Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- + -- ----------------------------=[Running Nslookup]=------------------------ -- +
- Server: 10.4.0.1
- Address: 10.4.0.1#53
- Non-authoritative answer:
- Name: merseyside.police.uk
- Address: 107.154.112.83
- Name: merseyside.police.uk
- Address: 107.154.113.83
- merseyside.police.uk has address 107.154.112.83
- merseyside.police.uk has address 107.154.113.83
- merseyside.police.uk mail is handled by 10 Extmail1.merseyside.police.uk.
- merseyside.police.uk mail is handled by 20 Extmail2.merseyside.police.uk.
- merseyside.police.uk mail is handled by 40 mxbackup.ntltelewestbusiness.co.uk.
- merseyside.police.uk mail is handled by 30 Extmail3.merseyside.police.uk.
- + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
- [-] fingerprint:snmp: need UDP port 161 open
- Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
- [+] Target is merseyside.police.uk
- [+] Loading modules.
- [+] Following modules are loaded:
- [x] [1] ping:icmp_ping - ICMP echo discovery module
- [x] [2] ping:tcp_ping - TCP-based ping discovery module
- [x] [3] ping:udp_ping - UDP-based ping discovery module
- [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
- [x] [5] infogather:portscan - TCP and UDP PortScanner
- [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
- [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
- [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
- [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
- [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
- [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
- [x] [12] fingerprint:smb - SMB fingerprinting module
- [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
- [+] 13 modules registered
- [+] Initializing scan engine
- [+] Running scan engine
- [-] ping:tcp_ping module: no closed/open TCP ports known on 107.154.112.83. Module test failed
- [-] ping:udp_ping module: no closed/open UDP ports known on 107.154.112.83. Module test failed
- [-] No distance calculation. 107.154.112.83 appears to be dead or no ports known
- [+] Host: 107.154.112.83 is up (Guess probability: 50%)
- [+] Target: 107.154.112.83 is alive. Round-Trip Time: 0.50281 sec
- [+] Selected safe Round-Trip Time value is: 1.00563 sec
- [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
- [-] fingerprint:smb need either TCP port 139 or 445 to run
- [+] Primary guess:
- [+] Host 107.154.112.83 Running OS: (Guess probability: 100%)
- [+] Other guesses:
- [+] Host 107.154.112.83 Running OS: (Guess probability: 91%)
- [+] Host 107.154.112.83 Running OS: @m�=�U (Guess probability: 91%)
- [+] Host 107.154.112.83 Running OS: (Guess probability: 91%)
- [+] Host 107.154.112.83 Running OS: (Guess probability: 91%)
- [+] Host 107.154.112.83 Running OS: (Guess probability: 91%)
- [+] Host 107.154.112.83 Running OS: (Guess probability: 91%)
- [+] Host 107.154.112.83 Running OS: (Guess probability: 91%)
- [+] Host 107.154.112.83 Running OS: @m�=�U (Guess probability: 91%)
- [+] Host 107.154.112.83 Running OS: @m�=�U (Guess probability: 91%)
- [+] Cleaning up scan engine
- [+] Modules deinitialized
- [+] Execution completed.
- + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
- This TLD has no whois server.
- + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
- *******************************************************************
- * *
- * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
- * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
- * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
- * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
- * *
- * TheHarvester Ver. 2.7 *
- * Coded by Christian Martorella *
- * Edge-Security Research *
- * cmartorella@edge-security.com *
- *******************************************************************
- [-] Searching in Bing:
- Searching 50 results...
- Searching 100 results...
- [+] Emails found:
- ------------------
- 8903@merseyside.police.uk
- 26038@merseyside.police.uk
- Dangerous.Dogs@merseyside.police.uk
- Declan.A.Sammin@merseyside.police.uk
- Kirsty.J.Jennett@merseyside.police.uk
- Sophia.t.bridge@merseyside.police.uk
- foi@merseyside.police.uk
- firearms.licensing@merseyside.police.uk
- [+] Hosts found in search engines:
- ------------------------------------
- [-] Resolving hostnames IPs...
- 107.154.113.83:www.merseyside.police.uk
- + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
- ; <<>> DiG 9.10.3-P4-Debian <<>> -x merseyside.police.uk
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57714
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;uk.police.merseyside.in-addr.arpa. IN PTR
- ;; AUTHORITY SECTION:
- in-addr.arpa. 600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2016111010 1800 900 604800 3600
- ;; Query time: 38 msec
- ;; SERVER: 10.4.0.1#53(10.4.0.1)
- ;; WHEN: Sun Mar 05 17:41:02 GMT 2017
- ;; MSG SIZE rcvd: 130
- AXFR record query failed: REFUSED
- AXFR record query failed: REFUSED
- AXFR record query failed: REFUSED
- AXFR record query failed: REFUSED
- dnsenum.pl VERSION:1.2.3
- ----- merseyside.police.uk -----
- Host's addresses:
- __________________
- merseyside.police.uk. 882 IN A 107.154.112.83
- merseyside.police.uk. 882 IN A 107.154.113.83
- Name Servers:
- ______________
- ns1.virginmedia.net. 3582 IN A 62.253.162.237
- ns2.virginmedia.net. 3582 IN A 194.168.4.237
- ns3.virginmedia.net. 3582 IN A 62.253.162.37
- ns4.virginmedia.net. 3582 IN A 194.168.4.33
- Mail (MX) Servers:
- ___________________
- Extmail1.merseyside.police.uk. 881 IN A 94.175.230.162
- Extmail2.merseyside.police.uk. 881 IN A 94.175.230.163
- Extmail3.merseyside.police.uk. 881 IN A 94.175.230.178
- mxbackup.ntltelewestbusiness.co.uk. 900 IN A 81.103.221.10
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for merseyside.police.uk on ns4.virginmedia.net ...
- Trying Zone Transfer for merseyside.police.uk on ns2.virginmedia.net ...
- Trying Zone Transfer for merseyside.police.uk on ns3.virginmedia.net ...
- Trying Zone Transfer for merseyside.police.uk on ns1.virginmedia.net ...
- brute force file not specified, bay.
- + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for merseyside.police.uk
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- SSL Certificates: metacsg1.merseyside.police.uk
- SSL Certificates: metacsg2.merseyside.police.uk
- SSL Certificates: www.merseyside.police.uk
- SSL Certificates: your-area.merseyside.police.uk
- SSL Certificates: dialin.merseyside.police.uk
- SSL Certificates: lyncdiscover.merseyside.police.uk
- SSL Certificates: meet.merseyside.police.uk
- SSL Certificates: officewebapps1.merseyside.police.uk
- SSL Certificates: officewebappsa.merseyside.police.uk
- SSL Certificates: scheduler.merseyside.police.uk
- SSL Certificates: sfbextweb1.merseyside.police.uk
- SSL Certificates: sfbextweba.merseyside.police.uk
- SSL Certificates: admin.merseyside.police.uk
- PassiveDNS: extmail.merseyside.police.uk
- PassiveDNS: smtpg2.merseyside.police.uk
- Virustotal: merseybeat.merseyside.police.uk
- Virustotal: admin.merseyside.police.uk
- Virustotal: www.merseyside.police.uk
- DNSdumpster: meet.merseyside.police.uk
- DNSdumpster: daa.merseyside.police.uk
- DNSdumpster: accessa.merseyside.police.uk
- DNSdumpster: metacsg1.merseyside.police.uk
- DNSdumpster: da1.merseyside.police.uk
- DNSdumpster: extmail.merseyside.police.uk
- DNSdumpster: smtpg2.merseyside.police.uk
- DNSdumpster: access1.merseyside.police.uk
- DNSdumpster: metacsg2.merseyside.police.uk
- [-] Saving results to file: /usr/share/sniper/loot/domains/domains-merseyside.police.uk.txt
- [-] Total Unique Subdomains Found: 20
- www.merseyside.police.uk
- access1.merseyside.police.uk
- accessa.merseyside.police.uk
- admin.merseyside.police.uk
- da1.merseyside.police.uk
- daa.merseyside.police.uk
- dialin.merseyside.police.uk
- extmail.merseyside.police.uk
- lyncdiscover.merseyside.police.uk
- meet.merseyside.police.uk
- merseybeat.merseyside.police.uk
- metacsg1.merseyside.police.uk
- metacsg2.merseyside.police.uk
- officewebapps1.merseyside.police.uk
- officewebappsa.merseyside.police.uk
- scheduler.merseyside.police.uk
- sfbextweb1.merseyside.police.uk
- sfbextweba.merseyside.police.uk
- smtpg2.merseyside.police.uk
- your-area.merseyside.police.uk
- ╔═╗╦═╗╔╦╗╔═╗╦ ╦
- ║ ╠╦╝ ║ ╚═╗╠═╣
- ╚═╝╩╚═ ╩o╚═╝╩ ╩
- + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
- admin.merseyside.police.uk
- dialin.merseyside.police.uk
- lyncdiscover.merseyside.police.uk
- meet.merseyside.police.uk
- *.merseyside.police.uk
- metacsg1.merseyside.police.uk
- metacsg2.merseyside.police.uk
- officewebapps1.merseyside.police.uk
- officewebappsa.merseyside.police.uk
- scheduler.merseyside.police.uk
- sfbextweb1.merseyside.police.uk
- sfbextweba.merseyside.police.uk
- www.merseyside.police.uk
- your-area.merseyside.police.uk
- [+] Domains saved to: /usr/share/sniper/loot/domains/domains-merseyside.police.uk-full.txt
- + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
- + -- ----------------------------=[Checking Email Security]=----------------- -- +
- + -- ----------------------------=[Pinging host]=---------------------------- -- +
- PING merseyside.police.uk (107.154.113.83) 56(84) bytes of data.
- 64 bytes from 107.154.113.83.ip.incapdns.net (107.154.113.83): icmp_seq=1 ttl=61 time=36.3 ms
- --- merseyside.police.uk ping statistics ---
- 1 packets transmitted, 1 received, 0% packet loss, time 0ms
- rtt min/avg/max/mdev = 36.302/36.302/36.302/0.000 ms
- + -- ----------------------------=[Running TCP port scan]=------------------- -- +
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-05 17:41 GMT
- Nmap scan report for merseyside.police.uk (107.154.113.83)
- Host is up (0.042s latency).
- Other addresses for merseyside.police.uk (not scanned): 107.154.112.83
- rDNS record for 107.154.113.83: 107.154.113.83.ip.incapdns.net
- Not shown: 30 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 53/tcp open domain
- 80/tcp open http
- 389/tcp open ldap
- 443/tcp open https
- 445/tcp open microsoft-ds
- 2049/tcp open nfs
- 3389/tcp open ms-wbt-server
- 4443/tcp open pharos
- 5900/tcp open vnc
- 5984/tcp open couchdb
- 8000/tcp open http-alt
- 8080/tcp open http-proxy
- 8443/tcp open https-alt
- 8888/tcp open sun-answerbook
- 10000/tcp open snet-sensor-mgmt
- Nmap done: 1 IP address (1 host up) scanned in 2.88 seconds
- + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
- + -- --=[Port 21 closed... skipping.
- + -- --=[Port 22 closed... skipping.
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 53 opened... running tests...
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-05 17:41 GMT
- Nmap scan report for merseyside.police.uk (107.154.112.83)
- Host is up (0.058s latency).
- Other addresses for merseyside.police.uk (not scanned): 107.154.113.83
- rDNS record for 107.154.112.83: 107.154.112.83.ip.incapdns.net
- PORT STATE SERVICE VERSION
- 53/udp open domain
- |_dns-cache-snoop: 0 of 100 tested domains are cached.
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- | dns-nsec-enum:
- |_ No NSEC records found
- | dns-nsec3-enum:
- |_ DNSSEC NSEC3 not supported
- | fingerprint-strings:
- | DNS-SD:
- | _services
- | _dns-sd
- | _udp
- | local
- | DNSVersionBindReq:
- | version
- | bind
- | NBTStat:
- |_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
- SF-Port53-UDP:V=7.40%I=7%D=3/5%Time=58BC4DDB%P=x86_64-pc-linux-gnu%r(DNSVe
- SF:rsionBindReq,1E,"\0\x06\x84\t\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\
- SF:x10\0\x03")%r(NBTStat,32,"\x80\xf0\x84\t\0\x01\0\0\0\0\0\0\x20CKAAAAAAA
- SF:AAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01")%r(DNS-SD,2E,"\0\0\x84\t\0\x01\0\0\
- SF:0\0\0\0\t_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01");
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- Host script results:
- | dns-blacklist:
- | SPAM
- |_ sbl.spamhaus.org - FAIL
- | dns-brute:
- | DNS Brute-force hostnames:
- | admin.police.uk - 51.231.191.137
- |_ www.police.uk - 54.154.239.59
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 91.99 ms 10.4.0.1
- 2 91.87 ms 91.195.103.73
- 3 91.79 ms adm-b2-link.telia.net (213.248.71.116)
- 4 91.49 ms adm-bb3-link.telia.net (62.115.141.62)
- 5 92.48 ms ldn-bb2-link.telia.net (213.155.136.88)
- 6 92.13 ms ldn-b5-link.telia.net (213.155.136.75)
- 7 92.00 ms incapsula-ic-306833-ldn-b5.c.telia.net (62.115.45.226)
- 8 91.62 ms 107.154.112.83.ip.incapdns.net (107.154.112.83)
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 50.78 seconds
- + -- --=[Port 79 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- + -- ----------------------------=[Checking for WAF]=------------------------ -- +
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://merseyside.police.uk
- The site http://merseyside.police.uk is behind a Incapsula WAF
- Number of requests: 1
- + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
- http://merseyside.police.uk [303 See Other] Cookies[incap_ses_449_819583,visid_incap_819583], Country[UNITED STATES][US], HTTPServer[web server], IP[107.154.113.83], Incapsula-WAF, RedirectLocation[https://merseyside.police.uk/], Title[Document Moved], UncommonHeaders[x-iinfo,x-cdn]
- https://merseyside.police.uk/ [200 OK] Cookies[incap_ses_455_819583,visid_incap_819583], Country[UNITED STATES][US], Frame, Google-Analytics[UA-30863951-1], HTML5, HTTPServer[web server], IP[107.154.113.83], Incapsula-WAF, JQuery[1.11.1], Modernizr, Open-Graph-Protocol, Script[text/javascript], Title[Merseyside Police website | Merseyside Police], UncommonHeaders[x-iinfo,x-cdn], X-UA-Compatible[IE=edge]
- __ ______ _____
- \ \/ / ___|_ _|
- \ /\___ \ | |
- / \ ___) || |
- /_/\_|____/ |_|
- + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
- + -- --=[Target: merseyside.police.uk:80
- + -- --=[Site not vulnerable to Cross-Site Tracing!
- + -- --=[Site not vulnerable to Host Header Injection!
- + -- --=[Site vulnerable to Cross-Frame Scripting!
- + -- --=[Site vulnerable to Clickjacking!
- HTTP/1.1 303 See Other
- Content-Type: text/html; charset=UTF-8
- Location: https://merseyside.police.uk/
- Server: web server
- Date: Sun, 05 Mar 2017 17:42:37 GMT
- Content-Length: 152
- Set-Cookie: visid_incap_819583=0Wf9t744RaS2ZL49quo+BiJOvFgAAAAAQUIPAAAAAAAP3kJd8hfhF14yZ+lYs/uJ; expires=Mon, 05 Mar 2018 07:38:47 GMT; path=/
- Set-Cookie: incap_ses_455_819583=zzooXzHd6x65EpiseHxQBiJOvFgAAAAAYIX1xNWycdne4ziiUdAcDg==; path=/
- X-Iinfo: 4-38657146-38655420 PNNN RT(1488735778152 2) q(1 1 1 -1) r(1 1) U6
- X-CDN: Incapsula
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/">here</a></body>
- HTTP/1.1 303 See Other
- Content-Type: text/html; charset=UTF-8
- Location: https://merseyside.police.uk/
- Server: web server
- Date: Sun, 05 Mar 2017 17:42:37 GMT
- Content-Length: 152
- Set-Cookie: visid_incap_819583=gdabDlVbQHi+hzKric/GKSBOvFgAAAAAQUIPAAAAAADhThK/FVzDvtcymGpLOXa2; expires=Mon, 05 Mar 2018 12:37:48 GMT; path=/
- Set-Cookie: incap_ses_449_819583=hDD+DuoTYgKApaIhgys7BiNOvFgAAAAAcJk/V8b6OhLSWFtJVRzaGA==; path=/
- X-Iinfo: 10-27193642-27193649 NNNN CT(0 -1 0) RT(1488735779131 2) q(0 0 0 0) r(0 0) U11
- X-CDN: Incapsula
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/">here</a></body>
- + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
- + -- --=[Checking if X-Content options are enabled on merseyside.police.uk...
- + -- --=[Checking if X-Frame options are enabled on merseyside.police.uk...
- + -- --=[Checking if X-XSS-Protection header is enabled on merseyside.police.uk...
- + -- --=[Checking HTTP methods on merseyside.police.uk...
- + -- --=[Checking if TRACE method is enabled on merseyside.police.uk...
- + -- --=[Checking for META tags on merseyside.police.uk...
- + -- --=[Checking for open proxy on merseyside.police.uk...
- <html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe src="/_Incapsula_Resource?CWUDNSAI=5&xinfo=9-46753081-0 0NNN RT(1488735782325 6) q(0 -1 -1 -1) r(1 -1)&incident_id=0-351465020766749353&edet=22&cinfo=ffffffff" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-351465020766749353</iframe></body></html>
- + -- --=[Enumerating software on merseyside.police.uk...
- Server: web server
- + -- --=[Checking if Strict-Transport-Security is enabled on merseyside.police.uk...
- + -- --=[Checking for Flash cross-domain policy on merseyside.police.uk...
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/crossdomain.xml">here</a></body>
- + -- --=[Checking for Silverlight cross-domain policy on merseyside.police.uk...
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/clientaccesspolicy.xml">here</a></body>
- + -- --=[Checking for HTML5 cross-origin resource sharing on merseyside.police.uk...
- + -- --=[Retrieving robots.txt on merseyside.police.uk...
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/robots.txt">here</a></body>
- + -- --=[Retrieving sitemap.xml on merseyside.police.uk...
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="https://merseyside.police.uk/sitemap.xml">here</a></body>
- + -- --=[Checking cookie attributes on merseyside.police.uk...
- Set-Cookie: visid_incap_819583=c8iUceHjTNOM/DBc6R90jidOvFgAAAAAQUIPAAAAAABb40OP7QhIzmUt43GtqsVO; expires=Mon, 05 Mar 2018 07:39:22 GMT; path=/
- Set-Cookie: incap_ses_455_819583=sFLoQef5vGnkGZiseHxQBidOvFgAAAAAIHhnoVr71CGgcWjGTbXTRQ==; path=/
- + -- --=[Checking for ASP.NET Detailed Errors on merseyside.police.uk...
- <h2>Object moved to <a href="/Static/SystemError.html?aspxerrorpath=/?.jsp">here</a>.</h2>
- + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 107.154.113.83
- + Target Hostname: merseyside.police.uk
- + Target Port: 80
- + Start Time: 2017-03-05 17:42:55 (GMT0)
- ---------------------------------------------------------------------------
- + Server: web server
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'x-iinfo' found, with contents: 5-47584845-47584582 SNNN RT(1488735785853 527) q(0 0 0 -1) r(0 0) U2
- + Uncommon header 'x-cdn' found, with contents: Incapsula
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Cookie visid_incap_819583 created without the httponly flag
- + Cookie incap_ses_455_819583 created without the httponly flag
- + Root page / redirects to: https://merseyside.police.uk/
- + /bin/cart32.exe: request cart32.exe/cart32clientlist
- + /bin/classified.cgi: Check Phrack 55 for info by RFP
- + /bin/download.cgi: v1 by Matt Wright; check info in Phrack 55 by RFP
- + /bin/flexform.cgi: Check Phrack 55 for info by RFP, allows to append info to writable files.
- + /bin/flexform: Check Phrack 55 for info by RFP, allows to append info to writable files.
- + /bin/lwgate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
- + /bin/LWGate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
- + /bin/lwgate: Check Phrack 55 for info by RFP
- + /bin/LWGate: Check Phrack 55 for info by RFP
- + /bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP
- + /bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
- + /bin/finger: finger other users, may be other commands?
- + /bin/finger.pl: finger other users, may be other commands?
- + /bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
- + /bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
- + /bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
- + /bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
- + /bin/wrap.cgi: possible variation: comes with IRIX 6.2; allows to view directories
- + /bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
- + /bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more
- + /bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more
- + /bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
- + /bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
- + /bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
- + /bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
- + /bin/gH.cgi: Web backdoor by gH
- + /bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
- + /bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
- + /bin/AT-admin.cgi: Admin interface...
- + OSVDB-17111: /bin/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
- + /bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
- + /bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
- + /bin/banner.cgi: This CGI may allow attackers to read any file on the system.
- + /bin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
- + /bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
- + /bin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm
- + /bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
- + /bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
- + OSVDB-2878: /bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability
- + /bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow http://www.securityfocus.com/bid/4684. Prior to 2.1.3 contained unspecified security bugs
- + /bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
- + OSVDB-2017: /bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha.
- + /bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
- + /bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
- + /bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
- + OSVDB-11740: /bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.
- + OSVDB-11741: /bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.
- + /bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
- + /bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
- + /bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
- + /bin/fpsrvadm.exe: Potentially vulnerable CGI program.
- + /bin/.cobalt: May allow remote admin of CGI scripts.
- + OSVDB-35707: /forum/admin/wwforum.mdb: Web Wiz Forums password database found.
- + /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
- + OSVDB-52975: /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password.
- + OSVDB-15971: /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
- + OSVDB-15971: /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
- + OSVDB-41850: /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved.
- + /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
- + OSVDB-53413: /shopping300.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
- + OSVDB-53413: /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
- + OSVDB-15971: /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
- + OSVDB-4398: /database/db2000.mdb: Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root.
- + OSVDB-319: /bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI.
- + /bin/.access: Contains authorization information
- + OSVDB-11871: /bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file.
- + /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein
- + /bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
- + 8310 requests: 0 error(s) and 75 item(s) reported on remote host
- + End Time: 2017-03-05 17:57:08 (GMT0) (853 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
- [+] ;/Screenshot saved to /usr/share/sniper/loot/screenshots/merseyside.police.uk-port80.jpg
- + -- ----------------------------=[Running Google Hacking Queries]=--------- -- +
- + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
- _____ .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. .1BR'''Yp, .8BR'''Cq.
- (_____) 01 01N. C 01 C 01 .01. 01 01 Yb 01 .01.
- (() ()) 01 C YCb C 01 C 01 ,C9 01 01 dP 01 ,C9
- \ / 01 C .CN. C 01 C 0101dC9 01 01'''bg. 0101dC9
- \ / 01 C .01.C 01 C 01 YC. 01 , 01 .Y 01 YC.
- /=\ 01 C Y01 YC. ,C 01 .Cb. 01 ,C 01 ,9 01 .Cb.
- [___] .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C .J0101Cd9 .J01L. .J01./ 2.1
- __[ ! ] Neither war between hackers, nor peace for the system.
- __[ ! ] http://blog.inurl.com.br
- __[ ! ] http://fb.com/InurlBrasil
- __[ ! ] http://twitter.com/@googleinurl
- __[ ! ] http://github.com/googleinurl
- __[ ! ] Current PHP version::[ 7.0.14-2 ]
- __[ ! ] Current script owner::[ root ]
- __[ ! ] Current uname::[ Linux parrot 4.8.0-parrot-amd64 #1 SMP Parrot 4.8.15-1kali1 (2016-12-27) x86_64 ]
- __[ ! ] Current pwd::[ /usr/share/sniper ]
- __[ ! ] Help: php inurlbr.php --help
- ------------------------------------------------------------------------------------------------------------------------
- [ ! ] Starting SCANNER INURLBR 2.1 at [05-03-2017 17:57:55]
- [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
- It is the end user's responsibility to obey all applicable local, state and federal laws.
- Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-merseyside.police.uk.txt ]
- [ INFO ][ DORK ]::[ site:merseyside.police.uk ]
- [ INFO ][ SEARCHING ]:: {
- [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.uy ]
- [ INFO ][ SEARCHING ]::
- -[:::]
- [ INFO ][ ENGINE ]::[ GOOGLE API ]
- [ INFO ][ SEARCHING ]::
- -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
- [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.id ID: 007843865286850066037:b0heuatvay8 ]
- [ INFO ][ SEARCHING ]::
- -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
- [ INFO ][ TOTAL FOUND VALUES ]:: [ 99 ]
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 0 / 99 ]-[17:58:09] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 1 / 99 ]-[17:58:09] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/join-us/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 2 / 99 ]-[17:58:10] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 3 / 99 ]-[17:58:10] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/social-media/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 4 / 99 ]-[17:58:11] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/_ext/crimeprevention/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 5 / 99 ]-[17:58:11] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/privacy-policy/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 6 / 99 ]-[17:58:12] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/languages/polish/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 7 / 99 ]-[17:58:12] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/languages/arabic/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 8 / 99 ]-[17:58:13] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/languages/chinese/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 9 / 99 ]-[17:58:13] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 10 / 99 ]-[17:58:13] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 11 / 99 ]-[17:58:14] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/languages/czech/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 12 / 99 ]-[17:58:14] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 13 / 99 ]-[17:58:15] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/document-library/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 14 / 99 ]-[17:58:15] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/missing-persons/alessandro-severitano/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 15 / 99 ]-[17:58:16] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/join-us/insight/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 16 / 99 ]-[17:58:16] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/most-wanted/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 17 / 99 ]-[17:58:17] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 18 / 99 ]-[17:58:18] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/misconduct/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 19 / 99 ]-[17:58:18] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/sefton/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 20 / 99 ]-[17:58:18] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/liverpool/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 21 / 99 ]-[17:58:19] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/missing-persons/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 22 / 99 ]-[17:58:20] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/wirral/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 23 / 99 ]-[17:58:20] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/knowsley/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 24 / 99 ]-[17:58:20] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/feedback/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 25 / 99 ]-[17:58:21] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/advice-and-protection/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 26 / 99 ]-[17:58:21] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/crimestoppers/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 27 / 99 ]-[17:58:22] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/document-library/communications/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 28 / 99 ]-[17:58:22] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/supporting-policing/commercial-vehicle-unit/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 29 / 99 ]-[17:58:23] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12905/merseyside_sc_chief_officer_role_profile.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 30 / 99 ]-[17:58:23] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12956/mpa_approved_june_2012.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 31 / 99 ]-[17:58:26] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12959/228208_pccprospectus.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 32 / 99 ]-[17:58:26] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/6515/firearms_dealer_registration_form_116.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 33 / 99 ]-[17:58:27] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12755/25412_minutes.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 34 / 99 ]-[17:58:27] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/st-helens/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 35 / 99 ]-[17:58:28] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/most-wanted/recall-to-prison-stephen-tierney/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 36 / 99 ]-[17:58:29] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/64155/steer_clear_of_bike_crime1.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 37 / 99 ]-[17:58:30] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12415/no_4_170412_open.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 38 / 99 ]-[17:58:31] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12960/csas_information_for_private_companies.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 39 / 99 ]-[17:58:33] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/64156/july_2014.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 40 / 99 ]-[17:58:33] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12664/wirral_command_team_minutes_12312.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 41 / 99 ]-[17:58:34] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12518/liverpool_north_ct_minutes_11092012.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 42 / 99 ]-[17:58:35] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/132055/croxteth.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 43 / 99 ]-[17:58:35] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/08/kyle-edward-redman/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 44 / 99 ]-[17:58:36] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/advice-and-protection/terrorism/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 45 / 99 ]-[17:58:36] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/6513/application_for_a_visitors_firearm_shotgun_certificate_form107.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 46 / 99 ]-[17:58:37] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12872/application_for_data_under_section_35.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 47 / 99 ]-[17:58:38] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news?page=226&filter= ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 48 / 99 ]-[17:58:38] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12881/fees_and_charges_2013.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 49 / 99 ]-[17:58:40] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/661933/ps4.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 50 / 99 ]-[17:58:42] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/182528/bike_booklet.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 51 / 99 ]-[17:58:42] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12537/liverpool_south_command_team_meeting_10042012.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 52 / 99 ]-[17:58:43] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/emergency-999/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 53 / 99 ]-[17:58:43] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12759/20612_minutes.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 54 / 99 ]-[17:58:44] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12957/policing_plan_printable_version.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 55 / 99 ]-[17:58:44] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/supporting-policing/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 56 / 99 ]-[17:58:45] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12419/no_10_221012_open.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 57 / 99 ]-[17:58:45] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/our-history/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 58 / 99 ]-[17:58:46] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12425/no_5_12613_open.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 59 / 99 ]-[17:58:47] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12961/employersguidev12.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 60 / 99 ]-[17:58:48] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/6520/recruitment_bruchure.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 61 / 99 ]-[17:58:48] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/64151/vetting_internet.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 62 / 99 ]-[17:58:50] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/111518/greenbank.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 63 / 99 ]-[17:58:50] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12417/no_7_170712_open.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 64 / 99 ]-[17:58:50] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/13338/lost_property.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 65 / 99 ]-[17:58:51] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/our-services/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 66 / 99 ]-[17:58:51] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12683/wirral_command_team_minutes_51112.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 67 / 99 ]-[17:58:53] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/64150/volunteering_matters_issue6.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 68 / 99 ]-[17:58:54] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/111510/allerton.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 69 / 99 ]-[17:58:54] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/document-library/accessing-information/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 70 / 99 ]-[17:58:55] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/document-library/communications/recruitment/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 71 / 99 ]-[17:58:55] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12866/your_rights_to_police_information.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 72 / 99 ]-[17:58:56] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/661927/playstation.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 73 / 99 ]-[17:58:57] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/661925/wii.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 74 / 99 ]-[17:58:57] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12912/ed_champion_role_description.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 75 / 99 ]-[17:58:58] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/about-us/our-organisation/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 76 / 99 ]-[17:58:58] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/contact-us/misconduct/hearings/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 77 / 99 ]-[17:59:00] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/wirral/wirral-community-police-team-hub-one/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 78 / 99 ]-[17:59:00] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/join-us/applicant-login/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 79 / 99 ]-[17:59:01] [ - ]
- |_[ + ] Target:: [ https://merseyside.police.uk/news/latest-news/2016/09/update-injury-shooting-speke/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 302 Found, , IP:107.154.112.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 80 / 99 ]-[17:59:02] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/liverpool/liverpool-community-police-team-hub-two/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 81 / 99 ]-[17:59:03] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/6507/young_people_s_leaflet.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 82 / 99 ]-[17:59:03] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/661924/whatssapp.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 83 / 99 ]-[17:59:04] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/661921/snapchat.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 84 / 99 ]-[17:59:05] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/liverpool/liverpool-community-police-team-hub-four/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 85 / 99 ]-[17:59:06] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12911/equality_and_diversity_co_ordination_group.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 86 / 99 ]-[17:59:06] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/08/cctv-appeal-burglary-birkdale/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 87 / 99 ]-[17:59:07] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2017/02/exposure-buttermere-road-huyton/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 88 / 99 ]-[17:59:08] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/liverpool/liverpool-community-police-team-hub-three/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 89 / 99 ]-[17:59:08] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/10/update-shooting-reeds-road ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 90 / 99 ]-[17:59:09] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2017/01/assault-claughton-road-birkenhead/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 91 / 99 ]-[17:59:09] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12651/act_02042013.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 92 / 99 ]-[17:59:10] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/sefton/sefton-community-police-team-hub-two/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 93 / 99 ]-[17:59:11] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/media/12874/section_35_overview.pdf ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 94 / 99 ]-[17:59:11] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/11/update-robbery-bargain-booze/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 95 / 99 ]-[17:59:12] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/local-policing/wirral/wirral-community-police-team-hub-two/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 96 / 99 ]-[17:59:13] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/advice-and-protection/policing-the-roads/road-traffic-collisions/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 97 / 99 ]-[17:59:13] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2016/09/witness-appeal-assault-litherland/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 98 / 99 ]-[17:59:14] [ - ]
- |_[ + ] Target:: [ https://www.merseyside.police.uk/news/latest-news/2015/11/cctv-appeal-singhsburys-seacombe/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: web server , IP:107.154.113.83:443
- |_[ + ] More details:: / - / , ISP:
- |_[ + ] Found:: UNIDENTIFIED
- [ INFO ] [ Shutting down ]
- [ INFO ] [ End of process INURLBR at [05-03-2017 17:59:14]
- [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
- [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-merseyside.police.uk.txt ]
- |_________________________________________________________________________________________
- \_________________________________________________________________________________________/
- + -- --=[Port 110 closed... skipping.
- + -- --=[Port 111 closed... skipping.
- + -- --=[Port 135 closed... skipping.
- + -- --=[Port 139 closed... skipping.
- + -- --=[Port 161 closed... skipping.
- + -- --=[Port 162 closed... skipping.
- + -- --=[Port 389 closed... skipping.
- + -- --=[Port 443 opened... running tests...
- + -- ----------------------------=[Checking for WAF]=------------------------ -- +
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://merseyside.police.uk
- The site https://merseyside.police.uk is behind a Incapsula WAF
- Number of requests: 1
- + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
- https://merseyside.police.uk [302 Found] Cookies[incap_ses_455_819583,visid_incap_819583], Country[UNITED STATES][US], IP[107.154.113.83], Incapsula-WAF, RedirectLocation[/], Title[Loading], UncommonHeaders[x-iinfo]
- + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
- AVAILABLE PLUGINS
- -----------------
- PluginCompression
- PluginSessionRenegotiation
- PluginHeartbleed
- PluginChromeSha1Deprecation
- PluginCertInfo
- PluginOpenSSLCipherSuites
- PluginHSTS
- PluginSessionResumption
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- merseyside.police.uk:443 => 107.154.112.83:443
- SCAN RESULTS FOR MERSEYSIDE.POLICE.UK:443 - 107.154.112.83:443
- --------------------------------------------------------------
- * Deflate Compression:
- OK - Compression disabled
- * Session Renegotiation:
- Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations
- Secure Renegotiation: OK - Supported
- * Certificate - Content:
- SHA1 Fingerprint: 72340c8bbdad6344187aea301307ae1424674f28
- Common Name: incapsula.com
- Issuer: GlobalSign CloudSSL CA - SHA256 - G3
- Serial Number: 7CC91BC6E41A54C7994756BC
- Not Before: Feb 7 18:19:14 2017 GMT
- Not After: May 6 08:26:28 2017 GMT
- Signature Algorithm: sha256WithRSAEncryption
- Public Key Algorithm: rsaEncryption
- Key Size: 2048 bit
- Exponent: 65537 (0x10001)
- X509v3 Subject Alternative Name: {'DNS': ['incapsula.com', '*.916trade.com', '*.anserifx.com', '*.api.olostaging.com', '*.auction.com', '*.bulltab.com.au', '*.canaccord.com', '*.canaccordgenuity.com', '*.canaccordgenuitygps.com', '*.coastalmusic.com.au', '*.copa.nespresso.com.ar', '*.fabricat3d.com.au', '*.fetranspor.com.br', '*.flyfishingworld.com.au', '*.fonctionpublique.gouv.ci', '*.fondovalores.com.uy', '*.get-wrecked.com', '*.globalcashcard.com', '*.gratifyfoods.co.uk', '*.gspwll.com', '*.harfordhouse.com.au', '*.hijabhouse.com.au', '*.hndigital.cloud', '*.homeaway.ca', '*.homeessentials.co.uk', '*.ihealth.net.au', '*.inscapepublishing.com', '*.jacamo.co.uk', '*.jdwilliams.co.uk', '*.klasgames.com', '*.m10store.com.au', '*.merseyside.police.uk', '*.mrmobile.net.au', '*.nate777.com', '*.nespresso.com.ar', '*.nestle.com', '*.oneaccess.mckesson.com', '*.pepperi.com', '*.pinnacleonline.ca', '*.portal.carrefour.fr', '*.proplansweeps.com', '*.route66garage.com.au', '*.simplybe.co.uk', '*.southerncrossemporium.com.au', '*.spoonrocket.com.br', '*.staging.springleaffincl.co', '*.thecurvybellydancer.com.au', '*.thedarling.com.au', '*.thekidsdivision.co.uk', '*.thornado.net.au', '*.trans-app.net', '*.trustamerica.com', '*.twctrade.com', '*.xpsa.com.au', 'anserifx.com', 'auction.com', 'bulltab.com.au', 'canaccord.com', 'canaccordgenuity.com', 'canaccordgenuitygps.com', 'cdn-test-waf.tmobilecloud.com', 'coastalmusic.com.au', 'fabricat3d.com.au', 'fetranspor.com.br', 'flyfishingworld.com.au', 'fonctionpublique.gouv.ci', 'globalcashcard.com', 'gratifyfoods.co.uk', 'harfordhouse.com.au', 'hijabhouse.com.au', 'hndigital.cloud', 'homeessentials.co.uk', 'ihealth.net.au', 'jacamo.co.uk', 'jdwilliams.co.uk', 'm10store.com.au', 'merseyside.police.uk', 'mrmobile.net.au', 'nate777.com', 'pinnacleonline.ca', 'proplansweeps.com', 'route66garage.com.au', 'simplybe.co.uk', 'southerncrossemporium.com.au', 'spoonrocket.com.br', 'thecurvybellydancer.com.au', 'thekidsdivision.co.uk', 'thornado.net.au', 'trans-app.net', 'trustamerica.com', 'xpsa.com.au']}
- * Certificate - Trust:
- Hostname Validation: OK - Subject Alternative Name matches
- Google CA Store (09/2015): OK - Certificate is trusted
- Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: certificate has expired
- Microsoft CA Store (09/2015): OK - Certificate is trusted
- Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
- Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
- Certificate Chain Received: ['incapsula.com', 'GlobalSign CloudSSL CA - SHA256 - G3']
- * Certificate - OCSP Stapling:
- OCSP Response Status: successful
- Validation w/ Mozilla's CA Store: OK - Response is trusted
- Responder Id: 2737AB19FAB105FAC3F77481D0E65CE5B93EA88B
- Cert Status: good
- Cert Serial Number: 7CC91BC6E41A54C7994756BC
- This Update: Mar 5 16:32:30 2017 GMT
- Next Update: Mar 9 16:32:30 2017 GMT
- * Session Resumption:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: OK - Supported
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Server rejected all cipher suites.
- SCAN COMPLETED IN 1.68 S
- ------------------------
- Version: 1.11.8-static
- OpenSSL 1.0.2k-dev xx XXX xxxx
- Testing SSL server merseyside.police.uk on port 443
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: incapsula.com
- Altnames: DNS:incapsula.com, DNS:*.916trade.com, DNS:*.anserifx.com, DNS:*.api.olostaging.com, DNS:*.auction.com, DNS:*.bulltab.com.au, DNS:*.canaccord.com, DNS:*.canaccordgenuity.com, DNS:*.canaccordgenuitygps.com, DNS:*.coastalmusic.com.au, DNS:*.copa.nespresso.com.ar, DNS:*.fabricat3d.com.au, DNS:*.fetranspor.com.br, DNS:*.flyfishingworld.com.au, DNS:*.fonctionpublique.gouv.ci, DNS:*.fondovalores.com.uy, DNS:*.get-wrecked.com, DNS:*.globalcashcard.com, DNS:*.gratifyfoods.co.uk, DNS:*.gspwll.com, DNS:*.harfordhouse.com.au, DNS:*.hijabhouse.com.au, DNS:*.hndigital.cloud, DNS:*.homeaway.ca, DNS:*.homeessentials.co.uk, DNS:*.ihealth.net.au, DNS:*.inscapepublishing.com, DNS:*.jacamo.co.uk, DNS:*.jdwilliams.co.uk, DNS:*.klasgames.com, DNS:*.m10store.com.au, DNS:*.merseyside.police.uk, DNS:*.mrmobile.net.au, DNS:*.nate777.com, DNS:*.nespresso.com.ar, DNS:*.nestle.com, DNS:*.oneaccess.mckesson.com, DNS:*.pepperi.com, DNS:*.pinnacleonline.ca, DNS:*.portal.carrefour.fr, DNS:*.proplansweeps.com, DNS:*.route66garage.com.au, DNS:*.simplybe.co.uk, DNS:*.southerncrossemporium.com.au, DNS:*.spoonrocket.com.br, DNS:*.staging.springleaffincl.co, DNS:*.thecurvybellydancer.com.au, DNS:*.thedarling.com.au, DNS:*.thekidsdivision.co.uk, DNS:*.thornado.net.au, DNS:*.trans-app.net, DNS:*.trustamerica.com, DNS:*.twctrade.com, DNS:*.xpsa.com.au, DNS:anserifx.com, DNS:auction.com, DNS:bulltab.com.au, DNS:canaccord.com, DNS:canaccordgenuity.com, DNS:canaccordgenuitygps.com, DNS:cdn-test-waf.tmobilecloud.com, DNS:coastalmusic.com.au, DNS:fabricat3d.com.au, DNS:fetranspor.com.br, DNS:flyfishingworld.com.au, DNS:fonctionpublique.gouv.ci, DNS:globalcashcard.com, DNS:gratifyfoods.co.uk, DNS:harfordhouse.com.au, DNS:hijabhouse.com.au, DNS:hndigital.cloud, DNS:homeessentials.co.uk, DNS:ihealth.net.au, DNS:jacamo.co.uk, DNS:jdwilliams.co.uk, DNS:m10store.com.au, DNS:merseyside.police.uk, DNS:mrmobile.net.au, DNS:nate777.com, DNS:pinnacleonline.ca, DNS:proplansweeps.com, DNS:route66garage.com.au, DNS:simplybe.co.uk, DNS:southerncrossemporium.com.au, DNS:spoonrocket.com.br, DNS:thecurvybellydancer.com.au, DNS:thekidsdivision.co.uk, DNS:thornado.net.au, DNS:trans-app.net, DNS:trustamerica.com, DNS:xpsa.com.au
- Issuer: GlobalSign CloudSSL CA - SHA256 - G3
- Not valid before: Feb 7 18:19:14 2017 GMT
- Not valid after: May 6 08:26:28 2017 GMT
- No engine or GOST support via engine with your /usr/bin/openssl
- ###########################################################
- testssl 2.9dev from https://testssl.sh/dev/
- ()
- This program is free software. Distribution and
- modification under GPLv2 permitted.
- USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
- Please file bugs @ https://testssl.sh/bugs/
- ###########################################################
- Using "OpenSSL 1.1.0c 10 Nov 2016" [~143 ciphers]
- on parrot:/usr/bin/openssl
- (built: "reproducible build, date unspecified", platform: "debian-amd64")
- Testing all IPv4 addresses (port 443): 107.154.112.83 107.154.113.83
- -----------------------------------------------------
- Start 2017-03-05 17:59:40 -->> 107.154.112.83:443 (merseyside.police.uk) <<--
- further IP addresses: 107.154.113.83
- rDNS (107.154.112.83): 107.154.112.83.ip.incapdns.net.
- Service detected: HTTP
- Testing protocols via sockets except SPDY+HTTP2
- SSLv2 not offered (OK)
- SSLv3 not offered (OK)
- TLS 1 offered
- TLS 1.1 offered
- TLS 1.2 offered (OK)
- SPDY/NPN h2, http/1.1 (advertised)
- HTTP2/ALPN h2 (offered)
- Testing ~standard cipher lists
- Null Ciphers not offered (OK)
- Anonymous NULL Ciphers not offered (OK)
- Anonymous DH Ciphers not offered (OK)
- 40 Bit encryption not offered (OK)
- 56 Bit export ciphers not offered (OK)
- Export Ciphers (general) not offered (OK)
- Low (<=64 Bit) not offered (OK)
- DES Ciphers not offered (OK)
- "Medium" grade encryption not offered (OK)
- Triple DES Ciphers not offered (OK)
- High grade encryption offered (OK)
- Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
- PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
- Elliptic curves offered: prime256v1
- Testing server preferences
- Has server cipher order? yes (OK)
- Negotiated protocol TLSv1.2
- Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Cipher order
- TLSv1: ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA
- CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA
- TLSv1.1: ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA
- CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA
- TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
- AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
- AES128-SHA256 AES128-SHA CAMELLIA128-SHA
- h2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
- AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
- AES128-SHA256 AES128-SHA CAMELLIA128-SHA
- http/1.1: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
- AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
- AES128-SHA256 AES128-SHA CAMELLIA128-SHA
- Testing server defaults (Server Hello)
- TLS extensions (standard) "renegotiation info/#65281" "EC point
- formats/#11" "session ticket/#35" "server
- name/#0" "status request/#5" "next
- protocol/#13172" "heartbeat/#15" "application
- layer protocol negotiation/#16"
- Session Tickets RFC 5077 300 seconds (PFS requires session ticket keys to be rotated <= daily)
- SSL Session ID support yes
- TLS clock skew random values, no fingerprinting possible
- Signature Algorithm SHA256 with RSA
- Server key size RSA 2048 bits
- Fingerprint / Serial SHA1 72340C8BBDAD6344187AEA301307AE1424674F28 / 7CC91BC6E41A54C7994756BC
- SHA256 DF12AE6756F10BA3AC45F8D7C86CA3F329CF998461DBEAD1A13559B63FF32D6F
- Common Name (CN) incapsula.com
- subjectAltName (SAN) incapsula.com *.916trade.com *.anserifx.com
- *.api.olostaging.com *.auction.com
- *.bulltab.com.au *.canaccord.com
- *.canaccordgenuity.com *.canaccordgenuitygps.com
- *.coastalmusic.com.au *.copa.nespresso.com.ar
- *.fabricat3d.com.au *.fetranspor.com.br
- *.flyfishingworld.com.au
- *.fonctionpublique.gouv.ci *.fondovalores.com.uy
- *.get-wrecked.com *.globalcashcard.com
- *.gratifyfoods.co.uk *.gspwll.com
- *.harfordhouse.com.au *.hijabhouse.com.au
- *.hndigital.cloud *.homeaway.ca
- *.homeessentials.co.uk *.ihealth.net.au
- *.inscapepublishing.com *.jacamo.co.uk
- *.jdwilliams.co.uk *.klasgames.com
- *.m10store.com.au *.merseyside.police.uk
- *.mrmobile.net.au *.nate777.com
- *.nespresso.com.ar *.nestle.com
- *.oneaccess.mckesson.com *.pepperi.com
- *.pinnacleonline.ca *.portal.carrefour.fr
- *.proplansweeps.com *.route66garage.com.au
- *.simplybe.co.uk *.southerncrossemporium.com.au
- *.spoonrocket.com.br *.staging.springleaffincl.co
- *.thecurvybellydancer.com.au *.thedarling.com.au
- *.thekidsdivision.co.uk *.thornado.net.au
- *.trans-app.net *.trustamerica.com *.twctrade.com
- *.xpsa.com.au anserifx.com auction.com
- bulltab.com.au canaccord.com canaccordgenuity.com
- canaccordgenuitygps.com
- cdn-test-waf.tmobilecloud.com coastalmusic.com.au
- fabricat3d.com.au fetranspor.com.br
- flyfishingworld.com.au fonctionpublique.gouv.ci
- globalcashcard.com gratifyfoods.co.uk
- harfordhouse.com.au hijabhouse.com.au
- hndigital.cloud homeessentials.co.uk
- ihealth.net.au jacamo.co.uk jdwilliams.co.uk
- m10store.com.au merseyside.police.uk
- mrmobile.net.au nate777.com pinnacleonline.ca
- proplansweeps.com route66garage.com.au
- simplybe.co.uk southerncrossemporium.com.au
- spoonrocket.com.br thecurvybellydancer.com.au
- thekidsdivision.co.uk thornado.net.au
- trans-app.net trustamerica.com xpsa.com.au
- Issuer GlobalSign CloudSSL CA - SHA256 - G3 (GlobalSign nv-sa from BE)
- Trust (hostname) Ok via SAN (works w/o SNI)
- Chain of trust Ok
- EV cert (experimental) no
- Certificate Expiration 61 >= 60 days (2017-02-07 18:19 --> 2017-05-06 09:26 +0100)
- # of certificates provided 2
- Certificate Revocation List --
- OCSP URI http://ocsp2.globalsign.com/cloudsslsha2g3
- OCSP must staple No
- OCSP stapling offered
- DNS CAA RR (experimental) --
- Testing HTTP header response @ "/"
- HTTP Status Code 302 Found, redirecting to "/"
- HTTP clock skew Got no HTTP time, maybe try different URL?
- Strict Transport Security --
- Public Key Pinning --
- Server banner (no "Server" line in header, interesting!)
- Application banner --
- Cookie(s) 1 issued: NOT secure, NOT HttpOnly -- maybe better try target URL of 30x
- Security headers --
- Reverse Proxy banner --
- Testing vulnerabilities
- Heartbleed (CVE-2014-0160) not vulnerable (OK), timed out
- CCS (CVE-2014-0224) not vulnerable (OK)
- Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
- Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
- CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
- BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested
- POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
- TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
- SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
- FREAK (CVE-2015-0204) not vulnerable (OK)
- DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this port (OK)
- make sure you don't use this certificate elsewhere with SSLv2 enabled services
- https://censys.io/ipv4?q=DF12AE6756F10BA3AC45F8D7C86CA3F329CF998461DBEAD1A13559B63FF32D6F could help you to find out
- LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
- BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-SHA
- AES256-SHA CAMELLIA256-SHA
- AES128-SHA CAMELLIA128-SHA
- VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
- LUCKY13 (CVE-2013-0169) VULNERABLE, uses cipher block chaining (CBC) ciphers
- RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
- Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
- Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
- -----------------------------------------------------------------------------------------------------------------------------
- xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
- x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
- x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
- x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
- x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
- x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
- x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- Running browser simulations via sockets (experimental)
- Android 2.3.7 TLSv1.0 AES128-SHA
- Android 4.0.4 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Android 4.1.1 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Android 4.2.2 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Android 4.3 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Android 4.4.2 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Baidu Jan 2015 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- BingPreview Jan 2015 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Chrome 47 / OSX TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Firefox 31.3.0ESR / Win7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Firefox 42 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- GoogleBot Feb 2015 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- IE 6 XP No connection
- IE 7 Vista TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 8 XP No connection
- IE 8-10 Win 7 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 11 Win 7 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- IE 11 Win 8.1 TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 10 Win Phone 8.0 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 11 Win Phone 8.1 Update TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Java 6u45 TLSv1.0 AES128-SHA
- Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
- Java 8u31 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- OpenSSL 0.9.8y TLSv1.0 AES256-SHA
- OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Safari 6 iOS 6.0.1 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 6.0.4 OS X 10.8.4 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 7 OS X 10.9 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 8 iOS 8.4 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 8 OS X 10.10 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Done 2017-03-05 18:01:24 -->> 107.154.112.83:443 (merseyside.police.uk) <<--
- -----------------------------------------------------
- Start 2017-03-05 18:01:24 -->> 107.154.113.83:443 (merseyside.police.uk) <<--
- further IP addresses: 107.154.112.83
- rDNS (107.154.113.83): 107.154.113.83.ip.incapdns.net.
- Service detected: HTTP
- Testing protocols via sockets except SPDY+HTTP2
- SSLv2 not offered (OK)
- SSLv3 not offered (OK)
- TLS 1 offered
- TLS 1.1 offered
- TLS 1.2 offered (OK)
- SPDY/NPN h2, http/1.1 (advertised)
- HTTP2/ALPN h2 (offered)
- Testing ~standard cipher lists
- Null Ciphers not offered (OK)
- Anonymous NULL Ciphers not offered (OK)
- Anonymous DH Ciphers not offered (OK)
- 40 Bit encryption not offered (OK)
- 56 Bit export ciphers not offered (OK)
- Export Ciphers (general) not offered (OK)
- Low (<=64 Bit) not offered (OK)
- DES Ciphers not offered (OK)
- "Medium" grade encryption not offered (OK)
- Triple DES Ciphers not offered (OK)
- High grade encryption offered (OK)
- Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
- PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
- Elliptic curves offered: prime256v1
- Testing server preferences
- Has server cipher order? yes (OK)
- Negotiated protocol TLSv1.2
- Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Cipher order
- TLSv1: ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA
- CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA
- TLSv1.1: ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA
- CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA
- TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
- AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
- AES128-SHA256 AES128-SHA CAMELLIA128-SHA
- h2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
- AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
- AES128-SHA256 AES128-SHA CAMELLIA128-SHA
- http/1.1: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384
- AES128-GCM-SHA256 AES256-SHA256 AES256-SHA CAMELLIA256-SHA
- AES128-SHA256 AES128-SHA CAMELLIA128-SHA
- Testing server defaults (Server Hello)
- TLS extensions (standard) "renegotiation info/#65281" "EC point
- formats/#11" "session ticket/#35" "server
- name/#0" "status request/#5" "next
- protocol/#13172" "heartbeat/#15" "application
- layer protocol negotiation/#16"
- Session Tickets RFC 5077 300 seconds (PFS requires session ticket keys to be rotated <= daily)
- SSL Session ID support yes
- TLS clock skew random values, no fingerprinting possible
- Signature Algorithm SHA256 with RSA
- Server key size RSA 2048 bits
- Fingerprint / Serial SHA1 72340C8BBDAD6344187AEA301307AE1424674F28 / 7CC91BC6E41A54C7994756BC
- SHA256 DF12AE6756F10BA3AC45F8D7C86CA3F329CF998461DBEAD1A13559B63FF32D6F
- Common Name (CN) incapsula.com
- subjectAltName (SAN) incapsula.com *.916trade.com *.anserifx.com
- *.api.olostaging.com *.auction.com
- *.bulltab.com.au *.canaccord.com
- *.canaccordgenuity.com *.canaccordgenuitygps.com
- *.coastalmusic.com.au *.copa.nespresso.com.ar
- *.fabricat3d.com.au *.fetranspor.com.br
- *.flyfishingworld.com.au
- *.fonctionpublique.gouv.ci *.fondovalores.com.uy
- *.get-wrecked.com *.globalcashcard.com
- *.gratifyfoods.co.uk *.gspwll.com
- *.harfordhouse.com.au *.hijabhouse.com.au
- *.hndigital.cloud *.homeaway.ca
- *.homeessentials.co.uk *.ihealth.net.au
- *.inscapepublishing.com *.jacamo.co.uk
- *.jdwilliams.co.uk *.klasgames.com
- *.m10store.com.au *.merseyside.police.uk
- *.mrmobile.net.au *.nate777.com
- *.nespresso.com.ar *.nestle.com
- *.oneaccess.mckesson.com *.pepperi.com
- *.pinnacleonline.ca *.portal.carrefour.fr
- *.proplansweeps.com *.route66garage.com.au
- *.simplybe.co.uk *.southerncrossemporium.com.au
- *.spoonrocket.com.br *.staging.springleaffincl.co
- *.thecurvybellydancer.com.au *.thedarling.com.au
- *.thekidsdivision.co.uk *.thornado.net.au
- *.trans-app.net *.trustamerica.com *.twctrade.com
- *.xpsa.com.au anserifx.com auction.com
- bulltab.com.au canaccord.com canaccordgenuity.com
- canaccordgenuitygps.com
- cdn-test-waf.tmobilecloud.com coastalmusic.com.au
- fabricat3d.com.au fetranspor.com.br
- flyfishingworld.com.au fonctionpublique.gouv.ci
- globalcashcard.com gratifyfoods.co.uk
- harfordhouse.com.au hijabhouse.com.au
- hndigital.cloud homeessentials.co.uk
- ihealth.net.au jacamo.co.uk jdwilliams.co.uk
- m10store.com.au merseyside.police.uk
- mrmobile.net.au nate777.com pinnacleonline.ca
- proplansweeps.com route66garage.com.au
- simplybe.co.uk southerncrossemporium.com.au
- spoonrocket.com.br thecurvybellydancer.com.au
- thekidsdivision.co.uk thornado.net.au
- trans-app.net trustamerica.com xpsa.com.au
- Issuer GlobalSign CloudSSL CA - SHA256 - G3 (GlobalSign nv-sa from BE)
- Trust (hostname) Ok via SAN (works w/o SNI)
- Chain of trust Ok
- EV cert (experimental) no
- Certificate Expiration 61 >= 60 days (2017-02-07 18:19 --> 2017-05-06 09:26 +0100)
- # of certificates provided 2
- Certificate Revocation List --
- OCSP URI http://ocsp2.globalsign.com/cloudsslsha2g3
- OCSP must staple No
- OCSP stapling offered
- DNS CAA RR (experimental) --
- Testing HTTP header response @ "/"
- HTTP Status Code 200 OK
- HTTP clock skew -9 sec from localtime
- Strict Transport Security --
- Public Key Pinning --
- Server banner web server
- Application banner --
- Cookie(s) 1 issued: NOT secure, NOT HttpOnly
- Security headers --
- Reverse Proxy banner --
- Testing vulnerabilities
- Heartbleed (CVE-2014-0160) not vulnerable (OK), timed out
- CCS (CVE-2014-0224) not vulnerable (OK)
- Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
- Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
- CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
- BREACH (CVE-2013-3587) potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
- Can be ignored for static pages or if no secrets in the page
- POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
- TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
- SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
- FREAK (CVE-2015-0204) not vulnerable (OK)
- DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this port (OK)
- make sure you don't use this certificate elsewhere with SSLv2 enabled services
- https://censys.io/ipv4?q=DF12AE6756F10BA3AC45F8D7C86CA3F329CF998461DBEAD1A13559B63FF32D6F could help you to find out
- LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
- BEAST (CVE-2011-3389) no CBC ciphers found for any protocol (OK)
- LUCKY13 (CVE-2013-0169) VULNERABLE, uses cipher block chaining (CBC) ciphers
- RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
- Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
- Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
- -----------------------------------------------------------------------------------------------------------------------------
- xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
- x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
- x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
- x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
- x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
- x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
- x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- Running browser simulations via sockets (experimental)
- Android 2.3.7 TLSv1.0 AES128-SHA
- Android 4.0.4 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Android 4.1.1 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Android 4.2.2 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Android 4.3 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Android 4.4.2 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Baidu Jan 2015 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- BingPreview Jan 2015 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Chrome 47 / OSX TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Firefox 31.3.0ESR / Win7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Firefox 42 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- GoogleBot Feb 2015 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- IE 6 XP No connection
- IE 7 Vista TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 8 XP No connection
- IE 8-10 Win 7 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 11 Win 7 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- IE 11 Win 8.1 TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 10 Win Phone 8.0 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- IE 11 Win Phone 8.1 Update TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Java 6u45 TLSv1.0 AES128-SHA
- Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
- Java 8u31 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- OpenSSL 0.9.8y TLSv1.0 AES256-SHA
- OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Safari 6 iOS 6.0.1 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 6.0.4 OS X 10.8.4 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
- Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 7 OS X 10.9 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 8 iOS 8.4 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 8 OS X 10.10 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
- Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
- Done 2017-03-05 18:02:58 -->> 107.154.113.83:443 (merseyside.police.uk) <<--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement