SHARE
TWEET

Anonymous JTSEC #OpDomesticTerrorism Full Recon #1

a guest Jan 26th, 2019 1,088 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. Nom de l'hôte  www.therebel.media      FAI     Akamai International B.V.
  3. Continent   Amérique du Nord       Drapeau    
  4. US
  5. Pays    Etats-Unis d'Amérique      Code du pays    US
  6. Région     Inconnu         Heure locale    25 Jan 2019 19:23 CST
  7. Ville   Inconnu         Code Postal     Inconnu
  8. Adresse IP  104.72.70.183       Latitude    37.751
  9.             Longitude   -97.822
  10. #######################################################################################################################################
  11. > www.therebel.media
  12. Server:     27.50.70.139
  13. Address:    27.50.70.139#53
  14.  
  15. Non-authoritative answer:
  16. www.therebel.media  canonical name = www.therebel.media.edgekey.net.
  17. www.therebel.media.edgekey.net  canonical name = e15521.e2.akamaiedge.net.
  18. Name:   e15521.e2.akamaiedge.net
  19. Address: 104.72.70.183
  20. Name:   e15521.e2.akamaiedge.net
  21. Address: 104.72.70.116
  22. >
  23. #######################################################################################################################################
  24.  
  25. HostIP:23.32.5.54
  26. HostName:www.therebel.media
  27.  
  28. Gathered Inet-whois information for 23.32.5.54
  29. ---------------------------------------------------------------------------------------------------------------------------------------
  30.  
  31.  
  32. inetnum:        23.19.64.0 - 23.83.63.255
  33. netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  34. descr:          IPv4 address block not managed by the RIPE NCC
  35. remarks:        ------------------------------------------------------
  36. remarks:
  37. remarks:        For registration information,
  38. remarks:        you can consult the following sources:
  39. remarks:
  40. remarks:        IANA
  41. remarks:        http://www.iana.org/assignments/ipv4-address-space
  42. remarks:        http://www.iana.org/assignments/iana-ipv4-special-registry
  43. remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space
  44. remarks:
  45. remarks:        AFRINIC (Africa)
  46. remarks:        http://www.afrinic.net/ whois.afrinic.net
  47. remarks:
  48. remarks:        APNIC (Asia Pacific)
  49. remarks:        http://www.apnic.net/ whois.apnic.net
  50. remarks:
  51. remarks:        ARIN (Northern America)
  52. remarks:        http://www.arin.net/ whois.arin.net
  53. remarks:
  54. remarks:        LACNIC (Latin America and the Carribean)
  55. remarks:        http://www.lacnic.net/ whois.lacnic.net
  56. remarks:
  57. remarks:        ------------------------------------------------------
  58. country:        EU # Country is really world wide
  59. admin-c:        IANA1-RIPE
  60. tech-c:         IANA1-RIPE
  61. status:         ALLOCATED UNSPECIFIED
  62. mnt-by:         RIPE-NCC-HM-MNT
  63. created:        2019-01-07T10:48:01Z
  64. last-modified:  2019-01-07T10:48:01Z
  65. source:         RIPE
  66.  
  67. role:           Internet Assigned Numbers Authority
  68. address:        see http://www.iana.org.
  69. admin-c:        IANA1-RIPE
  70. tech-c:         IANA1-RIPE
  71. nic-hdl:        IANA1-RIPE
  72. remarks:        For more information on IANA services
  73. remarks:        go to IANA web site at http://www.iana.org.
  74. mnt-by:         RIPE-NCC-MNT
  75. created:        1970-01-01T00:00:00Z
  76. last-modified:  2001-09-22T09:31:27Z
  77. source:         RIPE # Filtered
  78.  
  79. % Information related to '23.32.5.0/24AS16625'
  80.  
  81. route:          23.32.5.0/24
  82. descr:          Akamai Technologies
  83. origin:         AS16625
  84. mnt-by:         AKAM1-RIPE-MNT
  85. created:        2016-12-23T09:50:04Z
  86. last-modified:  2018-09-04T18:36:30Z
  87. source:         RIPE-NONAUTH
  88.  
  89. % Information related to '23.32.5.0/24AS20940'
  90.  
  91. route:          23.32.5.0/24
  92. descr:          Akamai Technologies
  93. origin:         AS20940
  94. mnt-by:         AKAM1-RIPE-MNT
  95. created:        2016-12-23T09:50:04Z
  96. last-modified:  2018-09-04T18:36:29Z
  97. source:         RIPE-NONAUTH
  98.  
  99. % This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)
  100.  
  101.  
  102.  
  103. Gathered Inic-whois information for therebel.media
  104. ---------------------------------------------------------------------------------------------------------------------------------------
  105. Domain Name: therebel.media
  106. Registry Domain ID: 7ca2751dcb1647079f81c39e4c4542d0-DONUTS
  107. Registrar WHOIS Server: WHOIS.ENOM.COM
  108. Registrar URL: http://www.enom.com
  109. Updated Date: 2019-01-25T16:25:56Z
  110. Creation Date: 2015-02-09T22:44:06Z
  111. Registry Expiry Date: 2020-02-09T22:44:06Z
  112. Registrar: eNom, LLC
  113. Registrar IANA ID: 48
  114. Registrar Abuse Contact Email:
  115. Registrar Abuse Contact Phone:
  116. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  117. Domain Status: renewPeriod https://icann.org/epp#renewPeriod
  118. Registry Registrant ID: REDACTED FOR PRIVACY
  119. Registrant Name: REDACTED FOR PRIVACY
  120. Registrant Organization: Rebel Media
  121. Registrant Street: REDACTED FOR PRIVACY
  122. Registrant City: REDACTED FOR PRIVACY
  123. Registrant State/Province: ON
  124. Registrant Postal Code: REDACTED FOR PRIVACY
  125. Registrant Country: CA
  126. Registrant Phone: REDACTED FOR PRIVACY
  127. Registrant Phone Ext: REDACTED FOR PRIVACY
  128. Registrant Fax: REDACTED FOR PRIVACY
  129. Registrant Fax Ext: REDACTED FOR PRIVACY
  130. Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to c�ontact t}�oU�9��he Registrant,�ѡg� Admin, or0ԡg� Tech contact of %+@the qOR PRIVACY
  131. Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
  132. Registry Admin ID: REDACTED FOR PRIVACY
  133. Admin Name: REDACTED FOR PRIVACY
  134. Admin Organization: REDACTED FOR PRIVACY
  135. Admin Street: REDACTED FOR PRIVACY
  136. Admin City: REDACTED FOR PRIVACY
  137. Admin State/Province: REDACTED FOR PRIVACY
  138. Admin Postal Code: REDACTED FOR PRIVACY
  139. }�oU�9�ountryueried domai+n name.
  140. Registry Admin ID: REDACTED FOR PRIVACY
  141. Admin Name: REDACTED FOR PRIVACY
  142. Admin Organization: REDACTED FOR PRIVACY
  143. Admin Street: REDACTED FOR PRIVACY
  144. Admin City: REDACTED FOR PRIVACY
  145. Admin State/Province: REDACTED FOR PRIVACY
  146. Admin Postal Code: REDACTED FOR PRIVACY
  147. #######################################################################################################################################
  148. [i] Scanning Site: https://www.therebel.media
  149.  
  150.  
  151.  
  152. B A S I C   I N F O
  153. =======================================================================================================================================
  154.  
  155.  
  156. [+] Site Title: The Rebel
  157. [+] IP address: 23.32.5.54
  158. [+] Web Server: Apache/2.4.7 (Ubuntu)
  159. [+] CMS: Could Not Detect
  160. [+] Cloudflare: Not Detected
  161. [+] Robots File: Found
  162.  
  163. -------------[ contents ]----------------  
  164. User-Agent: *
  165. Disallow: /admin/
  166. Disallow: /utils/
  167. Disallow: /forms/
  168. Disallow: /users/
  169. Sitemap: http://www.therebel.media/sitemap_index.xml
  170.  
  171. -----------[end of contents]-------------
  172.  
  173.  
  174.  
  175. W H O I S   L O O K U P
  176. ======================================================================================================================================
  177.  
  178.     Domain Name: therebel.media
  179. Registry Domain ID: 7ca2751dcb1647079f81c39e4c4542d0-DONUTS
  180. Registrar WHOIS Server: WHOIS.ENOM.COM
  181. Registrar URL: http://www.enom.com
  182. Updated Date: 2019-01-25T16:25:56Z
  183. Creation Date: 2015-02-09T22:44:06Z
  184. Registry Expiry Date: 2020-02-09T22:44:06Z
  185. Registrar: eNom, LLC
  186. Registrar IANA ID: 48
  187. Registrar Abuse Contact Email:
  188. Registrar Abuse Contact Phone:
  189. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  190. Domain Status: renewPeriod https://icann.org/epp#renewPeriod
  191. Registry Registrant ID: REDACTED FOR PRIVACY
  192. Registrant Name: REDACTED FOR PRIVACY
  193. Registrant Organization: Rebel Media
  194. Registrant Street: REDACTED FOR PRIVACY
  195. Registrant City: REDACTED FOR PRIVACY
  196. Registrant State/Province: ON
  197. Registrant Postal Code: REDACTED FOR PRIVACY
  198. Registrant Country: CA
  199. Registrant Phone: REDACTED FOR PRIVACY
  200. Registrant Phone Ext: REDACTED FOR PRIVACY
  201. Registrant Fax: REDACTED FOR PRIVACY
  202. Registrant Fax Ext: REDACTED FOR PRIVACY
  203. Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
  204. Registry Admin ID: REDACTED FOR PRIVACY
  205. Admin Name: REDACTED FOR PRIVACY
  206. Admin Organization: REDACTED FOR PRIVACY
  207. Admin Street: REDACTED FOR PRIVACY
  208. Admin City: REDACTED FOR PRIVACY
  209. Admin State/Province: REDACTED FOR PRIVACY
  210. Admin Postal Code: REDACTED FOR PRIVACY
  211. Admin Country: REDACTED FOR PRIVACY
  212. Admin Phone: REDACTED FOR PRIVACY
  213. Admin Phone Ext: REDACTED FOR PRIVACY
  214. Admin Fax: REDACTED FOR PRIVACY
  215. Admin Fax Ext: REDACTED FOR PRIVACY
  216. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
  217. Registry Tech ID: REDACTED FOR PRIVACY
  218. Tech Name: REDACTED FOR PRIVACY
  219. Tech Organization: REDACTED FOR PRIVACY
  220. Tech Street: REDACTED FOR PRIVACY
  221. Tech City: REDACTED FOR PRIVACY
  222. Tech State/Province: REDACTED FOR PRIVACY
  223. Tech Postal Code: REDACTED FOR PRIVACY
  224. Tech Country: REDACTED FOR PRIVACY
  225. Tech Phone: REDACTED FOR PRIVACY
  226. Tech Phone Ext: REDACTED FOR PRIVACY
  227. Tech Fax: REDACTED FOR PRIVACY
  228. Tech Fax Ext: REDACTED FOR PRIVACY
  229. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
  230. Name Server: ns20.nationbuilder.com
  231. Name Server: ns21.nationbuilder.com
  232. Name Server: ns22.nationbuilder.com
  233. Name Server: ns23.nationbuilder.com
  234. DNSSEC: unsigned
  235. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  236. >>> Last update of WHOIS database: 2019-01-26T05:56:37Z <<<
  237.  
  238. For more information on Whois status codes, please visit https://icann.org/epp
  239.  
  240. Terms of Use: Donuts Inc. provides this Whois service for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Donuts does not guarantee its accuracy. Users accessing the Donuts Whois service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar’s own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Donuts or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations. When using the Donuts Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld da
  241. ta. Access to this data can be requested by submitting a request via the form found at https://donuts.domains/about/policies/whois-layered-access/ Donuts Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
  242.  
  243.  
  244.  
  245.  
  246. G E O  I P  L O O K  U P
  247. =======================================================================================================================================
  248.  
  249. [i] IP Address: 52.216.9.186
  250. [i] Country: United States
  251. [i] State: Virginia
  252. [i] City: Ashburn
  253. [i] Latitude: 39.0481
  254. [i] Longitude: -77.4728
  255.  
  256.  
  257.  
  258.  
  259. H T T P   H E A D E R S
  260. =======================================================================================================================================
  261.  
  262.  
  263. [i]  HTTP/1.0 200 OK
  264. [i]  Access-Control-Allow-Origin: *
  265. [i]  Access-Control-Request-Method: GET, POST, PUT, DELETE
  266. [i]  Content-Type: text/html; charset=utf-8
  267. [i]  ETag: W/"58b96276e2a672938556fab1d8de1670-gzip"
  268. [i]  Server: Apache/2.4.7 (Ubuntu)
  269. [i]  Status: 200 OK
  270. [i]  X-Content-Type-Options: nosniff
  271. [i]  X-Frame-Options: ALLOWALL
  272. [i]  X-Middleware-Start: t=1548482201120175
  273. [i]  X-Powered-By: Phusion Passenger Enterprise 5.0.28
  274. [i]  X-Rack-Cache: stale, invalid
  275. [i]  X-Request-Id: 1afa051a-fc91-48fc-9067-d092ca04ecb0
  276. [i]  X-Runtime: 0.081075
  277. [i]  X-Served-By: app10
  278. [i]  Expires: Sat, 26 Jan 2019 05:56:41 GMT
  279. [i]  Cache-Control: max-age=0, no-cache, no-store
  280. [i]  Pragma: no-cache
  281. [i]  Date: Sat, 26 Jan 2019 05:56:41 GMT
  282. [i]  Connection: close
  283. [i]  Set-Cookie: _nbuild_nocache=true; path=/; expires=Sun, 26 Jan 2020 05:56:41 -0000
  284. [i]  Set-Cookie: _nbuild_token=anl7boeN%2F9D%2B4adKuxF7QiRHTXn4XLnPT731wO7yWk8%3D; path=/; secure; HttpOnly
  285. [i]  Set-Cookie: _nbuild_session=3406b8de9364b522dafa8433bc4038d9; path=/; HttpOnly
  286.  
  287.  
  288.  
  289.  
  290. D N S   L O O K U P
  291. =======================================================================================================================================
  292.  
  293. therebel.media.     4   IN  A   52.216.16.170
  294. therebel.media.     21599   IN  NS  ns-1227.awsdns-25.org.
  295. therebel.media.     21599   IN  NS  ns-184.awsdns-23.com.
  296. therebel.media.     21599   IN  NS  ns-2005.awsdns-58.co.uk.
  297. therebel.media.     21599   IN  NS  ns-671.awsdns-19.net.
  298. therebel.media.     899 IN  SOA ns-2005.awsdns-58.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
  299. therebel.media.     299 IN  MX  1 aspmx.l.google.com.
  300. therebel.media.     299 IN  MX  10 alt3.aspmx.l.google.com.
  301. therebel.media.     299 IN  MX  10 alt4.aspmx.l.google.com.
  302. therebel.media.     299 IN  MX  5 alt1.aspmx.l.google.com.
  303. therebel.media.     299 IN  MX  5 alt2.aspmx.l.google.com.
  304. therebel.media.     299 IN  TXT "MS=ms70016162"
  305. therebel.media.     299 IN  TXT "v=spf1 a mx include:_spf.google.com include:sendgrid.net ~all"
  306.  
  307.  
  308.  
  309.  
  310. S U B N E T   C A L C U L A T I O N
  311. =======================================================================================================================================
  312.  
  313. Address       = 52.216.108.74
  314. Network       = 52.216.108.74 / 32
  315. Netmask       = 255.255.255.255
  316. Broadcast     = not needed on Point-to-Point links
  317. Wildcard Mask = 0.0.0.0
  318. Hosts Bits    = 0
  319. Max. Hosts    = 1   (2^0 - 0)
  320. Host Range    = { 52.216.108.74 - 52.216.108.74 }
  321.  
  322.  
  323.  
  324. N M A P   P O R T   S C A N
  325. ======================================================================================================================================
  326.  
  327.  
  328. Starting Nmap 7.40 ( https://nmap.org ) at 2019-01-26 05:56 UTC
  329. Nmap scan report for therebel.media (52.216.96.122)
  330. Host is up (0.0073s latency).
  331. rDNS record for 52.216.96.122: s3-website-us-east-1.amazonaws.com
  332. PORT     STATE    SERVICE
  333. 21/tcp   filtered ftp
  334. 22/tcp   filtered ssh
  335. 23/tcp   filtered telnet
  336. 80/tcp   open     http
  337. 110/tcp  filtered pop3
  338. 143/tcp  filtered imap
  339. 443/tcp  filtered https
  340. 3389/tcp filtered ms-wbt-server
  341.  
  342. Nmap done: 1 IP address (1 host up) scanned in 1.30 seconds
  343.  
  344.  
  345.  
  346. S U B - D O M A I N   F I N D E R
  347. ======================================================================================================================================
  348.  
  349.  
  350. [i] Total Subdomains Found : 2
  351.  
  352. [+] Subdomain: gorka.therebel.media
  353. [-] IP: 132.148.194.157
  354.  
  355. [+] Subdomain: mail.therebel.media
  356. [-] IP: 198.57.164.126
  357. #######################################################################################################################################
  358. [?] Enter the target: example( http://domain.com )
  359. https://www.therebel.media/
  360. [!] IP Address : 23.32.5.54
  361. [!] www.therebel.media doesn't seem to use a CMS
  362. [+] Honeypot Probabilty: 0%
  363. ---------------------------------------------------------------------------------------------------------------------------------------
  364. [~] Trying to gather whois information for www.therebel.media
  365. [+] Whois information found
  366. [-] Unable to build response, visit https://who.is/whois/www.therebel.media
  367. ---------------------------------------------------------------------------------------------------------------------------------------
  368. PORT     STATE    SERVICE
  369. 21/tcp   filtered ftp
  370. 22/tcp   filtered ssh
  371. 23/tcp   filtered telnet
  372. 80/tcp   open     http
  373. 110/tcp  filtered pop3
  374. 143/tcp  filtered imap
  375. 443/tcp  open     https
  376. 3389/tcp filtered ms-wbt-server
  377. Nmap done: 1 IP address (1 host up) scanned in 3.04 seconds
  378. ---------------------------------------------------------------------------------------------------------------------------------------
  379. There was an error getting results
  380.  
  381. [-] DNS Records
  382. [>] Initiating 3 intel modules
  383. [>] Loading Alpha module (1/3)
  384. [>] Beta module deployed (2/3)
  385. [>] Gamma module initiated (3/3)
  386.  
  387.  
  388. [+] Emails found:
  389. ---------------------------------------------------------------------------------------------------------------------------------------
  390. pixel-1548482755895549-web-@www.therebel.media
  391. pixel-154848275910377-web-@www.therebel.media
  392. No hosts found
  393. [+] Virtual hosts:
  394. ---------------------------------------------------------------------------------------------------------------------------------------
  395. #######################################################################################################################################
  396. ; <<>> DiG 9.11.5-P1-1-Debian <<>> therebel.media
  397. ;; global options: +cmd
  398. ;; Got answer:
  399. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48063
  400. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  401.  
  402. ;; OPT PSEUDOSECTION:
  403. ; EDNS: version: 0, flags:; udp: 4096
  404. ;; QUESTION SECTION:
  405. ;therebel.media.            IN  A
  406.  
  407. ;; ANSWER SECTION:
  408. therebel.media.     5   IN  A   52.216.238.218
  409.  
  410. ;; Query time: 405 msec
  411. ;; SERVER: 27.50.70.139#53(27.50.70.139)
  412. ;; WHEN: sam jan 26 01:27:57 EST 2019
  413. ;; MSG SIZE  rcvd: 59
  414. #######################################################################################################################################
  415. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace therebel.media
  416. ;; global options: +cmd
  417. .           79625   IN  NS  l.root-servers.net.
  418. .           79625   IN  NS  h.root-servers.net.
  419. .           79625   IN  NS  f.root-servers.net.
  420. .           79625   IN  NS  d.root-servers.net.
  421. .           79625   IN  NS  e.root-servers.net.
  422. .           79625   IN  NS  b.root-servers.net.
  423. .           79625   IN  NS  j.root-servers.net.
  424. .           79625   IN  NS  k.root-servers.net.
  425. .           79625   IN  NS  m.root-servers.net.
  426. .           79625   IN  NS  g.root-servers.net.
  427. .           79625   IN  NS  a.root-servers.net.
  428. .           79625   IN  NS  i.root-servers.net.
  429. .           79625   IN  NS  c.root-servers.net.
  430. .           79625   IN  RRSIG   NS 8 0 518400 20190207230000 20190125220000 16749 . p3HxhmXeyDLC8XOjqrdowF+mSxUguADldqdiGumGbhBgjosU9ps1A8oX eAUtULdme3H+Y+aaVHx9YdNqw7l0UQ8OSM8oM6qgYmjTZAv8Ak2FMkAt BMO/5J0XXh5H2waDUIVIKjs+0uN1h7I9oZKrLjC4eilMLXc11GLUTSp3 EQGzbJlqqMD1fAaXmHUnSz2UAsqVDi32aDtyOmD4VsQy9lvHXlhkqOj5 NX9+YW5dmecyVXweDekreOAykE9tW9U2gCJn3oZrMN+IxVDrTeMxPLZ6 063PIwD9r3Bu2Qcdv3p1k3irdOlLoDO1i4zvSnE2TA71VzY9bnYyCLgA 13GFlA==
  431. ;; Received 525 bytes from 27.50.70.139#53(27.50.70.139) in 348 ms
  432.  
  433. media.          172800  IN  NS  demand.gamma.aridns.net.au.
  434. media.          172800  IN  NS  demand.beta.aridns.net.au.
  435. media.          172800  IN  NS  demand.alpha.aridns.net.au.
  436. media.          172800  IN  NS  demand.delta.aridns.net.au.
  437. media.          86400   IN  DS  58966 8 1 D226735F01B6C8722C3B812E10691EF3F40BBCA9
  438. media.          86400   IN  DS  58966 8 2 93C1569DBDDE5D844CD5A00900535B640FF33CC6C57DE66D76845D1A C0F13CEB
  439. media.          86400   IN  RRSIG   DS 8 1 86400 20190208050000 20190126040000 16749 . hCmvrQuWR8SvfnJgIbkRA4gbo5fgIeSwWqg1p1wyjeyhYNZWuvPzhm5O KXud/qRPZAciAEKhfEQXP52woB2rfHwec6het2S2WiDaGaYGz9fXZg1F 85mT7CqNmBvy9FUnhdhIoBYTuo6+VpbFRjcjvxTXpf3V0IDJSf9pOotz cVGz/rT1FvExDhg0nOnW+jQgxp9xZAhfL5cj/sjHCd+pxYLtMLvCIQWw 7+ruU2C+mLaOaC9NyM+XJZubL1KujTfS/UtvXMaVRX6iSUbXCvsjV7qO L101xshwCcbVIkX0pQUPL9xsbm6XsLyeXmF2zmpCeJJ9GqY64CpgNdr2 I2kRIA==
  440. ;; Received 738 bytes from 192.112.36.4#53(g.root-servers.net) in 291 ms
  441.  
  442. therebel.media.     86400   IN  NS  ns23.nationbuilder.com.
  443. therebel.media.     86400   IN  NS  ns22.nationbuilder.com.
  444. therebel.media.     86400   IN  NS  ns21.nationbuilder.com.
  445. therebel.media.     86400   IN  NS  ns20.nationbuilder.com.
  446. bivhvcs8hu8cnsq6hto8rv18s3uvohbe.media. 86400 IN NSEC3 1 1 1 F7231E27 BJ4BL952KGT0KODU8U9JJQVGFQ2POERQ NS SOA RRSIG DNSKEY NSEC3PARAM TYPE65534
  447. bivhvcs8hu8cnsq6hto8rv18s3uvohbe.media. 86400 IN RRSIG NSEC3 8 2 86400 20190221085044 20190122080642 61290 media. FD+xihmSOePxrzxlFiwpMpSfHLcmeIGKtwWRTm4sGnJmNCCEOQbpMLQR 5q3GByRaSuHPx3MQl5/0HDnAp6JaTCDnHou3rz2IGeKq7yZektcymnRE lUmfKk19Ks3RxdW2+pNRgN1e/T71lcA5zLw2hptcY9ISp5obwElXQvU3 iqO3PleVhgOc3bk6S5CUyX5WIKvVHzl5KqidqeYgUZoFWg==
  448. bccrpgi937kueg34g4nd91bd4k34oe0j.media. 86400 IN NSEC3 1 1 1 F7231E27 BER58Q3TSUCEKRS18BTLH7O61O31Q322 NS DS RRSIG
  449. bccrpgi937kueg34g4nd91bd4k34oe0j.media. 86400 IN RRSIG NSEC3 8 2 86400 20190222123738 20190123123159 61290 media. eToyig60L6bH+aqaBYvHlWv6pyt3Vnx5n4ke3rsPm57LK+xLZjSBPylR n5nQjBw7DIiQhzG2msXy8xzjJEC4VfrNt79g7SRyyKqcX5Vc/aD123+5 8g5UsM0+QwQJv1AhePJ8VJrjwNVxiMunF+CroUqyfZgajwxq7sWhklxC Y04xP1ev7kjaiYQmRPpqyvhGvxnS4vQ7WwIaX2ozYE3Vfg==
  450. ;; Received 731 bytes from 2001:dcd:1::7#53(demand.alpha.aridns.net.au) in 89 ms
  451.  
  452. therebel.media.     5   IN  A   52.216.65.42
  453. therebel.media.     172800  IN  NS  ns-1227.awsdns-25.org.
  454. therebel.media.     172800  IN  NS  ns-184.awsdns-23.com.
  455. therebel.media.     172800  IN  NS  ns-2005.awsdns-58.co.uk.
  456. therebel.media.     172800  IN  NS  ns-671.awsdns-19.net.
  457. ;; Received 199 bytes from 205.251.194.159#53(ns23.nationbuilder.com) in 404 ms
  458. #######################################################################################################################################
  459. Traceroute 'www.therebel.media '
  460. ---------------------------------------------------------------------------------------------------------------------------------------
  461.  
  462. Start: 2019-01-26T06:33:06+0000
  463. HOST: web01                                              Loss%   Snt   Last   Avg  Best  Wrst StDev
  464.   1.|-- 45.79.12.202                                        0.0%     3    0.8   1.0   0.8   1.1   0.1
  465.   2.|-- 45.79.12.2                                          0.0%     3    0.9   0.9   0.5   1.4   0.4
  466.   3.|-- 45.79.12.9                                          0.0%     3    1.4   2.2   1.4   2.9   0.8
  467.   4.|-- dls-b22-link.telia.net                              0.0%     3    1.9   1.2   0.8   1.9   0.6
  468.   5.|-- dls-b21-link.telia.net                              0.0%     3    2.2   1.8   1.6   2.2   0.4
  469.   6.|-- dls-b23-link.telia.net                              0.0%     3    1.5   1.4   1.4   1.5   0.0
  470.   7.|-- akamai-ic-341035-dls-b21.c.telia.net                0.0%     3   38.0  37.7  37.1  38.1   0.5
  471.   8.|-- ae16.cyrusone-dfw.netarch.akamai.com                0.0%     3    4.1  40.4   2.1 114.9  64.6
  472.   9.|-- a23-53-127-32.deploy.static.akamaitechnologies.com  0.0%     3    2.3   2.0   1.8   2.3   0.3
  473. #######################################################################################################################################
  474. Ip Address  Status  Type    Domain Name         Server
  475. ----------  ------  ----    -----------         ------
  476. 198.57.164.126  200     host    mail.therebel.media    
  477. 23.32.5.72      302     alias   uk.therebel.media      
  478. 23.32.5.72  302 alias   uk.therebel.media.edgekey.net  
  479. 23.32.5.72  302 host    e15521.e2.akamaiedge.net   
  480. 23.32.5.54  302 host    e15521.e2.akamaiedge.net   
  481. 23.32.5.54      302     alias   www.therebel.media     
  482. 23.32.5.54  302 alias   www.therebel.media.edgekey.net 
  483. 23.32.5.54  302 host    e15521.e2.akamaiedge.net   
  484. 23.32.5.72  302 host    e15521.e2.akamaiedge.net   
  485. #######################################################################################################################################
  486. [*] Performing General Enumeration of Domain: therebel.media
  487. [-] DNSSEC is not configured for therebel.media
  488. [*]      SOA ns-2005.awsdns-58.co.uk 205.251.199.213
  489. [*]      NS ns-671.awsdns-19.net 205.251.194.159
  490. [*]      NS ns-671.awsdns-19.net 2600:9000:5302:9f00::1
  491. [*]      NS ns-1227.awsdns-25.org 205.251.196.203
  492. [*]      NS ns-1227.awsdns-25.org 2600:9000:5304:cb00::1
  493. [*]      NS ns-184.awsdns-23.com 205.251.192.184
  494. [*]      NS ns-184.awsdns-23.com 2600:9000:5300:b800::1
  495. [*]      NS ns-2005.awsdns-58.co.uk 205.251.199.213
  496. [*]      NS ns-2005.awsdns-58.co.uk 2600:9000:5307:d500::1
  497. [*]      MX alt1.aspmx.l.google.com 74.125.195.26
  498. [*]      MX alt4.aspmx.l.google.com 173.194.219.26
  499. [*]      MX alt3.aspmx.l.google.com 74.125.126.27
  500. [*]      MX aspmx.l.google.com 172.217.194.27
  501. [*]      MX alt2.aspmx.l.google.com 64.233.179.26
  502. [*]      MX alt1.aspmx.l.google.com 2607:f8b0:400e:c09::1b
  503. [*]      MX alt4.aspmx.l.google.com 2607:f8b0:4002:c03::1b
  504. [*]      MX alt3.aspmx.l.google.com 2607:f8b0:4001:c1d::1a
  505. [*]      MX aspmx.l.google.com 2404:6800:4003:c04::1a
  506. [*]      MX alt2.aspmx.l.google.com 2607:f8b0:4003:c09::1b
  507. [*]      A therebel.media 52.216.139.146
  508. [*]      TXT therebel.media MS=ms70016162
  509. [*]      TXT therebel.media v=spf1 a mx include:_spf.google.com include:sendgrid.net ~all
  510. [*] Enumerating SRV Records
  511. [-] No SRV Records Found for therebel.media
  512. [+] 0 Records Found
  513. #######################################################################################################################################
  514. [*] Processing domain therebel.media
  515. [*] Using system resolvers ['27.50.70.139', '38.132.106.139', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  516. [+] Getting nameservers
  517. 205.251.192.184 - ns-184.awsdns-23.com
  518. 205.251.196.203 - ns-1227.awsdns-25.org
  519. 205.251.199.213 - ns-2005.awsdns-58.co.uk
  520. 205.251.194.159 - ns-671.awsdns-19.net
  521. [-] Zone transfer failed
  522.  
  523. [+] TXT records found
  524. "v=spf1 a mx include:_spf.google.com include:sendgrid.net ~all"
  525. "MS=ms70016162"
  526.  
  527. [+] MX records found, added to target list
  528. 10 alt4.aspmx.l.google.com.
  529. 5 alt1.aspmx.l.google.com.
  530. 10 alt3.aspmx.l.google.com.
  531. 1 aspmx.l.google.com.
  532. 5 alt2.aspmx.l.google.com.
  533.  
  534. [*] Scanning therebel.media for A records
  535. 54.231.48.186 - therebel.media                        
  536. 198.57.164.126 - mail.therebel.media                              
  537. 104.72.70.116 - uk.therebel.media                          
  538. 104.72.70.183 - uk.therebel.media
  539. 104.72.70.183 - www.therebel.media                      
  540. 104.72.70.116 - www.therebel.media
  541.                                                   #######################################################################################################################################
  542. =======================================================================================================================================
  543. | E-mails:
  544. | [+] E-mail Found: tips@therebel.media
  545. | [+] E-mail Found: evangelistsofcanada@gmail.com
  546. | [+] E-mail Found: arlene.pyle@cbc.ca
  547. | [+] E-mail Found: support@therebel.media
  548. | [+] E-mail Found: bigmoe60@hotmail.com
  549. | [+] E-mail Found: sunera.thobani@ubc.ca
  550. | [+] E-mail Found: eitan@therebel.media
  551. | [+] E-mail Found: utchison@ofl.ca
  552. | [+] E-mail Found: .horationelson@myself.com
  553. | [+] E-mail Found: careers@therebel.media
  554. | [+] E-mail Found: fiona.conway@cbc.ca
  555. | [+] E-mail Found: jack.nagler@cbc.ca
  556. | [+] E-mail Found: yan@ofl.ca
  557. | [+] E-mail Found: content@therebel.media
  558. | [+] E-mail Found: trilliumalden@live.ca
  559. | [+] E-mail Found: johnjacox31@gmail.com
  560. | [+] E-mail Found: donations@therebel.media
  561. | [+] E-mail Found: subscriptions@therebel.media
  562. | [+] E-mail Found: donations@therebel.medi
  563. | [+] E-mail Found: ombudsman@cbc.ca
  564. | [+] E-mail Found: dmurrell@unb.ca
  565. | [+] E-mail Found: leader@chp.ca
  566. | [+] E-mail Found: pokeeto@outlook.com
  567. | [+] E-mail Found: silverbloom04@hotmail.com
  568. | [+] E-mail Found: themegaphone@schoolofhardnocks.ca
  569. | [+] E-mail Found: oyeyetemple@gmail.com
  570. | [+] E-mail Found: mbudsman@cbc.ca
  571. | [+] E-mail Found: anda@ofl.ca
  572. | [+] E-mail Found: member@therebel.media
  573. | [+] E-mail Found: frasbow@live.ca
  574. | [+] E-mail Found: tips@therebel.media,
  575. | [+] E-mail Found: info@therebel.media
  576. | [+] E-mail Found: sos@international.gc.ca
  577. | [+] E-mail Found: info@northlands.com
  578. | [+] E-mail Found: gmcgregor@ottawacitizen.com
  579. | [+] E-mail Found: illuminaticlub0@gmail.com,
  580. | [+] E-mail Found: rickz2vp@hotmail.com
  581. | [+] E-mail Found: ads@therebel.media
  582. | [+] E-mail Found: ay@parl.gc.ca
  583. | [+] E-mail Found: reeland@parl.gc.ca
  584. | [+] E-mail Found: esther.enkin@cbc.ca
  585. | [+] E-mail Found: andrew.leach@ualberta.ca
  586. | [+] E-mail Found: legal@therebel.media
  587. | [+] E-mail Found: theo@theocaldwell.com
  588. | [+] E-mail Found: info@conservative.ca
  589. =======================================================================================================================================
  590. #######################################################################################################################################
  591. [+] Testing domain
  592.     www.therebel.media         104.72.70.183      
  593. [+] Dns resolving
  594.        Domain name               Ip address              Name server      
  595.       therebel.media           52.216.168.242     s3-website-us-east-1.amazonaws.com
  596. Found 1 host(s) for therebel.media
  597. [+] Testing wildcard
  598.     Ok, no wildcard found.
  599.  
  600. [+] Scanning for subdomain on therebel.media
  601. [!] Wordlist not specified. I scannig with my internal wordlist...
  602.     Estimated time about 169.15 seconds
  603.  
  604.         Subdomain                Ip address              Name server
  605.      
  606.    mail.therebel.media         198.57.164.126         cpanel.can2000.net  
  607.     uk.therebel.media          104.72.70.183      a104-72-70-183.deploy.static.akamaitechnologies.com
  608.     www.therebel.media         104.72.70.183      a104-72-70-183.deploy.static.akamaitechnologies.com
  609. #######################################################################################################################################
  610. ---------------------------------------------------------------------------------------------------------------------------------------
  611. + Target IP:          23.32.5.72
  612. + Target Hostname:    www.therebel.media
  613. + Target Port:        443
  614. ---------------------------------------------------------------------------------------------------------------------------------------
  615. + SSL Info:        Subject:  /CN=www.therebel.media
  616.                    Ciphers:  ECDHE-RSA-AES256-GCM-SHA384
  617.                    Issuer:   /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
  618. + Start Time:         2019-01-26 01:04:46 (GMT-5)
  619. ---------------------------------------------------------------------------------------------------------------------------------------
  620. + Server: Apache/2.4.7 (Ubuntu)
  621. + Cookie _nbuild_nocache created without the secure flag
  622. + Cookie _nbuild_nocache created without the httponly flag
  623. + Cookie _nbuild_session created without the secure flag
  624. + Retrieved x-powered-by header: Phusion Passenger Enterprise 5.0.28
  625. + Retrieved x-served-by header: app14
  626. + Server leaks inodes via ETags, header found with file /, fields: 0xW/daa481fe14f1ea011858713fe8b9d8a2 0xgzip
  627. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  628. + Uncommon header 'x-request-id' found, with contents: 16848de0-e197-469e-a4e9-2cfff1effeee
  629. + Uncommon header 'access-control-request-method' found, with contents: GET, POST, PUT, DELETE
  630. + Uncommon header 'x-runtime' found, with contents: 0.076294
  631. + Uncommon header 'x-served-by' found, with contents: app14
  632. + Uncommon header 'x-middleware-start' found, with contents: t=1548482691126528
  633. + Uncommon header 'x-rack-cache' found, with contents: stale, invalid
  634. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  635. + Uncommon header 'x-nb-code' found, with contents: 1007
  636. + Entry '/admin/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
  637. + "robots.txt" contains 4 entries which should be manually viewed.
  638. + Uncommon header 'x-content-digest' found, with contents: da39a3ee5e6b4b0d3255bfef95601890afd80709
  639. + Apache/2.4.7 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
  640. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error at /var/lib/nikto/plugins/LW2.pm line 5157.
  641.  at /var/lib/nikto/plugins/LW2.pm line 5157.
  642. ;  at /var/lib/nikto/plugins/LW2.pm line 5157.
  643. + Scan terminated:  20 error(s) and 19 item(s) reported on remote host
  644. + End Time:           2019-01-26 01:21:35 (GMT-5) (1009 seconds)
  645. ---------------------------------------------------------------------------------------------------------------------------------------
  646. #######################################################################################################################################
  647. dnsenum VERSION:1.2.4
  648.  
  649. -----   www.therebel.media   -----
  650.  
  651.  
  652. Host's addresses:
  653. __________________
  654.  
  655. e15521.e2.akamaiedge.net.                19       IN    A        23.32.5.54
  656. e15521.e2.akamaiedge.net.                19       IN    A        23.32.5.72
  657.  
  658.  
  659. Name Servers:
  660. ______________
  661. #######################################################################################################################################
  662. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 01:07 EST
  663. Nmap scan report for www.therebel.media (23.32.5.54)
  664. Host is up (0.34s latency).
  665. Other addresses for www.therebel.media (not scanned): 23.32.5.72
  666. rDNS record for 23.32.5.54: a23-32-5-54.deploy.static.akamaitechnologies.com
  667. Not shown: 471 filtered ports, 3 closed ports
  668. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  669. PORT    STATE SERVICE
  670. 80/tcp  open  http
  671. 443/tcp open  https
  672. #######################################################################################################################################
  673. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 01:08 EST
  674. Nmap scan report for www.therebel.media (23.32.5.54)
  675. Host is up (0.23s latency).
  676. Other addresses for www.therebel.media (not scanned): 23.32.5.72
  677. rDNS record for 23.32.5.54: a23-32-5-54.deploy.static.akamaitechnologies.com
  678. Not shown: 2 filtered ports
  679. PORT     STATE         SERVICE
  680. 53/udp   open|filtered domain
  681. 67/udp   open|filtered dhcps
  682. 68/udp   open|filtered dhcpc
  683. 69/udp   open|filtered tftp
  684. 88/udp   open|filtered kerberos-sec
  685. 123/udp  open|filtered ntp
  686. 139/udp  open|filtered netbios-ssn
  687. 161/udp  open|filtered snmp
  688. 162/udp  open|filtered snmptrap
  689. 389/udp  open|filtered ldap
  690. 520/udp  open|filtered route
  691. 2049/udp open|filtered nfs
  692. #######################################################################################################################################
  693.  
  694.                                  ^     ^
  695.         _   __  _   ____ _   __  _    _   ____
  696.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  697.       | V V // o // _/ | V V // 0 // 0 // _/
  698.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  699.                                 <
  700.                                 ...'
  701.  
  702.     WAFW00F - Web Application Firewall Detection Tool
  703.  
  704.     By Sandro Gauci && Wendel G. Henrique
  705.  
  706. Checking http://www.therebel.media
  707. The site http://www.therebel.media is behind a ModSecurity (OWASP CRS)
  708. Number of requests: 12
  709. #######################################################################################################################################
  710. http://www.therebel.media [302 Found] Country[UNITED STATES][US], IP[23.32.5.54], RedirectLocation[https://www.therebel.media/], Ruby-on-Rails, UncommonHeaders[access-control-allow-origin,x-middleware-start,x-nb-code,x-rack-cache,x-request-id,x-served-by], X-Powered-By[Phusion Passenger Enterprise 5.0.28]
  711. https://www.therebel.media/ [200 OK] Apache[2.4.7], Cookies[_nbuild_nocache,_nbuild_session,_nbuild_token], Country[UNITED STATES][US], Frame, Google-Analytics[UA-59791339-1], HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.7 (Ubuntu)], HttpOnly[_nbuild_session,_nbuild_token], IP[23.32.5.72], JQuery, Open-Graph-Protocol[article], PoweredBy[NationBuilder], Ruby-on-Rails, Script[text/javascript], Title[The Rebel], UncommonHeaders[access-control-allow-origin,access-control-request-method,x-content-type-options,x-middleware-start,x-rack-cache,x-request-id,x-served-by], X-Frame-Options[ALLOWALL], X-Powered-By[Phusion Passenger Enterprise 5.0.28], X-UA-Compatible[IE=edge]
  712. #######################################################################################################################################
  713.  
  714. wig - WebApp Information Gatherer
  715.  
  716.  
  717. Scanning https://www.therebel.media...
  718. _____________________ SITE INFO ______________________
  719. IP               Title                                
  720. 23.32.5.54       The Rebel                          
  721. 23.32.5.72                                          
  722.                                                      
  723. ______________________ VERSION _______________________
  724. Name             Versions          Type              
  725. Apache           2.4.7             Platform          
  726. Ubuntu           14.04             OS                
  727.                                                      
  728. ____________________ INTERESTING _____________________
  729. URL              Note              Type              
  730. /robots.txt      robots.txt index  Interesting        
  731.                                                      
  732. ______________________________________________________
  733. Time: 225.9 sec  Urls: 788         Fingerprints: 40401
  734. #######################################################################################################################################
  735. HTTP/1.1 302 Found
  736. Access-Control-Allow-Origin: *
  737. Content-Type: text/html
  738. Location: https://www.therebel.media/
  739. Status: 302 Found
  740. X-Middleware-Start: t=1548483240817260
  741. X-nb-code: 1011
  742. X-Powered-By: Phusion Passenger Enterprise 5.0.28
  743. X-Rack-Cache: miss
  744. X-Request-Id: 4fc76dd9-5208-4b50-a136-351c9f366f43
  745. X-Runtime: 0.064512
  746. X-Served-By: app13
  747. Content-Length: 0
  748. Expires: Sat, 26 Jan 2019 06:14:01 GMT
  749. Cache-Control: max-age=0, no-cache, no-store
  750. Pragma: no-cache
  751. Date: Sat, 26 Jan 2019 06:14:01 GMT
  752. Connection: keep-alive
  753.  
  754. HTTP/1.1 302 Found
  755. Access-Control-Allow-Origin: *
  756. Content-Type: text/html
  757. Location: https://www.therebel.media/
  758. Status: 302 Found
  759. X-Middleware-Start: t=1548483242078938
  760. X-nb-code: 1011
  761. X-Powered-By: Phusion Passenger Enterprise 5.0.28
  762. X-Rack-Cache: miss
  763. X-Request-Id: d6acd65f-5621-4430-af8b-e337221656b3
  764. X-Runtime: 0.065847
  765. X-Served-By: app10
  766. Content-Length: 0
  767. Expires: Sat, 26 Jan 2019 06:14:02 GMT
  768. Cache-Control: max-age=0, no-cache, no-store
  769. Pragma: no-cache
  770. Date: Sat, 26 Jan 2019 06:14:02 GMT
  771. Connection: keep-alive
  772.  
  773. HTTP/1.1 200 OK
  774. Access-Control-Allow-Origin: *
  775. Access-Control-Request-Method: GET, POST, PUT, DELETE
  776. Content-Type: text/html; charset=utf-8
  777. ETag: W/"8a2ce9516071e06dcf13e06163289744"
  778. Server: Apache/2.4.7 (Ubuntu)
  779. Status: 200 OK
  780. X-Content-Type-Options: nosniff
  781. X-Frame-Options: ALLOWALL
  782. X-Middleware-Start: t=1548483244237211
  783. X-Powered-By: Phusion Passenger Enterprise 5.0.28
  784. X-Rack-Cache: stale, invalid
  785. X-Request-Id: 82919a8e-7a88-46d1-b5b4-e139cd838145
  786. X-Runtime: 0.079457
  787. X-Served-By: app13
  788. Content-Length: 0
  789. Expires: Sat, 26 Jan 2019 06:14:04 GMT
  790. Cache-Control: max-age=0, no-cache, no-store
  791. Pragma: no-cache
  792. Date: Sat, 26 Jan 2019 06:14:04 GMT
  793. Connection: keep-alive
  794. Set-Cookie: _nbuild_nocache=true; path=/; expires=Sun, 26 Jan 2020 06:14:04 -0000
  795. Set-Cookie: _nbuild_token=bKK8bXNRkzYxYw%2BzMcAnXz83djWv5SnE5nP2w8FXhS8%3D; path=/; secure; HttpOnly
  796. Set-Cookie: _nbuild_session=786ff12cbc6e216a078ee30283be8d26; path=/; HttpOnly
  797. #######################################################################################################################################
  798.  
  799.                                  ^     ^
  800.         _   __  _   ____ _   __  _    _   ____
  801.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  802.       | V V // o // _/ | V V // 0 // 0 // _/
  803.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  804.                                 <
  805.                                 ...'
  806.  
  807.     WAFW00F - Web Application Firewall Detection Tool
  808.  
  809.     By Sandro Gauci && Wendel G. Henrique
  810.  
  811. Checking https://www.therebel.media
  812. The site https://www.therebel.media is behind a ModSecurity (OWASP CRS)
  813. Number of requests: 11
  814. #######################################################################################################################################
  815. https://www.therebel.media [200 OK] Apache[2.4.7], Cookies[_nbuild_nocache,_nbuild_session,_nbuild_token], Country[UNITED STATES][US], Frame, Google-Analytics[UA-59791339-1], HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.7 (Ubuntu)], HttpOnly[_nbuild_session,_nbuild_token], IP[23.32.5.54], JQuery, Open-Graph-Protocol[article], PoweredBy[NationBuilder], Ruby-on-Rails, Script[text/javascript], Title[The Rebel], UncommonHeaders[access-control-allow-origin,access-control-request-method,x-content-type-options,x-middleware-start,x-rack-cache,x-request-id,x-served-by], X-Frame-Options[ALLOWALL], X-Powered-By[Phusion Passenger Enterprise 5.0.28], X-UA-Compatible[IE=edge]
  816. #######################################################################################################################################
  817.  
  818. wig - WebApp Information Gatherer
  819.  
  820.  
  821. Scanning https://www.therebel.media...
  822. _____________________ SITE INFO _____________________
  823. IP              Title                                
  824. 23.32.5.54      The Rebel                          
  825. 23.32.5.72                                        
  826.                                                      
  827. ______________________ VERSION ______________________
  828. Name            Versions          Type              
  829. Apache          2.4.7             Platform          
  830. Ubuntu          14.04             OS                
  831.                                                      
  832. ____________________ INTERESTING ____________________
  833. URL             Note              Type              
  834. /robots.txt     robots.txt index  Interesting        
  835.                                                      
  836. _____________________________________________________
  837. Time: 19.4 sec  Urls: 788         Fingerprints: 40401
  838. #######################################################################################################################################
  839. HTTP/1.1 200 OK
  840. Access-Control-Allow-Origin: *
  841. Access-Control-Request-Method: GET, POST, PUT, DELETE
  842. Content-Type: text/html; charset=utf-8
  843. ETag: W/"531be910ca9751e8ffdc45938717c662"
  844. Server: Apache/2.4.7 (Ubuntu)
  845. Status: 200 OK
  846. X-Content-Type-Options: nosniff
  847. X-Frame-Options: ALLOWALL
  848. X-Middleware-Start: t=1548483356156277
  849. X-Powered-By: Phusion Passenger Enterprise 5.0.28
  850. X-Rack-Cache: stale, invalid
  851. X-Request-Id: 05836a5e-d771-438d-9408-58a14b899630
  852. X-Runtime: 0.094076
  853. X-Served-By: app10
  854. Content-Length: 0
  855. Expires: Sat, 26 Jan 2019 06:15:56 GMT
  856. Cache-Control: max-age=0, no-cache, no-store
  857. Pragma: no-cache
  858. Date: Sat, 26 Jan 2019 06:15:56 GMT
  859. Connection: keep-alive
  860. Set-Cookie: _nbuild_nocache=true; path=/; expires=Sun, 26 Jan 2020 06:15:56 -0000
  861. Set-Cookie: _nbuild_token=LXzcq0eT8jMuRpmtPjZtdsJJ1liOUypGh2I0fJVgyR8%3D; path=/; secure; HttpOnly
  862. Set-Cookie: _nbuild_session=d4002cc8d5b4062512a0bc0bbc8614a9; path=/; HttpOnly
  863.  
  864. HTTP/1.1 200 OK
  865. Access-Control-Allow-Origin: *
  866. Access-Control-Request-Method: GET, POST, PUT, DELETE
  867. Content-Type: text/html; charset=utf-8
  868. ETag: W/"2423ff611fe7a26586c8e1dc0549caa0"
  869. Server: Apache/2.4.7 (Ubuntu)
  870. Status: 200 OK
  871. X-Content-Type-Options: nosniff
  872. X-Frame-Options: ALLOWALL
  873. X-Middleware-Start: t=1548483358631660
  874. X-Powered-By: Phusion Passenger Enterprise 5.0.28
  875. X-Rack-Cache: stale, invalid
  876. X-Request-Id: d805c658-597e-479b-ba7d-2641fe752022
  877. X-Runtime: 0.105382
  878. X-Served-By: app13
  879. Content-Length: 0
  880. Expires: Sat, 26 Jan 2019 06:15:58 GMT
  881. Cache-Control: max-age=0, no-cache, no-store
  882. Pragma: no-cache
  883. Date: Sat, 26 Jan 2019 06:15:58 GMT
  884. Connection: keep-alive
  885. Set-Cookie: _nbuild_nocache=true; path=/; expires=Sun, 26 Jan 2020 06:15:58 -0000
  886. Set-Cookie: _nbuild_token=m%2BV0fjJqJSGFGSOgMxVAD%2BegmcnNfhGZ5ULziUPiuT8%3D; path=/; secure; HttpOnly
  887. Set-Cookie: _nbuild_session=e909bdd0d279368c437fbfa2033762d9; path=/; HttpOnly
  888. #######################################################################################################################################
  889. Version: 1.11.12-static
  890. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  891.  
  892. Connected to 104.72.70.116
  893.  
  894. Testing SSL server www.therebel.media on port 443 using SNI name www.therebel.media
  895.  
  896.   TLS Fallback SCSV:
  897. Server supports TLS Fallback SCSV
  898.  
  899.   TLS renegotiation:
  900. Secure session renegotiation supported
  901.  
  902.   TLS Compression:
  903. Compression disabled
  904.  
  905.   Heartbleed:
  906. TLS 1.2 not vulnerable to heartbleed
  907. TLS 1.1 not vulnerable to heartbleed
  908. TLS 1.0 not vulnerable to heartbleed
  909.  
  910.   Supported Server Cipher(s):
  911. Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
  912. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
  913. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
  914. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
  915. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  916. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  917. Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
  918. Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
  919. Accepted  TLSv1.2  256 bits  AES256-SHA256                
  920. Accepted  TLSv1.2  128 bits  AES128-SHA256                
  921. Accepted  TLSv1.2  256 bits  AES256-SHA                  
  922. Accepted  TLSv1.2  128 bits  AES128-SHA                  
  923. Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  924. Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  925. Accepted  TLSv1.1  256 bits  AES256-SHA                  
  926. Accepted  TLSv1.1  128 bits  AES128-SHA                  
  927. Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  928. Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  929. Accepted  TLSv1.0  256 bits  AES256-SHA                  
  930. Accepted  TLSv1.0  128 bits  AES128-SHA                  
  931.  
  932.   SSL Certificate:
  933. Signature Algorithm: sha256WithRSAEncryption
  934. RSA Key Strength:    2048
  935.  
  936. Subject:  www.therebel.media
  937. Altnames: DNS:australia.therebel.media, DNS:uk.therebel.media, DNS:www.lerebelle.media, DNS:www.marklathamsoutsiders.com, DNS:www.therebel.media
  938. Issuer:   Let's Encrypt Authority X3
  939.  
  940. Not valid before: Nov 21 18:06:45 2018 GMT
  941. Not valid after:  Feb 19 18:06:45 2019 GMT
  942. #######################################################################################################################################
  943. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:27 EST
  944. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  945. Host is up (0.25s latency).
  946. Not shown: 470 filtered ports, 4 closed ports
  947. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  948. PORT    STATE SERVICE
  949. 80/tcp  open  http
  950. 443/tcp open  https
  951. #######################################################################################################################################
  952. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:27 EST
  953. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  954. Host is up (0.24s latency).
  955. Not shown: 2 filtered ports, 1 closed port
  956. PORT     STATE         SERVICE
  957. 67/udp   open|filtered dhcps
  958. 68/udp   open|filtered dhcpc
  959. 69/udp   open|filtered tftp
  960. 88/udp   open|filtered kerberos-sec
  961. 123/udp  open|filtered ntp
  962. 139/udp  open|filtered netbios-ssn
  963. 161/udp  open|filtered snmp
  964. 162/udp  open|filtered snmptrap
  965. 389/udp  open|filtered ldap
  966. 520/udp  open|filtered route
  967. 2049/udp open|filtered nfs
  968. #######################################################################################################################################
  969. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:27 EST
  970. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  971. Host is up (0.13s latency).
  972.  
  973. PORT   STATE         SERVICE VERSION
  974. 67/udp open|filtered dhcps
  975. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  976. Too many fingerprints match this host to give specific OS details
  977. Network Distance: 10 hops
  978.  
  979. TRACEROUTE (using proto 1/icmp)
  980. HOP RTT       ADDRESS
  981. 1   228.44 ms 10.245.200.1
  982. 2   228.48 ms v106.ce02.hkg-10.hk.leaseweb.net (43.249.36.189)
  983. 3   229.29 ms te-0-0-2-3.br02.hkg-10.hk.leaseweb.net (43.249.36.12)
  984. 4   229.32 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  985. 5   229.34 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  986. 6   367.53 ms 4826.hkg.equinix.com (119.27.63.115)
  987. 7   343.48 ms Te-0-0-0-2-8.cor01.syd11.nsw.VOCUS.net.au (119.161.84.31)
  988. 8   343.50 ms 114.31.192.39
  989. 9   350.52 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  990. 10  343.51 ms a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  991. #######################################################################################################################################
  992. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:29 EST
  993. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  994. Host is up (0.12s latency).
  995.  
  996. PORT   STATE         SERVICE VERSION
  997. 68/udp open|filtered dhcpc
  998. Too many fingerprints match this host to give specific OS details
  999. Network Distance: 10 hops
  1000.  
  1001. TRACEROUTE (using proto 1/icmp)
  1002. HOP RTT       ADDRESS
  1003. 1   228.61 ms 10.245.200.1
  1004. 2   229.49 ms v106.ce02.hkg-10.hk.leaseweb.net (43.249.36.189)
  1005. 3   229.54 ms te-0-0-2-3.br02.hkg-10.hk.leaseweb.net (43.249.36.12)
  1006. 4   229.57 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1007. 5   229.83 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1008. 6   368.16 ms 4826.hkg.equinix.com (119.27.63.115)
  1009. 7   344.08 ms Te-0-0-0-2-8.cor01.syd11.nsw.VOCUS.net.au (119.161.84.31)
  1010. 8   365.58 ms 114.31.192.39
  1011. 9   346.98 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1012. 10  344.17 ms a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1013. #######################################################################################################################################
  1014. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:31 EST
  1015. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1016. Host is up (0.12s latency).
  1017.  
  1018. PORT   STATE         SERVICE VERSION
  1019. 69/udp open|filtered tftp
  1020. Too many fingerprints match this host to give specific OS details
  1021. Network Distance: 10 hops
  1022.  
  1023. TRACEROUTE (using proto 1/icmp)
  1024. HOP RTT       ADDRESS
  1025. 1   228.10 ms 10.245.200.1
  1026. 2   228.12 ms v106.ce02.hkg-10.hk.leaseweb.net (43.249.36.189)
  1027. 3   229.22 ms te-0-0-2-3.br02.hkg-10.hk.leaseweb.net (43.249.36.12)
  1028. 4   229.24 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1029. 5   229.26 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1030. 6   367.53 ms 4826.hkg.equinix.com (119.27.63.115)
  1031. 7   343.20 ms Te-0-0-0-2-8.cor01.syd11.nsw.VOCUS.net.au (119.161.84.31)
  1032. 8   344.14 ms 114.31.192.39
  1033. 9   344.51 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1034. 10  343.21 ms a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1035. #######################################################################################################################################
  1036.                                  ^     ^
  1037.         _   __  _   ____ _   __  _    _   ____
  1038.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  1039.       | V V // o // _/ | V V // 0 // 0 // _/
  1040.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  1041.                                 <
  1042.                                 ...'
  1043.  
  1044.     WAFW00F - Web Application Firewall Detection Tool
  1045.  
  1046.     By Sandro Gauci && Wendel G. Henrique
  1047.  
  1048. Checking http://104.72.70.183
  1049. Generic Detection results:
  1050. No WAF detected by the generic detection
  1051. Number of requests: 14
  1052. #######################################################################################################################################
  1053.  
  1054. wig - WebApp Information Gatherer
  1055.  
  1056.  
  1057. Scanning http://104.72.70.183...
  1058. _____________________ SITE INFO ______________________
  1059. IP              Title                                
  1060. 104.72.70.183                                      
  1061.                                                      
  1062. ______________________ VERSION _______________________
  1063. Name            Versions           Type              
  1064.                                                      
  1065. ____________________ INTERESTING _____________________
  1066. URL             Note               Type              
  1067. /readme.html    Readme file        Interesting        
  1068. /install.php    Installation file  Interesting        
  1069. /test.php       Test file          Interesting        
  1070.                                                      
  1071. ______________________________________________________
  1072. Time: 52.8 sec  Urls: 598          Fingerprints: 40401
  1073. #######################################################################################################################################
  1074. HTTP/1.1 400 Bad Request
  1075. Mime-Version: 1.0
  1076. Content-Type: text/html
  1077. Content-Length: 208
  1078. Expires: Sat, 26 Jan 2019 01:35:34 GMT
  1079. Date: Sat, 26 Jan 2019 01:35:34 GMT
  1080. Connection: keep-alive
  1081.  
  1082. HTTP/1.1 400 Bad Request
  1083. Mime-Version: 1.0
  1084. Content-Type: text/html
  1085. Content-Length: 208
  1086. Expires: Sat, 26 Jan 2019 01:35:35 GMT
  1087. Date: Sat, 26 Jan 2019 01:35:35 GMT
  1088. Connection: keep-alive
  1089. #######################################################################################################################################
  1090. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:35 EST
  1091. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1092. Host is up (0.12s latency).
  1093.  
  1094. PORT    STATE         SERVICE VERSION
  1095. 123/udp open|filtered ntp
  1096. Too many fingerprints match this host to give specific OS details
  1097. Network Distance: 10 hops
  1098.  
  1099. TRACEROUTE (using proto 1/icmp)
  1100. HOP RTT       ADDRESS
  1101. 1   228.25 ms 10.245.200.1
  1102. 2   228.27 ms v106.ce02.hkg-10.hk.leaseweb.net (43.249.36.189)
  1103. 3   228.78 ms te-0-0-2-3.br02.hkg-10.hk.leaseweb.net (43.249.36.12)
  1104. 4   228.99 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1105. 5   229.65 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1106. 6   367.89 ms 4826.hkg.equinix.com (119.27.63.115)
  1107. 7   343.38 ms Te-0-0-0-2-8.cor01.syd11.nsw.VOCUS.net.au (119.161.84.31)
  1108. 8   367.11 ms 114.31.192.39
  1109. 9   347.10 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1110. 10  343.43 ms a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1111. #######################################################################################################################################
  1112. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:37 EST
  1113. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1114. Host is up (0.29s latency).
  1115.  
  1116. PORT    STATE         SERVICE VERSION
  1117. 161/tcp filtered      snmp
  1118. 161/udp open|filtered snmp
  1119. Too many fingerprints match this host to give specific OS details
  1120. Network Distance: 10 hops
  1121.  
  1122. TRACEROUTE (using proto 1/icmp)
  1123. HOP RTT       ADDRESS
  1124. 1   229.65 ms 10.245.200.1
  1125. 2   229.67 ms v106.ce02.hkg-10.hk.leaseweb.net (43.249.36.189)
  1126. 3   230.04 ms te-0-0-2-3.br02.hkg-10.hk.leaseweb.net (43.249.36.12)
  1127. 4   230.06 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1128. 5   231.03 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1129. 6   368.95 ms 4826.hkg.equinix.com (119.27.63.115)
  1130. 7   344.54 ms Te-0-0-0-2-8.cor01.syd11.nsw.VOCUS.net.au (119.161.84.31)
  1131. 8   345.69 ms 114.31.192.39
  1132. 9   380.27 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1133. 10  344.55 ms a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1134. #######################################################################################################################################
  1135. Version: 1.11.12-static
  1136. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1137.  
  1138. Connected to 104.72.70.183
  1139.  
  1140. Testing SSL server 104.72.70.183 on port 443 using SNI name 104.72.70.183
  1141.  
  1142.   TLS Fallback SCSV:
  1143. Server does not support TLS Fallback SCSV
  1144.  
  1145.   TLS renegotiation:
  1146. Session renegotiation not supported
  1147.  
  1148.   TLS Compression:
  1149. Compression disabled
  1150.  
  1151.   Heartbleed:
  1152. TLS 1.2 not vulnerable to heartbleed
  1153. TLS 1.1 not vulnerable to heartbleed
  1154. TLS 1.0 not vulnerable to heartbleed
  1155.  
  1156.   Supported Server Cipher(s):
  1157. #######################################################################################################################################
  1158. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:43 EST
  1159. NSE: Loaded 148 scripts for scanning.
  1160. NSE: Script Pre-scanning.
  1161. NSE: Starting runlevel 1 (of 2) scan.
  1162. Initiating NSE at 20:43
  1163. Completed NSE at 20:43, 0.00s elapsed
  1164. NSE: Starting runlevel 2 (of 2) scan.
  1165. Initiating NSE at 20:43
  1166. Completed NSE at 20:43, 0.00s elapsed
  1167. Initiating Ping Scan at 20:43
  1168. Scanning 104.72.70.183 [4 ports]
  1169. Completed Ping Scan at 20:43, 0.26s elapsed (1 total hosts)
  1170. Initiating Parallel DNS resolution of 1 host. at 20:43
  1171. Completed Parallel DNS resolution of 1 host. at 20:43, 0.02s elapsed
  1172. Initiating Connect Scan at 20:43
  1173. Scanning a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183) [1000 ports]
  1174. Discovered open port 80/tcp on 104.72.70.183
  1175. Discovered open port 443/tcp on 104.72.70.183
  1176. Completed Connect Scan at 20:43, 13.75s elapsed (1000 total ports)
  1177. Initiating Service scan at 20:43
  1178. Scanning 2 services on a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1179. Service scan Timing: About 50.00% done; ETC: 20:45 (0:00:36 remaining)
  1180. Completed Service scan at 20:44, 36.22s elapsed (2 services on 1 host)
  1181. Initiating OS detection (try #1) against a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1182. Retrying OS detection (try #2) against a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1183. Initiating Traceroute at 20:44
  1184. Completed Traceroute at 20:44, 0.37s elapsed
  1185. Initiating Parallel DNS resolution of 10 hosts. at 20:44
  1186. Completed Parallel DNS resolution of 10 hosts. at 20:44, 16.50s elapsed
  1187. NSE: Script scanning 104.72.70.183.
  1188. NSE: Starting runlevel 1 (of 2) scan.
  1189. Initiating NSE at 20:44
  1190. NSE Timing: About 98.92% done; ETC: 20:45 (0:00:00 remaining)
  1191. NSE Timing: About 99.64% done; ETC: 20:45 (0:00:00 remaining)
  1192. Completed NSE at 20:46, 90.06s elapsed
  1193. NSE: Starting runlevel 2 (of 2) scan.
  1194. Initiating NSE at 20:46
  1195. Completed NSE at 20:46, 0.70s elapsed
  1196. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1197. Host is up, received reset ttl 64 (0.24s latency).
  1198. Scanned at 2019-01-25 20:43:35 EST for 164s
  1199. Not shown: 994 filtered ports
  1200. Reason: 994 no-responses
  1201. PORT    STATE  SERVICE      REASON       VERSION
  1202. 25/tcp  closed smtp         conn-refused
  1203. 53/tcp  closed domain       conn-refused
  1204. 80/tcp  open   http-proxy   syn-ack      Squid http proxy
  1205. |_http-open-proxy: Proxy might be redirecting requests
  1206. |_http-title: Invalid URL
  1207. 139/tcp closed netbios-ssn  conn-refused
  1208. 443/tcp open   https?       syn-ack
  1209. 445/tcp closed microsoft-ds conn-refused
  1210. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  1211. SF-Port443-TCP:V=7.70%I=7%D=1/25%Time=5C4BBB5C%P=x86_64-pc-linux-gnu%r(SSL
  1212. SF:SessionReq,7,"\x15\x03\x04\0\x02\x02P")%r(TLSSessionReq,7,"\x15\x03\x04
  1213. SF:\0\x02\x02P")%r(SSLv23SessionReq,7,"\x15\x03\x04\0\x02\x02P");
  1214. Device type: general purpose|storage-misc|broadband router|WAP
  1215. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (94%), HP embedded (91%), Asus embedded (87%)
  1216. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6.22
  1217. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  1218. Aggressive OS guesses: Linux 3.16 - 4.6 (94%), Linux 3.10 - 4.11 (92%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.2 (92%), Linux 4.4 (92%), Linux 3.18 (91%), HP P2000 G3 NAS device (91%), Linux 3.2 - 4.9 (90%), Linux 3.16 (90%)
  1219. No exact OS matches for host (test conditions non-ideal).
  1220. TCP/IP fingerprint:
  1221. SCAN(V=7.70%E=4%D=1/25%OT=80%CT=25%CU=%PV=N%DS=10%DC=T%G=N%TM=5C4BBBEB%P=x86_64-pc-linux-gnu)
  1222. SEQ(SP=103%GCD=1%ISR=108%TI=Z%CI=Z%TS=8)
  1223. OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
  1224. WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
  1225. ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)
  1226. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
  1227. T2(R=N)
  1228. T3(R=N)
  1229. T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1230. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
  1231. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1232. T7(R=N)
  1233. U1(R=N)
  1234. IE(R=Y%DFI=N%TG=40%CD=S)
  1235.  
  1236. Uptime guess: 43.094 days (since Thu Dec 13 18:31:04 2018)
  1237. Network Distance: 10 hops
  1238. TCP Sequence Prediction: Difficulty=259 (Good luck!)
  1239. IP ID Sequence Generation: All zeros
  1240.  
  1241. TRACEROUTE (using proto 1/icmp)
  1242. HOP RTT       ADDRESS
  1243. 1   231.16 ms 10.245.200.1
  1244. 2   231.20 ms v106.ce02.hkg-10.hk.leaseweb.net (43.249.36.189)
  1245. 3   231.60 ms te-0-0-2-3.br02.hkg-10.hk.leaseweb.net (43.249.36.12)
  1246. 4   231.64 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1247. 5   232.60 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1248. 6   370.59 ms 4826.hkg.equinix.com (119.27.63.115)
  1249. 7   346.03 ms Te-0-0-0-2-8.cor01.syd11.nsw.VOCUS.net.au (119.161.84.31)
  1250. 8   346.62 ms 114.31.192.39
  1251. 9   347.60 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1252. 10  346.08 ms a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1253.  
  1254. NSE: Script Post-scanning.
  1255. NSE: Starting runlevel 1 (of 2) scan.
  1256. Initiating NSE at 20:46
  1257. Completed NSE at 20:46, 0.00s elapsed
  1258. NSE: Starting runlevel 2 (of 2) scan.
  1259. Initiating NSE at 20:46
  1260. Completed NSE at 20:46, 0.00s elapsed
  1261. Read data files from: /usr/bin/../share/nmap
  1262. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1263. Nmap done: 1 IP address (1 host up) scanned in 164.43 seconds
  1264.            Raw packets sent: 83 (7.760KB) | Rcvd: 45 (3.844KB)
  1265. #######################################################################################################################################
  1266. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:46 EST
  1267. NSE: Loaded 148 scripts for scanning.
  1268. NSE: Script Pre-scanning.
  1269. Initiating NSE at 20:46
  1270. Completed NSE at 20:46, 0.00s elapsed
  1271. Initiating NSE at 20:46
  1272. Completed NSE at 20:46, 0.00s elapsed
  1273. Initiating Parallel DNS resolution of 1 host. at 20:46
  1274. Completed Parallel DNS resolution of 1 host. at 20:46, 0.02s elapsed
  1275. Initiating UDP Scan at 20:46
  1276. Scanning a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183) [14 ports]
  1277. Completed UDP Scan at 20:46, 3.02s elapsed (14 total ports)
  1278. Initiating Service scan at 20:46
  1279. Scanning 11 services on a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1280. Service scan Timing: About 9.09% done; ETC: 21:04 (0:16:20 remaining)
  1281. Completed Service scan at 20:48, 102.59s elapsed (11 services on 1 host)
  1282. Initiating OS detection (try #1) against a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1283. Initiating Traceroute at 20:48
  1284. Completed Traceroute at 20:48, 7.28s elapsed
  1285. Initiating Parallel DNS resolution of 1 host. at 20:48
  1286. Completed Parallel DNS resolution of 1 host. at 20:48, 0.02s elapsed
  1287. NSE: Script scanning 104.72.70.183.
  1288. Initiating NSE at 20:48
  1289. Completed NSE at 20:48, 20.24s elapsed
  1290. Initiating NSE at 20:48
  1291. Completed NSE at 20:48, 1.61s elapsed
  1292. Nmap scan report for a104-72-70-183.deploy.static.akamaitechnologies.com (104.72.70.183)
  1293. Host is up (0.28s latency).
  1294.  
  1295. PORT     STATE         SERVICE      VERSION
  1296. 53/udp   closed        domain
  1297. 67/udp   open|filtered dhcps
  1298. 68/udp   open|filtered dhcpc
  1299. 69/udp   open|filtered tftp
  1300. 88/udp   open|filtered kerberos-sec
  1301. 123/udp  open|filtered ntp
  1302. 137/udp  filtered      netbios-ns
  1303. 138/udp  filtered      netbios-dgm
  1304. 139/udp  open|filtered netbios-ssn
  1305. 161/udp  open|filtered snmp
  1306. 162/udp  open|filtered snmptrap
  1307. 389/udp  open|filtered ldap
  1308. 520/udp  open|filtered route
  1309. 2049/udp open|filtered nfs
  1310. Too many fingerprints match this host to give specific OS details
  1311. Network Distance: 10 hops
  1312.  
  1313. TRACEROUTE (using port 137/udp)
  1314. HOP RTT       ADDRESS
  1315. 1   228.07 ms 10.245.200.1
  1316. 2   ... 3
  1317. 4   228.51 ms 10.245.200.1
  1318. 5   229.80 ms 10.245.200.1
  1319. 6   229.63 ms 10.245.200.1
  1320. 7   229.63 ms 10.245.200.1
  1321. 8   229.63 ms 10.245.200.1
  1322. 9   229.63 ms 10.245.200.1
  1323. 10  229.65 ms 10.245.200.1
  1324. 11  ... 18
  1325. 19  228.76 ms 10.245.200.1
  1326. 20  228.06 ms 10.245.200.1
  1327. 21  ... 27
  1328. 28  229.23 ms 10.245.200.1
  1329. 29  ...
  1330. 30  227.87 ms 10.245.200.1
  1331.  
  1332. NSE: Script Post-scanning.
  1333. Initiating NSE at 20:48
  1334. Completed NSE at 20:48, 0.00s elapsed
  1335. Initiating NSE at 20:48
  1336. Completed NSE at 20:48, 0.00s elapsed
  1337. Read data files from: /usr/bin/../share/nmap
  1338. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1339. Nmap done: 1 IP address (1 host up) scanned in 138.51 seconds
  1340.            Raw packets sent: 113 (8.276KB) | Rcvd: 58 (5.809KB)
  1341. #######################################################################################################################################
  1342. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:28 EST
  1343. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1344. Host is up (0.37s latency).
  1345. Not shown: 471 filtered ports, 3 closed ports
  1346. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  1347. PORT    STATE SERVICE
  1348. 80/tcp  open  http
  1349. 443/tcp open  https
  1350. #######################################################################################################################################
  1351. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:31 EST
  1352. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1353. Host is up (0.23s latency).
  1354. Not shown: 2 filtered ports
  1355. PORT     STATE         SERVICE
  1356. 53/udp   open|filtered domain
  1357. 67/udp   open|filtered dhcps
  1358. 68/udp   open|filtered dhcpc
  1359. 69/udp   open|filtered tftp
  1360. 88/udp   open|filtered kerberos-sec
  1361. 123/udp  open|filtered ntp
  1362. 139/udp  open|filtered netbios-ssn
  1363. 161/udp  open|filtered snmp
  1364. 162/udp  open|filtered snmptrap
  1365. 389/udp  open|filtered ldap
  1366. 520/udp  open|filtered route
  1367. 2049/udp open|filtered nfs
  1368. #######################################################################################################################################
  1369. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:31 EST
  1370. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1371. Host is up (0.15s latency).
  1372.  
  1373. PORT   STATE         SERVICE VERSION
  1374. 67/udp open|filtered dhcps
  1375. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  1376. Too many fingerprints match this host to give specific OS details
  1377. Network Distance: 11 hops
  1378.  
  1379. TRACEROUTE (using proto 1/icmp)
  1380. HOP RTT       ADDRESS
  1381. 1   228.91 ms 10.245.200.1
  1382. 2   228.96 ms v106.ce01.hkg-10.hk.leaseweb.net (43.249.36.188)
  1383. 3   230.25 ms te-0-0-0-0.br02.hkg-10.hk.leaseweb.net (43.249.36.10)
  1384. 4   231.50 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1385. 5   231.46 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1386. 6   369.54 ms 4826.hkg.equinix.com (119.27.63.115)
  1387. 7   369.59 ms Te-0-1-0-2-1.cor02.syd04.nsw.VOCUS.net.au (119.161.84.21)
  1388. 8   369.98 ms BE-1.cor01.syd11.nsw.VOCUS.net.au (114.31.192.40)
  1389. 9   370.97 ms 114.31.192.39
  1390. 10  377.02 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1391. 11  367.24 ms a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1392. #######################################################################################################################################
  1393. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:33 EST
  1394. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1395. Host is up (0.15s latency).
  1396.  
  1397. PORT   STATE         SERVICE VERSION
  1398. 68/udp open|filtered dhcpc
  1399. Too many fingerprints match this host to give specific OS details
  1400. Network Distance: 11 hops
  1401.  
  1402. TRACEROUTE (using proto 1/icmp)
  1403. HOP RTT       ADDRESS
  1404. 1   229.49 ms 10.245.200.1
  1405. 2   229.51 ms v106.ce01.hkg-10.hk.leaseweb.net (43.249.36.188)
  1406. 3   230.86 ms te-0-0-0-0.br02.hkg-10.hk.leaseweb.net (43.249.36.10)
  1407. 4   230.89 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1408. 5   230.90 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1409. 6   369.48 ms 4826.hkg.equinix.com (119.27.63.115)
  1410. 7   369.52 ms Te-0-1-0-2-1.cor02.syd04.nsw.VOCUS.net.au (119.161.84.21)
  1411. 8   370.15 ms BE-1.cor01.syd11.nsw.VOCUS.net.au (114.31.192.40)
  1412. 9   370.20 ms 114.31.192.39
  1413. 10  370.24 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1414. 11  368.69 ms a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1415. #######################################################################################################################################
  1416. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:35 EST
  1417. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1418. Host is up (0.15s latency).
  1419.  
  1420. PORT   STATE         SERVICE VERSION
  1421. 69/udp open|filtered tftp
  1422. Too many fingerprints match this host to give specific OS details
  1423. Network Distance: 11 hops
  1424.  
  1425. TRACEROUTE (using proto 1/icmp)
  1426. HOP RTT       ADDRESS
  1427. 1   228.01 ms 10.245.200.1
  1428. 2   228.05 ms v106.ce01.hkg-10.hk.leaseweb.net (43.249.36.188)
  1429. 3   228.83 ms te-0-0-0-0.br02.hkg-10.hk.leaseweb.net (43.249.36.10)
  1430. 4   229.63 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1431. 5   229.66 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1432. 6   368.09 ms 4826.hkg.equinix.com (119.27.63.115)
  1433. 7   368.12 ms Te-0-1-0-2-1.cor02.syd04.nsw.VOCUS.net.au (119.161.84.21)
  1434. 8   368.96 ms BE-1.cor01.syd11.nsw.VOCUS.net.au (114.31.192.40)
  1435. 9   368.99 ms 114.31.192.39
  1436. 10  372.77 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1437. 11  369.01 ms a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1438. #######################################################################################################################################
  1439.  
  1440.                                  ^     ^
  1441.         _   __  _   ____ _   __  _    _   ____
  1442.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  1443.       | V V // o // _/ | V V // 0 // 0 // _/
  1444.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  1445.                                 <
  1446.                                 ...'
  1447.  
  1448.     WAFW00F - Web Application Firewall Detection Tool
  1449.  
  1450.     By Sandro Gauci && Wendel G. Henrique
  1451.  
  1452. Checking http://104.72.70.116
  1453. Generic Detection results:
  1454. No WAF detected by the generic detection
  1455. Number of requests: 14
  1456. #######################################################################################################################################
  1457. wig - WebApp Information Gatherer
  1458.  
  1459.  
  1460. Scanning http://104.72.70.116...
  1461. _____________________ SITE INFO ______________________
  1462. IP              Title                                
  1463. 104.72.70.116                                      
  1464.                                                      
  1465. ______________________ VERSION _______________________
  1466. Name            Versions           Type              
  1467.                                                      
  1468. ____________________ INTERESTING _____________________
  1469. URL             Note               Type              
  1470. /readme.html    Readme file        Interesting        
  1471. /install.php    Installation file  Interesting        
  1472. /test.php       Test file          Interesting        
  1473. /test.htm       Test file          Interesting        
  1474.                                                      
  1475. ______________________________________________________
  1476. Time: 50.2 sec  Urls: 598          Fingerprints: 40401
  1477. #######################################################################################################################################
  1478. HTTP/1.1 400 Bad Request
  1479. Mime-Version: 1.0
  1480. Content-Type: text/html
  1481. Content-Length: 207
  1482. Expires: Sat, 26 Jan 2019 01:39:26 GMT
  1483. Date: Sat, 26 Jan 2019 01:39:26 GMT
  1484. Connection: keep-alive
  1485.  
  1486. HTTP/1.1 400 Bad Request
  1487. Mime-Version: 1.0
  1488. Content-Type: text/html
  1489. Content-Length: 207
  1490. Expires: Sat, 26 Jan 2019 01:39:27 GMT
  1491. Date: Sat, 26 Jan 2019 01:39:27 GMT
  1492. Connection: keep-alive
  1493. #######################################################################################################################################
  1494. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:39 EST
  1495. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1496. Host is up (0.15s latency).
  1497.  
  1498. PORT    STATE         SERVICE VERSION
  1499. 123/udp open|filtered ntp
  1500. Too many fingerprints match this host to give specific OS details
  1501. Network Distance: 11 hops
  1502.  
  1503. TRACEROUTE (using proto 1/icmp)
  1504. HOP RTT       ADDRESS
  1505. 1   229.29 ms 10.245.200.1
  1506. 2   229.35 ms v106.ce01.hkg-10.hk.leaseweb.net (43.249.36.188)
  1507. 3   229.37 ms te-0-0-0-0.br02.hkg-10.hk.leaseweb.net (43.249.36.10)
  1508. 4   230.66 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1509. 5   230.70 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1510. 6   369.36 ms 4826.hkg.equinix.com (119.27.63.115)
  1511. 7   369.38 ms Te-0-1-0-2-1.cor02.syd04.nsw.VOCUS.net.au (119.161.84.21)
  1512. 8   369.61 ms BE-1.cor01.syd11.nsw.VOCUS.net.au (114.31.192.40)
  1513. 9   370.79 ms 114.31.192.39
  1514. 10  781.16 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1515. 11  367.90 ms a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1516. #######################################################################################################################################
  1517. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:41 EST
  1518. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1519. Host is up (0.30s latency).
  1520.  
  1521. PORT    STATE         SERVICE VERSION
  1522. 161/tcp filtered      snmp
  1523. 161/udp open|filtered snmp
  1524. Too many fingerprints match this host to give specific OS details
  1525. Network Distance: 11 hops
  1526.  
  1527. TRACEROUTE (using proto 1/icmp)
  1528. HOP RTT       ADDRESS
  1529. 1   229.18 ms 10.245.200.1
  1530. 2   229.21 ms v106.ce01.hkg-10.hk.leaseweb.net (43.249.36.188)
  1531. 3   229.23 ms te-0-0-0-0.br02.hkg-10.hk.leaseweb.net (43.249.36.10)
  1532. 4   230.60 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1533. 5   230.63 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1534. 6   368.69 ms 4826.hkg.equinix.com (119.27.63.115)
  1535. 7   368.73 ms Te-0-1-0-2-1.cor02.syd04.nsw.VOCUS.net.au (119.161.84.21)
  1536. 8   370.13 ms BE-1.cor01.syd11.nsw.VOCUS.net.au (114.31.192.40)
  1537. 9   370.10 ms 114.31.192.39
  1538. 10  370.70 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1539. 11  367.36 ms a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1540. #######################################################################################################################################
  1541. Version: 1.11.12-static
  1542. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1543.  
  1544. Connected to 104.72.70.116
  1545.  
  1546. Testing SSL server 104.72.70.116 on port 443 using SNI name 104.72.70.116
  1547.  
  1548.   TLS Fallback SCSV:
  1549. Server does not support TLS Fallback SCSV
  1550.  
  1551.   TLS renegotiation:
  1552. Session renegotiation not supported
  1553.  
  1554.   TLS Compression:
  1555. Compression disabled
  1556.  
  1557.   Heartbleed:
  1558. TLS 1.2 not vulnerable to heartbleed
  1559. TLS 1.1 not vulnerable to heartbleed
  1560. TLS 1.0 not vulnerable to heartbleed
  1561.  
  1562.   Supported Server Cipher(s):
  1563. #######################################################################################################################################
  1564. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:47 EST
  1565. NSE: Loaded 148 scripts for scanning.
  1566. NSE: Script Pre-scanning.
  1567. NSE: Starting runlevel 1 (of 2) scan.
  1568. Initiating NSE at 20:47
  1569. Completed NSE at 20:47, 0.00s elapsed
  1570. NSE: Starting runlevel 2 (of 2) scan.
  1571. Initiating NSE at 20:47
  1572. Completed NSE at 20:47, 0.00s elapsed
  1573. Initiating Ping Scan at 20:47
  1574. Scanning 104.72.70.116 [4 ports]
  1575. Completed Ping Scan at 20:47, 0.27s elapsed (1 total hosts)
  1576. Initiating Parallel DNS resolution of 1 host. at 20:47
  1577. Completed Parallel DNS resolution of 1 host. at 20:47, 0.03s elapsed
  1578. Initiating Connect Scan at 20:47
  1579. Scanning a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116) [1000 ports]
  1580. Discovered open port 80/tcp on 104.72.70.116
  1581. Discovered open port 443/tcp on 104.72.70.116
  1582. Completed Connect Scan at 20:47, 12.56s elapsed (1000 total ports)
  1583. Initiating Service scan at 20:47
  1584. Scanning 2 services on a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1585. Service scan Timing: About 50.00% done; ETC: 20:48 (0:00:36 remaining)
  1586. Completed Service scan at 20:48, 37.40s elapsed (2 services on 1 host)
  1587. Initiating OS detection (try #1) against a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1588. Retrying OS detection (try #2) against a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1589. Initiating Traceroute at 20:48
  1590. Completed Traceroute at 20:48, 0.61s elapsed
  1591. Initiating Parallel DNS resolution of 11 hosts. at 20:48
  1592. Completed Parallel DNS resolution of 11 hosts. at 20:48, 16.50s elapsed
  1593. NSE: Script scanning 104.72.70.116.
  1594. NSE: Starting runlevel 1 (of 2) scan.
  1595. Initiating NSE at 20:48
  1596. NSE Timing: About 99.28% done; ETC: 20:49 (0:00:00 remaining)
  1597. NSE Timing: About 99.64% done; ETC: 20:49 (0:00:00 remaining)
  1598. NSE Timing: About 99.64% done; ETC: 20:50 (0:00:00 remaining)
  1599. Completed NSE at 20:50, 91.93s elapsed
  1600. NSE: Starting runlevel 2 (of 2) scan.
  1601. Initiating NSE at 20:50
  1602. Completed NSE at 20:50, 0.75s elapsed
  1603. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1604. Host is up, received reset ttl 64 (0.21s latency).
  1605. Scanned at 2019-01-25 20:47:25 EST for 167s
  1606. Not shown: 995 filtered ports
  1607. Reason: 995 no-responses
  1608. PORT    STATE  SERVICE      REASON       VERSION
  1609. 25/tcp  closed smtp         conn-refused
  1610. 80/tcp  open   http-proxy   syn-ack      Squid http proxy
  1611. |_http-open-proxy: Proxy might be redirecting requests
  1612. |_http-title: Invalid URL
  1613. 139/tcp closed netbios-ssn  conn-refused
  1614. 443/tcp open   https?       syn-ack
  1615. 445/tcp closed microsoft-ds conn-refused
  1616. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  1617. SF-Port443-TCP:V=7.70%I=7%D=1/25%Time=5C4BBC41%P=x86_64-pc-linux-gnu%r(SSL
  1618. SF:SessionReq,7,"\x15\x03\x04\0\x02\x02P")%r(TLSSessionReq,7,"\x15\x03\x04
  1619. SF:\0\x02\x02P")%r(SSLv23SessionReq,7,"\x15\x03\x04\0\x02\x02P");
  1620. Device type: general purpose|storage-misc|broadband router|WAP|phone
  1621. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (94%), HP embedded (91%), Asus embedded (87%), Google Android 4.X (87%)
  1622. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:google:android:4.0
  1623. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  1624. Aggressive OS guesses: Linux 3.16 - 4.6 (94%), Linux 3.10 - 4.11 (92%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.2 (92%), Linux 4.4 (92%), Linux 3.18 (91%), HP P2000 G3 NAS device (91%), Linux 3.2 - 4.9 (90%), Linux 3.16 (90%)
  1625. No exact OS matches for host (test conditions non-ideal).
  1626. TCP/IP fingerprint:
  1627. SCAN(V=7.70%E=4%D=1/25%OT=80%CT=25%CU=%PV=N%DS=11%DC=T%G=N%TM=5C4BBCD4%P=x86_64-pc-linux-gnu)
  1628. SEQ(SP=100%GCD=1%ISR=10A%TI=Z%CI=Z%TS=8)
  1629. OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
  1630. WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
  1631. ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)
  1632. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
  1633. T2(R=N)
  1634. T3(R=N)
  1635. T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1636. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
  1637. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1638. T7(R=N)
  1639. U1(R=N)
  1640. IE(R=Y%DFI=N%TG=40%CD=S)
  1641.  
  1642. Uptime guess: 42.407 days (since Fri Dec 14 11:03:56 2018)
  1643. Network Distance: 11 hops
  1644. TCP Sequence Prediction: Difficulty=256 (Good luck!)
  1645. IP ID Sequence Generation: All zeros
  1646.  
  1647. TRACEROUTE (using proto 1/icmp)
  1648. HOP RTT       ADDRESS
  1649. 1   229.51 ms 10.245.200.1
  1650. 2   229.53 ms v106.ce01.hkg-10.hk.leaseweb.net (43.249.36.188)
  1651. 3   230.53 ms te-0-0-0-0.br02.hkg-10.hk.leaseweb.net (43.249.36.10)
  1652. 4   231.32 ms xe-5-1-0.br01.hkg-12.hk.leaseweb.net (64.120.119.226)
  1653. 5   231.13 ms ae-101.bb10.hkg-12.leaseweb.net (31.31.38.192)
  1654. 6   369.94 ms 4826.hkg.equinix.com (119.27.63.115)
  1655. 7   369.97 ms Te-0-1-0-2-1.cor02.syd04.nsw.VOCUS.net.au (119.161.84.21)
  1656. 8   370.00 ms BE-1.cor01.syd11.nsw.VOCUS.net.au (114.31.192.40)
  1657. 9   370.00 ms 114.31.192.39
  1658. 10  378.06 ms as20940.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.226)
  1659. 11  367.33 ms a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1660.  
  1661. NSE: Script Post-scanning.
  1662. NSE: Starting runlevel 1 (of 2) scan.
  1663. Initiating NSE at 20:50
  1664. Completed NSE at 20:50, 0.00s elapsed
  1665. NSE: Starting runlevel 2 (of 2) scan.
  1666. Initiating NSE at 20:50
  1667. Completed NSE at 20:50, 0.00s elapsed
  1668. Read data files from: /usr/bin/../share/nmap
  1669. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1670. Nmap done: 1 IP address (1 host up) scanned in 167.20 seconds
  1671.            Raw packets sent: 84 (7.248KB) | Rcvd: 46 (3.562KB)
  1672. #######################################################################################################################################
  1673. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-25 20:50 EST
  1674. NSE: Loaded 148 scripts for scanning.
  1675. NSE: Script Pre-scanning.
  1676. Initiating NSE at 20:50
  1677. Completed NSE at 20:50, 0.00s elapsed
  1678. Initiating NSE at 20:50
  1679. Completed NSE at 20:50, 0.00s elapsed
  1680. Initiating Parallel DNS resolution of 1 host. at 20:50
  1681. Completed Parallel DNS resolution of 1 host. at 20:50, 0.02s elapsed
  1682. Initiating UDP Scan at 20:50
  1683. Scanning a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116) [14 ports]
  1684. Completed UDP Scan at 20:50, 3.11s elapsed (14 total ports)
  1685. Initiating Service scan at 20:50
  1686. Scanning 12 services on a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1687. Service scan Timing: About 8.33% done; ETC: 21:09 (0:17:47 remaining)
  1688. Completed Service scan at 20:51, 102.58s elapsed (12 services on 1 host)
  1689. Initiating OS detection (try #1) against a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1690. Retrying OS detection (try #2) against a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1691. Initiating Traceroute at 20:52
  1692. Completed Traceroute at 20:52, 7.28s elapsed
  1693. Initiating Parallel DNS resolution of 1 host. at 20:52
  1694. Completed Parallel DNS resolution of 1 host. at 20:52, 0.02s elapsed
  1695. NSE: Script scanning 104.72.70.116.
  1696. Initiating NSE at 20:52
  1697. Completed NSE at 20:52, 20.32s elapsed
  1698. Initiating NSE at 20:52
  1699. Completed NSE at 20:52, 1.74s elapsed
  1700. Nmap scan report for a104-72-70-116.deploy.static.akamaitechnologies.com (104.72.70.116)
  1701. Host is up (0.29s latency).
  1702.  
  1703. PORT     STATE         SERVICE      VERSION
  1704. 53/udp   open|filtered domain
  1705. 67/udp   open|filtered dhcps
  1706. 68/udp   open|filtered dhcpc
  1707. 69/udp   open|filtered tftp
  1708. 88/udp   open|filtered kerberos-sec
  1709. 123/udp  open|filtered ntp
  1710. 137/udp  filtered      netbios-ns
  1711. 138/udp  filtered      netbios-dgm
  1712. 139/udp  open|filtered netbios-ssn
  1713. 161/udp  open|filtered snmp
  1714. 162/udp  open|filtered snmptrap
  1715. 389/udp  open|filtered ldap
  1716. 520/udp  open|filtered route
  1717. 2049/udp open|filtered nfs
  1718. Too many fingerprints match this host to give specific OS details
  1719.  
  1720. TRACEROUTE (using port 138/udp)
  1721. HOP RTT       ADDRESS
  1722. 1   227.77 ms 10.245.200.1
  1723. 2   ... 3
  1724. 4   230.59 ms 10.245.200.1
  1725. 5   229.61 ms 10.245.200.1
  1726. 6   229.61 ms 10.245.200.1
  1727. 7   229.60 ms 10.245.200.1
  1728. 8   229.60 ms 10.245.200.1
  1729. 9   229.59 ms 10.245.200.1
  1730. 10  229.63 ms 10.245.200.1
  1731. 11  ... 18
  1732. 19  228.95 ms 10.245.200.1
  1733. 20  227.54 ms 10.245.200.1
  1734. 21  ... 27
  1735. 28  228.82 ms 10.245.200.1
  1736. 29  ...
  1737. 30  227.60 ms 10.245.200.1
  1738.  
  1739. NSE: Script Post-scanning.
  1740. Initiating NSE at 20:52
  1741. Completed NSE at 20:52, 0.00s elapsed
  1742. Initiating NSE at 20:52
  1743. Completed NSE at 20:52, 0.00s elapsed
  1744. Read data files from: /usr/bin/../share/nmap
  1745. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1746. Nmap done: 1 IP address (1 host up) scanned in 143.22 seconds
  1747.            Raw packets sent: 135 (8.008KB) | Rcvd: 35 (3.519KB)
  1748. #######################################################################################################################################
  1749.                                           Anonymous JTSEC  #OpDomesticTerrorism Full Recon #1
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top