Anonymous JTSEC #OpIsraël Full Recon #9

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname jcpa.org ISP Unified Layer
4. Continent North America Flag
5. US
6. Country United States Country Code US
7. Region Utah Local time 06 Feb 2019 08:28 MST
8. City Provo Postal Code 84606
9. IP Address 198.57.177.19 Latitude 40.235
10. =======================================================================================================================================
11. #######################################################################################################################################
12. > jcpa.org
13. Server: 38.132.106.139
14. Address: 38.132.106.139#53
15.  
16. Non-authoritative answer:
17. Name: jcpa.org
18. Address: 198.57.177.19
19. >
20. #######################################################################################################################################
21. HostIP:198.57.177.19
22. HostName:jcpa.org
23.  
24. Gathered Inet-whois information for 198.57.177.19
25. ---------------------------------------------------------------------------------------------------------------------------------------
26.  
27.  
28. inetnum: 198.55.32.0 - 198.89.87.255
29. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
30. descr: IPv4 address block not managed by the RIPE NCC
31. remarks: ------------------------------------------------------
32. remarks:
33. remarks: For registration information,
34. remarks: you can consult the following sources:
35. remarks:
36. remarks: IANA
37. remarks: http://www.iana.org/assignments/ipv4-address-space
38. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
39. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
40. remarks:
41. remarks: AFRINIC (Africa)
42. remarks: http://www.afrinic.net/ whois.afrinic.net
43. remarks:
44. remarks: APNIC (Asia Pacific)
45. remarks: http://www.apnic.net/ whois.apnic.net
46. remarks:
47. remarks: ARIN (Northern America)
48. remarks: http://www.arin.net/ whois.arin.net
49. remarks:
50. remarks: LACNIC (Latin America and the Carribean)
51. remarks: http://www.lacnic.net/ whois.lacnic.net
52. remarks:
53. remarks: ------------------------------------------------------
54. country: EU # Country is really world wide
55. admin-c: IANA1-RIPE
56. tech-c: IANA1-RIPE
57. status: ALLOCATED UNSPECIFIED
58. mnt-by: RIPE-NCC-HM-MNT
59. created: 2019-01-07T10:47:25Z
60. last-modified: 2019-01-07T10:47:25Z
61. source: RIPE
62.  
63. role: Internet Assigned Numbers Authority
64. address: see http://www.iana.org.
65. admin-c: IANA1-RIPE
66. tech-c: IANA1-RIPE
67. nic-hdl: IANA1-RIPE
68. remarks: For more information on IANA services
69. remarks: go to IANA web site at http://www.iana.org.
70. mnt-by: RIPE-NCC-MNT
71. created: 1970-01-01T00:00:00Z
72. last-modified: 2001-09-22T09:31:27Z
73. source: RIPE # Filtered
74.  
75. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
76.  
77.  
78.  
79. Gathered Inic-whois information for jcpa.org
80. ---------------------------------------------------------------------------------------------------------------------------------------
81. Domain Name: JCPA.ORG
82. Registry Domain ID: D517583-LROR
83. Registrar WHOIS Server: whois.networksolutions.com
84. Registrar URL: http://www.networksolutions.com
85. Updated Date: 2018-01-14T21:19:13Z
86. Creation Date: 1996-09-19T04:00:00Z
87. Registry Expiry Date: 2019-09-18T04:00:00Z
88. Registrar Registration Expiration Date:
89. Registrar: Network Solutions, LLC
90. Registrar IANA ID: 2
91. Registrar Abuse Contact Email: abuse@web.com
92. Registrar Abuse Contact Phone: +1.8003337680
93. Reseller:
94. Domain Status: ok https://icann.org/epp#ok
95. Registrant Organization: Jerusalem Center for Public Affairs
96. Registrant State/Province:
97. Registrant Country: IL
98. Name Server: NS3.P24.DYNECT.NET
99. Name Server: NS1.P24.DYNECT.NET
100. Name Server: NS2.P24.DYNECT.NET
101. Name Server: NS4.P24.DYNECT.NET
102. DNSSEC: unsigned
103. URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
104. >>> Last update of WHOIS database: 2019-02-06T16:01:58Z <<<
105. #######################################################################################################################################
106. [i] Scanning Site: http://jcpa.org
107.  
108.  
109.  
110. B A S I C I N F O
111. =======================================================================================================================================
112.  
113.  
114. [+] Site Title: Jerusalem Center For Public Affairs
115. [+] IP address: 198.57.177.19
116. [+] Web Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
117. [+] CMS: WordPress
118. [+] Cloudflare: Not Detected
119. [+] Robots File: Found
120.  
121. -------------[ contents ]----------------
122. User-agent: *
123. Allow: /
124. Disallow: /events/*
125. Disallow: /tag/*
126. Disallow: /wp-admin/
127.  
128. Sitemap: http://jcpa.org/sitemap.xml
129. -----------[end of contents]-------------
130.  
131.  
132.  
133. W H O I S L O O K U P
134. =======================================================================================================================================
135.  
136. Domain Name: JCPA.ORG
137. Registry Domain ID: D517583-LROR
138. Registrar WHOIS Server: whois.networksolutions.com
139. Registrar URL: http://www.networksolutions.com
140. Updated Date: 2018-01-14T21:19:13Z
141. Creation Date: 1996-09-19T04:00:00Z
142. Registry Expiry Date: 2019-09-18T04:00:00Z
143. Registrar Registration Expiration Date:
144. Registrar: Network Solutions, LLC
145. Registrar IANA ID: 2
146. Registrar Abuse Contact Email: abuse@web.com
147. Registrar Abuse Contact Phone: +1.8003337680
148. Reseller:
149. Domain Status: ok https://icann.org/epp#ok
150. Registrant Organization: Jerusalem Center for Public Affairs
151. Registrant State/Province:
152. Registrant Country: IL
153. Name Server: NS3.P24.DYNECT.NET
154. Name Server: NS1.P24.DYNECT.NET
155. Name Server: NS2.P24.DYNECT.NET
156. Name Server: NS4.P24.DYNECT.NET
157. DNSSEC: unsigned
158. URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
159. >>> Last update of WHOIS database: 2019-02-06T16:02:26Z <<<
160.  
161. For more information on Whois status codes, please visit https://icann.org/epp
162.  
163.  
164.  
165.  
166.  
167. G E O I P L O O K U P
168. =======================================================================================================================================
169.  
170. [i] IP Address: 198.57.177.19
171. [i] Country: United States] Processing domain jcpa.org
172. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
173. [+] Getting nameservers
174. 208.78.70.24 - ns1.p24.dynect.net
175. 208.78.71.24 - ns3.p24.dynect.net
176. 204.13.250.24 - ns2.p24.dynect.net
177. 204.13.251.24 - ns4.p24.dynect.net
178. [-] Zone transfer failed
179.  
180. [+] TXT records found
181. "MS=ms16983907"
182. "v=spf1 include:spf.protection.outlook.com -all"
183.  
184. [+] MX records found, added to target list
185. 0 jcpa-org.mail.protection.outlook.com.
186. 10 jcpa-org.mail.protection.outlook.com.
187.  
188. [*] Scanning jcpa.org for A records
189. 198.57.177.19 - jcpa.org
190. 52.96.37.40 - autodiscover.jcpa.org
191. 40.97.30.168 - autodiscover.jcpa.org
192. 40.97.188.232 - autodiscover.jcpa.org
193. 40.97.24.8 - autodiscover.jcpa.org
194. 63.208.156.169 - lists.jcpa.org
195. 195.225.46.79 - mail.jcpa.org
196. 104.211.16.22 - msoid.jcpa.org
197. 104.211.48.16 - msoid.jcpa.org
198. 40.114.120.17 - msoid.jcpa.org
199. 104.211.48.20 - msoid.jcpa.org
200. 104.211.16.17 - msoid.jcpa.org
201. 104.211.48.18 - msoid.jcpa.org
202. 195.225.46.79 - webmail.jcpa.org
203. 198.57.177.19 - www.jcpa.org
204. [i] State: Utah
205. [i] City: Provo
206. [i] Latitude: 40.2347
207. [i] Longitude: -111.6447
208.  
209.  
210.  
211.  
212. H T T P H E A D E R S
213. =======================================================================================================================================
214.  
215.  
216. [i] HTTP/1.1 200 OK
217. [i] Date: Wed, 06 Feb 2019 16:03:27 GMT
218. [i] Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
219. [i] Last-Modified: Tue, 05 Feb 2019 11:06:03 GMT
220. [i] ETag: "1f3b5-58123985c19cc"
221. [i] Accept-Ranges: bytes
222. [i] Content-Length: 127925
223. [i] Cache-Control: max-age=3, must-revalidate
224. [i] Expires: Wed, 06 Feb 2019 16:03:30 GMT
225. [i] Vary: Accept-Encoding,Cookie
226. [i] Connection: close
227. [i] Content-Type: text/html; charset=UTF-8
228.  
229.  
230.  
231.  
232. D N S L O O K U P
233. =======================================================================================================================================
234.  
235. jcpa.org. 3599 IN SOA ns1.p24.dynect.net. darren\.jcpa.gmail.com. 702 3600 600 604800 60
236. jcpa.org. 21599 IN NS ns4.p24.dynect.net.
237. jcpa.org. 21599 IN NS ns3.p24.dynect.net.
238. jcpa.org. 21599 IN NS ns2.p24.dynect.net.
239. jcpa.org. 21599 IN NS ns1.p24.dynect.net.
240. jcpa.org. 59 IN A 198.57.177.19
241. jcpa.org. 14399 IN MX 0 jcpa-org.mail.protection.outlook.com.
242. jcpa.org. 14399 IN MX 10 jcpa-org.mail.protection.outlook.com.
243. jcpa.org. 3599 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
244. jcpa.org. 3599 IN TXT "MS=ms16983907"
245.  
246.  
247.  
248.  
249. S U B N E T C A L C U L A T I O N
250. =======================================================================================================================================
251.  
252. Address = 198.57.177.19
253. Network = 198.57.177.19 / 32
254. Netmask = 255.255.255.255
255. Broadcast = not needed on Point-to-Point links
256. Wildcard Mask = 0.0.0.0
257. Hosts Bits = 0
258. Max. Hosts = 1 (2^0 - 0)
259. Host Range = { 198.57.177.19 - 198.57.177.19 }
260.  
261.  
262.  
263. N M A P P O R T S C A N
264. =======================================================================================================================================
265.  
266.  
267. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-06 16:03 UTC
268. Nmap scan report for jcpa.org (198.57.177.19)
269. Host is up (0.11s latency).
270. rDNS record for 198.57.177.19: 198-57-177-19.unifiedlayer.com
271. PORT STATE SERVICE
272. 21/tcp open ftp
273. 22/tcp open ssh
274. 23/tcp closed telnet
275. 80/tcp open http
276. 110/tcp open pop3
277. 143/tcp open imap
278. 443/tcp open https
279. 3389/tcp closed ms-wbt-server
280.  
281. Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
282.  
283.  
284.  
285. S U B - D O M A I N F I N D E R
286. =======================================================================================================================================
287.  
288.  
289. [i] Total Subdomains Found : 2
290.  
291. [+] Subdomain: mail.jcpa.org
292. [-] IP: 195.225.46.79
293.  
294. [+] Subdomain: www.jerusalem.jcpa.org
295. [-] IP: 182.50.150.129
296. #######################################################################################################################################
297. [!] IP Address : 198.57.177.19
298. [!] CMS Detected : WordPress
299. [?] Would you like to use WPScan? [Y/n] n
300. [+] Honeypot Probabilty: 30%
301. ---------------------------------------------------------------------------------------------------------------------------------------
302. [~] Trying to gather whois information for jcpa.org
303. [+] Whois information found
304. [-] Unable to build response, visit https://who.is/whois/jcpa.org
305. ---------------------------------------------------------------------------------------------------------------------------------------
306. PORT STATE SERVICE
307. 21/tcp open ftp
308. 22/tcp open ssh
309. 23/tcp closed telnet
310. 80/tcp open http
311. 110/tcp open pop3
312. 143/tcp open imap
313. 443/tcp open https
314. 3389/tcp closed ms-wbt-server
315. Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
316. ---------------------------------------------------------------------------------------------------------------------------------------
317.  
318. [+] DNS Records
319. ns4.p24.dynect.net. (204.13.251.24) AS33517 Dynamic Network Services, Inc. United States
320. ns3.p24.dynect.net. (208.78.71.24) AS33517 Dynamic Network Services, Inc. United States
321. ns1.p24.dynect.net. (208.78.70.24) AS33517 Dynamic Network Services, Inc. United States
322. ns2.p24.dynect.net. (204.13.250.24) AS33517 Dynamic Network Services, Inc. United States
323.  
324. [+] MX Records
325. 10 (104.47.10.36) AS8075 Microsoft Corporation United States
326.  
327. [+] MX Records
328. 0 (104.47.10.36) AS8075 Microsoft Corporation United States
329.  
330. [+] Host Records (A)
331. jcpa.orgHTTP: (198-57-177-19.unifiedlayer.com) (198.57.177.191) AS46606 Unified Layer United States
332. mail.jcpa.org (media-line.co.il) (195.225.46.79) AS9116 012 Smile Communications LTD. Israel
333. www.jerusalem.jcpa.orgFTP: (sg2nlhg734c1734.shr.prod.sin2.secureserver.net) (182.50.150.129) AS26496 GoDaddy.com, LLC Singapore
334.  
335. [+] TXT Records
336. "MS=ms16983907"
337. "v=spf1 include:spf.protection.outlook.com -all"
338.  
339. [+] DNS Map: https://dnsdumpster.com/static/map/jcpa.org.png
340.  
341. [>] Initiating 3 intel modules
342. [>] Loading Alpha module (1/3)
343. [>] Beta module deployed (2/3)
344. [>] Gamma module initiated (3/3)
345. No emails found
346.  
347. [+] Hosts found in search engines:
348. ---------------------------------------------------------------------------------------------------------------------------------------
349. [-] Resolving hostnames IPs...
350. 198.57.177.19:www.jcpa.org
351. [+] Virtual hosts:
352. ---------------------------------------------------------------------------------------------------------------------------------------
353. 198.57.177.19 www.jcpa.org
354. #######################################################################################################################################
355. ; <<>> DiG 9.11.5-P1-1-Debian <<>> jcpa.org
356. ;; global options: +cmd
357. ;; Got answer:
358. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19156
359. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
360.  
361. ;; OPT PSEUDOSECTION:
362. ; EDNS: version: 0, flags:; udp: 4096
363. ;; QUESTION SECTION:
364. ;jcpa.org. IN A
365.  
366. ;; ANSWER SECTION:
367. jcpa.org. 4 IN A 198.57.177.19
368.  
369. ;; Query time: 92 msec
370. ;; SERVER: 38.132.106.139#53(38.132.106.139)
371. ;; WHEN: mer fév 06 11:13:53 EST 2019
372. ;; MSG SIZE rcvd: 53
373. #######################################################################################################################################
374. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace jcpa.org
375. ;; global options: +cmd
376. . 83174 IN NS j.root-servers.net.
377. . 83174 IN NS g.root-servers.net.
378. . 83174 IN NS l.root-servers.net.
379. . 83174 IN NS k.root-servers.net.
380. . 83174 IN NS b.root-servers.net.
381. . 83174 IN NS c.root-servers.net.
382. . 83174 IN NS h.root-servers.net.
383. . 83174 IN NS e.root-servers.net.
384. . 83174 IN NS f.root-servers.net.
385. . 83174 IN NS d.root-servers.net.
386. . 83174 IN NS i.root-servers.net.
387. . 83174 IN NS m.root-servers.net.
388. . 83174 IN NS a.root-servers.net.
389. . 83174 IN RRSIG NS 8 0 518400 20190219050000 20190206040000 16749 . X4vIdVxyUDnjm19JlhKBZZgVu1+Py3dE4X7IN4/E3dQOHum45PDPyYKm DTXaXd5T7070rXA1mcghUCzemi0BdQlGxBlmFOKpAmX7dO3+WzkO52aS M7W8vM7AL6rAJehQbBFcBAHDC1Orps5lO8Gvvk7nKr+SfjgaAvgV14o/ 4vouiSXmmINGlT8L7K8fpwaERMJWYdyORTQeu/a2rk8mwxyyl0VbYMZo 41xBsIHVxv4S2En0jnuy4CR+f8Bck5GPp+EU/kM4PutLnHnbwtB4IQWA Dq3IE+D03FQnxkoMXDVFFHBBmgDyn5Ec/CXDcBaWEb3bDitTadWxadFD lPAM/Q==
390. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 93 ms
391.  
392. org. 172800 IN NS a0.org.afilias-nst.info.
393. org. 172800 IN NS b0.org.afilias-nst.org.
394. org. 172800 IN NS a2.org.afilias-nst.info.
395. org. 172800 IN NS b2.org.afilias-nst.org.
396. org. 172800 IN NS c0.org.afilias-nst.info.
397. org. 172800 IN NS d0.org.afilias-nst.org.
398. org. 86400 IN DS 9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982
399. org. 86400 IN DS 9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891B FE7FF8E5
400. org. 86400 IN RRSIG DS 8 1 86400 20190219050000 20190206040000 16749 . YGua0+6nPggzpxRqL6+8UBxC96ekmt7JZgH2Mr3ViMoUV/5bNL+V2Vmz RNGRWgd6MXH0Y85DiTMReUkhEe+8yEKCYmx4GG5EFcqLvnjmdwCnwH8Z HVSc6N713ICg1CDfsRr5KPbhJfbYPm5OmEHGti3+EzVWaNExC4oIMRZm 9p456jEEIB86c15EAGLm8xij3sbgS9tlLkj08+zIS3joSA3mnGwDP/iT dlZGi5a+yYQ7jGWl2yJUwvsnPXPASNw+BHZgTfjsbiy0ysOsXikKgnCh JmdLqNLZWok6atVRi/e4LnLFswfTMkZRiyZdKejygBiitd/MauhD6BY9 qZnL7A==
401. ;; Received 838 bytes from 192.112.36.4#53(g.root-servers.net) in 219 ms
402.  
403. jcpa.org. 86400 IN NS ns1.p24.dynect.net.
404. jcpa.org. 86400 IN NS ns2.p24.dynect.net.
405. jcpa.org. 86400 IN NS ns3.p24.dynect.net.
406. jcpa.org. 86400 IN NS ns4.p24.dynect.net.
407. h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM
408. h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20190227161338 20190206151338 44603 org. VazL98D+/YK7AqfO2foAMJ5FMRw0z+OQAdzlDDI7hz1yDBxrgcaOQ2us +oXhxmD3MAJUqbHBvMrPVU5LMHUfSqRxmfL5bAcraD0cxLfmfgKUVGQq ekzvZk/u9tq6OY8+gL+z35oC46g52y2AiUFo26kIWVnuTDQn9GPJvCi1 5j4=
409. 77gppho30fajnsgds1vpldg6mrmt20bq.org. 86400 IN NSEC3 1 1 1 D399EAAB 77H83474QG3J5T9ORK8SFMELGC4EANB6 NS DS RRSIG
410. 77gppho30fajnsgds1vpldg6mrmt20bq.org. 86400 IN RRSIG NSEC3 7 2 86400 20190222153101 20190201143101 44603 org. dzjpTNDcMlANkOZ7iedyBNw5Mf26U0W1e/xxLFcPJ0QVmoltpZ3h5FHX Lcl39G/DvdHh/2uZ0Ow7f2AQ5qA61aB8iqSLZsjhC2UYHjYPzeDJXrNO oY2MlQG6Ql4cSjzwdtZ+O7TWd0qsrtpBwNdmI+SPyBimaLDxG4CFc5/4 du4=
411. ;; Received 616 bytes from 199.249.120.1#53(b2.org.afilias-nst.org) in 61 ms
412.  
413. jcpa.org. 60 IN A 198.57.177.19
414. jcpa.org. 86400 IN NS ns4.p24.dynect.net.
415. jcpa.org. 86400 IN NS ns3.p24.dynect.net.
416. jcpa.org. 86400 IN NS ns1.p24.dynect.net.
417. jcpa.org. 86400 IN NS ns2.p24.dynect.net.
418. ;; Received 139 bytes from 2001:500:94:1::24#53(ns3.p24.dynect.net) in 33 ms
419. #######################################################################################################################################
420. [*] Performing General Enumeration of Domain: jcpa.org
421. [-] DNSSEC is not configured for jcpa.org
422. [*] SOA ns1.p24.dynect.net 208.78.70.24
423. [*] NS ns1.p24.dynect.net 208.78.70.24
424. [*] Bind Version for 208.78.70.24 9.10.5-P3.
425. [*] NS ns1.p24.dynect.net 2001:500:90:1::24
426. [*] Bind Version for 2001:500:90:1::24 9.10.5-P3.
427. [*] NS ns3.p24.dynect.net 208.78.71.24
428. [*] Bind Version for 208.78.71.24 9.10.5-P3.
429. [*] NS ns3.p24.dynect.net 2001:500:94:1::24
430. [*] Bind Version for 2001:500:94:1::24 9.10.5-P3.
431. [*] NS ns2.p24.dynect.net 204.13.250.24
432. [*] Bind Version for 204.13.250.24 9.10.5-P3.
433. [*] NS ns4.p24.dynect.net 204.13.251.24
434. [*] Bind Version for 204.13.251.24 9.10.5-P3.
435. [*] MX jcpa-org.mail.protection.outlook.com 104.47.8.36
436. [*] MX jcpa-org.mail.protection.outlook.com 104.47.9.36
437. [*] MX jcpa-org.mail.protection.outlook.com 104.47.8.36
438. [*] MX jcpa-org.mail.protection.outlook.com 104.47.9.36
439. [*] A jcpa.org 198.57.177.19
440. [*] TXT jcpa.org MS=ms16983907
441. [*] TXT jcpa.org v=spf1 include:spf.protection.outlook.com -all
442. [*] Enumerating SRV Records
443. [-] No SRV Records Found for jcpa.org
444. [+] 0 Records Found
445. #######################################################################################################################################
446. ] Processing domain jcpa.org
447. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
448. [+] Getting nameservers
449. 208.78.70.24 - ns1.p24.dynect.net
450. 208.78.71.24 - ns3.p24.dynect.net
451. 204.13.250.24 - ns2.p24.dynect.net
452. 204.13.251.24 - ns4.p24.dynect.net
453. [-] Zone transfer failed
454.  
455. [+] TXT records found
456. "MS=ms16983907"
457. "v=spf1 include:spf.protection.outlook.com -all"
458.  
459. [+] MX records found, added to target list
460. 0 jcpa-org.mail.protection.outlook.com.
461. 10 jcpa-org.mail.protection.outlook.com.
462.  
463. [*] Scanning jcpa.org for A records
464. 198.57.177.19 - jcpa.org
465. 52.96.37.40 - autodiscover.jcpa.org
466. 40.97.30.168 - autodiscover.jcpa.org
467. 40.97.188.232 - autodiscover.jcpa.org
468. 40.97.24.8 - autodiscover.jcpa.org
469. 63.208.156.169 - lists.jcpa.org
470. 195.225.46.79 - mail.jcpa.org
471. 104.211.16.22 - msoid.jcpa.org
472. 104.211.48.16 - msoid.jcpa.org
473. 40.114.120.17 - msoid.jcpa.org
474. 104.211.48.20 - msoid.jcpa.org
475. 104.211.16.17 - msoid.jcpa.org
476. 104.211.48.18 - msoid.jcpa.org
477. 195.225.46.79 - webmail.jcpa.org
478. 198.57.177.19 - www.jcpa.org
479. #######################################################################################################################################
480. Ip Address Status Type Domain Name Server
481. ---------- ------ ---- ----------- ------
482. 63.208.156.169 host lists.jcpa.org
483. 195.225.46.79 host mail.jcpa.org
484. 195.225.46.79 alias webmail.jcpa.org
485. 195.225.46.79 host mail.jcpa.org
486. 198.57.177.19 301 alias www.jcpa.org Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
487. 198.57.177.19 301 host jcpa.org Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
488. #######################################################################################################################################
489. dnsenum VERSION:1.2.4
490.  
491. ----- jcpa.org -----
492.  
493.  
494. Host's addresses:
495. __________________
496.  
497. jcpa.org. 17 IN A 198.57.177.19
498.  
499.  
500. Name Servers:
501. ______________
502.  
503. ns2.p24.dynect.net. 70679 IN A 204.13.250.24
504. ns3.p24.dynect.net. 69781 IN A 208.78.71.24
505. ns4.p24.dynect.net. 70361 IN A 204.13.251.24
506. ns1.p24.dynect.net. 69454 IN A 208.78.70.24
507.  
508.  
509. Mail (MX) Servers:
510. ___________________
511.  
512. jcpa-org.mail.protection.outlook.com. 10 IN A 104.47.8.36
513. jcpa-org.mail.protection.outlook.com. 10 IN A 104.47.10.36
514. jcpa-org.mail.protection.outlook.com. 10 IN A 104.47.8.36
515. jcpa-org.mail.protection.outlook.com. 10 IN A 104.47.10.36
516.  
517.  
518. Trying Zone Transfers and getting Bind Versions:
519. _________________________________________________
520.  
521.  
522. Trying Zone Transfer for jcpa.org on ns2.p24.dynect.net ...
523.  
524. Trying Zone Transfer for jcpa.org on ns3.p24.dynect.net ...
525.  
526. Trying Zone Transfer for jcpa.org on ns4.p24.dynect.net ...
527.  
528. Trying Zone Transfer for jcpa.org on ns1.p24.dynect.net ...
529.  
530. brute force file not specified, bay.
531. #######################################################################################################################################
532. Domain Name: JCPA.ORG
533. Registry Domain ID: D517583-LROR
534. Registrar WHOIS Server: whois.networksolutions.com
535. Registrar URL: http://www.networksolutions.com
536. Updated Date: 2018-01-14T21:19:13Z
537. Creation Date: 1996-09-19T04:00:00Z
538. Registry Expiry Date: 2019-09-18T04:00:00Z
539. Registrar Registration Expiration Date:
540. Registrar: Network Solutions, LLC
541. Registrar IANA ID: 2
542. Registrar Abuse Contact Email: abuse@web.com
543. Registrar Abuse Contact Phone: +1.8003337680
544. Reseller:
545. Domain Status: ok https://icann.org/epp#ok
546. Registrant Organization: Jerusalem Center for Public Affairs
547. Registrant State/Province:
548. Registrant Country: IL
549. Name Server: NS3.P24.DYNECT.NET
550. Name Server: NS1.P24.DYNECT.NET
551. Name Server: NS2.P24.DYNECT.NET
552. Name Server: NS4.P24.DYNECT.NET
553. DNSSEC: unsigned
554. URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
555. >>> Last update of WHOIS database: 2019-02-06T16:02:42Z <<<
556.  
557. For more information on Whois status codes, please visit https://icann.org/epp
558.  
559. Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
560.  
561. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
562. #######################################################################################################################################
563. --------------------------------------------------------------------------------------------------------------------------------------
564.  
565. [1/25] /webhp?hl=en-CA
566. [x] Error downloading /webhp?hl=en-CA
567. [2/25] http://jcpa.org/resolution242/
568. [3/25] http://www.jcpa.org/RedLinesInv_web.pdf
569. [4/25] http://www.jcpa.org/RedLinesInv_webHEB.pdf
570. [5/25] http://jcpa.org/pdf/intl_presence_hebron_weiner.pdf
571. [6/25] http://jcpa.org/text/Israel60_Gavison.pdf
572. [7/25] http://jcpa.org/pdf/PA_budget_2016.pdf
573. [8/25] http://jcpa.org/pdf/migration_weiner.pdf
574. [9/25] http://jcpa.org/pdf/SJP_unmasked_2018_web.pdf
575. [10/25] http://www.jcpa.org/text/Challenge_to_Israel_Legitimacy.pdf
576. [11/25] http://jcpa.org/pdf/terror_book_amzn_cvr_23may2017.pdf
577. [12/25] http://www.jcpa.org/text/Hamas_Gaza_War_Accountability_Under_International_Law.pdf
578. [13/25] http://jcpa.org/text/Israel60_Blum.pdf
579. [14/25] http://jcpa.org/pdf/JIB_vol16_no20_18dec16.pdf
580. [15/25] http://jcpa.org/text/louis_marshall.pdf
581. [16/25] http://jcpa.org/pdf/gaza_war_weiner.pdf
582. [17/25] http://www.jcpa.org/text/americanjewry.pdf
583. [18/25] http://jcpa.org/pdf/Inspections_The_Weak_Link_in_a_Nuclear_Agreement_with_Iran.pdf
584. [19/25] http://jcpa.org/pdf/jerusalem_center_annual_report_2017.pdf
585. [20/25] http://www.jcpa.org/text/Palestinian_State_ICC.pdf
586. [21/25] http://jcpa.org/pdf/palestinian_christians_weiner.pdf
587. [22/25] http://jcpa.org/pdf/Jerusalem_Viewpoints_no609_feb2017.pdf
588. [23/25] http://jcpa.org/pdf/DB_web.pdf
589. [24/25] http://www.jcpa.org/text/International_Law_and_Military_Operations_in_Practice.pdf
590. [25/25] http://jcpa.org/text/Israel60_Steinberg.pdf
591.  
592. [+] List of users found:
593. ---------------------------------------------------------------------------------------------------------------------------------------
594. Jerusalem Center
595. David
596. Darren
597.  
598. [+] List of software found:
599. ---------------------------------------------------------------------------------------------------------------------------------------
600. Adobe PDF Library 8.0
601. Adobe InDesign CS3 (5.0)
602. Adobe Acrobat 9.0 Image Conversion Plug-in
603. Adobe Acrobat 9.0
604. WorkCentre Pro 128
605. ��Microsoft� Word 2010
606. Adobe PDF Library 10.0.1
607. Adobe InDesign CS6 (Windows)
608. Adobe PDF Library 9.9
609. Adobe InDesign CS5 (7.0)
610. Adobe PDF Library 9.0
611. Adobe InDesign CS4 (6.0.5)
612. Adobe InDesign CS3 (5.0.4)
613. Google
614. Adobe PDF Library 7.0
615. Adobe InDesign CS2 (4.0.5)
616. 3-Heights(TM) PDF Producer 4.4.14.0 (http://www.pdf-tools.com)
617.  
618. [+] List of paths and servers found:
619. ---------------------------------------------------------------------------------------------------------------------------------------
620.  
621. [+] List of e-mails found:
622. ---------------------------------------------------------------------------------------------------------------------------------------
623. jcpa@netvision.net.il
624. article.php@id
625. jcpa@netvision.net.il
626. jcpa@netvision.net.il
627. jcpa@ne
628. stefaan.peirsman@fos-socsol.be
629. jcpa@netvision.net.il.
630. jcpa@netvision.net.il
631. laurend@mayyimhayyim.org.
632. info@jcpa.org
633. jcpa@netvision.net.il
634. cjcs3@verizon.net
635. jcpa@netvision.net.il
636. jcpa@netvision.net.il.
637. jcpa@netvision.net.il
638. #######################################################################################################################################
639.  
640. ____ _ _ _ _ _____
641. / ___| _ _| |__ | (_)___| |_|___ / _ __
642. \___ \| | | | '_ \| | / __| __| |_ \| '__|
643. ___) | |_| | |_) | | \__ \ |_ ___) | |
644. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
645.  
646. # Coded By Ahmed Aboul-Ela - @aboul3la
647.  
648. [-] Enumerating subdomains now for jcpa.org
649. [-] verbosity is enabled, will show the subdomains results in realtime
650. [-] Searching now in Baidu..
651. [-] Searching now in Yahoo..
652. [-] Searching now in Google..
653. [-] Searching now in Bing..
654. [-] Searching now in Ask..
655. [-] Searching now in Netcraft..
656. [-] Searching now in DNSdumpster..
657. [-] Searching now in Virustotal..
658. [-] Searching now in ThreatCrowd..
659. [-] Searching now in SSL Certificates..
660. [-] Searching now in PassiveDNS..
661. ThreatCrowd: jerusalem.jcpa.org
662. Virustotal: www.jcpa.org
663. Virustotal: www.jerusalem.jcpa.org
664. Virustotal: www.dailyalert.jcpa.org
665. SSL Certificates: www.jcpa.org
666. DNSdumpster: mail.jcpa.org
667. DNSdumpster: www.jerusalem.jcpa.org
668. Bing: jerusalem.jcpa.org
669. PassiveDNS: mail.jcpa.org
670. Yahoo: www.jcpa.org
671. Baidu: www.jerusalem.jcpa.org
672. Baidu: jerusalem.jcpa.org
673. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-jcpa.org.txt
674. [-] Total Unique Subdomains Found: 5
675. www.jcpa.org
676. www.dailyalert.jcpa.org
677. jerusalem.jcpa.org
678. www.jerusalem.jcpa.org
679. mail.jcpa.org
680. #######################################################################################################################################
681. jcpa.org,198.57.177.19
682. www.jcpa.org,198.57.177.19
683. jerusalem.jcpa.org,182.50.150.129
684. lists.jcpa.org,63.208.156.169
685. webmail.jcpa.org,195.225.46.79
686. mail.jcpa.org,195.225.46.79
687. www.jerusalem.jcpa.org,182.50.150.129
688. dailyalert.jcpa.org,195.225.46.18
689. www.dailyalert.jcpa.org,195.225.46.18
690. jcpa.jcpa.org,195.225.46.79
691. #######################################################################################################################################
692. ===============================================
693. -=Subfinder v1.1.3 github.com/subfinder/subfinder
694. ===============================================
695.  
696.  
697. Running Source: Ask
698. Running Source: Archive.is
699. Running Source: Baidu
700. Running Source: Bing
701. Running Source: CertDB
702. Running Source: CertificateTransparency
703. Running Source: Certspotter
704. Running Source: Commoncrawl
705. Running Source: Crt.sh
706. Running Source: Dnsdb
707. Running Source: DNSDumpster
708. Running Source: DNSTable
709. Running Source: Dogpile
710. Running Source: Exalead
711. Running Source: Findsubdomains
712. Running Source: Googleter
713. Running Source: Hackertarget
714. Running Source: Ipv4Info
715. Running Source: PTRArchive
716. Running Source: Sitedossier
717. Running Source: Threatcrowd
718. Running Source: ThreatMiner
719. Running Source: WaybackArchive
720. Running Source: Yahoo
721.  
722. Running enumeration on jcpa.org
723.  
724. dnsdb: Unexpected return status 503
725.  
726. waybackarchive: Get http://web.archive.org/cdx/search/cdx?url=*.jcpa.org/*&output=json&fl=original&collapse=urlkey&page=
727. : net/http: HTTP/1.x transport connection broken: malformed HTTP response "<html>"
728.  
729.  
730. Starting Bruteforcing of jcpa.org with 9985 words
731.  
732. Total 20 Unique subdomains found for jcpa.org
733.  
734. .jcpa.org
735. .www.jcpa.org
736. autodiscover.jcpa.org
737. dailyalert.jcpa.org
738. events.jcpa.org
739. info.jcpa.org
740. jcp.jcpa.org
741. jerusalem.jcpa.org
742. lists.jcpa.org
743. mail.dailyalert.jcpa.org
744. mail.jcpa.org
745. mail.jcpa.org
746. msoid.jcpa.org
747. old.jcpa.org
748. webmail.jcpa.org
749. www.dailyalert.jcpa.org
750. www.jcpa.org
751. www.jcpa.org
752. www.jerusalem.jcpa.org
753. www.www.jcpa.org
754. #######################################################################################################################################
755. [*] Found SPF record:
756. [*] v=spf1 include:spf.protection.outlook.com -all
757. [*] SPF record contains an All item: -all
758. [*] No DMARC record found. Looking for organizational record
759. [+] No organizational DMARC record
760. [+] Spoofing possible for jcpa.org!
761. #######################################################################################################################################
762. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:16 EST
763. Nmap scan report for jcpa.org (198.57.177.19)
764. Host is up (0.15s latency).
765. rDNS record for 198.57.177.19: 198-57-177-19.unifiedlayer.com
766. Not shown: 343 closed ports, 123 filtered ports
767. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
768. PORT STATE SERVICE
769. 21/tcp open ftp
770. 53/tcp open domain
771. 80/tcp open http
772. 110/tcp open pop3
773. 143/tcp open imap
774. 443/tcp open https
775. 465/tcp open smtps
776. 587/tcp open submission
777. 993/tcp open imaps
778. 995/tcp open pop3s
779. #######################################################################################################################################
780. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:16 EST
781. Nmap scan report for jcpa.org (198.57.177.19)
782. Host is up (0.073s latency).
783. rDNS record for 198.57.177.19: 198-57-177-19.unifiedlayer.com
784. Not shown: 2 filtered ports
785. PORT STATE SERVICE
786. 53/udp open domain
787. 67/udp open|filtered dhcps
788. 68/udp open|filtered dhcpc
789. 69/udp open|filtered tftp
790. 88/udp open|filtered kerberos-sec
791. 123/udp open|filtered ntp
792. 139/udp open|filtered netbios-ssn
793. 161/udp open|filtered snmp
794. 162/udp open|filtered snmptrap
795. 389/udp open|filtered ldap
796. 520/udp open|filtered route
797. 2049/udp open|filtered nfs
798. #######################################################################################################################################
799. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:16 EST
800. Nmap scan report for jcpa.org (198.57.177.19)
801. Host is up (0.14s latency).
802. rDNS record for 198.57.177.19: 198-57-177-19.unifiedlayer.com
803.  
804. PORT STATE SERVICE VERSION
805. 21/tcp open ftp Pure-FTPd
806. | ftp-brute:
807. | Accounts: No valid accounts found
808. |_ Statistics: Performed 4671 guesses in 185 seconds, average tps: 25.5
809. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
810. Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 3.5 (90%)
811. No exact OS matches for host (test conditions non-ideal).
812. Network Distance: 14 hops
813.  
814. TRACEROUTE (using port 21/tcp)
815. HOP RTT ADDRESS
816. 1 61.17 ms 10.235.200.1
817. 2 61.63 ms 193.37.252.209
818. 3 74.75 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
819. 4 61.22 ms 140.174.28.21
820. 5 126.45 ms ae-5.r04.miamfl02.us.bb.gin.ntt.net (129.250.3.209)
821. 6 61.62 ms ae-0.r21.miamfl02.us.bb.gin.ntt.net (129.250.4.20)
822. 7 92.64 ms 129.250.2.219
823. 8 117.46 ms ae-5.r22.lsanca07.us.bb.gin.ntt.net (129.250.7.69)
824. 9 118.64 ms ae-1.r00.lsanca07.us.bb.gin.ntt.net (129.250.3.17)
825. 10 127.88 ms ae-1.a01.lsanca07.us.bb.gin.ntt.net (129.250.2.160)
826. 11 138.28 ms ae-0.endurance.lsanca07.us.bb.gin.ntt.net (129.250.198.182)
827. 12 157.09 ms eth3-33-1.prvspn002.net.unifiedlayer.com (162.144.240.155)
828. 13 137.28 ms po97.prv-leaf3a.net.unifiedlayer.com (162.144.240.43)
829. 14 141.27 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
830. #######################################################################################################################################
831. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:20 EST
832. Nmap scan report for jcpa.org (198.57.177.19)
833. Host is up (0.15s latency).
834. rDNS record for 198.57.177.19: 198-57-177-19.unifiedlayer.com
835.  
836. PORT STATE SERVICE VERSION
837. 53/tcp open domain ISC BIND
838. |_dns-fuzz: Server didn't response to our probe, can't fuzz
839. | dns-nsec-enum:
840. |_ No NSEC records found
841. | dns-nsec3-enum:
842. |_ DNSSEC NSEC3 not supported
843. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
844. Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.5 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%)
845. No exact OS matches for host (test conditions non-ideal).
846. Network Distance: 14 hops
847.  
848. Host script results:
849. | dns-blacklist:
850. | SPAM
851. |_ l2.apews.org - SPAM
852. | dns-brute:
853. | DNS Brute-force hostnames:
854. | mail.jcpa.org - 195.225.46.79
855. |_ www.jcpa.org - 198.57.177.19
856.  
857. TRACEROUTE (using port 53/tcp)
858. HOP RTT ADDRESS
859. 1 61.39 ms 10.235.200.1
860. 2 61.99 ms 193.37.252.209
861. 3 63.86 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
862. 4 62.44 ms 140.174.28.21
863. 5 127.05 ms ae-5.r04.miamfl02.us.bb.gin.ntt.net (129.250.3.209)
864. 6 62.43 ms ae-0.r21.miamfl02.us.bb.gin.ntt.net (129.250.4.20)
865. 7 91.52 ms 129.250.2.219
866. 8 119.46 ms ae-5.r22.lsanca07.us.bb.gin.ntt.net (129.250.7.69)
867. 9 121.67 ms ae-1.r00.lsanca07.us.bb.gin.ntt.net (129.250.3.17)
868. 10 149.49 ms ae-1.a01.lsanca07.us.bb.gin.ntt.net (129.250.2.160)
869. 11 137.91 ms ae-0.endurance.lsanca07.us.bb.gin.ntt.net (129.250.198.182)
870. 12 164.09 ms eth3-33-1.prvspn002.net.unifiedlayer.com (162.144.240.155)
871. 13 134.02 ms po99.prv-leaf3b.net.unifiedlayer.com (162.144.240.55)
872. 14 143.28 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
873. #######################################################################################################################################
874. http://jcpa.org [200 OK] Apache[2.4.38][mod_bwlimited/1.4], Country[UNITED STATES][US], Email[info@jcpa.org], Frame, Google-Analytics[Universal][UA-39298142-1,UA-39298142-2], HTML5, HTTPServer[Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4], IP[198.57.177.19], JQuery[1.12.4], Open-Graph-Protocol[website], OpenSSL[1.0.2q], Script[application/ld+json,text/javascript], ShareThis, Title[Jerusalem Center For Public Affairs], WordPress, WordpressSuperCache, YouTube
875. #######################################################################################################################################
876. wig - WebApp Information Gatherer
877.  
878.  
879. Scanning http://jcpa.org...
880. ___________________________________________________ SITE INFO ____________________________________________________
881. IP Title
882. 198.57.177.19 Jerusalem Center For Public Affairs
883.  
884. ____________________________________________________ VERSION _____________________________________________________
885. Name Versions Type
886. WordPress 3.8 | 3.8.1 | 3.8.2 | 3.8.3 | 3.8.4 | 3.8.5 | 3.8.6 | 3.8.7 CMS
887. 3.8.8 | 3.9 | 3.9.1 | 3.9.2 | 3.9.3 | 3.9.4 | 3.9.5 | 3.9.6
888. 4.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.1 | 4.1.1
889. 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.2 | 4.2.1 | 4.2.2
890. Apache 2.4.38 Platform
891. PHP 5.6.40 Platform
892. mod_bwlimited 1.4 Platform
893. openssl 1.0.2q Platform
894.  
895. __________________________________________________ INTERESTING ___________________________________________________
896. URL Note Type
897. /robots.txt robots.txt index Interesting
898. /test.php Test file Interesting
899. /test.htm Test file Interesting
900. /test/ Test directory Interesting
901. /old/ This might be interesting Interesting
902.  
903. _____________________________________________________ TOOLS ______________________________________________________
904. Name Link Software
905. wpscan https://github.com/wpscanteam/wpscan WordPress
906. CMSmap https://github.com/Dionach/CMSmap WordPress
907.  
908. ________________________________________________ VULNERABILITIES _________________________________________________
909. Affected #Vulns Link
910. WordPress 3.8 12 http://cvedetails.com/version/162922
911. WordPress 3.8.1 12 http://cvedetails.com/version/162923
912. WordPress 3.8.2 7 http://cvedetails.com/version/176067
913. WordPress 3.8.3 7 http://cvedetails.com/version/176068
914. WordPress 3.8.4 8 http://cvedetails.com/version/176069
915. WordPress 3.9 8 http://cvedetails.com/version/176070
916. WordPress 3.9.1 15 http://cvedetails.com/version/169908
917. WordPress 3.9.2 10 http://cvedetails.com/version/176071
918. WordPress 3.9.3 1 http://cvedetails.com/version/185080
919. WordPress 4.0 9 http://cvedetails.com/version/176072
920. WordPress 4.0.1 1 http://cvedetails.com/version/185081
921. WordPress 4.1 1 http://cvedetails.com/version/185082
922. WordPress 4.1.1 2 http://cvedetails.com/version/185079
923. WordPress 4.2 1 http://cvedetails.com/version/185048
924. WordPress 4.2.1 1 http://cvedetails.com/version/184019
925. WordPress 4.2.2 2 http://cvedetails.com/version/185073
926.  
927. __________________________________________________________________________________________________________________
928. Time: 60.3 sec Urls: 472 Fingerprints: 40401
929. #######################################################################################################################################
930. HTTP/1.1 200 OK
931. Date: Wed, 06 Feb 2019 16:22:48 GMT
932. Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
933. Vary: Accept-Encoding,Cookie
934. Last-Modified: Wed, 06 Feb 2019 16:16:16 GMT
935. ETag: "1f3b5-5813c0b9b64e9"
936. Accept-Ranges: bytes
937. Content-Length: 127925
938. Cache-Control: max-age=3, must-revalidate
939. Expires: Wed, 06 Feb 2019 16:22:51 GMT
940. Content-Type: text/html; charset=UTF-8
941.  
942. HTTP/1.1 200 OK
943. Date: Wed, 06 Feb 2019 16:22:49 GMT
944. Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
945. Vary: Accept-Encoding,Cookie
946. Last-Modified: Wed, 06 Feb 2019 16:16:16 GMT
947. ETag: "1f3b5-5813c0b9b64e9"
948. Accept-Ranges: bytes
949. Content-Length: 127925
950. Cache-Control: max-age=3, must-revalidate
951. Expires: Wed, 06 Feb 2019 16:22:52 GMT
952. Content-Type: text/html; charset=UTF-8
953. #######################################################################################################################################
954. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:23 EST
955. Nmap scan report for jcpa.org (198.57.177.19)
956. Host is up (0.14s latency).
957. rDNS record for 198.57.177.19: 198-57-177-19.unifiedlayer.com
958.  
959. PORT STATE SERVICE VERSION
960. 110/tcp open pop3 Dovecot pop3d
961. | pop3-brute:
962. | Accounts: No valid accounts found
963. | Statistics: Performed 51 guesses in 40 seconds, average tps: 1.3
964. |_ ERROR: Failed to connect.
965. |_pop3-capabilities: TOP UIDL STLS RESP-CODES PIPELINING AUTH-RESP-CODE SASL(PLAIN LOGIN) CAPA USER
966. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
967. Aggressive OS guesses: Linux 2.6.32 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 - 3.1 (90%), Linux 3.11 (90%)
968. No exact OS matches for host (test conditions non-ideal).
969. Network Distance: 14 hops
970.  
971. TRACEROUTE (using port 110/tcp)
972. HOP RTT ADDRESS
973. 1 61.49 ms 10.235.200.1
974. 2 61.83 ms 193.37.252.209
975. 3 61.55 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
976. 4 61.55 ms ae-41.a01.miamfl02.us.bb.gin.ntt.net (140.174.28.21)
977. 5 126.76 ms ae-5.r04.miamfl02.us.bb.gin.ntt.net (129.250.3.209)
978. 6 63.92 ms ae-1.r21.miamfl02.us.bb.gin.ntt.net (129.250.4.88)
979. 7 90.94 ms 129.250.2.219
980. 8 120.33 ms ae-5.r22.lsanca07.us.bb.gin.ntt.net (129.250.7.69)
981. 9 119.36 ms ae-1.r00.lsanca07.us.bb.gin.ntt.net (129.250.3.17)
982. 10 119.38 ms ae-1.a01.lsanca07.us.bb.gin.ntt.net (129.250.2.160)
983. 11 141.73 ms ae-0.endurance.lsanca07.us.bb.gin.ntt.net (129.250.198.182)
984. 12 157.92 ms eth3-33-1.prvspn002.net.unifiedlayer.com (162.144.240.155)
985. 13 134.12 ms 162.144.240.55
986. 14 134.13 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
987. #######################################################################################################################################
988. https://jcpa.org [200 OK] Apache[2.4.38][mod_bwlimited/1.4], Country[UNITED STATES][US], Email[info@jcpa.org], Frame, Google-Analytics[Universal][UA-39298142-1,UA-39298142-2], HTML5, HTTPServer[Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4], IP[198.57.177.19], JQuery[1.12.4], Open-Graph-Protocol[website], OpenSSL[1.0.2q], Script[application/ld+json,text/javascript], ShareThis, Title[Jerusalem Center For Public Affairs], WordPress, WordpressSuperCache, YouTube
989. #######################################################################################################################################
990. wig - WebApp Information Gatherer
991.  
992.  
993. Scanning https://jcpa.org...
994. ___________________________________________________ SITE INFO ____________________________________________________
995. IP Title
996. 198.57.177.19 Jerusalem Center For Public Affairs
997.  
998. ____________________________________________________ VERSION _____________________________________________________
999. Name Versions Type
1000. WordPress 3.8 | 3.8.1 | 3.8.2 | 3.8.3 | 3.8.4 | 3.8.5 | 3.8.6 | 3.8.7 CMS
1001. 3.8.8 | 3.9 | 3.9.1 | 3.9.2 | 3.9.3 | 3.9.4 | 3.9.5 | 3.9.6
1002. 4.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.1 | 4.1.1
1003. 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.2 | 4.2.1 | 4.2.2
1004. Apache 2.4.38 Platform
1005. PHP 5.6.40 Platform
1006. mod_bwlimited 1.4 Platform
1007. openssl 1.0.2q Platform
1008.  
1009. __________________________________________________ INTERESTING ___________________________________________________
1010. URL Note Type
1011. /install.php Installation file Interesting
1012. /robots.txt robots.txt index Interesting
1013. /test.htm Test file Interesting
1014. /test/ Test directory Interesting
1015. /old/ This might be interesting Interesting
1016.  
1017. _____________________________________________________ TOOLS ______________________________________________________
1018. Name Link Software
1019. wpscan https://github.com/wpscanteam/wpscan WordPress
1020. CMSmap https://github.com/Dionach/CMSmap WordPress
1021.  
1022. ________________________________________________ VULNERABILITIES _________________________________________________
1023. Affected #Vulns Link
1024. WordPress 3.8 12 http://cvedetails.com/version/162922
1025. WordPress 3.8.1 12 http://cvedetails.com/version/162923
1026. WordPress 3.8.2 7 http://cvedetails.com/version/176067
1027. WordPress 3.8.3 7 http://cvedetails.com/version/176068
1028. WordPress 3.8.4 8 http://cvedetails.com/version/176069
1029. WordPress 3.9 8 http://cvedetails.com/version/176070
1030. WordPress 3.9.1 15 http://cvedetails.com/version/169908
1031. WordPress 3.9.2 10 http://cvedetails.com/version/176071
1032. WordPress 3.9.3 1 http://cvedetails.com/version/185080
1033. WordPress 4.0 9 http://cvedetails.com/version/176072
1034. WordPress 4.0.1 1 http://cvedetails.com/version/185081
1035. WordPress 4.1 1 http://cvedetails.com/version/185082
1036. WordPress 4.1.1 2 http://cvedetails.com/version/185079
1037. WordPress 4.2 1 http://cvedetails.com/version/185048
1038. WordPress 4.2.1 1 http://cvedetails.com/version/184019
1039. WordPress 4.2.2 2 http://cvedetails.com/version/185073
1040.  
1041. __________________________________________________________________________________________________________________
1042. Time: 77.0 sec Urls: 467 Fingerprints: 40401
1043. #######################################################################################################################################
1044. HTTP/1.1 200 OK
1045. Date: Wed, 06 Feb 2019 16:26:23 GMT
1046. Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
1047. Vary: Accept-Encoding,Cookie
1048. Last-Modified: Tue, 05 Feb 2019 11:25:20 GMT
1049. ETag: "1f586-58123dd4c417f"
1050. Accept-Ranges: bytes
1051. Content-Length: 128390
1052. Cache-Control: max-age=3, must-revalidate
1053. Expires: Wed, 06 Feb 2019 16:26:26 GMT
1054. Content-Type: text/html; charset=UTF-8
1055.  
1056. HTTP/1.1 200 OK
1057. Date: Wed, 06 Feb 2019 16:26:24 GMT
1058. Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
1059. Vary: Accept-Encoding,Cookie
1060. Last-Modified: Tue, 05 Feb 2019 11:25:20 GMT
1061. ETag: "1f586-58123dd4c417f"
1062. Accept-Ranges: bytes
1063. Content-Length: 128390
1064. Cache-Control: max-age=3, must-revalidate
1065. Expires: Wed, 06 Feb 2019 16:26:27 GMT
1066. Content-Type: text/html; charset=UTF-8
1067. #######################################################################################################################################
1068. Version: 1.11.12-static
1069. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1070.  
1071. Connected to 198.57.177.19
1072.  
1073. Testing SSL server jcpa.org on port 443 using SNI name jcpa.org
1074.  
1075. TLS Fallback SCSV:
1076. Server supports TLS Fallback SCSV
1077.  
1078. TLS renegotiation:
1079. Secure session renegotiation supported
1080.  
1081. TLS Compression:
1082. Compression disabled
1083.  
1084. Heartbleed:
1085. TLS 1.2 not vulnerable to heartbleed
1086. TLS 1.1 not vulnerable to heartbleed
1087. TLS 1.0 not vulnerable to heartbleed
1088.  
1089. Supported Server Cipher(s):
1090. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1091. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1092. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1093. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
1094. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
1095. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1096. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1097. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1098. Accepted TLSv1.2 256 bits AES256-SHA256
1099. Accepted TLSv1.2 256 bits AES256-SHA
1100. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1101. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1102. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1103. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1104. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
1105. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
1106. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1107. Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1108. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1109. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1110. Accepted TLSv1.2 128 bits AES128-SHA256
1111. Accepted TLSv1.2 128 bits AES128-SHA
1112. Accepted TLSv1.2 128 bits SEED-SHA
1113. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1114. Accepted TLSv1.2 128 bits IDEA-CBC-SHA
1115. Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1116. Accepted TLSv1.2 128 bits RC4-SHA
1117. Accepted TLSv1.2 128 bits RC4-MD5
1118. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1119. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1120. Accepted TLSv1.2 112 bits DES-CBC3-SHA
1121. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1122. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1123. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1124. Accepted TLSv1.1 256 bits AES256-SHA
1125. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1126. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1127. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1128. Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1129. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1130. Accepted TLSv1.1 128 bits AES128-SHA
1131. Accepted TLSv1.1 128 bits SEED-SHA
1132. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1133. Accepted TLSv1.1 128 bits IDEA-CBC-SHA
1134. Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1135. Accepted TLSv1.1 128 bits RC4-SHA
1136. Accepted TLSv1.1 128 bits RC4-MD5
1137. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1138. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1139. Accepted TLSv1.1 112 bits DES-CBC3-SHA
1140. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1141. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1142. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1143. Accepted TLSv1.0 256 bits AES256-SHA
1144. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1145. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1146. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1147. Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1148. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1149. Accepted TLSv1.0 128 bits AES128-SHA
1150. Accepted TLSv1.0 128 bits SEED-SHA
1151. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1152. Accepted TLSv1.0 128 bits IDEA-CBC-SHA
1153. Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1154. Accepted TLSv1.0 128 bits RC4-SHA
1155. Accepted TLSv1.0 128 bits RC4-MD5
1156. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1157. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1158. Accepted TLSv1.0 112 bits DES-CBC3-SHA
1159.  
1160. SSL Certificate:
1161. Signature Algorithm: sha256WithRSAEncryption
1162. RSA Key Strength: 2048
1163.  
1164. Subject: jcpa.org
1165. Altnames: DNS:jcpa.org, DNS:www.jcpa.org
1166. Issuer: Let's Encrypt Authority X3
1167.  
1168. Not valid before: Jan 26 09:53:14 2019 GMT
1169. Not valid after: Apr 26 09:53:14 2019 GMT
1170. #######################################################################################################################################
1171. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:54 EST
1172. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1173. Host is up (0.26s latency).
1174. Not shown: 342 closed ports, 123 filtered ports
1175. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1176. PORT STATE SERVICE
1177. 21/tcp open ftp
1178. 22/tcp open ssh
1179. 53/tcp open domain
1180. 80/tcp open http
1181. 110/tcp open pop3
1182. 143/tcp open imap
1183. 443/tcp open https
1184. 465/tcp open smtps
1185. 587/tcp open submission
1186. 993/tcp open imaps
1187. 995/tcp open pop3s
1188. #######################################################################################################################################
1189. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:54 EST
1190. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1191. Host is up (0.14s latency).
1192. Not shown: 2 filtered ports
1193. PORT STATE SERVICE
1194. 53/udp open domain
1195. 67/udp open|filtered dhcps
1196. 68/udp open|filtered dhcpc
1197. 69/udp open|filtered tftp
1198. 88/udp open|filtered kerberos-sec
1199. 123/udp open|filtered ntp
1200. 139/udp open|filtered netbios-ssn
1201. 161/udp open|filtered snmp
1202. 162/udp open|filtered snmptrap
1203. 389/udp open|filtered ldap
1204. 520/udp open|filtered route
1205. 2049/udp open|filtered nfs
1206. #######################################################################################################################################
1207. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:54 EST
1208. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1209. Host is up (0.26s latency).
1210.  
1211. PORT STATE SERVICE VERSION
1212. 21/tcp open ftp Pure-FTPd
1213. | ftp-brute:
1214. | Accounts: No valid accounts found
1215. |_ Statistics: Performed 3222 guesses in 188 seconds, average tps: 17.6
1216. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1217. Device type: general purpose|firewall|storage-misc
1218. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%)
1219. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
1220. Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 2.6.39 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 3.10 (89%), Linux 3.4 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
1221. No exact OS matches for host (test conditions non-ideal).
1222. Network Distance: 19 hops
1223.  
1224. TRACEROUTE (using port 21/tcp)
1225. HOP RTT ADDRESS
1226. 1 123.51 ms 10.246.200.1
1227. 2 123.54 ms 190.124.251.129
1228. 3 123.57 ms 172.16.21.1
1229. 4 183.76 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1230. 5 183.73 ms 192.168.7.2
1231. 6 183.76 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1232. 7 184.02 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1233. 8 184.01 ms te0-3-0-14.ccr21.mia03.atlas.cogentco.com (38.88.164.137)
1234. 9 184.00 ms xo.mia03.atlas.cogentco.com (154.54.11.70)
1235. 10 258.46 ms vb2000d2.rar3.sanjose-ca.us.xo.net (207.88.13.102)
1236. 11 257.28 ms 207.88.12.224.ptr.us.xo.net (207.88.12.224)
1237. 12 256.83 ms 207.88.12.195.ptr.us.xo.net (207.88.12.195)
1238. 13 258.69 ms 207.88.12.188
1239. 14 256.71 ms 207.88.12.191.ptr.us.xo.net (207.88.12.191)
1240. 15 256.64 ms 216.156.16.25
1241. 16 257.70 ms 216-50-157-238.dal-10.cvx.algx.net (216.50.157.238)
1242. 17 267.81 ms eth4-33-1.prvspn001.net.unifiedlayer.com (162.144.240.141)
1243. 18 257.64 ms po97.prv-leaf3b.net.unifiedlayer.com (162.144.240.51)
1244. 19 262.83 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
1245. #######################################################################################################################################
1246. # general
1247. (gen) banner: SSH-2.0-OpenSSH_5.3
1248. (gen) software: OpenSSH 5.3
1249. (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
1250. (gen) compression: enabled (zlib@openssh.com)
1251.  
1252. # key exchange algorithms
1253. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1254. `- [info] available since OpenSSH 4.4
1255. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1256. `- [warn] using weak hashing algorithm
1257. `- [info] available since OpenSSH 2.3.0
1258. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1259. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1260. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1261. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1262. `- [warn] using small 1024-bit modulus
1263. `- [warn] using weak hashing algorithm
1264. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1265.  
1266. # host-key algorithms
1267. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1268. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1269. `- [warn] using small 1024-bit modulus
1270. `- [warn] using weak random number generator could reveal the key
1271. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1272.  
1273. # encryption algorithms (ciphers)
1274. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1275. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
1276. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1277. (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1278. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1279. `- [warn] using weak cipher
1280. `- [info] available since OpenSSH 4.2
1281. (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1282. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1283. `- [warn] using weak cipher
1284. `- [info] available since OpenSSH 4.2
1285. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1286. `- [warn] using weak cipher mode
1287. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1288. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1289. `- [warn] using weak cipher
1290. `- [warn] using weak cipher mode
1291. `- [warn] using small 64-bit block size
1292. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1293. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1294. `- [fail] disabled since Dropbear SSH 0.53
1295. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1296. `- [warn] using weak cipher mode
1297. `- [warn] using small 64-bit block size
1298. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1299. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1300. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1301. `- [warn] using weak cipher mode
1302. `- [warn] using small 64-bit block size
1303. `- [info] available since OpenSSH 2.1.0
1304. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1305. `- [warn] using weak cipher mode
1306. `- [info] available since OpenSSH 2.3.0
1307. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1308. `- [warn] using weak cipher mode
1309. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1310. (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1311. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1312. `- [warn] using weak cipher
1313. `- [info] available since OpenSSH 2.1.0
1314. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1315. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1316. `- [warn] using weak cipher mode
1317. `- [info] available since OpenSSH 2.3.0
1318.  
1319. # message authentication code algorithms
1320. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1321. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1322. `- [warn] using encrypt-and-MAC mode
1323. `- [warn] using weak hashing algorithm
1324. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1325. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1326. `- [warn] using weak hashing algorithm
1327. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1328. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1329. `- [warn] using small 64-bit tag size
1330. `- [info] available since OpenSSH 4.7
1331. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1332. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1333. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1334. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1335. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1336. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1337. `- [warn] using encrypt-and-MAC mode
1338. `- [info] available since OpenSSH 2.5.0
1339. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1340. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1341. `- [warn] using encrypt-and-MAC mode
1342. `- [info] available since OpenSSH 2.1.0
1343. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1344. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1345. `- [warn] using encrypt-and-MAC mode
1346. `- [warn] using weak hashing algorithm
1347. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
1348. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1349. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1350. `- [warn] using encrypt-and-MAC mode
1351. `- [warn] using weak hashing algorithm
1352. `- [info] available since OpenSSH 2.5.0
1353.  
1354. # algorithm recommendations (for OpenSSH 5.3)
1355. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1356. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1357. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1358. (rec) -ssh-dss -- key algorithm to remove
1359. (rec) -arcfour -- enc algorithm to remove
1360. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
1361. (rec) -blowfish-cbc -- enc algorithm to remove
1362. (rec) -3des-cbc -- enc algorithm to remove
1363. (rec) -aes256-cbc -- enc algorithm to remove
1364. (rec) -arcfour256 -- enc algorithm to remove
1365. (rec) -cast128-cbc -- enc algorithm to remove
1366. (rec) -aes192-cbc -- enc algorithm to remove
1367. (rec) -arcfour128 -- enc algorithm to remove
1368. (rec) -aes128-cbc -- enc algorithm to remove
1369. (rec) -hmac-md5-96 -- mac algorithm to remove
1370. (rec) -hmac-ripemd160 -- mac algorithm to remove
1371. (rec) -hmac-sha1-96 -- mac algorithm to remove
1372. (rec) -umac-64@openssh.com -- mac algorithm to remove
1373. (rec) -hmac-md5 -- mac algorithm to remove
1374. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
1375. (rec) -hmac-sha1 -- mac algorithm to remove
1376. #######################################################################################################################################
1377. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 11:58 EST
1378. WARNING: RST from 198.57.177.19 port 22 -- is this port really open?
1379. WARNING: RST from 198.57.177.19 port 22 -- is this port really open?
1380. WARNING: RST from 198.57.177.19 port 22 -- is this port really open?
1381. WARNING: RST from 198.57.177.19 port 22 -- is this port really open?
1382. WARNING: RST from 198.57.177.19 port 22 -- is this port really open?
1383. WARNING: RST from 198.57.177.19 port 22 -- is this port really open?
1384. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1385. Host is up (0.26s latency).
1386.  
1387. PORT STATE SERVICE VERSION
1388. 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
1389. |_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)
1390. |_ssh-brute: ERROR: Script execution failed (use -d to debug)
1391. |_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
1392. |_ssh-run: ERROR: Script execution failed (use -d to debug)
1393. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1394. Aggressive OS guesses: Konica Minolta 1600f printer (98%), Motorola RFS 6000 wireless switch (95%), ZyXEL ZyWALL 2 firewall or Prestige 660HW-61 ADSL router (ZyNOS 3.62) (93%), FreeBSD 6.2-RELEASE (91%), OpenBSD 4.0 (91%), Papouch TME Ethernet thermometer (90%), Apple AirPort Extreme WAP (89%), OpenBSD 4.3 (89%), D-Link DI-808HV router (89%), Sony PCS-TL30 video conferencing system (88%)
1395. No exact OS matches for host (test conditions non-ideal).
1396. Network Distance: 20 hops
1397.  
1398. TRACEROUTE (using port 22/tcp)
1399. HOP RTT ADDRESS
1400. 1 122.92 ms 10.246.200.1
1401. 2 122.96 ms 190.124.251.129
1402. 3 122.99 ms 172.16.21.1
1403. 4 182.93 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1404. 5 183.10 ms 192.168.7.2
1405. 6 183.13 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1406. 7 183.54 ms core2.t6-1.bbnet1.mia003.pnap.net (69.25.0.2)
1407. 8 184.15 ms be-124-pe01.nota.fl.ibone.comcast.net (96.87.8.61)
1408. 9 185.37 ms be-12274-cr02.miami.fl.ibone.comcast.net (68.86.82.153)
1409. 10 212.05 ms be-12224-cr02.dallas.tx.ibone.comcast.net (68.86.86.142)
1410. 11 250.86 ms be-12124-cr02.1601milehigh.co.ibone.comcast.net (68.86.84.229)
1411. 12 249.89 ms be-12021-cr01.champa.co.ibone.comcast.net (68.86.84.225)
1412. 13 260.04 ms be-7922-ar01.saltlakecity.ut.utah.comcast.net (68.86.90.226)
1413. 14 263.71 ms po-1-rur01.orem.ut.utah.comcast.net (162.151.9.186)
1414. 15 264.30 ms be-11-sur03.orem.ut.utah.comcast.net (162.151.9.190)
1415. 16 275.24 ms 50.225.56.182
1416. 17 271.29 ms eth3-33-3.prvspn002.net.unifiedlayer.com (162.144.240.159)
1417. 18 260.25 ms po99.prv-leaf3b.net.unifiedlayer.com (162.144.240.55)
1418. 19 270.66 ms po97.prv-leaf3a.net.unifiedlayer.com (162.144.240.43)
1419. 20 256.16 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
1420. #######################################################################################################################################
1421. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
1422. RHOSTS => 198.57.177.19
1423. RHOST => 198.57.177.19
1424. [*] 198.57.177.19:22 - SSH - Using malformed packet technique
1425. [*] 198.57.177.19:22 - SSH - Starting scan
1426. [-] 198.57.177.19:22 - SSH - User 'admin' on could not connect
1427. [-] 198.57.177.19:22 - SSH - User 'administrator' on could not connect
1428. [-] 198.57.177.19:22 - SSH - User 'anonymous' on could not connect
1429. [-] 198.57.177.19:22 - SSH - User 'backup' on could not connect
1430. [-] 198.57.177.19:22 - SSH - User 'bee' on could not connect
1431. [-] 198.57.177.19:22 - SSH - User 'ftp' on could not connect
1432. [-] 198.57.177.19:22 - SSH - User 'guest' on could not connect
1433. [-] 198.57.177.19:22 - SSH - User 'GUEST' on could not connect
1434. [-] 198.57.177.19:22 - SSH - User 'info' on could not connect
1435. [-] 198.57.177.19:22 - SSH - User 'mail' on could not connect
1436. [-] 198.57.177.19:22 - SSH - User 'mailadmin' on could not connect
1437. [-] 198.57.177.19:22 - SSH - User 'msfadmin' on could not connect
1438. [-] 198.57.177.19:22 - SSH - User 'mysql' on could not connect
1439. [-] 198.57.177.19:22 - SSH - User 'nobody' on could not connect
1440. [-] 198.57.177.19:22 - SSH - User 'oracle' on could not connect
1441. [-] 198.57.177.19:22 - SSH - User 'owaspbwa' on could not connect
1442. [-] 198.57.177.19:22 - SSH - User 'postfix' on could not connect
1443. [-] 198.57.177.19:22 - SSH - User 'postgres' on could not connect
1444. [-] 198.57.177.19:22 - SSH - User 'private' on could not connect
1445. [-] 198.57.177.19:22 - SSH - User 'proftpd' on could not connect
1446. [-] 198.57.177.19:22 - SSH - User 'public' on could not connect
1447. [-] 198.57.177.19:22 - SSH - User 'root' on could not connect
1448. [-] 198.57.177.19:22 - SSH - User 'superadmin' on could not connect
1449. [-] 198.57.177.19:22 - SSH - User 'support' on could not connect
1450. [-] 198.57.177.19:22 - SSH - User 'sys' on could not connect
1451. [-] 198.57.177.19:22 - SSH - User 'system' on could not connect
1452. [-] 198.57.177.19:22 - SSH - User 'systemadmin' on could not connect
1453. [-] 198.57.177.19:22 - SSH - User 'systemadministrator' on could not connect
1454. [-] 198.57.177.19:22 - SSH - User 'test' on could not connect
1455. [-] 198.57.177.19:22 - SSH - User 'tomcat' on could not connect
1456. [-] 198.57.177.19:22 - SSH - User 'user' on could not connect
1457. [-] 198.57.177.19:22 - SSH - User 'webmaster' on could not connect
1458. [-] 198.57.177.19:22 - SSH - User 'www-data' on could not connect
1459. [-] 198.57.177.19:22 - SSH - User 'Fortimanager_Access' on could not connect
1460. [*] Scanned 1 of 1 hosts (100% complete)
1461. [*] Auxiliary module execution completed
1462. #######################################################################################################################################
1463. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:08 EST
1464. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1465. Host is up (0.26s latency).
1466.  
1467. PORT STATE SERVICE VERSION
1468. 53/tcp open domain ISC BIND
1469. |_dns-fuzz: Server didn't response to our probe, can't fuzz
1470. | dns-nsec-enum:
1471. |_ No NSEC records found
1472. | dns-nsec3-enum:
1473. |_ DNSSEC NSEC3 not supported
1474. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1475. Device type: general purpose|firewall|storage-misc|VoIP phone
1476. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%), Grandstream embedded (85%)
1477. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/h:grandstream:gxv3275
1478. Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 2.6.39 (91%), Linux 3.10 (91%), Linux 3.4 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
1479. No exact OS matches for host (test conditions non-ideal).
1480. Network Distance: 19 hops
1481.  
1482. Host script results:
1483. | dns-blacklist:
1484. | SPAM
1485. |_ l2.apews.org - SPAM
1486. | dns-brute:
1487. | DNS Brute-force hostnames:
1488. | ns0.unifiedlayer.com - 67.20.126.9
1489. | ns1.unifiedlayer.com - 162.159.24.11
1490. | ns2.unifiedlayer.com - 162.159.25.92
1491. | vnc.unifiedlayer.com - 74.220.195.38
1492. | vpn.unifiedlayer.com - 74.220.198.228
1493. | whois.unifiedlayer.com - 74.220.195.39
1494. | www.unifiedlayer.com - 162.144.8.133
1495. | mgmt.unifiedlayer.com - 50.87.241.55
1496. | mirror.unifiedlayer.com - 69.195.127.230
1497. | helpdesk.unifiedlayer.com - 67.20.126.249
1498. |_ cdn.unifiedlayer.com - 74.220.195.201
1499.  
1500. TRACEROUTE (using port 53/tcp)
1501. HOP RTT ADDRESS
1502. 1 122.34 ms 10.246.200.1
1503. 2 122.37 ms 190.124.251.129
1504. 3 122.74 ms 172.16.21.1
1505. 4 182.19 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1506. 5 182.21 ms 192.168.7.2
1507. 6 182.82 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1508. 7 182.81 ms core2.t6-2.bbnet2.mia003.pnap.net (69.25.0.66)
1509. 8 307.41 ms mai-b1-link.telia.net (62.115.12.169)
1510. 9 182.82 ms 80.239.196.186
1511. 10 257.07 ms vb2000d2.rar3.sanjose-ca.us.xo.net (207.88.13.102)
1512. 11 257.74 ms 207.88.12.224.ptr.us.xo.net (207.88.12.224)
1513. 12 257.74 ms 207.88.12.195.ptr.us.xo.net (207.88.12.195)
1514. 13 257.75 ms 207.88.12.188.ptr.us.xo.net (207.88.12.188)
1515. 14 257.35 ms 207.88.12.191.ptr.us.xo.net (207.88.12.191)
1516. 15 257.35 ms 216.156.16.25
1517. 16 258.79 ms 216.51.74.158
1518. 17 264.58 ms eth3-33-1.prvspn001.net.unifiedlayer.com (162.144.240.139)
1519. 18 258.09 ms po99.prv-leaf3a.net.unifiedlayer.com (162.144.240.47)
1520. 19 256.73 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
1521. #######################################################################################################################################
1522. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:09 EST
1523. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1524. Host is up (0.042s latency).
1525.  
1526. PORT STATE SERVICE VERSION
1527. 67/udp open|filtered dhcps
1528. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1529. Too many fingerprints match this host to give specific OS details
1530. Network Distance: 19 hops
1531.  
1532. TRACEROUTE (using proto 1/icmp)
1533. HOP RTT ADDRESS
1534. 1 121.96 ms 10.246.200.1
1535. 2 122.00 ms 190.124.251.129
1536. 3 122.03 ms 172.16.21.1
1537. 4 181.99 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1538. 5 182.03 ms 192.168.7.2
1539. 6 182.05 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1540. 7 182.46 ms core2.t6-1.bbnet1.mia003.pnap.net (69.25.0.2)
1541. 8 182.43 ms mai-b1-link.telia.net (62.115.12.169)
1542. 9 191.65 ms 80.239.196.186
1543. 10 256.76 ms vb2000d2.rar3.sanjose-ca.us.xo.net (207.88.13.102)
1544. 11 257.21 ms 207.88.12.224.ptr.us.xo.net (207.88.12.224)
1545. 12 259.11 ms 207.88.12.195.ptr.us.xo.net (207.88.12.195)
1546. 13 257.14 ms 207.88.12.188.ptr.us.xo.net (207.88.12.188)
1547. 14 256.12 ms 207.88.12.191.ptr.us.xo.net (207.88.12.191)
1548. 15 255.88 ms 216.156.16.25.ptr.us.xo.net (216.156.16.25)
1549. 16 257.68 ms 216.51.74.158
1550. 17 261.42 ms eth3-33-2.prvspn002.net.unifiedlayer.com (162.144.240.163)
1551. 18 257.29 ms po99.prv-leaf3b.net.unifiedlayer.com (162.144.240.55)
1552. 19 257.29 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
1553. #######################################################################################################################################
1554. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:11 EST
1555. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1556. Host is up (0.040s latency).
1557.  
1558. PORT STATE SERVICE VERSION
1559. 68/udp open|filtered dhcpc
1560. Too many fingerprints match this host to give specific OS details
1561. Network Distance: 19 hops
1562.  
1563. TRACEROUTE (using proto 1/icmp)
1564. HOP RTT ADDRESS
1565. 1 122.77 ms 10.246.200.1
1566. 2 122.35 ms 190.124.251.129
1567. 3 122.38 ms 172.16.21.1
1568. 4 182.22 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1569. 5 182.20 ms 192.168.7.2
1570. 6 182.59 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1571. 7 182.62 ms core2.t6-1.bbnet1.mia003.pnap.net (69.25.0.2)
1572. 8 182.61 ms mai-b1-link.telia.net (62.115.12.169)
1573. 9 182.58 ms 80.239.196.186
1574. 10 257.05 ms vb2000d2.rar3.sanjose-ca.us.xo.net (207.88.13.102)
1575. 11 256.28 ms 207.88.12.224.ptr.us.xo.net (207.88.12.224)
1576. 12 256.47 ms 207.88.12.195.ptr.us.xo.net (207.88.12.195)
1577. 13 256.44 ms 207.88.12.188.ptr.us.xo.net (207.88.12.188)
1578. 14 256.58 ms 207.88.12.191.ptr.us.xo.net (207.88.12.191)
1579. 15 266.14 ms 216.156.16.25.ptr.us.xo.net (216.156.16.25)
1580. 16 257.53 ms 216.51.74.158
1581. 17 261.52 ms eth3-33-2.prvspn002.net.unifiedlayer.com (162.144.240.163)
1582. 18 258.07 ms po99.prv-leaf3b.net.unifiedlayer.com (162.144.240.55)
1583. 19 257.54 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
1584. #######################################################################################################################################
1585. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:13 EST
1586. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1587. Host is up (0.043s latency).
1588.  
1589. PORT STATE SERVICE VERSION
1590. 69/udp open|filtered tftp
1591. Too many fingerprints match this host to give specific OS details
1592. Network Distance: 19 hops
1593.  
1594. TRACEROUTE (using proto 1/icmp)
1595. HOP RTT ADDRESS
1596. 1 121.80 ms 10.246.200.1
1597. 2 121.86 ms 190.124.251.129
1598. 3 121.89 ms 172.16.21.1
1599. 4 181.70 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1600. 5 181.76 ms 192.168.7.2
1601. 6 182.08 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1602. 7 183.76 ms core2.t6-1.bbnet1.mia003.pnap.net (69.25.0.2)
1603. 8 183.30 ms mai-b1-link.telia.net (62.115.12.169)
1604. 9 182.91 ms 80.239.196.186
1605. 10 256.54 ms vb2000d2.rar3.sanjose-ca.us.xo.net (207.88.13.102)
1606. 11 257.96 ms 207.88.12.224.ptr.us.xo.net (207.88.12.224)
1607. 12 259.46 ms 207.88.12.195.ptr.us.xo.net (207.88.12.195)
1608. 13 257.68 ms 207.88.12.188.ptr.us.xo.net (207.88.12.188)
1609. 14 270.91 ms 207.88.12.191.ptr.us.xo.net (207.88.12.191)
1610. 15 257.24 ms 216.156.16.25.ptr.us.xo.net (216.156.16.25)
1611. 16 257.84 ms 216.51.74.158
1612. 17 262.12 ms eth3-33-2.prvspn002.net.unifiedlayer.com (162.144.240.163)
1613. 18 258.25 ms po99.prv-leaf3b.net.unifiedlayer.com (162.144.240.55)
1614. 19 270.42 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
1615. #######################################################################################################################################
1616. wig - WebApp Information Gatherer
1617.  
1618.  
1619. Scanning http://198.57.177.19...
1620. _________________ SITE INFO _________________
1621. IP Title
1622. 198.57.177.19
1623.  
1624. __________________ VERSION __________________
1625. Name Versions Type
1626. Apache 2.4.38 Platform
1627. mod_bwlimited 1.4 Platform
1628. openssl 1.0.2q Platform
1629.  
1630. _____________________________________________
1631. Time: 1.9 sec Urls: 601 Fingerprints: 40401
1632. #######################################################################################################################################
1633. HTTP/1.1 200 OK
1634. Date: Wed, 06 Feb 2019 17:16:12 GMT
1635. Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
1636. ETag: "a3-580a35a1678c0"
1637. Accept-Ranges: bytes
1638. Content-Length: 163
1639. Content-Type: text/html
1640. Connection: keep-alive
1641.  
1642. HTTP/1.1 200 OK
1643. Date: Wed, 06 Feb 2019 17:16:12 GMT
1644. Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
1645. ETag: "a3-580a35a1678c0"
1646. Accept-Ranges: bytes
1647. Content-Length: 163
1648. Content-Type: text/html
1649. Connection: keep-alive
1650. #######################################################################################################################################
1651. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:16 EST
1652. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1653. Host is up (0.17s latency).
1654.  
1655. PORT STATE SERVICE VERSION
1656. 110/tcp open pop3 Dovecot pop3d
1657. | pop3-brute:
1658. | Accounts: No valid accounts found
1659. | Statistics: Performed 65 guesses in 59 seconds, average tps: 0.9
1660. |_ ERROR: Failed to connect.
1661. |_pop3-capabilities: STLS RESP-CODES CAPA SASL(PLAIN LOGIN) UIDL PIPELINING AUTH-RESP-CODE USER TOP
1662. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1663. Device type: general purpose|firewall|storage-misc|VoIP phone
1664. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%), Grandstream embedded (85%)
1665. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/h:grandstream:gxv3275
1666. Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 2.6.39 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 3.10 (89%), Linux 3.4 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
1667. No exact OS matches for host (test conditions non-ideal).
1668. Network Distance: 1 hop
1669.  
1670. TRACEROUTE (using port 80/tcp)
1671. HOP RTT ADDRESS
1672. 1 121.78 ms 198-57-177-19.unifiedlayer.com (198.57.177.19)
1673. #######################################################################################################################################
1674. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:17 EST
1675. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1676. Host is up.
1677.  
1678. PORT STATE SERVICE VERSION
1679. 123/udp open|filtered ntp
1680. Too many fingerprints match this host to give specific OS details
1681.  
1682. TRACEROUTE (using proto 1/icmp)
1683. HOP RTT ADDRESS
1684. 1 122.00 ms 10.246.200.1
1685. 2 122.00 ms 190.124.251.129
1686. 3 122.02 ms 172.16.21.1
1687. 4 182.13 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1688. 5 182.15 ms 192.168.7.2
1689. 6 183.32 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1690. 7 182.35 ms core2.t6-1.bbnet1.mia003.pnap.net (69.25.0.2)
1691. 8 182.55 ms mai-b1-link.telia.net (62.115.12.169)
1692. 9 182.18 ms 80.239.196.186
1693. 10 256.62 ms vb2000d2.rar3.sanjose-ca.us.xo.net (207.88.13.102)
1694. 11 256.94 ms 207.88.12.224.ptr.us.xo.net (207.88.12.224)
1695. 12 257.16 ms 207.88.12.195.ptr.us.xo.net (207.88.12.195)
1696. 13 257.35 ms 207.88.12.188.ptr.us.xo.net (207.88.12.188)
1697. 14 256.18 ms 207.88.12.191.ptr.us.xo.net (207.88.12.191)
1698. 15 256.14 ms 216.156.16.25.ptr.us.xo.net (216.156.16.25)
1699. 16 257.33 ms 216.51.74.158
1700. 17 261.34 ms eth3-33-2.prvspn002.net.unifiedlayer.com (162.144.240.163)
1701. 18 257.51 ms po99.prv-leaf3b.net.unifiedlayer.com (162.144.240.55)
1702. 19 ... 30
1703. #######################################################################################################################################
1704. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:19 EST
1705. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1706. Host is up (0.12s latency).
1707.  
1708. PORT STATE SERVICE VERSION
1709. 161/tcp filtered snmp
1710. 161/udp open|filtered snmp
1711. Too many fingerprints match this host to give specific OS details
1712.  
1713. TRACEROUTE (using proto 1/icmp)
1714. HOP RTT ADDRESS
1715. 1 123.47 ms 10.246.200.1
1716. 2 123.52 ms 190.124.251.129
1717. 3 123.55 ms 172.16.21.1
1718. 4 183.41 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1719. 5 183.36 ms 192.168.7.2
1720. 6 183.72 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1721. 7 183.79 ms core2.t6-1.bbnet1.mia003.pnap.net (69.25.0.2)
1722. 8 184.16 ms mai-b1-link.telia.net (62.115.12.169)
1723. 9 183.79 ms 80.239.196.186
1724. 10 258.18 ms vb2000d2.rar3.sanjose-ca.us.xo.net (207.88.13.102)
1725. 11 257.55 ms 207.88.12.224.ptr.us.xo.net (207.88.12.224)
1726. 12 258.10 ms 207.88.12.195.ptr.us.xo.net (207.88.12.195)
1727. 13 257.55 ms 207.88.12.188.ptr.us.xo.net (207.88.12.188)
1728. 14 267.61 ms 207.88.12.191.ptr.us.xo.net (207.88.12.191)
1729. 15 256.51 ms 216.156.16.25.ptr.us.xo.net (216.156.16.25)
1730. 16 257.90 ms 216.51.74.158
1731. 17 262.09 ms eth3-33-2.prvspn002.net.unifiedlayer.com (162.144.240.163)
1732. 18 257.66 ms po99.prv-leaf3b.net.unifiedlayer.com (162.144.240.55)
1733. 19 ... 30
1734. #######################################################################################################################################
1735. https://198.57.177.19 [200 OK] Apache[2.4.38][mod_bwlimited/1.4], Country[UNITED STATES][US], Email[info@jcpa.org], Frame, Google-Analytics[Universal][UA-39298142-1,UA-39298142-2], HTML5, HTTPServer[Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4], IP[198.57.177.19], JQuery[1.12.4], Open-Graph-Protocol[website], OpenSSL[1.0.2q], Script[application/ld+json,text/javascript], ShareThis, Title[Jerusalem Center For Public Affairs], WordPress, WordpressSuperCache, YouTube
1736. #######################################################################################################################################
1737. Version: 1.11.12-static
1738. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1739.  
1740. Connected to 198.57.177.19
1741.  
1742. Testing SSL server 198.57.177.19 on port 443 using SNI name 198.57.177.19
1743.  
1744. TLS Fallback SCSV:
1745. Server supports TLS Fallback SCSV
1746.  
1747. TLS renegotiation:
1748. Secure session renegotiation supported
1749.  
1750. TLS Compression:
1751. Compression disabled
1752.  
1753. Heartbleed:
1754. TLS 1.2 not vulnerable to heartbleed
1755. TLS 1.1 not vulnerable to heartbleed
1756. TLS 1.0 not vulnerable to heartbleed
1757.  
1758. Supported Server Cipher(s):
1759. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1760. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1761. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1762. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
1763. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
1764. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1765. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1766. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1767. Accepted TLSv1.2 256 bits AES256-SHA256
1768. Accepted TLSv1.2 256 bits AES256-SHA
1769. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1770. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1771. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1772. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1773. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
1774. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
1775. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1776. Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1777. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1778. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1779. Accepted TLSv1.2 128 bits AES128-SHA256
1780. Accepted TLSv1.2 128 bits AES128-SHA
1781. Accepted TLSv1.2 128 bits SEED-SHA
1782. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1783. Accepted TLSv1.2 128 bits IDEA-CBC-SHA
1784. Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1785. Accepted TLSv1.2 128 bits RC4-SHA
1786. Accepted TLSv1.2 128 bits RC4-MD5
1787. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1788. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1789. Accepted TLSv1.2 112 bits DES-CBC3-SHA
1790. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1791. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1792. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1793. Accepted TLSv1.1 256 bits AES256-SHA
1794. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1795. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1796. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1797. Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1798. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1799. Accepted TLSv1.1 128 bits AES128-SHA
1800. Accepted TLSv1.1 128 bits SEED-SHA
1801. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1802. Accepted TLSv1.1 128 bits IDEA-CBC-SHA
1803. Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1804. Accepted TLSv1.1 128 bits RC4-SHA
1805. Accepted TLSv1.1 128 bits RC4-MD5
1806. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1807. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1808. Accepted TLSv1.1 112 bits DES-CBC3-SHA
1809. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1810. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1811. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1812. Accepted TLSv1.0 256 bits AES256-SHA
1813. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1814. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1815. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1816. Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1817. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1818. Accepted TLSv1.0 128 bits AES128-SHA
1819. Accepted TLSv1.0 128 bits SEED-SHA
1820. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1821. Accepted TLSv1.0 128 bits IDEA-CBC-SHA
1822. Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1823. Accepted TLSv1.0 128 bits RC4-SHA
1824. Accepted TLSv1.0 128 bits RC4-MD5
1825. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1826. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1827. Accepted TLSv1.0 112 bits DES-CBC3-SHA
1828.  
1829. SSL Certificate:
1830. Signature Algorithm: sha256WithRSAEncryption
1831. RSA Key Strength: 2048
1832.  
1833. Subject: jcpa.org
1834. Altnames: DNS:jcpa.org, DNS:www.jcpa.org
1835. Issuer: Let's Encrypt Authority X3
1836.  
1837. Not valid before: Jan 26 09:53:14 2019 GMT
1838. Not valid after: Apr 26 09:53:14 2019 GMT
1839. #######################################################################################################################################
1840. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:26 EST
1841. NSE: Loaded 148 scripts for scanning.
1842. NSE: Script Pre-scanning.
1843. NSE: Starting runlevel 1 (of 2) scan.
1844. Initiating NSE at 12:26
1845. Completed NSE at 12:26, 0.00s elapsed
1846. NSE: Starting runlevel 2 (of 2) scan.
1847. Initiating NSE at 12:26
1848. Completed NSE at 12:26, 0.00s elapsed
1849. Initiating Ping Scan at 12:26
1850. Scanning 198.57.177.19 [4 ports]
1851. Completed Ping Scan at 12:26, 0.15s elapsed (1 total hosts)
1852. Initiating Parallel DNS resolution of 1 host. at 12:26
1853. Completed Parallel DNS resolution of 1 host. at 12:26, 0.02s elapsed
1854. Initiating Connect Scan at 12:26
1855. Scanning 198-57-177-19.unifiedlayer.com (198.57.177.19) [1000 ports]
1856. Discovered open port 443/tcp on 198.57.177.19
1857. Discovered open port 80/tcp on 198.57.177.19
1858. Completed Connect Scan at 12:27, 8.60s elapsed (1000 total ports)
1859. Initiating Service scan at 12:27
1860. Scanning 2 services on 198-57-177-19.unifiedlayer.com (198.57.177.19)
1861. Completed Service scan at 12:27, 14.19s elapsed (2 services on 1 host)
1862. Initiating OS detection (try #1) against 198-57-177-19.unifiedlayer.com (198.57.177.19)
1863. Retrying OS detection (try #2) against 198-57-177-19.unifiedlayer.com (198.57.177.19)
1864. Initiating Traceroute at 12:27
1865. Completed Traceroute at 12:27, 6.29s elapsed
1866. Initiating Parallel DNS resolution of 18 hosts. at 12:27
1867. Completed Parallel DNS resolution of 18 hosts. at 12:27, 16.50s elapsed
1868. NSE: Script scanning 198.57.177.19.
1869. NSE: Starting runlevel 1 (of 2) scan.
1870. Initiating NSE at 12:27
1871. NSE Timing: About 99.64% done; ETC: 12:28 (0:00:00 remaining)
1872. NSE Timing: About 99.64% done; ETC: 12:28 (0:00:00 remaining)
1873. NSE Timing: About 99.64% done; ETC: 12:29 (0:00:00 remaining)
1874. NSE Timing: About 99.64% done; ETC: 12:29 (0:00:00 remaining)
1875. NSE Timing: About 99.64% done; ETC: 12:30 (0:00:01 remaining)
1876. Completed NSE at 12:30, 168.24s elapsed
1877. NSE: Starting runlevel 2 (of 2) scan.
1878. Initiating NSE at 12:30
1879. Completed NSE at 12:30, 0.00s elapsed
1880. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
1881. Host is up, received reset ttl 64 (0.12s latency).
1882. Scanned at 2019-02-06 12:26:53 EST for 218s
1883. Not shown: 994 filtered ports
1884. Reason: 994 no-responses
1885. PORT STATE SERVICE REASON VERSION
1886. 25/tcp closed smtp conn-refused
1887. 80/tcp open http syn-ack Fortinet FortiGate 50B or FortiWifi 60C or 80C firewall http config
1888. |_http-title: 404 Not Found
1889. 113/tcp closed ident conn-refused
1890. 139/tcp closed netbios-ssn conn-refused
1891. 443/tcp open ssl/http syn-ack Apache httpd 2.4.38 ((cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4)
1892. |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
1893. | http-methods:
1894. | Supported Methods: OPTIONS HEAD GET POST TRACE
1895. |_ Potentially risky methods: TRACE
1896. | http-robots.txt: 3 disallowed entries
1897. |_/events/* /tag/* /wp-admin/
1898. |_http-server-header: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
1899. |_http-title: Jerusalem Center For Public Affairs
1900. | ssl-cert: Subject: commonName=jcpa.org
1901. | Subject Alternative Name: DNS:jcpa.org, DNS:www.jcpa.org
1902. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1903. | Public Key type: rsa
1904. | Public Key bits: 2048
1905. | Signature Algorithm: sha256WithRSAEncryption
1906. | Not valid before: 2019-01-26T09:53:14
1907. | Not valid after: 2019-04-26T09:53:14
1908. | MD5: 9117 d658 f5e6 9c6f c760 5a4c 589c 2fc4
1909. | SHA-1: 7db6 ee59 8a36 efb0 b29f f0af 7371 3459 a385 e8f3
1910. | -----BEGIN CERTIFICATE-----
1911. | MIIFVzCCBD+gAwIBAgISBC/MwD+Qv4PsrRgNzNbXka4SMA0GCSqGSIb3DQEBCwUA
1912. | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
1913. | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAxMjYwOTUzMTRaFw0x
1914. | OTA0MjYwOTUzMTRaMBMxETAPBgNVBAMTCGpjcGEub3JnMIIBIjANBgkqhkiG9w0B
1915. | AQEFAAOCAQ8AMIIBCgKCAQEAqhj0IGL6eqLcYtIjvg5ierjzCeEo8cTdqle6FG4b
1916. | x7jfWM0kQG2VkNta6vH/MzD0TMWfe29zOdv2IZL6V1fG+i5Gi+0vIgNp4anQelIV
1917. | ZLRrLbvZxjUZ3czXAViRfHniC5D/CPkKdmSc9mO2faEWcdF58E+wNTQQ1tW7wITf
1918. | S2Bz5/vB4qYUdasP7i1j2EuigTt+ehz7uVDvZtSiuy+P1vl7vAWO83plAdg2+MrO
1919. | dfmpXwKrBUhZWpyYbRerChz9kVaUf8jHA43ZBu80G810MEc5bfxhvezG9Zzx5Yg3
1920. | UGpJm88JMdMooacpSvRlQAMGwjQtIpW4WnmgQKVM+yf0CQIDAQABo4ICbDCCAmgw
1921. | DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
1922. | BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmFYhjUZrY1asTMVSb3mJO/sh1GzAfBgNV
1923. | HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
1924. | KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
1925. | KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMCEG
1926. | A1UdEQQaMBiCCGpjcGEub3Jnggx3d3cuamNwYS5vcmcwTAYDVR0gBEUwQzAIBgZn
1927. | gQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5s
1928. | ZXRzZW5jcnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgDiaUuuJujp
1929. | QAnohhu2O4PUPuf+dIj7pI8okwGd3fHb/gAAAWiJysi+AAAEAwBHMEUCIC5mq3YA
1930. | xaCRnsEufTDKscLxDulZJjrjKF85GZeWKTOAAiEA7T2ZE87vXObJGJzUgGEXuMzA
1931. | RT6gsSUpByjAq58Hew0AdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0
1932. | eAAAAWiJysiyAAAEAwBIMEYCIQDG+zKhJMi0N11iDkvNqW6A87Zg3UNcieUeksJ/
1933. | Q1wpTAIhAPePmOvw3YcnC7or5F69zbKdm5WDrDmmxiEb98a7FdxZMA0GCSqGSIb3
1934. | DQEBCwUAA4IBAQCJPGS5K4sUPpPBiIEcD3M4ICpfHIYhGNbpefrd0hTfHzBHc4Ou
1935. | KmdXOTTgt/ccUKxSNAVEqzgAdlBSllr09eDeDVLHWhhd1z7zz8Ch/DFrm4GjVhf8
1936. | O17RbIVg9ZTUtb83tp6wSbkm4+tkDsXxYk0QrXmLznds8pTxiMidn5mrZ9Zq/DK+
1937. | ZHVE+h9ZJhyA3G1PMIDHbaPUDoIj3wJYlV4jfJBYDLYAp1F5saObcxbmZw6G31Dw
1938. | QrD66shWOqoWTiysvve6is+/JTVFI7cvihQJ8dDWloMuSyCRsskVy0brjRXB5+bW
1939. | ojPQa9DH5Yakd4OjNvJPggOhC5cciTqgZF70
1940. |_-----END CERTIFICATE-----
1941. |
1942. 445/tcp closed microsoft-ds conn-refused
1943. Device type: general purpose|storage-misc|broadband router|WAP|phone
1944. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X|2.4.X (93%), HP embedded (90%), Google Android 4.X (86%)
1945. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:google:android:4.0 cpe:/o:linux:linux_kernel:2.4.36
1946. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
1947. Aggressive OS guesses: Linux 3.16 - 4.6 (93%), Linux 3.18 (91%), Linux 3.10 - 4.11 (90%), Linux 3.13 or 4.2 (90%), Linux 3.16 (90%), Linux 4.2 (90%), Linux 4.4 (90%), HP P2000 G3 NAS device (90%), Linux 3.2 - 4.9 (90%), Linux 3.13 (89%)
1948. No exact OS matches for host (test conditions non-ideal).
1949. TCP/IP fingerprint:
1950. SCAN(V=7.70%E=4%D=2/6%OT=80%CT=25%CU=%PV=N%G=N%TM=5C5B19B7%P=x86_64-pc-linux-gnu)
1951. SEQ(SP=FA%GCD=1%ISR=10E%TI=Z%CI=Z%TS=8)
1952. OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
1953. WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
1954. ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)
1955. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
1956. T2(R=N)
1957. T3(R=N)
1958. T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
1959. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1960. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
1961. T7(R=N)
1962. U1(R=N)
1963. IE(R=N)
1964.  
1965. Uptime guess: 70.317 days (since Wed Nov 28 04:54:44 2018)
1966. TCP Sequence Prediction: Difficulty=250 (Good luck!)
1967. IP ID Sequence Generation: All zeros
1968. Service Info: OS: FortiOS; Device: firewall; CPE: cpe:/h:fortinet:fortiwifi:80c
1969.  
1970. TRACEROUTE (using proto 1/icmp)
1971. HOP RTT ADDRESS
1972. 1 122.49 ms 10.246.200.1
1973. 2 122.55 ms 190.124.251.129
1974. 3 122.58 ms 172.16.21.1
1975. 4 182.38 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1976. 5 182.44 ms 192.168.7.2
1977. 6 182.47 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1978. 7 182.90 ms core2.t6-1.bbnet1.mia003.pnap.net (69.25.0.2)
1979. 8 183.30 ms mai-b1-link.telia.net (62.115.12.169)
1980. 9 182.65 ms 80.239.196.186
1981. 10 257.42 ms vb2000d2.rar3.sanjose-ca.us.xo.net (207.88.13.102)
1982. 11 257.40 ms 207.88.12.224.ptr.us.xo.net (207.88.12.224)
1983. 12 257.37 ms 207.88.12.195.ptr.us.xo.net (207.88.12.195)
1984. 13 257.29 ms 207.88.12.188.ptr.us.xo.net (207.88.12.188)
1985. 14 257.28 ms 207.88.12.191.ptr.us.xo.net (207.88.12.191)
1986. 15 256.22 ms 216.156.16.25.ptr.us.xo.net (216.156.16.25)
1987. 16 257.29 ms 216.51.74.158
1988. 17 261.40 ms eth3-33-2.prvspn002.net.unifiedlayer.com (162.144.240.163)
1989. 18 257.25 ms po99.prv-leaf3b.net.unifiedlayer.com (162.144.240.55)
1990. 19 ... 30
1991.  
1992. NSE: Script Post-scanning.
1993. NSE: Starting runlevel 1 (of 2) scan.
1994. Initiating NSE at 12:30
1995. Completed NSE at 12:30, 0.00s elapsed
1996. NSE: Starting runlevel 2 (of 2) scan.
1997. Initiating NSE at 12:30
1998. Completed NSE at 12:30, 0.00s elapsed
1999. Read data files from: /usr/bin/../share/nmap
2000. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2001. Nmap done: 1 IP address (1 host up) scanned in 218.76 seconds
2002. Raw packets sent: 126 (9.504KB) | Rcvd: 63 (17.287KB)
2003. #######################################################################################################################################
2004. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-06 12:30 EST
2005. NSE: Loaded 148 scripts for scanning.
2006. NSE: Script Pre-scanning.
2007. Initiating NSE at 12:30
2008. Completed NSE at 12:30, 0.00s elapsed
2009. Initiating NSE at 12:30
2010. Completed NSE at 12:30, 0.00s elapsed
2011. Initiating Parallel DNS resolution of 1 host. at 12:30
2012. Completed Parallel DNS resolution of 1 host. at 12:30, 0.02s elapsed
2013. Initiating UDP Scan at 12:30
2014. Scanning 198-57-177-19.unifiedlayer.com (198.57.177.19) [14 ports]
2015. Completed UDP Scan at 12:30, 2.16s elapsed (14 total ports)
2016. Initiating Service scan at 12:30
2017. Scanning 12 services on 198-57-177-19.unifiedlayer.com (198.57.177.19)
2018. Service scan Timing: About 8.33% done; ETC: 12:49 (0:17:47 remaining)
2019. Completed Service scan at 12:32, 102.60s elapsed (12 services on 1 host)
2020. Initiating OS detection (try #1) against 198-57-177-19.unifiedlayer.com (198.57.177.19)
2021. Retrying OS detection (try #2) against 198-57-177-19.unifiedlayer.com (198.57.177.19)
2022. Initiating Traceroute at 12:32
2023. Completed Traceroute at 12:32, 7.17s elapsed
2024. Initiating Parallel DNS resolution of 1 host. at 12:32
2025. Completed Parallel DNS resolution of 1 host. at 12:32, 0.02s elapsed
2026. NSE: Script scanning 198.57.177.19.
2027. Initiating NSE at 12:32
2028. Completed NSE at 12:32, 20.31s elapsed
2029. Initiating NSE at 12:32
2030. Completed NSE at 12:32, 1.03s elapsed
2031. Nmap scan report for 198-57-177-19.unifiedlayer.com (198.57.177.19)
2032. Host is up (0.12s latency).
2033.  
2034. PORT STATE SERVICE VERSION
2035. 53/udp open|filtered domain
2036. 67/udp open|filtered dhcps
2037. 68/udp open|filtered dhcpc
2038. 69/udp open|filtered tftp
2039. 88/udp open|filtered kerberos-sec
2040. 123/udp open|filtered ntp
2041. 137/udp filtered netbios-ns
2042. 138/udp filtered netbios-dgm
2043. 139/udp open|filtered netbios-ssn
2044. 161/udp open|filtered snmp
2045. 162/udp open|filtered snmptrap
2046. 389/udp open|filtered ldap
2047. 520/udp open|filtered route
2048. 2049/udp open|filtered nfs
2049. Too many fingerprints match this host to give specific OS details
2050.  
2051. TRACEROUTE (using port 137/udp)
2052. HOP RTT ADDRESS
2053. 1 122.51 ms 10.246.200.1
2054. 2 ... 3
2055. 4 122.12 ms 10.246.200.1
2056. 5 121.96 ms 10.246.200.1
2057. 6 121.94 ms 10.246.200.1
2058. 7 121.94 ms 10.246.200.1
2059. 8 121.92 ms 10.246.200.1
2060. 9 121.91 ms 10.246.200.1
2061. 10 122.09 ms 10.246.200.1
2062. 11 ... 18
2063. 19 121.70 ms 10.246.200.1
2064. 20 122.59 ms 10.246.200.1
2065. 21 ... 27
2066. 28 120.92 ms 10.246.200.1
2067. 29 ...
2068. 30 121.53 ms 10.246.200.1
2069.  
2070. NSE: Script Post-scanning.
2071. Initiating NSE at 12:32
2072. Completed NSE at 12:32, 0.00s elapsed
2073. Initiating NSE at 12:32
2074. Completed NSE at 12:32, 0.00s elapsed
2075. Read data files from: /usr/bin/../share/nmap
2076. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2077. Nmap done: 1 IP address (1 host up) scanned in 138.59 seconds
2078. Raw packets sent: 147 (13.614KB) | Rcvd: 39 (3.658KB)
2079. #######################################################################################################################################
2080. Reversing IP With HackTarget 'www.jcpa.org'
2081. ---------------------------------------------------------------------------------------------------------------------------------------
2082. [+] 198.57.177.19
2083. [+] jcpa.org
2084. #######################################################################################################################################
2085. Reverse IP With YouGetSignal 'www.jcpa.org'
2086. ---------------------------------------------------------------------------------------------------------------------------------------
2087. [*] IP: 198.57.177.19
2088. [*] Domain: jcpa.org
2089. [*] Total Domains: 2
2090. [+] jcpa.org
2091. [+] www.jcpa.org
2092. #######################################################################################################################################
2093. Geo IP Lookup 'www.jcpa.org'
2094. ---------------------------------------------------------------------------------------------------------------------------------------
2095. [+] IP Address: 198.57.177.19
2096. [+] Country: United States
2097. [+] State: Utah
2098. [+] City: Provo
2099. [+] Latitude: 40.2347
2100. [+] Longitude: -111.6447
2101. #######################################################################################################################################
2102. Whois 'www.jcpa.org'
2103. ---------------------------------------------------------------------------------------------------------------------------------------
2104. [+] Domain Name: JCPA.ORG
2105. [+] Registry Domain ID: D517583-LROR
2106. [+] Registrar WHOIS Server: whois.networksolutions.com
2107. [+] Registrar URL: http://www.networksolutions.com
2108. [+] Updated Date: 2018-01-14T21:19:13Z
2109. [+] Creation Date: 1996-09-19T04:00:00Z
2110. [+] Registry Expiry Date: 2019-09-18T04:00:00Z
2111. [+] Registrar Registration Expiration Date:
2112. [+] Registrar: Network Solutions, LLC
2113. [+] Registrar IANA ID: 2
2114. [+] Registrar Abuse Contact Email: abuse@web.com
2115. [+] Registrar Abuse Contact Phone: +1.8003337680
2116. [+] Reseller:
2117. [+] Domain Status: ok https://icann.org/epp#ok
2118. [+] Registrant Organization: Jerusalem Center for Public Affairs
2119. [+] Registrant State/Province:
2120. [+] Registrant Country: IL
2121. [+] Name Server: NS3.P24.DYNECT.NET
2122. [+] Name Server: NS1.P24.DYNECT.NET
2123. [+] Name Server: NS2.P24.DYNECT.NET
2124. [+] Name Server: NS4.P24.DYNECT.NET
2125. [+] DNSSEC: unsigned
2126. [+] URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
2127. [+] >>> Last update of WHOIS database: 2019-02-06T16:06:11Z <<<
2128. [+] For more information on Whois status codes, please visit https://icann.org/epp
2129. #######################################################################################################################################
2130. DNS Lookup 'www.jcpa.org'
2131. ---------------------------------------------------------------------------------------------------------------------------------------
2132. [+] jcpa.org. 3599 IN SOA ns1.p24.dynect.net. darren\.jcpa.gmail.com. 702 3600 600 604800 60
2133. [+] jcpa.org. 21599 IN NS ns4.p24.dynect.net.
2134. [+] jcpa.org. 21599 IN NS ns3.p24.dynect.net.
2135. [+] jcpa.org. 21599 IN NS ns2.p24.dynect.net.
2136. [+] jcpa.org. 21599 IN NS ns1.p24.dynect.net.
2137. [+] jcpa.org. 59 IN A 198.57.177.19
2138. [+] jcpa.org. 14399 IN MX 10 jcpa-org.mail.protection.outlook.com.
2139. [+] jcpa.org. 14399 IN MX 0 jcpa-org.mail.protection.outlook.com.
2140. [+] jcpa.org. 3599 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
2141. [+] jcpa.org. 3599 IN TXT "MS=ms16983907"
2142. #######################################################################################################################################
2143. Show HTTP Header 'www.jcpa.org'
2144. ---------------------------------------------------------------------------------------------------------------------------------------
2145. [+] HTTP/1.1 200 OK
2146. [+] Date: Wed, 06 Feb 2019 16:07:17 GMT
2147. [+] Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
2148. [+] Vary: Accept-Encoding,Cookie
2149. [+] Last-Modified: Tue, 05 Feb 2019 11:06:03 GMT
2150. [+] ETag: 1f3b5-58123985c19cc
2151. [+] Accept-Ranges: bytes
2152. [+] Content-Length: 127925
2153. [+] Cache-Control: max-age=3, must-revalidate
2154. [+] Expires: Wed, 06 Feb 2019 16:07:20 GMT
2155. [+] Content-Type: text/html; charset=UTF-8
2156. [+]
2157. #######################################################################################################################################
2158. Port Scan 'www.jcpa.org'
2159. ---------------------------------------------------------------------------------------------------------------------------------------
2160. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-06 16:07 UTC
2161. Nmap scan report for www.jcpa.org (198.57.177.19)
2162. Host is up (0.10s latency).
2163. rDNS record for 198.57.177.19: 198-57-177-19.unifiedlayer.com
2164. PORT STATE SERVICE
2165. 21/tcp open ftp
2166. 22/tcp open ssh
2167. 23/tcp closed telnet
2168. 80/tcp open http
2169. 110/tcp open pop3
2170. 143/tcp open imap
2171. 443/tcp open https
2172. 3389/tcp closed ms-wbt-server
2173.  
2174. Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
2175. #######################################################################################################################################
2176. Cms Scan 'www.jcpa.org'
2177. ---------------------------------------------------------------------------------------------------------------------------------------
2178. [+] Cms : WordPress
2179. [+] Web Servers : Apache
2180. [+] Programming Languages : PHP
2181. #######################################################################################################################################
2182. Robot.txt 'www.jcpa.org'
2183. ---------------------------------------------------------------------------------------------------------------------------------------
2184. User-agent: *
2185. Allow: /
2186. Disallow: /events/*
2187. Disallow: /tag/*
2188. Disallow: /wp-admin/
2189.  
2190. Sitemap: http://jcpa.org/sitemap.xml
2191. #######################################################################################################################################
2192. Traceroute 'www.jcpa.org'
2193. ---------------------------------------------------------------------------------------------------------------------------------------
2194. Start: 2019-02-06T16:07:24+0000
2195. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
2196. 1.|-- 45.79.12.201 0.0% 3 1.2 1.3 1.2 1.4 0.1
2197. 2.|-- 45.79.12.0 0.0% 3 1.8 1.3 0.8 1.8 0.5
2198. 3.|-- ae-37.a01.dllstx04.us.bb.gin.ntt.net 0.0% 3 2.0 2.1 1.0 3.2 1.1
2199. 4.|-- ae-9.r11.dllstx09.us.bb.gin.ntt.net 0.0% 3 28.6 28.6 28.3 28.8 0.2
2200. 5.|-- ae-0.r22.dllstx09.us.bb.gin.ntt.net 0.0% 3 1.8 1.9 1.4 2.5 0.5
2201. 6.|-- ae-5.r22.lsanca07.us.bb.gin.ntt.net 0.0% 3 31.3 29.7 28.2 31.3 1.6
2202. 7.|-- ae-1.r00.lsanca07.us.bb.gin.ntt.net 0.0% 3 31.1 31.1 30.8 31.5 0.3
2203. 8.|-- ae-0.a01.lsanca07.us.bb.gin.ntt.net 0.0% 3 36.2 36.7 35.8 38.1 1.3
2204. 9.|-- ae-0.endurance.lsanca07.us.bb.gin.ntt.net 0.0% 3 43.8 43.9 43.8 44.0 0.1
2205. 10.|-- eth3-33-1.prvspn002.net.unifiedlayer.com 0.0% 3 52.0 52.1 52.0 52.4 0.3
2206. 11.|-- po99.prv-leaf3b.net.unifiedlayer.com 0.0% 3 52.1 52.0 51.7 52.2 0.2
2207. 12.|-- 198-57-177-19.unifiedlayer.com 0.0% 3 52.2 52.2 52.1 52.2 0.1
2208. #######################################################################################################################################
2209. Ping 'www.jcpa.org'
2210. ---------------------------------------------------------------------------------------------------------------------------------------
2211. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-06 16:07 UTC
2212. SENT (0.0714s) ICMP [104.237.144.6 > 198.57.177.19 Echo request (type=8/code=0) id=64266 seq=1] IP [ttl=64 id=43954 iplen=28 ]
2213. RCVD (0.2732s) ICMP [198.57.177.19 > 104.237.144.6 Echo reply (type=0/code=0) id=64266 seq=1] IP [ttl=52 id=40013 iplen=28 ]
2214. SENT (1.0721s) ICMP [104.237.144.6 > 198.57.177.19 Echo request (type=8/code=0) id=64266 seq=2] IP [ttl=64 id=43954 iplen=28 ]
2215. RCVD (1.2933s) ICMP [198.57.177.19 > 104.237.144.6 Echo reply (type=0/code=0) id=64266 seq=2] IP [ttl=52 id=40014 iplen=28 ]
2216. SENT (2.0742s) ICMP [104.237.144.6 > 198.57.177.19 Echo request (type=8/code=0) id=64266 seq=3] IP [ttl=64 id=43954 iplen=28 ]
2217. RCVD (2.3132s) ICMP [198.57.177.19 > 104.237.144.6 Echo reply (type=0/code=0) id=64266 seq=3] IP [ttl=52 id=40015 iplen=28 ]
2218. SENT (3.0760s) ICMP [104.237.144.6 > 198.57.177.19 Echo request (type=8/code=0) id=64266 seq=4] IP [ttl=64 id=43954 iplen=28 ]
2219. RCVD (3.3332s) ICMP [198.57.177.19 > 104.237.144.6 Echo reply (type=0/code=0) id=64266 seq=4] IP [ttl=52 id=40016 iplen=28 ]
2220.  
2221. Max rtt: 256.838ms | Min rtt: 201.752ms | Avg rtt: 229.594ms
2222. Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
2223. Nping done: 1 IP address pinged in 3.33 seconds
2224. #######################################################################################################################################
2225. [-] Date & Time: 06/02/2019 10:48:21
2226. [I] Threads: 5
2227. [-] Target: http://jcpa.org (198.57.177.19)
2228. [M] Website Not in HTTPS: http://jcpa.org
2229. [L] X-Frame-Options: Not Enforced
2230. [I] Strict-Transport-Security: Not Enforced
2231. [I] X-Content-Security-Policy: Not Enforced
2232. [I] X-Content-Type-Options: Not Enforced
2233. [L] Robots.txt Found: http://jcpa.org/robots.txt
2234. [I] CMS Detection: WordPress
2235. [I] Wordpress Theme: jcpa
2236. [M] XML-RPC services are enabled
2237. [I] Autocomplete Off Not Found: http://jcpa.org/wp-login.php
2238. [-] Default WordPress Files:
2239. [I] http://jcpa.org/wp-includes/ID3/license.commercial.txt
2240. [I] http://jcpa.org/wp-includes/ID3/readme.txt
2241. [-] Searching Wordpress Plugins ...
2242. [I] adrotate
2243. [M] EDB-ID: 17888 "WordPress Plugin AdRotate 3.6.5 - SQL Injection"
2244. [M] EDB-ID: 18114 "WordPress Plugin AdRotate 3.6.6 - SQL Injection"
2245. [M] EDB-ID: 31834 "WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection"
2246. [I] ads-box
2247. [M] EDB-ID: 38060 "WordPress Plugin Ads Box - 'count' SQL Injection"
2248. [I] all-in-one-wp-security-and-firewall
2249. [M] EDB-ID: 34854 "WordPress Plugin All In One WP Security & Firewall 3.8.3 - Persistent Cross-Site Scripting"
2250. [I] firestats
2251. [M] EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
2252. [M] EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
2253. [M] EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
2254. [I] jetpack v6.9
2255. [M] EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
2256. [I] page-links-to v3.0.1
2257. [I] simple-ads-manager
2258. [M] EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
2259. [M] EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
2260. [M] EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
2261. [M] EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
2262. [I] taxonomy-images
2263. [I] wp-bannerize
2264. [M] EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
2265. [M] EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
2266. [M] EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
2267. [I] Checking for Directory Listing Enabled ...
2268. [-] Date & Time: 06/02/2019 10:51:01
2269. [-] Completed in: 0:02:39
2270. #######################################################################################################################################
2271. ---------------------------------------------------------------------------------------------------------------------------------------
2272. + Target IP: 198.57.177.19
2273. + Target Hostname: jcpa.org
2274. + Target Port: 80
2275. + Start Time: 2019-02-06 11:03:35 (GMT-5)
2276. ---------------------------------------------------------------------------------------------------------------------------------------
2277. + Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
2278. + Server leaks inodes via ETags, header found with file /, fields: 0x1f3b5 0x58123985c19cc
2279. + The anti-clickjacking X-Frame-Options header is not present.
2280. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
2281. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
2282. + Cookie wordpress_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2283. + Cookie wordpress_sec_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2284. + Cookie wordpress_logged_in_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2285. + Cookie wp-settings-0 created without the httponly flag
2286. + Cookie wp-settings-time-0 created without the httponly flag
2287. + Cookie wordpressuser_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2288. + Cookie wordpresspass_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2289. + Cookie wp-postpass_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2290. + Retrieved x-powered-by header: PHP/5.6.40
2291. + "robots.txt" contains 4 entries which should be manually viewed.
2292. + Uncommon header 'link' found, with contents: <http://jcpa.org/wp-json/>; rel="https://api.w.org/"
2293. + Allowed HTTP Methods: GET, POST, OPTIONS, HEAD, TRACE
2294. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
2295. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
2296. + /securecontrolpanel/: Web Server Control Panel
2297. + /webmail/: Web based mail package installed.
2298. ---------------------------------------------------------------------------------------------------------------------------------------
2299. #######################################################################################################################################
2300. ---------------------------------------------------------------------------------------------------------------------------------------
2301. + Target IP: 198.57.177.19
2302. + Target Hostname: 198.57.177.19
2303. + Target Port: 443
2304. ---------------------------------------------------------------------------------------------------------------------------------------
2305. + SSL Info: Subject: /CN=jcpa.org
2306. Ciphers: ECDHE-RSA-AES256-GCM-SHA384
2307. Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
2308. + Start Time: 2019-02-06 11:03:40 (GMT-5)
2309. ---------------------------------------------------------------------------------------------------------------------------------------
2310. + Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
2311. + Cookie wordpress_1cb6e635993cc1d35323abe8c3f81ae7 created without the secure flag
2312. + Cookie wordpress_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2313. + Cookie wordpress_sec_1cb6e635993cc1d35323abe8c3f81ae7 created without the secure flag
2314. + Cookie wordpress_sec_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2315. + Cookie wordpress_logged_in_1cb6e635993cc1d35323abe8c3f81ae7 created without the secure flag
2316. + Cookie wordpress_logged_in_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2317. + Cookie wp-settings-0 created without the secure flag
2318. + Cookie wp-settings-0 created without the httponly flag
2319. + Cookie wp-settings-time-0 created without the secure flag
2320. + Cookie wp-settings-time-0 created without the httponly flag
2321. + Cookie wordpressuser_1cb6e635993cc1d35323abe8c3f81ae7 created without the secure flag
2322. + Cookie wordpressuser_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2323. + Cookie wordpresspass_1cb6e635993cc1d35323abe8c3f81ae7 created without the secure flag
2324. + Cookie wordpresspass_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2325. + Cookie wp-postpass_1cb6e635993cc1d35323abe8c3f81ae7 created without the secure flag
2326. + Cookie wp-postpass_1cb6e635993cc1d35323abe8c3f81ae7 created without the httponly flag
2327. + Retrieved x-powered-by header: PHP/5.6.40
2328. + The anti-clickjacking X-Frame-Options header is not present.
2329. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
2330. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
2331. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
2332. + Uncommon header 'link' found, with contents: <https://jcpa.org/wp-json/>; rel="https://api.w.org/"
2333. + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x76 0x52405987823c0
2334. + "robots.txt" contains 4 entries which should be manually viewed.
2335. + Hostname '198.57.177.19' does not match certificate's names: jcpa.org
2336. + Uncommon header 'x-redirect-agent' found, with contents: redirection
2337. + Allowed HTTP Methods: GET, POST, OPTIONS, HEAD, TRACE
2338. ---------------------------------------------------------------------------------------------------------------------------------------
2339. #######################################################################################################################################
2340. Anonymous JTSEC #OpIsraël Full Recon #9