******************************************************************************************************* ****************************************** Informations ****************************************** ******************************************************************************************************* This dox is for : cooltra.com Dox made by Scrap#3264 ******************************************************************************************************* ****************************************** Nmap informations ****************************************** ******************************************************************************************************* ┌──(root㉿kali)-[/home/kali] └─# nmap ******* -Pn -O Starting Nmap 7.92 ( https://nmap.org ) at 2022-11-19 13:21 UTC Nmap scan report for ******* (13.32.145.88) Host is up (0.043s latency). Other addresses for ******* (not scanned): 13.32.145.83 13.32.145.15 13.32.145.18 rDNS record for 13.32.145.88: server-13-32-145-88.cdg50.r.cloudfront.net Not shown: 997 filtered tcp ports (no-response), 1 filtered tcp ports (port-unreach) PORT STATE SERVICE 80/tcp open http 443/tcp open https Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): FreeBSD 11.X|12.X (88%) OS CPE: cpe:/o:freebsd:freebsd:11.0 cpe:/o:freebsd:freebsd:12.0 Aggressive OS guesses: FreeBSD 11.0-RELEASE (88%), FreeBSD 11.0-STABLE (88%), FreeBSD 11.1-RELEASE (88%), FreeBSD 11.1-STABLE (88%), FreeBSD 12.0-RELEASE (86%) No exact OS matches for host (test conditions non-ideal). OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 10.25 seconds ******************************************************************************************************* ──(root㉿kali)-[/home/kali] └─# nmap -v -A ******* Starting Nmap 7.92 ( https://nmap.org ) at 2022-11-19 13:21 UTC NSE: Loaded 155 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 13:21 Completed NSE at 13:21, 0.00s elapsed Initiating NSE at 13:21 Completed NSE at 13:21, 0.00s elapsed Initiating NSE at 13:21 Completed NSE at 13:21, 0.00s elapsed Initiating Ping Scan at 13:21 Scanning ******* (13.32.145.18) [4 ports] Completed Ping Scan at 13:21, 0.06s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 13:21 Completed Parallel DNS resolution of 1 host. at 13:21, 0.04s elapsed Initiating SYN Stealth Scan at 13:21 Scanning ******* (13.32.145.18) [1000 ports] Discovered open port 80/tcp on 13.32.145.18 Discovered open port 443/tcp on 13.32.145.18 Completed SYN Stealth Scan at 13:21, 4.77s elapsed (1000 total ports) Initiating Service scan at 13:21 Scanning 2 services on ******* (13.32.145.18) Completed Service scan at 13:21, 12.43s elapsed (2 services on 1 host) Initiating OS detection (try #1) against ******* (13.32.145.18) Retrying OS detection (try #2) against ******* (13.32.145.18) Initiating Traceroute at 13:22 Completed Traceroute at 13:22, 3.14s elapsed Initiating Parallel DNS resolution of 17 hosts. at 13:22 Completed Parallel DNS resolution of 17 hosts. at 13:22, 0.19s elapsed NSE: Script scanning 13.32.145.18. Initiating NSE at 13:22 Completed NSE at 13:22, 5.27s elapsed Initiating NSE at 13:22 Completed NSE at 13:22, 2.63s elapsed Initiating NSE at 13:22 Completed NSE at 13:22, 0.00s elapsed Nmap scan report for ******* (13.32.145.18) Host is up (0.040s latency). Other addresses for ******* (not scanned): 13.32.145.15 13.32.145.83 13.32.145.88 rDNS record for 13.32.145.18: server-13-32-145-18.cdg50.r.cloudfront.net Not shown: 997 filtered tcp ports (no-response), 1 filtered tcp ports (port-unreach) PORT STATE SERVICE VERSION 80/tcp open http Amazon CloudFront httpd |_http-title: Did not follow redirect to https://*******/ | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: CloudFront 443/tcp open ssl/http Amazon CloudFront httpd |_http-title: 403 Forbidden | ssl-cert: Subject: commonName=*.******* | Subject Alternative Name: DNS:*.*******, DNS:******* | Issuer: commonName=Sectigo RSA Domain Validation Secure Server CA/organizationName=Sectigo Limited/stateOrProvinceName=Greater Manchester/countryName=GB | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2022-05-30T00:00:00 | Not valid after: 2023-06-29T23:59:59 | MD5: cd6b 78f0 fc07 4ff2 b430 845c cc7e 90e2 |_SHA-1: cebd 36a0 7102 de00 148a ada0 221b 2865 9bd0 f30d | http-server-header: | Apache |_ CloudFront Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): FreeBSD 11.X|12.X (88%) OS CPE: cpe:/o:freebsd:freebsd:11.0 cpe:/o:freebsd:freebsd:12.0 Aggressive OS guesses: FreeBSD 11.0-RELEASE (88%), FreeBSD 11.0-STABLE (88%), FreeBSD 11.1-RELEASE (88%), FreeBSD 11.1-STABLE (88%), FreeBSD 12.0-RELEASE (86%) No exact OS matches for host (test conditions non-ideal). Uptime guess: 0.000 days (since Sat Nov 19 13:22:00 2022) Network Distance: 24 hops TCP Sequence Prediction: Difficulty=261 (Good luck!) IP ID Sequence Generation: All zeros TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 5.85 ms box (192.168.1.1) 2 42.54 ms 193.69.16.109.rev.sfr.net (109.16.69.193) 3 42.91 ms 145.84.0.109.rev.sfr.net (109.0.84.145) 4 34.83 ms 253.75.0.109.rev.sfr.net (109.0.75.253) 5 31.09 ms 209.45.66.86.rev.sfr.net (86.66.45.209) 6 42.57 ms 125.87.66.86.rev.sfr.net (86.66.87.125) 7 34.92 ms 222.110.0.109.rev.sfr.net (109.0.110.222) 8 41.93 ms 101.223.65.86.rev.sfr.net (86.65.223.101) 9 38.82 ms 213.4.118.80.rev.sfr.net (80.118.4.213) 10 110.58 ms v3777.cbv3-co-2.gaoland.net (84.96.251.222) 11 106.21 ms 57.146.6.194.rev.sfr.net (194.6.146.57) 12 86.03 ms 57.146.6.194.rev.sfr.net (194.6.146.57) 13 83.90 ms 99.83.65.104 14 83.43 ms 52.46.95.124 15 83.85 ms 52.93.16.47 16 74.68 ms 52.46.93.211 17 74.12 ms 52.95.60.108 18 74.27 ms 52.46.95.161 19 ... 23 24 43.21 ms server-13-32-145-18.cdg50.r.cloudfront.net (13.32.145.18) NSE: Script Post-scanning. Initiating NSE at 13:22 Completed NSE at 13:22, 0.00s elapsed Initiating NSE at 13:22 Completed NSE at 13:22, 0.00s elapsed Initiating NSE at 13:22 Completed NSE at 13:22, 0.00s elapsed Read data files from: /usr/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 34.55 seconds Raw packets sent: 2116 (97.316KB) | Rcvd: 50 (3.248KB) ****************************************************************************************************** ***************************************** Whois informations ***************************************** ****************************************************************************************************** ┌──(root㉿kali)-[/home/kali] └─# whois ******* Domain Name: ******* Registry Domain ID: 183521653_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.ionos.com Registrar URL: http://www.ionos.com Updated Date: 2022-07-16T07:09:51Z Creation Date: 2005-07-15T09:05:04Z Registry Expiry Date: 2023-07-15T09:05:04Z Registrar: IONOS SE Registrar IANA ID: 83 Registrar Abuse Contact Email: abuse@ionos.com Registrar Abuse Contact Phone: +1.6105601459 Domain Status: ok https://icann.org/epp#ok Name Server: NS-13.AWSDNS-01.COM Name Server: NS-1370.AWSDNS-43.ORG Name Server: NS-1777.AWSDNS-30.CO.UK Name Server: NS-981.AWSDNS-58.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2022-11-19T13:38:57Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ******* Registry Domain ID: 183521653_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.ionos.com Registrar URL: http://ionos.com Updated Date: 2018-05-29T07:23:52.000Z Creation Date: 2005-07-15T09:05:04.000Z Registrar Registration Expiration Date: 2023-07-15T09:05:04.000Z Registrar: IONOS SE Registrar IANA ID: 83 Registrar Abuse Contact Email: abuse@ionos.com Registrar Abuse Contact Phone: +1.8774612631 Reseller: Domain Status: ok https://www.icann.org/epp#ok Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: *******os S.L. Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: B Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: ES Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: dataprivacyprotected@ionos.de Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: dataprivacyprotected@ionos.de Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: dataprivacyprotected@ionos.de Nameserver: ns-13.awsdns-01.com Nameserver: ns-981.awsdns-58.net Nameserver: ns-1777.awsdns-30.co.uk Nameserver: ns-1370.awsdns-43.org DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ ******************************************************************************************************* ****************************************** Ping informations ****************************************** ******************************************************************************************************* ──(root㉿kali)-[/home/kali] └─# ping ******* PING ******* (52.84.174.106) 56(84) bytes of data. 64 bytes from server-52-84-174-106.cdg50.r.cloudfront.net (52.84.174.106): icmp_seq=1 ttl=246 time=40.6 ms 64 bytes from server-52-84-174-106.cdg50.r.cloudfront.net (52.84.174.106): icmp_seq=2 ttl=246 time=41.5 ms 64 bytes from server-52-84-174-106.cdg50.r.cloudfront.net (52.84.174.106): icmp_seq=3 ttl=246 time=41.3 ms 64 bytes from server-52-84-174-106.cdg50.r.cloudfront.net (52.84.174.106): icmp_seq=4 ttl=246 time=40.0 ms 64 bytes from server-52-84-174-106.cdg50.r.cloudfront.net (52.84.174.106): icmp_seq=5 ttl=246 time=53.8 ms ^C --- ******* ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 39.985/43.441/53.764/5.189 ms ******************************************************************************************************* **************************************** Nslookup informations **************************************** ******************************************************************************************************* ┌──(root㉿kali)-[/home/kali] └─# nslookup ******* Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: ******* Address: 52.84.174.113 Name: ******* Address: 52.84.174.61 Name: ******* Address: 52.84.174.104 Name: ******* Address: 52.84.174.106 ******************************************************************************************************* *************************************** Traceroute informations *************************************** ******************************************************************************************************* ┌──(root㉿kali)-[/home/kali] └─# traceroute ******* traceroute to ******* (52.84.174.104), 30 hops max, 60 byte packets 1 box (192.168.1.1) 1.728 ms 6.524 ms 6.482 ms 2 193.69.16.109.rev.sfr.net (109.16.69.193) 27.849 ms 28.718 ms 31.000 ms 3 145.84.0.109.rev.sfr.net (109.0.84.145) 32.885 ms 33.577 ms 35.707 ms 4 253.75.0.109.rev.sfr.net (109.0.75.253) 36.541 ms 36.893 ms 38.451 ms 5 209.45.66.86.rev.sfr.net (86.66.45.209) 42.978 ms 42.659 ms 42.604 ms 6 125.87.66.86.rev.sfr.net (86.66.87.125) 42.840 ms 41.505 ms 42.764 ms 7 222.110.0.109.rev.sfr.net (109.0.110.222) 47.073 ms 28.341 ms 29.759 ms 8 101.223.65.86.rev.sfr.net (86.65.223.101) 31.930 ms 30.000 ms 31.236 ms 9 205.4.118.80.rev.sfr.net (80.118.4.205) 34.266 ms 37.120.20.93.rev.sfr.net (93.20.120.37) 31.679 ms 32.685 ms 10 202.4.118.80.rev.sfr.net (80.118.4.202) 36.382 ms v3777.cbv3-co-2.gaoland.net (84.96.251.222) 38.229 ms 202.4.118.80.rev.sfr.net (80.118.4.202) 51.855 ms 11 57.146.6.194.rev.sfr.net (194.6.146.57) 51.818 ms 52.157 ms 51.768 ms 12 57.146.6.194.rev.sfr.net (194.6.146.57) 52.295 ms 42.765 ms 43.116 ms 13 99.83.65.104 (99.83.65.104) 42.058 ms 39.787 ms 40.649 ms 14 52.46.95.92 (52.46.95.92) 42.121 ms 52.46.95.132 (52.46.95.132) 40.448 ms 52.46.95.92 (52.46.95.92) 45.569 ms 15 52.93.16.111 (52.93.16.111) 43.908 ms 52.93.16.67 (52.93.16.67) 38.926 ms 39.357 ms 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 52.46.95.240 (52.46.95.240) 47.667 ms 38.616 ms 39.749 ms 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * *