Anonymous Operation Israel JTSEC full recon 2018 #18

#######################################################################################################################################
Hostname 	www.environment.gov.il 	  	ISP 	Tehila Project - Prime Minister Office's (AS8867)
Continent 	Asia 	  	Flag
IL
Country 	Israel 	  	Country Code 	IL (ISR)
Region 	04 	  	Local time 	08 Apr 2018 00:38 IDT
City 	Or Akiva 	  	Latitude 	32.506
IP Address 	147.237.77.18 	  	Longitude 	34.921
#######################################################################################################################################
HostIP:147.237.77.18
HostName:environment.gov.il

Gathered Inet-whois information for 147.237.77.18
---------------------------------------------------------------------------------------------------------------------------------------


inetnum:        147.237.0.0 - 147.237.255.255
netname:        IL-GOVT-NET
descr:          Israeli Government Network
country:        IL
admin-c:        AT979-RIPE
tech-c:         TT441-RIPE
status:         LEGACY
remarks:        For information on "status:" attribute read https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources
mnt-by:         GOV-IL-DNS
mnt-lower:      GOV-IL-DNS
mnt-routes:     AS8867-MNT ANY
mnt-routes:     AS9116-MNT { 147.237.232.0/24^24-24 }
created:        1970-01-01T00:00:00Z
last-modified:  2015-05-05T01:38:51Z
source:         RIPE # Filtered

person:         Admin Tehila
address:        Israel Ministry Of Finance
address:        1 Netanel Lorech st
address:        Jerusalem Israel
phone:          +972 2 6664666
fax-no:         +972 2 6664650
remarks:        For ABUSE and security issues please contact
remarks:        email: abuse@tehila.gov.il
remarks:        or contact CERT.gov.il at report@CERT.gov.il
nic-hdl:        AT979-RIPE
created:        2002-06-02T08:31:21Z
last-modified:  2016-04-06T03:26:29Z
mnt-by:         RIPE-NCC-LOCKED-MNT
source:         RIPE # Filtered

person:         Tech Tehila
address:        Israeli Ministry of Finance
address:        1 Netanel Lorech st. , Jerusalem 91008, Israel
phone:          +972 2 6664666
fax-no:         +972 2 6664650
remarks:        For ABUSE and security issues please contact
remarks:        email: abuse@tehila.gov.il
remarks:        or contact CERT.gov.il at report@CERT.gov.il
nic-hdl:        TT441-RIPE
created:        2002-06-02T08:31:22Z
last-modified:  2016-04-06T03:26:28Z
mnt-by:         RIPE-NCC-LOCKED-MNT
source:         RIPE # Filtered

% Information related to '147.237.0.0/16AS8867'

route:          147.237.0.0/16
descr:          IL-GOVT-BLOCK
origin:         AS8867
mnt-by:         AS8867-MNT
mnt-routes:     AS8867-MNT ANY
mnt-routes:     AS9116-MNT { 147.237.232.0/24^24-24 }
created:        1970-01-01T00:00:00Z
last-modified:  2013-05-29T13:30:11Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.91.1 (BLAARKOP)


Gathered Inic-whois information for environment.gov.il
---------------------------------------------------------------------------------------------------------------------------------------
domain:       environment.gov.il

descr:        Tech Tehila
descr:        1 Netanel Lorech st
descr:        Jerusalem
descr:        91911
descr:        Israel
e-mail:       hostmaster AT tehila.gov.il
admin-c:      GV-TT3128-IL
tech-c:       GV-TT3128-IL
zone-c:       GV-TT3128-IL
nserver:      dns.gov.il
nserver:      dns3.gov.il
validity:     N/A
DNSSEC:       unsigned
status:       Transfer Allowed
changed:      domain-registrar AT isoc.org.il 20jV@11102F��7 �(Assign�%���ediV@)
changed:      domain-registrar AT isoc.org.il 20150121 (Changed)
changed:      domain-registrar AT isoc.org.il 20150122 (Changed)

person:       Tech Tehila
address:      Prime minister office
address:      1 Netanel Lorech st
address:      Jerusalem
address:      91039
address:      Israel
phone:        +972 2 6664666
fax-no:       +972 2 6664650
e-mail:       Hostmaster AT tehila.gov.il
nic-hdl:      GV-TT3128-IL
changed:      Managing Registrar 20111027
changed:      Managing Registrar 20150122

registrar name: Israel Government
registrar info:

% Rights to the data above are restricted by copyright.

Gathered Netcraft information for environment.gov.il
---------------------------------------------------------------------------------------------------------------------------------------

Retrieving Netcraft.com information for environment.gov.il
Netcraft.com Information gathered

Gathered Subdomain information for environment.gov.il
--------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
HostName:www.environment.gov.il
HostIP:147.237.77.18
Searching Altavista.com:80...
Found 1 possible subdomain(s) for host environment.gov.il, Searched 0 pages containing 0 results

Gathered E-Mail information for environment.gov.il
--------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host environment.gov.il, Searched 0 pages containing 0 results

Gathered TCP Port information for 147.237.77.18
---------------------------------------------------------------------------------------------------------------------------------------

 Port		State


Portscan Finished: Scanned 150 ports, 0 ports were in state closed
#######################################################################################################################################
[i] Scanning Site: http://environment.gov.il


B A S I C   I N F O
=======================================================================================================================================


[+] Site Title:
[+] IP address: 147.237.77.18
[+] Web Server: Could Not Detect
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Found

-------------[ contents ]----------------
<html><body><script>document.cookie='ccccccc=f2f5ce66ccccccc_f2f5ce66; path=/';window.location.href=window.location.href;</script></body></html>
-----------[end of contents]-------------


W H O I S   L O O K U P
========================


% The data in the WHOIS database of the .il registry is provided
% by ISOC-IL for information purposes, and to assist persons in
% obtaining information about or related to a domain name
% registration record. ISOC-IL does not guarantee its accuracy.
% By submitting a WHOIS query, you agree that you will use this
% Data only for lawful purposes and that, under no circumstances
% will you use this Data to: (1) allow, enable, or otherwise
% support the transmission of mass unsolicited, commercial
% advertising or solicitations via e-mail (spam);
% or  (2) enable high volume, automated, electronic processes that
% apply to ISOC-IL (or its systems).
% ISOC-IL reserves the right to modify these terms at any time.
% By submitting this query, you agree to abide by this policy.

query:        environment.gov.il

reg-name:     environment
domain:       environment.gov.il

descr:        Tech Tehila
descr:        1 Netanel Lorech st
descr:        Jerusalem
descr:        91911
descr:        Israel
e-mail:       hostmaster AT tehila.gov.il
admin-c:      GV-TT3128-IL
tech-c:       GV-TT3128-IL
zone-c:       GV-TT3128-IL
nserver:      dns.gov.il
nserver:      dns3.gov.il
validity:     N/A
DNSSEC:       unsigned
status:       Transfer Allowed
changed:      domain-registrar AT isoc.org.il 20111027 (Assigned)
changed:      domain-registrar AT isoc.org.il 20150121 (Changed)
changed:      domain-registrar AT isoc.org.il 20150122 (Changed)

person:       Tech Tehila
address:      Prime minister office
address:      1 Netanel Lorech st
address:      Jerusalem
address:      91039
address:      Israel
phone:        +972 2 6664666
fax-no:       +972 2 6664650
e-mail:       Hostmaster AT tehila.gov.il
nic-hdl:      GV-TT3128-IL
changed:      Managing Registrar 20111027
changed:      Managing Registrar 20150122

registrar name: Israel Government
registrar info:

% Rights to the data above are restricted by copyright.


G E O  I P  L O O K  U P
=======================================================================================================================================

[i] IP Address: 147.237.77.18
[i] Country: IL
[i] State: N/A
[i] City: N/A
[i] Latitude: 31.500000
[i] Longitude: 34.750000


H T T P   H E A D E R S
======================================================================================================================================


[i]  HTTP/1.0 200 OK
[i]  Expires: Sat, 6 May 1995 12:00:00 GMT
[i]  P3P: CP=NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM
[i]  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[i]  Pragma: no-cache
[i]  Content-Length: 144
[i]  Connection: Close


D N S   L O O K U P
======================================================================================================================================

;; Truncated, retrying in TCP mode.
environment.gov.il.	3600	IN	SOA	dns.gov.il. hostmaster.tehila.gov.il. 2018010101 21600 3600 3628800 3600
environment.gov.il.	600	IN	MX	5 mail.tehila.gov.il.
environment.gov.il.	3600	IN	NS	asia4.akam.net.
environment.gov.il.	3600	IN	NS	eur6.akam.net.
environment.gov.il.	3600	IN	NS	dns.gov.il.
environment.gov.il.	3600	IN	NS	usw2.akam.net.
environment.gov.il.	3600	IN	NS	asia3.akam.net.
environment.gov.il.	3600	IN	NS	ns1-69.akam.net.
environment.gov.il.	3600	IN	NS	eur2.akam.net.
environment.gov.il.	3600	IN	NS	dns3.gov.il.
environment.gov.il.	3600	IN	NS	ns1-111.akam.net.
environment.gov.il.	3600	IN	NS	use4.akam.net.
environment.gov.il.	3600	IN	TXT	"v=spf1 ip4:147.237.70.203 ip4:147.237.70.204 ip4:147.237.70.205 ip4:147.237.70.206 ~all"
environment.gov.il.	3600	IN	A	147.237.77.18


S U B N E T   C A L C U L A T I O N
======================================================================================================================================

Address       = 147.237.77.18
Network       = 147.237.77.18 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 147.237.77.18 - 147.237.77.18 }


N M A P   P O R T   S C A N
======================================================================================================================================


Starting Nmap 7.01 ( https://nmap.org ) at 2018-04-07 21:43 UTC
Nmap scan report for environment.gov.il (147.237.77.18)
Host is up (0.14s latency).
PORT     STATE    SERVICE       VERSION
21/tcp   filtered ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
25/tcp   filtered smtp
80/tcp   open     http?
110/tcp  filtered pop3
143/tcp  filtered imap
443/tcp  filtered https
445/tcp  filtered microsoft-ds
3389/tcp filtered ms-wbt-server
######################################################################################################################################
[!] IP Address : 147.237.77.18
[!] environment.gov.il doesn't seem to use a CMS
[+] Honeypot Probabilty: 0%
----------------------------------------
[~] Trying to gather whois information for environment.gov.il
[+] Whois information found
Registrant Name : Tech Tehila
Status : Transfer Allowed
Dnssec : unsigned
Expiration Date : N/A
Domain Name : environment.gov.il
Phone : +972 2 6664666
Registrar : Israel Government
Referral Url : None
Name Servers : dns.gov.il, dns3.gov.il
Emails : hostmaster@tehila.gov.il, Hostmaster@tehila.gov.il
----------------------------------------
PORT     STATE    SERVICE       VERSION
21/tcp   filtered ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
25/tcp   filtered smtp
80/tcp   open     http?
110/tcp  filtered pop3
143/tcp  filtered imap
443/tcp  filtered https
445/tcp  filtered microsoft-ds
3389/tcp filtered ms-wbt-server


[+] DNS Records
ns1-111.akam.net. (193.108.91.111) AS21342 Akamai International B.V. Europe
dns3.gov.il. (62.219.20.20) AS8551 Bezeq International Israel
use4.akam.net. (23.211.133.65) AS21342 Akamai International B.V. Netherlands
eur6.akam.net. (2.22.230.64) AS21342 Akamai International B.V. Spain
dns.gov.il. (147.237.71.1) AS8867 Tehila Project - Prime Minister Office's Israel
ns1-69.akam.net. (193.108.91.69) AS21342 Akamai International B.V. Europe
usw2.akam.net. (184.26.161.64) AS21342 Akamai International B.V. United States
asia3.akam.net. (23.211.61.64) AS21342 Akamai International B.V. Netherlands
eur2.akam.net. (95.100.173.64) AS21342 Akamai International B.V. Europe
asia4.akam.net. (184.85.248.64) AS21342 Akamai International B.V. Netherlands

[+] MX Records
5 (147.237.71.5) AS8867 Tehila Project - Prime Minister Office's Israel

[+] Host Records (A)
www.environment.gov.il (147.237.77.18) AS8867 Tehila Project - Prime Minister Office's Israel

[+] TXT Records
"v=spf1 ip4:147.237.70.203 ip4:147.237.70.204 ip4:147.237.70.205 ip4:147.237.70.206 ~all"

[+] DNS Map: https://dnsdumpster.com/static/map/environment.gov.il.png

[>] Initiating 3 intel modules
[>] Loading Alpha module (1/3)
[>] Beta module deployed (2/3)
[>] Gamma module initiated (3/3)


[+] Emails found:
---------------------------------------------------------------------------------------------------------------------------------------
BaruchW@environment.gov.il
Stelian@environment.gov.il
alonz@environment.gov.il
doar@environment.gov.il
dover@environment.gov.il
giliz@environment.gov.il
hagaib@environment.gov.il
iriss@environment.gov.il
mankal@environment.gov.il
miriamh@environment.gov.il
ori@environment.gov.il
pniot@environment.gov.il
rayab@environment.gov.il
ronene@environment.gov.il
sar@environment.gov.il
shulin@environment.gov.il
victors@environment.gov.il
yossi@environment.gov.il

[+] Hosts found in search engines:
------------------------------------
[-] Resolving hostnames IPs...
147.237.77.18:WWW.environment.gov.il
147.237.77.18:www.environment.gov.il
[+] Virtual hosts:
-----------------
147.237.77.18	sviva.gov.il
147.237.77.18	www.sviva.gov.il
#######################################################################################################################################
Original*      environment.gov.il      147.237.77.18 NS:asia3.akam.net MX:mail.tehila.gov.il
#######################################################################################################################################
[*] Processing domain environment.gov.il
[+] Getting nameservers
184.85.248.64 - asia4.akam.net
2.22.230.64 - eur6.akam.net
147.237.71.1 - dns.gov.il
193.108.91.111 - ns1-111.akam.net
62.219.20.20 - dns3.gov.il
95.100.173.64 - eur2.akam.net
23.211.133.65 - use4.akam.net
184.26.161.64 - usw2.akam.net
23.211.61.64 - asia3.akam.net
193.108.91.69 - ns1-69.akam.net
[-] Zone transfer failed

[+] TXT records found
"v=spf1 ip4:147.237.70.203 ip4:147.237.70.204 ip4:147.237.70.205 ip4:147.237.70.206 ~all"

[+] MX records found, added to target list
5 mail.tehila.gov.il.

[*] Scanning environment.gov.il for A records
147.237.77.18 - environment.gov.il
147.237.77.18 - www.environment.gov.il
######################################################################################################################################
Ip Address	Status	Type	Domain Name			Server
----------	------	----	-----------			------
147.237.77.18           host    www.environment.gov.il
#######################################################################################################################################
Server:		10.211.254.254
Address:	10.211.254.254#53

Non-authoritative answer:
Name:	environment.gov.il
Address: 147.237.77.18

environment.gov.il has address 147.237.77.18
environment.gov.il mail is handled by 5 mail.tehila.gov.il.
#######################################################################################################################################
Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu

[+] Target is environment.gov.il
[+] Loading modules.
[+] Following modules are loaded:
[x] [1] ping:icmp_ping  -  ICMP echo discovery module
[x] [2] ping:tcp_ping  -  TCP-based ping discovery module
[x] [3] ping:udp_ping  -  UDP-based ping discovery module
[x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
[x] [5] infogather:portscan  -  TCP and UDP PortScanner
[x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
[x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
[x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
[x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
[x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
[x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
[x] [12] fingerprint:smb  -  SMB fingerprinting module
[x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
[+] 13 modules registered
[+] Initializing scan engine
[+] Running scan engine
[-] ping:tcp_ping module: no closed/open TCP ports known on 147.237.77.18. Module test failed
[-] ping:udp_ping module: no closed/open UDP ports known on 147.237.77.18. Module test failed
[-] No distance calculation. 147.237.77.18 appears to be dead or no ports known
[+] Host: 147.237.77.18 is down (Guess probability: 0%)
[+] Cleaning up scan engine
[+] Modules deinitialized
[+] Execution completed.
#######################################################################################################################################

% The data in the WHOIS database of the .il registry is provided
% by ISOC-IL for information purposes, and to assist persons in
% obtaining information about or related to a domain name
% registration record. ISOC-IL does not guarantee its accuracy.
% By submitting a WHOIS query, you agree that you will use this
% Data only for lawful purposes and that, under no circumstances
% will you use this Data to: (1) allow, enable, or otherwise
% support the transmission of mass unsolicited, commercial
% advertising or solicitations via e-mail (spam);
% or  (2) enable high volume, automated, electronic processes that
% apply to ISOC-IL (or its systems).
% ISOC-IL reserves the right to modify these terms at any time.
% By submitting this query, you agree to abide by this policy.

query:        environment.gov.il

reg-name:     environment
domain:       environment.gov.il

descr:        Tech Tehila
descr:        1 Netanel Lorech st
descr:        Jerusalem
descr:        91911
descr:        Israel
e-mail:       hostmaster AT tehila.gov.il
admin-c:      GV-TT3128-IL
tech-c:       GV-TT3128-IL
zone-c:       GV-TT3128-IL
nserver:      dns.gov.il
nserver:      dns3.gov.il
validity:     N/A
DNSSEC:       unsigned
status:       Transfer Allowed
changed:      domain-registrar AT isoc.org.il 20111027 (Assigned)
changed:      domain-registrar AT isoc.org.il 20150121 (Changed)
changed:      domain-registrar AT isoc.org.il 20150122 (Changed)

person:       Tech Tehila
address:      Prime minister office
address:      1 Netanel Lorech st
address:      Jerusalem
address:      91039
address:      Israel
phone:        +972 2 6664666
fax-no:       +972 2 6664650
e-mail:       Hostmaster AT tehila.gov.il
nic-hdl:      GV-TT3128-IL
changed:      Managing Registrar 20111027
changed:      Managing Registrar 20150122

registrar name: Israel Government
registrar info:

% Rights to the data above are restricted by copyright.
######################################################################################################################################

; <<>> DiG 9.11.3-1-Debian <<>> -x environment.gov.il
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49597
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;il.gov.environment.in-addr.arpa. IN	PTR

;; AUTHORITY SECTION:
in-addr.arpa.		3600	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2018013344 1800 900 604800 3600

;; Query time: 558 msec
;; SERVER: 10.211.254.254#53(10.211.254.254)
;; WHEN: Sat Apr 07 18:07:15 EDT 2018
;; MSG SIZE  rcvd: 128

dnsenum VERSION:1.2.4

-----   environment.gov.il   -----


Host's addresses:
__________________

environment.gov.il.                      3585     IN    A        147.237.77.18


Name Servers:
______________

asia4.akam.net.                          89909    IN    A        184.85.248.64
usw2.akam.net.                           85717    IN    A        184.26.161.64
asia3.akam.net.                          86416    IN    A        23.211.61.64
ns1-69.akam.net.                         89923    IN    A        193.108.91.69
eur6.akam.net.                           89909    IN    A        2.22.230.64
dns.gov.il.                              510      IN    A        147.237.71.1
ns1-111.akam.net.                        89936    IN    A        193.108.91.111
eur2.akam.net.                           83758    IN    A        95.100.173.64
dns3.gov.il.                             600      IN    A        62.219.20.20
use4.akam.net.                           89964    IN    A        23.211.133.65


Mail (MX) Servers:
___________________

mail.tehila.gov.il.                      600      IN    A        147.237.71.7
mail.tehila.gov.il.                      600      IN    A        147.237.71.6
mail.tehila.gov.il.                      600      IN    A        147.237.71.4
mail.tehila.gov.il.                      600      IN    A        147.237.71.5


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for environment.gov.il on asia4.akam.net ...

Trying Zone Transfer for environment.gov.il on usw2.akam.net ...

Trying Zone Transfer for environment.gov.il on asia3.akam.net ...

Trying Zone Transfer for environment.gov.il on ns1-69.akam.net ...

Trying Zone Transfer for environment.gov.il on eur6.akam.net ...

Trying Zone Transfer for environment.gov.il on dns.gov.il ...

Trying Zone Transfer for environment.gov.il on ns1-111.akam.net ...

Trying Zone Transfer for environment.gov.il on eur2.akam.net ...

Trying Zone Transfer for environment.gov.il on dns3.gov.il ...

Trying Zone Transfer for environment.gov.il on use4.akam.net ...

brute force file not specified, bay.
#######################################################################################################################################
[-] Enumerating subdomains now for environment.gov.il
[-] verbosity is enabled, will show the subdomains results in realtime
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
HTTPSConnectionPool(host='www.virustotal.com', port=443): Max retries exceeded with url: /en/domain/environment.gov.il/information/ (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f77aef38710>: Failed to establish a new connection: [Errno -2] Name or service not known',))
HTTPSConnectionPool(host='searchdns.netcraft.com', port=443): Max retries exceeded with url: /?restriction=site+ends+with&host=example.com (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f77aef38750>: Failed to establish a new connection: [Errno -2] Name or service not known',))
DNSdumpster: www.environment.gov.il
Yahoo: www.environment.gov.il
[-] Saving results to file: /usr/share/sniper/loot/environment.gov.il/domains/domains-environment.gov.il.txt
[-] Total Unique Subdomains Found: 1
www.environment.gov.il

######################################################################################################################################
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  discover v0.5.0 - by @michenriksen

Identifying nameservers for environment.gov.il... Done
Using nameservers:

 - 2.22.230.64
 - 193.108.91.69
 - 193.108.91.111
 - 147.237.71.1
 - 95.100.173.64
 - 62.219.20.20
 - 23.211.61.64
 - 184.26.161.64
 - 23.211.133.65
 - 184.85.248.64

Checking for wildcard DNS... Done

Running collector: Certificate Search... Error
 -> Failed to open TCP connection to crt.sh:443 (getaddrinfo: Name or service not known)
Running collector: Google Transparency Report... Done (0 hosts)
Running collector: Shodan... Skipped
 -> Key 'shodan' has not been set
Running collector: Dictionary... Done (27 hosts)
Running collector: PassiveTotal... Skipped
 -> Key 'passivetotal_key' has not been set
Running collector: DNSDB... Done (1 host)
Running collector: Threat Crowd... Done (0 hosts)
Running collector: VirusTotal... Skipped
 -> Key 'virustotal' has not been set
Running collector: Riddler... Skipped
 -> Key 'riddler_username' has not been set
Running collector: Netcraft... Done (0 hosts)
Running collector: PTRArchive... Error
 -> PTRArchive returned unexpected response code: 502
Running collector: Wayback Machine... Timed out
Running collector: HackerTarget... Done (1 host)
Running collector: Censys... Skipped
 -> Key 'censys_secret' has not been set
Running collector: PublicWWW... Done (1 host)

Resolving 30 unique hosts...
147.237.77.18   .environment.gov.il
147.237.77.18   environment.gov.il
147.237.77.18   www.environment.gov.il

Found subnets:

 - 147.237.77.0-255  : 3 hosts

Wrote 3 hosts to:

 - file:///root/aquatone/environment.gov.il/hosts.txt
 - file:///root/aquatone/environment.gov.il/hosts.json
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  takeover v0.5.0 - by @michenriksen

Loaded 3 hosts from /root/aquatone/environment.gov.il/hosts.json
Loaded 25 domain takeover detectors

Identifying nameservers for environment.gov.il... Done
Using nameservers:

 - 95.100.173.64
 - 184.26.161.64
 - 193.108.91.111
 - 184.85.248.64
 - 2.22.230.64
 - 23.211.133.65
 - 147.237.71.1
 - 62.219.20.20
 - 193.108.91.69
 - 23.211.61.64

Checking hosts for domain takeover vulnerabilities...

Finished checking hosts:

 - Vulnerable     : 0
 - Not Vulnerable : 3

Wrote 0 potential subdomain takeovers to:

 - file:///root/aquatone/environment.gov.il/takeovers.json

                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  scan v0.5.0 - by @michenriksen

Loaded 3 hosts from /root/aquatone/environment.gov.il/hosts.json

Probing 2 ports...
80/tcp    147.237.77.18   .environment.gov.il, environment.gov.il, www.environment.gov.il

Wrote open ports to file:///root/aquatone/environment.gov.il/open_ports.txt
Wrote URLs to file:///root/aquatone/environment.gov.il/urls.txt
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  gather v0.5.0 - by @michenriksen

Processing 3 pages...
   Failed: http://147.237.77.18/ (.environment.gov.il) - Timeout
   Failed: http://147.237.77.18/ (environment.gov.il) - Timeout
   Failed: http://147.237.77.18/ (www.environment.gov.il) - Timeout

Finished processing pages:

 - Successful : 0
 - Failed     : 3

Generating report...done
Report pages generated:

#######################################################################################################################################


[+] Emails found:
------------------
BaruchW@environment.gov.il
Stelian@environment.gov.il
doar@environment.gov.il
dover@environment.gov.il
giliz@environment.gov.il
hagaib@environment.gov.il
iriss@environment.gov.il
mankal@environment.gov.il
miriamh@environment.gov.il
ori@environment.gov.il
pniot@environment.gov.il
rayab@environment.gov.il
ronene@environment.gov.il
sar@environment.gov.il
shulin@environment.gov.il
victors@environment.gov.il
yossi@environment.gov.il

[+] Hosts found in search engines:
------------------------------------
[-] Resolving hostnames IPs...
147.237.77.18:www.environment.gov.il
[+] Virtual hosts:
==================
147.237.77.18	sviva.gov.il
147.237.77.18	www.sviva.gov.il

######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-07 18:16 EDT
Nmap scan report for environment.gov.il (147.237.77.18)
Host is up.

PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs

######################################################################################################################################
Hostname 	www.itrade.gov.il 	  	ISP 	013 NetVision Ltd (AS1680)
Continent 	Asia 	  	Flag
IL
Country 	Israel 	  	Country Code 	IL (ISR)
Region 	Unknown 	  	Local time 	08 Apr 2018 02:08 IDT
City 	Unknown 	  	Latitude 	31.5
IP Address 	185.162.127.53 	  	Longitude 	34.75
######################################################################################################################################

HostIP:107.178.254.36
HostName:itrade.gov.il

Gathered Inet-whois information for 107.178.254.36
---------------------------------------------------------------------------------------------------------------------------------------


inetnum:        107.161.176.0 - 107.181.127.255
netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr:          IPv4 address block not managed by the RIPE NCC
remarks:        ------------------------------------------------------
remarks:
remarks:        You can find the whois server to query, or the
remarks:        IANA registry to query on this web page:
remarks:        http://www.iana.org/assignments/ipv4-address-space
remarks:
remarks:        You can access databases of other RIRs at:
remarks:
remarks:        AFRINIC (Africa)
remarks:        http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks:        APNIC (Asia Pacific)
remarks:        http://www.apnic.net/ whois.apnic.net
remarks:
remarks:        ARIN (Northern America)
remarks:        http://www.arin.net/ whois.arin.net
remarks:
remarks:        LACNIC (Latin America and the Carribean)
remarks:        http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks:        IANA IPV4 Recovered Address Space
remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
remarks:
remarks:        ------------------------------------------------------
country:        EU # Country is really world wide
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
status:         ALLOCATED UNSPECIFIED
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      RIPE-NCC-HM-MNT
mnt-routes:     RIPE-NCC-RPSL-MNT
created:        2016-07-21T14:34:45Z
last-modified:  2016-07-21T14:34:45Z
source:         RIPE

role:           Internet Assigned Numbers Authority
address:        see http://www.iana.org.
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
nic-hdl:        IANA1-RIPE
remarks:        For more information on IANA services
remarks:        go to IANA web site at http://www.iana.org.
mnt-by:         RIPE-NCC-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2001-09-22T09:31:27Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.91.1 (WAGYU)


Gathered Inic-whois information for itrade.gov.il
---------------------------------
ERROR: Unable to locate Name Whois data on itrade.gov.il

Gathered Netcraft information for itrade.gov.il
---------------------------------

Retrieving Netcraft.com information for itrade.gov.il
Netcraft.com Information gathered

Gathered Subdomain information for itrade.gov.il
---------------------------------
Searching Google.com:80...
HostName:www.itrade.gov.il
HostIP:185.241.4.166
Searching Altavista.com:80...
Found 1 possible subdomain(s) for host itrade.gov.il, Searched 0 pages containing 0 results

Gathered E-Mail information for itrade.gov.il
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host itrade.gov.il, Searched 0 pages containing 0 results

Gathered TCP Port information for 107.178.254.36
---------------------------------

 Port		State

43/tcp		open
80/tcp		open
110/tcp		open
143/tcp		open

Portscan Finished: Scanned 150 ports, 0 ports were in state closed
#######################################################################################################################################
[i] Scanning Site: http://itrade.gov.il


B A S I C   I N F O
====================


[+] Site Title:
[+] IP address: 107.178.254.36
[+] Web Server: nginx
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt!


W H O I S   L O O K U P
========================


% The data in the WHOIS database of the .il registry is provided
% by ISOC-IL for information purposes, and to assist persons in
% obtaining information about or related to a domain name
% registration record. ISOC-IL does not guarantee its accuracy.
% By submitting a WHOIS query, you agree that you will use this
% Data only for lawful purposes and that, under no circumstances
% will you use this Data to: (1) allow, enable, or otherwise
% support the transmission of mass unsolicited, commercial
% advertising or solicitations via e-mail (spam);
% or  (2) enable high volume, automated, electronic processes that
% apply to ISOC-IL (or its systems).
% ISOC-IL reserves the right to modify these terms at any time.
% By submitting this query, you agree to abide by this policy.

% No data was found to match the request criteria.


% Rights to the data above are restricted by copyright.


G E O  I P  L O O K  U P
=========================

[i] IP Address: 107.178.254.36
[i] Country: US
[i] State: California
[i] City: Mountain View
[i] Latitude: 37.419201
[i] Longitude: -122.057404


H T T P   H E A D E R S
=======================


[i]  HTTP/1.0 301 Moved Permanently
[i]  Server: nginx
[i]  Date: Sun, 08 Apr 2018 00:56:38 GMT
[i]  Content-Type: text/html
[i]  Content-Length: 178
[i]  Location: http://www.itrade.gov.il/
[i]  Via: 1.1 google
[i]  HTTP/1.1 200 OK
[i]  Server: Reblaze Secure Web Gateway
[i]  Date: Sun, 08 Apr 2018 00:56:39 GMT
[i]  Content-Type: text/html; charset=utf-8
[i]  Content-Length: 86405
[i]  Connection: close
[i]  Vary: Accept-Encoding
[i]  expires: Thu, 01 Jan 1970 00:01:48 GMT
[i]  Cache-Control: no-cache, private, no-transform, no-store
[i]  Pragma: no-cache
[i]  P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"


D N S   L O O K U P
===================

;; Truncated, retrying in TCP mode.
itrade.gov.il.		600	IN	A	107.178.254.36


S U B N E T   C A L C U L A T I O N
====================================

Address       = 107.178.254.36
Network       = 107.178.254.36 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 107.178.254.36 - 107.178.254.36 }


N M A P   P O R T   S C A N
============================


Starting Nmap 7.01 ( https://nmap.org ) at 2018-04-08 00:56 UTC
Nmap scan report for itrade.gov.il (107.178.254.36)
Host is up (0.0021s latency).
rDNS record for 107.178.254.36: 36.254.178.107.bc.googleusercontent.com
PORT     STATE    SERVICE      VERSION
21/tcp   filtered ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
25/tcp   open     tcpwrapped
80/tcp   open     http         nginx
110/tcp  open     tcpwrapped
143/tcp  open     tcpwrapped
443/tcp  open     tcpwrapped
445/tcp  filtered microsoft-ds
3389/tcp open     tcpwrapped

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.46 seconds
######################################################################################################################################
Original*      itrade.gov.il      107.178.254.36
#####################################################################################################################################
[*] Processing domain itrade.gov.il
[+] Getting nameservers
[-] Getting nameservers failed
[-] Zone transfer failed

[*] Scanning itrade.gov.il for A records
107.178.254.36 - itrade.gov.il
185.241.6.89 - www.itrade.gov.il
#######################################################################################################################################
Ip Address	Status	Type	Domain Name			Server
----------	------	----	-----------			------
185.241.6.243   200     alias   www.itrade.gov.il		Reblaze Secure Web Gateway
185.241.6.243	200	alias	itrade-gov-il.cloudwm-waf.com	Reblaze Secure Web Gateway
185.241.6.243	200	host	geo.cloudwm-waf.com		Reblaze Secure Web Gateway
#######################################################################################################################################
                                        Anonymous Operation Israel JTSEC full recon 2018 #18