Anonymous JTSEC #OpJamalKhashoggi Full Recon #4

1. #######################################################################################################################################
2. Nom de l'hôte onaizahedu.gov.sa FAI SingleHop LLC
3. Continent Amérique du Nord Drapeau
4. US
5. Pays Etats-Unis d'Amérique Code du pays US
6. Région Illinois Heure locale 25 Oct 2018 10:36 CDT
7. Ville Chicago Code Postal 60605
8. Adresse IP 146.66.71.198 Latitude 41.871
9. Longitude -87.628
10. #######################################################################################################################################
11. > onaizahedu.gov.sa
12. Server: 38.132.106.139
13. Address: 38.132.106.139#53
14.  
15. Non-authoritative answer:
16. Name: onaizahedu.gov.sa
17. Address: 146.66.71.198
18. #######################################################################################################################################
19.  
20. Domain Name: onaizahedu.gov.sa
21.  
22. Registrant:
23. MOE-Directorate of Education in Onaizah Province وزارة التربية والتعليم- إدارة التربية والتعليم بمحافظة عنيزة
24. Address: طريق الملك عبدالعزيز
25. Onaizah
26. Saudi Arabia المملكة العربية السعودية
27.  
28. Administrative Contact:
29. محمد الحجي Mohammed AlHejji
30. Address: عنيزة - طريق الملك عبدالعزيز
31. 51911 Onaizah
32. Saudi Arabia
33.  
34. Technical Contact:
35. محمد الحجي Mohammed AlHejji
36. Address: لا يوجد
37. لا يوجد Onaizah
38. Saudi Arabia المملكة العربية السعودية
39.  
40. Name Servers:
41. ns1.m03.siteground.biz
42. ns2.m03.siteground.biz
43.  
44. Created on: 2000-02-15
45. Last Updated on: 2017-03-29
46.  
47. #######################################################################################################################################
48. [i] Scanning Site: http://onaizahedu.gov.sa
49.  
50.  
51.  
52. B A S I C I N F O
53. =======================================================================================================================================
54.  
55.  
56. [+] Site Title:
57. إدارة التعليم بمحافظة عنيزة
58. [+] IP address: 146.66.71.198
59. [+] Web Server: Could Not Detect
60. [+] CMS: WordPress
61. [+] Cloudflare: Not Detected
62. [+] Robots File: Found
63.  
64. -------------[ contents ]----------------
65. User-agent: *
66. Disallow: /wp-admin/
67. Allow: /wp-admin/admin-ajax.php
68.  
69. -----------[end of contents]-------------
70.  
71.  
72.  
73. W H O I S L O O K U P
74. =======================================================================================================================================
75.  
76. % SaudiNIC Whois server.
77. % Rights restricted by copyright.
78. % http://nic.sa/en/view/whois-cmd-copyright
79.  
80. Domain Name: onaizahedu.gov.sa
81.  
82. Registrant:
83. MOE-Directorate of Education in Onaizah Province وزارة التربية والتعليم- إدارة التربية والتعليم بمحافظة عنيزة
84. Address: طريق الملك عبدالعزيز
85. Onaizah
86. Saudi Arabia المملكة العربية السعودية
87.  
88. Administrative Contact:
89. محمد الحجي Mohammed AlHejji
90. Address: عنيزة - طريق الملك عبدالعزيز
91. 51911 Onaizah
92. Saudi Arabia
93.  
94. Technical Contact:
95. محمد الحجي Mohammed AlHejji
96. Address: لا يوجد
97. لا يوجد Onaizah
98. Saudi Arabia المملكة العربية السعودية
99.  
100. Name Servers:
101. ns1.m03.siteground.biz
102. ns2.m03.siteground.biz
103.  
104. Created on: 2000-02-15
105. Last Updated on: 2017-03-29
106.  
107.  
108.  
109.  
110.  
111. G E O I P L O O K U P
112. =======================================================================================================================================
113.  
114. [i] IP Address: 146.66.71.198
115. [i] Country: US
116. [i] State: N/A
117. [i] City: N/A
118. [i] Latitude: 37.750999
119. [i] Longitude: -97.821999
120.  
121.  
122.  
123.  
124. H T T P H E A D E R S
125. =======================================================================================================================================
126.  
127.  
128. [i] HTTP/1.1 200 OK
129. [i] Date: Thu, 25 Oct 2018 15:52:00 GMT
130. [i] Content-Type: text/html; charset=UTF-8
131. [i] X-Cache-Enabled: False
132. [i] Link: <http://onaizahedu.gov.sa/wp-json/>; rel="https://api.w.org/"
133. [i] Vary: Accept-Encoding
134. [i] Cache-Control: max-age=172800
135. [i] Expires: Sat, 27 Oct 2018 15:52:00 GMT
136. [i] Host-Header: 192fc2e7e50945beb8231a492d6a8024
137. [i] X-Proxy-Cache: MISS
138. [i] Connection: close
139.  
140.  
141.  
142.  
143. D N S L O O K U P
144. =======================================================================================================================================
145.  
146. onaizahedu.gov.sa. 14399 IN MX 1 aspmx.l.google.com.
147. onaizahedu.gov.sa. 14399 IN MX 5 alt1.aspmx.l.google.com.
148. onaizahedu.gov.sa. 14399 IN MX 10 alt3.aspmx.l.google.com.
149. onaizahedu.gov.sa. 14399 IN MX 10 alt4.aspmx.l.google.com.
150. onaizahedu.gov.sa. 14399 IN MX 5 alt2.aspmx.l.google.com.
151. onaizahedu.gov.sa. 14399 IN TXT "v=spf1 include:mailgun.org ~all"
152. onaizahedu.gov.sa. 21599 IN SOA ns1.m03.siteground.biz. root.m03.siteground.biz. 2017032906 3600 7200 1209600 86400
153. onaizahedu.gov.sa. 21599 IN NS ns1.m03.siteground.biz.
154. onaizahedu.gov.sa. 21599 IN NS ns2.m03.siteground.biz.
155. onaizahedu.gov.sa. 14399 IN A 146.66.71.198
156.  
157.  
158.  
159.  
160. S U B N E T C A L C U L A T I O N
161. =======================================================================================================================================
162.  
163. Address = 146.66.71.198
164. Network = 146.66.71.198 / 32
165. Netmask = 255.255.255.255
166. Broadcast = not needed on Point-to-Point links
167. Wildcard Mask = 0.0.0.0
168. Hosts Bits = 0
169. Max. Hosts = 1 (2^0 - 0)
170. Host Range = { 146.66.71.198 - 146.66.71.198 }
171.  
172.  
173.  
174. N M A P P O R T S C A N
175. =======================================================================================================================================
176.  
177.  
178. Starting Nmap 7.40 ( https://nmap.org ) at 2018-10-25 15:52 UTC
179. Nmap scan report for onaizahedu.gov.sa (146.66.71.198)
180. Host is up (0.018s latency).
181. rDNS record for 146.66.71.198: ip-146-66-71-198.siteground.com
182. PORT STATE SERVICE
183. 21/tcp open ftp
184. 22/tcp filtered ssh
185. 23/tcp filtered telnet
186. 80/tcp open http
187. 110/tcp open pop3
188. 143/tcp open imap
189. 443/tcp open https
190. 3389/tcp filtered ms-wbt-server
191.  
192. Nmap done: 1 IP address (1 host up) scanned in 1.42 seconds
193.  
194.  
195.  
196. S U B - D O M A I N F I N D E R
197. =======================================================================================================================================
198.  
199.  
200. [i] Total Subdomains Found : 2
201.  
202. [+] Subdomain: www.home.onaizahedu.gov.sa
203. [-] IP: 146.66.71.198
204.  
205. [+] Subdomain: serv.onaizahedu.gov.sa
206. [-] IP: 146.66.71.198
207.  
208.  
209. #######################################################################################################################################
210. [?] Enter the target: http://onaizahedu.gov.sa/
211. [!] IP Address : 146.66.71.198
212. [!] CMS Detected : WordPress
213. [+] Honeypot Probabilty: 30%
214. ---------------------------------------------------------------------------------------------------------------------------------------
215. [~] Trying to gather whois information for onaizahedu.gov.sa
216. [+] Whois information found
217. [-] Unable to build response, visit https://who.is/whois/onaizahedu.gov.sa
218. ---------------------------------------------------------------------------------------------------------------------------------------
219. [+] Robots.txt retrieved
220. User-agent: *
221. Disallow: /wp-admin/
222. Allow: /wp-admin/admin-ajax.php
223.  
224. ---------------------------------------------------------------------------------------------------------------------------------------
225. PORT STATE SERVICE
226. 21/tcp open ftp
227. 22/tcp filtered ssh
228. 23/tcp filtered telnet
229. 80/tcp open http
230. 110/tcp open pop3
231. 143/tcp open imap
232. 443/tcp open https
233. 3389/tcp filtered ms-wbt-server
234. Nmap done: 1 IP address (1 host up) scanned in 1.34 seconds
235. ---------------------------------------------------------------------------------------------------------------------------------------
236.  
237. [+] DNS Records
238. ns1.m03.siteground.biz. (69.175.104.50) AS32475 SingleHop, Inc. United States
239. ns2.m03.siteground.biz. (69.175.104.51) AS32475 SingleHop, Inc. United States
240.  
241. [+] MX Records
242. 5 (74.125.193.26) AS15169 Google Inc. United States
243.  
244. [+] MX Records
245. 5 (64.233.190.27) AS15169 Google Inc. United States
246.  
247. [+] MX Records
248. 10 (74.125.128.26) AS15169 Google Inc. United States
249.  
250. [+] MX Records
251. 10 (66.102.1.26) AS15169 Google Inc. United States
252.  
253. [+] MX Records
254. 1 (172.217.197.27) AS15169 Google Inc. United States
255.  
256. [+] Host Records (A)
257. home.onaizahedu.gov.saHTTP: (ip-146-66-71-198.siteground.com) (146.66.71.198) Bulgaria Bulgaria
258. www.home.onaizahedu.gov.saHTTP: (ip-146-66-71-198.siteground.com) (146.66.71.198) Bulgaria Bulgaria
259. serv.onaizahedu.gov.saHTTP: (ip-146-66-71-198.siteground.com) (146.66.71.198) Bulgaria Bulgaria
260.  
261. [+] TXT Records
262. "v=spf1 include:mailgun.org ~all"
263.  
264. [+] DNS Map: https://dnsdumpster.com/static/map/onaizahedu.gov.sa.png
265.  
266. [>] Initiating 3 intel modules
267. [>] Loading Alpha module (1/3)
268. [>] Beta module deployed (2/3)
269. [>] Gamma module initiated (3/3)
270.  
271.  
272. [+] Emails found:
273. ---------------------------------------------------------------------------------------------------------------------------------------
274. Gs52659@onaizahedu.gov.sa
275. gm52658@onaizahedu.gov.sa
276. mo@onaizahedu.gov.sa
277. pixel-1540482729729762-web-@onaizahedu.gov.sa
278. pixel-1540482731270313-web-@onaizahedu.gov.sa
279. sclp112@onaizahedu.gov.sa
280. takaful@onaizahedu.gov.sa
281. web@onaizahedu.gov.sa
282. wry@onaizahedu.gov.sa
283.  
284. [+] Hosts found in search engines:
285. ---------------------------------------------------------------------------------------------------------------------------------------
286. [-] Resolving hostnames IPs...
287. 146.66.71.198:www.onaizahedu.gov.sa
288. [+] Virtual hosts:
289. ---------------------------------------------------------------------------------------------------------------------------------------
290. [~] Crawling the target for fuzzable URLs
291. [+] Found 6 fuzzable URLs
292. http://onaizahedu.gov.sa//?p=514
293. [~] Using SQLMap api to check for SQL injection vulnerabilities. Don't worry we are using an online service and it doesn't depend on your internet connection. This scan will take 2-3 minutes.
294. #######################################################################################################################################
295. ; <<>> DiG 9.11.4-P2-3-Debian <<>> onaizahedu.gov.sa
296. ;; global options: +cmd
297. ;; Got answer:
298. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24756
299. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
300.  
301. ;; OPT PSEUDOSECTION:
302. ; EDNS: version: 0, flags:; udp: 4096
303. ;; QUESTION SECTION:
304. ;onaizahedu.gov.sa. IN A
305.  
306. ;; ANSWER SECTION:
307. onaizahedu.gov.sa. 13099 IN A 146.66.71.198
308.  
309. ;; Query time: 217 msec
310. ;; SERVER: 38.132.106.139#53(38.132.106.139)
311. ;; WHEN: jeu oct 25 11:58:29 EDT 2018
312. ;; MSG SIZE rcvd: 62
313.  
314. #######################################################################################################################################
315. [+] URL: http://onaizahedu.gov.sa/
316. [+] Started: Thu Oct 25 11:42:02 2018
317.  
318. Interesting Finding(s):
319.  
320. [+] http://onaizahedu.gov.sa/
321. | Interesting Entries:
322. | - X-Cache-Enabled: False
323. | - Host-Header: 192fc2e7e50945beb8231a492d6a8024
324. | - X-Proxy-Cache: MISS
325. | Found By: Headers (Passive Detection)
326. | Confidence: 100%
327.  
328. [+] http://onaizahedu.gov.sa/robots.txt
329. | Interesting Entries:
330. | - /wp-admin/
331. | - /wp-admin/admin-ajax.php
332. | Found By: Robots Txt (Aggressive Detection)
333. | Confidence: 100%
334.  
335. [+] http://onaizahedu.gov.sa/xmlrpc.php
336. | Found By: Direct Access (Aggressive Detection)
337. | Confidence: 100%
338. | References:
339. | - http://codex.wordpress.org/XML-RPC_Pingback_API
340. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
341. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
342. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
343. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
344.  
345. [+] http://onaizahedu.gov.sa/readme.html
346. | Found By: Direct Access (Aggressive Detection)
347. | Confidence: 100%
348.  
349. [+] WordPress version 4.9.8 identified (Released on 2018-08-02).
350. | Detected By: Rss Generator (Passive Detection)
351. | - http://onaizahedu.gov.sa/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
352. | Confirmed By: Atom Generator (Passive Detection)
353. | - http://onaizahedu.gov.sa/feed/atom/, <generator uri="https://wordpress.org/" version="4.9.8">WordPress</generator>
354.  
355. [+] WordPress theme in use: lightmag-v3
356. | Location: http://onaizahedu.gov.sa/wp-content/themes/lightmag-v3/
357. | Style URL: http://onaizahedu.gov.sa/wp-content/themes/lightmag-v3/style.css?1445753475
358. | Style Name: LightMag v3
359. | Style URI: http://mwordpress.net
360. | Description: Premium News/Magazine Wordpress theme by Mouad Achemli....
361. | Author: Mouad Achemli
362. |
363. | Detected By: Css Style (Passive Detection)
364. |
365. | Version: 3.0 (80% confidence)
366. | Detected By: Style (Passive Detection)
367. | - http://onaizahedu.gov.sa/wp-content/themes/lightmag-v3/style.css?1445753475, Match: 'Version: 3.0'
368.  
369. [+] Enumerating Vulnerable Plugins
370. [+] Checking Plugin Versions
371.  
372. [i] No plugins Found.
373.  
374. [+] Enumerating Vulnerable Themes
375. Checking Known Locations - Time: 00:01:36 <> (287 / 287) 100.00% Time: 00:01:36
376. [+] Checking Theme Versions
377.  
378. [i] No themes Found.
379.  
380. [+] Enumerating Timthumbs
381. Checking Known Locations - Time: 00:05:45 <> (1000 / 2573) 38.86% ETA: 00:09:0 Checking Known
382.  
383. [i] Timthumb(s) Identified:
384.  
385. [+] http://onaizahedu.gov.sa/wp-content/themes/lightmag-v3/timthumb.php
386. | Detected By: Known Locations (Aggressive Detection)
387. |
388. | Version: 2.8.11
389. | Detected By: Bad Request (Aggressive Detection)
390. | - http://onaizahedu.gov.sa/wp-content/themes/lightmag-v3/timthumb.php, Match: 'TimThumb version : 2.8.11'
391.  
392. [+] Enumerating Config Backups
393. Checking Config Backups - Time: 00:00:04 <===> (21 / 21) 100.00% Time: 00:00:04
394.  
395. [i] No Config Backups Found.
396.  
397. [+] Enumerating DB Exports
398. Checking DB Exports - Time: 00:00:14 <=======> (36 / 36) 100.00% Time: 00:00:14
399.  
400. [i] No DB Exports Found.
401.  
402. [+] Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)
403. Brute Forcing Attachment IDs - Time: 00:00:00 <> (0 / 100) 0.00% ETA: ??:??:? Brute Forcing
404. [i] No Medias Found.
405.  
406. [+] Enumerating Users
407. Brute Forcing Author IDs - Time: 00:00:04 <==> (10 / 10) 100.00% Time: 00:00:04
408.  
409. [i] User(s) Identified:
410.  
411. [+] db9v4
412. | Detected By: Wp Json Api (Aggressive Detection)
413. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
414. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
415.  
416. [+] al11
417. | Detected By: Wp Json Api (Aggressive Detection)
418. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
419.  
420. [+] al13
421. | Detected By: Wp Json Api (Aggressive Detection)
422. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
423.  
424. [+] al4
425. | Detected By: Wp Json Api (Aggressive Detection)
426. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
427. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
428.  
429. [+] al6
430. | Detected By: Wp Json Api (Aggressive Detection)
431. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
432. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
433.  
434. [+] al5
435. | Detected By: Wp Json Api (Aggressive Detection)
436. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
437. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
438.  
439. [+] al7
440. | Detected By: Wp Json Api (Aggressive Detection)
441. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
442.  
443. [+] al1
444. | Detected By: Wp Json Api (Aggressive Detection)
445. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
446. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
447.  
448. [+] al3
449. | Detected By: Wp Json Api (Aggressive Detection)
450. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
451. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
452.  
453. [+] al14
454. | Detected By: Wp Json Api (Aggressive Detection)
455. | - http://onaizahedu.gov.sa/wp-json/wp/v2/users/
456.  
457. [+] it
458. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
459.  
460. [+] web
461. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
462.  
463. [+] wal
464. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
465.  
466. [+] al2
467. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
468.  
469. [+] Finished: Thu Oct 25 12:00:56 2018
470. [+] Requests Done: 3092
471. [+] Memory used: 159.48 MB
472. [+] Elapsed time: 00:18:53
473. #######################################################################################################################################
474. [+] URL: http://onaizahedu.gov.sa/
475. [+] Started: Thu Oct 25 12:05:16 2018
476.  
477. Interesting Finding(s):
478.  
479. [+] http://onaizahedu.gov.sa/
480. | Interesting Entries:
481. | - X-Cache-Enabled: False
482. | - Host-Header: 192fc2e7e50945beb8231a492d6a8024
483. | - X-Proxy-Cache: MISS
484. | Found By: Headers (Passive Detection)
485. | Confidence: 100%
486.  
487. [+] http://onaizahedu.gov.sa/robots.txt
488. | Interesting Entries:
489. | - /wp-admin/
490. | - /wp-admin/admin-ajax.php
491. | Found By: Robots Txt (Aggressive Detection)
492. | Confidence: 100%
493.  
494. [+] http://onaizahedu.gov.sa/xmlrpc.php
495. | Found By: Direct Access (Aggressive Detection)
496. | Confidence: 100%
497. | References:
498. | - http://codex.wordpress.org/XML-RPC_Pingback_API
499. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
500. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
501. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
502. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
503.  
504. [+] http://onaizahedu.gov.sa/readme.html
505. | Found By: Direct Access (Aggressive Detection)
506. | Confidence: 100%
507.  
508. [+] WordPress version 4.9.8 identified (Released on 2018-08-02).
509. | Detected By: Rss Generator (Passive Detection)
510. | - http://onaizahedu.gov.sa/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
511. | Confirmed By: Atom Generator (Passive Detection)
512. | - http://onaizahedu.gov.sa/feed/atom/, <generator uri="https://wordpress.org/" version="4.9.8">WordPress</generator>
513.  
514. [+] WordPress theme in use: lightmag-v3
515. | Location: http://onaizahedu.gov.sa/wp-content/themes/lightmag-v3/
516. | Style URL: http://onaizahedu.gov.sa/wp-content/themes/lightmag-v3/style.css?1445753475
517. | Style Name: LightMag v3
518. | Style URI: http://mwordpress.net
519. | Description: Premium News/Magazine Wordpress theme by Mouad Achemli....
520. | Author: Mouad Achemli
521. |
522. | Detected By: Css Style (Passive Detection)
523. |
524. | Version: 3.0 (80% confidence)
525. | Detected By: Style (Passive Detection)
526. | - http://onaizahedu.gov.sa/wp-content/themes/lightmag-v3/style.css?1445753475, Match: 'Version: 3.0'
527.  
528. [+] Enumerating All Plugins
529. [+] Checking Plugin Versions
530.  
531. [i] Plugin(s) Identified:
532.  
533. [+] contact-form-7
534. | Location: http://onaizahedu.gov.sa/wp-content/plugins/contact-form-7/
535. | Latest Version: 5.0.4 (up to date)
536. | Last Updated: 2018-09-04T17:26:00.000Z
537. |
538. | Detected By: Urls In Homepage (Passive Detection)
539. |
540. | Version: 5.0.4 (100% confidence)
541. | Detected By: Query Parameter (Passive Detection)
542. | - http://onaizahedu.gov.sa/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.4
543. | Confirmed By:
544. | Readme - Stable Tag (Aggressive Detection)
545. | - http://onaizahedu.gov.sa/wp-content/plugins/contact-form-7/readme.txt
546. | Readme - ChangeLog Section (Aggressive Detection)
547. | - http://onaizahedu.gov.sa/wp-content/plugins/contact-form-7/readme.txt
548.  
549. [+] wysija-newsletters
550. | Location: http://onaizahedu.gov.sa/wp-content/plugins/wysija-newsletters/
551. | Latest Version: 2.10.2 (up to date)
552. | Last Updated: 2018-10-18T06:27:00.000Z
553. |
554. | Detected By: Urls In Homepage (Passive Detection)
555. |
556. | Version: 2.10.2 (90% confidence)
557. | Detected By: Query Parameter (Passive Detection)
558. | - http://onaizahedu.gov.sa/wp-content/plugins/wysija-newsletters/css/validationEngine.jquery.css?ver=2.10.2
559. | Confirmed By: Readme - Stable Tag (Aggressive Detection)
560. | - http://onaizahedu.gov.sa/wp-content/plugins/wysija-newsletters/readme.txt
561.  
562. [+] Enumerating Config Backups
563. Checking Config Backups - Time: 00:00:06 <=============> (21 / 21) 100.00% Time: 00:00:06
564.  
565. [i] No Config Backups Found.
566.  
567. [+] Finished: Thu Oct 25 12:06:06 2018
568. [+] Requests Done: 56
569. [+] Memory used: 99.766 MB
570. [+] Elapsed time: 00:00:49
571. #######################################################################################################################################
572. [+] Hosting Info for Website: onaizahedu.gov.sa
573. [+] Visitors per day: 3,580
574. [+] IP Address: 146.66.71.198
575. [+] IP Reverse DNS (Host): ip-146-66-71-198.siteground.com
576. [+] Hosting IP Range: 146.66.71.0 - 146.66.71.255 (256 ip)
577. [+] Hosting Address: Racho Petkov Kazandjiata 8, Floor 3, Siteground
578. [+] Hosting Country: USA
579. [+] Hosting Phone: +359886660270, +442071839093
580. [+] Hosting Website: www.siteground.com
581. [+] Hosting CIDR: 146.66.71.0/24
582.  
583. [+] NS: ns1.m03.siteground.biz
584. [+] NS: ns2.m03.siteground.biz
585. #######################################################################################################################################
586. [+] Testing domain
587. www.onaizahedu.gov.sa 146.66.71.198
588. [+] Dns resolving
589. Domain name Ip address Name server
590. onaizahedu.gov.sa 146.66.71.198 ip-146-66-71-198.siteground.com
591. Found 1 host(s) for onaizahedu.gov.sa
592. [+] Testing wildcard
593. Ok, no wildcard found.
594.  
595. [+] Scanning for subdomain on onaizahedu.gov.sa
596. [!] Wordlist not specified. I scannig with my internal wordlist...
597. Estimated time about 118.01 seconds
598.  
599. Subdomain Ip address Name server
600.  
601. calendar.onaizahedu.gov.sa 172.217.15.115 iad30s21-in-f19.1e100.net
602. docs.onaizahedu.gov.sa 172.217.15.115 iad30s21-in-f19.1e100.net
603. email.onaizahedu.gov.sa 34.199.3.152 ec2-34-199-3-152.compute-1.amazonaws.com
604. ftp.onaizahedu.gov.sa 146.66.71.198 ip-146-66-71-198.siteground.com
605. home.onaizahedu.gov.sa 146.66.71.198 ip-146-66-71-198.siteground.com
606. localhost.onaizahedu.gov.sa 127.0.0.1 localhost
607. mail.onaizahedu.gov.sa 172.217.15.115 iad30s21-in-f19.1e100.net
608. serv.onaizahedu.gov.sa 146.66.71.198 ip-146-66-71-198.siteground.com
609. webmail.onaizahedu.gov.sa 146.66.71.198 ip-146-66-71-198.siteground.com
610. www.onaizahedu.gov.sa 146.66.71.198 ip-146-66-71-198.siteground.com
611.  
612. #######################################################################################################################################
613. [*] Processing domain onaizahedu.gov.sa
614. [+] Getting nameservers
615. 69.175.104.51 - ns2.m03.siteground.biz
616. 69.175.104.50 - ns1.m03.siteground.biz
617. [-] Zone transfer failed
618.  
619. [+] TXT records found
620. "v=spf1 include:mailgun.org ~all"
621.  
622. [+] MX records found, added to target list
623. 10 alt3.aspmx.l.google.com.
624. 5 alt2.aspmx.l.google.com.
625. 10 alt4.aspmx.l.google.com.
626. 5 alt1.aspmx.l.google.com.
627. 1 aspmx.l.google.com.
628.  
629. [*] Scanning onaizahedu.gov.sa for A records
630. 146.66.71.198 - onaizahedu.gov.sa
631. 146.66.71.198 - autodiscover.onaizahedu.gov.sa
632. 146.66.71.198 - autoconfig.onaizahedu.gov.sa
633. 172.217.15.115 - calendar.onaizahedu.gov.sa
634. 146.66.71.198 - cpanel.onaizahedu.gov.sa
635. 172.217.15.115 - docs.onaizahedu.gov.sa
636. 52.25.253.172 - email.onaizahedu.gov.sa
637. 54.218.42.63 - email.onaizahedu.gov.sa
638. 146.66.71.198 - ftp.onaizahedu.gov.sa
639. 146.66.71.198 - home.onaizahedu.gov.sa
640. 127.0.0.1 - localhost.onaizahedu.gov.sa
641. 172.217.15.115 - mail.onaizahedu.gov.sa
642. 172.217.15.115 - sites.onaizahedu.gov.sa
643. 146.66.71.198 - webdisk.onaizahedu.gov.sa
644. 146.66.71.198 - webmail.onaizahedu.gov.sa
645. 146.66.71.198 - whm.onaizahedu.gov.sa
646. 146.66.71.198 - www.onaizahedu.gov.sa
647. #######################################################################################################################################
648. Ip Address Status Type Domain Name Server
649. ---------- ------ ---- ----------- ------
650. 172.217.15.115 302 alias calendar.onaizahedu.gov.sa ghs
651. 172.217.15.115 302 host ghs.google.com ghs
652. 172.217.15.115 302 alias docs.onaizahedu.gov.sa ghs
653. 172.217.15.115 302 host ghs.google.com ghs
654. 54.218.42.63 200 alias email.onaizahedu.gov.sa nginx
655. 54.218.42.63 200 host mailgun.org nginx
656. 52.25.253.172 200 host mailgun.org nginx
657. 146.66.71.198 200 alias ftp.onaizahedu.gov.sa nginx
658. 146.66.71.198 200 host onaizahedu.gov.sa nginx
659. 146.66.71.198 403 host home.onaizahedu.gov.sa nginx
660. 127.0.0.1 host localhost.onaizahedu.gov.sa
661. 172.217.15.115 302 alias mail.onaizahedu.gov.sa ghs
662. 172.217.15.115 302 host ghs.google.com ghs
663. 146.66.71.198 301 host serv.onaizahedu.gov.sa nginx
664. 146.66.71.198 200 host webmail.onaizahedu.gov.sa nginx
665. 146.66.71.198 301 alias www.onaizahedu.gov.sa nginx
666. 146.66.71.198 301 host onaizahedu.gov.sa nginx
667. #######################################################################################################################################
668. Start: 2018-10-25T16:23:12+0000
669. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
670. 1.|-- 45.79.12.201 0.0% 3 1.1 1.2 0.9 1.6 0.3
671. 2.|-- 45.79.12.0 0.0% 3 0.7 0.7 0.6 0.7 0.1
672. 3.|-- 45.79.12.9 0.0% 3 0.8 1.6 0.8 3.2 1.3
673. 4.|-- dls-b22-link.telia.net 0.0% 3 0.9 1.1 0.9 1.3 0.2
674. 5.|-- kanc-b1-link.telia.net 0.0% 3 12.1 12.1 11.9 12.2 0.2
675. 6.|-- chi-b21-link.telia.net 0.0% 3 24.5 24.9 24.5 25.5 0.5
676. 7.|-- serverhub-ic-324864-chi-b21.c.telia.net 0.0% 3 25.1 25.3 25.1 25.8 0.4
677. 8.|-- 128.177.133.154 0.0% 3 389.1 147.4 25.4 389.1 209.4
678. 9.|-- ip-146-66-71-198.siteground.com 0.0% 3 24.5 24.8 24.5 25.2 0.4
679. #######################################################################################################################################
680. ---------------------------------------------------------------------------------------------------------------------------------------
681. + Target IP: 146.66.71.198
682. + Target Hostname: onaizahedu.gov.sa
683. + Target Port: 80
684. + Start Time: 2018-10-25 11:57:29 (GMT-4)
685. ---------------------------------------------------------------------------------------------------------------------------------------
686. + Server: No banner retrieved
687. + The anti-clickjacking X-Frame-Options header is not present.
688. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
689. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
690. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
691. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
692. + Scan terminated: 20 error(s) and 4 item(s) reported on remote host
693. + End Time: 2018-10-25 12:18:14 (GMT-4) (1245 seconds)
694. ---------------------------------------------------------------------------------------------------------------------------------------
695. #######################################################################################################################################
696. --------------------------------------------------------------------------------------------------------------------------------------
697. + Target IP: 146.66.71.198
698. + Target Hostname: 146.66.71.198
699. + Target Port: 80
700. + Start Time: 2018-10-25 11:57:59 (GMT-4)
701. ---------------------------------------------------------------------------------------------------------------------------------------
702. + Server: No banner retrieved
703. + The anti-clickjacking X-Frame-Options header is not present.
704. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
705. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
706. + No CGI Directories found (use '-C all' to force check all possible dirs)
707. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
708. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
709. + Scan terminated: 20 error(s) and 4 item(s) reported on remote host
710. + End Time: 2018-10-25 12:42:01 (GMT-4) (2642 seconds)
711. ---------------------------------------------------------------------------------------------------------------------------------------
712. #######################################################################################################################################
713. PING 146.66.71.198 (146.66.71.198) 56(84) bytes of data.
714. 64 bytes from 146.66.71.198: icmp_seq=1 ttl=55 time=222 ms
715.  
716. --- 146.66.71.198 ping statistics ---
717. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
718. rtt min/avg/max/mdev = 221.519/221.519/221.519/0.000 ms
719. #######################################################################################################################################
720. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 11:53 EDT
721. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
722. Host is up (0.20s latency).
723. Not shown: 460 filtered ports, 5 closed ports
724. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
725. PORT STATE SERVICE
726. 21/tcp open ftp
727. 53/tcp open domain
728. 80/tcp open http
729. 110/tcp open pop3
730. 143/tcp open imap
731. 443/tcp open https
732. 465/tcp open smtps
733. 587/tcp open submission
734. 993/tcp open imaps
735. 995/tcp open pop3s
736. 2525/tcp open ms-v-worlds
737. #######################################################################################################################################
738. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 11:53 EDT
739. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
740. Host is up (0.20s latency).
741. Not shown: 2 filtered ports
742. PORT STATE SERVICE
743. 53/udp open domain
744. 67/udp open|filtered dhcps
745. 68/udp open|filtered dhcpc
746. 69/udp open|filtered tftp
747. 88/udp open|filtered kerberos-sec
748. 123/udp open|filtered ntp
749. 139/udp open|filtered netbios-ssn
750. 161/udp open|filtered snmp
751. 162/udp open|filtered snmptrap
752. 389/udp open|filtered ldap
753. 520/udp open|filtered route
754. 2049/udp open|filtered nfs
755. #######################################################################################################################################
756. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 11:53 EDT
757. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
758. Host is up (0.22s latency).
759.  
760. PORT STATE SERVICE VERSION
761. 21/tcp open ftp Pure-FTPd
762. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
763. Device type: general purpose
764. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
765. OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
766. Aggressive OS guesses: Linux 4.9 (91%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%), OpenWrt Chaos Calmer (Linux 3.18) (85%)
767. No exact OS matches for host (test conditions non-ideal).
768. Network Distance: 19 hops
769.  
770. TRACEROUTE (using port 21/tcp)
771. HOP RTT ADDRESS
772. 1 117.12 ms 10.251.200.1
773. 2 117.15 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
774. 3 117.17 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
775. 4 117.17 ms 10.10.53.25
776. 5 186.22 ms 10.10.50.129
777. 6 186.20 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
778. 7 186.97 ms et-0-0-23-1.cr5-mia1.ip4.gtt.net (213.200.112.22)
779. 8 186.26 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
780. 9 186.24 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
781. 10 186.66 ms 64.125.30.193
782. 11 239.48 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
783. 12 235.06 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
784. 13 234.31 ms ae4.cs2.lga5.us.eth.zayo.com (64.125.29.30)
785. 14 234.34 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
786. 15 221.30 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
787. 16 234.00 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
788. 17 221.29 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
789. 18 234.70 ms 128.177.133.154
790. 19 221.64 ms ip-146-66-71-198.siteground.com (146.66.71.198)
791. #######################################################################################################################################
792. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:04 EDT
793. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
794. Host is up (0.22s latency).
795.  
796. PORT STATE SERVICE VERSION
797. 53/tcp open domain (unknown banner: donuts)
798. |_dns-fuzz: Server didn't response to our probe, can't fuzz
799. | dns-nsec-enum:
800. |_ No NSEC records found
801. | dns-nsec3-enum:
802. |_ DNSSEC NSEC3 not supported
803. | dns-nsid:
804. |_ bind.version: donuts
805. | fingerprint-strings:
806. | DNSVersionBindReqTCP:
807. | version
808. | bind
809. |_ donuts
810. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
811. SF-Port53-TCP:V=7.70%I=7%D=10/25%Time=5BD1E987%P=x86_64-pc-linux-gnu%r(DNS
812. SF:VersionBindReqTCP,41,"\0\?\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version
813. SF:\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x07\x06donuts\xc0\
814. SF:x0c\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
815. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
816. Device type: general purpose
817. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (88%)
818. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:2.6
819. Aggressive OS guesses: Linux 3.18 (88%), Linux 4.9 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%)
820. No exact OS matches for host (test conditions non-ideal).
821. Network Distance: 19 hops
822.  
823. Host script results:
824. | dns-brute:
825. | DNS Brute-force hostnames:
826. | stats.siteground.com - 192.168.0.15
827. | internal.siteground.com - 184.154.235.10
828. | ns1.siteground.com - 181.224.128.30
829. | apps.siteground.com - 172.217.13.110
830. | ns2.siteground.com - 181.224.128.31
831. | apps.siteground.com - 2607:f8b0:4020:804:0:0:0:200e
832. | download.siteground.com - 184.154.235.243
833. | blog.siteground.com - 184.154.235.13
834. | mail.siteground.com - 198.143.151.98
835. | www.siteground.com - 181.224.128.30
836. | www.siteground.com - 181.224.128.31
837. | cdn.siteground.com - 181.224.128.32
838. | cdn.siteground.com - 181.224.128.33
839. | mail2.siteground.com - 181.224.128.61
840. | chat.siteground.com - 216.104.36.122
841. | mail3.siteground.com - 69.175.85.2
842. | forum.siteground.com - 184.154.235.107
843. |_ dev.siteground.com - 184.154.235.240
844.  
845. TRACEROUTE (using port 53/tcp)
846. HOP RTT ADDRESS
847. 1 119.09 ms 10.251.200.1
848. 2 119.12 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
849. 3 119.95 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
850. 4 119.94 ms 10.10.53.25
851. 5 192.16 ms 10.10.50.129
852. 6 188.80 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
853. 7 193.40 ms et-0-0-22-2.cr5-mia1.ip4.gtt.net (213.200.112.38)
854. 8 188.88 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
855. 9 188.87 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
856. 10 188.99 ms 64.125.30.193
857. 11 237.63 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
858. 12 241.53 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
859. 13 236.22 ms 64.125.29.30
860. 14 236.25 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
861. 15 232.03 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
862. 16 245.28 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
863. 17 233.41 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
864. 18 381.60 ms 128.177.133.154
865. 19 227.16 ms ip-146-66-71-198.siteground.com (146.66.71.198)
866.  
867. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
868. Nmap done: 1 IP address (1 host up) scanned in 52.79 seconds
869. + -- --=[Port 67 opened... running tests...
870. #######################################################################################################################################
871. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:05 EDT
872. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
873. Host is up (0.22s latency).
874.  
875. PORT STATE SERVICE VERSION
876. 67/udp open|filtered dhcps
877. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
878. Too many fingerprints match this host to give specific OS details
879. Network Distance: 19 hops
880.  
881. TRACEROUTE (using proto 1/icmp)
882. HOP RTT ADDRESS
883. 1 116.34 ms 10.251.200.1
884. 2 116.36 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
885. 3 116.69 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
886. 4 116.89 ms 10.10.53.25
887. 5 186.15 ms 10.10.50.129
888. 6 193.94 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
889. 7 186.18 ms et-0-0-23-1.cr5-mia1.ip4.gtt.net (213.200.112.22)
890. 8 186.19 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
891. 9 186.72 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
892. 10 186.23 ms 64.125.30.193
893. 11 240.80 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
894. 12 244.41 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
895. 13 239.39 ms ae4.cs2.lga5.us.eth.zayo.com (64.125.29.30)
896. 14 239.37 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
897. 15 224.75 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
898. 16 237.31 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
899. 17 287.75 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
900. 18 254.54 ms 128.177.133.154
901. 19 224.73 ms ip-146-66-71-198.siteground.com (146.66.71.198)
902.  
903. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
904. Nmap done: 1 IP address (1 host up) scanned in 120.54 seconds
905. + -- --=[Port 68 opened... running tests...
906. #######################################################################################################################################
907. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:07 EDT
908. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
909. Host is up (0.22s latency).
910.  
911. PORT STATE SERVICE VERSION
912. 68/udp open|filtered dhcpc
913. Too many fingerprints match this host to give specific OS details
914. Network Distance: 19 hops
915.  
916. TRACEROUTE (using proto 1/icmp)
917. HOP RTT ADDRESS
918. 1 120.65 ms 10.251.200.1
919. 2 120.67 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
920. 3 123.87 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
921. 4 122.25 ms 10.10.53.25
922. 5 190.07 ms 10.10.50.129
923. 6 190.05 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
924. 7 190.11 ms et-0-0-21-1.cr5-mia1.ip4.gtt.net (213.200.112.30)
925. 8 190.09 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
926. 9 189.89 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
927. 10 190.46 ms 64.125.30.193
928. 11 239.16 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
929. 12 243.57 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
930. 13 233.54 ms 64.125.29.30
931. 14 233.52 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
932. 15 222.79 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
933. 16 235.87 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
934. 17 223.35 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
935. 18 224.73 ms 128.177.133.154
936. 19 223.32 ms ip-146-66-71-198.siteground.com (146.66.71.198)
937.  
938. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
939. Nmap done: 1 IP address (1 host up) scanned in 120.42 seconds
940. #######################################################################################################################################
941. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:09 EDT
942. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
943. Host is up (0.22s latency).
944.  
945. PORT STATE SERVICE VERSION
946. 69/udp open|filtered tftp
947. Too many fingerprints match this host to give specific OS details
948. Network Distance: 19 hops
949.  
950. TRACEROUTE (using proto 1/icmp)
951. HOP RTT ADDRESS
952. 1 115.67 ms 10.251.200.1
953. 2 115.71 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
954. 3 115.73 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
955. 4 116.05 ms 10.10.53.25
956. 5 184.79 ms 10.10.50.129
957. 6 184.76 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
958. 7 189.53 ms et-0-0-21-1.cr5-mia1.ip4.gtt.net (213.200.112.30)
959. 8 185.51 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
960. 9 185.56 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
961. 10 185.61 ms 64.125.30.193
962. 11 239.85 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
963. 12 243.90 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
964. 13 238.35 ms 64.125.29.30
965. 14 238.29 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
966. 15 221.06 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
967. 16 234.08 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
968. 17 221.51 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
969. 18 422.21 ms 128.177.133.154
970. 19 221.04 ms ip-146-66-71-198.siteground.com (146.66.71.198)
971. #######################################################################################################################################
972.  
973. ^ ^
974. _ __ _ ____ _ __ _ _ ____
975. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
976. | V V // o // _/ | V V // 0 // 0 // _/
977. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
978. <
979. ...'
980.  
981. WAFW00F - Web Application Firewall Detection Tool
982.  
983. By Sandro Gauci && Wendel G. Henrique
984.  
985. Checking http://146.66.71.198
986. Generic Detection results:
987. No WAF detected by the generic detection
988. Number of requests: 14
989. #######################################################################################################################################
990. http://146.66.71.198 [200 OK] Country[ROMANIA][RO], IP[146.66.71.198], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], UncommonHeaders[host-header,x-proxy-cache], cPanel
991. http://146.66.71.198/cgi-sys/defaultwebpage.cgi [200 OK] Country[ROMANIA][RO], HTML5, IP[146.66.71.198], Title[SiteGround Web Hosting Server Default Page], UncommonHeaders[host-header,x-proxy-cache]
992. #######################################################################################################################################
993.  
994. wig - WebApp Information Gatherer
995.  
996.  
997. Scanning http://146.66.71.198...
998. _________________________________________ SITE INFO _________________________________________
999. IP Title
1000. 146.66.71.198
1001.  
1002. __________________________________________ VERSION __________________________________________
1003. Name Versions Type
1004. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
1005. 2.4.8 | 2.4.9
1006.  
1007. ________________________________________ INTERESTING ________________________________________
1008. URL Note Type
1009. /install.php Installation file Interesting
1010. /robots.txt robots.txt index Interesting
1011. /test.php Test file Interesting
1012.  
1013. _____________________________________________________________________________________________
1014. Time: 49.4 sec Urls: 808 Fingerprints: 40401
1015. #######################################################################################################################################
1016. HTTP/1.1 200 OK
1017. Date: Thu, 25 Oct 2018 16:12:37 GMT
1018. Content-Type: text/html
1019. Content-Length: 111
1020. Last-Modified: Mon, 13 Nov 2017 15:37:17 GMT
1021. ETag: "6f-55ddf0b95a540"
1022. Accept-Ranges: bytes
1023. Host-Header: 192fc2e7e50945beb8231a492d6a8024
1024. Connection: keep-alive
1025. #######################################################################################################################################
1026. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:12 EDT
1027. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
1028. Host is up (0.22s latency).
1029.  
1030. PORT STATE SERVICE VERSION
1031. 110/tcp open pop3 Dovecot pop3d
1032. | pop3-brute:
1033. | Accounts: No valid accounts found
1034. | Statistics: Performed 165 guesses in 147 seconds, average tps: 1.0
1035. |_ ERROR: Failed to connect.
1036. |_pop3-capabilities: UIDL SASL(PLAIN LOGIN) USER CAPA PIPELINING AUTH-RESP-CODE RESP-CODES TOP STLS
1037. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1038. Device type: general purpose
1039. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (89%)
1040. OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
1041. Aggressive OS guesses: Linux 4.9 (89%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%)
1042. No exact OS matches for host (test conditions non-ideal).
1043. Network Distance: 19 hops
1044.  
1045. TRACEROUTE (using port 110/tcp)
1046. HOP RTT ADDRESS
1047. 1 115.53 ms 10.251.200.1
1048. 2 115.59 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
1049. 3 119.07 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
1050. 4 119.03 ms 10.10.53.25
1051. 5 184.28 ms 10.10.50.129
1052. 6 185.44 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
1053. 7 184.32 ms et-0-0-21-3.cr5-mia1.ip4.gtt.net (213.200.112.6)
1054. 8 184.55 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
1055. 9 184.55 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
1056. 10 185.51 ms 64.125.30.193
1057. 11 235.33 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
1058. 12 239.61 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
1059. 13 253.64 ms ae4.cs2.lga5.us.eth.zayo.com (64.125.29.30)
1060. 14 264.82 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
1061. 15 222.78 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
1062. 16 235.98 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
1063. 17 222.92 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
1064. 18 223.15 ms 128.177.133.154
1065. 19 222.18 ms ip-146-66-71-198.siteground.com (146.66.71.198)
1066.  
1067. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1068. Nmap done: 1 IP address (1 host up) scanned in 171.05 seconds
1069. + -- --=[Port 111 closed... skipping.
1070. + -- --=[Port 123 opened... running tests...
1071. #######################################################################################################################################
1072. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:15 EDT
1073. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
1074. Host is up (0.22s latency).
1075.  
1076. PORT STATE SERVICE VERSION
1077. 123/udp open|filtered ntp
1078. Too many fingerprints match this host to give specific OS details
1079. Network Distance: 19 hops
1080.  
1081. TRACEROUTE (using proto 1/icmp)
1082. HOP RTT ADDRESS
1083. 1 116.27 ms 10.251.200.1
1084. 2 116.29 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
1085. 3 116.33 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
1086. 4 117.08 ms 10.10.53.25
1087. 5 185.64 ms 10.10.50.129
1088. 6 185.45 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
1089. 7 189.59 ms et-0-0-5-0.cr5-mia1.ip4.gtt.net (89.149.140.146)
1090. 8 185.70 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
1091. 9 185.70 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
1092. 10 185.95 ms 64.125.30.193
1093. 11 252.88 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
1094. 12 241.43 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
1095. 13 240.44 ms 64.125.29.30
1096. 14 235.84 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
1097. 15 226.39 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
1098. 16 239.47 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
1099. 17 226.87 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
1100. 18 230.75 ms 128.177.133.154
1101. 19 226.35 ms ip-146-66-71-198.siteground.com (146.66.71.198)
1102. #######################################################################################################################################
1103. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:17 EDT
1104. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
1105. Host is up (0.22s latency).
1106.  
1107. PORT STATE SERVICE VERSION
1108. 161/tcp filtered snmp
1109. 161/udp open|filtered snmp
1110. Too many fingerprints match this host to give specific OS details
1111. Network Distance: 19 hops
1112.  
1113. TRACEROUTE (using proto 1/icmp)
1114. HOP RTT ADDRESS
1115. 1 116.43 ms 10.251.200.1
1116. 2 116.73 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
1117. 3 117.52 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
1118. 4 117.50 ms 10.10.53.25
1119. 5 185.85 ms 10.10.50.129
1120. 6 185.83 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
1121. 7 185.90 ms et-0-0-21-1.cr5-mia1.ip4.gtt.net (213.200.112.30)
1122. 8 185.93 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
1123. 9 185.92 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
1124. 10 186.03 ms 64.125.30.193
1125. 11 237.08 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
1126. 12 245.46 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
1127. 13 235.49 ms 64.125.29.30
1128. 14 235.46 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
1129. 15 223.34 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
1130. 16 236.61 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
1131. 17 223.36 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
1132. 18 240.99 ms 128.177.133.154
1133. 19 223.33 ms ip-146-66-71-198.siteground.com (146.66.71.198)
1134.  
1135. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1136. Nmap done: 1 IP address (1 host up) scanned in 143.43 seconds
1137. #######################################################################################################################################
1138.  
1139. ^ ^
1140. _ __ _ ____ _ __ _ _ ____
1141. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1142. | V V // o // _/ | V V // 0 // 0 // _/
1143. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1144. <
1145. ...'
1146.  
1147. WAFW00F - Web Application Firewall Detection Tool
1148.  
1149. By Sandro Gauci && Wendel G. Henrique
1150.  
1151. Checking https://146.66.71.198
1152. Generic Detection results:
1153. The site https://146.66.71.198 seems to be behind a WAF or some sort of security solution
1154. Reason: Blocking is being done at connection/packet level.
1155. Number of requests: 12
1156. #######################################################################################################################################
1157.  
1158.  
1159.  
1160. AVAILABLE PLUGINS
1161. -----------------
1162.  
1163. PluginSessionResumption
1164. PluginChromeSha1Deprecation
1165. PluginOpenSSLCipherSuites
1166. PluginHSTS
1167. PluginSessionRenegotiation
1168. PluginHeartbleed
1169. PluginCertInfo
1170. PluginCompression
1171.  
1172.  
1173.  
1174. CHECKING HOST(S) AVAILABILITY
1175. -----------------------------
1176.  
1177. 146.66.71.198:443 => 146.66.71.198:443
1178.  
1179.  
1180.  
1181. SCAN RESULTS FOR 146.66.71.198:443 - 146.66.71.198:443
1182. ------------------------------------------------------
1183.  
1184. * Deflate Compression:
1185. OK - Compression disabled
1186.  
1187. * Session Renegotiation:
1188. Client-initiated Renegotiations: OK - Rejected
1189. Secure Renegotiation: OK - Supported
1190.  
1191. * Certificate - Content:
1192. SHA1 Fingerprint: 363d030c4d607dab9339ae0fadbe8bf2c20ac452
1193. Common Name: *.sgcpanel.com
1194. Issuer: AlphaSSL CA - SHA256 - G2
1195. Serial Number: 5E52A7B7D1282F578E40DFDE
1196. Not Before: Mar 12 07:55:09 2018 GMT
1197. Not After: May 9 08:29:28 2019 GMT
1198. Signature Algorithm: sha256WithRSAEncryption
1199. Public Key Algorithm: rsaEncryption
1200. Key Size: 2048 bit
1201. Exponent: 65537 (0x10001)
1202. X509v3 Subject Alternative Name: {'DNS': ['*.sgcpanel.com', 'sgcpanel.com']}
1203.  
1204. * Certificate - Trust:
1205. Hostname Validation: FAILED - Certificate does NOT match 146.66.71.198
1206. Google CA Store (09/2015): OK - Certificate is trusted
1207. Java 6 CA Store (Update 65): OK - Certificate is trusted
1208. Microsoft CA Store (09/2015): OK - Certificate is trusted
1209. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
1210. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
1211. Certificate Chain Received: ['*.sgcpanel.com', 'AlphaSSL CA - SHA256 - G2', 'AlphaSSL CA - SHA256 - G2']
1212.  
1213. * Certificate - OCSP Stapling:
1214. OCSP Response Status: successful
1215. Validation w/ Mozilla's CA Store: OK - Response is trusted
1216. Responder Id: EE5EFFFE85DB26C626FBD3698410AD1D0DD3EF58
1217. Cert Status: good
1218. Cert Serial Number: 5E52A7B7D1282F578E40DFDE
1219. This Update: Oct 25 13:22:15 2018 GMT
1220. Next Update: Oct 29 13:22:15 2018 GMT
1221.  
1222. * Session Resumption:
1223. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1224. With TLS Session Tickets: OK - Supported
1225.  
1226. * SSLV2 Cipher Suites:
1227. Server rejected all cipher suites.
1228.  
1229. * SSLV3 Cipher Suites:
1230. Server rejected all cipher suites.
1231.  
1232.  
1233.  
1234. SCAN COMPLETED IN 4.80 S
1235. ------------------------
1236. Version: 1.11.12-static
1237. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1238.  
1239. Connected to 146.66.71.198
1240.  
1241. Testing SSL server 146.66.71.198 on port 443 using SNI name 146.66.71.198
1242.  
1243. TLS Fallback SCSV:
1244. Server supports TLS Fallback SCSV
1245.  
1246. TLS renegotiation:
1247. Session renegotiation not supported
1248.  
1249. TLS Compression:
1250. Compression disabled
1251.  
1252. Heartbleed:
1253. TLS 1.2 not vulnerable to heartbleed
1254. TLS 1.1 not vulnerable to heartbleed
1255. TLS 1.0 not vulnerable to heartbleed
1256.  
1257. Supported Server Cipher(s):
1258. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-384 DHE 384
1259. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-384 DHE 384
1260. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-384 DHE 384
1261. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-384 DHE 384
1262. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-384 DHE 384
1263. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-384 DHE 384
1264. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1265. Accepted TLSv1.2 128 bits AES128-SHA
1266. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
1267. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
1268. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
1269. Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve P-384 DHE 384
1270. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA256 DHE 2048 bits
1271. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
1272. Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve P-384 DHE 384
1273. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA256 DHE 2048 bits
1274. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1275. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1276. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1277. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1278. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1279. Accepted TLSv1.2 256 bits AES256-SHA256
1280. Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
1281. Accepted TLSv1.2 128 bits AES128-SHA256
1282. Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
1283. Accepted TLSv1.2 256 bits AES256-SHA
1284. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1285. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1286. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-384 DHE 384
1287. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-384 DHE 384
1288. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1289. Accepted TLSv1.1 128 bits AES128-SHA
1290. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1291. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1292. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1293. Accepted TLSv1.1 256 bits AES256-SHA
1294. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1295. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1296.  
1297. SSL Certificate:
1298. Signature Algorithm: sha256WithRSAEncryption
1299. RSA Key Strength: 2048
1300.  
1301. Subject: *.sgcpanel.com
1302. Altnames: DNS:*.sgcpanel.com, DNS:sgcpanel.com
1303. Issuer: AlphaSSL CA - SHA256 - G2
1304.  
1305. Not valid before: Mar 12 07:55:09 2018 GMT
1306. Not valid after: May 9 08:29:28 2019 GMT
1307. #######################################################################################################################################
1308. I, [2018-10-25T12:21:31.547259 #32389] INFO -- : Initiating port scan
1309. I, [2018-10-25T12:22:27.647346 #32389] INFO -- : Using nmap scan output file logs/nmap_output_2018-10-25_12-21-31.xml
1310. I, [2018-10-25T12:22:27.648481 #32389] INFO -- : Discovered open port: 146.66.71.198:80
1311. I, [2018-10-25T12:22:28.553944 #32389] INFO -- : Discovered open port: 146.66.71.198:443
1312. I, [2018-10-25T12:22:30.373740 #32389] INFO -- : Discovered open port: 146.66.71.198:465
1313. I, [2018-10-25T12:22:31.755141 #32389] INFO -- : Discovered open port: 146.66.71.198:993
1314. I, [2018-10-25T12:22:33.585184 #32389] INFO -- : <<<Enumerating vulnerable applications>>>
1315. ---------------------------------------------------------------------------------------------------------------------------------------
1316. <<<Yasuo discovered following vulnerable applications>>>
1317. ---------------------------------------------------------------------------------------------------------------------------------------
1318. +----------+---------------------------------+---------------------------------------+----------+----------+
1319. | App Name | URL to Application | Potential Exploit | Username | Password |
1320. +----------+---------------------------------+---------------------------------------+----------+----------+
1321. | v0pCr3w | http://146.66.71.198:80/jos.php | ./exploits/multi/http/v0pcr3w_exec.rb | | |
1322. +----------+---------------------------------+---------------------------------------+----------+----------+
1323. #######################################################################################################################################
1324. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:24 EDT
1325. NSE: Loaded 148 scripts for scanning.
1326. NSE: Script Pre-scanning.
1327. Initiating NSE at 12:24
1328. Completed NSE at 12:24, 0.00s elapsed
1329. Initiating NSE at 12:24
1330. Completed NSE at 12:24, 0.00s elapsed
1331. Initiating Parallel DNS resolution of 1 host. at 12:24
1332. Completed Parallel DNS resolution of 1 host. at 12:24, 0.02s elapsed
1333. Initiating SYN Stealth Scan at 12:24
1334. Scanning ip-146-66-71-198.siteground.com (146.66.71.198) [474 ports]
1335. Discovered open port 993/tcp on 146.66.71.198
1336. Discovered open port 143/tcp on 146.66.71.198
1337. Discovered open port 53/tcp on 146.66.71.198
1338. Discovered open port 443/tcp on 146.66.71.198
1339. Discovered open port 587/tcp on 146.66.71.198
1340. Discovered open port 80/tcp on 146.66.71.198
1341. Discovered open port 465/tcp on 146.66.71.198
1342. Discovered open port 2525/tcp on 146.66.71.198
1343. Completed SYN Stealth Scan at 12:24, 9.40s elapsed (474 total ports)
1344. Initiating Service scan at 12:24
1345. Scanning 8 services on ip-146-66-71-198.siteground.com (146.66.71.198)
1346. Completed Service scan at 12:25, 40.19s elapsed (8 services on 1 host)
1347. Initiating OS detection (try #1) against ip-146-66-71-198.siteground.com (146.66.71.198)
1348. Retrying OS detection (try #2) against ip-146-66-71-198.siteground.com (146.66.71.198)
1349. Initiating Traceroute at 12:25
1350. Completed Traceroute at 12:25, 0.13s elapsed
1351. Initiating Parallel DNS resolution of 2 hosts. at 12:25
1352. Completed Parallel DNS resolution of 2 hosts. at 12:25, 0.03s elapsed
1353. NSE: Script scanning 146.66.71.198.
1354. Initiating NSE at 12:25
1355. Completed NSE at 12:25, 10.16s elapsed
1356. Initiating NSE at 12:25
1357. Completed NSE at 12:25, 0.01s elapsed
1358. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
1359. Host is up (0.14s latency).
1360. Not shown: 461 filtered ports
1361. PORT STATE SERVICE VERSION
1362. 25/tcp closed smtp
1363. 53/tcp open domain (unknown banner: donuts)
1364. | dns-nsid:
1365. |_ bind.version: donuts
1366. | fingerprint-strings:
1367. | DNSVersionBindReqTCP:
1368. | version
1369. | bind
1370. |_ donuts
1371. 80/tcp open http nginx
1372. |_http-server-header: nginx
1373. |_http-title: 502 Bad Gateway
1374. 111/tcp closed rpcbind
1375. 139/tcp closed netbios-ssn
1376. 143/tcp open imap Dovecot imapd
1377. |_imap-capabilities: OK AUTH=PLAIN ENABLE post-login more LOGIN-REFERRALS IDLE AUTH=LOGINA0001 SASL-IR have ID IMAP4rev1 STARTTLS Pre-login listed capabilities LITERAL+ NAMESPACE
1378. | ssl-cert: Subject: commonName=*.siteground.biz
1379. | Subject Alternative Name: DNS:*.siteground.biz, DNS:siteground.biz
1380. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1381. | Public Key type: rsa
1382. | Public Key bits: 2048
1383. | Signature Algorithm: sha256WithRSAEncryption
1384. | Not valid before: 2018-04-16T06:31:57
1385. | Not valid after: 2019-06-14T08:30:37
1386. | MD5: 2393 d064 27a6 fb25 28e5 4c07 d6db c90b
1387. |_SHA-1: 6813 0f8c c3ba 91ec 0bb3 66d9 09d8 5e59 bc55 7c7b
1388. |_ssl-date: 2018-10-25T16:25:50+00:00; 0s from scanner time.
1389. 443/tcp open ssl/http nginx
1390. |_http-server-header: nginx
1391. |_http-title: SiteGround Web Hosting
1392. | ssl-cert: Subject: commonName=*.sgcpanel.com
1393. | Subject Alternative Name: DNS:*.sgcpanel.com, DNS:sgcpanel.com
1394. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1395. | Public Key type: rsa
1396. | Public Key bits: 2048
1397. | Signature Algorithm: sha256WithRSAEncryption
1398. | Not valid before: 2018-03-12T07:55:09
1399. | Not valid after: 2019-05-09T08:29:28
1400. | MD5: e7fe b60b 9ec0 5c19 4fc0 b580 9559 5d8a
1401. |_SHA-1: 363d 030c 4d60 7dab 9339 ae0f adbe 8bf2 c20a c452
1402. |_ssl-date: TLS randomness does not represent time
1403. | tls-alpn:
1404. | h2
1405. |_ http/1.1
1406. | tls-nextprotoneg:
1407. | h2
1408. |_ http/1.1
1409. 445/tcp closed microsoft-ds
1410. 465/tcp open ssl/smtp
1411. | fingerprint-strings:
1412. | GenericLines:
1413. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:28 -0500
1414. | 220-We do not authorize the use of this system to transport unsolicited,
1415. | and/or bulk e-mail.
1416. | unrecognized command
1417. | unrecognized command
1418. | GetRequest:
1419. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:34 -0500
1420. | 220-We do not authorize the use of this system to transport unsolicited,
1421. | and/or bulk e-mail.
1422. | unrecognized command
1423. | unrecognized command
1424. | Hello, NULL:
1425. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:06 -0500
1426. | 220-We do not authorize the use of this system to transport unsolicited,
1427. | and/or bulk e-mail.
1428. | Help:
1429. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:20 -0500
1430. | 220-We do not authorize the use of this system to transport unsolicited,
1431. | and/or bulk e-mail.
1432. | 214-Commands supported:
1433. |_ AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP VRFY
1434. | smtp-commands: m03.siteground.biz Hello ip-146-66-71-198.siteground.com [190.105.229.21], SIZE 52428800, 8BITMIME, VRFY, AUTH LOGIN PLAIN, HELP,
1435. |_ Commands supported:
1436. | ssl-cert: Subject: commonName=*.siteground.biz
1437. | Subject Alternative Name: DNS:*.siteground.biz, DNS:siteground.biz
1438. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1439. | Public Key type: rsa
1440. | Public Key bits: 2048
1441. | Signature Algorithm: sha256WithRSAEncryption
1442. | Not valid before: 2018-04-16T06:31:57
1443. | Not valid after: 2019-06-14T08:30:37
1444. | MD5: 2393 d064 27a6 fb25 28e5 4c07 d6db c90b
1445. |_SHA-1: 6813 0f8c c3ba 91ec 0bb3 66d9 09d8 5e59 bc55 7c7b
1446. 587/tcp open smtp
1447. | fingerprint-strings:
1448. | GenericLines:
1449. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:24:59 -0500
1450. | 220-We do not authorize the use of this system to transport unsolicited,
1451. | and/or bulk e-mail.
1452. | unrecognized command
1453. | unrecognized command
1454. | GetRequest:
1455. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:26 -0500
1456. | 220-We do not authorize the use of this system to transport unsolicited,
1457. | and/or bulk e-mail.
1458. | unrecognized command
1459. | unrecognized command
1460. | Hello:
1461. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:10 -0500
1462. | 220-We do not authorize the use of this system to transport unsolicited,
1463. | and/or bulk e-mail.
1464. | Help:
1465. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:18 -0500
1466. | 220-We do not authorize the use of this system to transport unsolicited,
1467. | and/or bulk e-mail.
1468. | 214-Commands supported:
1469. | AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP VRFY
1470. | NULL:
1471. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:24:59 -0500
1472. | 220-We do not authorize the use of this system to transport unsolicited,
1473. |_ and/or bulk e-mail.
1474. | smtp-commands: m03.siteground.biz Hello ip-146-66-71-198.siteground.com [190.105.229.21], SIZE 52428800, 8BITMIME, VRFY, AUTH LOGIN PLAIN, STARTTLS, HELP,
1475. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP VRFY
1476. | ssl-cert: Subject: commonName=*.siteground.biz
1477. | Subject Alternative Name: DNS:*.siteground.biz, DNS:siteground.biz
1478. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1479. | Public Key type: rsa
1480. | Public Key bits: 2048
1481. | Signature Algorithm: sha256WithRSAEncryption
1482. | Not valid before: 2018-04-16T06:31:57
1483. | Not valid after: 2019-06-14T08:30:37
1484. | MD5: 2393 d064 27a6 fb25 28e5 4c07 d6db c90b
1485. |_SHA-1: 6813 0f8c c3ba 91ec 0bb3 66d9 09d8 5e59 bc55 7c7b
1486. 993/tcp open ssl/imap Dovecot imapd
1487. |_imap-capabilities: capabilities AUTH=PLAIN ENABLE post-login more LOGIN-REFERRALS IDLE AUTH=LOGINA0001 SASL-IR have IMAP4rev1 ID Pre-login listed OK LITERAL+ NAMESPACE
1488. | ssl-cert: Subject: commonName=*.siteground.biz
1489. | Subject Alternative Name: DNS:*.siteground.biz, DNS:siteground.biz
1490. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1491. | Public Key type: rsa
1492. | Public Key bits: 2048
1493. | Signature Algorithm: sha256WithRSAEncryption
1494. | Not valid before: 2018-04-16T06:31:57
1495. | Not valid after: 2019-06-14T08:30:37
1496. | MD5: 2393 d064 27a6 fb25 28e5 4c07 d6db c90b
1497. |_SHA-1: 6813 0f8c c3ba 91ec 0bb3 66d9 09d8 5e59 bc55 7c7b
1498. |_ssl-date: 2018-10-25T16:25:46+00:00; 0s from scanner time.
1499. 2525/tcp open smtp
1500. | fingerprint-strings:
1501. | GenericLines:
1502. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:10 -0500
1503. | 220-We do not authorize the use of this system to transport unsolicited,
1504. | and/or bulk e-mail.
1505. | unrecognized command
1506. | unrecognized command
1507. | GetRequest:
1508. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:24:59 -0500
1509. | 220-We do not authorize the use of this system to transport unsolicited,
1510. | and/or bulk e-mail.
1511. | unrecognized command
1512. | unrecognized command
1513. | Hello:
1514. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:15 -0500
1515. | 220-We do not authorize the use of this system to transport unsolicited,
1516. | and/or bulk e-mail.
1517. | Help:
1518. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:25:23 -0500
1519. | 220-We do not authorize the use of this system to transport unsolicited,
1520. | and/or bulk e-mail.
1521. | 214-Commands supported:
1522. | AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP VRFY
1523. | NULL:
1524. | 220-m03.siteground.biz ESMTP #148 Thu, 25 Oct 2018 11:24:59 -0500
1525. | 220-We do not authorize the use of this system to transport unsolicited,
1526. |_ and/or bulk e-mail.
1527. | smtp-commands: m03.siteground.biz Hello ip-146-66-71-198.siteground.com [190.105.229.21], SIZE 52428800, 8BITMIME, VRFY, AUTH LOGIN PLAIN, STARTTLS, HELP,
1528. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP VRFY
1529. | ssl-cert: Subject: commonName=*.siteground.biz
1530. | Subject Alternative Name: DNS:*.siteground.biz, DNS:siteground.biz
1531. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1532. | Public Key type: rsa
1533. | Public Key bits: 2048
1534. | Signature Algorithm: sha256WithRSAEncryption
1535. | Not valid before: 2018-04-16T06:31:57
1536. | Not valid after: 2019-06-14T08:30:37
1537. | MD5: 2393 d064 27a6 fb25 28e5 4c07 d6db c90b
1538. |_SHA-1: 6813 0f8c c3ba 91ec 0bb3 66d9 09d8 5e59 bc55 7c7b
1539. 5432/tcp closed postgresql
1540. 4 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
1541. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
1542. SF-Port53-TCP:V=7.70%I=7%D=10/25%Time=5BD1EE66%P=x86_64-pc-linux-gnu%r(DNS
1543. SF:VersionBindReqTCP,41,"\0\?\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version
1544. SF:\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x07\x06donuts\xc0\
1545. SF:x0c\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
1546. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
1547. SF-Port465-TCP:V=7.70%T=SSL%I=7%D=10/25%Time=5BD1EE68%P=x86_64-pc-linux-gn
1548. SF:u%r(NULL,A8,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x2
1549. SF:0Oct\x202018\x2011:25:06\x20-0500\x20\r\n220-We\x20do\x20not\x20authori
1550. SF:ze\x20the\x20use\x20of\x20this\x20system\x20to\x20transport\x20unsolici
1551. SF:ted,\x20\r\n220\x20and/or\x20bulk\x20e-mail\.\r\n")%r(Hello,A8,"220-m03
1552. SF:\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x20Oct\x202018\x2011:2
1553. SF:5:06\x20-0500\x20\r\n220-We\x20do\x20not\x20authorize\x20the\x20use\x20
1554. SF:of\x20this\x20system\x20to\x20transport\x20unsolicited,\x20\r\n220\x20a
1555. SF:nd/or\x20bulk\x20e-mail\.\r\n")%r(Help,102,"220-m03\.siteground\.biz\x2
1556. SF:0ESMTP\x20#148\x20Thu,\x2025\x20Oct\x202018\x2011:25:20\x20-0500\x20\r\
1557. SF:n220-We\x20do\x20not\x20authorize\x20the\x20use\x20of\x20this\x20system
1558. SF:\x20to\x20transport\x20unsolicited,\x20\r\n220\x20and/or\x20bulk\x20e-m
1559. SF:ail\.\r\n214-Commands\x20supported:\r\n214\x20AUTH\x20HELO\x20EHLO\x20M
1560. SF:AIL\x20RCPT\x20DATA\x20BDAT\x20NOOP\x20QUIT\x20RSET\x20HELP\x20VRFY\r\n
1561. SF:")%r(GenericLines,DC,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20Thu,
1562. SF:\x2025\x20Oct\x202018\x2011:25:28\x20-0500\x20\r\n220-We\x20do\x20not\x
1563. SF:20authorize\x20the\x20use\x20of\x20this\x20system\x20to\x20transport\x2
1564. SF:0unsolicited,\x20\r\n220\x20and/or\x20bulk\x20e-mail\.\r\n500\x20unreco
1565. SF:gnized\x20command\r\n500\x20unrecognized\x20command\r\n")%r(GetRequest,
1566. SF:DC,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x20Oct\x202
1567. SF:018\x2011:25:34\x20-0500\x20\r\n220-We\x20do\x20not\x20authorize\x20the
1568. SF:\x20use\x20of\x20this\x20system\x20to\x20transport\x20unsolicited,\x20\
1569. SF:r\n220\x20and/or\x20bulk\x20e-mail\.\r\n500\x20unrecognized\x20command\
1570. SF:r\n500\x20unrecognized\x20command\r\n");
1571. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
1572. SF-Port587-TCP:V=7.70%I=7%D=10/25%Time=5BD1EE61%P=x86_64-pc-linux-gnu%r(NU
1573. SF:LL,A8,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x20Oct\x
1574. SF:202018\x2011:24:59\x20-0500\x20\r\n220-We\x20do\x20not\x20authorize\x20
1575. SF:the\x20use\x20of\x20this\x20system\x20to\x20transport\x20unsolicited,\x
1576. SF:20\r\n220\x20and/or\x20bulk\x20e-mail\.\r\n")%r(GenericLines,DC,"220-m0
1577. SF:3\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x20Oct\x202018\x2011:
1578. SF:24:59\x20-0500\x20\r\n220-We\x20do\x20not\x20authorize\x20the\x20use\x2
1579. SF:0of\x20this\x20system\x20to\x20transport\x20unsolicited,\x20\r\n220\x20
1580. SF:and/or\x20bulk\x20e-mail\.\r\n500\x20unrecognized\x20command\r\n500\x20
1581. SF:unrecognized\x20command\r\n")%r(Hello,A8,"220-m03\.siteground\.biz\x20E
1582. SF:SMTP\x20#148\x20Thu,\x2025\x20Oct\x202018\x2011:25:10\x20-0500\x20\r\n2
1583. SF:20-We\x20do\x20not\x20authorize\x20the\x20use\x20of\x20this\x20system\x
1584. SF:20to\x20transport\x20unsolicited,\x20\r\n220\x20and/or\x20bulk\x20e-mai
1585. SF:l\.\r\n")%r(Help,10B,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20Thu,
1586. SF:\x2025\x20Oct\x202018\x2011:25:18\x20-0500\x20\r\n220-We\x20do\x20not\x
1587. SF:20authorize\x20the\x20use\x20of\x20this\x20system\x20to\x20transport\x2
1588. SF:0unsolicited,\x20\r\n220\x20and/or\x20bulk\x20e-mail\.\r\n214-Commands\
1589. SF:x20supported:\r\n214\x20AUTH\x20STARTTLS\x20HELO\x20EHLO\x20MAIL\x20RCP
1590. SF:T\x20DATA\x20BDAT\x20NOOP\x20QUIT\x20RSET\x20HELP\x20VRFY\r\n")%r(GetRe
1591. SF:quest,DC,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x20Oc
1592. SF:t\x202018\x2011:25:26\x20-0500\x20\r\n220-We\x20do\x20not\x20authorize\
1593. SF:x20the\x20use\x20of\x20this\x20system\x20to\x20transport\x20unsolicited
1594. SF:,\x20\r\n220\x20and/or\x20bulk\x20e-mail\.\r\n500\x20unrecognized\x20co
1595. SF:mmand\r\n500\x20unrecognized\x20command\r\n");
1596. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
1597. SF-Port2525-TCP:V=7.70%I=7%D=10/25%Time=5BD1EE61%P=x86_64-pc-linux-gnu%r(N
1598. SF:ULL,A8,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x20Oct\
1599. SF:x202018\x2011:24:59\x20-0500\x20\r\n220-We\x20do\x20not\x20authorize\x2
1600. SF:0the\x20use\x20of\x20this\x20system\x20to\x20transport\x20unsolicited,\
1601. SF:x20\r\n220\x20and/or\x20bulk\x20e-mail\.\r\n")%r(GetRequest,DC,"220-m03
1602. SF:\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x20Oct\x202018\x2011:2
1603. SF:4:59\x20-0500\x20\r\n220-We\x20do\x20not\x20authorize\x20the\x20use\x20
1604. SF:of\x20this\x20system\x20to\x20transport\x20unsolicited,\x20\r\n220\x20a
1605. SF:nd/or\x20bulk\x20e-mail\.\r\n500\x20unrecognized\x20command\r\n500\x20u
1606. SF:nrecognized\x20command\r\n")%r(GenericLines,DC,"220-m03\.siteground\.bi
1607. SF:z\x20ESMTP\x20#148\x20Thu,\x2025\x20Oct\x202018\x2011:25:10\x20-0500\x2
1608. SF:0\r\n220-We\x20do\x20not\x20authorize\x20the\x20use\x20of\x20this\x20sy
1609. SF:stem\x20to\x20transport\x20unsolicited,\x20\r\n220\x20and/or\x20bulk\x2
1610. SF:0e-mail\.\r\n500\x20unrecognized\x20command\r\n500\x20unrecognized\x20c
1611. SF:ommand\r\n")%r(Hello,A8,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20T
1612. SF:hu,\x2025\x20Oct\x202018\x2011:25:15\x20-0500\x20\r\n220-We\x20do\x20no
1613. SF:t\x20authorize\x20the\x20use\x20of\x20this\x20system\x20to\x20transport
1614. SF:\x20unsolicited,\x20\r\n220\x20and/or\x20bulk\x20e-mail\.\r\n")%r(Help,
1615. SF:10B,"220-m03\.siteground\.biz\x20ESMTP\x20#148\x20Thu,\x2025\x20Oct\x20
1616. SF:2018\x2011:25:23\x20-0500\x20\r\n220-We\x20do\x20not\x20authorize\x20th
1617. SF:e\x20use\x20of\x20this\x20system\x20to\x20transport\x20unsolicited,\x20
1618. SF:\r\n220\x20and/or\x20bulk\x20e-mail\.\r\n214-Commands\x20supported:\r\n
1619. SF:214\x20AUTH\x20STARTTLS\x20HELO\x20EHLO\x20MAIL\x20RCPT\x20DATA\x20BDAT
1620. SF:\x20NOOP\x20QUIT\x20RSET\x20HELP\x20VRFY\r\n");
1621. Device type: general purpose|WAP|storage-misc|media device
1622. Running (JUST GUESSING): Linux 2.6.X|4.X|3.X|2.4.X (92%), HP embedded (85%)
1623. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:hp:p2000_g3
1624. Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 4.9 (87%), Linux 3.18 (86%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (86%), OpenWrt White Russian 0.9 (Linux 2.4.30) (86%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (86%), HP P2000 G3 NAS device (85%), Linux 2.6.32 (85%), ProVision-ISR security DVR (85%)
1625. No exact OS matches for host (test conditions non-ideal).
1626. Network Distance: 2 hops
1627. TCP Sequence Prediction: Difficulty=263 (Good luck!)
1628. IP ID Sequence Generation: All zeros
1629.  
1630. TRACEROUTE (using port 445/tcp)
1631. HOP RTT ADDRESS
1632. 1 117.07 ms 10.251.200.1
1633. 2 116.86 ms ip-146-66-71-198.siteground.com (146.66.71.198)
1634.  
1635. NSE: Script Post-scanning.
1636. Initiating NSE at 12:25
1637. Completed NSE at 12:25, 0.00s elapsed
1638. Initiating NSE at 12:25
1639. Completed NSE at 12:25, 0.00s elapsed
1640. Read data files from: /usr/bin/../share/nmap
1641. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1642. Nmap done: 1 IP address (1 host up) scanned in 67.02 seconds
1643. Raw packets sent: 1012 (48.044KB) | Rcvd: 6122 (3.324MB)
1644. #######################################################################################################################################
1645. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 12:25 EDT
1646. NSE: Loaded 148 scripts for scanning.
1647. NSE: Script Pre-scanning.
1648. Initiating NSE at 12:25
1649. Completed NSE at 12:25, 0.00s elapsed
1650. Initiating NSE at 12:25
1651. Completed NSE at 12:25, 0.00s elapsed
1652. Initiating Parallel DNS resolution of 1 host. at 12:25
1653. Completed Parallel DNS resolution of 1 host. at 12:25, 0.02s elapsed
1654. Initiating UDP Scan at 12:25
1655. Scanning ip-146-66-71-198.siteground.com (146.66.71.198) [14 ports]
1656. Discovered open port 53/udp on 146.66.71.198
1657. Completed UDP Scan at 12:25, 2.17s elapsed (14 total ports)
1658. Initiating Service scan at 12:25
1659. Scanning 12 services on ip-146-66-71-198.siteground.com (146.66.71.198)
1660. Service scan Timing: About 16.67% done; ETC: 12:35 (0:08:10 remaining)
1661. Completed Service scan at 12:27, 102.57s elapsed (12 services on 1 host)
1662. Initiating OS detection (try #1) against ip-146-66-71-198.siteground.com (146.66.71.198)
1663. Retrying OS detection (try #2) against ip-146-66-71-198.siteground.com (146.66.71.198)
1664. Initiating Traceroute at 12:27
1665. Completed Traceroute at 12:27, 7.18s elapsed
1666. Initiating Parallel DNS resolution of 1 host. at 12:27
1667. Completed Parallel DNS resolution of 1 host. at 12:27, 0.02s elapsed
1668. NSE: Script scanning 146.66.71.198.
1669. Initiating NSE at 12:27
1670. Completed NSE at 12:28, 20.25s elapsed
1671. Initiating NSE at 12:28
1672. Completed NSE at 12:28, 1.08s elapsed
1673. Nmap scan report for ip-146-66-71-198.siteground.com (146.66.71.198)
1674. Host is up (0.17s latency).
1675.  
1676. PORT STATE SERVICE VERSION
1677. 53/udp open domain (unknown banner: donuts)
1678. | dns-nsid:
1679. |_ bind.version: donuts
1680. | fingerprint-strings:
1681. | DNSVersionBindReq:
1682. | version
1683. | bind
1684. | donuts
1685. | NBTStat:
1686. |_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
1687. 67/udp open|filtered dhcps
1688. 68/udp open|filtered dhcpc
1689. 69/udp open|filtered tftp
1690. 88/udp open|filtered kerberos-sec
1691. 123/udp open|filtered ntp
1692. 137/udp filtered netbios-ns
1693. 138/udp filtered netbios-dgm
1694. 139/udp open|filtered netbios-ssn
1695. 161/udp open|filtered snmp
1696. 162/udp open|filtered snmptrap
1697. 389/udp open|filtered ldap
1698. 520/udp open|filtered route
1699. 2049/udp open|filtered nfs
1700. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1701. SF-Port53-UDP:V=7.70%I=7%D=10/25%Time=5BD1EE9B%P=x86_64-pc-linux-gnu%r(DNS
1702. SF:VersionBindReq,3F,"\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x04bin
1703. SF:d\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x07\x06donuts\xc0\x0c\0\x
1704. SF:02\0\x03\0\0\0\0\0\x02\xc0\x0c")%r(DNSStatusRequest,C,"\0\0\x90\x04\0\0
1705. SF:\0\0\0\0\0\0")%r(NBTStat,32,"\x80\xf0\x80\x15\0\x01\0\0\0\0\0\0\x20CKAA
1706. SF:AAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01");
1707. Too many fingerprints match this host to give specific OS details
1708.  
1709. TRACEROUTE (using port 137/udp)
1710. HOP RTT ADDRESS
1711. 1 116.98 ms 10.251.200.1
1712. 2 ... 3
1713. 4 115.11 ms 10.251.200.1
1714. 5 120.12 ms 10.251.200.1
1715. 6 120.11 ms 10.251.200.1
1716. 7 120.10 ms 10.251.200.1
1717. 8 120.08 ms 10.251.200.1
1718. 9 120.08 ms 10.251.200.1
1719. 10 120.07 ms 10.251.200.1
1720. 11 ... 18
1721. 19 115.84 ms 10.251.200.1
1722. 20 115.46 ms 10.251.200.1
1723. 21 ... 28
1724. 29 117.39 ms 10.251.200.1
1725. 30 121.02 ms 10.251.200.1
1726.  
1727. NSE: Script Post-scanning.
1728. Initiating NSE at 12:28
1729. Completed NSE at 12:28, 0.00s elapsed
1730. Initiating NSE at 12:28
1731. Completed NSE at 12:28, 0.00s elapsed
1732. Read data files from: /usr/bin/../share/nmap
1733. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1734. Nmap done: 1 IP address (1 host up) scanned in 139.03 seconds
1735. Raw packets sent: 134 (11.618KB) | Rcvd: 5375 (2.376MB)
1736. #######################################################################################################################################
1737. dnsenum VERSION:1.2.4
1738.  
1739. ----- onaizahedu.gov.sa -----
1740.  
1741.  
1742. Host's addresses:
1743. __________________
1744.  
1745. onaizahedu.gov.sa. 7562 IN A 146.66.71.198
1746.  
1747.  
1748. Name Servers:
1749. ______________
1750.  
1751. ns2.m03.siteground.biz. 599 IN A 69.175.104.51
1752. ns1.m03.siteground.biz. 599 IN A 69.175.104.50
1753.  
1754.  
1755. Mail (MX) Servers:
1756. ___________________
1757.  
1758. aspmx.l.google.com. 293 IN A 172.217.197.27
1759. alt4.aspmx.l.google.com. 293 IN A 74.125.128.26
1760. alt2.aspmx.l.google.com. 293 IN A 74.125.193.26
1761. alt1.aspmx.l.google.com. 293 IN A 64.233.190.26
1762. alt3.aspmx.l.google.com. 293 IN A 66.102.1.26
1763.  
1764.  
1765. Trying Zone Transfers and getting Bind Versions:
1766. _________________________________________________
1767.  
1768.  
1769. Trying Zone Transfer for onaizahedu.gov.sa on ns2.m03.siteground.biz ...
1770.  
1771. Trying Zone Transfer for onaizahedu.gov.sa on ns1.m03.siteground.biz ...
1772.  
1773. brute force file not specified, bay.
1774. #######################################################################################################################################
1775. --------------------------------------------------------------------------------------------------------------------------------------
1776.  
1777. [1/25] /webhp?hl=en-CA
1778. [x] Error downloading /webhp?hl=en-CA
1779. [2/25] http://onaizahedu.gov.sa/Fares/Self-Service-001N.pdf
1780. [3/25] http://onaizahedu.gov.sa/Tech-Serv/Form-6.pdf
1781. ##########################################################################################################################################
1782. --------------------------------------------------------------------------------------------------------------------------------------
1783. Qusay Abu Kaff
1784. Unknown User
1785. #######################################################################################################################################
1786. % SaudiNIC Whois server.
1787. % Rights restricted by copyright.
1788. % http://nic.sa/en/view/whois-cmd-copyright
1789.  
1790. Domain Name: onaizahedu.gov.sa
1791.  
1792. Registrant:
1793. MOE-Directorate of Education in Onaizah Province وزارة التربية والتعليم- إدارة التربية والتعليم بمحافظة عنيزة
1794. Address: طريق الملك عبدالعزيز
1795. Onaizah
1796. Saudi Arabia المملكة العربية السعودية
1797.  
1798. Administrative Contact:
1799. محمد الحجي Mohammed AlHejji
1800. Address: عنيزة - طريق الملك عبدالعزيز
1801. 51911 Onaizah
1802. Saudi Arabia
1803.  
1804. Technical Contact:
1805. محمد الحجي Mohammed AlHejji
1806. Address: لا يوجد
1807. لا يوجد Onaizah
1808. Saudi Arabia المملكة العربية السعودية
1809.  
1810. Name Servers:
1811. ns1.m03.siteground.biz
1812. ns2.m03.siteground.biz
1813.  
1814. Created on: 2000-02-15
1815. Last Updated on: 2017-03-29
1816. #######################################################################################################################################
1817.  
1818. ____ _ _ _ _ _____
1819. / ___| _ _| |__ | (_)___| |_|___ / _ __
1820. \___ \| | | | '_ \| | / __| __| |_ \| '__|
1821. ___) | |_| | |_) | | \__ \ |_ ___) | |
1822. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
1823.  
1824. # Coded By Ahmed Aboul-Ela - @aboul3la
1825.  
1826. [-] Enumerating subdomains now for onaizahedu.gov.sa
1827. [-] verbosity is enabled, will show the subdomains results in realtime
1828. [-] Searching now in Baidu..
1829. [-] Searching now in Yahoo..
1830. [-] Searching now in Google..
1831. [-] Searching now in Bing..
1832. [-] Searching now in Ask..
1833. [-] Searching now in Netcraft..
1834. [-] Searching now in DNSdumpster..
1835. [-] Searching now in Virustotal..
1836. [-] Searching now in ThreatCrowd..
1837. [-] Searching now in SSL Certificates..
1838. [-] Searching now in PassiveDNS..
1839. SSL Certificates: home.onaizahedu.gov.sa
1840. SSL Certificates: www.home.onaizahedu.gov.sa
1841. Virustotal: serv.onaizahedu.gov.sa
1842. Virustotal: home.onaizahedu.gov.sa
1843. Virustotal: www.onaizahedu.gov.sa
1844. DNSdumpster: www.home.onaizahedu.gov.sa
1845. DNSdumpster: home.onaizahedu.gov.sa
1846. DNSdumpster: serv.onaizahedu.gov.sa
1847. [-] Saving results to file: /usr/share/sniper/loot/onaizahedu.gov.sa/domains/domains-onaizahedu.gov.sa.txt
1848. [-] Total Unique Subdomains Found: 4
1849. www.onaizahedu.gov.sa
1850. home.onaizahedu.gov.sa
1851. www.home.onaizahedu.gov.sa
1852. serv.onaizahedu.gov.sa
1853. #######################################################################################################################################
1854. autodiscover.onaizahedu.gov.sa,146.66.71.198
1855. calendar.onaizahedu.gov.sa,64.233.162.121,2a00:1450:4010:c0d::79
1856. email.onaizahedu.gov.sa,52.25.253.172,54.218.42.63
1857. home.onaizahedu.gov.sa,146.66.71.198
1858. www.home.onaizahedu.gov.sa,146.66.71.198
1859. ftp.onaizahedu.gov.sa,146.66.71.198
1860. onaizahedu.gov.sa,146.66.71.198
1861. serv.onaizahedu.gov.sa,146.66.71.198
1862. webmail.onaizahedu.gov.sa,146.66.71.198
1863. www.onaizahedu.gov.sa,146.66.71.198
1864. mail.onaizahedu.gov.sa,173.194.222.121,2a00:1450:4010:c0b::79
1865. docs.onaizahedu.gov.sa,173.194.222.121,2a00:1450:4010:c0b::79
1866. autodiscover.home.onaizahedu.gov.sa,146.66.71.198
1867. webmail.home.onaizahedu.gov.sa,146.66.71.198
1868. #######################################################################################################################################
1869. [*] Processing domain onaizahedu.gov.sa
1870. [+] Getting nameservers
1871. 69.175.104.50 - ns1.m03.siteground.biz
1872. 69.175.104.51 - ns2.m03.siteground.biz
1873. [-] Zone transfer failed
1874.  
1875. [+] TXT records found
1876. "v=spf1 include:mailgun.org ~all"
1877.  
1878. [+] MX records found, added to target list
1879. 1 aspmx.l.google.com.
1880. 10 alt4.aspmx.l.google.com.
1881. 5 alt2.aspmx.l.google.com.
1882. 5 alt1.aspmx.l.google.com.
1883. 10 alt3.aspmx.l.google.com.
1884.  
1885. [*] Scanning onaizahedu.gov.sa for A records
1886. 146.66.71.198 - www.onaizahedu.gov.sa
1887. 146.66.71.198 - onaizahedu.gov.sa
1888. 172.217.197.121 - mail.onaizahedu.gov.sa
1889. 127.0.0.1 - localhost.onaizahedu.gov.sa
1890. 146.66.71.198 - webmail.onaizahedu.gov.sa
1891. 146.66.71.198 - ftp.onaizahedu.gov.sa
1892. 146.66.71.198 - webdisk.onaizahedu.gov.sa
1893. 146.66.71.198 - cpanel.onaizahedu.gov.sa
1894. 146.66.71.198 - autodiscover.onaizahedu.gov.sa
1895. 146.66.71.198 - whm.onaizahedu.gov.sa
1896. 146.66.71.198 - autoconfig.onaizahedu.gov.sa
1897. 172.217.197.121 - docs.onaizahedu.gov.sa
1898. 172.217.197.121 - calendar.onaizahedu.gov.sa
1899. 34.199.3.152 - email.onaizahedu.gov.sa
1900. 52.7.61.136 - email.onaizahedu.gov.sa
1901. 172.217.197.121 - sites.onaizahedu.gov.sa
1902. 146.66.71.198 - home.onaizahedu.gov.sa
1903. 146.66.71.198 - serv.onaizahedu.gov.sa
1904. #######################################################################################################################################
1905.  
1906. home.onaizahedu.gov.sa
1907. www.home.onaizahedu.gov.sa
1908. #######################################################################################################################################
1909. [*] Found SPF record:
1910. [*] v=spf1 include:mailgun.org ~all
1911. [*] SPF record contains an All item: ~all
1912. [*] No DMARC record found. Looking for organizational record
1913. [+] No organizational DMARC record
1914. [+] Spoofing possible for onaizahedu.gov.sa!
1915. #######################################################################################################################################
1916. __
1917. ____ _____ ___ ______ _/ /_____ ____ ___
1918. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1919. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1920. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1921. /_/ discover v0.5.0 - by @michenriksen
1922.  
1923. Identifying nameservers for onaizahedu.gov.sa... Done
1924. Using nameservers:
1925.  
1926. - 69.175.104.50
1927. - 69.175.104.51
1928.  
1929. Checking for wildcard DNS... Done
1930.  
1931. Running collector: Censys... Skipped
1932. -> Key 'censys_secret' has not been set
1933. Running collector: VirusTotal... Skipped
1934. -> Key 'virustotal' has not been set
1935. Running collector: Netcraft... Done (0 hosts)
1936. Running collector: PublicWWW... Done (0 hosts)
1937. Running collector: Google Transparency Report... Done (1 host)
1938. Running collector: PTRArchive... Error
1939. -> PTRArchive returned unexpected response code: 502
1940. Running collector: HackerTarget... Done (3 hosts)
1941. Running collector: Certificate Search... Done (2 hosts)
1942. Running collector: PassiveTotal... Skipped
1943. -> Key 'passivetotal_key' has not been set
1944. Running collector: Wayback Machine... Done (4 hosts)
1945. Running collector: Riddler... Skipped
1946. -> Key 'riddler_username' has not been set
1947. Running collector: Dictionary... Done (27 hosts)
1948. Running collector: DNSDB... Error
1949. -> DNSDB returned unexpected response code: 503
1950. Running collector: Shodan... Skipped
1951. -> Key 'shodan' has not been set
1952. Running collector: Threat Crowd... Done (0 hosts)
1953.  
1954. Resolving 33 unique hosts...
1955. 146.66.71.198 .onaizahedu.gov.sa
1956. 146.66.71.198 home.onaizahedu.gov.sa
1957. 216.58.192.83 mail.onaizahedu.gov.sa
1958. 146.66.71.198 onaizahedu.gov.sa
1959. 146.66.71.198 serv.onaizahedu.gov.sa
1960. 146.66.71.198 www.home.onaizahedu.gov.sa
1961. 146.66.71.198 www.onaizahedu.gov.sa
1962.  
1963. Found subnets:
1964.  
1965. - 146.66.71.0-255 : 6 hosts
1966.  
1967. Wrote 7 hosts to:
1968.  
1969. - file:///root/aquatone/onaizahedu.gov.sa/hosts.txt
1970. - file:///root/aquatone/onaizahedu.gov.sa/hosts.json
1971. __
1972. ____ _____ ___ ______ _/ /_____ ____ ___
1973. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1974. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1975. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1976. /_/ takeover v0.5.0 - by @michenriksen
1977.  
1978. Loaded 7 hosts from /root/aquatone/onaizahedu.gov.sa/hosts.json
1979. Loaded 25 domain takeover detectors
1980.  
1981. Identifying nameservers for onaizahedu.gov.sa... Done
1982. Using nameservers:
1983.  
1984. - 69.175.104.50
1985. - 69.175.104.51
1986.  
1987. Checking hosts for domain takeover vulnerabilities...
1988.  
1989. Finished checking hosts:
1990.  
1991. - Vulnerable : 0
1992. - Not Vulnerable : 7
1993.  
1994. Wrote 0 potential subdomain takeovers to:
1995.  
1996. - file:///root/aquatone/onaizahedu.gov.sa/takeovers.json
1997.  
1998. __
1999. ____ _____ ___ ______ _/ /_____ ____ ___
2000. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
2001. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
2002. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
2003. /_/ scan v0.5.0 - by @michenriksen
2004.  
2005. Loaded 7 hosts from /root/aquatone/onaizahedu.gov.sa/hosts.json
2006.  
2007. Probing 4 ports...
2008. 80/tcp 146.66.71.198 home.onaizahedu.gov.sa, onaizahedu.gov.sa, www.onaizahedu.gov.sa and 3 more
2009. 80/tcp 216.58.192.83 mail.onaizahedu.gov.sa
2010. 443/tcp 216.58.192.83 mail.onaizahedu.gov.sa
2011. 443/tcp 146.66.71.198 www.onaizahedu.gov.sa, serv.onaizahedu.gov.sa, home.onaizahedu.gov.sa and 3 more
2012.  
2013. Wrote open ports to file:///root/aquatone/onaizahedu.gov.sa/open_ports.txt
2014. Wrote URLs to file:///root/aquatone/onaizahedu.gov.sa/urls.txt
2015. __
2016. ____ _____ ___ ______ _/ /_____ ____ ___
2017. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
2018. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
2019. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
2020. /_/ gather v0.5.0 - by @michenriksen
2021.  
2022. npm executable not found!
2023.  
2024. Please make sure NPM package manager is installed on your system.
2025. #######################################################################################################################################
2026. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 14:00 EDT
2027. Nmap scan report for onaizahedu.gov.sa (146.66.71.198)
2028. Host is up (0.22s latency).
2029. rDNS record for 146.66.71.198: ip-146-66-71-198.siteground.com
2030. Not shown: 460 filtered ports, 5 closed ports
2031. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2032. PORT STATE SERVICE
2033. 21/tcp open ftp
2034. 53/tcp open domain
2035. 80/tcp open http
2036. 110/tcp open pop3
2037. 143/tcp open imap
2038. 443/tcp open https
2039. 465/tcp open smtps
2040. 587/tcp open submission
2041. 993/tcp open imaps
2042. 995/tcp open pop3s
2043. 2525/tcp open ms-v-worlds
2044. #######################################################################################################################################
2045. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 14:00 EDT
2046. Nmap scan report for onaizahedu.gov.sa (146.66.71.198)
2047. Host is up (0.13s latency).
2048. rDNS record for 146.66.71.198: ip-146-66-71-198.siteground.com
2049. Not shown: 2 filtered ports
2050. PORT STATE SERVICE
2051. 53/udp open domain
2052. 67/udp open|filtered dhcps
2053. 68/udp open|filtered dhcpc
2054. 69/udp open|filtered tftp
2055. 88/udp open|filtered kerberos-sec
2056. 123/udp open|filtered ntp
2057. 139/udp open|filtered netbios-ssn
2058. 161/udp open|filtered snmp
2059. 162/udp open|filtered snmptrap
2060. 389/udp open|filtered ldap
2061. 520/udp open|filtered route
2062. 2049/udp open|filtered nfs
2063. #######################################################################################################################################
2064. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 14:00 EDT
2065. Nmap scan report for onaizahedu.gov.sa (146.66.71.198)
2066. Host is up (0.23s latency).
2067. rDNS record for 146.66.71.198: ip-146-66-71-198.siteground.com
2068.  
2069. PORT STATE SERVICE VERSION
2070. 21/tcp open ftp Pure-FTPd
2071. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2072. Device type: general purpose
2073. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
2074. OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
2075. Aggressive OS guesses: Linux 4.9 (91%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%)
2076. No exact OS matches for host (test conditions non-ideal).
2077. Network Distance: 19 hops
2078.  
2079. TRACEROUTE (using port 21/tcp)
2080. HOP RTT ADDRESS
2081. 1 115.64 ms 10.253.200.1
2082. 2 119.40 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
2083. 3 115.64 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
2084. 4 193.69 ms 10.10.53.25
2085. 5 184.79 ms 10.10.50.129
2086. 6 188.25 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
2087. 7 190.45 ms et-0-0-8-1.cr5-mia1.ip4.gtt.net (89.149.140.162)
2088. 8 188.22 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
2089. 9 187.87 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
2090. 10 189.07 ms 64.125.30.193
2091. 11 234.42 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
2092. 12 235.14 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
2093. 13 238.76 ms 64.125.29.30
2094. 14 233.92 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
2095. 15 221.18 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
2096. 16 238.25 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
2097. 17 221.34 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
2098. 18 592.02 ms 128.177.133.154
2099. 19 225.86 ms ip-146-66-71-198.siteground.com (146.66.71.198)
2100. #######################################################################################################################################
2101. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 14:11 EDT
2102. Nmap scan report for onaizahedu.gov.sa (146.66.71.198)
2103. Host is up (0.22s latency).
2104. rDNS record for 146.66.71.198: ip-146-66-71-198.siteground.com
2105.  
2106. PORT STATE SERVICE VERSION
2107. 53/tcp open domain (unknown banner: donuts)
2108. |_dns-fuzz: Server didn't response to our probe, can't fuzz
2109. | dns-nsec-enum:
2110. |_ No NSEC records found
2111. | dns-nsec3-enum:
2112. |_ DNSSEC NSEC3 not supported
2113. | dns-nsid:
2114. |_ bind.version: donuts
2115. | fingerprint-strings:
2116. | DNSVersionBindReqTCP:
2117. | version
2118. | bind
2119. |_ donuts
2120. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2121. SF-Port53-TCP:V=7.70%I=7%D=10/25%Time=5BD20743%P=x86_64-pc-linux-gnu%r(DNS
2122. SF:VersionBindReqTCP,41,"\0\?\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version
2123. SF:\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x07\x06donuts\xc0\
2124. SF:x0c\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
2125. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2126. Device type: general purpose
2127. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
2128. OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
2129. Aggressive OS guesses: Linux 4.9 (91%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%)
2130. No exact OS matches for host (test conditions non-ideal).
2131. Network Distance: 19 hops
2132.  
2133. Host script results:
2134. | dns-brute:
2135. | DNS Brute-force hostnames:
2136. | stats.gov.sa - 95.177.208.145
2137. | ntp.gov.sa - 95.177.213.236
2138. | gw.gov.sa - 62.149.114.51
2139. | gw.gov.sa - 78.93.52.195
2140. | internet.gov.sa - 86.111.195.19
2141. | internet.gov.sa - 86.111.196.15
2142. | internet.gov.sa - 86.111.196.16
2143. | internet.gov.sa - 2001:67c:130:10:0:0:0:15
2144. | internet.gov.sa - 2001:67c:130:10:0:0:0:16
2145. | internet.gov.sa - 2001:67c:18c8:11:0:0:0:19
2146. | intranet.gov.sa - 86.111.195.19
2147. | intranet.gov.sa - 86.111.196.15
2148. | intranet.gov.sa - 86.111.196.16
2149. | intranet.gov.sa - 2001:67c:130:10:0:0:0:15
2150. | intranet.gov.sa - 2001:67c:130:10:0:0:0:16
2151. | intranet.gov.sa - 2001:67c:18c8:11:0:0:0:19
2152. | ipv6.gov.sa - 86.111.195.101
2153. | ipv6.gov.sa - 2001:67c:18c8:15:0:0:0:105
2154. |_ mta.gov.sa - 209.99.40.223
2155.  
2156. TRACEROUTE (using port 53/tcp)
2157. HOP RTT ADDRESS
2158. 1 117.66 ms 10.253.200.1
2159. 2 117.68 ms 129.109.60.190.host.ifxnetworks.com (190.60.109.129)
2160. 3 117.70 ms 185.73.60.190.static.host.ifxnetworks.com (190.60.73.185)
2161. 4 117.69 ms 10.10.53.25
2162. 5 187.22 ms 10.10.50.129
2163. 6 185.62 ms ae0-64.cr2-mia1.ip4.gtt.net (173.205.48.169)
2164. 7 190.67 ms et-0-0-4-0.cr5-mia1.ip4.gtt.net (89.149.140.142)
2165. 8 185.86 ms ae4.mpr1.mia2.us.zip.zayo.com (64.125.12.197)
2166. 9 185.89 ms ae3.mpr1.mia1.us.zip.zayo.com (64.125.28.9)
2167. 10 186.12 ms 64.125.30.193
2168. 11 236.32 ms ae5.cs1.dca2.us.zip.zayo.com (64.125.30.194)
2169. 12 237.11 ms ae0.cs2.dca2.us.eth.zayo.com (64.125.29.229)
2170. 13 240.09 ms 64.125.29.30
2171. 14 236.25 ms ae3.cs2.ord2.us.eth.zayo.com (64.125.29.213)
2172. 15 221.64 ms ae27.cr2.ord2.us.zip.zayo.com (64.125.30.245)
2173. 16 239.18 ms ae17.er2.ord7.us.zip.zayo.com (64.125.31.83)
2174. 17 222.60 ms 128.177.108.98.IPYX-142927-900-ZYO.zip.zayo.com (128.177.108.98)
2175. 18 224.85 ms 128.177.133.154
2176. 19 221.62 ms ip-146-66-71-198.siteground.com (146.66.71.198)
2177. #######################################################################################################################################
2178. ^ ^
2179. _ __ _ ____ _ __ _ _ ____
2180. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2181. | V V // o // _/ | V V // 0 // 0 // _/
2182. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2183. <
2184. ...'
2185.  
2186. WAFW00F - Web Application Firewall Detection Tool
2187.  
2188. By Sandro Gauci && Wendel G. Henrique
2189.  
2190. Checking http://onaizahedu.gov.sa
2191. Generic Detection results:
2192. No WAF detected by the generic detection
2193. Number of requests: 16
2194. #######################################################################################################################################
2195. http://onaizahedu.gov.sa [200 OK] Country[ROMANIA][RO], Google-Analytics[Universal][UA-57522850-1], HTML5, IP[146.66.71.198], JQuery, MetaGenerator[WordPress 4.9.8], PasswordField[pwd], Script[text/javascript], Title[إدارة التعليم بمحافظة عنيزة][Title element contains newline(s)!], UncommonHeaders[x-cache-enabled,link,host-header,x-proxy-cache], WordPress[4.9.8]
2196. #######################################################################################################################################
2197.  
2198. wig - WebApp Information Gatherer
2199.  
2200.  
2201. Scanning http://onaizahedu.gov.sa...
2202. _________________________________________ SITE INFO __________________________________________
2203. IP Title
2204. 146.66.71.198 إدارة التعليم بمحافظة عنيزة
2205.  
2206. __________________________________________ VERSION ___________________________________________
2207. Name Versions Type
2208. WordPress 4.9.8 CMS
2209. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
2210. 2.4.8 | 2.4.9
2211. PHP Platform
2212.  
2213. ________________________________________ INTERESTING _________________________________________
2214. URL Note Type
2215. /readme.html Readme file Interesting
2216. /robots.txt robots.txt index Interesting
2217. /login/ Login Page Interesting
2218.  
2219. ___________________________________________ TOOLS ____________________________________________
2220. Name Link Software
2221. wpscan https://github.com/wpscanteam/wpscan WordPress
2222. CMSmap https://github.com/Dionach/CMSmap WordPress
2223.  
2224. ______________________________________________________________________________________________
2225. Time: 104.2 sec Urls: 490 Fingerprints: 40401
2226. #######################################################################################################################################
2227. HTTP/1.1 200 OK
2228. Date: Thu, 25 Oct 2018 18:16:04 GMT
2229. Content-Type: text/html; charset=UTF-8
2230. X-Cache-Enabled: False
2231. Link: <http://onaizahedu.gov.sa/wp-json/>; rel="https://api.w.org/"
2232. Cache-Control: max-age=172800
2233. Expires: Sat, 27 Oct 2018 18:16:03 GMT
2234. Host-Header: 192fc2e7e50945beb8231a492d6a8024
2235. Connection: keep-alive
2236. #######################################################################################################################################
2237. ---------------------------------------------------------------------------------------------------------------------------------------
2238.  
2239. [ ! ] Starting SCANNER INURLBR 2.1 at [25-10-2018 14:16:47]
2240. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
2241. It is the end user's responsibility to obey all applicable local, state and federal laws.
2242. Developers assume no liability and are not responsible for any misuse or damage caused by this program
2243.  
2244. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/plugins/slurp/output/inurlbr-onaizahedu.gov.sa.txt ]
2245. [ INFO ][ DORK ]::[ site:onaizahedu.gov.sa ]
2246. [ INFO ][ SEARCHING ]:: {
2247. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.by ]
2248.  
2249. [ INFO ][ SEARCHING ]::
2250. -[:::]
2251. [ INFO ][ ENGINE ]::[ GOOGLE API ]
2252.  
2253. [ INFO ][ SEARCHING ]::
2254. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2255. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.ma ID: 002901626849897788481:cpnctza84gq ]
2256.  
2257. [ INFO ][ SEARCHING ]::
2258. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2259.  
2260. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
2261. [ INFO ] Not a satisfactory result was found!
2262.  
2263.  
2264. [ INFO ] [ Shutting down ]
2265. [ INFO ] [ End of process INURLBR at [25-10-2018 14:16:58]
2266. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
2267. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/plugins/slurp/output/inurlbr-onaizahedu.gov.sa.txt ]
2268. |_________________________________________________________________________________________
2269.  
2270. \_________________________________________________________________________________________/
2271. #######################################################################################################################################
2272. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-25 14:17 EDT
2273. Nmap scan report for onaizahedu.gov.sa (146.66.71.198)
2274. Host is up (0.14s latency).
2275. rDNS record for 146.66.71.198: ip-146-66-71-198.siteground.com
2276.  
2277. PORT STATE SERVICE VERSION
2278. 110/tcp open pop3 Dovecot pop3d
2279. | pop3-brute:
2280. | Accounts: No valid accounts found
2281. |_ Statistics: Performed 205 guesses in 184 seconds, average tps: 1.0
2282. |_pop3-capabilities: PIPELINING USER UIDL STLS SASL(PLAIN LOGIN) AUTH-RESP-CODE TOP CAPA RESP-CODES
2283. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2284. Device type: general purpose
2285. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
2286. OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
2287. Aggressive OS guesses: Linux 4.9 (91%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%)
2288. No exact OS matches for host (test conditions non-ideal).
2289. Network Distance: 1 hop
2290.  
2291. TRACEROUTE (using port 80/tcp)
2292. HOP RTT ADDRESS
2293. 1 118.97 ms ip-146-66-71-198.siteground.com (146.66.71.198)
2294. #######################################################################################################################################
2295.  
2296. ^ ^
2297. _ __ _ ____ _ __ _ _ ____
2298. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2299. | V V // o // _/ | V V // 0 // 0 // _/
2300. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2301. <
2302. ...'
2303.  
2304. WAFW00F - Web Application Firewall Detection Tool
2305.  
2306. By Sandro Gauci && Wendel G. Henrique
2307.  
2308. Checking https://onaizahedu.gov.sa
2309. Generic Detection results:
2310. No WAF detected by the generic detection
2311. Number of requests: 15
2312. #######################################################################################################################################
2313.  
2314.  
2315. AVAILABLE PLUGINS
2316. -----------------
2317.  
2318. PluginCompression
2319. PluginOpenSSLCipherSuites
2320. PluginCertInfo
2321. PluginChromeSha1Deprecation
2322. PluginHeartbleed
2323. PluginHSTS
2324. PluginSessionResumption
2325. PluginSessionRenegotiation
2326.  
2327.  
2328.  
2329. CHECKING HOST(S) AVAILABILITY
2330. -----------------------------
2331.  
2332. onaizahedu.gov.sa:443 => 146.66.71.198:443
2333.  
2334.  
2335.  
2336. SCAN RESULTS FOR ONAIZAHEDU.GOV.SA:443 - 146.66.71.198:443
2337. ----------------------------------------------------------
2338.  
2339. * Deflate Compression:
2340. OK - Compression disabled
2341.  
2342. * Session Renegotiation:
2343. Client-initiated Renegotiations: OK - Rejected
2344. Secure Renegotiation: OK - Supported
2345.  
2346. * Certificate - Content:
2347. SHA1 Fingerprint: 9f72b9243acb9292640cdcc907ccd1ee0b0cfcaf
2348. Common Name: onedu.org
2349. Issuer: Let's Encrypt Authority X3
2350. Serial Number: 0414FCB01745AF529C9B6566F96EDBD7329D
2351. Not Before: Sep 4 06:27:38 2018 GMT
2352. Not After: Dec 3 06:27:38 2018 GMT
2353. Signature Algorithm: sha256WithRSAEncryption
2354. Public Key Algorithm: rsaEncryption
2355. Key Size: 2048 bit
2356. Exponent: 65537 (0x10001)
2357. X509v3 Subject Alternative Name: {'DNS': ['onedu.org', 'www.onedu.org']}
2358.  
2359. * Certificate - Trust:
2360. Hostname Validation: FAILED - Certificate does NOT match onaizahedu.gov.sa
2361. Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
2362. Java 6 CA Store (Update 65): OK - Certificate is trusted
2363. Microsoft CA Store (09/2015): OK - Certificate is trusted
2364. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
2365. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
2366. Certificate Chain Received: ['onedu.org', "Let's Encrypt Authority X3"]
2367.  
2368. * Certificate - OCSP Stapling:
2369. NOT SUPPORTED - Server did not send back an OCSP response.
2370.  
2371. * Session Resumption:
2372. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
2373. With TLS Session Tickets: OK - Supported
2374.  
2375. * SSLV2 Cipher Suites:
2376. Server rejected all cipher suites.
2377.  
2378. * SSLV3 Cipher Suites:
2379. Server rejected all cipher suites.
2380.  
2381.  
2382.  
2383. SCAN COMPLETED IN 4.97 S
2384. ------------------------
2385. Version: 1.11.12-static
2386. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2387.  
2388. Connected to 146.66.71.198
2389.  
2390. Testing SSL server onaizahedu.gov.sa on port 443 using SNI name onaizahedu.gov.sa
2391.  
2392. TLS Fallback SCSV:
2393. Server supports TLS Fallback SCSV
2394.  
2395. TLS renegotiation:
2396. Session renegotiation not supported
2397.  
2398. TLS Compression:
2399. Compression disabled
2400.  
2401. Heartbleed:
2402. TLS 1.2 not vulnerable to heartbleed
2403. TLS 1.1 not vulnerable to heartbleed
2404. TLS 1.0 not vulnerable to heartbleed
2405.  
2406. Supported Server Cipher(s):
2407. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-384 DHE 384
2408. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-384 DHE 384
2409. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-384 DHE 384
2410. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-384 DHE 384
2411. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-384 DHE 384
2412. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-384 DHE 384
2413. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2414. Accepted TLSv1.2 128 bits AES128-SHA
2415. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
2416. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
2417. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
2418. Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve P-384 DHE 384
2419. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA256 DHE 2048 bits
2420. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
2421. Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve P-384 DHE 384
2422. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA256 DHE 2048 bits
2423. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2424. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
2425. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
2426. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2427. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2428. Accepted TLSv1.2 256 bits AES256-SHA256
2429. Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
2430. Accepted TLSv1.2 128 bits AES128-SHA256
2431. Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
2432. Accepted TLSv1.2 256 bits AES256-SHA
2433. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
2434. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
2435. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-384 DHE 384
2436. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-384 DHE 384
2437. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2438. Accepted TLSv1.1 128 bits AES128-SHA
2439. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2440. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
2441. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
2442. Accepted TLSv1.1 256 bits AES256-SHA
2443. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
2444. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
2445.  
2446. SSL Certificate:
2447. Signature Algorithm: sha256WithRSAEncryption
2448. RSA Key Strength: 2048
2449.  
2450. Subject: onedu.org
2451. Altnames: DNS:onedu.org, DNS:www.onedu.org
2452. Issuer: Let's Encrypt Authority X3
2453.  
2454. Not valid before: Sep 4 06:27:38 2018 GMT
2455. Not valid after: Dec 3 06:27:38 2018 GMT
2456. #######################################################################################################################################
2457. I, [2018-10-25T14:22:52.156025 #27463] INFO -- : Initiating port scan
2458. I, [2018-10-25T14:23:50.311731 #27463] INFO -- : Using nmap scan output file logs/nmap_output_2018-10-25_14-22-52.xml
2459. I, [2018-10-25T14:23:50.312950 #27463] INFO -- : Discovered open port: 146.66.71.198:80
2460. I, [2018-10-25T14:23:51.333730 #27463] INFO -- : Discovered open port: 146.66.71.198:443
2461. I, [2018-10-25T14:23:53.156806 #27463] INFO -- : Discovered open port: 146.66.71.198:465
2462. I, [2018-10-25T14:23:54.556197 #27463] INFO -- : Discovered open port: 146.66.71.198:993
2463. I, [2018-10-25T14:23:56.359669 #27463] INFO -- : <<<Enumerating vulnerable applications>>>
2464. ---------------------------------------------------------------------------------------------------------------------------------------
2465. <<<Yasuo discovered following vulnerable applications>>>
2466. ---------------------------------------------------------------------------------------------------------------------------------------
2467. +----------+---------------------------------+---------------------------------------+----------+----------+
2468. | App Name | URL to Application | Potential Exploit | Username | Password |
2469. +----------+---------------------------------+---------------------------------------+----------+----------+
2470. | v0pCr3w | http://146.66.71.198:80/jos.php | ./exploits/multi/http/v0pcr3w_exec.rb | | |
2471. +----------+---------------------------------+---------------------------------------+----------+----------+
2472. #######################################################################################################################################
2473. =======================================================================================================================================
2474. | Domain: http://onaizahedu.gov.sa/
2475. | IP: 146.66.71.198
2476. =======================================================================================================================================
2477. |
2478. | Directory check:
2479. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/Fares/
2480. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/adbanner/
2481. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/adclick/
2482. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/admin/
2483. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/adsense/
2484. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/adserv/
2485. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/adserve/
2486. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/adsrv/
2487. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/adsales/
2488. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/adserver/
2489. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/advert/
2490. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/bannerad/
2491. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/best/
2492. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/embed/
2493. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/feed/
2494. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/files/
2495. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/icons/
2496. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/login/
2497. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/phpads/
2498. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/publicidad/
2499. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/publicidade/
2500. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/rss/
2501. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/siteads/
2502. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/sub/
2503. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/textads/
2504. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/thk/
2505. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/untitled/
2506. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/word/
2507. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/wordpress/
2508. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/wp-admin/
2509. ######################################################################################################################################
2510. | File check:
2511. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/admentor/adminadmin.asp
2512. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/admin/index.php
2513. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/cgi-bin/clickcount.pl?view=test
2514. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/cgi-bin/counterbanner
2515. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/cgi-bin/counterbanner-ord
2516. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/cgi-bin/counterfiglet-ord
2517. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/cgi-bin/counter-ord
2518. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/cgi-bin/jj
2519. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/cgi-bin/ss
2520. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/favicon.ico
2521. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/index.php
2522. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/license.txt
2523. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/readme.html
2524. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/robots.txt
2525. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/scripts/fpcount.exe
2526. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/search/htx/sqlqhit.asp
2527. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/search/htx/SQLQHit.asp
2528. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/search/sqlqhit.asp
2529. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/search/SQLQHit.asp
2530. | [+] CODE: 200 URL: http://onaizahedu.gov.sa/_vti_bin/fpcount.exe
2531. #######################################################################################################################################
2532. |
2533. | External hosts:
2534. | [+] External Host Found: https://itunes.apple.com
2535. | [+] External Host Found: https://www.elnahar-news.com
2536. | [+] External Host Found: https://ajel.sa
2537. | [+] External Host Found: http://qh.gov.sa
2538. | [+] External Host Found: http://twasul.info
2539. | [+] External Host Found: http://kg.medu.sa
2540. | [+] External Host Found: http://i1.ytimg.com
2541. | [+] External Host Found: http://www.al-jazirah.com
2542. | [+] External Host Found: https://goo.gl
2543. | [+] External Host Found: http://www.m3llm.net
2544. | [+] External Host Found: http://www.kaqa.org.sa
2545. | [+] External Host Found: https://drive.google.com
2546. | [+] External Host Found: http://w.sharethis.com
2547. | [+] External Host Found: https://ien.moe.gov.sa
2548. | [+] External Host Found: https://www.watani.edu.sa
2549. | [+] External Host Found: http://gaya-sa.com
2550. | [+] External Host Found: http://www.aleqt.com
2551. | [+] External Host Found: https://inma.net.sa
2552. | [+] External Host Found: http://ksa-watan.com
2553. | [+] External Host Found: http://school6th.com
2554. | [+] External Host Found: http://www.n-alhadath.com
2555. | [+] External Host Found: https://www.gulf365.co
2556. | [+] External Host Found: http://almnatiq.net
2557. | [+] External Host Found: http://goo.gl
2558. | [+] External Host Found: http://www.alecso.org
2559. | [+] External Host Found: https://eservices.mcs.gov.sa
2560. | [+] External Host Found: https://www.elwehda.com
2561. | [+] External Host Found: http://www.daralakhbar.com
2562. | [+] External Host Found: http://www.ien.sa
2563. | [+] External Host Found: http://httpd.apache.org
2564. | [+] External Host Found: http://www.elwehda.com
2565. | [+] External Host Found: https://docs.google.com
2566. | [+] External Host Found: https://secure.php.net
2567. | [+] External Host Found: http://inma-csr.com
2568. | [+] External Host Found: http://www.okaz.com.sa
2569. | [+] External Host Found: http://www.ham-24.com
2570. | [+] External Host Found: https://twitter.com
2571. | [+] External Host Found: http://swaqqas.com
2572. | [+] External Host Found: http://www.qiyas.sa
2573. | [+] External Host Found: http://wat-sa.com
2574. | [+] External Host Found: https://play.google.com
2575. | [+] External Host Found: http://www.onaizatoday.com
2576. | [+] External Host Found: http://www.youtube.com
2577. | [+] External Host Found: https://youtu.be
2578. | [+] External Host Found: http://www.alamn.net
2579. | [+] External Host Found: https://www.elghad.co
2580. | [+] External Host Found: http://www.makkahnews.net
2581. | [+] External Host Found: https://sshr.moe.sa
2582. | [+] External Host Found: http://inma.net.sa
2583. | [+] External Host Found: http://www.alweeam.com.sa
2584. | [+] External Host Found: http://adwaalwatan.com
2585. | [+] External Host Found: http://www.alecsoapps.com
2586. | [+] External Host Found: http://www.onaizahedu.info
2587. | [+] External Host Found: https://www.garbnews.net
2588. | [+] External Host Found: http://sdl.edu.sa
2589. | [+] External Host Found: https://appsto.re
2590. | [+] External Host Found: http://www.makkahnewspaper.com
2591. | [+] External Host Found: http://www.ajel.sa
2592. | [+] External Host Found: http://www.dicid.org
2593. | [+] External Host Found: http://ien.sa
2594. | [+] External Host Found: https://wordpress.org
2595. | [+] External Host Found: http://www.almmlke.com
2596. | [+] External Host Found: http://www.sra7h.com
2597. | [+] External Host Found: http://ien.edu.sa
2598. | [+] External Host Found: http://www.afaq-n.com.sa
2599. | [+] External Host Found: http://was.sa
2600. | [+] External Host Found: http://pda.al-jazirah.com
2601. | [+] External Host Found: http://qiyas.sa
2602. | [+] External Host Found: http://www.slaati.com
2603. | [+] External Host Found: https://cld.bz
2604. | [+] External Host Found: http://%d8%a5%d8%ac%d8%b1%d8%a7%d8%a1%d8%a7%d8%aa%d9%87
2605. | [+] External Host Found: http://www.garidaty.net
2606. | [+] External Host Found: http://www.spa.gov.sa
2607. | [+] External Host Found: https://garbnews.net
2608. | [+] External Host Found: http://www.albiladdaily.com
2609. | [+] External Host Found: https://www.alarab-news.com
2610. | [+] External Host Found: https://maps.google.com.sa
2611. | [+] External Host Found: https://www.mysql.com
2612. | [+] External Host Found: http://almaydan2.net
2613. | [+] External Host Found: http://www.alyaum.com
2614. | [+] External Host Found: http://egate.tamayaz.org.sa
2615. | [+] External Host Found: http://www.almaydan2.net
2616. | [+] External Host Found: https://tawasul.moe.gov.sa
2617. | [+] External Host Found: https://codex.wordpress.org
2618. | [+] External Host Found: http://www.alriyadh.com
2619. | [+] External Host Found: https://www.watny1.com
2620. | [+] External Host Found: http://www.almowaten.net
2621. | [+] External Host Found: http://onedu.org
2622. | [+] External Host Found: http://www.hssen.com
2623. | [+] External Host Found: http://ebook.sa
2624. | [+] External Host Found: http://www.naifprize.org.sa
2625. | [+] External Host Found: http://ibda.mawhiba.org
2626. | [+] External Host Found: http://scbnews.com
2627. | [+] External Host Found: https://noor.moe.sa
2628. | [+] External Host Found: https://www.arabyoum.com
2629. | [+] External Host Found: http://alwatan.com.sa
2630. | [+] External Host Found: https://developer.wordpress.org
2631. | [+] External Host Found: http://cutt.us
2632. | [+] External Host Found: http://gaya-sa.org
2633. | [+] External Host Found: http://www.3alyoum.com
2634. | [+] External Host Found: https://www.moe.gov.sa
2635. | [+] External Host Found: http://www.burnews.com
2636. | [+] External Host Found: http://www.alwatan.com.sa
2637. | [+] External Host Found: http://khaward.ae
2638. | [+] External Host Found: http://www.al-jazirahonline.com
2639. | [+] External Host Found: https://w.soundcloud.com
2640. | [+] External Host Found: https://planet.wordpress.org
2641. | [+] External Host Found: https://gaya-sa.org
2642. | [+] External Host Found: http://onaizah.info
2643. | [+] External Host Found: http://www.leaders-news.com
2644. | [+] External Host Found: https://www.alsharq.net.sa
2645. | [+] External Host Found: http://www.mawhiba.org
2646. | [+] External Host Found: http://www.qaey.org
2647. | [+] External Host Found: http://sabq.org
2648. | [+] External Host Found: https://www.almowaten.net
2649. | [+] External Host Found: http://newsress.xyz
2650. | [+] External Host Found: http://www.alhayat.com
2651. | [+] External Host Found: http://www.newsalwatan.com
2652. | [+] External Host Found: http://www.newsqassim.com
2653. | [+] External Host Found: http://www.was.sa
2654. | [+] External Host Found: https://httpd.apache.org
2655. | [+] External Host Found: https://noorresults.moe.sa
2656. | [+] External Host Found: https://www.youtube.com
2657. | [+] External Host Found: http://www.al-jazirah.com.sa
2658. | [+] External Host Found: https://www.dropbox.com
2659. #######################################################################################################################################
2660. | E-mails:
2661. | [+] E-mail Found: ftn@onaizahedu.gov.sa
2662. | [+] E-mail Found: shaqely.mas@gmail.com
2663. | [+] E-mail Found: shaqely.mr@gmail.com
2664. | [+] E-mail Found: shaqely@gmail.com
2665. | [+] E-mail Found: safety@onaizahedu.gov.sa
2666. | [+] E-mail Found: al@onaizahedu.gov.sa
2667. | [+] E-mail Found: uesrb@onaizahedu.gov.sa
2668. | [+] E-mail Found: teacherprize@unesco.org
2669. | [+] E-mail Found: humbedooh@apache.org
2670. | [+] E-mail Found: wry@onaizahedu.gov.sa
2671. | [+] E-mail Found: shaqely.ra@gmail.com
2672. | [+] E-mail Found: m@tidakada.com
2673. | [+] E-mail Found: super-dept@moe.gov.sa
2674. | [+] E-mail Found: xm@onaizahedu.gov.sa
2675. | [+] E-mail Found: mike@hyperreal.org
2676. | [+] E-mail Found: book@onaizahedu.gov.sa
2677. | [+] E-mail Found: s52600@onaizahedu.gov.sa
2678. | [+] E-mail Found: mkm@onaizahedu.gov.sa
2679. | [+] E-mail Found: mo@onaizahedu.gov.sa
2680. | [+] E-mail Found: tk@onaizahedu.gov.sa
2681. | [+] E-mail Found: shaqely.mw@gmail.com
2682. | [+] E-mail Found: departmentofer@gmail.com
2683. | [+] E-mail Found: go@onaizahedu.gov.sa
2684. | [+] E-mail Found: userg@onaizahedu.gov.sa
2685. | [+] E-mail Found: userb@onaizahedu.gov.sa
2686. | [+] E-mail Found: kevinh@kevcom.com
2687. | [+] E-mail Found: moc@onaizahedu.qov.sa
2688. #######################################################################################################################################
2689. Anonymous JTSEC #OpJamalKhashoggi Full Recon #4