#M4r1oBr0s #MersysidePolice #FTP

 + -- ----------------------------=[Running Nslookup]=------------------------ -- +
Server:		10.4.0.1
Address:	10.4.0.1#53

Non-authoritative answer:
Name:	merseyside.police.uk
Address: 107.154.112.83
Name:	merseyside.police.uk
Address: 107.154.113.83

merseyside.police.uk has address 107.154.112.83
merseyside.police.uk has address 107.154.113.83
merseyside.police.uk mail is handled by 10 Extmail1.merseyside.police.uk.
merseyside.police.uk mail is handled by 20 Extmail2.merseyside.police.uk.
merseyside.police.uk mail is handled by 40 mxbackup.ntltelewestbusiness.co.uk.
merseyside.police.uk mail is handled by 30 Extmail3.merseyside.police.uk.
 + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
[-] fingerprint:snmp: need UDP port 161 open

Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu

[+] Target is merseyside.police.uk
[+] Loading modules.
[+] Following modules are loaded:
[x] [1] ping:icmp_ping  -  ICMP echo discovery module
[x] [2] ping:tcp_ping  -  TCP-based ping discovery module
[x] [3] ping:udp_ping  -  UDP-based ping discovery module
[x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
[x] [5] infogather:portscan  -  TCP and UDP PortScanner
[x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
[x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
[x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
[x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
[x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
[x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
[x] [12] fingerprint:smb  -  SMB fingerprinting module
[x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
[+] 13 modules registered
[+] Initializing scan engine
[+] Running scan engine
[-] ping:tcp_ping module: no closed/open TCP ports known on 107.154.112.83. Module test failed
[-] ping:udp_ping module: no closed/open UDP ports known on 107.154.112.83. Module test failed
[-] No distance calculation. 107.154.112.83 appears to be dead or no ports known
[+] Host: 107.154.112.83 is up (Guess probability: 50%)
[+] Target: 107.154.112.83 is alive. Round-Trip Time: 0.50281 sec
[+] Selected safe Round-Trip Time value is: 1.00563 sec
[-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
[-] fingerprint:smb need either TCP port 139 or 445 to run
[+] Primary guess:
[+] Host 107.154.112.83 Running OS:  (Guess probability: 100%)
[+] Other guesses:
[+] Host 107.154.112.83 Running OS:  (Guess probability: 91%)
[+] Host 107.154.112.83 Running OS: @m�=�U (Guess probability: 91%)
[+] Host 107.154.112.83 Running OS:  (Guess probability: 91%)
[+] Host 107.154.112.83 Running OS:  (Guess probability: 91%)
[+] Host 107.154.112.83 Running OS:  (Guess probability: 91%)
[+] Host 107.154.112.83 Running OS:  (Guess probability: 91%)
[+] Host 107.154.112.83 Running OS:  (Guess probability: 91%)
[+] Host 107.154.112.83 Running OS: @m�=�U (Guess probability: 91%)
[+] Host 107.154.112.83 Running OS: @m�=�U (Guess probability: 91%)
[+] Cleaning up scan engine
[+] Modules deinitialized
[+] Execution completed.
 + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
This TLD has no whois server.
 + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +

*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 2.7                                           *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************


[-] Searching in Bing:
	Searching 50 results...
	Searching 100 results...


[+] Emails found:
------------------
8903@merseyside.police.uk
26038@merseyside.police.uk
Dangerous.Dogs@merseyside.police.uk
Declan.A.Sammin@merseyside.police.uk
Kirsty.J.Jennett@merseyside.police.uk
Sophia.t.bridge@merseyside.police.uk
foi@merseyside.police.uk
firearms.licensing@merseyside.police.uk

[+] Hosts found in search engines:
------------------------------------
[-] Resolving hostnames IPs...
107.154.113.83:www.merseyside.police.uk
 + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +

; <<>> DiG 9.10.3-P4-Debian <<>> -x merseyside.police.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57714
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;uk.police.merseyside.in-addr.arpa. IN	PTR

;; AUTHORITY SECTION:
in-addr.arpa.		600	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2016111010 1800 900 604800 3600

;; Query time: 38 msec
;; SERVER: 10.4.0.1#53(10.4.0.1)
;; WHEN: Sun Mar 05 17:41:02 GMT 2017
;; MSG SIZE  rcvd: 130

AXFR record query failed: REFUSED
AXFR record query failed: REFUSED
AXFR record query failed: REFUSED
AXFR record query failed: REFUSED
dnsenum.pl VERSION:1.2.3

-----   merseyside.police.uk   -----


Host's addresses:
__________________

merseyside.police.uk.                    882      IN    A        107.154.112.83
merseyside.police.uk.                    882      IN    A        107.154.113.83


Name Servers:
______________

ns1.virginmedia.net.                     3582     IN    A        62.253.162.237
ns2.virginmedia.net.                     3582     IN    A        194.168.4.237
ns3.virginmedia.net.                     3582     IN    A        62.253.162.37
ns4.virginmedia.net.                     3582     IN    A        194.168.4.33


Mail (MX) Servers:
___________________

Extmail1.merseyside.police.uk.           881      IN    A        94.175.230.162
Extmail2.merseyside.police.uk.           881      IN    A        94.175.230.163
Extmail3.merseyside.police.uk.           881      IN    A        94.175.230.178
mxbackup.ntltelewestbusiness.co.uk.      900      IN    A        81.103.221.10


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for merseyside.police.uk on ns4.virginmedia.net ...

Trying Zone Transfer for merseyside.police.uk on ns2.virginmedia.net ...

Trying Zone Transfer for merseyside.police.uk on ns3.virginmedia.net ...

Trying Zone Transfer for merseyside.police.uk on ns1.virginmedia.net ...

brute force file not specified, bay.
 + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +

                 ____        _     _ _     _   _____
                / ___| _   _| |__ | (_)___| |_|___ / _ __
                \___ \| | | | '_ \| | / __| __| |_ \| '__|
                 ___) | |_| | |_) | | \__ \ |_ ___) | |
                |____/ \__,_|_.__/|_|_|___/\__|____/|_|

                # Coded By Ahmed Aboul-Ela - @aboul3la

[-] Enumerating subdomains now for merseyside.police.uk
[-] verbosity is enabled, will show the subdomains results in realtime
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
SSL Certificates: metacsg1.merseyside.police.uk
SSL Certificates: metacsg2.merseyside.police.uk
SSL Certificates: www.merseyside.police.uk
SSL Certificates: your-area.merseyside.police.uk
SSL Certificates: dialin.merseyside.police.uk
SSL Certificates: lyncdiscover.merseyside.police.uk
SSL Certificates: meet.merseyside.police.uk
SSL Certificates: officewebapps1.merseyside.police.uk
SSL Certificates: officewebappsa.merseyside.police.uk
SSL Certificates: scheduler.merseyside.police.uk
SSL Certificates: sfbextweb1.merseyside.police.uk
SSL Certificates: sfbextweba.merseyside.police.uk
SSL Certificates: admin.merseyside.police.uk
PassiveDNS: extmail.merseyside.police.uk
PassiveDNS: smtpg2.merseyside.police.uk
Virustotal: merseybeat.merseyside.police.uk
Virustotal: admin.merseyside.police.uk
Virustotal: www.merseyside.police.uk
DNSdumpster: meet.merseyside.police.uk
DNSdumpster: daa.merseyside.police.uk
DNSdumpster: accessa.merseyside.police.uk
DNSdumpster: metacsg1.merseyside.police.uk
DNSdumpster: da1.merseyside.police.uk
DNSdumpster: extmail.merseyside.police.uk
DNSdumpster: smtpg2.merseyside.police.uk
DNSdumpster: access1.merseyside.police.uk
DNSdumpster: metacsg2.merseyside.police.uk
[-] Saving results to file: /usr/share/sniper/loot/domains/domains-merseyside.police.uk.txt
[-] Total Unique Subdomains Found: 20
www.merseyside.police.uk
access1.merseyside.police.uk
accessa.merseyside.police.uk
admin.merseyside.police.uk
da1.merseyside.police.uk
daa.merseyside.police.uk
dialin.merseyside.police.uk
extmail.merseyside.police.uk
lyncdiscover.merseyside.police.uk
meet.merseyside.police.uk
merseybeat.merseyside.police.uk
metacsg1.merseyside.police.uk
metacsg2.merseyside.police.uk
officewebapps1.merseyside.police.uk
officewebappsa.merseyside.police.uk
scheduler.merseyside.police.uk
sfbextweb1.merseyside.police.uk
sfbextweba.merseyside.police.uk
smtpg2.merseyside.police.uk
your-area.merseyside.police.uk

 ╔═╗╦═╗╔╦╗╔═╗╦ ╦
 ║  ╠╦╝ ║ ╚═╗╠═╣
 ╚═╝╩╚═ ╩o╚═╝╩ ╩
 + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +

admin.merseyside.police.uk
dialin.merseyside.police.uk
lyncdiscover.merseyside.police.uk
meet.merseyside.police.uk
*.merseyside.police.uk
metacsg1.merseyside.police.uk
metacsg2.merseyside.police.uk
officewebapps1.merseyside.police.uk
officewebappsa.merseyside.police.uk
scheduler.merseyside.police.uk
sfbextweb1.merseyside.police.uk
sfbextweba.merseyside.police.uk
www.merseyside.police.uk
your-area.merseyside.police.uk
 [+] Domains saved to: /usr/share/sniper/loot/domains/domains-merseyside.police.uk-full.txt

 + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
 + -- ----------------------------=[Checking Email Security]=----------------- -- +

 + -- ----------------------------=[Pinging host]=---------------------------- -- +
PING merseyside.police.uk (107.154.113.83) 56(84) bytes of data.
64 bytes from 107.154.113.83.ip.incapdns.net (107.154.113.83): icmp_seq=1 ttl=61 time=36.3 ms

--- merseyside.police.uk ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 36.302/36.302/36.302/0.000 ms

 + -- ----------------------------=[Running TCP port scan]=------------------- -- +

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-05 17:41 GMT
Nmap scan report for merseyside.police.uk (107.154.113.83)
Host is up (0.042s latency).
Other addresses for merseyside.police.uk (not scanned): 107.154.112.83
rDNS record for 107.154.113.83: 107.154.113.83.ip.incapdns.net
Not shown: 30 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
389/tcp   open  ldap
443/tcp   open  https
445/tcp   open  microsoft-ds
2049/tcp  open  nfs
3389/tcp  open  ms-wbt-server
4443/tcp  open  pharos
5900/tcp  open  vnc
5984/tcp  open  couchdb
8000/tcp  open  http-alt
8080/tcp  open  http-proxy
8443/tcp  open  https-alt
8888/tcp  open  sun-answerbook
10000/tcp open  snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 2.88 seconds

 + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
 + -- --=[Port 21 closed... skipping.
 + -- --=[Port 22 closed... skipping.
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 53 opened... running tests...

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-05 17:41 GMT
Nmap scan report for merseyside.police.uk (107.154.112.83)
Host is up (0.058s latency).
Other addresses for merseyside.police.uk (not scanned): 107.154.113.83
rDNS record for 107.154.112.83: 107.154.112.83.ip.incapdns.net
PORT   STATE SERVICE VERSION
53/udp open  domain
|_dns-cache-snoop: 0 of 100 tested domains are cached.
|_dns-fuzz: Server didn't response to our probe, can't fuzz
| dns-nsec-enum:
|_  No NSEC records found
| dns-nsec3-enum:
|_  DNSSEC NSEC3 not supported
| fingerprint-strings:
|   DNS-SD:
|     _services
|     _dns-sd
|     _udp
|     local
|   DNSVersionBindReq:
|     version
|     bind
|   NBTStat:
|_    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-UDP:V=7.40%I=7%D=3/5%Time=58BC4DDB%P=x86_64-pc-linux-gnu%r(DNSVe
SF:rsionBindReq,1E,"\0\x06\x84\t\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\
SF:x10\0\x03")%r(NBTStat,32,"\x80\xf0\x84\t\0\x01\0\0\0\0\0\0\x20CKAAAAAAA
SF:AAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01")%r(DNS-SD,2E,"\0\0\x84\t\0\x01\0\0\
SF:0\0\0\0\t_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01");
Too many fingerprints match this host to give specific OS details
Network Distance: 8 hops

Host script results:
| dns-blacklist:
|   SPAM
|_    sbl.spamhaus.org - FAIL
| dns-brute:
|   DNS Brute-force hostnames:
|     admin.police.uk - 51.231.191.137
|_    www.police.uk - 54.154.239.59

TRACEROUTE (using port 80/tcp)
HOP RTT      ADDRESS
1   91.99 ms 10.4.0.1
2   91.87 ms 91.195.103.73
3   91.79 ms adm-b2-link.telia.net (213.248.71.116)
4   91.49 ms adm-bb3-link.telia.net (62.115.141.62)
5   92.48 ms ldn-bb2-link.telia.net (213.155.136.88)
6   92.13 ms ldn-b5-link.telia.net (213.155.136.75)
7   92.00 ms incapsula-ic-306833-ldn-b5.c.telia.net (62.115.45.226)
8   91.62 ms 107.154.112.83.ip.incapdns.net (107.154.112.83)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 50.78 seconds
 + -- --=[Port 79 closed... skipping.
 + -- --=[Port 80 opened... running tests...
 + -- ----------------------------=[Checking for WAF]=------------------------ -- +

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                 ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking http://merseyside.police.uk
The site http://merseyside.police.uk is behind a Incapsula WAF
Number of requests: 1

 + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
http://merseyside.police.uk [303 See Other] Cookies[incap_ses_449_819583,visid_incap_819583], Country[UNITED STATES][US], HTTPServer[web server], IP[107.154.113.83], Incapsula-WAF, RedirectLocation[https://merseyside.police.uk/], Title[Document Moved], UncommonHeaders[x-iinfo,x-cdn]
https://merseyside.police.uk/ [200 OK] Cookies[incap_ses_455_819583,visid_incap_819583], Country[UNITED STATES][US], Frame, Google-Analytics[UA-30863951-1], HTML5, HTTPServer[web server], IP[107.154.113.83], Incapsula-WAF, JQuery[1.11.1], Modernizr, Open-Graph-Protocol, Script[text/javascript], Title[Merseyside Police website | Merseyside Police], UncommonHeaders[x-iinfo,x-cdn], X-UA-Compatible[IE=edge]

	__  ______ _____
	\ \/ / ___|_   _|
	 \  /\___ \ | |
	 /  \ ___) || |
	/_/\_|____/ |_|

+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
+ -- --=[Target: merseyside.police.uk:80
+ -- --=[Site not vulnerable to Cross-Site Tracing!
+ -- --=[Site not vulnerable to Host Header Injection!
+ -- --=[Site vulnerable to Cross-Frame Scripting!
+ -- --=[Site vulnerable to Clickjacking!

HTTP/1.1 303 See Other
Content-Type: text/html; charset=UTF-8
Location: https://merseyside.police.uk/
Server: web server
Date: Sun, 05 Mar 2017 17:42:37 GMT
Content-Length: 152
Set-Cookie: visid_incap_819583=0Wf9t744RaS2ZL49quo+BiJOvFgAAAAAQUIPAAAAAAAP3kJd8hfhF14yZ+lYs/uJ; expires=Mon, 05 Mar 2018 07:38:47 GMT; path=/
Set-Cookie: incap_ses_455_819583=zzooXzHd6x65EpiseHxQBiJOvFgAAAAAYIX1xNWycdne4ziiUdAcDg==; path=/
X-Iinfo: 4-38657146-38655420 PNNN RT(1488735778152 2) q(1 1 1 -1) r(1 1) U6
X-CDN: Incapsula

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/">here</a></body>
HTTP/1.1 303 See Other
Content-Type: text/html; charset=UTF-8
Location: https://merseyside.police.uk/
Server: web server
Date: Sun, 05 Mar 2017 17:42:37 GMT
Content-Length: 152
Set-Cookie: visid_incap_819583=gdabDlVbQHi+hzKric/GKSBOvFgAAAAAQUIPAAAAAADhThK/FVzDvtcymGpLOXa2; expires=Mon, 05 Mar 2018 12:37:48 GMT; path=/
Set-Cookie: incap_ses_449_819583=hDD+DuoTYgKApaIhgys7BiNOvFgAAAAAcJk/V8b6OhLSWFtJVRzaGA==; path=/
X-Iinfo: 10-27193642-27193649 NNNN CT(0 -1 0) RT(1488735779131 2) q(0 0 0 0) r(0 0) U11
X-CDN: Incapsula

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/">here</a></body>


 + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
+ -- --=[Checking if X-Content options are enabled on merseyside.police.uk...

+ -- --=[Checking if X-Frame options are enabled on merseyside.police.uk...

+ -- --=[Checking if X-XSS-Protection header is enabled on merseyside.police.uk...

+ -- --=[Checking HTTP methods on merseyside.police.uk...

+ -- --=[Checking if TRACE method is enabled on merseyside.police.uk...

+ -- --=[Checking for META tags on merseyside.police.uk...

+ -- --=[Checking for open proxy on merseyside.police.uk...
<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe src="/_Incapsula_Resource?CWUDNSAI=5&xinfo=9-46753081-0 0NNN RT(1488735782325 6) q(0 -1 -1 -1) r(1 -1)&incident_id=0-351465020766749353&edet=22&cinfo=ffffffff" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-351465020766749353</iframe></body></html>
+ -- --=[Enumerating software on merseyside.police.uk...
Server: web server

+ -- --=[Checking if Strict-Transport-Security is enabled on merseyside.police.uk...

+ -- --=[Checking for Flash cross-domain policy on merseyside.police.uk...
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/crossdomain.xml">here</a></body>
+ -- --=[Checking for Silverlight cross-domain policy on merseyside.police.uk...
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/clientaccesspolicy.xml">here</a></body>
+ -- --=[Checking for HTML5 cross-origin resource sharing on merseyside.police.uk...

+ -- --=[Retrieving robots.txt on merseyside.police.uk...
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/robots.txt">here</a></body>
+ -- --=[Retrieving sitemap.xml on merseyside.police.uk...
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/sitemap.xml">here</a></body>
+ -- --=[Checking cookie attributes on merseyside.police.uk...
Set-Cookie: visid_incap_819583=c8iUceHjTNOM/DBc6R90jidOvFgAAAAAQUIPAAAAAABb40OP7QhIzmUt43GtqsVO; expires=Mon, 05 Mar 2018 07:39:22 GMT; path=/
Set-Cookie: incap_ses_455_819583=sFLoQef5vGnkGZiseHxQBidOvFgAAAAAIHhnoVr71CGgcWjGTbXTRQ==; path=/

+ -- --=[Checking for ASP.NET Detailed Errors on merseyside.police.uk...
<h2>Object moved to <a href="/Static/SystemError.html?aspxerrorpath=/?.jsp">here</a>.</h2>


 + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          107.154.113.83
+ Target Hostname:    merseyside.police.uk
+ Target Port:        80
+ Start Time:         2017-03-05 17:42:55 (GMT0)
---------------------------------------------------------------------------
+ Server: web server
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ Uncommon header 'x-iinfo' found, with contents: 5-47584845-47584582 SNNN RT(1488735785853 527) q(0 0 0 -1) r(0 0) U2
+ Uncommon header 'x-cdn' found, with contents: Incapsula
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie visid_incap_819583 created without the httponly flag
+ Cookie incap_ses_455_819583 created without the httponly flag
+ Root page / redirects to: https://merseyside.police.uk/
+ /bin/cart32.exe: request cart32.exe/cart32clientlist
+ /bin/classified.cgi: Check Phrack 55 for info by RFP
+ /bin/download.cgi: v1 by Matt Wright; check info in Phrack 55 by RFP
+ /bin/flexform.cgi: Check Phrack 55 for info by RFP, allows to append info to writable files.
+ /bin/flexform: Check Phrack 55 for info by RFP, allows to append info to writable files.
+ /bin/lwgate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
+ /bin/LWGate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
+ /bin/lwgate: Check Phrack 55 for info by RFP
+ /bin/LWGate: Check Phrack 55 for info by RFP
+ /bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP
+ /bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /bin/finger: finger other users, may be other commands?
+ /bin/finger.pl: finger other users, may be other commands?
+ /bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
+ /bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /bin/wrap.cgi: possible variation: comes with IRIX 6.2; allows to view directories
+ /bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more
+ /bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more
+ /bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /bin/gH.cgi: Web backdoor by gH
+ /bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
+ /bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
+ /bin/AT-admin.cgi: Admin interface...
+ OSVDB-17111: /bin/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ /bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /bin/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /bin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /bin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm
+ /bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ OSVDB-2878: /bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability
+ /bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow http://www.securityfocus.com/bid/4684. Prior to 2.1.3 contained unspecified security bugs
+ /bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ OSVDB-2017: /bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha.
+ /bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ OSVDB-11740: /bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.
+ OSVDB-11741: /bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.
+ /bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /bin/.cobalt: May allow remote admin of CGI scripts.
+ OSVDB-35707: /forum/admin/wwforum.mdb: Web Wiz Forums password database found.
+ /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
+ OSVDB-52975: /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password.
+ OSVDB-15971: /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
+ OSVDB-15971: /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
+ OSVDB-41850: /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved.
+ /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
+ OSVDB-53413: /shopping300.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
+ OSVDB-53413: /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
+ OSVDB-15971: /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
+ OSVDB-4398: /database/db2000.mdb: Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root.
+ OSVDB-319: /bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI.
+ /bin/.access: Contains authorization information
+ OSVDB-11871: /bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file.
+ /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein
+ /bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ 8310 requests: 0 error(s) and 75 item(s) reported on remote host
+ End Time:           2017-03-05 17:57:08 (GMT0) (853 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
 + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
[+] ;/Screenshot saved to /usr/share/sniper/loot/screenshots/merseyside.police.uk-port80.jpg
 + -- ----------------------------=[Running Google Hacking Queries]=--------- -- +
 + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +

    _____  .701F. .iBR.   .7CL. .70BR.   .7BR. .7BR'''Cq.   .70BR.      .1BR'''Yp, .8BR'''Cq.
   (_____)   01     01N.    C     01       C     01   .01.    01          01    Yb   01   .01.
   (() ())   01     C YCb   C     01       C     01   ,C9     01          01    dP   01   ,C9
    \   /    01     C  .CN. C     01       C     0101dC9      01          01'''bg.   0101dC9
     \ /     01     C   .01.C     01       C     01  YC.      01      ,   01    .Y   01  YC.
     /=\     01     C     Y01     YC.     ,C     01   .Cb.    01     ,C   01    ,9   01   .Cb.
    [___]  .J01L. .JCL.    YC      .b0101d'.   .J01L. .J01. .J01010101C .J0101Cd9  .J01L. .J01./ 2.1

__[ ! ] Neither war between hackers, nor peace for the system.
__[ ! ] http://blog.inurl.com.br
__[ ! ] http://fb.com/InurlBrasil
__[ ! ] http://twitter.com/@googleinurl
__[ ! ] http://github.com/googleinurl
__[ ! ] Current PHP version::[ 7.0.14-2 ]
__[ ! ] Current script owner::[ root ]
__[ ! ] Current uname::[ Linux parrot 4.8.0-parrot-amd64 #1 SMP Parrot 4.8.15-1kali1 (2016-12-27) x86_64 ]
__[ ! ] Current pwd::[ /usr/share/sniper ]
__[ ! ] Help: php inurlbr.php --help
------------------------------------------------------------------------------------------------------------------------

[ ! ] Starting SCANNER INURLBR 2.1 at [05-03-2017 17:57:55]
[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for any misuse or damage caused by this program

[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-merseyside.police.uk.txt  ]
[ INFO ][ DORK ]::[ site:merseyside.police.uk ]
[ INFO ][ SEARCHING ]:: {
[ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.uy ]

[ INFO ][ SEARCHING ]::
-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE API ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.id ID: 007843865286850066037:b0heuatvay8 ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]

[ INFO ][ TOTAL FOUND VALUES ]:: [ 99 ]


 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 0 / 99 ]-[17:58:09] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 1 / 99 ]-[17:58:09] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/join-us/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 2 / 99 ]-[17:58:10] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 3 / 99 ]-[17:58:10] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/social-media/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 4 / 99 ]-[17:58:11] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/_ext/crimeprevention/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 5 / 99 ]-[17:58:11] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/privacy-policy/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 6 / 99 ]-[17:58:12] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/languages/polish/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 7 / 99 ]-[17:58:12] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/languages/arabic/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 8 / 99 ]-[17:58:13] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/languages/chinese/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 9 / 99 ]-[17:58:13] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 10 / 99 ]-[17:58:13] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 11 / 99 ]-[17:58:14] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/languages/czech/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 12 / 99 ]-[17:58:14] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 13 / 99 ]-[17:58:15] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/document-library/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 14 / 99 ]-[17:58:15] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/missing-persons/alessandro-severitano/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 15 / 99 ]-[17:58:16] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/join-us/insight/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 16 / 99 ]-[17:58:16] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/most-wanted/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 17 / 99 ]-[17:58:17] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 18 / 99 ]-[17:58:18] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/misconduct/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 19 / 99 ]-[17:58:18] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/sefton/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 20 / 99 ]-[17:58:18] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/liverpool/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 21 / 99 ]-[17:58:19] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/missing-persons/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 22 / 99 ]-[17:58:20] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/wirral/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 23 / 99 ]-[17:58:20] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/knowsley/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 24 / 99 ]-[17:58:20] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/feedback/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 25 / 99 ]-[17:58:21] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/advice-and-protection/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 26 / 99 ]-[17:58:21] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/crimestoppers/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 27 / 99 ]-[17:58:22] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/document-library/communications/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 28 / 99 ]-[17:58:22] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/supporting-policing/commercial-vehicle-unit/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 29 / 99 ]-[17:58:23] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12905/merseyside_sc_chief_officer_role_profile.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 30 / 99 ]-[17:58:23] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12956/mpa_approved_june_2012.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 31 / 99 ]-[17:58:26] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12959/228208_pccprospectus.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 32 / 99 ]-[17:58:26] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/6515/firearms_dealer_registration_form_116.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 33 / 99 ]-[17:58:27] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12755/25412_minutes.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 34 / 99 ]-[17:58:27] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/st-helens/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 35 / 99 ]-[17:58:28] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/most-wanted/recall-to-prison-stephen-tierney/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 36 / 99 ]-[17:58:29] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/64155/steer_clear_of_bike_crime1.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 37 / 99 ]-[17:58:30] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12415/no_4_170412_open.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 38 / 99 ]-[17:58:31] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12960/csas_information_for_private_companies.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 39 / 99 ]-[17:58:33] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/64156/july_2014.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 40 / 99 ]-[17:58:33] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12664/wirral_command_team_minutes_12312.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 41 / 99 ]-[17:58:34] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12518/liverpool_north_ct_minutes_11092012.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 42 / 99 ]-[17:58:35] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/132055/croxteth.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 43 / 99 ]-[17:58:35] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/08/kyle-edward-redman/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 44 / 99 ]-[17:58:36] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/advice-and-protection/terrorism/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 45 / 99 ]-[17:58:36] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/6513/application_for_a_visitors_firearm_shotgun_certificate_form107.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 46 / 99 ]-[17:58:37] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12872/application_for_data_under_section_35.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 47 / 99 ]-[17:58:38] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news?page=226&filter= ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 48 / 99 ]-[17:58:38] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12881/fees_and_charges_2013.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 49 / 99 ]-[17:58:40] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/661933/ps4.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 50 / 99 ]-[17:58:42] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/182528/bike_booklet.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 51 / 99 ]-[17:58:42] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12537/liverpool_south_command_team_meeting_10042012.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 52 / 99 ]-[17:58:43] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/emergency-999/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 53 / 99 ]-[17:58:43] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12759/20612_minutes.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 54 / 99 ]-[17:58:44] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12957/policing_plan_printable_version.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 55 / 99 ]-[17:58:44] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/supporting-policing/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 56 / 99 ]-[17:58:45] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12419/no_10_221012_open.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 57 / 99 ]-[17:58:45] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/our-history/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 58 / 99 ]-[17:58:46] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12425/no_5_12613_open.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 59 / 99 ]-[17:58:47] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12961/employersguidev12.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 60 / 99 ]-[17:58:48] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/6520/recruitment_bruchure.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 61 / 99 ]-[17:58:48] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/64151/vetting_internet.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 62 / 99 ]-[17:58:50] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/111518/greenbank.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 63 / 99 ]-[17:58:50] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12417/no_7_170712_open.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 64 / 99 ]-[17:58:50] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/13338/lost_property.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 65 / 99 ]-[17:58:51] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/our-services/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 66 / 99 ]-[17:58:51] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12683/wirral_command_team_minutes_51112.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 67 / 99 ]-[17:58:53] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/64150/volunteering_matters_issue6.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 68 / 99 ]-[17:58:54] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/111510/allerton.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 69 / 99 ]-[17:58:54] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/document-library/accessing-information/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 70 / 99 ]-[17:58:55] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/document-library/communications/recruitment/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 71 / 99 ]-[17:58:55] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12866/your_rights_to_police_information.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 72 / 99 ]-[17:58:56] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/661927/playstation.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 73 / 99 ]-[17:58:57] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/661925/wii.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 74 / 99 ]-[17:58:57] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12912/ed_champion_role_description.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 75 / 99 ]-[17:58:58] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/our-organisation/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 76 / 99 ]-[17:58:58] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/misconduct/hearings/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 77 / 99 ]-[17:59:00] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/wirral/wirral-community-police-team-hub-one/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 78 / 99 ]-[17:59:00] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/join-us/applicant-login/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 79 / 99 ]-[17:59:01] [ - ]
|_[ + ] Target:: [ https://merseyside.police.uk/news/latest-news/2016/09/update-injury-shooting-speke/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 302 Found,   , IP:107.154.112.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 80 / 99 ]-[17:59:02] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/liverpool/liverpool-community-police-team-hub-two/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 81 / 99 ]-[17:59:03] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/6507/young_people_s_leaflet.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 82 / 99 ]-[17:59:03] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/661924/whatssapp.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 83 / 99 ]-[17:59:04] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/661921/snapchat.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 84 / 99 ]-[17:59:05] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/liverpool/liverpool-community-police-team-hub-four/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 85 / 99 ]-[17:59:06] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12911/equality_and_diversity_co_ordination_group.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 86 / 99 ]-[17:59:06] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/08/cctv-appeal-burglary-birkdale/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 87 / 99 ]-[17:59:07] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2017/02/exposure-buttermere-road-huyton/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 88 / 99 ]-[17:59:08] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/liverpool/liverpool-community-police-team-hub-three/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 89 / 99 ]-[17:59:08] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/10/update-shooting-reeds-road ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 90 / 99 ]-[17:59:09] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2017/01/assault-claughton-road-birkenhead/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 91 / 99 ]-[17:59:09] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12651/act_02042013.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 92 / 99 ]-[17:59:10] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/sefton/sefton-community-police-team-hub-two/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 93 / 99 ]-[17:59:11] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/media/12874/section_35_overview.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 94 / 99 ]-[17:59:11] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/11/update-robbery-bargain-booze/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 95 / 99 ]-[17:59:12] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/wirral/wirral-community-police-team-hub-two/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 96 / 99 ]-[17:59:13] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/advice-and-protection/policing-the-roads/road-traffic-collisions/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 97 / 99 ]-[17:59:13] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/09/witness-appeal-assault-litherland/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 98 / 99 ]-[17:59:14] [ - ]
|_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2015/11/cctv-appeal-singhsburys-seacombe/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server  , IP:107.154.113.83:443
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

[ INFO ] [ Shutting down ]
[ INFO ] [ End of process INURLBR at [05-03-2017 17:59:14]
[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-merseyside.police.uk.txt  ]
|_________________________________________________________________________________________

\_________________________________________________________________________________________/

 + -- --=[Port 110 closed... skipping.
 + -- --=[Port 111 closed... skipping.
 + -- --=[Port 135 closed... skipping.
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 161 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 opened... running tests...
 + -- ----------------------------=[Checking for WAF]=------------------------ -- +

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                 ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking https://merseyside.police.uk
The site https://merseyside.police.uk is behind a Incapsula WAF
Number of requests: 1

 + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
https://merseyside.police.uk [302 Found] Cookies[incap_ses_455_819583,visid_incap_819583], Country[UNITED STATES][US], IP[107.154.113.83], Incapsula-WAF, RedirectLocation[/], Title[Loading], UncommonHeaders[x-iinfo]

 + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +


 AVAILABLE PLUGINS
 -----------------

  PluginCompression
  PluginSessionRenegotiation
  PluginHeartbleed
  PluginChromeSha1Deprecation
  PluginCertInfo
  PluginOpenSSLCipherSuites
  PluginHSTS
  PluginSessionResumption


 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   merseyside.police.uk:443            => 107.154.112.83:443


 SCAN RESULTS FOR MERSEYSIDE.POLICE.UK:443 - 107.154.112.83:443
 --------------------------------------------------------------

  * Deflate Compression:
      OK - Compression disabled

  * Session Renegotiation:
      Client-initiated Renegotiations:   VULNERABLE - Server honors client-initiated renegotiations
      Secure Renegotiation:              OK - Supported

  * Certificate - Content:
      SHA1 Fingerprint:                  72340c8bbdad6344187aea301307ae1424674f28
      Common Name:                       incapsula.com
      Issuer:                            GlobalSign CloudSSL CA - SHA256 - G3
      Serial Number:                     7CC91BC6E41A54C7994756BC
      Not Before:                        Feb  7 18:19:14 2017 GMT
      Not After:                         May  6 08:26:28 2017 GMT
      Signature Algorithm:               sha256WithRSAEncryption
      Public Key Algorithm:              rsaEncryption
      Key Size:                          2048 bit
      Exponent:                          65537 (0x10001)
      X509v3 Subject Alternative Name:   {'DNS': ['incapsula.com', '*.916trade.com', '*.anserifx.com', '*.api.olostaging.com', '*.auction.com', '*.bulltab.com.au', '*.canaccord.com', '*.canaccordgenuity.com', '*.canaccordgenuitygps.com', '*.coastalmusic.com.au', '*.copa.nespresso.com.ar', '*.fabricat3d.com.au', '*.fetranspor.com.br', '*.flyfishingworld.com.au', '*.fonctionpublique.gouv.ci', '*.fondovalores.com.uy', '*.get-wrecked.com', '*.globalcashcard.com', '*.gratifyfoods.co.uk', '*.gspwll.com', '*.harfordhouse.com.au', '*.hijabhouse.com.au', '*.hndigital.cloud', '*.homeaway.ca', '*.homeessentials.co.uk', '*.ihealth.net.au', '*.inscapepublishing.com', '*.jacamo.co.uk', '*.jdwilliams.co.uk', '*.klasgames.com', '*.m10store.com.au', '*.merseyside.police.uk', '*.mrmobile.net.au', '*.nate777.com', '*.nespresso.com.ar', '*.nestle.com', '*.oneaccess.mckesson.com', '*.pepperi.com', '*.pinnacleonline.ca', '*.portal.carrefour.fr', '*.proplansweeps.com', '*.route66garage.com.au', '*.simplybe.co.uk', '*.southerncrossemporium.com.au', '*.spoonrocket.com.br', '*.staging.springleaffincl.co', '*.thecurvybellydancer.com.au', '*.thedarling.com.au', '*.thekidsdivision.co.uk', '*.thornado.net.au', '*.trans-app.net', '*.trustamerica.com', '*.twctrade.com', '*.xpsa.com.au', 'anserifx.com', 'auction.com', 'bulltab.com.au', 'canaccord.com', 'canaccordgenuity.com', 'canaccordgenuitygps.com', 'cdn-test-waf.tmobilecloud.com', 'coastalmusic.com.au', 'fabricat3d.com.au', 'fetranspor.com.br', 'flyfishingworld.com.au', 'fonctionpublique.gouv.ci', 'globalcashcard.com', 'gratifyfoods.co.uk', 'harfordhouse.com.au', 'hijabhouse.com.au', 'hndigital.cloud', 'homeessentials.co.uk', 'ihealth.net.au', 'jacamo.co.uk', 'jdwilliams.co.uk', 'm10store.com.au', 'merseyside.police.uk', 'mrmobile.net.au', 'nate777.com', 'pinnacleonline.ca', 'proplansweeps.com', 'route66garage.com.au', 'simplybe.co.uk', 'southerncrossemporium.com.au', 'spoonrocket.com.br', 'thecurvybellydancer.com.au', 'thekidsdivision.co.uk', 'thornado.net.au', 'trans-app.net', 'trustamerica.com', 'xpsa.com.au']}

  * Certificate - Trust:
      Hostname Validation:               OK - Subject Alternative Name matches
      Google CA Store (09/2015):         OK - Certificate is trusted
      Java 6 CA Store (Update 65):       FAILED - Certificate is NOT Trusted: certificate has expired
      Microsoft CA Store (09/2015):      OK - Certificate is trusted
      Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
      Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
      Certificate Chain Received:        ['incapsula.com', 'GlobalSign CloudSSL CA - SHA256 - G3']

  * Certificate - OCSP Stapling:
      OCSP Response Status:              successful
      Validation w/ Mozilla's CA Store:  OK - Response is trusted
      Responder Id:                      2737AB19FAB105FAC3F77481D0E65CE5B93EA88B
      Cert Status:                       good
      Cert Serial Number:                7CC91BC6E41A54C7994756BC
      This Update:                       Mar  5 16:32:30 2017 GMT
      Next Update:                       Mar  9 16:32:30 2017 GMT

  * Session Resumption:
      With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
      With TLS Session Tickets:          OK - Supported

  * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

  * SSLV3 Cipher Suites:
      Server rejected all cipher suites.


 SCAN COMPLETED IN 1.68 S
 ------------------------
Version: 1.11.8-static
OpenSSL 1.0.2k-dev  xx XXX xxxx

Testing SSL server merseyside.police.uk on port 443

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
Accepted  TLSv1.2  256 bits  AES256-SHA256
Accepted  TLSv1.2  256 bits  AES256-SHA
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.2  128 bits  AES128-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA
Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  AES256-SHA
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.1  128 bits  AES128-SHA
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA
Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  AES256-SHA
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.0  128 bits  AES128-SHA
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  incapsula.com
Altnames: DNS:incapsula.com, DNS:*.916trade.com, DNS:*.anserifx.com, DNS:*.api.olostaging.com, DNS:*.auction.com, DNS:*.bulltab.com.au, DNS:*.canaccord.com, DNS:*.canaccordgenuity.com, DNS:*.canaccordgenuitygps.com, DNS:*.coastalmusic.com.au, DNS:*.copa.nespresso.com.ar, DNS:*.fabricat3d.com.au, DNS:*.fetranspor.com.br, DNS:*.flyfishingworld.com.au, DNS:*.fonctionpublique.gouv.ci, DNS:*.fondovalores.com.uy, DNS:*.get-wrecked.com, DNS:*.globalcashcard.com, DNS:*.gratifyfoods.co.uk, DNS:*.gspwll.com, DNS:*.harfordhouse.com.au, DNS:*.hijabhouse.com.au, DNS:*.hndigital.cloud, DNS:*.homeaway.ca, DNS:*.homeessentials.co.uk, DNS:*.ihealth.net.au, DNS:*.inscapepublishing.com, DNS:*.jacamo.co.uk, DNS:*.jdwilliams.co.uk, DNS:*.klasgames.com, DNS:*.m10store.com.au, DNS:*.merseyside.police.uk, DNS:*.mrmobile.net.au, DNS:*.nate777.com, DNS:*.nespresso.com.ar, DNS:*.nestle.com, DNS:*.oneaccess.mckesson.com, DNS:*.pepperi.com, DNS:*.pinnacleonline.ca, DNS:*.portal.carrefour.fr, DNS:*.proplansweeps.com, DNS:*.route66garage.com.au, DNS:*.simplybe.co.uk, DNS:*.southerncrossemporium.com.au, DNS:*.spoonrocket.com.br, DNS:*.staging.springleaffincl.co, DNS:*.thecurvybellydancer.com.au, DNS:*.thedarling.com.au, DNS:*.thekidsdivision.co.uk, DNS:*.thornado.net.au, DNS:*.trans-app.net, DNS:*.trustamerica.com, DNS:*.twctrade.com, DNS:*.xpsa.com.au, DNS:anserifx.com, DNS:auction.com, DNS:bulltab.com.au, DNS:canaccord.com, DNS:canaccordgenuity.com, DNS:canaccordgenuitygps.com, DNS:cdn-test-waf.tmobilecloud.com, DNS:coastalmusic.com.au, DNS:fabricat3d.com.au, DNS:fetranspor.com.br, DNS:flyfishingworld.com.au, DNS:fonctionpublique.gouv.ci, DNS:globalcashcard.com, DNS:gratifyfoods.co.uk, DNS:harfordhouse.com.au, DNS:hijabhouse.com.au, DNS:hndigital.cloud, DNS:homeessentials.co.uk, DNS:ihealth.net.au, DNS:jacamo.co.uk, DNS:jdwilliams.co.uk, DNS:m10store.com.au, DNS:merseyside.police.uk, DNS:mrmobile.net.au, DNS:nate777.com, DNS:pinnacleonline.ca, DNS:proplansweeps.com, DNS:route66garage.com.au, DNS:simplybe.co.uk, DNS:southerncrossemporium.com.au, DNS:spoonrocket.com.br, DNS:thecurvybellydancer.com.au, DNS:thekidsdivision.co.uk, DNS:thornado.net.au, DNS:trans-app.net, DNS:trustamerica.com, DNS:xpsa.com.au
Issuer:   GlobalSign CloudSSL CA - SHA256 - G3

Not valid before: Feb  7 18:19:14 2017 GMT
Not valid after:  May  6 08:26:28 2017 GMT

No engine or GOST support via engine with your /usr/bin/openssl

###########################################################
    testssl       2.9dev from https://testssl.sh/dev/
    ()

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.1.0c  10 Nov 2016" [~143 ciphers]
 on parrot:/usr/bin/openssl
 (built: "reproducible build, date unspecified", platform: "debian-amd64")


Testing all IPv4 addresses (port 443): 107.154.112.83 107.154.113.83
-----------------------------------------------------
 Start 2017-03-05 17:59:40    -->> 107.154.112.83:443 (merseyside.police.uk) <<--

 further IP addresses:   107.154.113.83
 rDNS (107.154.112.83):  107.154.112.83.ip.incapdns.net.
 Service detected:       HTTP


 Testing protocols via sockets except SPDY+HTTP2

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 SPDY/NPN   h2, http/1.1 (advertised)
 HTTP2/ALPN h2 (offered)

 Testing ~standard cipher lists

 Null Ciphers                 not offered (OK)
 Anonymous NULL Ciphers       not offered (OK)
 Anonymous DH Ciphers         not offered (OK)
 40 Bit encryption            not offered (OK)
 56 Bit export ciphers        not offered (OK)
 Export Ciphers (general)     not offered (OK)
 Low (<=64 Bit)               not offered (OK)
 DES Ciphers                  not offered (OK)
 "Medium" grade encryption    not offered (OK)
 Triple DES Ciphers           not offered (OK)
 High grade encryption        offered (OK)


 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4

 PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384
                              ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
                              ECDHE-RSA-AES128-GCM-SHA256
                              ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
 Elliptic curves offered:     prime256v1


 Testing server preferences

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Cipher order
    TLSv1:     ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA
               CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA
    TLSv1.1:   ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA
               CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA
    TLSv1.2:   ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
               ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
               ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
               AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
               AES128-SHA256 AES128-SHA CAMELLIA128-SHA
    h2:        ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
               ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
               ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
               AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
               AES128-SHA256 AES128-SHA CAMELLIA128-SHA
    http/1.1:  ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
               ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
               ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
               AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
               AES128-SHA256 AES128-SHA CAMELLIA128-SHA


 Testing server defaults (Server Hello)

 TLS extensions (standard)    "renegotiation info/#65281" "EC point
                              formats/#11" "session ticket/#35" "server
                              name/#0" "status request/#5" "next
                              protocol/#13172" "heartbeat/#15" "application
                              layer protocol negotiation/#16"
 Session Tickets RFC 5077     300 seconds (PFS requires session ticket keys to be rotated <= daily)
 SSL Session ID support       yes
 TLS clock skew               random values, no fingerprinting possible
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Fingerprint / Serial         SHA1 72340C8BBDAD6344187AEA301307AE1424674F28 / 7CC91BC6E41A54C7994756BC
                              SHA256 DF12AE6756F10BA3AC45F8D7C86CA3F329CF998461DBEAD1A13559B63FF32D6F
 Common Name (CN)             incapsula.com
 subjectAltName (SAN)         incapsula.com *.916trade.com *.anserifx.com
                              *.api.olostaging.com *.auction.com
                              *.bulltab.com.au *.canaccord.com
                              *.canaccordgenuity.com *.canaccordgenuitygps.com
                              *.coastalmusic.com.au *.copa.nespresso.com.ar
                              *.fabricat3d.com.au *.fetranspor.com.br
                              *.flyfishingworld.com.au
                              *.fonctionpublique.gouv.ci *.fondovalores.com.uy
                              *.get-wrecked.com *.globalcashcard.com
                              *.gratifyfoods.co.uk *.gspwll.com
                              *.harfordhouse.com.au *.hijabhouse.com.au
                              *.hndigital.cloud *.homeaway.ca
                              *.homeessentials.co.uk *.ihealth.net.au
                              *.inscapepublishing.com *.jacamo.co.uk
                              *.jdwilliams.co.uk *.klasgames.com
                              *.m10store.com.au *.merseyside.police.uk
                              *.mrmobile.net.au *.nate777.com
                              *.nespresso.com.ar *.nestle.com
                              *.oneaccess.mckesson.com *.pepperi.com
                              *.pinnacleonline.ca *.portal.carrefour.fr
                              *.proplansweeps.com *.route66garage.com.au
                              *.simplybe.co.uk *.southerncrossemporium.com.au
                              *.spoonrocket.com.br *.staging.springleaffincl.co
                              *.thecurvybellydancer.com.au *.thedarling.com.au
                              *.thekidsdivision.co.uk *.thornado.net.au
                              *.trans-app.net *.trustamerica.com *.twctrade.com
                              *.xpsa.com.au anserifx.com auction.com
                              bulltab.com.au canaccord.com canaccordgenuity.com
                              canaccordgenuitygps.com
                              cdn-test-waf.tmobilecloud.com coastalmusic.com.au
                              fabricat3d.com.au fetranspor.com.br
                              flyfishingworld.com.au fonctionpublique.gouv.ci
                              globalcashcard.com gratifyfoods.co.uk
                              harfordhouse.com.au hijabhouse.com.au
                              hndigital.cloud homeessentials.co.uk
                              ihealth.net.au jacamo.co.uk jdwilliams.co.uk
                              m10store.com.au merseyside.police.uk
                              mrmobile.net.au nate777.com pinnacleonline.ca
                              proplansweeps.com route66garage.com.au
                              simplybe.co.uk southerncrossemporium.com.au
                              spoonrocket.com.br thecurvybellydancer.com.au
                              thekidsdivision.co.uk thornado.net.au
                              trans-app.net trustamerica.com xpsa.com.au
 Issuer                       GlobalSign CloudSSL CA - SHA256 - G3 (GlobalSign nv-sa from BE)
 Trust (hostname)             Ok via SAN (works w/o SNI)
 Chain of trust               Ok
 EV cert (experimental)       no
 Certificate Expiration       61 >= 60 days (2017-02-07 18:19 --> 2017-05-06 09:26 +0100)
 # of certificates provided   2
 Certificate Revocation List  --
 OCSP URI                     http://ocsp2.globalsign.com/cloudsslsha2g3
 OCSP must staple             No
 OCSP stapling                offered
 DNS CAA RR (experimental)    --


 Testing HTTP header response @ "/"

 HTTP Status Code             302 Found, redirecting to "/"
 HTTP clock skew              Got no HTTP time, maybe try different URL?
 Strict Transport Security    --
 Public Key Pinning           --
 Server banner                (no "Server" line in header, interesting!)
 Application banner           --
 Cookie(s)                    1 issued: NOT secure, NOT HttpOnly -- maybe better try target URL of 30x
 Security headers             --
 Reverse Proxy banner         --


 Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), timed out
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     VULNERABLE (NOT ok), DoS threat
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=DF12AE6756F10BA3AC45F8D7C86CA3F329CF998461DBEAD1A13559B63FF32D6F could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
 BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES256-SHA
                                                 ECDHE-RSA-AES128-SHA
                                                 AES256-SHA CAMELLIA256-SHA
                                                 AES128-SHA CAMELLIA128-SHA
                                           VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
 LUCKY13 (CVE-2013-0169)                   VULNERABLE, uses cipher block chaining (CBC) ciphers
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384
 x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256
 x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA


 Running browser simulations via sockets (experimental)

 Android 2.3.7                 TLSv1.0 AES128-SHA
 Android 4.0.4                 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.1.1                 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.2.2                 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.3                   TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.4.2                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Android 5.0.0                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Baidu Jan 2015                TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 BingPreview Jan 2015          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 47 / OSX               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31.3.0ESR / Win7      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 42 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 GoogleBot Feb 2015            TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 6 XP                       No connection
 IE 7 Vista                    TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 8 XP                       No connection
 IE 8-10 Win 7                 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win 7                   TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 8.1                 TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 10 Win Phone 8.0           TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1           TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1 Update    TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 10                  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win 10                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 6u45                     TLSv1.0 AES128-SHA
 Java 7u25                     TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
 Java 8u31                     TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 0.9.8y                TLSv1.0 AES256-SHA
 OpenSSL 1.0.1l                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 5.1.9 OS X 10.6.8      TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 6 iOS 6.0.1            TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 6.0.4 OS X 10.8.4      TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 7 iOS 7.1              TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 7 OS X 10.9            TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 8 iOS 8.4              TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 8 OS X 10.10           TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 9 iOS 9                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11           TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Apple ATS 9 iOS 9             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)

 Done 2017-03-05 18:01:24    -->> 107.154.112.83:443 (merseyside.police.uk) <<--

-----------------------------------------------------
 Start 2017-03-05 18:01:24    -->> 107.154.113.83:443 (merseyside.police.uk) <<--

 further IP addresses:   107.154.112.83
 rDNS (107.154.113.83):  107.154.113.83.ip.incapdns.net.
 Service detected:       HTTP


 Testing protocols via sockets except SPDY+HTTP2

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 SPDY/NPN   h2, http/1.1 (advertised)
 HTTP2/ALPN h2 (offered)

 Testing ~standard cipher lists

 Null Ciphers                 not offered (OK)
 Anonymous NULL Ciphers       not offered (OK)
 Anonymous DH Ciphers         not offered (OK)
 40 Bit encryption            not offered (OK)
 56 Bit export ciphers        not offered (OK)
 Export Ciphers (general)     not offered (OK)
 Low (<=64 Bit)               not offered (OK)
 DES Ciphers                  not offered (OK)
 "Medium" grade encryption    not offered (OK)
 Triple DES Ciphers           not offered (OK)
 High grade encryption        offered (OK)


 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4

 PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384
                              ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
                              ECDHE-RSA-AES128-GCM-SHA256
                              ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
 Elliptic curves offered:     prime256v1


 Testing server preferences

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Cipher order
    TLSv1:     ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA
               CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA
    TLSv1.1:   ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA
               CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA
    TLSv1.2:   ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
               ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
               ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
               AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
               AES128-SHA256 AES128-SHA CAMELLIA128-SHA
    h2:        ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
               ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
               ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
               AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
               AES128-SHA256 AES128-SHA CAMELLIA128-SHA
    http/1.1:  ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
               ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
               ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
               AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
               AES128-SHA256 AES128-SHA CAMELLIA128-SHA


 Testing server defaults (Server Hello)

 TLS extensions (standard)    "renegotiation info/#65281" "EC point
                              formats/#11" "session ticket/#35" "server
                              name/#0" "status request/#5" "next
                              protocol/#13172" "heartbeat/#15" "application
                              layer protocol negotiation/#16"
 Session Tickets RFC 5077     300 seconds (PFS requires session ticket keys to be rotated <= daily)
 SSL Session ID support       yes
 TLS clock skew               random values, no fingerprinting possible
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Fingerprint / Serial         SHA1 72340C8BBDAD6344187AEA301307AE1424674F28 / 7CC91BC6E41A54C7994756BC
                              SHA256 DF12AE6756F10BA3AC45F8D7C86CA3F329CF998461DBEAD1A13559B63FF32D6F
 Common Name (CN)             incapsula.com
 subjectAltName (SAN)         incapsula.com *.916trade.com *.anserifx.com
                              *.api.olostaging.com *.auction.com
                              *.bulltab.com.au *.canaccord.com
                              *.canaccordgenuity.com *.canaccordgenuitygps.com
                              *.coastalmusic.com.au *.copa.nespresso.com.ar
                              *.fabricat3d.com.au *.fetranspor.com.br
                              *.flyfishingworld.com.au
                              *.fonctionpublique.gouv.ci *.fondovalores.com.uy
                              *.get-wrecked.com *.globalcashcard.com
                              *.gratifyfoods.co.uk *.gspwll.com
                              *.harfordhouse.com.au *.hijabhouse.com.au
                              *.hndigital.cloud *.homeaway.ca
                              *.homeessentials.co.uk *.ihealth.net.au
                              *.inscapepublishing.com *.jacamo.co.uk
                              *.jdwilliams.co.uk *.klasgames.com
                              *.m10store.com.au *.merseyside.police.uk
                              *.mrmobile.net.au *.nate777.com
                              *.nespresso.com.ar *.nestle.com
                              *.oneaccess.mckesson.com *.pepperi.com
                              *.pinnacleonline.ca *.portal.carrefour.fr
                              *.proplansweeps.com *.route66garage.com.au
                              *.simplybe.co.uk *.southerncrossemporium.com.au
                              *.spoonrocket.com.br *.staging.springleaffincl.co
                              *.thecurvybellydancer.com.au *.thedarling.com.au
                              *.thekidsdivision.co.uk *.thornado.net.au
                              *.trans-app.net *.trustamerica.com *.twctrade.com
                              *.xpsa.com.au anserifx.com auction.com
                              bulltab.com.au canaccord.com canaccordgenuity.com
                              canaccordgenuitygps.com
                              cdn-test-waf.tmobilecloud.com coastalmusic.com.au
                              fabricat3d.com.au fetranspor.com.br
                              flyfishingworld.com.au fonctionpublique.gouv.ci
                              globalcashcard.com gratifyfoods.co.uk
                              harfordhouse.com.au hijabhouse.com.au
                              hndigital.cloud homeessentials.co.uk
                              ihealth.net.au jacamo.co.uk jdwilliams.co.uk
                              m10store.com.au merseyside.police.uk
                              mrmobile.net.au nate777.com pinnacleonline.ca
                              proplansweeps.com route66garage.com.au
                              simplybe.co.uk southerncrossemporium.com.au
                              spoonrocket.com.br thecurvybellydancer.com.au
                              thekidsdivision.co.uk thornado.net.au
                              trans-app.net trustamerica.com xpsa.com.au
 Issuer                       GlobalSign CloudSSL CA - SHA256 - G3 (GlobalSign nv-sa from BE)
 Trust (hostname)             Ok via SAN (works w/o SNI)
 Chain of trust               Ok
 EV cert (experimental)       no
 Certificate Expiration       61 >= 60 days (2017-02-07 18:19 --> 2017-05-06 09:26 +0100)
 # of certificates provided   2
 Certificate Revocation List  --
 OCSP URI                     http://ocsp2.globalsign.com/cloudsslsha2g3
 OCSP must staple             No
 OCSP stapling                offered
 DNS CAA RR (experimental)    --


 Testing HTTP header response @ "/"

 HTTP Status Code             200 OK
 HTTP clock skew              -9 sec from localtime
 Strict Transport Security    --
 Public Key Pinning           --
 Server banner                web server
 Application banner           --
 Cookie(s)                    1 issued: NOT secure, NOT HttpOnly
 Security headers             --
 Reverse Proxy banner         --


 Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), timed out
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     VULNERABLE (NOT ok), DoS threat
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
                                           Can be ignored for static pages or if no secrets in the page
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=DF12AE6756F10BA3AC45F8D7C86CA3F329CF998461DBEAD1A13559B63FF32D6F could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
 BEAST (CVE-2011-3389)                     no CBC ciphers found for any protocol (OK)
 LUCKY13 (CVE-2013-0169)                   VULNERABLE, uses cipher block chaining (CBC) ciphers
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384
 x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256
 x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA


 Running browser simulations via sockets (experimental)

 Android 2.3.7                 TLSv1.0 AES128-SHA
 Android 4.0.4                 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.1.1                 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.2.2                 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.3                   TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.4.2                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Android 5.0.0                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Baidu Jan 2015                TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 BingPreview Jan 2015          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 47 / OSX               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31.3.0ESR / Win7      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 42 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 GoogleBot Feb 2015            TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 6 XP                       No connection
 IE 7 Vista                    TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 8 XP                       No connection
 IE 8-10 Win 7                 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win 7                   TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 8.1                 TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 10 Win Phone 8.0           TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1           TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1 Update    TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 10                  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win 10                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 6u45                     TLSv1.0 AES128-SHA
 Java 7u25                     TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
 Java 8u31                     TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 0.9.8y                TLSv1.0 AES256-SHA
 OpenSSL 1.0.1l                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 5.1.9 OS X 10.6.8      TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 6 iOS 6.0.1            TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 6.0.4 OS X 10.8.4      TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 7 iOS 7.1              TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 7 OS X 10.9            TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 8 iOS 8.4              TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 8 OS X 10.10           TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 9 iOS 9                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11           TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Apple ATS 9 iOS 9             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)

 Done 2017-03-05 18:02:58    -->> 107.154.113.83:443 (merseyside.police.uk) <<--