SHARE
TWEET

Anonymous JTSEC #OpDomesticTerrorism Full Recon #2

a guest Jan 26th, 2019 715 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. Nom de l'hôte  www.kuklosknights.com       FAI     Unified Layer
  3. Continent   Amérique du Nord       Drapeau    
  4. US
  5. Pays    Etats-Unis d'Amérique      Code du pays    US
  6. Région     Texas       Heure locale    26 Jan 2019 02:29 CST
  7. Ville   Houston         Code Postal     77092
  8. Adresse IP  108.167.137.202         Latitude    29.832
  9.             Longitude   -95.472
  10.  
  11. #######################################################################################################################################
  12. > www.kuklosknights.com
  13. Server:     27.50.70.139
  14. Address:    27.50.70.139#53
  15.  
  16. Non-authoritative answer:
  17. www.kuklosknights.com   canonical name = kuklosknights.com.
  18. Name:   kuklosknights.com
  19. Address: 108.167.137.202
  20. >
  21. #######################################################################################################################################
  22. HostIP:108.167.137.202
  23. HostName:www.kuklosknights.com
  24.  
  25. Gathered Inet-whois information for 108.167.137.202
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum:        107.181.160.0 - 108.255.255.255
  30. netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr:          IPv4 address block not managed by the RIPE NCC
  32. remarks:        ------------------------------------------------------
  33. remarks:
  34. remarks:        For registration information,
  35. remarks:        you can consult the following sources:
  36. remarks:
  37. remarks:        IANA
  38. remarks:        http://www.iana.org/assignments/ipv4-address-space
  39. remarks:        http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks:        AFRINIC (Africa)
  43. remarks:        http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks:        APNIC (Asia Pacific)
  46. remarks:        http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks:        ARIN (Northern America)
  49. remarks:        http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks:        LACNIC (Latin America and the Carribean)
  52. remarks:        http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks:        ------------------------------------------------------
  55. country:        EU # Country is really world wide
  56. admin-c:        IANA1-RIPE
  57. tech-c:         IANA1-RIPE
  58. status:         ALLOCATED UNSPECIFIED
  59. mnt-by:         RIPE-NCC-HM-MNT
  60. created:        2019-01-07T10:45:12Z
  61. last-modified:  2019-01-07T10:45:12Z
  62. source:         RIPE
  63.  
  64. role:           Internet Assigned Numbers Authority
  65. address:        see http://www.iana.org.
  66. admin-c:        IANA1-RIPE
  67. tech-c:         IANA1-RIPE
  68. nic-hdl:        IANA1-RIPE
  69. remarks:        For more information on IANA services
  70. remarks:        go to IANA web site at http://www.iana.org.
  71. mnt-by:         RIPE-NCC-MNT
  72. created:        1970-01-01T00:00:00Z
  73. last-modified:  2001-09-22T09:31:27Z
  74. source:         RIPE # Filtered
  75.  
  76. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
  77.  
  78.  
  79.  
  80. Gathered Inic-whois information for kuklosknights.com
  81. ---------------------------------------------------------------------------------------------------------------------------------------
  82.    Domain Name: KUKLOSKNIGHTS.COM
  83.    Registry Domain ID: 1660351287_DOMAIN_COM-VRSN
  84.    Registrar WHOIS Server: whois.launchpad.com
  85.    Registrar URL: http://www.launchpad.com
  86.    Updated Date: 2017-06-09T18:21:59Z
  87.    Creation Date: 2011-06-07T16:21:02Z
  88.    Registry Expiry Date: 2021-06-07T16:21:02Z
  89.    Registrar: Launchpad.com Inc.
  90.    Registrar IANA ID: 955
  91.    Registrar Abuse Contact Email:
  92.    Registrar Abuse Contact Phone:
  93.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  94.    Name Server: NS157.EHOSTS.COM
  95.    Name Server: NS158.EHOSTS.COM
  96.    DNSSEC: unsigned
  97.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  98. >>> Last update of whois database: 2019-01-26T08:37:00Z <<<
  99.  
  100. For more information on Whois status codes, please visit https://icann.org/epp
  101.  
  102. NOTICE: The expiration date displayed in this record is the date the
  103. registrar's sponsorship of the domain name registration in the registry is
  104. currently set to expire. This date does not necessarily reflect the expiration
  105. date of the domain name registrant's agreement with the sponsoring
  106. registrar.  Users may consult the sponsoring registrar's Whois database to
  107. view the registrar's reported date of expiration for this registration.
  108.  
  109. TERMS OF USE: You are not authorized to access or query our Whois
  110. database through the use of electronic processes that are high-volume and
  111. automated except as reasonably necessary to register domain names or
  112. modify existing registrations; the Data in VeriSign Global Registry
  113. Services' ("VeriSign") Whois database is provided by VeriSign for
  114. information purposes only, and to assist persons in obtaining information
  115. about or related to a domain name registration record. VeriSign does not
  116. guarantee its accuracy. By submitting a Whois query, you agree to abide
  117. by the following terms of use: You agree that you may use this Data only
  118. for lawful purposes and that under no circumstances will you use this Data
  119. to: (1) allow, enable, or otherwise support the transmission of mass
  120. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  121. or facsimile; or (2) enable high volume, automated, electronic processes
  122. that apply to VeriSign (or its computer systems). The compilation,
  123. repackaging, dissemination or other use of this Data is expressly
  124. prohibited without the prior written consent of VeriSign. You agree not to
  125. use electronic processes that are automated and high-volume to access or
  126. query the Whois database except as reasonably necessary to register
  127. domain names or modify existing registrations. VeriSign reserves the right
  128. to restrict your access to the Whois database in its sole discretion to ensure
  129. operational stability.  VeriSign may restrict or terminate your access to the
  130. Whois database for failure to abide by these terms of use. VeriSign
  131. reserves the right to modify these terms at any time.
  132.  
  133. The Registry database contains ONLY .COM, .NET, .EDU domains and
  134. Registrars.
  135.  
  136. Gathered Netcraft information for www.kuklosknights.com
  137. ---------------------------------------------------------------------------------------------------------------------------------------
  138.  
  139. Retrieving Netcraft.com information for www.kuklosknights.com
  140. Netcraft.com Information gathered
  141.  
  142. Gathered Subdomain information for kuklosknights.com
  143. ---------------------------------------------------------------------------------------------------------------------------------------
  144. Searching Google.com:80...
  145. HostName:www.kuklosknights.com
  146. HostIP:108.167.137.202
  147. Searching Altavista.com:80...
  148. Found 1 possible subdomain(s) for host kuklosknights.com, Searched 0 pages containing 0 results
  149.  
  150. Gathered E-Mail information for kuklosknights.com
  151. ---------------------------------------------------------------------------------------------------------------------------------------
  152. Searching Google.com:80...
  153. Searching Altavista.com:80...
  154. Found 0 E-Mail(s) for host kuklosknights.com, Searched 0 pages containing 0 results
  155.  
  156. Gathered TCP Port information for 108.167.137.202
  157. ---------------------------------------------------------------------------------------------------------------------------------------
  158.  
  159.  Port       State
  160.  
  161. 26/tcp      open
  162. 53/tcp      open
  163. 80/tcp      open
  164. 110/tcp     open
  165. 143/tcp     open
  166.  
  167. Portscan Finished: Scanned 150 ports, 142 ports were in state closed
  168. #######################################################################################################################################
  169. [i] Scanning Site: http://www.kuklosknights.com
  170.  
  171.  
  172.  
  173. B A S I C   I N F O
  174. =======================================================================================================================================
  175.  
  176.  
  177. [+] Site Title:
  178. [+] IP address: 108.167.137.202
  179. [+] Web Server: Could Not Detect
  180. [+] CMS: Could Not Detect
  181. [+] Cloudflare: Not Detected
  182. [+] Robots File: Could NOT Find robots.txt!
  183.  
  184.  
  185.  
  186.  
  187. W H O I S   L O O K U P
  188. =======================================================================================================================================
  189.  
  190.        Domain Name: KUKLOSKNIGHTS.COM
  191.    Registry Domain ID: 1660351287_DOMAIN_COM-VRSN
  192.    Registrar WHOIS Server: whois.launchpad.com
  193.    Registrar URL: http://www.launchpad.com
  194.    Updated Date: 2017-06-09T18:21:59Z
  195.    Creation Date: 2011-06-07T16:21:02Z
  196.    Registry Expiry Date: 2021-06-07T16:21:02Z
  197.    Registrar: Launchpad.com Inc.
  198.    Registrar IANA ID: 955
  199.    Registrar Abuse Contact Email:
  200.    Registrar Abuse Contact Phone:
  201.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  202.    Name Server: NS157.EHOSTS.COM
  203.    Name Server: NS158.EHOSTS.COM
  204.    DNSSEC: unsigned
  205.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  206. >>> Last update of whois database: 2019-01-26T08:46:38Z <<<
  207.  
  208. For more information on Whois status codes, please visit https://icann.org/epp
  209.  
  210.  
  211.  
  212. The Registry database contains ONLY .COM, .NET, .EDU domains and
  213. Registrars.
  214.  
  215.  
  216.  
  217.  
  218. G E O  I P  L O O K  U P
  219. =======================================================================================================================================
  220.  
  221. [i] IP Address: 108.167.137.202
  222. [i] Country: United States
  223. [i] State: Texas
  224. [i] City: Houston
  225. [i] Latitude: 29.8324
  226. [i] Longitude: -95.472
  227.  
  228.  
  229.  
  230.  
  231.  
  232.  
  233.  
  234. D N S   L O O K U P
  235. =======================================================================================================================================
  236.  
  237. kuklosknights.com.  14399   IN  TXT "v=spf1 +a +mx +ip4:108.167.137.45 +include:websitewelcome.com ~all"
  238. kuklosknights.com.  14399   IN  MX  0 mail.kuklosknights.com.
  239. kuklosknights.com.  21599   IN  SOA ns157.ehosts.com. dnsadmin.e29.ehosts.com. 2017120503 86400 7200 3600000 86400
  240. kuklosknights.com.  21599   IN  NS  ns157.ehosts.com.
  241. kuklosknights.com.  21599   IN  NS  ns158.ehosts.com.
  242. kuklosknights.com.  14399   IN  A   108.167.137.202
  243.  
  244.  
  245.  
  246.  
  247. S U B N E T   C A L C U L A T I O N
  248. =======================================================================================================================================
  249.  
  250. Address       = 108.167.137.202
  251. Network       = 108.167.137.202 / 32
  252. Netmask       = 255.255.255.255
  253. Broadcast     = not needed on Point-to-Point links
  254. Wildcard Mask = 0.0.0.0
  255. Hosts Bits    = 0
  256. Max. Hosts    = 1   (2^0 - 0)
  257. Host Range    = { 108.167.137.202 - 108.167.137.202 }
  258.  
  259.  
  260.  
  261. N M A P   P O R T   S C A N
  262. ======================================================================================================================================
  263.  
  264.  
  265. Starting Nmap 7.40 ( https://nmap.org ) at 2019-01-26 08:48 UTC
  266. Nmap scan report for kuklosknights.com (108.167.137.202)
  267. Host is up (0.056s latency).
  268. rDNS record for 108.167.137.202: vps.httpdoispontos.com.br
  269. PORT     STATE    SERVICE
  270. 21/tcp   open     ftp
  271. 22/tcp   filtered ssh
  272. 23/tcp   closed   telnet
  273. 80/tcp   open     http
  274. 110/tcp  open     pop3
  275. 143/tcp  open     imap
  276. 443/tcp  open     https
  277. 3389/tcp closed   ms-wbt-server
  278.  
  279. Nmap done: 1 IP address (1 host up) scanned in 1.46 seconds
  280.  
  281.  
  282.  
  283. S U B - D O M A I N   F I N D E R
  284. =======================================================================================================================================
  285.  
  286.  
  287. [i] Total Subdomains Found : 8
  288.  
  289. [+] Subdomain: www.annes-south-carolina-attic.kuklosknights.com
  290. [-] IP: 108.167.137.202
  291.  
  292. [+] Subdomain: alt-right-tennessee.kuklosknights.com
  293. [-] IP: 108.167.137.202
  294.  
  295. [+] Subdomain: www.alt-right-tennessee.kuklosknights.com
  296. [-] IP: 108.167.137.202
  297.  
  298. [+] Subdomain: webdisk.kuklosknights.com
  299. [-] IP: 108.167.137.202
  300.  
  301. [+] Subdomain: mail.kuklosknights.com
  302. [-] IP: 108.167.137.202
  303.  
  304. [+] Subdomain: kuklosklan.kuklosknights.com
  305. [-] IP: 108.167.137.202
  306.  
  307. [+] Subdomain: www.kuklosklan.kuklosknights.com
  308. [-] IP: 108.167.137.202
  309.  
  310. [+] Subdomain: autodiscover.kuklosknights.com
  311. [-] IP: 108.167.137.202
  312. #######################################################################################################################################
  313. [?] Enter the target: example( http://domain.com )
  314. http://www.kuklosknights.com/
  315. [!] IP Address : 108.167.137.202
  316. [!] www.kuklosknights.com doesn't seem to use a CMS
  317. [+] Honeypot Probabilty: 30%
  318. ---------------------------------------------------------------------------------------------------------------------------------------
  319. [~] Trying to gather whois information for www.kuklosknights.com
  320. [+] Whois information found
  321. [-] Unable to build response, visit https://who.is/whois/www.kuklosknights.com
  322. ---------------------------------------------------------------------------------------------------------------------------------------
  323. PORT     STATE    SERVICE
  324. 21/tcp   open     ftp
  325. 22/tcp   filtered ssh
  326. 23/tcp   closed   telnet
  327. 80/tcp   open     http
  328. 110/tcp  open     pop3
  329. 143/tcp  open     imap
  330. 443/tcp  open     https
  331. 3389/tcp closed   ms-wbt-server
  332. Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
  333. ---------------------------------------------------------------------------------------------------------------------------------------
  334.  
  335. [+] DNS Records
  336. ns157.ehosts.com. (108.167.137.196) AS20013 CyrusOne LLC United States
  337. ns158.ehosts.com. (108.167.137.199) AS20013 CyrusOne LLC United States
  338.  
  339. [+] MX Records
  340. 0 (108.167.137.202) AS20013 CyrusOne LLC United States
  341.  
  342. [+] Host Records (A)
  343. www.kuklosknights.comHTTP: (vps.httpdoispontos.com.br) (108.167.137.202) AS20013 CyrusOne LLC United States
  344.  
  345. [+] TXT Records
  346. "v=spf1 +a +mx +ip4:108.167.137.45 +include:websitewelcome.com ~all"
  347.  
  348. [+] DNS Map: https://dnsdumpster.com/static/map/kuklosknights.com.png
  349.  
  350. [>] Initiating 3 intel modules
  351. [>] Loading Alpha module (1/3)
  352. [>] Beta module deployed (2/3)
  353. [>] Gamma module initiated (3/3)
  354. No emails found
  355. No hosts found
  356. [+] Virtual hosts:
  357. ---------------------------------------------------------------------------------------------------------------------------------------
  358. #######################################################################################################################################
  359. ; <<>> DiG 9.11.5-P1-1-Debian <<>> kuklosknights.com
  360. ;; global options: +cmd
  361. ;; Got answer:
  362. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39790
  363. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  364.  
  365. ;; OPT PSEUDOSECTION:
  366. ; EDNS: version: 0, flags:; udp: 4096
  367. ;; QUESTION SECTION:
  368. ;kuklosknights.com.     IN  A
  369.  
  370. ;; ANSWER SECTION:
  371. kuklosknights.com.  6530    IN  A   108.167.137.202
  372.  
  373. ;; Query time: 56 msec
  374. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  375. ;; WHEN: sam jan 26 05:48:45 EST 2019
  376. ;; MSG SIZE  rcvd: 62
  377. #######################################################################################################################################
  378. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace kuklosknights.com
  379. ;; global options: +cmd
  380. .           80961   IN  NS  b.root-servers.net.
  381. .           80961   IN  NS  e.root-servers.net.
  382. .           80961   IN  NS  f.root-servers.net.
  383. .           80961   IN  NS  i.root-servers.net.
  384. .           80961   IN  NS  h.root-servers.net.
  385. .           80961   IN  NS  k.root-servers.net.
  386. .           80961   IN  NS  m.root-servers.net.
  387. .           80961   IN  NS  c.root-servers.net.
  388. .           80961   IN  NS  j.root-servers.net.
  389. .           80961   IN  NS  a.root-servers.net.
  390. .           80961   IN  NS  g.root-servers.net.
  391. .           80961   IN  NS  d.root-servers.net.
  392. .           80961   IN  NS  l.root-servers.net.
  393. .           80961   IN  RRSIG   NS 8 0 518400 20190208050000 20190126040000 16749 . q3rKVHRQb5EcsI86uppQah+11q0MrACf+KdZ1Qpcu7OkWgpa17mr6Glj 06BKGkKp7Fl1oRZ8Lmzgd/DsEXwb+/1zG/m2hIDsbNkrBBv0Mw1cNb8s vSetOM+aOpggSzRKeZFjMIpZAVXj3dYIA0jdMuUXT+/myvTc3rBTNv6j +YLIV2l7500Jl54ZLiZC5v0B8y/limYOuwLu3T4zW238vO+xQYMluRXL H8K4p057sjUrFDlL2GSFKDw/DfPdgWEmhci/GwVZnzPEgKR1EN2yXxLC kvuw2SBF+cbku/zJM+3YTV7TfCwx1TuZkIuNUx1OiTs0HtoOyruzKv+B /C+XjQ==
  394. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 58 ms
  395.  
  396. com.            172800  IN  NS  a.gtld-servers.net.
  397. com.            172800  IN  NS  b.gtld-servers.net.
  398. com.            172800  IN  NS  c.gtld-servers.net.
  399. com.            172800  IN  NS  d.gtld-servers.net.
  400. com.            172800  IN  NS  e.gtld-servers.net.
  401. com.            172800  IN  NS  f.gtld-servers.net.
  402. com.            172800  IN  NS  g.gtld-servers.net.
  403. com.            172800  IN  NS  h.gtld-servers.net.
  404. com.            172800  IN  NS  i.gtld-servers.net.
  405. com.            172800  IN  NS  j.gtld-servers.net.
  406. com.            172800  IN  NS  k.gtld-servers.net.
  407. com.            172800  IN  NS  l.gtld-servers.net.
  408. com.            172800  IN  NS  m.gtld-servers.net.
  409. com.            86400   IN  DS  30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
  410. com.            86400   IN  RRSIG   DS 8 1 86400 20190208050000 20190126040000 16749 . ZeR2FbDpSLBwWOA4vLlGMLGdnK2cia5MyTI1XW4R6nx5Ue//c+/xanKi NtxEKMJZmMsEXfAH0x20a949IHTdKoAjesDj0tLAGTTCPnEp7WdI/5Zg tp5mnmvYJoIpvCA397vZqoA/oJNpbKJzJ7dZQkUT0udi9p9wQzPuK4gm 77kRluvcmPTfjdK+EKAp3XpH5TRjBZF7nK7RBjQylQrWt+vkhscPUiiP f9FHgFdU8Lki8sjcnhkQWMRsv+hcueR+p336Tgluonyk2+PZ68oL4cFu VZQo3dif2Ot2ruSVyQ+22FtZSeB/PY71gEkWQgocuxW/xUgOoBef6v3t eaAxlw==
  411. ;; Received 1177 bytes from 2001:500:9f::42#53(l.root-servers.net) in 39 ms
  412.  
  413. kuklosknights.com.  172800  IN  NS  ns157.ehosts.com.
  414. kuklosknights.com.  172800  IN  NS  ns158.ehosts.com.
  415. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
  416. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190131054530 20190124043530 16883 com. eg1n7WXtR3qpZdjJTrXm3VEqhRWwaMXbomHWLWO3+Mixz/f/h6DBNEre p2ua4BLyXKu6ZjFFeqpMWacSSLUULHt7U50ag5dJJm6EaSRunqsddPSX GLpVrikC+Xh4Y1de3bMzgz//7+/+GgNLHeGr+ko+KcS2D//B5sz+LmEb oqw=
  417. P2KQC2R406TPRRNVTJI8G7OHKAA16JNB.com. 86400 IN NSEC3 1 1 0 - P2KSACNK27EO08F0O3E1695N3ODBPFJE NS DS RRSIG
  418. P2KQC2R406TPRRNVTJI8G7OHKAA16JNB.com. 86400 IN RRSIG NSEC3 8 2 86400 20190201062126 20190125051126 16883 com. cfWHotgl922Q4doMETtT22aixeeog4K5PaDl6XPYVxC/R7thXZ05aQX0 Tlk6DoJt9imZzYG1kE2kka2XYJRl6UIZzW2bsHCTJ1E3LXFpiOK505z6 1c4zuCUdoRw+QxBPogubnx6i7/AvxkVxXHfEhsrZkxKoa2DBXBReh9pH Vl4=
  419. ;; Received 610 bytes from 192.43.172.30#53(i.gtld-servers.net) in 58 ms
  420.  
  421. kuklosknights.com.  14400   IN  A   108.167.137.202
  422. kuklosknights.com.  86400   IN  NS  ns158.ehosts.com.
  423. kuklosknights.com.  86400   IN  NS  ns157.ehosts.com.
  424. ;; Received 141 bytes from 108.167.137.199#53(ns158.ehosts.com) in 82 ms
  425. #######################################################################################################################################
  426. Traceroute 'www.kuklosknights.com '
  427. ---------------------------------------------------------------------------------------------------------------------------------------
  428.  
  429. Start: 2019-01-26T10:50:24+0000
  430. HOST: web01                                          Loss%   Snt   Last   Avg  Best  Wrst StDev
  431.   1.|-- 45.79.12.202                                    0.0%     3    0.9   0.9   0.8   1.0   0.1
  432.   2.|-- 45.79.12.6                                      0.0%     3    0.6   0.6   0.6   0.8   0.1
  433.   3.|-- 45.79.12.8                                      0.0%     3    0.8   0.8   0.5   1.0   0.2
  434.   4.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com        0.0%     3    1.3   1.2   1.2   1.3   0.1
  435.   5.|-- be2764.ccr32.dfw01.atlas.cogentco.com           0.0%     3    1.9   1.7   1.5   1.9   0.2
  436.   6.|-- be2443.ccr42.iah01.atlas.cogentco.com           0.0%     3    8.7   7.4   6.7   8.7   1.1
  437.   7.|-- be3486.rcr22.iah02.atlas.cogentco.com           0.0%     3    8.1   7.7   7.3   8.1   0.4
  438.   8.|-- be3632.nr51.b023723-0.iah02.atlas.cogentco.com  0.0%     3    8.3   8.3   7.9   8.6   0.4
  439.   9.|-- 38.122.196.2                                    0.0%     3    7.8  15.2   7.7  30.1  12.9
  440.  10.|-- 216.117.50.150                                  0.0%     3   41.9  27.0  17.4  41.9  13.0
  441.  11.|-- po101.router2b.hou1.net.unifiedlayer.com        0.0%     3    8.3   7.9   7.6   8.3   0.4
  442.  12.|-- 108.167.150.105                                 0.0%     3    8.0   7.9   7.8   8.0   0.1
  443.  13.|-- 108.167.134.130                                 0.0%     3    7.7   7.9   7.7   8.3   0.3
  444.  14.|-- vps.httpdoispontos.com.br                       0.0%     3    8.1   8.0   7.9   8.1   0.1
  445. #######################################################################################################################################
  446. [*] Performing General Enumeration of Domain: kuklosknights.com
  447. [-] DNSSEC is not configured for kuklosknights.com
  448. [*]      SOA ns157.ehosts.com 108.167.137.196
  449. [*]      NS ns157.ehosts.com 108.167.137.196
  450. [*]      Bind Version for 108.167.137.196 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3
  451. [*]      NS ns158.ehosts.com 108.167.137.199
  452. [*]      Bind Version for 108.167.137.199 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3
  453. [*]      MX mail.kuklosknights.com 108.167.137.202
  454. [*]      A kuklosknights.com 108.167.137.202
  455. [*]      TXT kuklosknights.com v=spf1 +a +mx +ip4:108.167.137.45 +include:websitewelcome.com ~all
  456. [*] Enumerating SRV Records
  457. [*]      SRV _caldavs._tcp.kuklosknights.com e29.ehosts.com 108.167.137.45 2080 0
  458. [*]      SRV _caldav._tcp.kuklosknights.com e29.ehosts.com 108.167.137.45 2079 0
  459. [*]      SRV _carddav._tcp.kuklosknights.com e29.ehosts.com 108.167.137.45 2079 0
  460. [*]      SRV _carddavs._tcp.kuklosknights.com e29.ehosts.com 108.167.137.45 2080 0
  461. [*]      SRV _autodiscover._tcp.kuklosknights.com cpanelemaildiscovery.cpanel.net 208.74.123.37 443 0
  462. [*]      SRV _autodiscover._tcp.kuklosknights.com cpanelemaildiscovery.cpanel.net 208.74.123.53 443 0
  463. [*]      SRV _autodiscover._tcp.kuklosknights.com cpanelemaildiscovery.cpanel.net 208.74.120.196 443 0
  464. [*]      SRV _autodiscover._tcp.kuklosknights.com cpanelemaildiscovery.cpanel.net 208.74.120.173 443 0
  465. [+] 8 Records Found
  466. #######################################################################################################################################
  467. [*] Processing domain kuklosknights.com
  468. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  469. [+] Getting nameservers
  470. 108.167.137.196 - ns157.ehosts.com
  471. 108.167.137.199 - ns158.ehosts.com
  472. [-] Zone transfer failed
  473.  
  474. [+] TXT records found
  475. "v=spf1 +a +mx +ip4:108.167.137.45 +include:websitewelcome.com ~all"
  476.  
  477. [+] MX records found, added to target list
  478. 0 mail.kuklosknights.com.
  479.  
  480. [*] Scanning kuklosknights.com for A records
  481. 108.167.137.202 - kuklosknights.com                      
  482. 108.167.137.202 - ftp.kuklosknights.com                              
  483. 127.0.0.1 - localhost.kuklosknights.com                    
  484. 108.167.137.202 - mail.kuklosknights.com                    
  485. 108.167.137.202 - webdisk.kuklosknights.com                  
  486. 108.167.137.202 - webmail.kuklosknights.com                
  487. 108.167.137.202 - whm.kuklosknights.com                
  488. 108.167.137.202 - www.kuklosknights.com              
  489. #######################################################################################################################################
  490. Ip Address  Status  Type    Domain Name         Server
  491. ----------  ------  ----    -----------         ------
  492. 108.167.137.202 200     alias   ftp.kuklosknights.com      
  493. 108.167.137.202 200 host    kuklosknights.com      
  494. 127.0.0.1               host    localhost.kuklosknights.com
  495. 108.167.137.202 200     host    mail.kuklosknights.com     
  496. 108.167.137.202 401     alias   webmail.kuklosknights.com  
  497. 108.167.137.202 401 host    kuklosknights.com      
  498. 108.167.137.202 200     alias   www.kuklosknights.com      
  499. 108.167.137.202 200 host    kuklosknights.com      
  500. #######################################################################################################################################
  501. [+] Testing domain
  502.     www.kuklosknights.com      108.167.137.202    
  503. [+] Dns resolving
  504.        Domain name               Ip address              Name server      
  505.     kuklosknights.com         108.167.137.202     vps.httpdoispontos.com.br
  506. Found 1 host(s) for kuklosknights.com
  507. [+] Testing wildcard
  508.     Ok, no wildcard found.
  509.  
  510. [+] Scanning for subdomain on kuklosknights.com
  511. [!] Wordlist not specified. I scannig with my internal wordlist...
  512.     Estimated time about 53.81 seconds
  513.  
  514.         Subdomain                Ip address              Name server
  515.      
  516.   ftp.kuklosknights.com       108.167.137.202     vps.httpdoispontos.com.br
  517. localhost.kuklosknights.com        127.0.0.1                localhost        
  518.   mail.kuklosknights.com      108.167.137.202     vps.httpdoispontos.com.br
  519. webmail.kuklosknights.com     108.167.137.202     vps.httpdoispontos.com.br
  520.   www.kuklosknights.com       108.167.137.202     vps.httpdoispontos.com.br
  521. #######################################################################################################################################
  522. =======================================================================================================================================
  523. | External hosts:
  524. | [+] External Host Found: http://www.KuKlosKlan.com
  525. | [+] External Host Found: http://www.kkkstuff4sale.com
  526. | [+] External Host Found: http://kuklosknights.com
  527. =======================================================================================================================================
  528. | E-mails:
  529. | [+] E-mail Found: jesserego100@gmail.com
  530. | [+] E-mail Found: floydpepper100@gmail.com
  531. | [+] E-mail Found: paulpark311@gmail.com
  532. | [+] E-mail Found: barneyross2000@gmail.com
  533. | [+] E-mail Found: edbond100@gmail.com
  534. | [+] E-mail Found: wadekeegan100@gmail.com
  535. | [+] E-mail Found: leecrisomore101@gmail.com
  536. | [+] E-mail Found: deancornett100@gmail.com
  537. | [+] E-mail Found: racuff1@aol.com
  538. | [+] E-mail Found: thepad100@gmail.com
  539. | [+] E-mail Found: plamonica100@gmail.com
  540. | [+] E-mail Found: 100@gmail.com
  541. | [+] E-mail Found: justinschluter100@gmail.com
  542. | [+] E-mail Found: thomasmcmasterson100@gmail.com
  543. | [+] E-mail Found: josephberett100@gmail.com
  544. | [+] E-mail Found: darylsims100@gmail.com
  545. | [+] E-mail Found: allendement100@gmail.com
  546. | [+] E-mail Found: fredguysson100@gmail.com
  547. | [+] E-mail Found: stevemarkham100@gmail.com
  548. | [+] E-mail Found: racyff1@aol.com
  549. | [+] E-mail Found: lanebradshaw2@aol.com
  550. | [+] E-mail Found: philliplacey100@gmail.com
  551. | [+] E-mail Found: michaelsmith5005@gmail.com
  552. =======================================================================================================================================
  553. #######################################################################################################################################
  554. ---------------------------------------------------------------------------------------------------------------------------------------
  555. + Target IP:          108.167.137.202
  556. + Target Hostname:    www.kuklosknights.com
  557. + Target Port:        80
  558. + Start Time:         2019-01-26 04:24:43 (GMT-5)
  559. ---------------------------------------------------------------------------------------------------------------------------------------
  560. + Server: No banner retrieved
  561. + The anti-clickjacking X-Frame-Options header is not present.
  562. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  563. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  564. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  565. + Scan terminated:  20 error(s) and 3 item(s) reported on remote host
  566. + End Time:           2019-01-26 04:32:40 (GMT-5) (477 seconds)
  567. ---------------------------------------------------------------------------------------------------------------------------------------
  568. #######################################################################################################################################
  569. dnsenum VERSION:1.2.4
  570.  
  571. -----   www.kuklosknights.com   -----
  572.  
  573.  
  574. Host's addresses:
  575. __________________
  576.  
  577. kuklosknights.com.                       6641     IN    A        108.167.137.202
  578.  
  579.  
  580. Name Servers:
  581. ______________
  582.  
  583. ns158.ehosts.com.                        3600     IN    A        108.167.137.199
  584. ns157.ehosts.com.                        78641    IN    A        108.167.137.196
  585.  
  586.  
  587. Mail (MX) Servers:
  588. ___________________
  589.  
  590. mail.kuklosknights.com.                  14400    IN    A        108.167.137.202
  591.  
  592.  
  593. Trying Zone Transfers and getting Bind Versions:
  594. _________________________________________________
  595.  
  596.  
  597. Trying Zone Transfer for www.kuklosknights.com on ns158.ehosts.com ...
  598.  
  599. Trying Zone Transfer for www.kuklosknights.com on ns157.ehosts.com ...
  600.  
  601. brute force file not specified, bay.
  602. #######################################################################################################################################
  603.  
  604. Running Source: Ask
  605. Running Source: Archive.is
  606. Running Source: Baidu
  607. Running Source: Bing
  608. Running Source: CertDB
  609. Running Source: CertificateTransparency
  610. Running Source: Certspotter
  611. Running Source: Commoncrawl
  612. Running Source: Crt.sh
  613. Running Source: Dnsdb
  614. Running Source: DNSDumpster
  615. Running Source: DNSTable
  616. Running Source: Dogpile
  617. Running Source: Exalead
  618. Running Source: Findsubdomains
  619. Running Source: Googleter
  620. Running Source: Hackertarget
  621. Running Source: Ipv4Info
  622. Running Source: PTRArchive
  623. Running Source: Sitedossier
  624. Running Source: Threatcrowd
  625. Running Source: ThreatMiner
  626. Running Source: WaybackArchive
  627. Running Source: Yahoo
  628.  
  629. Running enumeration on www.kuklosknights.com
  630.  
  631. dnsdb: Unexpected return status 503
  632.  
  633. ipv4info: <nil>
  634.  
  635. crtsh: json: cannot unmarshal array into Go value of type crtsh.crtshObject
  636.  
  637. waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.www.kuklosknights.com/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.www.kuklosknights.com/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer
  638.  
  639.  
  640. Starting Bruteforcing of www.kuklosknights.com with 9985 words
  641.  
  642. Total 1 Unique subdomains found for www.kuklosknights.com
  643.  
  644. .www.kuklosknights.com
  645. #######################################################################################################################################
  646. [*] Found SPF record:
  647. [*] v=spf1 +a +mx +ip4:108.167.137.45 +include:websitewelcome.com ~all
  648. [*] SPF record contains an All item: ~all
  649. [*] No DMARC record found. Looking for organizational record
  650. [+] No organizational DMARC record
  651. [+] Spoofing possible for www.kuklosknights.com!
  652. ######################################################################################################################################
  653. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 05:53 EST
  654. Nmap scan report for www.kuklosknights.com (108.167.137.202)
  655. Host is up (0.079s latency).
  656. rDNS record for 108.167.137.202: vps.httpdoispontos.com.br
  657. Not shown: 460 closed ports, 2 filtered ports
  658. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  659. PORT     STATE SERVICE
  660. 53/tcp   open  domain
  661. 80/tcp   open  http
  662. 110/tcp  open  pop3
  663. 143/tcp  open  imap
  664. 443/tcp  open  https
  665. 465/tcp  open  smtps
  666. 587/tcp  open  submission
  667. 993/tcp  open  imaps
  668. 995/tcp  open  pop3s
  669. 2222/tcp open  EtherNetIP-1
  670. 3306/tcp open  mysql
  671. 5432/tcp open  postgresql
  672. 8080/tcp open  http-proxy
  673. 8443/tcp open  https-alt
  674. ######################################################################################################################################
  675. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 05:53 EST
  676. Nmap scan report for www.kuklosknights.com (108.167.137.202)
  677. Host is up (0.069s latency).
  678. rDNS record for 108.167.137.202: vps.httpdoispontos.com.br
  679. Not shown: 10 closed ports, 2 filtered ports
  680. PORT    STATE         SERVICE
  681. 53/udp  open          domain
  682. 162/udp open|filtered snmptrap
  683. #######################################################################################################################################
  684. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 05:53 EST
  685. Nmap scan report for www.kuklosknights.com (108.167.137.202)
  686. Host is up (0.078s latency).
  687. rDNS record for 108.167.137.202: vps.httpdoispontos.com.br
  688.  
  689. PORT   STATE SERVICE VERSION
  690. 53/tcp open  domain  ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  691. |_dns-fuzz: The server seems impervious to our assault.
  692. | dns-nsec-enum:
  693. |_  No NSEC records found
  694. | dns-nsec3-enum:
  695. |_  DNSSEC NSEC3 not supported
  696. | dns-nsid:
  697. |_  bind.version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3
  698. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  699. Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (94%), HP P2000 G3 NAS device (92%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%), Linux 3.18 (90%), Linux 3.2 - 4.9 (90%)
  700. No exact OS matches for host (test conditions non-ideal).
  701. Network Distance: 18 hops
  702. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  703.  
  704. Host script results:
  705. | dns-brute:
  706. |   DNS Brute-force hostnames:
  707. |     mail.kuklosknights.com - 108.167.137.202
  708. |     www.kuklosknights.com - 108.167.137.202
  709. |_    ftp.kuklosknights.com - 108.167.137.202
  710.  
  711. TRACEROUTE (using port 53/tcp)
  712. HOP RTT      ADDRESS
  713. 1   37.84 ms 10.244.200.1
  714. 2   37.87 ms 184.75.211.209
  715. 3   38.67 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
  716. 4   38.71 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
  717. 5   38.70 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
  718. 6   45.27 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
  719. 7   52.88 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
  720. 8   65.31 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
  721. 9   71.63 ms be2433.ccr32.dfw01.atlas.cogentco.com (154.54.3.213)
  722. 10  76.78 ms be2443.ccr42.iah01.atlas.cogentco.com (154.54.44.229)
  723. 11  77.40 ms 154.54.30.174
  724. 12  78.16 ms be3631.nr51.b023723-0.iah02.atlas.cogentco.com (154.24.30.38)
  725. 13  77.01 ms 38.122.196.34
  726. 14  78.39 ms 216.117.50.150
  727. 15  77.44 ms po101.router2a.hou1.net.unifiedlayer.com (162.241.0.7)
  728. 16  77.05 ms 108.167.150.105
  729. 17  77.01 ms 108.167.134.130
  730. 18  76.87 ms vps.httpdoispontos.com.br (108.167.137.202)
  731. #######################################################################################################################################
  732.  
  733.                                  ^     ^
  734.         _   __  _   ____ _   __  _    _   ____
  735.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  736.       | V V // o // _/ | V V // 0 // 0 // _/
  737.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  738.                                 <
  739.                                 ...'
  740.  
  741.     WAFW00F - Web Application Firewall Detection Tool
  742.  
  743.     By Sandro Gauci && Wendel G. Henrique
  744.  
  745. Checking http://www.kuklosknights.com
  746. The site http://www.kuklosknights.com is behind a ModSecurity (OWASP CRS)
  747. Number of requests: 11
  748. #######################################################################################################################################
  749.  
  750. wig - WebApp Information Gatherer
  751.  
  752.  
  753. Scanning http://www.kuklosknights.com...
  754. _________________ SITE INFO __________________
  755. IP              Title                        
  756. 108.167.137.202  Welcome to the Ku Klux Klan:
  757.                                              
  758. __________________ VERSION ___________________
  759. Name            Versions   Type              
  760.                                              
  761. ______________________________________________
  762. Time: 89.2 sec  Urls: 606  Fingerprints: 40401
  763. #######################################################################################################################################
  764. HTTP/1.1 200 OK
  765. Date: Sat, 26 Jan 2019 11:06:00 GMT
  766. Content-Type: text/html
  767. Last-Modified: Thu, 02 Aug 2018 12:30:46 GMT
  768. Content-Encoding: gzip
  769. Connection: keep-alive
  770.  
  771. HTTP/1.1 200 OK
  772. Date: Sat, 26 Jan 2019 11:06:00 GMT
  773. Content-Type: text/html
  774. Last-Modified: Thu, 02 Aug 2018 12:30:46 GMT
  775. Content-Encoding: gzip
  776. Connection: keep-alive
  777. #######################################################################################################################################
  778. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 06:06 EST
  779. Nmap scan report for www.kuklosknights.com (108.167.137.202)
  780. Host is up (0.044s latency).
  781. rDNS record for 108.167.137.202: vps.httpdoispontos.com.br
  782.  
  783. PORT    STATE SERVICE VERSION
  784. 110/tcp open  pop3    Dovecot pop3d
  785. | pop3-brute:
  786. |   Accounts: No valid accounts found
  787. |_  Statistics: Performed 225 guesses in 188 seconds, average tps: 1.1
  788. |_pop3-capabilities: UIDL STLS PIPELINING CAPA AUTH-RESP-CODE USER SASL(PLAIN LOGIN) RESP-CODES TOP
  789. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  790. Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%)
  791. No exact OS matches for host (test conditions non-ideal).
  792. Network Distance: 1 hop
  793.  
  794. TRACEROUTE (using port 80/tcp)
  795. HOP RTT      ADDRESS
  796. 1   35.91 ms vps.httpdoispontos.com.br (108.167.137.202)
  797. #######################################################################################################################################
  798. wig - WebApp Information Gatherer
  799.  
  800.  
  801. Scanning https://www.kuklosknights.com...
  802. _________________ SITE INFO __________________
  803. IP              Title                        
  804. 108.167.137.202  Welcome to the Ku Klux Klan:
  805.                                              
  806. __________________ VERSION ___________________
  807. Name            Versions   Type              
  808. nginx           1.14.1     Platform          
  809.                                              
  810. ______________________________________________
  811. Time: 97.2 sec  Urls: 607  Fingerprints: 40401
  812. #######################################################################################################################################
  813. HTTP/2 200
  814. server: nginx/1.14.1
  815. date: Sat, 26 Jan 2019 11:11:18 GMT
  816. content-type: text/html
  817. content-length: 6695
  818. last-modified: Thu, 02 Aug 2018 12:30:46 GMT
  819. accept-ranges: bytes
  820.  
  821. HTTP/2 200
  822. server: nginx/1.14.1
  823. date: Sat, 26 Jan 2019 11:11:19 GMT
  824. content-type: text/html
  825. content-length: 6695
  826. last-modified: Thu, 02 Aug 2018 12:30:46 GMT
  827. accept-ranges: bytes
  828. #######################################################################################################################################
  829. Version: 1.11.12-static
  830. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  831.  
  832. Connected to 108.167.137.202
  833.  
  834. Testing SSL server www.kuklosknights.com on port 443 using SNI name www.kuklosknights.com
  835.  
  836.   TLS Fallback SCSV:
  837. Server supports TLS Fallback SCSV
  838.  
  839.   TLS renegotiation:
  840. Secure session renegotiation supported
  841.  
  842.   TLS Compression:
  843. Compression disabled
  844.  
  845.   Heartbleed:
  846. TLS 1.2 not vulnerable to heartbleed
  847. TLS 1.1 not vulnerable to heartbleed
  848. TLS 1.0 not vulnerable to heartbleed
  849.  
  850.   Supported Server Cipher(s):
  851. Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
  852. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
  853. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
  854. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
  855. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  856. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  857. Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  858. Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  859. Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  860. Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  861.  
  862.   SSL Certificate:
  863. Signature Algorithm: sha256WithRSAEncryption
  864. RSA Key Strength:    2048
  865.  
  866. Subject:  kuklosknights.com
  867. Altnames: DNS:autodiscover.kuklosklan.com, DNS:autodiscover.kuklosknights.com, DNS:cpanel.kuklosklan.com, DNS:cpanel.kuklosknights.com, DNS:kuklosklan.com, DNS:kuklosklan.kuklosknights.com, DNS:kuklosknights.com, DNS:mail.kuklosklan.com, DNS:mail.kuklosknights.com, DNS:webdisk.kuklosklan.com, DNS:webdisk.kuklosknights.com, DNS:webmail.kuklosklan.com, DNS:webmail.kuklosknights.com, DNS:www.kuklosklan.com, DNS:www.kuklosklan.kuklosknights.com, DNS:www.kuklosknights.com
  868. Issuer:   Let's Encrypt Authority X3
  869.  
  870. Not valid before: Jan 11 10:55:44 2019 GMT
  871. Not valid after:  Apr 11 10:55:44 2019 GMT
  872. #######################################################################################################################################
  873. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 06:12 EST
  874. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  875. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  876. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  877. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  878. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  879. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  880. Nmap scan report for www.kuklosknights.com (108.167.137.202)
  881. Host is up (0.078s latency).
  882. rDNS record for 108.167.137.202: vps.httpdoispontos.com.br
  883.  
  884. PORT     STATE SERVICE    VERSION
  885. 5432/tcp open  postgresql PostgreSQL DB
  886. | fingerprint-strings:
  887. |   SMBProgNeg:
  888. |     SFATAL
  889. |     C0A000
  890. |     Munsupported frontend protocol 65363.19778: server supports 1.0 to 3.0
  891. |     Fpostmaster.c
  892. |     L1624
  893. |_    RProcessStartupPacket
  894. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  895. SF-Port5432-TCP:V=7.70%I=7%D=1/26%Time=5C4C4098%P=x86_64-pc-linux-gnu%r(SM
  896. SF:BProgNeg,85,"E\0\0\0\x84SFATAL\0C0A000\0Munsupported\x20frontend\x20pro
  897. SF:tocol\x2065363\.19778:\x20server\x20supports\x201\.0\x20to\x203\.0\0Fpo
  898. SF:stmaster\.c\0L1624\0RProcessStartupPacket\0\0");
  899. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  900. Aggressive OS guesses: Motorola RFS 6000 wireless switch (97%), Konica Minolta 1600f printer (94%), Tomato 1.27 - 1.28 (Linux 2.4.20) (92%), Linux 3.2.0 (92%), MikroTik RouterOS 6.15 (Linux 3.3.5) (92%), DD-WRT (Linux 2.4.35s) (91%), Linux 2.6.18 - 2.6.22 (91%), Kyocera CopyStar CS-2560 printer (91%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%)
  901. No exact OS matches for host (test conditions non-ideal).
  902. Network Distance: 18 hops
  903.  
  904. TRACEROUTE (using port 5432/tcp)
  905. HOP RTT      ADDRESS
  906. 1   34.64 ms 10.244.200.1
  907. 2   34.81 ms 184.75.211.209
  908. 3   35.28 ms 38.104.156.9
  909. 4   35.29 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
  910. 5   35.27 ms 154.54.43.161
  911. 6   42.69 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
  912. 7   49.48 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
  913. 8   61.48 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
  914. 9   73.62 ms be2432.ccr31.dfw01.atlas.cogentco.com (154.54.3.133)
  915. 10  78.06 ms be2441.ccr41.iah01.atlas.cogentco.com (154.54.41.65)
  916. 11  79.98 ms be3485.rcr21.iah02.atlas.cogentco.com (154.54.28.86)
  917. 12  80.00 ms be3631.nr51.b023723-0.iah02.atlas.cogentco.com (154.24.30.38)
  918. 13  78.09 ms 38.122.196.2
  919. 14  79.82 ms 216.117.50.150
  920. 15  79.25 ms po101.router2a.hou1.net.unifiedlayer.com (162.241.0.7)
  921. 16  79.81 ms 108.167.150.101
  922. 17  78.84 ms 108.167.134.134
  923. 18  79.31 ms vps.httpdoispontos.com.br (108.167.137.202)
  924. #######################################################################################################################################
  925. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 05:46 EST
  926. Nmap scan report for vps.httpdoispontos.com.br (108.167.137.202)
  927. Host is up (0.078s latency).
  928. Not shown: 460 closed ports, 1 filtered port
  929. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  930. PORT     STATE SERVICE
  931. 21/tcp   open  ftp
  932. 53/tcp   open  domain
  933. 80/tcp   open  http
  934. 110/tcp  open  pop3
  935. 143/tcp  open  imap
  936. 443/tcp  open  https
  937. 465/tcp  open  smtps
  938. 587/tcp  open  submission
  939. 993/tcp  open  imaps
  940. 995/tcp  open  pop3s
  941. 2222/tcp open  EtherNetIP-1
  942. 3306/tcp open  mysql
  943. 5432/tcp open  postgresql
  944. 8080/tcp open  http-proxy
  945. 8443/tcp open  https-alt
  946. #######################################################################################################################################
  947. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 05:46 EST
  948. Nmap scan report for vps.httpdoispontos.com.br (108.167.137.202)
  949. Host is up (0.068s latency).
  950. Not shown: 10 closed ports, 2 filtered ports
  951. PORT    STATE         SERVICE
  952. 53/udp  open          domain
  953. 389/udp open|filtered ldap
  954. #######################################################################################################################################
  955. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 05:46 EST
  956. Nmap scan report for vps.httpdoispontos.com.br (108.167.137.202)
  957. Host is up (0.078s latency).
  958.  
  959. PORT   STATE SERVICE VERSION
  960. 21/tcp open  ftp     Pure-FTPd
  961. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  962. Device type: WAP
  963. Running: Linux 2.4.X|2.6.X
  964. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22
  965. OS details: Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22)
  966. Network Distance: 18 hops
  967.  
  968. TRACEROUTE (using port 21/tcp)
  969. HOP RTT      ADDRESS
  970. 1   34.61 ms 10.244.200.1
  971. 2   34.83 ms 184.75.211.209
  972. 3   35.46 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
  973. 4   35.47 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
  974. 5   35.45 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
  975. 6   42.46 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
  976. 7   51.25 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
  977. 8   62.05 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
  978. 9   73.10 ms be2433.ccr32.dfw01.atlas.cogentco.com (154.54.3.213)
  979. 10  78.50 ms be2443.ccr42.iah01.atlas.cogentco.com (154.54.44.229)
  980. 11  78.52 ms 154.54.30.174
  981. 12  79.89 ms be3631.nr51.b023723-0.iah02.atlas.cogentco.com (154.24.30.38)
  982. 13  79.29 ms 38.122.196.34
  983. 14  80.45 ms 216.117.50.150
  984. 15  79.29 ms po101.router2a.hou1.net.unifiedlayer.com (162.241.0.7)
  985. 16  79.31 ms 108.167.150.97
  986. 17  79.93 ms 108.167.134.114
  987. 18  ... 30
  988. #######################################################################################################################################
  989. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 05:57 EST
  990. Nmap scan report for vps.httpdoispontos.com.br (108.167.137.202)
  991. Host is up (0.077s latency).
  992.  
  993. PORT   STATE SERVICE VERSION
  994. 53/tcp open  domain  ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  995. | dns-nsec-enum:
  996. |_  No NSEC records found
  997. | dns-nsec3-enum:
  998. |_  DNSSEC NSEC3 not supported
  999. | dns-nsid:
  1000. |_  bind.version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3
  1001. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1002. Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (94%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%), Linux 3.18 (90%)
  1003. No exact OS matches for host (test conditions non-ideal).
  1004. Network Distance: 18 hops
  1005. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  1006.  
  1007. Host script results:
  1008. | dns-brute:
  1009. |   DNS Brute-force hostnames:
  1010. |     ns1.httpdoispontos.com.br - 177.70.99.214
  1011. |     ns2.httpdoispontos.com.br - 177.70.98.168
  1012. |     apps.httpdoispontos.com.br - 177.70.99.214
  1013. |     mail.httpdoispontos.com.br - 177.70.99.214
  1014. |     www.httpdoispontos.com.br - 177.70.99.214
  1015. |_    ftp.httpdoispontos.com.br - 177.70.99.214
  1016.  
  1017. TRACEROUTE (using port 53/tcp)
  1018. HOP RTT      ADDRESS
  1019. 1   38.97 ms 10.244.200.1
  1020. 2   39.13 ms 184.75.211.209
  1021. 3   41.93 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
  1022. 4   40.13 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
  1023. 5   39.51 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
  1024. 6   46.60 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
  1025. 7   54.83 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
  1026. 8   66.03 ms 154.54.42.165
  1027. 9   72.84 ms be2432.ccr31.dfw01.atlas.cogentco.com (154.54.3.133)
  1028. 10  77.65 ms be2441.ccr41.iah01.atlas.cogentco.com (154.54.41.65)
  1029. 11  77.68 ms be3486.rcr22.iah02.atlas.cogentco.com (154.54.30.166)
  1030. 12  79.27 ms be3632.nr51.b023723-0.iah02.atlas.cogentco.com (154.24.45.58)
  1031. 13  78.11 ms 38.122.196.34
  1032. 14  79.30 ms 216.117.50.150
  1033. 15  78.66 ms po101.router2b.hou1.net.unifiedlayer.com (162.241.0.9)
  1034. 16  77.71 ms 108.167.150.97
  1035. 17  78.08 ms 108.167.134.130
  1036. 18  78.18 ms vps.httpdoispontos.com.br (108.167.137.202)
  1037. #######################################################################################################################################
  1038. wig - WebApp Information Gatherer
  1039.  
  1040.  
  1041. Scanning http://108.167.137.202...
  1042. __________________ SITE INFO __________________
  1043. IP               Title                        
  1044. 108.167.137.202  404 - PAGE NOT FOUND        
  1045.                                                
  1046. ___________________ VERSION ___________________
  1047. Name             Versions   Type              
  1048.                                                
  1049. _______________________________________________
  1050. Time: 259.1 sec  Urls: 600  Fingerprints: 40401
  1051. #######################################################################################################################################
  1052. HTTP/1.1 302 Found
  1053. Date: Sat, 26 Jan 2019 11:12:48 GMT
  1054. Content-Type: text/html; charset=UTF-8
  1055. Location: /404.html
  1056. Cache-Control: no-cache
  1057. Connection: keep-alive
  1058.  
  1059. HTTP/1.1 302 Found
  1060. Date: Sat, 26 Jan 2019 11:12:49 GMT
  1061. Content-Type: text/html; charset=UTF-8
  1062. Location: /404.html
  1063. Cache-Control: no-cache
  1064. Connection: keep-alive
  1065.  
  1066. HTTP/1.1 200 OK
  1067. Date: Sat, 26 Jan 2019 11:12:49 GMT
  1068. Content-Type: text/html
  1069. Last-Modified: Wed, 29 Nov 2017 21:41:38 GMT
  1070. Cache-Control: no-cache
  1071. Content-Encoding: gzip
  1072. Connection: keep-alive
  1073. #######################################################################################################################################
  1074. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 06:12 EST
  1075. Nmap scan report for vps.httpdoispontos.com.br (108.167.137.202)
  1076. Host is up (0.045s latency).
  1077.  
  1078. PORT    STATE SERVICE VERSION
  1079. 110/tcp open  pop3    Dovecot pop3d
  1080. | pop3-brute:
  1081. |   Accounts: No valid accounts found
  1082. |_  Statistics: Performed 225 guesses in 188 seconds, average tps: 1.1
  1083. |_pop3-capabilities: PIPELINING RESP-CODES CAPA AUTH-RESP-CODE UIDL TOP SASL(PLAIN LOGIN) USER STLS
  1084. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1085. Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%)
  1086. No exact OS matches for host (test conditions non-ideal).
  1087. Network Distance: 1 hop
  1088.  
  1089. TRACEROUTE (using port 80/tcp)
  1090. HOP RTT      ADDRESS
  1091. 1   35.05 ms vps.httpdoispontos.com.br (108.167.137.202)
  1092. #######################################################################################################################################
  1093. Version: 1.11.12-static
  1094. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1095.  
  1096. Connected to 108.167.137.202
  1097.  
  1098. Testing SSL server 108.167.137.202 on port 443 using SNI name 108.167.137.202
  1099.  
  1100.   TLS Fallback SCSV:
  1101. Server supports TLS Fallback SCSV
  1102.  
  1103.   TLS renegotiation:
  1104. Secure session renegotiation supported
  1105.  
  1106.   TLS Compression:
  1107. Compression disabled
  1108.  
  1109.   Heartbleed:
  1110. TLS 1.2 not vulnerable to heartbleed
  1111. TLS 1.1 not vulnerable to heartbleed
  1112. TLS 1.0 not vulnerable to heartbleed
  1113.  
  1114.   Supported Server Cipher(s):
  1115. Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
  1116. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
  1117. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
  1118. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
  1119. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1120. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1121. Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
  1122. Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
  1123. Accepted  TLSv1.2  256 bits  AES256-SHA256                
  1124. Accepted  TLSv1.2  128 bits  AES128-SHA256                
  1125. Accepted  TLSv1.2  256 bits  AES256-SHA                  
  1126. Accepted  TLSv1.2  128 bits  AES128-SHA                  
  1127. Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1128. Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1129. Accepted  TLSv1.1  256 bits  AES256-SHA                  
  1130. Accepted  TLSv1.1  128 bits  AES128-SHA                  
  1131. Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1132. Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1133. Accepted  TLSv1.0  256 bits  AES256-SHA                  
  1134. Accepted  TLSv1.0  128 bits  AES128-SHA                  
  1135.  
  1136.   SSL Certificate:
  1137. Signature Algorithm: sha256WithRSAEncryption
  1138. RSA Key Strength:    2048
  1139.  
  1140. Subject:  *.ehosts.com
  1141. Altnames: DNS:*.ehosts.com, DNS:ehosts.com
  1142. Issuer:   COMODO RSA Domain Validation Secure Server CA
  1143.  
  1144. Not valid before: Jun 29 00:00:00 2017 GMT
  1145. Not valid after:  Jun 28 23:59:59 2020 GMT
  1146. #######################################################################################################################################
  1147. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 06:16 EST
  1148. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  1149. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  1150. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  1151. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  1152. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  1153. WARNING: RST from 108.167.137.202 port 5432 -- is this port really open?
  1154. Nmap scan report for vps.httpdoispontos.com.br (108.167.137.202)
  1155. Host is up (0.080s latency).
  1156.  
  1157. PORT     STATE SERVICE    VERSION
  1158. 5432/tcp open  postgresql PostgreSQL DB
  1159. | fingerprint-strings:
  1160. |   SMBProgNeg:
  1161. |     SFATAL
  1162. |     C0A000
  1163. |     Munsupported frontend protocol 65363.19778: server supports 1.0 to 3.0
  1164. |     Fpostmaster.c
  1165. |     L1624
  1166. |_    RProcessStartupPacket
  1167. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  1168. SF-Port5432-TCP:V=7.70%I=7%D=1/26%Time=5C4C41A6%P=x86_64-pc-linux-gnu%r(SM
  1169. SF:BProgNeg,85,"E\0\0\0\x84SFATAL\0C0A000\0Munsupported\x20frontend\x20pro
  1170. SF:tocol\x2065363\.19778:\x20server\x20supports\x201\.0\x20to\x203\.0\0Fpo
  1171. SF:stmaster\.c\0L1624\0RProcessStartupPacket\0\0");
  1172. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1173. Aggressive OS guesses: Motorola RFS 6000 wireless switch (97%), Konica Minolta 1600f printer (94%), Tomato 1.27 - 1.28 (Linux 2.4.20) (92%), Linux 3.2.0 (92%), MikroTik RouterOS 6.15 (Linux 3.3.5) (92%), DD-WRT (Linux 2.4.35s) (91%), Linux 2.6.18 - 2.6.22 (91%), Kyocera CopyStar CS-2560 printer (91%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%)
  1174. No exact OS matches for host (test conditions non-ideal).
  1175. Network Distance: 18 hops
  1176.  
  1177. TRACEROUTE (using port 5432/tcp)
  1178. HOP RTT      ADDRESS
  1179. 1   39.86 ms 10.244.200.1
  1180. 2   40.09 ms 184.75.211.209
  1181. 3   40.55 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
  1182. 4   41.11 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
  1183. 5   40.53 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
  1184. 6   47.53 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
  1185. 7   55.56 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
  1186. 8   61.20 ms 154.54.44.169
  1187. 9   72.35 ms be2433.ccr32.dfw01.atlas.cogentco.com (154.54.3.213)
  1188. 10  77.35 ms be2443.ccr42.iah01.atlas.cogentco.com (154.54.44.229)
  1189. 11  78.79 ms be3486.rcr22.iah02.atlas.cogentco.com (154.54.30.166)
  1190. 12  79.16 ms be3632.nr51.b023723-0.iah02.atlas.cogentco.com (154.24.45.58)
  1191. 13  77.79 ms 38.122.196.34
  1192. 14  96.96 ms 216.117.50.150
  1193. 15  78.41 ms po101.router2a.hou1.net.unifiedlayer.com (162.241.0.7)
  1194. 16  78.88 ms 108.167.150.101
  1195. 17  78.38 ms 108.167.134.118
  1196. 18  79.28 ms vps.httpdoispontos.com.br (108.167.137.202)
  1197. #######################################################################################################################################
  1198. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 06:20 EST
  1199. NSE: Loaded 148 scripts for scanning.
  1200. NSE: Script Pre-scanning.
  1201. NSE: Starting runlevel 1 (of 2) scan.
  1202. Initiating NSE at 06:20
  1203. Completed NSE at 06:20, 0.00s elapsed
  1204. NSE: Starting runlevel 2 (of 2) scan.
  1205. Initiating NSE at 06:20
  1206. Completed NSE at 06:20, 0.00s elapsed
  1207. Initiating Ping Scan at 06:20
  1208. Scanning 108.167.137.202 [4 ports]
  1209. Completed Ping Scan at 06:20, 0.07s elapsed (1 total hosts)
  1210. Initiating Parallel DNS resolution of 1 host. at 06:20
  1211. Completed Parallel DNS resolution of 1 host. at 06:20, 0.02s elapsed
  1212. Initiating Connect Scan at 06:20
  1213. Scanning vps.httpdoispontos.com.br (108.167.137.202) [1000 ports]
  1214. Discovered open port 995/tcp on 108.167.137.202
  1215. Discovered open port 587/tcp on 108.167.137.202
  1216. Discovered open port 110/tcp on 108.167.137.202
  1217. Discovered open port 143/tcp on 108.167.137.202
  1218. Discovered open port 80/tcp on 108.167.137.202
  1219. Discovered open port 993/tcp on 108.167.137.202
  1220. Discovered open port 3306/tcp on 108.167.137.202
  1221. Discovered open port 53/tcp on 108.167.137.202
  1222. Discovered open port 21/tcp on 108.167.137.202
  1223. Discovered open port 443/tcp on 108.167.137.202
  1224. Discovered open port 8080/tcp on 108.167.137.202
  1225. Discovered open port 5432/tcp on 108.167.137.202
  1226. Discovered open port 465/tcp on 108.167.137.202
  1227. Discovered open port 8443/tcp on 108.167.137.202
  1228. Discovered open port 2222/tcp on 108.167.137.202
  1229. Discovered open port 26/tcp on 108.167.137.202
  1230. Completed Connect Scan at 06:20, 2.08s elapsed (1000 total ports)
  1231. Initiating Service scan at 06:20
  1232. Scanning 16 services on vps.httpdoispontos.com.br (108.167.137.202)
  1233. Completed Service scan at 06:21, 32.62s elapsed (16 services on 1 host)
  1234. Initiating OS detection (try #1) against vps.httpdoispontos.com.br (108.167.137.202)
  1235. Retrying OS detection (try #2) against vps.httpdoispontos.com.br (108.167.137.202)
  1236. WARNING: OS didn't match until try #2
  1237. Initiating Traceroute at 06:21
  1238. Completed Traceroute at 06:21, 0.15s elapsed
  1239. Initiating Parallel DNS resolution of 18 hosts. at 06:21
  1240. Completed Parallel DNS resolution of 18 hosts. at 06:21, 16.50s elapsed
  1241. NSE: Script scanning 108.167.137.202.
  1242. NSE: Starting runlevel 1 (of 2) scan.
  1243. Initiating NSE at 06:21
  1244. Completed NSE at 06:21, 8.97s elapsed
  1245. NSE: Starting runlevel 2 (of 2) scan.
  1246. Initiating NSE at 06:21
  1247. Completed NSE at 06:21, 0.80s elapsed
  1248. Nmap scan report for vps.httpdoispontos.com.br (108.167.137.202)
  1249. Host is up, received reset ttl 64 (0.078s latency).
  1250. Scanned at 2019-01-26 06:20:30 EST for 66s
  1251. Not shown: 983 closed ports
  1252. Reason: 983 conn-refused
  1253. PORT     STATE    SERVICE     REASON      VERSION
  1254. 21/tcp   open     ftp         syn-ack     Pure-FTPd
  1255. | ssl-cert: Subject: commonName=*.ehosts.com/organizationalUnitName=PositiveSSL Wildcard
  1256. | Subject Alternative Name: DNS:*.ehosts.com, DNS:ehosts.com
  1257. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  1258. | Public Key type: rsa
  1259. | Public Key bits: 2048
  1260. | Signature Algorithm: sha256WithRSAEncryption
  1261. | Not valid before: 2017-06-29T00:00:00
  1262. | Not valid after:  2020-06-28T23:59:59
  1263. | MD5:   ee5e 04a9 31fd af5f d6d0 6255 18b8 9631
  1264. | SHA-1: 3eca 971d 9fb1 7e09 af5e ec5e b502 0012 cba2 64b9
  1265. | -----BEGIN CERTIFICATE-----
  1266. | MIIFdTCCBF2gAwIBAgIRAJobvJVJTdRtgCAiGerxb3MwDQYJKoZIhvcNAQELBQAw
  1267. | gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
  1268. | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
  1269. | VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
  1270. | Q0EwHhcNMTcwNjI5MDAwMDAwWhcNMjAwNjI4MjM1OTU5WjCBgTEhMB8GA1UECxMY
  1271. | RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgSG9z
  1272. | dEdhdG9yLmNvbSwgTExDLjEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQx
  1273. | FTATBgNVBAMMDCouZWhvc3RzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
  1274. | AQoCggEBAMkXPh4bJXhKIYpGo/P4yJoSQ00mR5YKjLekJBZT7c0wIsjwG0RG65O0
  1275. | I4MVNhXi5jpRvG16exw0vQNCK+DYJdM6L0crPSCmNMaOlNORLraeEDQR3UJTsPbl
  1276. | dPqM3eVTBxe2kQIhsFPYou+Q/bMUFDt/TpVd3F9zvOXWLsUEN8YM82uxByC/c8iF
  1277. | zpyBwV8hoDM2y71ugktZmxsbd1p6VH6WcptgvPWeMiCmhOZxk8BfK2KMhM2t9KmS
  1278. | FHIiKDIvsALqaHogdspj80406o4pC2LypGeDAqXByGV+iYjMW2S0+phBMf2RcfPb
  1279. | 4EBeakDoVTEhmkii5vZ78zvpxtOfY5UCAwEAAaOCAdUwggHRMB8GA1UdIwQYMBaA
  1280. | FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBRIgH+3IKJ6DNxLMEarV+A/
  1281. | ewfYozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
  1282. | BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
  1283. | CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
  1284. | AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
  1285. | T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
  1286. | BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
  1287. | T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
  1288. | AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBwwGoIMKi5l
  1289. | aG9zdHMuY29tggplaG9zdHMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAbu4Z3vE6t
  1290. | JymvlWFkVNApLUclg8QLOS7DUk09SCoK8a4VeOc3ltwMfdzLgGNCNsHi279a3gug
  1291. | C9cPDKGFAhLMQsp5OL8jgduBu6zyemLqHQgu6mf6anVOha7h6w2AwvJLJxFqgOKh
  1292. | ujMkD7AX+o4bEEyQytsf0B4DcY3k8KTRH2LONkzOYy7nD/Ip/OkfpM6mI3sOTZbR
  1293. | LTuTL0Nggsg8qq5LgOQEfky4rnNIdxGMbxSBRkBe7puHUd+YrV1cvN9XVVWi5Uvk
  1294. | NvE0Qn5joUU+Uxbrz3E03fKE6cY3T7nnO9K0OJad1JdG9AmNDi0DNYHlTxYTEBfG
  1295. | /JBDnli/dc+R
  1296. |_-----END CERTIFICATE-----
  1297. |_ssl-date: 2019-01-26T11:21:28+00:00; 0s from scanner time.
  1298. 22/tcp   filtered ssh         no-response
  1299. 26/tcp   open     rsftp?      syn-ack
  1300. | fingerprint-strings:
  1301. |   NULL:
  1302. |     550-"[184.75.211.220]:51448 is in an RBL on bl.websitewelcome.com, see Blocked
  1303. |_    many failed logins"
  1304. 53/tcp   open     domain      syn-ack     ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  1305. | dns-nsid:
  1306. |_  bind.version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3
  1307. 80/tcp   open     http-proxy  syn-ack     Squid http proxy
  1308. |_http-open-proxy: Proxy might be redirecting requests
  1309. |_http-title: 404 Not Found
  1310. 110/tcp  open     pop3        syn-ack     Dovecot pop3d
  1311. |_pop3-capabilities: UIDL PIPELINING USER TOP STLS SASL(PLAIN LOGIN) AUTH-RESP-CODE RESP-CODES CAPA
  1312. | ssl-cert: Subject: commonName=*.ehosts.com/organizationalUnitName=PositiveSSL Wildcard
  1313. | Subject Alternative Name: DNS:*.ehosts.com, DNS:ehosts.com
  1314. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  1315. | Public Key type: rsa
  1316. | Public Key bits: 2048
  1317. | Signature Algorithm: sha256WithRSAEncryption
  1318. | Not valid before: 2017-06-29T00:00:00
  1319. | Not valid after:  2020-06-28T23:59:59
  1320. | MD5:   ee5e 04a9 31fd af5f d6d0 6255 18b8 9631
  1321. | SHA-1: 3eca 971d 9fb1 7e09 af5e ec5e b502 0012 cba2 64b9
  1322. | -----BEGIN CERTIFICATE-----
  1323. | MIIFdTCCBF2gAwIBAgIRAJobvJVJTdRtgCAiGerxb3MwDQYJKoZIhvcNAQELBQAw
  1324. | gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
  1325. | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
  1326. | VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
  1327. | Q0EwHhcNMTcwNjI5MDAwMDAwWhcNMjAwNjI4MjM1OTU5WjCBgTEhMB8GA1UECxMY
  1328. | RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgSG9z
  1329. | dEdhdG9yLmNvbSwgTExDLjEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQx
  1330. | FTATBgNVBAMMDCouZWhvc3RzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
  1331. | AQoCggEBAMkXPh4bJXhKIYpGo/P4yJoSQ00mR5YKjLekJBZT7c0wIsjwG0RG65O0
  1332. | I4MVNhXi5jpRvG16exw0vQNCK+DYJdM6L0crPSCmNMaOlNORLraeEDQR3UJTsPbl
  1333. | dPqM3eVTBxe2kQIhsFPYou+Q/bMUFDt/TpVd3F9zvOXWLsUEN8YM82uxByC/c8iF
  1334. | zpyBwV8hoDM2y71ugktZmxsbd1p6VH6WcptgvPWeMiCmhOZxk8BfK2KMhM2t9KmS
  1335. | FHIiKDIvsALqaHogdspj80406o4pC2LypGeDAqXByGV+iYjMW2S0+phBMf2RcfPb
  1336. | 4EBeakDoVTEhmkii5vZ78zvpxtOfY5UCAwEAAaOCAdUwggHRMB8GA1UdIwQYMBaA
  1337. | FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBRIgH+3IKJ6DNxLMEarV+A/
  1338. | ewfYozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
  1339. | BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
  1340. | CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
  1341. | AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
  1342. | T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
  1343. | BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
  1344. | T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
  1345. | AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBwwGoIMKi5l
  1346. | aG9zdHMuY29tggplaG9zdHMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAbu4Z3vE6t
  1347. | JymvlWFkVNApLUclg8QLOS7DUk09SCoK8a4VeOc3ltwMfdzLgGNCNsHi279a3gug
  1348. | C9cPDKGFAhLMQsp5OL8jgduBu6zyemLqHQgu6mf6anVOha7h6w2AwvJLJxFqgOKh
  1349. | ujMkD7AX+o4bEEyQytsf0B4DcY3k8KTRH2LONkzOYy7nD/Ip/OkfpM6mI3sOTZbR
  1350. | LTuTL0Nggsg8qq5LgOQEfky4rnNIdxGMbxSBRkBe7puHUd+YrV1cvN9XVVWi5Uvk
  1351. | NvE0Qn5joUU+Uxbrz3E03fKE6cY3T7nnO9K0OJad1JdG9AmNDi0DNYHlTxYTEBfG
  1352. | /JBDnli/dc+R
  1353. |_-----END CERTIFICATE-----
  1354. |_ssl-date: 2019-01-26T11:21:29+00:00; -1s from scanner time.
  1355. 143/tcp  open     imap        syn-ack     Dovecot imapd
  1356. |_imap-capabilities: post-login Pre-login OK ID IMAP4rev1 ENABLE SASL-IR more NAMESPACE AUTH=PLAIN LITERAL+ listed STARTTLS AUTH=LOGINA0001 capabilities have IDLE LOGIN-REFERRALS
  1357. | ssl-cert: Subject: commonName=*.ehosts.com/organizationalUnitName=PositiveSSL Wildcard
  1358. | Subject Alternative Name: DNS:*.ehosts.com, DNS:ehosts.com
  1359. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  1360. | Public Key type: rsa
  1361. | Public Key bits: 2048
  1362. | Signature Algorithm: sha256WithRSAEncryption
  1363. | Not valid before: 2017-06-29T00:00:00
  1364. | Not valid after:  2020-06-28T23:59:59
  1365. | MD5:   ee5e 04a9 31fd af5f d6d0 6255 18b8 9631
  1366. | SHA-1: 3eca 971d 9fb1 7e09 af5e ec5e b502 0012 cba2 64b9
  1367. | -----BEGIN CERTIFICATE-----
  1368. | MIIFdTCCBF2gAwIBAgIRAJobvJVJTdRtgCAiGerxb3MwDQYJKoZIhvcNAQELBQAw
  1369. | gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
  1370. | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
  1371. | VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
  1372. | Q0EwHhcNMTcwNjI5MDAwMDAwWhcNMjAwNjI4MjM1OTU5WjCBgTEhMB8GA1UECxMY
  1373. | RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgSG9z
  1374. | dEdhdG9yLmNvbSwgTExDLjEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQx
  1375. | FTATBgNVBAMMDCouZWhvc3RzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
  1376. | AQoCggEBAMkXPh4bJXhKIYpGo/P4yJoSQ00mR5YKjLekJBZT7c0wIsjwG0RG65O0
  1377. | I4MVNhXi5jpRvG16exw0vQNCK+DYJdM6L0crPSCmNMaOlNORLraeEDQR3UJTsPbl
  1378. | dPqM3eVTBxe2kQIhsFPYou+Q/bMUFDt/TpVd3F9zvOXWLsUEN8YM82uxByC/c8iF
  1379. | zpyBwV8hoDM2y71ugktZmxsbd1p6VH6WcptgvPWeMiCmhOZxk8BfK2KMhM2t9KmS
  1380. | FHIiKDIvsALqaHogdspj80406o4pC2LypGeDAqXByGV+iYjMW2S0+phBMf2RcfPb
  1381. | 4EBeakDoVTEhmkii5vZ78zvpxtOfY5UCAwEAAaOCAdUwggHRMB8GA1UdIwQYMBaA
  1382. | FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBRIgH+3IKJ6DNxLMEarV+A/
  1383. | ewfYozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
  1384. | BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
  1385. | CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
  1386. | AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
  1387. | T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
  1388. | BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
  1389. | T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
  1390. | AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBwwGoIMKi5l
  1391. | aG9zdHMuY29tggplaG9zdHMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAbu4Z3vE6t
  1392. | JymvlWFkVNApLUclg8QLOS7DUk09SCoK8a4VeOc3ltwMfdzLgGNCNsHi279a3gug
  1393. | C9cPDKGFAhLMQsp5OL8jgduBu6zyemLqHQgu6mf6anVOha7h6w2AwvJLJxFqgOKh
  1394. | ujMkD7AX+o4bEEyQytsf0B4DcY3k8KTRH2LONkzOYy7nD/Ip/OkfpM6mI3sOTZbR
  1395. | LTuTL0Nggsg8qq5LgOQEfky4rnNIdxGMbxSBRkBe7puHUd+YrV1cvN9XVVWi5Uvk
  1396. | NvE0Qn5joUU+Uxbrz3E03fKE6cY3T7nnO9K0OJad1JdG9AmNDi0DNYHlTxYTEBfG
  1397. | /JBDnli/dc+R
  1398. |_-----END CERTIFICATE-----
  1399. |_ssl-date: 2019-01-26T11:21:29+00:00; 0s from scanner time.
  1400. 443/tcp  open     ssl/http    syn-ack     nginx 1.14.1
  1401. | http-methods:
  1402. |_  Supported Methods: OPTIONS HEAD GET POST
  1403. |_http-server-header: nginx/1.14.1
  1404. |_http-title: Site doesn't have a title (text/html).
  1405. | ssl-cert: Subject: commonName=*.ehosts.com/organizationalUnitName=PositiveSSL Wildcard
  1406. | Subject Alternative Name: DNS:*.ehosts.com, DNS:ehosts.com
  1407. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  1408. | Public Key type: rsa
  1409. | Public Key bits: 2048
  1410. | Signature Algorithm: sha256WithRSAEncryption
  1411. | Not valid before: 2017-06-29T00:00:00
  1412. | Not valid after:  2020-06-28T23:59:59
  1413. | MD5:   ee5e 04a9 31fd af5f d6d0 6255 18b8 9631
  1414. | SHA-1: 3eca 971d 9fb1 7e09 af5e ec5e b502 0012 cba2 64b9
  1415. | -----BEGIN CERTIFICATE-----
  1416. | MIIFdTCCBF2gAwIBAgIRAJobvJVJTdRtgCAiGerxb3MwDQYJKoZIhvcNAQELBQAw
  1417. | gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
  1418. | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
  1419. | VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
  1420. | Q0EwHhcNMTcwNjI5MDAwMDAwWhcNMjAwNjI4MjM1OTU5WjCBgTEhMB8GA1UECxMY
  1421. | RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgSG9z
  1422. | dEdhdG9yLmNvbSwgTExDLjEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQx
  1423. | FTATBgNVBAMMDCouZWhvc3RzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
  1424. | AQoCggEBAMkXPh4bJXhKIYpGo/P4yJoSQ00mR5YKjLekJBZT7c0wIsjwG0RG65O0
  1425. | I4MVNhXi5jpRvG16exw0vQNCK+DYJdM6L0crPSCmNMaOlNORLraeEDQR3UJTsPbl
  1426. | dPqM3eVTBxe2kQIhsFPYou+Q/bMUFDt/TpVd3F9zvOXWLsUEN8YM82uxByC/c8iF
  1427. | zpyBwV8hoDM2y71ugktZmxsbd1p6VH6WcptgvPWeMiCmhOZxk8BfK2KMhM2t9KmS
  1428. | FHIiKDIvsALqaHogdspj80406o4pC2LypGeDAqXByGV+iYjMW2S0+phBMf2RcfPb
  1429. | 4EBeakDoVTEhmkii5vZ78zvpxtOfY5UCAwEAAaOCAdUwggHRMB8GA1UdIwQYMBaA
  1430. | FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBRIgH+3IKJ6DNxLMEarV+A/
  1431. | ewfYozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
  1432. | BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
  1433. | CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
  1434. | AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
  1435. | T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
  1436. | BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
  1437. | T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
  1438. | AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBwwGoIMKi5l
  1439. | aG9zdHMuY29tggplaG9zdHMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAbu4Z3vE6t
  1440. | JymvlWFkVNApLUclg8QLOS7DUk09SCoK8a4VeOc3ltwMfdzLgGNCNsHi279a3gug
  1441. | C9cPDKGFAhLMQsp5OL8jgduBu6zyemLqHQgu6mf6anVOha7h6w2AwvJLJxFqgOKh
  1442. | ujMkD7AX+o4bEEyQytsf0B4DcY3k8KTRH2LONkzOYy7nD/Ip/OkfpM6mI3sOTZbR
  1443. | LTuTL0Nggsg8qq5LgOQEfky4rnNIdxGMbxSBRkBe7puHUd+YrV1cvN9XVVWi5Uvk
  1444. | NvE0Qn5joUU+Uxbrz3E03fKE6cY3T7nnO9K0OJad1JdG9AmNDi0DNYHlTxYTEBfG
  1445. | /JBDnli/dc+R
  1446. |_-----END CERTIFICATE-----
  1447. |_ssl-date: TLS randomness does not represent time
  1448. | tls-alpn:
  1449. |   h2
  1450. |_  http/1.1
  1451. | tls-nextprotoneg:
  1452. |   h2
  1453. |_  http/1.1
  1454. 465/tcp  open     ssl/smtps?  syn-ack
  1455. |_smtp-commands: Couldn't establish connection on port 465
  1456. | ssl-cert: Subject: commonName=*.ehosts.com/organizationalUnitName=PositiveSSL Wildcard
  1457. | Subject Alternative Name: DNS:*.ehosts.com, DNS:ehosts.com
  1458. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  1459. | Public Key type: rsa
  1460. | Public Key bits: 2048
  1461. | Signature Algorithm: sha256WithRSAEncryption
  1462. | Not valid before: 2017-06-29T00:00:00
  1463. | Not valid after:  2020-06-28T23:59:59
  1464. | MD5:   ee5e 04a9 31fd af5f d6d0 6255 18b8 9631
  1465. | SHA-1: 3eca 971d 9fb1 7e09 af5e ec5e b502 0012 cba2 64b9
  1466. | -----BEGIN CERTIFICATE-----
  1467. | MIIFdTCCBF2gAwIBAgIRAJobvJVJTdRtgCAiGerxb3MwDQYJKoZIhvcNAQELBQAw
  1468. | gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
  1469. | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
  1470. | VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
  1471. | Q0EwHhcNMTcwNjI5MDAwMDAwWhcNMjAwNjI4MjM1OTU5WjCBgTEhMB8GA1UECxMY
  1472. | RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgSG9z
  1473. | dEdhdG9yLmNvbSwgTExDLjEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQx
  1474. | FTATBgNVBAMMDCouZWhvc3RzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
  1475. | AQoCggEBAMkXPh4bJXhKIYpGo/P4yJoSQ00mR5YKjLekJBZT7c0wIsjwG0RG65O0
  1476. | I4MVNhXi5jpRvG16exw0vQNCK+DYJdM6L0crPSCmNMaOlNORLraeEDQR3UJTsPbl
  1477. | dPqM3eVTBxe2kQIhsFPYou+Q/bMUFDt/TpVd3F9zvOXWLsUEN8YM82uxByC/c8iF
  1478. | zpyBwV8hoDM2y71ugktZmxsbd1p6VH6WcptgvPWeMiCmhOZxk8BfK2KMhM2t9KmS
  1479. | FHIiKDIvsALqaHogdspj80406o4pC2LypGeDAqXByGV+iYjMW2S0+phBMf2RcfPb
  1480. | 4EBeakDoVTEhmkii5vZ78zvpxtOfY5UCAwEAAaOCAdUwggHRMB8GA1UdIwQYMBaA
  1481. | FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBRIgH+3IKJ6DNxLMEarV+A/
  1482. | ewfYozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
  1483. | BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
  1484. | CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
  1485. | AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
  1486. | T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
  1487. | BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
  1488. | T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
  1489. | AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBwwGoIMKi5l
  1490. | aG9zdHMuY29tggplaG9zdHMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAbu4Z3vE6t
  1491. | JymvlWFkVNApLUclg8QLOS7DUk09SCoK8a4VeOc3ltwMfdzLgGNCNsHi279a3gug
  1492. | C9cPDKGFAhLMQsp5OL8jgduBu6zyemLqHQgu6mf6anVOha7h6w2AwvJLJxFqgOKh
  1493. | ujMkD7AX+o4bEEyQytsf0B4DcY3k8KTRH2LONkzOYy7nD/Ip/OkfpM6mI3sOTZbR
  1494. | LTuTL0Nggsg8qq5LgOQEfky4rnNIdxGMbxSBRkBe7puHUd+YrV1cvN9XVVWi5Uvk
  1495. | NvE0Qn5joUU+Uxbrz3E03fKE6cY3T7nnO9K0OJad1JdG9AmNDi0DNYHlTxYTEBfG
  1496. | /JBDnli/dc+R
  1497. |_-----END CERTIFICATE-----
  1498. |_ssl-date: 2019-01-26T11:21:27+00:00; 0s from scanner time.
  1499. 587/tcp  open     submission? syn-ack
  1500. | fingerprint-strings:
  1501. |   NULL:
  1502. |     550-"[184.75.211.220]:41390 is in an RBL on bl.websitewelcome.com, see Blocked
  1503. |_    many failed logins"
  1504. |_smtp-commands: SMTP EHLO vps.httpdoispontos.com.br: failed to receive data: connection closed
  1505. 993/tcp  open     ssl/imap    syn-ack     Dovecot imapd
  1506. |_imap-capabilities: post-login Pre-login OK ID IMAP4rev1 ENABLE SASL-IR IDLE more LITERAL+ NAMESPACE AUTH=LOGINA0001 listed capabilities have AUTH=PLAIN LOGIN-REFERRALS
  1507. | ssl-cert: Subject: commonName=*.ehosts.com/organizationalUnitName=PositiveSSL Wildcard
  1508. | Subject Alternative Name: DNS:*.ehosts.com, DNS:ehosts.com
  1509. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  1510. | Public Key type: rsa
  1511. | Public Key bits: 2048
  1512. | Signature Algorithm: sha256WithRSAEncryption
  1513. | Not valid before: 2017-06-29T00:00:00
  1514. | Not valid after:  2020-06-28T23:59:59
  1515. | MD5:   ee5e 04a9 31fd af5f d6d0 6255 18b8 9631
  1516. | SHA-1: 3eca 971d 9fb1 7e09 af5e ec5e b502 0012 cba2 64b9
  1517. | -----BEGIN CERTIFICATE-----
  1518. | MIIFdTCCBF2gAwIBAgIRAJobvJVJTdRtgCAiGerxb3MwDQYJKoZIhvcNAQELBQAw
  1519. | gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
  1520. | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
  1521. | VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
  1522. | Q0EwHhcNMTcwNjI5MDAwMDAwWhcNMjAwNjI4MjM1OTU5WjCBgTEhMB8GA1UECxMY
  1523. | RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgSG9z
  1524. | dEdhdG9yLmNvbSwgTExDLjEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQx
  1525. | FTATBgNVBAMMDCouZWhvc3RzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
  1526. | AQoCggEBAMkXPh4bJXhKIYpGo/P4yJoSQ00mR5YKjLekJBZT7c0wIsjwG0RG65O0
  1527. | I4MVNhXi5jpRvG16exw0vQNCK+DYJdM6L0crPSCmNMaOlNORLraeEDQR3UJTsPbl
  1528. | dPqM3eVTBxe2kQIhsFPYou+Q/bMUFDt/TpVd3F9zvOXWLsUEN8YM82uxByC/c8iF
  1529. | zpyBwV8hoDM2y71ugktZmxsbd1p6VH6WcptgvPWeMiCmhOZxk8BfK2KMhM2t9KmS
  1530. | FHIiKDIvsALqaHogdspj80406o4pC2LypGeDAqXByGV+iYjMW2S0+phBMf2RcfPb
  1531. | 4EBeakDoVTEhmkii5vZ78zvpxtOfY5UCAwEAAaOCAdUwggHRMB8GA1UdIwQYMBaA
  1532. | FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBRIgH+3IKJ6DNxLMEarV+A/
  1533. | ewfYozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
  1534. | BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
  1535. | CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
  1536. | AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
  1537. | T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
  1538. | BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
  1539. | T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
  1540. | AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBwwGoIMKi5l
  1541. | aG9zdHMuY29tggplaG9zdHMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAbu4Z3vE6t
  1542. | JymvlWFkVNApLUclg8QLOS7DUk09SCoK8a4VeOc3ltwMfdzLgGNCNsHi279a3gug
  1543. | C9cPDKGFAhLMQsp5OL8jgduBu6zyemLqHQgu6mf6anVOha7h6w2AwvJLJxFqgOKh
  1544. | ujMkD7AX+o4bEEyQytsf0B4DcY3k8KTRH2LONkzOYy7nD/Ip/OkfpM6mI3sOTZbR
  1545. | LTuTL0Nggsg8qq5LgOQEfky4rnNIdxGMbxSBRkBe7puHUd+YrV1cvN9XVVWi5Uvk
  1546. | NvE0Qn5joUU+Uxbrz3E03fKE6cY3T7nnO9K0OJad1JdG9AmNDi0DNYHlTxYTEBfG
  1547. | /JBDnli/dc+R
  1548. |_-----END CERTIFICATE-----
  1549. |_ssl-date: 2019-01-26T11:21:27+00:00; 0s from scanner time.
  1550. 995/tcp  open     ssl/pop3    syn-ack     Dovecot pop3d
  1551. |_pop3-capabilities: RESP-CODES SASL(PLAIN LOGIN) AUTH-RESP-CODE UIDL PIPELINING USER TOP CAPA
  1552. | ssl-cert: Subject: commonName=*.ehosts.com/organizationalUnitName=PositiveSSL Wildcard
  1553. | Subject Alternative Name: DNS:*.ehosts.com, DNS:ehosts.com
  1554. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  1555. | Public Key type: rsa
  1556. | Public Key bits: 2048
  1557. | Signature Algorithm: sha256WithRSAEncryption
  1558. | Not valid before: 2017-06-29T00:00:00
  1559. | Not valid after:  2020-06-28T23:59:59
  1560. | MD5:   ee5e 04a9 31fd af5f d6d0 6255 18b8 9631
  1561. | SHA-1: 3eca 971d 9fb1 7e09 af5e ec5e b502 0012 cba2 64b9
  1562. | -----BEGIN CERTIFICATE-----
  1563. | MIIFdTCCBF2gAwIBAgIRAJobvJVJTdRtgCAiGerxb3MwDQYJKoZIhvcNAQELBQAw
  1564. | gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
  1565. | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
  1566. | VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
  1567. | Q0EwHhcNMTcwNjI5MDAwMDAwWhcNMjAwNjI4MjM1OTU5WjCBgTEhMB8GA1UECxMY
  1568. | RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgSG9z
  1569. | dEdhdG9yLmNvbSwgTExDLjEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQx
  1570. | FTATBgNVBAMMDCouZWhvc3RzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
  1571. | AQoCggEBAMkXPh4bJXhKIYpGo/P4yJoSQ00mR5YKjLekJBZT7c0wIsjwG0RG65O0
  1572. | I4MVNhXi5jpRvG16exw0vQNCK+DYJdM6L0crPSCmNMaOlNORLraeEDQR3UJTsPbl
  1573. | dPqM3eVTBxe2kQIhsFPYou+Q/bMUFDt/TpVd3F9zvOXWLsUEN8YM82uxByC/c8iF
  1574. | zpyBwV8hoDM2y71ugktZmxsbd1p6VH6WcptgvPWeMiCmhOZxk8BfK2KMhM2t9KmS
  1575. | FHIiKDIvsALqaHogdspj80406o4pC2LypGeDAqXByGV+iYjMW2S0+phBMf2RcfPb
  1576. | 4EBeakDoVTEhmkii5vZ78zvpxtOfY5UCAwEAAaOCAdUwggHRMB8GA1UdIwQYMBaA
  1577. | FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBRIgH+3IKJ6DNxLMEarV+A/
  1578. | ewfYozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
  1579. | BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
  1580. | CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
  1581. | AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
  1582. | T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
  1583. | BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
  1584. | T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
  1585. | AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBwwGoIMKi5l
  1586. | aG9zdHMuY29tggplaG9zdHMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAbu4Z3vE6t
  1587. | JymvlWFkVNApLUclg8QLOS7DUk09SCoK8a4VeOc3ltwMfdzLgGNCNsHi279a3gug
  1588. | C9cPDKGFAhLMQsp5OL8jgduBu6zyemLqHQgu6mf6anVOha7h6w2AwvJLJxFqgOKh
  1589. | ujMkD7AX+o4bEEyQytsf0B4DcY3k8KTRH2LONkzOYy7nD/Ip/OkfpM6mI3sOTZbR
  1590. | LTuTL0Nggsg8qq5LgOQEfky4rnNIdxGMbxSBRkBe7puHUd+YrV1cvN9XVVWi5Uvk
  1591. | NvE0Qn5joUU+Uxbrz3E03fKE6cY3T7nnO9K0OJad1JdG9AmNDi0DNYHlTxYTEBfG
  1592. | /JBDnli/dc+R
  1593. |_-----END CERTIFICATE-----
  1594. |_ssl-date: 2019-01-26T11:21:29+00:00; 0s from scanner time.
  1595. 2222/tcp open     ssh         syn-ack     OpenSSH 5.3 (protocol 2.0)
  1596. | ssh-hostkey:
  1597. |   1024 83:da:a6:46:5f:63:87:a2:21:d3:0a:cf:f6:df:4f:9e (DSA)
  1598. | ssh-dss AAAAB3NzaC1kc3MAAACBAJgrRciw6d/KMhkjTWXmh3djSgSfBkYgLIriFte+P+1OIp0Mtd8d4L8oPjdW3P5j8WT++36rHixkP3m9NNYx3w1C5pztLvViTm24YQuxnTguyWjhkv9rFz1AVvB8OMSF2Qas0e8lLuRyZL16Rrf/9wTuSgXhXbotolnrRY2vgTblAAAAFQCcLo34TyEYtwCmg62/8Q0S2mSLIQAAAIBzDCCpqhSwcJd6PNR08eYYmyfbbYjJhqLzrj9zbQRZ/aFDmEtqFcy7NQOeE+gTWnDvugeIqzGEaX2YQlePaJ37R/iwWUTHkIA5XR+cph6Ax3KPFhQklfoIC7dHyBBwsy+QTYqyBIYdIrO0nR0YuM8zhhxX5guDp11SMOc98h9PigAAAIAJk3Y0uwg2TaizcmBECUHB+v6Ck3UIWIPr3fB+1xLlPZkczhAKW8nFULTnnHQzXaPxc21S62WL0wCkVsTr2plGXAw5aK72k8/EYVWwJoxAJqBmNOZkir3OCANoex38X26l4QJR8WV462o+x7pkIjd6pu42Gc9Y7z1iC8vEm93OMQ==
  1599. |   2048 6f:cf:b6:9b:6e:bf:87:f6:f0:96:87:3a:86:a9:fd:58 (RSA)
  1600. |_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo8V24YsBXDnYjssF9FgatdeyCyDTg76G+XqK+ufxJT1Jp1xC/BaYPI4TwFHAFT9xPYbL4NKMwPd6Rx9QQLqZAFdWAIyOE+kq9mrx5FNHgNk9j7N2J+544+DoFPnlHqOU+cMKSMHCY1WWzYUEJCtRn9oZr92l+QImQCfJ049Xw9wn+KPSYBQ+qvAMwzbJP9aSclYbF7MUM03ZMWYjQn2voVuraap8fso2YVbRVBUs2b1ya3vxC4B6NqRzqy6MZN4bCANurP1zzwCS5X7EAQ4lyuVP9kWT40kUkj1aOyrlXf7B3sLLTiW8HJeMOGcqXObxnym0lnu/t/uLpisDX2+T4Q==
  1601. 3306/tcp open     mysql       syn-ack     MySQL 5.6.41-84.1
  1602. | mysql-info:
  1603. |   Protocol: 10
  1604. |   Version: 5.6.41-84.1
  1605. |   Thread ID: 53832518
  1606. |   Capabilities flags: 65535
  1607. |   Some Capabilities: Support41Auth, FoundRows, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, SupportsCompression, ConnectWithDatabase, SupportsTransactions, LongPassword, ODBCClient, LongColumnFlag, InteractiveClient, SwitchToSSLAfterHandshake, IgnoreSigpipes, DontAllowDatabaseTableColumn, Speaks41ProtocolNew, Speaks41ProtocolOld, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
  1608. |   Status: Autocommit
  1609. |   Salt: nc'7|.jO+'$|hr%]*SHL
  1610. |_  Auth Plugin Name: 84
  1611. 5432/tcp open     postgresql  syn-ack     PostgreSQL DB
  1612. | fingerprint-strings:
  1613. |   SMBProgNeg:
  1614. |     SFATAL
  1615. |     C0A000
  1616. |     Munsupported frontend protocol 65363.19778: server supports 1.0 to 3.0
  1617. |     Fpostmaster.c
  1618. |     L1624
  1619. |_    RProcessStartupPacket
  1620. 8080/tcp open     http        syn-ack     nginx 1.14.1
  1621. | http-methods:
  1622. |_  Supported Methods: OPTIONS HEAD GET POST
  1623. |_http-server-header: nginx/1.14.1
  1624. |_http-title: Site doesn't have a title (text/html).
  1625. 8443/tcp open     ssl/http    syn-ack     nginx 1.14.1
  1626. | http-methods:
  1627. |_  Supported Methods: OPTIONS HEAD GET POST
  1628. |_http-server-header: nginx/1.14.1
  1629. |_http-title: Site doesn't have a title (text/html).
  1630. | ssl-cert: Subject: commonName=*.ehosts.com/organizationalUnitName=PositiveSSL Wildcard
  1631. | Subject Alternative Name: DNS:*.ehosts.com, DNS:ehosts.com
  1632. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  1633. | Public Key type: rsa
  1634. | Public Key bits: 2048
  1635. | Signature Algorithm: sha256WithRSAEncryption
  1636. | Not valid before: 2017-06-29T00:00:00
  1637. | Not valid after:  2020-06-28T23:59:59
  1638. | MD5:   ee5e 04a9 31fd af5f d6d0 6255 18b8 9631
  1639. | SHA-1: 3eca 971d 9fb1 7e09 af5e ec5e b502 0012 cba2 64b9
  1640. | -----BEGIN CERTIFICATE-----
  1641. | MIIFdTCCBF2gAwIBAgIRAJobvJVJTdRtgCAiGerxb3MwDQYJKoZIhvcNAQELBQAw
  1642. | gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
  1643. | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
  1644. | VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
  1645. | Q0EwHhcNMTcwNjI5MDAwMDAwWhcNMjAwNjI4MjM1OTU5WjCBgTEhMB8GA1UECxMY
  1646. | RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgSG9z
  1647. | dEdhdG9yLmNvbSwgTExDLjEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQx
  1648. | FTATBgNVBAMMDCouZWhvc3RzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
  1649. | AQoCggEBAMkXPh4bJXhKIYpGo/P4yJoSQ00mR5YKjLekJBZT7c0wIsjwG0RG65O0
  1650. | I4MVNhXi5jpRvG16exw0vQNCK+DYJdM6L0crPSCmNMaOlNORLraeEDQR3UJTsPbl
  1651. | dPqM3eVTBxe2kQIhsFPYou+Q/bMUFDt/TpVd3F9zvOXWLsUEN8YM82uxByC/c8iF
  1652. | zpyBwV8hoDM2y71ugktZmxsbd1p6VH6WcptgvPWeMiCmhOZxk8BfK2KMhM2t9KmS
  1653. | FHIiKDIvsALqaHogdspj80406o4pC2LypGeDAqXByGV+iYjMW2S0+phBMf2RcfPb
  1654. | 4EBeakDoVTEhmkii5vZ78zvpxtOfY5UCAwEAAaOCAdUwggHRMB8GA1UdIwQYMBaA
  1655. | FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBRIgH+3IKJ6DNxLMEarV+A/
  1656. | ewfYozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
  1657. | BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
  1658. | CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
  1659. | AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
  1660. | T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
  1661. | BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
  1662. | T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
  1663. | AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBwwGoIMKi5l
  1664. | aG9zdHMuY29tggplaG9zdHMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAbu4Z3vE6t
  1665. | JymvlWFkVNApLUclg8QLOS7DUk09SCoK8a4VeOc3ltwMfdzLgGNCNsHi279a3gug
  1666. | C9cPDKGFAhLMQsp5OL8jgduBu6zyemLqHQgu6mf6anVOha7h6w2AwvJLJxFqgOKh
  1667. | ujMkD7AX+o4bEEyQytsf0B4DcY3k8KTRH2LONkzOYy7nD/Ip/OkfpM6mI3sOTZbR
  1668. | LTuTL0Nggsg8qq5LgOQEfky4rnNIdxGMbxSBRkBe7puHUd+YrV1cvN9XVVWi5Uvk
  1669. | NvE0Qn5joUU+Uxbrz3E03fKE6cY3T7nnO9K0OJad1JdG9AmNDi0DNYHlTxYTEBfG
  1670. | /JBDnli/dc+R
  1671. |_-----END CERTIFICATE-----
  1672. |_ssl-date: TLS randomness does not represent time
  1673. | tls-alpn:
  1674. |   h2
  1675. |_  http/1.1
  1676. | tls-nextprotoneg:
  1677. |   h2
  1678. |_  http/1.1
  1679. 3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
  1680. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
  1681. SF-Port26-TCP:V=7.70%I=7%D=1/26%Time=5C4C4281%P=x86_64-pc-linux-gnu%r(NULL
  1682. SF:,6F,"550-\"\[184\.75\.211\.220\]:51448\x20is\x20in\x20an\x20RBL\x20on\x
  1683. SF:20bl\.websitewelcome\.com,\x20see\x20Blocked\r\n550\x20-\x20Too\x20many
  1684. SF:\x20failed\x20logins\"\r\n");
  1685. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
  1686. SF-Port587-TCP:V=7.70%I=7%D=1/26%Time=5C4C4281%P=x86_64-pc-linux-gnu%r(NUL
  1687. SF:L,6F,"550-\"\[184\.75\.211\.220\]:41390\x20is\x20in\x20an\x20RBL\x20on\
  1688. SF:x20bl\.websitewelcome\.com,\x20see\x20Blocked\r\n550\x20-\x20Too\x20man
  1689. SF:y\x20failed\x20logins\"\r\n");
  1690. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
  1691. SF-Port5432-TCP:V=7.70%I=7%D=1/26%Time=5C4C4287%P=x86_64-pc-linux-gnu%r(SM
  1692. SF:BProgNeg,85,"E\0\0\0\x84SFATAL\0C0A000\0Munsupported\x20frontend\x20pro
  1693. SF:tocol\x2065363\.19778:\x20server\x20supports\x201\.0\x20to\x203\.0\0Fpo
  1694. SF:stmaster\.c\0L1624\0RProcessStartupPacket\0\0");
  1695. Device type: WAP|router|storage-misc
  1696. Running: Linux 2.4.X|2.6.X, MikroTik RouterOS 5.X, Netgear RAIDiator 4.X
  1697. OS CPE: cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:mikrotik:routeros:5.25 cpe:/o:linux:linux_kernel:2.6.35 cpe:/o:netgear:raidiator:4.1.4
  1698. OS details: DD-WRT v23 (Linux 2.4.36), MikroTik RouterOS 5.25 (Linux 2.6.35), Netgear ReadyNAS Duo NAS device (RAIDiator 4.1.4)
  1699. TCP/IP fingerprint:
  1700. OS:SCAN(V=7.70%E=4%D=1/26%OT=21%CT=1%CU=33469%PV=N%DS=18%DC=T%G=N%TM=5C4C42
  1701. OS:C0%P=x86_64-pc-linux-gnu)SEQ(SP=100%GCD=1%ISR=106%TI=Z%II=I%TS=7)SEQ(II=
  1702. OS:I%TS=7)OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%
  1703. OS:O5=M4B3ST11NW7%O6=M4B3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W
  1704. OS:6=7120)ECN(R=Y%DF=Y%T=41%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y
  1705. OS:%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=
  1706. OS:Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=
  1707. OS:G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
  1708.  
  1709. Uptime guess: 364.245 days (since Sat Jan 27 00:29:30 2018)
  1710. Network Distance: 18 hops
  1711. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  1712.  
  1713. Host script results:
  1714. |_clock-skew: mean: 0s, deviation: 0s, median: 0s
  1715.  
  1716. TRACEROUTE (using proto 1/icmp)
  1717. HOP RTT      ADDRESS
  1718. 1   34.88 ms 10.244.200.1
  1719. 2   35.23 ms 184.75.211.209
  1720. 3   35.50 ms 38.104.156.9
  1721. 4   35.83 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
  1722. 5   35.49 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
  1723. 6   42.70 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
  1724. 7   51.69 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
  1725. 8   62.14 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
  1726. 9   72.27 ms be2433.ccr32.dfw01.atlas.cogentco.com (154.54.3.213)
  1727. 10  77.49 ms be2443.ccr42.iah01.atlas.cogentco.com (154.54.44.229)
  1728. 11  78.08 ms 154.54.30.174
  1729. 12  79.50 ms be3631.nr51.b023723-0.iah02.atlas.cogentco.com (154.24.30.38)
  1730. 13  78.68 ms 38.122.196.2
  1731. 14  80.10 ms 216.117.50.150
  1732. 15  78.71 ms po101.router2b.hou1.net.unifiedlayer.com (162.241.0.9)
  1733. 16  78.15 ms 108.167.150.109
  1734. 17  78.68 ms 108.167.134.118
  1735. 18  78.18 ms vps.httpdoispontos.com.br (108.167.137.202)
  1736.  
  1737. NSE: Script Post-scanning.
  1738. NSE: Starting runlevel 1 (of 2) scan.
  1739. Initiating NSE at 06:21
  1740. Completed NSE at 06:21, 0.00s elapsed
  1741. NSE: Starting runlevel 2 (of 2) scan.
  1742. Initiating NSE at 06:21
  1743. Completed NSE at 06:21, 0.00s elapsed
  1744. Read data files from: /usr/bin/../share/nmap
  1745. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1746. Nmap done: 1 IP address (1 host up) scanned in 66.13 seconds
  1747.            Raw packets sent: 103 (6.376KB) | Rcvd: 36 (3.392KB)
  1748. #######################################################################################################################################
  1749. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-26 06:21 EST
  1750. NSE: Loaded 148 scripts for scanning.
  1751. NSE: Script Pre-scanning.
  1752. Initiating NSE at 06:21
  1753. Completed NSE at 06:21, 0.00s elapsed
  1754. Initiating NSE at 06:21
  1755. Completed NSE at 06:21, 0.00s elapsed
  1756. Initiating Parallel DNS resolution of 1 host. at 06:21
  1757. Completed Parallel DNS resolution of 1 host. at 06:21, 0.02s elapsed
  1758. Initiating UDP Scan at 06:21
  1759. Scanning vps.httpdoispontos.com.br (108.167.137.202) [14 ports]
  1760. Discovered open port 53/udp on 108.167.137.202
  1761. Increasing send delay for 108.167.137.202 from 0 to 50 due to max_successful_tryno increase to 5
  1762. Completed UDP Scan at 06:21, 6.02s elapsed (14 total ports)
  1763. Initiating Service scan at 06:21
  1764. Scanning 1 service on vps.httpdoispontos.com.br (108.167.137.202)
  1765. Completed Service scan at 06:21, 0.08s elapsed (1 service on 1 host)
  1766. Initiating OS detection (try #1) against vps.httpdoispontos.com.br (108.167.137.202)
  1767. Retrying OS detection (try #2) against vps.httpdoispontos.com.br (108.167.137.202)
  1768. Initiating Traceroute at 06:21
  1769. Completed Traceroute at 06:21, 7.10s elapsed
  1770. Initiating Parallel DNS resolution of 1 host. at 06:21
  1771. Completed Parallel DNS resolution of 1 host. at 06:21, 0.02s elapsed
  1772. NSE: Script scanning 108.167.137.202.
  1773. Initiating NSE at 06:21
  1774. Completed NSE at 06:21, 0.18s elapsed
  1775. Initiating NSE at 06:21
  1776. Completed NSE at 06:21, 0.00s elapsed
  1777. Nmap scan report for vps.httpdoispontos.com.br (108.167.137.202)
  1778. Host is up (0.075s latency).
  1779.  
  1780. PORT     STATE    SERVICE      VERSION
  1781. 53/udp   open     domain       ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  1782. | dns-nsid:
  1783. |_  bind.version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3
  1784. 67/udp   closed   dhcps
  1785. 68/udp   closed   dhcpc
  1786. 69/udp   closed   tftp
  1787. 88/udp   closed   kerberos-sec
  1788. 123/udp  closed   ntp
  1789. 137/udp  filtered netbios-ns
  1790. 138/udp  filtered netbios-dgm
  1791. 139/udp  closed   netbios-ssn
  1792. 161/udp  closed   snmp
  1793. 162/udp  closed   snmptrap
  1794. 389/udp  closed   ldap
  1795. 520/udp  closed   route
  1796. 2049/udp closed   nfs
  1797. Too many fingerprints match this host to give specific OS details
  1798. Network Distance: 18 hops
  1799. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  1800.  
  1801. TRACEROUTE (using port 138/udp)
  1802. HOP RTT      ADDRESS
  1803. 1   ... 8
  1804. 9   34.94 ms 10.244.200.1
  1805. 10  ... 11
  1806. 12  35.29 ms 10.244.200.1
  1807. 13  35.46 ms 10.244.200.1
  1808. 14  35.45 ms 10.244.200.1
  1809. 15  35.44 ms 10.244.200.1
  1810. 16  35.43 ms 10.244.200.1
  1811. 17  35.42 ms 10.244.200.1
  1812. 18  35.43 ms 10.244.200.1
  1813. 19  34.02 ms 10.244.200.1
  1814. 20  35.93 ms 10.244.200.1
  1815. 21  ... 28
  1816. 29  37.56 ms 10.244.200.1
  1817. 30  36.18 ms 10.244.200.1
  1818.  
  1819. NSE: Script Post-scanning.
  1820. Initiating NSE at 06:21
  1821. Completed NSE at 06:21, 0.00s elapsed
  1822. Initiating NSE at 06:21
  1823. Completed NSE at 06:21, 0.00s elapsed
  1824. Read data files from: /usr/bin/../share/nmap
  1825. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1826. Nmap done: 1 IP address (1 host up) scanned in 16.30 seconds
  1827.            Raw packets sent: 125 (5.712KB) | Rcvd: 42 (4.149KB)
  1828. #######################################################################################################################################
  1829.                                             Anonymous JTSEC  #OpDomesticTerrorism Full Recon #2
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top