JTSEC1333

Anonymous JTSEC #OpSudan Full Recon #18

Feb 21st, 2019
580
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Nom de l'hôte hssb.gov.sd FAI DataBank Holdings, Ltd.
  4. Continent Amérique du Nord Drapeau
  5. CA
  6. Pays Canada Code du pays CA
  7. Région Inconnu Heure locale 21 Feb 2019 16:15 EST
  8. Ville Inconnu Code Postal Inconnu
  9. Adresse IP 208.77.159.5 Latitude 43.632
  10. Longitude -79.372
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > hssb.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: hssb.gov.sd
  19. Address: 208.77.159.5
  20. >
  21. #######################################################################################################################################
  22.  
  23. HostIP:208.77.159.5
  24. HostName:hssb.gov.sd
  25.  
  26. Gathered Inet-whois information for 208.77.159.5
  27. ---------------------------------------------------------------------------------------------------------------------------------------
  28.  
  29.  
  30. inetnum: 207.229.128.0 - 208.82.71.255
  31. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  32. descr: IPv4 address block not managed by the RIPE NCC
  33. remarks: ------------------------------------------------------
  34. remarks:
  35. remarks: For registration information,
  36. remarks: you can consult the following sources:
  37. remarks:
  38. remarks: IANA
  39. remarks: http://www.iana.org/assignments/ipv4-address-space
  40. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  41. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  42. remarks:
  43. remarks: AFRINIC (Africa)
  44. remarks: http://www.afrinic.net/ whois.afrinic.net
  45. remarks:
  46. remarks: APNIC (Asia Pacific)
  47. remarks: http://www.apnic.net/ whois.apnic.net
  48. remarks:
  49. remarks: ARIN (Northern America)
  50. remarks: http://www.arin.net/ whois.arin.net
  51. remarks:
  52. remarks: LACNIC (Latin America and the Carribean)
  53. remarks: http://www.lacnic.net/ whois.lacnic.net
  54. remarks:
  55. remarks: ------------------------------------------------------
  56. country: EU # Country is really world wide
  57. admin-c: IANA1-RIPE
  58. tech-c: IANA1-RIPE
  59. status: ALLOCATED UNSPECIFIED
  60. mnt-by: RIPE-NCC-HM-MNT
  61. created: 2019-01-07T10:50:16Z
  62. last-modified: 2019-01-07T10:50:16Z
  63. source: RIPE
  64.  
  65. role: Internet Assigned Numbers Authority
  66. address: see http://www.iana.org.
  67. admin-c: IANA1-RIPE
  68. tech-c: IANA1-RIPE
  69. nic-hdl: IANA1-RIPE
  70. remarks: For more information on IANA services
  71. remarks: go to IANA web site at http://www.iana.org.
  72. mnt-by: RIPE-NCC-MNT
  73. created: 1970-01-01T00:00:00Z
  74. last-modified: 2001-09-22T09:31:27Z
  75. source: RIPE # Filtered
  76.  
  77. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
  78.  
  79.  
  80.  
  81. Gathered Inic-whois information for hssb.gov.sd
  82. ---------------------------------------------------------------------------------------------------------------------------------------
  83. Error: Unable to connect - Invalid Host
  84. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  85. close error
  86.  
  87. Gathered Netcraft information for hssb.gov.sd
  88. ---------------------------------------------------------------------------------------------------------------------------------------
  89.  
  90. Retrieving Netcraft.com information for hssb.gov.sd
  91. Netcraft.com Information gathered
  92.  
  93. Gathered Subdomain information for hssb.gov.sd
  94. ---------------------------------------------------------------------------------------------------------------------------------------
  95. Searching Google.com:80...
  96. HostName:www.hssb.gov.sd
  97. HostIP:208.77.159.5
  98. Searching Altavista.com:80...
  99. Found 1 possible subdomain(s) for host hssb.gov.sd, Searched 0 pages containing 0 results
  100.  
  101. Gathered E-Mail information for hssb.gov.sd
  102. ---------------------------------------------------------------------------------------------------------------------------------------
  103. Searching Google.com:80...
  104. Searching Altavista.com:80...
  105. Found 0 E-Mail(s) for host hssb.gov.sd, Searched 0 pages containing 0 results
  106.  
  107. Gathered TCP Port information for 208.77.159.5
  108. ---------------------------------------------------------------------------------------------------------------------------------------
  109.  
  110. Port State
  111.  
  112. 21/tcp open
  113. 80/tcp open
  114.  
  115. Portscan Finished: Scanned 150 ports, 6 ports were in state closed
  116. #######################################################################################################################################
  117. [i] Scanning Site: http://hssb.gov.sd
  118.  
  119.  
  120.  
  121. B A S I C I N F O
  122. =======================================================================================================================================
  123.  
  124.  
  125. [+] Site Title: الهيئه العليا للرقابه الشرعيه
  126. [+] IP address: 208.77.159.5
  127. [+] Web Server: Could Not Detect
  128. [+] CMS: Drupal
  129. [+] Cloudflare: Not Detected
  130. [+] Robots File: Found
  131.  
  132. -------------[ contents ]----------------
  133. #
  134. # robots.txt
  135. #
  136. # This file is to prevent the crawling and indexing of certain parts
  137. # of your site by web crawlers and spiders run by sites like Yahoo!
  138. # and Google. By telling these "robots" where not to go on your site,
  139. # you save bandwidth and server resources.
  140. #
  141. # This file will be ignored unless it is at the root of your host:
  142. # Used: http://example.com/robots.txt
  143. # Ignored: http://example.com/site/robots.txt
  144. #
  145. # For more information about the robots.txt standard, see:
  146. # http://www.robotstxt.org/robotstxt.html
  147.  
  148. User-agent: *
  149. Crawl-delay: 10
  150. # CSS, JS, Images
  151. Allow: /misc/*.css$
  152. Allow: /misc/*.css?
  153. Allow: /misc/*.js$
  154. Allow: /misc/*.js?
  155. Allow: /misc/*.gif
  156. Allow: /misc/*.jpg
  157. Allow: /misc/*.jpeg
  158. Allow: /misc/*.png
  159. Allow: /modules/*.css$
  160. Allow: /modules/*.css?
  161. Allow: /modules/*.js$
  162. Allow: /modules/*.js?
  163. Allow: /modules/*.gif
  164. Allow: /modules/*.jpg
  165. Allow: /modules/*.jpeg
  166. Allow: /modules/*.png
  167. Allow: /profiles/*.css$
  168. Allow: /profiles/*.css?
  169. Allow: /profiles/*.js$
  170. Allow: /profiles/*.js?
  171. Allow: /profiles/*.gif
  172. Allow: /profiles/*.jpg
  173. Allow: /profiles/*.jpeg
  174. Allow: /profiles/*.png
  175. Allow: /themes/*.css$
  176. Allow: /themes/*.css?
  177. Allow: /themes/*.js$
  178. Allow: /themes/*.js?
  179. Allow: /themes/*.gif
  180. Allow: /themes/*.jpg
  181. Allow: /themes/*.jpeg
  182. Allow: /themes/*.png
  183. # Directories
  184. Disallow: /includes/
  185. Disallow: /misc/
  186. Disallow: /modules/
  187. Disallow: /profiles/
  188. Disallow: /scripts/
  189. Disallow: /themes/
  190. # Files
  191. Disallow: /CHANGELOG.txt
  192. Disallow: /cron.php
  193. Disallow: /INSTALL.mysql.txt
  194. Disallow: /INSTALL.pgsql.txt
  195. Disallow: /INSTALL.sqlite.txt
  196. Disallow: /install.php
  197. Disallow: /INSTALL.txt
  198. Disallow: /LICENSE.txt
  199. Disallow: /MAINTAINERS.txt
  200. Disallow: /update.php
  201. Disallow: /UPGRADE.txt
  202. Disallow: /xmlrpc.php
  203. # Paths (clean URLs)
  204. Disallow: /admin/
  205. Disallow: /comment/reply/
  206. Disallow: /filter/tips/
  207. Disallow: /node/add/
  208. Disallow: /search/
  209. Disallow: /user/register/
  210. Disallow: /user/password/
  211. Disallow: /user/login/
  212. Disallow: /user/logout/
  213. # Paths (no clean URLs)
  214. Disallow: /?q=admin/
  215. Disallow: /?q=comment/reply/
  216. Disallow: /?q=filter/tips/
  217. Disallow: /?q=node/add/
  218. Disallow: /?q=search/
  219. Disallow: /?q=user/password/
  220. Disallow: /?q=user/register/
  221. Disallow: /?q=user/login/
  222. Disallow: /?q=user/logout/
  223.  
  224. -----------[end of contents]-------------
  225.  
  226.  
  227.  
  228.  
  229.  
  230. G E O I P L O O K U P
  231. =======================================================================================================================================
  232.  
  233. [i] IP Address: 208.77.159.5
  234. [i] Country: Canada
  235. [i] State:
  236. [i] City:
  237. [i] Latitude: 43.6319
  238. [i] Longitude: -79.3716
  239.  
  240.  
  241.  
  242.  
  243. H T T P H E A D E R S
  244. =======================================================================================================================================
  245.  
  246.  
  247. [i] HTTP/1.1 200 OK
  248. [i] Date: Thu, 21 Feb 2019 22:08:15 GMT
  249. [i] Expires: Sun, 19 Nov 1978 05:00:00 GMT
  250. [i] Cache-Control: no-cache, must-revalidate
  251. [i] X-Content-Type-Options: nosniff
  252. [i] Content-Language: ar
  253. [i] X-Frame-Options: SAMEORIGIN
  254. [i] X-Generator: Drupal 7 (http://drupal.org)
  255. [i] Content-Type: text/html; charset=utf-8
  256. [i] Connection: close
  257.  
  258.  
  259.  
  260.  
  261. D N S L O O K U P
  262. =======================================================================================================================================
  263.  
  264. hssb.gov.sd. 21599 IN SOA ns4.dot.jo. hkhayyat.dot.jo. 2016072105 10800 3600 604800 86400
  265. hssb.gov.sd. 21599 IN NS ns3.dot.jo.
  266. hssb.gov.sd. 21599 IN NS ns4.dot.jo.
  267. hssb.gov.sd. 21599 IN A 208.77.159.5
  268. hssb.gov.sd. 21599 IN MX 10 mail10.dot.jo.
  269. hssb.gov.sd. 21599 IN TXT "v=spf1 include:smtp.cologlobal.com a mx ip4:208.77.156.6/23 -all"
  270.  
  271.  
  272.  
  273.  
  274. S U B N E T C A L C U L A T I O N
  275. =======================================================================================================================================
  276.  
  277. Address = 208.77.159.5
  278. Network = 208.77.159.5 / 32
  279. Netmask = 255.255.255.255
  280. Broadcast = not needed on Point-to-Point links
  281. Wildcard Mask = 0.0.0.0
  282. Hosts Bits = 0
  283. Max. Hosts = 1 (2^0 - 0)
  284. Host Range = { 208.77.159.5 - 208.77.159.5 }
  285.  
  286.  
  287.  
  288. N M A P P O R T S C A N
  289. =======================================================================================================================================
  290.  
  291.  
  292. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-21 22:08 UTC
  293. Nmap scan report for hssb.gov.sd (208.77.159.5)
  294. Host is up (0.037s latency).
  295. rDNS record for 208.77.159.5: web28.hspheredns.com
  296. PORT STATE SERVICE
  297. 21/tcp open ftp
  298. 22/tcp filtered ssh
  299. 23/tcp filtered telnet
  300. 80/tcp open http
  301. 110/tcp closed pop3
  302. 143/tcp closed imap
  303. 443/tcp open https
  304. 3389/tcp filtered ms-wbt-server
  305.  
  306. Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
  307. #######################################################################################################################################
  308. [?] Enter the target: example( http://domain.com )
  309. http://hssb.gov.sd/
  310. [!] IP Address : 208.77.159.5
  311. [!] hssb.gov.sd doesn't seem to use a CMS
  312. [+] Honeypot Probabilty: 0%
  313. ---------------------------------------------------------------------------------------------------------------------------------------
  314. [~] Trying to gather whois information for hssb.gov.sd
  315. [+] Whois information found
  316. [-] Unable to build response, visit https://who.is/whois/hssb.gov.sd
  317. ---------------------------------------------------------------------------------------------------------------------------------------
  318. PORT STATE SERVICE
  319. 21/tcp open ftp
  320. 22/tcp filtered ssh
  321. 23/tcp filtered telnet
  322. 80/tcp open http
  323. 110/tcp closed pop3
  324. 143/tcp closed imap
  325. 443/tcp open https
  326. 3389/tcp filtered ms-wbt-server
  327. Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
  328. ---------------------------------------------------------------------------------------------------------------------------------------
  329.  
  330. [+] DNS Records
  331. ns4.dot.jo. (96.125.181.251) AS13767 DataBank Holdings, Ltd. Canada
  332. ns3.dot.jo. (96.125.184.251) AS13768 Peer 1 Network (USA) Inc. Canada
  333.  
  334. [+] MX Records
  335. 10 (208.77.156.5) AS13767 DataBank Holdings, Ltd. Canada
  336.  
  337. [+] Host Records (A)
  338. hssb.gov.sdHTTP: (web28.hspheredns.com) (208.77.159.5) AS13767 DataBank Holdings, Ltd. Canada
  339.  
  340. [+] TXT Records
  341. "v=spf1 include:smtp.cologlobal.com a mx ip4:208.77.156.6/23 -all"
  342.  
  343. [+] DNS Map: https://dnsdumpster.com/static/map/hssb.gov.sd.png
  344.  
  345. [>] Initiating 3 intel modules
  346. [>] Loading Alpha module (1/3)
  347. [>] Beta module deployed (2/3)
  348. [>] Gamma module initiated (3/3)
  349.  
  350.  
  351. [+] Emails found:
  352. ---------------------------------------------------------------------------------------------------------------------------------------
  353. pixel-1550786902424036-web-@hssb.gov.sd
  354.  
  355. [+] Hosts found in search engines:
  356. ---------------------------------------------------------------------------------------------------------------------------------------
  357. [-] Resolving hostnames IPs...
  358. 208.77.159.5:www.hssb.gov.sd
  359. [+] Virtual hosts:
  360. ---------------------------------------------------------------------------------------------------------------------------------------
  361. #######################################################################################################################################
  362. Enter Address Website = hssb.gov.sd
  363.  
  364. Reversing IP With HackTarget 'hssb.gov.sd'
  365. ---------------------------------------------------------------------------------------------------------------------------------------
  366.  
  367. [+] 12oaks.net
  368. [+] 253.alcos.com
  369. [+] 2x4pros.com
  370. [+] 4kpaintingdrywall.com
  371. [+] 7star-intl.com
  372. [+] accesstocompletion.com
  373. [+] accountingbyart.com
  374. [+] adamallen.com
  375. [+] admin.blogbuilders.biz
  376. [+] admin.compumedia-ltd.com
  377. [+] admin.novacarthosting.com
  378. [+] ageathomecare.com
  379. [+] aidanrozelle.com
  380. [+] aikidobc.com
  381. [+] akio.evolve.net
  382. [+] alcos.com
  383. [+] alexrozelle.com
  384. [+] alnabil.com
  385. [+] alotoffunevents.com
  386. [+] anccanada.com
  387. [+] anikadenise.net
  388. [+] apicolturamantovan.com
  389. [+] apshou.com
  390. [+] asa.edu.pk
  391. [+] ashleyrozelle.com
  392. [+] asseenontvspecials.com
  393. [+] atlantis.alcos.com
  394. [+] av6.7star-intl.com
  395. [+] av6.khamisaenterprises.com
  396. [+] averyrozelle.com
  397. [+] av.stalliontextiles.com
  398. [+] bangkokcar.com
  399. [+] barterfirst.u840.modomo20.com
  400. [+] baxtergardens.com
  401. [+] beehiveinvestments.com
  402. [+] belmont.alcos.com
  403. [+] beta.small-business-dictionary.org
  404. [+] billlongband.com
  405. [+] blanketfacilities.com
  406. [+] blogbuilders.biz
  407. [+] blog.highpointnetworks.com
  408. [+] bombaydryfruits.com
  409. [+] buenavistaairport.com
  410. [+] bvpeakfitness.com
  411. [+] bvstrong.com
  412. [+] caldentalarts.com
  413. [+] caldentalarts.net
  414. [+] canadianjourney.ca
  415. [+] captain.alcos.com
  416. [+] casapasta.net.au
  417. [+] cataniaconstructionllc.com
  418. [+] centralebergham.com
  419. [+] chazconsultants.com
  420. [+] childsafetyidkits.com
  421. [+] chrishutcheson.net
  422. [+] chrismotleyband.com
  423. [+] claimscaribbean.com
  424. [+] clearhealthcenter.com
  425. [+] clearhealthcolonics.com
  426. [+] clearviewcommunity.org
  427. [+] clpmiddleschool.com
  428. [+] clprs.com
  429. [+] cmtc-therapy.com
  430. [+] cogaid.com
  431. [+] compumedia-ltd.com
  432. [+] cosmoscarpets.com
  433. [+] covert.coffee
  434. [+] cpanel.alcos.com
  435. [+] cpanel.hmcash.com
  436. [+] cpmraz.com
  437. [+] craftsmanwebdesign.com
  438. [+] crosslandfoundation.org
  439. [+] csgolf.com
  440. [+] csucondos.com
  441. [+] cutterelectric.com
  442. [+] d4646994.z840.hspserverz.com
  443. [+] d4864662.u840.otnweb.com
  444. [+] d4888788.a840.response-hosting.com
  445. [+] d4910692.a840.response-hosting.com
  446. [+] d4920994.z840.hspserverz.com
  447. [+] d6562554.h1466.trailheadnet.com
  448. [+] d6675864.h1466.trailheadnet.com
  449. [+] daily-option-trades.com
  450. [+] dailyoptiontrades.com
  451. [+] dakahlconsulting.com
  452. [+] daverozelle.com
  453. [+] delta-ins.com
  454. [+] demenagementchamplain.com
  455. [+] demenagementolympic.com
  456. [+] desertforcemma.com
  457. [+] dobbscoatingsystems.com
  458. [+] doreenjetten.com
  459. [+] drmontywilburndc.com
  460. [+] dsc.jo
  461. [+] elementsofarc.com
  462. [+] emilyhuling.com
  463. [+] entreposagemontreal.net
  464. [+] epiphanysudbury.org
  465. [+] erinrozelle.com
  466. [+] etcetera.ca
  467. [+] evolve.net
  468. [+] evolvesys.evolve.net
  469. [+] expresskitchenindy.com
  470. [+] familyandsportchiropractic.com
  471. [+] fazalerabbi.com
  472. [+] fletcherfarms.net
  473. [+] fortcollinstrolley.org
  474. [+] frechinradon.com
  475. [+] fssvisa.com
  476. [+] fw.alcos.com
  477. [+] gallowayengines.com.au
  478. [+] genesis.com.pk
  479. [+] geographyslate.org
  480. [+] georgetowndecks.com
  481. [+] gfoss.it
  482. [+] gfoss.org
  483. [+] glanzelectric.com
  484. [+] glowing-beauty.com
  485. [+] godit.rocks
  486. [+] gps-trailer-tracking.com
  487. [+] grandmotherdiaries.com
  488. [+] gravitycoffee.us
  489. [+] greatestexpeditions.com
  490. [+] greatexpeditionstravel.com
  491. [+] greeleyea.org
  492. [+] greycrestproperties.com
  493. [+] grtexp.com
  494. [+] gurubeula.com
  495. [+] happyhome.edu.pk
  496. [+] heritageoaks.net
  497. [+] hikingthecoloradotrail.com
  498. [+] hmcash.com
  499. [+] hndsjo.com
  500. [+] hometownhandyman.us
  501. [+] hometownpaintpros.com
  502. [+] hometownpaintpros.net
  503. [+] hostmaster.compumedia-ltd.com
  504. [+] hssb.gov.sd
  505. [+] htvisatracker.com
  506. [+] ideaworldhq.com
  507. [+] illegitimate.us
  508. [+] inlynksoft.com
  509. [+] intestinalhealthbook.com
  510. [+] jandfproperties.com
  511. [+] jasperthemule.biz
  512. [+] jasperthemule.com
  513. [+] jasperthemule.info
  514. [+] jasperthemule.net
  515. [+] jasperthemule.org
  516. [+] jasperthemule.us
  517. [+] jettenoriginals.com
  518. [+] johnvrossini.com
  519. [+] kavemanllc.com
  520. [+] kcberger.com
  521. [+] kcspacepirates.com
  522. [+] keasbeyfiredepartment.org
  523. [+] khamisaenterprises.com
  524. [+] kublahken.com
  525. [+] lennsite.com
  526. [+] linearresponse.com
  527. [+] lpgmindworks.com
  528. [+] luckythreeranchstore.com
  529. [+] lynbrookrehab.com
  530. [+] mahmoudiagroup.com
  531. [+] mail.alcos.com
  532. [+] mail.hmcash.com
  533. [+] mail.pioneers.jo
  534. [+] mail.warsonwoods.com
  535. [+] mandmlanka.com
  536. [+] mardellhill.com
  537. [+] marketconnectusa.com
  538. [+] matthewtherrien.com
  539. [+] maximo4.com
  540. [+] mccarthybuildersupply.com
  541. [+] meadowcrestpta.org
  542. [+] mfperfectgroup.com
  543. [+] midlifeavenue.com
  544. [+] motsdecatherine.com
  545. [+] murphycenterforhope.org
  546. [+] murphycenter.org
  547. [+] neuro-development.com
  548. [+] niceguymaniac.com
  549. [+] nodakphoto.com
  550. [+] novacarthosting.com
  551. [+] ns1.gfoss.it
  552. [+] ns1.safaas.net
  553. [+] ns2.gfoss.it
  554. [+] ns2.safaas.net
  555. [+] ns3.compumedia-ltd.com
  556. [+] ns4.compumedia-ltd.com
  557. [+] ns.7star-intl.com
  558. [+] ns.asa.edu.pk
  559. [+] ns.khamisaenterprises.com
  560. [+] ns.stalliontextiles.com
  561. [+] nuqulconcrete.com
  562. [+] oakvilleautomotive.com
  563. [+] offthewallmuralsstl.com
  564. [+] olympiquemoving.com
  565. [+] optimizedoffices.com
  566. [+] paliocha.com
  567. [+] paltoronto.ideaworldhq.com
  568. [+] parkerdeckandsunroomcompany.com
  569. [+] pattersongalleries.com
  570. [+] pattersongalleries.net
  571. [+] pea-cea.org
  572. [+] perfect10wellnessclub.com
  573. [+] permaflight.com
  574. [+] phillypoke.com
  575. [+] pioneers.jo
  576. [+] p-koutdoors.com
  577. [+] pkoutdoors.com
  578. [+] pocogroup.com
  579. [+] podles.org
  580. [+] porta-kampoutdoors.com
  581. [+] portakampoutdoors.com
  582. [+] postoffice.alcos.com
  583. [+] poudreeducationassociation.org
  584. [+] printusagroup.com
  585. [+] quitsmokingstl.com
  586. [+] raymondhadley.com
  587. [+] rblandlawn.com
  588. [+] rdbita.com
  589. [+] rdbita.it
  590. [+] remote.alcos.com
  591. [+] response-hosting.com
  592. [+] rfcommdes.com
  593. [+] richviewrenos.com
  594. [+] risdonpta.org
  595. [+] romails.com
  596. [+] roof.to
  597. [+] rozecomm.daverozelle.com
  598. [+] runlimitedfc.com
  599. [+] rvessentials.shop
  600. [+] safaas.net
  601. [+] safaas.org
  602. [+] saintlouisinspection.com
  603. [+] samroiyodguide.com
  604. [+] samroiyodvillas.com
  605. [+] samroiyot.com
  606. [+] saskia.evolve.net
  607. [+] saveya.net
  608. [+] seamlessknittingsolutions.com
  609. [+] secasket.com
  610. [+] sewellheatingandcooling.com
  611. [+] sharprobbins.com
  612. [+] shortsalespecialistsusa.com
  613. [+] shrm-ne.org
  614. [+] skinbeautybliss.com
  615. [+] small-business-dictionary.org
  616. [+] smokefreewithhypnosis.com
  617. [+] soldiersandsaintsrealty.com
  618. [+] spectacle.lacaptive.ca
  619. [+] sswp.ae
  620. [+] stalliontextiles.com
  621. [+] studio7-seven.com
  622. [+] sublimetraveling.com
  623. [+] sunshine.lk
  624. [+] susanbenjaminpresents.com
  625. [+] syrialink.com
  626. [+] taweelholdings.com
  627. [+] taxresolutionbytommybrown.com
  628. [+] termitescharlotte.com
  629. [+] thaicars.com
  630. [+] thaiman.com
  631. [+] thaipot.com
  632. [+] thedevlab.com
  633. [+] thelivelypen.com
  634. [+] therealestatecollaborative.com
  635. [+] tlasiatic.com
  636. [+] torontolivebaitstore.com
  637. [+] tracyschuler.com
  638. [+] tradelinemarketing.com
  639. [+] transitiontamers.com
  640. [+] travelswithstudents.com
  641. [+] travelwithstudents.com
  642. [+] tsgi09.com
  643. [+] turkey10.com
  644. [+] usa-patriotic.com
  645. [+] usmanagementteam.com
  646. [+] vailcondominium.com
  647. [+] warsonwoods.com
  648. [+] wcdaley.com
  649. [+] web24.hspheredns.com
  650. [+] web28.hspheredns.com
  651. [+] webdisk.alcos.com
  652. [+] webdisk.hmcash.com
  653. [+] webmail.alcos.com
  654. [+] webmail.hmcash.com
  655. [+] wendyanderson.net
  656. [+] wendyandersonpa.com
  657. [+] westbrookisi.com
  658. [+] westernpacifictrading.com
  659. [+] windsorandco.com
  660. [+] woodbridgeaddition.com
  661. [+] worldexchange.org
  662. [+] wowhummertours.com
  663. [+] wpmd.us
  664. [+] www.ageathomecare.com
  665. [+] www.aikidobc.com
  666. [+] www.alcos.com
  667. [+] www.apicolturamantovan.com
  668. [+] www.baxtergardens.com
  669. [+] www.billlongband.com
  670. [+] www.blogbuilders.biz
  671. [+] www.bvpeakfitness.com
  672. [+] www.caldentalarts.com
  673. [+] www.canadianjourney.ca
  674. [+] www.casapasta.net.au
  675. [+] www.clearhealthcenter.com
  676. [+] www.cosmoscarpets.com
  677. [+] www.crosslandfoundation.org
  678. [+] www.csgolf.com
  679. [+] www.csucondos.com
  680. [+] www.cutterelectric.com
  681. [+] www.dsc.jo
  682. [+] www.fortcollinstrolley.org
  683. [+] www.gfoss.it
  684. [+] www.glanzelectric.com
  685. [+] www.glowing-beauty.com
  686. [+] www.greatexpeditionstravel.com
  687. [+] www.happyhome.edu.pk
  688. [+] www.hmcash.com
  689. [+] www.hometownhandyman.us
  690. [+] www.inlynksoft.com
  691. [+] www.jasperthemule.com
  692. [+] www.kcspacepirates.com
  693. [+] www.khamisaenterprises.com
  694. [+] www.lpgmindworks.com
  695. [+] www.lynbrookrehab.com
  696. [+] www.murphycenter.org
  697. [+] www.neuro-development.com
  698. [+] www.oakvilleautomotive.com
  699. [+] www.offthewallmuralsstl.com
  700. [+] www.pattersongalleries.com
  701. [+] www.perfect10wellnessclub.com
  702. [+] www.podles.org
  703. [+] www.printusagroup.com
  704. [+] www.raymondhadley.com
  705. [+] www.rdbita.it
  706. [+] www.runlimitedfc.com
  707. [+] www.secasket.com
  708. [+] www.shrm-ne.org
  709. [+] www.small-business-dictionary.org
  710. [+] www.smokefreewithhypnosis.com
  711. [+] www.termitescharlotte.com
  712. [+] www.usa-patriotic.com
  713. [+] www.warsonwoods.com
  714. [+] www.wendyandersonpa.com
  715. [+] www.worldexchange.org
  716. [+] zencartconsultants.com
  717. [+] zencart-modules.com
  718. [+] zen-cart-training.com
  719. #######################################################################################################################################
  720.  
  721. Reverse IP With YouGetSignal 'hssb.gov.sd'
  722. ---------------------------------------------------------------------------------------------------------------------------------------
  723.  
  724. [*] IP: 208.77.159.5
  725. [*] Domain: hssb.gov.sd
  726. [*] Total Domains: 499
  727.  
  728. [+] 123wok.net
  729. [+] 2011.airdrieedge.com
  730. [+] a-flight-deck-odyssey.com
  731. [+] ademitri-scrapcar.com
  732. [+] advocatesunited.com
  733. [+] agri-man.com
  734. [+] airdrieedge.com
  735. [+] airsoftsaintlouis.com
  736. [+] akyachts.com
  737. [+] al-arab.ca
  738. [+] al-doo.com
  739. [+] allaboutpies.net
  740. [+] alocalguide.com
  741. [+] andymarinel.com
  742. [+] anikadenise.com
  743. [+] aptresources.ae
  744. [+] arizonaurologyspecialists.com
  745. [+] artisanroofrepair.com
  746. [+] artistpatriciacherry.com
  747. [+] assist.ir
  748. [+] atelierdeteresa.com
  749. [+] atmmanagementllc.com
  750. [+] bahiadelsol.com.mx
  751. [+] bahoukas.com
  752. [+] bangkokcondo.com
  753. [+] bedfordparkseniorsresidence.com
  754. [+] bedfordparkseniorsresidence.org
  755. [+] beltonemesa.com
  756. [+] benefitsolutions-de.com
  757. [+] berryscreation.com
  758. [+] bibleonly.org
  759. [+] bigairjapan.com
  760. [+] bju.ir
  761. [+] blindesign.net
  762. [+] blog.betterlifemaids.com
  763. [+] blog.innovateusa.com
  764. [+] bluerayts.com
  765. [+] bood8th.com
  766. [+] bounceaboutltd.com
  767. [+] boutsdchoux.com
  768. [+] brookhollowtyler.com
  769. [+] buttonupboutique.net
  770. [+] canadiannaturalhealthproductregistration.com
  771. [+] cape-industrial.com
  772. [+] cape-thailand.com
  773. [+] career141.com
  774. [+] century21nordic.com
  775. [+] chadwindnagle.com
  776. [+] clockology.com
  777. [+] coaching.seeyourfuture.ca
  778. [+] commercialrenos.com
  779. [+] comprehensivepainaz.com
  780. [+] contactinc.com
  781. [+] coolpixphotobooth.com
  782. [+] currierhouse.com
  783. [+] cyranos.com
  784. [+] d3792826.q840.kflhosting.com
  785. [+] d4026360.u840.webdancers.com
  786. [+] d4663551.u840.psisites.com
  787. [+] deanamasinger.com
  788. [+] deerlakeoilandgas.com
  789. [+] delagreabmd.com
  790. [+] delcogolfcarts.com
  791. [+] dentalpurity.com
  792. [+] desertwestobgyn.com
  793. [+] diaaexhibition.com
  794. [+] discoverydreamhomes.com
  795. [+] donnaramsay.com
  796. [+] drnaylor.com
  797. [+] earthwatts.com
  798. [+] education.seeyourfuture.ca
  799. [+] eisguitars.com
  800. [+] ekg.com
  801. [+] electpougnet.com
  802. [+] elliemencer.com
  803. [+] elmosanatgt.com
  804. [+] emekrefaim51.com
  805. [+] emergeu.com
  806. [+] emporiavet.com
  807. [+] evergreenmedical.com
  808. [+] excelathlete.com
  809. [+] fabioponzio.com
  810. [+] fairplaysportswear.com
  811. [+] faithtalkstl.com
  812. [+] finehomesgroupaz.com
  813. [+] firstjordan.com.jo
  814. [+] foursan.com
  815. [+] friendsofconwr.com
  816. [+] ganeizionrentals.com
  817. [+] garinger60s.com
  818. [+] geoexpressinternational.com
  819. [+] geoteclandscapesupplies.com
  820. [+] giraphics.net
  821. [+] gmponlinetraining.com
  822. [+] godlovesmarriage.org
  823. [+] goldnglowcosmetics.com
  824. [+] guydster.com
  825. [+] halo-coatings.com
  826. [+] helpmiami.org
  827. [+] hendersonvilletents.com
  828. [+] hermesmozaikoutlet.com
  829. [+] hhs.edu.pk
  830. [+] hkagricrm.com
  831. [+] holocloud.com
  832. [+] homelessgear.com
  833. [+] homelessgear.org
  834. [+] hopevs.com
  835. [+] horsebizness.com
  836. [+] hpgs.edu.pk
  837. [+] hssb.gov.sd
  838. [+] iccjerusalem.org
  839. [+] iccsrilanka.com
  840. [+] independentreferralconsultants.com
  841. [+] influxiswebinar.com
  842. [+] ingersollassociates.com
  843. [+] innovateusa.com
  844. [+] instructionsheetsdesignedbybill.com
  845. [+] integrativecareaz.com
  846. [+] irenewskincare.com
  847. [+] irjes.psyec.edu.in
  848. [+] isladelsollakeozarks.com
  849. [+] italianmotorcycles.com.au
  850. [+] jahangirifdn.com
  851. [+] jamaica50th-sk.com
  852. [+] jcelightning.com
  853. [+] jcelightningprotection.com
  854. [+] jeremyolinda.com
  855. [+] jola.com
  856. [+] josephgeorgecpa.com
  857. [+] jplistings.ca
  858. [+] kathyscrawford.com
  859. [+] kcrawford.org
  860. [+] ladnerminorbaseball.com
  861. [+] lafoihairsalon.com
  862. [+] lakelandweightloss.com
  863. [+] landservicesabstract.com
  864. [+] lasalleinstitutelk.org
  865. [+] latitude-marketing.com
  866. [+] latitudesmarketing.com
  867. [+] latrakconveyors.com
  868. [+] laymanceartlighting.com
  869. [+] lebellaspa.com
  870. [+] leonardwholesale.com
  871. [+] leschateau.com
  872. [+] lesliemeehan.com
  873. [+] levantgate.com
  874. [+] lhion.org
  875. [+] limalofts.com
  876. [+] localfarmlink.com
  877. [+] lockhartoilfield.com
  878. [+] lockport.sub-delicious.com
  879. [+] loudermilklandscape.com
  880. [+] luxuryvacationhomeshawaii.com
  881. [+] lyndonjohansendpm.com
  882. [+] marquisrehabandnursing.com
  883. [+] matthewtherrien.com
  884. [+] mawlood.info
  885. [+] mechatronic-co.com
  886. [+] mechmarcl.com
  887. [+] mecidsnetwork.org
  888. [+] methodmm.com
  889. [+] mfu.gov.sd
  890. [+] mmgm.co
  891. [+] moebiusmarketing.com
  892. [+] monagrace.com
  893. [+] moviemag.ir
  894. [+] mstgov.com
  895. [+] mymigrainediet.com
  896. [+] mypagemonkey.com
  897. [+] naturalhealinghouse.com
  898. [+] neosite.ca
  899. [+] nicl.mu
  900. [+] noblesprayberry.com
  901. [+] okanagansummer.com
  902. [+] olympicrehabandpaincenter.com
  903. [+] onlinedatingmatches.com
  904. [+] onwhichweserve.com
  905. [+] operaclub.net
  906. [+] orsognagroup.com
  907. [+] oursigncompany.com
  908. [+] palatas.com
  909. [+] paolidentistry.com
  910. [+] paps-thailand.com
  911. [+] paraxenosskiathos.com
  912. [+] parkerdeckandsunroomcompany.com
  913. [+] pccfht.ca
  914. [+] petraelliott.com
  915. [+] philliparispin.com
  916. [+] pipelinerepairspecialists.com
  917. [+] practicarnanaimo.u840.worldmarkit.com
  918. [+] practifab.com
  919. [+] practifabhosting.com
  920. [+] preneoneng.com
  921. [+] pro-pik.com
  922. [+] psyec.edu.in
  923. [+] puppybus.ca
  924. [+] quartex.com
  925. [+] quintela.io
  926. [+] roofsupportblocks.com
  927. [+] rooftopblox.com
  928. [+] rookiecardcomedy.com
  929. [+] rosevillephotographers.com
  930. [+] rprjm.com
  931. [+] rss.jo
  932. [+] saffla.com
  933. [+] scaryair.org
  934. [+] schipperfabrik.com
  935. [+] scottsdalepianostudio.com
  936. [+] scottslone.com
  937. [+] scrumptiousentreesllc.com
  938. [+] sdnpc.ca
  939. [+] seadriftsculptures.com
  940. [+] senseofspace.com
  941. [+] shaolintaiwingwu.com
  942. [+] shogoal.com
  943. [+] shoptsawwassen.com
  944. [+] sierraseasons.com
  945. [+] silverbuttons.org
  946. [+] simonhartog.com
  947. [+] simplyelegantcaps.com
  948. [+] sminpowergroup.com
  949. [+] springfieldcc.net
  950. [+] standardplating.com
  951. [+] sterlingbpo.com
  952. [+] stetsonhillsfm.com
  953. [+] sulluk.ca
  954. [+] susquehannavalleywomenshealthcare.com
  955. [+] swifthr.ca
  956. [+] syensaidesign.com
  957. [+] syracusesurgerycenter.com
  958. [+] taveshow.com
  959. [+] tcplayhouse.com
  960. [+] templemontreal.ca
  961. [+] thaiwebpro.com
  962. [+] thedisappearingact.net
  963. [+] thefreakhawks.com
  964. [+] thehostingfirm.net
  965. [+] theromangroupltd.com
  966. [+] thomasbersanimd.com
  967. [+] tlday.org
  968. [+] trainatexcel.com
  969. [+] trimitrasupplymarineindonesia.com
  970. [+] tuckpointingmasonrysystems.com
  971. [+] usa-patriotic.com
  972. [+] v4a.org
  973. [+] valerosadesigns.com
  974. [+] valuemyoakvillehome.com
  975. [+] vesikauppa.com
  976. [+] vfadesign.com.ar
  977. [+] vfd.northyorkharvest.com
  978. [+] villapeople.com
  979. [+] vizainternationaltrading.com
  980. [+] wandermelon.com
  981. [+] web24.hspheredns.com
  982. [+] webdesignfox.com
  983. [+] whdorg.com
  984. [+] whereinternational.com
  985. [+] wikpedia.co.il
  986. [+] willow-house.com
  987. [+] willowraine.com
  988. [+] wilsonelectric.net
  989. [+] windandfirephoenix.com
  990. [+] windcrestanimal.com
  991. [+] windmarbsd.com
  992. [+] wisemedicalproducts.com
  993. [+] wishingtreeproductions.com
  994. [+] wkrpindy.com
  995. [+] wnceagleselfstorage.com
  996. [+] wolfsontowers.com
  997. [+] wpdev09.holocloud.com
  998. [+] www.4san.com
  999. [+] www.abuissa.com
  1000. [+] www.accessgaragedoors.ca
  1001. [+] www.acebackground.com
  1002. [+] www.acecustomdecks.com
  1003. [+] www.actionsportslk.com
  1004. [+] www.alldeckedoutmt.com
  1005. [+] www.alnabil.com
  1006. [+] www.alnejmahsweets.com
  1007. [+] www.andyandbillscollectibles.com
  1008. [+] www.apicasting.com
  1009. [+] www.argood.com
  1010. [+] www.arinderbhullar.com
  1011. [+] www.attacoa.com
  1012. [+] www.aurorasyscon.com
  1013. [+] www.authorizedregistrar.com
  1014. [+] www.backyardsuperstar.com
  1015. [+] www.bahiadelsol.com.mx
  1016. [+] www.bahoukas.com
  1017. [+] www.baldwinpediatrics.com
  1018. [+] www.bangkokcondo.com
  1019. [+] www.baskcanada.com
  1020. [+] www.bedfordparkseniorsresidence.org
  1021. [+] www.blank-page-writing.com
  1022. [+] www.blueridgeplasticsurgery.com
  1023. [+] www.bobbycargill.com
  1024. [+] www.boombabies.biz
  1025. [+] www.breezecircle.com
  1026. [+] www.cape-industrial.com
  1027. [+] www.cape-malaysia.com
  1028. [+] www.capegroup.net
  1029. [+] www.career141.com
  1030. [+] www.carvelofelmora.com
  1031. [+] www.cedarwood-inn.com
  1032. [+] www.century21nordic.com
  1033. [+] www.cgc.gov.jm
  1034. [+] www.chazconsultants.com
  1035. [+] www.club.neosite.ca
  1036. [+] www.conservativenewsdigest.com
  1037. [+] www.coursepack.ca
  1038. [+] www.craigtowson.com
  1039. [+] www.cspi.org
  1040. [+] www.ctsdemo3.com
  1041. [+] www.cyranos.com
  1042. [+] www.davenportpress.com
  1043. [+] www.deamontreal.com
  1044. [+] www.decksbydak.com
  1045. [+] www.deekartavya.com
  1046. [+] www.deerlakeoilandgas.com
  1047. [+] www.diningasia.com
  1048. [+] www.discoverybaykelowna.com
  1049. [+] www.discoverydreamhomes.com
  1050. [+] www.divanindy.com
  1051. [+] www.dockauctions.com
  1052. [+] www.dominionholdingsllc.com
  1053. [+] www.doubledmontaukfishing.com
  1054. [+] www.drnaylor.com
  1055. [+] www.drpeternelson.com
  1056. [+] www.dymotek.com
  1057. [+] www.earthwatts.com
  1058. [+] www.eisguitars.com
  1059. [+] www.elizabethmorales.tv
  1060. [+] www.evergreenmedical.com
  1061. [+] www.eyeplasticcny.com
  1062. [+] www.ezcaresystems.com
  1063. [+] www.f5e.org
  1064. [+] www.familytherapyworks.com
  1065. [+] www.fanousimmigration.com
  1066. [+] www.fantasticallcare.com
  1067. [+] www.farcry.lk
  1068. [+] www.fauxfxtyler.com
  1069. [+] www.federalknife.com
  1070. [+] www.firstfidcorp.com
  1071. [+] www.firstjordan.com.jo
  1072. [+] www.firstmotionproducts.com
  1073. [+] www.folch.com
  1074. [+] www.foursan.com
  1075. [+] www.friendsofconwr.com
  1076. [+] www.gapopefinejewelry.com
  1077. [+] www.gcylaw.com
  1078. [+] www.gdas.ca
  1079. [+] www.georgetowndecks.com
  1080. [+] www.getontracktoday.com
  1081. [+] www.giraphics.net
  1082. [+] www.globalassent.com
  1083. [+] www.gloriatc.com
  1084. [+] www.gmptraining.ca
  1085. [+] www.goniec.net
  1086. [+] www.grandjunctionwestfield.com
  1087. [+] www.grandparkproperties.com
  1088. [+] www.gstaxpayers.ca
  1089. [+] www.handwritingforensics.com
  1090. [+] www.happyfoodhealth.com
  1091. [+] www.hazexplorations.com
  1092. [+] www.hearagainnowllc.com
  1093. [+] www.hendersonvilletents.com
  1094. [+] www.hhprop.com
  1095. [+] www.hhs.edu.pk
  1096. [+] www.higheralignment.com
  1097. [+] www.homefieldsports.com
  1098. [+] www.homefieldsports.org
  1099. [+] www.homekraftworld.com
  1100. [+] www.honk.com.au
  1101. [+] www.hotelconsultingasia.com
  1102. [+] www.hughcrawford.org
  1103. [+] www.hussamtours.com.jo
  1104. [+] www.iaweb.biz
  1105. [+] www.iaweb.net
  1106. [+] www.iccjerusalem.org
  1107. [+] www.iccsrilanka.com
  1108. [+] www.iicreative.com
  1109. [+] www.impaqta.com
  1110. [+] www.ingersollassociates.com
  1111. [+] www.integrativecareaz.com
  1112. [+] www.iotron.com
  1113. [+] www.irantravelinglotus.com
  1114. [+] www.isladelsollakeozarks.com
  1115. [+] www.italian-motorcycles.com.au
  1116. [+] www.jaktapparel.com.au
  1117. [+] www.jaybers.com
  1118. [+] www.kailyreed.com
  1119. [+] www.kalpitiyastanneslagoonhouse.lk
  1120. [+] www.kelownavacationrental.com
  1121. [+] www.knucklesnilan.com
  1122. [+] www.koh-tao-tropicana-resort.com
  1123. [+] www.kukagamijack.ca
  1124. [+] www.ladysushilramgoolam.com
  1125. [+] www.lasposasriviera.com
  1126. [+] www.latin-schools.org
  1127. [+] www.laymanceartlighting.com
  1128. [+] www.lesliemeehan.com
  1129. [+] www.limalofts.com
  1130. [+] www.lisaolinda.com
  1131. [+] www.lockhartoilfield.com
  1132. [+] www.macsa.lk
  1133. [+] www.magicandballoons.biz
  1134. [+] www.marcopoloplazacebu.com
  1135. [+] www.marikan-maljakot.com
  1136. [+] www.marquisrehabandnursing.com
  1137. [+] www.maxmusclemo.com
  1138. [+] www.mazzawi.co.il
  1139. [+] www.mcbconsultingllc.com
  1140. [+] www.mfu.gov.sd
  1141. [+] www.mobiledentandpaintservice.com
  1142. [+] www.montrealplumbingservices.com
  1143. [+] www.moviemag.ir
  1144. [+] www.mylaptop.lk
  1145. [+] www.narcowar.com
  1146. [+] www.nataclinic.com
  1147. [+] www.nationcouture.com
  1148. [+] www.naturalhealinghouse.com
  1149. [+] www.ncmountainview.com
  1150. [+] www.newagetattoo.ca
  1151. [+] www.nhicenters.com
  1152. [+] www.nlhhn.org
  1153. [+] www.north-americansolar.com
  1154. [+] www.northwestfootdoctor.com
  1155. [+] www.novieducationalfoundation.org
  1156. [+] www.okgift.ca
  1157. [+] www.olindaservices.com
  1158. [+] www.optimizasolutions.com
  1159. [+] www.osamaspizza.com
  1160. [+] www.oysterriverrustic.com
  1161. [+] www.petermadros.com
  1162. [+] www.petraelliott.com
  1163. [+] www.positivematters.com
  1164. [+] www.posseproject.ca
  1165. [+] www.printusagroup.com
  1166. [+] www.projectsalvageearth.com
  1167. [+] www.puppybus.ca
  1168. [+] www.purpleheartyoga.com
  1169. [+] www.raymondhadley.com
  1170. [+] www.redemptionradio.com
  1171. [+] www.resolveminerals.com
  1172. [+] www.ridgemoorbuys.com
  1173. [+] www.robmdiaz.com
  1174. [+] www.rooftopblox.com
  1175. [+] www.rprja.com
  1176. [+] www.saffla.com
  1177. [+] www.samsoldecks.com
  1178. [+] www.sarasfamilybulldogs.com
  1179. [+] www.scalarheartconnection.com
  1180. [+] www.schipperfabrik.com
  1181. [+] www.scmboats.com
  1182. [+] www.sdnpc.ca
  1183. [+] www.shippingedu.com
  1184. [+] www.siamdomains.com
  1185. [+] www.skinreligion.com
  1186. [+] www.smsdata.ir
  1187. [+] www.softedgeit.com
  1188. [+] www.srieq.ca
  1189. [+] www.staffjuridico.com.co
  1190. [+] www.steffiblackcoaching.com
  1191. [+] www.sterlinglanka.com
  1192. [+] www.stevengoodmanjewelry.com
  1193. [+] www.sub-delicious.com
  1194. [+] www.sushiichiban.com
  1195. [+] www.syensaidesign.com
  1196. [+] www.tapartocoffee.com
  1197. [+] www.templemontreal.ca
  1198. [+] www.th3syracuse.com
  1199. [+] www.thaicondos.com
  1200. [+] www.thaiwebpro.com
  1201. [+] www.theanteriorhip.com
  1202. [+] www.thefamilyvision.org
  1203. [+] www.thegratitudelist.org
  1204. [+] www.thehotelmarket.com
  1205. [+] www.theonedentist.com
  1206. [+] www.tiogachamber.com
  1207. [+] www.trademarkpmg.com
  1208. [+] www.tuckpointingmasonry.com
  1209. [+] www.tunamart.com
  1210. [+] www.ukofficestationery.com
  1211. [+] www.ultimategarageinc.com
  1212. [+] www.upstreaminsurance.com
  1213. [+] www.v4a.org
  1214. [+] www.vitalenergylifestylestudios.com
  1215. [+] www.vsecvet.com
  1216. [+] www.wagnercrash.com.au
  1217. [+] www.wbmtwain.com
  1218. [+] www.whiteglovemaintenance.com
  1219. [+] www.willow-house.com
  1220. [+] www.windmarbsd.com
  1221. [+] www.wizwatch.com
  1222. [+] www.zamilchemplast.com
  1223. [+] wykemouldings.com
  1224. [+] wykemouldings.net
  1225. [+] zamilchemplast.com
  1226. [+] zingworldwide.com
  1227. #######################################################################################################################################
  1228.  
  1229. Geo IP Lookup 'hssb.gov.sd'
  1230. ---------------------------------------------------------------------------------------------------------------------------------------
  1231.  
  1232. [+] IP Address: 208.77.159.5
  1233. [+] Country: Canada
  1234. [+] State:
  1235. [+] City:
  1236. [+] Latitude: 43.6319
  1237. [+] Longitude: -79.3716
  1238. #######################################################################################################################################
  1239.  
  1240. Bypass Cloudflare 'hssb.gov.sd'
  1241. ---------------------------------------------------------------------------------------------------------------------------------------
  1242.  
  1243. [!] CloudFlare Bypass 208.77.159.5 | ftp.hssb.gov.sd
  1244. [!] CloudFlare Bypass 208.77.159.5 | cpanel.hssb.gov.sd
  1245. [!] CloudFlare Bypass 208.77.159.5 | webmail.hssb.gov.sd
  1246. [!] CloudFlare Bypass 208.77.159.5 | localhost.hssb.gov.sd
  1247. [!] CloudFlare Bypass 208.77.159.5 | local.hssb.gov.sd
  1248. [!] CloudFlare Bypass 208.77.159.5 | mysql.hssb.gov.sd
  1249. [!] CloudFlare Bypass 208.77.159.5 | forum.hssb.gov.sd
  1250. [!] CloudFlare Bypass 208.77.159.5 | driect-connect.hssb.gov.sd
  1251. [!] CloudFlare Bypass 208.77.159.5 | blog.hssb.gov.sd
  1252. [!] CloudFlare Bypass 208.77.159.5 | vb.hssb.gov.sd
  1253. [!] CloudFlare Bypass 208.77.159.5 | forums.hssb.gov.sd
  1254. [!] CloudFlare Bypass 208.77.159.5 | home.hssb.gov.sd
  1255. [!] CloudFlare Bypass 208.77.159.5 | direct.hssb.gov.sd
  1256. [!] CloudFlare Bypass 208.77.159.5 | forums.hssb.gov.sd
  1257. [!] CloudFlare Bypass 208.77.156.5 | mail.hssb.gov.sd
  1258. [!] CloudFlare Bypass 208.77.159.5 | access.hssb.gov.sd
  1259. [!] CloudFlare Bypass 208.77.159.5 | admin.hssb.gov.sd
  1260. [!] CloudFlare Bypass 208.77.159.5 | administrator.hssb.gov.sd
  1261. [!] CloudFlare Bypass 208.77.159.5 | email.hssb.gov.sd
  1262. [!] CloudFlare Bypass 208.77.159.5 | downloads.hssb.gov.sd
  1263. [!] CloudFlare Bypass 208.77.159.5 | ssh.hssb.gov.sd
  1264. [!] CloudFlare Bypass 208.77.159.5 | owa.hssb.gov.sd
  1265. [!] CloudFlare Bypass 208.77.159.5 | bbs.hssb.gov.sd
  1266. [!] CloudFlare Bypass 208.77.159.5 | webmin.hssb.gov.sd
  1267. [!] CloudFlare Bypass 208.77.159.5 | paralel.hssb.gov.sd
  1268. [!] CloudFlare Bypass 208.77.159.5 | parallels.hssb.gov.sd
  1269. [!] CloudFlare Bypass 208.77.159.5 | www0.hssb.gov.sd
  1270. [!] CloudFlare Bypass 208.77.159.5 | www.hssb.gov.sd
  1271. [!] CloudFlare Bypass 208.77.159.5 | www1.hssb.gov.sd
  1272. [!] CloudFlare Bypass 208.77.159.5 | www2.hssb.gov.sd
  1273. [!] CloudFlare Bypass 208.77.159.5 | www3.hssb.gov.sd
  1274. [!] CloudFlare Bypass 208.77.159.5 | www4.hssb.gov.sd
  1275. [!] CloudFlare Bypass 208.77.159.5 | www5.hssb.gov.sd
  1276. [!] CloudFlare Bypass 208.77.159.5 | shop.hssb.gov.sd
  1277. [!] CloudFlare Bypass 208.77.159.5 | api.hssb.gov.sd
  1278. [!] CloudFlare Bypass 208.77.159.5 | blogs.hssb.gov.sd
  1279. [!] CloudFlare Bypass 208.77.159.5 | test.hssb.gov.sd
  1280. [!] CloudFlare Bypass 208.77.159.5 | mx1.hssb.gov.sd
  1281. [!] CloudFlare Bypass 208.77.159.5 | cdn.hssb.gov.sd
  1282. [!] CloudFlare Bypass 208.77.159.5 | mysql.hssb.gov.sd
  1283. [!] CloudFlare Bypass 208.77.159.5 | mail1.hssb.gov.sd
  1284. [!] CloudFlare Bypass 208.77.159.5 | secure.hssb.gov.sd
  1285. [!] CloudFlare Bypass 208.77.159.5 | server.hssb.gov.sd
  1286. [!] CloudFlare Bypass 208.77.159.5 | ns1.hssb.gov.sd
  1287. [!] CloudFlare Bypass 208.77.159.5 | ns2.hssb.gov.sd
  1288. [!] CloudFlare Bypass 208.77.159.5 | smtp.hssb.gov.sd
  1289. [!] CloudFlare Bypass 208.77.159.5 | vpn.hssb.gov.sd
  1290. [!] CloudFlare Bypass 208.77.159.5 | m.hssb.gov.sd
  1291. [!] CloudFlare Bypass 208.77.159.5 | mail2.hssb.gov.sd
  1292. [!] CloudFlare Bypass 208.77.159.5 | postal.hssb.gov.sd
  1293. [!] CloudFlare Bypass 208.77.159.5 | support.hssb.gov.sd
  1294. [!] CloudFlare Bypass 208.77.159.5 | web.hssb.gov.sd
  1295. [!] CloudFlare Bypass 208.77.159.5 | dev.hssb.gov.sd
  1296. #######################################################################################################################################
  1297.  
  1298. DNS Lookup 'hssb.gov.sd'
  1299. --------------------------------------------------------------------------------------------------------------------------------------
  1300.  
  1301. [+] hssb.gov.sd. 21599 IN SOA ns4.dot.jo. hkhayyat.dot.jo. 2016072105 10800 3600 604800 86400
  1302. [+] hssb.gov.sd. 21599 IN NS ns4.dot.jo.
  1303. [+] hssb.gov.sd. 21599 IN NS ns3.dot.jo.
  1304. [+] hssb.gov.sd. 21599 IN A 208.77.159.5
  1305. [+] hssb.gov.sd. 21599 IN MX 10 mail10.dot.jo.
  1306. [+] hssb.gov.sd. 21599 IN TXT "v=spf1 include:smtp.cologlobal.com a mx ip4:208.77.156.6/23 -all"
  1307. #######################################################################################################################################
  1308.  
  1309. Show HTTP Header 'hssb.gov.sd'
  1310. ---------------------------------------------------------------------------------------------------------------------------------------
  1311.  
  1312. [+] HTTP/1.1 200 OK
  1313. [+] Date: Thu, 21 Feb 2019 22:07:20 GMT
  1314. [+] Server: Apache mod_fcgid/2.3.9
  1315. [+] Expires: Sun, 19 Nov 1978 05:00:00 GMT
  1316. [+] Cache-Control: no-cache, must-revalidate
  1317. [+] X-Content-Type-Options: nosniff
  1318. [+] Content-Language: ar
  1319. [+] X-Frame-Options: SAMEORIGIN
  1320. [+] X-Generator: Drupal 7 (http://drupal.org)
  1321. [+] Content-Type: text/html; charset=utf-8
  1322. #######################################################################################################################################
  1323.  
  1324. Port Scan 'hssb.gov.sd'
  1325. ---------------------------------------------------------------------------------------------------------------------------------------
  1326.  
  1327.  
  1328. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-21 22:07 UTC
  1329. Nmap scan report for hssb.gov.sd (208.77.159.5)
  1330. Host is up (0.039s latency).
  1331. rDNS record for 208.77.159.5: web28.hspheredns.com
  1332. PORT STATE SERVICE
  1333. 21/tcp open ftp
  1334. 22/tcp filtered ssh
  1335. 23/tcp filtered telnet
  1336. 80/tcp open http
  1337. 110/tcp closed pop3
  1338. 143/tcp closed imap
  1339. 443/tcp open https
  1340. 3389/tcp filtered ms-wbt-server
  1341.  
  1342. Nmap done: 1 IP address (1 host up) scanned in 1.51 seconds
  1343. #######################################################################################################################################
  1344.  
  1345. Robot.txt 'hssb.gov.sd'
  1346. ---------------------------------------------------------------------------------------------------------------------------------------
  1347.  
  1348. #
  1349. # robots.txt
  1350. #
  1351. # This file is to prevent the crawling and indexing of certain parts
  1352. # of your site by web crawlers and spiders run by sites like Yahoo!
  1353. # and Google. By telling these "robots" where not to go on your site,
  1354. # you save bandwidth and server resources.
  1355. #
  1356. # This file will be ignored unless it is at the root of your host:
  1357. # Used: http://example.com/robots.txt
  1358. # Ignored: http://example.com/site/robots.txt
  1359. #
  1360. # For more information about the robots.txt standard, see:
  1361. # http://www.robotstxt.org/robotstxt.html
  1362.  
  1363. User-agent: *
  1364. Crawl-delay: 10
  1365. # CSS, JS, Images
  1366. Allow: /misc/*.css$
  1367. Allow: /misc/*.css?
  1368. Allow: /misc/*.js$
  1369. Allow: /misc/*.js?
  1370. Allow: /misc/*.gif
  1371. Allow: /misc/*.jpg
  1372. Allow: /misc/*.jpeg
  1373. Allow: /misc/*.png
  1374. Allow: /modules/*.css$
  1375. Allow: /modules/*.css?
  1376. Allow: /modules/*.js$
  1377. Allow: /modules/*.js?
  1378. Allow: /modules/*.gif
  1379. Allow: /modules/*.jpg
  1380. Allow: /modules/*.jpeg
  1381. Allow: /modules/*.png
  1382. Allow: /profiles/*.css$
  1383. Allow: /profiles/*.css?
  1384. Allow: /profiles/*.js$
  1385. Allow: /profiles/*.js?
  1386. Allow: /profiles/*.gif
  1387. Allow: /profiles/*.jpg
  1388. Allow: /profiles/*.jpeg
  1389. Allow: /profiles/*.png
  1390. Allow: /themes/*.css$
  1391. Allow: /themes/*.css?
  1392. Allow: /themes/*.js$
  1393. Allow: /themes/*.js?
  1394. Allow: /themes/*.gif
  1395. Allow: /themes/*.jpg
  1396. Allow: /themes/*.jpeg
  1397. Allow: /themes/*.png
  1398. # Directories
  1399. Disallow: /includes/
  1400. Disallow: /misc/
  1401. Disallow: /modules/
  1402. Disallow: /profiles/
  1403. Disallow: /scripts/
  1404. Disallow: /themes/
  1405. # Files
  1406. Disallow: /CHANGELOG.txt
  1407. Disallow: /cron.php
  1408. Disallow: /INSTALL.mysql.txt
  1409. Disallow: /INSTALL.pgsql.txt
  1410. Disallow: /INSTALL.sqlite.txt
  1411. Disallow: /install.php
  1412. Disallow: /INSTALL.txt
  1413. Disallow: /LICENSE.txt
  1414. Disallow: /MAINTAINERS.txt
  1415. Disallow: /update.php
  1416. Disallow: /UPGRADE.txt
  1417. Disallow: /xmlrpc.php
  1418. # Paths (clean URLs)
  1419. Disallow: /admin/
  1420. Disallow: /comment/reply/
  1421. Disallow: /filter/tips/
  1422. Disallow: /node/add/
  1423. Disallow: /search/
  1424. Disallow: /user/register/
  1425. Disallow: /user/password/
  1426. Disallow: /user/login/
  1427. Disallow: /user/logout/
  1428. # Paths (no clean URLs)
  1429. Disallow: /?q=admin/
  1430. Disallow: /?q=comment/reply/
  1431. Disallow: /?q=filter/tips/
  1432. Disallow: /?q=node/add/
  1433. Disallow: /?q=search/
  1434. Disallow: /?q=user/password/
  1435. Disallow: /?q=user/register/
  1436. Disallow: /?q=user/login/
  1437. Disallow: /?q=user/logout/
  1438. #######################################################################################################################################
  1439.  
  1440. Traceroute 'hssb.gov.sd'
  1441. ---------------------------------------------------------------------------------------------------------------------------------------
  1442.  
  1443. Start: 2019-02-21T22:07:30+0000
  1444. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  1445. 1.|-- 45.79.12.201 0.0% 3 1.0 1.1 1.0 1.2 0.1
  1446. 2.|-- 45.79.12.0 0.0% 3 2.0 1.0 0.5 2.0 0.9
  1447. 3.|-- ae-37.a01.dllstx04.us.bb.gin.ntt.net 0.0% 3 2.7 2.9 1.2 4.7 1.8
  1448. 4.|-- ae-9.r10.dllstx09.us.bb.gin.ntt.net 0.0% 3 2.0 1.6 1.3 2.0 0.4
  1449. 5.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  1450. 6.|-- DATABANK-HO.ear1.Dallas1.Level3.net 0.0% 3 3.1 3.3 3.1 3.6 0.3
  1451. 7.|-- 63.164.96.databank.com 0.0% 3 2.7 2.8 2.7 2.9 0.1
  1452. 8.|-- 220host66.databank.com 0.0% 3 3.6 5.0 3.6 6.7 1.6
  1453. 9.|-- web28.hspheredns.com 0.0% 3 2.8 3.0 2.8 3.2 0.2
  1454. #######################################################################################################################################
  1455.  
  1456. Ping 'hssb.gov.sd'
  1457. ---------------------------------------------------------------------------------------------------------------------------------------
  1458.  
  1459. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-21 22:07 UTC
  1460. SENT (0.3652s) ICMP [104.237.144.6 > 208.77.159.5 Echo request (type=8/code=0) id=11708 seq=1] IP [ttl=64 id=54450 iplen=28 ]
  1461. RCVD (0.5680s) ICMP [208.77.159.5 > 104.237.144.6 Echo reply (type=0/code=0) id=11708 seq=1] IP [ttl=53 id=49912 iplen=28 ]
  1462. SENT (1.3659s) ICMP [104.237.144.6 > 208.77.159.5 Echo request (type=8/code=0) id=11708 seq=2] IP [ttl=64 id=54450 iplen=28 ]
  1463. RCVD (1.5880s) ICMP [208.77.159.5 > 104.237.144.6 Echo reply (type=0/code=0) id=11708 seq=2] IP [ttl=53 id=49913 iplen=28 ]
  1464. SENT (2.3679s) ICMP [104.237.144.6 > 208.77.159.5 Echo request (type=8/code=0) id=11708 seq=3] IP [ttl=64 id=54450 iplen=28 ]
  1465. RCVD (2.6084s) ICMP [208.77.159.5 > 104.237.144.6 Echo reply (type=0/code=0) id=11708 seq=3] IP [ttl=53 id=49914 iplen=28 ]
  1466. SENT (3.3693s) ICMP [104.237.144.6 > 208.77.159.5 Echo request (type=8/code=0) id=11708 seq=4] IP [ttl=64 id=54450 iplen=28 ]
  1467. RCVD (3.4240s) ICMP [208.77.159.5 > 104.237.144.6 Echo reply (type=0/code=0) id=11708 seq=4] IP [ttl=53 id=49915 iplen=28 ]
  1468.  
  1469. Max rtt: 240.303ms | Min rtt: 54.432ms | Avg rtt: 179.831ms
  1470. Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
  1471. Nping done: 1 IP address pinged in 3.42 seconds
  1472. #######################################################################################################################################
  1473. ; <<>> DiG 9.11.5-P1-1-Debian <<>> 208.77.159.5
  1474. ;; global options: +cmd
  1475. ;; Got answer:
  1476. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2990
  1477. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  1478.  
  1479. ;; OPT PSEUDOSECTION:
  1480. ; EDNS: version: 0, flags:; udp: 4096
  1481. ;; QUESTION SECTION:
  1482. ;208.77.159.5. IN A
  1483.  
  1484. ;; AUTHORITY SECTION:
  1485. . 2909 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019022102 1800 900 604800 86400
  1486.  
  1487. ;; Query time: 36 msec
  1488. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  1489. ;; WHEN: jeu fév 21 17:49:00 EST 2019
  1490. ;; MSG SIZE rcvd: 116
  1491. #######################################################################################################################################
  1492. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace 208.77.159.5
  1493. ;; global options: +cmd
  1494. . 81280 IN NS a.root-servers.net.
  1495. . 81280 IN NS i.root-servers.net.
  1496. . 81280 IN NS j.root-servers.net.
  1497. . 81280 IN NS g.root-servers.net.
  1498. . 81280 IN NS e.root-servers.net.
  1499. . 81280 IN NS b.root-servers.net.
  1500. . 81280 IN NS l.root-servers.net.
  1501. . 81280 IN NS h.root-servers.net.
  1502. . 81280 IN NS k.root-servers.net.
  1503. . 81280 IN NS c.root-servers.net.
  1504. . 81280 IN NS f.root-servers.net.
  1505. . 81280 IN NS m.root-servers.net.
  1506. . 81280 IN NS d.root-servers.net.
  1507. . 81280 IN RRSIG NS 8 0 518400 20190306190000 20190221180000 16749 . gKVEm9q+rOziudKwvQyhGJuw93Srx3lC7c4ap9Swq9pXz0/Wcee8HS4n +t9s/q7Il0WwjpieR4MevEtDz3jmOY98hlcZ9myg28XLKYMw/ofsyqCz Rm/JdVU+sdX9NZRFDC3sV3tDUb+mQwn+/0EUNOAjWcegy+YKcIvam++3 hV+O8d34RBf2KsKBNEG6Gg7Qb86aqc7VsnD2aE+c/tf0eTw5HC/UBmXM RQfKRHaIvtSa2xnrvgwhXI4ieqCZv4f7vr/hXZFzurdGQwV/ksxUv/s7 ttWFNuwdco0g5fa/x2ENvIdp25/ozIkKZsy9gp0XFTdpXcNxtxaZGNCM SPaTyA==
  1508. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 32 ms
  1509.  
  1510. . 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019022102 1800 900 604800 86400
  1511. . 86400 IN RRSIG SOA 8 0 86400 20190306190000 20190221180000 16749 . wOWGnt1vvCNk3ffNgnHO2HRC20i5XsW7YtOVQDWOdsuyOmt+YFm7zhuW 1hVmqmI9Wr8mYMcyUGJvEffEcteX5cIN91epYfrGWRdUPa5vXzXvL6UG CXuV0OA+1mP9t+bUpo+PVzn5+SGfma2+bEJkioC5WcyX8JHlwpvRASZE lS/Ua8y4ttAi0n1kWYcgZB1VX4rjWdhVYzI9LGHkFKGqA0iVQ2/LzRUp n82k243628pI8jW0scbR95XvihYzM7GsObd+46uEnDPu+B6z02XSVNAL oJ2WjJ1V8BRWSs4M9w4lZCFYhj3UYSp/NXMn7JPXyEmJse6vTseZmRLn AqQgqQ==
  1512. . 86400 IN NSEC aaa. NS SOA RRSIG NSEC DNSKEY
  1513. . 86400 IN RRSIG NSEC 8 0 86400 20190306190000 20190221180000 16749 . Z+gf8trAw88hewKPe3DPfu3uCWM0316VtVX/5VYvCwVVa5UyO49TezJ6 cuvQPa5whemK98+l5kaYC1LaOJ2LcYtp4Cun+Cna628ZeZuZAu5EorZ6 lj+MzU/z3FCqbHjnIp7PO/Vh+2/1YLmt2lMHpxZENKcyp70e12Mci0wD h5QaCa3k7tdRWqQoSXbewEd6xQE2PdLKF/xXs4A8WCtVTJU3mDx/AmL0 fM/L6U2atndE68xWNTBEbfdHjjrqsoJ/SF7xqmUZpBgQG3kpdad+OI3t +80oB9eh00eSf9gNqLR76SPa9/Zjmhp6xUeIFVnlc4LNfXw7wbLQA9Jd 7TFjyQ==
  1514. ;; Received 713 bytes from 192.5.5.241#53(f.root-servers.net) in 22 ms
  1515. #######################################################################################################################################
  1516. [*] Performing General Enumeration of Domain: hssb.gov.sd
  1517. [!] Wildcard resolution is enabled on this domain
  1518. [!] It is resolving to 208.77.159.5
  1519. [!] All queries will resolve to this address!!
  1520. [-] DNSSEC is not configured for hssb.gov.sd
  1521. [*] SOA ns4.dot.jo 96.125.181.251
  1522. [*] NS ns4.dot.jo 96.125.181.251
  1523. [*] Bind Version for 96.125.181.251 Not available
  1524. [*] NS ns3.dot.jo 96.125.184.251
  1525. [*] Bind Version for 96.125.184.251 Not available
  1526. [*] MX mail10.dot.jo 208.77.156.5
  1527. [*] A hssb.gov.sd 208.77.159.5
  1528. [*] TXT hssb.gov.sd v=spf1 include:smtp.cologlobal.com a mx ip4:208.77.156.6/23 -all
  1529. [*] Enumerating SRV Records
  1530. [-] No SRV Records Found for hssb.gov.sd
  1531. [+] 0 Records Found
  1532. #######################################################################################################################################
  1533. [*] Processing domain hssb.gov.sd
  1534. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  1535. [+] Getting nameservers
  1536. 96.125.181.251 - ns4.dot.jo
  1537. 96.125.184.251 - ns3.dot.jo
  1538. [-] Zone transfer failed
  1539.  
  1540. [+] TXT records found
  1541. "v=spf1 include:smtp.cologlobal.com a mx ip4:208.77.156.6/23 -all"
  1542.  
  1543. [+] MX records found, added to target list
  1544. 10 mail10.dot.jo.
  1545.  
  1546. [+] Wildcard domain found - 208.77.159.5
  1547. [*] Scanning hssb.gov.sd for A records
  1548. 208.77.156.5 - mail.hssb.gov.sd
  1549. #######################################################################################################################################
  1550. Ip Address Status Type Domain Name Server
  1551. ---------- ------ ---- ----------- ------
  1552. 208.77.156.5 200 alias mail.hssb.gov.sd
  1553. 208.77.156.5 200 host mail10.dot.jo
  1554. 208.77.159.5 200 host www.hssb.gov.sd Apache mod_fcgid/2.3.9
  1555. #######################################################################################################################################
  1556. =======================================================================================================================================
  1557. External hosts:
  1558. | [+] External Host Found: http://httpd.apache.org
  1559. | [+] External Host Found: http://www.w3.org
  1560. | [+] External Host Found: http://www.psoft.net
  1561. =======================================================================================================================================
  1562. | E-mails:
  1563. | [+] E-mail Found: mbraima@gmail.com
  1564. | [+] E-mail Found: user@example.com
  1565. | [+] E-mail Found: abdelbasit.elmustafa@cbos.gov.sd
  1566. | [+] E-mail Found: ohamed.abbasher@cbos.gov.sd
  1567. | [+] E-mail Found: q@it.wx
  1568. | [+] E-mail Found: f@y.{
  1569. | [+] E-mail Found: ohamed.sirelkhatim@gmail.com
  1570. | [+] E-mail Found: ohamed.elhafiz@cbos.gov.sd
  1571. | [+] E-mail Found: a@..q
  1572. | [+] E-mail Found: hmed.abdalla@cbos.gov.sd
  1573. | [+] E-mail Found: nnn@cbos.gov.sd
  1574. | [+] E-mail Found: almagzoub1953@gmail.com
  1575. | [+] E-mail Found: kevinh@kevcom.com
  1576. | [+] E-mail Found: dareer@hotmail.com
  1577. | [+] E-mail Found: alzubair1419@gmail.com
  1578. | [+] E-mail Found: mike@hyperreal.org
  1579. | [+] E-mail Found: .@d.y
  1580. | [+] E-mail Found: mohamed.yousif@cbos.gov.sd
  1581. | [+] E-mail Found: abdellatif.elnasma@cbos.gov.sd
  1582. | [+] E-mail Found: eltigani7@gmail.com
  1583. | [+] E-mail Found: sman@hssb.gov.sd
  1584. =======================================================================================================================================
  1585. #######################################################################################################################################
  1586. [-] Date & Time: 21/02/2019 16:25:38
  1587. [I] Threads: 5
  1588. [-] Target: http://hssb.gov.sd (208.77.159.5)
  1589. [M] Website Not in HTTPS: http://hssb.gov.sd
  1590. [L] X-Generator: Drupal 7 (http://drupal.org)
  1591. [L] X-Frame-Options: Not Enforced
  1592. [I] Strict-Transport-Security: Not Enforced
  1593. [I] X-Content-Security-Policy: Not Enforced
  1594. [L] Robots.txt Found: http://hssb.gov.sd/robots.txt
  1595. [I] CMS Detection: Drupal
  1596. [I] Drupal Version: 7.59
  1597. [M] EDB-ID: 44448 "Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)"
  1598. [M] EDB-ID: 44482 "Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)"
  1599. [M] EDB-ID: 44449 "Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution"
  1600. [I] Drupal Theme: bootstrap
  1601. [-] Enumerating Drupal Usernames via "Views" Module...
  1602. [-] Enumerating Drupal Usernames via "/user/"...
  1603. [I] Autocomplete Off Not Found: http://hssb.gov.sd/user/
  1604. [-] Drupal Default Files:
  1605. [-] Drupal is likely to have a large number of default files
  1606. [-] Would you like to list them all?
  1607. [y/N]: y
  1608. [I] http://hssb.gov.sd/themes/README.txt
  1609. [I] http://hssb.gov.sd/README.txt
  1610. [I] http://hssb.gov.sd/profiles/README.txt
  1611. [I] http://hssb.gov.sd/robots.txt
  1612. [I] http://hssb.gov.sd/sites/README.txt
  1613. [I] http://hssb.gov.sd/INSTALL.txt
  1614. [I] http://hssb.gov.sd/modules/README.txt
  1615. [-] Search Drupal Modules ...
  1616. [I] admin_menu
  1617. [I] ckeditor
  1618. [I] colorbox
  1619. [I] comment
  1620. [I] content
  1621. [I] ctools
  1622. [I] date
  1623. [I] field
  1624. [I] jquery_update
  1625. [I] node
  1626. [I] panels
  1627. [I] search
  1628. [I] simplenews
  1629. [I] superfish
  1630. [I] system
  1631. [I] user
  1632. [I] views
  1633. [I] views_ticker
  1634. [I] Checking for Directory Listing Enabled ...
  1635. [-] Date & Time: 21/02/2019 16:41:20
  1636. [-] Completed in: 0:15:41
  1637. #######################################################################################################################################
  1638. [+] Themes found:
  1639. bootstrap http://hssb.gov.sd/sites/all/themes/bootstrap/
  1640. http://hssb.gov.sd/sites/all/themes/bootstrap/LICENSE.txt
  1641. seven http://hssb.gov.sd/themes/seven/
  1642. garland http://hssb.gov.sd/themes/garland/
  1643.  
  1644. [+] Possible interesting urls found:
  1645. Default changelog file - http://hssb.gov.sd/CHANGELOG.txt
  1646. Default admin - http://hssb.gov.sd/user/login
  1647.  
  1648. [+] Possible version(s):
  1649. 7.59
  1650.  
  1651. [+] Plugins found:
  1652. ctools http://hssb.gov.sd/sites/all/modules/ctools/
  1653. http://hssb.gov.sd/sites/all/modules/ctools/CHANGELOG.txt
  1654. http://hssb.gov.sd/sites/all/modules/ctools/LICENSE.txt
  1655. http://hssb.gov.sd/sites/all/modules/ctools/API.txt
  1656. token http://hssb.gov.sd/sites/all/modules/token/
  1657. http://hssb.gov.sd/sites/all/modules/token/README.txt
  1658. http://hssb.gov.sd/sites/all/modules/token/LICENSE.txt
  1659. views http://hssb.gov.sd/sites/all/modules/views/
  1660. http://hssb.gov.sd/sites/all/modules/views/README.txt
  1661. http://hssb.gov.sd/sites/all/modules/views/LICENSE.txt
  1662. pathauto http://hssb.gov.sd/sites/all/modules/pathauto/
  1663. http://hssb.gov.sd/sites/all/modules/pathauto/README.txt
  1664. http://hssb.gov.sd/sites/all/modules/pathauto/LICENSE.txt
  1665. libraries http://hssb.gov.sd/sites/all/modules/libraries/
  1666. http://hssb.gov.sd/sites/all/modules/libraries/CHANGELOG.txt
  1667. http://hssb.gov.sd/sites/all/modules/libraries/README.txt
  1668. http://hssb.gov.sd/sites/all/modules/libraries/LICENSE.txt
  1669. entity http://hssb.gov.sd/sites/all/modules/entity/
  1670. http://hssb.gov.sd/sites/all/modules/entity/README.txt
  1671. http://hssb.gov.sd/sites/all/modules/entity/LICENSE.txt
  1672. webform http://hssb.gov.sd/sites/all/modules/webform/
  1673. http://hssb.gov.sd/sites/all/modules/webform/README.txt
  1674. http://hssb.gov.sd/sites/all/modules/webform/LICENSE.txt
  1675. jquery_update http://hssb.gov.sd/sites/all/modules/jquery_update/
  1676. http://hssb.gov.sd/sites/all/modules/jquery_update/README.txt
  1677. http://hssb.gov.sd/sites/all/modules/jquery_update/LICENSE.txt
  1678. admin_menu http://hssb.gov.sd/sites/all/modules/admin_menu/
  1679. http://hssb.gov.sd/sites/all/modules/admin_menu/CHANGELOG.txt
  1680. http://hssb.gov.sd/sites/all/modules/admin_menu/README.txt
  1681. http://hssb.gov.sd/sites/all/modules/admin_menu/LICENSE.txt
  1682. date http://hssb.gov.sd/sites/all/modules/date/
  1683. http://hssb.gov.sd/sites/all/modules/date/CHANGELOG.txt
  1684. http://hssb.gov.sd/sites/all/modules/date/README.txt
  1685. http://hssb.gov.sd/sites/all/modules/date/LICENSE.txt
  1686. imce http://hssb.gov.sd/sites/all/modules/imce/
  1687. http://hssb.gov.sd/sites/all/modules/imce/README.txt
  1688. http://hssb.gov.sd/sites/all/modules/imce/LICENSE.txt
  1689. ckeditor http://hssb.gov.sd/sites/all/modules/ckeditor/
  1690. http://hssb.gov.sd/sites/all/modules/ckeditor/CHANGELOG.txt
  1691. http://hssb.gov.sd/sites/all/modules/ckeditor/README.txt
  1692. http://hssb.gov.sd/sites/all/modules/ckeditor/LICENSE.txt
  1693. link http://hssb.gov.sd/sites/all/modules/link/
  1694. http://hssb.gov.sd/sites/all/modules/link/README.txt
  1695. http://hssb.gov.sd/sites/all/modules/link/LICENSE.txt
  1696. captcha http://hssb.gov.sd/sites/all/modules/captcha/
  1697. http://hssb.gov.sd/sites/all/modules/captcha/README.txt
  1698. http://hssb.gov.sd/sites/all/modules/captcha/LICENSE.txt
  1699. xmlsitemap http://hssb.gov.sd/sites/all/modules/xmlsitemap/
  1700. http://hssb.gov.sd/sites/all/modules/xmlsitemap/README.txt
  1701. http://hssb.gov.sd/sites/all/modules/xmlsitemap/LICENSE.txt
  1702. views_bulk_operations http://hssb.gov.sd/sites/all/modules/views_bulk_operations/
  1703. http://hssb.gov.sd/sites/all/modules/views_bulk_operations/README.txt
  1704. http://hssb.gov.sd/sites/all/modules/views_bulk_operations/LICENSE.txt
  1705. colorbox http://hssb.gov.sd/sites/all/modules/colorbox/
  1706. http://hssb.gov.sd/sites/all/modules/colorbox/README.txt
  1707. http://hssb.gov.sd/sites/all/modules/colorbox/LICENSE.txt
  1708. media http://hssb.gov.sd/sites/all/modules/media/
  1709. http://hssb.gov.sd/sites/all/modules/media/README.txt
  1710. http://hssb.gov.sd/sites/all/modules/media/LICENSE.txt
  1711. devel http://hssb.gov.sd/sites/all/modules/devel/
  1712. http://hssb.gov.sd/sites/all/modules/devel/README.txt
  1713. http://hssb.gov.sd/sites/all/modules/devel/LICENSE.txt
  1714. variable http://hssb.gov.sd/sites/all/modules/variable/
  1715. http://hssb.gov.sd/sites/all/modules/variable/README.txt
  1716. http://hssb.gov.sd/sites/all/modules/variable/LICENSE.txt
  1717. panels http://hssb.gov.sd/sites/all/modules/panels/
  1718. http://hssb.gov.sd/sites/all/modules/panels/CHANGELOG.txt
  1719. http://hssb.gov.sd/sites/all/modules/panels/README.txt
  1720. http://hssb.gov.sd/sites/all/modules/panels/LICENSE.txt
  1721. file_entity http://hssb.gov.sd/sites/all/modules/file_entity/
  1722. http://hssb.gov.sd/sites/all/modules/file_entity/LICENSE.txt
  1723. i18n http://hssb.gov.sd/sites/all/modules/i18n/
  1724. http://hssb.gov.sd/sites/all/modules/i18n/README.txt
  1725. http://hssb.gov.sd/sites/all/modules/i18n/LICENSE.txt
  1726. field_collection http://hssb.gov.sd/sites/all/modules/field_collection/
  1727. http://hssb.gov.sd/sites/all/modules/field_collection/README.txt
  1728. http://hssb.gov.sd/sites/all/modules/field_collection/LICENSE.txt
  1729. block_class http://hssb.gov.sd/sites/all/modules/block_class/
  1730. http://hssb.gov.sd/sites/all/modules/block_class/README.txt
  1731. http://hssb.gov.sd/sites/all/modules/block_class/LICENSE.txt
  1732. ds http://hssb.gov.sd/sites/all/modules/ds/
  1733. http://hssb.gov.sd/sites/all/modules/ds/README.txt
  1734. http://hssb.gov.sd/sites/all/modules/ds/LICENSE.txt
  1735. menu_attributes http://hssb.gov.sd/sites/all/modules/menu_attributes/
  1736. http://hssb.gov.sd/sites/all/modules/menu_attributes/CHANGELOG.txt
  1737. http://hssb.gov.sd/sites/all/modules/menu_attributes/LICENSE.txt
  1738. email http://hssb.gov.sd/sites/all/modules/email/
  1739. http://hssb.gov.sd/sites/all/modules/email/README.txt
  1740. http://hssb.gov.sd/sites/all/modules/email/LICENSE.txt
  1741. superfish http://hssb.gov.sd/sites/all/modules/superfish/
  1742. http://hssb.gov.sd/sites/all/modules/superfish/CHANGELOG.txt
  1743. http://hssb.gov.sd/sites/all/modules/superfish/README.txt
  1744. http://hssb.gov.sd/sites/all/modules/superfish/LICENSE.txt
  1745. better_exposed_filters http://hssb.gov.sd/sites/all/modules/better_exposed_filters/
  1746. http://hssb.gov.sd/sites/all/modules/better_exposed_filters/CHANGELOG.txt
  1747. http://hssb.gov.sd/sites/all/modules/better_exposed_filters/README.txt
  1748. http://hssb.gov.sd/sites/all/modules/better_exposed_filters/LICENSE.txt
  1749. admin_views http://hssb.gov.sd/sites/all/modules/admin_views/
  1750. http://hssb.gov.sd/sites/all/modules/admin_views/LICENSE.txt
  1751. references http://hssb.gov.sd/sites/all/modules/references/
  1752. http://hssb.gov.sd/sites/all/modules/references/CHANGELOG.txt
  1753. http://hssb.gov.sd/sites/all/modules/references/README.txt
  1754. http://hssb.gov.sd/sites/all/modules/references/LICENSE.txt
  1755. draggableviews http://hssb.gov.sd/sites/all/modules/draggableviews/
  1756. http://hssb.gov.sd/sites/all/modules/draggableviews/README.txt
  1757. http://hssb.gov.sd/sites/all/modules/draggableviews/LICENSE.txt
  1758. simplenews http://hssb.gov.sd/sites/all/modules/simplenews/
  1759. http://hssb.gov.sd/sites/all/modules/simplenews/README.txt
  1760. http://hssb.gov.sd/sites/all/modules/simplenews/LICENSE.txt
  1761. print http://hssb.gov.sd/sites/all/modules/print/
  1762. http://hssb.gov.sd/sites/all/modules/print/CHANGELOG.txt
  1763. http://hssb.gov.sd/sites/all/modules/print/README.txt
  1764. http://hssb.gov.sd/sites/all/modules/print/LICENSE.txt
  1765. smart_trim http://hssb.gov.sd/sites/all/modules/smart_trim/
  1766. http://hssb.gov.sd/sites/all/modules/smart_trim/README.txt
  1767. http://hssb.gov.sd/sites/all/modules/smart_trim/LICENSE.txt
  1768. eva http://hssb.gov.sd/sites/all/modules/eva/
  1769. http://hssb.gov.sd/sites/all/modules/eva/README.txt
  1770. http://hssb.gov.sd/sites/all/modules/eva/LICENSE.txt
  1771. addtoany http://hssb.gov.sd/sites/all/modules/addtoany/
  1772. http://hssb.gov.sd/sites/all/modules/addtoany/LICENSE.txt
  1773. field_slideshow http://hssb.gov.sd/sites/all/modules/field_slideshow/
  1774. http://hssb.gov.sd/sites/all/modules/field_slideshow/README.txt
  1775. http://hssb.gov.sd/sites/all/modules/field_slideshow/LICENSE.txt
  1776. views_responsive_grid http://hssb.gov.sd/sites/all/modules/views_responsive_grid/
  1777. http://hssb.gov.sd/sites/all/modules/views_responsive_grid/README.txt
  1778. http://hssb.gov.sd/sites/all/modules/views_responsive_grid/LICENSE.txt
  1779. lang_dropdown http://hssb.gov.sd/sites/all/modules/lang_dropdown/
  1780. http://hssb.gov.sd/sites/all/modules/lang_dropdown/README.txt
  1781. http://hssb.gov.sd/sites/all/modules/lang_dropdown/LICENSE.txt
  1782. block_titlelink http://hssb.gov.sd/sites/all/modules/block_titlelink/
  1783. http://hssb.gov.sd/sites/all/modules/block_titlelink/README.txt
  1784. http://hssb.gov.sd/sites/all/modules/block_titlelink/LICENSE.txt
  1785. noreqnewpass http://hssb.gov.sd/sites/all/modules/noreqnewpass/
  1786. http://hssb.gov.sd/sites/all/modules/noreqnewpass/LICENSE.txt
  1787. views_ticker http://hssb.gov.sd/sites/all/modules/views_ticker/
  1788. http://hssb.gov.sd/sites/all/modules/views_ticker/README.txt
  1789. http://hssb.gov.sd/sites/all/modules/views_ticker/LICENSE.txt
  1790. ife http://hssb.gov.sd/sites/all/modules/ife/
  1791. http://hssb.gov.sd/sites/all/modules/ife/README.txt
  1792. http://hssb.gov.sd/sites/all/modules/ife/LICENSE.txt
  1793. image http://hssb.gov.sd/modules/image/
  1794. profile http://hssb.gov.sd/modules/profile/
  1795. php http://hssb.gov.sd/modules/php/
  1796. #######################################################################################################################################
  1797. dnsenum VERSION:1.2.4
  1798.  
  1799. ----- hssb.gov.sd -----
  1800.  
  1801.  
  1802. Host's addresses:
  1803. __________________
  1804.  
  1805. hssb.gov.sd. 82599 IN A 208.77.159.5
  1806.  
  1807.  
  1808. Wildcard detection using: lpfckqtyhojx
  1809. _______________________________________
  1810.  
  1811. lpfckqtyhojx.hssb.gov.sd. 86400 IN A 208.77.159.5
  1812.  
  1813.  
  1814. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  1815.  
  1816. Wildcards detected, all subdomains will point to the same IP address
  1817. Omitting results containing 208.77.159.5.
  1818. Maybe you are using OpenDNS servers.
  1819.  
  1820. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  1821.  
  1822.  
  1823. Name Servers:
  1824. ______________
  1825.  
  1826. ns3.dot.jo. 2909 IN A 96.125.184.251
  1827. ns4.dot.jo. 3599 IN A 96.125.181.251
  1828.  
  1829.  
  1830. Mail (MX) Servers:
  1831. ___________________
  1832.  
  1833. mail10.dot.jo. 2910 IN A 208.77.156.5
  1834.  
  1835.  
  1836. Trying Zone Transfers and getting Bind Versions:
  1837. _________________________________________________
  1838.  
  1839.  
  1840. Trying Zone Transfer for hssb.gov.sd on ns3.dot.jo ...
  1841.  
  1842. Trying Zone Transfer for hssb.gov.sd on ns4.dot.jo ...
  1843.  
  1844. brute force file not specified, bay.
  1845. #######################################################################################################################################
  1846. ____ _ _ _ _ _____
  1847. / ___| _ _| |__ | (_)___| |_|___ / _ __
  1848. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  1849. ___) | |_| | |_) | | \__ \ |_ ___) | |
  1850. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  1851.  
  1852. # Coded By Ahmed Aboul-Ela - @aboul3la
  1853.  
  1854. [-] Enumerating subdomains now for hssb.gov.sd
  1855. [-] verbosity is enabled, will show the subdomains results in realtime
  1856. [-] Searching now in Baidu..
  1857. [-] Searching now in Yahoo..
  1858. [-] Searching now in Google..
  1859. [-] Searching now in Bing..
  1860. [-] Searching now in Ask..
  1861. [-] Searching now in Netcraft..
  1862. [-] Searching now in DNSdumpster..
  1863. [-] Searching now in Virustotal..
  1864. [-] Searching now in ThreatCrowd..
  1865. [-] Searching now in SSL Certificates..
  1866. [-] Searching now in PassiveDNS..
  1867. Virustotal: www.hssb.gov.sd
  1868. Yahoo: www.hssb.gov.sd
  1869. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-hssb.gov.sd.txt
  1870. [-] Total Unique Subdomains Found: 1
  1871. www.hssb.gov.sd
  1872. #######################################################################################################################################
  1873. www.hssb.gov.sd,208.77.159.5
  1874. mail.hssb.gov.sd,208.77.156.5
  1875. #######################################################################################################################################
  1876. ===============================================
  1877. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  1878. ===============================================
  1879.  
  1880.  
  1881. Running Source: Ask
  1882. Running Source: Archive.is
  1883. Running Source: Baidu
  1884. Running Source: Bing
  1885. Running Source: CertDB
  1886. Running Source: CertificateTransparency
  1887. Running Source: Certspotter
  1888. Running Source: Commoncrawl
  1889. Running Source: Crt.sh
  1890. Running Source: Dnsdb
  1891. Running Source: DNSDumpster
  1892. Running Source: DNSTable
  1893. Running Source: Dogpile
  1894. Running Source: Exalead
  1895. Running Source: Findsubdomains
  1896. Running Source: Googleter
  1897. Running Source: Hackertarget
  1898. Running Source: Ipv4Info
  1899. Running Source: PTRArchive
  1900. Running Source: Sitedossier
  1901. Running Source: Threatcrowd
  1902. Running Source: ThreatMiner
  1903. Running Source: WaybackArchive
  1904. Running Source: Yahoo
  1905.  
  1906. Found Wildcard DNS at hssb.gov.sd
  1907. - 208.77.159.5
  1908. Running enumeration on hssb.gov.sd
  1909.  
  1910. dnsdb: Unexpected return status 503
  1911.  
  1912. waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.hssb.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.hssb.gov.sd/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer
  1913.  
  1914. archiveis: Get https://archive.fo/*.hssb.gov.sd: dial tcp 213.183.51.24:443: connect: connection timed out
  1915.  
  1916.  
  1917. Starting Bruteforcing of hssb.gov.sd with 9985 words
  1918.  
  1919. Total 4 Unique subdomains found for hssb.gov.sd
  1920.  
  1921. .hssb.gov.sd
  1922. mail.hssb.gov.sd
  1923. mail.hssb.gov.sd
  1924. www.hssb.gov.sd
  1925. #######################################################################################################################################
  1926. [*] Processing domain hssb.gov.sd
  1927. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  1928. [+] Getting nameservers
  1929. 96.125.181.251 - ns4.dot.jo
  1930. 96.125.184.251 - ns3.dot.jo
  1931. [-] Zone transfer failed
  1932.  
  1933. [+] TXT records found
  1934. "v=spf1 include:smtp.cologlobal.com a mx ip4:208.77.156.6/23 -all"
  1935.  
  1936. [+] MX records found, added to target list
  1937. 10 mail10.dot.jo.
  1938.  
  1939. [+] Wildcard domain found - 208.77.159.5
  1940. [*] Scanning hssb.gov.sd for A records
  1941. 208.77.156.5 - mail.hssb.gov.sd
  1942.  
  1943. #######################################################################################################################################
  1944. [*] Found SPF record:
  1945. [*] v=spf1 include:smtp.cologlobal.com a mx ip4:208.77.156.6/23 -all
  1946. [*] SPF record contains an All item: -all
  1947. [*] No DMARC record found. Looking for organizational record
  1948. [+] No organizational DMARC record
  1949. [+] Spoofing possible for hssb.gov.sd!
  1950. #######################################################################################################################################
  1951. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:26 EST
  1952. Nmap scan report for hssb.gov.sd (208.77.159.5)
  1953. Host is up (0.059s latency).
  1954. rDNS record for 208.77.159.5: web28.hspheredns.com
  1955. Not shown: 460 filtered ports, 13 closed ports
  1956. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  1957. PORT STATE SERVICE
  1958. 21/tcp open ftp
  1959. 80/tcp open http
  1960. 443/tcp open https
  1961. #######################################################################################################################################
  1962. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:26 EST
  1963. Nmap scan report for hssb.gov.sd (208.77.159.5)
  1964. Host is up (0.028s latency).
  1965. rDNS record for 208.77.159.5: web28.hspheredns.com
  1966. Not shown: 2 filtered ports, 1 closed port
  1967. PORT STATE SERVICE
  1968. 67/udp open|filtered dhcps
  1969. 68/udp open|filtered dhcpc
  1970. 69/udp open|filtered tftp
  1971. 88/udp open|filtered kerberos-sec
  1972. 123/udp open|filtered ntp
  1973. 139/udp open|filtered netbios-ssn
  1974. 161/udp open|filtered snmp
  1975. 162/udp open|filtered snmptrap
  1976. 389/udp open|filtered ldap
  1977. 520/udp open|filtered route
  1978. 2049/udp open|filtered nfs
  1979. #######################################################################################################################################
  1980. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:26 EST
  1981. Nmap scan report for hssb.gov.sd (208.77.159.5)
  1982. Host is up (0.068s latency).
  1983. rDNS record for 208.77.159.5: web28.hspheredns.com
  1984.  
  1985. PORT STATE SERVICE VERSION
  1986. 21/tcp open ftp ProFTPD 1.3.4a
  1987. | ftp-brute:
  1988. | Accounts: No valid accounts found
  1989. |_ Statistics: Performed 3728 guesses in 185 seconds, average tps: 20.2
  1990. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1991. Device type: general purpose|firewall|storage-misc|VoIP phone
  1992. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%), Grandstream embedded (85%)
  1993. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/h:grandstream:gxv3275
  1994. Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 2.6.39 (91%), Linux 3.4 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 3.10 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
  1995. No exact OS matches for host (test conditions non-ideal).
  1996. Network Distance: 11 hops
  1997. Service Info: OS: Unix
  1998.  
  1999. TRACEROUTE (using port 21/tcp)
  2000. HOP RTT ADDRESS
  2001. 1 21.84 ms 10.248.200.1
  2002. 2 22.18 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  2003. 3 30.42 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  2004. 4 21.93 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  2005. 5 21.93 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  2006. 6 22.26 ms 4.68.127.229
  2007. 7 ...
  2008. 8 67.51 ms DATABANK-HO.ear1.Dallas1.Level3.net (4.31.141.94)
  2009. 9 73.52 ms 63.164.96.databank.com (63.164.96.22)
  2010. 10 67.62 ms 69.44.220.66
  2011. 11 69.27 ms web28.hspheredns.com (208.77.159.5)
  2012. #######################################################################################################################################
  2013. wig - WebApp Information Gatherer
  2014.  
  2015.  
  2016. Scanning http://hssb.gov.sd...
  2017. ___________________________________________ SITE INFO ___________________________________________
  2018. IP Title
  2019. 208.77.159.5 الهيئه العليا للرقابه الشرعيه
  2020.  
  2021. ____________________________________________ VERSION ____________________________________________
  2022. Name Versions Type
  2023. Drupal 7.59 CMS
  2024. Apache 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.16 | 2.2.17 Platform
  2025. 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24
  2026. 2.2.25 | 2.2.26 | 2.2.27 | 2.2.28 | 2.2.29 | 2.3.0 | 2.3.1
  2027. 2.3.10 | 2.3.11 | 2.3.12 | 2.3.13 | 2.3.14 | 2.3.15 | 2.3.16
  2028. 2.3.2 | 2.3.3 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8
  2029. 2.3.9 | 2.4.0 | 2.4.1 | 2.4.2 | 2.4.3
  2030. jQuery 1.4.4 JavaScript
  2031.  
  2032. __________________________________________ INTERESTING __________________________________________
  2033. URL Note Type
  2034. /install.php Drupal installation file Interesting
  2035. /CHANGELOG.txt Drupal CHANGELOG Interesting
  2036. /robots.txt robots.txt index Interesting
  2037. /install.php Installation file Interesting
  2038.  
  2039. _____________________________________________ TOOLS _____________________________________________
  2040. Name Link Software
  2041. droopescan https://github.com/droope/droopescan Drupal
  2042. CMSmap https://github.com/Dionach/CMSmap Drupal
  2043.  
  2044. _________________________________________________________________________________________________
  2045. Time: 82.9 sec Urls: 533 Fingerprints: 40401
  2046. #######################################################################################################################################
  2047. HTTP/1.1 200 OK
  2048. Date: Thu, 21 Feb 2019 22:33:08 GMT
  2049. Expires: Sun, 19 Nov 1978 05:00:00 GMT
  2050. Cache-Control: no-cache, must-revalidate
  2051. X-Content-Type-Options: nosniff
  2052. Content-Language: ar
  2053. X-Frame-Options: SAMEORIGIN
  2054. X-Generator: Drupal 7 (http://drupal.org)
  2055. Content-Type: text/html; charset=utf-8
  2056. Connection: keep-alive
  2057.  
  2058. HTTP/1.1 200 OK
  2059. Date: Thu, 21 Feb 2019 22:33:11 GMT
  2060. Expires: Sun, 19 Nov 1978 05:00:00 GMT
  2061. Cache-Control: no-cache, must-revalidate
  2062. X-Content-Type-Options: nosniff
  2063. Content-Language: ar
  2064. X-Frame-Options: SAMEORIGIN
  2065. X-Generator: Drupal 7 (http://drupal.org)
  2066. Content-Type: text/html; charset=utf-8
  2067. Connection: keep-alive
  2068. #######################################################################################################################################
  2069. Version: 1.11.12-static
  2070. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  2071.  
  2072. Connected to 208.77.159.5
  2073.  
  2074. Testing SSL server hssb.gov.sd on port 443 using SNI name hssb.gov.sd
  2075.  
  2076. TLS Fallback SCSV:
  2077. Server supports TLS Fallback SCSV
  2078.  
  2079. TLS renegotiation:
  2080. Session renegotiation not supported
  2081.  
  2082. TLS Compression:
  2083. Compression disabled
  2084.  
  2085. Heartbleed:
  2086. TLS 1.2 not vulnerable to heartbleed
  2087. TLS 1.1 not vulnerable to heartbleed
  2088. TLS 1.0 not vulnerable to heartbleed
  2089.  
  2090. Supported Server Cipher(s):
  2091. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  2092. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  2093. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  2094. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
  2095. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
  2096. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  2097. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  2098. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  2099. Accepted TLSv1.2 256 bits AES256-SHA256
  2100. Accepted TLSv1.2 256 bits AES256-SHA
  2101. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  2102. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  2103. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  2104. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  2105. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
  2106. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
  2107. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  2108. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  2109. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  2110. Accepted TLSv1.2 128 bits AES128-SHA256
  2111. Accepted TLSv1.2 128 bits AES128-SHA
  2112. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  2113. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  2114. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  2115. Accepted TLSv1.2 112 bits DES-CBC3-SHA
  2116. Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
  2117. Accepted TLSv1.2 128 bits SEED-SHA
  2118. Accepted TLSv1.2 128 bits IDEA-CBC-SHA
  2119. Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
  2120. Accepted TLSv1.2 128 bits RC4-SHA
  2121. Accepted TLSv1.2 128 bits RC4-MD5
  2122. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  2123. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  2124. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  2125. Accepted TLSv1.1 256 bits AES256-SHA
  2126. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  2127. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  2128. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  2129. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  2130. Accepted TLSv1.1 128 bits AES128-SHA
  2131. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  2132. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  2133. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  2134. Accepted TLSv1.1 112 bits DES-CBC3-SHA
  2135. Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
  2136. Accepted TLSv1.1 128 bits SEED-SHA
  2137. Accepted TLSv1.1 128 bits IDEA-CBC-SHA
  2138. Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
  2139. Accepted TLSv1.1 128 bits RC4-SHA
  2140. Accepted TLSv1.1 128 bits RC4-MD5
  2141.  
  2142. SSL Certificate:
  2143. Signature Algorithm: sha256WithRSAEncryption
  2144. RSA Key Strength: 2048
  2145.  
  2146. Subject: *.hspheredns.com
  2147. Altnames: DNS:*.hspheredns.com, DNS:hspheredns.com
  2148. Issuer: COMODO RSA Domain Validation Secure Server CA
  2149.  
  2150. Not valid before: Jul 19 00:00:00 2017 GMT
  2151. Not valid after: Jul 18 23:59:59 2020 GMT
  2152. #######################################################################################################################################
  2153. --------------------------------------------------------
  2154. <<<Yasuo discovered following vulnerable applications>>>
  2155. --------------------------------------------------------
  2156. +-----------------+----------------------------------+------------------------------------------------+----------+----------+
  2157. | App Name | URL to Application | Potential Exploit | Username | Password |
  2158. +-----------------+----------------------------------+------------------------------------------------+----------+----------+
  2159. | Linksys WRT54GL | http://208.77.159.5:80/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
  2160. +-----------------+----------------------------------+------------------------------------------------+----------+----------+
  2161. #######################################################################################################################################
  2162. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:48 EST
  2163. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2164. Host is up (0.063s latency).
  2165. Not shown: 460 filtered ports, 13 closed ports
  2166. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  2167. PORT STATE SERVICE
  2168. 21/tcp open ftp
  2169. 80/tcp open http
  2170. 443/tcp open https
  2171. #######################################################################################################################################
  2172. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:48 EST
  2173. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2174. Host is up (0.031s latency).
  2175. Not shown: 2 filtered ports, 1 closed port
  2176. PORT STATE SERVICE
  2177. 67/udp open|filtered dhcps
  2178. 68/udp open|filtered dhcpc
  2179. 69/udp open|filtered tftp
  2180. 88/udp open|filtered kerberos-sec
  2181. 123/udp open|filtered ntp
  2182. 139/udp open|filtered netbios-ssn
  2183. 161/udp open|filtered snmp
  2184. 162/udp open|filtered snmptrap
  2185. 389/udp open|filtered ldap
  2186. 520/udp open|filtered route
  2187. 2049/udp open|filtered nfs
  2188. #######################################################################################################################################
  2189. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:48 EST
  2190. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2191. Host is up (0.068s latency).
  2192.  
  2193. PORT STATE SERVICE VERSION
  2194. 21/tcp open ftp ProFTPD 1.3.4a
  2195. | ftp-brute:
  2196. | Accounts: No valid accounts found
  2197. |_ Statistics: Performed 3637 guesses in 183 seconds, average tps: 18.8
  2198. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  2199. Device type: general purpose|storage-misc|firewall
  2200. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Synology DiskStation Manager 5.X (90%), WatchGuard Fireware 11.X (89%)
  2201. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8
  2202. Aggressive OS guesses: Linux 2.6.32 (91%), Linux 3.10 (91%), Linux 3.4 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 2.6.32 or 3.10 (89%), Linux 2.6.39 (89%), WatchGuard Fireware 11.8 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
  2203. No exact OS matches for host (test conditions non-ideal).
  2204. Network Distance: 11 hops
  2205. Service Info: OS: Unix
  2206.  
  2207. TRACEROUTE (using port 21/tcp)
  2208. HOP RTT ADDRESS
  2209. 1 23.51 ms 10.248.200.1
  2210. 2 24.16 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  2211. 3 29.72 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  2212. 4 23.92 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  2213. 5 23.70 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  2214. 6 24.16 ms 4.68.127.229
  2215. 7 ...
  2216. 8 69.12 ms DATABANK-HO.ear1.Dallas1.Level3.net (4.31.141.94)
  2217. 9 73.01 ms 63.164.96.databank.com (63.164.96.18)
  2218. 10 72.41 ms 69.44.220.66
  2219. 11 68.16 ms web28.hspheredns.com (208.77.159.5)
  2220. #######################################################################################################################################
  2221. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:52 EST
  2222. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2223. Host is up (0.068s latency).
  2224.  
  2225. PORT STATE SERVICE VERSION
  2226. 67/udp open|filtered dhcps
  2227. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  2228. Too many fingerprints match this host to give specific OS details
  2229. Network Distance: 11 hops
  2230.  
  2231. TRACEROUTE (using proto 1/icmp)
  2232. HOP RTT ADDRESS
  2233. 1 26.77 ms 10.248.200.1
  2234. 2 28.38 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  2235. 3 42.19 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  2236. 4 27.40 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  2237. 5 36.21 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  2238. 6 27.44 ms 4.68.127.229
  2239. 7 ...
  2240. 8 72.96 ms DATABANK-HO.ear1.Dallas1.Level3.net (4.31.141.94)
  2241. 9 72.95 ms 63.164.96.databank.com (63.164.96.22)
  2242. 10 73.04 ms 69.44.220.66
  2243. 11 67.74 ms web28.hspheredns.com (208.77.159.5)
  2244. #######################################################################################################################################
  2245. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:54 EST
  2246. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2247. Host is up (0.068s latency).
  2248.  
  2249. PORT STATE SERVICE VERSION
  2250. 68/udp open|filtered dhcpc
  2251. Too many fingerprints match this host to give specific OS details
  2252. Network Distance: 11 hops
  2253.  
  2254. TRACEROUTE (using proto 1/icmp)
  2255. HOP RTT ADDRESS
  2256. 1 22.54 ms 10.248.200.1
  2257. 2 22.92 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  2258. 3 37.48 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  2259. 4 22.93 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  2260. 5 22.91 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  2261. 6 23.71 ms 4.68.127.229
  2262. 7 ...
  2263. 8 68.24 ms DATABANK-HO.ear1.Dallas1.Level3.net (4.31.141.94)
  2264. 9 68.23 ms 63.164.96.databank.com (63.164.96.22)
  2265. 10 68.64 ms 69.44.220.66
  2266. 11 72.38 ms web28.hspheredns.com (208.77.159.5)
  2267. #######################################################################################################################################
  2268. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:57 EST
  2269. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2270. Host is up (0.068s latency).
  2271.  
  2272. PORT STATE SERVICE VERSION
  2273. 69/udp open|filtered tftp
  2274. Too many fingerprints match this host to give specific OS details
  2275. Network Distance: 11 hops
  2276.  
  2277. TRACEROUTE (using proto 1/icmp)
  2278. HOP RTT ADDRESS
  2279. 1 23.35 ms 10.248.200.1
  2280. 2 24.17 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  2281. 3 44.36 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  2282. 4 23.79 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  2283. 5 23.84 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  2284. 6 24.24 ms 4.68.127.229
  2285. 7 ...
  2286. 8 74.39 ms DATABANK-HO.ear1.Dallas1.Level3.net (4.31.141.94)
  2287. 9 69.19 ms 63.164.96.databank.com (63.164.96.22)
  2288. 10 69.29 ms 69.44.220.66
  2289. 11 67.79 ms web28.hspheredns.com (208.77.159.5)
  2290. #######################################################################################################################################
  2291.  
  2292. wig - WebApp Information Gatherer
  2293.  
  2294.  
  2295. Scanning http://208.77.159.5...
  2296. ___________________________________________ SITE INFO ___________________________________________
  2297. IP Title
  2298. 208.77.159.5 Parallels H-Sphere
  2299.  
  2300. ____________________________________________ VERSION ____________________________________________
  2301. Name Versions Type
  2302. Apache 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.16 | 2.2.17 Platform
  2303. 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24
  2304. 2.2.25 | 2.2.26 | 2.2.27 | 2.2.28 | 2.2.29 | 2.3.0 | 2.3.1
  2305. 2.3.10 | 2.3.11 | 2.3.12 | 2.3.13 | 2.3.14 | 2.3.15 | 2.3.16
  2306. 2.3.2 | 2.3.3 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8
  2307. 2.3.9 | 2.4.0 | 2.4.1 | 2.4.2 | 2.4.3
  2308.  
  2309. _________________________________________________________________________________________________
  2310. Time: 21.9 sec Urls: 809 Fingerprints: 40401
  2311. #######################################################################################################################################
  2312. HTTP/1.1 200 OK
  2313. Date: Thu, 21 Feb 2019 22:59:58 GMT
  2314. Server: Apache mod_fcgid/2.3.9
  2315. Last-Modified: Thu, 21 Feb 2019 08:01:10 GMT
  2316. Accept-Ranges: bytes
  2317. Content-Length: 4101
  2318. Content-Type: text/html
  2319.  
  2320. HTTP/1.1 200 OK
  2321. Date: Thu, 21 Feb 2019 22:59:58 GMT
  2322. Server: Apache mod_fcgid/2.3.9
  2323. Last-Modified: Thu, 21 Feb 2019 08:01:10 GMT
  2324. Accept-Ranges: bytes
  2325. Content-Length: 4101
  2326. Content-Type: text/html
  2327. #######################################################################################################################################
  2328. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 17:59 EST
  2329. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2330. Host is up (0.068s latency).
  2331.  
  2332. PORT STATE SERVICE VERSION
  2333. 123/udp open|filtered ntp
  2334. Too many fingerprints match this host to give specific OS details
  2335. Network Distance: 11 hops
  2336.  
  2337. TRACEROUTE (using proto 1/icmp)
  2338. HOP RTT ADDRESS
  2339. 1 22.73 ms 10.248.200.1
  2340. 2 23.17 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  2341. 3 39.93 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  2342. 4 23.17 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  2343. 5 23.16 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  2344. 6 23.95 ms 4.68.127.229
  2345. 7 ...
  2346. 8 78.58 ms DATABANK-HO.ear1.Dallas1.Level3.net (4.31.141.94)
  2347. 9 68.42 ms 63.164.96.databank.com (63.164.96.22)
  2348. 10 68.48 ms 69.44.220.66
  2349. 11 67.20 ms web28.hspheredns.com (208.77.159.5)
  2350. #######################################################################################################################################
  2351. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 18:02 EST
  2352. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2353. Host is up (0.068s latency).
  2354.  
  2355. PORT STATE SERVICE VERSION
  2356. 161/tcp filtered snmp
  2357. 161/udp open|filtered snmp
  2358. Too many fingerprints match this host to give specific OS details
  2359. Network Distance: 11 hops
  2360.  
  2361. TRACEROUTE (using proto 1/icmp)
  2362. HOP RTT ADDRESS
  2363. 1 22.32 ms 10.248.200.1
  2364. 2 22.74 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  2365. 3 42.20 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  2366. 4 22.36 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  2367. 5 22.38 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  2368. 6 22.81 ms 4.68.127.229
  2369. 7 ...
  2370. 8 74.60 ms DATABANK-HO.ear1.Dallas1.Level3.net (4.31.141.94)
  2371. 9 68.02 ms 63.164.96.databank.com (63.164.96.22)
  2372. 10 71.23 ms 69.44.220.66
  2373. 11 67.12 ms web28.hspheredns.com (208.77.159.5)
  2374. #######################################################################################################################################
  2375. Version: 1.11.12-static
  2376. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  2377.  
  2378. Connected to 208.77.159.5
  2379.  
  2380. Testing SSL server 208.77.159.5 on port 443 using SNI name 208.77.159.5
  2381.  
  2382. TLS Fallback SCSV:
  2383. Server supports TLS Fallback SCSV
  2384.  
  2385. TLS renegotiation:
  2386. Session renegotiation not supported
  2387.  
  2388. TLS Compression:
  2389. Compression disabled
  2390.  
  2391. Heartbleed:
  2392. TLS 1.2 not vulnerable to heartbleed
  2393. TLS 1.1 not vulnerable to heartbleed
  2394. TLS 1.0 not vulnerable to heartbleed
  2395.  
  2396. Supported Server Cipher(s):
  2397. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  2398. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  2399. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  2400. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
  2401. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
  2402. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  2403. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  2404. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  2405. Accepted TLSv1.2 256 bits AES256-SHA256
  2406. Accepted TLSv1.2 256 bits AES256-SHA
  2407. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  2408. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  2409. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  2410. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  2411. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
  2412. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
  2413. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  2414. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  2415. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  2416. Accepted TLSv1.2 128 bits AES128-SHA256
  2417. Accepted TLSv1.2 128 bits AES128-SHA
  2418. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  2419. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  2420. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  2421. Accepted TLSv1.2 112 bits DES-CBC3-SHA
  2422. Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
  2423. Accepted TLSv1.2 128 bits SEED-SHA
  2424. Accepted TLSv1.2 128 bits IDEA-CBC-SHA
  2425. Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
  2426. Accepted TLSv1.2 128 bits RC4-SHA
  2427. Accepted TLSv1.2 128 bits RC4-MD5
  2428. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  2429. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  2430. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  2431. Accepted TLSv1.1 256 bits AES256-SHA
  2432. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  2433. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  2434. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  2435. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  2436. Accepted TLSv1.1 128 bits AES128-SHA
  2437. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  2438. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  2439. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  2440. Accepted TLSv1.1 112 bits DES-CBC3-SHA
  2441. Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
  2442. Accepted TLSv1.1 128 bits SEED-SHA
  2443. Accepted TLSv1.1 128 bits IDEA-CBC-SHA
  2444. Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
  2445. Accepted TLSv1.1 128 bits RC4-SHA
  2446. Accepted TLSv1.1 128 bits RC4-MD5
  2447.  
  2448. SSL Certificate:
  2449. Signature Algorithm: sha256WithRSAEncryption
  2450. RSA Key Strength: 2048
  2451.  
  2452. Subject: *.hspheredns.com
  2453. Altnames: DNS:*.hspheredns.com, DNS:hspheredns.com
  2454. Issuer: COMODO RSA Domain Validation Secure Server CA
  2455.  
  2456. Not valid before: Jul 19 00:00:00 2017 GMT
  2457. Not valid after: Jul 18 23:59:59 2020 GMT
  2458. #######################################################################################################################################
  2459. --------------------------------------------------------
  2460. <<<Yasuo discovered following vulnerable applications>>>
  2461. --------------------------------------------------------
  2462. +-----------------+----------------------------------+------------------------------------------------+----------+----------+
  2463. | App Name | URL to Application | Potential Exploit | Username | Password |
  2464. +-----------------+----------------------------------+------------------------------------------------+----------+----------+
  2465. | Linksys WRT54GL | http://208.77.159.5:80/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
  2466. +-----------------+----------------------------------+------------------------------------------------+----------+----------+
  2467. #######################################################################################################################################
  2468. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 18:06 EST
  2469. NSE: Loaded 148 scripts for scanning.
  2470. NSE: Script Pre-scanning.
  2471. NSE: Starting runlevel 1 (of 2) scan.
  2472. Initiating NSE at 18:06
  2473. Completed NSE at 18:06, 0.00s elapsed
  2474. NSE: Starting runlevel 2 (of 2) scan.
  2475. Initiating NSE at 18:06
  2476. Completed NSE at 18:06, 0.00s elapsed
  2477. Initiating Ping Scan at 18:06
  2478. Scanning 208.77.159.5 [4 ports]
  2479. Completed Ping Scan at 18:06, 0.10s elapsed (1 total hosts)
  2480. Initiating Parallel DNS resolution of 1 host. at 18:06
  2481. Completed Parallel DNS resolution of 1 host. at 18:06, 0.02s elapsed
  2482. Initiating Connect Scan at 18:06
  2483. Scanning web28.hspheredns.com (208.77.159.5) [1000 ports]
  2484. Discovered open port 21/tcp on 208.77.159.5
  2485. Discovered open port 80/tcp on 208.77.159.5
  2486. Discovered open port 443/tcp on 208.77.159.5
  2487. Discovered open port 9102/tcp on 208.77.159.5
  2488. Completed Connect Scan at 18:06, 4.45s elapsed (1000 total ports)
  2489. Initiating Service scan at 18:06
  2490. Scanning 3 services on web28.hspheredns.com (208.77.159.5)
  2491. Completed Service scan at 18:06, 12.60s elapsed (4 services on 1 host)
  2492. Initiating OS detection (try #1) against web28.hspheredns.com (208.77.159.5)
  2493. Retrying OS detection (try #2) against web28.hspheredns.com (208.77.159.5)
  2494. Initiating Traceroute at 18:06
  2495. Completed Traceroute at 18:07, 3.00s elapsed
  2496. Initiating Parallel DNS resolution of 10 hosts. at 18:07
  2497. Completed Parallel DNS resolution of 10 hosts. at 18:07, 16.50s elapsed
  2498. NSE: Script scanning 208.77.159.5.
  2499. NSE: Starting runlevel 1 (of 2) scan.
  2500. Initiating NSE at 18:07
  2501. Completed NSE at 18:07, 7.90s elapsed
  2502. NSE: Starting runlevel 2 (of 2) scan.
  2503. Initiating NSE at 18:07
  2504. Completed NSE at 18:07, 0.00s elapsed
  2505. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2506. Host is up, received echo-reply ttl 51 (0.068s latency).
  2507. Scanned at 2019-02-21 18:06:38 EST for 49s
  2508. Not shown: 981 filtered ports
  2509. Reason: 981 no-responses
  2510. PORT STATE SERVICE REASON VERSION
  2511. 20/tcp closed ftp-data conn-refused
  2512. 21/tcp open ftp syn-ack ProFTPD 1.3.4a
  2513. |_ssl-date: 2019-02-21T23:07:20+00:00; 0s from scanner time.
  2514. 25/tcp closed smtp conn-refused
  2515. 53/tcp closed domain conn-refused
  2516. 80/tcp open http syn-ack Apache httpd (mod_fcgid/2.3.9)
  2517. |_http-favicon: Parallels Control Panel
  2518. | http-methods:
  2519. | Supported Methods: GET HEAD POST OPTIONS TRACE
  2520. |_ Potentially risky methods: TRACE
  2521. |_http-server-header: Apache mod_fcgid/2.3.9
  2522. |_http-title: Parallels H-Sphere
  2523. 110/tcp closed pop3 conn-refused
  2524. 139/tcp closed netbios-ssn conn-refused
  2525. 143/tcp closed imap conn-refused
  2526. 443/tcp open ssl/http syn-ack Apache httpd (mod_fcgid/2.3.9)
  2527. |_http-favicon: Parallels Control Panel
  2528. | http-methods:
  2529. | Supported Methods: GET HEAD POST OPTIONS TRACE
  2530. |_ Potentially risky methods: TRACE
  2531. |_http-server-header: Apache mod_fcgid/2.3.9
  2532. |_http-title: Parallels H-Sphere
  2533. | ssl-cert: Subject: commonName=*.hspheredns.com/organizationalUnitName=EssentialSSL Wildcard
  2534. | Subject Alternative Name: DNS:*.hspheredns.com, DNS:hspheredns.com
  2535. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB/localityName=Salford
  2536. | Public Key type: rsa
  2537. | Public Key bits: 2048
  2538. | Signature Algorithm: sha256WithRSAEncryption
  2539. | Not valid before: 2017-07-19T00:00:00
  2540. | Not valid after: 2020-07-18T23:59:59
  2541. | MD5: 786b b475 2e40 a254 b24b 64c4 eba7 c667
  2542. | SHA-1: 89d3 bcc5 5a7e abdf cd16 8831 ba80 a7dc 8fb9 3d22
  2543. | -----BEGIN CERTIFICATE-----
  2544. | MIIFWDCCBECgAwIBAgIQGUrz52fjfBP8JSgE3xscpjANBgkqhkiG9w0BAQsFADCB
  2545. | kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
  2546. | A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
  2547. | BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
  2548. | QTAeFw0xNzA3MTkwMDAwMDBaFw0yMDA3MTgyMzU5NTlaMF4xITAfBgNVBAsTGERv
  2549. | bWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NMIFdp
  2550. | bGRjYXJkMRkwFwYDVQQDDBAqLmhzcGhlcmVkbnMuY29tMIIBIjANBgkqhkiG9w0B
  2551. | AQEFAAOCAQ8AMIIBCgKCAQEAsDWxgVfsBnntX+FBqejcn7lVhbNRGv8icjVx1rks
  2552. | RP9KCIXMwo76BwSE657ws6dm9wm2gupt1g+gpy5jCLCswI6mksU/todpW3BjfyBd
  2553. | 3Qbvp4kzd7qtN0cmUXgKqckC67N8Nyl/aoH3XKnabyQVYjc9zVL1V0XrItOUpy0/
  2554. | yEUF9Y1quYoisQ8FC9vk4IO/ej79S8nQs5hqbmEHBzjhFutiy2RGbmCDYo8EUB9i
  2555. | 8D9qqr5ZcPHHQTxagZXsccxirLkZRux9ANV9VeF1sZG+8teLqLV0UmCKCxfI7krH
  2556. | UZ2HsHg8g7ncgZP98OD6lhjoAdQs+fotGHrh6ITd1th5wwIDAQABo4IB3TCCAdkw
  2557. | HwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFLH5IxS2
  2558. | ujYMimtY7CbpQyTakzw/MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
  2559. | A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQB
  2560. | sjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20v
  2561. | Q1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9k
  2562. | b2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0Eu
  2563. | Y3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29t
  2564. | b2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJD
  2565. | QS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTArBgNV
  2566. | HREEJDAighAqLmhzcGhlcmVkbnMuY29tgg5oc3BoZXJlZG5zLmNvbTANBgkqhkiG
  2567. | 9w0BAQsFAAOCAQEAe2G4WqREAZsJygDC8r5Omt4lqXcv8mfbYMAazB13zql1M/s1
  2568. | tL0w+CvueFoUdBogcMECAEFiGHRY735O15z34wEHZZ1lr48XrB36BtnG3D+PsqHY
  2569. | abxVfQvNXE8GyWRJPdy1YpM84gcRYopfjb0R9T5wbIKmSfibJhwJ/Fcek6HF2TVs
  2570. | J9MYDukDIHLl+wwjK49QWI9Qh7bKNYRMfzMzQTD3nRQRWqeJsPf3M6E1189qYb2h
  2571. | Y8QVxsvybBK6as3MMMd7DY4cTMMjeIYHQHiil+bQhDAf31M14brLrALdGB4gzU3t
  2572. | aNvHOOpnbudSaCdwoGwOU2xOXOZYqfNCsQkKXQ==
  2573. |_-----END CERTIFICATE-----
  2574. |_ssl-date: 2019-02-21T23:07:20+00:00; 0s from scanner time.
  2575. 445/tcp closed microsoft-ds conn-refused
  2576. 465/tcp closed smtps conn-refused
  2577. 587/tcp closed submission conn-refused
  2578. 873/tcp closed rsync conn-refused
  2579. 993/tcp closed imaps conn-refused
  2580. 995/tcp closed pop3s conn-refused
  2581. 2222/tcp closed EtherNetIP-1 conn-refused
  2582. 3306/tcp closed mysql conn-refused
  2583. 9102/tcp open jetdirect? syn-ack
  2584. 9103/tcp closed jetdirect conn-refused
  2585. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  2586. Aggressive OS guesses: Linux 2.6.32 (93%), Linux 3.4 (93%), WatchGuard Fireware 11.8 (93%), Synology DiskStation Manager 5.1 (92%), Linux 3.10 (92%), Linux 2.6.32 or 3.10 (92%), Linux 2.6.39 (92%), Linux 3.1 - 3.2 (92%), Linux 2.6.32 - 2.6.39 (90%), Grandstream GXV3275 video phone (88%)
  2587. No exact OS matches for host (test conditions non-ideal).
  2588. TCP/IP fingerprint:
  2589. SCAN(V=7.70%E=4%D=2/21%OT=21%CT=20%CU=%PV=N%DS=11%DC=T%G=N%TM=5C6F2F2F%P=x86_64-pc-linux-gnu)
  2590. SEQ(SP=106%GCD=1%ISR=109%TI=Z%II=I%TS=A)
  2591. SEQ(SP=106%GCD=1%ISR=109%TI=Z%TS=A)
  2592. OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
  2593. WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)
  2594. ECN(R=Y%DF=Y%TG=40%W=3908%O=M4B3NNSNW7%CC=Y%Q=)
  2595. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
  2596. T2(R=N)
  2597. T3(R=N)
  2598. T4(R=N)
  2599. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
  2600. T6(R=N)
  2601. T7(R=N)
  2602. U1(R=N)
  2603. IE(R=Y%DFI=N%TG=40%CD=S)
  2604.  
  2605. Uptime guess: 12.033 days (since Sat Feb 9 17:19:13 2019)
  2606. Network Distance: 11 hops
  2607. TCP Sequence Prediction: Difficulty=262 (Good luck!)
  2608. IP ID Sequence Generation: All zeros
  2609. Service Info: OS: Unix
  2610.  
  2611. Host script results:
  2612. |_clock-skew: mean: 0s, deviation: 0s, median: 0s
  2613.  
  2614. TRACEROUTE (using proto 1/icmp)
  2615. HOP RTT ADDRESS
  2616. 1 22.26 ms 10.248.200.1
  2617. 2 22.49 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  2618. 3 39.29 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  2619. 4 22.47 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  2620. 5 22.54 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  2621. 6 22.56 ms 4.68.127.229
  2622. 7 ...
  2623. 8 73.37 ms DATABANK-HO.ear1.Dallas1.Level3.net (4.31.141.94)
  2624. 9 67.83 ms 63.164.96.databank.com (63.164.96.22)
  2625. 10 68.73 ms 69.44.220.66
  2626. 11 66.64 ms web28.hspheredns.com (208.77.159.5)
  2627.  
  2628. NSE: Script Post-scanning.
  2629. NSE: Starting runlevel 1 (of 2) scan.
  2630. Initiating NSE at 18:07
  2631. Completed NSE at 18:07, 0.00s elapsed
  2632. NSE: Starting runlevel 2 (of 2) scan.
  2633. Initiating NSE at 18:07
  2634. Completed NSE at 18:07, 0.00s elapsed
  2635. Read data files from: /usr/bin/../share/nmap
  2636. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2637. Nmap done: 1 IP address (1 host up) scanned in 49.76 seconds
  2638. Raw packets sent: 111 (8.994KB) | Rcvd: 823 (365.361KB)
  2639. #######################################################################################################################################
  2640. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 18:07 EST
  2641. NSE: Loaded 148 scripts for scanning.
  2642. NSE: Script Pre-scanning.
  2643. Initiating NSE at 18:07
  2644. Completed NSE at 18:07, 0.00s elapsed
  2645. Initiating NSE at 18:07
  2646. Completed NSE at 18:07, 0.00s elapsed
  2647. Initiating Parallel DNS resolution of 1 host. at 18:07
  2648. Completed Parallel DNS resolution of 1 host. at 18:07, 0.03s elapsed
  2649. Initiating UDP Scan at 18:07
  2650. Scanning web28.hspheredns.com (208.77.159.5) [14 ports]
  2651. Completed UDP Scan at 18:07, 1.29s elapsed (14 total ports)
  2652. Initiating Service scan at 18:07
  2653. Scanning 11 services on web28.hspheredns.com (208.77.159.5)
  2654. Service scan Timing: About 9.09% done; ETC: 18:25 (0:16:10 remaining)
  2655. Completed Service scan at 18:09, 102.59s elapsed (11 services on 1 host)
  2656. Initiating OS detection (try #1) against web28.hspheredns.com (208.77.159.5)
  2657. Retrying OS detection (try #2) against web28.hspheredns.com (208.77.159.5)
  2658. Initiating Traceroute at 18:09
  2659. Completed Traceroute at 18:09, 7.11s elapsed
  2660. Initiating Parallel DNS resolution of 1 host. at 18:09
  2661. Completed Parallel DNS resolution of 1 host. at 18:09, 0.02s elapsed
  2662. NSE: Script scanning 208.77.159.5.
  2663. Initiating NSE at 18:09
  2664. Completed NSE at 18:09, 20.31s elapsed
  2665. Initiating NSE at 18:09
  2666. Completed NSE at 18:09, 1.03s elapsed
  2667. Nmap scan report for web28.hspheredns.com (208.77.159.5)
  2668. Host is up (0.050s latency).
  2669.  
  2670. PORT STATE SERVICE VERSION
  2671. 53/udp closed domain
  2672. 67/udp open|filtered dhcps
  2673. 68/udp open|filtered dhcpc
  2674. 69/udp open|filtered tftp
  2675. 88/udp open|filtered kerberos-sec
  2676. 123/udp open|filtered ntp
  2677. 137/udp filtered netbios-ns
  2678. 138/udp filtered netbios-dgm
  2679. 139/udp open|filtered netbios-ssn
  2680. 161/udp open|filtered snmp
  2681. 162/udp open|filtered snmptrap
  2682. 389/udp open|filtered ldap
  2683. 520/udp open|filtered route
  2684. 2049/udp open|filtered nfs
  2685. Too many fingerprints match this host to give specific OS details
  2686. Network Distance: 11 hops
  2687.  
  2688. TRACEROUTE (using port 137/udp)
  2689. HOP RTT ADDRESS
  2690. 1 ...
  2691. 2 22.95 ms 10.248.200.1
  2692. 3 ... 4
  2693. 5 26.74 ms 10.248.200.1
  2694. 6 22.97 ms 10.248.200.1
  2695. 7 22.97 ms 10.248.200.1
  2696. 8 22.97 ms 10.248.200.1
  2697. 9 22.98 ms 10.248.200.1
  2698. 10 22.98 ms 10.248.200.1
  2699. 11 23.02 ms 10.248.200.1
  2700. 12 ... 18
  2701. 19 23.36 ms 10.248.200.1
  2702. 20 25.47 ms 10.248.200.1
  2703. 21 ... 27
  2704. 28 25.96 ms 10.248.200.1
  2705. 29 ...
  2706. 30 22.90 ms 10.248.200.1
  2707.  
  2708. NSE: Script Post-scanning.
  2709. Initiating NSE at 18:09
  2710. Completed NSE at 18:09, 0.00s elapsed
  2711. Initiating NSE at 18:09
  2712. Completed NSE at 18:09, 0.00s elapsed
  2713. Read data files from: /usr/bin/../share/nmap
  2714. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2715. Nmap done: 1 IP address (1 host up) scanned in 135.64 seconds
  2716. Raw packets sent: 127 (9.572KB) | Rcvd: 1068 (273.721KB)
  2717. #######################################################################################################################################
  2718. ---------------------------------------------------------------------------------------------------------------------------------------
  2719. + Target IP: 208.77.159.5
  2720. + Target Hostname: hssb.gov.sd
  2721. + Target Port: 80
  2722. + Start Time: 2019-02-21 17:39:36 (GMT-5)
  2723. ---------------------------------------------------------------------------------------------------------------------------------------
  2724. + Server: No banner retrieved
  2725. + The anti-clickjacking X-Frame-Options header is not present.
  2726. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  2727. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  2728. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_REQ 0
  2729. + Uncommon header 'x-generator' found, with contents: Drupal 7 (http://drupal.org)
  2730. + Uncommon header 'link' found, with contents: </ar/node/1>; rel="shortlink",</ar/node/1>; rel="canonical"
  2731. + Server banner has changed from '' to 'Apache mod_fcgid/2.3.9' which may suggest a WAF, load balancer or proxy is in place
  2732. + OSVDB-1210: /scripts/samples/search/qfullhit.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
  2733. + OSVDB-1210: /scripts/samples/search/qsumrhit.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
  2734. + OSVDB-1210: /GKaGq.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
  2735. + 26129 requests: 0 error(s) and 9 item(s) reported on remote host
  2736. + End Time: 2019-02-21 18:31:28 (GMT-5) (3112 seconds)
  2737. ---------------------------------------------------------------------------------------------------------------------------------------
  2738. ######################################################################################################################################
  2739. --------------------------------------------------------------------------------------------------------------------------------------
  2740. + Target IP: 208.77.159.5
  2741. + Target Hostname: 208.77.159.5
  2742. + Target Port: 443
  2743. ---------------------------------------------------------------------------------------------------------------------------------------
  2744. + SSL Info: Subject: /OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.hspheredns.com
  2745. Ciphers: ECDHE-RSA-AES256-GCM-SHA384
  2746. Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
  2747. + Start Time: 2019-02-21 17:40:08 (GMT-5)
  2748. ---------------------------------------------------------------------------------------------------------------------------------------
  2749. + Server: Apache mod_fcgid/2.3.9
  2750. + The anti-clickjacking X-Frame-Options header is not present.
  2751. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  2752. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  2753. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  2754. + All CGI directories 'found', use '-C none' to test none
  2755. + Uncommon header 'tcn' found, with contents: list
  2756. + Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.html
  2757. + Server is using a wildcard certificate: *.hspheredns.com
  2758. + Hostname '208.77.159.5' does not match certificate's names: *.hspheredns.com
  2759. ---------------------------------------------------------------------------------------------------------------------------------------
  2760. #######################################################################################################################################
  2761. Anonymous JTSEC #OpSudan Full Recon #18
RAW Paste Data