A new group ??

Discussion in 'Freedom and Liberty' started by Kingfish, Aug 24, 2016.


  1. ghrit

    ghrit Bad company Administrator Founding Member

    I couldn't find any substantiation of that "so called government" operation. Yes the "city" is there, and yes there was an ATF undercover in the group back in the days of infamy. Appears the rest is all rumor at best, with no known connection to neo-nazis tho' they are or were white supremicists, way out to the right on the political spectrum.
     
  2. Kingfish

    Kingfish Self Reliant

    I found it on Facebook and was kind of surprised. I know some of you guys are good at digging. better than me. so far interesting results. so who owns the website???
     
    Motomom34 likes this.
  3. Kingfish

    Kingfish Self Reliant

     
  4. Kingfish

    Kingfish Self Reliant

    silentmajoritypatriots.com

    Is this your domain name? Renew it now.


    Domain Name: SILENTMAJORITYPATRIOTS.COM
    Registry Domain ID: 2045473536_DOMAIN_COM-VRSN
    Registrar WHOIS Server: whois.enom.com
    Registrar URL: www.enom.com
    Updated Date: 2016-07-22T14:15:31.00Z
    Creation Date: 2016-07-22T21:15:00.00Z
    Registrar Registration Expiration Date: 2017-07-22T21:15:00.00Z
    Registrar: ENOM, INC.
    Registrar IANA ID: 48
    Reseller: NAMECHEAP.COM
    Domain Status: clientTransferProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
    Registry Registrant ID:
    Registrant Name: WHOISGUARD PROTECTED
    Registrant Organization: WHOISGUARD, INC.
    Registrant Street: P.O. BOX 0823-03411
    Registrant City: PANAMA
    Registrant State/Province: PANAMA
    Registrant Postal Code: 00000
    Registrant Country: PA
    Registrant Phone: +507.8365503
    Registrant Phone Ext:
    Registrant Fax: +51.17057182
    Registrant Fax Ext:
    Registrant Email: 51776F7ECE634380A99DD0A4C776AE95.PROTECT@WHOISGUARD.COM
    Registry Admin ID:
    Admin Name: WHOISGUARD PROTECTED
    Admin Organization: WHOISGUARD, INC.
    Admin Street: P.O. BOX 0823-03411
    Admin City: PANAMA
    Admin State/Province: PANAMA
    Admin Postal Code: 00000
    Admin Country: PA
    Admin Phone: +507.8365503
    Admin Phone Ext:
    Admin Fax: +51.17057182
    Admin Fax Ext:
    Admin Email: 51776F7ECE634380A99DD0A4C776AE95.PROTECT@WHOISGUARD.COM
    Registry Tech ID:
    Tech Name: WHOISGUARD PROTECTED
    Tech Organization: WHOISGUARD, INC.
    Tech Street: P.O. BOX 0823-03411
    Tech City: PANAMA
    Tech State/Province: PANAMA
    Tech Postal Code: 00000
    Tech Country: PA
    Tech Phone: +507.8365503
    Tech Phone Ext:
    Tech Fax: +51.17057182
    Tech Fax Ext:
    Tech Email: 51776F7ECE634380A99DD0A4C776AE95.PROTECT@WHOISGUARD.COM
    Name Server: DAVE.NS.CLOUDFLARE.COM
    Name Server: KARA.NS.CLOUDFLARE.COM
    DNSSEC: unSigned
    Registrar Abuse Contact Email: abuse@enom.com
    Registrar Abuse Contact Phone: +1.4252982646
    URL of the ICANN WHOIS Data Problem Reporting System: Whois Inaccuracy Complaint Form | ICANN
    >>> Last update of WHOIS database: 2016-07-22T14:15:31.00Z <<<

    For more information on Whois status codes, please visit EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN


    The data in this whois database is provided to you for information
    purposes only, that is, to assist you in obtaining information about or
    related to a domain name registration record. We make this information
    available "as is," and do not guarantee its accuracy. By submitting a
    whois query, you agree that you will use this data only for lawful
    purposes and that, under no circumstances will you use this data to: (1)
    enable high volume, automated, electronic processes that stress or load
    this whois database system providing you this information; or (2) allow,
    enable, or otherwise support the transmission of mass unsolicited,
    commercial advertising or solicitations via direct mail, electronic
    mail, or by telephone. The compilation, repackaging, dissemination or
    other use of this data is expressly prohibited without prior written
    consent from us.

    We reserve the right to modify these terms at any time. By submitting
    this query, you agree to abide by these terms.
    Version 6.3 4/3/2002

    The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.

    Show underlying registry data for this record

    Make an instant, anonymous offer to the current domain registrant. Learn More

    [​IMG]

    Search Again

    Search by either

    Domain Name e.g. networksolutions.com
    IP Address e.g. 205.178.187.13
    [​IMG]
     
    GOG likes this.
  5. Kingfish

    Kingfish Self Reliant

    I looked at a domain search and got that. I dont really know what it means but there are telephone numbers etc.
     
  6. ghrit

    ghrit Bad company Administrator Founding Member

    It means that the domain is for sale, nothing more, nothing less. The owner evidently likes dead fish.
     
  7. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    Actually it doesn't mean the name is for sale, it means that the registrar used to do the whois is willing to help you "make an offer" that is unsolicited but might still be accepted. The name was registered, as some one else mentioned earlier, on July 22, 2016 and expires on July 22, 2017.

    Creation Date: 2016-07-22T21:15:00.00Z
    Registrar Registration Expiration Date: 2017-07-22T21:15:00.00Z

    Only a single year registration through a cheap domain name registrar (which in and of itself isn't a bad thing, but moving it later may be tough).

    All of the rest indicates that the domain name owner is "private" and all contact goes through the protection company.

    Registrant Name: WHOISGUARD PROTECTED
    Registrant Organization: WHOISGUARD, INC.
    Registrant Street: P.O. BOX 0823-03411
    Registrant City: PANAMA
    Registrant State/Province: PANAMA
    Registrant Postal Code: 00000
    Registrant Country: PA
    Registrant Phone: +507.8365503
    Registrant Phone Ext:
    Registrant Fax: +51.17057182
    Registrant Fax Ext:
    Registrant Email: 51776F7ECE634380A99DD0A4C776AE95.PROTECT@WHOISGUARD.COM
    Registry Admin ID:

    The phone numbers above are to the WHOISGUARD, INC offices, not the owner. The email is an alias that receives and then sends a new email with your contents to the actual owner. That way, if the domain owner is smart enough to click protect but potentially dumb enough to just reply to your email, they don't necessarily out themselves (you can still eff this up though).

    The WHOISGUARD (privacy) company is based in Panama and technically outside of the jurisdiction of the US, but if push comes to shove (and we wouldn't have to push or shove very hard) they will cave and give the US government whatever they ask for. It's like the TSA in that regard, OPSEC Theater.

    Next is DNS. The servers that resolve the name to an IP are part of cloudflare which is designed to, among other things, prevent Denial Of Service attacks on their customers.

    Name Server: DAVE.NS.CLOUDFLARE.COM
    Name Server: KARA.NS.CLOUDFLARE.COM

    They can still be queried, and that comes up with two IP addresses, which is typical of a site expecting to be beaten up:
    104.27.160.112
    104.27.161.112

    Both of these IP addresses belong to Cloudflare (again, part of their deal). So, what is cloudflare (I mentioned DDoS above)? They are a website experience optimization provider that leverages a distributed content deliver network (they cache all or part of your site on their servers) that acts as a partial proxy for your website. They will pass through things like logins, etc, but graphics and static content don't get pulled from your server, they get pulled from their cache, so the website owner saves money on bandwidth...potentially.

    At this point, short of digging further than I have the time to do, we can't get much more about where the site is located or who owns it. A couple of hours performing network packet traces and we could probably find out where it's actually hosted (I don't believe that cloudflare does hosting but I could be mistaken). Once you have that, it may or may not be easy to socially engineer your way into the system and find out who is who and what is what.

    If it's hosted anywhere between the Mason-Dixon line and New York, my money is on it being a .gov honeypot. I've seen it a number of times, in person, and know for a fact that they think it's hidden well enough and use the same 3 or 4 hosting providers and one that's actually owned by the .gov (through 3 or 4 cutouts, don't remember).

    The reason for the output that @techsar posted being so, well, awful, is most likely part of the deal with cloudflare. I can't imagine why they would deliberately screw up the DNS record serial number but I've seen dumber things done in the name of "security" than I care to try and count.

    Lastly you asked about TLS. TLS stands for "Transport Layer Security" and is the non-repudiation flip side of the SSL coin. SSL encrypts your data (won't go into it here and now) and TLS uses SSL Public Private Key Cryptography to do two things:
    1) Provide a mechanism to prove that the data has not been tampered with in transit, and;
    2) Provide a mechanism to prove who sent the data in the first place.

    TLS is used by DNS servers to negotiate a transfer of data. Not moving the ownership of the record, for example, but making a local copy of the entire file. A DNS file can be quite large in comparison to what gets returned to you by asking "what's the IP address of www.survivalmonkey.com". The result of that question is actually contained (most likely) in just a single line that looks like this:

    www IN A 206.123.114.178

    The rest of the file includes other identifiers, a serial number that is incremented (or should be) every time there is a change to the file, something called a start of authority, other aliases (mail, ftp, chat, whatever). In order to prevent a random and unauthorized entity requesting a transfer by spoofing the name and IP address of a valid peer, TLS is used as an additional method of verification of the identity of the requester.

    The output from @techsar's post shows poor security around the DNS file for the domain name but again, that could be for any of a number of reasons.

    Hope that helped and wasn't too long winded.
     
    Ganado, Motomom34, Kingfish and 3 others like this.
  8. ghrit

    ghrit Bad company Administrator Founding Member

    :lol: Didn't say you wouldn't have to bid for it ---
     
  9. GOG

    GOG Free American Monkey

    Thanks @DarkLight. I understood most of what you said. (y)
     
  10. sec_monkey

    sec_monkey SM Security Administrator

    [ditto] 99% of what DL said [winkthumb] :D

    [applaud]
     
    Ganado and Brokor like this.
  11. Legion489

    Legion489 Rev. 2:19 Banned

    Well of course they were not Nazis, neo or otherwise, wrapping yourself in a Nazi flag and having your picture taken would have nothing to do with Nazis, that seems pretty obvious.
     
  12. Kingfish

    Kingfish Self Reliant

    Interesting stuff there and thank you Darklight for the explanation. So who ever built the site has it protected to some degree from anyone finding out who owns it. I would think Government would be much higher tech. I have an Idea on who built it and why. W e shall see.
     
  13. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    While I see your point, unless you are the one who put this up and you are playing coy, don't give too much credit to the .gov and/or their shills. Just because they can do something at a higher level of tech doesn't mean they always will. For every slick, well done, professionally designed, high-tech honeypot there are dozens of "mom and pop" type sites that basically purport or do the same thing. It needs to run the gamut if they want the net to get as many people as possible.

    It used to be you could tell a police sting by the clothes the dealer was wearing. They were just too right. Watch it long enough and it became obvious. If you needed a hit you didn't look too close and you got nabbed. Same thing with sites like this.

    I've also worked with (no, no letters, I'm not under a gag order) the FBI and I know what kind of time and money they have to devote to things like this. You'd be surprised how little they have of both when it gets stretched as thin as it is.

    @Kingfish - no, I'm not calling you out, was just making a point.
     
    Ganado, Brokor and Motomom34 like this.
  14. Kingfish

    Kingfish Self Reliant

    Not mine :) I just knew there were several guys here who know this stuff. It was on facebook. I shared it here and asked questions. I am or was part of a very large group who could claim those same numbers and more. United States Militia. My opinion? this page appears overnight and claims to have 100,000 members across the south. Only one real group I know of with those numbers. United States Militias. Every year it seems we get another group. 3% ers, Oathkeepers, Minutemen , etc. etc. etc.

    And it may be a Government site to suck people in? Im not joining. :)
     
  15. Ura-Ki

    Ura-Ki Grampa Monkey

    Yea, this got my Radar spun up! Why would any group that claims what this does be so blatant about the "mission" Just smells rotten. Same thing with the Oath Keepers when they came calling, didn't sit right with me, didn't agree with the policies or the leadership! Don't really know if they are legit, but I have better things to do then getting involved with a "fringe" group that paints a great big red circle on it's back!
     
    Ganado, BTPost and Yard Dart like this.
  16. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    [​IMG]
     
    Ganado and Ura-Ki like this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7