Today I will guide through this interesting and simple room which will focus on gathering intelligence from a website:
Task 2
Answers will be found if we go to a Linux machine and use the “whois” command as follows:
whois RepublicOfKoffee.com
Domain Name: REPUBLICOFKOFFEE.COM
Registry Domain ID: 2582024072_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-01-11T04:28:54Z
Creation Date: 2021-01-01T17:33:07Z
Registry Expiry Date: 2024-01-01T17:33:07Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS1.BRAINYDNS.COM
Name Server: NS2.BRAINYDNS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-07-26T12:09:07Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: republicofkoffee.com
Registry Domain ID: 2582024072_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-01-11T04:28:54.15Z
Creation Date: 2021-01-01T17:33:07.00Z
Registrar Registration Expiration Date: 2024-01-01T17:33:07.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 744b407022364a2f8212bb43b0f7edf8.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 744b407022364a2f8212bb43b0f7edf8.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 744b407022364a2f8212bb43b0f7edf8.protect@withheldforprivacy.com
Name Server: ns1.brainydns.com
Name Server: ns2.brainydns.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-07-25T15:49:11.35Z <<<
For more information on Whois status codes, please visit https://icann.org/eppWhat is the name of the company the domain was registered with?
Namecheap Inc
What phone number is listed for the registration company? (do not include country code or special characters/spaces)
6613102107
What is the first nameserver listed for the site?
ns1.brainydns.com
What is listed for the name of the registrant?
redacted for privacy
What country is listed for the registrant?
Panama
Please note that the room should be updated as the registrant country is now Iceland, not Panama.
Task 3
What is the first name of the blog’s author?
We will go to the wayback machine: https://web.archive.org/web/20230000000000*/RepublicOfKoffee.com
This one took longer than expected. The key is that we will not find the information in the about nor contact pages of the website.
The room does not give a hint on which year we should have a look into.
I recommend going through the site map and check for posts published. On the year 2016, we can observe links such as http://www.republicofkoffee.com/index.php/2015/06/22/cafe-alamo-jeju-island/
If we are careful enough, we can see the name of the author: Steve
What city and country was the author writing from?
Another tricky one as we need analyze what he speaks about in the blog.
In this article, he says “On occasion I find myself having meetings in the Mudeungsan national park area of Gwangju.”. Therefore, searching this city online will tell us it is in South Korea, so the answer is Gwangju, South Korea
[Research] What is the name (in English) of the temple inside the National Park the author frequently visits?
Answer is in the text from previous quote. Just search online ¨temple Mudeungsan” and should give you the answer: Jeungsimsa Temple
Task 4
What was RepublicOfKoffee.com’s IP address as of October 2016?
Going to viewdns.info, use the tool called “IP History” and paste the domain.
Scrolling down, we will find the desired entry:
173.248.188.152 United States MDDHosting LLC 2016–10–03
Thus, the answer is 173.248.188.152
Based on the other domains hosted on the same IP address, what kind of hosting service can we safely assume our target uses?
Use the tool of Reverse IP Lookup in the previous site. We will see many domains associated with the IP. Therefore the answer is shared
How many times has the IP address changed in the history of the domain?
Another out of date answer, since it keeps changing (again, use IP history tol). Count how many there before Feb 2022. Answer is 4
Task 5
Use the tools listed above to solve it.
What is the second nameserver listed for the domain?
Use whois. Answer: NS2.HEAT.NET
What IP address was the domain listed on as of December 2011?
Use viewdns. Answer: 72.52.192.240
Based on domains that share the same IP, what kind of hosting service is the domain owner using?
Use viewdns. Answer: shared
On what date did was the site first captured by the internet archive? (MM/DD/YY format)
Use archive.org. Answer: 06/01/97
What is the first sentence of the first body paragraph from the final capture of 2001?
Use archive.org. Answer: After years of great online gaming, it’s time to say good-bye.
Using your search engine skills, what was the name of the company that was responsible for the original version of the site?
Google is your friend, answer: SegaSoft
What does the first header on the site on the last capture of 2010 say?
Use again the wayback machine. Answer: Heat.net — Heating and Cooling
Task 6
Go to http://www.heat.net/36/need-to-hire-a-commercial-heating-contractor/
How many internal links are in the text of the article?
Hover over the link to see where it forwards you. You will find 5 internal links.
How many external links are in the text of the article?
There is only 1
Website in the article’s only external link ( that isn’t an ad)
In the 4th point, we will find a link to purchase.org
Try to find the Google Analytics code linked to the site
Get the HTML code through Developer Tools (Google is your friend) and search “analytics”. It should give you the following line:
window.google_analytics_uacct = "UA-251372-24";Answer then is: UA-251372–24
Is the the Google Analytics code in use on another website? Yay or nay
Do a reverse analytics lookup of the code online. I used several and I could not find that code associated with anything. Either way, the answer is Nay
Does the link to this website have any obvious affiliate codes embedded with it? Yay or Nay
Searching for href in the source HTML code will not give anything such affiliate codes. Answer is Nay
Task 7
Use the tools in Task 4 to confirm the link between the two sites. Try hard to figure it out without the hint.
On this one, we need to compare the IP history of both sites. You will notice that it is the same IP address owner for both sites, Liquid Web.
I ended up looking for the solution as the dots were leading me that I am missing an IP, but it was actually L.L.C (silly, right?). The answer is:
Liquid Web, L.L.C
Let me know if you have any questions or suggestions below and see you in the next :)
