API tools faq
paste
Advertisement
JTSEC1333

Anonymous JTSEC #OpIsraël Full Recon #16

JTSEC1333
Apr 1st, 2019
883
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 67.47 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. ======================================================================================================================================
  3. Hostname www.scr.co.il ISP Bezeq International
  4. Continent Asia Flag
  5. IL
  6. Country Israel Country Code IL
  7. Region Unknown Local time 01 Apr 2019 22:52 IDT
  8. City Unknown Postal Code Unknown
  9. IP Address 62.219.65.80 Latitude 31.5
  10. Longitude 34.75
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > www.scr.co.il
  14. Server: 185.93.180.131
  15. Address: 185.93.180.131#53
  16.  
  17. Non-authoritative answer:
  18. Name: www.scr.co.il
  19. Address: 62.219.65.80
  20. >
  21. #######################################################################################################################################
  22.  
  23. query: scr.co.il
  24.  
  25. reg-name: scr
  26. domain: scr.co.il
  27.  
  28. descr: S.C.R. Engineers L.T.D
  29. descr: P.O.Box 564 Netanya
  30. descr: 42104
  31. descr: Israel
  32. phone: +972 9 8652050
  33. fax-no: +972 9 8650703
  34. admin-c: PG-HF3723-IL
  35. tech-c: PG-HF3723-IL
  36. zone-c: PG-HF3723-IL
  37. nserver: dns.netvision.net.il
  38. nserver: nypop.elron.net
  39. validity: 25-11-2019
  40. DNSSEC: unsigned
  41. status: Transfer Locked
  42. changed: registrar AT ns.il 19991125 (Assigned)
  43. changed: registrar AT ns.il 20000328 (Changed)
  44. changed: domain-registrar AT isoc.org.il 20091104 (Transferred)
  45. changed: domain-registrar AT isoc.org.il 20091104 (Changed)
  46.  
  47. person: Haim Fleminger
  48. address SCR Engineers Ltd.
  49. address 6 Haomanut Street
  50. address Poleg I.Z. Netanya
  51. address 42138
  52. address Israel
  53. phone: +972 9 8652050
  54. fax-no: +972 9 8650703
  55. e-mail: hfleminger AT scr.co.il
  56. nic-hdl: PG-HF3723-IL
  57. changed: Managing Registrar 20091104
  58.  
  59. registrar name: Peligon Ltd
  60. registrar info: http://www.webline.co.il/
  61.  
  62. % Rights to the data above are restricted by copyright.
  63. #######################################################################################################################################
  64. HostIP:62.219.65.80
  65. HostName:www.scr.co.il
  66.  
  67. Gathered Inet-whois information for 62.219.65.80
  68. ---------------------------------------------------------------------------------------------------------------------------------------
  69.  
  70.  
  71. inetnum: 62.219.65.64 - 62.219.65.95
  72. netname: S-B-D-TECHNOLOGIES-AND-BUSINESSES-LTD
  73. descr: S-B-D-TECHNOLOGIES-AND-BUSINESSES-LTD-LAN
  74. country: IL
  75. admin-c: BNT1-RIPE
  76. tech-c: BHT2-RIPE
  77. status: ASSIGNED PA
  78. remarks: please send ABUSE complains to abuse@bezeqint.net
  79. mnt-by: AS8551-MNT
  80. mnt-lower: AS8551-MNT
  81. created: 2013-06-02T12:28:03Z
  82. last-modified: 2013-06-02T12:28:03Z
  83. source: RIPE
  84.  
  85. role: BEZEQINT HOSTMASTERS TEAM
  86. address: Bezeq International
  87. address: 40 hashacham st.
  88. address: Petach Tikva 49170 Israel
  89. phone: +972 1 800014014
  90. fax-no: +972 3 9257674
  91. admin-c: MR916-RIPE
  92. tech-c: LBHM-RIPE
  93. tech-c: HMSB-RIPE
  94. nic-hdl: BHT2-RIPE
  95. remarks: Please Send Spam and Abuse ONLY to abuse@bezeqint.net
  96. mnt-by: AS8551-MNT
  97. created: 2002-10-29T10:01:49Z
  98. last-modified: 2009-02-15T12:35:43Z
  99. source: RIPE # Filtered
  100.  
  101. role: BEZEQINT NETWORKING TEAM
  102. address: Bezeq International
  103. address: 40 hashacham st.
  104. address: Petach Tikva 49170 Israel
  105. phone: +972 1 800014014
  106. fax-no: +972 3 9257674
  107. admin-c: MR916-RIPE
  108. tech-c: MR916-RIPE
  109. tech-c: RD1278-RIPE
  110. nic-hdl: BNT1-RIPE
  111. remarks: Please Send Spam and Abuse ONLY to abuse@bezeqint.net
  112. mnt-by: AS8551-MNT
  113. created: 2005-09-27T12:31:29Z
  114. last-modified: 2018-12-05T14:57:44Z
  115. source: RIPE # Filtered
  116.  
  117. % Information related to '62.219.64.0/19AS8551'
  118.  
  119. route: 62.219.64.0/19
  120. descr: BEZEQ-INTERNATIONAL
  121. origin: AS8551
  122. mnt-by: AS8551-MNT
  123. created: 2002-09-09T08:13:29Z
  124. last-modified: 2017-04-05T11:15:09Z
  125. source: RIPE # Filtered
  126.  
  127. % This query was served by the RIPE Database Query Service version 1.93.2 (BLAARKOP)
  128.  
  129.  
  130.  
  131. Gathered Inic-whois information for scr.co.il
  132. ---------------------------------------------------------------------------------------------------------------------------------------
  133. domain: scr.co.il
  134.  
  135. descr: S.C.R. Engineers L.T.D
  136. descr: P.O.Box 564 Netanya
  137. descr: 42104
  138. descr: Israel
  139. phone: +972 9 8652050
  140. fax-no: +972 9 8650703
  141. admin-c: PG-HF3723-IL
  142. tech-c: PG-HF3723-IL
  143. zone-c: PG-HF3723-IL
  144. nserver: dns.netvision.net.il
  145. nserver: nypop.elron.net
  146. validity: 25-11-2019
  147. DNSSEC: unsigned
  148. status: Transfer Locked
  149. changed: registrar AT ns.il 19991125 (Assigned)
  150. changed: registrar AT ns.il 20000328 (Changed)
  151. changed: domain-registrar AT isoc.org.il 20091104 (Transferred)
  152. changed: domain-registrar AT isoc.org.il 20091104 (Changed)
  153.  
  154. person: Haim Fleminger
  155. address SCR Engineers Ltd.
  156. address 6 Haomanut Street
  157. address Poleg I.Z. Netanya
  158. address 42138
  159. address Israel
  160. phone: +972 9 8652050
  161. fax-no: +972 9 8650703
  162. e-mail: hfleminger AT scr.co.il
  163. nic-hdl: PG-HF3723-IL
  164. changed: Managing Registrar 20091104
  165.  
  166. registrar name: Peligon Ltd
  167. registrar info: http://www.webline.co.il/
  168.  
  169. % Rights to the data above are restricted by copyright.
  170.  
  171. Gathered Netcraft information for www.scr.co.il
  172. ---------------------------------------------------------------------------------------------------------------------------------------
  173.  
  174. Retrieving Netcraft.com information for www.scr.co.il
  175. Netcraft.com Information gathered
  176.  
  177. Gathered Subdomain information for scr.co.il
  178. ---------------------------------------------------------------------------------------------------------------------------------------
  179. Searching Google.com:80...
  180. HostName:www.scr.co.il
  181. HostIP:62.219.65.80
  182. Searching Altavista.com:80...
  183. Found 1 possible subdomain(s) for host scr.co.il, Searched 0 pages containing 0 results
  184.  
  185. Gathered E-Mail information for scr.co.il
  186. ---------------------------------------------------------------------------------------------------------------------------------------
  187. Searching Google.com:80...
  188. Searching Altavista.com:80...
  189. Found 0 E-Mail(s) for host scr.co.il, Searched 0 pages containing 0 results
  190.  
  191. Gathered TCP Port information for 62.219.65.80
  192. ---------------------------------------------------------------------------------------------------------------------------------------
  193.  
  194. Port State
  195.  
  196. 21/tcp open
  197. 80/tcp open
  198.  
  199. Portscan Finished: Scanned 150 ports, 3 ports were in state closed
  200. #######################################################################################################################################
  201. [i] Scanning Site: http://www.scr.co.il
  202.  
  203.  
  204.  
  205. B A S I C I N F O
  206. =======================================================================================================================================
  207.  
  208.  
  209. [+] Site Title: Dairy Cow Monitoring and Herd Management Solutions, Precision Dairy Farm Technology | SCR Dairy
  210. [+] IP address: 62.219.65.80
  211. [+] Web Server: Could Not Detect
  212. [+] CMS: Could Not Detect
  213. [+] Cloudflare: Not Detected
  214. [+] Robots File: Found
  215.  
  216. -------------[ contents ]----------------
  217. # If the Joomla site is installed within a folder such as at
  218. # e.g. www.example.com/joomla/ the robots.txt file MUST be
  219. # moved to the site root at e.g. www.example.com/robots.txt
  220. # AND the joomla folder name MUST be prefixed to the disallowed
  221. # path, e.g. the Disallow rule for the /administrator/ folder
  222. # MUST be changed to read Disallow: /joomla/administrator/
  223. #
  224. # For more information about the robots.txt standard, see:
  225. # http://www.robotstxt.org/orig.html
  226. #
  227. # For syntax checking, see:
  228. # http://www.sxw.org.uk/computing/robots/check.html
  229.  
  230. User-agent: *
  231. Disallow: /administrator/
  232. Disallow: /cli/
  233. Disallow: /includes/
  234. Disallow: /installation/
  235. Disallow: /language/
  236. Disallow: /libraries/
  237. Disallow: /logs/
  238. Disallow: /tmp/
  239. Disallow: /de/
  240. Disallow: /cn/
  241. Disallow: /es/
  242. Disallow: /fr/
  243. Disallow: /ru/
  244. Disallow: /tr/
  245.  
  246.  
  247.  
  248.  
  249. -----------[end of contents]-------------
  250.  
  251.  
  252.  
  253. W H O I S L O O K U P
  254. =======================================================================================================================================
  255.  
  256.  
  257. % The data in the WHOIS database of the .il registry is provided
  258. % by ISOC-IL for information purposes, and to assist persons in
  259. % obtaining information about or related to a domain name
  260. % registration record. ISOC-IL does not guarantee its accuracy.
  261. % By submitting a WHOIS query, you agree that you will use this
  262. % Data only for lawful purposes and that, under no circumstances
  263. % will you use this Data to: (1) allow, enable, or otherwise
  264. % support the transmission of mass unsolicited, commercial
  265. % advertising or solicitations via e-mail (spam);
  266. % or (2) enable high volume, automated, electronic processes that
  267. % apply to ISOC-IL (or its systems).
  268. % ISOC-IL reserves the right to modify these terms at any time.
  269. % By submitting this query, you agree to abide by this policy.
  270.  
  271. query: scr.co.il
  272.  
  273. reg-name: scr
  274. domain: scr.co.il
  275.  
  276. descr: S.C.R. Engineers L.T.D
  277. descr: P.O.Box 564 Netanya
  278. descr: 42104
  279. descr: Israel
  280. phone: +972 9 8652050
  281. fax-no: +972 9 8650703
  282. admin-c: PG-HF3723-IL
  283. tech-c: PG-HF3723-IL
  284. zone-c: PG-HF3723-IL
  285. nserver: dns.netvision.net.il
  286. nserver: nypop.elron.net
  287. validity: 25-11-2019
  288. DNSSEC: unsigned
  289. status: Transfer Locked
  290. changed: registrar AT ns.il 19991125 (Assigned)
  291. changed: registrar AT ns.il 20000328 (Changed)
  292. changed: domain-registrar AT isoc.org.il 20091104 (Transferred)
  293. changed: domain-registrar AT isoc.org.il 20091104 (Changed)
  294.  
  295. person: Haim Fleminger
  296. address SCR Engineers Ltd.
  297. address 6 Haomanut Street
  298. address Poleg I.Z. Netanya
  299. address 42138
  300. address Israel
  301. phone: +972 9 8652050
  302. fax-no: +972 9 8650703
  303. e-mail: hfleminger AT scr.co.il
  304. nic-hdl: PG-HF3723-IL
  305. changed: Managing Registrar 20091104
  306.  
  307. registrar name: Peligon Ltd
  308. registrar info: http://www.webline.co.il/
  309.  
  310. % Rights to the data above are restricted by copyright.
  311.  
  312.  
  313.  
  314.  
  315. G E O I P L O O K U P
  316. =======================================================================================================================================
  317.  
  318. [i] IP Address: 62.219.65.80
  319. [i] Country: Israel
  320. [i] State:
  321. [i] City:
  322. [i] Latitude: 31.5
  323. [i] Longitude: 34.75
  324.  
  325.  
  326.  
  327.  
  328. H T T P H E A D E R S
  329. =======================================================================================================================================
  330.  
  331.  
  332. [i] HTTP/1.1 200 OK
  333. [i] Date: Mon, 01 Apr 2019 19:55:14 GMT
  334. [i] X-Logged-In: False
  335. [i] X-Content-Powered-By: K2 v2.7.1 (by JoomlaWorks)
  336. [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  337. [i] Expires: Wed, 17 Aug 2005 00:00:00 GMT
  338. [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  339. [i] Pragma: no-cache
  340. [i] Set-Cookie: 81a3f7b150841a3f229a68b32f3fd55b=s7llf2t3apl6s003hmkh93ek35; path=/; HttpOnly
  341. [i] X-Frame-Options: SAMEORIGIN
  342. [i] Last-Modified: Mon, 01 Apr 2019 19:55:15 GMT
  343. [i] X-Content-Type-Options: nosniff
  344. [i] X-XSS-Protection: 1; mode=block
  345. [i] Cache-Control: no-transform
  346. [i] Content-Type: text/html; charset=utf-8
  347. [i] Connection: close
  348.  
  349.  
  350.  
  351.  
  352. D N S L O O K U P
  353. =======================================================================================================================================
  354.  
  355. scr.co.il. 299 IN NS dns.netvision.net.il.
  356. scr.co.il. 299 IN NS nypop.netvision.net.il.
  357. scr.co.il. 299 IN A 62.219.65.80
  358. scr.co.il. 299 IN MX 5 scan.scr.co.il.
  359. scr.co.il. 299 IN MX 10 mail.scr.co.il.
  360. scr.co.il. 299 IN MX 20 mail2.scr.co.il.
  361. scr.co.il. 299 IN TXT "MS=ms48806877"
  362. scr.co.il. 299 IN TXT "r40e1mnl66prinnktcokrmmced"
  363. scr.co.il. 299 IN SOA dns.netvision.net.il. hostmaster.netvision.net.il. 2019021701 28800 7200 604800 86400
  364.  
  365.  
  366.  
  367.  
  368. S U B N E T C A L C U L A T I O N
  369. =======================================================================================================================================
  370.  
  371. Address = 62.219.65.80
  372. Network = 62.219.65.80 / 32
  373. Netmask = 255.255.255.255
  374. Broadcast = not needed on Point-to-Point links
  375. Wildcard Mask = 0.0.0.0
  376. Hosts Bits = 0
  377. Max. Hosts = 1 (2^0 - 0)
  378. Host Range = { 62.219.65.80 - 62.219.65.80 }
  379.  
  380.  
  381.  
  382. N M A P P O R T S C A N
  383. =======================================================================================================================================
  384.  
  385. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 19:57 UTC
  386. Nmap scan report for scr.co.il (62.219.65.80)
  387. Host is up (0.13s latency).
  388. rDNS record for 62.219.65.80: bzq-65-80.red.bezeqint.net
  389.  
  390. PORT STATE SERVICE
  391. 21/tcp open ftp
  392. 22/tcp filtered ssh
  393. 23/tcp filtered telnet
  394. 80/tcp open http
  395. 110/tcp filtered pop3
  396. 143/tcp filtered imap
  397. 443/tcp open https
  398. 3389/tcp filtered ms-wbt-server
  399.  
  400. Nmap done: 1 IP address (1 host up) scanned in 2.06 seconds
  401.  
  402.  
  403.  
  404. S U B - D O M A I N F I N D E R
  405. =======================================================================================================================================
  406.  
  407.  
  408. [i] Total Subdomains Found : 6
  409.  
  410. [+] Subdomain: mail.scr.co.il
  411. [-] IP: 82.166.61.33
  412.  
  413. [+] Subdomain: scan.scr.co.il
  414. [-] IP: 82.80.219.24
  415.  
  416. [+] Subdomain: autodiscover.scr.co.il
  417. [-] IP: 82.166.61.33
  418.  
  419. [+] Subdomain: orders.scr.co.il
  420. [-] IP: 82.166.61.35
  421.  
  422. [+] Subdomain: www.scr.co.il
  423. [-] IP: 62.219.65.80
  424.  
  425. [+] Subdomain: legacy.scr.co.il
  426. [-] IP: 82.166.61.34
  427. #######################################################################################################################################
  428. [?] Enter the target: example( http://domain.com )
  429. http://www.scr.co.il/
  430. [!] IP Address : 62.219.65.80
  431. [+] Operating System : cPanel
  432. [!] www.scr.co.il doesn't seem to use a CMS
  433. [+] Honeypot Probabilty: 0%
  434. ---------------------------------------------------------------------------------------------------------------------------------------
  435. [~] Trying to gather whois information for www.scr.co.il
  436. [+] Whois information found
  437. [-] Unable to build response, visit https://who.is/whois/www.scr.co.il
  438. ---------------------------------------------------------------------------------------------------------------------------------------
  439. PORT STATE SERVICE
  440. 21/tcp open ftp
  441. 22/tcp filtered ssh
  442. 23/tcp filtered telnet
  443. 80/tcp open http
  444. 110/tcp filtered pop3
  445. 143/tcp filtered imap
  446. 443/tcp open https
  447. 3389/tcp filtered ms-wbt-server
  448. Nmap done: 1 IP address (1 host up) scanned in 2.24 seconds
  449. ---------------------------------------------------------------------------------------------------------------------------------------
  450. There was an error getting results
  451.  
  452. [-] DNS Records
  453. [>] Initiating 3 intel modules
  454. [>] Loading Alpha module (1/3)
  455. [>] Beta module deployed (2/3)
  456. [>] Gamma module initiated (3/3)
  457.  
  458. [+] Emails found:
  459. ---------------------------------------------------------------------------------------------------------------------------------------
  460. pixel-1554148626740030-web-@www.scr.co.il
  461. pixel-1554148628598331-web-@www.scr.co.il
  462. No hosts found
  463. [+] Virtual hosts:
  464. ---------------------------------------------------------------------------------------------------------------------------------------
  465. #######################################################################################################################################
  466. Enter Address Website = scr.co.il
  467.  
  468. Reversing IP With HackTarget 'scr.co.il'
  469. ---------------------------------------------------------------------------------------------------------------------------------------
  470.  
  471. [+] 62.219.65.80
  472. [+] allflexlivestock-gdpr.com
  473. [+] bzq-65-80.red.bezeqint.net
  474. [+] cowintelligence.com
  475. [+] livestockintelligence.com
  476. [+] scr.co.il
  477. [+] scrdairy.com
  478. [+] scr-americas.com
  479. [+] scr-asia.com
  480. [+] scr-dairy.com
  481. [+] scr-europe.com
  482. [+] tracking.scrdairy.com
  483. [+] www.scrdairy.com
  484. [+] www.scr.co.il
  485. #######################################################################################################################################
  486.  
  487. Reverse IP With YouGetSignal 'scr.co.il'
  488. --------------------------------------------------------------------------------------------------------------------------------------
  489.  
  490. [*] IP: 62.219.65.80
  491. [*] Domain: scr.co.il
  492. [*] Total Domains: 4
  493.  
  494. [+] my.solidworks.com
  495. [+] scr.co.il
  496. [+] www.scr.co.il
  497. [+] www.walmart.com
  498. #######################################################################################################################################
  499.  
  500. Geo IP Lookup 'scr.co.il'
  501. ---------------------------------------------------------------------------------------------------------------------------------------
  502.  
  503. [+] IP Address: 62.219.65.80
  504. [+] Country: Israel
  505. [+] State:
  506. [+] City:
  507. [+] Latitude: 31.5
  508. [+] Longitude: 34.75
  509. #######################################################################################################################################
  510.  
  511. Whois 'scr.co.il'
  512. ---------------------------------------------------------------------------------------------------------------------------------------
  513.  
  514. [+] % The data in the WHOIS database of the .il registry is provided
  515. [+] % by ISOC-IL for information purposes, and to assist persons in
  516. [+] % obtaining information about or related to a domain name
  517. [+] % registration record. ISOC-IL does not guarantee its accuracy.
  518. [+] % By submitting a WHOIS query, you agree that you will use this
  519. [+] % Data only for lawful purposes and that, under no circumstances
  520. [+] % will you use this Data to: (1) allow, enable, or otherwise
  521. [+] % support the transmission of mass unsolicited, commercial
  522. [+] % advertising or solicitations via e-mail (spam);
  523. [+] % or (2) enable high volume, automated, electronic processes that
  524. [+] % apply to ISOC-IL (or its systems).
  525. [+] % ISOC-IL reserves the right to modify these terms at any time.
  526. [+] % By submitting this query, you agree to abide by this policy.
  527. [+]
  528. [+] query: scr.co.il
  529. [+] reg-name: scr
  530. [+] domain: scr.co.il
  531. [+] descr: S.C.R. Engineers L.T.D
  532. [+] descr: P.O.Box 564 Netanya
  533. [+] descr: 42104
  534. [+] descr: Israel
  535. [+] phone: +972 9 8652050
  536. [+] fax-no: +972 9 8650703
  537. [+] admin-c: PG-HF3723-IL
  538. [+] tech-c: PG-HF3723-IL
  539. [+] zone-c: PG-HF3723-IL
  540. [+] nserver: dns.netvision.net.il
  541. [+] nserver: nypop.elron.net
  542. [+] validity: 25-11-2019
  543. [+] DNSSEC: unsigned
  544. [+] status: Transfer Locked
  545. [+] changed: registrar AT ns.il 19991125 (Assigned)
  546. [+] changed: registrar AT ns.il 20000328 (Changed)
  547. [+] changed: domain-registrar AT isoc.org.il 20091104 (Transferred)
  548. [+] changed: domain-registrar AT isoc.org.il 20091104 (Changed)
  549. [+] person: Haim Fleminger
  550. [+] address SCR Engineers Ltd.
  551. [+] address 6 Haomanut Street
  552. [+] address Poleg I.Z. Netanya
  553. [+] address 42138
  554. [+] address Israel
  555. [+] phone: +972 9 8652050
  556. [+] fax-no: +972 9 8650703
  557. [+] e-mail: hfleminger AT scr.co.il
  558. [+] nic-hdl: PG-HF3723-IL
  559. [+] changed: Managing Registrar 20091104
  560. [+] registrar name: Peligon Ltd
  561. [+] registrar info: http://www.webline.co.il/
  562. [+] % Rights to the data above are restricted by copyright.
  563. #######################################################################################################################################
  564.  
  565. Bypass Cloudflare 'scr.co.il'
  566. ---------------------------------------------------------------------------------------------------------------------------------------
  567.  
  568. [!] CloudFlare Bypass 91.228.126.107 | ftp.scr.co.il
  569. [!] CloudFlare Bypass 82.166.61.33 | mail.scr.co.il
  570. [!] CloudFlare Bypass 62.219.65.80 | www.scr.co.il
  571. [!] CloudFlare Bypass 212.143.57.176 | mail2.scr.co.il
  572. #######################################################################################################################################
  573.  
  574. DNS Lookup 'scr.co.il'
  575. ---------------------------------------------------------------------------------------------------------------------------------------
  576.  
  577. [+] scr.co.il. 299 IN NS dns.netvision.net.il.
  578. [+] scr.co.il. 299 IN NS nypop.netvision.net.il.
  579. [+] scr.co.il. 299 IN A 62.219.65.80
  580. [+] scr.co.il. 299 IN MX 5 scan.scr.co.il.
  581. [+] scr.co.il. 299 IN MX 10 mail.scr.co.il.
  582. [+] scr.co.il. 299 IN MX 20 mail2.scr.co.il.
  583. [+] scr.co.il. 299 IN TXT "MS=ms48806877"
  584. [+] scr.co.il. 299 IN TXT "r40e1mnl66prinnktcokrmmced"
  585. [+] scr.co.il. 299 IN SOA dns.netvision.net.il. hostmaster.netvision.net.il. 2019021701 28800 7200 604800 86400
  586. #######################################################################################################################################
  587.  
  588. Show HTTP Header 'scr.co.il'
  589. ---------------------------------------------------------------------------------------------------------------------------------------
  590.  
  591. [+] HTTP/1.1 301 Moved Permanently
  592. [+] Date: Mon, 01 Apr 2019 19:55:04 GMT
  593. [+] Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2r mod_bwlimited/1.4
  594. [+] Cache-Control: no-cache
  595. [+] Set-Cookie: 81a3f7b150841a3f229a68b32f3fd55b=5cl8oaj5ds5oskiio337t3v7o4; path=/; HttpOnly
  596. [+] X-Frame-Options: SAMEORIGIN
  597. [+] Location: http://www.scr.co.il/
  598. [+] Cache-Control: max-age=3600, no-transform
  599. [+] Expires: Mon, 01 Apr 2019 20:55:04 GMT
  600. [+] X-Content-Type-Options: nosniff
  601. [+] X-XSS-Protection: 1; mode=block
  602. [+] Content-Type: text/html; charset=utf-8
  603. #######################################################################################################################################
  604.  
  605. Port Scan 'scr.co.il'
  606. ---------------------------------------------------------------------------------------------------------------------------------------
  607.  
  608. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 19:56 UTC
  609. Nmap scan report for scr.co.il (62.219.65.80)
  610. Host is up (0.13s latency).
  611. rDNS record for 62.219.65.80: bzq-65-80.red.bezeqint.net
  612.  
  613. PORT STATE SERVICE
  614. 21/tcp open ftp
  615. 22/tcp filtered ssh
  616. 23/tcp filtered telnet
  617. 80/tcp open http
  618. 110/tcp filtered pop3
  619. 143/tcp filtered imap
  620. 443/tcp open https
  621. 3389/tcp filtered ms-wbt-server
  622.  
  623. Nmap done: 1 IP address (1 host up) scanned in 2.24 seconds
  624. #######################################################################################################################################
  625.  
  626. Traceroute 'scr.co.il'
  627. ---------------------------------------------------------------------------------------------------------------------------------------
  628.  
  629. Start: 2019-04-01T19:57:03+0000
  630. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  631. 1.|-- 45.79.12.202 0.0% 3 1.0 0.9 0.6 1.3 0.3
  632. 2.|-- 45.79.12.2 0.0% 3 1.0 0.8 0.5 1.0 0.3
  633. 3.|-- ix-et-5-1-2-0.tcore1.dt8-dallas.as6453.net 0.0% 3 1.3 5.0 1.3 12.3 6.3
  634. 4.|-- if-ae-37-3.tcore1.aeq-ashburn.as6453.net 0.0% 3 105.3 105.1 104.9 105.3 0.2
  635. 5.|-- if-ae-2-2.tcore2.aeq-ashburn.as6453.net 0.0% 3 105.2 105.0 104.8 105.2 0.2
  636. 6.|-- if-ae-12-4.tcore4.njy-newark.as6453.net 0.0% 3 106.3 105.4 104.8 106.3 0.8
  637. 7.|-- if-ae-1-3.tcore3.njy-newark.as6453.net 0.0% 3 104.7 104.5 104.3 104.7 0.2
  638. 8.|-- if-ae-15-2.tcore1.l78-london.as6453.net 0.0% 3 105.5 105.2 104.8 105.5 0.3
  639. 9.|-- if-ae-35-2.thar1.lrt-london.as6453.net 0.0% 3 104.9 110.2 104.9 120.4 8.8
  640. 10.|-- 195.219.100.130 0.0% 3 105.8 105.4 105.1 105.8 0.4
  641. 11.|-- bzq-179-124-50.cust.bezeqint.net 0.0% 3 166.2 166.2 166.2 166.2 0.0
  642. 12.|-- bzq-219-189-217.dsl.bezeqint.net 0.0% 3 166.4 167.3 166.4 168.8 1.3
  643. 13.|-- bzq-218-77-82.red.bezeqint.net 0.0% 3 162.7 162.3 162.0 162.7 0.4
  644. 14.|-- bzq-65-80.red.bezeqint.net 0.0% 3 167.7 166.9 166.4 167.7 0.7
  645. #######################################################################################################################################
  646.  
  647. Ping 'scr.co.il'
  648. ---------------------------------------------------------------------------------------------------------------------------------------
  649.  
  650. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-04-01 19:57 UTC
  651. SENT (0.0045s) ICMP [104.237.144.6 > 62.219.65.80 Echo request (type=8/code=0) id=9699 seq=1] IP [ttl=64 id=16682 iplen=28 ]
  652. RCVD (0.2049s) ICMP [62.219.65.80 > 104.237.144.6 Echo reply (type=0/code=0) id=9699 seq=1] IP [ttl=56 id=59089 iplen=28 ]
  653. SENT (1.0049s) ICMP [104.237.144.6 > 62.219.65.80 Echo request (type=8/code=0) id=9699 seq=2] IP [ttl=64 id=16682 iplen=28 ]
  654. RCVD (1.2249s) ICMP [62.219.65.80 > 104.237.144.6 Echo reply (type=0/code=0) id=9699 seq=2] IP [ttl=56 id=59090 iplen=28 ]
  655. SENT (2.0068s) ICMP [104.237.144.6 > 62.219.65.80 Echo request (type=8/code=0) id=9699 seq=3] IP [ttl=64 id=16682 iplen=28 ]
  656. RCVD (2.2444s) ICMP [62.219.65.80 > 104.237.144.6 Echo reply (type=0/code=0) id=9699 seq=3] IP [ttl=56 id=59091 iplen=28 ]
  657. SENT (3.0083s) ICMP [104.237.144.6 > 62.219.65.80 Echo request (type=8/code=0) id=9699 seq=4] IP [ttl=64 id=16682 iplen=28 ]
  658. RCVD (3.2645s) ICMP [62.219.65.80 > 104.237.144.6 Echo reply (type=0/code=0) id=9699 seq=4] IP [ttl=56 id=59092 iplen=28 ]
  659.  
  660. Max rtt: 256.211ms | Min rtt: 200.326ms | Avg rtt: 228.337ms
  661. Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
  662. Nping done: 1 IP address pinged in 3.27 seconds
  663. #######################################################################################################################################
  664. =======================================================================================================================================
  665. | External hosts:
  666. | [+] External Host Found: http://www.es.scrdairy.com
  667. | [+] External Host Found: http://tracking.scrdairy.com
  668. | [+] External Host Found: http://scrdairy.com
  669. | [+] External Host Found: http://elearn.experteam.co.il
  670. | [+] External Host Found: http://www.ru.scrdairy.com
  671. | [+] External Host Found: http://www.scrdairy.com
  672. | [+] External Host Found: http://www.tr.scrdairy.com
  673. | [+] External Host Found: http://www.fr.scrdairy.com
  674. | [+] External Host Found: http://www.cn.scrdairy.com
  675. | [+] External Host Found: http://www.de.scrdairy.com
  676. | [+] External Host Found: http://ie7-js.googlecode.com
  677. | [+] External Host Found: http://www.google.com
  678. | [+] External Host Found: http://www.allflex.by
  679. | [+] External Host Found: http://www.gnu.org
  680. =======================================================================================================================================
  681. | E-mails:
  682. | [+] E-mail Found: mrica@scrdairy.com
  683. | [+] E-mail Found: arthurr@scrdairy.com
  684. | [+] E-mail Found: hub@allflex.co.uk
  685. | [+] E-mail Found: rnit.sade-benkin@scrdairy.com
  686. | [+] E-mail Found: jobs@scrdairy.com
  687. | [+] E-mail Found: eduardo@stratigo.com
  688. | [+] E-mail Found: yaniv@ijoomla.co.il
  689. | [+] E-mail Found: mailman@www.scr.co.il
  690. =======================================================================================================================================
  691. #######################################################################################################################################
  692. ; <<>> DiG 9.11.5-P4-1-Debian <<>> scr.co.il
  693. ;; global options: +cmd
  694. ;; Got answer:
  695. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32658
  696. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  697.  
  698. ;; OPT PSEUDOSECTION:
  699. ; EDNS: version: 0, flags:; udp: 4096
  700. ;; QUESTION SECTION:
  701. ;scr.co.il. IN A
  702.  
  703. ;; ANSWER SECTION:
  704. scr.co.il. 300 IN A 62.219.65.80
  705.  
  706. ;; Query time: 119 msec
  707. ;; SERVER: 185.93.180.131#53(185.93.180.131)
  708. ;; WHEN: lun avr 01 16:24:17 EDT 2019
  709. ;; MSG SIZE rcvd: 54
  710. #######################################################################################################################################
  711. ; <<>> DiG 9.11.5-P4-1-Debian <<>> +trace scr.co.il
  712. ;; global options: +cmd
  713. . 83409 IN NS l.root-servers.net.
  714. . 83409 IN NS i.root-servers.net.
  715. . 83409 IN NS d.root-servers.net.
  716. . 83409 IN NS a.root-servers.net.
  717. . 83409 IN NS b.root-servers.net.
  718. . 83409 IN NS c.root-servers.net.
  719. . 83409 IN NS h.root-servers.net.
  720. . 83409 IN NS e.root-servers.net.
  721. . 83409 IN NS k.root-servers.net.
  722. . 83409 IN NS g.root-servers.net.
  723. . 83409 IN NS m.root-servers.net.
  724. . 83409 IN NS j.root-servers.net.
  725. . 83409 IN NS f.root-servers.net.
  726. . 83409 IN RRSIG NS 8 0 518400 20190414170000 20190401160000 25266 . IvibDHC58rgKJiQdmTUdu9Zh7ImIo1sYMHIj4eTujf9DYSEwYYXfYahP ekE/Yt5BHe0ZLBSt8ekz7xFtHQPs3ozESB0Zj88t9qxDyVcDj7/nEwWZ XwpKQwZQZ+vawFqC6wsP5bQqabEtzGTwggNhDyZt+zRC0r7n0hho3nbU hk15L7t0k6dk6HCKjmQNvyceaOATNd8TyEHSSd21hBS5siOcEi0aGVlC YFp2QeJ2oSiKevou5iPdXN4MvHvNtKy6EAHAQ8wWawpArfCRcX14v596 gl+e6mX2Yl1Kjjx6fSNwf+bRWYmUyP2VjwrKxvgmiuUF0IHAu386M0r3 fA7S2Q==
  727. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 113 ms
  728.  
  729. il. 172800 IN NS nsa.ns.il.
  730. il. 172800 IN NS ns2.ns.il.
  731. il. 172800 IN NS ns1.ns.il.
  732. il. 172800 IN NS lookup.iucc.ac.il.
  733. il. 172800 IN NS ilns.ilan.net.il.
  734. il. 172800 IN NS sns-pb.isc.org.
  735. il. 172800 IN NS ns3.ns.il.
  736. il. 172800 IN NS nsb.ns.il.
  737. il. 172800 IN NS nse.ns.il.
  738. il. 86400 IN DS 44729 8 2 7FA5A2FD091C340D4A01864B4F82D66D0769F3D3A0A1C48F8ABD2A64 B1689921
  739. il. 86400 IN RRSIG DS 8 1 86400 20190414170000 20190401160000 25266 . sqNho5uv1BXhTjgaQH9wFZhs/7SDr+Qdp1SlJcAwmU1lGVLg2Myp3erB QA5ROtA4S/TYMKQZe/BuVJxdC/zl4CBkV6O6qIMEs5RRUTknEDSXJ0vQ KW6Mk37Uj3CZgZ5Xr51N/+KwLTbvtnk4ZR4Fy2YWtDIOncA/zPZiGljm 2Sx6T/2AofbBLfPecyip3yErvXz2oH7QE2G7ViWOqObCRI8tOo+wfdDb GodME3/mxJ3II6uymdKKh1ChAPJ53Nz0mzxhKceCC6YgbbDGZHJuw/jG eGBiJ/6zVjmDus76h/kApS5B+NZjxUJNo7FV9C2SkfOC0FmVxVi98ATY HRTXRQ==
  740. ;; Received 853 bytes from 193.0.14.129#53(k.root-servers.net) in 161 ms
  741.  
  742. scr.co.il. 86400 IN NS dns.netvision.net.il.
  743. scr.co.il. 86400 IN NS nypop.elron.net.
  744. i4ng30e6ho1oogjus9gnuf4ho8qjr729.co.il. 86400 IN NSEC3 1 1 10 7CE12AF346933CF2 I808NA34LO7Q55K3FAOBFSHSVU39TF9J NS SOA RRSIG DNSKEY NSEC3PARAM
  745. i4ng30e6ho1oogjus9gnuf4ho8qjr729.co.il. 86400 IN RRSIG NSEC3 8 3 86400 20190502170905 20190401160905 55359 co.il. n9NbyLWxic8IYSkAG6ZIP3IDZw5Ew4ribWhJz1fJd9nkQmn9BU+2wlCT WarmxHEd1c9xNv+VeLsszhCUhA+SwqtCmbHrq6koXPphBEx1qqLLoRMj lieS8XBY3yOMaM4evG4dUJFU6ueHP1907aOpGwTRy8yOifhqjYlBtw8M CmskxkybHuGdMh6C59E51yqWdtadiXml0jGgOzBZNwAwhk7oJAu8B7zS tS0cx23DIxVVY+NWjaPUtGt0QF0Kh8DHfwSOF1/av0CQfI+aEZ2rmKfq lSm/FIVAEZDLtvBLQIQPVMdWYJfs8PUMTJdU+Ud3Vwv6Uc5axCJhYGLx oZ9rDw==
  746. 0jsg9mm8m4cjiarepvoegihiupe14ubs.co.il. 86400 IN NSEC3 1 1 10 7CE12AF346933CF2 44FKD0BLV6IE1MQGENRH0E6K3QBV3VF1 NS DS RRSIG
  747. 0jsg9mm8m4cjiarepvoegihiupe14ubs.co.il. 86400 IN RRSIG NSEC3 8 3 86400 20190502170905 20190401160905 55359 co.il. Nscea9Ry/iorB2zylcTK9D8zADFYU2PKnioLaF5sd+kxK0qXO2KhFb0E 5VHTXTWdC6dIRosiqZXFqLD7JTPmZA4y7MmU1ZCsu2ufxgIvHzPEzVFp qTiRVkxtEhR3Csz/lGdrUbYMRugGUedyddh/SarjdF6pt/ZYCY6UmknF jcZ1rYzyZdg7hAKaiSziy45Li+cewykPi5kYsXro4amxTnEwR+JpnmOn dEwrxocHTQD1+TaZmLXRyApAgfZV/+fx58W4ec+LKzCYBEtkIYiYPhTD bmf6k1xGEVjpD0qwPrSRdVy9VjK58uWDA+HJYyJnt73/VkrdBo26qixJ HnDoPw==
  748. ;; Received 860 bytes from 2600:2000:3005::1#53(ns2.ns.il) in 35 ms
  749.  
  750. scr.co.il. 300 IN A 62.219.65.80
  751. scr.co.il. 300 IN NS dns.netvision.net.il.
  752. scr.co.il. 300 IN NS nypop.netvision.net.il.
  753. ;; Received 106 bytes from 194.90.1.5#53(dns.netvision.net.il) in 119 ms
  754. #######################################################################################################################################
  755. [*] Performing General Enumeration of Domain: scr.co.il
  756. [-] DNSSEC is not configured for scr.co.il
  757. [*] SOA dns.netvision.net.il 194.90.1.5
  758. [*] NS dns.netvision.net.il 194.90.1.5
  759. [*] NS nypop.netvision.net.il 199.203.1.20
  760. [*] MX scan.scr.co.il 82.80.219.24
  761. [*] MX mail.scr.co.il 82.166.61.33
  762. [*] MX mail2.scr.co.il 212.143.57.176
  763. [*] A scr.co.il 62.219.65.80
  764. [*] TXT scr.co.il MS=ms48806877
  765. [*] TXT scr.co.il r40e1mnl66prinnktcokrmmced
  766. [*] Enumerating SRV Records
  767. [-] No SRV Records Found for scr.co.il
  768. [+] 0 Records Found
  769. #######################################################################################################################################
  770. [*] Processing domain scr.co.il
  771. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  772. [+] Getting nameservers
  773. 194.90.1.5 - dns.netvision.net.il
  774. 199.203.1.20 - nypop.netvision.net.il
  775. [-] Zone transfer failed
  776.  
  777. [+] TXT records found
  778. "MS=ms48806877"
  779. "r40e1mnl66prinnktcokrmmced"
  780.  
  781. [+] MX records found, added to target list
  782. 5 scan.scr.co.il.
  783. 10 mail.scr.co.il.
  784. 20 mail2.scr.co.il.
  785.  
  786. [*] Scanning scr.co.il for A records
  787. 62.219.65.80 - scr.co.il
  788. 82.80.219.24 - scan.scr.co.il
  789. 82.166.61.33 - autodiscover.scr.co.il
  790. 91.228.126.107 - ftp.scr.co.il
  791. 82.166.61.34 - legacy.scr.co.il
  792. 82.166.61.33 - mail.scr.co.il
  793. 212.143.57.176 - mail2.scr.co.il
  794. 62.219.65.80 - www.scr.co.il
  795. #######################################################################################################################################
  796. Ip Address Status Type Domain Name Server
  797. ---------- ------ ---- ----------- ------
  798. 91.228.126.107 host ftp.scr.co.il
  799. 82.166.61.33 host mail.scr.co.il
  800. 212.143.57.176 host mail2.scr.co.il
  801. 82.166.61.35 200 host orders.scr.co.il
  802. 62.219.65.80 host www.scr.co.il
  803. #######################################################################################################################################
  804. [+] Testing domain
  805. www.scr.co.il 62.219.65.80
  806. [+] Dns resolving
  807. Domain name Ip address Name server
  808. scr.co.il 62.219.65.80 bzq-65-80.red.bezeqint.net
  809. Found 1 host(s) for scr.co.il
  810. [+] Testing wildcard
  811. Ok, no wildcard found.
  812.  
  813. [+] Scanning for subdomain on scr.co.il
  814. [!] Wordlist not specified. I scannig with my internal wordlist...
  815. Estimated time about 160.6 seconds
  816.  
  817. Subdomain Ip address Name server
  818.  
  819. mail.scr.co.il 82.166.61.33 mail.scr.co.il
  820. mail2.scr.co.il 212.143.57.176 scrdsl.bb.netvision.net.il
  821. orders.scr.co.il 82.166.61.35 82-166-61-35.barak-online.net
  822. www.scr.co.il 62.219.65.80 bzq-65-80.red.bezeqint.net
  823. #######################################################################################################################################
  824. dnsenum VERSION:1.2.4
  825.  
  826. ----- www.scr.co.il -----
  827.  
  828.  
  829. Host's addresses:
  830. __________________
  831.  
  832. www.scr.co.il. 299 IN A 62.219.65.80
  833.  
  834.  
  835. Name Servers:
  836. ______________
  837. #######################################################################################################################################
  838. ***************************************************************
  839. ******************** D I S A L L O W E D **********************
  840. ***************************************************************
  841.  
  842. The requested domain was marked as dissallowed, for the
  843. follwoing reason:
  844.  
  845. Not allowed due to technical reasons
  846.  
  847. For more information see ISOC-IL domains FAQ at
  848. https://www.isoc.org.il/domain-name-registry/faq
  849.  
  850. ***************************************************************
  851. #######################################################################################################################################
  852. ---------------------------------------------------------------------------------------------------------------------------------------
  853.  
  854. [1/25] /webhp?hl=en-CA
  855. [x] Error downloading /webhp?hl=en-CA
  856. [2/25] http://www.scr.co.il/HTHRTS_4_ENG_April16.pdf
  857. [x] Error in the parsing process
  858. [3/25] http://www.scr.co.il/images/Privacy_Policy_for_SCR_website.pdf
  859. [x] Error in the parsing process
  860. [4/25] http://www.scr.co.il/images/Privacy_Policy_for_SCR_website_13Mar019.pdf
  861. [x] Error in the parsing process
  862. [5/25] http://www.scr.co.il/images/HC24_2_A4_Eng_May14_low.pdf
  863. [x] Error in the parsing process
  864. [6/25] http://www.scr.co.il/images/Website_Terms__Conditions.pdf
  865. [x] Error in the parsing process
  866. [7/25] http://www.scr.co.il/images/PDF/Suc_ISR2_A4_Eng_Feb14_low.pdf
  867. [x] Error in the parsing process
  868. [8/25] http://www.scr.co.il/images/PDF/Suc_AUS4_A4_Eng_Feb17_low.pdf
  869. [x] Error in the parsing process
  870. [9/25] http://www.scr.co.il/images/PDF/Suc_US2_A4_Eng_Feb14_low.pdf
  871. [x] Error in the parsing process
  872. [10/25] http://www.scr.co.il/images/PDF/Suc_AUS4_A4_Eng_Nov17.pdf
  873. [x] Error in the parsing process
  874. [11/25] http://www.scr.co.il/images/PDF/Suc_US3_A4_Eng_Feb14_low.pdf
  875. [x] Error in the parsing process
  876. [12/25] http://www.scr.co.il/images/PDF/Suc_US4_A4_Eng_Feb14_low.pdf
  877. [x] Error in the parsing process
  878. [13/25] http://www.scr.co.il/images/PDF/Suc_Chi_A4_Eng_Feb14_low.pdf
  879. [x] Error in the parsing process
  880. [14/25] http://www.scr.co.il/images/PDF/Suc_ISR1_A4_Eng_Feb14_low.pdf
  881. [x] Error in the parsing process
  882. [15/25] http://www.scr.co.il/images/PDF/Suc_ISR4_A4_Eng_Feb14_low.pdf
  883. [x] Error in the parsing process
  884. [16/25] http://www.scr.co.il/images/PDF/Suc_ISR3_A4_Eng_Feb14_low.pdf
  885. [x] Error in the parsing process
  886. [17/25] http://www.scr.co.il/images/PDF/MC200_4_A4_Eng_Oct15_low.pdf
  887. [x] Error in the parsing process
  888. [18/25] http://www.scr.co.il/images/news/HW_Oct2509_Reprint.pdf
  889. [x] Error in the parsing process
  890. [19/25] http://www.scr.co.il/images/SC/Suc_NZ1_A4_Eng_June15.pdf
  891. [x] Error in the parsing process
  892. [20/25] http://www.scr.co.il/images/PDF/Suc_IRE1_A4_Eng_Nov14_low.pdf
  893. [x] Error in the parsing process
  894. [21/25] http://www.scr.co.il/images/PDF/HC24_2_A4_Eng_Sep16_low.pdf
  895. [x] Error in the parsing process
  896. [22/25] http://www.scr.co.il/images/PDF/DFII_8_A4_Eng_Oct16_low.pdf
  897. [x] Error in the parsing process
  898. [23/25] http://www.scr.co.il/images/PDF/Suc_US1_A4_Eng_Feb14_low.pdf
  899. [x] Error in the parsing process
  900. [24/25] http://www.scr.co.il/images/PDF/Pul_2_A4_Eng_Oct15_low.pdf
  901. [x] Error in the parsing process
  902. [25/25] http://www.scr.co.il/images/PDF/YS_4_A4_Eng_Sep18_low.pdf
  903. [x] Error in the parsing process
  904. ---------------------------------------------------------------------------------------------------------------------------------------
  905. #######################################################################################################################################
  906. ===============================================
  907. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  908. ===============================================
  909.  
  910.  
  911. Running Source: Ask
  912. Running Source: Archive.is
  913. Running Source: Baidu
  914. Running Source: Bing
  915. Running Source: CertDB
  916. Running Source: CertificateTransparency
  917. Running Source: Certspotter
  918. Running Source: Commoncrawl
  919. Running Source: Crt.sh
  920. Running Source: Dnsdb
  921. Running Source: DNSDumpster
  922. Running Source: DNSTable
  923. Running Source: Dogpile
  924. Running Source: Exalead
  925. Running Source: Findsubdomains
  926. Running Source: Googleter
  927. Running Source: Hackertarget
  928. Running Source: Ipv4Info
  929. Running Source: PTRArchive
  930. Running Source: Sitedossier
  931. Running Source: Threatcrowd
  932. Running Source: ThreatMiner
  933. Running Source: WaybackArchive
  934. Running Source: Yahoo
  935.  
  936. Running enumeration on www.scr.co.il
  937.  
  938. dnsdb: Unexpected return status 503
  939.  
  940. dogpile: Get https://www.dogpile.com/search/web?q=www.scr.co.il&qsi=1: EOF
  941.  
  942. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.www.scr.co.il/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
  943.  
  944.  
  945. Starting Bruteforcing of www.scr.co.il with 9985 words
  946.  
  947. Total 1 Unique subdomains found for www.scr.co.il
  948.  
  949. .www.scr.co.il
  950. #######################################################################################################################################
  951. [*] Processing domain www.scr.co.il
  952. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  953. [+] Getting nameservers
  954. [-] Getting nameservers failed
  955. [-] Zone transfer failed
  956.  
  957. [*] Scanning www.scr.co.il for A records
  958. 62.219.65.80 - www.scr.co.il
  959. #######################################################################################################################################
  960. [+] www.scr.co.il has no SPF record!
  961. [*] No DMARC record found. Looking for organizational record
  962. [+] No organizational DMARC record
  963. [+] Spoofing possible for www.scr.co.il!
  964. #######################################################################################################################################
  965. INFO[0000] Starting to process queue....
  966. INFO[0000] Starting to process permutations....
  967. INFO[0000] FORBIDDEN http://scr-reports.s3.amazonaws.com (http://scr.co.il)
  968. INFO[0000] FORBIDDEN http://scr-audit.s3.amazonaws.com (http://scr.co.il)
  969. INFO[0000] FORBIDDEN http://scr.s3.amazonaws.com (http://scr.co.il)
  970. #######################################################################################################################################
  971. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 16:50 EDT
  972. Nmap scan report for www.scr.co.il (62.219.65.80)
  973. Host is up (0.022s latency).
  974. rDNS record for 62.219.65.80: bzq-65-80.red.bezeqint.net
  975. Not shown: 472 filtered ports, 3 closed ports
  976. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  977. PORT STATE SERVICE
  978. 80/tcp open http
  979. #######################################################################################################################################
  980. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 16:50 EDT
  981. Nmap scan report for www.scr.co.il (62.219.65.80)
  982. Host is up (0.020s latency).
  983. rDNS record for 62.219.65.80: bzq-65-80.red.bezeqint.net
  984. Not shown: 2 filtered ports
  985. PORT STATE SERVICE
  986. 53/udp open|filtered domain
  987. 67/udp open|filtered dhcps
  988. 68/udp open|filtered dhcpc
  989. 69/udp open|filtered tftp
  990. 88/udp open|filtered kerberos-sec
  991. 123/udp open|filtered ntp
  992. 139/udp open|filtered netbios-ssn
  993. 161/udp open|filtered snmp
  994. 162/udp open|filtered snmptrap
  995. 389/udp open|filtered ldap
  996. 520/udp open|filtered route
  997. 2049/udp open|filtered nfs
  998. #######################################################################################################################################
  999. http://www.scr.co.il [200 OK] Cookies[81a3f7b150841a3f229a68b32f3fd55b], Country[ISRAEL][IL], Google-Analytics[UA-38401072-1], HTML5, HttpOnly[81a3f7b150841a3f229a68b32f3fd55b], IP[62.219.65.80], JQuery, maybe Joomla, Open-Graph-Protocol[website], PasswordField[password], Script[application/ld+json,text/JavaScript,text/javascript], Title[Dairy Cow Monitoring and Herd Management Solutions, Precision Dairy Farm Technology | SCR Dairy], UncommonHeaders[x-logged-in,x-content-powered-by,x-content-type-options], X-Frame-Options[SAMEORIGIN], X-XSS-Protection[1; mode=block]
  1000. #######################################################################################################################################
  1001. wig - WebApp Information Gatherer
  1002.  
  1003.  
  1004. Scanning http://www.scr.co.il...
  1005. _________________________________ SITE INFO _________________________________
  1006. IP Title
  1007. 62.219.65.80 Dairy Cow Monitoring and Herd Management Solutions, Precisio
  1008.  
  1009. __________________________________ VERSION __________________________________
  1010. Name Versions Type
  1011. Joomla! 3.6.3-rc1 CMS
  1012.  
  1013. ________________________________ INTERESTING ________________________________
  1014. URL Note Type
  1015. /robots.txt robots.txt index Interesting
  1016. /login.html Login Page Interesting
  1017. /login/ Login Page Interesting
  1018.  
  1019. ___________________________________ TOOLS ___________________________________
  1020. Name Link Software
  1021. CMSmap https://github.com/Dionach/CMSmap Joomla!
  1022. joomscan http://sourceforge.net/projects/joomscan/ Joomla!
  1023.  
  1024. _____________________________________________________________________________
  1025. Time: 1.1 sec Urls: 576 Fingerprints: 40401
  1026. #######################################################################################################################################
  1027. HTTP/1.1 200 OK
  1028. Date: Mon, 01 Apr 2019 20:49:08 GMT
  1029. X-Logged-In: False
  1030. X-Content-Powered-By: K2 v2.7.1 (by JoomlaWorks)
  1031. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  1032. Expires: Wed, 17 Aug 2005 00:00:00 GMT
  1033. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  1034. Pragma: no-cache
  1035. Set-Cookie: 81a3f7b150841a3f229a68b32f3fd55b=kcs638gpl49qh4d8i5epm5s6a6; path=/; HttpOnly
  1036. X-Frame-Options: SAMEORIGIN
  1037. Last-Modified: Mon, 01 Apr 2019 20:49:08 GMT
  1038. X-Content-Type-Options: nosniff
  1039. X-XSS-Protection: 1; mode=block
  1040. Cache-Control: no-transform
  1041. Content-Type: text/html; charset=utf-8
  1042. Connection: keep-alive
  1043.  
  1044. HTTP/1.1 200 OK
  1045. Date: Mon, 01 Apr 2019 20:49:09 GMT
  1046. X-Logged-In: False
  1047. X-Content-Powered-By: K2 v2.7.1 (by JoomlaWorks)
  1048. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  1049. Expires: Wed, 17 Aug 2005 00:00:00 GMT
  1050. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  1051. Pragma: no-cache
  1052. Set-Cookie: 81a3f7b150841a3f229a68b32f3fd55b=3mjmuogmmn0q2dtrcom5nkssl3; path=/; HttpOnly
  1053. X-Frame-Options: SAMEORIGIN
  1054. Last-Modified: Mon, 01 Apr 2019 20:49:09 GMT
  1055. X-Content-Type-Options: nosniff
  1056. X-XSS-Protection: 1; mode=block
  1057. Cache-Control: no-transform
  1058. Content-Type: text/html; charset=utf-8
  1059. Connection: keep-alive
  1060. #######################################################################################################################################
  1061. jQuery Migrate
  1062. Bootstrap
  1063. jQuery 1.7.2
  1064. X-Logged-In: False
  1065. X-Content-Powered-By: K2 v2.7.1 (by JoomlaWorks)
  1066. #######################################################################################################################################
  1067. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:16 EDT
  1068. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1069. Host is up (0.14s latency).
  1070. Not shown: 470 filtered ports, 3 closed ports
  1071. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  1072. PORT STATE SERVICE
  1073. 21/tcp open ftp
  1074. 80/tcp open http
  1075. 443/tcp open https
  1076. #######################################################################################################################################
  1077. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:16 EDT
  1078. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1079. Host is up (0.11s latency).
  1080. Not shown: 2 filtered ports
  1081. PORT STATE SERVICE
  1082. 53/udp open|filtered domain
  1083. 67/udp open|filtered dhcps
  1084. 68/udp open|filtered dhcpc
  1085. 69/udp open|filtered tftp
  1086. 88/udp open|filtered kerberos-sec
  1087. 123/udp open|filtered ntp
  1088. 139/udp open|filtered netbios-ssn
  1089. 161/udp open|filtered snmp
  1090. 162/udp open|filtered snmptrap
  1091. 389/udp open|filtered ldap
  1092. 520/udp open|filtered route
  1093. 2049/udp open|filtered nfs
  1094. #######################################################################################################################################
  1095. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:16 EDT
  1096. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1097. Host is up (0.17s latency).
  1098.  
  1099. PORT STATE SERVICE VERSION
  1100. 21/tcp open ftp Pure-FTPd
  1101. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1102. Device type: general purpose|firewall|storage-misc
  1103. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%)
  1104. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
  1105. Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), WatchGuard Fireware 11.8 (91%), Synology DiskStation Manager 5.1 (90%), Linux 3.10 (89%), Linux 3.1 - 3.2 (89%), Linux 2.6.39 (88%), Linux 3.4 (88%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
  1106. No exact OS matches for host (test conditions non-ideal).
  1107. Network Distance: 11 hops
  1108.  
  1109. TRACEROUTE (using port 21/tcp)
  1110. HOP RTT ADDRESS
  1111. 1 116.94 ms 10.253.200.1
  1112. 2 116.98 ms vlan25.agg1.fra4.de.m247.com (83.97.23.225)
  1113. 3 117.18 ms 212.103.51.49
  1114. 4 117.23 ms 37.120.128.253
  1115. 5 117.23 ms 37.120.128.253
  1116. 6 169.62 ms bzq-161-217.pop.bezeqint.net (212.179.161.217)
  1117. 7 168.68 ms bzq-219-189-213.dsl.bezeqint.net (62.219.189.213)
  1118. 8 214.67 ms bzq-218-77-74.red.bezeqint.net (81.218.77.74)
  1119. 9 161.28 ms bzq-219-189-213.dsl.bezeqint.net (62.219.189.213)
  1120. 10 161.94 ms bzq-219-189-186.cablep.bezeqint.net (62.219.189.186)
  1121. 11 166.30 ms bzq-65-80.red.bezeqint.net (62.219.65.80)
  1122. #######################################################################################################################################
  1123. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:28 EDT
  1124. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1125. Host is up.
  1126.  
  1127. PORT STATE SERVICE VERSION
  1128. 67/udp open|filtered dhcps
  1129. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  1130. Too many fingerprints match this host to give specific OS details
  1131.  
  1132. TRACEROUTE (using proto 1/icmp)
  1133. HOP RTT ADDRESS
  1134. 1 116.17 ms 10.253.200.1
  1135. 2 116.21 ms vlan25.agg1.fra4.de.m247.com (83.97.23.225)
  1136. 3 116.24 ms vlan299.bb2.fra1.de.m247.com (185.206.226.92)
  1137. 4 116.59 ms te-1-5-4-0.bb1.fra2.de.m247.com (193.27.65.198)
  1138. 5 116.57 ms 37.120.128.253
  1139. 6 117.20 ms pni-bezeqint-as8551.fra2.m247.com (176.10.82.83)
  1140. 7 164.02 ms bzq-179-161-217.pop.bezeqint.net (212.179.161.217)
  1141. 8 162.39 ms bzq-179-124-125.cust.bezeqint.net (212.179.124.125)
  1142. 9 164.05 ms bzq-219-189-1.cablep.bezeqint.net (62.219.189.1)
  1143. 10 161.31 ms bzq-219-189-186.dsl.bezeqint.net (62.219.189.186)
  1144. 11 162.65 ms bzq-218-77-74.red.bezeqint.net (81.218.77.74)
  1145. 12 ... 30
  1146. #######################################################################################################################################
  1147. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:30 EDT
  1148. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1149. Host is up.
  1150.  
  1151. PORT STATE SERVICE VERSION
  1152. 68/udp open|filtered dhcpc
  1153. Too many fingerprints match this host to give specific OS details
  1154.  
  1155. TRACEROUTE (using proto 1/icmp)
  1156. HOP RTT ADDRESS
  1157. 1 112.47 ms 10.253.200.1
  1158. 2 112.66 ms vlan25.agg1.fra4.de.m247.com (83.97.23.225)
  1159. 3 112.87 ms vlan299.bb2.fra1.de.m247.com (185.206.226.92)
  1160. 4 112.93 ms te-1-5-4-0.bb1.fra2.de.m247.com (193.27.65.198)
  1161. 5 112.92 ms 37.120.128.253
  1162. 6 113.55 ms pni-bezeqint-as8551.fra2.m247.com (176.10.82.83)
  1163. 7 165.69 ms bzq-179-161-217.pop.bezeqint.net (212.179.161.217)
  1164. 8 164.71 ms bzq-179-124-125.cust.bezeqint.net (212.179.124.125)
  1165. 9 165.74 ms bzq-219-189-1.cablep.bezeqint.net (62.219.189.1)
  1166. 10 163.44 ms bzq-219-189-186.cablep.bezeqint.net (62.219.189.186)
  1167. 11 161.04 ms bzq-218-77-74.red.bezeqint.net (81.218.77.74)
  1168. 12 ... 30
  1169. #######################################################################################################################################
  1170. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:32 EDT
  1171. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1172. Host is up.
  1173.  
  1174. PORT STATE SERVICE VERSION
  1175. 69/udp open|filtered tftp
  1176. Too many fingerprints match this host to give specific OS details
  1177.  
  1178. TRACEROUTE (using proto 1/icmp)
  1179. HOP RTT ADDRESS
  1180. 1 109.67 ms 10.253.200.1
  1181. 2 109.91 ms vlan25.agg1.fra4.de.m247.com (83.97.23.225)
  1182. 3 109.95 ms vlan299.bb2.fra1.de.m247.com (185.206.226.92)
  1183. 4 110.31 ms te-1-5-4-0.bb1.fra2.de.m247.com (193.27.65.198)
  1184. 5 109.97 ms 37.120.128.253
  1185. 6 110.93 ms pni-bezeqint-as8551.fra2.m247.com (176.10.82.83)
  1186. 7 162.83 ms bzq-179-161-217.pop.bezeqint.net (212.179.161.217)
  1187. 8 161.76 ms bzq-179-124-125.cust.bezeqint.net (212.179.124.125)
  1188. 9 162.89 ms bzq-219-189-1.cablep.bezeqint.net (62.219.189.1)
  1189. 10 160.65 ms bzq-219-189-186.dsl.bezeqint.net (62.219.189.186)
  1190. 11 190.35 ms bzq-218-77-74.red.bezeqint.net (81.218.77.74)
  1191. 12 ... 30
  1192. #######################################################################################################################################
  1193. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:42 EDT
  1194. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1195. Host is up.
  1196.  
  1197. PORT STATE SERVICE VERSION
  1198. 123/udp open|filtered ntp
  1199. Too many fingerprints match this host to give specific OS details
  1200.  
  1201. TRACEROUTE (using proto 1/icmp)
  1202. HOP RTT ADDRESS
  1203. 1 115.50 ms 10.253.200.1
  1204. 2 115.54 ms vlan25.agg1.fra4.de.m247.com (83.97.23.225)
  1205. 3 115.57 ms vlan299.bb2.fra1.de.m247.com (185.206.226.92)
  1206. 4 116.57 ms te-1-5-4-0.bb1.fra2.de.m247.com (193.27.65.198)
  1207. 5 115.95 ms 37.120.128.253
  1208. 6 116.55 ms pni-bezeqint-as8551.fra2.m247.com (176.10.82.83)
  1209. 7 168.65 ms bzq-179-161-217.pop.bezeqint.net (212.179.161.217)
  1210. 8 167.58 ms bzq-179-124-125.cust.bezeqint.net (212.179.124.125)
  1211. 9 168.63 ms bzq-219-189-1.dsl.bezeqint.net (62.219.189.1)
  1212. 10 167.46 ms bzq-219-189-186.dsl.bezeqint.net (62.219.189.186)
  1213. 11 160.40 ms bzq-218-77-74.red.bezeqint.net (81.218.77.74)
  1214. 12 ... 30
  1215. #######################################################################################################################################
  1216. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:44 EDT
  1217. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1218. Host is up (0.11s latency).
  1219.  
  1220. PORT STATE SERVICE VERSION
  1221. 161/tcp filtered snmp
  1222. 161/udp open|filtered snmp
  1223. Too many fingerprints match this host to give specific OS details
  1224.  
  1225. TRACEROUTE (using proto 1/icmp)
  1226. HOP RTT ADDRESS
  1227. 1 113.37 ms 10.253.200.1
  1228. 2 113.41 ms vlan25.agg1.fra4.de.m247.com (83.97.23.225)
  1229. 3 113.72 ms vlan299.bb2.fra1.de.m247.com (185.206.226.92)
  1230. 4 114.15 ms te-1-5-4-0.bb1.fra2.de.m247.com (193.27.65.198)
  1231. 5 113.77 ms 37.120.128.253
  1232. 6 114.21 ms pni-bezeqint-as8551.fra2.m247.com (176.10.82.83)
  1233. 7 166.84 ms bzq-179-161-217.pop.bezeqint.net (212.179.161.217)
  1234. 8 165.44 ms bzq-179-124-125.cust.bezeqint.net (212.179.124.125)
  1235. 9 166.44 ms bzq-219-189-1.cablep.bezeqint.net (62.219.189.1)
  1236. 10 164.10 ms bzq-219-189-186.cablep.bezeqint.net (62.219.189.186)
  1237. 11 161.44 ms bzq-218-77-74.red.bezeqint.net (81.218.77.74)
  1238. 12 ... 30
  1239. #######################################################################################################################################
  1240. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 17:56 EDT
  1241. NSE: Loaded 148 scripts for scanning.
  1242. NSE: Script Pre-scanning.
  1243. NSE: Starting runlevel 1 (of 2) scan.
  1244. Initiating NSE at 17:56
  1245. Completed NSE at 17:56, 0.00s elapsed
  1246. NSE: Starting runlevel 2 (of 2) scan.
  1247. Initiating NSE at 17:56
  1248. Completed NSE at 17:56, 0.00s elapsed
  1249. Initiating Ping Scan at 17:56
  1250. Scanning 62.219.65.80 [4 ports]
  1251. Completed Ping Scan at 17:56, 0.16s elapsed (1 total hosts)
  1252. Initiating Parallel DNS resolution of 1 host. at 17:56
  1253. Completed Parallel DNS resolution of 1 host. at 17:56, 0.02s elapsed
  1254. Initiating Connect Scan at 17:56
  1255. Scanning bzq-65-80.red.bezeqint.net (62.219.65.80) [65535 ports]
  1256. Discovered open port 80/tcp on 62.219.65.80
  1257. Connect Scan Timing: About 16.66% done; ETC: 17:59 (0:02:35 remaining)
  1258. Connect Scan Timing: About 45.67% done; ETC: 17:58 (0:01:13 remaining)
  1259. Completed Connect Scan at 17:57, 103.85s elapsed (65535 total ports)
  1260. Initiating Service scan at 17:57
  1261. Scanning 1 service on bzq-65-80.red.bezeqint.net (62.219.65.80)
  1262. Completed Service scan at 17:58, 52.51s elapsed (1 service on 1 host)
  1263. Initiating OS detection (try #1) against bzq-65-80.red.bezeqint.net (62.219.65.80)
  1264. Retrying OS detection (try #2) against bzq-65-80.red.bezeqint.net (62.219.65.80)
  1265. Initiating Traceroute at 17:58
  1266. Completed Traceroute at 17:58, 6.18s elapsed
  1267. Initiating Parallel DNS resolution of 11 hosts. at 17:58
  1268. Completed Parallel DNS resolution of 11 hosts. at 17:58, 2.53s elapsed
  1269. NSE: Script scanning 62.219.65.80.
  1270. NSE: Starting runlevel 1 (of 2) scan.
  1271. Initiating NSE at 17:58
  1272. NSE Timing: About 95.14% done; ETC: 17:59 (0:00:02 remaining)
  1273. NSE Timing: About 99.31% done; ETC: 17:59 (0:00:00 remaining)
  1274. Completed NSE at 18:00, 73.97s elapsed
  1275. NSE: Starting runlevel 2 (of 2) scan.
  1276. Initiating NSE at 18:00
  1277. Completed NSE at 18:00, 0.00s elapsed
  1278. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1279. Host is up, received reset ttl 64 (0.11s latency).
  1280. Scanned at 2019-04-01 17:56:04 EDT for 244s
  1281. Not shown: 65531 filtered ports
  1282. Reason: 65531 no-responses
  1283. PORT STATE SERVICE REASON VERSION
  1284. 25/tcp closed smtp conn-refused
  1285. 80/tcp open http-proxy syn-ack Squid http proxy
  1286. 139/tcp closed netbios-ssn conn-refused
  1287. 445/tcp closed microsoft-ds conn-refused
  1288. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  1289. Aggressive OS guesses: Linux 3.18 (93%), Linux 3.16 - 4.6 (93%), Linux 3.10 - 4.11 (91%), Linux 3.13 (91%), Linux 3.13 or 4.2 (91%), Linux 4.2 (91%), Linux 4.4 (91%), HP P2000 G3 NAS device (90%), Linux 3.2 - 4.9 (90%), Linux 2.6.32 (89%)
  1290. No exact OS matches for host (test conditions non-ideal).
  1291. TCP/IP fingerprint:
  1292. SCAN(V=7.70%E=4%D=4/1%OT=80%CT=25%CU=%PV=N%G=N%TM=5CA289E8%P=x86_64-pc-linux-gnu)
  1293. SEQ(SP=FF%GCD=1%ISR=10A%TI=Z%CI=Z%TS=8)
  1294. OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
  1295. WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
  1296. ECN(R=Y%DF=Y%TG=40%W=7210%O=M44FNNSNW7%CC=Y%Q=)
  1297. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
  1298. T2(R=N)
  1299. T3(R=N)
  1300. T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1301. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
  1302. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1303. T7(R=N)
  1304. U1(R=N)
  1305. IE(R=N)
  1306.  
  1307. Uptime guess: 124.425 days (since Wed Nov 28 06:48:39 2018)
  1308. TCP Sequence Prediction: Difficulty=255 (Good luck!)
  1309. IP ID Sequence Generation: All zeros
  1310.  
  1311. TRACEROUTE (using proto 1/icmp)
  1312. HOP RTT ADDRESS
  1313. 1 110.51 ms 10.253.200.1
  1314. 2 110.57 ms vlan25.agg1.fra4.de.m247.com (83.97.23.225)
  1315. 3 110.92 ms vlan299.bb2.fra1.de.m247.com (185.206.226.92)
  1316. 4 111.81 ms te-1-5-4-0.bb1.fra2.de.m247.com (193.27.65.198)
  1317. 5 110.98 ms 37.120.128.253
  1318. 6 111.78 ms pni-bezeqint-as8551.fra2.m247.com (176.10.82.83)
  1319. 7 163.66 ms bzq-161-217.pop.bezeqint.net (212.179.161.217)
  1320. 8 162.60 ms bzq-179-124-125.cust.bezeqint.net (212.179.124.125)
  1321. 9 163.63 ms bzq-219-189-1.cablep.bezeqint.net (62.219.189.1)
  1322. 10 161.24 ms bzq-219-189-186.dsl.bezeqint.net (62.219.189.186)
  1323. 11 162.18 ms bzq-218-77-74.red.bezeqint.net (81.218.77.74)
  1324. 12 ... 30
  1325.  
  1326. NSE: Script Post-scanning.
  1327. NSE: Starting runlevel 1 (of 2) scan.
  1328. Initiating NSE at 18:00
  1329. Completed NSE at 18:00, 0.00s elapsed
  1330. NSE: Starting runlevel 2 (of 2) scan.
  1331. Initiating NSE at 18:00
  1332. Completed NSE at 18:00, 0.00s elapsed
  1333. Read data files from: /usr/bin/../share/nmap
  1334. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1335. Nmap done: 1 IP address (1 host up) scanned in 243.95 seconds
  1336. Raw packets sent: 140 (9.896KB) | Rcvd: 72 (5.058KB)
  1337. #######################################################################################################################################
  1338. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 18:00 EDT
  1339. NSE: Loaded 148 scripts for scanning.
  1340. NSE: Script Pre-scanning.
  1341. Initiating NSE at 18:00
  1342. Completed NSE at 18:00, 0.00s elapsed
  1343. Initiating NSE at 18:00
  1344. Completed NSE at 18:00, 0.00s elapsed
  1345. Initiating Parallel DNS resolution of 1 host. at 18:00
  1346. Completed Parallel DNS resolution of 1 host. at 18:00, 0.03s elapsed
  1347. Initiating UDP Scan at 18:00
  1348. Scanning bzq-65-80.red.bezeqint.net (62.219.65.80) [14 ports]
  1349. Completed UDP Scan at 18:00, 2.04s elapsed (14 total ports)
  1350. Initiating Service scan at 18:00
  1351. Scanning 12 services on bzq-65-80.red.bezeqint.net (62.219.65.80)
  1352. Service scan Timing: About 8.33% done; ETC: 18:19 (0:17:58 remaining)
  1353. Completed Service scan at 18:01, 102.60s elapsed (12 services on 1 host)
  1354. Initiating OS detection (try #1) against bzq-65-80.red.bezeqint.net (62.219.65.80)
  1355. Retrying OS detection (try #2) against bzq-65-80.red.bezeqint.net (62.219.65.80)
  1356. Initiating Traceroute at 18:01
  1357. Completed Traceroute at 18:02, 7.13s elapsed
  1358. Initiating Parallel DNS resolution of 1 host. at 18:02
  1359. Completed Parallel DNS resolution of 1 host. at 18:02, 0.01s elapsed
  1360. NSE: Script scanning 62.219.65.80.
  1361. Initiating NSE at 18:02
  1362. Completed NSE at 18:02, 20.36s elapsed
  1363. Initiating NSE at 18:02
  1364. Completed NSE at 18:02, 1.02s elapsed
  1365. Nmap scan report for bzq-65-80.red.bezeqint.net (62.219.65.80)
  1366. Host is up (0.11s latency).
  1367.  
  1368. PORT STATE SERVICE VERSION
  1369. 53/udp open|filtered domain
  1370. 67/udp open|filtered dhcps
  1371. 68/udp open|filtered dhcpc
  1372. 69/udp open|filtered tftp
  1373. 88/udp open|filtered kerberos-sec
  1374. 123/udp open|filtered ntp
  1375. 137/udp filtered netbios-ns
  1376. 138/udp filtered netbios-dgm
  1377. 139/udp open|filtered netbios-ssn
  1378. 161/udp open|filtered snmp
  1379. 162/udp open|filtered snmptrap
  1380. 389/udp open|filtered ldap
  1381. 520/udp open|filtered route
  1382. 2049/udp open|filtered nfs
  1383. Too many fingerprints match this host to give specific OS details
  1384.  
  1385. TRACEROUTE (using port 137/udp)
  1386. HOP RTT ADDRESS
  1387. 1 111.80 ms 10.253.200.1
  1388. 2 ... 3
  1389. 4 110.97 ms 10.253.200.1
  1390. 5 116.36 ms 10.253.200.1
  1391. 6 110.49 ms 10.253.200.1
  1392. 7 110.49 ms 10.253.200.1
  1393. 8 110.49 ms 10.253.200.1
  1394. 9 110.48 ms 10.253.200.1
  1395. 10 110.51 ms 10.253.200.1
  1396. 11 ... 18
  1397. 19 117.05 ms 10.253.200.1
  1398. 20 111.22 ms 10.253.200.1
  1399. 21 ... 27
  1400. 28 110.63 ms 10.253.200.1
  1401. 29 ...
  1402. 30 109.42 ms 10.253.200.1
  1403.  
  1404. NSE: Script Post-scanning.
  1405. Initiating NSE at 18:02
  1406. Completed NSE at 18:02, 0.00s elapsed
  1407. Initiating NSE at 18:02
  1408. Completed NSE at 18:02, 0.00s elapsed
  1409. Read data files from: /usr/bin/../share/nmap
  1410. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1411. Nmap done: 1 IP address (1 host up) scanned in 138.09 seconds
  1412. Raw packets sent: 147 (13.614KB) | Rcvd: 67 (5.639KB)
  1413. #######################################################################################################################################
  1414. Processing http://www.scr.co.il/ ...
  1415.  
  1416.  
  1417.  
  1418. [+] FireWall Detector
  1419. [++] Firewall not detected
  1420.  
  1421. [+] Detecting Joomla Version
  1422. [++] Joomla 2.5
  1423.  
  1424. [+] Core Joomla Vulnerability
  1425. [++] Joomla! 'redirect.php' SQL Injection Vulnerability
  1426. EDB : https://www.exploit-db.com/exploits/36913/
  1427.  
  1428. Joomla! 2.5.0 < 2.5.1 - Time Based SQL Injection
  1429. EDB : https://www.exploit-db.com/exploits/18618/
  1430.  
  1431. Joomla! 'highlight.php' PHP Object Injection
  1432. CVE : CVE-2013-1453
  1433. EDB : https://www.exploit-db.com/exploits/24551/
  1434.  
  1435. Joomla! 'remember.php' PHP Object Injection
  1436. CVE : CVE-2013-3242
  1437. EDB : https://www.exploit-db.com/exploits/25087/
  1438.  
  1439. Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
  1440. CVE : CVE-2015-8562
  1441. EDB : https://www.exploit-db.com/exploits/38977/
  1442.  
  1443. Joomla! 1.0 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution
  1444. CVE : CVE-2015-8562 , CVE-2015-8566
  1445. EDB : https://www.exploit-db.com/exploits/39033/
  1446.  
  1447. Joomla! Core Remote Privilege Escalation Vulnerability
  1448. CVE : CVE-2016-9838
  1449. EDB : https://www.exploit-db.com/exploits/41157/
  1450.  
  1451. Joomla! 1.6/1.7/2.5 privilege escalation vulnerability
  1452. CVE : CVE-2012-1563
  1453. EDB : https://www.exploit-db.com/exploits/41156/
  1454.  
  1455. Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution
  1456. CVE : CVE-2014-7228
  1457. EDB : https://www.exploit-db.com/exploits/35033/
  1458.  
  1459. Joomla! 'media.php' Arbitrary File Upload Vulnerability
  1460. CVE : CVE-2013-5576
  1461. EDB : https://www.exploit-db.com/exploits/27610/
  1462.  
  1463. Joomla! Clickjacking Security Bypass Vulnerability
  1464. CVE : CVE-2012-5827
  1465. https://developer.joomla.org/security/news/543-20121101-core-clickjacking.html
  1466. https://developer.joomla.org/security/news/544-20121102-core-clickjacking.html
  1467.  
  1468. Joomla! Highlighter Plugin Unspecified Cross-Site Scripting Vulnerability
  1469. CVE : CVE-2013-3267
  1470. https://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html
  1471.  
  1472. Joomla! Security Bypass Vulnerability
  1473. CVE : CVE-2013-3056
  1474. http://www.securityfocus.com/bid/59490/info
  1475.  
  1476. Joomla! Information Disclosure Vulnerability
  1477. CVE : CVE-2013-3057
  1478. http://www.securityfocus.com/bid/59489
  1479. http://developer.joomla.org/security/82-20130402-core-information-disclosure.html
  1480.  
  1481. Joomla! Unspecified Cross-Site Scripting Vulnerability
  1482. CVE : CVE-2013-3058
  1483. http://www.securityfocus.com/bid/59483
  1484. http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html
  1485.  
  1486. Joomla! Unspecified Cross-Site Scripting Vulnerability
  1487. CVE : CVE-2013-3059
  1488. https://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html
  1489.  
  1490. Joomla! Core Authentication Bypass Vulnerability
  1491. CVE :CVE-2014-6632
  1492. http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html
  1493.  
  1494. Joomla! Core Remote Denial of Service Vulnerability
  1495. CVE : CVE-2014-7229
  1496. https://developer.joomla.org/security/596-20140904-core-denial-of-service.html
  1497.  
  1498. PHPMailer Remote Code Execution Vulnerability
  1499. CVE : CVE-2016-10033
  1500. https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
  1501. https://github.com/opsxcq/exploit-CVE-2016-10033
  1502. EDB : https://www.exploit-db.com/exploits/40969/
  1503.  
  1504. PPHPMailer Incomplete Fix Remote Code Execution Vulnerability
  1505. CVE : CVE-2016-10045
  1506. https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
  1507. EDB : https://www.exploit-db.com/exploits/40969/
  1508.  
  1509.  
  1510.  
  1511. [+] Checking apache info/status files
  1512. [++] Readable info/status files are not found
  1513.  
  1514. [+] admin finder
  1515. [++] Admin page : http://www.scr.co.il/administrator/
  1516.  
  1517. [+] Checking robots.txt existing
  1518. [++] robots.txt is found
  1519. path : http://www.scr.co.il/robots.txt
  1520.  
  1521. Interesting path found from robots.txt
  1522. http://www.scr.co.il/joomla/administrator/
  1523. http://www.scr.co.il/administrator/
  1524. http://www.scr.co.il/cli/
  1525. http://www.scr.co.il/includes/
  1526. http://www.scr.co.il/installation/
  1527. http://www.scr.co.il/language/
  1528. http://www.scr.co.il/libraries/
  1529. http://www.scr.co.il/logs/
  1530. http://www.scr.co.il/tmp/
  1531. http://www.scr.co.il/de/
  1532. http://www.scr.co.il/cn/
  1533. http://www.scr.co.il/es/
  1534. http://www.scr.co.il/fr/
  1535. http://www.scr.co.il/ru/
  1536. http://www.scr.co.il/tr/
  1537.  
  1538.  
  1539. [+] Finding common backup files name
  1540. [++] Backup files are not found
  1541.  
  1542. [+] Finding common log files name
  1543. [++] error log is not found
  1544.  
  1545. [+] Checking sensitive config.php.x file
  1546. [++] Readable config files are not found
  1547. #######################################################################################################################################
  1548. Anonymous JTSEC #OpIsraël Full Recon #16
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!