Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname gopsp.org.br ISP Liquid Web, L.L.C
- Continent North America Flag
- US
- Country United States Country Code US
- Region Michigan Local time 09 Sep 2019 09:30 EDT
- City Lansing Postal Code 48917
- IP Address 67.225.228.134 Latitude 42.735
- Longitude -84.625
- ======================================================================================================================================
- ######################################################################################################################################
- > gopsp.org.br
- Server: 185.93.180.131
- Address: 185.93.180.131#53
- Non-authoritative answer:
- Name: gopsp.org.br
- Address: 67.225.228.134
- >
- #######################################################################################################################################
- domain: gopsp.org.br
- owner: Grande Oriente Paulista
- ownerid: 47.331.871/0001-51
- responsible: Pascoal Marracini
- country: BR
- owner-c: GROPA6
- admin-c: GROPA6
- tech-c: GROPA6
- billing-c: GROPA6
- nserver: ns1.locaweb.com.br
- nsstat: 20190908 AA
- nslastaa: 20190908
- nserver: ns2.locaweb.com.br
- nsstat: 20190908 AA
- nslastaa: 20190908
- nserver: ns3.locaweb.com.br
- nsstat: 20190908 AA
- nslastaa: 20190908
- saci: yes
- created: 20160718 #15875900
- changed: 20190802
- expires: 20240718
- status: published
- nic-hdl-br: GROPA6
- person: Grande Oriente Paulista
- e-mail: avelino@hbsistemas.com.br
- country: BR
- created: 20160623
- changed: 20160718
- ######################################################################################################################################
- [+] Target : gopsp.org.br
- [+] IP Address : 67.225.228.134
- [+] Headers :
- [+] Date : Mon, 09 Sep 2019 13:39:39 GMT
- [+] Server : Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [+] X-Powered-By : PHP/5.6.40
- [+] Expires : Thu, 19 Nov 1981 08:52:00 GMT
- [+] Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- [+] Pragma : no-cache
- [+] Content-Encoding : gzip
- [+] Vary : Accept-Encoding
- [+] Set-Cookie : PHPSESSID=rmqn16t38t18jhsj2mnatak0i6; path=/
- [+] Keep-Alive : timeout=2, max=500
- [+] Connection : Keep-Alive
- [+] Transfer-Encoding : chunked
- [+] Content-Type : text/html; charset=iso-8859-1
- [+] SSL Certificate Information :
- [+] commonName : gopsp.org.br
- [+] countryName : US
- [+] stateOrProvinceName : TX
- [+] localityName : Houston
- [+] organizationName : cPanel, Inc.
- [+] commonName : cPanel, Inc. Certification Authority
- [+] Version : 3
- [+] Serial Number : D31A0C0A2CF1B24716E776B5B1F1E40A
- [+] Not Before : Aug 31 00:00:00 2019 GMT
- [+] Not After : Nov 29 23:59:59 2019 GMT
- [+] OCSP : ('http://ocsp.comodoca.com',)
- [+] subject Alt Name : (('DNS', 'gopsp.org.br'), ('DNS', 'autodiscover.gopsp.org.br'), ('DNS', 'cpanel.gopsp.org.br'), ('DNS', 'mail.gopsp.org.br'), ('DNS', 'webdisk.gopsp.org.br'), ('DNS', 'webmail.gopsp.org.br'), ('DNS', 'www.gopsp.org.br'))
- [+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
- [+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
- [+] Whois Lookup :
- [+] NIR : None
- [+] ASN Registry : arin
- [+] ASN : 32244
- [+] ASN CIDR : 67.225.128.0/17
- [+] ASN Country Code : US
- [+] ASN Date : 2007-11-26
- [+] ASN Description : LIQUIDWEB - Liquid Web, L.L.C, US
- [+] cidr : 67.225.128.0/17
- [+] name : LIQUIDWEB
- [+] handle : NET-67-225-128-0-1
- [+] range : 67.225.128.0 - 67.225.255.255
- [+] description : Liquid Web, L.L.C
- [+] country : US
- [+] state : MI
- [+] city : Lansing
- [+] address : 4210 Creyts Rd.
- [+] postal_code : 48917
- [+] emails : ['ipadmin@liquidweb.com', 'abuse@liquidweb.com']
- [+] created : 2007-11-26
- [+] updated : 2016-12-19
- [+] Crawling Target...
- [+] Looking for robots.txt........[ Found ]
- [+] Extracting robots Links.......[ 1 ]
- #######################################################################################################################################
- [i] Scanning Site: https://gopsp.org.br
- B A S I C I N F O
- ====================
- [+] Site Title: GOPSP | Grande Oriente Paulista
- [+] IP address: 67.225.228.134
- [+] Web Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- User-agent: *
- Disallow: /uploads
- -----------[end of contents]-------------
- W H O I S L O O K U P
- ========================
- % Copyright (c) Nic.br
- % The use of the data below is only permitted as described in
- % full by the terms of use at https://registro.br/termo/en.html ,
- % being prohibited its distribution, commercialization or
- % reproduction, in particular, to use it for advertising or
- % any similar purpose.
- % 2019-09-09T10:40:18-03:00
- domain: gopsp.org.br
- owner: Grande Oriente Paulista
- ownerid: 47.331.871/0001-51
- responsible: Pascoal Marracini
- country: BR
- owner-c: GROPA6
- admin-c: GROPA6
- tech-c: GROPA6
- billing-c: GROPA6
- nserver: ns1.locaweb.com.br
- nsstat: 20190908 AA
- nslastaa: 20190908
- nserver: ns2.locaweb.com.br
- nsstat: 20190908 AA
- nslastaa: 20190908
- nserver: ns3.locaweb.com.br
- nsstat: 20190908 AA
- nslastaa: 20190908
- saci: yes
- created: 20160718 #15875900
- changed: 20190802
- expires: 20240718
- status: published
- nic-hdl-br: GROPA6
- person: Grande Oriente Paulista
- e-mail: avelino@hbsistemas.com.br
- country: BR
- created: 20160623
- changed: 20160718
- % Security and mail abuse issues should also be addressed to
- % cert.br, http://www.cert.br/ , respectivelly to cert@cert.br
- % and mail-abuse@cert.br
- %
- % whois.registro.br accepts only direct match queries. Types
- % of queries are: domain (.br), registrant (tax ID), ticket,
- % provider, contact handle (ID), CIDR block, IP and ASN.
- G E O I P L O O K U P
- =========================
- [i] IP Address: 67.225.228.134
- [i] Country: United States
- [i] State: Michigan
- [i] City: Lansing
- [i] Latitude: 42.7348
- [i] Longitude: -84.6245
- H T T P H E A D E R S
- =======================
- [i] HTTP/1.1 200 OK
- [i] Date: Mon, 09 Sep 2019 13:40:20 GMT
- [i] Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [i] X-Powered-By: PHP/5.6.40
- [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
- [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- [i] Pragma: no-cache
- [i] Set-Cookie: PHPSESSID=mu0rkj7trdf66m46e4o51vsit0; path=/
- [i] Vary: Accept-Encoding
- [i] Connection: close
- [i] Content-Type: text/html; charset=iso-8859-1
- D N S L O O K U P
- ===================
- gopsp.org.br. 3599 IN A 67.225.228.134
- gopsp.org.br. 3599 IN TXT "v=spf1 a mx include:_spf.elasticemail.com ~all"
- gopsp.org.br. 3599 IN SOA ns1.locaweb.com.br. postmaster.locaweb.com.br. 2016081001 3600 600 1209600 3600
- gopsp.org.br. 3599 IN NS ns3.locaweb.com.br.
- gopsp.org.br. 3599 IN NS ns1.locaweb.com.br.
- gopsp.org.br. 3599 IN MX 10 mx.a.locaweb.com.br.
- gopsp.org.br. 3599 IN NS ns2.locaweb.com.br.
- gopsp.org.br. 3599 IN MX 10 mx.b.locaweb.com.br.
- gopsp.org.br. 3599 IN MX 20 mx.jk.locaweb.com.br.
- S U B N E T C A L C U L A T I O N
- ====================================
- Address = 67.225.228.134
- Network = 67.225.228.134 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 67.225.228.134 - 67.225.228.134 }
- N M A P P O R T S C A N
- ============================
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-09 13:40 UTC
- Nmap scan report for gopsp.org.br (67.225.228.134)
- Host is up (0.028s latency).
- rDNS record for 67.225.228.134: srv01.imserver.com.br
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.77 seconds
- S U B - D O M A I N F I N D E R
- ==================================
- [i] Total Subdomains Found : 6
- [+] Subdomain: www.brasil3.gopsp.org.br
- [-] IP: 67.225.228.134
- [+] Subdomain: www.betha.gopsp.org.br
- [-] IP: 67.225.228.134
- [+] Subdomain: teste.gopsp.org.br
- [-] IP: 191.252.4.30
- [+] Subdomain: blog.gopsp.org.br
- [-] IP: 191.252.4.30
- [+] Subdomain: webdisk.gopsp.org.br
- [-] IP: 67.225.228.134
- [+] Subdomain: cpanel.gopsp.org.br
- [-] IP: 67.225.228.134
- #######################################################################################################################################
- [INFO] ------TARGET info------
- [*] TARGET: https://gopsp.org.br/
- [*] TARGET IP: 67.225.228.134
- [INFO] NO load balancer detected for gopsp.org.br...
- [*] DNS servers: ns1.locaweb.com.br.
- [*] TARGET server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [*] CC: US
- [*] Country: United States
- [*] RegionCode: MI
- [*] RegionName: Michigan
- [*] City: Lansing
- [*] ASN: AS32244
- [*] BGP_PREFIX: 67.225.128.0/17
- [*] ISP: LIQUIDWEB - Liquid Web, L.L.C, US
- [INFO] SSL/HTTPS certificate detected
- [*] Issuer: issuer=C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
- [*] Subject: subject=CN = gopsp.org.br
- [INFO] DNS enumeration:
- [*] ad.gopsp.org.br 67.225.228.134
- [*] admin.gopsp.org.br 67.225.228.134
- [*] ads.gopsp.org.br 67.225.228.134
- [*] alpha.gopsp.org.br srv01.imserver.com.br. 67.225.228.134
- [*] api.gopsp.org.br 67.225.228.134
- [*] api-online.gopsp.org.br 67.225.228.134
- [*] apolo.gopsp.org.br 67.225.228.134
- [*] app.gopsp.org.br 191.252.4.30
- [*] beta.gopsp.org.br 67.225.228.134
- [*] bi.gopsp.org.br 67.225.228.134
- [*] blog.gopsp.org.br 191.252.4.30
- [*] cdn.gopsp.org.br 67.225.228.134
- [*] events.gopsp.org.br 67.225.228.134
- [*] ex.gopsp.org.br 67.225.228.134
- [*] files.gopsp.org.br 67.225.228.134
- [*] ftp.gopsp.org.br ftp-orion06.locaweb.com.br. 179.188.15.200
- [*] gateway.gopsp.org.br 67.225.228.134
- [*] go.gopsp.org.br 67.225.228.134
- [*] help.gopsp.org.br 67.225.228.134
- [*] ib.gopsp.org.br 67.225.228.134
- [*] images.gopsp.org.br 67.225.228.134
- [*] internetbanking.gopsp.org.br 67.225.228.134
- [*] intranet.gopsp.org.br 67.225.228.134
- [*] jobs.gopsp.org.br 67.225.228.134
- [*] join.gopsp.org.br 67.225.228.134
- [*] live.gopsp.org.br 67.225.228.134
- [*] login.gopsp.org.br 67.225.228.134
- [*] m.gopsp.org.br 67.225.228.134
- [*] mail.gopsp.org.br pop.gopsp.org.br. mail.ita.locamail.com.br. 191.252.112.195
- [*] mail2.gopsp.org.br 67.225.228.134
- [*] mobile.gopsp.org.br pop.gopsp.org.br. mail.ita.locamail.com.br. 191.252.112.195
- [*] moodle.gopsp.org.br 67.225.228.134
- [*] mx.gopsp.org.br 67.225.228.134
- [*] mx2.gopsp.org.br mx.b.locaweb.com.br. 177.153.23.242
- [*] mx3.gopsp.org.br mx.jk.locaweb.com.br. 200.234.204.130
- [*] my.gopsp.org.br 67.225.228.134
- [*] new.gopsp.org.br 67.225.228.134
- [*] news.gopsp.org.br 67.225.228.134
- [*] ns1.gopsp.org.br ns1.locaweb.com.br. 189.126.108.2
- [*] ns2.gopsp.org.br ns2.locaweb.com.br. 201.76.40.2
- [*] ns3.gopsp.org.br ns3.locaweb.com.br. 187.45.246.2
- [*] oauth.gopsp.org.br 67.225.228.134
- [*] old.gopsp.org.br 67.225.228.134
- [*] one.gopsp.org.br 67.225.228.134
- [*] open.gopsp.org.br 67.225.228.134
- [*] out.gopsp.org.br 67.225.228.134
- [*] outlook.gopsp.org.br 67.225.228.134
- [*] portfolio.gopsp.org.br 67.225.228.134
- [*] raw.gopsp.org.br 67.225.228.134
- [*] repo.gopsp.org.br 67.225.228.134
- [*] router.gopsp.org.br 67.225.228.134
- [*] search.gopsp.org.br 67.225.228.134
- [*] siem.gopsp.org.br 67.225.228.134
- [*] slack.gopsp.org.br 67.225.228.134
- [*] slackbot.gopsp.org.br 67.225.228.134
- [*] snmp.gopsp.org.br 67.225.228.134
- [*] stream.gopsp.org.br 67.225.228.134
- [*] support.gopsp.org.br 67.225.228.134
- [*] syslog.gopsp.org.br 67.225.228.134
- [*] tags.gopsp.org.br 67.225.228.134
- [*] test.gopsp.org.br 67.225.228.134
- [*] upload.gopsp.org.br 67.225.228.134
- [*] video.gopsp.org.br 67.225.228.134
- [*] vpn.gopsp.org.br 67.225.228.134
- [*] webconf.gopsp.org.br 67.225.228.134
- [*] webmail.gopsp.org.br webmail.ita.locamail.com.br. 186.202.140.235 186.202.140.244 186.202.140.220
- [*] webportal.gopsp.org.br 67.225.228.134
- [*] wiki.gopsp.org.br 67.225.228.134
- [*] www2.gopsp.org.br 67.225.228.134
- [*] www3.gopsp.org.br 67.225.228.134
- [*] zendesk.gopsp.org.br 67.225.228.134
- [INFO] Possible abuse mails are:
- [*] abuse@gopsp.org.br
- [*] abuse@sourcedns.com
- [*] admin@sourcedns.com
- [*] ipadmin@liquidweb.com
- [*] lisa@webclickhosting.com
- [INFO] NO PAC (Proxy Auto Configuration) file FOUND
- [ALERT] robots.txt file FOUND in http://gopsp.org.br/robots.txt
- [INFO] Checking for HTTP status codes recursively from http://gopsp.org.br/robots.txt
- [INFO] Status code Folders
- [*] 200 http://gopsp.org.br/uploads
- [INFO] Starting FUZZing in http://gopsp.org.br/FUzZzZzZzZz...
- [INFO] Status code Folders
- [*] 200 http://gopsp.org.br/index
- [*] 200 http://gopsp.org.br/images
- [*] 200 http://gopsp.org.br/download
- [*] 200 http://gopsp.org.br/2006
- [*] 200 http://gopsp.org.br/news
- [*] 200 http://gopsp.org.br/crack
- [*] 200 http://gopsp.org.br/serial
- [*] 200 http://gopsp.org.br/warez
- [*] 200 http://gopsp.org.br/full
- [*] 200 http://gopsp.org.br/12
- [ALERT] Look in the source code. It may contain passwords
- [INFO] Links found from https://gopsp.org.br/ http://67.225.228.134/:
- [*] http://67.225.228.134/cgi-sys/defaultwebpage.cgi
- [*] http://masonweb.com.br/
- [*] http://mmp.org.br/Account/Login.aspx?ReturnUrl=/
- [*] https://gopsp.org.br/
- [*] https://gopsp.org.br/albuns/listar
- [*] https://gopsp.org.br/albuns/visualizar/1
- [*] https://gopsp.org.br/contato
- [*] https://gopsp.org.br/convites/listar
- [*] https://gopsp.org.br/convites/visualizar/1
- [*] https://gopsp.org.br/esqueceu-senha
- [*] https://gopsp.org.br/inicio
- [*] https://gopsp.org.br/institucional/administracao
- [*] https://gopsp.org.br/institucional/grao-mestres
- [*] https://gopsp.org.br/institucional/nossa-historia
- [*] https://gopsp.org.br/lojas/listar
- [*] https://gopsp.org.br/maconaria
- [*] https://gopsp.org.br/mensagem-grao-mestre/listar
- [*] https://gopsp.org.br/mensagem-grao-mestre/visualizar/391
- [*] https://gopsp.org.br/#myCarousel
- [*] https://gopsp.org.br/noticias/listar
- [*] https://gopsp.org.br/noticias/visualizar/368
- [*] https://gopsp.org.br/noticias/visualizar/378
- [*] https://gopsp.org.br/noticias/visualizar/386
- [*] https://gopsp.org.br/noticias/visualizar/388
- [*] https://gopsp.org.br/noticias/visualizar/393
- [*] https://gopsp.org.br/noticias/visualizar/394
- [*] https://gopsp.org.br/noticias/visualizar/395
- [*] https://gopsp.org.br/primeiro-acesso
- [*] https://gopsp.org.br/videos/listar
- [*] https://gopsp.org.br/videos/visualizar/4
- [*] http://www.casadomacombarretos.com.br/
- [*] http://www.cmisecretariaejecutiva.org/
- [*] http://www.comab.org.br/
- [INFO] GOOGLE has 918,000 results (0.38 seconds) about http://gopsp.org.br/
- [INFO] BING shows 67.225.228.134 is shared with 10,000 hosts/vhosts
- [INFO] Shodan detected the following opened ports on 67.225.228.134:
- [*] 443
- [*] 53
- [*] 80
- [INFO] ------VirusTotal SECTION------
- [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
- [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
- [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
- [INFO] ------Alexa Rank SECTION------
- [INFO] Percent of Visitors Rank in Country:
- [INFO] Percent of Search Traffic:
- [INFO] Percent of Unique Visits:
- [INFO] Total Sites Linking In:
- [*] Total Sites
- [INFO] Useful links related to gopsp.org.br - 67.225.228.134:
- [*] https://www.virustotal.com/pt/ip-address/67.225.228.134/information/
- [*] https://www.hybrid-analysis.com/search?host=67.225.228.134
- [*] https://www.shodan.io/host/67.225.228.134
- [*] https://www.senderbase.org/lookup/?search_string=67.225.228.134
- [*] https://www.alienvault.com/open-threat-exchange/ip/67.225.228.134
- [*] http://pastebin.com/search?q=67.225.228.134
- [*] http://urlquery.net/search.php?q=67.225.228.134
- [*] http://www.alexa.com/siteinfo/gopsp.org.br
- [*] http://www.google.com/safebrowsing/diagnostic?site=gopsp.org.br
- [*] https://censys.io/ipv4/67.225.228.134
- [*] https://www.abuseipdb.com/check/67.225.228.134
- [*] https://urlscan.io/search/#67.225.228.134
- [*] https://github.com/search?q=67.225.228.134&type=Code
- [INFO] Useful links related to AS32244 - 67.225.128.0/17:
- [*] http://www.google.com/safebrowsing/diagnostic?site=AS:32244
- [*] https://www.senderbase.org/lookup/?search_string=67.225.128.0/17
- [*] http://bgp.he.net/AS32244
- [*] https://stat.ripe.net/AS32244
- [INFO] Date: 09/09/19 | Time: 09:42:49
- [INFO] Total time: 2 minute(s) and 38 second(s)
- #######################################################################################################################################
- [*] Load target domain: gopsp.org.br
- - starting scanning @ 2019-09-09 09:42:57
- [+] Running & Checking source to be used
- ---------------------------------------------
- ⍥ Shodan [ ✕ ]
- ⍥ Webarchive [ ✔ ]
- ⍥ Dnsdumpster [ ✔ ]
- ⍥ Censys [ ✕ ]
- ⍥ Bufferover [ ✔ ]
- ⍥ Threatcrowd [ ✔ ]
- ⍥ Securitytrails [ ✕ ]
- ⍥ Binaryedge [ ✕ ]
- ⍥ Certsh [ ✔ ]
- ⍥ Virustotal [ ✕ ]
- ⍥ Certspotter [ ✔ ]
- ⍥ Entrust [ ✔ ]
- ⍥ Hackertarget [ ✔ ]
- ⍥ Threatminer [ ✔ ]
- ⍥ Riddler [ ✔ ]
- jq: error (at <stdin>:0): Cannot iterate over null (null)
- ⍥ Findsubdomain [ ✔ ]
- [+] Get & Count subdomain total From source
- ---------------------------------------------
- ⍥ Hackertarget: Total Subdomain (7)
- ⍥ Findsubdomain: Total Subdomain (0)
- ⍥ Certspotter: Total Subdomain (15)
- ⍥ Threatminer: Total Subdomain (0)
- ⍥ Certsh: Total Subdomain (14)
- ⍥ BufferOver: Total Subdomain (13)
- ⍥ Entrust: Total Subdomain (5)
- ⍥ Threatcrowd: Total Subdomain (0)
- ⍥ Dnsdumpster: Total Subdomain (0)
- ⍥ Riddler: Total Subdomain (0)
- ⍥ Webarchive: Total Subdomain (3)
- [+] Parsing & Sorting list Domain
- ---------------------------------------------
- ⍥ Total [18]
- - alpha.gopsp.org.br
- - app.gopsp.org.br
- - autodiscover.gopsp.org.br
- - betha.gopsp.org.br
- - blog.gopsp.org.br
- - brasil3.gopsp.org.br
- - cpanel.gopsp.org.br
- - gopsp.org.br
- - mail.gopsp.org.br
- - pop.gopsp.org.br
- - teste.gopsp.org.br
- - webdisk.gopsp.org.br
- - webmail.gopsp.org.br
- - www.alpha.gopsp.org.br
- - www.betha.gopsp.org.br
- - www.brasil3.gopsp.org.br
- - www.gopsp.org.br
- - www.teste.gopsp.org.br
- ⍥ Total [18]
- [+] Probe subdomain for working on http/https
- ---------------------------------------------
- - http://gopsp.org.br
- - http://alpha.gopsp.org.br
- - http://brasil3.gopsp.org.br
- - http://cpanel.gopsp.org.br
- - http://pop.gopsp.org.br
- - http://mail.gopsp.org.br
- - http://autodiscover.gopsp.org.br
- - https://gopsp.org.br
- - https://brasil3.gopsp.org.br
- - https://alpha.gopsp.org.br
- - https://cpanel.gopsp.org.br
- - http://webdisk.gopsp.org.br
- - http://www.alpha.gopsp.org.br
- - https://mail.gopsp.org.br
- - https://pop.gopsp.org.br
- - http://webmail.gopsp.org.br
- - http://www.gopsp.org.br
- - https://webdisk.gopsp.org.br
- - http://www.betha.gopsp.org.br
- - http://www.brasil3.gopsp.org.br
- - https://www.alpha.gopsp.org.br
- - https://www.gopsp.org.br
- - https://www.betha.gopsp.org.br
- - https://www.brasil3.gopsp.org.br
- - https://webmail.gopsp.org.br
- ⍥ Total [24]
- [+] Check Live Host: Ping Sweep - ICMP PING
- ---------------------------------------------
- ⍥ [DEAD] alpha.gopsp.org.br
- ⍥ [LIVE] app.gopsp.org.br
- ⍥ [LIVE] autodiscover.gopsp.org.br
- ⍥ [DEAD] betha.gopsp.org.br
- ⍥ [LIVE] blog.gopsp.org.br
- ⍥ [DEAD] brasil3.gopsp.org.br
- ⍥ [DEAD] cpanel.gopsp.org.br
- ⍥ [DEAD] gopsp.org.br
- ⍥ [LIVE] mail.gopsp.org.br
- ⍥ [LIVE] pop.gopsp.org.br
- ⍥ [LIVE] teste.gopsp.org.br
- ⍥ [DEAD] webdisk.gopsp.org.br
- ⍥ [LIVE] webmail.gopsp.org.br
- ⍥ [DEAD] www.alpha.gopsp.org.br
- ⍥ [DEAD] www.betha.gopsp.org.br
- ⍥ [DEAD] www.brasil3.gopsp.org.br
- ⍥ [DEAD] www.gopsp.org.br
- ⍥ [LIVE] www.teste.gopsp.org.br
- [+] Check Resolving: Subdomains & Domains
- ---------------------------------------------
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 191.252.4.30
- ⍥ Resolving domains to: 186.202.140.232
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 191.252.4.30
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 191.252.112.195
- ⍥ Resolving domains to: 191.252.112.195
- ⍥ Resolving domains to: 191.252.4.30
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 186.202.140.220
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 67.225.228.134
- ⍥ Resolving domains to: 191.252.4.30
- [+] Subdomain TakeOver - Check Possible Vulns
- ---------------------------------------------
- ⍥ [FAILS] En: Unknown http://gopsp.org.br
- ⍥ [FAILS] En: Unknown http://alpha.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://brasil3.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://cpanel.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://pop.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://autodiscover.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://alpha.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://gopsp.org.br
- ⍥ [FAILS] En: Unknown https://cpanel.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://brasil3.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://webdisk.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://www.alpha.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://pop.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://mail.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://webmail.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://webdisk.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://www.betha.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://www.alpha.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://www.gopsp.org.br
- ⍥ [FAILS] En: Unknown http://www.brasil3.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://www.betha.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://www.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://www.brasil3.gopsp.org.br
- ⍥ [FAILS] En: Unknown https://webmail.gopsp.org.br
- [+] Checks status code on port 80 and 443
- ---------------------------------------------
- ⍥ [301] http://gopsp.org.br
- ⍥ [301] http://alpha.gopsp.org.br
- ⍥ [200] http://brasil3.gopsp.org.br
- ⍥ [302] http://cpanel.gopsp.org.br
- ⍥ [302] http://pop.gopsp.org.br
- ⍥ [200] http://autodiscover.gopsp.org.br
- ⍥ [200] https://alpha.gopsp.org.br
- ⍥ [200] https://gopsp.org.br
- ⍥ [401] https://cpanel.gopsp.org.br
- ⍥ [200] https://brasil3.gopsp.org.br
- ⍥ [302] http://webdisk.gopsp.org.br
- ⍥ [301] http://www.alpha.gopsp.org.br
- ⍥ [000] https://pop.gopsp.org.br
- ⍥ [000] https://mail.gopsp.org.br
- ⍥ [302] http://webmail.gopsp.org.br
- ⍥ [401] https://webdisk.gopsp.org.br
- ⍥ [200] http://www.betha.gopsp.org.br
- ⍥ [301] https://www.alpha.gopsp.org.br
- ⍥ [301] http://www.gopsp.org.br
- ⍥ [200] http://www.brasil3.gopsp.org.br
- ⍥ [200] https://www.betha.gopsp.org.br
- ⍥ [301] https://www.gopsp.org.br
- ⍥ [200] https://www.brasil3.gopsp.org.br
- ⍥ [000] https://webmail.gopsp.org.br
- [+] Web Screenshots: from domain list
- ---------------------------------------------
- [+] 24 URLs to be screenshot
- [ERROR][http://gopsp.org.br:80] Screenshot somehow failed
- [ERROR][http://alpha.gopsp.org.br:80] Screenshot somehow failed
- [ERROR][http://cpanel.gopsp.org.br:80] Screenshot somehow failed
- [ERROR][https://alpha.gopsp.org.br:443] Screenshot somehow failed
- [ERROR][https://gopsp.org.br:443] Screenshot somehow failed
- [ERROR][http://webdisk.gopsp.org.br:80] Screenshot somehow failed
- [ERROR][http://www.alpha.gopsp.org.br:80] Screenshot somehow failed
- [ERROR][https://webdisk.gopsp.org.br:443] HTTP Authentication requested, try to pass credentials with -u and -b options
- [ERROR][https://www.alpha.gopsp.org.br:443] Screenshot somehow failed
- [ERROR][http://www.gopsp.org.br:80] Screenshot somehow failed
- [ERROR][https://www.gopsp.org.br:443] Screenshot somehow failed
- [+] 13 actual URLs screenshot
- [+] 11 error(s)
- http://gopsp.org.br:80
- http://alpha.gopsp.org.br:80
- http://cpanel.gopsp.org.br:80
- https://alpha.gopsp.org.br:443
- https://gopsp.org.br:443
- http://webdisk.gopsp.org.br:80
- http://www.alpha.gopsp.org.br:80
- https://webdisk.gopsp.org.br:443
- https://www.alpha.gopsp.org.br:443
- http://www.gopsp.org.br:80
- https://www.gopsp.org.br:443
- [+] Sud⍥my has been sucessfully completed
- ---------------------------------------------
- ⍥ Location output:
- - output/09-09-2019/gopsp.org.br
- - output/09-09-2019/gopsp.org.br/report
- - output/09-09-2019/gopsp.org.br/screenshots
- #######################################################################################################################################
- Trying "gopsp.org.br"
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22550
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 3, ADDITIONAL: 6
- ;; QUESTION SECTION:
- ;gopsp.org.br. IN ANY
- ;; ANSWER SECTION:
- gopsp.org.br. 3600 IN SOA ns1.locaweb.com.br. postmaster.locaweb.com.br. 2016081001 3600 600 1209600 3600
- gopsp.org.br. 3600 IN TXT "v=spf1 a mx include:_spf.elasticemail.com ~all"
- gopsp.org.br. 3600 IN MX 10 mx.a.locaweb.com.br.
- gopsp.org.br. 3600 IN MX 20 mx.jk.locaweb.com.br.
- gopsp.org.br. 3600 IN MX 10 mx.b.locaweb.com.br.
- gopsp.org.br. 3600 IN A 67.225.228.134
- gopsp.org.br. 3600 IN NS ns3.locaweb.com.br.
- gopsp.org.br. 3600 IN NS ns2.locaweb.com.br.
- gopsp.org.br. 3600 IN NS ns1.locaweb.com.br.
- ;; AUTHORITY SECTION:
- gopsp.org.br. 3600 IN NS ns1.locaweb.com.br.
- gopsp.org.br. 3600 IN NS ns2.locaweb.com.br.
- gopsp.org.br. 3600 IN NS ns3.locaweb.com.br.
- ;; ADDITIONAL SECTION:
- ns2.locaweb.com.br. 1277 IN A 201.76.40.2
- ns2.locaweb.com.br. 1277 IN AAAA 2804:218:d2::cafe
- ns3.locaweb.com.br. 1277 IN A 187.45.246.2
- ns3.locaweb.com.br. 1277 IN AAAA 2804:218:d3::faca
- ns1.locaweb.com.br. 1556 IN A 189.126.108.2
- ns1.locaweb.com.br. 1277 IN AAAA 2804:218:d1::ca5a
- Received 456 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 322 ms
- ######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace gopsp.org.br
- ;; global options: +cmd
- . 85200 IN NS a.root-servers.net.
- . 85200 IN NS h.root-servers.net.
- . 85200 IN NS d.root-servers.net.
- . 85200 IN NS j.root-servers.net.
- . 85200 IN NS k.root-servers.net.
- . 85200 IN NS g.root-servers.net.
- . 85200 IN NS l.root-servers.net.
- . 85200 IN NS b.root-servers.net.
- . 85200 IN NS i.root-servers.net.
- . 85200 IN NS c.root-servers.net.
- . 85200 IN NS m.root-servers.net.
- . 85200 IN NS f.root-servers.net.
- . 85200 IN NS e.root-servers.net.
- . 85200 IN RRSIG NS 8 0 518400 20190922050000 20190909040000 59944 . UdevRT5xRd+xLrIiCOgOJvCQyYg+GtsS+27xyFTrdzuu147InV6Z3rJG 588jQ6Qkv54DO2olI94IRTo+7rGpvBg3QR3uPNAI2CXyL3RtADrjQ1Eh AhvGuq3VAjGoLh4upughjB5Vz3ZFnj8hv+KeEodYDXEk58uAHnWM+fVt EI660UE2Lsm20pjkt6DC7ePkdad9c4tSboSCWUtqWJASkWDMJ27Jn4ww EWGx/QqfPV+gnd/dvB1iGbuk9KeUR7ZSVktrfsgAf3MWVx2yL9irmqf3 8haedccQxutc8B19xH9jUrW3BdLV0/BzINhBjmG1DVRi5P69ZonS5f/G PVh+Zg==
- ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 1338 ms
- br. 172800 IN NS a.dns.br.
- br. 172800 IN NS b.dns.br.
- br. 172800 IN NS c.dns.br.
- br. 172800 IN NS d.dns.br.
- br. 172800 IN NS e.dns.br.
- br. 172800 IN NS f.dns.br.
- br. 86400 IN DS 2471 13 2 5E4F35998B8F909557FA119C4CBFDCA2D660A26F069EF006B403758A 07D1A2E4
- br. 86400 IN RRSIG DS 8 1 86400 20190922050000 20190909040000 59944 . eathNtSWCMFofqyFnBqLlcsVVKDFAlK+PamhkBp3lhY4m7S4PvLLwgkn //H85vSB0LAn38S0rDACEJKfhIVXapb6BQXMkHAcY9ULvb30tckH7J2k q+ivqz/dvBpyFIpRcmIf1M6ugMvlSxeU16gRvUPcCodj5iX3rzwa+vU6 xp+DD8GKOf6uNe5F3Si/1yB51c59JAa9V2IIH+aYQRziP8VKt9zQtMQR v2qGYOEnKHBdpt+Slv1uIwFNL5o941DtR7OQl/IZ9LRPq7zuQtHDirPA /+4LeVKOYEFyy61xg5KBq+17yMAYk59mCl3OQc+KjMbdK1iZat1ucnbn F4poUQ==
- ;; Received 740 bytes from 198.41.0.4#53(a.root-servers.net) in 111 ms
- gopsp.org.br. 3600 IN NS ns1.locaweb.com.br.
- gopsp.org.br. 3600 IN NS ns3.locaweb.com.br.
- gopsp.org.br. 3600 IN NS ns2.locaweb.com.br.
- 8ibcveen5720n44l12on35ti99p48dfq.org.br. 900 IN NSEC3 1 1 10 1ED197E8FB8CAF6322BC 8ICM44EE54CNOQDKEDVKHHOQFOIQG8RR NS SOA RRSIG DNSKEY NSEC3PARAM
- 8ibcveen5720n44l12on35ti99p48dfq.org.br. 900 IN RRSIG NSEC3 13 3 900 20190923142508 20190909132508 50774 org.br. POHX2yzwVItWfgepNS5RUO+X0Py3v1asktbwGIPFbsWE9LEMkURRMJ50 t7KPnfolXAL/l7Nf5yNduH1IFTG+3A==
- s02nj6vqgl2gqaaum4crgvqn1jihuqab.org.br. 900 IN NSEC3 1 1 10 1ED197E8FB8CAF6322BC S064UIRLQCM5TUK930EGMC0PM1HOQALS NS DS RRSIG
- s02nj6vqgl2gqaaum4crgvqn1jihuqab.org.br. 900 IN RRSIG NSEC3 13 3 900 20190920144512 20190906134512 50774 org.br. bI7PQJSNVeOwvN5ZyvlKNmJFDlixr/XE1icsSLRqLKBgDk19sSjQD74Z baLSNFVwR5KdcfYfgJjWP29ydhZqcA==
- ;; Received 518 bytes from 2001:12f8:8::10#53(b.dns.br) in 114 ms
- ;; expected opt record in response
- gopsp.org.br. 3600 IN A 67.225.228.134
- ;; Received 46 bytes from 2804:218:d2::cafe#53(ns2.locaweb.com.br) in 160 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: gopsp.org.br
- [!] Wildcard resolution is enabled on this domain
- [!] It is resolving to 67.225.228.134
- [!] All queries will resolve to this address!!
- [-] DNSSEC is not configured for gopsp.org.br
- [*] SOA ns1.locaweb.com.br 189.126.108.2
- [*] NS ns2.locaweb.com.br 201.76.40.2
- [*] NS ns2.locaweb.com.br 2804:218:d2::cafe
- [*] NS ns3.locaweb.com.br 187.45.246.2
- [*] NS ns3.locaweb.com.br 2804:218:d3::faca
- [*] NS ns1.locaweb.com.br 189.126.108.2
- [*] NS ns1.locaweb.com.br 2804:218:d1::ca5a
- [*] MX mx.a.locaweb.com.br 186.202.4.42
- [*] MX mx.jk.locaweb.com.br 200.234.204.130
- [*] MX mx.b.locaweb.com.br 177.153.23.242
- [*] A gopsp.org.br 67.225.228.134
- [*] TXT gopsp.org.br v=spf1 a mx include:_spf.elasticemail.com ~all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for gopsp.org.br
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain gopsp.org.br
- [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
- [+] Getting nameservers
- 201.76.40.2 - ns2.locaweb.com.br
- 187.45.246.2 - ns3.locaweb.com.br
- 189.126.108.2 - ns1.locaweb.com.br
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 a mx include:_spf.elasticemail.com ~all"
- [+] MX records found, added to target list
- 10 mx.a.locaweb.com.br.
- 20 mx.jk.locaweb.com.br.
- 10 mx.b.locaweb.com.br.
- [+] Wildcard domain found - 67.225.228.134
- [*] Scanning gopsp.org.br for A records
- 191.252.4.30 - app.gopsp.org.br
- 186.202.140.232 - autodiscover.gopsp.org.br
- 191.252.4.30 - blog.gopsp.org.br
- 179.188.15.200 - ftp.gopsp.org.br
- 191.252.112.195 - imap.gopsp.org.br
- 191.252.112.194 - imap3.gopsp.org.br
- 191.252.112.195 - mail.gopsp.org.br
- 191.252.112.195 - mobile.gopsp.org.br
- 186.202.4.42 - mx1.gopsp.org.br
- 177.153.23.242 - mx2.gopsp.org.br
- 200.234.204.130 - mx3.gopsp.org.br
- 189.126.108.2 - ns1.gopsp.org.br
- 187.45.246.2 - ns3.gopsp.org.br
- 201.76.40.2 - ns2.gopsp.org.br
- 186.202.48.30 - painel.gopsp.org.br
- 191.252.112.195 - pda.gopsp.org.br
- 191.252.112.195 - pop.gopsp.org.br
- 191.252.112.195 - pop3.gopsp.org.br
- 191.252.112.195 - smtp.gopsp.org.br
- 54.38.226.140 - tracking.gopsp.org.br
- 94.23.161.19 - tracking.gopsp.org.br
- 188.165.1.80 - tracking.gopsp.org.br
- 46.105.88.234 - tracking.gopsp.org.br
- 164.132.95.123 - tracking.gopsp.org.br
- 186.202.140.244 - webmail.gopsp.org.br
- 186.202.140.235 - webmail.gopsp.org.br
- 186.202.140.220 - webmail.gopsp.org.br
- #######################################################################################################################################
- AVAILABLE PLUGINS
- -----------------
- CompressionPlugin
- CertificateInfoPlugin
- RobotPlugin
- OpenSslCipherSuitesPlugin
- SessionResumptionPlugin
- EarlyDataPlugin
- HeartbleedPlugin
- FallbackScsvPlugin
- SessionRenegotiationPlugin
- OpenSslCcsInjectionPlugin
- HttpHeadersPlugin
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- 67.225.228.134:443 => 67.225.228.134
- SCAN RESULTS FOR 67.225.228.134:443 - 67.225.228.134
- ----------------------------------------------------
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * Certificate Information:
- Content
- SHA1 Fingerprint: 27d9cf57edd65b4fd3dc82e076aeb7f73bf4b91d
- Common Name: goba.org.br
- Issuer: cPanel, Inc. Certification Authority
- Serial Number: 198705539120532982707046231779006044473
- Not Before: 2019-07-05 00:00:00
- Not After: 2019-10-03 23:59:59
- Signature Algorithm: sha256
- Public Key Algorithm: RSA
- Key Size: 2048
- Exponent: 65537 (0x10001)
- DNS Subject Alternative Names: ['goba.org.br', 'autodiscover.goba.org.br', 'cpanel.goba.org.br', 'mail.goba.org.br', 'webdisk.goba.org.br', 'webmail.goba.org.br', 'www.goba.org.br']
- Trust
- Hostname Validation: FAILED - Certificate does NOT match 67.225.228.134
- Android CA Store (9.0.0_r9): OK - Certificate is trusted
- Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
- Java CA Store (jdk-12.0.1): OK - Certificate is trusted
- Mozilla CA Store (2019-03-14): OK - Certificate is trusted
- Windows CA Store (2019-05-27): OK - Certificate is trusted
- Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
- Received Chain: goba.org.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
- Verified Chain: goba.org.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
- Received Chain Contains Anchor: OK - Anchor certificate not sent
- Received Chain Order: OK - Order is valid
- Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
- Extensions
- OCSP Must-Staple: NOT SUPPORTED - Extension not found
- Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
- OCSP Stapling
- OCSP Response Status: successful
- Validation w/ Mozilla Store: OK - Response is trusted
- Responder Id: 7E035A65416BA77E0AE1B89D08EA1D8E1D6AC765
- Cert Status: good
- Cert Serial Number: 957D4B7768AA13A1AC850A3833E95939
- This Update: Sep 6 17:02:00 2019 GMT
- Next Update: Sep 13 17:02:00 2019 GMT
- * TLSV1_3 Cipher Suites:
- Server rejected all cipher suites.
- * Deflate Compression:
- OK - Compression disabled
- * TLSV1_1 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 OK - Not Supported
- Preferred:
- None - Server followed client cipher suite preference.
- Accepted:
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- * TLSV1_2 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 OK - Not Supported
- Preferred:
- None - Server followed client cipher suite preference.
- Accepted:
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- * TLSV1 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 OK - Not Supported
- Preferred:
- None - Server followed client cipher suite preference.
- Accepted:
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- * Downgrade Attacks:
- TLS_FALLBACK_SCSV: OK - Supported
- * OpenSSL Heartbleed:
- OK - Not vulnerable to Heartbleed
- * TLS 1.2 Session Resumption Support:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Tickets: OK - Supported
- * Session Renegotiation:
- Client-initiated Renegotiation: OK - Rejected
- Secure Renegotiation: OK - Supported
- * OpenSSL CCS Injection:
- OK - Not vulnerable to OpenSSL CCS injection
- * SSLV3 Cipher Suites:
- Server rejected all cipher suites.
- * ROBOT Attack:
- OK - Not vulnerable
- SCAN COMPLETED IN 18.28 S
- -------------------------
- #######################################################################################################################################
- Domains still to check: 1
- Checking if the hostname gopsp.org.br. given is in fact a domain...
- Analyzing domain: gopsp.org.br.
- Checking NameServers using system default resolver...
- IP: 201.76.40.2 (Brazil)
- HostName: ns2.locaweb.com.br Type: NS
- HostName: ns2.locaweb.com.br Type: PTR
- IP: 189.126.108.2 (Brazil)
- HostName: ns1.locaweb.com.br Type: NS
- HostName: ns1.locaweb.com.br Type: PTR
- IP: 187.45.246.2 (Brazil)
- HostName: ns3.locaweb.com.br Type: NS
- HostName: ns3.locaweb.com.br Type: PTR
- Checking MailServers using system default resolver...
- IP: 200.234.204.130 (Brazil)
- HostName: mx.jk.locaweb.com.br Type: MX
- HostName: mx.jk.locaweb.com.br Type: PTR
- IP: 186.202.4.42 (Brazil)
- HostName: mx.a.locaweb.com.br Type: MX
- HostName: mx.a.locaweb.com.br Type: PTR
- IP: 177.153.23.242 (Brazil)
- HostName: mx.b.locaweb.com.br Type: MX
- WARNING!! This domain has wildcards activated for hostnames resolution. We are checking "www" anyway, but perhaps it doesn't exists!
- Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
- No zone transfer found on nameserver 187.45.246.2
- No zone transfer found on nameserver 201.76.40.2
- No zone transfer found on nameserver 189.126.108.2
- Checking SPF record...
- Checking SPF record...
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.31.7.0/25, but only the network IP
- New IP found: 176.31.7.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 178.33.84.64/27, but only the network IP
- New IP found: 178.33.84.64
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 174.142.165.40/29, but only the network IP
- New IP found: 174.142.165.40
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 174.142.128.32/27, but only the network IP
- New IP found: 174.142.128.32
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 5.135.241.64/26, but only the network IP
- New IP found: 5.135.241.64
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 5.135.31.128/27, but only the network IP
- New IP found: 5.135.31.128
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 188.165.95.224/27, but only the network IP
- New IP found: 188.165.95.224
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.31.140.80/28, but only the network IP
- New IP found: 176.31.140.80
- Checking SPF record...
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.31.69.160/28, but only the network IP
- New IP found: 176.31.69.160
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.31.145.240/28, but only the network IP
- New IP found: 176.31.145.240
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 188.165.144.128/28, but only the network IP
- New IP found: 188.165.144.128
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 37.59.169.64/28, but only the network IP
- New IP found: 37.59.169.64
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 37.59.131.32/28, but only the network IP
- New IP found: 37.59.131.32
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 198.50.170.32/28, but only the network IP
- New IP found: 198.50.170.32
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 178.33.9.160/28, but only the network IP
- New IP found: 178.33.9.160
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 174.142.73.240/28, but only the network IP
- New IP found: 174.142.73.240
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 96.45.68.0/24, but only the network IP
- New IP found: 96.45.68.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 162.254.227.0/24, but only the network IP
- New IP found: 162.254.227.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 46.105.146.0/25, but only the network IP
- New IP found: 46.105.146.0
- Checking SPF record...
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 5.196.146.128/25, but only the network IP
- New IP found: 5.196.146.128
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 192.99.26.0/25, but only the network IP
- New IP found: 192.99.26.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.243.65.0/25, but only the network IP
- New IP found: 104.243.65.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 51.254.70.0/26, but only the network IP
- New IP found: 51.254.70.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 67.227.85.0/24, but only the network IP
- New IP found: 67.227.85.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 67.227.87.0/24, but only the network IP
- New IP found: 67.227.87.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 178.33.242.0/24, but only the network IP
- New IP found: 178.33.242.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.169.98.0/23, but only the network IP
- New IP found: 216.169.98.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.182.181.0/24, but only the network IP
- New IP found: 217.182.181.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 54.36.22.0/24, but only the network IP
- New IP found: 54.36.22.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 51.38.210.0/24, but only the network IP
- New IP found: 51.38.210.0
- WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 142.44.153.0/24, but only the network IP
- New IP found: 142.44.153.0
- Checking 1 most common hostnames using system default resolver...
- IP: 67.225.228.134 (United States)
- HostName: www.gopsp.org.br. Type: A
- Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
- Checking netblock 104.243.65.0
- Checking netblock 142.44.153.0
- Checking netblock 5.135.31.0
- Checking netblock 51.254.70.0
- Checking netblock 176.31.140.0
- Checking netblock 198.50.170.0
- Checking netblock 178.33.242.0
- Checking netblock 46.105.146.0
- Checking netblock 201.76.40.0
- Checking netblock 188.165.144.0
- Checking netblock 187.45.246.0
- Checking netblock 5.135.241.0
- Checking netblock 178.33.9.0
- Checking netblock 67.225.228.0
- Checking netblock 177.153.23.0
- Checking netblock 176.31.69.0
- Checking netblock 51.38.210.0
- Checking netblock 188.165.95.0
- Checking netblock 176.31.7.0
- Checking netblock 174.142.165.0
- Checking netblock 5.196.146.0
- Checking netblock 174.142.128.0
- Checking netblock 162.254.227.0
- Checking netblock 37.59.169.0
- Checking netblock 189.126.108.0
- Checking netblock 54.36.22.0
- Checking netblock 67.227.87.0
- Checking netblock 216.169.98.0
- Checking netblock 200.234.204.0
- Checking netblock 178.33.84.0
- Checking netblock 176.31.145.0
- Checking netblock 174.142.73.0
- Checking netblock 67.227.85.0
- Checking netblock 192.99.26.0
- Checking netblock 186.202.4.0
- Checking netblock 96.45.68.0
- Checking netblock 37.59.131.0
- Checking netblock 217.182.181.0
- Searching for gopsp.org.br. emails in Google
- gabinete@gopsp.org.br
- arls397@gopsp.org.br.
- arls397@gopsp.org.br
- gabinete@gopsp.org.br,
- arls242@gopsp.org.br&
- arls242@gopsp.org.br
- Checking 38 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
- Host 104.243.65.0 is up (reset ttl 64)
- Host 142.44.153.0 is up (echo-reply ttl 118)
- Host 5.135.31.128 is up (reset ttl 64)
- Host 51.254.70.0 is up (reset ttl 64)
- Host 176.31.140.80 is up (reset ttl 64)
- Host 198.50.170.32 is up (echo-reply ttl 120)
- Host 178.33.242.0 is up (reset ttl 64)
- Host 46.105.146.0 is up (reset ttl 64)
- Host 201.76.40.2 is up (reset ttl 64)
- Host 188.165.144.128 is up (reset ttl 64)
- Host 187.45.246.2 is up (reset ttl 64)
- Host 5.135.241.64 is up (reset ttl 64)
- Host 178.33.9.160 is up (reset ttl 64)
- Host 67.225.228.134 is up (reset ttl 64)
- Host 177.153.23.242 is up (reset ttl 64)
- Host 176.31.69.160 is up (reset ttl 64)
- Host 51.38.210.0 is up (reset ttl 64)
- Host 188.165.95.224 is up (reset ttl 64)
- Host 176.31.7.0 is up (reset ttl 64)
- Host 174.142.165.40 is up (echo-reply ttl 120)
- Host 5.196.146.128 is up (reset ttl 64)
- Host 174.142.128.32 is up (echo-reply ttl 120)
- Host 162.254.227.0 is up (reset ttl 64)
- Host 37.59.169.64 is up (reset ttl 64)
- Host 189.126.108.2 is up (reset ttl 64)
- Host 54.36.22.0 is up (reset ttl 64)
- Host 67.227.87.0 is up (reset ttl 64)
- Host 216.169.98.0 is up (reset ttl 64)
- Host 200.234.204.130 is up (reset ttl 64)
- Host 178.33.84.64 is up (reset ttl 64)
- Host 176.31.145.240 is up (reset ttl 64)
- Host 174.142.73.240 is up (echo-reply ttl 120)
- Host 67.227.85.0 is up (reset ttl 64)
- Host 192.99.26.0 is up (echo-reply ttl 120)
- Host 186.202.4.42 is up (echo-reply ttl 234)
- Host 96.45.68.0 is up (reset ttl 64)
- Host 37.59.131.32 is up (reset ttl 64)
- Host 217.182.181.0 is up (reset ttl 64)
- Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
- Scanning ip 104.243.65.0 ():
- Scanning ip 142.44.153.0 ():
- Scanning ip 5.135.31.128 ():
- Scanning ip 51.254.70.0 ():
- Scanning ip 176.31.140.80 ():
- Scanning ip 198.50.170.32 ():
- Scanning ip 178.33.242.0 ():
- Scanning ip 46.105.146.0 ():
- Scanning ip 201.76.40.2 (ns2.locaweb.com.br (PTR)):
- 1723/tcp open tcpwrapped syn-ack ttl 45
- |_pptp-version: ERROR: Script execution failed (use -d to debug)
- Scanning ip 188.165.144.128 ():
- Scanning ip 187.45.246.2 (ns3.locaweb.com.br (PTR)):
- 21/tcp open tcpwrapped syn-ack ttl 46
- Scanning ip 5.135.241.64 ():
- Scanning ip 178.33.9.160 ():
- Scanning ip 67.225.228.134 (www.gopsp.org.br.):
- Scanning ip 177.153.23.242 (mx.b.locaweb.com.br):
- Device type: storage-misc|general purpose
- Running: Sun embedded, Sun OpenSolaris, Sun Solaris 10|8|9
- Scanning ip 176.31.69.160 ():
- Scanning ip 51.38.210.0 ():
- Scanning ip 188.165.95.224 ():
- Scanning ip 176.31.7.0 ():
- Scanning ip 174.142.165.40 ():
- Device type: firewall|general purpose|media device
- Scanning ip 5.196.146.128 ():
- Scanning ip 174.142.128.32 ():
- Scanning ip 162.254.227.0 ():
- Scanning ip 37.59.169.64 ():
- Scanning ip 189.126.108.2 (ns1.locaweb.com.br (PTR)):
- 587/tcp open tcpwrapped syn-ack ttl 46
- |_smtp-commands: Couldn't establish connection on port 587
- Scanning ip 54.36.22.0 ():
- Scanning ip 67.227.87.0 ():
- Scanning ip 216.169.98.0 ():
- Scanning ip 200.234.204.130 (mx.jk.locaweb.com.br (PTR)):
- Device type: storage-misc|general purpose
- Running: Sun embedded, Sun OpenSolaris, Sun Solaris 10|8|9
- Scanning ip 178.33.84.64 ():
- Scanning ip 176.31.145.240 ():
- Scanning ip 174.142.73.240 ():
- Scanning ip 67.227.85.0 ():
- Scanning ip 192.99.26.0 ():
- Scanning ip 186.202.4.42 (mx.a.locaweb.com.br (PTR)):
- Scanning ip 96.45.68.0 ():
- Scanning ip 37.59.131.32 ():
- Scanning ip 217.182.181.0 ():
- WebCrawling domain's web servers... up to 50 max links.
- --Finished--
- Summary information for domain gopsp.org.br.
- -----------------------------------------
- Domain Specific Information:
- Email: gabinete@gopsp.org.br
- Email: arls397@gopsp.org.br.
- Email: arls397@gopsp.org.br
- Email: gabinete@gopsp.org.br,
- Email: arls242@gopsp.org.br&
- Email: arls242@gopsp.org.br
- Domain Ips Information:
- IP: 104.243.65.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 142.44.153.0
- Type: SPF
- Is Active: True (echo-reply ttl 118)
- IP: 5.135.31.128
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 51.254.70.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 176.31.140.80
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 198.50.170.32
- Type: SPF
- Is Active: True (echo-reply ttl 120)
- IP: 178.33.242.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 46.105.146.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 201.76.40.2
- HostName: ns2.locaweb.com.br Type: NS
- HostName: ns2.locaweb.com.br Type: PTR
- Country: Brazil
- Is Active: True (reset ttl 64)
- Port: 1723/tcp open tcpwrapped syn-ack ttl 45
- Script Info: |_pptp-version: ERROR: Script execution failed (use -d to debug)
- IP: 188.165.144.128
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 187.45.246.2
- HostName: ns3.locaweb.com.br Type: NS
- HostName: ns3.locaweb.com.br Type: PTR
- Country: Brazil
- Is Active: True (reset ttl 64)
- Port: 21/tcp open tcpwrapped syn-ack ttl 46
- IP: 5.135.241.64
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 178.33.9.160
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 67.225.228.134
- HostName: www.gopsp.org.br. Type: A
- Country: United States
- Is Active: True (reset ttl 64)
- IP: 177.153.23.242
- HostName: mx.b.locaweb.com.br Type: MX
- Country: Brazil
- Is Active: True (reset ttl 64)
- Script Info: Device type: storage-misc|general purpose
- Script Info: Running: Sun embedded, Sun OpenSolaris, Sun Solaris 10|8|9
- IP: 176.31.69.160
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 51.38.210.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 188.165.95.224
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 176.31.7.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 174.142.165.40
- Type: SPF
- Is Active: True (echo-reply ttl 120)
- Script Info: Device type: firewall|general purpose|media device
- IP: 5.196.146.128
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 174.142.128.32
- Type: SPF
- Is Active: True (echo-reply ttl 120)
- IP: 162.254.227.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 37.59.169.64
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 189.126.108.2
- HostName: ns1.locaweb.com.br Type: NS
- HostName: ns1.locaweb.com.br Type: PTR
- Country: Brazil
- Is Active: True (reset ttl 64)
- Port: 587/tcp open tcpwrapped syn-ack ttl 46
- Script Info: |_smtp-commands: Couldn't establish connection on port 587
- IP: 54.36.22.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 67.227.87.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 216.169.98.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 200.234.204.130
- HostName: mx.jk.locaweb.com.br Type: MX
- HostName: mx.jk.locaweb.com.br Type: PTR
- Country: Brazil
- Is Active: True (reset ttl 64)
- Script Info: Device type: storage-misc|general purpose
- Script Info: Running: Sun embedded, Sun OpenSolaris, Sun Solaris 10|8|9
- IP: 178.33.84.64
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 176.31.145.240
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 174.142.73.240
- Type: SPF
- Is Active: True (echo-reply ttl 120)
- IP: 67.227.85.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 192.99.26.0
- Type: SPF
- Is Active: True (echo-reply ttl 120)
- IP: 186.202.4.42
- HostName: mx.a.locaweb.com.br Type: MX
- HostName: mx.a.locaweb.com.br Type: PTR
- Country: Brazil
- Is Active: True (echo-reply ttl 234)
- IP: 96.45.68.0
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 37.59.131.32
- Type: SPF
- Is Active: True (reset ttl 64)
- IP: 217.182.181.0
- Type: SPF
- Is Active: True (reset ttl 64)
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- gopsp.org.br -----
- Host's addresses:
- __________________
- gopsp.org.br. 1629 IN A 67.225.228.134
- Wildcard detection using: iwamdhnmibup
- _______________________________________
- iwamdhnmibup.gopsp.org.br. 3600 IN A 67.225.228.134
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!
- Wildcards detected, all subdomains will point to the same IP address
- Omitting results containing 67.225.228.134.
- Maybe you are using OpenDNS servers.
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!
- Name Servers:
- ______________
- ns1.locaweb.com.br. 2796 IN A 189.126.108.2
- ns3.locaweb.com.br. 2796 IN A 187.45.246.2
- ns2.locaweb.com.br. 2795 IN A 201.76.40.2
- Mail (MX) Servers:
- ___________________
- mx.jk.locaweb.com.br. 186 IN A 200.234.204.130
- mx.a.locaweb.com.br. 31229 IN A 186.202.4.42
- mx.b.locaweb.com.br. 2413 IN A 177.153.23.242
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for gopsp.org.br on ns1.locaweb.com.br ...
- Trying Zone Transfer for gopsp.org.br on ns3.locaweb.com.br ...
- Trying Zone Transfer for gopsp.org.br on ns2.locaweb.com.br ...
- brute force file not specified, bay.
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- [1/100] /?sa=X
- [x] Error downloading /?sa=X
- [2/100] /advanced_search
- [x] Error downloading /advanced_search
- [3/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D345%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D345%26tipo%3D2
- [4/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D350%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D350%26tipo%3D2
- [5/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D346%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D346%26tipo%3D2
- [6/100] http://app.gopsp.org.br/app/Content/dist/historia.pdf
- [7/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D349%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D349%26tipo%3D2
- [8/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D390%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D390%26tipo%3D2
- [9/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D353%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D353%26tipo%3D2
- [10/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D354%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D354%26tipo%3D2
- [11/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D342%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D342%26tipo%3D2
- [12/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D386%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D386%26tipo%3D2
- [13/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D387%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D387%26tipo%3D2
- [14/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D360%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D360%26tipo%3D2
- [15/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D373%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D373%26tipo%3D2
- [16/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D389%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D389%26tipo%3D2
- [17/100] https://gopsp.org.br/baixarDocumento.php%3Fid%3D336%26tipo%3D2
- [x] Error downloading https://gopsp.org.br/baixarDocumento.php%3Fid%3D336%26tipo%3D2
- [18/100] http://app.gopsp.org.br/app/Content/dist/convenio_uniprevcard_email_mkt.pdf
- [19/100] http://arls343.gopsp.org.br/baixarDocumento.php%3Fid%3D11%26tipo%3D11
- =======================================================================================================================================
- [+] List of users found:
- --------------------------
- Raul Audi Junior
- Audi Comunica��o
- [+] List of software found:
- -----------------------------
- ��Microsoft� Word 2010
- Acrobat Distiller 10.1.16 (Macintosh)
- Adobe Graphics Manager
- ======================================================================================================================================
- #######################################################################################################################################
- [-] Enumerating subdomains now for gopsp.org.br
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- SSL Certificates: autodiscover.gopsp.org.br
- SSL Certificates: cpanel.gopsp.org.br
- SSL Certificates: mail.gopsp.org.br
- SSL Certificates: webdisk.gopsp.org.br
- SSL Certificates: webmail.gopsp.org.br
- SSL Certificates: www.gopsp.org.br
- SSL Certificates: betha.gopsp.org.br
- SSL Certificates: www.betha.gopsp.org.br
- SSL Certificates: alpha.gopsp.org.br
- SSL Certificates: www.alpha.gopsp.org.br
- SSL Certificates: teste.gopsp.org.br
- SSL Certificates: www.teste.gopsp.org.br
- SSL Certificates: brasil3.gopsp.org.br
- SSL Certificates: www.brasil3.gopsp.org.br
- Bing: blog.gopsp.org.br
- Bing: arls343.gopsp.org.br
- Bing: homolog.gopsp.org.br
- Bing: app.gopsp.org.br
- Yahoo: blog.gopsp.org.br
- Yahoo: arls343.gopsp.org.br
- Yahoo: homolog.gopsp.org.br
- [-] Saving results to file: /usr/share/sniper/loot/workspace/gopsp.org.br/domains/domains-gopsp.org.br.txt
- [-] Total Unique Subdomains Found: 18
- www.gopsp.org.br
- alpha.gopsp.org.br
- www.alpha.gopsp.org.br
- app.gopsp.org.br
- arls343.gopsp.org.br
- autodiscover.gopsp.org.br
- betha.gopsp.org.br
- www.betha.gopsp.org.br
- blog.gopsp.org.br
- brasil3.gopsp.org.br
- www.brasil3.gopsp.org.br
- cpanel.gopsp.org.br
- homolog.gopsp.org.br
- mail.gopsp.org.br
- teste.gopsp.org.br
- www.teste.gopsp.org.br
- webdisk.gopsp.org.br
- webmail.gopsp.org.br
- #######################################################################################################################################
- teste.gopsp.org.br,191.252.4.30
- app.gopsp.org.br,191.252.4.30
- homolog.gopsp.org.br,191.252.4.30
- gopsp.org.br,67.225.228.134
- autodiscover.gopsp.org.br,186.202.140.232
- cpanel.gopsp.org.br,67.225.228.134
- ftp.gopsp.org.br,179.188.15.200
- www.gopsp.org.br,67.225.228.134
- ns2.gopsp.org.br,201.76.40.2,2804:218:d2::cafe
- imap3.gopsp.org.br,191.252.112.194
- ns3.gopsp.org.br,187.45.246.2,2804:218:d3::faca
- ns1.gopsp.org.br,189.126.108.2,2804:218:d1::ca5a
- alpha.gopsp.org.br,67.225.228.134
- www.brasil3.gopsp.org.br,67.225.228.134
- www.betha.gopsp.org.br,67.225.228.134
- webdisk.gopsp.org.br,67.225.228.134
- www.alpha.gopsp.org.br,67.225.228.134
- www.teste.gopsp.org.br,191.252.4.30
- webmail.gopsp.org.br,186.202.140.235,186.202.140.220,186.202.140.244
- brasil3.gopsp.org.br,67.225.228.134
- www.app.gopsp.org.br,191.252.4.30
- blog.gopsp.org.br,191.252.4.30
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Found Wildcard DNS at gopsp.org.br
- - 67.225.228.134
- Running enumeration on gopsp.org.br
- ipv4info: <nil>
- waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.gopsp.org.br/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
- Starting Bruteforcing of gopsp.org.br with 9985 words
- Total 48 Unique subdomains found for gopsp.org.br
- .gopsp.org.br
- alpha.gopsp.org.br
- antigo.gopsp.org.br
- app.gopsp.org.br
- app.gopsp.org.br
- arls343.gopsp.org.br
- autodiscover.gopsp.org.br
- autodiscover.gopsp.org.br
- betha.gopsp.org.br
- blog.gopsp.org.br
- blog.gopsp.org.br
- brasil3.gopsp.org.br
- calendario.gopsp.org.br
- cpanel.gopsp.org.br
- ftp.gopsp.org.br
- gerenciador.gopsp.org.br
- homolog.gopsp.org.br
- homolog.gopsp.org.br
- imap.gopsp.org.br
- imap3.gopsp.org.br
- mail.gopsp.org.br
- mail.gopsp.org.br
- mobile.gopsp.org.br
- mx1.gopsp.org.br
- mx2.gopsp.org.br
- mx3.gopsp.org.br
- mx4.gopsp.org.br
- ns1.gopsp.org.br
- ns2.gopsp.org.br
- ns3.gopsp.org.br
- painel.gopsp.org.br
- pda.gopsp.org.br
- pop.gopsp.org.br
- pop3.gopsp.org.br
- relatorio.gopsp.org.br
- smtp.gopsp.org.br
- teste.gopsp.org.br
- teste.gopsp.org.br
- tracking.gopsp.org.br
- webdisk.gopsp.org.br
- webmail.gopsp.org.br
- webmail.gopsp.org.br
- www.alpha.gopsp.org.br
- www.app.gopsp.org.br
- www.betha.gopsp.org.br
- www.brasil3.gopsp.org.br
- www.gopsp.org.br
- www.teste.gopsp.org.br
- #######################################################################################################################################
- [*] Processing domain gopsp.org.br
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
- [+] Getting nameservers
- 189.126.108.2 - ns1.locaweb.com.br
- 187.45.246.2 - ns3.locaweb.com.br
- 201.76.40.2 - ns2.locaweb.com.br
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 a mx include:_spf.elasticemail.com ~all"
- [+] MX records found, added to target list
- 20 mx.jk.locaweb.com.br.
- 10 mx.a.locaweb.com.br.
- 10 mx.b.locaweb.com.br.
- [+] Wildcard domain found - 67.225.228.134
- [*] Scanning gopsp.org.br for A records
- 191.252.4.30 - app.gopsp.org.br
- 186.202.140.232 - autodiscover.gopsp.org.br
- 191.252.4.30 - blog.gopsp.org.br
- 179.188.15.200 - ftp.gopsp.org.br
- 191.252.112.195 - imap.gopsp.org.br
- 191.252.112.195 - mail.gopsp.org.br
- 191.252.112.195 - mobile.gopsp.org.br
- 189.126.108.2 - ns1.gopsp.org.br
- 201.76.40.2 - ns2.gopsp.org.br
- 187.45.246.2 - ns3.gopsp.org.br
- 191.252.112.195 - pda.gopsp.org.br
- 191.252.112.195 - pop.gopsp.org.br
- 191.252.112.195 - pop3.gopsp.org.br
- 191.252.112.195 - smtp.gopsp.org.br
- 186.202.140.220 - webmail.gopsp.org.br
- 186.202.140.244 - webmail.gopsp.org.br
- 186.202.140.235 - webmail.gopsp.org.br
- #######################################################################################################################################
- alpha.gopsp.org.br
- autodiscover.gopsp.org.br
- betha.gopsp.org.br
- brasil3.gopsp.org.br
- cpanel.gopsp.org.br
- mail.gopsp.org.br
- teste.gopsp.org.br
- webdisk.gopsp.org.br
- webmail.gopsp.org.br
- www.alpha.gopsp.org.br
- www.betha.gopsp.org.br
- www.brasil3.gopsp.org.br
- www.gopsp.org.br
- www.teste.gopsp.org.br
- #######################################################################################################################################
- alpha.gopsp.org.br
- autodiscover.gopsp.org.br
- blog.gopsp.org.br
- cpanel.gopsp.org.br
- mail.gopsp.org.br
- pop.gopsp.org.br
- teste.gopsp.org.br
- webdisk.gopsp.org.br
- webmail.gopsp.org.br
- www.alpha.gopsp.org.br
- www.betha.gopsp.org.br
- www.gopsp.org.br
- www.teste.gopsp.org.br
- #######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 a mx include:_spf.elasticemail.com ~all
- [*] SPF record contains an All item: ~all
- [*] Found DMARC record:
- [*] v=DMARC1; p=none; ruf=mailto:relatorios@masonweb.com.br
- [+] DMARC policy set to none
- [*] Forensics reports will be sent: mailto:relatorios@masonweb.com.br
- [+] Spoofing possible for gopsp.org.br!
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:43 EDT
- Nmap scan report for gopsp.org.br (67.225.228.134)
- Host is up (0.29s latency).
- rDNS record for 67.225.228.134: srv01.imserver.com.br
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Nmap done: 1 IP address (1 host up) scanned in 6.27 seconds
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:01 EDT
- Nmap scan report for srv01.imserver.com.br (67.225.228.134)
- Host is up (0.081s latency).
- Not shown: 477 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 53/tcp open domain
- 80/tcp open http
- 443/tcp open https
- Nmap done: 1 IP address (1 host up) scanned in 5.07 seconds
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:01 EDT
- Nmap scan report for srv01.imserver.com.br (67.225.228.134)
- Host is up (0.089s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Nmap done: 1 IP address (1 host up) scanned in 1.99 seconds
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:01 EDT
- Nmap scan report for srv01.imserver.com.br (67.225.228.134)
- Host is up (0.10s latency).
- PORT STATE SERVICE VERSION
- 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- | dns-nsec-enum:
- |_ No NSEC records found
- | dns-nsec3-enum:
- |_ DNSSEC NSEC3 not supported
- | dns-nsid:
- |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|storage-misc|firewall
- Running (JUST GUESSING): Linux 2.6.X|3.X (89%), Synology DiskStation Manager 5.X (88%), WatchGuard Fireware 11.X (86%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8
- Aggressive OS guesses: Linux 2.6.32 or 3.10 (89%), Linux 2.6.32 (88%), Synology DiskStation Manager 5.1 (88%), Linux 2.6.39 (88%), Linux 3.4 (87%), Linux 3.1 - 3.2 (87%), Linux 3.10 (86%), WatchGuard Fireware 11.8 (86%), Linux 2.6.32 - 2.6.39 (85%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 12 hops
- Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
- Host script results:
- | dns-blacklist:
- | SPAM
- |_ l2.apews.org - SPAM
- | dns-brute:
- | DNS Brute-force hostnames:
- | ns1.imserver.com.br - 67.225.228.134
- | ns2.imserver.com.br - 72.52.229.187
- | mail.imserver.com.br - 67.225.228.134
- | www.imserver.com.br - 67.225.228.134
- |_ ftp.imserver.com.br - 67.225.228.134
- TRACEROUTE (using port 53/tcp)
- HOP RTT ADDRESS
- 1 89.16 ms 10.250.204.1
- 2 89.20 ms 104.245.145.161
- 3 89.24 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 89.26 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
- 5 89.24 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
- 6 89.30 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
- 7 89.32 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
- 8 89.35 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
- 9 89.37 ms 38.32.96.98
- 10 57.27 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
- 11 82.31 ms lw-dc3-storm1.rtr.liquidweb.com (69.167.128.141)
- 12 137.82 ms srv01.imserver.com.br (67.225.228.134)
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:01 EDT
- NSE: Loaded 164 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 11:01
- Completed NSE at 11:01, 0.00s elapsed
- Initiating NSE at 11:01
- Completed NSE at 11:01, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 11:01
- Completed Parallel DNS resolution of 1 host. at 11:01, 0.02s elapsed
- Initiating SYN Stealth Scan at 11:01
- Scanning srv01.imserver.com.br (67.225.228.134) [1 port]
- Discovered open port 80/tcp on 67.225.228.134
- Completed SYN Stealth Scan at 11:01, 0.13s elapsed (1 total ports)
- Initiating Service scan at 11:01
- Scanning 1 service on srv01.imserver.com.br (67.225.228.134)
- Completed Service scan at 11:02, 6.16s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against srv01.imserver.com.br (67.225.228.134)
- Retrying OS detection (try #2) against srv01.imserver.com.br (67.225.228.134)
- Initiating Traceroute at 11:02
- Completed Traceroute at 11:02, 0.23s elapsed
- Initiating Parallel DNS resolution of 12 hosts. at 11:02
- Completed Parallel DNS resolution of 12 hosts. at 11:02, 0.24s elapsed
- NSE: Script scanning 67.225.228.134.
- Initiating NSE at 11:02
- NSE: [http-wordpress-enum 67.225.228.134:80] got no answers from pipelined queries
- Completed NSE at 11:05, 171.89s elapsed
- Initiating NSE at 11:05
- Completed NSE at 11:05, 2.00s elapsed
- Nmap scan report for srv01.imserver.com.br (67.225.228.134)
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 80/tcp open http Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-brute:
- |_ Path "/" does not require authentication
- |_http-chrono: Request times for /; avg: 16202.33ms; min: 16151.27ms; max: 16278.11ms
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-date: Mon, 09 Sep 2019 15:02:10 GMT; -3s from local time.
- |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-errors: Couldn't find any error pages.
- |_http-feed: Couldn't find any feeds.
- |_http-fetch: Please enter the complete path of the directory to save data in.
- | http-headers:
- | Date: Mon, 09 Sep 2019 15:02:12 GMT
- | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
- | ETag: "200271-a3-580a35a1678c0"
- | Accept-Ranges: bytes
- | Content-Length: 163
- | Vary: Accept-Encoding
- | Connection: close
- | Content-Type: text/html
- |
- |_ (Request type: HEAD)
- | http-iis-short-name-brute:
- | VULNERABLE:
- | Microsoft IIS tilde character "~" short name disclosure and denial of service
- | State: VULNERABLE (Exploitable)
- | Vulnerable IIS servers disclose folder and file names with a Windows 8.3 naming scheme inside the root folder.
- | Shortnames can be used to guess or brute force sensitive filenames. Attackers can exploit this vulnerability to
- | cause a denial of service condition.
- |
- | Extra information:
- |
- | 8.3 filenames found:
- | Folders
- | ~1
- | ~2
- | ~3
- | ~4
- |
- | References:
- | https://www.securityfocus.com/archive/1/523424
- | https://github.com/irsdl/IIS-ShortName-Scanner
- |_ http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
- |_http-jsonp-detection: Couldn't find any JSONP endpoints.
- |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
- | http-methods:
- | Supported Methods: OPTIONS HEAD GET POST TRACE
- |_ Potentially risky methods: TRACE
- |_http-mobileversion-checker: No mobile version detected.
- | http-php-version: Logo query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
- |_Credits query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
- |_http-security-headers:
- | http-sitemap-generator:
- | Directory structure:
- | /
- | Other: 1
- | Longest directory structure:
- | Depth: 0
- | Dir: /
- | Total files found (by extension):
- |_ Other: 1
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- |_http-title: Site doesn't have a title (text/html).
- | http-trace: TRACE is enabled
- | Headers:
- | Date: Mon, 09 Sep 2019 15:02:11 GMT
- | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | Connection: close
- | Transfer-Encoding: chunked
- |_Content-Type: message/http
- | http-vhosts:
- | 125 names had status 200
- | mail.imserver.com.br : 302 -> http://www.masonweb.com.br
- |_www.imserver.com.br : 302 -> http://www.masonweb.com.br
- | http-waf-detect: IDS/IPS/WAF detected:
- |_srv01.imserver.com.br:80/?p4yl04d3=<script>alert(document.cookie)</script>
- |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
- |_http-xssed: No previously reported XSS vuln.
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|firewall|storage-misc
- Running (JUST GUESSING): Linux 2.6.X|3.X (90%), WatchGuard Fireware 11.X (89%), Synology DiskStation Manager 5.X (88%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
- Aggressive OS guesses: Linux 2.6.32 (90%), Linux 2.6.39 (90%), Linux 3.10 (89%), Linux 3.4 (89%), WatchGuard Fireware 11.8 (89%), Linux 3.1 - 3.2 (89%), Synology DiskStation Manager 5.1 (88%), Linux 2.6.32 or 3.10 (87%), Linux 2.6.32 - 2.6.39 (85%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 2.396 days (since Sat Sep 7 01:35:19 2019)
- Network Distance: 12 hops
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 85.27 ms 10.250.204.1
- 2 85.35 ms 104.245.145.161
- 3 85.39 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 85.42 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
- 5 85.47 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
- 6 85.50 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
- 7 85.53 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
- 8 85.57 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
- 9 85.60 ms 38.32.96.98
- 10 56.09 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
- 11 81.66 ms lw-dc3-storm2.rtr.liquidweb.com (69.167.128.145)
- 12 138.00 ms srv01.imserver.com.br (67.225.228.134)
- NSE: Script Post-scanning.
- Initiating NSE at 11:05
- Completed NSE at 11:05, 0.00s elapsed
- Initiating NSE at 11:05
- Completed NSE at 11:05, 0.00s elapsed
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:08 EDT
- NSE: Loaded 164 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 11:08
- Completed NSE at 11:08, 0.00s elapsed
- Initiating NSE at 11:08
- Completed NSE at 11:08, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 11:08
- Completed Parallel DNS resolution of 1 host. at 11:08, 0.02s elapsed
- Initiating SYN Stealth Scan at 11:08
- Scanning srv01.imserver.com.br (67.225.228.134) [1 port]
- Completed SYN Stealth Scan at 11:08, 0.55s elapsed (1 total ports)
- Initiating Service scan at 11:08
- Initiating OS detection (try #1) against srv01.imserver.com.br (67.225.228.134)
- Retrying OS detection (try #2) against srv01.imserver.com.br (67.225.228.134)
- Initiating Traceroute at 11:08
- Completed Traceroute at 11:08, 6.11s elapsed
- Initiating Parallel DNS resolution of 11 hosts. at 11:08
- Completed Parallel DNS resolution of 11 hosts. at 11:08, 0.27s elapsed
- NSE: Script scanning 67.225.228.134.
- Initiating NSE at 11:08
- Completed NSE at 11:08, 0.01s elapsed
- Initiating NSE at 11:08
- Completed NSE at 11:08, 0.00s elapsed
- Nmap scan report for srv01.imserver.com.br (67.225.228.134)
- Host is up.
- PORT STATE SERVICE VERSION
- 443/tcp filtered https
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 89.05 ms 10.250.204.1
- 2 89.09 ms 104.245.145.161
- 3 89.13 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 89.15 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
- 5 89.12 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
- 6 89.18 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
- 7 89.21 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
- 8 89.25 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
- 9 89.23 ms 38.32.96.98
- 10 55.84 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
- 11 83.08 ms lw-dc3-storm2.rtr.liquidweb.com (69.167.128.137)
- 12 ... 30
- NSE: Script Post-scanning.
- Initiating NSE at 11:08
- Completed NSE at 11:08, 0.00s elapsed
- Initiating NSE at 11:08
- Completed NSE at 11:08, 0.00s elapsed
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 11:13 EDT
- NSE: Loaded 47 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 11:13
- Completed NSE at 11:13, 0.00s elapsed
- Initiating NSE at 11:13
- Completed NSE at 11:13, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 11:13
- Completed Parallel DNS resolution of 1 host. at 11:13, 0.02s elapsed
- Initiating UDP Scan at 11:13
- Scanning srv01.imserver.com.br (67.225.228.134) [15 ports]
- Completed UDP Scan at 11:13, 3.50s elapsed (15 total ports)
- Initiating Service scan at 11:13
- Scanning 12 services on srv01.imserver.com.br (67.225.228.134)
- Service scan Timing: About 8.33% done; ETC: 11:29 (0:14:18 remaining)
- Completed Service scan at 11:15, 102.60s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against srv01.imserver.com.br (67.225.228.134)
- Retrying OS detection (try #2) against srv01.imserver.com.br (67.225.228.134)
- Initiating Traceroute at 11:15
- Completed Traceroute at 11:15, 7.08s elapsed
- Initiating Parallel DNS resolution of 1 host. at 11:15
- Completed Parallel DNS resolution of 1 host. at 11:15, 0.00s elapsed
- NSE: Script scanning 67.225.228.134.
- Initiating NSE at 11:15
- Completed NSE at 11:15, 7.12s elapsed
- Initiating NSE at 11:15
- Completed NSE at 11:15, 1.01s elapsed
- Nmap scan report for srv01.imserver.com.br (67.225.228.134)
- Host is up (0.050s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- |_ike-version: ERROR: Script execution failed (use -d to debug)
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 54.83 ms 10.250.204.1
- 2 ... 3
- 4 32.08 ms 10.250.204.1
- 5 97.64 ms 10.250.204.1
- 6 97.63 ms 10.250.204.1
- 7 97.63 ms 10.250.204.1
- 8 97.60 ms 10.250.204.1
- 9 64.32 ms 10.250.204.1
- 10 31.86 ms 10.250.204.1
- 11 ... 18
- 19 59.23 ms 10.250.204.1
- 20 33.07 ms 10.250.204.1
- 21 ... 27
- 28 33.54 ms 10.250.204.1
- 29 ...
- 30 33.89 ms 10.250.204.1
- NSE: Script Post-scanning.
- Initiating NSE at 11:15
- Completed NSE at 11:15, 0.00s elapsed
- Initiating NSE at 11:15
- Completed NSE at 11:15, 0.00s elapsed
- #######################################################################################################################################
- Hosts
- =====
- address mac name os_name os_flavor os_sp purpose info comments
- ------- --- ---- ------- --------- ----- ------- ---- --------
- 67.225.228.134 srv01.imserver.com.br Unknown device
- Services
- ========
- host port proto name state info
- ---- ---- ----- ---- ----- ----
- 67.225.228.134 53 udp domain unknown
- 67.225.228.134 67 udp dhcps unknown
- 67.225.228.134 68 udp dhcpc unknown
- 67.225.228.134 69 udp tftp unknown
- 67.225.228.134 88 udp kerberos-sec unknown
- 67.225.228.134 123 udp ntp unknown
- 67.225.228.134 137 udp netbios-ns filtered
- 67.225.228.134 138 udp netbios-dgm filtered
- 67.225.228.134 139 udp netbios-ssn unknown
- 67.225.228.134 161 udp snmp unknown
- 67.225.228.134 162 udp snmptrap filtered
- 67.225.228.134 389 udp ldap unknown
- 67.225.228.134 500 udp isakmp unknown
- 67.225.228.134 520 udp route unknown
- 67.225.228.134 2049 udp nfs unknown
- #######################################################################################################################################
- Anonymous JTSEC #OpAmazonia Full Recon #24
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement