__ __ / /_____ / /__________ _____ / //_/ _ \/ //_/ ___/ _ \/ ___/ / ,< / __/ ,< (__ ) __/ /__ /_/|_|\___/_/|_/____/\___/\___/ Prepare for immediate disintegration! -- THE GOOD STUFF -- Name: Stephen Dranger Address: 425 Laurel Ln Valparaiso, IN 46385-6076 Phone: +1-219-464-8146 -- HISTORY -- Currently working at GPShopper as a Systems Administrator/Developer (sorry for your code, gpshopper) Appears to have used to make music as part of a band called Silhavey, no idea if he still does that. -- ACCOUNTS -- Email: dranger@gmail.com Facebook: https://www.facebook.com/stephen.dranger LinkedIn: https://www.linkedin.com/pub/stephen-dranger/13/92a/a4a MSPAForums: http://www.mspaforums.com/member.php?56400-illuminatedwax hitRECord: http://www.hitrecord.org/users/illuminatedwax Github: https://github.com/illuminatedwax/ Reddit: https://www.reddit.com/user/illuminatedwax Wikipedo: http://en.wikipedia.org/wiki/User:Illuminatedwax Twitter: https://twitter.com/illuminatedwax Slashdot: http://slashdot.org/~illuminatedwax Tumblr: http://ghostdunk.tumblr.com/ Tumblr: http://illuminatedwax.tumblr.com/ Steam: http://steamcommunity.com/profiles/76561198019327080 -- COMPUTER SHIT -- - HOME IP - IP: 23-25-12-225-static.hfc.comcastbusiness.net Network: AS7922 Comcast Cable Communications, Inc. Router appears to be "PepLink". Shodan: https://www.shodan.io/host/23.25.12.225 Nmap scan report for 23-25-12-225-static.hfc.comcastbusiness.net (23.25.12.225) Host is up (0.22s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.8 (protocol 2.0) | ssh-hostkey: |_ 1024 2d:45:19:83:c2:83:5f:d3:31:4b:5a:d2:50:3d:ee:ff (DSA) 443/tcp open http nginx 1.0.15 |_http-methods: No Allow or Public header in OPTIONS response (status code 400) |_http-title: Web Admin | Welcome | ssl-cert: Subject: commonName=captive-portal.peplink.com/organizationName=captive-portal.peplink.com | Issuer: commonName=Go Daddy Secure Certification Authority/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Not valid before: 2011-03-22T09:07:47+00:00 | Not valid after: 2016-03-22T09:07:47+00:00 | MD5: e932 dca7 7071 171f b35c 7794 47f1 403c |_SHA-1: eab4 a196 5304 2cc6 d8b5 a258 8a58 ba12 6742 0cc8 Most likely running Linux 2.6 Uptime guess: 60.412 days (since Thu Apr 2 18:20:14 2015) - IRC SERVER - DNS dumpster: https://dnsdumpster.com/static/map/mindfang.org.png Name Servers: a.dns.gandi.net (173.246.98.1) b.dns.gandi.net (213.167.229.1) c.dns.gandi.net (217.70.179.1) Shodan: https://www.shodan.io/host/173.246.102.88 Nmap scan report for irc.mindfang.org (173.246.102.88) Host is up (0.19s latency). Other addresses for irc.mindfang.org (not scanned): 173.246.101.210 173.246.101.88 rDNS record for 173.246.102.88: irc2.mindfang.org Not shown: 616 filtered ports, 381 closed ports PORT STATE SERVICE VERSION 80/tcp open http lighttpd 1.4.28 |_http-title: Index of / 6667/tcp open irc Unreal ircd |_irc-info: ERROR: Closing Link: htjifmdlk[130.180.201.117] (You are not authorized to connect to this server) 8888/tcp open irc Unreal ircd |_irc-info: Unable to open connection Device type: firewall|general purpose|storage-misc|broadband router Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.18 c OS details: Linux 2.6.18 Uptime guess: 21.306 days (since Mon May 11 21:09:41 2015) Service Info: Host: irc5.mindfang.org - UPDATE SERVER - Name Servers ns14.zoneedit.com (23.27.48.61) ns16.zoneedit.com (104.236.6.173) DNS dumpster: https://dnsdumpster.com/static/map/distantsphere.com.png Shodan: https://www.shodan.io/host/192.80.146.196 Nmap scan report for distantsphere.com (192.80.146.196) Host is up (0.23s latency). Not shown: 992 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.5p1 Debian 6+squeeze5 (protocol 2.0) |_auth-owners: root | ssh-hostkey: | 1024 8d:79:a1:a5:98:fc:50:04:17:68:e9:c2:38:eb:04:11 (DSA) |_ 2048 7f:9e:9c:ac:cd:56:57:c8:d8:5a:d0:ad:8f:ae:39:57 (RSA) 53/tcp open domain ISC BIND 9.7.3 |_auth-owners: bind | dns-nsid: |_ bind.version: 9.7.3 80/tcp open http lighttpd 1.4.28 |_auth-owners: www-data |_http-methods: OPTIONS GET HEAD POST |_http-title: Distantsphere 113/tcp open ident? |_auth-owners: oident 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 443/tcp open ssl/http lighttpd 1.4.28 |_auth-owners: www-data |_http-methods: OPTIONS GET HEAD POST |_http-title: Distantsphere | ssl-cert: Subject: commonName=bnc.distantsphere.com/countryName=US | Issuer: commonName=StartCom Class 1 Primary Intermediate Server CA/organizationName=StartCom Ltd./countryName=IL | Public Key type: rsa | Public Key bits: 4096 | Not valid before: 2014-04-23T11:25:19+00:00 | Not valid after: 2015-04-25T00:13:59+00:00 | MD5: 2157 a8e9 1db4 c0d8 9e37 2b7c ca1f d100 |_SHA-1: a702 d409 dbd4 0473 79b0 d6a1 7b53 afc6 fb2b 7099 |_ssl-date: 2015-06-02T09:34:38+00:00; 0s from local time. 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 8888/tcp open ssl/http uTorrent WebUI |_auth-owners: btsync |_http-generator: ERROR: Script execution failed (use -d to debug) |_http-methods: No Allow or Public header in OPTIONS response (status code 400) |_http-title: Did not follow redirect to https://distantsphere.com | ssl-cert: Subject: commonName=localhost/organizationName=BitTorrent Sync | Issuer: commonName=localhost/organizationName=BitTorrent Sync | Public Key type: rsa | Public Key bits: 2048 | Not valid before: 2014-09-26T07:16:44+00:00 | Not valid after: 2024-09-25T07:16:44+00:00 | MD5: 4998 6e66 47f6 b558 8b61 68fc 3e69 c4a5 |_SHA-1: 00b3 a10c a1c1 4f58 9126 7238 5747 bbc1 6a77 307c |_ssl-date: 1995-10-02T17:05:31+00:00; -19y242d16h29m04s from local time. Aggressive OS guesses: Linux 2.6.32 - 3.1 (95%), Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%) No exact OS matches for host (test conditions non-ideal). Uptime guess: 4.007 days (since Fri May 29 04:25:24 2015) Network Distance: 15 hops TCP Sequence Prediction: Difficulty=262 (Good luck!) IP ID Sequence Generation: All zeros CPE: cpe:/o:linux:linux_kernel Host script results: | nbstat: NetBIOS name: HUBRIS, NetBIOS user: , NetBIOS MAC: (unknown) | Names: | HUBRIS<00> Flags: | HUBRIS<03> Flags: | HUBRIS<20> Flags: | \x01\x02__MSBROWSE__\x02<01> Flags: | WORKGROUP<1d> Flags: | WORKGROUP<1e> Flags: |_ WORKGROUP<00> Flags: | smb-os-discovery: | OS: Unix (Samba 3.5.6) | Computer name: hubris | NetBIOS computer name: | Domain name: | FQDN: hubris |_ System time: 2015-06-02T09:34:34+00:00 | smb-security-mode: | Account that was used for smb scripts: | User-level authentication | SMB Security: Challenge/response passwords supported |_ Message signing disabled (dangerous, but default) |_smbv2-enabled: Server doesn't support SMBv2 protocol Sites that exist but I didn't look into: http://www.silhavey.com/