Anonymous JTSEC #OpAmazonia Full Recon #19

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname www.glesp.org.br ISP Unified Layer
4. Continent North America Flag
5. US
6. Country United States Country Code US
7. Region Utah Local time 08 Sep 2019 13:24 MDT
8. City Provo Postal Code 84606
9. IP Address 162.144.126.169 Latitude 40.234
10. Longitude -111.644
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > www.glesp.org.br
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. www.glesp.org.br canonical name = glesp.org.br.
19. Name: glesp.org.br
20. Address: 162.144.126.169
21. >
22. #######################################################################################################################################
23. domain: glesp.org.br
24. owner: GRANDE LOJA MAÇÔNICA DO ESTADO DE SP
25. ownerid: 62.638.440/0001-26
26. responsible: DPTO INFORMÁTICA DA GLESP
27. country: BR
28. owner-c: GLS191
29. admin-c: GLS191
30. tech-c: GLS191
31. billing-c: GLS191
32. nserver: ns1.glesp.org.br 162.144.126.169
33. nsstat: 20190907 AA
34. nslastaa: 20190907
35. nserver: ns2.glesp.org.br 142.4.3.158
36. nsstat: 20190907 AA
37. nslastaa: 20190907
38. created: 20061109 #3154499
39. changed: 20170930
40. expires: 20191109
41. status: published
42.  
43. nic-hdl-br: GLS191
44. person: Grande Loja Maçônica do Estado de SP
45. e-mail: info@glesp.org.br
46. country: BR
47. created: 20040402
48. changed: 20180306
49. #######################################################################################################################################
50. [+] Target : www.glesp.org.br
51.  
52. [+] IP Address : 162.144.126.169
53.  
54. [+] Headers :
55.  
56. [+] Date : Sun, 08 Sep 2019 19:50:37 GMT
57. [+] Server : Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
58. [+] X-Powered-By : W3 Total Cache/0.9.7.5
59. [+] Link : <https://www.glesp.org.br/index.php?rest_route=/>; rel="https://api.w.org/"
60. [+] Expires : Thu, 19 Nov 1981 08:52:00 GMT
61. [+] Cache-Control : no-store, no-cache, must-revalidate
62. [+] Pragma : no-cache
63. [+] Set-Cookie : qtrans_front_language=pb; expires=Mon, 07-Sep-2020 19:50:39 GMT; Max-Age=31536000; path=/, PHPSESSID=bef54aabbe1e3521b237db525a6fcb10; path=/
64. [+] x-frame-options : SAMEORIGIN
65. [+] Keep-Alive : timeout=5, max=100
66. [+] Connection : Keep-Alive
67. [+] Transfer-Encoding : chunked
68. [+] Content-Type : text/html; charset=UTF-8
69.  
70. [+] SSL Certificate Information :
71.  
72. [+] commonName : glesp.org.br
73. [+] countryName : US
74. [+] stateOrProvinceName : TX
75. [+] localityName : Houston
76. [+] organizationName : cPanel, Inc.
77. [+] commonName : cPanel, Inc. Certification Authority
78. [+] Version : 3
79. [+] Serial Number : EC6195E1F6685DD7FC1FB491EFE847DF
80. [+] Not Before : Sep 1 00:00:00 2019 GMT
81. [+] Not After : Nov 30 23:59:59 2019 GMT
82. [+] OCSP : ('http://ocsp.comodoca.com',)
83. [+] subject Alt Name : (('DNS', 'glesp.org.br'), ('DNS', 'autodiscover.glesp.org.br'), ('DNS', 'cpanel.glesp.org.br'), ('DNS', 'mail.glesp.org.br'), ('DNS', 'webdisk.glesp.org.br'), ('DNS', 'webmail.glesp.org.br'), ('DNS', 'www.glesp.org.br'))
84. [+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
85. [+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
86.  
87. [+] Whois Lookup :
88.  
89. [+] NIR : None
90. [+] ASN Registry : arin
91. [+] ASN : 46606
92. [+] ASN CIDR : 162.144.0.0/16
93. [+] ASN Country Code : US
94. [+] ASN Date : 2013-03-01
95. [+] ASN Description : UNIFIEDLAYER-AS-1 - Unified Layer, US
96. [+] cidr : 162.144.0.0/16
97. [+] name : UNIFIEDLAYER-NETWORK-14
98. [+] handle : NET-162-144-0-0-1
99. [+] range : 162.144.0.0 - 162.144.255.255
100. [+] description : Unified Layer
101. [+] country : US
102. [+] state : UT
103. [+] city : Provo
104. [+] address : 1958 South 950 East
105. [+] postal_code : 84606
106. [+] emails : ['abuse@unifiedlayer.com', 'netops@unifiedlayer.com']
107. [+] created : 2013-03-01
108. [+] updated : 2013-03-01
109.  
110. [+] Crawling Target...
111.  
112. [+] Looking for robots.txt........[ Not Found ]
113. [+] Looking for sitemap.xml.......[ Not Found ]
114. [+] Extracting CSS Links..........[ 9 ]
115. [+] Extracting Javascript Links...[ 9 ]
116. [+] Extracting Internal Links.....[ 32 ]
117. [+] Extracting External Links.....[ 6 ]
118. [+] Extracting Images.............[ 10 ]
119.  
120. [+] Total Links Extracted : 66
121.  
122. [+] Dumping Links in /opt/FinalRecon/dumps/www.glesp.org.br.dump
123. [+] Completed!
124. ######################################################################################################################################
125. [+] Starting At 2019-09-08 15:50:50.497756
126. [+] Collecting Information On: https://www.glesp.org.br/
127. [#] Status: 200
128. --------------------------------------------------
129. [#] Web Server Detected: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
130. [#] X-Powered-By: W3 Total Cache/0.9.7.5
131. - Date: Sun, 08 Sep 2019 19:50:50 GMT
132. - Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
133. - X-Powered-By: W3 Total Cache/0.9.7.5
134. - Link: <https://www.glesp.org.br/index.php?rest_route=/>; rel="https://api.w.org/"
135. - Expires: Thu, 19 Nov 1981 08:52:00 GMT
136. - Cache-Control: no-store, no-cache, must-revalidate
137. - Pragma: no-cache
138. - Set-Cookie: qtrans_front_language=pb; expires=Mon, 07-Sep-2020 19:50:52 GMT; Max-Age=31536000; path=/, PHPSESSID=7a12a97d8866f3d99f8570abd3cdc577; path=/
139. - x-frame-options: SAMEORIGIN
140. - Keep-Alive: timeout=5, max=100
141. - Connection: Keep-Alive
142. - Transfer-Encoding: chunked
143. - Content-Type: text/html; charset=UTF-8
144. --------------------------------------------------
145. [#] Finding Location..!
146. [#] as: AS46606 Unified Layer
147. [#] city: Provo
148. [#] country: United States
149. [#] countryCode: US
150. [#] isp: Unified Layer
151. [#] lat: 40.2067
152. [#] lon: -111.643
153. [#] org: Unified Layer
154. [#] query: 162.144.126.169
155. [#] region: UT
156. [#] regionName: Utah
157. [#] status: success
158. [#] timezone: America/Denver
159. [#] zip: 84606
160. --------------------------------------------------
161. [x] Didn't Detect WAF Presence on: https://www.glesp.org.br/
162. --------------------------------------------------
163. [#] Starting Reverse DNS
164. [-] Failed ! Fail
165. --------------------------------------------------
166. [!] Scanning Open Port
167. [#] 21/tcp open ftp
168. [#] 26/tcp open rsftp
169. [#] 53/tcp open domain
170. [#] 80/tcp open http
171. [#] 110/tcp open pop3
172. [#] 143/tcp open imap
173. [#] 443/tcp open https
174. [#] 465/tcp open smtps
175. [#] 587/tcp open submission
176. [#] 993/tcp open imaps
177. [#] 995/tcp open pop3s
178. --------------------------------------------------
179. [+] Collecting Information Disclosure!
180. [#] Detecting sitemap.xml file
181. [-] sitemap.xml file not Found!?
182. [#] Detecting robots.txt file
183. [-] robots.txt file not Found!?
184. [#] Detecting GNU Mailman
185. [!] GNU Mailman App Detected: https://www.glesp.org.br//mailman/admin
186. [!] version: 2.1.27
187. --------------------------------------------------
188. [+] Crawling Url Parameter On: https://www.glesp.org.br/
189. --------------------------------------------------
190. [#] Searching Html Form !
191. [-] No Html Form Found!?
192. --------------------------------------------------
193. [!] Found 3 dom parameter
194. [#] https://www.glesp.org.br//#
195. [#] https://www.glesp.org.br//#
196. [#] https://www.glesp.org.br//#
197. --------------------------------------------------
198. [!] 57 Internal Dynamic Parameter Discovered
199. [+] https://www.glesp.org.br/?feed=rss2
200. [+] https://www.glesp.org.br/?feed=rss
201. [+] https://www.glesp.org.br/?feed=atom
202. [+] https://www.glesp.org.br/?lang=pb
203. [+] https://www.glesp.org.br/?page_id=128
204. [+] https://www.glesp.org.br/?page_id=31
205. [+] https://www.glesp.org.br/?hospitalaria=fundo-de-solidariedade
206. [+] https://www.glesp.org.br/?page_id=18176
207. [+] https://www.glesp.org.br/?hospitalaria=indicador-de-saude
208. [+] https://www.glesp.org.br/?hospitalaria=instituicoes-de-ensino
209. [+] https://www.glesp.org.br/?hospitalaria=recolocacao-profissional
210. [+] https://www.glesp.org.br/?page_id=519
211. [+] https://www.glesp.org.br/?paramaconicas=amem-associacao-dos-medicos-macons
212. [+] https://www.glesp.org.br/?paramaconicas=ordem-internacional-arco-iris-para-meninas
213. [+] https://www.glesp.org.br/?paramaconicas=bodes-do-asfalto
214. [+] https://www.glesp.org.br/?paramaconicas=ordem-demolay
215. [+] https://www.glesp.org.br/?paramaconicas=estrela-do-oriente
216. [+] https://www.glesp.org.br/?paramaconicas=escoteiros-do-brasil
217. [+] https://www.glesp.org.br/?paramaconicas=escudeiros-da-tavola-redonda
218. [+] https://www.glesp.org.br/?paramaconicas=filhas-de-jo
219. [+] https://www.glesp.org.br/?paramaconicas=pelicanos-do-asfalto
220. [+] https://www.glesp.org.br/?paramaconicas=lowtons
221. [+] https://www.glesp.org.br/?paramaconicas=pledges
222. [+] https://www.glesp.org.br/?post_type=noticias
223. [+] https://www.glesp.org.br/?page_id=115
224. [+] https://www.glesp.org.br/?sec-geral=boletins-informativos
225. [+] https://www.glesp.org.br/?page_id=186
226. [+] https://www.glesp.org.br/?hospitalaria=fundo-de-solidariedade
227. [+] https://www.glesp.org.br/?noticias=edital-3
228. [+] https://www.glesp.org.br/?noticias=parceria-glesp-bifarma
229. [+] https://www.glesp.org.br/?noticias=dia-do-macom-2
230. [+] https://www.glesp.org.br/?noticias=glesp-news
231. [+] https://www.glesp.org.br/?noticias=novo-pabx
232. [+] https://www.glesp.org.br/?noticias=reuniao
233. [+] https://www.glesp.org.br/?post_type=noticias
234. [+] https://www.glesp.org.br/?page_id=20869
235. [+] https://www.glesp.org.br/?page_id=115
236. [+] https://www.glesp.org.br/?page_id=31
237. [+] https://www.glesp.org.br/?hospitalaria=fundo-de-solidariedade
238. [+] https://www.glesp.org.br/?page_id=18176
239. [+] https://www.glesp.org.br/?hospitalaria=indicador-de-saude
240. [+] https://www.glesp.org.br/?hospitalaria=instituicoes-de-ensino
241. [+] https://www.glesp.org.br/?hospitalaria=recolocacao-profissional
242. [+] https://www.glesp.org.br/?page_id=519
243. [+] https://www.glesp.org.br/?paramaconicas=amem-associacao-dos-medicos-macons
244. [+] https://www.glesp.org.br/?paramaconicas=ordem-internacional-arco-iris-para-meninas
245. [+] https://www.glesp.org.br/?paramaconicas=bodes-do-asfalto
246. [+] https://www.glesp.org.br/?paramaconicas=ordem-demolay
247. [+] https://www.glesp.org.br/?paramaconicas=estrela-do-oriente
248. [+] https://www.glesp.org.br/?paramaconicas=escoteiros-do-brasil
249. [+] https://www.glesp.org.br/?paramaconicas=escudeiros-da-tavola-redonda
250. [+] https://www.glesp.org.br/?paramaconicas=filhas-de-jo
251. [+] https://www.glesp.org.br/?paramaconicas=pelicanos-do-asfalto
252. [+] https://www.glesp.org.br/?paramaconicas=lowtons
253. [+] https://www.glesp.org.br/?paramaconicas=pledges
254. [+] https://www.glesp.org.br/?post_type=noticias
255. [+] https://www.glesp.org.br/?page_id=115
256. --------------------------------------------------
257. [-] No external Dynamic Paramter Found!?
258. --------------------------------------------------
259. [!] 11 Internal links Discovered
260. [+] https://www.glesp.org.br/
261. [+] https://www.glesp.org.br
262. [+] https://www.glesp.org.br/restrita
263. [+] https://www.glesp.org.br/
264. [+] http://oportunidades.glesp.org.br/usuarios/login_visualizar
265. [+] https://www.glesp.org.br/sec-geral/boletim-informativo/
266. [+] https://www.glesp.org.br/secretaria-geral/
267. [+] https://www.glesp.org.br/hospitalaria/fundo-de-solidariedade/
268. [+] https://info.glesp.org.br/lojas/busca_lojas
269. [+] https://www.glesp.org.br/
270. [+] http://oportunidades.glesp.org.br/usuarios/login_visualizar
271. --------------------------------------------------
272. [!] 8 External links Discovered
273. [#] https://siteglesp-ww6lipmgvue8y.netdna-ssl.com/favicon.ico
274. [#] https://siteglesp-ww6lipmgvue8y.netdna-ssl.com/favicon.ico
275. [#] https://siteglesp-ww6lipmgvue8y.netdna-ssl.com/wp-content/themes/glesp/medium.css
276. [#] https://siteglesp-ww6lipmgvue8y.netdna-ssl.com/wp-content/themes/glesp/minimum.css
277. [#] https://www.facebook.com/GlespOficial/
278. [#] https://twitter.com/gmglespoficial
279. [#] https://www.linkedin.com/company-beta/11222127/
280. [#] https://www.youtube.com/user/glesp10
281. --------------------------------------------------
282. [#] Mapping Subdomain..
283. [-] No Any Subdomain Found
284. [!] Found 0 Subdomain
285. --------------------------------------------------
286. [!] Done At 2019-09-08 15:51:15.796824
287. #######################################################################################################################################
288. [i] Scanning Site: https://www.glesp.org.br
289.  
290.  
291.  
292. B A S I C I N F O
293. ====================
294.  
295.  
296. [+] Site Title: Glesp &#8211; Grande Loja Maçônica do Estado de São Paulo -
297. [+] IP address: 162.144.126.169
298. [+] Web Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
299. [+] CMS: WordPress
300. [+] Cloudflare: Not Detected
301. [+] Robots File: Could NOT Find robots.txt!
302.  
303.  
304.  
305.  
306. W H O I S L O O K U P
307. ========================
308.  
309.  
310. % Copyright (c) Nic.br
311. % The use of the data below is only permitted as described in
312. % full by the terms of use at https://registro.br/termo/en.html ,
313. % being prohibited its distribution, commercialization or
314. % reproduction, in particular, to use it for advertising or
315. % any similar purpose.
316. % 2019-09-08T16:51:00-03:00
317.  
318. domain: glesp.org.br
319. owner: GRANDE LOJA MAÇÔNICA DO ESTADO DE SP
320. ownerid: 62.638.440/0001-26
321. responsible: DPTO INFORMÁTICA DA GLESP
322. country: BR
323. owner-c: GLS191
324. admin-c: GLS191
325. tech-c: GLS191
326. billing-c: GLS191
327. nserver: ns1.glesp.org.br 162.144.126.169
328. nsstat: 20190907 AA
329. nslastaa: 20190907
330. nserver: ns2.glesp.org.br 142.4.3.158
331. nsstat: 20190907 AA
332. nslastaa: 20190907
333. created: 20061109 #3154499
334. changed: 20170930
335. expires: 20191109
336. status: published
337.  
338. nic-hdl-br: GLS191
339. person: Grande Loja Maçônica do Estado de SP
340. e-mail: info@glesp.org.br
341. country: BR
342. created: 20040402
343. changed: 20180306
344.  
345. % Security and mail abuse issues should also be addressed to
346. % cert.br, http://www.cert.br/ , respectivelly to cert@cert.br
347. % and mail-abuse@cert.br
348. %
349. % whois.registro.br accepts only direct match queries. Types
350. % of queries are: domain (.br), registrant (tax ID), ticket,
351. % provider, contact handle (ID), CIDR block, IP and ASN.
352.  
353.  
354.  
355.  
356. G E O I P L O O K U P
357. =========================
358.  
359. [i] IP Address: 162.144.126.169
360. [i] Country: United States
361. [i] State: Utah
362. [i] City: Provo
363. [i] Latitude: 40.2342
364. [i] Longitude: -111.6442
365.  
366.  
367.  
368.  
369. H T T P H E A D E R S
370. =======================
371.  
372.  
373. [i] HTTP/1.1 200 OK
374. [i] Date: Sun, 08 Sep 2019 19:51:01 GMT
375. [i] Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
376. [i] X-Powered-By: W3 Total Cache/0.9.7.5
377. [i] Link: <https://www.glesp.org.br/index.php?rest_route=/>; rel="https://api.w.org/"
378. [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
379. [i] Cache-Control: no-store, no-cache, must-revalidate
380. [i] Pragma: no-cache
381. [i] Set-Cookie: qtrans_front_language=pb; expires=Mon, 07-Sep-2020 19:51:03 GMT; Max-Age=31536000; path=/
382. [i] Set-Cookie: PHPSESSID=912b0100c03677811b9f551ed6d3ff55; path=/
383. [i] x-frame-options: SAMEORIGIN
384. [i] Connection: close
385. [i] Content-Type: text/html; charset=UTF-8
386.  
387.  
388.  
389.  
390. D N S L O O K U P
391. ===================
392.  
393. glesp.org.br. 14399 IN TXT "v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all"
394. glesp.org.br. 14399 IN MX 0 mail.glesp.org.br.
395. glesp.org.br. 21599 IN SOA ns1.glesp.org.br. info.glesp.org.br. 2019081700 3600 7200 1209600 86400
396. glesp.org.br. 21599 IN NS ns1.glesp.org.br.
397. glesp.org.br. 21599 IN NS ns2.glesp.org.br.
398. glesp.org.br. 14399 IN A 162.144.126.169
399.  
400.  
401.  
402.  
403. S U B N E T C A L C U L A T I O N
404. ====================================
405.  
406. Address = 162.144.126.169
407. Network = 162.144.126.169 / 32
408. Netmask = 255.255.255.255
409. Broadcast = not needed on Point-to-Point links
410. Wildcard Mask = 0.0.0.0
411. Hosts Bits = 0
412. Max. Hosts = 1 (2^0 - 0)
413. Host Range = { 162.144.126.169 - 162.144.126.169 }
414.  
415.  
416.  
417. N M A P P O R T S C A N
418. ============================
419.  
420. Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-08 19:51 UTC
421. Nmap scan report for glesp.org.br (162.144.126.169)
422. Host is up (0.082s latency).
423. rDNS record for 162.144.126.169: srv.glesp.org.br
424.  
425. PORT STATE SERVICE
426. 21/tcp open ftp
427. 22/tcp closed ssh
428. 23/tcp closed telnet
429. 80/tcp open http
430. 110/tcp open pop3
431. 143/tcp open imap
432. 443/tcp open https
433. 3389/tcp closed ms-wbt-server
434.  
435. Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds
436.  
437.  
438.  
439. S U B - D O M A I N F I N D E R
440. ==================================
441.  
442.  
443. [i] Total Subdomains Found : 7
444.  
445. [+] Subdomain: ns2.glesp.org.br
446. [-] IP: 142.4.3.158
447.  
448. [+] Subdomain: webdisk.glesp.org.br
449. [-] IP: 162.144.126.169
450.  
451. [+] Subdomain: mail.glesp.org.br
452. [-] IP: 162.144.126.169
453.  
454. [+] Subdomain: info.glesp.org.br
455. [-] IP: 191.252.94.255
456.  
457. [+] Subdomain: autodiscover.glesp.org.br
458. [-] IP: 162.144.126.169
459.  
460. [+] Subdomain: oportunidades.glesp.org.br
461. [-] IP: 191.252.94.255
462.  
463. [+] Subdomain: srv.glesp.org.br
464. [-] IP: 162.144.126.169
465. #######################################################################################################################################
466. [*] Load target domain: glesp.org.br
467. - starting scanning @ 2019-09-08 15:55:07
468.  
469. [+] Running & Checking source to be used
470. ---------------------------------------------
471.  
472. ⍥ Shodan [ ✕ ]
473. ⍥ Dnsdumpster [ ✔ ]
474. ⍥ Webarchive [ ✔ ]
475. ⍥ Certsh [ ✔ ]
476. ⍥ Certspotter [ ✔ ]
477. ⍥ Binaryedge [ ✕ ]
478. ⍥ Securitytrails [ ✕ ]
479. ⍥ Threatcrowd [ ✔ ]
480. ⍥ Riddler [ ✔ ]
481. ⍥ Bufferover [ ✔ ]
482. ⍥ Virustotal [ ✕ ]
483. ⍥ Censys [ ✕ ]
484. ⍥ Entrust [ ✔ ]
485. ⍥ Hackertarget [ ✔ ]
486. ⍥ Threatminer [ ✔ ]
487. ⍥ Findsubdomain [ ✔ ]
488.  
489. [+] Get & Count subdomain total From source
490. ---------------------------------------------
491.  
492. ⍥ Hackertarget: Total Subdomain (8)
493. ⍥ Findsubdomain: Total Subdomain (11)
494. ⍥ Certspotter: Total Subdomain (10)
495. ⍥ Threatminer: Total Subdomain (0)
496. ⍥ Certsh: Total Subdomain (9)
497. ⍥ BufferOver: Total Subdomain (11)
498. ⍥ Entrust: Total Subdomain (0)
499. ⍥ Threatcrowd: Total Subdomain (0)
500. ⍥ Dnsdumpster: Total Subdomain (0)
501. ⍥ Riddler: Total Subdomain (3)
502. ⍥ Webarchive: Total Subdomain (6)
503.  
504. [+] Parsing & Sorting list Domain
505. ---------------------------------------------
506.  
507. ⍥ Total [16]
508.  
509. - autodiscover.glesp.org.br
510. - cpanel.glesp.org.br
511. - empregos.glesp.org.br
512. - glesp.org.br
513. - info.glesp.org.br
514. - lojas.glesp.org.br
515. - mail.glesp.org.br
516. - ns1.glesp.org.br
517. - ns2.glesp.org.br
518. - oportunidades.glesp.org.br
519. - r19.glesp.org.br
520. - srv.glesp.org.br
521. - webdisk.glesp.org.br
522. - webmail.glesp.org.br
523. - www.glesp.org.br
524. - www.srv.glesp.org.br
525.  
526. ⍥ Total [16]
527.  
528. [+] Probe subdomain for working on http/https
529. ---------------------------------------------
530.  
531. - http://ns1.glesp.org.br
532. - http://ns2.glesp.org.br
533. - http://cpanel.glesp.org.br
534. - http://srv.glesp.org.br
535. - http://info.glesp.org.br
536. - https://ns2.glesp.org.br
537. - https://autodiscover.glesp.org.br
538. - http://webmail.glesp.org.br
539. - https://srv.glesp.org.br
540. - http://oportunidades.glesp.org.br
541. - https://cpanel.glesp.org.br
542. - https://info.glesp.org.br
543. - https://oportunidades.glesp.org.br
544. - https://webmail.glesp.org.br
545. - http://autodiscover.glesp.org.br
546. - http://webdisk.glesp.org.br
547. - https://webdisk.glesp.org.br
548.  
549. ⍥ Total [17]
550.  
551.  
552. [+] Check Live Host: Ping Sweep - ICMP PING
553. ---------------------------------------------
554.  
555. ⍥ [LIVE] autodiscover.glesp.org.br
556. ⍥ [LIVE] cpanel.glesp.org.br
557. ⍥ [DEAD] empregos.glesp.org.br
558. ⍥ [LIVE] glesp.org.br
559. ⍥ [LIVE] info.glesp.org.br
560. ⍥ [DEAD] lojas.glesp.org.br
561. ⍥ [LIVE] mail.glesp.org.br
562. ⍥ [LIVE] ns1.glesp.org.br
563. ⍥ [LIVE] ns2.glesp.org.br
564. ⍥ [LIVE] oportunidades.glesp.org.br
565. ⍥ [DEAD] r19.glesp.org.br
566. ⍥ [LIVE] srv.glesp.org.br
567. ⍥ [LIVE] webdisk.glesp.org.br
568. ⍥ [LIVE] webmail.glesp.org.br
569. ⍥ [LIVE] www.glesp.org.br
570. ⍥ [DEAD] www.srv.glesp.org.br
571.  
572. [+] Check Resolving: Subdomains & Domains
573. ---------------------------------------------
574.  
575. ⍥ Resolving domains to: 162.144.126.169
576. ⍥ Resolving domains to: 162.144.126.169
577. ⍥ Resolving domains to: RESOLVE ERROR
578. ⍥ Resolving domains to: 162.144.126.169
579. ⍥ Resolving domains to: 191.252.94.255
580. ⍥ Resolving domains to: RESOLVE ERROR
581. ⍥ Resolving domains to: 162.144.126.169
582. ⍥ Resolving domains to: 162.144.126.169
583. ⍥ Resolving domains to: 142.4.3.158
584. ⍥ Resolving domains to: 191.252.94.255
585. ⍥ Resolving domains to: RESOLVE ERROR
586. ⍥ Resolving domains to: 162.144.126.169
587. ⍥ Resolving domains to: 162.144.126.169
588. ⍥ Resolving domains to: 162.144.126.169
589. ⍥ Resolving domains to: 162.144.126.169
590. ⍥ Resolving domains to: RESOLVE ERROR
591.  
592. [+] Subdomain TakeOver - Check Possible Vulns
593. ---------------------------------------------
594.  
595. ⍥ [FAILS] En: Unknown http://cpanel.glesp.org.br
596. ⍥ [FAILS] En: Unknown http://ns1.glesp.org.br
597. ⍥ [FAILS] En: Unknown http://ns2.glesp.org.br
598. ⍥ [FAILS] En: Unknown http://info.glesp.org.br
599. ⍥ [FAILS] En: Unknown http://srv.glesp.org.br
600. ⍥ [FAILS] En: Unknown http://webmail.glesp.org.br
601. ⍥ [FAILS] En: Unknown https://autodiscover.glesp.org.br
602. ⍥ [FAILS] En: Unknown https://ns2.glesp.org.br
603. ⍥ [FAILS] En: Unknown https://srv.glesp.org.br
604. ⍥ [FAILS] En: Unknown http://oportunidades.glesp.org.br
605. ⍥ [FAILS] En: Unknown https://cpanel.glesp.org.br
606. ⍥ [FAILS] En: Unknown https://info.glesp.org.br
607. ⍥ [FAILS] En: Unknown https://oportunidades.glesp.org.br
608. ⍥ [FAILS] En: Unknown https://webmail.glesp.org.br
609. ⍥ [FAILS] En: Unknown http://autodiscover.glesp.org.br
610. ⍥ [FAILS] En: Unknown http://webdisk.glesp.org.br
611. ⍥ [FAILS] En: Unknown https://webdisk.glesp.org.br
612.  
613. [+] Checks status code on port 80 and 443
614. ---------------------------------------------
615.  
616. ⍥ [301] http://cpanel.glesp.org.br
617. ⍥ [200] http://ns1.glesp.org.br
618. ⍥ [200] http://ns2.glesp.org.br
619. ⍥ [301] http://info.glesp.org.br
620. ⍥ [200] http://srv.glesp.org.br
621. ⍥ [301] http://webmail.glesp.org.br
622. ⍥ [400] https://autodiscover.glesp.org.br
623. ⍥ [000] https://ns2.glesp.org.br
624. ⍥ [200] https://srv.glesp.org.br
625. ⍥ [200] http://oportunidades.glesp.org.br
626. ⍥ [401] https://cpanel.glesp.org.br
627. ⍥ [302] https://info.glesp.org.br
628. ⍥ [000] https://oportunidades.glesp.org.br
629. ⍥ [401] https://webmail.glesp.org.br
630. ⍥ [302] http://autodiscover.glesp.org.br
631. ⍥ [302] http://webdisk.glesp.org.br
632. ⍥ [401] https://webdisk.glesp.org.br
633. #######################################################################################################################################
634. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7938
635. ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
636.  
637. ;; QUESTION SECTION:
638. ;glesp.org.br. IN ANY
639.  
640. ;; ANSWER SECTION:
641. glesp.org.br. 14400 IN A 162.144.126.169
642. glesp.org.br. 43200 IN SOA ns1.glesp.org.br. info.glesp.org.br. 2019081700 3600 7200 1209600 86400
643. glesp.org.br. 14400 IN MX 0 mail.glesp.org.br.
644. glesp.org.br. 14400 IN TXT "v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all"
645. glesp.org.br. 3600 IN NS ns2.glesp.org.br.
646. glesp.org.br. 3600 IN NS ns1.glesp.org.br.
647.  
648. ;; AUTHORITY SECTION:
649. glesp.org.br. 3600 IN NS ns2.glesp.org.br.
650. glesp.org.br. 3600 IN NS ns1.glesp.org.br.
651.  
652. ;; ADDITIONAL SECTION:
653. ns2.glesp.org.br. 3600 IN A 142.4.3.158
654. ns1.glesp.org.br. 3600 IN A 162.144.126.169
655.  
656. Received 273 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 339 ms
657. #######################################################################################################################################
658.  
659. ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace glesp.org.br
660. ;; global options: +cmd
661. . 79597 IN NS b.root-servers.net.
662. . 79597 IN NS a.root-servers.net.
663. . 79597 IN NS e.root-servers.net.
664. . 79597 IN NS f.root-servers.net.
665. . 79597 IN NS i.root-servers.net.
666. . 79597 IN NS d.root-servers.net.
667. . 79597 IN NS j.root-servers.net.
668. . 79597 IN NS c.root-servers.net.
669. . 79597 IN NS g.root-servers.net.
670. . 79597 IN NS h.root-servers.net.
671. . 79597 IN NS m.root-servers.net.
672. . 79597 IN NS l.root-servers.net.
673. . 79597 IN NS k.root-servers.net.
674. . 79597 IN RRSIG NS 8 0 518400 20190921050000 20190908040000 59944 . UuqegF9lYYGty+pCLaJzL7AXkRgoLhs5F/6ILQlpIf8Q2YzSlbQvZAyC /AKti2Jvvt3PRkMZNKG+MHyV1e4x6H83FNC4cPh4lPtndC2QK6iwixPL 9OUDh62CGmaRO8zrW5cbMrQgC4KdaLscg6ryrSKEI6weL4I79d7Xho1T tPFZ7bHVcrZZxlXVmpYSWkQWn2Qld5srTwIOY+Haeb19m+ZagRpxY5pq 8RQ6RmLqr4r8rIn1ojpI7EnTaoQKkRcCxSessBYf2kRZR9ESS/1iidyW gORZ2dzflAtZDGbnWW0tN27aRbmX8ibWPRlkXxC8AgkO6PcJ/t1ZjeYA G8mMxw==
675. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 30 ms
676.  
677. br. 172800 IN NS b.dns.br.
678. br. 172800 IN NS c.dns.br.
679. br. 172800 IN NS d.dns.br.
680. br. 172800 IN NS a.dns.br.
681. br. 172800 IN NS e.dns.br.
682. br. 172800 IN NS f.dns.br.
683. br. 86400 IN DS 2471 13 2 5E4F35998B8F909557FA119C4CBFDCA2D660A26F069EF006B403758A 07D1A2E4
684. br. 86400 IN RRSIG DS 8 1 86400 20190921050000 20190908040000 59944 . cXS63FNrcuW7lIHWkR5wrSppkQEnFEV9vkvH81rIdpgxfiWwcs0YWE19 iX50G7T4cMEeyXu9/XxNLSPZcribsVPLWDpqRQ5wuyO0thb5vPqUSZ8Q 3nuS1a+kA+BWuJTm0e/pTZI8Gs2bAwma83oIeVsIA+F0noeVphgzuu16 Tv6eI23U8SlPrTxGFrv6Trr4fqUzd/ZZI0hoJUWhRp5MOSMJMzEHh+M9 mcYAdSdKjIBHDgL03Bgqpt9RZVhlWz9qq84sUmQgtiwo5GxlAClxAOrN r8itXwGauNI2zvF19+li3li6LktbvcWv60yazzCawUK9k1TzyQsGQftN NRh0sA==
685. ;; Received 740 bytes from 202.12.27.33#53(m.root-servers.net) in 208 ms
686.  
687. glesp.org.br. 3600 IN NS ns1.glesp.org.br.
688. glesp.org.br. 3600 IN NS ns2.glesp.org.br.
689. 8ibcveen5720n44l12on35ti99p48dfq.org.br. 900 IN NSEC3 1 1 10 1ED197E8FB8CAF6322BC 8ICM44EE54CNOQDKEDVKHHOQFOIQG8RR NS SOA RRSIG DNSKEY NSEC3PARAM
690. 8ibcveen5720n44l12on35ti99p48dfq.org.br. 900 IN RRSIG NSEC3 13 3 900 20190922195507 20190908185507 50774 org.br. sS1Jm4T6HfA4DRCIh9CZgD01erHrzn6GoReLUrPefaWedVwbvyANcTKa 3qs4tlqXtu8S0ePXFMCwroUNsT2G/w==
691. f6jeb8tubugn3pac75077pue472rf06m.org.br. 900 IN NSEC3 1 1 10 1ED197E8FB8CAF6322BC F6JN7D5B9OBCR8K4Q3B12VLLSKF0BVTO NS DS RRSIG
692. f6jeb8tubugn3pac75077pue472rf06m.org.br. 900 IN RRSIG NSEC3 13 3 900 20190918190509 20190904180509 50774 org.br. 7Wvh5fLSu/MyA0xvvFnRe+qmsRz099ayDkEoKzV+iXLwAOJNoN8N699O Cx7Z3szScT4QHKt++MoPYAwddMCz3A==
693. ;; Received 492 bytes from 200.192.233.10#53(c.dns.br) in 175 ms
694.  
695. glesp.org.br. 14400 IN A 162.144.126.169
696. glesp.org.br. 86400 IN NS ns1.glesp.org.br.
697. glesp.org.br. 86400 IN NS ns2.glesp.org.br.
698. ;; Received 125 bytes from 162.144.126.169#53(ns1.glesp.org.br) in 84 ms
699. #######################################################################################################################################
700. [*] Performing General Enumeration of Domain: glesp.org.br
701. [-] DNSSEC is not configured for glesp.org.br
702. [*] SOA ns1.glesp.org.br 162.144.126.169
703. [*] NS ns1.glesp.org.br 162.144.126.169
704. [*] NS ns2.glesp.org.br 142.4.3.158
705. [*] MX mail.glesp.org.br 162.144.126.169
706. [*] A glesp.org.br 162.144.126.169
707. [*] TXT glesp.org.br v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all
708. [*] Enumerating SRV Records
709. [*] SRV _caldavs._tcp.glesp.org.br srv.glesp.org.br 162.144.126.169 2080 0
710. [*] SRV _caldav._tcp.glesp.org.br srv.glesp.org.br 162.144.126.169 2079 0
711. [*] SRV _carddavs._tcp.glesp.org.br srv.glesp.org.br 162.144.126.169 2080 0
712. [*] SRV _carddav._tcp.glesp.org.br srv.glesp.org.br 162.144.126.169 2079 0
713. [*] SRV _autodiscover._tcp.glesp.org.br cpanelemaildiscovery.cpanel.net 208.74.120.173 443 0
714. [*] SRV _autodiscover._tcp.glesp.org.br cpanelemaildiscovery.cpanel.net 208.74.120.196 443 0
715. [*] SRV _autodiscover._tcp.glesp.org.br cpanelemaildiscovery.cpanel.net 208.74.123.37 443 0
716. [+] 7 Records Found
717. #######################################################################################################################################
718. [*] Processing domain glesp.org.br
719. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
720. [+] Getting nameservers
721. 162.144.126.169 - ns1.glesp.org.br
722. 142.4.3.158 - ns2.glesp.org.br
723. [-] Zone transfer failed
724.  
725. [+] TXT records found
726. "v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all"
727.  
728. [+] MX records found, added to target list
729. 0 mail.glesp.org.br.
730.  
731. [*] Scanning glesp.org.br for A records
732. 162.144.126.169 - glesp.org.br
733. 162.144.126.169 - autodiscover.glesp.org.br
734. 162.144.126.169 - autoconfig.glesp.org.br
735. 162.144.126.169 - cpanel.glesp.org.br
736. 162.144.126.169 - ftp.glesp.org.br
737. 191.252.94.255 - info.glesp.org.br
738. 127.0.0.1 - localhost.glesp.org.br
739. 162.144.126.169 - mail.glesp.org.br
740. 162.144.126.169 - ns1.glesp.org.br
741. 142.4.3.158 - ns2.glesp.org.br
742. 162.144.126.169 - webdisk.glesp.org.br
743. 162.144.126.169 - webmail.glesp.org.br
744. 162.144.126.169 - whm.glesp.org.br
745. 162.144.126.169 - www.glesp.org.br
746. #######################################################################################################################################
747.  
748. AVAILABLE PLUGINS
749. -----------------
750.  
751. SessionResumptionPlugin
752. EarlyDataPlugin
753. CompressionPlugin
754. CertificateInfoPlugin
755. RobotPlugin
756. OpenSslCipherSuitesPlugin
757. HeartbleedPlugin
758. FallbackScsvPlugin
759. SessionRenegotiationPlugin
760. OpenSslCcsInjectionPlugin
761. HttpHeadersPlugin
762.  
763.  
764.  
765. CHECKING HOST(S) AVAILABILITY
766. -----------------------------
767.  
768. 162.144.126.169:443 => 162.144.126.169
769.  
770.  
771.  
772.  
773. SCAN RESULTS FOR 162.144.126.169:443 - 162.144.126.169
774. ------------------------------------------------------
775.  
776. * SSLV2 Cipher Suites:
777. Server rejected all cipher suites.
778.  
779. * Certificate Information:
780. Content
781. SHA1 Fingerprint: a538419a17cd6a7122a92a8bf6cdf44ec9d6d120
782. Common Name: glesp.org.br
783. Issuer: cPanel, Inc. Certification Authority
784. Serial Number: 314204499782145017959226180083674269663
785. Not Before: 2019-09-01 00:00:00
786. Not After: 2019-11-30 23:59:59
787. Signature Algorithm: sha256
788. Public Key Algorithm: RSA
789. Key Size: 2048
790. Exponent: 65537 (0x10001)
791. DNS Subject Alternative Names: ['glesp.org.br', 'autodiscover.glesp.org.br', 'cpanel.glesp.org.br', 'mail.glesp.org.br', 'webdisk.glesp.org.br', 'webmail.glesp.org.br', 'www.glesp.org.br']
792.  
793. Trust
794. Hostname Validation: FAILED - Certificate does NOT match 162.144.126.169
795. Android CA Store (9.0.0_r9): OK - Certificate is trusted
796. Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
797. Java CA Store (jdk-12.0.1): OK - Certificate is trusted
798. Mozilla CA Store (2019-03-14): OK - Certificate is trusted
799. Windows CA Store (2019-05-27): OK - Certificate is trusted
800. Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
801. Received Chain: glesp.org.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
802. Verified Chain: glesp.org.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
803. Received Chain Contains Anchor: OK - Anchor certificate not sent
804. Received Chain Order: OK - Order is valid
805. Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
806.  
807. Extensions
808. OCSP Must-Staple: NOT SUPPORTED - Extension not found
809. Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
810.  
811. OCSP Stapling
812. OCSP Response Status: successful
813. Validation w/ Mozilla Store: OK - Response is trusted
814. Responder Id: 7E035A65416BA77E0AE1B89D08EA1D8E1D6AC765
815. Cert Status: good
816. Cert Serial Number: EC6195E1F6685DD7FC1FB491EFE847DF
817. This Update: Sep 5 18:43:10 2019 GMT
818. Next Update: Sep 12 18:43:10 2019 GMT
819.  
820. * TLSV1_3 Cipher Suites:
821. Server rejected all cipher suites.
822.  
823. * Deflate Compression:
824. OK - Compression disabled
825.  
826. * ROBOT Attack:
827. OK - Not vulnerable
828.  
829. * OpenSSL Heartbleed:
830. OK - Not vulnerable to Heartbleed
831.  
832. * TLSV1_1 Cipher Suites:
833. Forward Secrecy OK - Supported
834. RC4 INSECURE - Supported
835.  
836. Preferred:
837. None - Server followed client cipher suite preference.
838. Accepted:
839. TLS_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
840. TLS_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
841. TLS_RSA_WITH_RC4_128_MD5 128 bits Timeout on HTTP GET
842. TLS_RSA_WITH_IDEA_CBC_SHA 128 bits Timeout on HTTP GET
843. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
844. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
845. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
846. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
847. TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
848. TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
849. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
850. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
851. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
852. TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
853. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
854. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
855. TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
856. TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
857. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
858. Undefined - An unexpected error happened:
859. TLS_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
860.  
861. * Downgrade Attacks:
862. TLS_FALLBACK_SCSV: OK - Supported
863.  
864. * TLS 1.2 Session Resumption Support:
865. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
866. With TLS Tickets: OK - Supported
867.  
868. * TLSV1_2 Cipher Suites:
869. Forward Secrecy OK - Supported
870. RC4 INSECURE - Supported
871.  
872. Preferred:
873. None - Server followed client cipher suite preference.
874. Accepted:
875. TLS_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
876. TLS_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
877. TLS_RSA_WITH_RC4_128_MD5 128 bits Timeout on HTTP GET
878. TLS_RSA_WITH_IDEA_CBC_SHA 128 bits Timeout on HTTP GET
879. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
880. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
881. TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Timeout on HTTP GET
882. TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits Timeout on HTTP GET
883. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
884. TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Timeout on HTTP GET
885. TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Timeout on HTTP GET
886. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
887. TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
888. TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
889. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits Timeout on HTTP GET
890. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits Timeout on HTTP GET
891. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
892. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits Timeout on HTTP GET
893. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits Timeout on HTTP GET
894. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
895. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
896. TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
897. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
898. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
899. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits Timeout on HTTP GET
900. TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits Timeout on HTTP GET
901. TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
902. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits Timeout on HTTP GET
903. TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits Timeout on HTTP GET
904. TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
905. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
906. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
907.  
908. * SSLV3 Cipher Suites:
909. Server rejected all cipher suites.
910.  
911. * OpenSSL CCS Injection:
912. OK - Not vulnerable to OpenSSL CCS injection
913.  
914. * Session Renegotiation:
915. Client-initiated Renegotiation: OK - Rejected
916. Secure Renegotiation: OK - Supported
917.  
918. * TLSV1 Cipher Suites:
919. Forward Secrecy OK - Supported
920. RC4 INSECURE - Supported
921.  
922. Preferred:
923. None - Server followed client cipher suite preference.
924. Accepted:
925. TLS_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
926. TLS_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
927. TLS_RSA_WITH_RC4_128_MD5 128 bits Timeout on HTTP GET
928. TLS_RSA_WITH_IDEA_CBC_SHA 128 bits Timeout on HTTP GET
929. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
930. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
931. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
932. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
933. TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
934. TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
935. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
936. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
937. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
938. TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
939. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
940. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
941. TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
942. TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
943. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
944.  
945.  
946. SCAN COMPLETED IN 51.83 S
947. -------------------------
948. #######################################################################################################################################
949. Domains still to check: 1
950. Checking if the hostname glesp.org.br. given is in fact a domain...
951.  
952. Analyzing domain: glesp.org.br.
953. Checking NameServers using system default resolver...
954. IP: 162.144.126.169 (United States)
955. HostName: ns1.glesp.org.br Type: NS
956. HostName: srv.glesp.org.br Type: PTR
957. IP: 142.4.3.158 (United States)
958. HostName: ns2.glesp.org.br Type: NS
959. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
960.  
961. Checking MailServers using system default resolver...
962. IP: 162.144.126.169 (United States)
963. HostName: ns1.glesp.org.br Type: NS
964. HostName: srv.glesp.org.br Type: PTR
965. HostName: mail.glesp.org.br Type: MX
966.  
967. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
968. No zone transfer found on nameserver 162.144.126.169
969. No zone transfer found on nameserver 142.4.3.158
970.  
971. Checking SPF record...
972.  
973. Checking 192 most common hostnames using system default resolver...
974. IP: 162.144.126.169 (United States)
975. HostName: ns1.glesp.org.br Type: NS
976. HostName: srv.glesp.org.br Type: PTR
977. HostName: mail.glesp.org.br Type: MX
978. Type: SPF
979. HostName: www.glesp.org.br. Type: A
980. IP: 162.144.126.169 (United States)
981. HostName: ns1.glesp.org.br Type: NS
982. HostName: srv.glesp.org.br Type: PTR
983. HostName: mail.glesp.org.br Type: MX
984. Type: SPF
985. HostName: www.glesp.org.br. Type: A
986. HostName: ftp.glesp.org.br. Type: A
987. IP: 162.144.126.169 (United States)
988. HostName: ns1.glesp.org.br Type: NS
989. HostName: srv.glesp.org.br Type: PTR
990. HostName: mail.glesp.org.br Type: MX
991. Type: SPF
992. HostName: www.glesp.org.br. Type: A
993. HostName: ftp.glesp.org.br. Type: A
994. HostName: mail.glesp.org.br. Type: A
995. IP: 162.144.126.169 (United States)
996. Sub Domain: ns1.glesp.org.br. <- New Subdomain!
997. HostName: ns1.glesp.org.br. Type: A
998. HostName: srv.glesp.org.br Type: PTR
999. IP: 142.4.3.158 (United States)
1000. Sub Domain: ns2.glesp.org.br. <- New Subdomain!
1001. HostName: ns2.glesp.org.br. Type: A
1002. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
1003. IP: 162.144.126.169 (United States)
1004. Sub Domain: ns1.glesp.org.br. <- New Subdomain!
1005. HostName: ns1.glesp.org.br. Type: A
1006. HostName: srv.glesp.org.br Type: PTR
1007. HostName: webmail.glesp.org.br. Type: A
1008.  
1009. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1010. Checking netblock 162.144.126.0
1011. Checking netblock 142.4.3.0
1012.  
1013. Searching for glesp.org.br. emails in Google
1014. assessor1@glesp.org.br.
1015. info@glesp.org.br
1016. inscricoes@glesp.org.br.
1017. pagesInfo@glesp.org.br
1018. secretariageral@glesp.org.brw
1019.  
1020. Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1021. Host 162.144.126.169 is up (reset ttl 64)
1022. Host 142.4.3.158 is up (reset ttl 64)
1023.  
1024. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1025. Scanning ip 162.144.126.169 (webmail.glesp.org.br.):
1026. 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1027. | http-methods:
1028. | Supported Methods: GET POST OPTIONS HEAD TRACE
1029. |_ Potentially risky methods: TRACE
1030. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1031. |_http-title: Site doesn't have a title (text/html).
1032. 443/tcp open ssl/ssl syn-ack ttl 47 Apache httpd (SSL-only mode)
1033. | http-methods:
1034. |_ Supported Methods: HEAD POST
1035. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1036. |_http-title: 400 Bad Request
1037. | ssl-cert: Subject: commonName=glesp.org.br
1038. | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
1039. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1040. | Public Key type: rsa
1041. | Public Key bits: 2048
1042. | Signature Algorithm: sha256WithRSAEncryption
1043. | Not valid before: 2019-09-01T00:00:00
1044. | Not valid after: 2019-11-30T23:59:59
1045. | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
1046. |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
1047. |_ssl-date: TLS randomness does not represent time
1048. | tls-alpn:
1049. |_ http/1.1
1050. Scanning ip 142.4.3.158 (142-4-3-158.unifiedlayer.com (PTR)):
1051. 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1052. | http-methods:
1053. | Supported Methods: GET POST OPTIONS HEAD TRACE
1054. |_ Potentially risky methods: TRACE
1055. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1056. |_http-title: Site doesn't have a title (text/html).
1057. 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1058. | http-methods:
1059. | Supported Methods: GET POST OPTIONS HEAD TRACE
1060. |_ Potentially risky methods: TRACE
1061. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1062. |_http-title: Site doesn't have a title (text/html).
1063. | ssl-cert: Subject: commonName=srv.glesp.org.br
1064. | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
1065. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1066. | Public Key type: rsa
1067. | Public Key bits: 2048
1068. | Signature Algorithm: sha256WithRSAEncryption
1069. | Not valid before: 2019-08-17T00:00:00
1070. | Not valid after: 2020-08-16T23:59:59
1071. | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
1072. |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
1073. |_ssl-date: TLS randomness does not represent time
1074. | tls-alpn:
1075. |_ http/1.1
1076. Device type: general purpose|storage-misc|broadband router|router|media device|WAP
1077. Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%)
1078. WebCrawling domain's web servers... up to 50 max links.
1079.  
1080. + URL to crawl: http://ns1.glesp.org.br.
1081. + Date: 2019-09-08
1082.  
1083. + Crawling URL: http://ns1.glesp.org.br.:
1084. + Links:
1085. + Crawling http://ns1.glesp.org.br. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1086. + Searching for directories...
1087. + Searching open folders...
1088.  
1089.  
1090. + URL to crawl: http://webmail.glesp.org.br.
1091. + Date: 2019-09-08
1092.  
1093. + Crawling URL: http://webmail.glesp.org.br.:
1094. + Links:
1095. + Crawling http://webmail.glesp.org.br.
1096. + Searching for directories...
1097. + Searching open folders...
1098.  
1099.  
1100. + URL to crawl: http://ns1.glesp.org.br.:443
1101. + Date: 2019-09-08
1102.  
1103. + Crawling URL: http://ns1.glesp.org.br.:443:
1104. + Links:
1105. + Crawling http://ns1.glesp.org.br.:443 (400 Bad Request)
1106. + Searching for directories...
1107. + Searching open folders...
1108.  
1109.  
1110. + URL to crawl: http://webmail.glesp.org.br.:443
1111. + Date: 2019-09-08
1112.  
1113. + Crawling URL: http://webmail.glesp.org.br.:443:
1114. + Links:
1115. + Crawling http://webmail.glesp.org.br.:443 (400 Bad Request)
1116. + Searching for directories...
1117. + Searching open folders...
1118.  
1119.  
1120. + URL to crawl: http://ns2.glesp.org.br.
1121. + Date: 2019-09-08
1122.  
1123. + Crawling URL: http://ns2.glesp.org.br.:
1124. + Links:
1125. + Crawling http://ns2.glesp.org.br. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1126. + Searching for directories...
1127. + Searching open folders...
1128.  
1129.  
1130. + URL to crawl: https://ns2.glesp.org.br.
1131. + Date: 2019-09-08
1132.  
1133. + Crawling URL: https://ns2.glesp.org.br.:
1134. + Links:
1135. + Crawling https://ns2.glesp.org.br.
1136. + Searching for directories...
1137. + Searching open folders...
1138.  
1139. --Finished--
1140. Summary information for domain glesp.org.br.
1141. -----------------------------------------
1142. Domain Specific Information:
1143. Email: assessor1@glesp.org.br.
1144. Email: info@glesp.org.br
1145. Email: inscricoes@glesp.org.br.
1146. Email: pagesInfo@glesp.org.br
1147. Email: secretariageral@glesp.org.brw
1148.  
1149. Domain Ips Information:
1150. IP: 162.144.126.169
1151. Sub Domain: ns1.glesp.org.br.
1152. HostName: ns1.glesp.org.br. Type: A
1153. HostName: srv.glesp.org.br Type: PTR
1154. HostName: webmail.glesp.org.br. Type: A
1155. Country: United States
1156. Is Active: True (reset ttl 64)
1157. Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1158. Script Info: | http-methods:
1159. Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
1160. Script Info: |_ Potentially risky methods: TRACE
1161. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1162. Script Info: |_http-title: Site doesn't have a title (text/html).
1163. Port: 443/tcp open ssl/ssl syn-ack ttl 47 Apache httpd (SSL-only mode)
1164. Script Info: | http-methods:
1165. Script Info: |_ Supported Methods: HEAD POST
1166. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1167. Script Info: |_http-title: 400 Bad Request
1168. Script Info: | ssl-cert: Subject: commonName=glesp.org.br
1169. Script Info: | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
1170. Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1171. Script Info: | Public Key type: rsa
1172. Script Info: | Public Key bits: 2048
1173. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1174. Script Info: | Not valid before: 2019-09-01T00:00:00
1175. Script Info: | Not valid after: 2019-11-30T23:59:59
1176. Script Info: | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
1177. Script Info: |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
1178. Script Info: |_ssl-date: TLS randomness does not represent time
1179. Script Info: | tls-alpn:
1180. Script Info: |_ http/1.1
1181. IP: 142.4.3.158
1182. Sub Domain: ns2.glesp.org.br.
1183. HostName: ns2.glesp.org.br. Type: A
1184. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
1185. Country: United States
1186. Is Active: True (reset ttl 64)
1187. Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1188. Script Info: | http-methods:
1189. Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
1190. Script Info: |_ Potentially risky methods: TRACE
1191. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1192. Script Info: |_http-title: Site doesn't have a title (text/html).
1193. Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1194. Script Info: | http-methods:
1195. Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
1196. Script Info: |_ Potentially risky methods: TRACE
1197. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1198. Script Info: |_http-title: Site doesn't have a title (text/html).
1199. Script Info: | ssl-cert: Subject: commonName=srv.glesp.org.br
1200. Script Info: | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
1201. Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1202. Script Info: | Public Key type: rsa
1203. Script Info: | Public Key bits: 2048
1204. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1205. Script Info: | Not valid before: 2019-08-17T00:00:00
1206. Script Info: | Not valid after: 2020-08-16T23:59:59
1207. Script Info: | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
1208. Script Info: |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
1209. Script Info: |_ssl-date: TLS randomness does not represent time
1210. Script Info: | tls-alpn:
1211. Script Info: |_ http/1.1
1212. Script Info: Device type: general purpose|storage-misc|broadband router|router|media device|WAP
1213. Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%)
1214.  
1215. --------------End Summary --------------
1216. -----------------------------------------
1217.  
1218.  
1219.  
1220. Checking if the hostname ns1.glesp.org.br. given is in fact a domain...
1221.  
1222. Analyzing domain: ns1.glesp.org.br.
1223. Checking NameServers using system default resolver...
1224. IP: 162.144.126.169 (United States)
1225. HostName: ns1.glesp.org.br Type: NS
1226. HostName: srv.glesp.org.br Type: PTR
1227. IP: 142.4.3.158 (United States)
1228. HostName: ns2.glesp.org.br Type: NS
1229. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
1230.  
1231. Checking MailServers using system default resolver...
1232. IP: 162.144.126.169 (United States)
1233. HostName: ns1.glesp.org.br Type: NS
1234. HostName: srv.glesp.org.br Type: PTR
1235. HostName: ns1.glesp.org.br Type: MX
1236.  
1237. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1238. No zone transfer found on nameserver 162.144.126.169
1239. No zone transfer found on nameserver 142.4.3.158
1240.  
1241. Checking SPF record...
1242. No SPF record
1243.  
1244. Checking 192 most common hostnames using system default resolver...
1245. IP: 162.144.126.169 (United States)
1246. HostName: ns1.glesp.org.br Type: NS
1247. HostName: srv.glesp.org.br Type: PTR
1248. HostName: ns1.glesp.org.br Type: MX
1249. HostName: www.ns1.glesp.org.br. Type: A
1250. IP: 162.144.126.169 (United States)
1251. HostName: ns1.glesp.org.br Type: NS
1252. HostName: srv.glesp.org.br Type: PTR
1253. HostName: ns1.glesp.org.br Type: MX
1254. HostName: www.ns1.glesp.org.br. Type: A
1255. HostName: ftp.ns1.glesp.org.br. Type: A
1256. IP: 162.144.126.169 (United States)
1257. HostName: ns1.glesp.org.br Type: NS
1258. HostName: srv.glesp.org.br Type: PTR
1259. HostName: ns1.glesp.org.br Type: MX
1260. HostName: www.ns1.glesp.org.br. Type: A
1261. HostName: ftp.ns1.glesp.org.br. Type: A
1262. HostName: mail.ns1.glesp.org.br. Type: A
1263. IP: 162.144.126.169 (United States)
1264. HostName: ns1.glesp.org.br Type: NS
1265. HostName: srv.glesp.org.br Type: PTR
1266. HostName: ns1.glesp.org.br Type: MX
1267. HostName: www.ns1.glesp.org.br. Type: A
1268. HostName: ftp.ns1.glesp.org.br. Type: A
1269. HostName: mail.ns1.glesp.org.br. Type: A
1270. HostName: webmail.ns1.glesp.org.br. Type: A
1271.  
1272. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1273. Checking netblock 162.144.126.0
1274. Checking netblock 142.4.3.0
1275.  
1276. Searching for ns1.glesp.org.br. emails in Google
1277.  
1278. Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1279. Host 162.144.126.169 is up (reset ttl 64)
1280. Host 142.4.3.158 is up (reset ttl 64)
1281.  
1282. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1283. Scanning ip 162.144.126.169 (webmail.ns1.glesp.org.br.):
1284. 80/tcp open http? syn-ack ttl 50
1285. 443/tcp open ssl/https syn-ack ttl 50 Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1286. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1287. | ssl-cert: Subject: commonName=glesp.org.br
1288. | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
1289. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1290. | Public Key type: rsa
1291. | Public Key bits: 2048
1292. | Signature Algorithm: sha256WithRSAEncryption
1293. | Not valid before: 2019-09-01T00:00:00
1294. | Not valid after: 2019-11-30T23:59:59
1295. | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
1296. |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
1297. | tls-alpn:
1298. |_ http/1.1
1299. Scanning ip 142.4.3.158 (142-4-3-158.unifiedlayer.com (PTR)):
1300. 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1301. | http-methods:
1302. | Supported Methods: GET POST OPTIONS HEAD TRACE
1303. |_ Potentially risky methods: TRACE
1304. |_http-title: Site doesn't have a title (text/html).
1305. 443/tcp open http syn-ack ttl 47 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1306. |_http-title: 400 Bad Request
1307. | ssl-cert: Subject: commonName=srv.glesp.org.br
1308. | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
1309. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1310. | Public Key type: rsa
1311. | Public Key bits: 2048
1312. | Signature Algorithm: sha256WithRSAEncryption
1313. | Not valid before: 2019-08-17T00:00:00
1314. | Not valid after: 2020-08-16T23:59:59
1315. | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
1316. |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
1317. Device type: general purpose|storage-misc|router|media device|WAP|broadband router
1318. Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Netgear RAIDiator 4.X (87%)
1319. WebCrawling domain's web servers... up to 50 max links.
1320.  
1321. + URL to crawl: http://mail.ns1.glesp.org.br.:443
1322. + Date: 2019-09-08
1323.  
1324. + Crawling URL: http://mail.ns1.glesp.org.br.:443:
1325. + Links:
1326. + Crawling http://mail.ns1.glesp.org.br.:443
1327. + Searching for directories...
1328. + Searching open folders...
1329.  
1330.  
1331. + URL to crawl: http://webmail.ns1.glesp.org.br.:443
1332. + Date: 2019-09-08
1333.  
1334. + Crawling URL: http://webmail.ns1.glesp.org.br.:443:
1335. + Links:
1336. + Crawling http://webmail.ns1.glesp.org.br.:443
1337. + Searching for directories...
1338. + Searching open folders...
1339.  
1340.  
1341. + URL to crawl: http://www.ns1.glesp.org.br.:443
1342. + Date: 2019-09-08
1343.  
1344. + Crawling URL: http://www.ns1.glesp.org.br.:443:
1345. + Links:
1346. + Crawling http://www.ns1.glesp.org.br.:443 (400 Bad Request)
1347. + Searching for directories...
1348. + Searching open folders...
1349.  
1350.  
1351. + URL to crawl: http://ftp.ns1.glesp.org.br.:443
1352. + Date: 2019-09-08
1353.  
1354. + Crawling URL: http://ftp.ns1.glesp.org.br.:443:
1355. + Links:
1356. + Crawling http://ftp.ns1.glesp.org.br.:443
1357. + Searching for directories...
1358. + Searching open folders...
1359.  
1360.  
1361. + URL to crawl: http://ns1.glesp.org.br:443
1362. + Date: 2019-09-08
1363.  
1364. + Crawling URL: http://ns1.glesp.org.br:443:
1365. + Links:
1366. + Crawling http://ns1.glesp.org.br:443
1367. + Searching for directories...
1368. + Searching open folders...
1369.  
1370.  
1371. + URL to crawl: http://ns2.glesp.org.br
1372. + Date: 2019-09-08
1373.  
1374. + Crawling URL: http://ns2.glesp.org.br:
1375. + Links:
1376. + Crawling http://ns2.glesp.org.br
1377. + Searching for directories...
1378. + Searching open folders...
1379.  
1380.  
1381. + URL to crawl: http://ns2.glesp.org.br:443
1382. + Date: 2019-09-08
1383.  
1384. + Crawling URL: http://ns2.glesp.org.br:443:
1385. + Links:
1386. + Crawling http://ns2.glesp.org.br:443
1387. + Searching for directories...
1388. + Searching open folders...
1389.  
1390. --Finished--
1391. Summary information for domain ns1.glesp.org.br.
1392. -----------------------------------------
1393.  
1394. Domain Ips Information:
1395. IP: 162.144.126.169
1396. HostName: ns1.glesp.org.br Type: NS
1397. HostName: srv.glesp.org.br Type: PTR
1398. HostName: ns1.glesp.org.br Type: MX
1399. HostName: www.ns1.glesp.org.br. Type: A
1400. HostName: ftp.ns1.glesp.org.br. Type: A
1401. HostName: mail.ns1.glesp.org.br. Type: A
1402. HostName: webmail.ns1.glesp.org.br. Type: A
1403. Country: United States
1404. Is Active: True (reset ttl 64)
1405. Port: 80/tcp open http? syn-ack ttl 50
1406. Port: 443/tcp open ssl/https syn-ack ttl 50 Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1407. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1408. Script Info: | ssl-cert: Subject: commonName=glesp.org.br
1409. Script Info: | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
1410. Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1411. Script Info: | Public Key type: rsa
1412. Script Info: | Public Key bits: 2048
1413. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1414. Script Info: | Not valid before: 2019-09-01T00:00:00
1415. Script Info: | Not valid after: 2019-11-30T23:59:59
1416. Script Info: | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
1417. Script Info: |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
1418. Script Info: | tls-alpn:
1419. Script Info: |_ http/1.1
1420. IP: 142.4.3.158
1421. HostName: ns2.glesp.org.br Type: NS
1422. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
1423. Country: United States
1424. Is Active: True (reset ttl 64)
1425. Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1426. Script Info: | http-methods:
1427. Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
1428. Script Info: |_ Potentially risky methods: TRACE
1429. Script Info: |_http-title: Site doesn't have a title (text/html).
1430. Port: 443/tcp open http syn-ack ttl 47 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1431. Script Info: |_http-title: 400 Bad Request
1432. Script Info: | ssl-cert: Subject: commonName=srv.glesp.org.br
1433. Script Info: | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
1434. Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1435. Script Info: | Public Key type: rsa
1436. Script Info: | Public Key bits: 2048
1437. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1438. Script Info: | Not valid before: 2019-08-17T00:00:00
1439. Script Info: | Not valid after: 2020-08-16T23:59:59
1440. Script Info: | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
1441. Script Info: |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
1442. Script Info: Device type: general purpose|storage-misc|router|media device|WAP|broadband router
1443. Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Netgear RAIDiator 4.X (87%)
1444.  
1445. --------------End Summary --------------
1446. -----------------------------------------
1447.  
1448.  
1449.  
1450. Checking if the hostname ns2.glesp.org.br. given is in fact a domain...
1451.  
1452. Analyzing domain: ns2.glesp.org.br.
1453. Checking NameServers using system default resolver...
1454. IP: 142.4.3.158 (United States)
1455. HostName: ns2.glesp.org.br Type: NS
1456. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
1457. IP: 162.144.126.169 (United States)
1458. HostName: ns1.glesp.org.br Type: NS
1459. HostName: srv.glesp.org.br Type: PTR
1460.  
1461. Checking MailServers using system default resolver...
1462. IP: 142.4.3.158 (United States)
1463. HostName: ns2.glesp.org.br Type: NS
1464. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
1465. HostName: ns2.glesp.org.br Type: MX
1466.  
1467. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1468. No zone transfer found on nameserver 162.144.126.169
1469. No zone transfer found on nameserver 142.4.3.158
1470.  
1471. Checking SPF record...
1472. No SPF record
1473.  
1474. Checking 192 most common hostnames using system default resolver...
1475. IP: 142.4.3.158 (United States)
1476. HostName: ns2.glesp.org.br Type: NS
1477. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
1478. HostName: ns2.glesp.org.br Type: MX
1479. HostName: ftp.ns2.glesp.org.br. Type: A
1480.  
1481. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1482. Checking netblock 162.144.126.0
1483. Checking netblock 142.4.3.0
1484.  
1485. Searching for ns2.glesp.org.br. emails in Google
1486.  
1487. Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1488. Host 162.144.126.169 is up (reset ttl 64)
1489. Host 142.4.3.158 is up (reset ttl 64)
1490.  
1491. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1492. Scanning ip 162.144.126.169 (srv.glesp.org.br (PTR)):
1493. 80/tcp open http syn-ack ttl 47 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1494. | http-methods:
1495. | Supported Methods: GET POST OPTIONS HEAD TRACE
1496. |_ Potentially risky methods: TRACE
1497. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1498. |_http-title: Site doesn't have a title (text/html).
1499. 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1500. |_http-favicon: Unknown favicon MD5: 9C2C777C5D1FA385BA456798B38C2A1D
1501. | http-methods:
1502. |_ Supported Methods: GET HEAD POST OPTIONS
1503. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1504. |_http-title: 400 Bad Request
1505. | ssl-cert: Subject: commonName=glesp.org.br
1506. | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
1507. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1508. | Public Key type: rsa
1509. | Public Key bits: 2048
1510. | Signature Algorithm: sha256WithRSAEncryption
1511. | Not valid before: 2019-09-01T00:00:00
1512. | Not valid after: 2019-11-30T23:59:59
1513. | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
1514. |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
1515. |_ssl-date: TLS randomness does not represent time
1516. | tls-alpn:
1517. |_ http/1.1
1518. Device type: general purpose|storage-misc|broadband router|router|WAP|media device
1519. Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
1520. Scanning ip 142.4.3.158 (ftp.ns2.glesp.org.br.):
1521. 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1522. | http-methods:
1523. | Supported Methods: GET POST OPTIONS HEAD TRACE
1524. |_ Potentially risky methods: TRACE
1525. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1526. |_http-title: Site doesn't have a title (text/html).
1527. 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1528. | http-methods:
1529. | Supported Methods: GET POST OPTIONS HEAD TRACE
1530. |_ Potentially risky methods: TRACE
1531. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1532. |_http-title: Site doesn't have a title (text/html).
1533. | ssl-cert: Subject: commonName=srv.glesp.org.br
1534. | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
1535. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1536. | Public Key type: rsa
1537. | Public Key bits: 2048
1538. | Signature Algorithm: sha256WithRSAEncryption
1539. | Not valid before: 2019-08-17T00:00:00
1540. | Not valid after: 2020-08-16T23:59:59
1541. | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
1542. |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
1543. |_ssl-date: TLS randomness does not represent time
1544. | tls-alpn:
1545. |_ http/1.1
1546. Device type: general purpose|storage-misc|broadband router|router|WAP|media device
1547. Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
1548. WebCrawling domain's web servers... up to 50 max links.
1549.  
1550. + URL to crawl: http://ns1.glesp.org.br
1551. + Date: 2019-09-08
1552.  
1553. + Crawling URL: http://ns1.glesp.org.br:
1554. + Links:
1555. + Crawling http://ns1.glesp.org.br (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1556. + Searching for directories...
1557. + Searching open folders...
1558.  
1559.  
1560. + URL to crawl: https://ns1.glesp.org.br
1561. + Date: 2019-09-08
1562.  
1563. + Crawling URL: https://ns1.glesp.org.br:
1564. + Links:
1565. + Crawling https://ns1.glesp.org.br
1566. + Searching for directories...
1567. + Searching open folders...
1568.  
1569.  
1570. + URL to crawl: http://ns2.glesp.org.br
1571. + Date: 2019-09-08
1572.  
1573. + Crawling URL: http://ns2.glesp.org.br:
1574. + Links:
1575. + Crawling http://ns2.glesp.org.br (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1576. + Searching for directories...
1577. + Searching open folders...
1578.  
1579.  
1580. + URL to crawl: http://ftp.ns2.glesp.org.br.
1581. + Date: 2019-09-08
1582.  
1583. + Crawling URL: http://ftp.ns2.glesp.org.br.:
1584. + Links:
1585. + Crawling http://ftp.ns2.glesp.org.br. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1586. + Searching for directories...
1587. + Searching open folders...
1588.  
1589.  
1590. + URL to crawl: https://ns2.glesp.org.br
1591. + Date: 2019-09-08
1592.  
1593. + Crawling URL: https://ns2.glesp.org.br:
1594. + Links:
1595. + Crawling https://ns2.glesp.org.br
1596. + Searching for directories...
1597. + Searching open folders...
1598.  
1599.  
1600. + URL to crawl: https://ftp.ns2.glesp.org.br.
1601. + Date: 2019-09-08
1602.  
1603. + Crawling URL: https://ftp.ns2.glesp.org.br.:
1604. + Links:
1605. + Crawling https://ftp.ns2.glesp.org.br.
1606. + Searching for directories...
1607. + Searching open folders...
1608.  
1609. --Finished--
1610. Summary information for domain ns2.glesp.org.br.
1611. -----------------------------------------
1612.  
1613. Domain Ips Information:
1614. IP: 162.144.126.169
1615. HostName: ns1.glesp.org.br Type: NS
1616. HostName: srv.glesp.org.br Type: PTR
1617. Country: United States
1618. Is Active: True (reset ttl 64)
1619. Port: 80/tcp open http syn-ack ttl 47 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1620. Script Info: | http-methods:
1621. Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
1622. Script Info: |_ Potentially risky methods: TRACE
1623. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1624. Script Info: |_http-title: Site doesn't have a title (text/html).
1625. Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1626. Script Info: |_http-favicon: Unknown favicon MD5: 9C2C777C5D1FA385BA456798B38C2A1D
1627. Script Info: | http-methods:
1628. Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1629. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1630. Script Info: |_http-title: 400 Bad Request
1631. Script Info: | ssl-cert: Subject: commonName=glesp.org.br
1632. Script Info: | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
1633. Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1634. Script Info: | Public Key type: rsa
1635. Script Info: | Public Key bits: 2048
1636. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1637. Script Info: | Not valid before: 2019-09-01T00:00:00
1638. Script Info: | Not valid after: 2019-11-30T23:59:59
1639. Script Info: | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
1640. Script Info: |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
1641. Script Info: |_ssl-date: TLS randomness does not represent time
1642. Script Info: | tls-alpn:
1643. Script Info: |_ http/1.1
1644. Script Info: Device type: general purpose|storage-misc|broadband router|router|WAP|media device
1645. Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
1646. IP: 142.4.3.158
1647. HostName: ns2.glesp.org.br Type: NS
1648. HostName: 142-4-3-158.unifiedlayer.com Type: PTR
1649. HostName: ns2.glesp.org.br Type: MX
1650. HostName: ftp.ns2.glesp.org.br. Type: A
1651. Country: United States
1652. Is Active: True (reset ttl 64)
1653. Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1654. Script Info: | http-methods:
1655. Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
1656. Script Info: |_ Potentially risky methods: TRACE
1657. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1658. Script Info: |_http-title: Site doesn't have a title (text/html).
1659. Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1660. Script Info: | http-methods:
1661. Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
1662. Script Info: |_ Potentially risky methods: TRACE
1663. Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1664. Script Info: |_http-title: Site doesn't have a title (text/html).
1665. Script Info: | ssl-cert: Subject: commonName=srv.glesp.org.br
1666. Script Info: | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
1667. Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1668. Script Info: | Public Key type: rsa
1669. Script Info: | Public Key bits: 2048
1670. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1671. Script Info: | Not valid before: 2019-08-17T00:00:00
1672. Script Info: | Not valid after: 2020-08-16T23:59:59
1673. Script Info: | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
1674. Script Info: |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
1675. Script Info: |_ssl-date: TLS randomness does not represent time
1676. Script Info: | tls-alpn:
1677. Script Info: |_ http/1.1
1678. Script Info: Device type: general purpose|storage-misc|broadband router|router|WAP|media device
1679. Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
1680. #######################################################################################################################################
1681. dnsenum VERSION:1.2.4
1682.  
1683. ----- www.glesp.org.br -----
1684.  
1685.  
1686. Host's addresses:
1687. __________________
1688.  
1689. glesp.org.br. 11933 IN A 162.144.126.169
1690.  
1691.  
1692. Name Servers:
1693. ______________
1694.  
1695. ns1.glesp.org.br. 12743 IN A 162.144.126.169
1696. ns2.glesp.org.br. 12742 IN A 142.4.3.158
1697.  
1698.  
1699. Mail (MX) Servers:
1700. ___________________
1701.  
1702. mail.glesp.org.br. 12742 IN A 162.144.126.169
1703.  
1704.  
1705. Trying Zone Transfers and getting Bind Versions:
1706. _________________________________________________
1707.  
1708.  
1709. Trying Zone Transfer for www.glesp.org.br on ns1.glesp.org.br ...
1710.  
1711. Trying Zone Transfer for www.glesp.org.br on ns2.glesp.org.br ...
1712.  
1713. brute force file not specified, bay.
1714. ######################################################################################################################################
1715. [*] Found SPF record:
1716. [*] v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all
1717. [*] SPF record contains an All item: ~all
1718. [*] No DMARC record found. Looking for organizational record
1719. [+] No organizational DMARC record
1720. [+] Spoofing possible for www.glesp.org.br!
1721. ######################################################################################################################################
1722. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:18 EDT
1723. Nmap scan report for www.glesp.org.br (162.144.126.169)
1724. Host is up (0.090s latency).
1725. rDNS record for 162.144.126.169: srv.glesp.org.br
1726. Not shown: 478 filtered ports, 3 closed ports
1727. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1728. PORT STATE SERVICE
1729. 80/tcp open http
1730. 443/tcp open https
1731.  
1732. Nmap done: 1 IP address (1 host up) scanned in 11.04 seconds
1733. #######################################################################################################################################
1734. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:18 EDT
1735. Nmap scan report for www.glesp.org.br (162.144.126.169)
1736. Host is up (0.078s latency).
1737. rDNS record for 162.144.126.169: srv.glesp.org.br
1738. Not shown: 2 filtered ports
1739. PORT STATE SERVICE
1740. 53/udp open|filtered domain
1741. 67/udp open|filtered dhcps
1742. 68/udp open|filtered dhcpc
1743. 69/udp open|filtered tftp
1744. 88/udp open|filtered kerberos-sec
1745. 123/udp open|filtered ntp
1746. 139/udp open|filtered netbios-ssn
1747. 161/udp open|filtered snmp
1748. 162/udp open|filtered snmptrap
1749. 389/udp open|filtered ldap
1750. 500/udp open|filtered isakmp
1751. 520/udp open|filtered route
1752. 2049/udp open|filtered nfs
1753.  
1754. Nmap done: 1 IP address (1 host up) scanned in 2.62 seconds
1755. #######################################################################################################################################
1756. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:18 EDT
1757. NSE: Loaded 164 scripts for scanning.
1758. NSE: Script Pre-scanning.
1759. Initiating NSE at 16:18
1760. Completed NSE at 16:18, 0.00s elapsed
1761. Initiating NSE at 16:18
1762. Completed NSE at 16:18, 0.00s elapsed
1763. Initiating Parallel DNS resolution of 1 host. at 16:18
1764. Completed Parallel DNS resolution of 1 host. at 16:18, 0.02s elapsed
1765. Initiating SYN Stealth Scan at 16:18
1766. Scanning www.glesp.org.br (162.144.126.169) [1 port]
1767. Discovered open port 80/tcp on 162.144.126.169
1768. Completed SYN Stealth Scan at 16:18, 0.14s elapsed (1 total ports)
1769. Initiating Service scan at 16:18
1770. Scanning 1 service on www.glesp.org.br (162.144.126.169)
1771. Completed Service scan at 16:18, 15.96s elapsed (1 service on 1 host)
1772. Initiating OS detection (try #1) against www.glesp.org.br (162.144.126.169)
1773. Retrying OS detection (try #2) against www.glesp.org.br (162.144.126.169)
1774. Initiating Traceroute at 16:18
1775. Completed Traceroute at 16:18, 3.04s elapsed
1776. Initiating Parallel DNS resolution of 14 hosts. at 16:18
1777. Completed Parallel DNS resolution of 14 hosts. at 16:18, 0.88s elapsed
1778. NSE: Script scanning 162.144.126.169.
1779. Initiating NSE at 16:18
1780. NSE Timing: About 38.11% done; ETC: 16:20 (0:00:50 remaining)
1781. NSE: [http-wordpress-enum 162.144.126.169:80] got no answers from pipelined queries
1782. Completed NSE at 16:28, 600.66s elapsed
1783. Initiating NSE at 16:28
1784. Completed NSE at 16:29, 8.25s elapsed
1785. Nmap scan report for www.glesp.org.br (162.144.126.169)
1786. Host is up (0.097s latency).
1787. rDNS record for 162.144.126.169: srv.glesp.org.br
1788.  
1789. PORT STATE SERVICE VERSION
1790. 80/tcp open http Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
1791. |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
1792. | http-brute:
1793. |_ Path "/" does not require authentication
1794. |_http-chrono: Request times for /; avg: 24300.11ms; min: 22380.92ms; max: 27421.03ms
1795. |_http-csrf: Couldn't find any CSRF vulnerabilities.
1796. |_http-date: Sun, 08 Sep 2019 20:18:52 GMT; -46s from local time.
1797. |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1798. |_http-dombased-xss: Couldn't find any DOM based XSS.
1799. |_http-errors: Couldn't find any error pages.
1800. |_http-feed: Couldn't find any feeds.
1801. |_http-fetch: Please enter the complete path of the directory to save data in.
1802. | http-headers:
1803. | Date: Sun, 08 Sep 2019 20:18:52 GMT
1804. | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
1805. | Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
1806. | ETag: "a3-580a35a1678c0"
1807. | Accept-Ranges: bytes
1808. | Content-Length: 163
1809. | Connection: close
1810. | Content-Type: text/html
1811. |
1812. |_ (Request type: GET)
1813. |_http-jsonp-detection: Couldn't find any JSONP endpoints.
1814. |_http-mobileversion-checker: No mobile version detected.
1815. |_http-security-headers:
1816. | http-sitemap-generator:
1817. | Directory structure:
1818. | /
1819. | Other: 1
1820. | Longest directory structure:
1821. | Depth: 0
1822. | Dir: /
1823. | Total files found (by extension):
1824. |_ Other: 1
1825. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1826. |_http-title: Site doesn't have a title (text/html).
1827. |_http-traceroute: ERROR: Script execution failed (use -d to debug)
1828. | http-vhosts:
1829. | www2.glesp.org.br : 200
1830. |_126 names had status ERROR
1831. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
1832. |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1833. |_http-xssed: No previously reported XSS vuln.
1834. |_vulscan: ERROR: Script execution failed (use -d to debug)
1835. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1836. Device type: general purpose|WAP|storage-misc|specialized
1837. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Ruckus embedded (91%), Synology DiskStation Manager 5.X (89%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
1838. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:ruckus:zoneflex_r710 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
1839. Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%), Linux 2.6.32 - 3.9 (90%)
1840. No exact OS matches for host (test conditions non-ideal).
1841. Uptime guess: 31.104 days (since Thu Aug 8 13:58:33 2019)
1842. Network Distance: 15 hops
1843. TCP Sequence Prediction: Difficulty=262 (Good luck!)
1844. IP ID Sequence Generation: All zeros
1845.  
1846. TRACEROUTE (using port 80/tcp)
1847. HOP RTT ADDRESS
1848. 1 49.45 ms 10.246.204.1
1849. 2 49.51 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1850. 3 69.81 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
1851. 4 49.51 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
1852. 5 49.53 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
1853. 6 69.84 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
1854. 7 69.83 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
1855. 8 69.86 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
1856. 9 69.88 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
1857. 10 30.00 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
1858. 11 ...
1859. 12 115.03 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
1860. 13 114.96 ms eth3-33-3.prvspn002.net.unifiedlayer.com (162.144.240.159)
1861. 14 115.01 ms po99.prv-leaf6b.net.unifiedlayer.com (162.144.240.23)
1862. 15 94.37 ms srv.glesp.org.br (162.144.126.169)
1863.  
1864. NSE: Script Post-scanning.
1865. Initiating NSE at 16:29
1866. Completed NSE at 16:29, 0.00s elapsed
1867. Initiating NSE at 16:29
1868. Completed NSE at 16:29, 0.00s elapsed
1869. Read data files from: /usr/bin/../share/nmap
1870. #######################################################################################################################################
1871. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:53 EDT
1872. Nmap scan report for srv.glesp.org.br (162.144.126.169)
1873. Host is up (0.13s latency).
1874. Not shown: 473 closed ports
1875. PORT STATE SERVICE
1876. 21/tcp open ftp
1877. 53/tcp open domain
1878. 80/tcp open http
1879. 110/tcp open pop3
1880. 143/tcp open imap
1881. 443/tcp open https
1882. 465/tcp open smtps
1883. 587/tcp open submission
1884. 993/tcp open imaps
1885. 995/tcp open pop3s
1886.  
1887. Nmap done: 1 IP address (1 host up) scanned in 1.98 seconds
1888. ######################################################################################################################################
1889. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:53 EDT
1890. Nmap scan report for srv.glesp.org.br (162.144.126.169)
1891. Host is up (0.075s latency).
1892. Not shown: 2 filtered ports
1893. PORT STATE SERVICE
1894. 53/udp open domain
1895. 67/udp open|filtered dhcps
1896. 68/udp open|filtered dhcpc
1897. 69/udp open|filtered tftp
1898. 88/udp open|filtered kerberos-sec
1899. 123/udp open|filtered ntp
1900. 139/udp open|filtered netbios-ssn
1901. 161/udp open|filtered snmp
1902. 162/udp open|filtered snmptrap
1903. 389/udp open|filtered ldap
1904. 500/udp open|filtered isakmp
1905. 520/udp open|filtered route
1906. 2049/udp open|filtered nfs
1907.  
1908. Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds
1909. #######################################################################################################################################
1910. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:53 EDT
1911. NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1912. NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1913. NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
1914. Nmap scan report for srv.glesp.org.br (162.144.126.169)
1915. Host is up (0.089s latency).
1916.  
1917. PORT STATE SERVICE VERSION
1918. 21/tcp open ftp Pure-FTPd
1919. | ftp-brute:
1920. | Accounts: No valid accounts found
1921. |_ Statistics: Performed 3627 guesses in 185 seconds, average tps: 19.8
1922. |_vulscan: ERROR: Script execution failed (use -d to debug)
1923. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1924. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 2.6.32 - 3.1 (93%), Linux 3.11 (93%), Linux 3.5 (93%), Linux 3.8 (93%), Linux 3.2 (93%), Linux 3.1 (92%)
1925. No exact OS matches for host (test conditions non-ideal).
1926. Network Distance: 15 hops
1927.  
1928. TRACEROUTE (using port 21/tcp)
1929. HOP RTT ADDRESS
1930. 1 281.68 ms 10.246.204.1
1931. 2 281.70 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1932. 3 281.67 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
1933. 4 281.67 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
1934. 5 255.74 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
1935. 6 281.73 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
1936. 7 281.75 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
1937. 8 281.76 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
1938. 9 281.77 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
1939. 10 281.83 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
1940. 11 ...
1941. 12 122.33 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
1942. 13 122.38 ms eth4-33-3.prvspn001.net.unifiedlayer.com (162.144.240.145)
1943. 14 122.32 ms po99.prv-leaf6a.net.unifiedlayer.com (162.144.240.15)
1944. 15 122.33 ms srv.glesp.org.br (162.144.126.169)
1945. #######################################################################################################################################
1946. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:57 EDT
1947. Nmap scan report for srv.glesp.org.br (162.144.126.169)
1948. Host is up (0.099s latency).
1949.  
1950. PORT STATE SERVICE VERSION
1951. 53/tcp open domain ISC BIND
1952. |_dns-fuzz: Server didn't response to our probe, can't fuzz
1953. | dns-nsec-enum:
1954. |_ No NSEC records found
1955. | dns-nsec3-enum:
1956. |_ DNSSEC NSEC3 not supported
1957. |_vulscan: ERROR: Script execution failed (use -d to debug)
1958. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1959. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 3.8 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 2.6.32 - 3.1 (93%), Linux 3.11 (93%), Linux 3.5 (93%), Linux 3.2 (93%), Linux 3.1 (92%)
1960. No exact OS matches for host (test conditions non-ideal).
1961. Network Distance: 15 hops
1962.  
1963. Host script results:
1964. | dns-brute:
1965. | DNS Brute-force hostnames:
1966. | info.glesp.org.br - 191.252.94.255
1967. | ns1.glesp.org.br - 162.144.126.169
1968. | ns2.glesp.org.br - 142.4.3.158
1969. | www.glesp.org.br - 162.144.126.169
1970. | ftp.glesp.org.br - 162.144.126.169
1971. |_ mail.glesp.org.br - 162.144.126.169
1972.  
1973. TRACEROUTE (using port 53/tcp)
1974. HOP RTT ADDRESS
1975. 1 92.39 ms 10.246.204.1
1976. 2 92.48 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1977. 3 92.50 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
1978. 4 92.48 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
1979. 5 92.47 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
1980. 6 92.57 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
1981. 7 92.62 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
1982. 8 92.61 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
1983. 9 92.58 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
1984. 10 29.25 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
1985. 11 ...
1986. 12 101.25 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
1987. 13 101.26 ms eth3-33-4.prvspn002.net.unifiedlayer.com (162.144.240.167)
1988. 14 101.24 ms po97.prv-leaf6a.net.unifiedlayer.com (162.144.240.11)
1989. 15 80.92 ms srv.glesp.org.br (162.144.126.169)
1990. #######################################################################################################################################
1991. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:58 EDT
1992. NSE: Loaded 164 scripts for scanning.
1993. NSE: Script Pre-scanning.
1994. Initiating NSE at 15:58
1995. Completed NSE at 15:58, 0.00s elapsed
1996. Initiating NSE at 15:58
1997. Completed NSE at 15:58, 0.00s elapsed
1998. Initiating Parallel DNS resolution of 1 host. at 15:58
1999. Completed Parallel DNS resolution of 1 host. at 15:58, 0.02s elapsed
2000. Initiating SYN Stealth Scan at 15:58
2001. Scanning srv.glesp.org.br (162.144.126.169) [1 port]
2002. Discovered open port 80/tcp on 162.144.126.169
2003. Completed SYN Stealth Scan at 15:58, 0.11s elapsed (1 total ports)
2004. Initiating Service scan at 15:58
2005. Scanning 1 service on srv.glesp.org.br (162.144.126.169)
2006. Completed Service scan at 15:58, 6.19s elapsed (1 service on 1 host)
2007. Initiating OS detection (try #1) against srv.glesp.org.br (162.144.126.169)
2008. Retrying OS detection (try #2) against srv.glesp.org.br (162.144.126.169)
2009. Initiating Traceroute at 15:58
2010. Completed Traceroute at 15:58, 3.05s elapsed
2011. Initiating Parallel DNS resolution of 14 hosts. at 15:58
2012. Completed Parallel DNS resolution of 14 hosts. at 15:58, 0.30s elapsed
2013. NSE: Script scanning 162.144.126.169.
2014. Initiating NSE at 15:58
2015. Completed NSE at 15:58, 42.12s elapsed
2016. Initiating NSE at 15:58
2017. Completed NSE at 15:58, 0.61s elapsed
2018. Nmap scan report for srv.glesp.org.br (162.144.126.169)
2019. Host is up (0.097s latency).
2020.  
2021. PORT STATE SERVICE VERSION
2022. 80/tcp open http Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
2023. | http-brute:
2024. |_ Path "/" does not require authentication
2025. |_http-chrono: Request times for /; avg: 381.73ms; min: 229.19ms; max: 638.98ms
2026. |_http-csrf: Couldn't find any CSRF vulnerabilities.
2027. |_http-date: Sun, 08 Sep 2019 19:58:17 GMT; -2s from local time.
2028. |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2029. |_http-dombased-xss: Couldn't find any DOM based XSS.
2030. |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2031. |_http-errors: Couldn't find any error pages.
2032. |_http-feed: Couldn't find any feeds.
2033. |_http-fetch: Please enter the complete path of the directory to save data in.
2034. | http-headers:
2035. | Date: Sun, 08 Sep 2019 19:58:26 GMT
2036. | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2037. | Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
2038. | ETag: "a3-580a35a1678c0"
2039. | Accept-Ranges: bytes
2040. | Content-Length: 163
2041. | Connection: close
2042. | Content-Type: text/html
2043. |
2044. |_ (Request type: HEAD)
2045. |_http-jsonp-detection: Couldn't find any JSONP endpoints.
2046. |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
2047. | http-methods:
2048. | Supported Methods: GET POST OPTIONS HEAD TRACE
2049. |_ Potentially risky methods: TRACE
2050. |_http-mobileversion-checker: No mobile version detected.
2051. | http-php-version: Logo query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
2052. |_Credits query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
2053. |_http-security-headers:
2054. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2055. | http-sitemap-generator:
2056. | Directory structure:
2057. | /
2058. | Other: 1
2059. | Longest directory structure:
2060. | Depth: 0
2061. | Dir: /
2062. | Total files found (by extension):
2063. |_ Other: 1
2064. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2065. |_http-title: Site doesn't have a title (text/html).
2066. | http-trace: TRACE is enabled
2067. | Headers:
2068. | Date: Sun, 08 Sep 2019 19:58:20 GMT
2069. | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2070. | Connection: close
2071. | Transfer-Encoding: chunked
2072. |_Content-Type: message/http
2073. |_http-userdir-enum: Potential Users: root
2074. | http-vhosts:
2075. | 125 names had status 200
2076. | mail.glesp.org.br : 301 -> https://www.glesp.org.br/
2077. |_www.glesp.org.br : 301 -> https://www.glesp.org.br/
2078. |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2079. |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2080. |_http-xssed: No previously reported XSS vuln.
2081. |_vulscan: ERROR: Script execution failed (use -d to debug)
2082. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2083. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 3.8 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 2.6.32 - 3.1 (93%), Linux 3.11 (93%), Linux 3.5 (93%), Linux 3.2 (93%), Linux 3.1 (92%)
2084. No exact OS matches for host (test conditions non-ideal).
2085. Uptime guess: 31.084 days (since Thu Aug 8 13:58:33 2019)
2086. Network Distance: 15 hops
2087. TCP Sequence Prediction: Difficulty=261 (Good luck!)
2088. IP ID Sequence Generation: All zeros
2089.  
2090. TRACEROUTE (using port 80/tcp)
2091. HOP RTT ADDRESS
2092. 1 93.07 ms 10.246.204.1
2093. 2 93.14 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2094. 3 93.20 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
2095. 4 93.13 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
2096. 5 93.15 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
2097. 6 93.19 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
2098. 7 93.22 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
2099. 8 93.22 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
2100. 9 93.20 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
2101. 10 29.70 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
2102. 11 ...
2103. 12 102.26 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
2104. 13 102.19 ms eth4-33-4.prvspn002.net.unifiedlayer.com (162.144.240.169)
2105. 14 102.27 ms po97.prv-leaf6a.net.unifiedlayer.com (162.144.240.11)
2106. 15 102.20 ms srv.glesp.org.br (162.144.126.169)
2107.  
2108. NSE: Script Post-scanning.
2109. Initiating NSE at 15:58
2110. Completed NSE at 15:58, 0.00s elapsed
2111. Initiating NSE at 15:58
2112. Completed NSE at 15:58, 0.00s elapsed
2113. #######################################################################################################################################
2114. http://162.144.126.169 [200 OK] Apache[2.4.41][mod_bwlimited/1.4], Country[UNITED STATES][US], HTTPServer[Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4], IP[162.144.126.169], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], OpenSSL[1.0.2s]
2115. http://162.144.126.169/cgi-sys/defaultwebpage.cgi [200 OK] Apache[2.4.41][mod_bwlimited/1.4], Country[UNITED STATES][US], Email[webmaster@162.144.126.169], HTML5, HTTPServer[Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4], IP[162.144.126.169], OpenSSL[1.0.2s], Title[Default Web Site Page]
2116. #######################################################################################################################################
2117.  
2118. wig - WebApp Information Gatherer
2119.  
2120.  
2121. Scanning http://162.144.126.169...
2122. _________________ SITE INFO __________________
2123. IP Title
2124. 162.144.126.169
2125.  
2126. __________________ VERSION ___________________
2127. Name Versions Type
2128. Apache 2.4.41 Platform
2129. mod_bwlimited 1.4 Platform
2130. openssl 1.0.2s Platform
2131.  
2132. ______________________________________________
2133. Time: 18.3 sec Urls: 601 Fingerprints: 40401
2134. #######################################################################################################################################
2135. HTTP/1.1 200 OK
2136. Date: Sun, 08 Sep 2019 19:59:28 GMT
2137. Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2138. Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
2139. ETag: "a3-580a35a1678c0"
2140. Accept-Ranges: bytes
2141. Content-Length: 163
2142. Content-Type: text/html
2143.  
2144. HTTP/1.1 200 OK
2145. Date: Sun, 08 Sep 2019 19:59:28 GMT
2146. Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2147. Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
2148. ETag: "a3-580a35a1678c0"
2149. Accept-Ranges: bytes
2150. Content-Length: 163
2151. Content-Type: text/html
2152.  
2153. Allow: GET,POST,OPTIONS,HEAD,TRACE
2154. #######################################################################################################################################
2155. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:59 EDT
2156. Nmap scan report for srv.glesp.org.br (162.144.126.169)
2157. Host is up (0.11s latency).
2158.  
2159. PORT STATE SERVICE VERSION
2160. 110/tcp open pop3 Dovecot pop3d
2161. | pop3-brute:
2162. | Accounts: No valid accounts found
2163. | Statistics: Performed 57 guesses in 54 seconds, average tps: 1.0
2164. |_ ERROR: Failed to connect.
2165. |_pop3-capabilities: RESP-CODES STLS PIPELINING UIDL CAPA TOP AUTH-RESP-CODE SASL(PLAIN LOGIN) USER
2166. |_vulscan: ERROR: Script execution failed (use -d to debug)
2167. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2168. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.1 (94%), Linux 3.8 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 3.11 (93%), Linux 3.5 (93%), Linux 3.2 (93%), Linux 3.1 (92%)
2169. No exact OS matches for host (test conditions non-ideal).
2170. Network Distance: 15 hops
2171.  
2172. TRACEROUTE (using port 110/tcp)
2173. HOP RTT ADDRESS
2174. 1 92.41 ms 10.246.204.1
2175. 2 92.49 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2176. 3 92.53 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
2177. 4 92.50 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
2178. 5 92.54 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
2179. 6 92.62 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
2180. 7 92.65 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
2181. 8 92.68 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
2182. 9 92.64 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
2183. 10 28.05 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
2184. 11 ...
2185. 12 79.53 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
2186. 13 100.64 ms eth3-33-4.prvspn002.net.unifiedlayer.com (162.144.240.167)
2187. 14 100.66 ms po99.prv-leaf6b.net.unifiedlayer.com (162.144.240.23)
2188. 15 100.81 ms srv.glesp.org.br (162.144.126.169)
2189. #######################################################################################################################################
2190. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:00 EDT
2191. NSE: Loaded 164 scripts for scanning.
2192. NSE: Script Pre-scanning.
2193. Initiating NSE at 16:00
2194. Completed NSE at 16:00, 0.00s elapsed
2195. Initiating NSE at 16:00
2196. Completed NSE at 16:00, 0.00s elapsed
2197. Initiating Parallel DNS resolution of 1 host. at 16:00
2198. Completed Parallel DNS resolution of 1 host. at 16:00, 0.03s elapsed
2199. Initiating SYN Stealth Scan at 16:00
2200. Scanning srv.glesp.org.br (162.144.126.169) [1 port]
2201. Discovered open port 443/tcp on 162.144.126.169
2202. Completed SYN Stealth Scan at 16:00, 0.16s elapsed (1 total ports)
2203. Initiating Service scan at 16:00
2204. Scanning 1 service on srv.glesp.org.br (162.144.126.169)
2205. Completed Service scan at 16:01, 41.46s elapsed (1 service on 1 host)
2206. Initiating OS detection (try #1) against srv.glesp.org.br (162.144.126.169)
2207. Retrying OS detection (try #2) against srv.glesp.org.br (162.144.126.169)
2208. Initiating Traceroute at 16:01
2209. Completed Traceroute at 16:01, 3.04s elapsed
2210. Initiating Parallel DNS resolution of 14 hosts. at 16:01
2211. Completed Parallel DNS resolution of 14 hosts. at 16:01, 0.18s elapsed
2212. NSE: Script scanning 162.144.126.169.
2213. Initiating NSE at 16:01
2214. Completed NSE at 16:02, 69.51s elapsed
2215. Initiating NSE at 16:02
2216. Completed NSE at 16:02, 9.95s elapsed
2217. Nmap scan report for srv.glesp.org.br (162.144.126.169)
2218. Host is up (0.10s latency).
2219.  
2220. PORT STATE SERVICE VERSION
2221. 443/tcp open ssl/ssl Apache httpd (SSL-only mode)
2222. | http-brute:
2223. |_ Path "/" does not require authentication
2224. |_http-chrono: Request times for /; avg: 629.26ms; min: 560.35ms; max: 700.48ms
2225. |_http-csrf: Couldn't find any CSRF vulnerabilities.
2226. |_http-date: Sun, 08 Sep 2019 20:01:26 GMT; -2s from local time.
2227. |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2228. |_http-dombased-xss: Couldn't find any DOM based XSS.
2229. |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2230. |_http-errors: Couldn't find any error pages.
2231. |_http-feed: Couldn't find any feeds.
2232. |_http-fetch: Please enter the complete path of the directory to save data in.
2233. | http-headers:
2234. | Date: Sun, 08 Sep 2019 20:02:10 GMT
2235. | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2236. | Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
2237. | ETag: "a3-580a35a1678c0"
2238. | Accept-Ranges: bytes
2239. | Content-Length: 163
2240. | Connection: close
2241. | Content-Type: text/html
2242. |
2243. |_ (Request type: HEAD)
2244. |_http-jsonp-detection: Couldn't find any JSONP endpoints.
2245. |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
2246. | http-methods:
2247. | Supported Methods: GET POST OPTIONS HEAD TRACE
2248. |_ Potentially risky methods: TRACE
2249. |_http-mobileversion-checker: No mobile version detected.
2250. | http-security-headers:
2251. | Strict_Transport_Security:
2252. |_ HSTS not configured in HTTPS Server
2253. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2254. | http-sitemap-generator:
2255. | Directory structure:
2256. | /
2257. | Other: 1
2258. | Longest directory structure:
2259. | Depth: 0
2260. | Dir: /
2261. | Total files found (by extension):
2262. |_ Other: 1
2263. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2264. |_http-title: Site doesn't have a title (text/html).
2265. | http-trace: TRACE is enabled
2266. | Headers:
2267. | Date: Sun, 08 Sep 2019 20:02:02 GMT
2268. | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2269. | Connection: close
2270. | Transfer-Encoding: chunked
2271. |_Content-Type: message/http
2272. |_http-userdir-enum: Potential Users: root
2273. | http-vhosts:
2274. |_127 names had status 400
2275. |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2276. |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2277. |_http-xssed: No previously reported XSS vuln.
2278. |_vulscan: ERROR: Script execution failed (use -d to debug)
2279. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2280. Device type: general purpose|WAP|storage-misc|specialized
2281. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Ruckus embedded (91%), Synology DiskStation Manager 5.X (89%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
2282. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:ruckus:zoneflex_r710 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
2283. Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.5 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%)
2284. No exact OS matches for host (test conditions non-ideal).
2285. Uptime guess: 31.086 days (since Thu Aug 8 13:58:33 2019)
2286. Network Distance: 15 hops
2287. TCP Sequence Prediction: Difficulty=258 (Good luck!)
2288. IP ID Sequence Generation: All zeros
2289.  
2290. TRACEROUTE (using port 443/tcp)
2291. HOP RTT ADDRESS
2292. 1 49.30 ms 10.246.204.1
2293. 2 49.38 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2294. 3 49.40 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
2295. 4 49.38 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
2296. 5 49.37 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
2297. 6 69.49 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
2298. 7 69.48 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
2299. 8 69.50 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
2300. 9 69.46 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
2301. 10 28.91 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
2302. 11 ...
2303. 12 125.28 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
2304. 13 193.07 ms eth4-33-4.prvspn001.net.unifiedlayer.com (162.144.240.153)
2305. 14 193.07 ms po99.prv-leaf6b.net.unifiedlayer.com (162.144.240.23)
2306. 15 96.02 ms srv.glesp.org.br (162.144.126.169)
2307.  
2308. NSE: Script Post-scanning.
2309. Initiating NSE at 16:02
2310. Completed NSE at 16:02, 0.00s elapsed
2311. Initiating NSE at 16:02
2312. Completed NSE at 16:02, 0.00s elapsed
2313. ######################################################################################################################################
2314. Version: 1.11.13-static
2315. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2316.  
2317. Connected to 162.144.126.169
2318.  
2319. Testing SSL server 162.144.126.169 on port 443 using SNI name 162.144.126.169
2320.  
2321. TLS Fallback SCSV:
2322. Server supports TLS Fallback SCSV
2323.  
2324. TLS renegotiation:
2325. Secure session renegotiation supported
2326.  
2327. TLS Compression:
2328. Compression disabled
2329.  
2330. Heartbleed:
2331. TLS 1.2 not vulnerable to heartbleed
2332. TLS 1.1 not vulnerable to heartbleed
2333. TLS 1.0 not vulnerable to heartbleed
2334.  
2335. Supported Server Cipher(s):
2336. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2337. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2338. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2339. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
2340. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
2341. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2342. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2343. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2344. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
2345. Accepted TLSv1.1 256 bits AES256-SHA
2346. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
2347. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2348. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2349. Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
2350. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
2351. Accepted TLSv1.1 128 bits AES128-SHA
2352. Accepted TLSv1.1 128 bits SEED-SHA
2353. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
2354. Accepted TLSv1.1 128 bits IDEA-CBC-SHA
2355. Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
2356. Accepted TLSv1.1 128 bits RC4-SHA
2357. Accepted TLSv1.1 128 bits RC4-MD5
2358. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2359. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2360. Accepted TLSv1.1 112 bits DES-CBC3-SHA
2361. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2362.  
2363. SSL Certificate:
2364. Signature Algorithm: sha256WithRSAEncryption
2365. RSA Key Strength: 2048
2366.  
2367. Subject: glesp.org.br
2368. Altnames: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
2369. Issuer: cPanel, Inc. Certification Authority
2370.  
2371. Not valid before: Sep 1 00:00:00 2019 GMT
2372. Not valid after: Nov 30 23:59:59 2019 GMT
2373. #######################################################################################################################################
2374. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:09 EDT
2375. NSE: Loaded 47 scripts for scanning.
2376. NSE: Script Pre-scanning.
2377. Initiating NSE at 16:09
2378. Completed NSE at 16:09, 0.00s elapsed
2379. Initiating NSE at 16:09
2380. Completed NSE at 16:09, 0.00s elapsed
2381. Initiating Ping Scan at 16:09
2382. Scanning 162.144.126.169 [4 ports]
2383. Completed Ping Scan at 16:09, 0.14s elapsed (1 total hosts)
2384. Initiating Parallel DNS resolution of 1 host. at 16:09
2385. Completed Parallel DNS resolution of 1 host. at 16:09, 0.02s elapsed
2386. Initiating SYN Stealth Scan at 16:09
2387. Scanning srv.glesp.org.br (162.144.126.169) [65535 ports]
2388. Discovered open port 443/tcp on 162.144.126.169
2389. Discovered open port 80/tcp on 162.144.126.169
2390. SYN Stealth Scan Timing: About 1.67% done; ETC: 16:39 (0:30:21 remaining)
2391. SYN Stealth Scan Timing: About 4.17% done; ETC: 16:33 (0:23:20 remaining)
2392. SYN Stealth Scan Timing: About 6.91% done; ETC: 16:31 (0:20:39 remaining)
2393. SYN Stealth Scan Timing: About 7.65% done; ETC: 16:35 (0:24:33 remaining)
2394. SYN Stealth Scan Timing: About 15.18% done; ETC: 16:25 (0:14:09 remaining)
2395. SYN Stealth Scan Timing: About 19.65% done; ETC: 16:24 (0:12:24 remaining)
2396. SYN Stealth Scan Timing: About 28.20% done; ETC: 16:21 (0:09:00 remaining)
2397. SYN Stealth Scan Timing: About 36.12% done; ETC: 16:20 (0:07:08 remaining)
2398. SYN Stealth Scan Timing: About 63.60% done; ETC: 16:16 (0:02:36 remaining)
2399. Completed SYN Stealth Scan at 16:14, 340.32s elapsed (65535 total ports)
2400. Initiating Service scan at 16:14
2401. Scanning 2 services on srv.glesp.org.br (162.144.126.169)
2402. Completed Service scan at 16:15, 28.33s elapsed (2 services on 1 host)
2403. Initiating OS detection (try #1) against srv.glesp.org.br (162.144.126.169)
2404. Retrying OS detection (try #2) against srv.glesp.org.br (162.144.126.169)
2405. Initiating Traceroute at 16:15
2406. Completed Traceroute at 16:15, 0.29s elapsed
2407. Initiating Parallel DNS resolution of 2 hosts. at 16:15
2408. Completed Parallel DNS resolution of 2 hosts. at 16:15, 0.00s elapsed
2409. NSE: Script scanning 162.144.126.169.
2410. Initiating NSE at 16:15
2411. Completed NSE at 16:15, 26.81s elapsed
2412. Initiating NSE at 16:15
2413. Completed NSE at 16:15, 7.97s elapsed
2414. Nmap scan report for srv.glesp.org.br (162.144.126.169)
2415. Host is up (0.22s latency).
2416. Not shown: 65530 filtered ports
2417. PORT STATE SERVICE VERSION
2418. 25/tcp closed smtp
2419. 80/tcp open http Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
2420. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2421. |_vulscan: ERROR: Script execution failed (use -d to debug)
2422. 139/tcp closed netbios-ssn
2423. 443/tcp open ssl/https Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2424. |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2425. 445/tcp closed microsoft-ds
2426. Device type: general purpose|storage-misc|broadband router|router|media device|WAP
2427. Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%)
2428. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9
2429. Aggressive OS guesses: Linux 2.6.32 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.1 (92%), Linux 2.6.32 - 2.6.39 (91%), Linux 2.6.39 (91%), Linux 3.10 (91%), Linux 3.2 (91%), HP P2000 G3 NAS device (90%), Linux 3.8 (90%), Linux 2.6.32 - 3.10 (89%)
2430. No exact OS matches for host (test conditions non-ideal).
2431. Uptime guess: 31.095 days (since Thu Aug 8 13:58:33 2019)
2432. Network Distance: 2 hops
2433. TCP Sequence Prediction: Difficulty=261 (Good luck!)
2434. IP ID Sequence Generation: All zeros
2435.  
2436. TRACEROUTE (using port 445/tcp)
2437. HOP RTT ADDRESS
2438. 1 290.84 ms 10.246.204.1
2439. 2 290.83 ms srv.glesp.org.br (162.144.126.169)
2440.  
2441. NSE: Script Post-scanning.
2442. Initiating NSE at 16:15
2443. Completed NSE at 16:15, 0.00s elapsed
2444. Initiating NSE at 16:15
2445. Completed NSE at 16:15, 0.00s elapsed
2446. #######################################################################################################################################
2447. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:15 EDT
2448. NSE: Loaded 47 scripts for scanning.
2449. NSE: Script Pre-scanning.
2450. Initiating NSE at 16:15
2451. Completed NSE at 16:15, 0.00s elapsed
2452. Initiating NSE at 16:15
2453. Completed NSE at 16:15, 0.00s elapsed
2454. Initiating Parallel DNS resolution of 1 host. at 16:15
2455. Completed Parallel DNS resolution of 1 host. at 16:15, 0.02s elapsed
2456. Initiating UDP Scan at 16:15
2457. Scanning srv.glesp.org.br (162.144.126.169) [15 ports]
2458. Completed UDP Scan at 16:15, 1.61s elapsed (15 total ports)
2459. Initiating Service scan at 16:15
2460. Scanning 13 services on srv.glesp.org.br (162.144.126.169)
2461. Service scan Timing: About 7.69% done; ETC: 16:37 (0:19:36 remaining)
2462. Completed Service scan at 16:17, 102.58s elapsed (13 services on 1 host)
2463. Initiating OS detection (try #1) against srv.glesp.org.br (162.144.126.169)
2464. Retrying OS detection (try #2) against srv.glesp.org.br (162.144.126.169)
2465. Initiating Traceroute at 16:17
2466. Completed Traceroute at 16:17, 7.28s elapsed
2467. Initiating Parallel DNS resolution of 1 host. at 16:17
2468. Completed Parallel DNS resolution of 1 host. at 16:17, 0.00s elapsed
2469. NSE: Script scanning 162.144.126.169.
2470. Initiating NSE at 16:17
2471. Completed NSE at 16:17, 7.14s elapsed
2472. Initiating NSE at 16:17
2473. Completed NSE at 16:17, 1.01s elapsed
2474. Nmap scan report for srv.glesp.org.br (162.144.126.169)
2475. Host is up (0.028s latency).
2476.  
2477. PORT STATE SERVICE VERSION
2478. 53/udp open|filtered domain
2479. 67/udp open|filtered dhcps
2480. 68/udp open|filtered dhcpc
2481. 69/udp open|filtered tftp
2482. 88/udp open|filtered kerberos-sec
2483. 123/udp open|filtered ntp
2484. 137/udp filtered netbios-ns
2485. 138/udp filtered netbios-dgm
2486. 139/udp open|filtered netbios-ssn
2487. 161/udp open|filtered snmp
2488. 162/udp open|filtered snmptrap
2489. 389/udp open|filtered ldap
2490. 500/udp open|filtered isakmp
2491. |_ike-version: ERROR: Script execution failed (use -d to debug)
2492. 520/udp open|filtered route
2493. 2049/udp open|filtered nfs
2494. Too many fingerprints match this host to give specific OS details
2495.  
2496. TRACEROUTE (using port 138/udp)
2497. HOP RTT ADDRESS
2498. 1 ... 4
2499. 5 199.59 ms 10.246.204.1
2500. 6 199.59 ms 10.246.204.1
2501. 7 199.60 ms 10.246.204.1
2502. 8 199.61 ms 10.246.204.1
2503. 9 199.60 ms 10.246.204.1
2504. 10 179.68 ms 10.246.204.1
2505. 11 21.47 ms 10.246.204.1
2506. 12 28.41 ms 10.246.204.1
2507. 13 ... 22
2508. 23 20.18 ms 10.246.204.1
2509. 24 49.76 ms 10.246.204.1
2510. 25 ...
2511. 26 21.64 ms 10.246.204.1
2512. 27 ...
2513. 28 21.31 ms 10.246.204.1
2514. 29 ...
2515. 30 21.32 ms 10.246.204.1
2516.  
2517. NSE: Script Post-scanning.
2518. Initiating NSE at 16:17
2519. Completed NSE at 16:17, 0.00s elapsed
2520. Initiating NSE at 16:17
2521. Completed NSE at 16:17, 0.00s elapsed
2522. Read data files from: /usr/bin/../share/nmap
2523. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2524. Nmap done: 1 IP address (1 host up) scanned in 122.83 seconds
2525. Raw packets sent: 151 (10.460KB) | Rcvd: 78 (7.948KB)
2526. #######################################################################################################################################
2527. Hosts
2528. =====
2529.  
2530. address mac name os_name os_flavor os_sp purpose info comments
2531. ------- --- ---- ------- --------- ----- ------- ---- --------
2532. 162.144.126.169 srv.glesp.org.br Linux 2.6.X server
2533.  
2534. Services
2535. ========
2536.  
2537. host port proto name state info
2538. ---- ---- ----- ---- ----- ----
2539. 162.144.126.169 25 tcp smtp closed
2540. 162.144.126.169 53 udp domain open
2541. 162.144.126.169 67 udp dhcps unknown
2542. 162.144.126.169 68 udp dhcpc unknown
2543. 162.144.126.169 69 udp tftp unknown
2544. 162.144.126.169 80 tcp http open Apache httpd 2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2545. 162.144.126.169 88 udp kerberos-sec unknown
2546. 162.144.126.169 123 udp ntp unknown
2547. 162.144.126.169 137 udp netbios-ns filtered
2548. 162.144.126.169 138 udp netbios-dgm filtered
2549. 162.144.126.169 139 tcp netbios-ssn closed
2550. 162.144.126.169 139 udp netbios-ssn unknown
2551. 162.144.126.169 161 udp snmp unknown
2552. 162.144.126.169 162 udp snmptrap unknown
2553. 162.144.126.169 389 udp ldap unknown
2554. 162.144.126.169 443 tcp ssl/https open Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2555. 162.144.126.169 445 tcp microsoft-ds closed
2556. 162.144.126.169 500 udp isakmp unknown
2557. 162.144.126.169 520 udp route unknown
2558. 162.144.126.169 2049 udp nfs unknown
2559. #######################################################################################################################################
2560. [+] URL: https://www.glesp.org.br/
2561. [+] Started: Sun Sep 8 15:29:03 2019
2562.  
2563. Interesting Finding(s):
2564.  
2565. [+] https://www.glesp.org.br/
2566. | Interesting Entries:
2567. | - Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2568. | - X-Powered-By: W3 Total Cache/0.9.7.5
2569. | Found By: Headers (Passive Detection)
2570. | Confidence: 100%
2571.  
2572. [+] https://www.glesp.org.br/xmlrpc.php
2573. | Found By: Direct Access (Aggressive Detection)
2574. | Confidence: 100%
2575. | References:
2576. | - http://codex.wordpress.org/XML-RPC_Pingback_API
2577. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2578. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2579. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2580. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2581.  
2582. [+] https://www.glesp.org.br/readme.html
2583. | Found By: Direct Access (Aggressive Detection)
2584. | Confidence: 100%
2585.  
2586. [+] This site has 'Must Use Plugins': https://www.glesp.org.br/wp-content/mu-plugins/
2587. | Found By: Direct Access (Aggressive Detection)
2588. | Confidence: 80%
2589. | Reference: http://codex.wordpress.org/Must_Use_Plugins
2590.  
2591. [+] https://www.glesp.org.br/wp-cron.php
2592. | Found By: Direct Access (Aggressive Detection)
2593. | Confidence: 60%
2594. | References:
2595. | - https://www.iplocation.net/defend-wordpress-from-ddos
2596. | - https://github.com/wpscanteam/wpscan/issues/1299
2597.  
2598. [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
2599. | Detected By: Query Parameter In Install Page (Aggressive Detection)
2600. | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
2601. | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
2602. | - https://www.glesp.org.br/wp-includes/css/dashicons.min.css?ver=5.2.2
2603. | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection)
2604. | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
2605. | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
2606.  
2607. [i] The main theme could not be detected.
2608.  
2609. [+] Enumerating All Plugins (via Passive Methods)
2610. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
2611.  
2612. [i] Plugin(s) Identified:
2613.  
2614. [+] nextcellent-gallery-nextgen-legacy
2615. | Location: https://www.glesp.org.br/wp-content/plugins/nextcellent-gallery-nextgen-legacy/
2616. | Latest Version: 1.9.35 (up to date)
2617. | Last Updated: 2017-10-16T09:19:00.000Z
2618. |
2619. | Detected By: Comment (Passive Detection)
2620. |
2621. | Version: 3.2.10 (60% confidence)
2622. | Detected By: Comment (Passive Detection)
2623. | - https://www.glesp.org.br/, Match: '<meta name="NextGEN" version="3.2.10"'
2624.  
2625. [+] nextgen-gallery
2626. | Location: https://www.glesp.org.br/wp-content/plugins/nextgen-gallery/
2627. | Last Updated: 2019-08-28T00:11:00.000Z
2628. | [!] The version is out of date, the latest version is 3.2.11
2629. |
2630. | Detected By: Comment (Passive Detection)
2631. |
2632. | [!] 1 vulnerability identified:
2633. |
2634. | [!] Title: Nextgen Gallery < 3.2.11 - SQL Injection
2635. | Fixed in: 3.2.11
2636. | References:
2637. | - https://wpvulndb.com/vulnerabilities/9816
2638. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14314
2639. | - https://fortiguard.com/zeroday/FG-VD-19-099
2640. | - https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
2641. |
2642. | Version: 3.2.10 (100% confidence)
2643. | Detected By: Comment (Passive Detection)
2644. | - https://www.glesp.org.br/, Match: '<meta name="NextGEN" version="3.2.10"'
2645. | Confirmed By:
2646. | Readme - Stable Tag (Aggressive Detection)
2647. | - https://www.glesp.org.br/wp-content/plugins/nextgen-gallery/readme.txt
2648. | Readme - ChangeLog Section (Aggressive Detection)
2649. | - https://www.glesp.org.br/wp-content/plugins/nextgen-gallery/readme.txt
2650.  
2651. [+] w3-total-cache
2652. | Location: https://www.glesp.org.br/wp-content/plugins/w3-total-cache/
2653. | Latest Version: 0.9.7.5 (up to date)
2654. | Last Updated: 2019-06-05T14:00:00.000Z
2655. |
2656. | Detected By: Header Pattern (Passive Detection)
2657. |
2658. | Version: 0.9.7.5 (100% confidence)
2659. | Detected By: Header Pattern (Passive Detection)
2660. | - https://www.glesp.org.br/, Match: 'W3 Total Cache/0.9.7.5'
2661. | Confirmed By:
2662. | Readme - Stable Tag (Aggressive Detection)
2663. | - https://www.glesp.org.br/wp-content/plugins/w3-total-cache/readme.txt
2664. | Readme - ChangeLog Section (Aggressive Detection)
2665. | - https://www.glesp.org.br/wp-content/plugins/w3-total-cache/readme.txt
2666.  
2667. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
2668. Checking Config Backups - Time: 00:00:22 <=============> (21 / 21) 100.00% Time: 00:00:22
2669.  
2670. [i] No Config Backups Found.
2671.  
2672.  
2673. [+] Finished: Sun Sep 8 15:31:06 2019
2674. [+] Requests Done: 64
2675. [+] Cached Requests: 6
2676. [+] Data Sent: 19.034 KB
2677. [+] Data Received: 420.336 KB
2678. [+] Memory used: 189.719 MB
2679. [+] Elapsed time: 00:02:02
2680. #######################################################################################################################################
2681.  
2682. [+] URL: https://www.glesp.org.br/
2683. [+] Started: Sun Sep 8 15:29:10 2019
2684.  
2685. Interesting Finding(s):
2686.  
2687. [+] https://www.glesp.org.br/
2688. | Interesting Entries:
2689. | - Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2690. | - X-Powered-By: W3 Total Cache/0.9.7.5
2691. | Found By: Headers (Passive Detection)
2692. | Confidence: 100%
2693.  
2694. [+] https://www.glesp.org.br/xmlrpc.php
2695. | Found By: Direct Access (Aggressive Detection)
2696. | Confidence: 100%
2697. | References:
2698. | - http://codex.wordpress.org/XML-RPC_Pingback_API
2699. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2700. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2701. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2702. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2703.  
2704. [+] https://www.glesp.org.br/readme.html
2705. | Found By: Direct Access (Aggressive Detection)
2706. | Confidence: 100%
2707.  
2708. [+] This site has 'Must Use Plugins': https://www.glesp.org.br/wp-content/mu-plugins/
2709. | Found By: Direct Access (Aggressive Detection)
2710. | Confidence: 80%
2711. | Reference: http://codex.wordpress.org/Must_Use_Plugins
2712.  
2713. [+] https://www.glesp.org.br/wp-cron.php
2714. | Found By: Direct Access (Aggressive Detection)
2715. | Confidence: 60%
2716. | References:
2717. | - https://www.iplocation.net/defend-wordpress-from-ddos
2718. | - https://github.com/wpscanteam/wpscan/issues/1299
2719.  
2720. [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
2721. | Detected By: Query Parameter In Install Page (Aggressive Detection)
2722. | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
2723. | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
2724. | - https://www.glesp.org.br/wp-includes/css/dashicons.min.css?ver=5.2.2
2725. | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection)
2726. | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
2727. | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
2728.  
2729. [i] The main theme could not be detected.
2730.  
2731. [+] Enumerating Users (via Passive and Aggressive Methods)
2732. Brute Forcing Author IDs - Time: 00:00:14 <==> (10 / 10) 100.00% Time: 00:00:14
2733.  
2734. [i] No Users Found.
2735.  
2736.  
2737. [+] Finished: Sun Sep 8 15:30:41 2019
2738. [+] Requests Done: 39
2739. [+] Cached Requests: 19
2740. [+] Data Sent: 11.532 KB
2741. [+] Data Received: 281.982 KB
2742. [+] Memory used: 81.18 MB
2743. [+] Elapsed time: 00:01:31
2744. #######################################################################################################################################
2745. [+] URL: https://www.glesp.org.br/
2746. [+] Started: Sun Sep 8 15:36:17 2019
2747.  
2748. Interesting Finding(s):
2749.  
2750. [+] https://www.glesp.org.br/
2751. | Interesting Entries:
2752. | - Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2753. | - X-Powered-By: W3 Total Cache/0.9.7.5
2754. | Found By: Headers (Passive Detection)
2755. | Confidence: 100%
2756.  
2757. [+] https://www.glesp.org.br/xmlrpc.php
2758. | Found By: Direct Access (Aggressive Detection)
2759. | Confidence: 100%
2760. | References:
2761. | - http://codex.wordpress.org/XML-RPC_Pingback_API
2762. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2763. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2764. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2765. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2766.  
2767. [+] https://www.glesp.org.br/readme.html
2768. | Found By: Direct Access (Aggressive Detection)
2769. | Confidence: 100%
2770.  
2771. [+] This site has 'Must Use Plugins': https://www.glesp.org.br/wp-content/mu-plugins/
2772. | Found By: Direct Access (Aggressive Detection)
2773. | Confidence: 80%
2774. | Reference: http://codex.wordpress.org/Must_Use_Plugins
2775.  
2776. [+] https://www.glesp.org.br/wp-cron.php
2777. | Found By: Direct Access (Aggressive Detection)
2778. | Confidence: 60%
2779. | References:
2780. | - https://www.iplocation.net/defend-wordpress-from-ddos
2781. | - https://github.com/wpscanteam/wpscan/issues/1299
2782.  
2783. [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
2784. | Detected By: Query Parameter In Install Page (Aggressive Detection)
2785. | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
2786. | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
2787. | - https://www.glesp.org.br/wp-includes/css/dashicons.min.css?ver=5.2.2
2788. | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection)
2789. | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
2790. | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
2791.  
2792. [i] The main theme could not be detected.
2793.  
2794. [+] Enumerating Users (via Passive and Aggressive Methods)
2795. Brute Forcing Author IDs - Time: 00:00:24 <============> (10 / 10) 100.00% Time: 00:00:24
2796.  
2797. [i] No Users Found.
2798.  
2799.  
2800. [+] Finished: Sun Sep 8 15:36:59 2019
2801. [+] Requests Done: 13
2802. [+] Cached Requests: 45
2803. [+] Data Sent: 3.783 KB
2804. [+] Data Received: 46.95 KB
2805. [+] Memory used: 81.082 MB
2806. [+] Elapsed time: 00:00:41
2807. #######################################################################################################################################
2808. [INFO] ------TARGET info------
2809. [*] TARGET: https://www.glesp.org.br/
2810. [*] TARGET IP: 162.144.126.169
2811. [INFO] NO load balancer detected for www.glesp.org.br...
2812. [*] DNS servers: glesp.org.br.
2813. [*] TARGET server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2814. [*] CC: US
2815. [*] Country: United States
2816. [*] RegionCode: UT
2817. [*] RegionName: Utah
2818. [*] City: Provo
2819. [*] ASN: AS46606
2820. [*] BGP_PREFIX: 162.144.0.0/16
2821. [*] ISP: UNIFIEDLAYER-AS-1 - Unified Layer, US
2822. [INFO] SSL/HTTPS certificate detected
2823. [*] Issuer: issuer=C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
2824. [*] Subject: subject=CN = glesp.org.br
2825. [INFO] DNS enumeration:
2826. [*] ftp.glesp.org.br 162.144.126.169
2827. [*] mail.glesp.org.br 162.144.126.169
2828. [*] ns1.glesp.org.br 162.144.126.169
2829. [*] ns2.glesp.org.br 142.4.3.158
2830. [*] webmail.glesp.org.br glesp.org.br. 162.144.126.169
2831. [INFO] Possible abuse mails are:
2832. [*] abuse@glesp.org.br
2833. [*] abuse@www.glesp.org.br
2834. [*] malware@bluehost.com
2835. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
2836. [INFO] Starting FUZZing in http://www.glesp.org.br/FUzZzZzZzZz...
2837. [INFO] Status code Folders
2838. [ALERT] Look in the source code. It may contain passwords
2839. [INFO] Links found from https://www.glesp.org.br/ http://162.144.126.169/:
2840. [*] http://162.144.126.169/cgi-sys/defaultwebpage.cgi
2841. [*] http://oportunidades.glesp.org.br/usuarios/login_visualizar
2842. [*] https://info.glesp.org.br/lojas/busca_lojas
2843. [*] https://twitter.com/gmglespoficial
2844. [*] https://www.facebook.com/GlespOficial/
2845. [*] https://www.glesp.org.br/
2846. [*] https://www.glesp.org.br/?feed=atom
2847. [*] https://www.glesp.org.br/?feed=rss
2848. [*] https://www.glesp.org.br/?feed=rss2
2849. [*] https://www.glesp.org.br/?hospitalaria=fundo-de-solidariedade
2850. [*] https://www.glesp.org.br/?hospitalaria=indicador-de-saude
2851. [*] https://www.glesp.org.br/?hospitalaria=instituicoes-de-ensino
2852. [*] https://www.glesp.org.br/?hospitalaria=recolocacao-profissional
2853. [*] https://www.glesp.org.br/?lang=pb
2854. [*] https://www.glesp.org.br/?noticias=dia-do-macom-2
2855. [*] https://www.glesp.org.br/?noticias=edital-3
2856. [*] https://www.glesp.org.br/?noticias=glesp-news
2857. [*] https://www.glesp.org.br/?noticias=novo-pabx
2858. [*] https://www.glesp.org.br/?noticias=parceria-glesp-bifarma
2859. [*] https://www.glesp.org.br/?noticias=reuniao
2860. [*] https://www.glesp.org.br/?page_id=115
2861. [*] https://www.glesp.org.br/?page_id=128
2862. [*] https://www.glesp.org.br/?page_id=18176
2863. [*] https://www.glesp.org.br/?page_id=186
2864. [*] https://www.glesp.org.br/?page_id=20869
2865. [*] https://www.glesp.org.br/?page_id=31
2866. [*] https://www.glesp.org.br/?page_id=519
2867. [*] https://www.glesp.org.br/?paramaconicas=amem-associacao-dos-medicos-macons
2868. [*] https://www.glesp.org.br/?paramaconicas=bodes-do-asfalto
2869. [*] https://www.glesp.org.br/?paramaconicas=escoteiros-do-brasil
2870. [*] https://www.glesp.org.br/?paramaconicas=escudeiros-da-tavola-redonda
2871. [*] https://www.glesp.org.br/?paramaconicas=estrela-do-oriente
2872. [*] https://www.glesp.org.br/?paramaconicas=filhas-de-jo
2873. [*] https://www.glesp.org.br/?paramaconicas=lowtons
2874. [*] https://www.glesp.org.br/?paramaconicas=ordem-demolay
2875. [*] https://www.glesp.org.br/?paramaconicas=ordem-internacional-arco-iris-para-meninas
2876. [*] https://www.glesp.org.br/?paramaconicas=pelicanos-do-asfalto
2877. [*] https://www.glesp.org.br/?paramaconicas=pledges
2878. [*] https://www.glesp.org.br/?post_type=noticias
2879. [*] https://www.glesp.org.br/?sec-geral=boletins-informativos
2880. [*] https://www.linkedin.com/company-beta/11222127/
2881. [*] https://www.youtube.com/user/glesp10
2882. [INFO] GOOGLE has 135,000 results (0.21 seconds) about http://www.glesp.org.br/
2883. [INFO] Shodan detected the following opened ports on 162.144.126.169:
2884. [*] 1
2885. [*] 110
2886. [*] 143
2887. [*] 2082
2888. [*] 2083
2889. [*] 2086
2890. [*] 2087
2891. [*] 2096
2892. [*] 26
2893. [*] 3
2894. [*] 4
2895. [*] 443
2896. [*] 53
2897. [*] 587
2898. [*] 80
2899. [*] 993
2900. [*] 995
2901. [INFO] ------VirusTotal SECTION------
2902. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
2903. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
2904. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
2905. [INFO] ------Alexa Rank SECTION------
2906. [INFO] Percent of Visitors Rank in Country:
2907. [INFO] Percent of Search Traffic:
2908. [INFO] Percent of Unique Visits:
2909. [INFO] Total Sites Linking In:
2910. [*] Total Sites
2911. [INFO] Useful links related to www.glesp.org.br - 162.144.126.169:
2912. [*] https://www.virustotal.com/pt/ip-address/162.144.126.169/information/
2913. [*] https://www.hybrid-analysis.com/search?host=162.144.126.169
2914. [*] https://www.shodan.io/host/162.144.126.169
2915. [*] https://www.senderbase.org/lookup/?search_string=162.144.126.169
2916. [*] https://www.alienvault.com/open-threat-exchange/ip/162.144.126.169
2917. [*] http://pastebin.com/search?q=162.144.126.169
2918. [*] http://urlquery.net/search.php?q=162.144.126.169
2919. [*] http://www.alexa.com/siteinfo/www.glesp.org.br
2920. [*] http://www.google.com/safebrowsing/diagnostic?site=www.glesp.org.br
2921. [*] https://censys.io/ipv4/162.144.126.169
2922. [*] https://www.abuseipdb.com/check/162.144.126.169
2923. [*] https://urlscan.io/search/#162.144.126.169
2924. [*] https://github.com/search?q=162.144.126.169&type=Code
2925. [INFO] Useful links related to AS46606 - 162.144.0.0/16:
2926. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:46606
2927. [*] https://www.senderbase.org/lookup/?search_string=162.144.0.0/16
2928. [*] http://bgp.he.net/AS46606
2929. [*] https://stat.ripe.net/AS46606
2930. [INFO] Date: 08/09/19 | Time: 15:40:24
2931. [INFO] Total time: 3 minute(s) and 34 second(s)
2932. #######################################################################################################################################
2933. [I] Threads: 5
2934. [-] Target: https://www.glesp.org.br (162.144.126.169)
2935. [I] Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
2936. [I] X-Powered-By: W3 Total Cache/0.9.7.5
2937. [L] X-Frame-Options: Not Enforced
2938. [I] Strict-Transport-Security: Not Enforced
2939. [I] X-Content-Security-Policy: Not Enforced
2940. [I] X-Content-Type-Options: Not Enforced
2941. [L] No Robots.txt Found
2942. [I] CMS Detection: WordPress
2943. [I] Wordpress Theme: glesp
2944. [M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
2945. [M] XML-RPC services are enabled
2946. [I] Autocomplete Off Not Found: https://www.glesp.org.br/wp-login.php
2947. [-] Default WordPress Files:
2948. [I] https://www.glesp.org.br/license.txt
2949. [I] https://www.glesp.org.br/readme.html
2950. [I] https://www.glesp.org.br/wp-content/themes/twentynineteen/readme.txt
2951. [I] https://www.glesp.org.br/wp-includes/ID3/license.commercial.txt
2952. [I] https://www.glesp.org.br/wp-includes/ID3/license.txt
2953. [I] https://www.glesp.org.br/wp-includes/ID3/readme.txt
2954. [I] https://www.glesp.org.br/wp-includes/images/crystal/license.txt
2955. [I] https://www.glesp.org.br/wp-includes/js/plupload/license.txt
2956. [I] https://www.glesp.org.br/wp-includes/js/swfupload/license.txt
2957. [I] https://www.glesp.org.br/wp-includes/js/tinymce/license.txt
2958. [-] Searching Wordpress Plugins ...
2959. [I] contact-form-7 v5.1.3
2960. [I] dlm-page-addon v4.1.1
2961. [I] download-monitor v4.4.2
2962. [I] nextgen-gallery v3.2.10
2963. [M] EDB-ID: 12098 "WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting"
2964. [M] EDB-ID: 38178 "WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting"
2965. [M] EDB-ID: 39100 "WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal"
2966. [I] qtranslate-x v3.4.6.8
2967. [I] the-preloader v1.0.9
2968. [I] Checking for Directory Listing Enabled ...
2969. [-] Date & Time: 08/09/2019 15:44:22
2970. [-] Completed in: 0:14:42
2971. #######################################################################################################################################
2972. Anonymous JTSEC #OpAmazonia Full Recon #19