#OpISIS // 12

1. //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
2.  
3. // Hostname : gazwah.net
4. // IP Address : 82.221.136.4
5.  
6. //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
7.  
8. HTTP Request Header :
9. GET / HTTP/1.1
10. User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
11. Host gazwah.net
12. Referer http://1-hit.com/
13. Accept-Language en-US,en;q=0.5
14. Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
15. Connection keep-alive
16. Cache-Control max-age=0
17.  
18. HTTP Response Header :
19. HTTP/1.1 200 OK
20. Content-Type text/html; charset=UTF-8
21. Link ; rel="https://api.w.org/"
22. Transfer-Encoding chunked
23. Date Fri, 13 Dec 2019 06:46:02 GMT
24. Server LiteSpeed
25. Connection close
26.  
27. //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
28.  
29. Scanning gazwah.net (82.221.136.4) [1000 ports]
30. Discovered open port 3306/tcp on 82.221.136.4
31. Discovered open port 80/tcp on 82.221.136.4
32. Discovered open port 995/tcp on 82.221.136.4
33. Discovered open port 993/tcp on 82.221.136.4
34. Discovered open port 587/tcp on 82.221.136.4
35. Discovered open port 8888/tcp on 82.221.136.4
36. Discovered open port 25/tcp on 82.221.136.4
37. Discovered open port 110/tcp on 82.221.136.4
38. Discovered open port 443/tcp on 82.221.136.4
39. Discovered open port 21/tcp on 82.221.136.4
40. Discovered open port 143/tcp on 82.221.136.4
41. Discovered open port 53/tcp on 82.221.136.4
42. Discovered open port 465/tcp on 82.221.136.4
43.  
44. rDNS record for 82.221.136.4: hekla.orangewebsite.com
45.  
46. PORT STATE SERVICE VERSION
47. 21/tcp open ftp Pure-FTPd
48. | ssl-cert: Subject: commonName=*.orangewebsite.com
49. | Subject Alternative Name: DNS:*.orangewebsite.com, DNS:orangewebsite.com
50. | Issuer: commonName=RapidSSL RSA CA 2018/organizationName=DigiCert Inc/countryName=US
51. | Public Key type: rsa
52. | Public Key bits: 2048
53. | Signature Algorithm: sha256WithRSAEncryption
54. | Not valid before: 2019-10-05T00:00:00
55. | Not valid after: 2021-11-03T12:00:00
56. | MD5: a0b8 d2a7 d6e1 2a7b 0747 fcfb 1843 aff1
57. |_SHA-1: 1e4f 4e30 e91a 0e8e 09fb 4f16 ab3b 036d d896 5e19
58. |_ssl-date: 2019-12-13T06:36:36+00:00; +30s from scanner time.
59. 25/tcp open smtp?
60. |_smtp-commands: Couldn't establish connection on port 25
61. 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
62. | dns-nsid:
63. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
64. 80/tcp open http LiteSpeed httpd
65. |_http-favicon: Unknown favicon MD5: 125609C0D980962B0EE660E27B4F64DC
66. |_http-generator: WordPress 5.3.1
67. | http-methods:
68. |_ Supported Methods: GET HEAD POST OPTIONS
69. |_http-server-header: LiteSpeed
70. |_http-title: GazwatulHind | \xE0\xA6\x97\xE0\xA6\xBE\xE0\xA6\x9C\xE0\xA6\x93\xE0\xA7\x9F\xE0\xA6\xBE\xE0\xA6\xA4\xE0\xA7\x81\xE0\xA6\xB2 \xE0\xA6\xB9\xE0\xA6\xBF\xE0\xA6\xA8\xE0\xA7\x8D\xE0\xA6\xA6
71. 110/tcp open pop3 Dovecot pop3d
72. |_pop3-capabilities: RESP-CODES AUTH-RESP-CODE PIPELINING USER UIDL SASL(PLAIN LOGIN) STLS CAPA TOP
73. |_ssl-date: 2019-12-13T06:36:37+00:00; +31s from scanner time.
74. 143/tcp open imap Dovecot imapd
75. |_imap-capabilities: ENABLE LITERAL+ OK AUTH=LOGINA0001 IDLE Pre-login NAMESPACE IMAP4rev1 SASL-IR AUTH=PLAIN ID listed post-login LOGIN-REFERRALS capabilities have more STARTTLS
76. |_ssl-date: 2019-12-13T06:36:37+00:00; +31s from scanner time.
77. 443/tcp open ssl/http LiteSpeed httpd
78. |_http-generator: WordPress 5.3.1
79. | http-methods:
80. |_ Supported Methods: GET HEAD POST OPTIONS
81. |_http-server-header: LiteSpeed
82. |_http-title: GazwatulHind | \xE0\xA6\x97\xE0\xA6\xBE\xE0\xA6\x9C\xE0\xA6\x93\xE0\xA7\x9F\xE0\xA6\xBE\xE0\xA6\xA4\xE0\xA7\x81\xE0\xA6\xB2 \xE0\xA6\xB9\xE0\xA6\xBF\xE0\xA6\xA8\xE0\xA7\x8D\xE0\xA6\xA6
83. | ssl-cert: Subject: commonName=gazwah.net
84. | Subject Alternative Name: DNS:gazwah.net, DNS:mail.gazwah.net, DNS:www.gazwah.net
85. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
86. | Public Key type: rsa
87. | Public Key bits: 2048
88. | Signature Algorithm: sha256WithRSAEncryption
89. | Not valid before: 2019-10-24T01:51:10
90. | Not valid after: 2020-01-22T01:51:10
91. | MD5: 2f0e 9a36 956a 2e7d 2c11 0a13 f4b3 7f1e
92. |_SHA-1: d870 c537 267f d7d0 eefc 1345 fa9b 6f9a 358a a7e0
93. |_ssl-date: 2019-12-13T06:36:28+00:00; +31s from scanner time.
94. | tls-alpn:
95. | h2
96. | spdy/3
97. | spdy/2
98. |_ http/1.1
99. 465/tcp open ssl/smtp Exim smtpd 4.92
100. | smtp-commands: hekla.orangewebsite.com Hello gazwah.net, SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
101. |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
102. | ssl-cert: Subject: commonName=gazwah.net
103. | Subject Alternative Name: DNS:gazwah.net, DNS:mail.gazwah.net, DNS:www.gazwah.net
104. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
105. | Public Key type: rsa
106. | Public Key bits: 2048
107. | Signature Algorithm: sha256WithRSAEncryption
108. | Not valid before: 2019-10-24T01:51:10
109. | Not valid after: 2020-01-22T01:51:10
110. | MD5: 2f0e 9a36 956a 2e7d 2c11 0a13 f4b3 7f1e
111. |_SHA-1: d870 c537 267f d7d0 eefc 1345 fa9b 6f9a 358a a7e0
112. |_ssl-date: 2019-12-13T06:36:28+00:00; +31s from scanner time.
113. 587/tcp open smtp Exim smtpd 4.92
114. | smtp-commands: hekla.orangewebsite.com Hello gazwah.net, SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
115. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
116. | ssl-cert: Subject: commonName=gazwah.net
117. | Subject Alternative Name: DNS:gazwah.net, DNS:mail.gazwah.net, DNS:www.gazwah.net
118. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
119. | Public Key type: rsa
120. | Public Key bits: 2048
121. | Signature Algorithm: sha256WithRSAEncryption
122. | Not valid before: 2019-10-24T01:51:10
123. | Not valid after: 2020-01-22T01:51:10
124. | MD5: 2f0e 9a36 956a 2e7d 2c11 0a13 f4b3 7f1e
125. |_SHA-1: d870 c537 267f d7d0 eefc 1345 fa9b 6f9a 358a a7e0
126. |_ssl-date: 2019-12-13T06:36:29+00:00; +31s from scanner time.
127. 993/tcp open ssl/imaps?
128. |_ssl-date: 2019-12-13T06:36:28+00:00; +31s from scanner time.
129. 995/tcp open ssl/pop3s?
130. |_ssl-date: 2019-12-13T06:36:28+00:00; +31s from scanner time.
131. 3306/tcp open mysql MySQL 5.6.45
132. | mysql-info:
133. | Protocol: 10
134. | Version: 5.6.45
135. | Thread ID: 51308290
136. | Capabilities flags: 63487
137. | Some Capabilities: SupportsTransactions, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, Support41Auth, ODBCClient, SupportsLoadDataLocal, LongColumnFlag, IgnoreSigpipes, SupportsCompression, FoundRows, LongPassword, InteractiveClient, ConnectWithDatabase, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
138. | Status: Autocommit
139. | Salt: <?cUaga2tral{G.P)w?q
140. |_ Auth Plugin Name: mysql_native_password
141. 8888/tcp open sun-answerbook?
142. | fingerprint-strings:
143. | FourOhFourRequest, GetRequest, HTTPOptions, LSCP:
144. | HTTP/1.1 403 OK
145. | Content-type: text/html
146. | <u></u><head>
147. | <title>Unauthorized Access</title>
148. | </head>
149. | <body>
150. | <img src="csf_small.png" />
151. | <h1>Your connection to this server has been blocked in this server's firewall.</h1>
152. | <p>You need to contact the server owner for further information.</p>
153. | <p>Your blocked IP address is <b></b></p>
154. | <p>This server's hostname is <b>hekla.orangewebsite.com</b></p>
155. |_ </body>
156.  
157.  
158. //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
159.  
160. Domain Information
161. Domain: gazwah.net
162. Registrar: Internet Domain Service BS Corp
163. Registered On: 2017-07-08
164. Expires On: 2020-07-08
165. Updated On: 2019-07-10
166. Status: clientTransferProhibited
167. Name Servers: ns3.orangewebsite.com
168. ns4.orangewebsite.com
169.  
170. Registrant Contact
171. Name: Domain Admin
172. Organization: Whois Privacy Corp.
173. Street: Ocean Centre, Montagu Foreshore, East Bay Street
174. City: Nassau
175. State: New Providence
176. Country: BS
177. Phone: +1.5163872248
178. Email: [email protected]
179.  
180. Administrative Contact
181. Name: Domain Admin
182. Organization: Whois Privacy Corp.
183. Street: Ocean Centre, Montagu Foreshore, East Bay Street
184. City: Nassau
185. State: New Providence
186. Country: BS
187. Phone: +1.5163872248
188. Email: [email protected]
189.  
190. Technical Contact
191. Name: Domain Admin
192. Organization: Whois Privacy Corp.
193. Street: Ocean Centre, Montagu Foreshore, East Bay Street
194. City: Nassau
195. State: New Providence
196. Country: BS
197. Phone: +1.5163872248
198. Email: [email protected]
199.  
200. //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////