OP DeathEathers Full Recon JTSEC Anonymous #5

Hostname punylolly.
club ISP JSC ISPsystem (AS29182)

Continent Europe Flag
RU
Country Russian Federation Country Code RU (RUS)
Region Unknown Local time 16 May 2017 04:52 MSK
City Unknown Latitude 55.739
IP Address 185.60.134.250 Longitude 37.607
###################################################################################
#############################################################
punylolly.club
###################################################################################
################################################################
whois punylolly.club
Domain Name: punylolly.club
Domain ID: DBA07204CD2514F1288D2126BD5DB52DD-NSR
WHOIS Server: whois.namecheap.com
Referral URL: http://www.namecheap.com
Updated Date: 2017-04-22T13:08:37Z
Creation Date: 2017-04-07T14:14:16Z
Registry Expiry Date: 2018-04-07T14:14:16Z
Sponsoring Registrar: NameCheap, Inc.
Sponsoring Registrar IANA ID: 1068
Domain Status: clientTransferProhibited
https://icann.org/epp#clientTransferProhibited
Registrant ID: CC6D7C28F41CE44B783C364A2AF5A41A7-NSR
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant Street:
Registrant Street:
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code: 0
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email: 8f6575c3721a4470abca44930cec37de.protect@whoisguard.com
Admin ID: C7D54A552642B4E64883EB195F80EC9BC-NSR
Admin Name: WhoisGuard Protected
Admin Organization: WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin Street:
Admin Street:
Admin City: Panama
Admin State/Province: Panama
Admin Postal Code: 0
Admin Country: PA
Admin Phone: +507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email: 8f6575c3721a4470abca44930cec37de.protect@whoisguard.com
Tech ID: C49D22D19CE044CAFA194BE1F445741EE-NSR
Tech Name: WhoisGuard Protected
Tech Organization: WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech Street:
Tech Street:
Tech City: Panama
Tech State/Province: Panama
Tech Postal Code: 0
Tech Country: PA
Tech Phone: +507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email: 8f6575c3721a4470abca44930cec37de.protect@whoisguard.com
Name Server: ns3.zonomi.com
###################################################################################
################################################################
dig punylolly.club any

../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
; <<>> DiG 9.10.3-P4-Debian <<>> punylolly.club any

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17001
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;punylolly.club. IN ANY
;; ANSWER SECTION:
punylolly.club. 3600 IN MX 0 punylolly.club.
punylolly.club. 3180 IN A 185.60.134.250
punylolly.club. 3600 IN NS ns1.zonomi.com.
punylolly.club. 3600 IN NS ns6.zonomi.com.
punylolly.club. 86400 IN SOA ns1.zonomi.com. soacontact.zonomi.com. 11
10800 3600 604800 3600
;; Query time: 54 msec

;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon May 15 21:52:43 EDT 2017
;; MSG SIZE rcvd: 168
###################################################################################
################################################################
host -l punylolly.club
;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for punylolly.club

failed: connection refused.
###################################################################################
################################################################
tcptraceroute -i eth0 punylolly.club
Running:
traceroute -T -O info -i eth0 punylolly.club
traceroute to punylolly.club (185.60.134.250), 30 hops max, 60 byte packets
send: Opration non permise
###################################################################################
################################################################
###################################################################################
################################################################
dnstracer punylolly.club
Tracing to punylolly.club[a] via 192.168.1.254, maximum of 3 retries

192.168.1.254 (192.168.1.254)
###################################################################################
################################################################
Checking for HTTP-Loadbalancing [Date]: 01:53:15, 01:53:15, 01:53:16, 01:53:16,

01:53:16, 01:53:17, 01:53:17, 01:53:17, 01:53:18, 01:53:18, 01:53:18, 01:53:19,
01:53:19, 01:53:19, 01:53:20, 01:53:20, 01:53:20, 01:53:21, 01:53:21, 01:53:21,
01:53:22, 01:53:22, 01:53:22, 01:53:23, 01:53:23, 01:53:23, 01:53:24, 01:53:24,
01:53:24, 01:53:25, 01:53:25, 01:53:25, 01:53:26, 01:53:26, 01:53:26, 01:53:27,
01:53:27, 01:53:27, 01:53:28, 01:53:28, 01:53:28, 01:53:29, 01:53:29, 01:53:29,
01:53:30, 01:53:30, 01:53:30, 01:53:31, 01:53:31, 01:53:31, NOT FOUND
Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
punylolly.club does NOT use Load-balancing.
nmap -PN -n -F -T4 -sV -A -oG temp.txt punylolly.club
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 21:53 EDT

Nmap scan report for punylolly.club (185.60.134.250)
Host is up (0.15s latency).
Not shown: 96 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux;
protocol 2.0)
| ssh-hostkey:
| 1024 d5:fa:51:27:2a:f5:6b:68:ff:ca:97:fc:b4:fa:79:af (DSA)
| 2048 e0:a2:e0:35:34:40:8b:f9:40:fe:2e:da:5c:72:67:d9 (RSA)
|_ 256 4b:0d:b4:8f:fe:2b:ba:39:d6:e9:74:06:c1:de:1e:d0 (ECDSA)
53/tcp filtered domain
80/tcp open http nginx 1.4.6 (Ubuntu)
| http-server-header:
| Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30
|_ nginx/1.4.6 (Ubuntu)
|_http-title: Teen photo - fucklol
49152/tcp filtered unknown
Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.32 - 3.1 (95%), Linux 2.6.32 -
3.13 (95%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%), Linux 3.10 (94%),
Linux 3.2 (94%), HP P2000 G3 NAS device (93%), Linux 3.8 (93%), Linux 2.6.32 - 3.10
(92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 12 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 1723/tcp)

HOP RTT ADDRESS
1 30.44 ms 10.42.0.1
2 30.49 ms 162.247.73.3
3 38.56 ms 184.105.64.177
4 137.56 ms 184.105.81.78
5 114.50 ms 72.52.92.14
6 112.55 ms 216.66.89.226
7 151.83 ms 213.59.211.63
8 ...
9 154.31 ms 185.129.101.77
10 152.05 ms 92.63.108.98
11 151.87 ms 92.63.100.224
12 154.84 ms 185.60.134.250
OS and Service detection performed. Please report any incorrect results at

https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.74 seconds
###################################################################################
################################################################
amap -i temp.txt
amap v5.4 (www.thc.org/thc-amap) started at 2017-05-15 21:54:01 - APPLICATION
MAPPING mode
Protocol on 185.60.134.250:80/tcp matches http

Protocol on 185.60.134.250:22/tcp matches ssh
Protocol on 185.60.134.250:22/tcp matches ssh-openssh
Unidentified ports: none.
amap v5.4 finished at 2017-05-15 21:54:07
###################################################################################
################################################################
inetnum: 185.60.134.0 - 185.60.135.255

netname: THEFIRST-NET
org: ORG-FVDS1-RIPE
descr: TheFirst-RU customers WebDC colocation
country: RU
admin-c: FRST3-RIPE
tech-c: FRST3-RIPE
status: ASSIGNED PA
mnt-by: THEFIRST-MNT
created: 2014-09-18T03:19:42Z
last-modified: 2016-04-20T04:41:58Z
source: RIPE
organisation: ORG-FVDS1-RIPE
org-name: CJSC THE FIRST
org-type: OTHER
address: CJSC The First, Raduzhny 34a
address: PoBox64, Irkutsk, 664017
address: Russian Federation
abuse-mailbox: abuse@abusehost.ru
abuse-c: AR34130-RIPE
mnt-ref: THEFIRST-MNT
created: 2012-02-14T06:27:22Z
source: RIPE # Filtered
role: The First JSC Network Operations

address: The First JSC
address: Office 2, 34a, Raduzhny m-r
address: 664017
address: Irkutsk
address: Russian Federation
phone: +7 (495) 663 73 72
fax-no: +7 (3952) 52 57 89
remarks: trouble: -------------------------------------------------------
remarks: trouble: Points of contact for The First CJSC Network Operations
remarks: trouble: -------------------------------------------------------
remarks: trouble: Routing and peering issues: noc@firstvds.ru
remarks: trouble: SPAM issues: abuse@abusehost.ru
remarks: trouble: Mail issues: abuse@abusehost.ru
remarks: trouble: General information: noc@firstvds.ru
remarks: trouble: -------------------------------------------------------
admin-c: AA26905-RIPE
tech-c: ST6386-RIPE
nic-hdl: FRST3-RIPE
created: 2014-09-12T07:34:10Z
abuse-mailbox: abuse@abusehost.ru
% Information related to '185.60.134.0/23AS29182'
route: 185.60.134.0/23
descr: TheFirst-RU
origin: AS29182
created: 2014-06-20T02:26:16Z
source: RIPE
+] using maximum random delay of 10 millisecond(s) between requests
www.punylolly.club
IP address #1: 185.60.134.250
[+] 1 (sub)domains and 1 IP address(es) found

[+] Emails found:
------------------
pixel-1494899625698393-web-@punylolly.club
pixel-1494899626203411-web-@punylolly.club
[+] Hosts found in search engines:

------------------------------------
[-] Resolving hostnames IPs...
185.60.134.250:www.punylolly.club
[+] Virtual hosts:
==================
185.60.134.250 altupdate.ru index.cgi?page=news release.cgi&GroupID=87
185.60.134.250 .
185.60.134.250 .
185.60.134.250 . lekarstvo-gipertonium-v-sredneuralske...
185.60.134.250 crystaldeluxe.ru
185.60.134.250 iwriteforyou.ru
185.60.134.250 m-reload.ru
185.60.134.250 altupdate.ru index.cgi?page=news release.cgi&GroupID=104
185.60.134.250 nikita-tv.ru
185.60.134.250 snsite.ru
185.60.134.250 eurocubs.ru
185.60.134.250 cafe-arovana.ru
185.60.134.250 jaguar-boxing.ru
Host's addresses:
__________________
Name Servers:
______________
ns1.zonomi.com. 5497 IN A 45.79.211.52

ns6.zonomi.com. 5497 IN A 106.186.121.42
Mail (MX) Servers:

___________________

DNS Servers for punylolly.club:
ns1.zonomi.com
ns6.zonomi.com
Trying zone transfer first...

Testing ns1.zonomi.com
Request timed out or transfer not allowed.
Testing ns6.zonomi.com
Unsuccessful in zone transfer (it was worth a shot)

Okay, trying the good old fashioned way... brute force
Checking for wildcard DNS...

Nope. Good.
Now performing 2280 test(s)...
185.60.134.250 www.punylolly.club
Subnets found (may want to probe here using nmap or unicornscan):

185.60.134.0-255 : 1 hostnames found.
---------------------------------------------------------------------------
+ Target IP: 185.60.134.250
+ Target Hostname: punylolly.club
+ Target Port: 80
+ Start Time: 2017-05-15 21:53:34 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30
+ Cookie PHPSESSID created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.6.30
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user
agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to
render the content of the site in a different fashion to the MIME type
+ Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x18
0x54e6a12a1c2a1
+ Server banner has changed from 'Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips
mod_fcgid/2.3.9 PHP/5.6.30' to 'nginx/1.4.6 (Ubuntu)' which may suggest a WAF, load
balancer or proxy is in place
+ OpenSSL/1.0.1e-fips appears to be outdated (current is at least 1.0.1j). OpenSSL
1.0.0o and 0.9.8zc are also current.
+ Apache/2.4.6 appears to be outdated (current is at least Apache/2.4.12). Apache
2.0.65 (final release) and 2.2.29 are also current.
+ Multiple index files found: /index.html, /index.php
+ Web Server returns a valid response with junk HTTP methods, this may cause false
positives.
+ /config.php: PHP Config file may contain database IDs and passwords.
+ Uncommon header 'referrer-policy' found, with contents: no-referrer
+ Uncommon header 'x-ob_mode' found, with contents: 1
+ Uncommon header 'x-permitted-cross-domain-policies' found, with contents: none
+ Uncommon header 'x-robots-tag' found, with contents: noindex, nofollow
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve the .DS_Store file, which
contains sensitive information. Configure Apache to ignore this file or upgrade to
a newer version.
+ OSVDB-3233: /icons/README: Apache default file found.
+ Cookie n_tpl created without the httponly flag
+ /phpMyAdmin/: phpMyAdmin directory found
+ /phpmyadmin/: phpMyAdmin directory found
+ 8262 requests: 6 error(s) and 21 item(s) reported on remote host
+ End Time: 2017-05-15 22:31:10 (GMT-4) (2256 seconds)
---------------------------------------------------------------------------
###################################################################################
#############################################################
Hostname sexygirlsporntube.net ISP CloudFlare (AS13335)
Continent North America Flag
US
Country United States Country Code US (USA)
Region CA Local time 15 May 2017 19:36 PDT
Metropolis* San Francisco-Oakland-San Jose Postal Code
94107
City San Francisco Latitude 37.77
IP Address 104.28.4.162 Longitude -122.393
###################################################################################
#############################################################
sexygirlsporntube.net
###################################################################################
################################################################
whois sexygirlsporntube.net
Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: SEXYGIRLSPORNTUBE.NET

Registrar: REGTIME LTD.
Whois Server: whois.webnames.ru
Referral URL: http://www.webnames.ru
Name Server: CRUZ.NS.CLOUDFLARE.COM
Name Server: RUDY.NS.CLOUDFLARE.COM
Status: ok https://icann.org/epp#ok
Updated Date: 31-dec-2016
Creation Date: 03-jan-2016
Expiration Date: 03-jan-2018
Domain Name: SEXYGIRLSPORNTUBE.NET

Registry Domain ID: 1991478488_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.regtime.net
Registrar URL: http://www.webnames.ru
Updated Date: 2016-12-31T16:05:04Z
Registrar Registration Expiration Date: 2018-01-04T04:00:00Z
Registrar: REGTIME LTD.
Registrar IANA ID: 1362
Registrar Abuse Contact Email: abuse@regtime.net
Registrar Abuse Contact Phone: +7.8463733047
Domain Status: OK
Registry Registrant ID:
Registrant Name: Aleksandr Sergeev
Registrant Organization: Aleksandr Sergeev
Registrant Street: Danchenko 11, kv.52
Registrant City: Illyichevsk
Registrant State/Province: Odeska
Registrant Country: UA
Registrant Email: kalif1980@mail.ru
Registry Admin ID:
Admin Name: Aleksandr Sergeev
Admin Organization: Aleksandr Sergeev
Admin Street: Danchenko 11, kv.52
Admin City: Illyichevsk
Admin State/Province: Odeska
Admin Country: UA
Admin Phone: +3.80930018743
Admin Email: kalif1980@mail.ru
Registry Tech ID:
Tech Name: Aleksandr Sergeev
Tech Organization: Aleksandr Sergeev
Tech Street: Danchenko 11, kv.52
Tech City: Illyichevsk
Tech State/Province: Odeska
Tech Postal Code: 48001
Tech Country: UA
Tech Phone: +3.80930018743
Tech Email: kalif1980@mail.ru
Name Server: RUDY.NS.CLOUDFLARE.COM
Name Server: CRUZ.NS.CLOUDFLARE.COM
###################################################################################
################################################################
dig sexygirlsporntube.net any

; <<>> DiG 9.10.3-P4-Debian <<>> sexygirlsporntube.net any

;; Got answer:
;sexygirlsporntube.net. IN ANY
;; ANSWER SECTION:
sexygirlsporntube.net. 3789 IN HINFO "ANY obsoleted" "See draft-ietf-dnsop-
refuse-any"

;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon May 15 22:33:20 EDT 2017
###################################################################################
####################################
dnstracer sexygirlsporntube.net
Tracing to sexygirlsporntube.net[a] via 192.168.1.254, maximum of 3 retries

192.168.1.254 (192.168.1.254)
###################################################################################
####################################################

02:33:40, 02:33:40, 02:33:40, 02:33:40, 02:33:40, 02:33:41, 02:33:41, 02:33:41,
02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:41, 02:33:42,
02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42, 02:33:42,
02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43, 02:33:43,
02:33:43, 02:33:43, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:44,
02:33:44, 02:33:44, 02:33:44, 02:33:44, 02:33:45, 02:33:45, NOT FOUND
Checking for HTTP-Loadbalancing [Diff]: FOUND

< CF-RAY: 35faef19e2f9185e-EWR
> CF-RAY: 35faef1ac0091882-EWR
sexygirlsporntube.net does Load-balancing. Found via Methods: DNS HTTP[Diff]
###################################################################################
####################################################
nmap -PN -n -F -T4 -sV -A -oG temp.txt sexygirlsporntube.net

Nmap scan report for sexygirlsporntube.net (104.28.4.162)
Other addresses for sexygirlsporntube.net (not scanned): 2400:cb00:2048:1::681c:5a2
2400:cb00:2048:1::681c:4a2 104.28.5.162
Not shown: 92 filtered ports
25/tcp closed smtp
80/tcp open http Cloudflare nginx
|_http-server-header: cloudflare-nginx
|_http-title: Sexy Girls Porn Tube
135/tcp closed msrpc
139/tcp closed netbios-ssn
443/tcp open ssl/http Cloudflare nginx
|_http-title: Sexy Girls Porn Tube
| ssl-cert: Subject: commonName=sni229477.cloudflaressl.com
| Subject Alternative Name: DNS:sni229477.cloudflaressl.com, DNS:*.abmovies.xyz,
DNS:*.chocolaterie-larra.fr, DNS:*.downloadmp3songs9.com, DNS:*.effitelecom.com,
DNS:*.fahland.xyz, DNS:*.fivedaydetoxjumpstart.com, DNS:*.gaythetic.cf,
DNS:*.lustdejasnodid.cf, DNS:*.markbestsearpibi.tk, DNS:*.methocontkersa.tk,
DNS:*.msftexpress.com, DNS:*.natur.eu, DNS:*.naturalicious.uk.com,
DNS:*.raimicdisppsychpor.ga, DNS:*.senatorevini.com, DNS:*.sexygirlsporntube.net,
DNS:*.teenshottube.net, DNS:*.virginsex.biz, DNS:*.wordnobwilchdermutt.ga,
DNS:*.wp7app.de, DNS:*.xhamstervideo.org, DNS:abmovies.xyz, DNS:chocolaterie-
larra.fr, DNS:downloadmp3songs9.com, DNS:effitelecom.com, DNS:fahland.xyz,
DNS:fivedaydetoxjumpstart.com, DNS:gaythetic.cf, DNS:lustdejasnodid.cf,
DNS:markbestsearpibi.tk, DNS:methocontkersa.tk, DNS:msftexpress.com, DNS:natur.eu,
DNS:naturalicious.uk.com, DNS:raimicdisppsychpor.ga, DNS:senatorevini.com,
DNS:sexygirlsporntube.net, DNS:teenshottube.net, DNS:virginsex.biz,
DNS:wordnobwilchdermutt.ga, DNS:wp7app.de, DNS:xhamstervideo.org
| Not valid before: 2017-04-21T00:00:00
|_Not valid after: 2017-10-28T23:59:59
445/tcp closed microsoft-ds
|_http-title: sexygirlsporntube.net | 521: Web server is down
|_http-title: sexygirlsporntube.net | 521: Web server is down
| Subject Alternative Name: DNS:sni229477.cloudflaressl.com, DNS:*.abmovies.xyz,
DNS:*.chocolaterie-larra.fr, DNS:*.downloadmp3songs9.com, DNS:*.effitelecom.com,
DNS:*.fahland.xyz, DNS:*.fivedaydetoxjumpstart.com, DNS:*.gaythetic.cf,
DNS:*.lustdejasnodid.cf, DNS:*.markbestsearpibi.tk, DNS:*.methocontkersa.tk,
DNS:*.msftexpress.com, DNS:*.natur.eu, DNS:*.naturalicious.uk.com,
DNS:*.raimicdisppsychpor.ga, DNS:*.senatorevini.com, DNS:*.sexygirlsporntube.net,
DNS:*.teenshottube.net, DNS:*.virginsex.biz, DNS:*.wordnobwilchdermutt.ga,
DNS:*.wp7app.de, DNS:*.xhamstervideo.org, DNS:abmovies.xyz, DNS:chocolaterie-
larra.fr, DNS:downloadmp3songs9.com, DNS:effitelecom.com, DNS:fahland.xyz,
DNS:fivedaydetoxjumpstart.com, DNS:gaythetic.cf, DNS:lustdejasnodid.cf,
DNS:markbestsearpibi.tk, DNS:methocontkersa.tk, DNS:msftexpress.com, DNS:natur.eu,
DNS:naturalicious.uk.com, DNS:raimicdisppsychpor.ga, DNS:senatorevini.com,
DNS:sexygirlsporntube.net, DNS:teenshottube.net, DNS:virginsex.biz,
DNS:wordnobwilchdermutt.ga, DNS:wp7app.de, DNS:xhamstervideo.org
|_Not valid after: 2017-10-28T23:59:59
Aggressive OS guesses: OpenWrt Kamikaze 7.09 (Linux 2.6.22) (92%), OpenWrt 0.9 -
7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%),
HP P2000 G3 NAS device (91%), Linux 3.18 (90%), Linux 2.6.32 (90%), Linux 3.0
(89%), ProVision-ISR security DVR (89%), Linux 3.12 - 3.18 (89%), Linux 2.4.18
(88%)

HOP RTT ADDRESS
1 31.19 ms 10.42.0.1
2 31.02 ms 104.28.4.162

###################################################################################
####################################################
amap -i temp.txt
MAPPING mode

Protocol on 104.28.4.162:443/tcp matches ssl
NetRange: 104.16.0.0 - 104.31.255.255

CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2017-02-17
Comment: All Cloudflare abuse reporting can be done via
https://www.cloudflare.com/abuse
Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
OrgName: Cloudflare, Inc.

OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2017-02-17
Ref: https://whois.arin.net/rest/org/CLOUD14
OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: admin@cloudflare.com
OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
OrgNOCHandle: NOC11962-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: admin@cloudflare.com
RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
DNS Servers for sexygirlsporntube.net:
cruz.ns.cloudflare.com
rudy.ns.cloudflare.com

Testing cruz.ns.cloudflare.com
Testing rudy.ns.cloudflare.com

----- sexygirlsporntube.net -----
Host's addresses:
__________________
sexygirlsporntube.net. 36 IN A 104.28.4.162
sexygirlsporntube.net. 36 IN A 104.28.5.162
Name Servers:
______________
rudy.ns.cloudflare.com. 85814 IN A 173.245.59.229

cruz.ns.cloudflare.com. 85814 IN A 173.245.58.88
Mail (MX) Servers:

___________________
Trying Zone Transfers and getting Bind Versions:

_________________________________________________
---------------------------------------------------------------------------
+ Target IP: 104.28.4.162
+ Target Hostname: sexygirlsporntube.net
+ Target Port: 80
+ Start Time: 2017-05-15 22:33:39 (GMT-4)
---------------------------------------------------------------------------
+ Server: cloudflare-nginx
+ Uncommon header 'cf-ray' found, with contents: 35faef44666d183a-EWR
+ All CGI directories 'found', use '-C none' to test none
+ Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a
WAF, load balancer or proxy is in place
---------------------------------------------------------------------------
+ 1 host(s) tested
###################################################################################
####################################################
Hostname hotbrunette.club ISP IT Outsourcing LLC (AS64439)
Continent Europe Flag
RU
Country Russian Federation Country Code RU (RUS)
Region Unknown Local time 16 May 2017 06:10 MSK
IP Address 185.159.131.171 Longitude 37.607
hotbrunette.club
###################################################################################
####################################################
whois hotbrunette.club
Domain Name: hotbrunette.club
Domain ID: D1BB3108DC0AD4F87BFE7A987DAE3C374-NSR
WHOIS Server: whois.namecheap.com
Referral URL: http://www.namecheap.com
Updated Date: 2017-04-24T03:14:24Z
Sponsoring Registrar: NameCheap, Inc.
https://icann.org/epp#clientTransferProhibited
Registrant ID: C514008EDBA474F6E829A1044CEAE7CE8-NSR
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant Street:
Registrant Street:
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code:
Registrant Country: PA
Registrant Fax Ext:
Registrant Email: 7b8051f05acc43dfb20ae5938353daea.protect@whoisguard.com
Admin ID: CAF702A51784145F9B42A9A5A80CE8706-NSR
Admin Name: WhoisGuard Protected
Admin Organization: WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin Street:
Admin Street:
Admin City: Panama
Admin State/Province: Panama
Admin Postal Code:
Admin Country: PA
Admin Phone: +507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email: 7b8051f05acc43dfb20ae5938353daea.protect@whoisguard.com
Tech ID: CF4DE84B67F9C4296B06DF917A8A8CAD5-NSR
Tech Name: WhoisGuard Protected
Tech Organization: WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech Street:
Tech Street:
Tech City: Panama
Tech State/Province: Panama
Tech Postal Code:
Tech Country: PA
Tech Phone: +507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email: 7b8051f05acc43dfb20ae5938353daea.protect@whoisguard.com
Name Server: joel.ns.cloudflare.com
Name Server: molly.ns.cloudflare.com
;hotbrunette.club. IN ANY
;; ANSWER SECTION:
hotbrunette.club. 3789 IN HINFO "ANY obsoleted" "See draft-ietf-dnsop-refuse-
any"

;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon May 15 23:11:09 EDT 2017
###################################################################################
####################################
host -l hotbrunette.club
;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for

hotbrunette.club failed: connection refused.
###################################################################################
####################################
tcptraceroute -i eth0 hotbrunette.club
Running:
traceroute -T -O info -i eth0 hotbrunette.club
traceroute to hotbrunette.club (185.159.131.171), 30 hops max, 60 byte packets
###################################################################################
####################################
cd /pentest/enumeration/dnsenum
perl dnsenum.pl --enum -f dns.txt --update a -r hotbrunette.club
./Recon.sh: ligne 44 : cd: /pentest/enumeration/dnsenum: Aucun fichier ou dossier

de ce type
Can't open perl script "dnsenum.pl": Aucun fichier ou dossier de ce type
###################################################################################
####################################################
dnstracer hotbrunette.club
Tracing to hotbrunette.club[a] via 192.168.1.254, maximum of 3 retries

192.168.1.254 (192.168.1.254)

03:10:37, 03:10:38, 03:10:39, 03:10:40, 03:10:41, 03:10:42, 03:10:42, 03:10:43,
03:10:44, 03:10:44, 03:10:45, 03:10:45, 03:10:46, 03:10:47, 03:10:48, 03:10:49,
03:10:49, 03:10:50, 03:10:50, 03:10:51, 03:10:52, 03:10:52, 03:10:53, 03:10:53,
03:10:54, 03:10:55, 03:10:55, 03:10:56, 03:10:56, 03:10:57, 03:10:58, 03:10:58,
03:10:59, 03:11:00, 03:11:00, 03:11:01, 03:11:01, 03:11:02, 03:11:05, 03:11:07,
03:11:07, 03:11:08, 03:11:09, 03:11:10, 03:11:12, 03:11:12, NOT FOUND

hotbrunette.club does NOT use Load-balancing.
nmap -PN -n -F -T4 -sV -A -oG temp.txt hotbrunette.club

Nmap scan report for hotbrunette.club (185.159.131.171)
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol
2.0)
| ssh-hostkey:
| 1024 93:2c:e9:d1:ae:a1:01:ea:a8:9c:d3:8b:1c:8f:9a:b8 (DSA)
| 2048 d7:1b:e1:19:2b:9e:df:ec:61:ec:a5:3c:b5:47:d3:5d (RSA)
|_ 256 0b:e1:66:21:42:47:f3:5d:86:bf:97:cc:2a:a2:c8:3e (ECDSA)
80/tcp open http nginx 1.4.6 (Ubuntu)
|_http-server-header: nginx/1.4.6 (Ubuntu)
|_http-title: HOTBRUNETTE.CLUB
Device type: general purpose|storage-misc|broadband router|router|WAP|media device
Running (JUST GUESSING): Linux 2.6.X|3.X (95%), HP embedded (93%), MikroTik
RouterOS 6.X (92%), Ubiquiti embedded (92%), Ubiquiti AirOS 5.X (92%), Infomir
embedded (91%)
OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3
cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/h:ubnt:airmax_nanostation
cpe:/o:ubnt:airos:5.5.9 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250
(92%)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

HOP RTT ADDRESS
1 31.39 ms 10.42.0.1
2 31.17 ms 185.159.131.171

###################################################################################
####################################
amap -i temp.txt
MAPPING mode


###################################################################################
###################################################################################
###################################################################################
#####################
inetnum: 185.159.131.0 - 185.159.131.255

org: ORG-IOL3-RIPE
mnt-domains: ru-itos-1-mnt
netname: SKYHOST_RUSSIAN_FACILITY
remarks: Professional webhosting solutions: https://skyhost.ru
country: RU
admin-c: SC18472-RIPE
tech-c: SC18472-RIPE
status: SUB-ALLOCATED PA
mnt-routes: MNT-SELECTEL
mnt-by: ru-itos-1-mnt
created: 2016-07-18T11:26:04Z
source: RIPE
organisation: ORG-IOL3-RIPE
org-name: IT Outsourcing LLC
org-type: LIR
address: Polushkina Rosha 16, building 3
address: 150044
address: Yaroslavl
address: RUSSIAN FEDERATION
admin-c: SC18472-RIPE
tech-c: SC18472-RIPE
abuse-c: AR36943-RIPE
mnt-ref: ru-itos-1-mnt
mnt-by: RIPE-NCC-HM-MNT
created: 2016-07-11T14:22:10Z
phone: +7 495 3691987
person: Sergey Chekanov

address: Polushkina Rosha 16, building 3
address: 150000
address: Yaroslavl
address: RUSSIAN FEDERATION
phone: +7 495 3691987
nic-hdl: SC18472-RIPE
created: 2016-07-11T14:22:10Z
source: RIPE
route: 185.159.130.0/23
origin: AS64439
created: 2017-03-01T11:19:25Z
source: RIPE
dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)
[+] searching (sub)domains for hotbrunette.club using built-in wordlist

[+] using maximum random delay of 10 millisecond(s) between requests
www.hotbrunette.club
IPv6 address #1: 2400:cb00:2048:1::6812:29c8
IPv6 address #2: 2400:cb00:2048:1::6812:28c8
www.hotbrunette.club
IP address #1: 104.18.41.200
IP address #2: 104.18.40.200

----- hotbrunette.club -----
Host's addresses:
__________________
hotbrunette.club. 120 IN A 185.159.131.171
Name Servers:
______________
molly.ns.cloudflare.com. 86399 IN A 173.245.58.205

joel.ns.cloudflare.com. 86399 IN A 173.245.59.184
Mail (MX) Servers:

___________________
Trying Zone Transfers and getting Bind Versions:

_________________________________________________
DNS Servers for hotbrunette.club:
joel.ns.cloudflare.com
molly.ns.cloudflare.com

Testing joel.ns.cloudflare.com
Testing molly.ns.cloudflare.com


Nope. Good.
104.18.40.200 www.hotbrunette.club
104.18.41.200 www.hotbrunette.club

104.18.40.0-255 : 1 hostnames found.104.18.41.0-255 : 1 hostnames found.
---------------------------------------------------------------------------
+ Target IP: 185.159.131.171
+ Target Hostname: hotbrunette.club
+ Target Port: 80
+ Start Time: 2017-05-15 23:11:31 (GMT-4)
---------------------------------------------------------------------------
+ Server: nginx
+ Cookie PHPSESSID created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.21
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server leaks inodes via ETags, header found with file /robots.txt, fields:
0x58eaae56 0x41
+ Server banner has changed from 'nginx' to 'nginx/1.4.6 (Ubuntu)' which may
suggest a WAF, load balancer or proxy is in place
positives.
+ DEBUG HTTP verb may show server debugging information. See
http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ ERROR: Error limit (20) reached for host, giving up. Last error: invalid HTTP
response
+ Scan terminated: 4 error(s) and 8 item(s) reported on remote host
---------------------------------------------------------------------------
###################################################################################
####################################################
Hostname superteenz.com ISP Level 3 Communications, Inc. (AS3356)
PA
Country Panama Country Code PA (PAN)
Region Unknown Local time 15 May 2017 23:01 EST
City Unknown Latitude 9
IP Address 200.74.240.209 Longitude -80
superteenz.com
###################################################################################
####################################
whois superteenz.com
Domain Name: SUPERTEENZ.COM

Registrar: BLUE RAZOR DOMAINS, LLC
Whois Server: whois.bluerazor.com
Referral URL: http://www.bluerazor.com
Name Server: NS11.DOMAINCONTROL.COM
Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Updated Date: 02-jan-2017
Creation Date: 28-apr-2014
Expiration Date: 28-apr-2018
Domain Name: SUPERTEENZ.COM

Registry Domain ID: 1856449173_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.bluerazor.com
Registrar URL: http://www.bluerazor.com
Update Date: 2017-01-02T17:02:55Z
Registrar: Blue Razor Domains, LLC
Registrar Abuse Contact Email: abuse@bluerazor.com
http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited
http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited
http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 14455 N. Hayden Road
Registrant City: Scottsdale
Registrant State/Province: Arizona
Registrant Country: US
Registrant Fax Ext:
Registrant Email: SUPERTEENZ.COM@domainsbyproxy.com
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 14455 N. Hayden Road
Admin City: Scottsdale
Admin State/Province: Arizona
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: SUPERTEENZ.COM@domainsbyproxy.com
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 14455 N. Hayden Road
Tech City: Scottsdale
Tech State/Province: Arizona
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: SUPERTEENZ.COM@domainsbyproxy.com
###################################################################################
####################################
;; ANSWER SECTION:
superteenz.com. 3433 IN A 200.74.240.209
superteenz.com. 3600 IN NS ns11.domaincontrol.com.
superteenz.com. 3600 IN NS ns12.domaincontrol.com.
superteenz.com. 3600 IN SOA ns11.domaincontrol.com. dns.jomax.net.
2017051401 28800 7200 604800 600

;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Tue May 16 00:03:05 EDT 2017
###################################################################################
####################################
host -l superteenz.com
;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for superteenz.com

failed: connection refused.
###################################################################################
################################################################
tcptraceroute -i eth0 superteenz.com
Running:
traceroute -T -O info -i eth0 superteenz.com
traceroute to superteenz.com (200.74.240.209), 30 hops max, 60 byte packets
###################################################################################
################################################################

04:03:14, 04:03:14, 04:03:14, 04:03:15, 04:03:15, 04:03:16, 04:03:16, 04:03:16,
04:03:17, 04:03:17, 04:03:17, 04:03:18, 04:03:18, 04:03:19, 04:03:19, 04:03:19,
04:03:20, 04:03:20, 04:03:20, 04:03:21, 04:03:21, 04:03:22, 04:03:22, 04:03:22,
04:03:23, 04:03:23, 04:03:23, 04:03:24, 04:03:24, 04:03:25, 04:03:25, 04:03:25,
04:03:26, 04:03:26, 04:03:27, 04:03:27, 04:03:27, 04:03:28, 04:03:28, 04:03:28,
04:03:29, 04:03:29, 04:03:30, 04:03:30, 04:03:30, 04:03:31, NOT FOUND

superteenz.com does NOT use Load-balancing.
nmap -PN -n -F -T4 -sV -A -oG temp.txt superteenz.com

Nmap scan report for superteenz.com (200.74.240.209)
80/tcp open http Apache httpd
|_http-server-header: Apache
|_http-title: SuperTeenz
3306/tcp open mysql MySQL (unauthorized)
Device type: general purpose|storage-misc|broadband router|router|WAP|media device
Running (JUST GUESSING): Linux 2.6.X|3.X (95%), HP embedded (93%), MikroTik
RouterOS 6.X (91%), Ubiquiti AirOS 5.X (91%), Infomir embedded (90%), Ubiquiti
embedded (90%)
OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3
cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/o:ubnt:airos:5.5.9
cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/h:ubnt:airmax_nanostation
(92%)

HOP RTT ADDRESS
1 30.23 ms 10.42.0.1
2 30.58 ms 162.247.73.3
3 30.99 ms 184.105.64.177
4 ...
5 32.37 ms 4.69.142.113
6 ... 10
11 142.14 ms 200.74.247.4
12 143.62 ms 190.97.165.150
13 165.95 ms 200.74.240.209

###################################################################################
################################################################
amap -i temp.txt
MAPPING mode
Protocol on 200.74.240.209:3306/tcp matches mysql

Protocol on 200.74.240.209:3306/tcp matches mysql-secured
Protocol on 200.74.240.209:80/tcp matches http-apache-2
inetnum: 200.74.240/21
status: allocated
aut-num: N/A
owner: Cyber Cast International, S.A.
ownerid: PA-CCIS-LACNIC
responsible: Cyber Cast Intl
address: Addison House Plaza Suite 20, 507, 264-0852
address: 6-3783 - Panama - PA
country: PA
phone: +507 264-0852 []
owner-c: CCS2
tech-c: CCS2
abuse-c: CCS2
inetrev: 200.74.240/24
nserver: NS1.CYBERCASTCO.COM
nsstat: 20170511 AA
nslastaa: 20170511
nserver: NS2.CYBERCASTCO.COM
nsstat: 20170511 AA
nslastaa: 20170511
created: 20090331
changed: 20090331
nic-hdl: CCS2
person: Cyber Cast International, S.A.
e-mail: abuse@CCIPANAMA.COM
address: Addison House Plaza Suite 20, 507, 264-0852
address: 6-3783 - panama - pa
country: PA
phone: +507 2640852 []
created: 20050405
changed: 20160415
[+] searching (sub)domains for superteenz.com using built-in wordlist
test.superteenz.com
IP address #1: 185.145.131.176
www.superteenz.com
IP address #1: 200.74.240.209

[+] Emails found:
------------------
No emails found

------------------------------------
200.74.240.209:Www.superteenz.com
200.74.240.209:www.superteenz.com
[+] Virtual hosts:
==================
200.74.240.209 rapexxx.net
----- superteenz.com -----
Host's addresses:
__________________
superteenz.com. 3600 IN A 200.74.240.209
Name Servers:
______________
ns11.domaincontrol.com. 548 IN A 216.69.185.6

ns12.domaincontrol.com. 547 IN A 208.109.255.6
Mail (MX) Servers:

___________________
DNS Servers for superteenz.com:
ns12.domaincontrol.com
ns11.domaincontrol.com

Testing ns12.domaincontrol.com
Testing ns11.domaincontrol.com


Nope. Good.
185.145.131.176 test.superteenz.com
200.74.240.209 www.superteenz.com
---------------------------------------------------------------------------
+ Target IP: 200.74.240.209
+ Target Hostname: superteenz.com
+ Target Port: 80
+ Start Time: 2017-05-16 00:03:30 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache
+ Retrieved x-powered-by header: PHP/5.2.17p1
positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially
sensitive information via certain HTTP requests that contain specific QUERY
strings.
+ OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially
strings.
strings.
strings.
+ ERROR: Error limit (20) reached for host, giving up. Last error: error reading
HTTP response
+ Scan terminated: 20 error(s) and 10 item(s) reported on remote host
---------------------------------------------------------------------------
###################################################################################
############################################################
Hostname www.hotgirlsvids.com ISP Swiftway Sp. z o.o. (AS35017)

US
Country United States Country Code US (USA)
Region MT Local time 15 May 2017 23:16 MDT
Metropolis Unknown Postal Code Unknown
IP Address 37.1.213.109 Longitude -112.121
hotgirlsvids.com
###################################################################################
################################################################
whois hotgirlsvids.com
Domain Name: HOTGIRLSVIDS.COM

Registrar: TLD REGISTRAR SOLUTIONS LTD
Whois Server: whois.tldregistrarsolutions.com
Referral URL: http://www.tldregistrarsolutions.com
Name Server: NS-CANADA.TOPDNS.COM
Name Server: NS-UK.TOPDNS.COM
Name Server: NS-USA.TOPDNS.COM
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Updated Date: 21-apr-2017
Creation Date: 15-may-2014
Expiration Date: 15-may-2018
Domain Name: HOTGIRLSVIDS.COM

Registry Domain ID: 1858764190_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tldregistrarsolutions.com
Registrar URL: http://www.tldregistrarsolutions.com
Updated Date: 2015-09-27T09:08:09Z
Registrar: TLD Registrar Solutions Ltd.
Registrar Abuse Contact Email: abuse@tldregistrarsolutions.com
Reseller:
Domain Status: clientTransferProhibited -
http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Domain Admin
Registrant Organization: Whois Privacy Corp.
Registrant Street: Ocean Centre, Montagu Foreshore, East Bay Street
Registrant City: Nassau
Registrant State/Province: New Providence
Registrant Postal Code:
Registrant Country: BS
Registrant Fax:
Registrant Fax Ext:
Registrant Email: hotgirlsvids.com-owner@customers.whoisprivacycorp.com
Registry Admin ID:
Admin Name: Domain Admin
Admin Organization: Whois Privacy Corp.
Admin Street: Ocean Centre, Montagu Foreshore, East Bay Street
Admin City: Nassau
Admin State/Province: New Providence
Admin Postal Code:
Admin Country: BS
Admin Phone: +1.5163872248
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: hotgirlsvids.com-admin@customers.whoisprivacycorp.com
Registry Tech ID:
Tech Name: Domain Admin
Tech Organization: Whois Privacy Corp.
Tech Street: Ocean Centre, Montagu Foreshore, East Bay Street
Tech City: Nassau
Tech State/Province: New Providence
Tech Postal Code:
Tech Country: BS
Tech Phone: +1.5163872248
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: hotgirlsvids.com-tech@customers.whoisprivacycorp.com
Name Server: ns-canada.topdns.com
Name Server: ns-uk.topdns.com
Name Server: ns-usa.topdns.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-05-16T05:17:05Z <<<
###################################################################################
####################################################
dig hotgirlsvids.com any

; <<>> DiG 9.10.3-P4-Debian <<>> hotgirlsvids.com any

;; Got answer:
;hotgirlsvids.com. IN ANY
;; ANSWER SECTION:
hotgirlsvids.com. 7200 IN SOA ns-canada.topdns.com. hostmaster.topdns.com.
2017031101 43200 900 1209600 3600
hotgirlsvids.com. 3600 IN NS ns-canada.topdns.com.
hotgirlsvids.com. 3600 IN NS ns-usa.topdns.com.
hotgirlsvids.com. 3600 IN NS ns-uk.topdns.com.
hotgirlsvids.com. 3600 IN A 37.1.213.109

;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Tue May 16 01:17:04 EDT 2017
###################################################################################
################################################################
host -l hotgirlsvids.com

hotgirlsvids.com failed: connection refused.
###################################################################################
################################################################
tcptraceroute -i eth0 hotgirlsvids.com
Running:
traceroute -T -O info -i eth0 hotgirlsvids.com
traceroute to hotgirlsvids.com (37.1.213.109), 30 hops max, 60 byte packets
dnstracer hotgirlsvids.com
Tracing to hotgirlsvids.com[a] via 192.168.1.254, maximum of 3 retries

192.168.1.254 (192.168.1.254)

05:31:26, 05:31:26, 05:31:26, 05:31:26, 05:31:27, 05:31:27, 05:31:27, 05:31:27,
05:31:27, 05:31:27, 05:31:27, 05:31:28, 05:31:28, 05:31:28, 05:31:28, 05:31:28,
05:31:28, 05:31:28, 05:31:29, 05:31:29, 05:31:29, 05:31:29, 05:31:29, 05:31:29,
05:31:29, 05:31:30, 05:31:30, 05:31:30, 05:31:30, 05:31:30, 05:31:30, 05:31:30,
05:31:31, 05:31:31, 05:31:31, 05:31:31, 05:31:31, 05:31:31, 05:31:31, 05:31:32,
05:31:32, 05:31:32, 05:31:32, 05:31:32, 05:31:32, 05:31:33, NOT FOUND
hotgirlsvids.com does NOT use Load-balancing.
###################################################################################
##################################################
###################################################################################
###################################################
nmap -PN -n -F -T4 -sV -A -oG temp.txt hotgirlsvids.com

Nmap scan report for hotgirlsvids.com (37.1.213.109)
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
| ssh-hostkey:
| 1024 ea:aa:27:08:e4:4f:6e:4f:1c:19:86:95:07:f6:b0:07 (DSA)
|_ 2048 8e:b2:33:bc:b2:be:bd:d7:61:08:db:c4:31:14:06:7e (RSA)
80/tcp open http lighttpd 1.4.37
|_http-server-header: lighttpd/1.4.37
|_http-title: Hot Girls Vids
3306/tcp open mysql MySQL (unauthorized)
Aggressive OS guesses: Linux 3.10 - 4.2 (95%), Linux 3.18 (93%), Linux 3.2 - 4.6
(93%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.4 (92%), Asus RT-AC66U
WAP (92%), Linux 3.10 (92%), Linux 3.11 - 3.12 (92%), Linux 3.2 (92%)

HOP RTT ADDRESS
1 30.49 ms 10.42.0.1
2 30.48 ms 37.1.213.109

###################################################################################
####################################################
amap -i temp.txt
MAPPING mode

Protocol on 37.1.213.109:80/tcp matches http-apache-2
Protocol on 37.1.213.109:3306/tcp matches mysql
Protocol on 37.1.213.109:3306/tcp matches mysql-secured
###################################################################################
####################################################
inetnum: 37.1.208.0 - 37.1.215.255

netname: INFERNO-NL-DE
descr: ********************************************************
descr: * We provide virtual and dedicated servers on this Subnet.
descr: *
descr: * Those services are self managed by our customers
descr: * therefore, we are not using this IP space ourselves
descr: * and it could be assigned to various end customers.
descr: *
descr: * In case of issues related with SPAM, Fraud,
descr: * Phishing, DDoS, portscans or others,
descr: * feel free to contact us with relevant info
descr: * and we will shut down this server: abuse@3nt.com
descr: ********************************************************
country: US
admin-c: TNTS-RIPE
tech-c: TNTS-RIPE
status: ASSIGNED PA
mnt-by: MNT-3NT
mnt-routes: swiftway-mnt
remarks: 3NT Hosting Network
remarks: Technical issues..............: support@3nt.com
remarks: Services request..............: sales@3nt.com
remarks: Abuse departament.............: abuse@3nt.com
remarks: Corporate web site............: http://www.3nt.com
created: 2011-12-13T12:46:29Z
source: RIPE
person: Daniel O'Donoghue

address: 3NT SOLUTIONS LLP
address: 10 GREAT RUSSELL STREET, SUITE 4084
address: WC1B 3BQ, LONDON, UK
phone: +442081333030
abuse-mailbox: abuse@3nt.com
nic-hdl: TNTS-RIPE
mnt-by: MNT-3NT
created: 2011-10-20T12:31:42Z
route: 37.1.208.0/21
descr: DARL-TELECOM
origin: AS35017
mnt-by: AS35017-MNT
created: 2011-12-30T22:32:21Z
[+] searching (sub)domains for hotgirlsvids.com using built-in wordlist
www.hotgirlsvids.com
IP address #1: 37.1.213.109

------------------------------------
37.1.213.109:Www.hotgirlsvids.com
37.1.213.109:www.hotgirlsvids.com
[+] Virtual hosts:
==================
37.1.213.109 Hairlessteenpussy
37.1.213.109 Hairlessteenpussy ?x=8026.0218.4380.
37.1.213.109 hairlessteenpussy
37.1.213.109 www.hairlessteenpussy.com
DNS Servers for hotgirlsvids.com:
ns-canada.topdns.com
ns-usa.topdns.com
ns-uk.topdns.com

Testing ns-canada.topdns.com
Testing ns-usa.topdns.com
Testing ns-uk.topdns.com


Nope. Good.
37.1.213.109 www.hotgirlsvids.com

37.1.213.0-255 : 1 hostnames found.
Host's addresses:
__________________
hotgirlsvids.com. 3482 IN A 37.1.213.109
Name Servers:
______________
ns-canada.topdns.com. 3600 IN A 109.201.142.225

ns-usa.topdns.com. 3600 IN A 108.61.12.163
ns-uk.topdns.com. 3600 IN A 77.247.183.137
ns-uk.topdns.com. 3600 IN A 108.61.150.91
Mail (MX) Servers:

___________________
---------------------------------------------------------------------------
+ Target IP: 37.1.213.109
+ Target Hostname: hotgirlsvids.com
+ Target Port: 80
+ Start Time: 2017-05-16 01:17:28 (GMT-4)
---------------------------------------------------------------------------
+ Server: lighttpd/1.4.37
+ Cookie QQ created without the httponly flag
+ Cookie PP created without the httponly flag
+ Retrieved x-powered-by header: PHP/4.4.9
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: OPTIONS, GET, HEAD, POST
+ OSVDB-5034: /admin/login.php?action=insert&username=test&password=test:
phpAuction may allow user admin accounts to be inserted without proper
authentication. Attempt to log in with user 'test' password 'test' to verify.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially
strings.
strings.
strings.
strings.
+ /admin/login.php: Admin login page/section found.
---------------------------------------------------------------------------
###################################################################################
####################################################
Hostname diddleallsun.top ISP Unknown
Continent Unknown Flag
US
Country United States Country Code US
Region Unknown Local time 16 May 2017 01:14 CDT
IP Address (IPv6) 2400:cb00:2048:1::681c:2d3 Longitude -97.822
diddleallsun.top
###################################################################################
####################################################
whois diddleallsun.top
Domain Name: diddleallsun.top
Domain ID: D20161215G10001G_93750450-TOP
WHOIS Server: whois.publicdomainregistry.com
Referral URL: http://publicdomainregistry.com
Updated Date: 2016-12-17T11:06:50Z
Sponsoring Registrar: PDR Ltd
https://www.icann.org/epp#clientTransferProhibited
Registrant ID: di_62955672
Registrant Name: Howard Williams
Registrant Organization: N/A
Registrant Street: 490 John Daniel Drive
Registrant City: Sturgeon
Registrant State/Province: Montana
Registrant Country: US
Registrant Fax:
Registrant Fax Ext:
Registrant Email: howardwilliams@usa.com
Admin ID: di_62955672
Admin Name: Howard Williams
Admin Organization: N/A
Admin Street: 490 John Daniel Drive
Admin City: Sturgeon
Admin State/Province: Montana
Admin Country: US
Admin Phone: +1.5736876849
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: howardwilliams@usa.com
Tech ID: di_62955672
Tech Name: Howard Williams
Tech Organization: N/A
Tech Street: 490 John Daniel Drive
Tech City: Sturgeon
Tech State/Province: Montana
Tech Country: US
Tech Phone: +1.5736876849
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: howardwilliams@usa.com
Name Server: vita.ns.cloudflare.com
Name Server: roan.ns.cloudflare.com
###################################################################################
####################################################
dig diddleallsun.top any

; <<>> DiG 9.10.3-P4-Debian <<>> diddleallsun.top any

;; Got answer:
;diddleallsun.top. IN ANY
;; ANSWER SECTION:
diddleallsun.top. 3789 IN HINFO "ANY obsoleted" "See draft-ietf-dnsop-refuse-
any"

;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Tue May 16 02:16:03 EDT 2017
###################################################################################
####################################################
host -l diddleallsun.top

diddleallsun.top failed: connection refused.
###################################################################################
####################################################
tcptraceroute -i eth0 diddleallsun.top
Running:
traceroute -T -O info -i eth0 diddleallsun.top
traceroute to diddleallsun.top (104.28.2.211), 30 hops max, 60 byte packets
dnstracer diddleallsun.top
Tracing to diddleallsun.top[a] via 192.168.1.254, maximum of 3 retries

192.168.1.254 (192.168.1.254)
###################################################################################
####################################################

06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23, 06:16:23,
06:16:23, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24, 06:16:24,
06:16:24, 06:16:24, 06:16:24, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:25,
06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:25, 06:16:26, 06:16:26, 06:16:26,
06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:26, 06:16:27,
06:16:27, 06:16:27, 06:16:27, 06:16:27, 06:16:27, 06:16:27, NOT FOUND
Checking for HTTP-Loadbalancing [Diff]: FOUND

< CF-RAY: 35fc3555d7a846ec-EWR
> CF-RAY: 35fc355675af06a9-EWR
diddleallsun.top does Load-balancing. Found via Methods: DNS HTTP[Diff]
###################################################################################
####################################################
nmap -PN -n -F -T4 -sV -A -oG temp.txt diddleallsun.top

Nmap scan report for diddleallsun.top (104.28.2.211)
Other addresses for diddleallsun.top (not scanned): 2400:cb00:2048:1::681c:3d3
2400:cb00:2048:1::681c:2d3 104.28.3.211
Not shown: 92 filtered ports
25/tcp closed smtp
|_http-title: Diddleallsun
135/tcp closed msrpc
139/tcp closed netbios-ssn
|_http-title: Diddleallsun
| Subject Alternative Name: DNS:sni140246.cloudflaressl.com,
DNS:*.angeltaylormakemebelieve.com, DNS:*.beyoncestore.com, DNS:*.consmusic.com,
DNS:*.diddleallsun.top, DNS:*.eggairv.cf, DNS:*.hughpanero.com,
DNS:*.jivepress.com, DNS:*.lojasexy.com, DNS:*.memonian.com, DNS:*.mondotec.it,
DNS:*.nearbyfarmfencing.com, DNS:*.quickieconfessionals.com, DNS:*.rcamusic.com,
DNS:*.sexdene.top, DNS:*.sexleksakerandmalmo.xyz, DNS:*.simonandgarfunkelmusic.com,
DNS:*.sirnewk.cf, DNS:*.slystonemusic.net, DNS:*.summertravels.xyz,
DNS:*.thegossipmusic.com, DNS:*.touaki.com, DNS:*.vgs-gmbh.de, DNS:*.workrec.com,
DNS:angeltaylormakemebelieve.com, DNS:beyoncestore.com, DNS:consmusic.com,
DNS:diddleallsun.top, DNS:eggairv.cf, DNS:hughpanero.com, DNS:jivepress.com,
DNS:lojasexy.com, DNS:memonian.com, DNS:mondotec.it, DNS:nearbyfarmfencing.com,
DNS:quickieconfessionals.com, DNS:rcamusic.com, DNS:sexdene.top,
DNS:sexleksakerandmalmo.xyz, DNS:simonandgarfunkelmusic.com, DNS:sirnewk.cf,
DNS:slystonemusic.net, DNS:summertravels.xyz, DNS:thegossipmusic.com,
DNS:touaki.com, DNS:vgs-gmbh.de, DNS:workrec.com
|_Not valid after: 2017-11-21T23:59:59
445/tcp closed microsoft-ds
|_http-title: diddleallsun.top | 521: Web server is down
|_http-title: diddleallsun.top | 521: Web server is down
| Subject Alternative Name: DNS:sni140246.cloudflaressl.com,
DNS:*.angeltaylormakemebelieve.com, DNS:*.beyoncestore.com, DNS:*.consmusic.com,
DNS:*.diddleallsun.top, DNS:*.eggairv.cf, DNS:*.hughpanero.com,
DNS:*.jivepress.com, DNS:*.lojasexy.com, DNS:*.memonian.com, DNS:*.mondotec.it,
DNS:*.nearbyfarmfencing.com, DNS:*.quickieconfessionals.com, DNS:*.rcamusic.com,
DNS:*.sexdene.top, DNS:*.sexleksakerandmalmo.xyz, DNS:*.simonandgarfunkelmusic.com,
DNS:*.sirnewk.cf, DNS:*.slystonemusic.net, DNS:*.summertravels.xyz,
DNS:*.thegossipmusic.com, DNS:*.touaki.com, DNS:*.vgs-gmbh.de, DNS:*.workrec.com,
DNS:angeltaylormakemebelieve.com, DNS:beyoncestore.com, DNS:consmusic.com,
DNS:diddleallsun.top, DNS:eggairv.cf, DNS:hughpanero.com, DNS:jivepress.com,
DNS:lojasexy.com, DNS:memonian.com, DNS:mondotec.it, DNS:nearbyfarmfencing.com,
DNS:quickieconfessionals.com, DNS:rcamusic.com, DNS:sexdene.top,
DNS:sexleksakerandmalmo.xyz, DNS:simonandgarfunkelmusic.com, DNS:sirnewk.cf,
DNS:slystonemusic.net, DNS:summertravels.xyz, DNS:thegossipmusic.com,
DNS:touaki.com, DNS:vgs-gmbh.de, DNS:workrec.com
|_Not valid after: 2017-11-21T23:59:59
Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt
White Russian 0.9 (Linux 2.4.30) (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (91%),
Linux 3.18 (91%), HP P2000 G3 NAS device (91%), Linux 2.6.32 (90%), ProVision-ISR
security DVR (90%), Linux 3.0 (89%), Linux 3.12 - 3.18 (89%), Linux 2.4.18 (88%)

HOP RTT ADDRESS
1 31.66 ms 10.42.0.1
2 31.40 ms 104.28.2.211
###################################################################################
####################################################
amap -i temp.txt
MAPPING mode

###################################################################################
####################################################
NetRange: 104.16.0.0 - 104.31.255.255

CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2017-02-17
Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1
OrgName: Cloudflare, Inc.

OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2017-02-17
Ref: https://whois.arin.net/rest/org/CLOUD14
OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: admin@cloudflare.com
OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
OrgNOCHandle: NOC11962-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN
RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN
RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: admin@cloudflare.com
RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN
www.diddleallsun.top
IPv6 address #1: 2400:cb00:2048:1::681c:2d3
IPv6 address #2: 2400:cb00:2048:1::681c:3d3
www.diddleallsun.top
IP address #1: 104.28.3.211
IP address #2: 104.28.2.211
------------------------------------
104.28.3.211:www.diddleallsun.top
[+] Virtual hosts:
==================
104.28.3.211 www.pertinentbeauty.com
104.28.3.211 salonadvantage
104.28.3.211 salonadvantageonline.com
104.28.3.211 sketchydesi
104.28.3.211 alpinelodgeresort.com
104.28.3.211 liamwachter
104.28.3.211 www.fbslaos.com
104.28.3.211 terraceboating
104.28.3.211 onnex.cc
104.28.3.211 www.documenta.cloud
104.28.3.211 proteqsit
104.28.3.211 www.startechup
104.28.3.211 asm.com.jo
104.28.3.211 www.matadoradvisors
104.28.3.211 treatyourownpain.com
104.28.3.211 www.oobeoo.com
104.28.3.211 blueknightsnyxi.net
104.28.3.211 www.meandyouis.us
104.28.3.211 www.meandyouis.us
104.28.3.211 treatyourownpain
104.28.3.211 csk7788.net
104.28.3.211 www.gregnilsen
104.28.3.211 www.startechup.com
104.28.3.211 www.ocpsbuildinginspections
104.28.3.211 www.matadoradvisors.com
104.28.3.211 sketchydesi.com
104.28.3.211 www.situskreatif.com
104.28.3.211 ancuhanoi.com
104.28.3.211 www.rideudstyrszonen.dk
104.28.3.211 www.livingins.com
104.28.3.211 www.zorlakaybedilenler.org
104.28.3.211 womensneakersonline.com
104.28.3.211 bia2winbet.net
104.28.3.211 fabplus.altervista.org
104.28.3.211 tropicalivefishecuador.com
104.28.3.211 www.farmingkenya.org
104.28.3.211 comerciolocalnavarra.com
104.28.3.211 adiaw.com
104.28.3.211 www.video4u.net
104.28.3.211 togel17plus.com
104.28.3.211 cheapesttimehome.club
104.28.3.211 www.sogexpo-international
104.28.3.211 www.jamesewelch.com
104.28.3.211 chantalvtcira.tk
104.28.3.211 www.fireflycafe.org
104.28.3.211 miesiecznica.com
104.28.3.211 elrinconcurioso.com
104.28.3.211 www.backtoschool.rs
104.28.3.211 www.zeromania.com.br
104.28.3.211 www.aedspy.n
DNS Servers for diddleallsun.top:
roan.ns.cloudflare.com
vita.ns.cloudflare.com

Testing roan.ns.cloudflare.com
Testing vita.ns.cloudflare.com


Nope. Good.
104.28.3.211 www.diddleallsun.top
104.28.2.211 www.diddleallsun.top

----- diddleallsun.top -----
Host's addresses:
__________________
diddleallsun.top. 120 IN A 104.28.2.211

diddleallsun.top. 120 IN A 104.28.3.211
Name Servers:
______________
vita.ns.cloudflare.com. 86121 IN A 173.245.58.238

roan.ns.cloudflare.com. 86121 IN A 173.245.59.226
-----------------------------------------------------------------------------------
----------------------------------------------------
+ Target IP: 104.28.2.211
+ Target Hostname: diddleallsun.top
+ Target Port: 80
+ Start Time: 2017-05-16 02:16:57 (GMT-4)
-----------------------------------------------------------------------------------
----------------------------------------------------
+ Server: cloudflare-nginx
+ Uncommon header 'cf-ray' found, with contents: 35fc365d7263189a-EWR
+ All CGI directories 'found', use '-C none' to test none
+ Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a
WAF, load balancer or proxy is in place
-----------------------------------------------------------------------------------
----------------------------------------------------

OP DeathEathers Full Recon JTSEC Anonymous #5

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OP DeathEathers Full Recon JTSEC Anonymous #5

Uploaded by

Copyright:

Available Formats

Hostname punylolly.

club ISP JSC ISPsystem (AS29182)

dig punylolly.club any

; <<>> DiG 9.10.3-P4-Debian <<>> punylolly.club any

;; Query time: 54 msec

;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for punylolly.club

Tracing to punylolly.club[a] via 192.168.1.254, maximum of 3 retries

Checking for HTTP-Loadbalancing [Date]: 01:53:15, 01:53:15, 01:53:16, 01:53:16,

Checking for HTTP-Loadbalancing [Diff]: NOT FOUND

punylolly.club does NOT use Load-balancing.

nmap -PN -n -F -T4 -sV -A -oG temp.txt punylolly.club

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 21:53 EDT

TRACEROUTE (using port 1723/tcp)

OS and Service detection performed. Please report any incorrect results at

Protocol on 185.60.134.250:80/tcp matches http

Unidentified ports: none.

amap v5.4 finished at 2017-05-15 21:54:07

inetnum: 185.60.134.0 - 185.60.135.255

role: The First JSC Network Operations

% Information related to '185.60.134.0/23AS29182'

[+] 1 (sub)domains and 1 IP address(es) found

[+] Hosts found in search engines:

punylolly.club. 3600 IN A 185.60.134.250

ns1.zonomi.com. 5497 IN A 45.79.211.52

Mail (MX) Servers:

punylolly.club. 3600 IN A 185.60.134.250

Trying zone transfer first...

Unsuccessful in zone transfer (it was worth a shot)

Checking for wildcard DNS...

Subnets found (may want to probe here using nmap or unicornscan):

Whois Server Version 2.0

Domain Name: SEXYGIRLSPORNTUBE.NET

Domain Name: SEXYGIRLSPORNTUBE.NET

dig sexygirlsporntube.net any

; <<>> DiG 9.10.3-P4-Debian <<>> sexygirlsporntube.net any

;; Query time: 33 msec

Tracing to sexygirlsporntube.net[a] via 192.168.1.254, maximum of 3 retries

Checking for HTTP-Loadbalancing [Date]: 02:33:40, 02:33:40, 02:33:40, 02:33:40,

Checking for HTTP-Loadbalancing [Diff]: FOUND

sexygirlsporntube.net does Load-balancing. Found via Methods: DNS HTTP[Diff]

nmap -PN -n -F -T4 -sV -A -oG temp.txt sexygirlsporntube.net

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 22:33 EDT

TRACEROUTE (using port 25/tcp)

OS and Service detection performed. Please report any incorrect results at

Protocol on 104.28.4.162:443/tcp matches http

Unidentified ports: none.

amap v5.4 finished at 2017-05-15 22:34:06

NetRange: 104.16.0.0 - 104.31.255.255

OrgName: Cloudflare, Inc.

Trying zone transfer first...

Unsuccessful in zone transfer (it was worth a shot)

rudy.ns.cloudflare.com. 85814 IN A 173.245.59.229

Mail (MX) Servers:

Trying Zone Transfers and getting Bind Versions:

;; Query time: 34 msec

;; Connection to 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53) for

tcptraceroute -i eth0 hotbrunette.club

./Recon.sh: ligne 44 : cd: /pentest/enumeration/dnsenum: Aucun fichier ou dossier

Tracing to hotbrunette.club[a] via 192.168.1.254, maximum of 3 retries

Checking for HTTP-Loadbalancing [Date]: 03:10:35, 03:10:36, 03:10:36, 03:10:37,

Checking for HTTP-Loadbalancing [Diff]: NOT FOUND

nmap -PN -n -F -T4 -sV -A -oG temp.txt hotbrunette.club

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 23:13 EDT