The room: “Conducting basic open source intelligence research on a website”
https://tryhackme.com/room/webosint
Task 2 : Whois Registration
The most basic stage of domain research is the whois query. Whois search is performed on the proposed site in the room.
2.1. What is the name of the company the domain was registered with?
NAMECHEAP INC
2.2. What phone number is listed for the registration company? (do not include country code or special characters/spaces)
6613102107
2.3. What is the first nameserver listed for the site?
NS1.BRAINYDNS.COM
2.4. What is listed for the name of the registrant?
redacted for privacy
2.5. What country is listed for the registrant?
Past records are needed due to registrant country change. If we look at ICANN, we see it is Iceland, but this answer is incorrect. We can access old records with whoxy tool.
Panama
Task 3 : Ghosts of Websites Past
3.1. What is the first name of the blog’s author?
We are searching the site at archive.org. In this part, I started to research starting from the oldest dates. The Contact part caught my attention and I was stuck here and I did not come across this page in any of my browsing. Actually, I was able to find the name of the blogger by looking at the posts shared on the main page.
Steve
3.2. What city and country was the author writing from?
Gwangju, South Korea
3.3. [Research] What is the name (in English) of the temple inside the National Park the author frequently visits?
Jeungsimsa Temple
Task 4 : Digging into DNS
We will answer questions using viewdns tool.
4.1. What was RepublicOfKoffee.com’s IP address as of October 2016?
173.248.188.152
4.2. Based on the other domains hosted on the same IP address, what kind of hosting service can we safely assume our target uses?
shared
4.3. How many times has the IP address changed in the history of the domain?
Too many IP changes are seen in the Viewdns tool. Room is not new and may not have been updated, so I answered this question by taking the previous answers as an example.
4
Task 5 : Taking Off The Training Wheels
5.1. What is the second nameserver listed for the domain?
ns record is not accepted because the lab is not up to date. Old results are used.
NS2.HEAT.NET
5.2. What IP address was the domain listed on as of December 2011?
72.52.192.240
5.3. Based on domains that share the same IP, what kind of hosting service is the domain owner using?
shared
5.4. On what date did was the site first captured by the internet archive? (MM/DD/YY format)
06/01/97
5.5. What is the first sentence of the first body paragraph from the final capture of 2001?
After years of great online gaming, it’s time to say good-bye.
5.6. Using your search engine skills, what was the name of the company that was responsible for the original version of the site?
SegaSoft
5.7. What does the first header on the site on the last capture of 2010 say?
Heat.net – Heating and Cooling
Task 6 : Taking A Peek Under The Hood Of A Website
6.1. How many internal links are in the text of the article?
5
6.2. How many external links are in the text of the article?
1
6.3. Website in the article’s only external link ( that isn’t an ad)
Purchase.org
6.4. Try to find the Google Analytics code linked to the site
UA-251372-24
6.5. Is the the Google Analytics code in use on another website? Yay or nay
Nay
6.6. Does the link to this website have any obvious affiliate codes embedded with it? Yay or Nay
Nay
Task 7 : Final Exam: Connect the Dots
7.1. Use the tools in Task 4 to confirm the link between the two sites. Try hard to figure it out without the hint.
Liquid Web, L.L.C