Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- Hostname alfetn.com ISP ColoCrossing
- Continent North America Flag
- US
- Country United States Country Code US
- Region New York Local time 28 Jan 2019 04:29 EST
- City Buffalo Postal Code 14202
- IP Address 23.94.17.37 Latitude 42.886
- Longitude -78.878
- #######################################################################################################################################
- > alfetn.com
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: alfetn.com
- Address: 23.94.17.37
- >
- #######################################################################################################################################
- HostIP:23.94.17.37
- HostName:alfetn.com
- Gathered Inet-whois information for 23.94.17.37
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 23.83.128.0 - 23.105.223.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: For registration information,
- remarks: you can consult the following sources:
- remarks:
- remarks: IANA
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- created: 2019-01-07T10:48:39Z
- last-modified: 2019-01-07T10:48:39Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)
- Gathered Inic-whois information for alfetn.com
- ---------------------------------------------------------------------------------------------------------------------------------------
- Domain Name: ALFETN.COM
- Registry Domain ID: 131847531_DOMAIN_COM-VRSN
- Registrar WHOIS Server: whois.godaddy.com
- Registrar URL: http://www.godaddy.com
- Updated Date: 2017-08-23T20:52:59Z
- Creation Date: 2004-10-05T14:50:10Z
- Registry Expiry Date: 2019-10-05T14:50:10Z
- Registrar: GoDaddy.com, LLC
- Registrar IANA ID: 146
- Registrar Abuse Contact Email: abuse@godaddy.com
- Registrar Abuse Contact Phone: 480-624-2505
- Domain Status: ok https://icann.org/epp#ok
- Name Server: NS1.ALFETN.COM
- Name Server: NS2.ALFETN.COM
- DNSSEC: unsigned
- URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
- >>> Last update of whois database: 2019-01-28T09:34:58Z <<<
- For more information on Whois status codes, please visit https://icann.org/epp
- NOTICE: The expiration date displayed in this record is the date the
- registrar's sponsorship of the domain name registration in the registry is
- currently set to expire. This date does not necessarily reflect the expiration
- date of the domain name registrant's agreement with the sponsoring
- registrar. Users may consult the sponsoring registrar's Whois database to
- view the registrar's reported date of expiration for this registration.
- TERMS OF USE: You are not authorized to access or query our Whois
- database through the use of electronic processes that are high-volume and
- automated except as reasonably necessary to register domain names or
- modify existing registrations; the Data in VeriSign Global Registry
- Services' ("VeriSign") Whois database is provided by VeriSign for
- information purposes only, and to assist persons in obtaining information
- about or related to a domain name registration record. VeriSign does not
- guarantee its accuracy. By submitting a Whois query, you agree to abide
- by the following terms of use: You agree that you may use this Data only
- for lawful purposes and that under no circumstances will you use this Data
- to: (1) allow, enable, or otherwise support the transmission of mass
- unsolicited, commercial advertising or solicitations via e-mail, telephone,
- or facsimile; or (2) enable high volume, automated, electronic processes
- that apply to VeriSign (or its computer systems). The compilation,
- repackaging, dissemination or other use of this Data is expressly
- prohibited without the prior written consent of VeriSign. You agree not to
- use electronic processes that are automated and high-volume to access or
- query the Whois database except as reasonably necessary to register
- domain names or modify existing registrations. VeriSign reserves the right
- to restrict your access to the Whois database in its sole discretion to ensure
- operational stability. VeriSign may restrict or terminate your access to the
- Whois database for failure to abide by these terms of use. VeriSign
- reserves the right to modify these terms at any time.
- The Registry database contains ONLY .COM, .NET, .EDU domains and
- Registrars.
- Gathered Netcraft information for alfetn.com
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for alfetn.com
- Netcraft.com Information gathered
- Gathered Subdomain information for alfetn.com
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:ns1.alfetn.com
- HostIP:23.94.17.37
- HostName:www.alfetn.com
- HostIP:23.94.17.37
- Searching Altavista.com:80...
- Found 2 possible subdomain(s) for host alfetn.com, Searched 0 pages containing 0 results
- Gathered E-Mail information for alfetn.com
- --------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host alfetn.com, Searched 0 pages containing 0 results
- Gathered TCP Port information for 23.94.17.37
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 53/tcp open
- 80/tcp open
- 110/tcp open
- 143/tcp open
- Portscan Finished: Scanned 150 ports, 144 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://alfetn.com
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: ÞÑíÈÇð ãäÊÏíÇÊ ÇáãáÇÍã æ ÇáÝÊä
- [+] IP address: 23.94.17.37
- [+] Web Server: Could Not Detect
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- W H O I S L O O K U P
- =======================================================================================================================================
- Domain Name: ALFETN.COM
- Registry Domain ID: 131847531_DOMAIN_COM-VRSN
- Registrar WHOIS Server: whois.godaddy.com
- Registrar URL: http://www.godaddy.com
- Updated Date: 2017-08-23T20:52:59Z
- Creation Date: 2004-10-05T14:50:10Z
- Registry Expiry Date: 2019-10-05T14:50:10Z
- Registrar: GoDaddy.com, LLC
- Registrar IANA ID: 146
- Registrar Abuse Contact Email: abuse@godaddy.com
- Registrar Abuse Contact Phone: 480-624-2505
- Domain Status: ok https://icann.org/epp#ok
- Name Server: NS1.ALFETN.COM
- Name Server: NS2.ALFETN.COM
- DNSSEC: unsigned
- URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
- >>> Last update of whois database: 2019-01-28T09:35:13Z <<<
- For more information on Whois status codes, please visit https://icann.org/epp
- The Registry database contains ONLY .COM, .NET, .EDU domains and
- Registrars.
- G E O I P L O O K U P
- ======================================================================================================================================
- [i] IP Address: 23.94.17.37
- [i] Country: United States
- [i] State: New York
- [i] City: Buffalo
- [i] Latitude: 42.8864
- [i] Longitude: -78.8781
- H T T P H E A D E R S
- ======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Mon, 28 Jan 2019 09:39:57 GMT
- [i] Content-Type: text/html
- [i] Vary: Accept-Encoding
- [i] Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- alfetn.com. 14399 IN TXT "v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all"
- alfetn.com. 14399 IN MX 0 alfetn.com.
- alfetn.com. 21599 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- alfetn.com. 21599 IN NS ns1.alfetn.com.
- alfetn.com. 21599 IN NS ns2.alfetn.com.
- alfetn.com. 14399 IN A 23.94.17.37
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 23.94.17.37
- Network = 23.94.17.37 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 23.94.17.37 - 23.94.17.37 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-01-28 09:35 UTC
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.011s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp closed ssh
- 23/tcp closed telnet
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 3389/tcp closed ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
- S U B - D O M A I N F I N D E R
- =======================================================================================================================================
- [i] Total Subdomains Found : 2
- [+] Subdomain: ns2.alfetn.com
- [-] IP: 172.245.104.110
- [+] Subdomain: sawa4.alfetn.com
- [-] IP: 192.3.138.116
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- http://alfetn.com/
- [!] IP Address : 23.94.17.37
- [!] alfetn.com doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for alfetn.com
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/alfetn.com
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp closed ssh
- 23/tcp closed telnet
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 3389/tcp closed ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- ns1.alfetn.com. (23.94.17.37) AS36352 ColoCrossing United States
- ns2.alfetn.com. (172.245.104.110) AS36352 ColoCrossing United States
- [+] MX Records
- 0 (23.94.17.37) AS36352 ColoCrossing United States
- [+] Host Records (A)
- ns2.alfetn.comFTP: (172-245-104-110-host.colocrossing.com) (172.245.104.110) AS36352 ColoCrossing United States
- sawa4.alfetn.com (192-3-138-116-host.colocrossing.com) (192.3.138.116) AS36352 ColoCrossing United States
- ns1.alfetn.comHTTP: (host.colocrossing.com) (23.94.17.37) AS36352 ColoCrossing United States
- [+] TXT Records
- "v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all"
- [+] DNS Map: https://dnsdumpster.com/static/map/alfetn.com.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1548668131350529-web-@alfetn.com
- pixel-1548668132234382-web-@alfetn.com
- [+] Hosts found in search engines:
- --------------------------------------------------------------------------------------------------------------------------------------
- [-] Resolving hostnames IPs...
- 23.94.17.37:Ns1.alfetn.com
- 23.94.17.37:ns1.alfetn.com
- 23.94.17.37:www.alfetn.com
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> alfetn.com
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58762
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;alfetn.com. IN A
- ;; ANSWER SECTION:
- alfetn.com. 14352 IN A 23.94.17.37
- ;; Query time: 54 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: lun jan 28 04:40:01 EST 2019
- ;; MSG SIZE rcvd: 55
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace alfetn.com
- ;; global options: +cmd
- . 85109 IN NS h.root-servers.net.
- . 85109 IN NS c.root-servers.net.
- . 85109 IN NS a.root-servers.net.
- . 85109 IN NS i.root-servers.net.
- . 85109 IN NS l.root-servers.net.
- . 85109 IN NS g.root-servers.net.
- . 85109 IN NS b.root-servers.net.
- . 85109 IN NS m.root-servers.net.
- . 85109 IN NS j.root-servers.net.
- . 85109 IN NS d.root-servers.net.
- . 85109 IN NS f.root-servers.net.
- . 85109 IN NS e.root-servers.net.
- . 85109 IN NS k.root-servers.net.
- . 85109 IN RRSIG NS 8 0 518400 20190210050000 20190128040000 16749 . HdBmU1WL/kZpDI2zh5BT5Wqh/4Fm+rwnhteOzLJYWsAB1gXW2pbgN45u BhXX1WrhzsYVg8qmOhUdNlwjDvkmj0Tkgn8/zAaF9a1j8ua6GE8IawvX 5oPpX9d/7ier8pqzuwB90BS6wlXNGe64Z7CCBqu9RhPGtt8cKsn2N21S fOIcZ2UhysfGrpjfnBA/omcV5Ud5a78xMco/oU3qIOthmEBTpRSDd6nr BQvePpc7IHKgsRJI/s3OoyXTVaC6W6Su+Eml/nUQcdXwpN3IygybGMqD GHdRdTbtbKknkZqtLzIaCHr8Edjo6f3B2DhS9zG7P+ReO+5gtdZ1XP3a 9zVfbg==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 58 ms
- com. 172800 IN NS a.gtld-servers.net.
- com. 172800 IN NS b.gtld-servers.net.
- com. 172800 IN NS c.gtld-servers.net.
- com. 172800 IN NS d.gtld-servers.net.
- com. 172800 IN NS e.gtld-servers.net.
- com. 172800 IN NS f.gtld-servers.net.
- com. 172800 IN NS g.gtld-servers.net.
- com. 172800 IN NS h.gtld-servers.net.
- com. 172800 IN NS i.gtld-servers.net.
- com. 172800 IN NS j.gtld-servers.net.
- com. 172800 IN NS k.gtld-servers.net.
- com. 172800 IN NS l.gtld-servers.net.
- com. 172800 IN NS m.gtld-servers.net.
- com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
- com. 86400 IN RRSIG DS 8 1 86400 20190210050000 20190128040000 16749 . g0vycbBIGQhu8UT3FAZdj249jLrJcQA/EJZho0UOAgw4q5/SLFh45eq8 LgcEBMUx46rp1xCMzhPp3RbjQaUiaXPkZePRp3T3pTAwI2jJqC8xOjyn W3b4XWlIIOBAK8gJJhDmP7sLJaAd5K010CH7Dw+ycETrIsK119SDDEr1 E0ZBySvIcdIJeXWfxSw/Dszn+nqaLmJnbdRztSolxb3g+hiq4+wTBCWZ cjfGUsVqyvsmL6Aoski5a9ArTnNj5IEdRGQvDSM/iC+U1XlziGSdWLoW HATgH5p/SKH1Icav/SYVaXcrAdHbOR2cI0cGm4JttXKVBfBkL7/Kr04H 3x1I+g==
- ;; Received 1170 bytes from 192.58.128.30#53(j.root-servers.net) in 244 ms
- alfetn.com. 172800 IN NS ns1.alfetn.com.
- alfetn.com. 172800 IN NS ns2.alfetn.com.
- CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
- CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190204054423 20190128043423 16883 com. a6+nG0HlYQFu/smtBipliyxAEgUrNXxqIn/9FuGfEPzfC+tJ41P3ne/0 fTDxnEo7AX9FZ9GYQwhf288SiBsQuemJJCqS8H9xOp6TCQa8+p9xsQY4 ZewJb9mJC2tDhke7IiQsCC4kBwVtNlzavKvVfu3MhvyeghPZEx9n+DoQ F50=
- NQCLQHSIJIP8JADH44VO66A632T7572O.com. 86400 IN NSEC3 1 1 0 - NQCMQF0CF70RC4HJ9KRKVG7AI3SBFQ2V NS DS RRSIG
- NQCLQHSIJIP8JADH44VO66A632T7572O.com. 86400 IN RRSIG NSEC3 8 2 86400 20190204060729 20190128045729 16883 com. sfm7jOJ0bpeFsjaPQ4MVlC69LsumiAwVlLTbDJsKWs9RqPK3FroxOfg1 qlSLvmWiDG2ibpfU306Kh0lnOcvBl7wAwHlVYAOWn1Vcv0ZLXR6jw51A mvOiG3BbmwAmakixPkDMBVhoT0sgCoxsAYWcfJvi8aIFxPPy5S8oDQhW Zk4=
- ;; Received 592 bytes from 192.33.14.30#53(b.gtld-servers.net) in 256 ms
- alfetn.com. 14400 IN A 23.94.17.37
- alfetn.com. 86400 IN NS ns2.alfetn.com.
- alfetn.com. 86400 IN NS ns1.alfetn.com.
- ;; Received 123 bytes from 172.245.104.110#53(ns2.alfetn.com) in 65 ms
- #######################################################################################################################################
- ] Performing General Enumeration of Domain: alfetn.com
- [-] DNSSEC is not configured for alfetn.com
- [*] SOA ns1.alfetn.com 23.94.17.37
- [*] NS ns2.alfetn.com 172.245.104.110
- [*] Bind Version for 172.245.104.110 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- [*] NS ns1.alfetn.com 23.94.17.37
- [*] Bind Version for 23.94.17.37 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- [*] MX alfetn.com 23.94.17.37
- [*] A alfetn.com 23.94.17.37
- [*] TXT alfetn.com v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for alfetn.com
- [+] 0 Records Found
- #######################################################################################################################################
- Traceroute 'alfetn.com '
- ---------------------------------------------------------------------------------------------------------------------------------------
- Start: 2019-01-28T09:42:22+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.202 0.0% 3 1.0 0.8 0.7 1.0 0.2
- 2.|-- 45.79.12.6 0.0% 3 0.6 7.4 0.6 20.8 11.6
- 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 0.9 0.8 0.9 0.1
- 4.|-- kanc-b1-link.telia.net 0.0% 3 11.9 12.0 11.9 12.2 0.2
- 5.|-- chi-b21-link.telia.net 0.0% 3 24.8 24.9 24.5 25.4 0.5
- 6.|-- buf-b1-link.telia.net 0.0% 3 37.4 37.3 36.6 37.7 0.6
- 7.|-- colocrossing-ic-314281-buf-b1.c.telia.net 0.0% 3 37.0 36.7 36.5 37.0 0.2
- 8.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 9.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 11.|-- host.colocrossing.com 0.0% 3 36.9 36.8 36.6 37.0 0.2
- 12.|-- host.colocrossing.com 0.0% 3 37.0 36.8 36.8 37.0 0.1
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 23.94.17.37 200 host ftp.alfetn.com nginx admin
- 127.0.0.1 host localhost.alfetn.com
- 23.94.17.37 200 alias mail.alfetn.com nginx admin
- 23.94.17.37 200 host alfetn.com nginx admin
- 23.94.17.37 200 host ns1.alfetn.com nginx admin
- 172.245.104.110 host ns2.alfetn.com
- 23.94.17.37 200 alias www.alfetn.com nginx admin
- 23.94.17.37 200 host alfetn.com nginx admin
- #######################################################################################################################################
- [*] Processing domain alfetn.com
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
- [+] Getting nameservers
- 172.245.104.110 - ns2.alfetn.com
- 23.94.17.37 - ns1.alfetn.com
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all"
- [+] MX records found, added to target list
- 0 alfetn.com.
- [*] Scanning alfetn.com for A records
- 23.94.17.37 - alfetn.com
- 23.94.17.37 - ftp.alfetn.com
- 127.0.0.1 - localhost.alfetn.com
- 23.94.17.37 - mail.alfetn.com
- 23.94.17.37 - ns1.alfetn.com
- 172.245.104.110 - ns2.alfetn.com
- 23.94.17.37 - www.alfetn.com
- ######################################################################################################################################
- [+] Testing domain
- www.alfetn.com 23.94.17.37
- [+] Dns resolving
- Domain name Ip address Name server
- alfetn.com 23.94.17.37 host.colocrossing.com
- Found 1 host(s) for alfetn.com
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on alfetn.com
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 31.68 seconds
- Subdomain Ip address Name server
- ftp.alfetn.com 23.94.17.37 host.colocrossing.com
- localhost.alfetn.com 127.0.0.1 localhost
- mail.alfetn.com 23.94.17.37 host.colocrossing.com
- ns1.alfetn.com 23.94.17.37 host.colocrossing.com
- ns2.alfetn.com 172.245.104.110 172-245-104-110-host.colocrossing.com
- www.alfetn.com 23.94.17.37 host.colocrossing.com
- #######################################################################################################################################
- =======================================================================================================================================
- | External hosts:
- | [+] External Host Found: http://www.islamiceschatology.com
- | [+] External Host Found: http://api.recaptcha.net
- | [+] External Host Found: http://www.gnu.org
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: myname@domain.com
- | [+] E-mail Found: j.doe@example.com
- | [+] E-mail Found: mailman@alfetn.com
- =======================================================================================================================================
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- alfetn.com -----
- Host's addresses:
- __________________
- alfetn.com. 13768 IN A 23.94.17.37
- Name Servers:
- ______________
- ns1.alfetn.com. 13769 IN A 23.94.17.37
- ns2.alfetn.com. 14161 IN A 172.245.104.110
- Mail (MX) Servers:
- ___________________
- alfetn.com. 13768 IN A 23.94.17.37
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for alfetn.com on ns1.alfetn.com ...
- Trying Zone Transfer for alfetn.com on ns2.alfetn.com ...
- brute force file not specified, bay.
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:39 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.068s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- Not shown: 463 closed ports, 1 filtered port
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- 3306/tcp open mysql
- 8081/tcp open blackice-icecap
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:39 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.058s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- Not shown: 10 closed ports, 2 filtered ports
- PORT STATE SERVICE
- 53/udp open domain
- 123/udp open|filtered ntp
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:39 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.067s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 319 guesses in 184 seconds, average tps: 1.6
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|broadband router|WAP|webcam|PBX
- Running (JUST GUESSING): Linux 2.6.X|4.X (95%), Asus embedded (95%), AXIS embedded (95%), Cisco embedded (94%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:4.3 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/h:cisco:uc320
- Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.16 (95%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 34.39 ms 10.244.200.1
- 2 37.33 ms 184.75.211.225
- 3 37.73 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 37.79 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
- 5 37.79 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
- 6 37.44 ms toro-b1-link.telia.net (62.115.168.48)
- 7 43.20 ms motl-b1-link.telia.net (62.115.134.49)
- 8 74.17 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 64.74 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 74.16 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 73.78 ms buf-b1-link.telia.net (62.115.141.180)
- 12 88.57 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
- 13 ... 15
- 16 73.66 ms 23.94.17.34
- 17 73.40 ms host.colocrossing.com (23.94.17.37)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:43 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.066s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- PORT STATE SERVICE VERSION
- 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- | dns-nsec-enum:
- |_ No NSEC records found
- | dns-nsec3-enum:
- |_ DNSSEC NSEC3 not supported
- | dns-nsid:
- |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|broadband router|WAP|webcam|PBX
- Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), Asus embedded (95%), AXIS embedded (95%), Cisco embedded (94%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/h:cisco:uc320 cpe:/o:linux:linux_kernel:2.4
- Aggressive OS guesses: Linux 2.6.18 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.16 (95%), Cisco UC320 PBX (Linux 2.6) (94%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
- Host script results:
- | dns-blacklist:
- | SPAM
- | all.spamrats.com - DYNAMIC
- |_ l2.apews.org - SPAM
- | dns-brute:
- | DNS Brute-force hostnames:
- | ns1.alfetn.com - 23.94.17.37
- | ns2.alfetn.com - 172.245.104.110
- | mail.alfetn.com - 23.94.17.37
- | www.alfetn.com - 23.94.17.37
- |_ ftp.alfetn.com - 23.94.17.37
- TRACEROUTE (using port 53/tcp)
- HOP RTT ADDRESS
- 1 36.66 ms 10.244.200.1
- 2 36.69 ms 184.75.211.225
- 3 37.28 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 37.31 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
- 5 37.08 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
- 6 38.53 ms toro-b1-link.telia.net (62.115.168.48)
- 7 42.30 ms motl-b1-link.telia.net (62.115.134.49)
- 8 66.43 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 57.25 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 66.43 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 67.40 ms buf-b1-link.telia.net (62.115.141.180)
- 12 65.46 ms colocrossing-ic-314281-buf-b1.c.telia.net (62.115.59.90)
- 13 ... 15
- 16 65.80 ms 23.94.17.34
- 17 65.82 ms host.colocrossing.com (23.94.17.37)
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 39.54 seconds
- + -- --=[Port 67 closed... skipping.
- + -- --=[Port 68 closed... skipping.
- + -- --=[Port 69 closed... skipping.
- + -- --=[Port 79 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- #######################################################################################################################################
- http://alfetn.com [200 OK] Country[UNITED STATES][US], HTTPServer[nginx admin], IP[23.94.17.37], MetaGenerator[Microsoft FrontPage 5.0], Title[ÞÑíÈÇð ãäÊÏíÇÊ ÇáãáÇÍã æ ÇáÝÊä], X-Cache[Backend]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://alfetn.com...
- _________________ SITE INFO __________________
- IP Title
- 23.94.17.37 ÞÑí&Egra
- __________________ VERSION ___________________
- Name Versions Type
- admin Platform
- nginx Platform
- ______________________________________________
- Time: 14.2 sec Urls: 599 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx admin
- Date: Mon, 28 Jan 2019 09:49:07 GMT
- Content-Type: text/html
- Content-Length: 38710
- Connection: keep-alive
- Vary: Accept-Encoding
- Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
- X-Cache: HIT from Backend
- Accept-Ranges: bytes
- HTTP/1.1 200 OK
- Server: nginx admin
- Date: Mon, 28 Jan 2019 09:49:07 GMT
- Content-Type: text/html
- Content-Length: 38710
- Connection: keep-alive
- Vary: Accept-Encoding
- Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
- X-Cache: HIT from Backend
- Accept-Ranges: bytes
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:44 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.066s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 185 guesses in 185 seconds, average tps: 0.9
- |_pop3-capabilities: PIPELINING RESP-CODES STLS CAPA UIDL TOP SASL(PLAIN LOGIN) USER AUTH-RESP-CODE
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|broadband router|WAP|webcam|PBX
- Running (JUST GUESSING): Linux 2.6.X|4.X (95%), Asus embedded (95%), AXIS embedded (95%), Cisco embedded (94%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:4.3 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/h:cisco:uc320
- Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (94%), Linux 2.6.16 (94%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- TRACEROUTE (using port 110/tcp)
- HOP RTT ADDRESS
- 1 36.37 ms 10.244.200.1
- 2 79.69 ms 184.75.211.225
- 3 79.21 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 80.24 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
- 5 79.18 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
- 6 79.26 ms toro-b1-link.telia.net (62.115.168.48)
- 7 91.95 ms motl-b1-link.telia.net (62.115.134.49)
- 8 ...
- 9 58.93 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 68.06 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 68.03 ms buf-b1-link.telia.net (62.115.141.180)
- 12 67.54 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
- 13 ... 15
- 16 67.89 ms 23.94.17.34
- 17 67.81 ms host.colocrossing.com (23.94.17.37)
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 23.94.17.37
- Testing SSL server alfetn.com on port 443 using SNI name alfetn.com
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:38 EST
- Nmap scan report for host.colocrossing.com (23.94.17.37)
- Host is up (0.065s latency).
- Not shown: 463 closed ports, 1 filtered port
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- 3306/tcp open mysql
- 8081/tcp open blackice-icecap
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:38 EST
- Nmap scan report for host.colocrossing.com (23.94.17.37)
- Host is up (0.058s latency).
- Not shown: 10 closed ports, 2 filtered ports
- PORT STATE SERVICE
- 53/udp open domain
- 68/udp open|filtered dhcpc
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:38 EST
- Nmap scan report for host.colocrossing.com (23.94.17.37)
- Host is up (0.066s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 329 guesses in 189 seconds, average tps: 2.4
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (95%), Linux 2.6.24 (94%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 38.10 ms 10.244.200.1
- 2 39.80 ms 184.75.211.225
- 3 39.88 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 39.91 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
- 5 39.89 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
- 6 39.91 ms toro-b1-link.telia.net (62.115.168.48)
- 7 43.85 ms motl-b1-link.telia.net (62.115.134.49)
- 8 65.62 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 56.04 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 65.66 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 65.43 ms buf-b1-link.telia.net (62.115.141.180)
- 12 64.82 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
- 13 ... 15
- 16 65.09 ms 23.94.17.34
- 17 65.16 ms host.colocrossing.com (23.94.17.37)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:43 EST
- Nmap scan report for host.colocrossing.com (23.94.17.37)
- Host is up (0.065s latency).
- PORT STATE SERVICE VERSION
- 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- | dns-nsec-enum:
- |_ No NSEC records found
- | dns-nsec3-enum:
- |_ DNSSEC NSEC3 not supported
- | dns-nsid:
- |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (95%), Linux 2.6.24 (94%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
- Host script results:
- | dns-blacklist:
- | SPAM
- | all.spamrats.com - DYNAMIC
- |_ l2.apews.org - SPAM
- | dns-brute:
- | DNS Brute-force hostnames:
- | host.colocrossing.com - 216.246.49.26
- | stats.colocrossing.com - 172.245.143.19
- | ns1.colocrossing.com - 198.46.128.17
- | ns1.colocrossing.com - 198.46.128.18
- | ns2.colocrossing.com - 172.245.143.17
- | ns2.colocrossing.com - 172.245.143.18
- | ns3.colocrossing.com - 172.245.143.18
- | web.colocrossing.com - 198.46.128.21
- | web.colocrossing.com - 206.217.140.66
- | wiki.colocrossing.com - 198.23.141.60
- | blog.colocrossing.com - 104.17.122.180
- | blog.colocrossing.com - 104.17.123.180
- | blog.colocrossing.com - 104.17.124.180
- | blog.colocrossing.com - 104.17.125.180
- | blog.colocrossing.com - 104.17.126.180
- | mail.colocrossing.com - 104.168.72.4
- | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7ab4
- | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7bb4
- | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7cb4
- | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7db4
- | blog.colocrossing.com - 2606:4700:0:0:0:0:6811:7eb4
- | www.colocrossing.com - 23.95.99.167
- |_ ftp.colocrossing.com - 216.246.49.26
- TRACEROUTE (using port 53/tcp)
- HOP RTT ADDRESS
- 1 34.15 ms 10.244.200.1
- 2 38.01 ms 184.75.211.225
- 3 38.30 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 38.44 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
- 5 37.89 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
- 6 37.89 ms toro-b1-link.telia.net (62.115.168.48)
- 7 42.51 ms motl-b1-link.telia.net (62.115.134.49)
- 8 68.24 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 54.73 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 64.37 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 64.10 ms buf-b1-link.telia.net (62.115.141.180)
- 12 63.42 ms colocrossing-ic-314281-buf-b1.c.telia.net (62.115.59.90)
- 13 ... 15
- 16 63.90 ms 23.94.17.34
- 17 63.44 ms host.colocrossing.com (23.94.17.37)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:43 EST
- Nmap scan report for host.colocrossing.com (23.94.17.37)
- Host is up (0.064s latency).
- PORT STATE SERVICE VERSION
- 68/udp closed dhcpc
- Too many fingerprints match this host to give specific OS details
- Network Distance: 17 hops
- TRACEROUTE (using port 68/udp)
- HOP RTT ADDRESS
- 1 35.80 ms 10.244.200.1
- 2 35.84 ms 184.75.211.225
- 3 36.88 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 37.30 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
- 5 36.29 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
- 6 36.35 ms toro-b1-link.telia.net (62.115.168.48)
- 7 42.87 ms motl-b1-link.telia.net (62.115.134.49)
- 8 64.75 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 55.17 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 64.58 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 64.57 ms buf-b1-link.telia.net (62.115.141.180)
- 12 63.78 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
- 13 ... 15
- 16 64.18 ms 23.94.17.34
- 17 63.84 ms host.colocrossing.com (23.94.17.37)
- #######################################################################################################################################
- http://23.94.17.37 [200 OK] Country[UNITED STATES][US], HTTPServer[nginx admin], IP[23.94.17.37], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], X-Cache[Backend], cPanel
- http://23.94.17.37/cgi-sys/defaultwebpage.cgi [200 OK] Country[UNITED STATES][US], Email[webmaster@23.94.17.37], HTML5, HTTPServer[nginx admin], IP[23.94.17.37], Title[Default Web Site Page]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://23.94.17.37...
- _________________ SITE INFO __________________
- IP Title
- 23.94.17.37
- __________________ VERSION ___________________
- Name Versions Type
- admin Platform
- nginx Platform
- ______________________________________________
- Time: 10.7 sec Urls: 601 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx admin
- Date: Mon, 28 Jan 2019 09:49:08 GMT
- Content-Type: text/html
- Content-Length: 111
- Connection: keep-alive
- Last-Modified: Fri, 29 Jul 2016 07:48:30 GMT
- X-Cache: HIT from Backend
- Accept-Ranges: bytes
- HTTP/1.1 200 OK
- Server: nginx admin
- Date: Mon, 28 Jan 2019 09:49:08 GMT
- Content-Type: text/html
- Content-Length: 111
- Connection: keep-alive
- Last-Modified: Fri, 29 Jul 2016 07:48:30 GMT
- X-Cache: HIT from Backend
- Accept-Ranges: bytes
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:44 EST
- Nmap scan report for host.colocrossing.com (23.94.17.37)
- Host is up (0.065s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 212 guesses in 189 seconds, average tps: 1.2
- |_pop3-capabilities: TOP RESP-CODES USER SASL(PLAIN LOGIN) PIPELINING STLS AUTH-RESP-CODE UIDL CAPA
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (94%), Linux 2.6.24 (94%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- TRACEROUTE (using port 110/tcp)
- HOP RTT ADDRESS
- 1 39.02 ms 10.244.200.1
- 2 40.60 ms 184.75.211.225
- 3 40.68 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 40.68 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
- 5 35.30 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
- 6 34.88 ms toro-b1-link.telia.net (62.115.168.48)
- 7 46.16 ms motl-b1-link.telia.net (62.115.134.49)
- 8 67.33 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 59.21 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 68.45 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 68.20 ms buf-b1-link.telia.net (62.115.141.180)
- 12 68.24 ms colocrossing-ic-317200-buf-b1.c.telia.net (62.115.145.91)
- 13 ... 15
- 16 68.25 ms 23.94.17.34
- 17 68.22 ms host.colocrossing.com (23.94.17.37)
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 23.94.17.37
- Testing SSL server 23.94.17.37 on port 443 using SNI name 23.94.17.37
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:49 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 04:49
- Completed NSE at 04:49, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 04:49
- Completed NSE at 04:49, 0.00s elapsed
- Initiating Ping Scan at 04:49
- Scanning 23.94.17.37 [4 ports]
- Completed Ping Scan at 04:49, 0.11s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 04:49
- Completed Parallel DNS resolution of 1 host. at 04:49, 0.03s elapsed
- Initiating Connect Scan at 04:49
- Scanning host.colocrossing.com (23.94.17.37) [1000 ports]
- Discovered open port 80/tcp on 23.94.17.37
- Discovered open port 443/tcp on 23.94.17.37
- Discovered open port 995/tcp on 23.94.17.37
- Discovered open port 3306/tcp on 23.94.17.37
- Discovered open port 53/tcp on 23.94.17.37
- Discovered open port 143/tcp on 23.94.17.37
- Discovered open port 587/tcp on 23.94.17.37
- Discovered open port 21/tcp on 23.94.17.37
- Discovered open port 993/tcp on 23.94.17.37
- Discovered open port 110/tcp on 23.94.17.37
- Discovered open port 465/tcp on 23.94.17.37
- Discovered open port 8081/tcp on 23.94.17.37
- Completed Connect Scan at 04:49, 0.95s elapsed (1000 total ports)
- Initiating Service scan at 04:49
- Scanning 12 services on host.colocrossing.com (23.94.17.37)
- Completed Service scan at 04:49, 21.84s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against host.colocrossing.com (23.94.17.37)
- adjust_timeouts2: packet supposedly had rtt of -160968 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -160968 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -187076 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -187076 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -185362 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -185362 microseconds. Ignoring time.
- Retrying OS detection (try #2) against host.colocrossing.com (23.94.17.37)
- adjust_timeouts2: packet supposedly had rtt of -186722 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -186722 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -1185962 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -1185962 microseconds. Ignoring time.
- Initiating Traceroute at 04:49
- Completed Traceroute at 04:49, 3.02s elapsed
- Initiating Parallel DNS resolution of 14 hosts. at 04:49
- Completed Parallel DNS resolution of 14 hosts. at 04:50, 16.50s elapsed
- NSE: Script scanning 23.94.17.37.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 04:50
- NSE Timing: About 99.26% done; ETC: 04:50 (0:00:00 remaining)
- NSE Timing: About 99.32% done; ETC: 04:51 (0:00:00 remaining)
- NSE Timing: About 99.51% done; ETC: 04:51 (0:00:00 remaining)
- NSE Timing: About 99.57% done; ETC: 04:52 (0:00:01 remaining)
- NSE Timing: About 99.82% done; ETC: 04:52 (0:00:00 remaining)
- NSE Timing: About 99.88% done; ETC: 04:53 (0:00:00 remaining)
- NSE Timing: About 99.94% done; ETC: 04:53 (0:00:00 remaining)
- Completed NSE at 04:54, 226.67s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.14s elapsed
- Nmap scan report for host.colocrossing.com (23.94.17.37)
- Host is up, received echo-reply ttl 50 (0.066s latency).
- Scanned at 2019-01-28 04:49:25 EST for 275s
- Not shown: 988 closed ports
- Reason: 988 conn-refused
- PORT STATE SERVICE REASON VERSION
- 21/tcp open ftp syn-ack Pure-FTPd
- | ssl-cert: Subject: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
- | Issuer: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-07-29T10:11:11
- | Not valid after: 2019-07-29T10:11:11
- | MD5: 7549 4cde fff4 d3bf 7ba9 8861 2b0e 292e
- | SHA-1: 999a 20d7 c108 390b 825a 6746 ef30 3a6d 312e ff7d
- | -----BEGIN CERTIFICATE-----
- | MIIDSzCCAjOgAwIBAgIEZR5QPzANBgkqhkiG9w0BAQsFADBAMSMwIQYJKoZIhvcN
- | AQkBFhRzc2xAc2F3YTQuYWxmZXRuLmNvbTEZMBcGA1UEAwwQc2F3YTQuYWxmZXRu
- | LmNvbTAeFw0xODA3MjkxMDExMTFaFw0xOTA3MjkxMDExMTFaMEAxIzAhBgkqhkiG
- | 9w0BCQEWFHNzbEBzYXdhNC5hbGZldG4uY29tMRkwFwYDVQQDDBBzYXdhNC5hbGZl
- | dG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri44oIeasvd3
- | 8gchZ34PGTPauhvbE157p0ws1zJmilWeKApimrR1n5siHhaY+KoC62jm8P1i8RKM
- | 5jZnDLIkCSIniVZMRHYV8igd7sH0QKllzDWViZ1md5w2POBJfvDZi09xOpslv5Q/
- | R4WHjlk11SxccIPmKOqgegkQYVxciDoDQaMdweybh4HRRHnqaUoSTxZBJVkLgiLI
- | QhdWB9w1EDc+OPa0+U0LuGFxVcb/Q/9AT8pyR0ENUkvC9gZofSMPlJbQ5hJPNZaR
- | WPZ6JQzXRu2satwisy+yedImWfUb26iIAd+es2RQQ5LgiEiZibP0FEJzn80NsCoT
- | rc/weKkuwwIDAQABo00wSzAdBgNVHQ4EFgQUTXakLPqRjKvzC9UgGMeJ+j6KHtIw
- | HwYDVR0jBBgwFoAUTXakLPqRjKvzC9UgGMeJ+j6KHtIwCQYDVR0TBAIwADANBgkq
- | hkiG9w0BAQsFAAOCAQEAY9tUOEUt9o5RM0KTN+ZO0jSECehdW5VzJ3VhgIvKeNzO
- | edrT3iZFTYWreXiz9Pb7lrBoRepZAT9gfM+oSCOddkRd0stToxqikw1+RZCzd+KP
- | pEm0PflBdn116dlqDZPOQCUYaxSkQnX/G6fQZH1T5ksW5PaNfxu74a47czWhwZO9
- | sIzEA9UOb0gl3lJrVDCfKMJzAz610Z8UgPIe6U6K3YwXytt0QbNOUMA/caDUCU2i
- | ZdVUgZN4QB0mOEcrmz+bpxlozk1UOdHsMdyGvX3Sd62ddPyEEGUSdpxo4+zy3N5s
- | fcg2kgVAGKUy62VY6JmSaX4VxSAXD/oXkHrSfLbNZQ==
- |_-----END CERTIFICATE-----
- |_ssl-date: 2019-01-28T09:54:50+00:00; +4m36s from scanner time.
- 53/tcp open domain syn-ack ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
- | dns-nsid:
- |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- 80/tcp open http syn-ack nginx
- |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx admin
- |_http-title: Site doesn't have a title (text/html).
- 110/tcp open pop3 syn-ack Dovecot pop3d
- |_pop3-capabilities: TOP RESP-CODES CAPA SASL(PLAIN LOGIN) PIPELINING AUTH-RESP-CODE USER UIDL STLS
- |_ssl-date: 2019-01-28T09:54:52+00:00; +4m36s from scanner time.
- 143/tcp open imap syn-ack Dovecot imapd
- |_imap-capabilities: Pre-login NAMESPACE post-login listed LITERAL+ capabilities IMAP4rev1 ENABLE SASL-IR AUTH=LOGINA0001 STARTTLS IDLE more have OK ID AUTH=PLAIN LOGIN-REFERRALS
- |_ssl-date: 2019-01-28T09:54:51+00:00; +4m36s from scanner time.
- 443/tcp open http syn-ack Apache httpd
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache
- |_http-title: Site doesn't have a title (text/html).
- 465/tcp open ssl/smtp syn-ack Exim smtpd 4.87
- |_smtp-commands: SMTP EHLO host.colocrossing.com: failed to receive data: failed to receive data
- | ssl-cert: Subject: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
- | Issuer: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-07-29T10:11:11
- | Not valid after: 2019-07-29T10:11:11
- | MD5: 19db 5699 f9d5 2fab 4839 de78 cc63 5800
- | SHA-1: be51 b0a5 3d3d 313d 885b a858 0d7c 8f2b c5fa 5ff8
- | -----BEGIN CERTIFICATE-----
- | MIIDTDCCAjSgAwIBAgIFAW4VtNgwDQYJKoZIhvcNAQELBQAwQDEjMCEGCSqGSIb3
- | DQEJARYUc3NsQHNhd2E0LmFsZmV0bi5jb20xGTAXBgNVBAMMEHNhd2E0LmFsZmV0
- | bi5jb20wHhcNMTgwNzI5MTAxMTExWhcNMTkwNzI5MTAxMTExWjBAMSMwIQYJKoZI
- | hvcNAQkBFhRzc2xAc2F3YTQuYWxmZXRuLmNvbTEZMBcGA1UEAwwQc2F3YTQuYWxm
- | ZXRuLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOoj4EDUkSM
- | mNvP74f3SgeGbMlYuDCu8NW9d7HaxWN6JyvCgrghjj7UBNNjvIBqgSlyiK2ofRR2
- | xm2mCYdiJ56I6PYH8NXTYR02x3oP+P/shWI+zSWNdhLPK8DNed7JpHoNsN2TL8H3
- | w8F0U5u0pg6p2l5yr+VO0+hQl3aXefTBoA1u4CIKpadqKzyPktH1wdvGDmQE5QpK
- | rhyCehL1U14u+ZxmYUtnEss9j3lLxY6ZbJscfgBbFN5ubQY14/xWSqlJKBmh6VXq
- | af6lFM4G+gmQTSHpJb+PTkLROp+q7iHozIvGsOgx1DjDa/Q2xH/mP1TNMl56om4r
- | e2MfSSiee6cCAwEAAaNNMEswHQYDVR0OBBYEFLuregZYLHnoJU7nVtBWZ2wsMDyX
- | MB8GA1UdIwQYMBaAFLuregZYLHnoJU7nVtBWZ2wsMDyXMAkGA1UdEwQCMAAwDQYJ
- | KoZIhvcNAQELBQADggEBAJotEsWjUBLLiRZkUq6hBKBv+57Ek6gBhJydQ3Ni4ghz
- | dFp0EvGcDDachgv9+i5ADbswpulm5+/XHucVbWulk/pBYgD570XZYF2ZtXYWwy8K
- | 4JWRrb8F/Coo5LQUzE2KqpppfebMaLsUqBZd9uIy+p9Afx+XeDot0zC1bth5Ub6S
- | 9QL2XxN2Tl/YxhwasWESG06tg59brSCNHAS0MxyjX/3Nk3EKLlPrd9VGUD8V1xWE
- | RQSXacA6PVvH/MRj/2rgnjdik4zvnTybTk6pyvFUL5mZEhkwqqjr+SBmjW7EKgQA
- | v1hd4tKKpDUHg/2qIYc/iOVt6uMI2ZnRzcFZczGxstM=
- |_-----END CERTIFICATE-----
- |_ssl-date: 2019-01-28T09:54:50+00:00; +4m36s from scanner time.
- 587/tcp open smtp syn-ack Exim smtpd 4.87
- | smtp-commands: sawa4.alfetn.com Hello host.colocrossing.com [184.75.211.236], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
- |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
- | ssl-cert: Subject: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
- | Issuer: commonName=sawa4.alfetn.com/emailAddress=ssl@sawa4.alfetn.com
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-07-29T10:11:11
- | Not valid after: 2019-07-29T10:11:11
- | MD5: 19db 5699 f9d5 2fab 4839 de78 cc63 5800
- | SHA-1: be51 b0a5 3d3d 313d 885b a858 0d7c 8f2b c5fa 5ff8
- | -----BEGIN CERTIFICATE-----
- | MIIDTDCCAjSgAwIBAgIFAW4VtNgwDQYJKoZIhvcNAQELBQAwQDEjMCEGCSqGSIb3
- | DQEJARYUc3NsQHNhd2E0LmFsZmV0bi5jb20xGTAXBgNVBAMMEHNhd2E0LmFsZmV0
- | bi5jb20wHhcNMTgwNzI5MTAxMTExWhcNMTkwNzI5MTAxMTExWjBAMSMwIQYJKoZI
- | hvcNAQkBFhRzc2xAc2F3YTQuYWxmZXRuLmNvbTEZMBcGA1UEAwwQc2F3YTQuYWxm
- | ZXRuLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOoj4EDUkSM
- | mNvP74f3SgeGbMlYuDCu8NW9d7HaxWN6JyvCgrghjj7UBNNjvIBqgSlyiK2ofRR2
- | xm2mCYdiJ56I6PYH8NXTYR02x3oP+P/shWI+zSWNdhLPK8DNed7JpHoNsN2TL8H3
- | w8F0U5u0pg6p2l5yr+VO0+hQl3aXefTBoA1u4CIKpadqKzyPktH1wdvGDmQE5QpK
- | rhyCehL1U14u+ZxmYUtnEss9j3lLxY6ZbJscfgBbFN5ubQY14/xWSqlJKBmh6VXq
- | af6lFM4G+gmQTSHpJb+PTkLROp+q7iHozIvGsOgx1DjDa/Q2xH/mP1TNMl56om4r
- | e2MfSSiee6cCAwEAAaNNMEswHQYDVR0OBBYEFLuregZYLHnoJU7nVtBWZ2wsMDyX
- | MB8GA1UdIwQYMBaAFLuregZYLHnoJU7nVtBWZ2wsMDyXMAkGA1UdEwQCMAAwDQYJ
- | KoZIhvcNAQELBQADggEBAJotEsWjUBLLiRZkUq6hBKBv+57Ek6gBhJydQ3Ni4ghz
- | dFp0EvGcDDachgv9+i5ADbswpulm5+/XHucVbWulk/pBYgD570XZYF2ZtXYWwy8K
- | 4JWRrb8F/Coo5LQUzE2KqpppfebMaLsUqBZd9uIy+p9Afx+XeDot0zC1bth5Ub6S
- | 9QL2XxN2Tl/YxhwasWESG06tg59brSCNHAS0MxyjX/3Nk3EKLlPrd9VGUD8V1xWE
- | RQSXacA6PVvH/MRj/2rgnjdik4zvnTybTk6pyvFUL5mZEhkwqqjr+SBmjW7EKgQA
- | v1hd4tKKpDUHg/2qIYc/iOVt6uMI2ZnRzcFZczGxstM=
- |_-----END CERTIFICATE-----
- |_ssl-date: 2019-01-28T09:54:53+00:00; +4m37s from scanner time.
- 993/tcp open ssl/imaps? syn-ack
- |_ssl-date: 2019-01-28T09:54:51+00:00; +4m37s from scanner time.
- 995/tcp open ssl/pop3s? syn-ack
- |_ssl-date: 2019-01-28T09:54:51+00:00; +4m37s from scanner time.
- 3306/tcp open mysql syn-ack MySQL 5.6.33
- | mysql-info:
- | Protocol: 10
- | Version: 5.6.33
- | Thread ID: 175679
- | Capabilities flags: 63487
- | Some Capabilities: Support41Auth, Speaks41ProtocolOld, Speaks41ProtocolNew, SupportsTransactions, IgnoreSigpipes, FoundRows, InteractiveClient, SupportsCompression, SupportsLoadDataLocal, LongPassword, ODBCClient, IgnoreSpaceBeforeParenthesis, DontAllowDatabaseTableColumn, ConnectWithDatabase, LongColumnFlag, SupportsMultipleStatments, SupportsAuthPlugins, SupportsMultipleResults
- | Status: Autocommit
- | Salt: %uB)BSW?tL\l+,<(TNiH
- |_ Auth Plugin Name: 79
- 8081/tcp open http syn-ack Apache httpd
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache
- |_http-title: Site doesn't have a title (text/html).
- Device type: general purpose|broadband router|WAP|PBX|media device
- Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), Asus embedded (95%), Cisco embedded (94%), Starbridge Networks embedded (94%), Sony embedded (94%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n16 cpe:/h:cisco:uc320 cpe:/o:linux:linux_kernel:2.4 cpe:/h:starbridge_networks:1531 cpe:/o:sony:smp-n200
- OS fingerprint not ideal because: Host distance (17 network hops) is greater than five
- Aggressive OS guesses: Linux 2.6.18 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Cisco UC320 PBX (Linux 2.6) (94%), Linux 2.6.9 - 2.6.18 (94%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (94%), OpenWrt White Russian 0.9 (Linux 2.4.30) (94%)
- No exact OS matches for host (test conditions non-ideal).
- TCP/IP fingerprint:
- SCAN(V=7.70%E=4%D=1/28%OT=21%CT=1%CU=39353%PV=N%DS=17%DC=T%G=N%TM=5C4ED138%P=x86_64-pc-linux-gnu)
- SEQ(SP=104%GCD=1%ISR=107%TI=Z%CI=Z%TS=A)
- OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
- WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
- ECN(R=Y%DF=Y%T=42%W=16D0%O=M4B3NNSNW7%CC=N%Q=)
- T1(R=Y%DF=Y%T=42%S=O%A=S+%F=AS%RD=0%Q=)
- T2(R=N)
- T3(R=N)
- T4(R=Y%DF=Y%T=42%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
- T5(R=Y%DF=Y%T=42%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
- T6(R=Y%DF=Y%T=42%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
- T7(R=N)
- U1(R=Y%DF=N%T=42%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
- IE(R=Y%DFI=N%T=42%CD=S)
- Uptime guess: 21.447 days (since Sun Jan 6 18:09:46 2019)
- Network Distance: 17 hops
- TCP Sequence Prediction: Difficulty=260 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Host: sawa4.alfetn.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
- Host script results:
- |_clock-skew: mean: 4m36s, deviation: 0s, median: 4m35s
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 33.98 ms 10.244.200.1
- 2 34.00 ms 184.75.211.225
- 3 34.63 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 34.64 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
- 5 34.65 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
- 6 34.66 ms toro-b1-link.telia.net (62.115.168.48)
- 7 41.46 ms motl-b1-link.telia.net (62.115.134.49)
- 8 66.69 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 60.33 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 67.33 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 66.69 ms buf-b1-link.telia.net (62.115.141.180)
- 12 65.98 ms colocrossing-ic-314281-buf-b1.c.telia.net (62.115.59.90)
- 13 ... 15
- 16 66.76 ms 23.94.17.34
- 17 66.10 ms host.colocrossing.com (23.94.17.37)
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 275.39 seconds
- Raw packets sent: 108 (8.568KB) | Rcvd: 1956 (1.353MB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 04:54 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.00s elapsed
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 04:54
- Completed Parallel DNS resolution of 1 host. at 04:54, 0.02s elapsed
- Initiating UDP Scan at 04:54
- Scanning host.colocrossing.com (23.94.17.37) [14 ports]
- Discovered open port 53/udp on 23.94.17.37
- Completed UDP Scan at 04:54, 4.66s elapsed (14 total ports)
- Initiating Service scan at 04:54
- Scanning 2 services on host.colocrossing.com (23.94.17.37)
- Completed Service scan at 04:54, 16.05s elapsed (2 services on 1 host)
- Initiating OS detection (try #1) against host.colocrossing.com (23.94.17.37)
- Retrying OS detection (try #2) against host.colocrossing.com (23.94.17.37)
- Initiating Traceroute at 04:54
- Completed Traceroute at 04:54, 7.10s elapsed
- Initiating Parallel DNS resolution of 1 host. at 04:54
- Completed Parallel DNS resolution of 1 host. at 04:54, 0.02s elapsed
- NSE: Script scanning 23.94.17.37.
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.15s elapsed
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.08s elapsed
- Nmap scan report for host.colocrossing.com (23.94.17.37)
- Host is up (0.064s latency).
- PORT STATE SERVICE VERSION
- 53/udp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
- | dns-nsid:
- |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- 67/udp open|filtered dhcps
- 68/udp closed dhcpc
- 69/udp closed tftp
- 88/udp closed kerberos-sec
- 123/udp closed ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp closed netbios-ssn
- 161/udp closed snmp
- 162/udp closed snmptrap
- 389/udp closed ldap
- 520/udp closed route
- 2049/udp closed nfs
- Too many fingerprints match this host to give specific OS details
- Network Distance: 17 hops
- Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
- TRACEROUTE (using port 138/udp)
- HOP RTT ADDRESS
- 1 ... 7
- 8 34.80 ms 10.244.200.1
- 9 ... 10
- 11 34.20 ms 10.244.200.1
- 12 35.10 ms 10.244.200.1
- 13 35.09 ms 10.244.200.1
- 14 35.07 ms 10.244.200.1
- 15 35.07 ms 10.244.200.1
- 16 35.06 ms 10.244.200.1
- 17 35.08 ms 10.244.200.1
- 18 ...
- 19 34.89 ms 10.244.200.1
- 20 33.96 ms 10.244.200.1
- 21 ... 27
- 28 36.24 ms 10.244.200.1
- 29 ...
- 30 33.56 ms 10.244.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.00s elapsed
- Initiating NSE at 04:54
- Completed NSE at 04:54, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 30.89 seconds
- Raw packets sent: 119 (5.883KB) | Rcvd: 569 (69.680KB)
- #######################################################################################################################################
- Domain Name: ALFETN.COM
- Registry Domain ID: 131847531_DOMAIN_COM-VRSN
- Registrar WHOIS Server: whois.godaddy.com
- Registrar URL: http://www.godaddy.com
- Updated Date: 2017-08-23T20:52:59Z
- Creation Date: 2004-10-05T14:50:10Z
- Registry Expiry Date: 2019-10-05T14:50:10Z
- Registrar: GoDaddy.com, LLC
- Registrar IANA ID: 146
- Registrar Abuse Contact Email: abuse@godaddy.com
- Registrar Abuse Contact Phone: 480-624-2505
- Domain Status: ok https://icann.org/epp#ok
- Name Server: NS1.ALFETN.COM
- Name Server: NS2.ALFETN.COM
- DNSSEC: unsigned
- URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
- >>> Last update of whois database: 2019-01-28T09:59:40Z <<<
- For more information on Whois status codes, please visit https://icann.org/epp
- NOTICE: The expiration date displayed in this record is the date the
- registrar's sponsorship of the domain name registration in the registry is
- currently set to expire. This date does not necessarily reflect the expiration
- date of the domain name registrant's agreement with the sponsoring
- registrar. Users may consult the sponsoring registrar's Whois database to
- view the registrar's reported date of expiration for this registration.
- TERMS OF USE: You are not authorized to access or query our Whois
- database through the use of electronic processes that are high-volume and
- automated except as reasonably necessary to register domain names or
- modify existing registrations; the Data in VeriSign Global Registry
- Services' ("VeriSign") Whois database is provided by VeriSign for
- information purposes only, and to assist persons in obtaining information
- about or related to a domain name registration record. VeriSign does not
- guarantee its accuracy. By submitting a Whois query, you agree to abide
- by the following terms of use: You agree that you may use this Data only
- for lawful purposes and that under no circumstances will you use this Data
- to: (1) allow, enable, or otherwise support the transmission of mass
- unsolicited, commercial advertising or solicitations via e-mail, telephone,
- or facsimile; or (2) enable high volume, automated, electronic processes
- that apply to VeriSign (or its computer systems). The compilation,
- repackaging, dissemination or other use of this Data is expressly
- prohibited without the prior written consent of VeriSign. You agree not to
- use electronic processes that are automated and high-volume to access or
- query the Whois database except as reasonably necessary to register
- domain names or modify existing registrations. VeriSign reserves the right
- to restrict your access to the Whois database in its sole discretion to ensure
- operational stability. VeriSign may restrict or terminate your access to the
- Whois database for failure to abide by these terms of use. VeriSign
- reserves the right to modify these terms at any time.
- The Registry database contains ONLY .COM, .NET, .EDU domains and
- Registrars.
- Domain Name: ALFETN.COM
- Registry Domain ID: 131847531_DOMAIN_COM-VRSN
- Registrar WHOIS Server: whois.godaddy.com
- Registrar URL: http://www.godaddy.com
- Updated Date: 2017-08-23T20:52:59Z
- Creation Date: 2004-10-05T14:50:10Z
- Registrar Registration Expiration Date: 2019-10-05T14:50:10Z
- Registrar: GoDaddy.com, LLC
- Registrar IANA ID: 146
- Registrar Abuse Contact Email: abuse@godaddy.com
- Registrar Abuse Contact Phone: +1.4806242505
- Domain Status: ok http://www.icann.org/epp#ok
- Registrant Organization:
- Registrant State/Province:
- Registrant Country: om
- Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ALFETN.COM
- Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ALFETN.COM
- Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ALFETN.COM
- Name Server: NS1.ALFETN.COM
- Name Server: NS2.ALFETN.COM
- DNSSEC: unsigned
- URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
- >>> Last update of WHOIS database: 2019-01-28T09:00:00Z <<<
- For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
- Notes:
- IMPORTANT: Port43 will provide the ICANN-required minimum data set per
- ICANN Temporary Specification, adopted 17 May 2018.
- Visit https://whois.godaddy.com to look up contact data for domains
- not covered by GDPR policy.
- The data contained in GoDaddy.com, LLC's WhoIs database,
- while believed by the company to be reliable, is provided "as is"
- with no guarantee or warranties regarding its accuracy. This
- information is provided for the sole purpose of assisting you
- in obtaining information about domain name registration records.
- Any use of this data for any other purpose is expressly forbidden without the prior written
- permission of GoDaddy.com, LLC. By submitting an inquiry,
- you agree to these terms of usage and limitations of warranty. In particular,
- you agree not to use this data to allow, enable, or otherwise make possible,
- dissemination or collection of this data, in part or in its entirety, for any
- purpose, such as the transmission of unsolicited advertising and
- and solicitations of any kind, including spam. You further agree
- not to use this data to enable high volume, automated or robotic electronic
- processes designed to collect or compile this data for any purpose,
- including mining this data for your own personal or commercial purposes.
- Please note: the registrant of the domain name is specified
- in the "registrant" section. In most cases, GoDaddy.com, LLC
- is not the registrant of domain names listed in this database.
- #######################################################################################################################################
- [-] Enumerating subdomains now for alfetn.com
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- Yahoo: www.alfetn.com
- Virustotal: www.alfetn.com
- Virustotal: ns2.alfetn.com
- Virustotal: ns1.alfetn.com
- DNSdumpster: ns2.alfetn.com
- DNSdumpster: sawa4.alfetn.com
- DNSdumpster: ns1.alfetn.com
- [-] Saving results to file: /usr/share/sniper/loot//domains/domains-alfetn.com.txt
- [-] Total Unique Subdomains Found: 4
- www.alfetn.com
- ns1.alfetn.com
- ns2.alfetn.com
- sawa4.alfetn.com
- #######################################################################################################################################
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on alfetn.com
- dnsdb: Unexpected return status 503
- crtsh: json: cannot unmarshal array into Go value of type crtsh.crtshObject
- waybackarchive: Get http://web.archive.org/cdx/search/cdx?url=*.alfetn.com/*&output=json&fl=original&collapse=urlkey&page=
- : net/http: HTTP/1.x transport connection broken: malformed HTTP response "<html>"
- yahoo: Get https://search.yahoo.com/search?p=site:alfetn.com&b=0&pz=10&bct=0&xargs=0: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
- Starting Bruteforcing of alfetn.com with 9985 words
- Total 12 Unique subdomains found for alfetn.com
- .alfetn.com
- 20www.alfetn.com
- ftp.alfetn.com
- localhost.alfetn.com
- mail.alfetn.com
- ns1.alfetn.com
- ns1.alfetn.com
- ns2.alfetn.com
- ns2.alfetn.com
- sawa4.alfetn.com
- www.alfetn.com
- www.alfetn.com
- #######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 ip4:23.94.17.37 ip4:192.3.138.116 +a +mx ~all
- [*] SPF record contains an All item: ~all
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for alfetn.com!
- #######################################################################################################################################
- alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- dig: '.alfetn.com' is not a legal name (empty label)
- alfetn.com. 3599 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- alfetn.com. 3600 IN SOA ns1.alfetn.com. monitor.sawa4.com. 2016080100 3600 7200 1209600 86400
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:06 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.070s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- Not shown: 463 closed ports, 1 filtered port
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- 3306/tcp open mysql
- 8081/tcp open blackice-icecap
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:06 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.058s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- Not shown: 10 closed ports, 2 filtered ports
- PORT STATE SERVICE
- 53/udp open domain
- 139/udp open|filtered netbios-ssn
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:06 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.065s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 524 guesses in 186 seconds, average tps: 2.8
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|broadband router|WAP|webcam|PBX
- Running (JUST GUESSING): Linux 2.6.X|4.X (95%), Asus embedded (95%), AXIS embedded (95%), Cisco embedded (94%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:4.3 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/h:cisco:uc320
- Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.16 (95%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 36.34 ms 10.244.200.1
- 2 36.39 ms 184.75.211.225
- 3 37.38 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 37.35 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
- 5 36.79 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
- 6 36.79 ms toro-b1-link.telia.net (62.115.168.48)
- 7 42.05 ms motl-b1-link.telia.net (62.115.134.49)
- 8 66.39 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 57.04 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 66.04 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 66.04 ms buf-b1-link.telia.net (62.115.141.180)
- 12 66.40 ms colocrossing-ic-317200-buf-b1.c.telia.net (62.115.145.91)
- 13 ... 15
- 16 66.06 ms 23.94.17.34
- 17 65.37 ms host.colocrossing.com (23.94.17.37)
- ######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:10 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.066s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- PORT STATE SERVICE VERSION
- 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- | dns-nsec-enum:
- |_ No NSEC records found
- | dns-nsec3-enum:
- |_ DNSSEC NSEC3 not supported
- | dns-nsid:
- |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (95%), Linux 2.6.24 (94%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
- Host script results:
- | dns-blacklist:
- | SPAM
- | l2.apews.org - SPAM
- |_ all.spamrats.com - DYNAMIC
- | dns-brute:
- | DNS Brute-force hostnames:
- | ns1.alfetn.com - 23.94.17.37
- | ns2.alfetn.com - 172.245.104.110
- | mail.alfetn.com - 23.94.17.37
- | www.alfetn.com - 23.94.17.37
- |_ ftp.alfetn.com - 23.94.17.37
- TRACEROUTE (using port 53/tcp)
- HOP RTT ADDRESS
- 1 34.07 ms 10.244.200.1
- 2 39.06 ms 184.75.211.225
- 3 39.71 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 40.05 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
- 5 39.70 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
- 6 39.13 ms toro-b1-link.telia.net (62.115.168.48)
- 7 44.03 ms motl-b1-link.telia.net (62.115.134.49)
- 8 ...
- 9 57.20 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 67.61 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 66.30 ms buf-b1-link.telia.net (62.115.141.180)
- 12 65.79 ms colocrossing-ic-314280-buf-b1.c.telia.net (62.115.59.86)
- 13 ... 15
- 16 66.05 ms 23.94.17.34
- 17 66.05 ms host.colocrossing.com (23.94.17.37)
- #######################################################################################################################################
- http://alfetn.com [200 OK] Country[UNITED STATES][US], HTTPServer[nginx admin], IP[23.94.17.37], MetaGenerator[Microsoft FrontPage 5.0], Title[ÞÑíÈÇð ãäÊÏíÇÊ ÇáãáÇÍã æ ÇáÝÊä], X-Cache[Backend]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://alfetn.com...
- _________________ SITE INFO _________________
- IP Title
- 23.94.17.37 ÞÑí&Egra
- __________________ VERSION __________________
- Name Versions Type
- admin Platform
- nginx Platform
- _____________________________________________
- Time: 0.9 sec Urls: 599 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx admin
- Date: Mon, 28 Jan 2019 10:15:41 GMT
- Content-Type: text/html
- Content-Length: 38710
- Connection: keep-alive
- Vary: Accept-Encoding
- Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
- X-Cache: HIT from Backend
- Accept-Ranges: bytes
- HTTP/1.1 200 OK
- Server: nginx admin
- Date: Mon, 28 Jan 2019 10:15:41 GMT
- Content-Type: text/html
- Content-Length: 38710
- Connection: keep-alive
- Vary: Accept-Encoding
- Last-Modified: Wed, 28 Sep 2011 17:56:17 GMT
- X-Cache: HIT from Backend
- Accept-Ranges: bytes
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 05:11 EST
- Nmap scan report for alfetn.com (23.94.17.37)
- Host is up (0.066s latency).
- rDNS record for 23.94.17.37: host.colocrossing.com
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 225 guesses in 195 seconds, average tps: 1.1
- |_pop3-capabilities: USER AUTH-RESP-CODE RESP-CODES UIDL PIPELINING SASL(PLAIN LOGIN) CAPA STLS TOP
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.18 (95%), Linux 4.3 (95%), Asus RT-AC66U router (Linux 2.6) (95%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (95%), Asus RT-N16 WAP (Linux 2.6) (95%), Asus RT-N66U WAP (Linux 2.6) (95%), Tomato 1.28 (Linux 2.6.22) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Linux 2.6.16 (95%), Linux 2.6.24 (94%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 17 hops
- TRACEROUTE (using port 110/tcp)
- HOP RTT ADDRESS
- 1 35.24 ms 10.244.200.1
- 2 35.26 ms 184.75.211.225
- 3 36.38 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
- 4 36.39 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
- 5 36.36 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
- 6 36.39 ms toro-b1-link.telia.net (62.115.168.48)
- 7 43.36 ms motl-b1-link.telia.net (62.115.134.49)
- 8 73.20 ms nyk-bb3-link.telia.net (62.115.137.142)
- 9 72.34 ms nyk-b2-link.telia.net (213.155.130.28)
- 10 75.65 ms nyk-bb4-link.telia.net (62.115.137.98)
- 11 73.26 ms buf-b1-link.telia.net (62.115.141.180)
- 12 74.60 ms colocrossing-ic-317200-buf-b1.c.telia.net (62.115.145.91)
- 13 ... 15
- 16 73.30 ms 23.94.17.34
- 17 73.31 ms host.colocrossing.com (23.94.17.37)
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 23.94.17.37
- Testing SSL server alfetn.com on port 443 using SNI name alfetn.com
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- ---------------------------------------------------------------------------------------------------------------------------------------
- +-----------------+-----------------------------------+------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +-----------------+-----------------------------------+------------------------------------------------+----------+----------+
- | Linksys WRT54GL | http://23.94.17.37:443/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
- | Linksys WRT54GL | http://23.94.17.37:8081/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
- +-----------------+-----------------------------------+------------------------------------------------+----------+----------+
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 23.94.17.37
- + Target Hostname: 23.94.17.37
- + Target Port: 443
- + Start Time: 2019-01-28 04:38:19 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: Apache
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
- + /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
- + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
- + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
- + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
- + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
- + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
- + 9970 requests: 0 error(s) and 10 item(s) reported on remote host
- + End Time: 2019-01-28 04:52:48 (GMT-5) (869 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 23.94.17.37
- + Target Hostname: alfetn.com
- + Target Port: 80
- + Start Time: 2019-01-28 04:37:49 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: No banner retrieved
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Server leaks inodes via ETags, header found with file /favicon.ico, fields: 0x4e03f221 0x0
- + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_REQ 0
- + Server banner has changed from '' to 'nginx admin' which may suggest a WAF, load balancer or proxy is in place
- + Cookie _mcnc created without the httponly flag
- + Uncommon header 'x-microcachable' found, with contents: 0
- + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
- + Uncommon header 'x-cache' found, with contents: HIT from Backend
- + /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
- + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
- + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
- + OSVDB-3233: /postinfo.html: Microsoft FrontPage default file found.
- + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
- + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
- + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
- + OSVDB-3233: /_vti_inf.html: FrontPage/SharePoint is installed and reveals its version number (check HTML source for more information).
- #######################################################################################################################################
- Anonymous JTSEC #OpIsis Full Recon #4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement