
  1364. ;; OPT PSEUDOSECTION:
  1365. ; EDNS: version: 0, flags:; udp: 4096
  1366. ;; QUESTION SECTION:
  1367. ;hotgirlsvids.com.      IN  ANY
  1368.  
  1369. ;; ANSWER SECTION:
  1370. hotgirlsvids.com.   7200    IN  SOA ns-canada.topdns.com. hostmaster.topdns.com. 2017031101 43200 900 1209600 3600
  1371. hotgirlsvids.com.   3600    IN  NS  ns-canada.topdns.com.
  1372. hotgirlsvids.com.   3600    IN  NS  ns-usa.topdns.com.
  1373. hotgirlsvids.com.   3600    IN  NS  ns-uk.topdns.com.
  1374. hotgirlsvids.com.   3600    IN  A   37.1.213.109
  1375.  
  1376. ;; Query time: 105 msec
  1377. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  1378. ;; WHEN: Tue May 16 01:17:04 EDT 2017
  1379. ;; MSG SIZE  rcvd: 180
  1380.  
  1381. ###################################################################################################################################################
  1382.  
  1383. host -l hotgirlsvids.com
  1384.  
  1385. ;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for hotgirlsvids.com failed: connection refused.
  1386.  
  1387. ###################################################################################################################################################
  1388.  
  1389. tcptraceroute -i eth0 hotgirlsvids.com
  1390.  
  1391. Running:
  1392.     traceroute -T -O info -i eth0 hotgirlsvids.com
  1393. traceroute to hotgirlsvids.com (37.1.213.109), 30 hops max, 60 byte packets
  1394. send: Opération non permise
  1395.  
  1396.  
  1397. dnstracer hotgirlsvids.com
  1398.  
  1399. Tracing to hotgirlsvids.com[a] via 192.168.1.254, maximum of 3 retries
  1400. 192.168.1.254 (192.168.1.254)
  1401.  
  1402.  
  1403.  
  1404. Checking for HTTP-Loadbalancing [Date]: 05:31:25, 05:31:25, 05:31:26, 05:31:26, 05:31:26, 05:31:26, 05:31:26, 05:31:26, 05:31:27, 05:31:27, 05:31:27, 05:31:27, 05:31:27, 05:31:27, 05:31:27, 05:31:28, 05:31:28, 05:31:28, 05:31:28, 05:31:28, 05:31:28, 05:31:28, 05:31:29, 05:31:29, 05:31:29, 05:31:29, 05:31:29, 05:31:29, 05:31:29, 05:31:30, 05:31:30, 05:31:30, 05:31:30, 05:31:30, 05:31:30, 05:31:30, 05:31:31, 05:31:31, 05:31:31, 05:31:31, 05:31:31, 05:31:31, 05:31:31, 05:31:32, 05:31:32, 05:31:32, 05:31:32, 05:31:32, 05:31:32, 05:31:33, NOT FOUND
  1405.  
  1406. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  1407.  
  1408. hotgirlsvids.com does NOT use Load-balancing.
  1409.  
  1410. #####################################################################################################################################
  1411.  
  1412. ######################################################################################################################################
  1413.  
  1414. nmap -PN -n -F -T4 -sV -A -oG temp.txt hotgirlsvids.com
  1415.  
  1416. Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-16 01:17 EDT
  1417. Nmap scan report for hotgirlsvids.com (37.1.213.109)
  1418. Host is up (0.036s latency).
  1419. Not shown: 96 closed ports
  1420. PORT     STATE    SERVICE VERSION
  1421. 22/tcp   open     ssh     OpenSSH 5.3 (protocol 2.0)
  1422. | ssh-hostkey:
  1423. |   1024 ea:aa:27:08:e4:4f:6e:4f:1c:19:86:95:07:f6:b0:07 (DSA)
  1424. |_  2048 8e:b2:33:bc:b2:be:bd:d7:61:08:db:c4:31:14:06:7e (RSA)
  1425. 53/tcp   filtered domain
  1426. 80/tcp   open     http    lighttpd 1.4.37
  1427. |_http-server-header: lighttpd/1.4.37
  1428. |_http-title: Hot Girls Vids
  1429. 3306/tcp open     mysql   MySQL (unauthorized)
  1430. Aggressive OS guesses: Linux 3.10 - 4.2 (95%), Linux 3.18 (93%), Linux 3.2 - 4.6 (93%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.4 (92%), Asus RT-AC66U WAP (92%), Linux 3.10 (92%), Linux 3.11 - 3.12 (92%), Linux 3.2 (92%)
  1431. No exact OS matches for host (test conditions non-ideal).
  1432. Network Distance: 2 hops
  1433.  
  1434. TRACEROUTE (using port 135/tcp)
  1435. HOP RTT      ADDRESS
  1436. 1   30.49 ms 10.42.0.1
  1437. 2   30.48 ms 37.1.213.109
  1438.  
  1439. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1440. Nmap done: 1 IP address (1 host up) scanned in 13.70 seconds
  1441.  
  1442. #######################################################################################################################################
  1443.  
  1444. amap -i temp.txt
  1445. amap v5.4 (www.thc.org/thc-amap) started at 2017-05-16 01:17:41 - APPLICATION MAPPING mode
  1446.  
  1447. Protocol on 37.1.213.109:80/tcp matches http
  1448. Protocol on 37.1.213.109:80/tcp matches http-apache-2
  1449. Protocol on 37.1.213.109:3306/tcp matches mysql
  1450. Protocol on 37.1.213.109:3306/tcp matches mysql-secured
  1451. Protocol on 37.1.213.109:22/tcp matches ssh
  1452. Protocol on 37.1.213.109:22/tcp matches ssh-openssh
  1453.  
  1454. Unidentified ports: none.
  1455.  
  1456. amap v5.4 finished at 2017-05-16 01:17:47
  1457.  
  1458. #######################################################################################################################################
  1459.  
  1460.  
  1461. inetnum:        37.1.208.0 - 37.1.215.255
  1462. netname:        INFERNO-NL-DE
  1463. descr:          ********************************************************
  1464. descr:          * We provide virtual and dedicated servers on this Subnet.
  1465. descr:          *
  1466. descr:          * Those services are self managed by our customers
  1467. descr:          * therefore, we are not using this IP space ourselves
  1468. descr:          * and it could be assigned to various end customers.
  1469. descr:          *
  1470. descr:          * In case of issues related with SPAM, Fraud,
  1471. descr:          * Phishing, DDoS, portscans or others,
  1472. descr:          * feel free to contact us with relevant info
  1473. descr:          * and we will shut down this server: abuse@3nt.com
  1474. descr:          ********************************************************
  1475. country:        US
  1476. admin-c:        TNTS-RIPE
  1477. tech-c:         TNTS-RIPE
  1478. status:         ASSIGNED PA
  1479. mnt-by:         MNT-3NT
  1480. mnt-routes:     swiftway-mnt
  1481. remarks:        3NT Hosting Network
  1482. remarks:        Technical issues..............: support@3nt.com
  1483. remarks:        Services request..............: sales@3nt.com
  1484. remarks:        Abuse departament.............: abuse@3nt.com
  1485. remarks:        Corporate web site............: http://www.3nt.com
  1486. created:        2011-12-13T12:46:29Z
  1487. last-modified:  2012-09-21T10:14:02Z
  1488. source:         RIPE
  1489.  
  1490. person:         Daniel O'Donoghue
  1491. address:        3NT SOLUTIONS LLP
  1492. address:        10 GREAT RUSSELL STREET, SUITE 4084
  1493. address:        WC1B 3BQ, LONDON, UK
  1494. phone:          +442081333030
  1495. abuse-mailbox:  abuse@3nt.com
  1496. nic-hdl:        TNTS-RIPE
  1497. mnt-by:         MNT-3NT
  1498. created:        2011-10-20T12:31:42Z
  1499. last-modified:  2016-10-25T20:22:11Z
  1500. source:         RIPE # Filtered
  1501.  
  1502. % Information related to '37.1.208.0/21AS35017'
  1503.  
  1504. route:          37.1.208.0/21
  1505. descr:          DARL-TELECOM
  1506. origin:         AS35017
  1507. mnt-by:         AS35017-MNT
  1508. created:        2011-12-30T22:32:21Z
  1509. last-modified:  2011-12-30T22:32:21Z
  1510. source:         RIPE # Filtered
  1511. [+] searching (sub)domains for hotgirlsvids.com using built-in wordlist
  1512. [+] using maximum random delay of 10 millisecond(s) between requests
  1513.  
  1514. www.hotgirlsvids.com
  1515. IP address #1: 37.1.213.109
  1516.  
  1517. [+] 1 (sub)domains and 1 IP address(es) found
  1518. [+] Hosts found in search engines:
  1519. ------------------------------------
  1520. [-] Resolving hostnames IPs...
  1521. 37.1.213.109:Www.hotgirlsvids.com
  1522. 37.1.213.109:www.hotgirlsvids.com
  1523. [+] Virtual hosts:
  1524. ==================
  1525. 37.1.213.109    Hairlessteenpussy
  1526. 37.1.213.109    Hairlessteenpussy › ?x=8026.0218.4380.
  1527. 37.1.213.109    hairlessteenpussy
  1528. 37.1.213.109    www.hairlessteenpussy.com
  1529. DNS Servers for hotgirlsvids.com:
  1530.     ns-canada.topdns.com
  1531.     ns-usa.topdns.com
  1532.     ns-uk.topdns.com
  1533.  
  1534. Trying zone transfer first...
  1535.     Testing ns-canada.topdns.com
  1536.         Request timed out or transfer not allowed.
  1537.     Testing ns-usa.topdns.com
  1538.         Request timed out or transfer not allowed.
  1539.     Testing ns-uk.topdns.com
  1540.         Request timed out or transfer not allowed.
  1541.  
  1542. Unsuccessful in zone transfer (it was worth a shot)
  1543. Okay, trying the good old fashioned way... brute force
  1544.  
  1545. Checking for wildcard DNS...
  1546. Nope. Good.
  1547. Now performing 2280 test(s)...
  1548. 37.1.213.109    www.hotgirlsvids.com
  1549.  
  1550. Subnets found (may want to probe here using nmap or unicornscan):
  1551.     37.1.213.0-255 : 1 hostnames found.
  1552. Host's addresses:
  1553. __________________
  1554.  
  1555. hotgirlsvids.com.                        3482     IN    A        37.1.213.109
  1556.  
  1557.  
  1558. Name Servers:
  1559. ______________
  1560.  
  1561. ns-canada.topdns.com.                    3600     IN    A        109.201.142.225
  1562. ns-usa.topdns.com.                       3600     IN    A        108.61.12.163
  1563. ns-usa.topdns.com.                       3600     IN    A        85.159.232.241
  1564. ns-usa.topdns.com.                       3600     IN    A        46.166.189.99
  1565. ns-uk.topdns.com.                        3600     IN    A        77.247.183.137
  1566. ns-uk.topdns.com.                        3600     IN    A        108.61.150.91
  1567.  
  1568.  
  1569. Mail (MX) Servers:
  1570. ___________________
  1571. ---------------------------------------------------------------------------
  1572. + Target IP:          37.1.213.109
  1573. + Target Hostname:    hotgirlsvids.com
  1574. + Target Port:        80
  1575. + Start Time:         2017-05-16 01:17:28 (GMT-4)
  1576. ---------------------------------------------------------------------------
  1577. + Server: lighttpd/1.4.37
  1578. + Cookie QQ created without the httponly flag
  1579. + Cookie PP created without the httponly flag
  1580. + Retrieved x-powered-by header: PHP/4.4.9
  1581. + The anti-clickjacking X-Frame-Options header is not present.
  1582. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1583. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1584. + No CGI Directories found (use '-C all' to force check all possible dirs)
  1585. + Allowed HTTP Methods: OPTIONS, GET, HEAD, POST
  1586. + OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
  1587. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1588. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1589. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1590. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1591. + /admin/login.php: Admin login page/section found.
  1592. + 7445 requests: 0 error(s) and 13 item(s) reported on remote host
  1593. + End Time:           2017-05-16 01:24:58 (GMT-4) (450 seconds)
  1594. ---------------------------------------------------------------------------
  1595. #######################################################################################################################################
  1596. Hostname    diddleallsun.top        ISP     Unknown
  1597. Continent   Unknown         Flag    
  1598. US
  1599. Country     United States       Country Code    US
  1600. Region  Unknown         Local time  16 May 2017 01:14 CDT
  1601. City    Unknown         Latitude    37.751
  1602. IP Address (IPv6)   2400:cb00:2048:1::681c:2d3      Longitude   -97.822
  1603. diddleallsun.top
  1604.  
  1605. #######################################################################################################################################
  1606.  
  1607. whois diddleallsun.top
  1608. Domain Name: diddleallsun.top
  1609. Domain ID: D20161215G10001G_93750450-TOP
  1610. WHOIS Server: whois.publicdomainregistry.com
  1611. Referral URL: http://publicdomainregistry.com
  1612. Updated Date: 2016-12-17T11:06:50Z
  1613. Creation Date: 2016-12-15T15:21:11Z
  1614. Registry Expiry Date: 2017-12-15T15:21:11Z
  1615. Sponsoring Registrar: PDR Ltd
  1616. Sponsoring Registrar IANA ID: 303
  1617. Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
  1618. Registrant ID: di_62955672
  1619. Registrant Name: Howard Williams
  1620. Registrant Organization: N/A
  1621. Registrant Street: 490 John Daniel Drive
  1622. Registrant City: Sturgeon
  1623. Registrant State/Province: Montana
  1624. Registrant Postal Code: 65284
  1625. Registrant Country: US
  1626. Registrant Phone: +1.5736876849
  1627. Registrant Phone Ext:
  1628. Registrant Fax:
  1629. Registrant Fax Ext:
  1630. Registrant Email: howardwilliams@usa.com
  1631. Admin ID: di_62955672
  1632. Admin Name: Howard Williams
  1633. Admin Organization: N/A
  1634. Admin Street: 490 John Daniel Drive
  1635. Admin City: Sturgeon
  1636. Admin State/Province: Montana
  1637. Admin Postal Code: 65284
  1638. Admin Country: US
  1639. Admin Phone: +1.5736876849
  1640. Admin Phone Ext:
  1641. Admin Fax:
  1642. Admin Fax Ext:
  1643. Admin Email: howardwilliams@usa.com
  1644. Tech ID: di_62955672
  1645. Tech Name: Howard Williams
  1646. Tech Organization: N/A
  1647. Tech Street: 490 John Daniel Drive
  1648. Tech City: Sturgeon
  1649. Tech State/Province: Montana
  1650. Tech Postal Code: 65284
  1651. Tech Country: US
  1652. Tech Phone: +1.5736876849
  1653. Tech Phone Ext:
  1654. Tech Fax:
  1655. Tech Fax Ext:
  1656. Tech Email: howardwilliams@usa.com
  1657. Name Server: vita.ns.cloudflare.com
  1658. Name Server: roan.ns.cloudflare.com
  1659.  
  1660. #######################################################################################################################################
  1661.  
  1662. dig diddleallsun.top any
  1663. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  1664.  
  1665. ; <<>> DiG 9.10.3-P4-Debian <<>> diddleallsun.top any
  1666. ;; global options: +cmd
  1667. ;; Got answer:
  1668. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26492
  1669. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  1670.  
  1671. ;; OPT PSEUDOSECTION:
  1672. ; EDNS: version: 0, flags:; udp: 4096
  1673. ;; QUESTION SECTION:
  1674. ;diddleallsun.top.      IN  ANY
  1675.  
  1676. ;; ANSWER SECTION:
  1677. diddleallsun.top.   3789    IN  HINFO   "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
  1678.  
  1679. ;; Query time: 32 msec
  1680. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  1681. ;; WHEN: Tue May 16 02:16:03 EDT 2017
  1682. ;; MSG SIZE  rcvd: 103
  1683.  
  1684. #######################################################################################################################################
  1685.  
  1686. host -l diddleallsun.top
  1687.  
  1688. ;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for diddleallsun.top failed: connection refused.
  1689.  
  1690. #######################################################################################################################################
  1691.  
  1692. tcptraceroute -i eth0 diddleallsun.top
  1693.  
  1694. Running:
  1695.     traceroute -T -O info -i eth0 diddleallsun.top
  1696. traceroute to diddleallsun.top (104.28.2.211), 30 hops max, 60 byte packets
  1697. send: Opération non permise
  1698.  
  1699. dnstracer diddleallsun.top
  1700.  
  1701. Tracing to diddleallsun.top[a] via 192.168.1.254, maximum of 3 retries
  1702. 192.168.1.254 (192.168.1.254)
  1703.  
  1704. #######################################################################################################################################
  1705.  
  1706.  
  1707.  
  1708. Checking for HTTP-Loadbalancing [Date]: 06:16:22, 06:16:22, 06:16:22, 06:16:22, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:27, 06:16:27, 06:16:27, 06:16:27, 06:16:27, 06:16:27, 06:16:27, NOT FOUND
  1709.  
  1710. Checking for HTTP-Loadbalancing [Diff]: FOUND
  1711. < CF-RAY: 35fc3555d7a846ec-EWR
  1712. > CF-RAY: 35fc355675af06a9-EWR
  1713.  
  1714. diddleallsun.top does Load-balancing. Found via Methods: DNS HTTP[Diff]
  1715.  
  1716.  
  1717.  
  1718. #######################################################################################################################################
  1719. nmap -PN -n -F -T4 -sV -A -oG temp.txt diddleallsun.top
  1720.  
  1721. Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-16 02:16 EDT
  1722. Nmap scan report for diddleallsun.top (104.28.2.211)
  1723. Host is up (0.031s latency).
  1724. Other addresses for diddleallsun.top (not scanned): 2400:cb00:2048:1::681c:3d3 2400:cb00:2048:1::681c:2d3 104.28.3.211
  1725. Not shown: 92 filtered ports
  1726. PORT     STATE  SERVICE      VERSION
  1727. 25/tcp   closed smtp
  1728. 80/tcp   open   http         Cloudflare nginx
  1729. |_http-server-header: cloudflare-nginx
  1730. |_http-title: Diddleallsun
  1731. 135/tcp  closed msrpc
  1732. 139/tcp  closed netbios-ssn
  1733. 443/tcp  open   ssl/http     Cloudflare nginx
  1734. |_http-server-header: cloudflare-nginx
  1735. |_http-title: Diddleallsun
  1736. | ssl-cert: Subject: commonName=sni140246.cloudflaressl.com
  1737. | Subject Alternative Name: DNS:sni140246.cloudflaressl.com, DNS:*.angeltaylormakemebelieve.com, DNS:*.beyoncestore.com, DNS:*.consmusic.com, DNS:*.diddleallsun.top, DNS:*.eggairv.cf, DNS:*.hughpanero.com, DNS:*.jivepress.com, DNS:*.lojasexy.com, DNS:*.memonian.com, DNS:*.mondotec.it, DNS:*.nearbyfarmfencing.com, DNS:*.quickieconfessionals.com, DNS:*.rcamusic.com, DNS:*.sexdene.top, DNS:*.sexleksakerandmalmo.xyz, DNS:*.simonandgarfunkelmusic.com, DNS:*.sirnewk.cf, DNS:*.slystonemusic.net, DNS:*.summertravels.xyz, DNS:*.thegossipmusic.com, DNS:*.touaki.com, DNS:*.vgs-gmbh.de, DNS:*.workrec.com, DNS:angeltaylormakemebelieve.com, DNS:beyoncestore.com, DNS:consmusic.com, DNS:diddleallsun.top, DNS:eggairv.cf, DNS:hughpanero.com, DNS:jivepress.com, DNS:lojasexy.com, DNS:memonian.com, DNS:mondotec.it, DNS:nearbyfarmfencing.com, DNS:quickieconfessionals.com, DNS:rcamusic.com, DNS:sexdene.top, DNS:sexleksakerandmalmo.xyz, DNS:simonandgarfunkelmusic.com, DNS:sirnewk.cf, DNS:slystonemusic.net, DNS:summertravels.xyz, DNS:thegossipmusic.com, DNS:touaki.com, DNS:vgs-gmbh.de, DNS:workrec.com
  1738. | Not valid before: 2017-05-15T00:00:00
  1739. |_Not valid after:  2017-11-21T23:59:59
  1740. 445/tcp  closed microsoft-ds
  1741. 8080/tcp open   http         Cloudflare nginx
  1742. |_http-server-header: cloudflare-nginx
  1743. |_http-title: diddleallsun.top | 521: Web server is down
  1744. 8443/tcp open   ssl/http     Cloudflare nginx
  1745. |_http-server-header: cloudflare-nginx
  1746. |_http-title: diddleallsun.top | 521: Web server is down
  1747. | ssl-cert: Subject: commonName=sni140246.cloudflaressl.com
  1748. | Subject Alternative Name: DNS:sni140246.cloudflaressl.com, DNS:*.angeltaylormakemebelieve.com, DNS:*.beyoncestore.com, DNS:*.consmusic.com, DNS:*.diddleallsun.top, DNS:*.eggairv.cf, DNS:*.hughpanero.com, DNS:*.jivepress.com, DNS:*.lojasexy.com, DNS:*.memonian.com, DNS:*.mondotec.it, DNS:*.nearbyfarmfencing.com, DNS:*.quickieconfessionals.com, DNS:*.rcamusic.com, DNS:*.sexdene.top, DNS:*.sexleksakerandmalmo.xyz, DNS:*.simonandgarfunkelmusic.com, DNS:*.sirnewk.cf, DNS:*.slystonemusic.net, DNS:*.summertravels.xyz, DNS:*.thegossipmusic.com, DNS:*.touaki.com, DNS:*.vgs-gmbh.de, DNS:*.workrec.com, DNS:angeltaylormakemebelieve.com, DNS:beyoncestore.com, DNS:consmusic.com, DNS:diddleallsun.top, DNS:eggairv.cf, DNS:hughpanero.com, DNS:jivepress.com, DNS:lojasexy.com, DNS:memonian.com, DNS:mondotec.it, DNS:nearbyfarmfencing.com, DNS:quickieconfessionals.com, DNS:rcamusic.com, DNS:sexdene.top, DNS:sexleksakerandmalmo.xyz, DNS:simonandgarfunkelmusic.com, DNS:sirnewk.cf, DNS:slystonemusic.net, DNS:summertravels.xyz, DNS:thegossipmusic.com, DNS:touaki.com, DNS:vgs-gmbh.de, DNS:workrec.com
  1749. | Not valid before: 2017-05-15T00:00:00
  1750. |_Not valid after:  2017-11-21T23:59:59
  1751. Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (91%), Linux 3.18 (91%), HP P2000 G3 NAS device (91%), Linux 2.6.32 (90%), ProVision-ISR security DVR (90%), Linux 3.0 (89%), Linux 3.12 - 3.18 (89%), Linux 2.4.18 (88%)
  1752. No exact OS matches for host (test conditions non-ideal).
  1753. Network Distance: 2 hops
  1754.  
  1755. TRACEROUTE (using port 139/tcp)
  1756. HOP RTT      ADDRESS
  1757. 1   31.66 ms 10.42.0.1
  1758. 2   31.40 ms 104.28.2.211
  1759.  
  1760. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1761. Nmap done: 1 IP address (1 host up) scanned in 30.87 seconds
  1762.  
  1763. #######################################################################################################################################
  1764.  
  1765. amap -i temp.txt
  1766. amap v5.4 (www.thc.org/thc-amap) started at 2017-05-16 02:16:45 - APPLICATION MAPPING mode
  1767.  
  1768. Protocol on 104.28.2.211:443/tcp matches http
  1769. Protocol on 104.28.2.211:8443/tcp matches http
  1770. Protocol on 104.28.2.211:80/tcp matches http
  1771. Protocol on 104.28.2.211:8080/tcp matches http
  1772. Protocol on 104.28.2.211:443/tcp matches ssl
  1773. Protocol on 104.28.2.211:8443/tcp matches ssl
  1774.  
  1775. Unidentified ports: none.
  1776.  
  1777. amap v5.4 finished at 2017-05-16 02:16:52
  1778.  
  1779. #######################################################################################################################################
  1780.  
  1781.  
  1782. NetRange:       104.16.0.0 - 104.31.255.255
  1783. CIDR:           104.16.0.0/12
  1784. NetName:        CLOUDFLARENET
  1785. NetHandle:      NET-104-16-0-0-1
  1786. Parent:         NET104 (NET-104-0-0-0-0)
  1787. NetType:        Direct Assignment
  1788. OriginAS:       AS13335
  1789. Organization:   Cloudflare, Inc. (CLOUD14)
  1790. RegDate:        2014-03-28
  1791. Updated:        2017-02-17
  1792. Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  1793. Ref:            https://whois.arin.net/rest/net/NET-104-16-0-0-1
  1794.  
  1795.  
  1796.  
  1797. OrgName:        Cloudflare, Inc.
  1798. OrgId:          CLOUD14
  1799. Address:        101 Townsend Street
  1800. City:           San Francisco
  1801. StateProv:      CA
  1802. PostalCode:     94107
  1803. Country:        US
  1804. RegDate:        2010-07-09
  1805. Updated:        2017-02-17
  1806. Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  1807. Ref:            https://whois.arin.net/rest/org/CLOUD14
  1808.  
  1809.  
  1810. OrgTechHandle: ADMIN2521-ARIN
  1811. OrgTechName:   Admin
  1812. OrgTechPhone:  +1-650-319-8930
  1813. OrgTechEmail:  admin@cloudflare.com
  1814. OrgTechRef:    https://whois.arin.net/rest/poc/ADMIN2521-ARIN
  1815.  
  1816. OrgAbuseHandle: ABUSE2916-ARIN
  1817. OrgAbuseName:   Abuse
  1818. OrgAbusePhone:  +1-650-319-8930
  1819. OrgAbuseEmail:  abuse@cloudflare.com
  1820. OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE2916-ARIN
  1821.  
  1822. OrgNOCHandle: NOC11962-ARIN
  1823. OrgNOCName:   NOC
  1824. OrgNOCPhone:  +1-650-319-8930
  1825. OrgNOCEmail:  noc@cloudflare.com
  1826. OrgNOCRef:    https://whois.arin.net/rest/poc/NOC11962-ARIN
  1827.  
  1828. RNOCHandle: NOC11962-ARIN
  1829. RNOCName:   NOC
  1830. RNOCPhone:  +1-650-319-8930
  1831. RNOCEmail:  noc@cloudflare.com
  1832. RNOCRef:    https://whois.arin.net/rest/poc/NOC11962-ARIN
  1833.  
  1834. RAbuseHandle: ABUSE2916-ARIN
  1835. RAbuseName:   Abuse
  1836. RAbusePhone:  +1-650-319-8930
  1837. RAbuseEmail:  abuse@cloudflare.com
  1838. RAbuseRef:    https://whois.arin.net/rest/poc/ABUSE2916-ARIN
  1839.  
  1840. RTechHandle: ADMIN2521-ARIN
  1841. RTechName:   Admin
  1842. RTechPhone:  +1-650-319-8930
  1843. RTechEmail:  admin@cloudflare.com
  1844. RTechRef:    https://whois.arin.net/rest/poc/ADMIN2521-ARIN
  1845.  
  1846.  
  1847. www.diddleallsun.top
  1848. IPv6 address #1: 2400:cb00:2048:1::681c:2d3
  1849. IPv6 address #2: 2400:cb00:2048:1::681c:3d3
  1850.  
  1851. www.diddleallsun.top
  1852. IP address #1: 104.28.3.211
  1853. IP address #2: 104.28.2.211
  1854. [+] Hosts found in search engines:
  1855. ------------------------------------
  1856. [-] Resolving hostnames IPs...
  1857. 104.28.3.211:www.diddleallsun.top
  1858. [+] Virtual hosts:
  1859. ==================
  1860. 104.28.3.211    www.pertinentbeauty.com
  1861. 104.28.3.211    salonadvantage
  1862. 104.28.3.211    salonadvantageonline.com
  1863. 104.28.3.211    sketchydesi
  1864. 104.28.3.211    alpinelodgeresort.com
  1865. 104.28.3.211    liamwachter
  1866. 104.28.3.211    www.fbslaos.com
  1867. 104.28.3.211    terraceboating
  1868. 104.28.3.211    onnex.cc
  1869. 104.28.3.211    www.documenta.cloud
  1870. 104.28.3.211    proteqsit
  1871. 104.28.3.211    www.startechup
  1872. 104.28.3.211    asm.com.jo
  1873. 104.28.3.211    www.matadoradvisors
  1874. 104.28.3.211    treatyourownpain.com
  1875. 104.28.3.211    www.oobeoo.com
  1876. 104.28.3.211    blueknightsnyxi.net
  1877. 104.28.3.211    www.meandyouis.us
  1878. 104.28.3.211    www.meandyouis.us
  1879. 104.28.3.211    treatyourownpain
  1880. 104.28.3.211    csk7788.net
  1881. 104.28.3.211    www.gregnilsen
  1882. 104.28.3.211    www.startechup.com
  1883. 104.28.3.211    www.ocpsbuildinginspections
  1884. 104.28.3.211    www.matadoradvisors.com
  1885. 104.28.3.211    sketchydesi.com
  1886. 104.28.3.211    www.situskreatif.com
  1887. 104.28.3.211    ancuhanoi.com
  1888. 104.28.3.211    www.rideudstyrszonen.dk
  1889. 104.28.3.211    www.livingins.com
  1890. 104.28.3.211    www.zorlakaybedilenler.org
  1891. 104.28.3.211    womensneakersonline.com
  1892. 104.28.3.211    bia2winbet.net
  1893. 104.28.3.211    fabplus.altervista.org
  1894. 104.28.3.211    tropicalivefishecuador.com
  1895. 104.28.3.211    www.farmingkenya.org
  1896. 104.28.3.211    comerciolocalnavarra.com
  1897. 104.28.3.211    adiaw.com
  1898. 104.28.3.211    www.video4u.net
  1899. 104.28.3.211    togel17plus.com
  1900. 104.28.3.211    cheapesttimehome.club
  1901. 104.28.3.211    www.sogexpo-international
  1902. 104.28.3.211    www.jamesewelch.com
  1903. 104.28.3.211    chantalvtcira.tk
  1904. 104.28.3.211    www.fireflycafe.org
  1905. 104.28.3.211    miesiecznica.com
  1906. 104.28.3.211    elrinconcurioso.com
  1907. 104.28.3.211    www.backtoschool.rs
  1908. 104.28.3.211    www.zeromania.com.br
  1909. 104.28.3.211    www.aedspy.n
  1910. DNS Servers for diddleallsun.top:
  1911.     roan.ns.cloudflare.com
  1912.     vita.ns.cloudflare.com
  1913.  
  1914. Trying zone transfer first...
  1915.     Testing roan.ns.cloudflare.com
  1916.         Request timed out or transfer not allowed.
  1917.     Testing vita.ns.cloudflare.com
  1918.         Request timed out or transfer not allowed.
  1919.  
  1920. Unsuccessful in zone transfer (it was worth a shot)
  1921. Okay, trying the good old fashioned way... brute force
  1922.  
  1923. Checking for wildcard DNS...
  1924. Nope. Good.
  1925. Now performing 2280 test(s)...
  1926. 104.28.3.211    www.diddleallsun.top
  1927. 104.28.2.211    www.diddleallsun.top
  1928.  
  1929. Subnets found (may want to probe here using nmap or unicornscan):
  1930.     104.28.2.0-255 : 1 hostnames found.
  1931.     104.28.3.0-255 : 1 hostnames found.
  1932. -----   diddleallsun.top   -----
  1933.  
  1934.  
  1935. Host's addresses:
  1936. __________________
  1937.  
  1938. diddleallsun.top.                        120      IN    A        104.28.2.211
  1939. diddleallsun.top.                        120      IN    A        104.28.3.211
  1940.  
  1941.  
  1942. Name Servers:
  1943. ______________
  1944.  
  1945. vita.ns.cloudflare.com.                  86121    IN    A        173.245.58.238
  1946. roan.ns.cloudflare.com.                  86121    IN    A        173.245.59.226
  1947. ---------------------------------------------------------------------------------------------------------------------------------------
  1948. + Target IP:          104.28.2.211
  1949. + Target Hostname:    diddleallsun.top
  1950. + Target Port:        80
  1951. + Start Time:         2017-05-16 02:16:57 (GMT-4)
  1952. ---------------------------------------------------------------------------------------------------------------------------------------
  1953. + Server: cloudflare-nginx
  1954. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1955. + Uncommon header 'cf-ray' found, with contents: 35fc365d7263189a-EWR
  1956. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1957. + All CGI directories 'found', use '-C none' to test none
  1958. + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
  1959. + 26097 requests: 0 error(s) and 3 item(s) reported on remote host
  1960. + End Time:           2017-05-16 02:36:43 (GMT-4) (1186 seconds)
  1961. ---------------------------------------------------------------------------------------------------------------------------------------
RAW Paste Data
Pastebin PRO Summer Special!
Get 40% OFF on Pastebin PRO accounts!
Top