Anonymous JTSEC #OPkilluminatie full recon #13

1. #######################################################################################################################################
2. Hostname www.glquebec.org ISP eStruxture Data Centers Inc. (AS10929)
3. Continent North America Flag
4. CA
5. Country Canada Country Code CA (CAN)
6. Region QC Local time 24 Mar 2018 17:43 EDT
7. Metropolis Unknown Postal Code H3K
8. City Montr�al Latitude 45.481
9. IP Address 209.44.124.244 Longitude -73.555
10. #######################################################################################################################################
11. HostIP:209.44.124.244
12. HostName:glquebec.org
13.  
14. Gathered Inet-whois information for 209.44.124.244
15. ---------------------------------------------------------------------------------------------------------------------------------------
16.  
17.  
18. inetnum: 209.43.0.0 - 209.162.127.255
19. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
20. descr: IPv4 address block not managed by the RIPE NCC
21. remarks: ------------------------------------------------------
22. remarks:
23. remarks: You can find the whois server to query, or the
24. remarks: IANA registry to query on this web page:
25. remarks: http://www.iana.org/assignments/ipv4-address-space
26. remarks:
27. remarks: You can access databases of other RIRs at:
28. remarks:
29. remarks: AFRINIC (Africa)
30. remarks: http://www.afrinic.net/ whois.afrinic.net
31. remarks:
32. remarks: APNIC (Asia Pacific)
33. remarks: http://www.apnic.net/ whois.apnic.net
34. remarks:
35. remarks: ARIN (Northern America)
36. remarks: http://www.arin.net/ whois.arin.net
37. remarks:
38. remarks: LACNIC (Latin America and the Carribean)
39. remarks: http://www.lacnic.net/ whois.lacnic.net
40. remarks:
41. remarks: IANA IPV4 Recovered Address Space
42. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
43. remarks:
44. remarks: ------------------------------------------------------
45. country: EU # Country is really world wide
46. admin-c: IANA1-RIPE
47. tech-c: IANA1-RIPE
48. status: ALLOCATED UNSPECIFIED
49. mnt-by: RIPE-NCC-HM-MNT
50. mnt-lower: RIPE-NCC-HM-MNT
51. mnt-routes: RIPE-NCC-RPSL-MNT
52. created: 2018-02-15T15:45:10Z
53. last-modified: 2018-02-15T15:45:10Z
54. source: RIPE
55.  
56. role: Internet Assigned Numbers Authority
57. address: see http://www.iana.org.
58. admin-c: IANA1-RIPE
59. tech-c: IANA1-RIPE
60. nic-hdl: IANA1-RIPE
61. remarks: For more information on IANA services
62. remarks: go to IANA web site at http://www.iana.org.
63. mnt-by: RIPE-NCC-MNT
64. created: 1970-01-01T00:00:00Z
65. last-modified: 2001-09-22T09:31:27Z
66. source: RIPE # Filtered
67.  
68. % This query was served by the RIPE Database Query Service version 1.91.1 (BLAARKOP)
69.  
70.  
71.  
72. Gathered Inic-whois information for glquebec.org
73. ---------------------------------------------------------------------------------------------------------------------------------------
74. Domain Name: GLQUEBEC.ORG
75. Registry Domain ID: D78671725-LROR
76. Registrar WHOIS Server: whois.godaddy.com
77. Registrar URL: http://www.godaddy.com
78. Updated Date: 2017-10-17T10:25:50Z
79. Creation Date: 2001-10-16T17:54:17Z
80. Registry Expiry Date: 2018-10-16T17:54:17Z
81. Registrar Registration Expiration Date:
82. Registrar: GoDaddy.com, LLC
83. Registrar IANA ID: 146
84. Registrar Abuse Contact Email: abuse@godaddy.com
85. Registrar Abuse Contact Phone: +1.4806242505
86. Reseller:
87. Domain Status: clientDeleteProhibited https://ic�U@ann.o�����rg�
    /epp#c}Aô�liU@entDe�Aô�le�U@tePro�������hibited�U@
88. Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
89. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
90. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
91. Registry Registrant ID: C195033035-LROR
92. Registrant Name: Grand Secretaire
93. Registrant Organization: Grande Loge du Quebec
94. Registrant Street: 2295 Rue Saint Marc
95. Registrant City: Montreal
96. Registrant State/Province: Quebec
97. Registrant Postal Code: H7Y2H7
98. Registrant Country: CA
99. Registrant Phone: +1.5149336739
100. Registrant Phone Ext:
101. Registrant Fax:
102. Registrant Fax Ext:
103. Registrant Email: admin@glquebec.ca
104. Registry Admin ID: C195033037-LROR
105. Admin Name: Grand Secretaire
106. Admin Organization: Grande Loge du Quebec
107. Admin Street: 2295 Rue Saint Marc
108. Admin City: Montreal
109. Admin State/Province: Quebec
110. Admin Postal Code: H7Y2H7
111. Admin Country: CA
112. Admin Phone: +1.5149336739
113. Admin Phone Ext:
114. Admin Fax:
115. Admin Fax Ext:
116. Admin Email: admin@glquebec.ca
117. Registry Tech ID: C195033036-LROR
118. Tech Name: Grand Secretaire
119. Tech Organization: Grande Loge du Quebec
120. Tech Street: 2295 Rue Saint Marc
121. Tech City: Montreal
122. Tech State/Province: Quebec
123. Tech Postal Code: H7Y2H7
124. Tech Country: CA
125. Tech Phone: +1.5149336739
126. Tech Phone Ext:
127. Tech Fax:
128. Tech Fax Ext:
129. Tech Email: admin@glquebec.ca
130. Name Server: NS17.DNSPRIVE.COM
131. Name Server: NS18.DNSPRIVE.COM
132. DNSSEC: unsigned
133. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
134. >>> Last update of WHOIS database: 2018-03-24T21:45:10Z <<<
135.  
136. For more information on Whois status codes, please visit https://icann.org/epp
137.  
138. Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registra��x���T���tion record `Aô�in the PublDô�ic
     Interest Regis%+@try rNSPRIVE.COM
139. DNSSEC: unsigned
140. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
141. >>> Last update of WHOIS database: 2018-03-24T21:45:10Z <<<
142.  
143. For more information on Whois status codes, please visit https://icann.org/epp
144.  
145. Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public egistry data+base. Th��x���Te data i�Cô�n tDô�his recordGô� is provi`Eô�de�,@d by Public egistry dorg.whois-servers.netata+base. Th��x���Te data i�Cô�n tDô�higlquebec.orgs recordGô� is provi`Eô�de�,@d by Public egistry dorg.whois-servers.netata+base. Th��x���Te data i�Cô�n tDô---------------------------------
146. �higlquebec.orgs recordGô� is provi`Eô�de�,@d by Public egistry dorg.whois-servers.neta`Eô�ta+��x���T@Eô�bGô�se. Th��x��@��Te `Eô�dapEô�ta209.44.124.244 i�Cô�n tDô----glquebec.org-----------------------------
147. #####################################################################################################################################
148. [i] Scanning Site: http://glquebec.org
149.  
150.  
151.  
152. B A S I C I N F O
153. ======================================================================================================================================
154.  
155.  
156. [+] Site Title: Grande Loge du Québec - Grand Lodge of Québec
157. [+] IP address: 209.44.124.244
158. [+] Web Server: Apache
159. [+] CMS: Joomla
160. [+] Cloudflare: Not Detected
161. [+] Robots File: Found
162.  
163. -------------[ contents ]----------------
164. # If the Joomla site is installed within a folder such as at
165. # e.g. www.example.com/joomla/ the robots.txt file MUST be
166. # moved to the site root at e.g. www.example.com/robots.txt
167. # AND the joomla folder name MUST be prefixed to the disallowed
168. # path, e.g. the Disallow rule for the /administrator/ folder
169. # MUST be changed to read Disallow: /joomla/administrator/
170. #
171. # For more information about the robots.txt standard, see:
172. # http://www.robotstxt.org/orig.html
173. #
174. # For syntax checking, see:
175. # http://www.sxw.org.uk/computing/robots/check.html
176.  
177. User-agent: *
178. Disallow: /administrator/
179. Disallow: /cache/
180. Disallow: /cli/
181. Disallow: /components/
182. Disallow: /images/
183. Disallow: /includes/
184. Disallow: /installation/
185. Disallow: /language/
186. Disallow: /libraries/
187. Disallow: /logs/
188. Disallow: /media/
189. Disallow: /modules/
190. Disallow: /plugins/
191. Disallow: /templates/
192. Disallow: /tmp/
193.  
194.  
195. -----------[end of contents]-------------
196.  
197.  
198.  
199. W H O I S L O O K U P
200. ======================================================================================================================================
201.  
202. Domain Name: GLQUEBEC.ORG
203. Registry Domain ID: D78671725-LROR
204. Registrar WHOIS Server: whois.godaddy.com
205. Registrar URL: http://www.godaddy.com
206. Updated Date: 2017-10-17T10:25:50Z
207. Creation Date: 2001-10-16T17:54:17Z
208. Registry Expiry Date: 2018-10-16T17:54:17Z
209. Registrar Registration Expiration Date:
210. Registrar: GoDaddy.com, LLC
211. Registrar IANA ID: 146
212. Registrar Abuse Contact Email: abuse@godaddy.com
213. Registrar Abuse Contact Phone: +1.4806242505
214. Reseller:
215. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
216. Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
217. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
218. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
219. Registry Registrant ID: C195033035-LROR
220. Registrant Name: Grand Secretaire
221. Registrant Organization: Grande Loge du Quebec
222. Registrant Street: 2295 Rue Saint Marc
223. Registrant City: Montreal
224. Registrant State/Province: Quebec
225. Registrant Postal Code: H7Y2H7
226. Registrant Country: CA
227. Registrant Phone: +1.5149336739
228. Registrant Phone Ext:
229. Registrant Fax:
230. Registrant Fax Ext:
231. Registrant Email: admin@glquebec.ca
232. Registry Admin ID: C195033037-LROR
233. Admin Name: Grand Secretaire
234. Admin Organization: Grande Loge du Quebec
235. Admin Street: 2295 Rue Saint Marc
236. Admin City: Montreal
237. Admin State/Province: Quebec
238. Admin Postal Code: H7Y2H7
239. Admin Country: CA
240. Admin Phone: +1.5149336739
241. Admin Phone Ext:
242. Admin Fax:
243. Admin Fax Ext:
244. Admin Email: admin@glquebec.ca
245. Registry Tech ID: C195033036-LROR
246. Tech Name: Grand Secretaire
247. Tech Organization: Grande Loge du Quebec
248. Tech Street: 2295 Rue Saint Marc
249. Tech City: Montreal
250. Tech State/Province: Quebec
251. Tech Postal Code: H7Y2H7
252. Tech Country: CA
253. Tech Phone: +1.5149336739
254. Tech Phone Ext:
255. Tech Fax:
256. Tech Fax Ext:
257. Tech Email: admin@glquebec.ca
258. Name Server: NS17.DNSPRIVE.COM
259. Name Server: NS18.DNSPRIVE.COM
260. DNSSEC: unsigned
261. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
262. >>> Last update of WHOIS database: 2018-03-24T21:44:57Z <<<
263.  
264. For more information on Whois status codes, please visit https://icann.org/epp
265.  
266. Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
267.  
268.  
269.  
270.  
271. G E O I P L O O K U P
272. ====================================================================================================================================
273.  
274. [i] IP Address: 209.44.124.244
275. [i] Country: CA
276. [i] State: Quebec
277. [i] City: Montral
278. [i] Latitude: 45.506100
279. [i] Longitude: -73.557297
280.  
281.  
282.  
283.  
284. H T T P H E A D E R S
285. =======================================================================================================================================
286.  
287.  
288. [i] HTTP/1.1 200 OK
289. [i] Date: Sat, 24 Mar 2018 21:46:01 GMT
290. [i] Server: Apache
291. [i] X-Powered-By: PHP/5.2.17
292. [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
293. [i] Cache-Control: no-cache
294. [i] Pragma: no-cache
295. [i] Set-Cookie: bb4fa0be0e6d3766edda867c462aa6ea=c2a2064136116d8290d3fb8d0884cf3c; path=/
296. [i] Connection: close
297. [i] Content-Type: text/html; charset=utf-8
298.  
299.  
300.  
301.  
302. D N S L O O K U P
303. =====================================================================================================================================
304.  
305. ;; Truncated, retrying in TCP mode.
306. glquebec.org. 100 IN TXT "v=spf1 a mx ip4:209.44.124.240 ~all"
307. glquebec.org. 100 IN MX 10 mail.glquebec.org.
308. glquebec.org. 100 IN A 209.44.124.244
309. glquebec.org. 86400 IN SOA ns17.dnsprive.com. notification.citeglobe.ca. 2017102805 3600 7200 1209600 86400
310. glquebec.org. 86400 IN NS ns18.dnsprive.com.
311. glquebec.org. 86400 IN NS ns17.dnsprive.com.
312.  
313.  
314.  
315.  
316. S U B N E T C A L C U L A T I O N
317. ======================================================================================================================================
318.  
319. Address = 209.44.124.244
320. Network = 209.44.124.244 / 32
321. Netmask = 255.255.255.255
322. Broadcast = not needed on Point-to-Point links
323. Wildcard Mask = 0.0.0.0
324. Hosts Bits = 0
325. Max. Hosts = 1 (2^0 - 0)
326. Host Range = { 209.44.124.244 - 209.44.124.244 }
327.  
328.  
329.  
330. N M A P P O R T S C A N
331. ======================================================================================================================================
332.  
333.  
334. Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-24 21:46 UTC
335. Nmap scan report for glquebec.org (209.44.124.244)
336. Host is up (0.017s latency).
337. rDNS record for 209.44.124.244: mailmilhouse2.dnsprive.com
338. PORT STATE SERVICE VERSION
339. 21/tcp filtered ftp
340. 22/tcp filtered ssh
341. 23/tcp filtered telnet
342. 25/tcp open smtp Postfix smtpd
343. 80/tcp open http Apache httpd 2.2.16 ((Debian))
344. 110/tcp filtered pop3
345. 143/tcp filtered imap
346. 443/tcp filtered https
347. 445/tcp filtered microsoft-ds
348. 3389/tcp filtered ms-wbt-server
349.  
350. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
351. Nmap done: 1 IP address (1 host up) scanned in 15.61 seconds
352.  
353.  
354.  
355. S U B - D O M A I N F I N D E R
356. ======================================================================================================================================
357.  
358.  
359. [i] Total Subdomains Found : 1
360.  
361. [+] Subdomain: www.glquebec.org
362. [-] IP: 209.44.124.244
363. ######################################################################################################################################
364. [!] IP Address : 209.44.124.244
365. [!] Server: Apache
366. [!] Powered By: PHP/5.2.17
367. [+] Clickjacking protection is not in place.
368. [!] www.glquebec.org doesn't seem to use a CMS
369. [+] Honeypot Probabilty: 30%
370. --------------------------------------------------------------------------------------------------------------------------------------
371. [~] Trying to gather whois information for www.glquebec.org
372. [+] Whois information found
373. Updated Date : 2017-10-17 10:25:50, 2017-10-17 10:25:49
374. Status : clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited, clientRenewProhibited https://icann.org/epp#clientRenewProhibited, clientTransferProhibited https://icann.org/epp#clientTransferProhibited, clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited, clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited, clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited, clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited, clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
375. Name : Grand Secretaire, ******** ******** (see Notes section below on how to view unmasked data)
376. Dnssec : unsigned
377. City : Montreal
378. Expiration Date : 2018-10-16 17:54:17
379. Address : 2295 Rue Saint Marc
380. Zipcode : H7Y2H7
381. Domain Name : GLQUEBEC.ORG, glquebec.org
382. Whois Server : whois.godaddy.com
383. State : Quebec
384. Registrar : GoDaddy.com, LLC
385. Referral Url : None
386. Country : CA
387. Name Servers : NS17.DNSPRIVE.COM, NS18.DNSPRIVE.COM
388. Org : Grande Loge du Quebec
389. Creation Date : 2001-10-16 17:54:17
390. Emails : abuse@godaddy.com, admin@glquebec.ca
391. --------------------------------------------------------------------------------------------------------------------------------------
392. PORT STATE SERVICE VERSION
393. 21/tcp filtered ftp
394. 22/tcp filtered ssh
395. 23/tcp filtered telnet
396. 25/tcp open smtp Postfix smtpd
397. 80/tcp open http Apache httpd 2.2.16 ((Debian))
398. 110/tcp filtered pop3
399. 143/tcp filtered imap
400. 443/tcp filtered https
401. 445/tcp filtered microsoft-ds
402. 3389/tcp filtered ms-wbt-server
403. -------------------------------------------------------------------------------------------------------------------------------------
404.  
405. [+] DNS Records
406.  
407. [+] Host Records (A)
408. www.glquebec.orgHTTP: (mailmilhouse2.dnsprive.com) (209.44.124.244) AS10929 Netelligent Hosting Services Inc. Canada
409.  
410. [+] TXT Records
411.  
412. [+] DNS Map: https://dnsdumpster.com/static/map/glquebec.org.png
413.  
414. [>] Initiating 3 intel modules
415. [>] Loading Alpha module (1/3)
416. [>] Beta module deployed (2/3)
417. [>] Gamma module initiated (3/3)
418. No emails found
419. No hosts found
420. [+] Virtual hosts:
421. -----------------
422. [~] Crawling the target for fuzzable URLs
423. [+] Found 2 fuzzable URLs
424. http://www.glquebec.org///?jsn_setmobile=no
425. [~] Using SQLMap api to check for SQL injection vulnerabilities. Don't worry we are using an online service and it doesn't depend on your internet connection. This scan will take 2-3 minutes.
426. [-] None of parameters is vulnerable to SQL injection
427. [+] One or more parameters are vulnerable to XSS
428. [+] These are the URLs having parameters:
429. http://www.glquebec.org///?jsn_setmobile=no
430. http://www.glquebec.org///?jsn_setmobile=yes
431. #####################################################################################################################################
432. [+] Getting nameservers
433. 209.44.124.241 - ns17.dnsprive.com
434. 209.44.124.242 - ns18.dnsprive.com
435. [-] Zone transfer failed
436.  
437. [+] TXT records found
438. "v=spf1 a mx ip4:209.44.124.240 ~all"
439.  
440. [+] MX records found, added to target list
441. 10 mail.glquebec.org.
442.  
443. [*] Scanning glquebec.org for A records
444. 209.44.124.244 - glquebec.org
445. 69.70.139.94 - admin.glquebec.org
446. 209.44.124.244 - ftp.glquebec.org
447. 127.0.0.1 - localhost.glquebec.org
448. 209.44.124.244 - mail.glquebec.org
449. 209.44.124.244 - pop.glquebec.org
450. 209.44.124.244 - smtp.glquebec.org
451. 209.44.124.244 - www.glquebec.org
452. #######################################################################################################################################
453. Ip Address Status Type Domain Name Server
454. ---------- ------ ---- ----------- ------
455. 69.70.139.94 host admin.glquebec.org
456. 209.44.124.244 host ftp.glquebec.org
457. 127.0.0.1 host localhost.glquebec.org
458. 209.44.124.244 host mail.glquebec.org
459. 209.44.124.244 host pop.glquebec.org
460. 209.44.124.244 host smtp.glquebec.org
461. 209.44.124.244 host www.glquebec.org
462. #######################################################################################################################################
463. Original* glquebec.org 209.44.124.244 NS:ns17.dnsprive.com MX:mail.glquebec.org
464. Subdomain glqu.ebec.org 72.52.4.119 NS:ns1.sedoparking.com MX:localhost
465. Subdomain glqueb.ec.org 159.203.80.200
466. Subdomain glquebe.c.org 34.216.49.207
467. ######################################################################################################################################
468. ------------------------------------------------------------------------------------------------------------------------------------
469. + Target IP: 209.44.124.244
470. + Target Hostname: glquebec.org
471. + Target Port: 80
472. + Start Time: 2018-03-24 17:52:36 (GMT-4)
473. ------------------------------------------------------------------------------------------------------------------------------------
474. + Server: Apache
475. + Cookie bb4fa0be0e6d3766edda867c462aa6ea created without the httponly flag
476. + Retrieved x-powered-by header: PHP/5.2.17
477. + The anti-clickjacking X-Frame-Options header is not present.
478. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
479. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
480. + Cookie 962d4c090c97bbd707d9c1bb7f47e803 created without the httponly flag
481. + Entry '/administrator/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
482. + Entry '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
483. + Entry '/cli/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
484. + Entry '/components/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
485. + Entry '/images/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
486. + Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
487. + Entry '/language/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
488. + Entry '/libraries/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
489. + Entry '/logs/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
490. + Entry '/media/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
491. + Entry '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
492. + Entry '/plugins/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
493. + Entry '/templates/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
494. + Entry '/tmp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
495. + "robots.txt" contains 15 entries which should be manually viewed.
496. + /crossdomain.xml contains 1 line which include the following domains: *.cooliris.com
497. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
498. + Server banner has changed from 'Apache' to 'Apache/2.2.16 (Debian)' which may suggest a WAF, load balancer or proxy is in place
499. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Operation now in progress
500. + Scan terminated: 20 error(s) and 23 item(s) reported on remote host
501. + End Time: 2018-03-24 18:12:44 (GMT-4) (1208 seconds)
502. ---------------------------------------------------------------------------
503. #######################################################################################################################################
504. Server: 10.211.254.254
505. Address: 10.211.254.254#53
506.  
507. Non-authoritative answer:
508. Name: glquebec.org
509. Address: 209.44.124.244
510.  
511. glquebec.org has address 209.44.124.244
512. glquebec.org mail is handled by 10 mail.glquebec.org.
513. =======================================================================================================================================
514. CHECKING OS FINGERPRINT
515. ======================================================================================================================================
516.  
517. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
518.  
519. [+] Target is glquebec.org
520. [+] Loading modules.
521. [+] Following modules are loaded:
522. [x] [1] ping:icmp_ping - ICMP echo discovery module
523. [x] [2] ping:tcp_ping - TCP-based ping discovery module
524. [x] [3] ping:udp_ping - UDP-based ping discovery module
525. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
526. [x] [5] infogather:portscan - TCP and UDP PortScanner
527. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
528. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
529. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
530. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
531. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
532. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
533. [x] [12] fingerprint:smb - SMB fingerprinting module
534. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
535. [+] 13 modules registered
536. [+] Initializing scan engine
537. [+] Running scan engine
538. [-] ping:tcp_ping module: no closed/open TCP ports known on 209.44.124.244. Module test failed
539. [-] ping:udp_ping module: no closed/open UDP ports known on 209.44.124.244. Module test failed
540. [-] No distance calculation. 209.44.124.244 appears to be dead or no ports known
541. [+] Host: 209.44.124.244 is down (Guess probability: 0%)
542. [+] Cleaning up scan engine
543. [+] Modules deinitialized
544. [+] Execution completed.
545. ######################################################################################################################################
546.  
547.  
548. ; <<>> DiG 9.11.2-P1-1-Debian <<>> -x glquebec.org
549. ;; global options: +cmd
550. ;; Got answer:
551. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36716
552. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
553.  
554. ;; OPT PSEUDOSECTION:
555. ; EDNS: version: 0, flags:; udp: 4096
556. ;; QUESTION SECTION:
557. ;org.glquebec.in-addr.arpa. IN PTR
558.  
559. ;; AUTHORITY SECTION:
560. in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2018013276 1800 900 604800 3600
561.  
562. ;; Query time: 665 msec
563. ;; SERVER: 10.211.254.254#53(10.211.254.254)
564. ;; WHEN: Sat Mar 24 18:05:40 EDT 2018
565. ;; MSG SIZE rcvd: 122
566.  
567. dnsenum VERSION:1.2.4
568.  
569. ----- glquebec.org -----
570.  
571.  
572. Host's addresses:
573. __________________
574.  
575. glquebec.org. 100 IN A 209.44.124.244
576.  
577.  
578. Name Servers:
579. ______________
580.  
581. ns17.dnsprive.com. 13194 IN A 209.44.124.241
582. ns18.dnsprive.com. 13194 IN A 209.44.124.242
583.  
584.  
585. Mail (MX) Servers:
586. ___________________
587.  
588. mail.glquebec.org. 83 IN A 209.44.124.244
589.  
590.  
591. Trying Zone Transfers and getting Bind Versions:
592. _________________________________________________
593.  
594.  
595. Trying Zone Transfer for glquebec.org on ns17.dnsprive.com ...
596.  
597. Trying Zone Transfer for glquebec.org on ns18.dnsprive.com ...
598.  
599. brute force file not specified, bay.
600.  
601. #######################################################################################################################################
602. # Coded By Ahmed Aboul-Ela - @aboul3la
603.  
604. [-] Enumerating subdomains now for glquebec.org
605. [-] verbosity is enabled, will show the subdomains results in realtime
606. [-] Searching now in Baidu..
607. [-] Searching now in Yahoo..
608. [-] Searching now in Google..
609. [-] Searching now in Bing..
610. [-] Searching now in Ask..
611. [-] Searching now in Netcraft..
612. [-] Searching now in DNSdumpster..
613. [-] Searching now in Virustotal..
614. [-] Searching now in ThreatCrowd..
615. [-] Searching now in SSL Certificates..
616. [-] Searching now in PassiveDNS..
617. SSL Certificates: mail.glquebec.org
618. SSL Certificates: www.glquebec.org
619. Virustotal: www.glquebec.org
620. DNSdumpster: mail.glquebec.org
621. DNSdumpster: www.glquebec.org
622. Yahoo: www.glquebec.org
623. [-] Saving results to file: /usr/share/sniper/loot/glquebec.org/domains/domains-glquebec.org.txt
624. [-] Total Unique Subdomains Found: 2
625. www.glquebec.org
626. mail.glquebec.org
627.  
628. #######################################################################################################################################
629. Using nameservers:
630.  
631. - 209.44.124.242
632. - 209.44.124.241
633.  
634. Checking for wildcard DNS... Done
635.  
636. Running collector: Certificate Search... Done (2 hosts)
637. Running collector: Google Transparency Report... Done (0 hosts)
638. Running collector: Shodan... Skipped
639. -> Key 'shodan' has not been set
640. Running collector: Dictionary... Done (27 hosts)
641. Running collector: PassiveTotal... Skipped
642. -> Key 'passivetotal_key' has not been set
643. Running collector: DNSDB... Done (2 hosts)
644. Running collector: Threat Crowd... Done (0 hosts)
645. Running collector: VirusTotal... Skipped
646. -> Key 'virustotal' has not been set
647. Running collector: Netcraft... Done (0 hosts)
648. Running collector: Riddler... Skipped
649. -> Key 'riddler_username' has not been set
650. Running collector: PTRArchive... Error
651. -> PTRArchive returned unexpected response code: 502
652. Running collector: Wayback Machine... Done (8 hosts)
653. Running collector: Censys... Skipped
654. -> Key 'censys_secret' has not been set
655. Running collector: PublicWWW... Done (2 hosts)
656. Running collector: HackerTarget... Done (2 hosts)
657.  
658. Resolving 37 unique hosts...
659. 209.44.124.244 .glquebec.org
660. 209.44.124.244 glquebec.org
661. 209.44.124.244 mail.glquebec.org
662. 209.44.124.244 www.glquebec.org
663.  
664. Found subnets:
665.  
666. - 209.44.124.0-255 : 4 hosts
667.  
668. Wrote 4 hosts to:
669.  
670. - file:///root/aquatone/glquebec.org/hosts.txt
671. - file:///root/aquatone/glquebec.org/hosts.json
672. __
673. ____ _____ ___ ______ _/ /_____ ____ ___
674. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
675. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
676. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
677. /_/ takeover v0.5.0 - by @michenriksen
678.  
679. Loaded 4 hosts from /root/aquatone/glquebec.org/hosts.json
680. Loaded 25 domain takeover detectors
681.  
682. Identifying nameservers for glquebec.org... Done
683. Using nameservers:
684.  
685. - 209.44.124.242
686. - 209.44.124.241
687.  
688. Checking hosts for domain takeover vulnerabilities...
689.  
690. Finished checking hosts:
691.  
692. - Vulnerable : 0
693. - Not Vulnerable : 4
694.  
695. Wrote 0 potential subdomain takeovers to:
696.  
697. - file:///root/aquatone/glquebec.org/takeovers.json
698.  
699. __
700. ____ _____ ___ ______ _/ /_____ ____ ___
701. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
702. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
703. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
704. /_/ scan v0.5.0 - by @michenriksen
705.  
706. Loaded 4 hosts from /root/aquatone/glquebec.org/hosts.json
707.  
708. Probing 2 ports...
709.  
710. Wrote open ports to file:///root/aquatone/glquebec.org/open_ports.txt
711. Wrote URLs to file:///root/aquatone/glquebec.org/urls.txt
712. __
713. ____ _____ ___ ______ _/ /_____ ____ ___
714. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
715. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
716. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
717. /_/ gather v0.5.0 - by @michenriksen
718.  
719. ######################################################################################################################################
720. [+] Emails found:
721. ------------------
722. info@glquebec.org
723. tech@glquebec.org
724.  
725. [+] Hosts found in search engines:
726. ------------------------------------
727. [-] Resolving hostnames IPs...
728. 209.44.124.244:www.glquebec.org
729. [+] Virtual hosts:
730. ==================
731. 209.44.124.244 www.glquebec.org
732. 209.44.124.244 desintox.net
733. 209.44.124.244 www.boreallabrador.com
734. 209.44.124.244 www.physiotherapie-rawdon.com
735. 209.44.124.244 www.fleuriste-st-martin.com
736. 209.44.124.244 www.sexologuemontreal.com
737. 209.44.124.244 maison-a-louer-floride.com
738. 209.44.124.244 www.em3e.com
739. 209.44.124.244 www.musiciensmontreal.com
740. 209.44.124.244 www.unitestmartin.org
741. 209.44.124.244 www.ndeauvive.org
742. 209.44.124.244 tisserande-charlevoix.com
743. 209.44.124.244 goveganic.net
744. #######################################################################################################################################
745. ====================================================================================
746. PINGING HOST
747. ====================================================================================
748. PING glquebec.org (209.44.124.244) 56(84) bytes of data.
749.  
750. --- glquebec.org ping statistics ---
751. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
752.  
753.  
754. ====================================================================================
755. RUNNING TCP PORT SCAN
756. ====================================================================================
757.  
758. Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-24 18:16 EDT
759. Nmap done: 1 IP address (1 host up) scanned in 25.70 seconds
760. ====================================================================================
761. RUNNING UDP PORT SCAN
762. ====================================================================================
763.  
764. Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-24 18:16 EDT
765. Nmap scan report for glquebec.org (209.44.124.244)
766. Host is up.
767. rDNS record for 209.44.124.244: mailmilhouse2.dnsprive.com
768.  
769. PORT STATE SERVICE
770. 53/udp open|filtered domain
771. 67/udp open|filtered dhcps
772. 68/udp open|filtered dhcpc
773. 69/udp open|filtered tftp
774. 88/udp open|filtered kerberos-sec
775. 123/udp open|filtered ntp
776. 137/udp open|filtered netbios-ns
777. 138/udp open|filtered netbios-dgm
778. 139/udp open|filtered netbios-ssn
779. 161/udp open|filtered snmp
780. 162/udp open|filtered snmptrap
781. 389/udp open|filtered ldap
782. 520/udp open|filtered route
783. 2049/udp open|filtered nfs
784. ######################################################################################################################################
785. oooooo oooo .o. .oooooo..o ooooo ooo .oooooo.
786. `888. .8' .888. d8P' `Y8 `888' `8' d8P' `Y8b
787. `888. .8' .88888. Y88bo. 888 8 888 888
788. `888.8' .8' `888. `ZY8888o. 888 8 888 888
789. `888' .88ooo8888. `0Y88b 888 8 888 888
790. 888 .8' `888. oo .d8P `88. .8' `88b d88'
791. o888o o88o o8888o 88888888P' `YbodP' `Y8bood8P'
792. Welcome to Yasuo v2.3
793. Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
794. ######################################################################################################################################
795.  
796. I, [2018-03-24T18:16:34.955081 #19029] INFO -- : Initiating port scan
797. I, [2018-03-24T18:16:38.979049 #19029] INFO -- : Using nmap scan output file logs/nmap_output_2018-03-24_18-16-34.xml
798. ######################################################################################################################################
799. Anonymous JTSEC #OPkilluminatie full recon #13