Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname www.htmedia.info ISP StackPath LLC
- Continent Europe Flag
- GB
- Country United Kingdom Country Code GB
- Region Unknown Local time 25 Sep 2019 03:20 BST
- City Unknown Postal Code Unknown
- IP Address 185.85.196.45 Latitude 51.496
- Longitude -0.122
- =======================================================================================================================================
- #######################################################################################################################################
- > www.htmedia.info
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- www.htmedia.info canonical name = htmedia.info.
- Name: htmedia.info
- Address: 185.85.196.45
- >
- #######################################################################################################################################
- Domain Name: HTMEDIA.INFO
- Registry Domain ID: D29038560-LRMS
- Registrar WHOIS Server: whois.networksolutions.com
- Registrar URL: www.networksolutions.com
- Updated Date: 2019-09-22T13:14:35Z
- Creation Date: 2009-07-12T01:34:24Z
- Registry Expiry Date: 2025-07-12T01:34:24Z
- Registrar Registration Expiration Date:
- Registrar: Network Solutions, LLC
- Registrar IANA ID: 2
- Registrar Abuse Contact Email: abuse@web.com
- Registrar Abuse Contact Phone: +1.8003337680
- Reseller:
- Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
- Registrant Organization:
- Registrant State/Province: FL
- Registrant Country: US
- Name Server: DNS3.CLOUDNS.NET
- Name Server: DNS4.CLOUDNS.NET
- DNSSEC: unsigned
- #######################################################################################################################################
- [+] Target : www.htmedia.info
- [+] IP Address : 185.85.196.45
- [+] Headers :
- [+] Server : nginx/1.15.9 (Ubuntu)
- [+] Date : Wed, 25 Sep 2019 02:25:59 GMT
- [+] Content-Type : text/html; charset=UTF-8
- [+] Cache-Control : no-store, no-cache, must-v_svurk_post, post-check=0, pre-check=0
- [+] Pragma : no-cache
- [+] Expires : Mon, 11 Nov 2011 11:11:11 GMT
- [+] X-Robots-Tag : noindex, nofollow
- [+] Retry-After : 3600
- [+] Set-Cookie : TS01355090=01c77b6ef9e2610529f96fc3b1833eb6c841195fba5d3acef19a619ecaaf48c4bd66f9eac3a57b4e532b6b135838b88e870c6f139f86f66495d5e22ea9ed1380db9f22d357; Path=/; Domain=.htmedia.info
- [+] X-Varnish : 12386374
- [+] Age : 0
- [+] Via : 1.1 varnish (Varnish/6.1)
- [+] Transfer-Encoding : chunked
- [+] Connection : keep-alive
- [+] SSL Certificate Information :
- [+] commonName : al-aqsa.org
- [+] countryName : US
- [+] organizationName : Let's Encrypt
- [+] commonName : Let's Encrypt Authority X3
- [+] Version : 3
- [+] Serial Number : 034B2056B9BCD5822709F0D22A6533975EB7
- [+] Not Before : Sep 21 16:27:19 2019 GMT
- [+] Not After : Dec 20 16:27:19 2019 GMT
- [+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
- [+] subject Alt Name : (('DNS', 'al-aqsa.org'),)
- [+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
- [+] Whois Lookup :
- [+] NIR : None
- [+] ASN Registry : ripencc
- [+] ASN : 12989 33438
- [+] ASN CIDR : 185.85.196.0/24
- [+] ASN Country Code : GB
- [+] ASN Date : 2016-06-15
- [+] ASN Description : None
- [+] cidr : 185.85.196.0/22
- [+] name : US-STACKPATH-20160615
- [+] handle : NE1459-RIPE
- [+] range : 185.85.196.0 - 185.85.199.255
- [+] description : None
- [+] country : GB
- [+] state : None
- [+] city : None
- [+] address : 2021 McKinney Ave.
- Suite 1100
- 75201
- Dallas
- UNITED STATES
- [+] postal_code : None
- [+] emails : None
- [+] created : 2016-06-15T07:55:08Z
- [+] updated : 2016-06-15T07:55:08Z
- [+] Crawling Target...
- [-] Error : 503
- [+] Completed!
- #######################################################################################################################################
- [+] Starting At 2019-09-24 22:26:27.694211
- [+] Collecting Information On: http://www.htmedia.info/index.php/portal/login/
- [#] Status: 503
- --------------------------------------------------
- [#] Web Server Detected: nginx/1.15.9 (Ubuntu)
- [!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
- - Server: nginx/1.15.9 (Ubuntu)
- - Date: Wed, 25 Sep 2019 02:26:24 GMT
- - Content-Type: text/html; charset=UTF-8
- - Set-Cookie: PHPSESSID=hb2n05okib9v92nkb1cnu4gsf4; path=/, TS01355090=01c77b6ef998f189446b533d36120caaa309f2b33e930522c153d91fdd7f16b344ec50c4dc714ac51144fb0b8074787f0b445ec0117b121870de7e6ba4a882053dfabf2c31; Path=/; Domain=.htmedia.info
- - Cache-Control: no-store, no-cache, must-v_svurk_post, post-check=0, pre-check=0
- - Pragma: no-cache
- - Expires: Mon, 11 Nov 2011 11:11:11 GMT
- - X-Robots-Tag: noindex, nofollow
- - Retry-After: 3600
- - X-Varnish: 12682368
- - Age: 0
- - Via: 1.1 varnish (Varnish/6.1)
- - Transfer-Encoding: chunked
- - Connection: keep-alive
- --------------------------------------------------
- [#] Finding Location..!
- [#] as: AS33438 Highwinds Network Group, Inc.
- [#] city: London
- [#] country: United Kingdom
- [#] countryCode: GB
- [#] isp: Highwinds Network Group, Inc.
- [#] lat: 51.5074
- [#] lon: -0.127758
- [#] org: StackPath LLC
- [#] query: 185.85.196.45
- [#] region: ENG
- [#] regionName: England
- [#] status: success
- [#] timezone: Europe/London
- [#] zip: W1B
- --------------------------------------------------
- [+] Detected WAF Presence in web application: CacheWall (Varnish)
- --------------------------------------------------
- [#] Starting Reverse DNS
- [-] Failed ! Fail
- --------------------------------------------------
- [!] Scanning Open Port
- [#] 22/tcp open ssh
- [#] 80/tcp open http
- [#] 443/tcp open https
- --------------------------------------------------
- [+] Collecting Information Disclosure!
- [#] Detecting sitemap.xml file
- [!] sitemap.xml File Found: http://www.htmedia.info/index.php/portal/login//sitemap.xml
- [#] Detecting robots.txt file
- [!] robots.txt File Found: http://www.htmedia.info/index.php/portal/login//robots.txt
- [#] Detecting GNU Mailman
- [-] GNU Mailman App Not Detected!?
- --------------------------------------------------
- [+] Crawling Url Parameter On: http://www.htmedia.info/index.php/portal/login/
- --------------------------------------------------
- [#] Searching Html Form !
- [+] Html Form Discovered
- [#] action: http://www.htmedia.info/index.php/portal/login/
- [#] class: None
- [#] id: loginForm
- [#] method: post
- --------------------------------------------------
- [!] Found 11 dom parameter
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- [#] http://www.htmedia.info/index.php/portal/login//#
- --------------------------------------------------
- [!] 7 Internal Dynamic Parameter Discovered
- [+] http://www.htmedia.info/public/frontend/default/css_default/_main.css?pb=7f52a3af1fdda6d4009cfd272eed4f48
- [+] http://www.htmedia.info/public/frontend/default/css/_main_rtl.css?pb=7f52a3af1fdda6d4009cfd272eed4f48
- [+] http://www.htmedia.info/public/frontend/default/css_default/modal.css?pb=7f52a3af1fdda6d4009cfd272eed4f48
- [+] http://www.htmedia.info/public/common/js/k_notifications.css?pb=7f52a3af1fdda6d4009cfd272eed4f48
- [+] http://www.htmedia.info/rss.php?type=galleries
- [+] http://www.htmedia.info/rss.php?type=news
- [+] http://www.htmedia.info/rss.php?type=events
- --------------------------------------------------
- [-] No external Dynamic Paramter Found!?
- --------------------------------------------------
- [!] 36 Internal links Discovered
- [+] http://www.htmedia.info/index.php/portal/login/
- [+] http://www.htmedia.info/public/frontend/default/css_default/icons.css
- [+] http://www.htmedia.info/favicon.ico
- [+] http://www.htmedia.info/apple-touch-icon-precomposed.png
- [+] http://www.htmedia.info/apple-touch-icon-precomposed.png
- [+] http://www.htmedia.info/apple-touch-icon.png
- [+] http://www.htmedia.info/public/common/js/k_cookies_notice.css
- [+] http://www.htmedia.info/rss.php
- [+] http://www.htmedia.info/index.php/portal/login/
- [+] http://www.htmedia.info/index.php/portal/register/
- [+] http://www.htmedia.info/rss.php
- [+] http://www.htmedia.info/
- [+] http://www.htmedia.info/index.php/categories/
- [+] http://www.htmedia.info/index.php/c/htameer-1/
- [+] http://www.htmedia.info/index.php/c/cmo-2/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-3/
- [+] http://www.htmedia.info/index.php/c/htameer-1/
- [+] http://www.htmedia.info/index.php/c/cmo-2/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-3/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-jordan-6/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-pal-4/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-syria-5/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-sudan-8/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-lubnan-14/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-turkey-15/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-pakistan-16/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-3/
- [+] http://www.htmedia.info/index.php/c/malaisia-18/
- [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-otherplaces-19/
- [+] http://www.htmedia.info/index.php/channel/11/نداءات-من-بيت-المقدس/
- [+] http://www.htmedia.info/index.php/c/minbaralummah-7/
- [+] http://www.htmedia.info/index.php/c/selections-9/
- [+] http://www.htmedia.info/index.php/portal/register/
- [+] http://www.htmedia.info/index.php/portal/forgotpassword/
- [+] http://www.htmedia.info/index.php/portal/login//" target=
- [+] http://www.htmedia.info/index.php/mobile/portal/login/
- --------------------------------------------------
- [!] 1 External links Discovered
- [#] https://media.htmedia.me/portal/images/img_social_1547405840.png
- --------------------------------------------------
- [#] Mapping Subdomain..
- [!] Found 1 Subdomain
- - htmedia.info
- --------------------------------------------------
- [!] Done At 2019-09-24 22:26:42.087953
- #######################################################################################################################################
- [i] Scanning Site: http://www.htmedia.info
- B A S I C I N F O
- ====================
- [+] Site Title:
- [+] IP address: 185.85.196.45
- [+] Web Server: nginx/1.15.9 (Ubuntu)
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- # If the Joomla site is installed within a folder such as at
- # e.g. www.example.com/joomla/ the robots.txt file MUST be
- # moved to the site root at e.g. www.example.com/robots.txt
- # AND the joomla folder name MUST be prefixed to the disallowed
- # path, e.g. the Disallow rule for the /administrator/ folder
- # MUST be changed to read Disallow: /joomla/administrator/
- #
- # For more information about the robots.txt standard, see:
- # http://www.robotstxt.org/orig.html
- #
- # For syntax checking, see:
- # http://tool.motoricerca.info/robots-checker.phtml
- User-agent: *
- Disallow: /administrator/
- Disallow: /bin/
- Disallow: /cache/
- Disallow: /cli/
- Disallow: /components/
- Disallow: /includes/
- Disallow: /installation/
- Disallow: /language/
- Disallow: /layouts/
- Disallow: /libraries/
- Disallow: /logs/
- Disallow: /modules/
- Disallow: /plugins/
- Disallow: /tmp/
- -----------[end of contents]-------------
- W H O I S L O O K U P
- ========================
- Domain Name: HTMEDIA.INFO
- Registry Domain ID: D29038560-LRMS
- Registrar WHOIS Server: whois.networksolutions.com
- Registrar URL: www.networksolutions.com
- Updated Date: 2019-09-22T13:14:35Z
- Creation Date: 2009-07-12T01:34:24Z
- Registry Expiry Date: 2025-07-12T01:34:24Z
- Registrar Registration Expiration Date:
- Registrar: Network Solutions, LLC
- Registrar IANA ID: 2
- Registrar Abuse Contact Email: abuse@web.com
- Registrar Abuse Contact Phone: +1.8003337680
- Reseller:
- Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
- Registrant Organization:
- Registrant State/Province: FL
- Registrant Country: US
- Name Server: DNS3.CLOUDNS.NET
- Name Server: DNS4.CLOUDNS.NET
- DNSSEC: unsigned
- URL of the ICANN Whois Inaccuracy Complaint Form is https://www.icann.org/wicf/
- >>> Last update of WHOIS database: 2019-09-25T02:25:17Z <<<
- For more information on Whois status codes, please visit https://icann.org/epp
- G E O I P L O O K U P
- =========================
- [i] IP Address: 185.85.196.45
- [i] Country: United Kingdom
- [i] State:
- [i] City:
- [i] Latitude: 51.4964
- [i] Longitude: -0.1224
- H T T P H E A D E R S
- =======================
- [i] HTTP/1.1 302 Found
- [i] Server: nginx/1.15.9 (Ubuntu)
- [i] Date: Wed, 25 Sep 2019 02:26:18 GMT
- [i] Content-Type: text/html; charset=UTF-8
- [i] Set-Cookie: PHPSESSID=j7ep309pdml03dqcghqsfdbgq6; path=/
- [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
- [i] Cache-Control: no-store, no-cache, must-revalidate
- [i] Pragma: no-cache
- [i] Location: http://www.htmedia.info/index.php/portal/login/
- [i] Set-Cookie: TS01355090=01c77b6ef9e17f8780dd18a1251fb03bd4c9030a6e605712b3dee628a86e4ed05212ca4fe3e92b762b05b9c312f16666d3c2e94889adabf5b055b204fdc9220ecd11d7069d; Path=/; Domain=.htmedia.info
- [i] X-Varnish: 12682334
- [i] Age: 0
- [i] Via: 1.1 varnish (Varnish/6.1)
- [i] Content-Length: 0
- [i] Connection: close
- [i] HTTP/1.1 503 Service Unavailable
- [i] Server: nginx/1.15.9 (Ubuntu)
- [i] Date: Wed, 25 Sep 2019 02:26:18 GMT
- [i] Content-Type: text/html; charset=UTF-8
- [i] Set-Cookie: PHPSESSID=19nsvr849frl7qqc7bt4bsf922; path=/
- [i] Cache-Control: no-store, no-cache, must-v_svurk_post, post-check=0, pre-check=0
- [i] Pragma: no-cache
- [i] Expires: Mon, 11 Nov 2011 11:11:11 GMT
- [i] X-Robots-Tag: noindex, nofollow
- [i] Retry-After: 3600
- [i] Set-Cookie: TS01355090=01c77b6ef9a9f9b49e408777984093aacc23ebb94f118d4314d40468cde2b2b7a8b31734a75e66ba72dd5acf88de61a63d3eaafb0e08d2af203a8875d07f59cd8a3893155f; Path=/; Domain=.htmedia.info
- [i] X-Varnish: 8521905
- [i] Age: 0
- [i] Via: 1.1 varnish (Varnish/6.1)
- [i] Connection: close
- D N S L O O K U P
- ===================
- htmedia.info. 3599 IN SOA dns3.cloudns.net. support.cloudns.net. 2019092405 7200 1800 1209600 3600
- htmedia.info. 3599 IN A 185.85.196.45
- htmedia.info. 3599 IN MX 10 inbound.htmedia.info.netsolmail.net.
- htmedia.info. 3599 IN NS dns8.cloudns.net.
- htmedia.info. 3599 IN NS dns4.cloudns.net.
- htmedia.info. 3599 IN NS dns7.cloudns.net.
- htmedia.info. 3599 IN NS dns3.cloudns.net.
- S U B N E T C A L C U L A T I O N
- ====================================
- Address = 185.85.196.45
- Network = 185.85.196.45 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 185.85.196.45 - 185.85.196.45 }
- N M A P P O R T S C A N
- ============================
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-25 02:26 UTC
- Nmap scan report for htmedia.info (185.85.196.45)
- Host is up (0.0027s latency).
- rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp open ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.45 seconds
- #######################################################################################################################################
- [INFO] ------TARGET info------
- [*] TARGET: http://www.htmedia.info/index.php/portal/login/
- [*] TARGET IP: 185.85.196.45
- [INFO] NO load balancer detected for www.htmedia.info...
- [*] DNS servers: htmedia.info.
- [*] TARGET server: nginx/1.15.9 (Ubuntu)
- [*] CC: GB
- [*] Country: United Kingdom
- [*] RegionCode: ENG
- [*] RegionName: England
- [*] City: London
- [*] ASN: AS33438
- [*] BGP_PREFIX: 185.85.196.0/24
- [*] ISP: HIGHWINDS2 - Highwinds Network Group, Inc., US
- [INFO] DNS enumeration:
- [*] mail.htmedia.info mail.htmedia.info.netsolmail.net. 205.178.146.235
- [INFO] Possible abuse mails are:
- [*] abuse@htmedia.info
- [*] abuse@stackpath.com
- [*] abuse@www.htmedia.info
- [INFO] NO PAC (Proxy Auto Configuration) file FOUND
- [INFO] Checking for HTTP status codes recursively from /index.php/portal/login/
- [INFO] Status code Folders
- [*] 503 http://www.htmedia.info/index.php/
- [*] 503 http://www.htmedia.info/index.php/portal/
- [ALERT] robots.txt file FOUND in http://www.htmedia.info/robots.txt
- [INFO] Checking for HTTP status codes recursively from http://www.htmedia.info/robots.txt
- [INFO] Status code Folders
- [INFO] Starting FUZZing in http://www.htmedia.info/FUzZzZzZzZz...
- [INFO] Status code Folders
- [ALERT] Look in the source code. It may contain passwords
- [INFO] Links found from http://www.htmedia.info/index.php/portal/login/ http://185.85.196.45/:
- [INFO] GOOGLE has 3,250,000 results (0.21 seconds) about http://www.htmedia.info/
- [INFO] Shodan detected the following opened ports on 185.85.196.45:
- [*] 0
- [*] 22
- [*] 3
- [*] 443
- [*] 8
- [*] 80
- [INFO] ------VirusTotal SECTION------
- [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
- [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
- [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
- [INFO] ------Alexa Rank SECTION------
- [INFO] Percent of Visitors Rank in Country:
- [INFO] Percent of Search Traffic:
- [INFO] Percent of Unique Visits:
- [INFO] Total Sites Linking In:
- [*] Total Sites
- [INFO] Useful links related to www.htmedia.info - 185.85.196.45:
- [*] https://www.virustotal.com/pt/ip-address/185.85.196.45/information/
- [*] https://www.hybrid-analysis.com/search?host=185.85.196.45
- [*] https://www.shodan.io/host/185.85.196.45
- [*] https://www.senderbase.org/lookup/?search_string=185.85.196.45
- [*] https://www.alienvault.com/open-threat-exchange/ip/185.85.196.45
- [*] http://pastebin.com/search?q=185.85.196.45
- [*] http://urlquery.net/search.php?q=185.85.196.45
- [*] http://www.alexa.com/siteinfo/www.htmedia.info
- [*] http://www.google.com/safebrowsing/diagnostic?site=www.htmedia.info
- [*] https://censys.io/ipv4/185.85.196.45
- [*] https://www.abuseipdb.com/check/185.85.196.45
- [*] https://urlscan.io/search/#185.85.196.45
- [*] https://github.com/search?q=185.85.196.45&type=Code
- [INFO] Useful links related to AS33438 - 185.85.196.0/24:
- [*] http://www.google.com/safebrowsing/diagnostic?site=AS:33438
- [*] https://www.senderbase.org/lookup/?search_string=185.85.196.0/24
- [*] http://bgp.he.net/AS33438
- [*] https://stat.ripe.net/AS33438
- [INFO] Date: 24/09/19 | Time: 22:27:33
- [INFO] Total time: 1 minute(s) and 2 second(s)
- ######################################################################################################################################
- [*] Load target domain: www.htmedia.info
- - starting scanning @ 2019-09-24 22:30:10
- [+] Running & Checking source to be used
- ---------------------------------------------
- ⍥ Shodan [ ✕ ]
- ⍥ Webarchive [ ✔ ]
- ⍥ Dnsdumpster [ ✔ ]
- ⍥ Certsh [ ✔ ]
- ⍥ Certspotter [ ✔ ]
- ⍥ Riddler [ ✔ ]
- ⍥ Bufferover [ ✔ ]
- ⍥ Censys [ ✕ ]
- ⍥ Securitytrails [ ✕ ]
- ⍥ Binaryedge [ ✕ ]
- ⍥ Entrust [ ✔ ]
- ⍥ Hackertarget [ ✔ ]
- ⍥ Threatminer [ ✔ ]
- ⍥ Threatcrowd [ ✔ ]
- ⍥ Virustotal [ ✕ ]
- ⍥ Findsubdomain [ ✔ ]
- [+] Get & Count subdomain total From source
- ---------------------------------------------
- ⍥ Hackertarget: Total Subdomain (1)
- ⍥ Findsubdomain: Total Subdomain (0)
- ⍥ Certspotter: Total Subdomain (0)
- ⍥ Threatminer: Total Subdomain (0)
- ⍥ Certsh: Total Subdomain (0)
- ⍥ BufferOver: Total Subdomain (0)
- ⍥ Entrust: Total Subdomain (0)
- ⍥ Threatcrowd: Total Subdomain (0)
- ⍥ Dnsdumpster: Total Subdomain (6)
- ⍥ Riddler: Total Subdomain (0)
- ⍥ Webarchive: Total Subdomain (8)
- [+] Parsing & Sorting list Domain
- ---------------------------------------------
- ⍥ Total [5]
- - 111-10-2012www.htmedia.info
- - 2012www.htmedia.info
- - 8-9-2012www.htmedia.info
- - 8www.htmedia.info
- - www.htmedia.info
- ⍥ Total [5]
- [+] Probe subdomain for working on http/https
- ---------------------------------------------
- - http://www.htmedia.info
- - https://www.htmedia.info
- ⍥ Total [2]
- [+] Check Live Host: Ping Sweep - ICMP PING
- ---------------------------------------------
- ⍥ [DEAD] 111-10-2012www.htmedia.info
- ⍥ [DEAD] 2012www.htmedia.info
- ⍥ [DEAD] 8-9-2012www.htmedia.info
- ⍥ [DEAD] 8www.htmedia.info
- ⍥ [LIVE] www.htmedia.info
- [+] Check Resolving: Subdomains & Domains
- ---------------------------------------------
- ⍥ Resolving domains to: RESOLVE ERROR
- ⍥ Resolving domains to: RESOLVE ERROR
- ⍥ Resolving domains to: RESOLVE ERROR
- ⍥ Resolving domains to: RESOLVE ERROR
- ⍥ Resolving domains to: 185.85.196.45
- [+] Subdomain TakeOver - Check Possible Vulns
- ---------------------------------------------
- ⍥ [FAILS] En: Unknown http://www.htmedia.info
- ⍥ [FAILS] En: Unknown https://www.htmedia.info
- [+] Checks status code on port 80 and 443
- ---------------------------------------------
- ⍥ [200] http://www.htmedia.info
- ⍥ [000] https://www.htmedia.info
- [+] Web Screenshots: from domain list
- ---------------------------------------------
- [+] 2 URLs to be screenshot
- [+] 2 actual URLs screenshot
- [+] 0 error(s)
- [+] Generate Reports: Make report into HTML
- ---------------------------------------------
- ⍥ Make template for reports
- - output/09-24-2019/www.htmedia.info/reports
- ⍥ Successful Created ..
- [+] Sud⍥my has been sucessfully completed
- ---------------------------------------------
- ⍥ Location output:
- - output/09-24-2019/www.htmedia.info
- - output/09-24-2019/www.htmedia.info/report
- - output/09-24-2019/www.htmedia.info/screenshots
- #######################################################################################################################################
- Trying "htmedia.info"
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50553
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 2
- ;; QUESTION SECTION:
- ;htmedia.info. IN ANY
- ;; ANSWER SECTION:
- htmedia.info. 3600 IN MX 10 inbound.htmedia.info.netsolmail.net.
- htmedia.info. 3600 IN A 185.85.196.45
- htmedia.info. 3600 IN SOA dns3.cloudns.net. support.cloudns.net. 2019092405 7200 1800 1209600 3600
- htmedia.info. 3600 IN NS dns7.cloudns.net.
- htmedia.info. 3600 IN NS dns8.cloudns.net.
- htmedia.info. 3600 IN NS dns4.cloudns.net.
- htmedia.info. 3600 IN NS dns3.cloudns.net.
- ;; AUTHORITY SECTION:
- htmedia.info. 3600 IN NS dns3.cloudns.net.
- htmedia.info. 3600 IN NS dns4.cloudns.net.
- htmedia.info. 3600 IN NS dns8.cloudns.net.
- htmedia.info. 3600 IN NS dns7.cloudns.net.
- ;; ADDITIONAL SECTION:
- dns7.cloudns.net. 13278 IN A 185.136.98.88
- dns7.cloudns.net. 13278 IN AAAA 2a06:fb00:1::3:88
- Received 325 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 60 ms
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace htmedia.info
- ;; global options: +cmd
- . 80228 IN NS a.root-servers.net.
- . 80228 IN NS i.root-servers.net.
- . 80228 IN NS f.root-servers.net.
- . 80228 IN NS h.root-servers.net.
- . 80228 IN NS j.root-servers.net.
- . 80228 IN NS g.root-servers.net.
- . 80228 IN NS d.root-servers.net.
- . 80228 IN NS c.root-servers.net.
- . 80228 IN NS e.root-servers.net.
- . 80228 IN NS k.root-servers.net.
- . 80228 IN NS l.root-servers.net.
- . 80228 IN NS b.root-servers.net.
- . 80228 IN NS m.root-servers.net.
- . 80228 IN RRSIG NS 8 0 518400 20191007170000 20190924160000 59944 . JvMELd+sXxwwKWGIGlGXVsSdAjRprDrFrY8QepdE0JDGDwgqKdmXBNJd vvI4Z6ktq64eFMHRyLbAuW/rf98Q1nraMloX2tcUk1Qd6J2smZNXIC3r ohDXt6UlQ+6MZJJNNBtY1ZaqozfZwFZqoRHrVDChEXb3mZcsf3SfRrLC hF5GopkA22FWWRlYOPAXnSYhEeiBPtaiERHaKaxDUbaLNoUDLXBoKHaz cRDzM7P76fu1XoqzrDsmBziZ/jE7+OBQSvBCPW5rhqmQ+mHfvggR93nn HHV1HJIhC9/dymAqKXjnQN7njaOP0Y5FWJxUYrlrK369+u1gGTm3Btn6 8EyIEA==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 115 ms
- info. 172800 IN NS a0.info.afilias-nst.info.
- info. 172800 IN NS a2.info.afilias-nst.info.
- info. 172800 IN NS b0.info.afilias-nst.org.
- info. 172800 IN NS b2.info.afilias-nst.org.
- info. 172800 IN NS c0.info.afilias-nst.info.
- info. 172800 IN NS d0.info.afilias-nst.org.
- info. 86400 IN DS 8674 7 1 197789A2CBABA6FECD0B5AC88C5BC414CE1FC309
- info. 86400 IN DS 8674 7 2 EC9B6082B96B5F87143696F2B483ACC9B2C433DCE0C94E70F1FF5648 CA18008B
- info. 86400 IN RRSIG DS 8 1 86400 20191007170000 20190924160000 59944 . pporCpNkXnyG81FxXvaKPeDZ7+YAN2J1QGY2dbkXWO7Tl7iSqXnETYeH S+40kK7QU8xaw5k+Tsa35w0xUhZThwAGnC8BLLRpX8mM5MZL3jsHuwX7 75ziAUKAzRQJwttxXxlMdXK/9LrVHAkSwHUbOXYjMlbdDgpzUhLkMe8J WCwQQiBY1c1arkH/Wcr0mPIyR1RCuXTPYstl6an9Kd3ufBq+Kd2swHO2 RnBAEirCUYMQIL5FXbs8lyduqoZvOPURbF5QacHHu8puNyb8QYmWIago 7SrsiVFf6+yeEl5OdgvV+Laerp3an9cauJQG8rDXTIBxVtWeLlU/0LkE lz5dcQ==
- ;; Received 815 bytes from 2001:500:2d::d#53(d.root-servers.net) in 23 ms
- htmedia.info. 86400 IN NS dns4.cloudns.net.
- htmedia.info. 86400 IN NS dns3.cloudns.net.
- adnsd9nk7nk82he8h21rj0jjhj11o5gb.info. 3600 IN NSEC3 1 1 1 D399EAAB ADNVG6B2JJN9MIEU7DJB24BL7RG5MDPI NS SOA RRSIG DNSKEY NSEC3PARAM
- adnsd9nk7nk82he8h21rj0jjhj11o5gb.info. 3600 IN RRSIG NSEC3 7 2 3600 20191016023540 20190925013540 62957 info. KFDWoKIKc7UZ0NMi0FIQCKZZqW8AVKZsicagpNP7fh99ylxqXEvtwubA lEAHKYi0c86KHGGUoAzmg9IJrvxCz51Id1q3kwBgsVy/ZZGYGmQT4gKa qzwlSewCQsqdt8y/KzyJIb3v/WjfsZeih+f2aDyaf15X4naghf7lcLZ1 /Rk=
- egtidmouc14l4ddut5hrsmqp3fal5j0h.info. 3600 IN NSEC3 1 1 1 D399EAAB EGU2TR81G3T6GIJVSV785PMQRN4LVC41
- egtidmouc14l4ddut5hrsmqp3fal5j0h.info. 3600 IN RRSIG NSEC3 7 2 3600 20191010152936 20190919142936 62957 info. RRUyYuvETVFE0m+0iIw9m2119f4pRdzpngvQxd03ZuaBPlUykm/2/1RK +3517nhKcsjOWUXKHhbI+aOm0Qtta+RkEj38qmC0DKxb1Kq6AZhGaDAB 8rIJ5DHcoyghbA7vz+grDwshtV6ure7zWwJKCNhh3DNLu0wfhOvnMQmT V88=
- ;; Received 577 bytes from 199.254.48.1#53(b0.info.afilias-nst.org) in 203 ms
- htmedia.info. 3600 IN A 185.85.196.45
- htmedia.info. 3600 IN NS dns8.cloudns.net.
- htmedia.info. 3600 IN NS dns4.cloudns.net.
- htmedia.info. 3600 IN NS dns7.cloudns.net.
- htmedia.info. 3600 IN NS dns3.cloudns.net.
- ;; Received 144 bytes from 185.136.96.88#53(dns3.cloudns.net) in 27 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: htmedia.info
- [-] DNSSEC is not configured for htmedia.info
- [*] SOA dns3.cloudns.net 185.136.96.88
- [*] NS dns4.cloudns.net 185.136.97.88
- [*] Bind Version for 185.136.97.88 unknown
- [*] NS dns4.cloudns.net 2a06:fb00:1::2:88
- [*] Bind Version for 2a06:fb00:1::2:88 unknown
- [*] NS dns8.cloudns.net 185.136.99.88
- [*] Bind Version for 185.136.99.88 unknown
- [*] NS dns8.cloudns.net 2a06:fb00:1::4:88
- [*] Bind Version for 2a06:fb00:1::4:88 unknown
- [*] NS dns7.cloudns.net 185.136.98.88
- [*] Bind Version for 185.136.98.88 unknown
- [*] NS dns7.cloudns.net 2a06:fb00:1::3:88
- [*] Bind Version for 2a06:fb00:1::3:88 unknown
- [*] NS dns3.cloudns.net 185.136.96.88
- [*] Bind Version for 185.136.96.88 unknown
- [*] NS dns3.cloudns.net 2a06:fb00:1::1:88
- [*] Bind Version for 2a06:fb00:1::1:88 unknown
- [*] MX inbound.htmedia.info.netsolmail.net 206.188.198.64
- [*] A htmedia.info 185.85.196.45
- [*] Enumerating SRV Records
- [-] No SRV Records Found for htmedia.info
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain htmedia.info
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2', '192.168.0.1']
- [+] Getting nameservers
- 185.136.97.88 - dns4.cloudns.net
- 185.136.99.88 - dns8.cloudns.net
- 185.136.98.88 - dns7.cloudns.net
- 185.136.96.88 - dns3.cloudns.net
- [-] Zone transfer failed
- [+] MX records found, added to target list
- 10 inbound.htmedia.info.netsolmail.net.
- [*] Scanning htmedia.info for A records
- 185.85.196.45 - htmedia.info
- 205.178.146.235 - mail.htmedia.info
- 205.178.146.235 - smtp.htmedia.info
- 185.85.196.45 - www.htmedia.info
- #######################################################################################################################################
- Parsero scan report for www.htmedia.info
- http://www.htmedia.info/cache/ 302 Found
- http://www.htmedia.info/installation/ 302 Found
- http://www.htmedia.info/plugins/ 302 Found
- http://www.htmedia.info/layouts/ 302 Found
- http://www.htmedia.info/includes/ 302 Found
- http://www.htmedia.info/modules/ 302 Found
- http://www.htmedia.info/tmp/ 302 Found
- http://www.htmedia.info/administrator/ 200 OK
- http://www.htmedia.info/components/ 302 Found
- http://www.htmedia.info/bin/ 200 OK
- http://www.htmedia.info/cli/ 302 Found
- http://www.htmedia.info/libraries/ 302 Found
- http://www.htmedia.info/language/ 302 Found
- http://www.htmedia.info/logs/ 200 OK
- #######################################################################################################################################
- AVAILABLE PLUGINS
- -----------------
- CertificateInfoPlugin
- CompressionPlugin
- RobotPlugin
- OpenSslCipherSuitesPlugin
- EarlyDataPlugin
- HeartbleedPlugin
- FallbackScsvPlugin
- SessionRenegotiationPlugin
- SessionResumptionPlugin
- OpenSslCcsInjectionPlugin
- HttpHeadersPlugin
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- 185.85.196.45:443 => 185.85.196.45
- SCAN RESULTS FOR 185.85.196.45:443 - 185.85.196.45
- --------------------------------------------------
- * Certificate Information:
- Content
- SHA1 Fingerprint: 6c84e350aef473578f0b6bcb8648338780575ef2
- Common Name: al-aqsa.org
- Issuer: Let's Encrypt Authority X3
- Serial Number: 286901020914952824882778656320360633818807
- Not Before: 2019-09-21 16:27:19
- Not After: 2019-12-20 16:27:19
- Signature Algorithm: sha256
- Public Key Algorithm: RSA
- Key Size: 2048
- Exponent: 65537 (0x10001)
- DNS Subject Alternative Names: ['al-aqsa.org']
- Trust
- Hostname Validation: FAILED - Certificate does NOT match 185.85.196.45
- Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
- Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
- Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
- Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
- Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
- Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
- Received Chain: al-aqsa.org
- Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
- Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
- Received Chain Order: OK - Order is valid
- Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
- Extensions
- OCSP Must-Staple: NOT SUPPORTED - Extension not found
- Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
- OCSP Stapling
- NOT SUPPORTED - Server did not send back an OCSP response
- * TLSV1_2 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 OK - Not Supported
- Preferred:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
- Accepted:
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 256 bits HTTP 200 OK
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 200 OK
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- RSA_WITH_AES_256_CCM_8 256 bits HTTP 200 OK
- RSA_WITH_AES_256_CCM 256 bits HTTP 200 OK
- RSA_WITH_AES_128_CCM_8 128 bits HTTP 200 OK
- RSA_WITH_AES_128_CCM 128 bits HTTP 200 OK
- ECDHE-ARIA256-GCM-SHA384 256 bits HTTP 200 OK
- ECDHE-ARIA128-GCM-SHA256 128 bits HTTP 200 OK
- ARIA256-GCM-SHA384 256 bits HTTP 200 OK
- ARIA128-GCM-SHA256 128 bits HTTP 200 OK
- * Deflate Compression:
- OK - Compression disabled
- * TLSV1_3 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 OK - Not Supported
- Preferred:
- TLS_AES_256_GCM_SHA384 256 bits HTTP 200 OK
- Accepted:
- TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 200 OK
- TLS_AES_256_GCM_SHA384 256 bits HTTP 200 OK
- TLS_AES_128_GCM_SHA256 128 bits HTTP 200 OK
- * OpenSSL Heartbleed:
- OK - Not vulnerable to Heartbleed
- * TLSV1 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 OK - Not Supported
- Preferred:
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- Accepted:
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- * Downgrade Attacks:
- TLS_FALLBACK_SCSV: OK - Supported
- * TLSV1_1 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 OK - Not Supported
- Preferred:
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- Accepted:
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
- * TLS 1.2 Session Resumption Support:
- With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
- With TLS Tickets: OK - Supported
- * Session Renegotiation:
- Client-initiated Renegotiation: OK - Rejected
- Secure Renegotiation: OK - Supported
- * OpenSSL CCS Injection:
- OK - Not vulnerable to OpenSSL CCS injection
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Server rejected all cipher suites.
- * ROBOT Attack:
- OK - Not vulnerable
- SCAN COMPLETED IN 16.64 S
- -------------------------
- #######################################################################################################################################
- Domains still to check: 1
- Checking if the hostname htmedia.info. given is in fact a domain...
- Analyzing domain: htmedia.info.
- Checking NameServers using system default resolver...
- IP: 185.136.97.88 (Europe)
- HostName: dns4.cloudns.net Type: NS
- HostName: dns4.cloudns.net Type: PTR
- IP: 185.136.99.88 (Europe)
- HostName: dns8.cloudns.net Type: NS
- HostName: dns8.cloudns.net Type: PTR
- IP: 185.136.98.88 (United States)
- HostName: dns7.cloudns.net Type: NS
- HostName: dns7.cloudns.net Type: PTR
- IP: 185.136.96.88 (United States)
- HostName: dns3.cloudns.net Type: NS
- HostName: dns3.cloudns.net Type: PTR
- Checking MailServers using system default resolver...
- IP: 206.188.198.64 (United States)
- HostName: inbound.htmedia.info.netsolmail.net Type: MX
- HostName: mailpod1.networksolutionsemail.com Type: PTR
- Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
- No zone transfer found on nameserver 185.136.96.88
- No zone transfer found on nameserver 185.136.98.88
- No zone transfer found on nameserver 185.136.97.88
- No zone transfer found on nameserver 185.136.99.88
- Checking SPF record...
- No SPF record
- Checking 192 most common hostnames using system default resolver...
- IP: 185.85.196.45 (United Kingdom)
- HostName: www.htmedia.info. Type: A
- IP: 205.178.146.235 (United States)
- HostName: mail.htmedia.info. Type: A
- IP: 205.178.146.235 (United States)
- HostName: mail.htmedia.info. Type: A
- HostName: smtp.htmedia.info. Type: A
- Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
- Checking netblock 205.178.146.0
- Checking netblock 185.136.98.0
- Checking netblock 185.136.96.0
- Checking netblock 206.188.198.0
- Checking netblock 185.85.196.0
- Checking netblock 185.136.97.0
- Checking netblock 185.136.99.0
- Searching for htmedia.info. emails in Google
- Checking 7 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
- Host 205.178.146.235 is up (reset ttl 64)
- Host 185.136.98.88 is up (echo-reply ttl 57)
- Host 185.136.96.88 is up (reset ttl 64)
- Host 206.188.198.64 is up (reset ttl 64)
- Host 185.85.196.45 is up (echo-reply ttl 52)
- Host 185.136.97.88 is up (reset ttl 64)
- Host 185.136.99.88 is up (reset ttl 64)
- Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
- Scanning ip 205.178.146.235 (smtp.htmedia.info.):
- 80/tcp open http syn-ack ttl 52 Apache httpd (PHP 5.6.25)
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache
- | http-title: Webmail Login
- |_Requested resource was ox6/interfaces/sso/
- 110/tcp open pop3 syn-ack ttl 52 qmail pop3d
- 143/tcp open imap syn-ack ttl 52 Courier Imapd (released 2008)
- |_imap-capabilities: STARTTLSA0001 QUOTA completed IMAP4rev1 ACL2=UNION NAMESPACE OK ACL THREAD=REFERENCES THREAD=ORDEREDSUBJECT UIDPLUS CHILDREN IDLE SORT CAPABILITY
- | ssl-cert: Subject: commonName=*.hostingplatform.com
- | Subject Alternative Name: DNS:*.hostingplatform.com, DNS:hostingplatform.com
- | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2017-08-22T00:00:00
- | Not valid after: 2020-10-19T23:59:59
- | MD5: 5855 2375 3084 9377 d5f2 0bc3 2470 0c9a
- |_SHA-1: 3e85 7c56 9bf1 fd60 3d86 155b 0df0 5fd7 b507 ee2f
- |_ssl-date: 2019-09-25T02:44:26+00:00; -4s from scanner time.
- 443/tcp open ssl/http syn-ack ttl 53 Apache httpd (PHP 5.6.25)
- | http-methods:
- |_ Supported Methods: GET HEAD POST
- |_http-server-header: Apache
- | http-title: Webmail Login
- |_Requested resource was ox6/interfaces/sso/
- | ssl-cert: Subject: commonName=*.networksolutionsemail.com
- | Subject Alternative Name: DNS:*.networksolutionsemail.com, DNS:networksolutionsemail.com
- | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-03-21T00:00:00
- | Not valid after: 2020-03-20T23:59:59
- | MD5: 43fe e80b fc52 3858 2807 9f5c 5d1d f652
- |_SHA-1: fe8b 57c2 4e75 6873 5893 2c7c cde6 39e8 6fbd 2323
- |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
- 587/tcp open smtp syn-ack ttl 53 netqmail smtpd 1.04
- | smtp-commands: mailpod.hostingplatform.com, STARTTLS, PIPELINING, 8BITMIME, SIZE 65000000, AUTH LOGIN PLAIN CRAM-MD5,
- |_ netqmail home page: http://qmail.org/netqmail
- |_ssl-date: 2019-09-25T02:44:26+00:00; -4s from scanner time.
- 993/tcp open ssl/imap syn-ack ttl 53 Courier Imapd (released 2008)
- |_imap-capabilities: completed QUOTA AUTH=PLAIN IMAP4rev1 OK NAMESPACE ACL2=UNIONA0001 ACL THREAD=REFERENCES THREAD=ORDEREDSUBJECT UIDPLUS CHILDREN IDLE SORT CAPABILITY
- | ssl-cert: Subject: commonName=*.hostingplatform.com
- | Subject Alternative Name: DNS:*.hostingplatform.com, DNS:hostingplatform.com
- | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2017-08-22T00:00:00
- | Not valid after: 2020-10-19T23:59:59
- | MD5: 5855 2375 3084 9377 d5f2 0bc3 2470 0c9a
- |_SHA-1: 3e85 7c56 9bf1 fd60 3d86 155b 0df0 5fd7 b507 ee2f
- |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
- 995/tcp open ssl/pop3s? syn-ack ttl 52
- |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
- OS Info: Service Info: Host: mail.hostingplatform.com; OS: Unix
- |_clock-skew: mean: -3s, deviation: 0s, median: -3s
- Scanning ip 185.136.98.88 (dns7.cloudns.net (PTR)):
- Scanning ip 185.136.96.88 (dns3.cloudns.net (PTR)):
- 53/tcp open domain syn-ack ttl 57 (unknown banner: unknown)
- | dns-nsid:
- | NSID: ca1-3 (6361312d33)
- | id.server: ca1-3
- |_ bind.version: unknown
- | fingerprint-strings:
- | DNSVersionBindReqTCP:
- | version
- | bind
- |_ unknown
- Scanning ip 206.188.198.64 (mailpod1.networksolutionsemail.com (PTR)):
- Scanning ip 185.85.196.45 (www.htmedia.info.):
- 22/tcp open ssh syn-ack ttl 52 OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
- | ssh-hostkey:
- | 2048 a0:72:87:9b:6e:7c:d8:9e:ec:36:d0:a0:fd:31:4a:54 (RSA)
- | 256 a2:8f:6d:b0:f3:41:87:9c:a9:4c:59:0a:63:03:5a:cb (ECDSA)
- |_ 256 c3:0e:00:86:70:5e:2c:ee:40:4b:56:83:dc:dd:0c:3c (ED25519)
- 80/tcp open http syn-ack ttl 52 nginx 1.15.9 (Ubuntu)
- | http-methods:
- |_ Supported Methods: GET HEAD
- |_http-server-header: nginx/1.15.9 (Ubuntu)
- |_http-title: Apache2 Ubuntu Default Page: It works
- 443/tcp open ssl/http syn-ack ttl 52 nginx 1.15.9 (Ubuntu)
- |_http-server-header: nginx/1.15.9 (Ubuntu)
- |_http-title: 502 Bad Gateway
- | ssl-cert: Subject: commonName=al-aqsa.org
- | Subject Alternative Name: DNS:al-aqsa.org
- | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2019-09-21T16:27:19
- | Not valid after: 2019-12-20T16:27:19
- | MD5: 4b13 707e 9805 fec2 bbaa fdae f91f 7eaf
- |_SHA-1: 6c84 e350 aef4 7357 8f0b 6bcb 8648 3387 8057 5ef2
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- | h2
- |_ http/1.1
- | tls-nextprotoneg:
- | h2
- |_ http/1.1
- OS Info: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- Scanning ip 185.136.97.88 (dns4.cloudns.net (PTR)):
- Scanning ip 185.136.99.88 (dns8.cloudns.net (PTR)):
- WebCrawling domain's web servers... up to 50 max links.
- + URL to crawl: http://smtp.htmedia.info.
- + Date: 2019-09-24
- + Crawling URL: http://smtp.htmedia.info.:
- + Links:
- + Crawling http://smtp.htmedia.info.
- + Searching for directories...
- - Found: http://smtp.htmedia.info./css/
- + Searching open folders...
- - http://smtp.htmedia.info./css/ (404 Not Found)
- + URL to crawl: http://mail.htmedia.info.
- + Date: 2019-09-24
- + Crawling URL: http://mail.htmedia.info.:
- + Links:
- + Crawling http://mail.htmedia.info.
- + Searching for directories...
- - Found: http://mail.htmedia.info./css/
- + Searching open folders...
- - http://mail.htmedia.info./css/ (404 Not Found)
- + URL to crawl: https://smtp.htmedia.info.
- + Date: 2019-09-24
- + Crawling URL: https://smtp.htmedia.info.:
- + Links:
- + Crawling https://smtp.htmedia.info.
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: https://mail.htmedia.info.
- + Date: 2019-09-24
- + Crawling URL: https://mail.htmedia.info.:
- + Links:
- + Crawling https://mail.htmedia.info.
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://www.htmedia.info.
- + Date: 2019-09-24
- + Crawling URL: http://www.htmedia.info.:
- + Links:
- + Crawling http://www.htmedia.info. (503 Service Unavailable)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: https://www.htmedia.info.
- + Date: 2019-09-24
- + Crawling URL: https://www.htmedia.info.:
- + Links:
- + Crawling https://www.htmedia.info. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
- + Searching for directories...
- + Searching open folders...
- --Finished--
- Summary information for domain htmedia.info.
- -----------------------------------------
- Domain Ips Information:
- IP: 205.178.146.235
- HostName: mail.htmedia.info. Type: A
- HostName: smtp.htmedia.info. Type: A
- Country: United States
- Is Active: True (reset ttl 64)
- Port: 80/tcp open http syn-ack ttl 52 Apache httpd (PHP 5.6.25)
- Script Info: | http-methods:
- Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
- Script Info: |_http-server-header: Apache
- Script Info: | http-title: Webmail Login
- Script Info: |_Requested resource was ox6/interfaces/sso/
- Port: 110/tcp open pop3 syn-ack ttl 52 qmail pop3d
- Port: 143/tcp open imap syn-ack ttl 52 Courier Imapd (released 2008)
- Script Info: |_imap-capabilities: STARTTLSA0001 QUOTA completed IMAP4rev1 ACL2=UNION NAMESPACE OK ACL THREAD=REFERENCES THREAD=ORDEREDSUBJECT UIDPLUS CHILDREN IDLE SORT CAPABILITY
- Script Info: | ssl-cert: Subject: commonName=*.hostingplatform.com
- Script Info: | Subject Alternative Name: DNS:*.hostingplatform.com, DNS:hostingplatform.com
- Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2017-08-22T00:00:00
- Script Info: | Not valid after: 2020-10-19T23:59:59
- Script Info: | MD5: 5855 2375 3084 9377 d5f2 0bc3 2470 0c9a
- Script Info: |_SHA-1: 3e85 7c56 9bf1 fd60 3d86 155b 0df0 5fd7 b507 ee2f
- Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -4s from scanner time.
- Port: 443/tcp open ssl/http syn-ack ttl 53 Apache httpd (PHP 5.6.25)
- Script Info: | http-methods:
- Script Info: |_ Supported Methods: GET HEAD POST
- Script Info: |_http-server-header: Apache
- Script Info: | http-title: Webmail Login
- Script Info: |_Requested resource was ox6/interfaces/sso/
- Script Info: | ssl-cert: Subject: commonName=*.networksolutionsemail.com
- Script Info: | Subject Alternative Name: DNS:*.networksolutionsemail.com, DNS:networksolutionsemail.com
- Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2018-03-21T00:00:00
- Script Info: | Not valid after: 2020-03-20T23:59:59
- Script Info: | MD5: 43fe e80b fc52 3858 2807 9f5c 5d1d f652
- Script Info: |_SHA-1: fe8b 57c2 4e75 6873 5893 2c7c cde6 39e8 6fbd 2323
- Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
- Port: 587/tcp open smtp syn-ack ttl 53 netqmail smtpd 1.04
- Script Info: | smtp-commands: mailpod.hostingplatform.com, STARTTLS, PIPELINING, 8BITMIME, SIZE 65000000, AUTH LOGIN PLAIN CRAM-MD5,
- Script Info: |_ netqmail home page: http://qmail.org/netqmail
- Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -4s from scanner time.
- Port: 993/tcp open ssl/imap syn-ack ttl 53 Courier Imapd (released 2008)
- Script Info: |_imap-capabilities: completed QUOTA AUTH=PLAIN IMAP4rev1 OK NAMESPACE ACL2=UNIONA0001 ACL THREAD=REFERENCES THREAD=ORDEREDSUBJECT UIDPLUS CHILDREN IDLE SORT CAPABILITY
- Script Info: | ssl-cert: Subject: commonName=*.hostingplatform.com
- Script Info: | Subject Alternative Name: DNS:*.hostingplatform.com, DNS:hostingplatform.com
- Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2017-08-22T00:00:00
- Script Info: | Not valid after: 2020-10-19T23:59:59
- Script Info: | MD5: 5855 2375 3084 9377 d5f2 0bc3 2470 0c9a
- Script Info: |_SHA-1: 3e85 7c56 9bf1 fd60 3d86 155b 0df0 5fd7 b507 ee2f
- Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
- Port: 995/tcp open ssl/pop3s? syn-ack ttl 52
- Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
- Os Info: Host: mail.hostingplatform.com; OS: Unix
- Script Info: |_clock-skew: mean: -3s, deviation: 0s, median: -3s
- IP: 185.136.98.88
- HostName: dns7.cloudns.net Type: NS
- HostName: dns7.cloudns.net Type: PTR
- Country: United States
- Is Active: True (echo-reply ttl 57)
- IP: 185.136.96.88
- HostName: dns3.cloudns.net Type: NS
- HostName: dns3.cloudns.net Type: PTR
- Country: United States
- Is Active: True (reset ttl 64)
- Port: 53/tcp open domain syn-ack ttl 57 (unknown banner: unknown)
- Script Info: | dns-nsid:
- Script Info: | NSID: ca1-3 (6361312d33)
- Script Info: | id.server: ca1-3
- Script Info: |_ bind.version: unknown
- Script Info: | fingerprint-strings:
- Script Info: | DNSVersionBindReqTCP:
- Script Info: | version
- Script Info: | bind
- Script Info: |_ unknown
- IP: 206.188.198.64
- HostName: inbound.htmedia.info.netsolmail.net Type: MX
- HostName: mailpod1.networksolutionsemail.com Type: PTR
- Country: United States
- Is Active: True (reset ttl 64)
- IP: 185.85.196.45
- HostName: www.htmedia.info. Type: A
- Country: United Kingdom
- Is Active: True (echo-reply ttl 52)
- Port: 22/tcp open ssh syn-ack ttl 52 OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
- Script Info: | ssh-hostkey:
- Script Info: | 2048 a0:72:87:9b:6e:7c:d8:9e:ec:36:d0:a0:fd:31:4a:54 (RSA)
- Script Info: | 256 a2:8f:6d:b0:f3:41:87:9c:a9:4c:59:0a:63:03:5a:cb (ECDSA)
- Script Info: |_ 256 c3:0e:00:86:70:5e:2c:ee:40:4b:56:83:dc:dd:0c:3c (ED25519)
- Port: 80/tcp open http syn-ack ttl 52 nginx 1.15.9 (Ubuntu)
- Script Info: | http-methods:
- Script Info: |_ Supported Methods: GET HEAD
- Script Info: |_http-server-header: nginx/1.15.9 (Ubuntu)
- Script Info: |_http-title: Apache2 Ubuntu Default Page: It works
- Port: 443/tcp open ssl/http syn-ack ttl 52 nginx 1.15.9 (Ubuntu)
- Script Info: |_http-server-header: nginx/1.15.9 (Ubuntu)
- Script Info: |_http-title: 502 Bad Gateway
- Script Info: | ssl-cert: Subject: commonName=al-aqsa.org
- Script Info: | Subject Alternative Name: DNS:al-aqsa.org
- Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2019-09-21T16:27:19
- Script Info: | Not valid after: 2019-12-20T16:27:19
- Script Info: | MD5: 4b13 707e 9805 fec2 bbaa fdae f91f 7eaf
- Script Info: |_SHA-1: 6c84 e350 aef4 7357 8f0b 6bcb 8648 3387 8057 5ef2
- Script Info: |_ssl-date: TLS randomness does not represent time
- Script Info: | tls-alpn:
- Script Info: | h2
- Script Info: |_ http/1.1
- Script Info: | tls-nextprotoneg:
- Script Info: | h2
- Script Info: |_ http/1.1
- Os Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- IP: 185.136.97.88
- HostName: dns4.cloudns.net Type: NS
- HostName: dns4.cloudns.net Type: PTR
- Country: Europe
- Is Active: True (reset ttl 64)
- IP: 185.136.99.88
- HostName: dns8.cloudns.net Type: NS
- HostName: dns8.cloudns.net Type: PTR
- Country: Europe
- Is Active: True (reset ttl 64)
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.htmedia.info -----
- Host's addresses:
- __________________
- htmedia.info. 1215 IN A 185.85.196.45
- Name Servers:
- ______________
- dns8.cloudns.net. 85707 IN A 185.136.99.88
- dns4.cloudns.net. 49957 IN A 185.136.97.88
- dns3.cloudns.net. 49415 IN A 185.136.96.88
- dns7.cloudns.net. 86332 IN A 185.136.98.88
- Mail (MX) Servers:
- ___________________
- inbound.htmedia.info.netsolmail.net. 5944 IN A 206.188.198.64
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for www.htmedia.info on dns8.cloudns.net ...
- Trying Zone Transfer for www.htmedia.info on dns4.cloudns.net ...
- Trying Zone Transfer for www.htmedia.info on dns3.cloudns.net ...
- Trying Zone Transfer for www.htmedia.info on dns7.cloudns.net ...
- brute force file not specified, bay.
- ######################################################################################################################################
- [*] Processing domain www.htmedia.info
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2', '192.168.0.1']
- [+] Getting nameservers
- 185.136.96.88 - dns3.cloudns.net
- 185.136.98.88 - dns7.cloudns.net
- 185.136.99.88 - dns8.cloudns.net
- 185.136.97.88 - dns4.cloudns.net
- [-] Zone transfer failed
- [+] MX records found, added to target list
- 10 inbound.htmedia.info.netsolmail.net.
- [*] Scanning www.htmedia.info for A records
- 185.85.196.45 - www.htmedia.info
- ######################################################################################################################################
- [+] www.htmedia.info has no SPF record!
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.htmedia.info!
- ######################################################################################################################################
- INFO[0000] Starting to process queue....
- INFO[0000] Starting to process permutations....
- INFO[0000] FORBIDDEN http://htmedia.s3.amazonaws.com (http://htmedia.info)
- INFO[0000] FORBIDDEN http://htmedia-backup.s3.amazonaws.com (http://htmedia.info)
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 23:05 EDT
- Nmap scan report for www.htmedia.info (185.85.196.45)
- Host is up (0.046s latency).
- rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
- Not shown: 477 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 22/tcp open ssh
- 80/tcp open http
- 443/tcp open https
- Nmap done: 1 IP address (1 host up) scanned in 4.09 seconds
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 23:06 EDT
- Nmap scan report for www.htmedia.info (185.85.196.45)
- Host is up (0.075s latency).
- rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
- #######################################################################################################################################
- # general
- (gen) banner: SSH-2.0-OpenSSH_7.9p1 Ubuntu-10
- (gen) software: OpenSSH 7.9p1
- (gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
- (gen) compression: enabled (zlib@openssh.com)
- # key exchange algorithms
- (kex) curve25519-sha256 -- [warn] unknown algorithm
- (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
- `- [info] available since OpenSSH 4.4
- (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
- (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
- (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
- (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
- # host-key algorithms
- (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
- (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
- (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
- `- [warn] using weak random number generator could reveal the key
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
- # encryption algorithms (ciphers)
- (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
- `- [info] default cipher since OpenSSH 6.9.
- (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes192-ctr -- [info] available since OpenSSH 3.7
- (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
- (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
- # message authentication code algorithms
- (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 6.2
- (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 6.2
- (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 4.7
- (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- # algorithm recommendations (for OpenSSH 7.9)
- (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
- (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
- (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
- (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
- (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
- (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
- (rec) -hmac-sha2-512 -- mac algorithm to remove
- (rec) -umac-128@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha2-256 -- mac algorithm to remove
- (rec) -umac-64@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha1 -- mac algorithm to remove
- (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
- (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
- ######################################################################################################################################
- USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
- RHOSTS => www.htmedia.info
- RHOST => www.htmedia.info
- [*] 185.85.196.45:22 - SSH - Using malformed packet technique
- [*] 185.85.196.45:22 - SSH - Starting scan
- [+] 185.85.196.45:22 - SSH - User 'admin' found
- [+] 185.85.196.45:22 - SSH - User 'administrator' found
- [+] 185.85.196.45:22 - SSH - User 'anonymous' found
- [+] 185.85.196.45:22 - SSH - User 'backup' found
- [+] 185.85.196.45:22 - SSH - User 'bee' found
- [+] 185.85.196.45:22 - SSH - User 'ftp' found
- [+] 185.85.196.45:22 - SSH - User 'guest' found
- [+] 185.85.196.45:22 - SSH - User 'GUEST' found
- [+] 185.85.196.45:22 - SSH - User 'info' found
- [+] 185.85.196.45:22 - SSH - User 'mail' found
- [+] 185.85.196.45:22 - SSH - User 'mailadmin' found
- [+] 185.85.196.45:22 - SSH - User 'msfadmin' found
- [+] 185.85.196.45:22 - SSH - User 'mysql' found
- [+] 185.85.196.45:22 - SSH - User 'nobody' found
- [+] 185.85.196.45:22 - SSH - User 'oracle' found
- [+] 185.85.196.45:22 - SSH - User 'owaspbwa' found
- [+] 185.85.196.45:22 - SSH - User 'postfix' found
- [+] 185.85.196.45:22 - SSH - User 'postgres' found
- [+] 185.85.196.45:22 - SSH - User 'private' found
- [+] 185.85.196.45:22 - SSH - User 'proftpd' found
- [+] 185.85.196.45:22 - SSH - User 'public' found
- [+] 185.85.196.45:22 - SSH - User 'root' found
- [+] 185.85.196.45:22 - SSH - User 'superadmin' found
- [+] 185.85.196.45:22 - SSH - User 'support' found
- [+] 185.85.196.45:22 - SSH - User 'sys' found
- [+] 185.85.196.45:22 - SSH - User 'system' found
- [+] 185.85.196.45:22 - SSH - User 'systemadmin' found
- [+] 185.85.196.45:22 - SSH - User 'systemadministrator' found
- [+] 185.85.196.45:22 - SSH - User 'test' found
- [+] 185.85.196.45:22 - SSH - User 'tomcat' found
- [+] 185.85.196.45:22 - SSH - User 'user' found
- [+] 185.85.196.45:22 - SSH - User 'webmaster' found
- [+] 185.85.196.45:22 - SSH - User 'www-data' found
- [+] 185.85.196.45:22 - SSH - User 'Fortimanager_Access' found
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 23:07 EDT
- NSE: Loaded 164 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 23:07
- Completed NSE at 23:07, 0.00s elapsed
- Initiating NSE at 23:07
- Completed NSE at 23:07, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 23:07
- Completed Parallel DNS resolution of 1 host. at 23:07, 0.03s elapsed
- Initiating SYN Stealth Scan at 23:07
- Scanning www.htmedia.info (185.85.196.45) [1 port]
- Discovered open port 80/tcp on 185.85.196.45
- Completed SYN Stealth Scan at 23:07, 0.10s elapsed (1 total ports)
- Initiating Service scan at 23:07
- Scanning 1 service on www.htmedia.info (185.85.196.45)
- Completed Service scan at 23:07, 5.31s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against www.htmedia.info (185.85.196.45)
- Retrying OS detection (try #2) against www.htmedia.info (185.85.196.45)
- Initiating Traceroute at 23:07
- Completed Traceroute at 23:07, 3.08s elapsed
- Initiating Parallel DNS resolution of 12 hosts. at 23:07
- Completed Parallel DNS resolution of 12 hosts. at 23:07, 0.28s elapsed
- NSE: Script scanning 185.85.196.45.
- Initiating NSE at 23:07
- Completed NSE at 23:07, 26.81s elapsed
- Initiating NSE at 23:07
- Completed NSE at 23:07, 0.47s elapsed
- Nmap scan report for www.htmedia.info (185.85.196.45)
- Host is up (0.082s latency).
- rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
- PORT STATE SERVICE VERSION
- 80/tcp open http nginx 1.15.9 (Ubuntu)
- | http-brute:
- |_ Path "/" does not require authentication
- |_http-chrono: Request times for /; avg: 352.35ms; min: 286.02ms; max: 484.26ms
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-date: Wed, 25 Sep 2019 03:07:19 GMT; -4s from local time.
- |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
- | http-errors:
- | Spidering limited to: maxpagecount=40; withinhost=www.htmedia.info
- | Found the following error pages:
- |
- | Error Code: 502
- |_ http://www.htmedia.info:80/
- |_http-feed: Couldn't find any feeds.
- |_http-fetch: Please enter the complete path of the directory to save data in.
- | http-headers:
- | Server: nginx/1.15.9 (Ubuntu)
- | Date: Wed, 25 Sep 2019 03:07:32 GMT
- | Content-Type: text/html
- | Content-Length: 166
- | X-Varnish: 12715253
- | Age: 0
- | Via: 1.1 varnish (Varnish/6.1)
- | Connection: close
- |
- |_ (Request type: GET)
- |_http-jsonp-detection: Couldn't find any JSONP endpoints.
- |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
- |_http-mobileversion-checker: No mobile version detected.
- | http-robots.txt: 15 disallowed entries
- | /joomla/administrator/ /administrator/ /bin/ /cache/
- | /cli/ /components/ /includes/ /installation/ /language/
- |_/layouts/ /libraries/ /logs/ /modules/ /plugins/ /tmp/
- |_http-security-headers:
- |_http-server-header: nginx/1.15.9 (Ubuntu)
- | http-sitemap-generator:
- | Directory structure:
- | Longest directory structure:
- | Depth: 0
- | Dir: /
- | Total files found (by extension):
- |_
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- |_http-title: 502 Bad Gateway
- | http-traceroute:
- | Status Code
- | Hop #1: 502
- | Hop #2: 502
- |_ Hop #3: 502
- | http-vhosts:
- |_127 names had status 502
- |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
- |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
- |_http-xssed: No previously reported XSS vuln.
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Crestron XPanel control system (92%), ASUS RT-N56U WAP (Linux 3.4) (90%), Linux 3.1 (90%), Linux 3.16 (90%), Linux 3.2 (90%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (89%), HP P2000 G3 NAS device (89%), Linux 2.6.32 (88%), Linux 2.6.39 - 3.2 (88%), Infomir MAG-250 set-top box (88%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 3.443 days (since Sat Sep 21 12:30:17 2019)
- Network Distance: 14 hops
- TCP Sequence Prediction: Difficulty=260 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 43.71 ms 10.243.204.1
- 2 63.47 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 63.53 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 63.45 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 63.52 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
- 6 63.51 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 63.60 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
- 8 63.59 ms be3528.rcr51.b054249-0.yyz02.atlas.cogentco.com (66.28.4.246)
- 9 63.59 ms 151.139.116.7
- 10 ...
- 11 73.02 ms 151.139.28.6
- 12 79.42 ms 151.139.28.20
- 13 ...
- 14 100.50 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
- NSE: Script Post-scanning.
- Initiating NSE at 23:07
- Completed NSE at 23:07, 0.00s elapsed
- Initiating NSE at 23:07
- Completed NSE at 23:07, 0.00s elapsed
- ######################################################################################################################################
- http://www.htmedia.info [502 Bad Gateway] HTTPServer[Ubuntu Linux][nginx/1.15.9 (Ubuntu)], IP[185.85.196.45], Title[502 Bad Gateway], UncommonHeaders[x-varnish], Varnish, Via-Proxy[1.1 varnish (Varnish/6.1)], nginx[1.15.9]
- ######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://www.htmedia.info...
- _____________________ SITE INFO ______________________
- IP Title
- 185.85.196.45 502 Bad Gateway
- ______________________ VERSION _______________________
- Name Versions Type
- nginx 1.15.9 Platform
- ____________________ INTERESTING _____________________
- URL Note Type
- /readme.html Readme file Interesting
- /install.php Installation file Interesting
- /robots.txt robots.txt index Interesting
- /test.php Test file Interesting
- ______________________________________________________
- Time: 30.3 sec Urls: 539 Fingerprints: 40401
- ######################################################################################################################################
- HTTP/1.1 502 Bad Gateway
- Server: nginx/1.15.9 (Ubuntu)
- Date: Wed, 25 Sep 2019 03:08:19 GMT
- Content-Type: text/html
- Content-Length: 166
- X-Varnish: 7799600
- Age: 0
- Via: 1.1 varnish (Varnish/6.1)
- Connection: keep-alive
- HTTP/1.1 502 Bad Gateway
- Server: nginx/1.15.9 (Ubuntu)
- Date: Wed, 25 Sep 2019 03:08:20 GMT
- Content-Type: text/html
- Content-Length: 166
- X-Varnish: 12715315
- Age: 0
- Via: 1.1 varnish (Varnish/6.1)
- Connection: keep-alive
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 23:09 EDT
- NSE: Loaded 164 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 23:09
- Completed NSE at 23:09, 0.00s elapsed
- Initiating NSE at 23:09
- Completed NSE at 23:09, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 23:09
- Completed Parallel DNS resolution of 1 host. at 23:09, 0.02s elapsed
- Initiating SYN Stealth Scan at 23:09
- Scanning www.htmedia.info (185.85.196.45) [1 port]
- Discovered open port 443/tcp on 185.85.196.45
- Completed SYN Stealth Scan at 23:09, 0.07s elapsed (1 total ports)
- Initiating Service scan at 23:09
- Scanning 1 service on www.htmedia.info (185.85.196.45)
- Completed Service scan at 23:09, 15.44s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against www.htmedia.info (185.85.196.45)
- Retrying OS detection (try #2) against www.htmedia.info (185.85.196.45)
- Initiating Traceroute at 23:09
- Completed Traceroute at 23:09, 3.08s elapsed
- Initiating Parallel DNS resolution of 12 hosts. at 23:09
- Completed Parallel DNS resolution of 12 hosts. at 23:09, 0.28s elapsed
- NSE: Script scanning 185.85.196.45.
- Initiating NSE at 23:09
- Completed NSE at 23:09, 34.14s elapsed
- Initiating NSE at 23:09
- Completed NSE at 23:10, 3.66s elapsed
- Nmap scan report for www.htmedia.info (185.85.196.45)
- Host is up (0.063s latency).
- rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
- PORT STATE SERVICE VERSION
- 443/tcp open ssl/http nginx 1.15.9 (Ubuntu)
- | http-brute:
- |_ Path "/" does not require authentication
- |_http-chrono: Request times for /; avg: 472.09ms; min: 398.94ms; max: 499.84ms
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-date: Wed, 25 Sep 2019 03:09:22 GMT; -5s from local time.
- |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
- | http-errors:
- | Spidering limited to: maxpagecount=40; withinhost=www.htmedia.info
- | Found the following error pages:
- |
- | Error Code: 502
- |_ https://www.htmedia.info:443/
- |_http-feed: Couldn't find any feeds.
- |_http-fetch: Please enter the complete path of the directory to save data in.
- | http-headers:
- | Server: nginx/1.15.9 (Ubuntu)
- | Date: Wed, 25 Sep 2019 03:09:36 GMT
- | Content-Type: text/html
- | Content-Length: 166
- | Connection: close
- |
- |_ (Request type: GET)
- |_http-jsonp-detection: Couldn't find any JSONP endpoints.
- |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
- |_http-mobileversion-checker: No mobile version detected.
- | http-security-headers:
- | Strict_Transport_Security:
- |_ HSTS not configured in HTTPS Server
- |_http-server-header: nginx/1.15.9 (Ubuntu)
- | http-sitemap-generator:
- | Directory structure:
- | Longest directory structure:
- | Depth: 0
- | Dir: /
- | Total files found (by extension):
- |_
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- |_http-title: 502 Bad Gateway
- | http-traceroute:
- | Status Code
- | Hop #1: 502
- | Hop #2: 502
- |_ Hop #3: 502
- | http-vhosts:
- |_127 names had status 502
- |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
- |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
- |_http-xssed: No previously reported XSS vuln.
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Crestron XPanel control system (92%), ASUS RT-N56U WAP (Linux 3.4) (90%), Linux 3.1 (90%), Linux 3.16 (90%), Linux 3.2 (90%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (89%), HP P2000 G3 NAS device (89%), Linux 2.6.32 (88%), Linux 2.6.39 - 3.2 (88%), Linux 3.1 - 3.2 (88%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 3.492 days (since Sat Sep 21 11:21:59 2019)
- Network Distance: 14 hops
- TCP Sequence Prediction: Difficulty=263 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 41.71 ms 10.243.204.1
- 2 61.30 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 61.41 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 61.37 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 61.35 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
- 6 61.37 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 61.41 ms be3259.ccr31.yyz02.atlas.cogentco.com (154.54.41.205)
- 8 61.44 ms be3529.rcr51.b054249-0.yyz02.atlas.cogentco.com (154.54.24.194)
- 9 61.44 ms 151.139.116.7
- 10 ...
- 11 37.55 ms 151.139.28.6
- 12 53.68 ms 151.139.28.22
- 13 ...
- 14 74.47 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
- NSE: Script Post-scanning.
- Initiating NSE at 23:10
- Completed NSE at 23:10, 0.00s elapsed
- Initiating NSE at 23:10
- Completed NSE at 23:10, 0.00s elapsed
- ######################################################################################################################################
- Version: 1.11.13-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 185.85.196.45
- Testing SSL server www.htmedia.info on port 443 using SNI name www.htmedia.info
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: al-aqsa.org
- Altnames: DNS:al-aqsa.org
- Issuer: Let's Encrypt Authority X3
- Not valid before: Sep 21 16:27:19 2019 GMT
- Not valid after: Dec 20 16:27:19 2019 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +-------------------+----------------------------------------+-----------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +-------------------+----------------------------------------+-----------------------------------------------------+----------+----------+
- | JBoss jmx-console | https://185.85.196.45:443/jmx-console/ | ./exploit/multi/http/jboss_deploymentfilerepository | None | None |
- +-------------------+----------------------------------------+-----------------------------------------------------+----------+----------+
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:35 EDT
- Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
- Host is up (0.071s latency).
- Not shown: 477 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 22/tcp open ssh
- 80/tcp open http
- 443/tcp open https
- Nmap done: 1 IP address (1 host up) scanned in 5.50 seconds
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:35 EDT
- Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
- Host is up (0.060s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
- #######################################################################################################################################
- # general
- (gen) banner: SSH-2.0-OpenSSH_7.9p1 Ubuntu-10
- (gen) software: OpenSSH 7.9p1
- (gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
- (gen) compression: enabled (zlib@openssh.com)
- # key exchange algorithms
- (kex) curve25519-sha256 -- [warn] unknown algorithm
- (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
- `- [info] available since OpenSSH 4.4
- (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
- (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
- (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
- (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
- # host-key algorithms
- (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
- (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
- (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
- `- [warn] using weak random number generator could reveal the key
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
- # encryption algorithms (ciphers)
- (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
- `- [info] default cipher since OpenSSH 6.9.
- (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes192-ctr -- [info] available since OpenSSH 3.7
- (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
- (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
- # message authentication code algorithms
- (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 6.2
- (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 6.2
- (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 4.7
- (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- # algorithm recommendations (for OpenSSH 7.9)
- (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
- (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
- (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
- (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
- (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
- (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
- (rec) -hmac-sha2-512 -- mac algorithm to remove
- (rec) -umac-128@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha2-256 -- mac algorithm to remove
- (rec) -umac-64@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha1 -- mac algorithm to remove
- (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
- (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:35 EDT
- NSE: [ssh-run] Failed to specify credentials and command to run.
- Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
- Host is up (0.063s latency).
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
- | ssh-auth-methods:
- | Supported authentication methods:
- |_ publickey
- |_ssh-brute: Password authentication not allowed
- | ssh-hostkey:
- | 2048 a0:72:87:9b:6e:7c:d8:9e:ec:36:d0:a0:fd:31:4a:54 (RSA)
- | 256 a2:8f:6d:b0:f3:41:87:9c:a9:4c:59:0a:63:03:5a:cb (ECDSA)
- |_ 256 c3:0e:00:86:70:5e:2c:ee:40:4b:56:83:dc:dd:0c:3c (ED25519)
- | ssh-publickey-acceptance:
- |_ Accepted Public Keys: No public keys accepted
- |_ssh-run: Failed to specify credentials and command to run.
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Crestron XPanel control system (91%), ASUS RT-N56U WAP (Linux 3.4) (89%), Linux 3.1 (89%), Linux 3.16 (89%), Linux 3.2 (89%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (88%), HP P2000 G3 NAS device (88%), Linux 2.6.32 (87%), Linux 2.6.32 - 3.1 (87%), Linux 2.6.39 - 3.2 (87%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 14 hops
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE (using port 22/tcp)
- HOP RTT ADDRESS
- 1 41.21 ms 10.243.204.1
- 2 61.95 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 62.00 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 61.92 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 62.00 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 62.00 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 62.05 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
- 8 62.10 ms be3528.rcr51.b054249-0.yyz02.atlas.cogentco.com (66.28.4.246)
- 9 62.09 ms 151.139.116.4
- 10 ...
- 11 73.16 ms 151.139.28.6
- 12 78.31 ms 151.139.28.22
- 13 ...
- 14 98.97 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
- #######################################################################################################################################
- USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
- RHOSTS => 185.85.196.45
- RHOST => 185.85.196.45
- [*] 185.85.196.45:22 - SSH - Using malformed packet technique
- [*] 185.85.196.45:22 - SSH - Starting scan
- [+] 185.85.196.45:22 - SSH - User 'admin' found
- [+] 185.85.196.45:22 - SSH - User 'administrator' found
- [+] 185.85.196.45:22 - SSH - User 'anonymous' found
- [+] 185.85.196.45:22 - SSH - User 'backup' found
- [+] 185.85.196.45:22 - SSH - User 'bee' found
- [+] 185.85.196.45:22 - SSH - User 'ftp' found
- [+] 185.85.196.45:22 - SSH - User 'guest' found
- [+] 185.85.196.45:22 - SSH - User 'GUEST' found
- [+] 185.85.196.45:22 - SSH - User 'info' found
- [+] 185.85.196.45:22 - SSH - User 'mail' found
- [+] 185.85.196.45:22 - SSH - User 'mailadmin' found
- [+] 185.85.196.45:22 - SSH - User 'msfadmin' found
- [+] 185.85.196.45:22 - SSH - User 'mysql' found
- [+] 185.85.196.45:22 - SSH - User 'nobody' found
- [+] 185.85.196.45:22 - SSH - User 'oracle' found
- [+] 185.85.196.45:22 - SSH - User 'owaspbwa' found
- [+] 185.85.196.45:22 - SSH - User 'postfix' found
- [+] 185.85.196.45:22 - SSH - User 'postgres' found
- [+] 185.85.196.45:22 - SSH - User 'private' found
- [+] 185.85.196.45:22 - SSH - User 'proftpd' found
- [+] 185.85.196.45:22 - SSH - User 'public' found
- [+] 185.85.196.45:22 - SSH - User 'root' found
- [+] 185.85.196.45:22 - SSH - User 'superadmin' found
- [+] 185.85.196.45:22 - SSH - User 'support' found
- [+] 185.85.196.45:22 - SSH - User 'sys' found
- [+] 185.85.196.45:22 - SSH - User 'system' found
- [+] 185.85.196.45:22 - SSH - User 'systemadmin' found
- [+] 185.85.196.45:22 - SSH - User 'systemadministrator' found
- [+] 185.85.196.45:22 - SSH - User 'test' found
- [+] 185.85.196.45:22 - SSH - User 'tomcat' found
- [+] 185.85.196.45:22 - SSH - User 'user' found
- [+] 185.85.196.45:22 - SSH - User 'webmaster' found
- [+] 185.85.196.45:22 - SSH - User 'www-data' found
- [+] 185.85.196.45:22 - SSH - User 'Fortimanager_Access' found
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:37 EDT
- NSE: Loaded 164 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 22:37
- Completed NSE at 22:37, 0.00s elapsed
- Initiating NSE at 22:37
- Completed NSE at 22:37, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 22:37
- Completed Parallel DNS resolution of 1 host. at 22:37, 0.02s elapsed
- Initiating SYN Stealth Scan at 22:37
- Scanning 185-85-196-45.stackpathedge.net (185.85.196.45) [1 port]
- Discovered open port 80/tcp on 185.85.196.45
- Completed SYN Stealth Scan at 22:37, 0.09s elapsed (1 total ports)
- Initiating Service scan at 22:37
- Scanning 1 service on 185-85-196-45.stackpathedge.net (185.85.196.45)
- Completed Service scan at 22:37, 5.87s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against 185-85-196-45.stackpathedge.net (185.85.196.45)
- Retrying OS detection (try #2) against 185-85-196-45.stackpathedge.net (185.85.196.45)
- Initiating Traceroute at 22:37
- Completed Traceroute at 22:37, 3.09s elapsed
- Initiating Parallel DNS resolution of 12 hosts. at 22:37
- Completed Parallel DNS resolution of 12 hosts. at 22:37, 0.28s elapsed
- NSE: Script scanning 185.85.196.45.
- Initiating NSE at 22:37
- Completed NSE at 22:38, 59.30s elapsed
- Initiating NSE at 22:38
- Completed NSE at 22:38, 0.34s elapsed
- Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
- Host is up (0.067s latency).
- PORT STATE SERVICE VERSION
- 80/tcp open http nginx 1.15.9 (Ubuntu)
- | http-brute:
- |_ Path "/" does not require authentication
- |_http-chrono: Request times for /; avg: 504.32ms; min: 464.20ms; max: 567.63ms
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-date: Wed, 25 Sep 2019 02:37:17 GMT; -4s from local time.
- |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
- | http-errors:
- | Spidering limited to: maxpagecount=40; withinhost=185-85-196-45.stackpathedge.net
- | Found the following error pages:
- |
- | Error Code: 502
- |_ http://185-85-196-45.stackpathedge.net:80/
- |_http-feed: Couldn't find any feeds.
- |_http-fetch: Please enter the complete path of the directory to save data in.
- | http-headers:
- | Server: nginx/1.15.9 (Ubuntu)
- | Date: Wed, 25 Sep 2019 02:37:31 GMT
- | Content-Type: text/html
- | Content-Length: 166
- | X-Varnish: 1738776
- | Age: 0
- | Via: 1.1 varnish (Varnish/6.1)
- | Connection: close
- |
- |_ (Request type: GET)
- |_http-jsonp-detection: Couldn't find any JSONP endpoints.
- |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
- |_http-mobileversion-checker: No mobile version detected.
- |_http-security-headers:
- |_http-server-header: nginx/1.15.9 (Ubuntu)
- | http-sitemap-generator:
- | Directory structure:
- | Longest directory structure:
- | Depth: 0
- | Dir: /
- | Total files found (by extension):
- |_
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- |_http-title: 502 Bad Gateway
- | http-traceroute:
- | Status Code
- | Hop #1: 502
- | Hop #2: 502
- |_ Hop #3: 502
- | http-vhosts:
- |_127 names had status 502
- |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
- |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
- |_http-xssed: No previously reported XSS vuln.
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Crestron XPanel control system (92%), ASUS RT-N56U WAP (Linux 3.4) (90%), Linux 3.1 (90%), Linux 3.16 (90%), Linux 3.2 (90%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (89%), HP P2000 G3 NAS device (89%), Linux 2.6.32 (88%), Linux 2.6.39 - 3.2 (88%), Infomir MAG-250 set-top box (88%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 3.439 days (since Sat Sep 21 12:06:44 2019)
- Network Distance: 14 hops
- TCP Sequence Prediction: Difficulty=257 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 41.59 ms 10.243.204.1
- 2 65.70 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 65.62 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 65.53 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 65.59 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
- 6 65.58 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
- 7 65.69 ms be3259.ccr31.yyz02.atlas.cogentco.com (154.54.41.205)
- 8 65.71 ms be3529.rcr51.b054249-0.yyz02.atlas.cogentco.com (154.54.24.194)
- 9 65.68 ms 151.139.116.7
- 10 ...
- 11 36.12 ms 151.139.28.6
- 12 55.20 ms 151.139.28.20
- 13 ...
- 14 76.16 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
- NSE: Script Post-scanning.
- Initiating NSE at 22:38
- Completed NSE at 22:38, 0.00s elapsed
- Initiating NSE at 22:38
- Completed NSE at 22:38, 0.00s elapsed
- #######################################################################################################################################
- HTTP/1.1 502 Bad Gateway
- Server: nginx/1.15.9 (Ubuntu)
- Date: Wed, 25 Sep 2019 02:38:37 GMT
- Content-Type: text/html
- Content-Length: 166
- X-Varnish: 10718385
- Age: 0
- Via: 1.1 varnish (Varnish/6.1)
- Connection: keep-alive
- HTTP/1.1 502 Bad Gateway
- Server: nginx/1.15.9 (Ubuntu)
- Date: Wed, 25 Sep 2019 02:38:38 GMT
- Content-Type: text/html
- Content-Length: 166
- X-Varnish: 5112705
- Age: 0
- Via: 1.1 varnish (Varnish/6.1)
- Connection: keep-alive
- #######################################################################################################################################
- Version: 1.11.13-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 185.85.196.45
- Testing SSL server 185.85.196.45 on port 443 using SNI name 185.85.196.45
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: al-aqsa.org
- Altnames: DNS:al-aqsa.org
- Issuer: Let's Encrypt Authority X3
- Not valid before: Sep 21 16:27:19 2019 GMT
- Not valid after: Dec 20 16:27:19 2019 GMT
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:40 EDT
- NSE: Loaded 47 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 22:40
- Completed NSE at 22:40, 0.00s elapsed
- Initiating NSE at 22:40
- Completed NSE at 22:40, 0.00s elapsed
- Initiating Ping Scan at 22:40
- Scanning 185.85.196.45 [4 ports]
- Completed Ping Scan at 22:40, 0.07s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 22:40
- Completed Parallel DNS resolution of 1 host. at 22:40, 0.02s elapsed
- Initiating SYN Stealth Scan at 22:40
- Scanning 185-85-196-45.stackpathedge.net (185.85.196.45) [65535 ports]
- Discovered open port 80/tcp on 185.85.196.45
- Discovered open port 443/tcp on 185.85.196.45
- Discovered open port 22/tcp on 185.85.196.45
- SYN Stealth Scan Timing: About 17.07% done; ETC: 22:43 (0:02:31 remaining)
- SYN Stealth Scan Timing: About 44.96% done; ETC: 22:42 (0:01:15 remaining)
- SYN Stealth Scan Timing: About 64.71% done; ETC: 22:42 (0:00:50 remaining)
- Completed SYN Stealth Scan at 22:42, 125.67s elapsed (65535 total ports)
- Initiating Service scan at 22:42
- Scanning 3 services on 185-85-196-45.stackpathedge.net (185.85.196.45)
- Completed Service scan at 22:42, 14.75s elapsed (3 services on 1 host)
- Initiating OS detection (try #1) against 185-85-196-45.stackpathedge.net (185.85.196.45)
- Retrying OS detection (try #2) against 185-85-196-45.stackpathedge.net (185.85.196.45)
- Initiating Traceroute at 22:43
- Completed Traceroute at 22:43, 0.06s elapsed
- Initiating Parallel DNS resolution of 2 hosts. at 22:43
- Completed Parallel DNS resolution of 2 hosts. at 22:43, 0.00s elapsed
- NSE: Script scanning 185.85.196.45.
- Initiating NSE at 22:43
- Completed NSE at 22:43, 3.63s elapsed
- Initiating NSE at 22:43
- Completed NSE at 22:43, 4.47s elapsed
- Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
- Host is up (0.053s latency).
- Not shown: 65529 filtered ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- 25/tcp closed smtp
- 80/tcp open http nginx 1.15.9 (Ubuntu)
- |_http-server-header: nginx/1.15.9 (Ubuntu)
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- 139/tcp closed netbios-ssn
- 443/tcp open ssl/http nginx 1.15.9 (Ubuntu)
- |_http-server-header: nginx/1.15.9 (Ubuntu)
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- 445/tcp closed microsoft-ds
- Aggressive OS guesses: HP P2000 G3 NAS device (91%), Linux 2.6.32 (90%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (90%), Linux 2.6.32 - 3.13 (89%), Infomir MAG-250 set-top box (89%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (89%), Ubiquiti AirOS 5.5.9 (89%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (88%), Linux 2.6.22 - 2.6.36 (88%), Linux 2.6.32 - 2.6.39 (88%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 3.439 days (since Sat Sep 21 12:11:18 2019)
- Network Distance: 2 hops
- TCP Sequence Prediction: Difficulty=250 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE (using port 25/tcp)
- HOP RTT ADDRESS
- 1 52.61 ms 10.243.204.1
- 2 52.60 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
- NSE: Script Post-scanning.
- Initiating NSE at 22:43
- Completed NSE at 22:43, 0.00s elapsed
- Initiating NSE at 22:43
- Completed NSE at 22:43, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 153.06 seconds
- Raw packets sent: 131229 (5.777MB) | Rcvd: 3293 (267.349KB)
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:43 EDT
- NSE: Loaded 47 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 22:43
- Completed NSE at 22:43, 0.00s elapsed
- Initiating NSE at 22:43
- Completed NSE at 22:43, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 22:43
- Completed Parallel DNS resolution of 1 host. at 22:43, 0.02s elapsed
- Initiating UDP Scan at 22:43
- Scanning 185-85-196-45.stackpathedge.net (185.85.196.45) [15 ports]
- Completed UDP Scan at 22:43, 1.74s elapsed (15 total ports)
- Initiating Service scan at 22:43
- Scanning 13 services on 185-85-196-45.stackpathedge.net (185.85.196.45)
- Service scan Timing: About 7.69% done; ETC: 23:04 (0:19:24 remaining)
- Completed Service scan at 22:44, 102.58s elapsed (13 services on 1 host)
- Initiating OS detection (try #1) against 185-85-196-45.stackpathedge.net (185.85.196.45)
- Retrying OS detection (try #2) against 185-85-196-45.stackpathedge.net (185.85.196.45)
- Initiating Traceroute at 22:44
- Completed Traceroute at 22:45, 7.09s elapsed
- Initiating Parallel DNS resolution of 1 host. at 22:45
- Completed Parallel DNS resolution of 1 host. at 22:45, 0.00s elapsed
- NSE: Script scanning 185.85.196.45.
- Initiating NSE at 22:45
- Completed NSE at 22:45, 7.11s elapsed
- Initiating NSE at 22:45
- Completed NSE at 22:45, 1.02s elapsed
- Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
- Host is up (0.052s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- |_ike-version: ERROR: Script execution failed (use -d to debug)
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 138/udp)
- HOP RTT ADDRESS
- 1 21.05 ms 10.243.204.1
- 2 ... 3
- 4 36.20 ms 10.243.204.1
- 5 62.28 ms 10.243.204.1
- 6 62.27 ms 10.243.204.1
- 7 62.27 ms 10.243.204.1
- 8 62.24 ms 10.243.204.1
- 9 42.41 ms 10.243.204.1
- 10 21.42 ms 10.243.204.1
- 11 ... 18
- 19 69.14 ms 10.243.204.1
- 20 24.43 ms 10.243.204.1
- 21 ... 27
- 28 40.56 ms 10.243.204.1
- 29 55.46 ms 10.243.204.1
- 30 23.03 ms 10.243.204.1
- NSE: Script Post-scanning.
- Initiating NSE at 22:45
- Completed NSE at 22:45, 0.00s elapsed
- Initiating NSE at 22:45
- Completed NSE at 22:45, 0.00s elapsed
- #######################################################################################################################################
- Hosts
- =====
- address mac name os_name os_flavor os_sp purpose info comments
- ------- --- ---- ------- --------- ----- ------- ---- --------
- 185.85.196.45 185-85-196-45.stackpathedge.net embedded device
- Services
- ========
- host port proto name state info
- ---- ---- ----- ---- ----- ----
- 185.85.196.45 22 tcp ssh open OpenSSH 7.9p1 Ubuntu 10 Ubuntu Linux; protocol 2.0
- 185.85.196.45 25 tcp smtp closed
- 185.85.196.45 53 udp domain unknown
- 185.85.196.45 67 udp dhcps unknown
- 185.85.196.45 68 udp dhcpc unknown
- 185.85.196.45 69 udp tftp unknown
- 185.85.196.45 80 tcp http open nginx 1.15.9 Ubuntu
- 185.85.196.45 88 udp kerberos-sec unknown
- 185.85.196.45 123 udp ntp unknown
- 185.85.196.45 137 udp netbios-ns filtered
- 185.85.196.45 138 udp netbios-dgm filtered
- 185.85.196.45 139 tcp netbios-ssn closed
- 185.85.196.45 139 udp netbios-ssn unknown
- 185.85.196.45 161 udp snmp unknown
- 185.85.196.45 162 udp snmptrap unknown
- 185.85.196.45 389 udp ldap unknown
- 185.85.196.45 443 tcp ssl/http open nginx 1.15.9 Ubuntu
- 185.85.196.45 445 tcp microsoft-ds closed
- 185.85.196.45 500 udp isakmp unknown
- 185.85.196.45 520 udp route unknown
- 185.85.196.45 2049 udp nfs unknown
- #######################################################################################################################################
- Anonymous JTSEC #OpISIS Full Recon #16
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement