Anonymous JTSEC #OpAmazonia Full Recon #24

#######################################################################################################################################
=======================================================================================================================================
Hostname 	gopsp.org.br 	  	ISP 	Liquid Web, L.L.C
Continent 	North America 	  	Flag
US
Country 	United States 	  	Country Code 	US
Region 	Michigan 	  	Local time 	09 Sep 2019 09:30 EDT
City 	Lansing 	  	Postal Code 	48917
IP Address 	67.225.228.134 	  	Latitude 	42.735
  	  	  	Longitude 	-84.625
======================================================================================================================================
######################################################################################################################################
> gopsp.org.br
Server:		185.93.180.131
Address:	185.93.180.131#53

Non-authoritative answer:
Name:	gopsp.org.br
Address: 67.225.228.134
>
#######################################################################################################################################

domain:      gopsp.org.br
owner:       Grande Oriente Paulista
ownerid:     47.331.871/0001-51
responsible: Pascoal Marracini
country:     BR
owner-c:     GROPA6
admin-c:     GROPA6
tech-c:      GROPA6
billing-c:   GROPA6
nserver:     ns1.locaweb.com.br
nsstat:      20190908 AA
nslastaa:    20190908
nserver:     ns2.locaweb.com.br
nsstat:      20190908 AA
nslastaa:    20190908
nserver:     ns3.locaweb.com.br
nsstat:      20190908 AA
nslastaa:    20190908
saci:        yes
created:     20160718 #15875900
changed:     20190802
expires:     20240718
status:      published

nic-hdl-br:  GROPA6
person:      Grande Oriente Paulista
e-mail:      avelino@hbsistemas.com.br
country:     BR
created:     20160623
changed:     20160718

######################################################################################################################################
[+] Target : gopsp.org.br

[+] IP Address : 67.225.228.134

[+] Headers :

[+] Date : Mon, 09 Sep 2019 13:39:39 GMT
[+] Server : Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
[+] X-Powered-By : PHP/5.6.40
[+] Expires : Thu, 19 Nov 1981 08:52:00 GMT
[+] Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[+] Pragma : no-cache
[+] Content-Encoding : gzip
[+] Vary : Accept-Encoding
[+] Set-Cookie : PHPSESSID=rmqn16t38t18jhsj2mnatak0i6; path=/
[+] Keep-Alive : timeout=2, max=500
[+] Connection : Keep-Alive
[+] Transfer-Encoding : chunked
[+] Content-Type : text/html; charset=iso-8859-1

[+] SSL Certificate Information :

[+] commonName : gopsp.org.br
[+] countryName : US
[+] stateOrProvinceName : TX
[+] localityName : Houston
[+] organizationName : cPanel, Inc.
[+] commonName : cPanel, Inc. Certification Authority
[+] Version : 3
[+] Serial Number : D31A0C0A2CF1B24716E776B5B1F1E40A
[+] Not Before : Aug 31 00:00:00 2019 GMT
[+] Not After : Nov 29 23:59:59 2019 GMT
[+] OCSP : ('http://ocsp.comodoca.com',)
[+] subject Alt Name : (('DNS', 'gopsp.org.br'), ('DNS', 'autodiscover.gopsp.org.br'), ('DNS', 'cpanel.gopsp.org.br'), ('DNS', 'mail.gopsp.org.br'), ('DNS', 'webdisk.gopsp.org.br'), ('DNS', 'webmail.gopsp.org.br'), ('DNS', 'www.gopsp.org.br'))
[+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
[+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)

[+] Whois Lookup :

[+] NIR : None
[+] ASN Registry : arin
[+] ASN : 32244
[+] ASN CIDR : 67.225.128.0/17
[+] ASN Country Code : US
[+] ASN Date : 2007-11-26
[+] ASN Description : LIQUIDWEB - Liquid Web, L.L.C, US
[+] cidr : 67.225.128.0/17
[+] name : LIQUIDWEB
[+] handle : NET-67-225-128-0-1
[+] range : 67.225.128.0 - 67.225.255.255
[+] description : Liquid Web, L.L.C
[+] country : US
[+] state : MI
[+] city : Lansing
[+] address : 4210 Creyts Rd.
[+] postal_code : 48917
[+] emails : ['ipadmin@liquidweb.com', 'abuse@liquidweb.com']
[+] created : 2007-11-26
[+] updated : 2016-12-19

[+] Crawling Target...

[+] Looking for robots.txt........[ Found ]
[+] Extracting robots Links.......[ 1 ]
#######################################################################################################################################
[i] Scanning Site: https://gopsp.org.br


B A S I C   I N F O
====================


[+] Site Title: GOPSP | Grande Oriente Paulista
[+] IP address: 67.225.228.134
[+] Web Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Found

-------------[ contents ]----------------
User-agent: *
Disallow: /uploads

-----------[end of contents]-------------


W H O I S   L O O K U P
========================


% Copyright (c) Nic.br
%  The use of the data below is only permitted as described in
%  full by the terms of use at https://registro.br/termo/en.html ,
%  being prohibited its distribution, commercialization or
%  reproduction, in particular, to use it for advertising or
%  any similar purpose.
%  2019-09-09T10:40:18-03:00

domain:      gopsp.org.br
owner:       Grande Oriente Paulista
ownerid:     47.331.871/0001-51
responsible: Pascoal Marracini
country:     BR
owner-c:     GROPA6
admin-c:     GROPA6
tech-c:      GROPA6
billing-c:   GROPA6
nserver:     ns1.locaweb.com.br
nsstat:      20190908 AA
nslastaa:    20190908
nserver:     ns2.locaweb.com.br
nsstat:      20190908 AA
nslastaa:    20190908
nserver:     ns3.locaweb.com.br
nsstat:      20190908 AA
nslastaa:    20190908
saci:        yes
created:     20160718 #15875900
changed:     20190802
expires:     20240718
status:      published

nic-hdl-br:  GROPA6
person:      Grande Oriente Paulista
e-mail:      avelino@hbsistemas.com.br
country:     BR
created:     20160623
changed:     20160718

% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/ , respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), registrant (tax ID), ticket,
% provider, contact handle (ID), CIDR block, IP and ASN.


G E O  I P  L O O K  U P
=========================

[i] IP Address: 67.225.228.134
[i] Country: United States
[i] State: Michigan
[i] City: Lansing
[i] Latitude: 42.7348
[i] Longitude: -84.6245


H T T P   H E A D E R S
=======================


[i]  HTTP/1.1 200 OK
[i]  Date: Mon, 09 Sep 2019 13:40:20 GMT
[i]  Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
[i]  X-Powered-By: PHP/5.6.40
[i]  Expires: Thu, 19 Nov 1981 08:52:00 GMT
[i]  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[i]  Pragma: no-cache
[i]  Set-Cookie: PHPSESSID=mu0rkj7trdf66m46e4o51vsit0; path=/
[i]  Vary: Accept-Encoding
[i]  Connection: close
[i]  Content-Type: text/html; charset=iso-8859-1


D N S   L O O K U P
===================

gopsp.org.br.		3599	IN	A	67.225.228.134
gopsp.org.br.		3599	IN	TXT	"v=spf1 a mx include:_spf.elasticemail.com ~all"
gopsp.org.br.		3599	IN	SOA	ns1.locaweb.com.br. postmaster.locaweb.com.br. 2016081001 3600 600 1209600 3600
gopsp.org.br.		3599	IN	NS	ns3.locaweb.com.br.
gopsp.org.br.		3599	IN	NS	ns1.locaweb.com.br.
gopsp.org.br.		3599	IN	MX	10 mx.a.locaweb.com.br.
gopsp.org.br.		3599	IN	NS	ns2.locaweb.com.br.
gopsp.org.br.		3599	IN	MX	10 mx.b.locaweb.com.br.
gopsp.org.br.		3599	IN	MX	20 mx.jk.locaweb.com.br.


S U B N E T   C A L C U L A T I O N
====================================

Address       = 67.225.228.134
Network       = 67.225.228.134 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 67.225.228.134 - 67.225.228.134 }


N M A P   P O R T   S C A N
============================

Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-09 13:40 UTC
Nmap scan report for gopsp.org.br (67.225.228.134)
Host is up (0.028s latency).
rDNS record for 67.225.228.134: srv01.imserver.com.br

PORT     STATE    SERVICE
21/tcp   filtered ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  filtered pop3
143/tcp  filtered imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.77 seconds


S U B - D O M A I N   F I N D E R
==================================


[i] Total Subdomains Found : 6

[+] Subdomain: www.brasil3.gopsp.org.br
[-] IP: 67.225.228.134

[+] Subdomain: www.betha.gopsp.org.br
[-] IP: 67.225.228.134

[+] Subdomain: teste.gopsp.org.br
[-] IP: 191.252.4.30

[+] Subdomain: blog.gopsp.org.br
[-] IP: 191.252.4.30

[+] Subdomain: webdisk.gopsp.org.br
[-] IP: 67.225.228.134

[+] Subdomain: cpanel.gopsp.org.br
[-] IP: 67.225.228.134
#######################################################################################################################################
[INFO] ------TARGET info------
[*] TARGET: https://gopsp.org.br/
[*] TARGET IP: 67.225.228.134
[INFO] NO load balancer detected for gopsp.org.br...
[*] DNS servers: ns1.locaweb.com.br.
[*] TARGET server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
[*] CC: US
[*] Country: United States
[*] RegionCode: MI
[*] RegionName: Michigan
[*] City: Lansing
[*] ASN: AS32244
[*] BGP_PREFIX: 67.225.128.0/17
[*] ISP: LIQUIDWEB - Liquid Web, L.L.C, US
[INFO] SSL/HTTPS certificate detected
[*] Issuer: issuer=C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
[*] Subject: subject=CN = gopsp.org.br
[INFO] DNS enumeration:
[*] ad.gopsp.org.br 	 67.225.228.134
[*] admin.gopsp.org.br 	 67.225.228.134
[*] ads.gopsp.org.br 	 67.225.228.134
[*] alpha.gopsp.org.br 	 srv01.imserver.com.br. 67.225.228.134
[*] api.gopsp.org.br 	 67.225.228.134
[*] api-online.gopsp.org.br 	 67.225.228.134
[*] apolo.gopsp.org.br 	 67.225.228.134
[*] app.gopsp.org.br 	 191.252.4.30
[*] beta.gopsp.org.br 	 67.225.228.134
[*] bi.gopsp.org.br 	 67.225.228.134
[*] blog.gopsp.org.br 	 191.252.4.30
[*] cdn.gopsp.org.br 	 67.225.228.134
[*] events.gopsp.org.br 	 67.225.228.134
[*] ex.gopsp.org.br 	 67.225.228.134
[*] files.gopsp.org.br 	 67.225.228.134
[*] ftp.gopsp.org.br 	 ftp-orion06.locaweb.com.br. 179.188.15.200
[*] gateway.gopsp.org.br 	 67.225.228.134
[*] go.gopsp.org.br 	 67.225.228.134
[*] help.gopsp.org.br 	 67.225.228.134
[*] ib.gopsp.org.br 	 67.225.228.134
[*] images.gopsp.org.br 	 67.225.228.134
[*] internetbanking.gopsp.org.br 	 67.225.228.134
[*] intranet.gopsp.org.br 	 67.225.228.134
[*] jobs.gopsp.org.br 	 67.225.228.134
[*] join.gopsp.org.br 	 67.225.228.134
[*] live.gopsp.org.br 	 67.225.228.134
[*] login.gopsp.org.br 	 67.225.228.134
[*] m.gopsp.org.br 	 67.225.228.134
[*] mail.gopsp.org.br 	 pop.gopsp.org.br. mail.ita.locamail.com.br. 191.252.112.195
[*] mail2.gopsp.org.br 	 67.225.228.134
[*] mobile.gopsp.org.br 	 pop.gopsp.org.br. mail.ita.locamail.com.br. 191.252.112.195
[*] moodle.gopsp.org.br 	 67.225.228.134
[*] mx.gopsp.org.br 	 67.225.228.134
[*] mx2.gopsp.org.br 	 mx.b.locaweb.com.br. 177.153.23.242
[*] mx3.gopsp.org.br 	 mx.jk.locaweb.com.br. 200.234.204.130
[*] my.gopsp.org.br 	 67.225.228.134
[*] new.gopsp.org.br 	 67.225.228.134
[*] news.gopsp.org.br 	 67.225.228.134
[*] ns1.gopsp.org.br 	 ns1.locaweb.com.br. 189.126.108.2
[*] ns2.gopsp.org.br 	 ns2.locaweb.com.br. 201.76.40.2
[*] ns3.gopsp.org.br 	 ns3.locaweb.com.br. 187.45.246.2
[*] oauth.gopsp.org.br 	 67.225.228.134
[*] old.gopsp.org.br 	 67.225.228.134
[*] one.gopsp.org.br 	 67.225.228.134
[*] open.gopsp.org.br 	 67.225.228.134
[*] out.gopsp.org.br 	 67.225.228.134
[*] outlook.gopsp.org.br 	 67.225.228.134
[*] portfolio.gopsp.org.br 	 67.225.228.134
[*] raw.gopsp.org.br 	 67.225.228.134
[*] repo.gopsp.org.br 	 67.225.228.134
[*] router.gopsp.org.br 	 67.225.228.134
[*] search.gopsp.org.br 	 67.225.228.134
[*] siem.gopsp.org.br 	 67.225.228.134
[*] slack.gopsp.org.br 	 67.225.228.134
[*] slackbot.gopsp.org.br 	 67.225.228.134
[*] snmp.gopsp.org.br 	 67.225.228.134
[*] stream.gopsp.org.br 	 67.225.228.134
[*] support.gopsp.org.br 	 67.225.228.134
[*] syslog.gopsp.org.br 	 67.225.228.134
[*] tags.gopsp.org.br 	 67.225.228.134
[*] test.gopsp.org.br 	 67.225.228.134
[*] upload.gopsp.org.br 	 67.225.228.134
[*] video.gopsp.org.br 	 67.225.228.134
[*] vpn.gopsp.org.br 	 67.225.228.134
[*] webconf.gopsp.org.br 	 67.225.228.134
[*] webmail.gopsp.org.br 	 webmail.ita.locamail.com.br. 186.202.140.235 186.202.140.244 186.202.140.220
[*] webportal.gopsp.org.br 	 67.225.228.134
[*] wiki.gopsp.org.br 	 67.225.228.134
[*] www2.gopsp.org.br 	 67.225.228.134
[*] www3.gopsp.org.br 	 67.225.228.134
[*] zendesk.gopsp.org.br 	 67.225.228.134
[INFO] Possible abuse mails are:
[*] abuse@gopsp.org.br
[*] abuse@sourcedns.com
[*] admin@sourcedns.com
[*] ipadmin@liquidweb.com
[*] lisa@webclickhosting.com
[INFO] NO PAC (Proxy Auto Configuration) file FOUND
[ALERT] robots.txt file FOUND in http://gopsp.org.br/robots.txt
[INFO] Checking for HTTP status codes recursively from http://gopsp.org.br/robots.txt
[INFO] Status code 	 Folders
[*] 	 200 		 http://gopsp.org.br/uploads
[INFO] Starting FUZZing in http://gopsp.org.br/FUzZzZzZzZz...
[INFO] Status code 	 Folders
[*] 	 200 		 http://gopsp.org.br/index
[*] 	 200 		 http://gopsp.org.br/images
[*] 	 200 		 http://gopsp.org.br/download
[*] 	 200 		 http://gopsp.org.br/2006
[*] 	 200 		 http://gopsp.org.br/news
[*] 	 200 		 http://gopsp.org.br/crack
[*] 	 200 		 http://gopsp.org.br/serial
[*] 	 200 		 http://gopsp.org.br/warez
[*] 	 200 		 http://gopsp.org.br/full
[*] 	 200 		 http://gopsp.org.br/12
[ALERT] Look in the source code. It may contain passwords
[INFO] Links found from https://gopsp.org.br/ http://67.225.228.134/:
[*] http://67.225.228.134/cgi-sys/defaultwebpage.cgi
[*] http://masonweb.com.br/
[*] http://mmp.org.br/Account/Login.aspx?ReturnUrl=/
[*] https://gopsp.org.br/
[*] https://gopsp.org.br/albuns/listar
[*] https://gopsp.org.br/albuns/visualizar/1
[*] https://gopsp.org.br/contato
[*] https://gopsp.org.br/convites/listar
[*] https://gopsp.org.br/convites/visualizar/1
[*] https://gopsp.org.br/esqueceu-senha
[*] https://gopsp.org.br/inicio
[*] https://gopsp.org.br/institucional/administracao
[*] https://gopsp.org.br/institucional/grao-mestres
[*] https://gopsp.org.br/institucional/nossa-historia
[*] https://gopsp.org.br/lojas/listar
[*] https://gopsp.org.br/maconaria
[*] https://gopsp.org.br/mensagem-grao-mestre/listar
[*] https://gopsp.org.br/mensagem-grao-mestre/visualizar/391
[*] https://gopsp.org.br/#myCarousel
[*] https://gopsp.org.br/noticias/listar
[*] https://gopsp.org.br/noticias/visualizar/368
[*] https://gopsp.org.br/noticias/visualizar/378
[*] https://gopsp.org.br/noticias/visualizar/386
[*] https://gopsp.org.br/noticias/visualizar/388
[*] https://gopsp.org.br/noticias/visualizar/393
[*] https://gopsp.org.br/noticias/visualizar/394
[*] https://gopsp.org.br/noticias/visualizar/395
[*] https://gopsp.org.br/primeiro-acesso
[*] https://gopsp.org.br/videos/listar
[*] https://gopsp.org.br/videos/visualizar/4
[*] http://www.casadomacombarretos.com.br/
[*] http://www.cmisecretariaejecutiva.org/
[*] http://www.comab.org.br/
[INFO] GOOGLE has 918,000 results (0.38 seconds) about http://gopsp.org.br/
[INFO] BING shows 67.225.228.134 is shared with 10,000 hosts/vhosts
[INFO] Shodan detected the following opened ports on 67.225.228.134:
[*] 443
[*] 53
[*] 80
[INFO] ------VirusTotal SECTION------
[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
[INFO] ------Alexa Rank SECTION------
[INFO] Percent of Visitors Rank in Country:
[INFO] Percent of Search Traffic:
[INFO] Percent of Unique Visits:
[INFO] Total Sites Linking In:
[*] Total  Sites
[INFO] Useful links related to gopsp.org.br - 67.225.228.134:
[*] https://www.virustotal.com/pt/ip-address/67.225.228.134/information/
[*] https://www.hybrid-analysis.com/search?host=67.225.228.134
[*] https://www.shodan.io/host/67.225.228.134
[*] https://www.senderbase.org/lookup/?search_string=67.225.228.134
[*] https://www.alienvault.com/open-threat-exchange/ip/67.225.228.134
[*] http://pastebin.com/search?q=67.225.228.134
[*] http://urlquery.net/search.php?q=67.225.228.134
[*] http://www.alexa.com/siteinfo/gopsp.org.br
[*] http://www.google.com/safebrowsing/diagnostic?site=gopsp.org.br
[*] https://censys.io/ipv4/67.225.228.134
[*] https://www.abuseipdb.com/check/67.225.228.134
[*] https://urlscan.io/search/#67.225.228.134
[*] https://github.com/search?q=67.225.228.134&type=Code
[INFO] Useful links related to AS32244 - 67.225.128.0/17:
[*] http://www.google.com/safebrowsing/diagnostic?site=AS:32244
[*] https://www.senderbase.org/lookup/?search_string=67.225.128.0/17
[*] http://bgp.he.net/AS32244
[*] https://stat.ripe.net/AS32244
[INFO] Date: 09/09/19 | Time: 09:42:49
[INFO] Total time: 2 minute(s) and 38 second(s)
#######################################################################################################################################
[*] Load target domain: gopsp.org.br
    - starting scanning @ 2019-09-09 09:42:57

[+] Running & Checking source to be used
---------------------------------------------

    ⍥  Shodan				[ ✕ ]
    ⍥  Webarchive			[ ✔ ]
    ⍥  Dnsdumpster			[ ✔ ]
    ⍥  Censys				[ ✕ ]
    ⍥  Bufferover			[ ✔ ]
    ⍥  Threatcrowd			[ ✔ ]
    ⍥  Securitytrails			[ ✕ ]
    ⍥  Binaryedge			[ ✕ ]
    ⍥  Certsh				[ ✔ ]
    ⍥  Virustotal			[ ✕ ]
    ⍥  Certspotter			[ ✔ ]
    ⍥  Entrust				[ ✔ ]
    ⍥  Hackertarget			[ ✔ ]
    ⍥  Threatminer			[ ✔ ]
    ⍥  Riddler				[ ✔ ]
jq: error (at <stdin>:0): Cannot iterate over null (null)
    ⍥  Findsubdomain			[ ✔ ]

[+] Get & Count subdomain total From source
---------------------------------------------

    ⍥  Hackertarget: Total Subdomain (7)
    ⍥  Findsubdomain: Total Subdomain (0)
    ⍥  Certspotter: Total Subdomain (15)
    ⍥  Threatminer: Total Subdomain (0)
    ⍥  Certsh: Total Subdomain (14)
    ⍥  BufferOver: Total Subdomain (13)
    ⍥  Entrust: Total Subdomain (5)
    ⍥  Threatcrowd: Total Subdomain (0)
    ⍥  Dnsdumpster: Total Subdomain (0)
    ⍥  Riddler: Total Subdomain (0)
    ⍥  Webarchive: Total Subdomain (3)

[+] Parsing & Sorting list Domain
---------------------------------------------

    ⍥  Total 				[18]

	 - alpha.gopsp.org.br
	 - app.gopsp.org.br
	 - autodiscover.gopsp.org.br
	 - betha.gopsp.org.br
	 - blog.gopsp.org.br
	 - brasil3.gopsp.org.br
	 - cpanel.gopsp.org.br
	 - gopsp.org.br
	 - mail.gopsp.org.br
	 - pop.gopsp.org.br
	 - teste.gopsp.org.br
	 - webdisk.gopsp.org.br
	 - webmail.gopsp.org.br
	 - www.alpha.gopsp.org.br
	 - www.betha.gopsp.org.br
	 - www.brasil3.gopsp.org.br
	 - www.gopsp.org.br
	 - www.teste.gopsp.org.br

    ⍥  Total 				[18]

[+] Probe subdomain for working on http/https
---------------------------------------------

	 - http://gopsp.org.br
	 - http://alpha.gopsp.org.br
	 - http://brasil3.gopsp.org.br
	 - http://cpanel.gopsp.org.br
	 - http://pop.gopsp.org.br
	 - http://mail.gopsp.org.br
	 - http://autodiscover.gopsp.org.br
	 - https://gopsp.org.br
	 - https://brasil3.gopsp.org.br
	 - https://alpha.gopsp.org.br
	 - https://cpanel.gopsp.org.br
	 - http://webdisk.gopsp.org.br
	 - http://www.alpha.gopsp.org.br
	 - https://mail.gopsp.org.br
	 - https://pop.gopsp.org.br
	 - http://webmail.gopsp.org.br
	 - http://www.gopsp.org.br
	 - https://webdisk.gopsp.org.br
	 - http://www.betha.gopsp.org.br
	 - http://www.brasil3.gopsp.org.br
	 - https://www.alpha.gopsp.org.br
	 - https://www.gopsp.org.br
	 - https://www.betha.gopsp.org.br
	 - https://www.brasil3.gopsp.org.br
	 - https://webmail.gopsp.org.br

    ⍥  Total 				[24]


[+] Check Live Host: Ping Sweep - ICMP PING
---------------------------------------------

    ⍥  [DEAD]	 alpha.gopsp.org.br
    ⍥  [LIVE]	 app.gopsp.org.br
    ⍥  [LIVE]	 autodiscover.gopsp.org.br
    ⍥  [DEAD]	 betha.gopsp.org.br
    ⍥  [LIVE]	 blog.gopsp.org.br
    ⍥  [DEAD]	 brasil3.gopsp.org.br
    ⍥  [DEAD]	 cpanel.gopsp.org.br
    ⍥  [DEAD]	 gopsp.org.br
    ⍥  [LIVE]	 mail.gopsp.org.br
    ⍥  [LIVE]	 pop.gopsp.org.br
    ⍥  [LIVE]	 teste.gopsp.org.br
    ⍥  [DEAD]	 webdisk.gopsp.org.br
    ⍥  [LIVE]	 webmail.gopsp.org.br
    ⍥  [DEAD]	 www.alpha.gopsp.org.br
    ⍥  [DEAD]	 www.betha.gopsp.org.br
    ⍥  [DEAD]	 www.brasil3.gopsp.org.br
    ⍥  [DEAD]	 www.gopsp.org.br
    ⍥  [LIVE]	 www.teste.gopsp.org.br

[+] Check Resolving: Subdomains & Domains
---------------------------------------------

    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 191.252.4.30
    ⍥  Resolving domains to: 186.202.140.232
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 191.252.4.30
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 191.252.112.195
    ⍥  Resolving domains to: 191.252.112.195
    ⍥  Resolving domains to: 191.252.4.30
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 186.202.140.220
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 67.225.228.134
    ⍥  Resolving domains to: 191.252.4.30

[+] Subdomain TakeOver - Check Possible Vulns
---------------------------------------------

    ⍥  [FAILS]	 En: Unknown  http://gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://alpha.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://brasil3.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://cpanel.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://pop.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://autodiscover.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://alpha.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://cpanel.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://brasil3.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://webdisk.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://www.alpha.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://pop.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://mail.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://webmail.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://webdisk.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://www.betha.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://www.alpha.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://www.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  http://www.brasil3.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://www.betha.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://www.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://www.brasil3.gopsp.org.br
    ⍥  [FAILS]	 En: Unknown  https://webmail.gopsp.org.br

[+]  Checks status code on port 80 and 443
---------------------------------------------

    ⍥  [301]	 http://gopsp.org.br
    ⍥  [301]	 http://alpha.gopsp.org.br
    ⍥  [200]	 http://brasil3.gopsp.org.br
    ⍥  [302]	 http://cpanel.gopsp.org.br
    ⍥  [302]	 http://pop.gopsp.org.br
    ⍥  [200]	 http://autodiscover.gopsp.org.br
    ⍥  [200]	 https://alpha.gopsp.org.br
    ⍥  [200]	 https://gopsp.org.br
    ⍥  [401]	 https://cpanel.gopsp.org.br
    ⍥  [200]	 https://brasil3.gopsp.org.br
    ⍥  [302]	 http://webdisk.gopsp.org.br
    ⍥  [301]	 http://www.alpha.gopsp.org.br
    ⍥  [000]	 https://pop.gopsp.org.br
    ⍥  [000]	 https://mail.gopsp.org.br
    ⍥  [302]	 http://webmail.gopsp.org.br
    ⍥  [401]	 https://webdisk.gopsp.org.br
    ⍥  [200]	 http://www.betha.gopsp.org.br
    ⍥  [301]	 https://www.alpha.gopsp.org.br
    ⍥  [301]	 http://www.gopsp.org.br
    ⍥  [200]	 http://www.brasil3.gopsp.org.br
    ⍥  [200]	 https://www.betha.gopsp.org.br
    ⍥  [301]	 https://www.gopsp.org.br
    ⍥  [200]	 https://www.brasil3.gopsp.org.br
    ⍥  [000]	 https://webmail.gopsp.org.br

[+] Web Screenshots: from domain list
---------------------------------------------

[+] 24 URLs to be screenshot

[ERROR][http://gopsp.org.br:80] Screenshot somehow failed

[ERROR][http://alpha.gopsp.org.br:80] Screenshot somehow failed

[ERROR][http://cpanel.gopsp.org.br:80] Screenshot somehow failed

[ERROR][https://alpha.gopsp.org.br:443] Screenshot somehow failed

[ERROR][https://gopsp.org.br:443] Screenshot somehow failed

[ERROR][http://webdisk.gopsp.org.br:80] Screenshot somehow failed

[ERROR][http://www.alpha.gopsp.org.br:80] Screenshot somehow failed

[ERROR][https://webdisk.gopsp.org.br:443] HTTP Authentication requested, try to pass credentials with -u and -b options
[ERROR][https://www.alpha.gopsp.org.br:443] Screenshot somehow failed

[ERROR][http://www.gopsp.org.br:80] Screenshot somehow failed

[ERROR][https://www.gopsp.org.br:443] Screenshot somehow failed

[+] 13 actual URLs screenshot
[+] 11 error(s)
    http://gopsp.org.br:80
    http://alpha.gopsp.org.br:80
    http://cpanel.gopsp.org.br:80
    https://alpha.gopsp.org.br:443
    https://gopsp.org.br:443
    http://webdisk.gopsp.org.br:80
    http://www.alpha.gopsp.org.br:80
    https://webdisk.gopsp.org.br:443
    https://www.alpha.gopsp.org.br:443
    http://www.gopsp.org.br:80
    https://www.gopsp.org.br:443

[+] Sud⍥my has been sucessfully completed
---------------------------------------------

    ⍥  Location output:
    	- output/09-09-2019/gopsp.org.br
    	- output/09-09-2019/gopsp.org.br/report
    	- output/09-09-2019/gopsp.org.br/screenshots


#######################################################################################################################################
Trying "gopsp.org.br"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22550
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 3, ADDITIONAL: 6

;; QUESTION SECTION:
;gopsp.org.br.			IN	ANY

;; ANSWER SECTION:
gopsp.org.br.		3600	IN	SOA	ns1.locaweb.com.br. postmaster.locaweb.com.br. 2016081001 3600 600 1209600 3600
gopsp.org.br.		3600	IN	TXT	"v=spf1 a mx include:_spf.elasticemail.com ~all"
gopsp.org.br.		3600	IN	MX	10 mx.a.locaweb.com.br.
gopsp.org.br.		3600	IN	MX	20 mx.jk.locaweb.com.br.
gopsp.org.br.		3600	IN	MX	10 mx.b.locaweb.com.br.
gopsp.org.br.		3600	IN	A	67.225.228.134
gopsp.org.br.		3600	IN	NS	ns3.locaweb.com.br.
gopsp.org.br.		3600	IN	NS	ns2.locaweb.com.br.
gopsp.org.br.		3600	IN	NS	ns1.locaweb.com.br.

;; AUTHORITY SECTION:
gopsp.org.br.		3600	IN	NS	ns1.locaweb.com.br.
gopsp.org.br.		3600	IN	NS	ns2.locaweb.com.br.
gopsp.org.br.		3600	IN	NS	ns3.locaweb.com.br.

;; ADDITIONAL SECTION:
ns2.locaweb.com.br.	1277	IN	A	201.76.40.2
ns2.locaweb.com.br.	1277	IN	AAAA	2804:218:d2::cafe
ns3.locaweb.com.br.	1277	IN	A	187.45.246.2
ns3.locaweb.com.br.	1277	IN	AAAA	2804:218:d3::faca
ns1.locaweb.com.br.	1556	IN	A	189.126.108.2
ns1.locaweb.com.br.	1277	IN	AAAA	2804:218:d1::ca5a

Received 456 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 322 ms
######################################################################################################################################
; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace gopsp.org.br
;; global options: +cmd
.			85200	IN	NS	a.root-servers.net.
.			85200	IN	NS	h.root-servers.net.
.			85200	IN	NS	d.root-servers.net.
.			85200	IN	NS	j.root-servers.net.
.			85200	IN	NS	k.root-servers.net.
.			85200	IN	NS	g.root-servers.net.
.			85200	IN	NS	l.root-servers.net.
.			85200	IN	NS	b.root-servers.net.
.			85200	IN	NS	i.root-servers.net.
.			85200	IN	NS	c.root-servers.net.
.			85200	IN	NS	m.root-servers.net.
.			85200	IN	NS	f.root-servers.net.
.			85200	IN	NS	e.root-servers.net.
.			85200	IN	RRSIG	NS 8 0 518400 20190922050000 20190909040000 59944 . UdevRT5xRd+xLrIiCOgOJvCQyYg+GtsS+27xyFTrdzuu147InV6Z3rJG 588jQ6Qkv54DO2olI94IRTo+7rGpvBg3QR3uPNAI2CXyL3RtADrjQ1Eh AhvGuq3VAjGoLh4upughjB5Vz3ZFnj8hv+KeEodYDXEk58uAHnWM+fVt EI660UE2Lsm20pjkt6DC7ePkdad9c4tSboSCWUtqWJASkWDMJ27Jn4ww EWGx/QqfPV+gnd/dvB1iGbuk9KeUR7ZSVktrfsgAf3MWVx2yL9irmqf3 8haedccQxutc8B19xH9jUrW3BdLV0/BzINhBjmG1DVRi5P69ZonS5f/G PVh+Zg==
;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 1338 ms

br.			172800	IN	NS	a.dns.br.
br.			172800	IN	NS	b.dns.br.
br.			172800	IN	NS	c.dns.br.
br.			172800	IN	NS	d.dns.br.
br.			172800	IN	NS	e.dns.br.
br.			172800	IN	NS	f.dns.br.
br.			86400	IN	DS	2471 13 2 5E4F35998B8F909557FA119C4CBFDCA2D660A26F069EF006B403758A 07D1A2E4
br.			86400	IN	RRSIG	DS 8 1 86400 20190922050000 20190909040000 59944 . eathNtSWCMFofqyFnBqLlcsVVKDFAlK+PamhkBp3lhY4m7S4PvLLwgkn //H85vSB0LAn38S0rDACEJKfhIVXapb6BQXMkHAcY9ULvb30tckH7J2k q+ivqz/dvBpyFIpRcmIf1M6ugMvlSxeU16gRvUPcCodj5iX3rzwa+vU6 xp+DD8GKOf6uNe5F3Si/1yB51c59JAa9V2IIH+aYQRziP8VKt9zQtMQR v2qGYOEnKHBdpt+Slv1uIwFNL5o941DtR7OQl/IZ9LRPq7zuQtHDirPA /+4LeVKOYEFyy61xg5KBq+17yMAYk59mCl3OQc+KjMbdK1iZat1ucnbn F4poUQ==
;; Received 740 bytes from 198.41.0.4#53(a.root-servers.net) in 111 ms

gopsp.org.br.		3600	IN	NS	ns1.locaweb.com.br.
gopsp.org.br.		3600	IN	NS	ns3.locaweb.com.br.
gopsp.org.br.		3600	IN	NS	ns2.locaweb.com.br.
8ibcveen5720n44l12on35ti99p48dfq.org.br. 900 IN	NSEC3 1 1 10 1ED197E8FB8CAF6322BC 8ICM44EE54CNOQDKEDVKHHOQFOIQG8RR NS SOA RRSIG DNSKEY NSEC3PARAM
8ibcveen5720n44l12on35ti99p48dfq.org.br. 900 IN	RRSIG NSEC3 13 3 900 20190923142508 20190909132508 50774 org.br. POHX2yzwVItWfgepNS5RUO+X0Py3v1asktbwGIPFbsWE9LEMkURRMJ50 t7KPnfolXAL/l7Nf5yNduH1IFTG+3A==
s02nj6vqgl2gqaaum4crgvqn1jihuqab.org.br. 900 IN	NSEC3 1 1 10 1ED197E8FB8CAF6322BC S064UIRLQCM5TUK930EGMC0PM1HOQALS NS DS RRSIG
s02nj6vqgl2gqaaum4crgvqn1jihuqab.org.br. 900 IN	RRSIG NSEC3 13 3 900 20190920144512 20190906134512 50774 org.br. bI7PQJSNVeOwvN5ZyvlKNmJFDlixr/XE1icsSLRqLKBgDk19sSjQD74Z baLSNFVwR5KdcfYfgJjWP29ydhZqcA==
;; Received 518 bytes from 2001:12f8:8::10#53(b.dns.br) in 114 ms

;; expected opt record in response
gopsp.org.br.		3600	IN	A	67.225.228.134
;; Received 46 bytes from 2804:218:d2::cafe#53(ns2.locaweb.com.br) in 160 ms
#######################################################################################################################################
[*] Performing General Enumeration of Domain: gopsp.org.br
[!] Wildcard resolution is enabled on this domain
[!] It is resolving to 67.225.228.134
[!] All queries will resolve to this address!!
[-] DNSSEC is not configured for gopsp.org.br
[*] 	 SOA ns1.locaweb.com.br 189.126.108.2
[*] 	 NS ns2.locaweb.com.br 201.76.40.2
[*] 	 NS ns2.locaweb.com.br 2804:218:d2::cafe
[*] 	 NS ns3.locaweb.com.br 187.45.246.2
[*] 	 NS ns3.locaweb.com.br 2804:218:d3::faca
[*] 	 NS ns1.locaweb.com.br 189.126.108.2
[*] 	 NS ns1.locaweb.com.br 2804:218:d1::ca5a
[*] 	 MX mx.a.locaweb.com.br 186.202.4.42
[*] 	 MX mx.jk.locaweb.com.br 200.234.204.130
[*] 	 MX mx.b.locaweb.com.br 177.153.23.242
[*] 	 A gopsp.org.br 67.225.228.134
[*] 	 TXT gopsp.org.br v=spf1 a mx include:_spf.elasticemail.com ~all
[*] Enumerating SRV Records
[-] No SRV Records Found for gopsp.org.br
[+] 0 Records Found
#######################################################################################################################################
[*] Processing domain gopsp.org.br
[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
[+] Getting nameservers
201.76.40.2 - ns2.locaweb.com.br
187.45.246.2 - ns3.locaweb.com.br
189.126.108.2 - ns1.locaweb.com.br
[-] Zone transfer failed

[+] TXT records found
"v=spf1 a mx include:_spf.elasticemail.com ~all"

[+] MX records found, added to target list
10 mx.a.locaweb.com.br.
20 mx.jk.locaweb.com.br.
10 mx.b.locaweb.com.br.

[+] Wildcard domain found - 67.225.228.134
[*] Scanning gopsp.org.br for A records
191.252.4.30 - app.gopsp.org.br
186.202.140.232 - autodiscover.gopsp.org.br
191.252.4.30 - blog.gopsp.org.br
179.188.15.200 - ftp.gopsp.org.br
191.252.112.195 - imap.gopsp.org.br
191.252.112.194 - imap3.gopsp.org.br
191.252.112.195 - mail.gopsp.org.br
191.252.112.195 - mobile.gopsp.org.br
186.202.4.42 - mx1.gopsp.org.br
177.153.23.242 - mx2.gopsp.org.br
200.234.204.130 - mx3.gopsp.org.br
189.126.108.2 - ns1.gopsp.org.br
187.45.246.2 - ns3.gopsp.org.br
201.76.40.2 - ns2.gopsp.org.br
186.202.48.30 - painel.gopsp.org.br
191.252.112.195 - pda.gopsp.org.br
191.252.112.195 - pop.gopsp.org.br
191.252.112.195 - pop3.gopsp.org.br
191.252.112.195 - smtp.gopsp.org.br
54.38.226.140 - tracking.gopsp.org.br
94.23.161.19 - tracking.gopsp.org.br
188.165.1.80 - tracking.gopsp.org.br
46.105.88.234 - tracking.gopsp.org.br
164.132.95.123 - tracking.gopsp.org.br
186.202.140.244 - webmail.gopsp.org.br
186.202.140.235 - webmail.gopsp.org.br
186.202.140.220 - webmail.gopsp.org.br
#######################################################################################################################################


 AVAILABLE PLUGINS
 -----------------

  CompressionPlugin
  CertificateInfoPlugin
  RobotPlugin
  OpenSslCipherSuitesPlugin
  SessionResumptionPlugin
  EarlyDataPlugin
  HeartbleedPlugin
  FallbackScsvPlugin
  SessionRenegotiationPlugin
  OpenSslCcsInjectionPlugin
  HttpHeadersPlugin


 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   67.225.228.134:443                       => 67.225.228.134


 SCAN RESULTS FOR 67.225.228.134:443 - 67.225.228.134
 ----------------------------------------------------

 * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

 * Certificate Information:
     Content
       SHA1 Fingerprint:                  27d9cf57edd65b4fd3dc82e076aeb7f73bf4b91d
       Common Name:                       goba.org.br
       Issuer:                            cPanel, Inc. Certification Authority
       Serial Number:                     198705539120532982707046231779006044473
       Not Before:                        2019-07-05 00:00:00
       Not After:                         2019-10-03 23:59:59
       Signature Algorithm:               sha256
       Public Key Algorithm:              RSA
       Key Size:                          2048
       Exponent:                          65537 (0x10001)
       DNS Subject Alternative Names:     ['goba.org.br', 'autodiscover.goba.org.br', 'cpanel.goba.org.br', 'mail.goba.org.br', 'webdisk.goba.org.br', 'webmail.goba.org.br', 'www.goba.org.br']

     Trust
       Hostname Validation:               FAILED - Certificate does NOT match 67.225.228.134
       Android CA Store (9.0.0_r9):       OK - Certificate is trusted
       Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
       Java CA Store (jdk-12.0.1):        OK - Certificate is trusted
       Mozilla CA Store (2019-03-14):     OK - Certificate is trusted
       Windows CA Store (2019-05-27):     OK - Certificate is trusted
       Symantec 2018 Deprecation:         WARNING: Certificate distrusted by Google and Mozilla on September 2018
       Received Chain:                    goba.org.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
       Verified Chain:                    goba.org.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
       Received Chain Contains Anchor:    OK - Anchor certificate not sent
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain

     Extensions
       OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
       Certificate Transparency:          WARNING - Only 2 SCTs included but Google recommends 3 or more

     OCSP Stapling
       OCSP Response Status:              successful
       Validation w/ Mozilla Store:       OK - Response is trusted
       Responder Id:                      7E035A65416BA77E0AE1B89D08EA1D8E1D6AC765
       Cert Status:                       good
       Cert Serial Number:                957D4B7768AA13A1AC850A3833E95939
       This Update:                       Sep  6 17:02:00 2019 GMT
       Next Update:                       Sep 13 17:02:00 2019 GMT

 * TLSV1_3 Cipher Suites:
      Server rejected all cipher suites.

 * Deflate Compression:
                                          OK - Compression disabled

 * TLSV1_1 Cipher Suites:
       Forward Secrecy                    OK - Supported
       RC4                                OK - Not Supported

     Preferred:
        None - Server followed client cipher suite preference.
     Accepted:
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                                256 bits      HTTP 200 OK
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                                128 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_256_CBC_SHA                                     256 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_128_CBC_SHA                                     128 bits      HTTP 200 OK
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                                    112 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                               256 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                               128 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA                            256 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA                            128 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA                                 256 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA                                 128 bits      HTTP 200 OK

 * TLSV1_2 Cipher Suites:
       Forward Secrecy                    OK - Supported
       RC4                                OK - Not Supported

     Preferred:
        None - Server followed client cipher suite preference.
     Accepted:
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                                256 bits      HTTP 200 OK
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                                128 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_256_GCM_SHA384                                  256 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_256_CBC_SHA256                                  256 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_256_CBC_SHA                                     256 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_128_GCM_SHA256                                  128 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_128_CBC_SHA256                                  128 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_128_CBC_SHA                                     128 bits      HTTP 200 OK
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                                    112 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384                            256 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384                            256 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                               256 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256                            128 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256                            128 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                               128 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA                            256 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA                            128 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                              256 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                              256 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA                                 256 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                              128 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                              128 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA                                 128 bits      HTTP 200 OK

 * TLSV1 Cipher Suites:
       Forward Secrecy                    OK - Supported
       RC4                                OK - Not Supported

     Preferred:
        None - Server followed client cipher suite preference.
     Accepted:
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                                256 bits      HTTP 200 OK
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                                128 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_256_CBC_SHA                                     256 bits      HTTP 200 OK
        TLS_RSA_WITH_AES_128_CBC_SHA                                     128 bits      HTTP 200 OK
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                                    112 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                               256 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                               128 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA                            256 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA                            128 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA                                 256 bits      HTTP 200 OK
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA                                 128 bits      HTTP 200 OK

 * Downgrade Attacks:
       TLS_FALLBACK_SCSV:                 OK - Supported

 * OpenSSL Heartbleed:
                                          OK - Not vulnerable to Heartbleed

 * TLS 1.2 Session Resumption Support:
      With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
      With TLS Tickets:                  OK - Supported

 * Session Renegotiation:
       Client-initiated Renegotiation:    OK - Rejected
       Secure Renegotiation:              OK - Supported

 * OpenSSL CCS Injection:
                                          OK - Not vulnerable to OpenSSL CCS injection

 * SSLV3 Cipher Suites:
      Server rejected all cipher suites.

 * ROBOT Attack:
                                          OK - Not vulnerable


 SCAN COMPLETED IN 18.28 S
 -------------------------
#######################################################################################################################################
Domains still to check: 1
	Checking if the hostname gopsp.org.br. given is in fact a domain...

Analyzing domain: gopsp.org.br.
	Checking NameServers using system default resolver...
		IP: 201.76.40.2 (Brazil)
			HostName: ns2.locaweb.com.br 			Type: NS
			HostName: ns2.locaweb.com.br			Type: PTR
		IP: 189.126.108.2 (Brazil)
			HostName: ns1.locaweb.com.br 			Type: NS
			HostName: ns1.locaweb.com.br			Type: PTR
		IP: 187.45.246.2 (Brazil)
			HostName: ns3.locaweb.com.br 			Type: NS
			HostName: ns3.locaweb.com.br			Type: PTR

	Checking MailServers using system default resolver...
		IP: 200.234.204.130 (Brazil)
			HostName: mx.jk.locaweb.com.br 			Type: MX
			HostName: mx.jk.locaweb.com.br			Type: PTR
		IP: 186.202.4.42 (Brazil)
			HostName: mx.a.locaweb.com.br 			Type: MX
			HostName: mx.a.locaweb.com.br			Type: PTR
		IP: 177.153.23.242 (Brazil)
			HostName: mx.b.locaweb.com.br 			Type: MX
		WARNING!! This domain has wildcards activated for hostnames resolution. We are checking "www" anyway, but perhaps it doesn't exists!

	Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
		No zone transfer found on nameserver 187.45.246.2
		No zone transfer found on nameserver 201.76.40.2
		No zone transfer found on nameserver 189.126.108.2

	Checking SPF record...

	Checking SPF record...
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.31.7.0/25, but only the network IP
		New IP found: 176.31.7.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 178.33.84.64/27, but only the network IP
		New IP found: 178.33.84.64
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 174.142.165.40/29, but only the network IP
		New IP found: 174.142.165.40
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 174.142.128.32/27, but only the network IP
		New IP found: 174.142.128.32
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 5.135.241.64/26, but only the network IP
		New IP found: 5.135.241.64
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 5.135.31.128/27, but only the network IP
		New IP found: 5.135.31.128
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 188.165.95.224/27, but only the network IP
		New IP found: 188.165.95.224
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.31.140.80/28, but only the network IP
		New IP found: 176.31.140.80

	Checking SPF record...
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.31.69.160/28, but only the network IP
		New IP found: 176.31.69.160
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.31.145.240/28, but only the network IP
		New IP found: 176.31.145.240
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 188.165.144.128/28, but only the network IP
		New IP found: 188.165.144.128
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 37.59.169.64/28, but only the network IP
		New IP found: 37.59.169.64
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 37.59.131.32/28, but only the network IP
		New IP found: 37.59.131.32
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 198.50.170.32/28, but only the network IP
		New IP found: 198.50.170.32
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 178.33.9.160/28, but only the network IP
		New IP found: 178.33.9.160
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 174.142.73.240/28, but only the network IP
		New IP found: 174.142.73.240
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 96.45.68.0/24, but only the network IP
		New IP found: 96.45.68.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 162.254.227.0/24, but only the network IP
		New IP found: 162.254.227.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 46.105.146.0/25, but only the network IP
		New IP found: 46.105.146.0

	Checking SPF record...
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 5.196.146.128/25, but only the network IP
		New IP found: 5.196.146.128
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 192.99.26.0/25, but only the network IP
		New IP found: 192.99.26.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.243.65.0/25, but only the network IP
		New IP found: 104.243.65.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 51.254.70.0/26, but only the network IP
		New IP found: 51.254.70.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 67.227.85.0/24, but only the network IP
		New IP found: 67.227.85.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 67.227.87.0/24, but only the network IP
		New IP found: 67.227.87.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 178.33.242.0/24, but only the network IP
		New IP found: 178.33.242.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.169.98.0/23, but only the network IP
		New IP found: 216.169.98.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.182.181.0/24, but only the network IP
		New IP found: 217.182.181.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 54.36.22.0/24, but only the network IP
		New IP found: 54.36.22.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 51.38.210.0/24, but only the network IP
		New IP found: 51.38.210.0
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 142.44.153.0/24, but only the network IP
		New IP found: 142.44.153.0

	Checking 1 most common hostnames using system default resolver...
		IP: 67.225.228.134 (United States)
			HostName: www.gopsp.org.br. 			Type: A

	Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
		Checking netblock 104.243.65.0
		Checking netblock 142.44.153.0
		Checking netblock 5.135.31.0
		Checking netblock 51.254.70.0
		Checking netblock 176.31.140.0
		Checking netblock 198.50.170.0
		Checking netblock 178.33.242.0
		Checking netblock 46.105.146.0
		Checking netblock 201.76.40.0
		Checking netblock 188.165.144.0
		Checking netblock 187.45.246.0
		Checking netblock 5.135.241.0
		Checking netblock 178.33.9.0
		Checking netblock 67.225.228.0
		Checking netblock 177.153.23.0
		Checking netblock 176.31.69.0
		Checking netblock 51.38.210.0
		Checking netblock 188.165.95.0
		Checking netblock 176.31.7.0
		Checking netblock 174.142.165.0
		Checking netblock 5.196.146.0
		Checking netblock 174.142.128.0
		Checking netblock 162.254.227.0
		Checking netblock 37.59.169.0
		Checking netblock 189.126.108.0
		Checking netblock 54.36.22.0
		Checking netblock 67.227.87.0
		Checking netblock 216.169.98.0
		Checking netblock 200.234.204.0
		Checking netblock 178.33.84.0
		Checking netblock 176.31.145.0
		Checking netblock 174.142.73.0
		Checking netblock 67.227.85.0
		Checking netblock 192.99.26.0
		Checking netblock 186.202.4.0
		Checking netblock 96.45.68.0
		Checking netblock 37.59.131.0
		Checking netblock 217.182.181.0

	Searching for gopsp.org.br. emails in Google
		gabinete@gopsp.org.br
		arls397@gopsp.org.br.
		arls397@gopsp.org.br
		gabinete@gopsp.org.br,
		arls242@gopsp.org.br&
		arls242@gopsp.org.br

	Checking 38 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
		Host 104.243.65.0 is up (reset ttl 64)
		Host 142.44.153.0 is up (echo-reply ttl 118)
		Host 5.135.31.128 is up (reset ttl 64)
		Host 51.254.70.0 is up (reset ttl 64)
		Host 176.31.140.80 is up (reset ttl 64)
		Host 198.50.170.32 is up (echo-reply ttl 120)
		Host 178.33.242.0 is up (reset ttl 64)
		Host 46.105.146.0 is up (reset ttl 64)
		Host 201.76.40.2 is up (reset ttl 64)
		Host 188.165.144.128 is up (reset ttl 64)
		Host 187.45.246.2 is up (reset ttl 64)
		Host 5.135.241.64 is up (reset ttl 64)
		Host 178.33.9.160 is up (reset ttl 64)
		Host 67.225.228.134 is up (reset ttl 64)
		Host 177.153.23.242 is up (reset ttl 64)
		Host 176.31.69.160 is up (reset ttl 64)
		Host 51.38.210.0 is up (reset ttl 64)
		Host 188.165.95.224 is up (reset ttl 64)
		Host 176.31.7.0 is up (reset ttl 64)
		Host 174.142.165.40 is up (echo-reply ttl 120)
		Host 5.196.146.128 is up (reset ttl 64)
		Host 174.142.128.32 is up (echo-reply ttl 120)
		Host 162.254.227.0 is up (reset ttl 64)
		Host 37.59.169.64 is up (reset ttl 64)
		Host 189.126.108.2 is up (reset ttl 64)
		Host 54.36.22.0 is up (reset ttl 64)
		Host 67.227.87.0 is up (reset ttl 64)
		Host 216.169.98.0 is up (reset ttl 64)
		Host 200.234.204.130 is up (reset ttl 64)
		Host 178.33.84.64 is up (reset ttl 64)
		Host 176.31.145.240 is up (reset ttl 64)
		Host 174.142.73.240 is up (echo-reply ttl 120)
		Host 67.227.85.0 is up (reset ttl 64)
		Host 192.99.26.0 is up (echo-reply ttl 120)
		Host 186.202.4.42 is up (echo-reply ttl 234)
		Host 96.45.68.0 is up (reset ttl 64)
		Host 37.59.131.32 is up (reset ttl 64)
		Host 217.182.181.0 is up (reset ttl 64)

	Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
		Scanning ip 104.243.65.0 ():
		Scanning ip 142.44.153.0 ():
		Scanning ip 5.135.31.128 ():
		Scanning ip 51.254.70.0 ():
		Scanning ip 176.31.140.80 ():
		Scanning ip 198.50.170.32 ():
		Scanning ip 178.33.242.0 ():
		Scanning ip 46.105.146.0 ():
		Scanning ip 201.76.40.2 (ns2.locaweb.com.br (PTR)):
			1723/tcp open   tcpwrapped   syn-ack ttl 45
				|_pptp-version: ERROR: Script execution failed (use -d to debug)
		Scanning ip 188.165.144.128 ():
		Scanning ip 187.45.246.2 (ns3.locaweb.com.br (PTR)):
			21/tcp  open   tcpwrapped   syn-ack ttl 46
		Scanning ip 5.135.241.64 ():
		Scanning ip 178.33.9.160 ():
		Scanning ip 67.225.228.134 (www.gopsp.org.br.):
		Scanning ip 177.153.23.242 (mx.b.locaweb.com.br):
				Device type: storage-misc|general purpose
				Running: Sun embedded, Sun OpenSolaris, Sun Solaris 10|8|9
		Scanning ip 176.31.69.160 ():
		Scanning ip 51.38.210.0 ():
		Scanning ip 188.165.95.224 ():
		Scanning ip 176.31.7.0 ():
		Scanning ip 174.142.165.40 ():
				Device type: firewall|general purpose|media device
		Scanning ip 5.196.146.128 ():
		Scanning ip 174.142.128.32 ():
		Scanning ip 162.254.227.0 ():
		Scanning ip 37.59.169.64 ():
		Scanning ip 189.126.108.2 (ns1.locaweb.com.br (PTR)):
			587/tcp open   tcpwrapped   syn-ack ttl 46
				|_smtp-commands: Couldn't establish connection on port 587
		Scanning ip 54.36.22.0 ():
		Scanning ip 67.227.87.0 ():
		Scanning ip 216.169.98.0 ():
		Scanning ip 200.234.204.130 (mx.jk.locaweb.com.br (PTR)):
				Device type: storage-misc|general purpose
				Running: Sun embedded, Sun OpenSolaris, Sun Solaris 10|8|9
		Scanning ip 178.33.84.64 ():
		Scanning ip 176.31.145.240 ():
		Scanning ip 174.142.73.240 ():
		Scanning ip 67.227.85.0 ():
		Scanning ip 192.99.26.0 ():
		Scanning ip 186.202.4.42 (mx.a.locaweb.com.br (PTR)):
		Scanning ip 96.45.68.0 ():
		Scanning ip 37.59.131.32 ():
		Scanning ip 217.182.181.0 ():
	WebCrawling domain's web servers... up to 50 max links.
--Finished--
Summary information for domain gopsp.org.br.
-----------------------------------------
	Domain Specific Information:
		Email: gabinete@gopsp.org.br
		Email: arls397@gopsp.org.br.
		Email: arls397@gopsp.org.br
		Email: gabinete@gopsp.org.br,
		Email: arls242@gopsp.org.br&
		Email: arls242@gopsp.org.br

	Domain Ips Information:
		IP: 104.243.65.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 142.44.153.0
			Type: SPF
			Is Active: True (echo-reply ttl 118)
		IP: 5.135.31.128
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 51.254.70.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 176.31.140.80
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 198.50.170.32
			Type: SPF
			Is Active: True (echo-reply ttl 120)
		IP: 178.33.242.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 46.105.146.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 201.76.40.2
			HostName: ns2.locaweb.com.br 			Type: NS
			HostName: ns2.locaweb.com.br			Type: PTR
			Country: Brazil
			Is Active: True (reset ttl 64)
			Port: 1723/tcp open   tcpwrapped   syn-ack ttl 45
				Script Info: |_pptp-version: ERROR: Script execution failed (use -d to debug)
		IP: 188.165.144.128
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 187.45.246.2
			HostName: ns3.locaweb.com.br 			Type: NS
			HostName: ns3.locaweb.com.br			Type: PTR
			Country: Brazil
			Is Active: True (reset ttl 64)
			Port: 21/tcp  open   tcpwrapped   syn-ack ttl 46
		IP: 5.135.241.64
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 178.33.9.160
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 67.225.228.134
			HostName: www.gopsp.org.br. 			Type: A
			Country: United States
			Is Active: True (reset ttl 64)
		IP: 177.153.23.242
			HostName: mx.b.locaweb.com.br 			Type: MX
			Country: Brazil
			Is Active: True (reset ttl 64)
				Script Info: Device type: storage-misc|general purpose
				Script Info: Running: Sun embedded, Sun OpenSolaris, Sun Solaris 10|8|9
		IP: 176.31.69.160
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 51.38.210.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 188.165.95.224
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 176.31.7.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 174.142.165.40
			Type: SPF
			Is Active: True (echo-reply ttl 120)
				Script Info: Device type: firewall|general purpose|media device
		IP: 5.196.146.128
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 174.142.128.32
			Type: SPF
			Is Active: True (echo-reply ttl 120)
		IP: 162.254.227.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 37.59.169.64
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 189.126.108.2
			HostName: ns1.locaweb.com.br 			Type: NS
			HostName: ns1.locaweb.com.br			Type: PTR
			Country: Brazil
			Is Active: True (reset ttl 64)
			Port: 587/tcp open   tcpwrapped   syn-ack ttl 46
				Script Info: |_smtp-commands: Couldn't establish connection on port 587
		IP: 54.36.22.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 67.227.87.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 216.169.98.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 200.234.204.130
			HostName: mx.jk.locaweb.com.br 			Type: MX
			HostName: mx.jk.locaweb.com.br			Type: PTR
			Country: Brazil
			Is Active: True (reset ttl 64)
				Script Info: Device type: storage-misc|general purpose
				Script Info: Running: Sun embedded, Sun OpenSolaris, Sun Solaris 10|8|9
		IP: 178.33.84.64
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 176.31.145.240
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 174.142.73.240
			Type: SPF
			Is Active: True (echo-reply ttl 120)
		IP: 67.227.85.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 192.99.26.0
			Type: SPF
			Is Active: True (echo-reply ttl 120)
		IP: 186.202.4.42
			HostName: mx.a.locaweb.com.br 			Type: MX
			HostName: mx.a.locaweb.com.br			Type: PTR
			Country: Brazil
			Is Active: True (echo-reply ttl 234)
		IP: 96.45.68.0
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 37.59.131.32
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 217.182.181.0
			Type: SPF
			Is Active: True (reset ttl 64)
#######################################################################################################################################
dnsenum VERSION:1.2.4

-----   gopsp.org.br   -----


Host's addresses:
__________________

gopsp.org.br.                            1629     IN    A        67.225.228.134


Wildcard detection using: iwamdhnmibup
_______________________________________

iwamdhnmibup.gopsp.org.br.               3600     IN    A        67.225.228.134


!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 Wildcards detected, all subdomains will point to the same IP address
 Omitting results containing 67.225.228.134.
 Maybe you are using OpenDNS servers.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!


Name Servers:
______________

ns1.locaweb.com.br.                      2796     IN    A        189.126.108.2
ns3.locaweb.com.br.                      2796     IN    A        187.45.246.2
ns2.locaweb.com.br.                      2795     IN    A        201.76.40.2


Mail (MX) Servers:
___________________

mx.jk.locaweb.com.br.                    186      IN    A        200.234.204.130
mx.a.locaweb.com.br.                     31229    IN    A        186.202.4.42
mx.b.locaweb.com.br.                     2413     IN    A        177.153.23.242


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for gopsp.org.br on ns1.locaweb.com.br ...

Trying Zone Transfer for gopsp.org.br on ns3.locaweb.com.br ...

Trying Zone Transfer for gopsp.org.br on ns2.locaweb.com.br ...

brute force file not specified, bay.
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------

[1/100] /?sa=X
	 [x] Error downloading /?sa=X
[2/100] /advanced_search
	 [x] Error downloading /advanced_search
[3/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D345%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D345%26tipo%3D2
[4/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D350%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D350%26tipo%3D2
[5/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D346%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D346%26tipo%3D2
[6/100] http://app.gopsp.org.br/app/Content/dist/historia.pdf
[7/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D349%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D349%26tipo%3D2
[8/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D390%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D390%26tipo%3D2
[9/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D353%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D353%26tipo%3D2
[10/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D354%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D354%26tipo%3D2
[11/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D342%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D342%26tipo%3D2
[12/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D386%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D386%26tipo%3D2
[13/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D387%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D387%26tipo%3D2
[14/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D360%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D360%26tipo%3D2
[15/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D373%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D373%26tipo%3D2
[16/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D389%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D389%26tipo%3D2
[17/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D336%26tipo%3D2
	 [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D336%26tipo%3D2
[18/100] http://app.gopsp.org.br/app/Content/dist/convenio_uniprevcard_email_mkt.pdf
[19/100] http://arls343.gopsp.org.br/baixarDocumento.php%3Fid%3D11%26tipo%3D11
=======================================================================================================================================

[+] List of users found:
--------------------------
Raul Audi Junior
Audi Comunica��o

[+] List of software found:
-----------------------------
��Microsoft� Word 2010
Acrobat Distiller 10.1.16 (Macintosh)
Adobe Graphics Manager
======================================================================================================================================
#######################################################################################################################################
[-] Enumerating subdomains now for gopsp.org.br
[-] verbosity is enabled, will show the subdomains results in realtime
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
SSL Certificates: autodiscover.gopsp.org.br
SSL Certificates: cpanel.gopsp.org.br
SSL Certificates: mail.gopsp.org.br
SSL Certificates: webdisk.gopsp.org.br
SSL Certificates: webmail.gopsp.org.br
SSL Certificates: www.gopsp.org.br
SSL Certificates: betha.gopsp.org.br
SSL Certificates: www.betha.gopsp.org.br
SSL Certificates: alpha.gopsp.org.br
SSL Certificates: www.alpha.gopsp.org.br
SSL Certificates: teste.gopsp.org.br
SSL Certificates: www.teste.gopsp.org.br
SSL Certificates: brasil3.gopsp.org.br
SSL Certificates: www.brasil3.gopsp.org.br
Bing: blog.gopsp.org.br
Bing: arls343.gopsp.org.br
Bing: homolog.gopsp.org.br
Bing: app.gopsp.org.br
Yahoo: blog.gopsp.org.br
Yahoo: arls343.gopsp.org.br
Yahoo: homolog.gopsp.org.br
[-] Saving results to file: /usr/share/sniper/loot/workspace/gopsp.org.br/domains/domains-gopsp.org.br.txt
[-] Total Unique Subdomains Found: 18
www.gopsp.org.br
alpha.gopsp.org.br
www.alpha.gopsp.org.br
app.gopsp.org.br
arls343.gopsp.org.br
autodiscover.gopsp.org.br
betha.gopsp.org.br
www.betha.gopsp.org.br
blog.gopsp.org.br
brasil3.gopsp.org.br
www.brasil3.gopsp.org.br
cpanel.gopsp.org.br
homolog.gopsp.org.br
mail.gopsp.org.br
teste.gopsp.org.br
www.teste.gopsp.org.br
webdisk.gopsp.org.br
webmail.gopsp.org.br
#######################################################################################################################################
teste.gopsp.org.br,191.252.4.30
app.gopsp.org.br,191.252.4.30
homolog.gopsp.org.br,191.252.4.30
gopsp.org.br,67.225.228.134
autodiscover.gopsp.org.br,186.202.140.232
cpanel.gopsp.org.br,67.225.228.134
ftp.gopsp.org.br,179.188.15.200
www.gopsp.org.br,67.225.228.134
ns2.gopsp.org.br,201.76.40.2,2804:218:d2::cafe
imap3.gopsp.org.br,191.252.112.194
ns3.gopsp.org.br,187.45.246.2,2804:218:d3::faca
ns1.gopsp.org.br,189.126.108.2,2804:218:d1::ca5a
alpha.gopsp.org.br,67.225.228.134
www.brasil3.gopsp.org.br,67.225.228.134
www.betha.gopsp.org.br,67.225.228.134
webdisk.gopsp.org.br,67.225.228.134
www.alpha.gopsp.org.br,67.225.228.134
www.teste.gopsp.org.br,191.252.4.30
webmail.gopsp.org.br,186.202.140.235,186.202.140.220,186.202.140.244
brasil3.gopsp.org.br,67.225.228.134
www.app.gopsp.org.br,191.252.4.30
blog.gopsp.org.br,191.252.4.30
#######################################################################################################################################
===============================================
-=Subfinder v1.1.3 github.com/subfinder/subfinder
===============================================


Running Source: Ask
Running Source: Archive.is
Running Source: Baidu
Running Source: Bing
Running Source: CertDB
Running Source: CertificateTransparency
Running Source: Certspotter
Running Source: Commoncrawl
Running Source: Crt.sh
Running Source: Dnsdb
Running Source: DNSDumpster
Running Source: DNSTable
Running Source: Dogpile
Running Source: Exalead
Running Source: Findsubdomains
Running Source: Googleter
Running Source: Hackertarget
Running Source: Ipv4Info
Running Source: PTRArchive
Running Source: Sitedossier
Running Source: Threatcrowd
Running Source: ThreatMiner
Running Source: WaybackArchive
Running Source: Yahoo

Found Wildcard DNS at gopsp.org.br
 - 67.225.228.134
Running enumeration on gopsp.org.br

ipv4info: <nil>

waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.gopsp.org.br/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL


Starting Bruteforcing of gopsp.org.br with 9985 words

Total 48 Unique subdomains found for gopsp.org.br

.gopsp.org.br
alpha.gopsp.org.br
antigo.gopsp.org.br
app.gopsp.org.br
app.gopsp.org.br
arls343.gopsp.org.br
autodiscover.gopsp.org.br
autodiscover.gopsp.org.br
betha.gopsp.org.br
blog.gopsp.org.br
blog.gopsp.org.br
brasil3.gopsp.org.br
calendario.gopsp.org.br
cpanel.gopsp.org.br
ftp.gopsp.org.br
gerenciador.gopsp.org.br
homolog.gopsp.org.br
homolog.gopsp.org.br
imap.gopsp.org.br
imap3.gopsp.org.br
mail.gopsp.org.br
mail.gopsp.org.br
mobile.gopsp.org.br
mx1.gopsp.org.br
mx2.gopsp.org.br
mx3.gopsp.org.br
mx4.gopsp.org.br
ns1.gopsp.org.br
ns2.gopsp.org.br
ns3.gopsp.org.br
painel.gopsp.org.br
pda.gopsp.org.br
pop.gopsp.org.br
pop3.gopsp.org.br
relatorio.gopsp.org.br
smtp.gopsp.org.br
teste.gopsp.org.br
teste.gopsp.org.br
tracking.gopsp.org.br
webdisk.gopsp.org.br
webmail.gopsp.org.br
webmail.gopsp.org.br
www.alpha.gopsp.org.br
www.app.gopsp.org.br
www.betha.gopsp.org.br
www.brasil3.gopsp.org.br
www.gopsp.org.br
www.teste.gopsp.org.br
#######################################################################################################################################
[*] Processing domain gopsp.org.br
[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
[+] Getting nameservers
189.126.108.2 - ns1.locaweb.com.br
187.45.246.2 - ns3.locaweb.com.br
201.76.40.2 - ns2.locaweb.com.br
[-] Zone transfer failed

[+] TXT records found
"v=spf1 a mx include:_spf.elasticemail.com ~all"

[+] MX records found, added to target list
20 mx.jk.locaweb.com.br.
10 mx.a.locaweb.com.br.
10 mx.b.locaweb.com.br.

[+] Wildcard domain found - 67.225.228.134
[*] Scanning gopsp.org.br for A records
191.252.4.30 - app.gopsp.org.br
186.202.140.232 - autodiscover.gopsp.org.br
191.252.4.30 - blog.gopsp.org.br
179.188.15.200 - ftp.gopsp.org.br
191.252.112.195 - imap.gopsp.org.br
191.252.112.195 - mail.gopsp.org.br
191.252.112.195 - mobile.gopsp.org.br
189.126.108.2 - ns1.gopsp.org.br
201.76.40.2 - ns2.gopsp.org.br
187.45.246.2 - ns3.gopsp.org.br
191.252.112.195 - pda.gopsp.org.br
191.252.112.195 - pop.gopsp.org.br
191.252.112.195 - pop3.gopsp.org.br
191.252.112.195 - smtp.gopsp.org.br
186.202.140.220 - webmail.gopsp.org.br
186.202.140.244 - webmail.gopsp.org.br
186.202.140.235 - webmail.gopsp.org.br
#######################################################################################################################################
alpha.gopsp.org.br
autodiscover.gopsp.org.br
betha.gopsp.org.br
brasil3.gopsp.org.br
cpanel.gopsp.org.br
mail.gopsp.org.br
teste.gopsp.org.br
webdisk.gopsp.org.br
webmail.gopsp.org.br
www.alpha.gopsp.org.br
www.betha.gopsp.org.br
www.brasil3.gopsp.org.br
www.gopsp.org.br
www.teste.gopsp.org.br
#######################################################################################################################################
alpha.gopsp.org.br
autodiscover.gopsp.org.br
blog.gopsp.org.br
cpanel.gopsp.org.br
mail.gopsp.org.br
pop.gopsp.org.br
teste.gopsp.org.br
webdisk.gopsp.org.br
webmail.gopsp.org.br
www.alpha.gopsp.org.br
www.betha.gopsp.org.br
www.gopsp.org.br
www.teste.gopsp.org.br
#######################################################################################################################################
[*] Found SPF record:
[*] v=spf1 a mx include:_spf.elasticemail.com ~all
[*] SPF record contains an All item: ~all
[*] Found DMARC record:
[*] v=DMARC1; p=none; ruf=mailto:relatorios@masonweb.com.br
[+] DMARC policy set to none
[*] Forensics reports will be sent: mailto:relatorios@masonweb.com.br
[+] Spoofing possible for gopsp.org.br!
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:43 EDT
Nmap scan report for gopsp.org.br (67.225.228.134)
Host is up (0.29s latency).
rDNS record for 67.225.228.134: srv01.imserver.com.br
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
500/udp  open|filtered isakmp
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 6.27 seconds
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:01 EDT
Nmap scan report for srv01.imserver.com.br (67.225.228.134)
Host is up (0.081s latency).
Not shown: 477 filtered ports, 3 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE
53/tcp  open  domain
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 5.07 seconds
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:01 EDT
Nmap scan report for srv01.imserver.com.br (67.225.228.134)
Host is up (0.089s latency).
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open          domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
500/udp  open|filtered isakmp
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 1.99 seconds
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:01 EDT
Nmap scan report for srv01.imserver.com.br (67.225.228.134)
Host is up (0.10s latency).

PORT   STATE SERVICE VERSION
53/tcp open  domain  ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
|_dns-fuzz: Server didn't response to our probe, can't fuzz
| dns-nsec-enum:
|_  No NSEC records found
| dns-nsec3-enum:
|_  DNSSEC NSEC3 not supported
| dns-nsid:
|_  bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
|_vulscan: ERROR: Script execution failed (use -d to debug)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|storage-misc|firewall
Running (JUST GUESSING): Linux 2.6.X|3.X (89%), Synology DiskStation Manager 5.X (88%), WatchGuard Fireware 11.X (86%)
OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8
Aggressive OS guesses: Linux 2.6.32 or 3.10 (89%), Linux 2.6.32 (88%), Synology DiskStation Manager 5.1 (88%), Linux 2.6.39 (88%), Linux 3.4 (87%), Linux 3.1 - 3.2 (87%), Linux 3.10 (86%), WatchGuard Fireware 11.8 (86%), Linux 2.6.32 - 2.6.39 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 12 hops
Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6

Host script results:
| dns-blacklist:
|   SPAM
|_    l2.apews.org - SPAM
| dns-brute:
|   DNS Brute-force hostnames:
|     ns1.imserver.com.br - 67.225.228.134
|     ns2.imserver.com.br - 72.52.229.187
|     mail.imserver.com.br - 67.225.228.134
|     www.imserver.com.br - 67.225.228.134
|_    ftp.imserver.com.br - 67.225.228.134

TRACEROUTE (using port 53/tcp)
HOP RTT       ADDRESS
1   89.16 ms  10.250.204.1
2   89.20 ms  104.245.145.161
3   89.24 ms  te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
4   89.26 ms  te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
5   89.24 ms  te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
6   89.30 ms  be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
7   89.32 ms  be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
8   89.35 ms  be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
9   89.37 ms  38.32.96.98
10  57.27 ms  lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
11  82.31 ms  lw-dc3-storm1.rtr.liquidweb.com (69.167.128.141)
12  137.82 ms srv01.imserver.com.br (67.225.228.134)
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:01 EDT
NSE: Loaded 164 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 11:01
Completed NSE at 11:01, 0.00s elapsed
Initiating NSE at 11:01
Completed NSE at 11:01, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 11:01
Completed Parallel DNS resolution of 1 host. at 11:01, 0.02s elapsed
Initiating SYN Stealth Scan at 11:01
Scanning srv01.imserver.com.br (67.225.228.134) [1 port]
Discovered open port 80/tcp on 67.225.228.134
Completed SYN Stealth Scan at 11:01, 0.13s elapsed (1 total ports)
Initiating Service scan at 11:01
Scanning 1 service on srv01.imserver.com.br (67.225.228.134)
Completed Service scan at 11:02, 6.16s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against srv01.imserver.com.br (67.225.228.134)
Retrying OS detection (try #2) against srv01.imserver.com.br (67.225.228.134)
Initiating Traceroute at 11:02
Completed Traceroute at 11:02, 0.23s elapsed
Initiating Parallel DNS resolution of 12 hosts. at 11:02
Completed Parallel DNS resolution of 12 hosts. at 11:02, 0.24s elapsed
NSE: Script scanning 67.225.228.134.
Initiating NSE at 11:02
NSE: [http-wordpress-enum 67.225.228.134:80] got no answers from pipelined queries
Completed NSE at 11:05, 171.89s elapsed
Initiating NSE at 11:05
Completed NSE at 11:05, 2.00s elapsed
Nmap scan report for srv01.imserver.com.br (67.225.228.134)
Host is up (0.11s latency).

PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
| http-brute:
|_  Path "/" does not require authentication
|_http-chrono: Request times for /; avg: 16202.33ms; min: 16151.27ms; max: 16278.11ms
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-date: Mon, 09 Sep 2019 15:02:10 GMT; -3s from local time.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-errors: Couldn't find any error pages.
|_http-feed: Couldn't find any feeds.
|_http-fetch: Please enter the complete path of the directory to save data in.
| http-headers:
|   Date: Mon, 09 Sep 2019 15:02:12 GMT
|   Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
|   Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
|   ETag: "200271-a3-580a35a1678c0"
|   Accept-Ranges: bytes
|   Content-Length: 163
|   Vary: Accept-Encoding
|   Connection: close
|   Content-Type: text/html
|
|_  (Request type: HEAD)
| http-iis-short-name-brute:
|   VULNERABLE:
|   Microsoft IIS tilde character "~" short name disclosure and denial of service
|     State: VULNERABLE (Exploitable)
|       Vulnerable IIS servers disclose folder and file names with a Windows 8.3 naming scheme inside the root folder.
|       Shortnames can be used to guess or brute force sensitive filenames. Attackers can exploit this vulnerability to
|       cause a denial of service condition.
|
|     Extra information:
|
|   8.3 filenames found:
|     Folders
|       ~1
|       ~2
|       ~3
|       ~4
|
|     References:
|       https://www.securityfocus.com/archive/1/523424
|       https://github.com/irsdl/IIS-ShortName-Scanner
|_      http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
| http-methods:
|   Supported Methods: OPTIONS HEAD GET POST TRACE
|_  Potentially risky methods: TRACE
|_http-mobileversion-checker: No mobile version detected.
| http-php-version: Logo query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
|_Credits query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
|_http-security-headers:
| http-sitemap-generator:
|   Directory structure:
|     /
|       Other: 1
|   Longest directory structure:
|     Depth: 0
|     Dir: /
|   Total files found (by extension):
|_    Other: 1
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-title: Site doesn't have a title (text/html).
| http-trace: TRACE is enabled
| Headers:
| Date: Mon, 09 Sep 2019 15:02:11 GMT
| Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
| Connection: close
| Transfer-Encoding: chunked
|_Content-Type: message/http
| http-vhosts:
| 125 names had status 200
| mail.imserver.com.br : 302 -> http://www.masonweb.com.br
|_www.imserver.com.br : 302 -> http://www.masonweb.com.br
| http-waf-detect: IDS/IPS/WAF detected:
|_srv01.imserver.com.br:80/?p4yl04d3=<script>alert(document.cookie)</script>
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-xssed: No previously reported XSS vuln.
|_vulscan: ERROR: Script execution failed (use -d to debug)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|firewall|storage-misc
Running (JUST GUESSING): Linux 2.6.X|3.X (90%), WatchGuard Fireware 11.X (89%), Synology DiskStation Manager 5.X (88%)
OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
Aggressive OS guesses: Linux 2.6.32 (90%), Linux 2.6.39 (90%), Linux 3.10 (89%), Linux 3.4 (89%), WatchGuard Fireware 11.8 (89%), Linux 3.1 - 3.2 (89%), Synology DiskStation Manager 5.1 (88%), Linux 2.6.32 or 3.10 (87%), Linux 2.6.32 - 2.6.39 (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 2.396 days (since Sat Sep  7 01:35:19 2019)
Network Distance: 12 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   85.27 ms  10.250.204.1
2   85.35 ms  104.245.145.161
3   85.39 ms  te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
4   85.42 ms  te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
5   85.47 ms  te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
6   85.50 ms  be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
7   85.53 ms  be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
8   85.57 ms  be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
9   85.60 ms  38.32.96.98
10  56.09 ms  lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
11  81.66 ms  lw-dc3-storm2.rtr.liquidweb.com (69.167.128.145)
12  138.00 ms srv01.imserver.com.br (67.225.228.134)

NSE: Script Post-scanning.
Initiating NSE at 11:05
Completed NSE at 11:05, 0.00s elapsed
Initiating NSE at 11:05
Completed NSE at 11:05, 0.00s elapsed
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:08 EDT
NSE: Loaded 164 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 11:08
Completed NSE at 11:08, 0.00s elapsed
Initiating NSE at 11:08
Completed NSE at 11:08, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 11:08
Completed Parallel DNS resolution of 1 host. at 11:08, 0.02s elapsed
Initiating SYN Stealth Scan at 11:08
Scanning srv01.imserver.com.br (67.225.228.134) [1 port]
Completed SYN Stealth Scan at 11:08, 0.55s elapsed (1 total ports)
Initiating Service scan at 11:08
Initiating OS detection (try #1) against srv01.imserver.com.br (67.225.228.134)
Retrying OS detection (try #2) against srv01.imserver.com.br (67.225.228.134)
Initiating Traceroute at 11:08
Completed Traceroute at 11:08, 6.11s elapsed
Initiating Parallel DNS resolution of 11 hosts. at 11:08
Completed Parallel DNS resolution of 11 hosts. at 11:08, 0.27s elapsed
NSE: Script scanning 67.225.228.134.
Initiating NSE at 11:08
Completed NSE at 11:08, 0.01s elapsed
Initiating NSE at 11:08
Completed NSE at 11:08, 0.00s elapsed
Nmap scan report for srv01.imserver.com.br (67.225.228.134)
Host is up.

PORT    STATE    SERVICE VERSION
443/tcp filtered https
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   89.05 ms 10.250.204.1
2   89.09 ms 104.245.145.161
3   89.13 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
4   89.15 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
5   89.12 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
6   89.18 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
7   89.21 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
8   89.25 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
9   89.23 ms 38.32.96.98
10  55.84 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
11  83.08 ms lw-dc3-storm2.rtr.liquidweb.com (69.167.128.137)
12  ... 30

NSE: Script Post-scanning.
Initiating NSE at 11:08
Completed NSE at 11:08, 0.00s elapsed
Initiating NSE at 11:08
Completed NSE at 11:08, 0.00s elapsed
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:13 EDT
NSE: Loaded 47 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 11:13
Completed NSE at 11:13, 0.00s elapsed
Initiating NSE at 11:13
Completed NSE at 11:13, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 11:13
Completed Parallel DNS resolution of 1 host. at 11:13, 0.02s elapsed
Initiating UDP Scan at 11:13
Scanning srv01.imserver.com.br (67.225.228.134) [15 ports]
Completed UDP Scan at 11:13, 3.50s elapsed (15 total ports)
Initiating Service scan at 11:13
Scanning 12 services on srv01.imserver.com.br (67.225.228.134)
Service scan Timing: About 8.33% done; ETC: 11:29 (0:14:18 remaining)
Completed Service scan at 11:15, 102.60s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against srv01.imserver.com.br (67.225.228.134)
Retrying OS detection (try #2) against srv01.imserver.com.br (67.225.228.134)
Initiating Traceroute at 11:15
Completed Traceroute at 11:15, 7.08s elapsed
Initiating Parallel DNS resolution of 1 host. at 11:15
Completed Parallel DNS resolution of 1 host. at 11:15, 0.00s elapsed
NSE: Script scanning 67.225.228.134.
Initiating NSE at 11:15
Completed NSE at 11:15, 7.12s elapsed
Initiating NSE at 11:15
Completed NSE at 11:15, 1.01s elapsed
Nmap scan report for srv01.imserver.com.br (67.225.228.134)
Host is up (0.050s latency).

PORT     STATE         SERVICE      VERSION
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  filtered      netbios-ns
138/udp  filtered      netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  filtered      snmptrap
389/udp  open|filtered ldap
500/udp  open|filtered isakmp
|_ike-version: ERROR: Script execution failed (use -d to debug)
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using port 137/udp)
HOP RTT      ADDRESS
1   54.83 ms 10.250.204.1
2   ... 3
4   32.08 ms 10.250.204.1
5   97.64 ms 10.250.204.1
6   97.63 ms 10.250.204.1
7   97.63 ms 10.250.204.1
8   97.60 ms 10.250.204.1
9   64.32 ms 10.250.204.1
10  31.86 ms 10.250.204.1
11  ... 18
19  59.23 ms 10.250.204.1
20  33.07 ms 10.250.204.1
21  ... 27
28  33.54 ms 10.250.204.1
29  ...
30  33.89 ms 10.250.204.1

NSE: Script Post-scanning.
Initiating NSE at 11:15
Completed NSE at 11:15, 0.00s elapsed
Initiating NSE at 11:15
Completed NSE at 11:15, 0.00s elapsed
#######################################################################################################################################
Hosts
=====

address         mac  name                   os_name  os_flavor  os_sp  purpose  info  comments
-------         ---  ----                   -------  ---------  -----  -------  ----  --------
67.225.228.134       srv01.imserver.com.br  Unknown                    device

Services
========

host            port  proto  name          state     info
----            ----  -----  ----          -----     ----
67.225.228.134  53    udp    domain        unknown
67.225.228.134  67    udp    dhcps         unknown
67.225.228.134  68    udp    dhcpc         unknown
67.225.228.134  69    udp    tftp          unknown
67.225.228.134  88    udp    kerberos-sec  unknown
67.225.228.134  123   udp    ntp           unknown
67.225.228.134  137   udp    netbios-ns    filtered
67.225.228.134  138   udp    netbios-dgm   filtered
67.225.228.134  139   udp    netbios-ssn   unknown
67.225.228.134  161   udp    snmp          unknown
67.225.228.134  162   udp    snmptrap      filtered
67.225.228.134  389   udp    ldap          unknown
67.225.228.134  500   udp    isakmp        unknown
67.225.228.134  520   udp    route         unknown
67.225.228.134  2049  udp    nfs           unknown
#######################################################################################################################################
                                          Anonymous JTSEC #OpAmazonia Full Recon #24