Anonymous JTSEC #OpIsis Full Recon #4

1. #######################################################################################################################################
2. Hostname alfetn.com ISP ColoCrossing
3. Continent North America Flag
4. US
5. Country United States Country Code US
6. Region New York Local time 28 Jan 2019 04:29 EST
7. City Buffalo Postal Code 14202
8. IP Address 23.94.17.37 Latitude 42.886
9. Longitude -78.878
10.  
11. #######################################################################################################################################
12. > alfetn.com
13. Server: 38.132.106.139
14. Address: 38.132.106.139#53
15.  
16. Non-authoritative answer:
17. Name: alfetn.com
18. Address: 23.94.17.37
19. >
20. #######################################################################################################################################
21. HostIP:23.94.17.37
22. HostName:alfetn.com
23.  
24. Gathered Inet-whois information for 23.94.17.37
25. ---------------------------------------------------------------------------------------------------------------------------------------
26.  
27.  
28. inetnum: 23.83.128.0 - 23.105.223.255
29. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
30. descr: IPv4 address block not managed by the RIPE NCC
31. remarks: ------------------------------------------------------
32. remarks:
33. remarks: For registration information,
34. remarks: you can consult the following sources:
35. remarks:
36. remarks: IANA
37. remarks: http://www.iana.org/assignments/ipv4-address-space
38. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
39. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
40. remarks:
41. remarks: AFRINIC (Africa)
42. remarks: http://www.afrinic.net/ whois.afrinic.net
43. remarks:
44. remarks: APNIC (Asia Pacific)
45. remarks: http://www.apnic.net/ whois.apnic.net
46. remarks:
47. remarks: ARIN (Northern America)
48. remarks: http://www.arin.net/ whois.arin.net
49. remarks:
50. remarks: LACNIC (Latin America and the Carribean)
51. remarks: http://www.lacnic.net/ whois.lacnic.net
52. remarks:
53. remarks: ------------------------------------------------------
54. country: EU # Country is really world wide
55. admin-c: IANA1-RIPE
56. tech-c: IANA1-RIPE
57. status: ALLOCATED UNSPECIFIED
58. mnt-by: RIPE-NCC-HM-MNT
59. created: 2019-01-07T10:48:39Z
60. last-modified: 2019-01-07T10:48:39Z
61. source: RIPE
62.  
63. role: Internet Assigned Numbers Authority
64. address: see http://www.iana.org.
65. admin-c: IANA1-RIPE
66. tech-c: IANA1-RIPE
67. nic-hdl: IANA1-RIPE
68. remarks: For more information on IANA services
69. remarks: go to IANA web site at http://www.iana.org.
70. mnt-by: RIPE-NCC-MNT
71. created: 1970-01-01T00:00:00Z
72. last-modified: 2001-09-22T09:31:27Z
73. source: RIPE # Filtered
74.  
75. % This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)
76.  
77.  
78.  
79. Gathered Inic-whois information for alfetn.com
80. ---------------------------------------------------------------------------------------------------------------------------------------
81. Domain Name: ALFETN.COM
82. Registry Domain ID: 131847531_DOMAIN_COM-VRSN
83. Registrar WHOIS Server: whois.godaddy.com
84. Registrar URL: http://www.godaddy.com
85. Updated Date: 2017-08-23T20:52:59Z
86. Creation Date: 2004-10-05T14:50:10Z
87. Registry Expiry Date: 2019-10-05T14:50:10Z
88. Registrar: GoDaddy.com, LLC
89. Registrar IANA ID: 146
90. Registrar Abuse Contact Email: abuse@godaddy.com
91. Registrar Abuse Contact Phone: 480-624-2505
92. Domain Status: ok https://icann.org/epp#ok
93. Name Server: NS1.ALFETN.COM
94. Name Server: NS2.ALFETN.COM
95. DNSSEC: unsigned
96. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
97. >>> Last update of whois database: 2019-01-28T09:34:58Z <<<
98.  
99. For more information on Whois status codes, please visit https://icann.org/epp
100.  
101. NOTICE: The expiration date displayed in this record is the date the
102. registrar's sponsorship of the domain name registration in the registry is
103. currently set to expire. This date does not necessarily reflect the expiration
104. date of the domain name registrant's agreement with the sponsoring
105. registrar. Users may consult the sponsoring registrar's Whois database to
106. view the registrar's reported date of expiration for this registration.
107.  
108. TERMS OF USE: You are not authorized to access or query our Whois
109. database through the use of electronic processes that are high-volume and
110. automated except as reasonably necessary to register domain names or
111. modify existing registrations; the Data in VeriSign Global Registry
112. Services' ("VeriSign") Whois database is provided by VeriSign for
113. information purposes only, and to assist persons in obtaining information
114. about or related to a domain name registration record. VeriSign does not
115. guarantee its accuracy. By submitting a Whois query, you agree to abide
116. by the following terms of use: You agree that you may use this Data only
117. for lawful purposes and that under no circumstances will you use this Data
118. to: (1) allow, enable, or otherwise support the transmission of mass
119. unsolicited, commercial advertising or solicitations via e-mail, telephone,
120. or facsimile; or (2) enable high volume, automated, electronic processes
121. that apply to VeriSign (or its computer systems). The compilation,
122. repackaging, dissemination or other use of this Data is expressly
123. prohibited without the prior written consent of VeriSign. You agree not to
124. use electronic processes that are automated and high-volume to access or
125. query the Whois database except as reasonably necessary to register
126. domain names or modify existing registrations. VeriSign reserves the right
127. to restrict your access to the Whois database in its sole discretion to ensure
128. operational stability. VeriSign may restrict or terminate your access to the
129. Whois database for failure to abide by these terms of use. VeriSign
130. reserves the right to modify these terms at any time.
131.  
132. The Registry database contains ONLY .COM, .NET, .EDU domains and
133. Registrars.
134.  
135. Gathered Netcraft information for alfetn.com
136. ---------------------------------------------------------------------------------------------------------------------------------------
137.  
138. Retrieving Netcraft.com information for alfetn.com
139. Netcraft.com Information gathered
140.  
141. Gathered Subdomain information for alfetn.com
142. ---------------------------------------------------------------------------------------------------------------------------------------
143. Searching Google.com:80...
144. HostName:ns1.alfetn.com
145. HostIP:23.94.17.37
146. HostName:www.alfetn.com
147. HostIP:23.94.17.37
148. Searching Altavista.com:80...
149. Found 2 possible subdomain(s) for host alfetn.com, Searched 0 pages containing 0 results
150.  
151. Gathered E-Mail information for alfetn.com
152. --------------------------------------------------------------------------------------------------------------------------------------
153. Searching Google.com:80...
154. Searching Altavista.com:80...
155. Found 0 E-Mail(s) for host alfetn.com, Searched 0 pages containing 0 results
156.  
157. Gathered TCP Port information for 23.94.17.37
158. ---------------------------------------------------------------------------------------------------------------------------------------
159.  
160. Port State
161.  
162. 21/tcp open
163. 53/tcp open
164. 80/tcp open
165. 110/tcp open
166. 143/tcp open
167.  
168. Portscan Finished: Scanned 150 ports, 144 ports were in state closed
169. #######################################################################################################################################
170. [i] Scanning Site: http://alfetn.com
171.  
172.  
173.  
174. B A S I C I N F O
175. =======================================================================================================================================
176.  
177.  
178. [+] Site Title: &THORN;&Ntilde;&iacute;&Egrave;&Ccedil;&eth; &atilde;&auml;&Ecirc;&Iuml;&iacute;&Ccedil;&Ecirc; &Ccedil;&aacute;&atilde;&aacute;&Ccedil;&Iacute;&atilde; &aelig; &Ccedil;&aacute;&Yacute;&Ecirc;&auml;
179. [+] IP address: 23.94.17.37
180. [+] Web Server: Could Not Detect
181. [+] CMS: Could Not Detect
182. [+] Cloudflare: Not Detected
183. [+] Robots File: Could NOT Find robots.txt!
184.  
185.  
186.  
187.  
188. W H O I S L O O K U P
189. =======================================================================================================================================
190.  
191. Domain Name: ALFETN.COM
192. Registry Domain ID: 131847531_DOMAIN_COM-VRSN
193. Registrar WHOIS Server: whois.godaddy.com
194. Registrar URL: http://www.godaddy.com
195. Updated Date: 2017-08-23T20:52:59Z
196. Creation Date: 2004-10-05T14:50:10Z
197. Registry Expiry Date: 2019-10-05T14:50:10Z
198. Registrar: GoDaddy.com, LLC
199. Registrar IANA ID: 146
200. Registrar Abuse Contact Email: abuse@godaddy.com
201. Registrar Abuse Contact Phone: 480-624-2505
202. Domain Status: ok https://icann.org/epp#ok
203. Name Server: NS1.ALFETN.COM
204. Name Server: NS2.ALFETN.COM
205. DNSSEC: unsigned
206. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
207. >>> Last update of whois database: 2019-01-28T09:35:13Z <<<
208.  
209. For more information on Whois status codes, please visit https://icann.org/epp
210.  
211.  
212.  
213. The Registry database contains ONLY .COM, .NET, .EDU domains and
214. Registrars.
215.  
216.  
217.  
218.  
219. G E O I P L O O K U P
220. ======================================================================================================================================
221.  
222. [i] IP Address: 23.94.17.37
223. [i] Country: United States
224. [i] State: New York
225. [i] City: Buffalo
226. [i] Latitude: 42.8864
227. [i] Longitude: -78.8781
228.  
229.  
230.  
231.  
232. H T T P H E A D E R S
233. ======================================================================================================================================
234.  
235.  
236. [i] HTTP/1.1 200 OK
237. [i] Date: Mon, 28 Jan 2019 09:39:57 GMT
238. [i] Content-Type: text/html
239. [i] Vary: Accept-Encoding
240. [i] Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
241. [i] Connection: close
242.  
243.  
244.  
245.  
246. D N S L O O K U P
247. =======================================================================================================================================
248.  
249. alfetn.com. 14399 IN TXT "v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all"
250. alfetn.com. 14399 IN MX 0 alfetn.com.
251. alfetn.com. 21599 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
252. alfetn.com. 21599 IN NS ns1.alfetn.com.
253. alfetn.com. 21599 IN NS ns2.alfetn.com.
254. alfetn.com. 14399 IN A 23.94.17.37
255.  
256.  
257.  
258.  
259. S U B N E T C A L C U L A T I O N
260. =======================================================================================================================================
261.  
262. Address = 23.94.17.37
263. Network = 23.94.17.37 / 32
264. Netmask = 255.255.255.255
265. Broadcast = not needed on Point-to-Point links
266. Wildcard Mask = 0.0.0.0
267. Hosts Bits = 0
268. Max. Hosts = 1 (2^0 - 0)
269. Host Range = { 23.94.17.37 - 23.94.17.37 }
270.  
271.  
272.  
273. N M A P P O R T S C A N
274. =======================================================================================================================================
275.  
276.  
277. Starting Nmap 7.40 ( https://nmap.org ) at 2019-01-28 09:35 UTC
278. Nmap scan report for alfetn.com (23.94.17.37)
279. Host is up (0.011s latency).
280. rDNS record for 23.94.17.37: host.colocrossing.com
281. PORT STATE SERVICE
282. 21/tcp open ftp
283. 22/tcp closed ssh
284. 23/tcp closed telnet
285. 80/tcp open http
286. 110/tcp open pop3
287. 143/tcp open imap
288. 443/tcp open https
289. 3389/tcp closed ms-wbt-server
290.  
291. Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
292.  
293.  
294.  
295. S U B - D O M A I N F I N D E R
296. =======================================================================================================================================
297.  
298.  
299. [i] Total Subdomains Found : 2
300.  
301. [+] Subdomain: ns2.alfetn.com
302. [-] IP: 172.245.104.110
303.  
304. [+] Subdomain: sawa4.alfetn.com
305. [-] IP: 192.3.138.116
306. #######################################################################################################################################
307. [?] Enter the target: example( http://domain.com )
308. http://alfetn.com/
309. [!] IP Address : 23.94.17.37
310. [!] alfetn.com doesn't seem to use a CMS
311. [+] Honeypot Probabilty: 30%
312. ---------------------------------------------------------------------------------------------------------------------------------------
313. [~] Trying to gather whois information for alfetn.com
314. [+] Whois information found
315. [-] Unable to build response, visit https://who.is/whois/alfetn.com
316. ---------------------------------------------------------------------------------------------------------------------------------------
317. PORT STATE SERVICE
318. 21/tcp open ftp
319. 22/tcp closed ssh
320. 23/tcp closed telnet
321. 80/tcp open http
322. 110/tcp open pop3
323. 143/tcp open imap
324. 443/tcp open https
325. 3389/tcp closed ms-wbt-server
326. Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
327. ---------------------------------------------------------------------------------------------------------------------------------------
328.  
329. [+] DNS Records
330. ns1.alfetn.com. (23.94.17.37) AS36352 ColoCrossing United States
331. ns2.alfetn.com. (172.245.104.110) AS36352 ColoCrossing United States
332.  
333. [+] MX Records
334. 0 (23.94.17.37) AS36352 ColoCrossing United States
335.  
336. [+] Host Records (A)
337. ns2.alfetn.comFTP: (172-245-104-110-host.colocrossing.com) (172.245.104.110) AS36352 ColoCrossing United States
338. sawa4.alfetn.com (192-3-138-116-host.colocrossing.com) (192.3.138.116) AS36352 ColoCrossing United States
339. ns1.alfetn.comHTTP: (host.colocrossing.com) (23.94.17.37) AS36352 ColoCrossing United States
340.  
341. [+] TXT Records
342. "v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all"
343.  
344. [+] DNS Map: https://dnsdumpster.com/static/map/alfetn.com.png
345.  
346. [>] Initiating 3 intel modules
347. [>] Loading Alpha module (1/3)
348. [>] Beta module deployed (2/3)
349. [>] Gamma module initiated (3/3)
350.  
351.  
352. [+] Emails found:
353. ---------------------------------------------------------------------------------------------------------------------------------------
354. pixel-1548668131350529-web-@alfetn.com
355. pixel-1548668132234382-web-@alfetn.com
356.  
357. [+] Hosts found in search engines:
358. --------------------------------------------------------------------------------------------------------------------------------------
359. [-] Resolving hostnames IPs...
360. 23.94.17.37:Ns1.alfetn.com
361. 23.94.17.37:ns1.alfetn.com
362. 23.94.17.37:www.alfetn.com
363. [+] Virtual hosts:
364. ---------------------------------------------------------------------------------------------------------------------------------------
365. #######################################################################################################################################
366. ; <<>> DiG 9.11.5-P1-1-Debian <<>> alfetn.com
367. ;; global options: +cmd
368. ;; Got answer:
369. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58762
370. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
371.  
372. ;; OPT PSEUDOSECTION:
373. ; EDNS: version: 0, flags:; udp: 4096
374. ;; QUESTION SECTION:
375. ;alfetn.com. IN A
376.  
377. ;; ANSWER SECTION:
378. alfetn.com. 14352 IN A 23.94.17.37
379.  
380. ;; Query time: 54 msec
381. ;; SERVER: 38.132.106.139#53(38.132.106.139)
382. ;; WHEN: lun jan 28 04:40:01 EST 2019
383. ;; MSG SIZE rcvd: 55
384. #######################################################################################################################################
385. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace alfetn.com
386. ;; global options: +cmd
387. . 85109 IN NS h.root-servers.net.
388. . 85109 IN NS c.root-servers.net.
389. . 85109 IN NS a.root-servers.net.
390. . 85109 IN NS i.root-servers.net.
391. . 85109 IN NS l.root-servers.net.
392. . 85109 IN NS g.root-servers.net.
393. . 85109 IN NS b.root-servers.net.
394. . 85109 IN NS m.root-servers.net.
395. . 85109 IN NS j.root-servers.net.
396. . 85109 IN NS d.root-servers.net.
397. . 85109 IN NS f.root-servers.net.
398. . 85109 IN NS e.root-servers.net.
399. . 85109 IN NS k.root-servers.net.
400. . 85109 IN RRSIG NS 8 0 518400 20190210050000 20190128040000 16749 . HdBmU1WL/kZpDI2zh5BT5Wqh/4Fm+rwnhteOzLJYWsAB1gXW2pbgN45u BhXX1WrhzsYVg8qmOhUdNlwjDvkmj0Tkgn8/zAaF9a1j8ua6GE8IawvX 5oPpX9d/7ier8pqzuwB90BS6wlXNGe64Z7CCBqu9RhPGtt8cKsn2N21S fOIcZ2UhysfGrpjfnBA/omcV5Ud5a78xMco/oU3qIOthmEBTpRSDd6nr BQvePpc7IHKgsRJI/s3OoyXTVaC6W6Su+Eml/nUQcdXwpN3IygybGMqD GHdRdTbtbKknkZqtLzIaCHr8Edjo6f3B2DhS9zG7P+ReO+5gtdZ1XP3a 9zVfbg==
401. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 58 ms
402.  
403. com. 172800 IN NS a.gtld-servers.net.
404. com. 172800 IN NS b.gtld-servers.net.
405. com. 172800 IN NS c.gtld-servers.net.
406. com. 172800 IN NS d.gtld-servers.net.
407. com. 172800 IN NS e.gtld-servers.net.
408. com. 172800 IN NS f.gtld-servers.net.
409. com. 172800 IN NS g.gtld-servers.net.
410. com. 172800 IN NS h.gtld-servers.net.
411. com. 172800 IN NS i.gtld-servers.net.
412. com. 172800 IN NS j.gtld-servers.net.
413. com. 172800 IN NS k.gtld-servers.net.
414. com. 172800 IN NS l.gtld-servers.net.
415. com. 172800 IN NS m.gtld-servers.net.
416. com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
417. com. 86400 IN RRSIG DS 8 1 86400 20190210050000 20190128040000 16749 . g0vycbBIGQhu8UT3FAZdj249jLrJcQA/EJZho0UOAgw4q5/SLFh45eq8 LgcEBMUx46rp1xCMzhPp3RbjQaUiaXPkZePRp3T3pTAwI2jJqC8xOjyn W3b4XWlIIOBAK8gJJhDmP7sLJaAd5K010CH7Dw+ycETrIsK119SDDEr1 E0ZBySvIcdIJeXWfxSw/Dszn+nqaLmJnbdRztSolxb3g+hiq4+wTBCWZ cjfGUsVqyvsmL6Aoski5a9ArTnNj5IEdRGQvDSM/iC+U1XlziGSdWLoW HATgH5p/SKH1Icav/SYVaXcrAdHbOR2cI0cGm4JttXKVBfBkL7/Kr04H 3x1I+g==
418. ;; Received 1170 bytes from 192.58.128.30#53(j.root-servers.net) in 244 ms
419.  
420. alfetn.com. 172800 IN NS ns1.alfetn.com.
421. alfetn.com. 172800 IN NS ns2.alfetn.com.
422. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
423. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190204054423 20190128043423 16883 com. a6+nG0HlYQFu/smtBipliyxAEgUrNXxqIn/9FuGfEPzfC+tJ41P3ne/0 fTDxnEo7AX9FZ9GYQwhf288SiBsQuemJJCqS8H9xOp6TCQa8+p9xsQY4 ZewJb9mJC2tDhke7IiQsCC4kBwVtNlzavKvVfu3MhvyeghPZEx9n+DoQ F50=
424. NQCLQHSIJIP8JADH44VO66A632T7572O.com. 86400 IN NSEC3 1 1 0 - NQCMQF0CF70RC4HJ9KRKVG7AI3SBFQ2V NS DS RRSIG
425. NQCLQHSIJIP8JADH44VO66A632T7572O.com. 86400 IN RRSIG NSEC3 8 2 86400 20190204060729 20190128045729 16883 com. sfm7jOJ0bpeFsjaPQ4MVlC69LsumiAwVlLTbDJsKWs9RqPK3FroxOfg1 qlSLvmWiDG2ibpfU306Kh0lnOcvBl7wAwHlVYAOWn1Vcv0ZLXR6jw51A mvOiG3BbmwAmakixPkDMBVhoT0sgCoxsAYWcfJvi8aIFxPPy5S8oDQhW Zk4=
426. ;; Received 592 bytes from 192.33.14.30#53(b.gtld-servers.net) in 256 ms
427.  
428. alfetn.com. 14400 IN A 23.94.17.37
429. alfetn.com. 86400 IN NS ns2.alfetn.com.
430. alfetn.com. 86400 IN NS ns1.alfetn.com.
431. ;; Received 123 bytes from 172.245.104.110#53(ns2.alfetn.com) in 65 ms
432. #######################################################################################################################################
433. ] Performing General Enumeration of Domain: alfetn.com
434. [-] DNSSEC is not configured for alfetn.com
435. [*] SOA ns1.alfetn.com 23.94.17.37
436. [*] NS ns2.alfetn.com 172.245.104.110
437. [*] Bind Version for 172.245.104.110 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
438. [*] NS ns1.alfetn.com 23.94.17.37
439. [*] Bind Version for 23.94.17.37 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
440. [*] MX alfetn.com 23.94.17.37
441. [*] A alfetn.com 23.94.17.37
442. [*] TXT alfetn.com v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all
443. [*] Enumerating SRV Records
444. [-] No SRV Records Found for alfetn.com
445. [+] 0 Records Found
446. #######################################################################################################################################
447. Traceroute 'alfetn.com '
448. ---------------------------------------------------------------------------------------------------------------------------------------
449.  
450. Start: 2019-01-28T09:42:22+0000
451. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
452. 1.|-- 45.79.12.202 0.0% 3 1.0 0.8 0.7 1.0 0.2
453. 2.|-- 45.79.12.6 0.0% 3 0.6 7.4 0.6 20.8 11.6
454. 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 0.9 0.8 0.9 0.1
455. 4.|-- kanc-b1-link.telia.net 0.0% 3 11.9 12.0 11.9 12.2 0.2
456. 5.|-- chi-b21-link.telia.net 0.0% 3 24.8 24.9 24.5 25.4 0.5
457. 6.|-- buf-b1-link.telia.net 0.0% 3 37.4 37.3 36.6 37.7 0.6
458. 7.|-- colocrossing-ic-314281-buf-b1.c.telia.net 0.0% 3 37.0 36.7 36.5 37.0 0.2
459. 8.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
460. 9.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
461. 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
462. 11.|-- host.colocrossing.com 0.0% 3 36.9 36.8 36.6 37.0 0.2
463. 12.|-- host.colocrossing.com 0.0% 3 37.0 36.8 36.8 37.0 0.1
464. #######################################################################################################################################
465. Ip Address Status Type Domain Name Server
466. ---------- ------ ---- ----------- ------
467. 23.94.17.37 200 host ftp.alfetn.com nginx admin
468. 127.0.0.1 host localhost.alfetn.com
469. 23.94.17.37 200 alias mail.alfetn.com nginx admin
470. 23.94.17.37 200 host alfetn.com nginx admin
471. 23.94.17.37 200 host ns1.alfetn.com nginx admin
472. 172.245.104.110 host ns2.alfetn.com
473. 23.94.17.37 200 alias www.alfetn.com nginx admin
474. 23.94.17.37 200 host alfetn.com nginx admin
475. #######################################################################################################################################
476. [*] Processing domain alfetn.com
477. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
478. [+] Getting nameservers
479. 172.245.104.110 - ns2.alfetn.com
480. 23.94.17.37 - ns1.alfetn.com
481. [-] Zone transfer failed
482.  
483. [+] TXT records found
484. "v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all"
485.  
486. [+] MX records found, added to target list
487. 0 alfetn.com.
488.  
489. [*] Scanning alfetn.com for A records
490. 23.94.17.37 - alfetn.com
491. 23.94.17.37 - ftp.alfetn.com
492. 127.0.0.1 - localhost.alfetn.com
493. 23.94.17.37 - mail.alfetn.com
494. 23.94.17.37 - ns1.alfetn.com
495. 172.245.104.110 - ns2.alfetn.com
496. 23.94.17.37 - www.alfetn.com
497. ######################################################################################################################################
498. [+] Testing domain
499. www.alfetn.com 23.94.17.37
500. [+] Dns resolving
501. Domain name Ip address Name server
502. alfetn.com 23.94.17.37 host.colocrossing.com
503. Found 1 host(s) for alfetn.com
504. [+] Testing wildcard
505. Ok, no wildcard found.
506.  
507. [+] Scanning for subdomain on alfetn.com
508. [!] Wordlist not specified. I scannig with my internal wordlist...
509. Estimated time about 31.68 seconds
510.  
511. Subdomain Ip address Name server
512.  
513. ftp.alfetn.com 23.94.17.37 host.colocrossing.com
514. localhost.alfetn.com 127.0.0.1 localhost
515. mail.alfetn.com 23.94.17.37 host.colocrossing.com
516. ns1.alfetn.com 23.94.17.37 host.colocrossing.com
517. ns2.alfetn.com 172.245.104.110 172-245-104-110-host.colocrossing.com
518. www.alfetn.com 23.94.17.37 host.colocrossing.com
519.  
520. #######################################################################################################################################
521. =======================================================================================================================================
522. | External hosts:
523. | [+] External Host Found: http://www.islamiceschatology.com
524. | [+] External Host Found: http://api.recaptcha.net
525. | [+] External Host Found: http://www.gnu.org
526. =======================================================================================================================================
527. | E-mails:
528. | [+] E-mail Found: myname@domain.com
529. | [+] E-mail Found: j.doe@example.com
530. | [+] E-mail Found: mailman@alfetn.com
531. =======================================================================================================================================
532. #######################################################################################################################################
533. dnsenum VERSION:1.2.4
534.  
535. ----- alfetn.com -----
536.  
537.  
538. Host's addresses:
539. __________________
540.  
541. alfetn.com. 13768 IN A 23.94.17.37
542.  
543.  
544. Name Servers:
545. ______________
546.  
547. ns1.alfetn.com. 13769 IN A 23.94.17.37
548. ns2.alfetn.com. 14161 IN A 172.245.104.110
549.  
550.  
551. Mail (MX) Servers:
552. ___________________
553.  
554. alfetn.com. 13768 IN A 23.94.17.37
555.  
556.  
557. Trying Zone Transfers and getting Bind Versions:
558. _________________________________________________
559.  
560.  
561. Trying Zone Transfer for alfetn.com on ns1.alfetn.com ...
562.  
563. Trying Zone Transfer for alfetn.com on ns2.alfetn.com ...
564.  
565. brute force file not specified, bay.
566. #######################################################################################################################################
567. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:39 EST
568. Nmap scan report for alfetn.com (23.94.17.37)
569. Host is up (0.068s latency).
570. rDNS record for 23.94.17.37: host.colocrossing.com
571. Not shown: 463 closed ports, 1 filtered port
572. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
573. PORT STATE SERVICE
574. 21/tcp open ftp
575. 53/tcp open domain
576. 80/tcp open http
577. 110/tcp open pop3
578. 143/tcp open imap
579. 443/tcp open https
580. 465/tcp open smtps
581. 587/tcp open submission
582. 993/tcp open imaps
583. 995/tcp open pop3s
584. 3306/tcp open mysql
585. 8081/tcp open blackice-icecap
586. #######################################################################################################################################
587. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:39 EST
588. Nmap scan report for alfetn.com (23.94.17.37)
589. Host is up (0.058s latency).
590. rDNS record for 23.94.17.37: host.colocrossing.com
591. Not shown: 10 closed ports, 2 filtered ports
592. PORT STATE SERVICE
593. 53/udp open domain
594. 123/udp open|filtered ntp
595. #######################################################################################################################################
596. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:39 EST
597. Nmap scan report for alfetn.com (23.94.17.37)
598. Host is up (0.067s latency).
599. rDNS record for 23.94.17.37: host.colocrossing.com
600.  
601. PORT STATE SERVICE VERSION
602. 21/tcp open ftp Pure-FTPd
603. | ftp-brute:
604. | Accounts: No valid accounts found
605. |_ Statistics: Performed 319 guesses in 184 seconds, average tps: 1.6
606. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
607. Device type: general purpose|broadband router|WAP|webcam|PBX
608. Running (JUST GUESSING): Linux 2.6.X|4.X (95%), Asus embedded (95%), AXIS embedded (95%), Cisco embedded (94%)
609. OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:4.3 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/h:cisco:uc320
610. Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.16 (95%)
611. No exact OS matches for host (test conditions non-ideal).
612. Network Distance: 17 hops
613.  
614. TRACEROUTE (using port 21/tcp)
615. HOP RTT ADDRESS
616. 1 34.39 ms 10.244.200.1
617. 2 37.33 ms 184.75.211.225
618. 3 37.73 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
619. 4 37.79 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
620. 5 37.79 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
621. 6 37.44 ms toro-b1-link.telia.net (62.115.168.48)
622. 7 43.20 ms motl-b1-link.telia.net (62.115.134.49)
623. 8 74.17 ms nyk-bb3-link.telia.net (62.115.137.142)
624. 9 64.74 ms nyk-b2-link.telia.net (213.155.130.28)
625. 10 74.16 ms nyk-bb4-link.telia.net (62.115.137.98)
626. 11 73.78 ms buf-b1-link.telia.net (62.115.141.180)
627. 12 88.57 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
628. 13 ... 15
629. 16 73.66 ms 23.94.17.34
630. 17 73.40 ms host.colocrossing.com (23.94.17.37)
631. #######################################################################################################################################
632. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:43 EST
633. Nmap scan report for alfetn.com (23.94.17.37)
634. Host is up (0.066s latency).
635. rDNS record for 23.94.17.37: host.colocrossing.com
636.  
637. PORT STATE SERVICE VERSION
638. 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
639. |_dns-fuzz: Server didn't response to our probe, can't fuzz
640. | dns-nsec-enum:
641. |_ No NSEC records found
642. | dns-nsec3-enum:
643. |_ DNSSEC NSEC3 not supported
644. | dns-nsid:
645. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
646. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
647. Device type: general purpose|broadband router|WAP|webcam|PBX
648. Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), Asus embedded (95%), AXIS embedded (95%), Cisco embedded (94%)
649. OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/h:cisco:uc320 cpe:/o:linux:linux_kernel:2.4
650. Aggressive OS guesses: Linux 2.6.18 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.16 (95%), Cisco UC320 PBX (Linux 2.6) (94%)
651. No exact OS matches for host (test conditions non-ideal).
652. Network Distance: 17 hops
653. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
654.  
655. Host script results:
656. | dns-blacklist:
657. | SPAM
658. | all.spamrats.com - DYNAMIC
659. |_ l2.apews.org - SPAM
660. | dns-brute:
661. | DNS Brute-force hostnames:
662. | ns1.alfetn.com - 23.94.17.37
663. | ns2.alfetn.com - 172.245.104.110
664. | mail.alfetn.com - 23.94.17.37
665. | www.alfetn.com - 23.94.17.37
666. |_ ftp.alfetn.com - 23.94.17.37
667.  
668. TRACEROUTE (using port 53/tcp)
669. HOP RTT ADDRESS
670. 1 36.66 ms 10.244.200.1
671. 2 36.69 ms 184.75.211.225
672. 3 37.28 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
673. 4 37.31 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
674. 5 37.08 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
675. 6 38.53 ms toro-b1-link.telia.net (62.115.168.48)
676. 7 42.30 ms motl-b1-link.telia.net (62.115.134.49)
677. 8 66.43 ms nyk-bb3-link.telia.net (62.115.137.142)
678. 9 57.25 ms nyk-b2-link.telia.net (213.155.130.28)
679. 10 66.43 ms nyk-bb4-link.telia.net (62.115.137.98)
680. 11 67.40 ms buf-b1-link.telia.net (62.115.141.180)
681. 12 65.46 ms colocrossing-ic-314281-buf-b1.c.telia.net (62.115.59.90)
682. 13 ... 15
683. 16 65.80 ms 23.94.17.34
684. 17 65.82 ms host.colocrossing.com (23.94.17.37)
685.  
686. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
687. Nmap done: 1 IP address (1 host up) scanned in 39.54 seconds
688. + -- --=[Port 67 closed... skipping.
689. + -- --=[Port 68 closed... skipping.
690. + -- --=[Port 69 closed... skipping.
691. + -- --=[Port 79 closed... skipping.
692. + -- --=[Port 80 opened... running tests...
693. #######################################################################################################################################
694. http://alfetn.com [200 OK] Country[UNITED STATES][US], HTTPServer[nginx admin], IP[23.94.17.37], MetaGenerator[Microsoft FrontPage 5.0], Title[&THORN;&Ntilde;&iacute;&Egrave;&Ccedil;&eth; &atilde;&auml;&Ecirc;&Iuml;&iacute;&Ccedil;&Ecirc; &Ccedil;&aacute;&atilde;&aacute;&Ccedil;&Iacute;&atilde; &aelig; &Ccedil;&aacute;&Yacute;&Ecirc;&auml;], X-Cache[Backend]
695. #######################################################################################################################################
696. wig - WebApp Information Gatherer
697.  
698.  
699. Scanning http://alfetn.com...
700. _________________ SITE INFO __________________
701. IP Title
702. 23.94.17.37 &THORN;&Ntilde;&iacute;&Egra
703.  
704. __________________ VERSION ___________________
705. Name Versions Type
706. admin Platform
707. nginx Platform
708.  
709. ______________________________________________
710. Time: 14.2 sec Urls: 599 Fingerprints: 40401
711. #######################################################################################################################################
712. HTTP/1.1 200 OK
713. Server: nginx admin
714. Date: Mon, 28 Jan 2019 09:49:07 GMT
715. Content-Type: text/html
716. Content-Length: 38710
717. Connection: keep-alive
718. Vary: Accept-Encoding
719. Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
720. X-Cache: HIT from Backend
721. Accept-Ranges: bytes
722.  
723. HTTP/1.1 200 OK
724. Server: nginx admin
725. Date: Mon, 28 Jan 2019 09:49:07 GMT
726. Content-Type: text/html
727. Content-Length: 38710
728. Connection: keep-alive
729. Vary: Accept-Encoding
730. Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
731. X-Cache: HIT from Backend
732. Accept-Ranges: bytes
733. #######################################################################################################################################
734. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:44 EST
735. Nmap scan report for alfetn.com (23.94.17.37)
736. Host is up (0.066s latency).
737. rDNS record for 23.94.17.37: host.colocrossing.com
738.  
739. PORT STATE SERVICE VERSION
740. 110/tcp open pop3 Dovecot pop3d
741. | pop3-brute:
742. | Accounts: No valid accounts found
743. |_ Statistics: Performed 185 guesses in 185 seconds, average tps: 0.9
744. |_pop3-capabilities: PIPELINING RESP-CODES STLS CAPA UIDL TOP SASL(PLAIN LOGIN) USER AUTH-RESP-CODE
745. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
746. Device type: general purpose|broadband router|WAP|webcam|PBX
747. Running (JUST GUESSING): Linux 2.6.X|4.X (95%), Asus embedded (95%), AXIS embedded (95%), Cisco embedded (94%)
748. OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:4.3 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/h:cisco:uc320
749. Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (94%), Linux 2.6.16 (94%)
750. No exact OS matches for host (test conditions non-ideal).
751. Network Distance: 17 hops
752.  
753. TRACEROUTE (using port 110/tcp)
754. HOP RTT ADDRESS
755. 1 36.37 ms 10.244.200.1
756. 2 79.69 ms 184.75.211.225
757. 3 79.21 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
758. 4 80.24 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
759. 5 79.18 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
760. 6 79.26 ms toro-b1-link.telia.net (62.115.168.48)
761. 7 91.95 ms motl-b1-link.telia.net (62.115.134.49)
762. 8 ...
763. 9 58.93 ms nyk-b2-link.telia.net (213.155.130.28)
764. 10 68.06 ms nyk-bb4-link.telia.net (62.115.137.98)
765. 11 68.03 ms buf-b1-link.telia.net (62.115.141.180)
766. 12 67.54 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
767. 13 ... 15
768. 16 67.89 ms 23.94.17.34
769. 17 67.81 ms host.colocrossing.com (23.94.17.37)
770. #######################################################################################################################################
771. Version: 1.11.12-static
772. OpenSSL 1.0.2-chacha (1.0.2g-dev)
773.  
774. Connected to 23.94.17.37
775.  
776. Testing SSL server alfetn.com on port 443 using SNI name alfetn.com
777.  
778. TLS Fallback SCSV:
779. Server does not support TLS Fallback SCSV
780.  
781. TLS renegotiation:
782. Session renegotiation not supported
783.  
784. TLS Compression:
785. Compression disabled
786.  
787. Heartbleed:
788. TLS 1.2 not vulnerable to heartbleed
789. TLS 1.1 not vulnerable to heartbleed
790. TLS 1.0 not vulnerable to heartbleed
791.  
792. Supported Server Cipher(s):
793. #######################################################################################################################################
794. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:38 EST
795. Nmap scan report for host.colocrossing.com (23.94.17.37)
796. Host is up (0.065s latency).
797. Not shown: 463 closed ports, 1 filtered port
798. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
799. PORT STATE SERVICE
800. 21/tcp open ftp
801. 53/tcp open domain
802. 80/tcp open http
803. 110/tcp open pop3
804. 143/tcp open imap
805. 443/tcp open https
806. 465/tcp open smtps
807. 587/tcp open submission
808. 993/tcp open imaps
809. 995/tcp open pop3s
810. 3306/tcp open mysql
811. 8081/tcp open blackice-icecap
812. #######################################################################################################################################
813. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:38 EST
814. Nmap scan report for host.colocrossing.com (23.94.17.37)
815. Host is up (0.058s latency).
816. Not shown: 10 closed ports, 2 filtered ports
817. PORT STATE SERVICE
818. 53/udp open domain
819. 68/udp open|filtered dhcpc
820. #######################################################################################################################################
821. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:38 EST
822. Nmap scan report for host.colocrossing.com (23.94.17.37)
823. Host is up (0.066s latency).
824.  
825. PORT STATE SERVICE VERSION
826. 21/tcp open ftp Pure-FTPd
827. | ftp-brute:
828. | Accounts: No valid accounts found
829. |_ Statistics: Performed 329 guesses in 189 seconds, average tps: 2.4
830. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
831. Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (95%), Linux 2.6.24 (94%)
832. No exact OS matches for host (test conditions non-ideal).
833. Network Distance: 17 hops
834.  
835. TRACEROUTE (using port 21/tcp)
836. HOP RTT ADDRESS
837. 1 38.10 ms 10.244.200.1
838. 2 39.80 ms 184.75.211.225
839. 3 39.88 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
840. 4 39.91 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
841. 5 39.89 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
842. 6 39.91 ms toro-b1-link.telia.net (62.115.168.48)
843. 7 43.85 ms motl-b1-link.telia.net (62.115.134.49)
844. 8 65.62 ms nyk-bb3-link.telia.net (62.115.137.142)
845. 9 56.04 ms nyk-b2-link.telia.net (213.155.130.28)
846. 10 65.66 ms nyk-bb4-link.telia.net (62.115.137.98)
847. 11 65.43 ms buf-b1-link.telia.net (62.115.141.180)
848. 12 64.82 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
849. 13 ... 15
850. 16 65.09 ms 23.94.17.34
851. 17 65.16 ms host.colocrossing.com (23.94.17.37)
852. #######################################################################################################################################
853. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:43 EST
854. Nmap scan report for host.colocrossing.com (23.94.17.37)
855. Host is up (0.065s latency).
856.  
857. PORT STATE SERVICE VERSION
858. 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
859. |_dns-fuzz: Server didn't response to our probe, can't fuzz
860. | dns-nsec-enum:
861. |_ No NSEC records found
862. | dns-nsec3-enum:
863. |_ DNSSEC NSEC3 not supported
864. | dns-nsid:
865. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
866. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
867. Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (95%), Linux 2.6.24 (94%)
868. No exact OS matches for host (test conditions non-ideal).
869. Network Distance: 17 hops
870. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
871.  
872. Host script results:
873. | dns-blacklist:
874. | SPAM
875. | all.spamrats.com - DYNAMIC
876. |_ l2.apews.org - SPAM
877. | dns-brute:
878. | DNS Brute-force hostnames:
879. | host.colocrossing.com - 216.246.49.26
880. | stats.colocrossing.com - 172.245.143.19
881. | ns1.colocrossing.com - 198.46.128.17
882. | ns1.colocrossing.com - 198.46.128.18
883. | ns2.colocrossing.com - 172.245.143.17
884. | ns2.colocrossing.com - 172.245.143.18
885. | ns3.colocrossing.com - 172.245.143.18
886. | web.colocrossing.com - 198.46.128.21
887. | web.colocrossing.com - 206.217.140.66
888. | wiki.colocrossing.com - 198.23.141.60
889. | blog.colocrossing.com - 104.17.122.180
890. | blog.colocrossing.com - 104.17.123.180
891. | blog.colocrossing.com - 104.17.124.180
892. | blog.colocrossing.com - 104.17.125.180
893. | blog.colocrossing.com - 104.17.126.180
894. | mail.colocrossing.com - 104.168.72.4
895. | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7ab4
896. | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7bb4
897. | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7cb4
898. | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7db4
899. | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7eb4
900. | www.colocrossing.com - 23.95.99.167
901. |_ ftp.colocrossing.com - 216.246.49.26
902.  
903. TRACEROUTE (using port 53/tcp)
904. HOP RTT ADDRESS
905. 1 34.15 ms 10.244.200.1
906. 2 38.01 ms 184.75.211.225
907. 3 38.30 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
908. 4 38.44 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
909. 5 37.89 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
910. 6 37.89 ms toro-b1-link.telia.net (62.115.168.48)
911. 7 42.51 ms motl-b1-link.telia.net (62.115.134.49)
912. 8 68.24 ms nyk-bb3-link.telia.net (62.115.137.142)
913. 9 54.73 ms nyk-b2-link.telia.net (213.155.130.28)
914. 10 64.37 ms nyk-bb4-link.telia.net (62.115.137.98)
915. 11 64.10 ms buf-b1-link.telia.net (62.115.141.180)
916. 12 63.42 ms colocrossing-ic-314281-buf-b1.c.telia.net (62.115.59.90)
917. 13 ... 15
918. 16 63.90 ms 23.94.17.34
919. 17 63.44 ms host.colocrossing.com (23.94.17.37)
920. #######################################################################################################################################
921. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:43 EST
922. Nmap scan report for host.colocrossing.com (23.94.17.37)
923. Host is up (0.064s latency).
924.  
925. PORT STATE SERVICE VERSION
926. 68/udp closed dhcpc
927. Too many fingerprints match this host to give specific OS details
928. Network Distance: 17 hops
929.  
930. TRACEROUTE (using port 68/udp)
931. HOP RTT ADDRESS
932. 1 35.80 ms 10.244.200.1
933. 2 35.84 ms 184.75.211.225
934. 3 36.88 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
935. 4 37.30 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
936. 5 36.29 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
937. 6 36.35 ms toro-b1-link.telia.net (62.115.168.48)
938. 7 42.87 ms motl-b1-link.telia.net (62.115.134.49)
939. 8 64.75 ms nyk-bb3-link.telia.net (62.115.137.142)
940. 9 55.17 ms nyk-b2-link.telia.net (213.155.130.28)
941. 10 64.58 ms nyk-bb4-link.telia.net (62.115.137.98)
942. 11 64.57 ms buf-b1-link.telia.net (62.115.141.180)
943. 12 63.78 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
944. 13 ... 15
945. 16 64.18 ms 23.94.17.34
946. 17 63.84 ms host.colocrossing.com (23.94.17.37)
947. #######################################################################################################################################
948. http://23.94.17.37 [200 OK] Country[UNITED STATES][US], HTTPServer[nginx admin], IP[23.94.17.37], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], X-Cache[Backend], cPanel
949. http://23.94.17.37/cgi-sys/defaultwebpage.cgi [200 OK] Country[UNITED STATES][US], Email[webmaster@23.94.17.37], HTML5, HTTPServer[nginx admin], IP[23.94.17.37], Title[Default Web Site Page]
950. #######################################################################################################################################
951. wig - WebApp Information Gatherer
952.  
953.  
954. Scanning http://23.94.17.37...
955. _________________ SITE INFO __________________
956. IP Title
957. 23.94.17.37
958.  
959. __________________ VERSION ___________________
960. Name Versions Type
961. admin Platform
962. nginx Platform
963.  
964. ______________________________________________
965. Time: 10.7 sec Urls: 601 Fingerprints: 40401
966. #######################################################################################################################################
967. HTTP/1.1 200 OK
968. Server: nginx admin
969. Date: Mon, 28 Jan 2019 09:49:08 GMT
970. Content-Type: text/html
971. Content-Length: 111
972. Connection: keep-alive
973. Last-Modified: Fri, 29 Jul 2016 07:48:30 GMT
974. X-Cache: HIT from Backend
975. Accept-Ranges: bytes
976.  
977. HTTP/1.1 200 OK
978. Server: nginx admin
979. Date: Mon, 28 Jan 2019 09:49:08 GMT
980. Content-Type: text/html
981. Content-Length: 111
982. Connection: keep-alive
983. Last-Modified: Fri, 29 Jul 2016 07:48:30 GMT
984. X-Cache: HIT from Backend
985. Accept-Ranges: bytes
986. #######################################################################################################################################
987. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:44 EST
988. Nmap scan report for host.colocrossing.com (23.94.17.37)
989. Host is up (0.065s latency).
990.  
991. PORT STATE SERVICE VERSION
992. 110/tcp open pop3 Dovecot pop3d
993. | pop3-brute:
994. | Accounts: No valid accounts found
995. |_ Statistics: Performed 212 guesses in 189 seconds, average tps: 1.2
996. |_pop3-capabilities: TOP RESP-CODES USER SASL(PLAIN LOGIN) PIPELINING STLS AUTH-RESP-CODE UIDL CAPA
997. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
998. Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (94%), Linux 2.6.24 (94%)
999. No exact OS matches for host (test conditions non-ideal).
1000. Network Distance: 17 hops
1001.  
1002. TRACEROUTE (using port 110/tcp)
1003. HOP RTT ADDRESS
1004. 1 39.02 ms 10.244.200.1
1005. 2 40.60 ms 184.75.211.225
1006. 3 40.68 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1007. 4 40.68 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
1008. 5 35.30 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
1009. 6 34.88 ms toro-b1-link.telia.net (62.115.168.48)
1010. 7 46.16 ms motl-b1-link.telia.net (62.115.134.49)
1011. 8 67.33 ms nyk-bb3-link.telia.net (62.115.137.142)
1012. 9 59.21 ms nyk-b2-link.telia.net (213.155.130.28)
1013. 10 68.45 ms nyk-bb4-link.telia.net (62.115.137.98)
1014. 11 68.20 ms buf-b1-link.telia.net (62.115.141.180)
1015. 12 68.24 ms colocrossing-ic-317200-buf-b1.c.telia.net (62.115.145.91)
1016. 13 ... 15
1017. 16 68.25 ms 23.94.17.34
1018. 17 68.22 ms host.colocrossing.com (23.94.17.37)
1019. #######################################################################################################################################
1020. Version: 1.11.12-static
1021. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1022.  
1023. Connected to 23.94.17.37
1024.  
1025. Testing SSL server 23.94.17.37 on port 443 using SNI name 23.94.17.37
1026.  
1027. TLS Fallback SCSV:
1028. Server does not support TLS Fallback SCSV
1029.  
1030. TLS renegotiation:
1031. Session renegotiation not supported
1032.  
1033. TLS Compression:
1034. Compression disabled
1035.  
1036. Heartbleed:
1037. TLS 1.2 not vulnerable to heartbleed
1038. TLS 1.1 not vulnerable to heartbleed
1039. TLS 1.0 not vulnerable to heartbleed
1040.  
1041. Supported Server Cipher(s):
1042. #######################################################################################################################################
1043. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:49 EST
1044. NSE: Loaded 148 scripts for scanning.
1045. NSE: Script Pre-scanning.
1046. NSE: Starting runlevel 1 (of 2) scan.
1047. Initiating NSE at 04:49
1048. Completed NSE at 04:49, 0.00s elapsed
1049. NSE: Starting runlevel 2 (of 2) scan.
1050. Initiating NSE at 04:49
1051. Completed NSE at 04:49, 0.00s elapsed
1052. Initiating Ping Scan at 04:49
1053. Scanning 23.94.17.37 [4 ports]
1054. Completed Ping Scan at 04:49, 0.11s elapsed (1 total hosts)
1055. Initiating Parallel DNS resolution of 1 host. at 04:49
1056. Completed Parallel DNS resolution of 1 host. at 04:49, 0.03s elapsed
1057. Initiating Connect Scan at 04:49
1058. Scanning host.colocrossing.com (23.94.17.37) [1000 ports]
1059. Discovered open port 80/tcp on 23.94.17.37
1060. Discovered open port 443/tcp on 23.94.17.37
1061. Discovered open port 995/tcp on 23.94.17.37
1062. Discovered open port 3306/tcp on 23.94.17.37
1063. Discovered open port 53/tcp on 23.94.17.37
1064. Discovered open port 143/tcp on 23.94.17.37
1065. Discovered open port 587/tcp on 23.94.17.37
1066. Discovered open port 21/tcp on 23.94.17.37
1067. Discovered open port 993/tcp on 23.94.17.37
1068. Discovered open port 110/tcp on 23.94.17.37
1069. Discovered open port 465/tcp on 23.94.17.37
1070. Discovered open port 8081/tcp on 23.94.17.37
1071. Completed Connect Scan at 04:49, 0.95s elapsed (1000 total ports)
1072. Initiating Service scan at 04:49
1073. Scanning 12 services on host.colocrossing.com (23.94.17.37)
1074. Completed Service scan at 04:49, 21.84s elapsed (12 services on 1 host)
1075. Initiating OS detection (try #1) against host.colocrossing.com (23.94.17.37)
1076. adjust_timeouts2: packet supposedly had rtt of -160968 microseconds. Ignoring time.
1077. adjust_timeouts2: packet supposedly had rtt of -160968 microseconds. Ignoring time.
1078. adjust_timeouts2: packet supposedly had rtt of -187076 microseconds. Ignoring time.
1079. adjust_timeouts2: packet supposedly had rtt of -187076 microseconds. Ignoring time.
1080. adjust_timeouts2: packet supposedly had rtt of -185362 microseconds. Ignoring time.
1081. adjust_timeouts2: packet supposedly had rtt of -185362 microseconds. Ignoring time.
1082. Retrying OS detection (try #2) against host.colocrossing.com (23.94.17.37)
1083. adjust_timeouts2: packet supposedly had rtt of -186722 microseconds. Ignoring time.
1084. adjust_timeouts2: packet supposedly had rtt of -186722 microseconds. Ignoring time.
1085. adjust_timeouts2: packet supposedly had rtt of -1185962 microseconds. Ignoring time.
1086. adjust_timeouts2: packet supposedly had rtt of -1185962 microseconds. Ignoring time.
1087. Initiating Traceroute at 04:49
1088. Completed Traceroute at 04:49, 3.02s elapsed
1089. Initiating Parallel DNS resolution of 14 hosts. at 04:49
1090. Completed Parallel DNS resolution of 14 hosts. at 04:50, 16.50s elapsed
1091. NSE: Script scanning 23.94.17.37.
1092. NSE: Starting runlevel 1 (of 2) scan.
1093. Initiating NSE at 04:50
1094. NSE Timing: About 99.26% done; ETC: 04:50 (0:00:00 remaining)
1095. NSE Timing: About 99.32% done; ETC: 04:51 (0:00:00 remaining)
1096. NSE Timing: About 99.51% done; ETC: 04:51 (0:00:00 remaining)
1097. NSE Timing: About 99.57% done; ETC: 04:52 (0:00:01 remaining)
1098. NSE Timing: About 99.82% done; ETC: 04:52 (0:00:00 remaining)
1099. NSE Timing: About 99.88% done; ETC: 04:53 (0:00:00 remaining)
1100. NSE Timing: About 99.94% done; ETC: 04:53 (0:00:00 remaining)
1101. Completed NSE at 04:54, 226.67s elapsed
1102. NSE: Starting runlevel 2 (of 2) scan.
1103. Initiating NSE at 04:54
1104. Completed NSE at 04:54, 0.14s elapsed
1105. Nmap scan report for host.colocrossing.com (23.94.17.37)
1106. Host is up, received echo-reply ttl 50 (0.066s latency).
1107. Scanned at 2019-01-28 04:49:25 EST for 275s
1108. Not shown: 988 closed ports
1109. Reason: 988 conn-refused
1110. PORT STATE SERVICE REASON VERSION
1111. 21/tcp open ftp syn-ack Pure-FTPd
1112. | ssl-cert: Subject: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
1113. | Issuer: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
1114. | Public Key type: rsa
1115. | Public Key bits: 2048
1116. | Signature Algorithm: sha256WithRSAEncryption
1117. | Not valid before: 2018-07-29T10:11:11
1118. | Not valid after: 2019-07-29T10:11:11
1119. | MD5: 7549 4cde fff4 d3bf 7ba9 8861 2b0e 292e
1120. | SHA-1: 999a 20d7 c108 390b 825a 6746 ef30 3a6d 312e ff7d
1121. | -----BEGIN CERTIFICATE-----
1122. | MIIDSzCCAjOgAwIBAgIEZR5QPzANBgkqhkiG9w0BAQsFADBAMSMwIQYJKoZIhvcN
1123. | AQkBFhRzc2xAc2F3YTQuYWxmZXRuLmNvbTEZMBcGA1UEAwwQc2F3YTQuYWxmZXRu
1124. | LmNvbTAeFw0xODA3MjkxMDExMTFaFw0xOTA3MjkxMDExMTFaMEAxIzAhBgkqhkiG
1125. | 9w0BCQEWFHNzbEBzYXdhNC5hbGZldG4uY29tMRkwFwYDVQQDDBBzYXdhNC5hbGZl
1126. | dG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri44oIeasvd3
1127. | 8gchZ34PGTPauhvbE157p0ws1zJmilWeKApimrR1n5siHhaY+KoC62jm8P1i8RKM
1128. | 5jZnDLIkCSIniVZMRHYV8igd7sH0QKllzDWViZ1md5w2POBJfvDZi09xOpslv5Q/
1129. | R4WHjlk11SxccIPmKOqgegkQYVxciDoDQaMdweybh4HRRHnqaUoSTxZBJVkLgiLI
1130. | QhdWB9w1EDc+OPa0+U0LuGFxVcb/Q/9AT8pyR0ENUkvC9gZofSMPlJbQ5hJPNZaR
1131. | WPZ6JQzXRu2satwisy+yedImWfUb26iIAd+es2RQQ5LgiEiZibP0FEJzn80NsCoT
1132. | rc/weKkuwwIDAQABo00wSzAdBgNVHQ4EFgQUTXakLPqRjKvzC9UgGMeJ+j6KHtIw
1133. | HwYDVR0jBBgwFoAUTXakLPqRjKvzC9UgGMeJ+j6KHtIwCQYDVR0TBAIwADANBgkq
1134. | hkiG9w0BAQsFAAOCAQEAY9tUOEUt9o5RM0KTN+ZO0jSECehdW5VzJ3VhgIvKeNzO
1135. | edrT3iZFTYWreXiz9Pb7lrBoRepZAT9gfM+oSCOddkRd0stToxqikw1+RZCzd+KP
1136. | pEm0PflBdn116dlqDZPOQCUYaxSkQnX/G6fQZH1T5ksW5PaNfxu74a47czWhwZO9
1137. | sIzEA9UOb0gl3lJrVDCfKMJzAz610Z8UgPIe6U6K3YwXytt0QbNOUMA/caDUCU2i
1138. | ZdVUgZN4QB0mOEcrmz+bpxlozk1UOdHsMdyGvX3Sd62ddPyEEGUSdpxo4+zy3N5s
1139. | fcg2kgVAGKUy62VY6JmSaX4VxSAXD/oXkHrSfLbNZQ==
1140. |_-----END CERTIFICATE-----
1141. |_ssl-date: 2019-01-28T09:54:50+00:00; +4m36s from scanner time.
1142. 53/tcp open domain syn-ack ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1143. | dns-nsid:
1144. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
1145. 80/tcp open http syn-ack nginx
1146. |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
1147. | http-methods:
1148. |_ Supported Methods: GET HEAD POST OPTIONS
1149. |_http-server-header: nginx admin
1150. |_http-title: Site doesn't have a title (text/html).
1151. 110/tcp open pop3 syn-ack Dovecot pop3d
1152. |_pop3-capabilities: TOP RESP-CODES CAPA SASL(PLAIN LOGIN) PIPELINING AUTH-RESP-CODE USER UIDL STLS
1153. |_ssl-date: 2019-01-28T09:54:52+00:00; +4m36s from scanner time.
1154. 143/tcp open imap syn-ack Dovecot imapd
1155. |_imap-capabilities: Pre-login NAMESPACE post-login listed LITERAL+ capabilities IMAP4rev1 ENABLE SASL-IR AUTH=LOGINA0001 STARTTLS IDLE more have OK ID AUTH=PLAIN LOGIN-REFERRALS
1156. |_ssl-date: 2019-01-28T09:54:51+00:00; +4m36s from scanner time.
1157. 443/tcp open http syn-ack Apache httpd
1158. | http-methods:
1159. |_ Supported Methods: GET HEAD POST OPTIONS
1160. |_http-server-header: Apache
1161. |_http-title: Site doesn't have a title (text/html).
1162. 465/tcp open ssl/smtp syn-ack Exim smtpd 4.87
1163. |_smtp-commands: SMTP EHLO host.colocrossing.com: failed to receive data: failed to receive data
1164. | ssl-cert: Subject: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
1165. | Issuer: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
1166. | Public Key type: rsa
1167. | Public Key bits: 2048
1168. | Signature Algorithm: sha256WithRSAEncryption
1169. | Not valid before: 2018-07-29T10:11:11
1170. | Not valid after: 2019-07-29T10:11:11
1171. | MD5: 19db 5699 f9d5 2fab 4839 de78 cc63 5800
1172. | SHA-1: be51 b0a5 3d3d 313d 885b a858 0d7c 8f2b c5fa 5ff8
1173. | -----BEGIN CERTIFICATE-----
1174. | MIIDTDCCAjSgAwIBAgIFAW4VtNgwDQYJKoZIhvcNAQELBQAwQDEjMCEGCSqGSIb3
1175. | DQEJARYUc3NsQHNhd2E0LmFsZmV0bi5jb20xGTAXBgNVBAMMEHNhd2E0LmFsZmV0
1176. | bi5jb20wHhcNMTgwNzI5MTAxMTExWhcNMTkwNzI5MTAxMTExWjBAMSMwIQYJKoZI
1177. | hvcNAQkBFhRzc2xAc2F3YTQuYWxmZXRuLmNvbTEZMBcGA1UEAwwQc2F3YTQuYWxm
1178. | ZXRuLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOoj4EDUkSM
1179. | mNvP74f3SgeGbMlYuDCu8NW9d7HaxWN6JyvCgrghjj7UBNNjvIBqgSlyiK2ofRR2
1180. | xm2mCYdiJ56I6PYH8NXTYR02x3oP+P/shWI+zSWNdhLPK8DNed7JpHoNsN2TL8H3
1181. | w8F0U5u0pg6p2l5yr+VO0+hQl3aXefTBoA1u4CIKpadqKzyPktH1wdvGDmQE5QpK
1182. | rhyCehL1U14u+ZxmYUtnEss9j3lLxY6ZbJscfgBbFN5ubQY14/xWSqlJKBmh6VXq
1183. | af6lFM4G+gmQTSHpJb+PTkLROp+q7iHozIvGsOgx1DjDa/Q2xH/mP1TNMl56om4r
1184. | e2MfSSiee6cCAwEAAaNNMEswHQYDVR0OBBYEFLuregZYLHnoJU7nVtBWZ2wsMDyX
1185. | MB8GA1UdIwQYMBaAFLuregZYLHnoJU7nVtBWZ2wsMDyXMAkGA1UdEwQCMAAwDQYJ
1186. | KoZIhvcNAQELBQADggEBAJotEsWjUBLLiRZkUq6hBKBv+57Ek6gBhJydQ3Ni4ghz
1187. | dFp0EvGcDDachgv9+i5ADbswpulm5+/XHucVbWulk/pBYgD570XZYF2ZtXYWwy8K
1188. | 4JWRrb8F/Coo5LQUzE2KqpppfebMaLsUqBZd9uIy+p9Afx+XeDot0zC1bth5Ub6S
1189. | 9QL2XxN2Tl/YxhwasWESG06tg59brSCNHAS0MxyjX/3Nk3EKLlPrd9VGUD8V1xWE
1190. | RQSXacA6PVvH/MRj/2rgnjdik4zvnTybTk6pyvFUL5mZEhkwqqjr+SBmjW7EKgQA
1191. | v1hd4tKKpDUHg/2qIYc/iOVt6uMI2ZnRzcFZczGxstM=
1192. |_-----END CERTIFICATE-----
1193. |_ssl-date: 2019-01-28T09:54:50+00:00; +4m36s from scanner time.
1194. 587/tcp open smtp syn-ack Exim smtpd 4.87
1195. | smtp-commands: sawa4.alfetn.com Hello host.colocrossing.com [184.75.211.236], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
1196. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
1197. | ssl-cert: Subject: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
1198. | Issuer: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
1199. | Public Key type: rsa
1200. | Public Key bits: 2048
1201. | Signature Algorithm: sha256WithRSAEncryption
1202. | Not valid before: 2018-07-29T10:11:11
1203. | Not valid after: 2019-07-29T10:11:11
1204. | MD5: 19db 5699 f9d5 2fab 4839 de78 cc63 5800
1205. | SHA-1: be51 b0a5 3d3d 313d 885b a858 0d7c 8f2b c5fa 5ff8
1206. | -----BEGIN CERTIFICATE-----
1207. | MIIDTDCCAjSgAwIBAgIFAW4VtNgwDQYJKoZIhvcNAQELBQAwQDEjMCEGCSqGSIb3
1208. | DQEJARYUc3NsQHNhd2E0LmFsZmV0bi5jb20xGTAXBgNVBAMMEHNhd2E0LmFsZmV0
1209. | bi5jb20wHhcNMTgwNzI5MTAxMTExWhcNMTkwNzI5MTAxMTExWjBAMSMwIQYJKoZI
1210. | hvcNAQkBFhRzc2xAc2F3YTQuYWxmZXRuLmNvbTEZMBcGA1UEAwwQc2F3YTQuYWxm
1211. | ZXRuLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOoj4EDUkSM
1212. | mNvP74f3SgeGbMlYuDCu8NW9d7HaxWN6JyvCgrghjj7UBNNjvIBqgSlyiK2ofRR2
1213. | xm2mCYdiJ56I6PYH8NXTYR02x3oP+P/shWI+zSWNdhLPK8DNed7JpHoNsN2TL8H3
1214. | w8F0U5u0pg6p2l5yr+VO0+hQl3aXefTBoA1u4CIKpadqKzyPktH1wdvGDmQE5QpK
1215. | rhyCehL1U14u+ZxmYUtnEss9j3lLxY6ZbJscfgBbFN5ubQY14/xWSqlJKBmh6VXq
1216. | af6lFM4G+gmQTSHpJb+PTkLROp+q7iHozIvGsOgx1DjDa/Q2xH/mP1TNMl56om4r
1217. | e2MfSSiee6cCAwEAAaNNMEswHQYDVR0OBBYEFLuregZYLHnoJU7nVtBWZ2wsMDyX
1218. | MB8GA1UdIwQYMBaAFLuregZYLHnoJU7nVtBWZ2wsMDyXMAkGA1UdEwQCMAAwDQYJ
1219. | KoZIhvcNAQELBQADggEBAJotEsWjUBLLiRZkUq6hBKBv+57Ek6gBhJydQ3Ni4ghz
1220. | dFp0EvGcDDachgv9+i5ADbswpulm5+/XHucVbWulk/pBYgD570XZYF2ZtXYWwy8K
1221. | 4JWRrb8F/Coo5LQUzE2KqpppfebMaLsUqBZd9uIy+p9Afx+XeDot0zC1bth5Ub6S
1222. | 9QL2XxN2Tl/YxhwasWESG06tg59brSCNHAS0MxyjX/3Nk3EKLlPrd9VGUD8V1xWE
1223. | RQSXacA6PVvH/MRj/2rgnjdik4zvnTybTk6pyvFUL5mZEhkwqqjr+SBmjW7EKgQA
1224. | v1hd4tKKpDUHg/2qIYc/iOVt6uMI2ZnRzcFZczGxstM=
1225. |_-----END CERTIFICATE-----
1226. |_ssl-date: 2019-01-28T09:54:53+00:00; +4m37s from scanner time.
1227. 993/tcp open ssl/imaps? syn-ack
1228. |_ssl-date: 2019-01-28T09:54:51+00:00; +4m37s from scanner time.
1229. 995/tcp open ssl/pop3s? syn-ack
1230. |_ssl-date: 2019-01-28T09:54:51+00:00; +4m37s from scanner time.
1231. 3306/tcp open mysql syn-ack MySQL 5.6.33
1232. | mysql-info:
1233. | Protocol: 10
1234. | Version: 5.6.33
1235. | Thread ID: 175679
1236. | Capabilities flags: 63487
1237. | Some Capabilities: Support41Auth, Speaks41ProtocolOld, Speaks41ProtocolNew, SupportsTransactions, IgnoreSigpipes, FoundRows, InteractiveClient, SupportsCompression, SupportsLoadDataLocal, LongPassword, ODBCClient, IgnoreSpaceBeforeParenthesis, DontAllowDatabaseTableColumn, ConnectWithDatabase, LongColumnFlag, SupportsMultipleStatments, SupportsAuthPlugins, SupportsMultipleResults
1238. | Status: Autocommit
1239. | Salt: %uB)BSW?tL\l+,<(TNiH
1240. |_ Auth Plugin Name: 79
1241. 8081/tcp open http syn-ack Apache httpd
1242. | http-methods:
1243. |_ Supported Methods: GET HEAD POST OPTIONS
1244. |_http-server-header: Apache
1245. |_http-title: Site doesn't have a title (text/html).
1246. Device type: general purpose|broadband router|WAP|PBX|media device
1247. Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), Asus embedded (95%), Cisco embedded (94%), Starbridge Networks embedded (94%), Sony embedded (94%)
1248. OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n16 cpe:/h:cisco:uc320 cpe:/o:linux:linux_kernel:2.4 cpe:/h:starbridge_networks:1531 cpe:/o:sony:smp-n200
1249. OS fingerprint not ideal because: Host distance (17 network hops) is greater than five
1250. Aggressive OS guesses: Linux 2.6.18 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Cisco UC320 PBX (Linux 2.6) (94%), Linux 2.6.9 - 2.6.18 (94%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (94%), OpenWrt White Russian 0.9 (Linux 2.4.30) (94%)
1251. No exact OS matches for host (test conditions non-ideal).
1252. TCP/IP fingerprint:
1253. SCAN(V=7.70%E=4%D=1/28%OT=21%CT=1%CU=39353%PV=N%DS=17%DC=T%G=N%TM=5C4ED138%P=x86_64-pc-linux-gnu)
1254. SEQ(SP=104%GCD=1%ISR=107%TI=Z%CI=Z%TS=A)
1255. OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
1256. WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
1257. ECN(R=Y%DF=Y%T=42%W=16D0%O=M4B3NNSNW7%CC=N%Q=)
1258. T1(R=Y%DF=Y%T=42%S=O%A=S+%F=AS%RD=0%Q=)
1259. T2(R=N)
1260. T3(R=N)
1261. T4(R=Y%DF=Y%T=42%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
1262. T5(R=Y%DF=Y%T=42%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1263. T6(R=Y%DF=Y%T=42%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
1264. T7(R=N)
1265. U1(R=Y%DF=N%T=42%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
1266. IE(R=Y%DFI=N%T=42%CD=S)
1267.  
1268. Uptime guess: 21.447 days (since Sun Jan 6 18:09:46 2019)
1269. Network Distance: 17 hops
1270. TCP Sequence Prediction: Difficulty=260 (Good luck!)
1271. IP ID Sequence Generation: All zeros
1272. Service Info: Host: sawa4.alfetn.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1273.  
1274. Host script results:
1275. |_clock-skew: mean: 4m36s, deviation: 0s, median: 4m35s
1276.  
1277. TRACEROUTE (using proto 1/icmp)
1278. HOP RTT ADDRESS
1279. 1 33.98 ms 10.244.200.1
1280. 2 34.00 ms 184.75.211.225
1281. 3 34.63 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1282. 4 34.64 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1283. 5 34.65 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
1284. 6 34.66 ms toro-b1-link.telia.net (62.115.168.48)
1285. 7 41.46 ms motl-b1-link.telia.net (62.115.134.49)
1286. 8 66.69 ms nyk-bb3-link.telia.net (62.115.137.142)
1287. 9 60.33 ms nyk-b2-link.telia.net (213.155.130.28)
1288. 10 67.33 ms nyk-bb4-link.telia.net (62.115.137.98)
1289. 11 66.69 ms buf-b1-link.telia.net (62.115.141.180)
1290. 12 65.98 ms colocrossing-ic-314281-buf-b1.c.telia.net (62.115.59.90)
1291. 13 ... 15
1292. 16 66.76 ms 23.94.17.34
1293. 17 66.10 ms host.colocrossing.com (23.94.17.37)
1294.  
1295. NSE: Script Post-scanning.
1296. NSE: Starting runlevel 1 (of 2) scan.
1297. Initiating NSE at 04:54
1298. Completed NSE at 04:54, 0.00s elapsed
1299. NSE: Starting runlevel 2 (of 2) scan.
1300. Initiating NSE at 04:54
1301. Completed NSE at 04:54, 0.00s elapsed
1302. Read data files from: /usr/bin/../share/nmap
1303. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1304. Nmap done: 1 IP address (1 host up) scanned in 275.39 seconds
1305. Raw packets sent: 108 (8.568KB) | Rcvd: 1956 (1.353MB)
1306. #######################################################################################################################################
1307. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:54 EST
1308. NSE: Loaded 148 scripts for scanning.
1309. NSE: Script Pre-scanning.
1310. Initiating NSE at 04:54
1311. Completed NSE at 04:54, 0.00s elapsed
1312. Initiating NSE at 04:54
1313. Completed NSE at 04:54, 0.00s elapsed
1314. Initiating Parallel DNS resolution of 1 host. at 04:54
1315. Completed Parallel DNS resolution of 1 host. at 04:54, 0.02s elapsed
1316. Initiating UDP Scan at 04:54
1317. Scanning host.colocrossing.com (23.94.17.37) [14 ports]
1318. Discovered open port 53/udp on 23.94.17.37
1319. Completed UDP Scan at 04:54, 4.66s elapsed (14 total ports)
1320. Initiating Service scan at 04:54
1321. Scanning 2 services on host.colocrossing.com (23.94.17.37)
1322. Completed Service scan at 04:54, 16.05s elapsed (2 services on 1 host)
1323. Initiating OS detection (try #1) against host.colocrossing.com (23.94.17.37)
1324. Retrying OS detection (try #2) against host.colocrossing.com (23.94.17.37)
1325. Initiating Traceroute at 04:54
1326. Completed Traceroute at 04:54, 7.10s elapsed
1327. Initiating Parallel DNS resolution of 1 host. at 04:54
1328. Completed Parallel DNS resolution of 1 host. at 04:54, 0.02s elapsed
1329. NSE: Script scanning 23.94.17.37.
1330. Initiating NSE at 04:54
1331. Completed NSE at 04:54, 0.15s elapsed
1332. Initiating NSE at 04:54
1333. Completed NSE at 04:54, 0.08s elapsed
1334. Nmap scan report for host.colocrossing.com (23.94.17.37)
1335. Host is up (0.064s latency).
1336.  
1337. PORT STATE SERVICE VERSION
1338. 53/udp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1339. | dns-nsid:
1340. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
1341. 67/udp open|filtered dhcps
1342. 68/udp closed dhcpc
1343. 69/udp closed tftp
1344. 88/udp closed kerberos-sec
1345. 123/udp closed ntp
1346. 137/udp filtered netbios-ns
1347. 138/udp filtered netbios-dgm
1348. 139/udp closed netbios-ssn
1349. 161/udp closed snmp
1350. 162/udp closed snmptrap
1351. 389/udp closed ldap
1352. 520/udp closed route
1353. 2049/udp closed nfs
1354. Too many fingerprints match this host to give specific OS details
1355. Network Distance: 17 hops
1356. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1357.  
1358. TRACEROUTE (using port 138/udp)
1359. HOP RTT ADDRESS
1360. 1 ... 7
1361. 8 34.80 ms 10.244.200.1
1362. 9 ... 10
1363. 11 34.20 ms 10.244.200.1
1364. 12 35.10 ms 10.244.200.1
1365. 13 35.09 ms 10.244.200.1
1366. 14 35.07 ms 10.244.200.1
1367. 15 35.07 ms 10.244.200.1
1368. 16 35.06 ms 10.244.200.1
1369. 17 35.08 ms 10.244.200.1
1370. 18 ...
1371. 19 34.89 ms 10.244.200.1
1372. 20 33.96 ms 10.244.200.1
1373. 21 ... 27
1374. 28 36.24 ms 10.244.200.1
1375. 29 ...
1376. 30 33.56 ms 10.244.200.1
1377.  
1378. NSE: Script Post-scanning.
1379. Initiating NSE at 04:54
1380. Completed NSE at 04:54, 0.00s elapsed
1381. Initiating NSE at 04:54
1382. Completed NSE at 04:54, 0.00s elapsed
1383. Read data files from: /usr/bin/../share/nmap
1384. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1385. Nmap done: 1 IP address (1 host up) scanned in 30.89 seconds
1386. Raw packets sent: 119 (5.883KB) | Rcvd: 569 (69.680KB)
1387. #######################################################################################################################################
1388. Domain Name: ALFETN.COM
1389. Registry Domain ID: 131847531_DOMAIN_COM-VRSN
1390. Registrar WHOIS Server: whois.godaddy.com
1391. Registrar URL: http://www.godaddy.com
1392. Updated Date: 2017-08-23T20:52:59Z
1393. Creation Date: 2004-10-05T14:50:10Z
1394. Registry Expiry Date: 2019-10-05T14:50:10Z
1395. Registrar: GoDaddy.com, LLC
1396. Registrar IANA ID: 146
1397. Registrar Abuse Contact Email: abuse@godaddy.com
1398. Registrar Abuse Contact Phone: 480-624-2505
1399. Domain Status: ok https://icann.org/epp#ok
1400. Name Server: NS1.ALFETN.COM
1401. Name Server: NS2.ALFETN.COM
1402. DNSSEC: unsigned
1403. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
1404. >>> Last update of whois database: 2019-01-28T09:59:40Z <<<
1405.  
1406. For more information on Whois status codes, please visit https://icann.org/epp
1407.  
1408. NOTICE: The expiration date displayed in this record is the date the
1409. registrar's sponsorship of the domain name registration in the registry is
1410. currently set to expire. This date does not necessarily reflect the expiration
1411. date of the domain name registrant's agreement with the sponsoring
1412. registrar. Users may consult the sponsoring registrar's Whois database to
1413. view the registrar's reported date of expiration for this registration.
1414.  
1415. TERMS OF USE: You are not authorized to access or query our Whois
1416. database through the use of electronic processes that are high-volume and
1417. automated except as reasonably necessary to register domain names or
1418. modify existing registrations; the Data in VeriSign Global Registry
1419. Services' ("VeriSign") Whois database is provided by VeriSign for
1420. information purposes only, and to assist persons in obtaining information
1421. about or related to a domain name registration record. VeriSign does not
1422. guarantee its accuracy. By submitting a Whois query, you agree to abide
1423. by the following terms of use: You agree that you may use this Data only
1424. for lawful purposes and that under no circumstances will you use this Data
1425. to: (1) allow, enable, or otherwise support the transmission of mass
1426. unsolicited, commercial advertising or solicitations via e-mail, telephone,
1427. or facsimile; or (2) enable high volume, automated, electronic processes
1428. that apply to VeriSign (or its computer systems). The compilation,
1429. repackaging, dissemination or other use of this Data is expressly
1430. prohibited without the prior written consent of VeriSign. You agree not to
1431. use electronic processes that are automated and high-volume to access or
1432. query the Whois database except as reasonably necessary to register
1433. domain names or modify existing registrations. VeriSign reserves the right
1434. to restrict your access to the Whois database in its sole discretion to ensure
1435. operational stability. VeriSign may restrict or terminate your access to the
1436. Whois database for failure to abide by these terms of use. VeriSign
1437. reserves the right to modify these terms at any time.
1438.  
1439. The Registry database contains ONLY .COM, .NET, .EDU domains and
1440. Registrars.
1441. Domain Name: ALFETN.COM
1442. Registry Domain ID: 131847531_DOMAIN_COM-VRSN
1443. Registrar WHOIS Server: whois.godaddy.com
1444. Registrar URL: http://www.godaddy.com
1445. Updated Date: 2017-08-23T20:52:59Z
1446. Creation Date: 2004-10-05T14:50:10Z
1447. Registrar Registration Expiration Date: 2019-10-05T14:50:10Z
1448. Registrar: GoDaddy.com, LLC
1449. Registrar IANA ID: 146
1450. Registrar Abuse Contact Email: abuse@godaddy.com
1451. Registrar Abuse Contact Phone: +1.4806242505
1452. Domain Status: ok http://www.icann.org/epp#ok
1453. Registrant Organization:
1454. Registrant State/Province:
1455. Registrant Country: om
1456. Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ALFETN.COM
1457. Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ALFETN.COM
1458. Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ALFETN.COM
1459. Name Server: NS1.ALFETN.COM
1460. Name Server: NS2.ALFETN.COM
1461. DNSSEC: unsigned
1462. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
1463. >>> Last update of WHOIS database: 2019-01-28T09:00:00Z <<<
1464.  
1465. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
1466.  
1467. Notes:
1468.  
1469. IMPORTANT: Port43 will provide the ICANN-required minimum data set per
1470. ICANN Temporary Specification, adopted 17 May 2018.
1471. Visit https://whois.godaddy.com to look up contact data for domains
1472. not covered by GDPR policy.
1473.  
1474. The data contained in GoDaddy.com, LLC's WhoIs database,
1475. while believed by the company to be reliable, is provided "as is"
1476. with no guarantee or warranties regarding its accuracy. This
1477. information is provided for the sole purpose of assisting you
1478. in obtaining information about domain name registration records.
1479. Any use of this data for any other purpose is expressly forbidden without the prior written
1480. permission of GoDaddy.com, LLC. By submitting an inquiry,
1481. you agree to these terms of usage and limitations of warranty. In particular,
1482. you agree not to use this data to allow, enable, or otherwise make possible,
1483. dissemination or collection of this data, in part or in its entirety, for any
1484. purpose, such as the transmission of unsolicited advertising and
1485. and solicitations of any kind, including spam. You further agree
1486. not to use this data to enable high volume, automated or robotic electronic
1487. processes designed to collect or compile this data for any purpose,
1488. including mining this data for your own personal or commercial purposes.
1489.  
1490. Please note: the registrant of the domain name is specified
1491. in the "registrant" section. In most cases, GoDaddy.com, LLC
1492. is not the registrant of domain names listed in this database.
1493. #######################################################################################################################################
1494. [-] Enumerating subdomains now for alfetn.com
1495. [-] verbosity is enabled, will show the subdomains results in realtime
1496. [-] Searching now in Baidu..
1497. [-] Searching now in Yahoo..
1498. [-] Searching now in Google..
1499. [-] Searching now in Bing..
1500. [-] Searching now in Ask..
1501. [-] Searching now in Netcraft..
1502. [-] Searching now in DNSdumpster..
1503. [-] Searching now in Virustotal..
1504. [-] Searching now in ThreatCrowd..
1505. [-] Searching now in SSL Certificates..
1506. [-] Searching now in PassiveDNS..
1507. Yahoo: www.alfetn.com
1508. Virustotal: www.alfetn.com
1509. Virustotal: ns2.alfetn.com
1510. Virustotal: ns1.alfetn.com
1511. DNSdumpster: ns2.alfetn.com
1512. DNSdumpster: sawa4.alfetn.com
1513. DNSdumpster: ns1.alfetn.com
1514. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-alfetn.com.txt
1515. [-] Total Unique Subdomains Found: 4
1516. www.alfetn.com
1517. ns1.alfetn.com
1518. ns2.alfetn.com
1519. sawa4.alfetn.com
1520. #######################################################################################################################################
1521. Running Source: Ask
1522. Running Source: Archive.is
1523. Running Source: Baidu
1524. Running Source: Bing
1525. Running Source: CertDB
1526. Running Source: CertificateTransparency
1527. Running Source: Certspotter
1528. Running Source: Commoncrawl
1529. Running Source: Crt.sh
1530. Running Source: Dnsdb
1531. Running Source: DNSDumpster
1532. Running Source: DNSTable
1533. Running Source: Dogpile
1534. Running Source: Exalead
1535. Running Source: Findsubdomains
1536. Running Source: Googleter
1537. Running Source: Hackertarget
1538. Running Source: Ipv4Info
1539. Running Source: PTRArchive
1540. Running Source: Sitedossier
1541. Running Source: Threatcrowd
1542. Running Source: ThreatMiner
1543. Running Source: WaybackArchive
1544. Running Source: Yahoo
1545.  
1546. Running enumeration on alfetn.com
1547.  
1548. dnsdb: Unexpected return status 503
1549.  
1550. crtsh: json: cannot unmarshal array into Go value of type crtsh.crtshObject
1551.  
1552. waybackarchive: Get http://web.archive.org/cdx/search/cdx?url=*.alfetn.com/*&output=json&fl=original&collapse=urlkey&page=
1553. : net/http: HTTP/1.x transport connection broken: malformed HTTP response "<html>"
1554.  
1555. yahoo: Get https://search.yahoo.com/search?p=site:alfetn.com&b=0&pz=10&bct=0&xargs=0: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
1556.  
1557.  
1558. Starting Bruteforcing of alfetn.com with 9985 words
1559.  
1560. Total 12 Unique subdomains found for alfetn.com
1561.  
1562. .alfetn.com
1563. 20www.alfetn.com
1564. ftp.alfetn.com
1565. localhost.alfetn.com
1566. mail.alfetn.com
1567. ns1.alfetn.com
1568. ns1.alfetn.com
1569. ns2.alfetn.com
1570. ns2.alfetn.com
1571. sawa4.alfetn.com
1572. www.alfetn.com
1573. www.alfetn.com
1574. #######################################################################################################################################
1575. [*] Found SPF record:
1576. [*] v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all
1577. [*] SPF record contains an All item: ~all
1578. [*] No DMARC record found. Looking for organizational record
1579. [+] No organizational DMARC record
1580. [+] Spoofing possible for alfetn.com!
1581. #######################################################################################################################################
1582. alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
1583. alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
1584. dig: '.alfetn.com' is not a legal name (empty label)
1585. alfetn.com. 3599 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
1586. alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
1587. alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
1588. alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
1589. alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
1590. alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
1591. #######################################################################################################################################
1592. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:06 EST
1593. Nmap scan report for alfetn.com (23.94.17.37)
1594. Host is up (0.070s latency).
1595. rDNS record for 23.94.17.37: host.colocrossing.com
1596. Not shown: 463 closed ports, 1 filtered port
1597. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1598. PORT STATE SERVICE
1599. 21/tcp open ftp
1600. 53/tcp open domain
1601. 80/tcp open http
1602. 110/tcp open pop3
1603. 143/tcp open imap
1604. 443/tcp open https
1605. 465/tcp open smtps
1606. 587/tcp open submission
1607. 993/tcp open imaps
1608. 995/tcp open pop3s
1609. 3306/tcp open mysql
1610. 8081/tcp open blackice-icecap
1611. #######################################################################################################################################
1612. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:06 EST
1613. Nmap scan report for alfetn.com (23.94.17.37)
1614. Host is up (0.058s latency).
1615. rDNS record for 23.94.17.37: host.colocrossing.com
1616. Not shown: 10 closed ports, 2 filtered ports
1617. PORT STATE SERVICE
1618. 53/udp open domain
1619. 139/udp open|filtered netbios-ssn
1620. #######################################################################################################################################
1621. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:06 EST
1622. Nmap scan report for alfetn.com (23.94.17.37)
1623. Host is up (0.065s latency).
1624. rDNS record for 23.94.17.37: host.colocrossing.com
1625.  
1626. PORT STATE SERVICE VERSION
1627. 21/tcp open ftp Pure-FTPd
1628. | ftp-brute:
1629. | Accounts: No valid accounts found
1630. |_ Statistics: Performed 524 guesses in 186 seconds, average tps: 2.8
1631. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1632. Device type: general purpose|broadband router|WAP|webcam|PBX
1633. Running (JUST GUESSING): Linux 2.6.X|4.X (95%), Asus embedded (95%), AXIS embedded (95%), Cisco embedded (94%)
1634. OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:4.3 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/h:cisco:uc320
1635. Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.16 (95%)
1636. No exact OS matches for host (test conditions non-ideal).
1637. Network Distance: 17 hops
1638.  
1639. TRACEROUTE (using port 21/tcp)
1640. HOP RTT ADDRESS
1641. 1 36.34 ms 10.244.200.1
1642. 2 36.39 ms 184.75.211.225
1643. 3 37.38 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1644. 4 37.35 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1645. 5 36.79 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
1646. 6 36.79 ms toro-b1-link.telia.net (62.115.168.48)
1647. 7 42.05 ms motl-b1-link.telia.net (62.115.134.49)
1648. 8 66.39 ms nyk-bb3-link.telia.net (62.115.137.142)
1649. 9 57.04 ms nyk-b2-link.telia.net (213.155.130.28)
1650. 10 66.04 ms nyk-bb4-link.telia.net (62.115.137.98)
1651. 11 66.04 ms buf-b1-link.telia.net (62.115.141.180)
1652. 12 66.40 ms colocrossing-ic-317200-buf-b1.c.telia.net (62.115.145.91)
1653. 13 ... 15
1654. 16 66.06 ms 23.94.17.34
1655. 17 65.37 ms host.colocrossing.com (23.94.17.37)
1656. ######################################################################################################################################
1657. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:10 EST
1658. Nmap scan report for alfetn.com (23.94.17.37)
1659. Host is up (0.066s latency).
1660. rDNS record for 23.94.17.37: host.colocrossing.com
1661.  
1662. PORT STATE SERVICE VERSION
1663. 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1664. |_dns-fuzz: Server didn't response to our probe, can't fuzz
1665. | dns-nsec-enum:
1666. |_ No NSEC records found
1667. | dns-nsec3-enum:
1668. |_ DNSSEC NSEC3 not supported
1669. | dns-nsid:
1670. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
1671. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1672. Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (95%), Linux 2.6.24 (94%)
1673. No exact OS matches for host (test conditions non-ideal).
1674. Network Distance: 17 hops
1675. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1676.  
1677. Host script results:
1678. | dns-blacklist:
1679. | SPAM
1680. | l2.apews.org - SPAM
1681. |_ all.spamrats.com - DYNAMIC
1682. | dns-brute:
1683. | DNS Brute-force hostnames:
1684. | ns1.alfetn.com - 23.94.17.37
1685. | ns2.alfetn.com - 172.245.104.110
1686. | mail.alfetn.com - 23.94.17.37
1687. | www.alfetn.com - 23.94.17.37
1688. |_ ftp.alfetn.com - 23.94.17.37
1689.  
1690. TRACEROUTE (using port 53/tcp)
1691. HOP RTT ADDRESS
1692. 1 34.07 ms 10.244.200.1
1693. 2 39.06 ms 184.75.211.225
1694. 3 39.71 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1695. 4 40.05 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
1696. 5 39.70 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
1697. 6 39.13 ms toro-b1-link.telia.net (62.115.168.48)
1698. 7 44.03 ms motl-b1-link.telia.net (62.115.134.49)
1699. 8 ...
1700. 9 57.20 ms nyk-b2-link.telia.net (213.155.130.28)
1701. 10 67.61 ms nyk-bb4-link.telia.net (62.115.137.98)
1702. 11 66.30 ms buf-b1-link.telia.net (62.115.141.180)
1703. 12 65.79 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
1704. 13 ... 15
1705. 16 66.05 ms 23.94.17.34
1706. 17 66.05 ms host.colocrossing.com (23.94.17.37)
1707. #######################################################################################################################################
1708. http://alfetn.com [200 OK] Country[UNITED STATES][US], HTTPServer[nginx admin], IP[23.94.17.37], MetaGenerator[Microsoft FrontPage 5.0], Title[&THORN;&Ntilde;&iacute;&Egrave;&Ccedil;&eth; &atilde;&auml;&Ecirc;&Iuml;&iacute;&Ccedil;&Ecirc; &Ccedil;&aacute;&atilde;&aacute;&Ccedil;&Iacute;&atilde; &aelig; &Ccedil;&aacute;&Yacute;&Ecirc;&auml;], X-Cache[Backend]
1709. #######################################################################################################################################
1710. wig - WebApp Information Gatherer
1711.  
1712.  
1713. Scanning http://alfetn.com...
1714. _________________ SITE INFO _________________
1715. IP Title
1716. 23.94.17.37 &THORN;&Ntilde;&iacute;&Egra
1717.  
1718. __________________ VERSION __________________
1719. Name Versions Type
1720. admin Platform
1721. nginx Platform
1722.  
1723. _____________________________________________
1724. Time: 0.9 sec Urls: 599 Fingerprints: 40401
1725. #######################################################################################################################################
1726. HTTP/1.1 200 OK
1727. Server: nginx admin
1728. Date: Mon, 28 Jan 2019 10:15:41 GMT
1729. Content-Type: text/html
1730. Content-Length: 38710
1731. Connection: keep-alive
1732. Vary: Accept-Encoding
1733. Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
1734. X-Cache: HIT from Backend
1735. Accept-Ranges: bytes
1736.  
1737. HTTP/1.1 200 OK
1738. Server: nginx admin
1739. Date: Mon, 28 Jan 2019 10:15:41 GMT
1740. Content-Type: text/html
1741. Content-Length: 38710
1742. Connection: keep-alive
1743. Vary: Accept-Encoding
1744. Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
1745. X-Cache: HIT from Backend
1746. Accept-Ranges: bytes
1747. #######################################################################################################################################
1748. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:11 EST
1749. Nmap scan report for alfetn.com (23.94.17.37)
1750. Host is up (0.066s latency).
1751. rDNS record for 23.94.17.37: host.colocrossing.com
1752.  
1753. PORT STATE SERVICE VERSION
1754. 110/tcp open pop3 Dovecot pop3d
1755. | pop3-brute:
1756. | Accounts: No valid accounts found
1757. |_ Statistics: Performed 225 guesses in 195 seconds, average tps: 1.1
1758. |_pop3-capabilities: USER AUTH-RESP-CODE RESP-CODES UIDL PIPELINING SASL(PLAIN LOGIN) CAPA STLS TOP
1759. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1760. Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (95%), Linux 2.6.24 (94%)
1761. No exact OS matches for host (test conditions non-ideal).
1762. Network Distance: 17 hops
1763.  
1764. TRACEROUTE (using port 110/tcp)
1765. HOP RTT ADDRESS
1766. 1 35.24 ms 10.244.200.1
1767. 2 35.26 ms 184.75.211.225
1768. 3 36.38 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1769. 4 36.39 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1770. 5 36.36 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
1771. 6 36.39 ms toro-b1-link.telia.net (62.115.168.48)
1772. 7 43.36 ms motl-b1-link.telia.net (62.115.134.49)
1773. 8 73.20 ms nyk-bb3-link.telia.net (62.115.137.142)
1774. 9 72.34 ms nyk-b2-link.telia.net (213.155.130.28)
1775. 10 75.65 ms nyk-bb4-link.telia.net (62.115.137.98)
1776. 11 73.26 ms buf-b1-link.telia.net (62.115.141.180)
1777. 12 74.60 ms colocrossing-ic-317200-buf-b1.c.telia.net (62.115.145.91)
1778. 13 ... 15
1779. 16 73.30 ms 23.94.17.34
1780. 17 73.31 ms host.colocrossing.com (23.94.17.37)
1781. #######################################################################################################################################
1782. Version: 1.11.12-static
1783. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1784.  
1785. Connected to 23.94.17.37
1786.  
1787. Testing SSL server alfetn.com on port 443 using SNI name alfetn.com
1788.  
1789. TLS Fallback SCSV:
1790. Server does not support TLS Fallback SCSV
1791.  
1792. TLS renegotiation:
1793. Session renegotiation not supported
1794.  
1795. TLS Compression:
1796. Compression disabled
1797.  
1798. Heartbleed:
1799. TLS 1.2 not vulnerable to heartbleed
1800. TLS 1.1 not vulnerable to heartbleed
1801. TLS 1.0 not vulnerable to heartbleed
1802.  
1803. Supported Server Cipher(s):
1804. #######################################################################################################################################
1805. ---------------------------------------------------------------------------------------------------------------------------------------
1806. <<<Yasuo discovered following vulnerable applications>>>
1807. ---------------------------------------------------------------------------------------------------------------------------------------
1808. +-----------------+-----------------------------------+------------------------------------------------+----------+----------+
1809. | App Name | URL to Application | Potential Exploit | Username | Password |
1810. +-----------------+-----------------------------------+------------------------------------------------+----------+----------+
1811. | Linksys WRT54GL | http://23.94.17.37:443/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
1812. | Linksys WRT54GL | http://23.94.17.37:8081/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
1813. +-----------------+-----------------------------------+------------------------------------------------+----------+----------+
1814. #######################################################################################################################################
1815. ---------------------------------------------------------------------------------------------------------------------------------------
1816. + Target IP: 23.94.17.37
1817. + Target Hostname: 23.94.17.37
1818. + Target Port: 443
1819. + Start Time: 2019-01-28 04:38:19 (GMT-5)
1820. ---------------------------------------------------------------------------------------------------------------------------------------
1821. + Server: Apache
1822. + The anti-clickjacking X-Frame-Options header is not present.
1823. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1824. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1825. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
1826. + /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
1827. + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
1828. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
1829. + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
1830. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
1831. + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
1832. + 9970 requests: 0 error(s) and 10 item(s) reported on remote host
1833. + End Time: 2019-01-28 04:52:48 (GMT-5) (869 seconds)
1834. ---------------------------------------------------------------------------------------------------------------------------------------
1835. #######################################################################################################################################
1836. ---------------------------------------------------------------------------------------------------------------------------------------
1837. + Target IP: 23.94.17.37
1838. + Target Hostname: alfetn.com
1839. + Target Port: 80
1840. + Start Time: 2019-01-28 04:37:49 (GMT-5)
1841. ---------------------------------------------------------------------------------------------------------------------------------------
1842. + Server: No banner retrieved
1843. + The anti-clickjacking X-Frame-Options header is not present.
1844. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1845. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1846. + Server leaks inodes via ETags, header found with file /favicon.ico, fields: 0x4e03f221 0x0
1847. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_REQ 0
1848. + Server banner has changed from '' to 'nginx admin' which may suggest a WAF, load balancer or proxy is in place
1849. + Cookie _mcnc created without the httponly flag
1850. + Uncommon header 'x-microcachable' found, with contents: 0
1851. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
1852. + Uncommon header 'x-cache' found, with contents: HIT from Backend
1853. + /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
1854. + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
1855. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
1856. + OSVDB-3233: /postinfo.html: Microsoft FrontPage default file found.
1857. + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
1858. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
1859. + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
1860. + OSVDB-3233: /_vti_inf.html: FrontPage/SharePoint is installed and reveals its version number (check HTML source for more information).
1861. #######################################################################################################################################
1862. Anonymous JTSEC #OpIsis Full Recon #4