...                            
             ;::::;                           
           ;::::; :;                          
         ;:::::'   :;                        
        ;:::::;     ;.                        
       ,:::::'       ;           OOO\         
       ::::::;       ;          OOOOO\        
       ;:::::;       ;         OOOOOOOO       
      ,;::::::;     ;'         / OOOOOOO      
    ;:::::::::`. ,,,;.        /  / DOOOOOO    
  .';:::::::::::::::::;,     /  /     DOOOO   
 ,::::::;::::::;;;;::::;,   /  /        DOOO  
;`::::::`'::::::;;;::::: ,#/  /          DOOO 
:`:::::::`;::::::;;::: ;::#  /            DOOO
::`:::::::`;:::::::: ;::::# /              DOO
`:`:::::::`;:::::: ;::::::#/               DOO
 :::`:::::::`;; ;:::::::::##                OO
 ::::`:::::::`;::::::::;:::#                OO
 `:::::`::::::::::::;'`:;::#                O 
  `:::::`::::::::;' /  / `:#                  
   ::::::`:::::;'  /  /   `#    
===================================================================================
    ____  ____ _  __ __________     ______  __
   / __ \/ __ \ |/ // ____/ __ \   / __ ) \/ /
  / / / / / / /   // __/ / / / /  / __  |\  / 
 / /_/ / /_/ /   |/ /___/ /_/ /  / /_/ / / /  
/________________/___________/________/ /_/   
  / ___/_  __/   | / ____/ / / / ____/        
  \__ \ / / / /| |/ /   / /_/ / __/           
 ___/ // / / ___ / /___/ __  / /___           
/____//_/ /_/  |_\____/_/ /_/_____/
date: 10/06/2020
contact: stache@xmpp-hosting.de [xmpp && email]           
message my email for my public pgp key                                
===================================================================================
???? Reason:
???? Anthrax aka ScottOFS aka TheGeneral thought it was appropriate to scam me
???? and many others on ogusers with "stolen paypal accounts"
???? Be aware he sends payments as family and friends but the payments get pulled.
===================================================================================
Name:   Scott Lawree 
        [name was attached to paypal acc scott@atlas-digital.net before removed]
DOB:    March 1999 [electrical roll]
pic:    https://prnt.sc/swxq1v [old cached pic from 2014]
        https://prnt.sc/swxqca [old cached pic from uc date]
phone:  07*****2163 [network UC]
emails: scott@atlas-digital.net,, payments@atlas-digital.net [leaked discord messages]
VCC:    mastercard: 0795 [virutal card] [attached to paypal]
        mastercard: 0430 [virutal card] [attached to paypal]
VBA:    account number ends in 94,, sort code; UC [guessing it could be 04-00-04 due to prepaid card]

        all the cards / banks are prepaid / virtual cards 
        all provided by Prepaid Technologies Company, Inc.
        website: https://www.in-prepaid.com/

more info on who provides him the virtual accounts:
https://beta.companieshouse.gov.uk/company/04008083
[going to be sending an email regarding his activites]
===================================================================================     
accounts:
snapchat:  scott_tg
           email: UC
youtube:   https://www.youtube.com/channel/UC5f0oDbVYhzGsD_7vxKst1Q
instagram: https://www.instagram.com/socialise/
           email: scott@atlas-digital.net
           Has mobile 2FA on
steam:     https://steamcommunity.com/id/frightful/
           He had the names ScottOFS, Anthrax, TheGeneral and also the TheGeneral™ 
           before removing all names and going private.
Skeet:     CaronaViyrus [banned due to the same reasons of dox]

Steam ID: STEAM_0:1:451276846
Steam3: [U:1:902553693]
Community ID: 76561198862819421
Custom URL: frightful
Url history: https://steamid.uk/url/frightful
SteamID URLhttps://steamid.uk/profile/76561198862819421
Community URLhttps://steamcommunity.com/profiles/76561198862819421

Used nicknames
Seen on 	Nickname
2020-06-10 04:40:47 	ssssssssss [day of going private]
2020-04-17 20:12:36 	CS:GO

discord: Deleted User 32503d1l#4157 
         - email on account was scott@atlas-digital.net
[we got it sus'd due to him leaking personal information about stux and publishing the old sinlyxe.cc database]

===================================================================================
Addy:   5 Tiverton St
        Liverpool 
        L15 4LR
        United Kingdom
Pic:    https://prnt.sc/swx1v1

Residents Provided by uk.gov electrical roll
   - Scott J Lawree [March 1999] [Last voted 2018]
   - Laura Mae Lawree [June 1974] [Last voted: UC]
   - Lee E Lawree [Jan 1979] [Last voted: 2018]

Random Info;
House Value: £114k [BASED ON JUNE 2020]
Bedrooms:    3 bedrooms
Bathrooms:   1 bathrooms
General:     2 reception rooms

PAST SALES: 

sold on 16th Mar 2012: £99,950 [This is when the Lawree family moved in]
https://www.zoopla.co.uk/property-history/5-tiverton-street/wavertree/liverpool/l15-4lr/20806104
Marketed by Move Residential

sold on 14th Feb 2012: £85,000
https://www.zoopla.co.uk/property-history/5-tiverton-street/wavertree/liverpool/l15-4lr/21065424
Marketed by Entwistle Green - Allerton Sales

===================================================================================   
IP information and Database Entries
IP: 2.219.198.76
Known Passwords; LiverpoolFC1, LiverpoolFC123! 

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '2.219.0.0 - 2.219.255.255'

% Abuse contact for '2.219.0.0 - 2.219.255.255' is 'abuse@sky.uk'

inetnum:        2.219.0.0 - 2.219.255.255
netname:        BSKYB-BROADBAND
descr:          Sky UK Limited
country:        GB
mnt-by:         BSKYB-BROADBAND-MNT
admin-c:        BBH-RIPE
tech-c:         BBH-RIPE
status:         ASSIGNED PA
remarks:        Please send abuse notifications to abuse@sky.uk
created:        2011-03-29T12:19:11Z
last-modified:  2016-06-17T14:30:26Z
source:         RIPE # Filtered

role:           Sky UK Broadband Hostmaster
address:        Sky Network Services
address:        1 Brick Lane
address:        London
address:        E1 6PU
address:        UK
phone:          +44 20 7032 7000
fax-no:         +44 20 7900 7812
admin-c:        NIKO7-RIPE
tech-c:         MIVS1-RIPE
nic-hdl:        BBH-RIPE
abuse-mailbox:  abuse@sky.uk
mnt-by:         BSKYB-BROADBAND-MNT
created:        2006-07-07T09:21:33Z
last-modified:  2018-12-12T16:18:33Z
source:         RIPE # Filtered

% Information related to '2.216.0.0/13AS5607'

route:          2.216.0.0/13
descr:          Sky Broadband
origin:         AS5607
mnt-by:         BSKYB-BROADBAND-MNT
created:        2010-12-03T12:25:09Z
last-modified:  2015-08-17T16:30:13Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.97.1 (WAGYU)

IP Address:	2.219.198.76
[IP Blacklist Check]
Reverse DNS:	76.198.219.2.in-addr.arpa
Hostname:	02dbc64c.bb.sky.com
Nameservers:	
edns1.ultradns.com >> 204.74.66.1
edns1.ultradns.org >> 204.74.111.1
ns1.isp.sky.com >> 90.207.238.102
edns1.ultradns.net >> 204.74.110.1
ns0.isp.sky.com >> 90.207.238.101
edns1.ultradns.biz >> 204.74.67.1
Location For an IP: 2.219.198.76
Continent:	Europe (EU)
Country:	United Kingdom   IP Location Find In United Kingdom (GB)
Capital:	London
State:	Liverpool
City Location:	Liverpool
Postal:	L18
ISP:	Sky Broadband
Organization:	Sky Broadband
AS Number:	AS5607 Sky UK Limited

DATABASE ENTRIES [some maybe false]: 
kingANTH,scott@atlas-digital.net,,2.219.198.76
(34, 'ROLE_USER', 'pOCUpjy8tq6J5pC7eV8YEyZ/kUrYrpnx2WU4/MdwKQsgwYBka9kw092NK9h82D7nbfOsIKUgt0JDs62Q==', 'b74c938992ami232244f32717d89', 'KingAnth', 5000, 15.1, 1, 0),
[16:14:12] [Client thread/INFO]: [CHAT] |29  |2020-05-17 08:30:46.161|SLawree      |068629ba-e9a7-4e32-8287-7ad42kwj288 |2.219.198.76 |

  {

    "id": "48",

    "username": "anthrax",

    "password": "LiverpoolFC1",

    "hwid": "aa9c47d3ef05ac4a614f37241239dfcbe8b6ce9a44daf3d1dbc94ff00e",

    "reg_date": "2018-06-11 12:57:42"

  },

  {

    "id": "539",

    "username": "ScottOFS",

    "password": "LiverpoolFC123!",

    "hwid": "aa9c47d3ef05ac4a614f37241239dfcbe8b6ce9a44daf3d1dbc94ff00e",

    "reg_date": "2019-12-11 12:57:42"

  },


===================================================================================   

Domain: https://atlas-digital.net
Used for his emails, not sure what the index is about.
His whois info is private, namecheap is the domain registrar.


MISC:
NSE: Loaded 40 scripts for scanning. 
Initiating Ping Scan at 05:12 
Scanning atlas-digital.net (68.65.122.157) [4 ports] 
Completed Ping Scan at 05:12, 0.28s elapsed (1 total hosts) 
Initiating SYN Stealth Scan at 05:12 
Scanning atlas-digital.net (68.65.122.157) [100 ports] 
Discovered open port 993/tcp on 68.65.122.157 
Discovered open port 53/tcp on 68.65.122.157 
Discovered open port 21/tcp on 68.65.122.157 
Discovered open port 995/tcp on 68.65.122.157 
Discovered open port 587/tcp on 68.65.122.157 
Discovered open port 443/tcp on 68.65.122.157 
Discovered open port 110/tcp on 68.65.122.157 
Discovered open port 80/tcp on 68.65.122.157 
Discovered open port 25/tcp on 68.65.122.157 
Discovered open port 143/tcp on 68.65.122.157 
Discovered open port 26/tcp on 68.65.122.157 
Discovered open port 465/tcp on 68.65.122.157 
Completed SYN Stealth Scan at 05:12, 2.60s elapse

Port Number 	State 	Service Name 	Service Product 	Service Version 	Service Extra Info 	
21 	    open 	ftp 	Pure-FTPd 			
25 	    open 	smtp 				
26 	    open 	smtp 	Exim smtpd 	4.93 		
53 	    open 	domain 	ISC BIND 	9.8.2rc1 		
80 	    open	http 	HAProxy http proxy 	1.3.1 or later 		
110 	open 	pop3 	Dovecot pop3d 			
143 	open 	imap 	Dovecot imapd 			
443 	open	https 	HAProxy http proxy 	1.3.1 or later 		
465 	open 	smtp 	Exim smtpd 	4.93 		
587 	open 	smtp 	Exim smtpd 	4.93 		
993 	open 	imap 	Dovecot imapd 			
995 	open 	pop3 	Dovecot pop3d 	

Missing HTTP security headers:

HTTP Security   Header	Header Role	Status
X-Frame-Options	Protects against Click jacking attacks	Not set
X-XSS-Protection	Mitigates Cross-Site Scripting (XSS) attacks	Not set
Strict-Transport-Security	Protects against man-in-the-middle attacks	Not set
X-Content-Type-Options	Prevents possible phishing or XSS attacks	Not set

Server software and technology found
Software / Version	Category
Apache Web Servers


WHO IS INFORMATION
whois:atlas-digital.net  

Name 	Value
Registrar 	NameCheap, Inc.
Name Server 	DNS1.NAMECHEAPHOSTING.COM
Name Server 	DNS2.NAMECHEAPHOSTING.COM
Name 	Value
Domain Name 	ATLAS-DIGITAL.NET
Registry Domain ID 	2482018246_DOMAIN_NET-VRSN
Registrar WHOIS Server 	whois.namecheap.com
Registrar URL 	http://www.namecheap.com
Updated Date 	2020-01-19T05:45:37Z
Creation Date 	2020-01-19T05:45:27Z
Registry Expiry Date 	2021-01-19T05:45:27Z
Registrar 	NameCheap, Inc.
Registrar IANA ID 	1068
Registrar Abuse Contact Email 	abuse@namecheap.com
Registrar Abuse Contact Phone 	+1.6613102107
Domain Status 	clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server 	DNS1.NAMECHEAPHOSTING.COM
Name Server 	DNS2.NAMECHEAPHOSTING.COM
DNSSEC 	unsigned
URL of the ICANN Whois Inaccuracy Complaint Form 	https://www.icann.org/wicf/
Last update of whois database 	2020-06-10T02:20:35Z

[might be able to get the hosting sus'd.]

OSINT for Network Infrastructure:
https://dnsdumpster.com/static/graph/atlas-digital.net-202006100221.html

Nameserver 	Location 	ISP
dns1.namecheaphosting.com. 	IPv4: US
IPv6: US 	AS397213 397218 397231 397232 397235 397238 -
AS397213 - ULTRADNS, US
dns2.namecheaphosting.com. 	IPv4: US
IPv6: US 	AS397215 397219 397220 397224 397231 397233 397238 -
AS397220 - ULTRADNS, US 
Nameserver 	IP address(es) 	Response time
dns1.namecheaphosting.com. 	156.154.132.200
2610:a1:1024::200 	14ms
4ms
dns2.namecheaphosting.com. 	156.154.133.200
2610:a1:1025::200 	13ms
12ms 

cached: 
https://webcache.googleusercontent.com/search?q=cache:SRgidhpN4fQJ:https://atlas-digital.net/

===================================================================================