API tools faq
paste
Advertisement
blackhat_global

#OpYesBackpage

blackhat_global
Jul 4th, 2020 (edited)
5,698
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.83 KB | None | 0 0
raw download clone embed print report
  1. | |__ | | __ _ ___| | _| |__ __ _| |_ __ _| | ___ | |__ __ _| |
  2. | '_ \| |/ _` |/ __| |/ / '_ \ / _` | __| / _` | |/ _ \| '_ \ / _` | |
  3. | |_) | | (_| | (__| <| | | | (_| | |_ | (_| | | (_) | |_) | (_| | |
  4. |_.__/|_|\__,_|\___|_|\_\_| |_|\__,_|\__| \__, |_|\___/|_.__/ \__,_|_|
  5. |___/
  6. TARGET: https://www.yesbackpage.com/
  7.  
  8. https://ibb.co/n8C3ptz
  9. https://ibb.co/T8z65WP
  10. https://ibb.co/g6pW0Lb
  11. https://ibb.co/bXNc10w
  12. https://ibb.co/3Tjb9y1
  13. https://ibb.co/Rysf0ht
  14. https://ibb.co/1MMNYb3
  15. https://ibb.co/WkRCJJQ
  16. https://ibb.co/612SRnT
  17. https://ibb.co/7Cpm0SM
  18.  
  19. email address:
  20. https://www.yesbackpage.com/contact-us
  21.  
  22. Registrar:
  23. https://yesbackpage.com.ipaddress.com/
  24.  
  25. domain history:
  26.  
  27. https://securitytrails.com/domain/yesbackpage.com/history/a
  28.  
  29. What does that means?
  30.  
  31. Imagine the website originally had the IP Address:
  32.  
  33. 199.188.200.48
  34.  
  35. then passed to the next IP Address:
  36.  
  37. 136.144.132.31
  38.  
  39. We can ignore the IP Addresses that are shown as 1 day only cause they switched from one IP to the other.
  40. So please ignore the 1 day IP Addresses history.
  41.  
  42. Finally they passed to the Cloudflare DNS.
  43.  
  44. Now the Cloudflare DNS masquerade the real IP Address of the website.
  45.  
  46. Cloudflare self doesn't host the website.
  47. They only host the DNS of the website.
  48.  
  49. So everytime you navigate the website you'll always see Cloudflare DNS but the webhost is not there.
  50.  
  51.  
  52. Domain Creation Date April 11, 2018
  53.  
  54. What are YesBackpage.com's nameservers?
  55. DNS for YesBackpage.com is provided by the nameservers
  56.  
  57. clark.ns.cloudflare.com
  58.  
  59. and
  60.  
  61. liv.ns.cloudflare.com.
  62.  
  63. Who is the registrar for the YesBackpage.com domain?
  64. The domain has been registered at Key-Systems GmbH. You can visit the registrar's website at http://www.key-systems.net.
  65. The registrar's WHOIS server can be reached at whois.rrpproxy.net.
  66.  
  67. Site is registered in Germany by Key-Systems GmbH.
  68.  
  69. This is their WebHosting Company:
  70.  
  71. https://www.key-systems.net/
  72.  
  73. and this is the NameCheap for the Domain Name:
  74.  
  75. http://dc-7a362e5dec9e.yes back page.com/cgi-sys/defaultwebpage.cgi
  76.  
  77. IP address: 198.187.29.237
  78.  
  79. Reverse DNS (PTR record)
  80.  
  81. business17-1.web- hosting.com
  82.  
  83. https://www.shodan.io/host/198.187.29.237
  84.  
  85. https://www.ipneighbour.com/#/lookup/business17-1.web-hosting.com
  86.  
  87. https://www.dailydot.com/irl/mailchimp-sex-trafficking-lawsuit/
  88.  
  89.  
  90. [*] Searching Twitter usernames using Google.
  91.  
  92. [*] Users found: 17
  93. ---------------------
  94. @Aryaunna_heart
  95. @BeauchampNaomie
  96. @Jessi4BBC1
  97. @MistressMiaVon
  98. @Nick_Ramsy
  99. @RisaJenner
  100. @TheMistressNova
  101. @TheYesBackpage
  102. @WarrenB850
  103. @bigtsbitches
  104. @dearmasarmando
  105. @denisecouponer
  106. @mabe_misty
  107. @mskarinsin
  108. @sinndatruth
  109. @trt_FAMU
  110.  
  111.  
  112. https://www.whatruns.com/website/yesbackpage.com
  113.  
  114. Technologies Used by Yesbackpage.com
  115.  
  116. Web Framework
  117. Bootstrap
  118.  
  119. Tag Managers
  120. Google Tag Manager
  121.  
  122. Javascript Frameworks
  123. jQuery 1.4.1
  124.  
  125. Web Server
  126. Apache 2.4.23
  127.  
  128.  
  129. https://censys.io/ipv4/149.210.248.3
  130. https://censys.io/ipv4/149.210.248.4
  131. https://censys.io/ipv4/149.210.248.98
  132. https://censys.io/ipv4/149.210.248.99
  133.  
  134.  
  135.  
  136. root@blackbox:/opt/WhatWeb# amass enum -d yesbackpage.de
  137. mail.yesbackpage.de
  138. sendmail.yesbackpage.de
  139. webmail.yesbackpage.de
  140. newhosting.yesbackpage.de
  141. hostingserver.yesbackpage.de
  142. dc-d3321fe7c60f.yesbackpage.de
  143. yesbackpage.de
  144. www.yesbackpage.de
  145.  
  146. OWASP Amass v3.1.10 https://github.com/OWASP/Amass
  147. --------------------------------------------------------------------------------
  148. 8 names discovered - api: 4, cert: 2, dns: 2
  149. --------------------------------------------------------------------------------
  150. ASN: 13335 - CLOUDFLARENET
  151. 104.26.0.0/20 12 Subdomain Name(s)
  152. 172.67.64.0/20 5 Subdomain Name(s)
  153. 2606:4700:20::/44 15 Subdomain Name(s)
  154. ASN: 22612 - NAMECHEAP-NET
  155. 198.187.29.0/24 1 Subdomain Name(s)
  156.  
  157.  
  158. https://www.shodan.io/search?query=hostingserver.yesbackpage.de
  159.  
  160. https://www.shodan.io/host/149.210.248.3
  161.  
  162. root@blackbox:/opt# dmitry -winsepfb host hostingserver.yesbackpage.de
  163. Deepmagic Information Gathering Tool
  164. "There be some deep magic going on"
  165.  
  166. HostIP:149.210.248.98
  167. HostName:hostingserver.yesbackpage.de
  168.  
  169. Gathered Inet-whois information for 149.210.248.98
  170. ---------------------------------
  171.  
  172.  
  173. inetnum: 149.210.248.0 - 149.210.248.255
  174. netname: TRANSIP-NL-VPS-POD5-AMS4-CUSTOMERS
  175. descr:
  176. country: NL
  177. admin-c: IPRO1-RIPE
  178. tech-c: IPRO1-RIPE
  179. status: ASSIGNED PA
  180. remarks: -------------------------------------------------------
  181. remarks: Network abuse reports: [email protected]
  182. remarks: NOC and contact details: http://www.transip.nl/contact/
  183. remarks: -------------------------------------------------------
  184. mnt-by: TRANSIP-MNT
  185. mnt-lower: TRANSIP-MNT
  186. mnt-routes: TRANSIP-MNT
  187. created: 2018-02-05T15:01:34Z
  188. last-modified: 2018-02-05T15:01:34Z
  189. source: RIPE
  190.  
  191. role: TransIP B.V. Admin
  192. address: Schipholweg 9B
  193. address: 2316 XB Leiden
  194. address: NL
  195. remarks: -------------------------------------------------------
  196. remarks: Network abuse reports: [email protected]
  197. remarks: NOC and contact details: http://www.transip.nl/contact/
  198. remarks: -------------------------------------------------------
  199. phone: +31 71 524 1919
  200. fax-no: +31 71 524 1918
  201. abuse-mailbox: [email protected]
  202. admin-c: RSK48-RIPE
  203. tech-c: IPRS1-RIPE
  204. nic-hdl: IPRO1-RIPE
  205. mnt-by: TRANSIP-MNT
  206. created: 2003-05-10T09:33:07Z
  207. last-modified: 2018-02-18T14:20:18Z
  208. source: RIPE # Filtered
  209.  
  210. % Information related to '149.210.128.0/17AS20857'
  211.  
  212. route: 149.210.128.0/17
  213. descr: TransIP BV
  214. descr: Amsterdam, The Netherlands
  215. origin: AS20857
  216. mnt-by: TRANSIP-MNT
  217. mnt-lower: TRANSIP-MNT
  218. mnt-routes: TRANSIP-MNT
  219. created: 2013-04-12T15:07:15Z
  220. last-modified: 2013-04-12T15:07:15Z
  221. source: RIPE # Filtered
  222.  
  223. % This query was served by the RIPE Database Query Service version 1.97.1 (ANGUS)
  224.  
  225.  
  226. Gathered TCP Port information for 149.210.248.98
  227. ---------------------------------
  228.  
  229. Port State
  230.  
  231. 21/tcp open
  232. >> 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
  233. 220-You are user number 1 of 50 allowed.
  234. 220-Local time is now 0���b
  235. 22/tcp open
  236. >> SSH-2.0-OpenSSH_7.4
  237.  
  238. 53/tcp open
  239.  
  240. Portscan Finished: Scanned 150 ports, 98 ports were in state closed
  241.  
  242.  
  243.  
  244. http://hostingserver.yesbackpage.de/domainnotknown.html
  245. Hostnames newhosting.yesbackpage.de
  246.  
  247.  
  248.  
  249. root@blackbox:/opt# nmap -A -Pn 149.210.248.3
  250. Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-05 14:05 CDT
  251. Nmap scan report for newhosting.yesbackpage.de (149.210.248.3)
  252. Host is up (0.13s latency).
  253. Not shown: 988 filtered ports
  254. PORT STATE SERVICE VERSION
  255. 21/tcp open ftp Pure-FTPd
  256. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
  257. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
  258. | Not valid before: 2019-11-06T19:23:11
  259. |_Not valid after: 2020-11-05T19:23:11
  260. |_ssl-date: TLS randomness does not represent time
  261.  
  262. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
  263. | ssh-hostkey:
  264. | 2048 4d:dd:1a:1e:36:7b:97:7e:64:43:6f:10:1e:d4:ae:7b (RSA)
  265. | 256 23:b9:77:f9:3d:46:1c:26:e1:b4:82:29:c3:8f:8b:1a (ECDSA)
  266. |_ 256 17:43:31:05:08:cd:e9:dc:90:b8:7e:74:67:90:a6:cb (ED25519)
  267.  
  268. 53/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
  269. | dns-nsid:
  270. |_ bind.version: 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6
  271.  
  272. 80/tcp open http Apache httpd
  273. |_http-server-header: Apache
  274. | http-title: 404 Not Found
  275. |_Requested resource was http://hostingserver.yesbackpage.de/domainnotknown.html
  276.  
  277. 110/tcp open pop3 Dovecot pop3d
  278. |_pop3-capabilities: CAPA USER PIPELINING SASL(PLAIN LOGIN) RESP-CODES TOP UIDL STLS AUTH-RESP-CODE
  279. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
  280. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
  281. | Not valid before: 2019-11-06T19:23:10
  282. |_Not valid after: 2020-11-05T19:23:10
  283.  
  284. 143/tcp open imap Dovecot imapd
  285. |_imap-capabilities: LOGIN-REFERRALS AUTH=LOGINA0001 IMAP4rev1 more Pre-login have listed NAMESPACE AUTH=PLAIN STARTTLS OK ID ENABLE IDLE post-login SASL-IR LITERAL+ capabilities
  286. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
  287. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
  288. | Not valid before: 2019-11-06T19:23:10
  289. |_Not valid after: 2020-11-05T19:23:10
  290.  
  291. 443/tcp open http Apache httpd
  292. |_http-server-header: Apache
  293. |_http-title: Did not follow redirect to http://hostingserver.yesbackpage.de/domainnotknown.html
  294.  
  295. 465/tcp open ssl/smtp Exim smtpd 4.93
  296. | smtp-commands: hostingserver.yesbackpage.de Hello newhosting.yesbackpage.de [82.102.16.196], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
  297. |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  298. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
  299. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
  300. | Not valid before: 2019-11-06T19:23:10
  301. |_Not valid after: 2020-11-05T19:23:10
  302.  
  303. 587/tcp open smtp Exim smtpd 4.93
  304. | smtp-commands: hostingserver.yesbackpage.de Hello newhosting.yesbackpage.de [82.102.16.196], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
  305. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  306. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
  307. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
  308. | Not valid before: 2019-11-06T19:23:10
  309. |_Not valid after: 2020-11-05T19:23:10
  310.  
  311. 993/tcp open imaps?
  312. |_imap-capabilities: LOGIN-REFERRALS AUTH=LOGINA0001 IMAP4rev1 more Pre-login have listed NAMESPACE post-login OK ID ENABLE IDLE AUTH=PLAIN SASL-IR LITERAL+ capabilities
  313. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
  314. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
  315. | Not valid before: 2019-11-06T19:23:10
  316. |_Not valid after: 2020-11-05T19:23:10
  317.  
  318. 995/tcp open pop3s?
  319. |_pop3-capabilities: TOP PIPELINING SASL(PLAIN LOGIN) RESP-CODES USER UIDL AUTH-RESP-CODE CAPA
  320. | ssl-cert: Subject: commonName=hostingserver.yesbackpage.de
  321. | Subject Alternative Name: DNS:hostingserver.yesbackpage.de
  322. | Not valid before: 2019-11-06T19:23:10
  323. |_Not valid after: 2020-11-05T19:23:10
  324. Device type: general purpose|storage-misc|firewall
  325. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (92%), Synology DiskStation Manager 5.X (85%), WatchGuard Fireware 11.X (85%)
  326. OS CPE: cpe:/o:linux:linux_kernel:4.0 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8
  327. Aggressive OS guesses: Linux 4.0 (92%), Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 3.10 (90%), Linux 3.10 - 3.16 (90%), Linux 4.9 (89%), Linux 3.11 - 4.1 (86%), Linux 3.16 (86%), Linux 2.6.32 or 3.10 (86%), Linux 4.2 (86%)
  328. No exact OS matches for host (test conditions non-ideal).
  329. Network Distance: 11 hops
  330. Service Info: Host: hostingserver.yesbackpage.de; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
  331.  
  332. TRACEROUTE (using port 20/tcp)
  333. HOP RTT ADDRESS
  334. 1 150.55 ms 10.16.0.1
  335. 2 ...
  336. 3 150.67 ms vlan164.as11.fra4.de.m247.com (82.102.16.193)
  337. 4 150.67 ms vlan2917.agg1.fra4.de.m247.com (212.103.51.190)
  338. 5 150.70 ms vlan299.bb2.fra1.de.m247.com (185.206.226.92)
  339. 6 150.70 ms te0-0-0-9.agr21.fra06.atlas.cogentco.com (149.11.20.249)
  340. 7 150.72 ms be2844.rcr22.fra06.atlas.cogentco.com (130.117.0.29)
  341. 8 150.72 ms be2846.ccr42.fra03.atlas.cogentco.com (154.54.37.29)
  342. 9 ...
  343. 10 79.39 ms be2456.rcr21.b015960-1.ams03.atlas.cogentco.com (130.117.49.146)
  344. 11 137.41 ms newhosting.yesbackpage.de (149.210.248.3)
  345.  
  346. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  347. Nmap done: 1 IP address (1 host up) scanned in 174.33 seconds
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!