Anonymous JTSEC #OpISIS Full Recon #16

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname www.htmedia.info ISP StackPath LLC
4. Continent Europe Flag
5. GB
6. Country United Kingdom Country Code GB
7. Region Unknown Local time 25 Sep 2019 03:20 BST
8. City Unknown Postal Code Unknown
9. IP Address 185.85.196.45 Latitude 51.496
10. Longitude -0.122
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > www.htmedia.info
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. www.htmedia.info canonical name = htmedia.info.
19. Name: htmedia.info
20. Address: 185.85.196.45
21. >
22. #######################################################################################################################################
23. Domain Name: HTMEDIA.INFO
24. Registry Domain ID: D29038560-LRMS
25. Registrar WHOIS Server: whois.networksolutions.com
26. Registrar URL: www.networksolutions.com
27. Updated Date: 2019-09-22T13:14:35Z
28. Creation Date: 2009-07-12T01:34:24Z
29. Registry Expiry Date: 2025-07-12T01:34:24Z
30. Registrar Registration Expiration Date:
31. Registrar: Network Solutions, LLC
32. Registrar IANA ID: 2
33. Registrar Abuse Contact Email: abuse@web.com
34. Registrar Abuse Contact Phone: +1.8003337680
35. Reseller:
36. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
37. Registrant Organization:
38. Registrant State/Province: FL
39. Registrant Country: US
40. Name Server: DNS3.CLOUDNS.NET
41. Name Server: DNS4.CLOUDNS.NET
42. DNSSEC: unsigned
43. #######################################################################################################################################
44. [+] Target : www.htmedia.info
45.  
46. [+] IP Address : 185.85.196.45
47.  
48. [+] Headers :
49.  
50. [+] Server : nginx/1.15.9 (Ubuntu)
51. [+] Date : Wed, 25 Sep 2019 02:25:59 GMT
52. [+] Content-Type : text/html; charset=UTF-8
53. [+] Cache-Control : no-store, no-cache, must-v_svurk_post, post-check=0, pre-check=0
54. [+] Pragma : no-cache
55. [+] Expires : Mon, 11 Nov 2011 11:11:11 GMT
56. [+] X-Robots-Tag : noindex, nofollow
57. [+] Retry-After : 3600
58. [+] Set-Cookie : TS01355090=01c77b6ef9e2610529f96fc3b1833eb6c841195fba5d3acef19a619ecaaf48c4bd66f9eac3a57b4e532b6b135838b88e870c6f139f86f66495d5e22ea9ed1380db9f22d357; Path=/; Domain=.htmedia.info
59. [+] X-Varnish : 12386374
60. [+] Age : 0
61. [+] Via : 1.1 varnish (Varnish/6.1)
62. [+] Transfer-Encoding : chunked
63. [+] Connection : keep-alive
64.  
65. [+] SSL Certificate Information :
66.  
67. [+] commonName : al-aqsa.org
68. [+] countryName : US
69. [+] organizationName : Let's Encrypt
70. [+] commonName : Let's Encrypt Authority X3
71. [+] Version : 3
72. [+] Serial Number : 034B2056B9BCD5822709F0D22A6533975EB7
73. [+] Not Before : Sep 21 16:27:19 2019 GMT
74. [+] Not After : Dec 20 16:27:19 2019 GMT
75. [+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
76. [+] subject Alt Name : (('DNS', 'al-aqsa.org'),)
77. [+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
78.  
79. [+] Whois Lookup :
80.  
81. [+] NIR : None
82. [+] ASN Registry : ripencc
83. [+] ASN : 12989 33438
84. [+] ASN CIDR : 185.85.196.0/24
85. [+] ASN Country Code : GB
86. [+] ASN Date : 2016-06-15
87. [+] ASN Description : None
88. [+] cidr : 185.85.196.0/22
89. [+] name : US-STACKPATH-20160615
90. [+] handle : NE1459-RIPE
91. [+] range : 185.85.196.0 - 185.85.199.255
92. [+] description : None
93. [+] country : GB
94. [+] state : None
95. [+] city : None
96. [+] address : 2021 McKinney Ave.
97. Suite 1100
98. 75201
99. Dallas
100. UNITED STATES
101. [+] postal_code : None
102. [+] emails : None
103. [+] created : 2016-06-15T07:55:08Z
104. [+] updated : 2016-06-15T07:55:08Z
105.  
106. [+] Crawling Target...
107.  
108. [-] Error : 503
109. [+] Completed!
110. #######################################################################################################################################
111. [+] Starting At 2019-09-24 22:26:27.694211
112. [+] Collecting Information On: http://www.htmedia.info/index.php/portal/login/
113. [#] Status: 503
114. --------------------------------------------------
115. [#] Web Server Detected: nginx/1.15.9 (Ubuntu)
116. [!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
117. - Server: nginx/1.15.9 (Ubuntu)
118. - Date: Wed, 25 Sep 2019 02:26:24 GMT
119. - Content-Type: text/html; charset=UTF-8
120. - Set-Cookie: PHPSESSID=hb2n05okib9v92nkb1cnu4gsf4; path=/, TS01355090=01c77b6ef998f189446b533d36120caaa309f2b33e930522c153d91fdd7f16b344ec50c4dc714ac51144fb0b8074787f0b445ec0117b121870de7e6ba4a882053dfabf2c31; Path=/; Domain=.htmedia.info
121. - Cache-Control: no-store, no-cache, must-v_svurk_post, post-check=0, pre-check=0
122. - Pragma: no-cache
123. - Expires: Mon, 11 Nov 2011 11:11:11 GMT
124. - X-Robots-Tag: noindex, nofollow
125. - Retry-After: 3600
126. - X-Varnish: 12682368
127. - Age: 0
128. - Via: 1.1 varnish (Varnish/6.1)
129. - Transfer-Encoding: chunked
130. - Connection: keep-alive
131. --------------------------------------------------
132. [#] Finding Location..!
133. [#] as: AS33438 Highwinds Network Group, Inc.
134. [#] city: London
135. [#] country: United Kingdom
136. [#] countryCode: GB
137. [#] isp: Highwinds Network Group, Inc.
138. [#] lat: 51.5074
139. [#] lon: -0.127758
140. [#] org: StackPath LLC
141. [#] query: 185.85.196.45
142. [#] region: ENG
143. [#] regionName: England
144. [#] status: success
145. [#] timezone: Europe/London
146. [#] zip: W1B
147. --------------------------------------------------
148. [+] Detected WAF Presence in web application: CacheWall (Varnish)
149. --------------------------------------------------
150. [#] Starting Reverse DNS
151. [-] Failed ! Fail
152. --------------------------------------------------
153. [!] Scanning Open Port
154. [#] 22/tcp open ssh
155. [#] 80/tcp open http
156. [#] 443/tcp open https
157. --------------------------------------------------
158. [+] Collecting Information Disclosure!
159. [#] Detecting sitemap.xml file
160. [!] sitemap.xml File Found: http://www.htmedia.info/index.php/portal/login//sitemap.xml
161. [#] Detecting robots.txt file
162. [!] robots.txt File Found: http://www.htmedia.info/index.php/portal/login//robots.txt
163. [#] Detecting GNU Mailman
164. [-] GNU Mailman App Not Detected!?
165. --------------------------------------------------
166. [+] Crawling Url Parameter On: http://www.htmedia.info/index.php/portal/login/
167. --------------------------------------------------
168. [#] Searching Html Form !
169. [+] Html Form Discovered
170. [#] action: http://www.htmedia.info/index.php/portal/login/
171. [#] class: None
172. [#] id: loginForm
173. [#] method: post
174. --------------------------------------------------
175. [!] Found 11 dom parameter
176. [#] http://www.htmedia.info/index.php/portal/login//#
177. [#] http://www.htmedia.info/index.php/portal/login//#
178. [#] http://www.htmedia.info/index.php/portal/login//#
179. [#] http://www.htmedia.info/index.php/portal/login//#
180. [#] http://www.htmedia.info/index.php/portal/login//#
181. [#] http://www.htmedia.info/index.php/portal/login//#
182. [#] http://www.htmedia.info/index.php/portal/login//#
183. [#] http://www.htmedia.info/index.php/portal/login//#
184. [#] http://www.htmedia.info/index.php/portal/login//#
185. [#] http://www.htmedia.info/index.php/portal/login//#
186. [#] http://www.htmedia.info/index.php/portal/login//#
187. --------------------------------------------------
188. [!] 7 Internal Dynamic Parameter Discovered
189. [+] http://www.htmedia.info/public/frontend/default/css_default/_main.css?pb=7f52a3af1fdda6d4009cfd272eed4f48
190. [+] http://www.htmedia.info/public/frontend/default/css/_main_rtl.css?pb=7f52a3af1fdda6d4009cfd272eed4f48
191. [+] http://www.htmedia.info/public/frontend/default/css_default/modal.css?pb=7f52a3af1fdda6d4009cfd272eed4f48
192. [+] http://www.htmedia.info/public/common/js/k_notifications.css?pb=7f52a3af1fdda6d4009cfd272eed4f48
193. [+] http://www.htmedia.info/rss.php?type=galleries
194. [+] http://www.htmedia.info/rss.php?type=news
195. [+] http://www.htmedia.info/rss.php?type=events
196. --------------------------------------------------
197. [-] No external Dynamic Paramter Found!?
198. --------------------------------------------------
199. [!] 36 Internal links Discovered
200. [+] http://www.htmedia.info/index.php/portal/login/
201. [+] http://www.htmedia.info/public/frontend/default/css_default/icons.css
202. [+] http://www.htmedia.info/favicon.ico
203. [+] http://www.htmedia.info/apple-touch-icon-precomposed.png
204. [+] http://www.htmedia.info/apple-touch-icon-precomposed.png
205. [+] http://www.htmedia.info/apple-touch-icon.png
206. [+] http://www.htmedia.info/public/common/js/k_cookies_notice.css
207. [+] http://www.htmedia.info/rss.php
208. [+] http://www.htmedia.info/index.php/portal/login/
209. [+] http://www.htmedia.info/index.php/portal/register/
210. [+] http://www.htmedia.info/rss.php
211. [+] http://www.htmedia.info/
212. [+] http://www.htmedia.info/index.php/categories/
213. [+] http://www.htmedia.info/index.php/c/htameer-1/
214. [+] http://www.htmedia.info/index.php/c/cmo-2/
215. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-3/
216. [+] http://www.htmedia.info/index.php/c/htameer-1/
217. [+] http://www.htmedia.info/index.php/c/cmo-2/
218. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-3/
219. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-jordan-6/
220. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-pal-4/
221. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-syria-5/
222. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-sudan-8/
223. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-lubnan-14/
224. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-turkey-15/
225. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-pakistan-16/
226. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-3/
227. [+] http://www.htmedia.info/index.php/c/malaisia-18/
228. [+] http://www.htmedia.info/index.php/c/الولاياتوالمناطق-otherplaces-19/
229. [+] http://www.htmedia.info/index.php/channel/11/نداءات-من-بيت-المقدس/
230. [+] http://www.htmedia.info/index.php/c/minbaralummah-7/
231. [+] http://www.htmedia.info/index.php/c/selections-9/
232. [+] http://www.htmedia.info/index.php/portal/register/
233. [+] http://www.htmedia.info/index.php/portal/forgotpassword/
234. [+] http://www.htmedia.info/index.php/portal/login//" target=
235. [+] http://www.htmedia.info/index.php/mobile/portal/login/
236. --------------------------------------------------
237. [!] 1 External links Discovered
238. [#] https://media.htmedia.me/portal/images/img_social_1547405840.png
239. --------------------------------------------------
240. [#] Mapping Subdomain..
241. [!] Found 1 Subdomain
242. - htmedia.info
243. --------------------------------------------------
244. [!] Done At 2019-09-24 22:26:42.087953
245. #######################################################################################################################################
246. [i] Scanning Site: http://www.htmedia.info
247.  
248.  
249.  
250. B A S I C I N F O
251. ====================
252.  
253.  
254. [+] Site Title:
255. [+] IP address: 185.85.196.45
256. [+] Web Server: nginx/1.15.9 (Ubuntu)
257. [+] CMS: Could Not Detect
258. [+] Cloudflare: Not Detected
259. [+] Robots File: Found
260.  
261. -------------[ contents ]----------------
262. # If the Joomla site is installed within a folder such as at
263. # e.g. www.example.com/joomla/ the robots.txt file MUST be
264. # moved to the site root at e.g. www.example.com/robots.txt
265. # AND the joomla folder name MUST be prefixed to the disallowed
266. # path, e.g. the Disallow rule for the /administrator/ folder
267. # MUST be changed to read Disallow: /joomla/administrator/
268. #
269. # For more information about the robots.txt standard, see:
270. # http://www.robotstxt.org/orig.html
271. #
272. # For syntax checking, see:
273. # http://tool.motoricerca.info/robots-checker.phtml
274.  
275. User-agent: *
276. Disallow: /administrator/
277. Disallow: /bin/
278. Disallow: /cache/
279. Disallow: /cli/
280. Disallow: /components/
281. Disallow: /includes/
282. Disallow: /installation/
283. Disallow: /language/
284. Disallow: /layouts/
285. Disallow: /libraries/
286. Disallow: /logs/
287. Disallow: /modules/
288. Disallow: /plugins/
289. Disallow: /tmp/
290.  
291.  
292. -----------[end of contents]-------------
293.  
294.  
295.  
296. W H O I S L O O K U P
297. ========================
298.  
299. Domain Name: HTMEDIA.INFO
300. Registry Domain ID: D29038560-LRMS
301. Registrar WHOIS Server: whois.networksolutions.com
302. Registrar URL: www.networksolutions.com
303. Updated Date: 2019-09-22T13:14:35Z
304. Creation Date: 2009-07-12T01:34:24Z
305. Registry Expiry Date: 2025-07-12T01:34:24Z
306. Registrar Registration Expiration Date:
307. Registrar: Network Solutions, LLC
308. Registrar IANA ID: 2
309. Registrar Abuse Contact Email: abuse@web.com
310. Registrar Abuse Contact Phone: +1.8003337680
311. Reseller:
312. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
313. Registrant Organization:
314. Registrant State/Province: FL
315. Registrant Country: US
316. Name Server: DNS3.CLOUDNS.NET
317. Name Server: DNS4.CLOUDNS.NET
318. DNSSEC: unsigned
319. URL of the ICANN Whois Inaccuracy Complaint Form is https://www.icann.org/wicf/
320. >>> Last update of WHOIS database: 2019-09-25T02:25:17Z <<<
321.  
322. For more information on Whois status codes, please visit https://icann.org/epp
323.  
324.  
325.  
326.  
327.  
328. G E O I P L O O K U P
329. =========================
330.  
331. [i] IP Address: 185.85.196.45
332. [i] Country: United Kingdom
333. [i] State:
334. [i] City:
335. [i] Latitude: 51.4964
336. [i] Longitude: -0.1224
337.  
338.  
339.  
340.  
341. H T T P H E A D E R S
342. =======================
343.  
344.  
345. [i] HTTP/1.1 302 Found
346. [i] Server: nginx/1.15.9 (Ubuntu)
347. [i] Date: Wed, 25 Sep 2019 02:26:18 GMT
348. [i] Content-Type: text/html; charset=UTF-8
349. [i] Set-Cookie: PHPSESSID=j7ep309pdml03dqcghqsfdbgq6; path=/
350. [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
351. [i] Cache-Control: no-store, no-cache, must-revalidate
352. [i] Pragma: no-cache
353. [i] Location: http://www.htmedia.info/index.php/portal/login/
354. [i] Set-Cookie: TS01355090=01c77b6ef9e17f8780dd18a1251fb03bd4c9030a6e605712b3dee628a86e4ed05212ca4fe3e92b762b05b9c312f16666d3c2e94889adabf5b055b204fdc9220ecd11d7069d; Path=/; Domain=.htmedia.info
355. [i] X-Varnish: 12682334
356. [i] Age: 0
357. [i] Via: 1.1 varnish (Varnish/6.1)
358. [i] Content-Length: 0
359. [i] Connection: close
360. [i] HTTP/1.1 503 Service Unavailable
361. [i] Server: nginx/1.15.9 (Ubuntu)
362. [i] Date: Wed, 25 Sep 2019 02:26:18 GMT
363. [i] Content-Type: text/html; charset=UTF-8
364. [i] Set-Cookie: PHPSESSID=19nsvr849frl7qqc7bt4bsf922; path=/
365. [i] Cache-Control: no-store, no-cache, must-v_svurk_post, post-check=0, pre-check=0
366. [i] Pragma: no-cache
367. [i] Expires: Mon, 11 Nov 2011 11:11:11 GMT
368. [i] X-Robots-Tag: noindex, nofollow
369. [i] Retry-After: 3600
370. [i] Set-Cookie: TS01355090=01c77b6ef9a9f9b49e408777984093aacc23ebb94f118d4314d40468cde2b2b7a8b31734a75e66ba72dd5acf88de61a63d3eaafb0e08d2af203a8875d07f59cd8a3893155f; Path=/; Domain=.htmedia.info
371. [i] X-Varnish: 8521905
372. [i] Age: 0
373. [i] Via: 1.1 varnish (Varnish/6.1)
374. [i] Connection: close
375.  
376.  
377.  
378.  
379. D N S L O O K U P
380. ===================
381.  
382. htmedia.info. 3599 IN SOA dns3.cloudns.net. support.cloudns.net. 2019092405 7200 1800 1209600 3600
383. htmedia.info. 3599 IN A 185.85.196.45
384. htmedia.info. 3599 IN MX 10 inbound.htmedia.info.netsolmail.net.
385. htmedia.info. 3599 IN NS dns8.cloudns.net.
386. htmedia.info. 3599 IN NS dns4.cloudns.net.
387. htmedia.info. 3599 IN NS dns7.cloudns.net.
388. htmedia.info. 3599 IN NS dns3.cloudns.net.
389.  
390.  
391.  
392.  
393. S U B N E T C A L C U L A T I O N
394. ====================================
395.  
396. Address = 185.85.196.45
397. Network = 185.85.196.45 / 32
398. Netmask = 255.255.255.255
399. Broadcast = not needed on Point-to-Point links
400. Wildcard Mask = 0.0.0.0
401. Hosts Bits = 0
402. Max. Hosts = 1 (2^0 - 0)
403. Host Range = { 185.85.196.45 - 185.85.196.45 }
404.  
405.  
406.  
407. N M A P P O R T S C A N
408. ============================
409.  
410. Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-25 02:26 UTC
411. Nmap scan report for htmedia.info (185.85.196.45)
412. Host is up (0.0027s latency).
413. rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
414.  
415. PORT STATE SERVICE
416. 21/tcp filtered ftp
417. 22/tcp open ssh
418. 23/tcp filtered telnet
419. 80/tcp open http
420. 110/tcp filtered pop3
421. 143/tcp filtered imap
422. 443/tcp open https
423. 3389/tcp filtered ms-wbt-server
424.  
425. Nmap done: 1 IP address (1 host up) scanned in 1.45 seconds
426. #######################################################################################################################################
427. [INFO] ------TARGET info------
428. [*] TARGET: http://www.htmedia.info/index.php/portal/login/
429. [*] TARGET IP: 185.85.196.45
430. [INFO] NO load balancer detected for www.htmedia.info...
431. [*] DNS servers: htmedia.info.
432. [*] TARGET server: nginx/1.15.9 (Ubuntu)
433. [*] CC: GB
434. [*] Country: United Kingdom
435. [*] RegionCode: ENG
436. [*] RegionName: England
437. [*] City: London
438. [*] ASN: AS33438
439. [*] BGP_PREFIX: 185.85.196.0/24
440. [*] ISP: HIGHWINDS2 - Highwinds Network Group, Inc., US
441. [INFO] DNS enumeration:
442. [*] mail.htmedia.info mail.htmedia.info.netsolmail.net. 205.178.146.235
443. [INFO] Possible abuse mails are:
444. [*] abuse@htmedia.info
445. [*] abuse@stackpath.com
446. [*] abuse@www.htmedia.info
447. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
448. [INFO] Checking for HTTP status codes recursively from /index.php/portal/login/
449. [INFO] Status code Folders
450. [*] 503 http://www.htmedia.info/index.php/
451. [*] 503 http://www.htmedia.info/index.php/portal/
452. [ALERT] robots.txt file FOUND in http://www.htmedia.info/robots.txt
453. [INFO] Checking for HTTP status codes recursively from http://www.htmedia.info/robots.txt
454. [INFO] Status code Folders
455. [INFO] Starting FUZZing in http://www.htmedia.info/FUzZzZzZzZz...
456. [INFO] Status code Folders
457. [ALERT] Look in the source code. It may contain passwords
458. [INFO] Links found from http://www.htmedia.info/index.php/portal/login/ http://185.85.196.45/:
459. [INFO] GOOGLE has 3,250,000 results (0.21 seconds) about http://www.htmedia.info/
460. [INFO] Shodan detected the following opened ports on 185.85.196.45:
461. [*] 0
462. [*] 22
463. [*] 3
464. [*] 443
465. [*] 8
466. [*] 80
467. [INFO] ------VirusTotal SECTION------
468. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
469. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
470. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
471. [INFO] ------Alexa Rank SECTION------
472. [INFO] Percent of Visitors Rank in Country:
473. [INFO] Percent of Search Traffic:
474. [INFO] Percent of Unique Visits:
475. [INFO] Total Sites Linking In:
476. [*] Total Sites
477. [INFO] Useful links related to www.htmedia.info - 185.85.196.45:
478. [*] https://www.virustotal.com/pt/ip-address/185.85.196.45/information/
479. [*] https://www.hybrid-analysis.com/search?host=185.85.196.45
480. [*] https://www.shodan.io/host/185.85.196.45
481. [*] https://www.senderbase.org/lookup/?search_string=185.85.196.45
482. [*] https://www.alienvault.com/open-threat-exchange/ip/185.85.196.45
483. [*] http://pastebin.com/search?q=185.85.196.45
484. [*] http://urlquery.net/search.php?q=185.85.196.45
485. [*] http://www.alexa.com/siteinfo/www.htmedia.info
486. [*] http://www.google.com/safebrowsing/diagnostic?site=www.htmedia.info
487. [*] https://censys.io/ipv4/185.85.196.45
488. [*] https://www.abuseipdb.com/check/185.85.196.45
489. [*] https://urlscan.io/search/#185.85.196.45
490. [*] https://github.com/search?q=185.85.196.45&type=Code
491. [INFO] Useful links related to AS33438 - 185.85.196.0/24:
492. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:33438
493. [*] https://www.senderbase.org/lookup/?search_string=185.85.196.0/24
494. [*] http://bgp.he.net/AS33438
495. [*] https://stat.ripe.net/AS33438
496. [INFO] Date: 24/09/19 | Time: 22:27:33
497. [INFO] Total time: 1 minute(s) and 2 second(s)
498. ######################################################################################################################################
499.  
500. [*] Load target domain: www.htmedia.info
501. - starting scanning @ 2019-09-24 22:30:10
502.  
503. [+] Running & Checking source to be used
504. ---------------------------------------------
505.  
506. ⍥ Shodan [ ✕ ]
507. ⍥ Webarchive [ ✔ ]
508. ⍥ Dnsdumpster [ ✔ ]
509. ⍥ Certsh [ ✔ ]
510. ⍥ Certspotter [ ✔ ]
511. ⍥ Riddler [ ✔ ]
512. ⍥ Bufferover [ ✔ ]
513. ⍥ Censys [ ✕ ]
514. ⍥ Securitytrails [ ✕ ]
515. ⍥ Binaryedge [ ✕ ]
516. ⍥ Entrust [ ✔ ]
517. ⍥ Hackertarget [ ✔ ]
518. ⍥ Threatminer [ ✔ ]
519. ⍥ Threatcrowd [ ✔ ]
520. ⍥ Virustotal [ ✕ ]
521. ⍥ Findsubdomain [ ✔ ]
522.  
523. [+] Get & Count subdomain total From source
524. ---------------------------------------------
525.  
526. ⍥ Hackertarget: Total Subdomain (1)
527. ⍥ Findsubdomain: Total Subdomain (0)
528. ⍥ Certspotter: Total Subdomain (0)
529. ⍥ Threatminer: Total Subdomain (0)
530. ⍥ Certsh: Total Subdomain (0)
531. ⍥ BufferOver: Total Subdomain (0)
532. ⍥ Entrust: Total Subdomain (0)
533. ⍥ Threatcrowd: Total Subdomain (0)
534. ⍥ Dnsdumpster: Total Subdomain (6)
535. ⍥ Riddler: Total Subdomain (0)
536. ⍥ Webarchive: Total Subdomain (8)
537.  
538. [+] Parsing & Sorting list Domain
539. ---------------------------------------------
540.  
541. ⍥ Total [5]
542.  
543. - 111-10-2012www.htmedia.info
544. - 2012www.htmedia.info
545. - 8-9-2012www.htmedia.info
546. - 8www.htmedia.info
547. - www.htmedia.info
548.  
549. ⍥ Total [5]
550.  
551. [+] Probe subdomain for working on http/https
552. ---------------------------------------------
553.  
554. - http://www.htmedia.info
555. - https://www.htmedia.info
556.  
557. ⍥ Total [2]
558.  
559.  
560. [+] Check Live Host: Ping Sweep - ICMP PING
561. ---------------------------------------------
562.  
563. ⍥ [DEAD] 111-10-2012www.htmedia.info
564. ⍥ [DEAD] 2012www.htmedia.info
565. ⍥ [DEAD] 8-9-2012www.htmedia.info
566. ⍥ [DEAD] 8www.htmedia.info
567. ⍥ [LIVE] www.htmedia.info
568.  
569. [+] Check Resolving: Subdomains & Domains
570. ---------------------------------------------
571.  
572. ⍥ Resolving domains to: RESOLVE ERROR
573. ⍥ Resolving domains to: RESOLVE ERROR
574. ⍥ Resolving domains to: RESOLVE ERROR
575. ⍥ Resolving domains to: RESOLVE ERROR
576. ⍥ Resolving domains to: 185.85.196.45
577.  
578. [+] Subdomain TakeOver - Check Possible Vulns
579. ---------------------------------------------
580.  
581. ⍥ [FAILS] En: Unknown http://www.htmedia.info
582. ⍥ [FAILS] En: Unknown https://www.htmedia.info
583.  
584. [+] Checks status code on port 80 and 443
585. ---------------------------------------------
586.  
587. ⍥ [200] http://www.htmedia.info
588. ⍥ [000] https://www.htmedia.info
589.  
590. [+] Web Screenshots: from domain list
591. ---------------------------------------------
592.  
593. [+] 2 URLs to be screenshot
594.  
595. [+] 2 actual URLs screenshot
596. [+] 0 error(s)
597.  
598. [+] Generate Reports: Make report into HTML
599. ---------------------------------------------
600.  
601. ⍥ Make template for reports
602. - output/09-24-2019/www.htmedia.info/reports
603.  
604. ⍥ Successful Created ..
605.  
606. [+] Sud⍥my has been sucessfully completed
607. ---------------------------------------------
608.  
609. ⍥ Location output:
610. - output/09-24-2019/www.htmedia.info
611. - output/09-24-2019/www.htmedia.info/report
612. - output/09-24-2019/www.htmedia.info/screenshots
613.  
614. #######################################################################################################################################
615. Trying "htmedia.info"
616. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50553
617. ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 2
618.  
619. ;; QUESTION SECTION:
620. ;htmedia.info. IN ANY
621.  
622. ;; ANSWER SECTION:
623. htmedia.info. 3600 IN MX 10 inbound.htmedia.info.netsolmail.net.
624. htmedia.info. 3600 IN A 185.85.196.45
625. htmedia.info. 3600 IN SOA dns3.cloudns.net. support.cloudns.net. 2019092405 7200 1800 1209600 3600
626. htmedia.info. 3600 IN NS dns7.cloudns.net.
627. htmedia.info. 3600 IN NS dns8.cloudns.net.
628. htmedia.info. 3600 IN NS dns4.cloudns.net.
629. htmedia.info. 3600 IN NS dns3.cloudns.net.
630.  
631. ;; AUTHORITY SECTION:
632. htmedia.info. 3600 IN NS dns3.cloudns.net.
633. htmedia.info. 3600 IN NS dns4.cloudns.net.
634. htmedia.info. 3600 IN NS dns8.cloudns.net.
635. htmedia.info. 3600 IN NS dns7.cloudns.net.
636.  
637. ;; ADDITIONAL SECTION:
638. dns7.cloudns.net. 13278 IN A 185.136.98.88
639. dns7.cloudns.net. 13278 IN AAAA 2a06:fb00:1::3:88
640.  
641. Received 325 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 60 ms
642. #######################################################################################################################################
643. ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace htmedia.info
644. ;; global options: +cmd
645. . 80228 IN NS a.root-servers.net.
646. . 80228 IN NS i.root-servers.net.
647. . 80228 IN NS f.root-servers.net.
648. . 80228 IN NS h.root-servers.net.
649. . 80228 IN NS j.root-servers.net.
650. . 80228 IN NS g.root-servers.net.
651. . 80228 IN NS d.root-servers.net.
652. . 80228 IN NS c.root-servers.net.
653. . 80228 IN NS e.root-servers.net.
654. . 80228 IN NS k.root-servers.net.
655. . 80228 IN NS l.root-servers.net.
656. . 80228 IN NS b.root-servers.net.
657. . 80228 IN NS m.root-servers.net.
658. . 80228 IN RRSIG NS 8 0 518400 20191007170000 20190924160000 59944 . JvMELd+sXxwwKWGIGlGXVsSdAjRprDrFrY8QepdE0JDGDwgqKdmXBNJd vvI4Z6ktq64eFMHRyLbAuW/rf98Q1nraMloX2tcUk1Qd6J2smZNXIC3r ohDXt6UlQ+6MZJJNNBtY1ZaqozfZwFZqoRHrVDChEXb3mZcsf3SfRrLC hF5GopkA22FWWRlYOPAXnSYhEeiBPtaiERHaKaxDUbaLNoUDLXBoKHaz cRDzM7P76fu1XoqzrDsmBziZ/jE7+OBQSvBCPW5rhqmQ+mHfvggR93nn HHV1HJIhC9/dymAqKXjnQN7njaOP0Y5FWJxUYrlrK369+u1gGTm3Btn6 8EyIEA==
659. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 115 ms
660.  
661. info. 172800 IN NS a0.info.afilias-nst.info.
662. info. 172800 IN NS a2.info.afilias-nst.info.
663. info. 172800 IN NS b0.info.afilias-nst.org.
664. info. 172800 IN NS b2.info.afilias-nst.org.
665. info. 172800 IN NS c0.info.afilias-nst.info.
666. info. 172800 IN NS d0.info.afilias-nst.org.
667. info. 86400 IN DS 8674 7 1 197789A2CBABA6FECD0B5AC88C5BC414CE1FC309
668. info. 86400 IN DS 8674 7 2 EC9B6082B96B5F87143696F2B483ACC9B2C433DCE0C94E70F1FF5648 CA18008B
669. info. 86400 IN RRSIG DS 8 1 86400 20191007170000 20190924160000 59944 . pporCpNkXnyG81FxXvaKPeDZ7+YAN2J1QGY2dbkXWO7Tl7iSqXnETYeH S+40kK7QU8xaw5k+Tsa35w0xUhZThwAGnC8BLLRpX8mM5MZL3jsHuwX7 75ziAUKAzRQJwttxXxlMdXK/9LrVHAkSwHUbOXYjMlbdDgpzUhLkMe8J WCwQQiBY1c1arkH/Wcr0mPIyR1RCuXTPYstl6an9Kd3ufBq+Kd2swHO2 RnBAEirCUYMQIL5FXbs8lyduqoZvOPURbF5QacHHu8puNyb8QYmWIago 7SrsiVFf6+yeEl5OdgvV+Laerp3an9cauJQG8rDXTIBxVtWeLlU/0LkE lz5dcQ==
670. ;; Received 815 bytes from 2001:500:2d::d#53(d.root-servers.net) in 23 ms
671.  
672. htmedia.info. 86400 IN NS dns4.cloudns.net.
673. htmedia.info. 86400 IN NS dns3.cloudns.net.
674. adnsd9nk7nk82he8h21rj0jjhj11o5gb.info. 3600 IN NSEC3 1 1 1 D399EAAB ADNVG6B2JJN9MIEU7DJB24BL7RG5MDPI NS SOA RRSIG DNSKEY NSEC3PARAM
675. adnsd9nk7nk82he8h21rj0jjhj11o5gb.info. 3600 IN RRSIG NSEC3 7 2 3600 20191016023540 20190925013540 62957 info. KFDWoKIKc7UZ0NMi0FIQCKZZqW8AVKZsicagpNP7fh99ylxqXEvtwubA lEAHKYi0c86KHGGUoAzmg9IJrvxCz51Id1q3kwBgsVy/ZZGYGmQT4gKa qzwlSewCQsqdt8y/KzyJIb3v/WjfsZeih+f2aDyaf15X4naghf7lcLZ1 /Rk=
676. egtidmouc14l4ddut5hrsmqp3fal5j0h.info. 3600 IN NSEC3 1 1 1 D399EAAB EGU2TR81G3T6GIJVSV785PMQRN4LVC41
677. egtidmouc14l4ddut5hrsmqp3fal5j0h.info. 3600 IN RRSIG NSEC3 7 2 3600 20191010152936 20190919142936 62957 info. RRUyYuvETVFE0m+0iIw9m2119f4pRdzpngvQxd03ZuaBPlUykm/2/1RK +3517nhKcsjOWUXKHhbI+aOm0Qtta+RkEj38qmC0DKxb1Kq6AZhGaDAB 8rIJ5DHcoyghbA7vz+grDwshtV6ure7zWwJKCNhh3DNLu0wfhOvnMQmT V88=
678. ;; Received 577 bytes from 199.254.48.1#53(b0.info.afilias-nst.org) in 203 ms
679.  
680. htmedia.info. 3600 IN A 185.85.196.45
681. htmedia.info. 3600 IN NS dns8.cloudns.net.
682. htmedia.info. 3600 IN NS dns4.cloudns.net.
683. htmedia.info. 3600 IN NS dns7.cloudns.net.
684. htmedia.info. 3600 IN NS dns3.cloudns.net.
685. ;; Received 144 bytes from 185.136.96.88#53(dns3.cloudns.net) in 27 ms
686. #######################################################################################################################################
687. [*] Performing General Enumeration of Domain: htmedia.info
688. [-] DNSSEC is not configured for htmedia.info
689. [*] SOA dns3.cloudns.net 185.136.96.88
690. [*] NS dns4.cloudns.net 185.136.97.88
691. [*] Bind Version for 185.136.97.88 unknown
692. [*] NS dns4.cloudns.net 2a06:fb00:1::2:88
693. [*] Bind Version for 2a06:fb00:1::2:88 unknown
694. [*] NS dns8.cloudns.net 185.136.99.88
695. [*] Bind Version for 185.136.99.88 unknown
696. [*] NS dns8.cloudns.net 2a06:fb00:1::4:88
697. [*] Bind Version for 2a06:fb00:1::4:88 unknown
698. [*] NS dns7.cloudns.net 185.136.98.88
699. [*] Bind Version for 185.136.98.88 unknown
700. [*] NS dns7.cloudns.net 2a06:fb00:1::3:88
701. [*] Bind Version for 2a06:fb00:1::3:88 unknown
702. [*] NS dns3.cloudns.net 185.136.96.88
703. [*] Bind Version for 185.136.96.88 unknown
704. [*] NS dns3.cloudns.net 2a06:fb00:1::1:88
705. [*] Bind Version for 2a06:fb00:1::1:88 unknown
706. [*] MX inbound.htmedia.info.netsolmail.net 206.188.198.64
707. [*] A htmedia.info 185.85.196.45
708. [*] Enumerating SRV Records
709. [-] No SRV Records Found for htmedia.info
710. [+] 0 Records Found
711. #######################################################################################################################################
712. [*] Processing domain htmedia.info
713. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2', '192.168.0.1']
714. [+] Getting nameservers
715. 185.136.97.88 - dns4.cloudns.net
716. 185.136.99.88 - dns8.cloudns.net
717. 185.136.98.88 - dns7.cloudns.net
718. 185.136.96.88 - dns3.cloudns.net
719. [-] Zone transfer failed
720.  
721. [+] MX records found, added to target list
722. 10 inbound.htmedia.info.netsolmail.net.
723.  
724. [*] Scanning htmedia.info for A records
725. 185.85.196.45 - htmedia.info
726. 205.178.146.235 - mail.htmedia.info
727. 205.178.146.235 - smtp.htmedia.info
728. 185.85.196.45 - www.htmedia.info
729. #######################################################################################################################################
730. Parsero scan report for www.htmedia.info
731. http://www.htmedia.info/cache/ 302 Found
732. http://www.htmedia.info/installation/ 302 Found
733. http://www.htmedia.info/plugins/ 302 Found
734. http://www.htmedia.info/layouts/ 302 Found
735. http://www.htmedia.info/includes/ 302 Found
736. http://www.htmedia.info/modules/ 302 Found
737. http://www.htmedia.info/tmp/ 302 Found
738. http://www.htmedia.info/administrator/ 200 OK
739. http://www.htmedia.info/components/ 302 Found
740. http://www.htmedia.info/bin/ 200 OK
741. http://www.htmedia.info/cli/ 302 Found
742. http://www.htmedia.info/libraries/ 302 Found
743. http://www.htmedia.info/language/ 302 Found
744. http://www.htmedia.info/logs/ 200 OK
745. #######################################################################################################################################
746.  
747. AVAILABLE PLUGINS
748. -----------------
749.  
750. CertificateInfoPlugin
751. CompressionPlugin
752. RobotPlugin
753. OpenSslCipherSuitesPlugin
754. EarlyDataPlugin
755. HeartbleedPlugin
756. FallbackScsvPlugin
757. SessionRenegotiationPlugin
758. SessionResumptionPlugin
759. OpenSslCcsInjectionPlugin
760. HttpHeadersPlugin
761.  
762.  
763.  
764. CHECKING HOST(S) AVAILABILITY
765. -----------------------------
766.  
767. 185.85.196.45:443 => 185.85.196.45
768.  
769.  
770.  
771.  
772. SCAN RESULTS FOR 185.85.196.45:443 - 185.85.196.45
773. --------------------------------------------------
774.  
775. * Certificate Information:
776. Content
777. SHA1 Fingerprint: 6c84e350aef473578f0b6bcb8648338780575ef2
778. Common Name: al-aqsa.org
779. Issuer: Let's Encrypt Authority X3
780. Serial Number: 286901020914952824882778656320360633818807
781. Not Before: 2019-09-21 16:27:19
782. Not After: 2019-12-20 16:27:19
783. Signature Algorithm: sha256
784. Public Key Algorithm: RSA
785. Key Size: 2048
786. Exponent: 65537 (0x10001)
787. DNS Subject Alternative Names: ['al-aqsa.org']
788.  
789. Trust
790. Hostname Validation: FAILED - Certificate does NOT match 185.85.196.45
791. Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
792. Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
793. Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
794. Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
795. Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
796. Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
797. Received Chain: al-aqsa.org
798. Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
799. Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
800. Received Chain Order: OK - Order is valid
801. Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
802.  
803. Extensions
804. OCSP Must-Staple: NOT SUPPORTED - Extension not found
805. Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
806.  
807. OCSP Stapling
808. NOT SUPPORTED - Server did not send back an OCSP response
809.  
810. * TLSV1_2 Cipher Suites:
811. Forward Secrecy OK - Supported
812. RC4 OK - Not Supported
813.  
814. Preferred:
815. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
816. Accepted:
817. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 256 bits HTTP 200 OK
818. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
819. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 200 OK
820. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
821. TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
822. TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
823. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
824. TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
825. TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
826. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
827. TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 200 OK
828. TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 256 bits HTTP 200 OK
829. TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 200 OK
830. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
831. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
832. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
833. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
834. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
835. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
836. RSA_WITH_AES_256_CCM_8 256 bits HTTP 200 OK
837. RSA_WITH_AES_256_CCM 256 bits HTTP 200 OK
838. RSA_WITH_AES_128_CCM_8 128 bits HTTP 200 OK
839. RSA_WITH_AES_128_CCM 128 bits HTTP 200 OK
840. ECDHE-ARIA256-GCM-SHA384 256 bits HTTP 200 OK
841. ECDHE-ARIA128-GCM-SHA256 128 bits HTTP 200 OK
842. ARIA256-GCM-SHA384 256 bits HTTP 200 OK
843. ARIA128-GCM-SHA256 128 bits HTTP 200 OK
844.  
845. * Deflate Compression:
846. OK - Compression disabled
847.  
848. * TLSV1_3 Cipher Suites:
849. Forward Secrecy OK - Supported
850. RC4 OK - Not Supported
851.  
852. Preferred:
853. TLS_AES_256_GCM_SHA384 256 bits HTTP 200 OK
854. Accepted:
855. TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 200 OK
856. TLS_AES_256_GCM_SHA384 256 bits HTTP 200 OK
857. TLS_AES_128_GCM_SHA256 128 bits HTTP 200 OK
858.  
859. * OpenSSL Heartbleed:
860. OK - Not vulnerable to Heartbleed
861.  
862. * TLSV1 Cipher Suites:
863. Forward Secrecy OK - Supported
864. RC4 OK - Not Supported
865.  
866. Preferred:
867. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
868. Accepted:
869. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
870. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
871. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
872. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
873. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
874. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
875.  
876. * Downgrade Attacks:
877. TLS_FALLBACK_SCSV: OK - Supported
878.  
879. * TLSV1_1 Cipher Suites:
880. Forward Secrecy OK - Supported
881. RC4 OK - Not Supported
882.  
883. Preferred:
884. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
885. Accepted:
886. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
887. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
888. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
889. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
890. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
891. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
892.  
893. * TLS 1.2 Session Resumption Support:
894. With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
895. With TLS Tickets: OK - Supported
896.  
897. * Session Renegotiation:
898. Client-initiated Renegotiation: OK - Rejected
899. Secure Renegotiation: OK - Supported
900.  
901. * OpenSSL CCS Injection:
902. OK - Not vulnerable to OpenSSL CCS injection
903.  
904. * SSLV2 Cipher Suites:
905. Server rejected all cipher suites.
906.  
907. * SSLV3 Cipher Suites:
908. Server rejected all cipher suites.
909.  
910. * ROBOT Attack:
911. OK - Not vulnerable
912.  
913.  
914. SCAN COMPLETED IN 16.64 S
915. -------------------------
916. #######################################################################################################################################
917. Domains still to check: 1
918. Checking if the hostname htmedia.info. given is in fact a domain...
919.  
920. Analyzing domain: htmedia.info.
921. Checking NameServers using system default resolver...
922. IP: 185.136.97.88 (Europe)
923. HostName: dns4.cloudns.net Type: NS
924. HostName: dns4.cloudns.net Type: PTR
925. IP: 185.136.99.88 (Europe)
926. HostName: dns8.cloudns.net Type: NS
927. HostName: dns8.cloudns.net Type: PTR
928. IP: 185.136.98.88 (United States)
929. HostName: dns7.cloudns.net Type: NS
930. HostName: dns7.cloudns.net Type: PTR
931. IP: 185.136.96.88 (United States)
932. HostName: dns3.cloudns.net Type: NS
933. HostName: dns3.cloudns.net Type: PTR
934.  
935. Checking MailServers using system default resolver...
936. IP: 206.188.198.64 (United States)
937. HostName: inbound.htmedia.info.netsolmail.net Type: MX
938. HostName: mailpod1.networksolutionsemail.com Type: PTR
939.  
940. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
941. No zone transfer found on nameserver 185.136.96.88
942. No zone transfer found on nameserver 185.136.98.88
943. No zone transfer found on nameserver 185.136.97.88
944. No zone transfer found on nameserver 185.136.99.88
945.  
946. Checking SPF record...
947. No SPF record
948.  
949. Checking 192 most common hostnames using system default resolver...
950. IP: 185.85.196.45 (United Kingdom)
951. HostName: www.htmedia.info. Type: A
952. IP: 205.178.146.235 (United States)
953. HostName: mail.htmedia.info. Type: A
954. IP: 205.178.146.235 (United States)
955. HostName: mail.htmedia.info. Type: A
956. HostName: smtp.htmedia.info. Type: A
957.  
958. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
959. Checking netblock 205.178.146.0
960. Checking netblock 185.136.98.0
961. Checking netblock 185.136.96.0
962. Checking netblock 206.188.198.0
963. Checking netblock 185.85.196.0
964. Checking netblock 185.136.97.0
965. Checking netblock 185.136.99.0
966.  
967. Searching for htmedia.info. emails in Google
968.  
969. Checking 7 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
970. Host 205.178.146.235 is up (reset ttl 64)
971. Host 185.136.98.88 is up (echo-reply ttl 57)
972. Host 185.136.96.88 is up (reset ttl 64)
973. Host 206.188.198.64 is up (reset ttl 64)
974. Host 185.85.196.45 is up (echo-reply ttl 52)
975. Host 185.136.97.88 is up (reset ttl 64)
976. Host 185.136.99.88 is up (reset ttl 64)
977.  
978. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
979. Scanning ip 205.178.146.235 (smtp.htmedia.info.):
980. 80/tcp open http syn-ack ttl 52 Apache httpd (PHP 5.6.25)
981. | http-methods:
982. |_ Supported Methods: GET HEAD POST OPTIONS
983. |_http-server-header: Apache
984. | http-title: Webmail Login
985. |_Requested resource was ox6/interfaces/sso/
986. 110/tcp open pop3 syn-ack ttl 52 qmail pop3d
987. 143/tcp open imap syn-ack ttl 52 Courier Imapd (released 2008)
988. |_imap-capabilities: STARTTLSA0001 QUOTA completed IMAP4rev1 ACL2=UNION NAMESPACE OK ACL THREAD=REFERENCES THREAD=ORDEREDSUBJECT UIDPLUS CHILDREN IDLE SORT CAPABILITY
989. | ssl-cert: Subject: commonName=*.hostingplatform.com
990. | Subject Alternative Name: DNS:*.hostingplatform.com, DNS:hostingplatform.com
991. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
992. | Public Key type: rsa
993. | Public Key bits: 2048
994. | Signature Algorithm: sha256WithRSAEncryption
995. | Not valid before: 2017-08-22T00:00:00
996. | Not valid after: 2020-10-19T23:59:59
997. | MD5: 5855 2375 3084 9377 d5f2 0bc3 2470 0c9a
998. |_SHA-1: 3e85 7c56 9bf1 fd60 3d86 155b 0df0 5fd7 b507 ee2f
999. |_ssl-date: 2019-09-25T02:44:26+00:00; -4s from scanner time.
1000. 443/tcp open ssl/http syn-ack ttl 53 Apache httpd (PHP 5.6.25)
1001. | http-methods:
1002. |_ Supported Methods: GET HEAD POST
1003. |_http-server-header: Apache
1004. | http-title: Webmail Login
1005. |_Requested resource was ox6/interfaces/sso/
1006. | ssl-cert: Subject: commonName=*.networksolutionsemail.com
1007. | Subject Alternative Name: DNS:*.networksolutionsemail.com, DNS:networksolutionsemail.com
1008. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1009. | Public Key type: rsa
1010. | Public Key bits: 2048
1011. | Signature Algorithm: sha256WithRSAEncryption
1012. | Not valid before: 2018-03-21T00:00:00
1013. | Not valid after: 2020-03-20T23:59:59
1014. | MD5: 43fe e80b fc52 3858 2807 9f5c 5d1d f652
1015. |_SHA-1: fe8b 57c2 4e75 6873 5893 2c7c cde6 39e8 6fbd 2323
1016. |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
1017. 587/tcp open smtp syn-ack ttl 53 netqmail smtpd 1.04
1018. | smtp-commands: mailpod.hostingplatform.com, STARTTLS, PIPELINING, 8BITMIME, SIZE 65000000, AUTH LOGIN PLAIN CRAM-MD5,
1019. |_ netqmail home page: http://qmail.org/netqmail
1020. |_ssl-date: 2019-09-25T02:44:26+00:00; -4s from scanner time.
1021. 993/tcp open ssl/imap syn-ack ttl 53 Courier Imapd (released 2008)
1022. |_imap-capabilities: completed QUOTA AUTH=PLAIN IMAP4rev1 OK NAMESPACE ACL2=UNIONA0001 ACL THREAD=REFERENCES THREAD=ORDEREDSUBJECT UIDPLUS CHILDREN IDLE SORT CAPABILITY
1023. | ssl-cert: Subject: commonName=*.hostingplatform.com
1024. | Subject Alternative Name: DNS:*.hostingplatform.com, DNS:hostingplatform.com
1025. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1026. | Public Key type: rsa
1027. | Public Key bits: 2048
1028. | Signature Algorithm: sha256WithRSAEncryption
1029. | Not valid before: 2017-08-22T00:00:00
1030. | Not valid after: 2020-10-19T23:59:59
1031. | MD5: 5855 2375 3084 9377 d5f2 0bc3 2470 0c9a
1032. |_SHA-1: 3e85 7c56 9bf1 fd60 3d86 155b 0df0 5fd7 b507 ee2f
1033. |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
1034. 995/tcp open ssl/pop3s? syn-ack ttl 52
1035. |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
1036. OS Info: Service Info: Host: mail.hostingplatform.com; OS: Unix
1037. |_clock-skew: mean: -3s, deviation: 0s, median: -3s
1038. Scanning ip 185.136.98.88 (dns7.cloudns.net (PTR)):
1039. Scanning ip 185.136.96.88 (dns3.cloudns.net (PTR)):
1040. 53/tcp open domain syn-ack ttl 57 (unknown banner: unknown)
1041. | dns-nsid:
1042. | NSID: ca1-3 (6361312d33)
1043. | id.server: ca1-3
1044. |_ bind.version: unknown
1045. | fingerprint-strings:
1046. | DNSVersionBindReqTCP:
1047. | version
1048. | bind
1049. |_ unknown
1050. Scanning ip 206.188.198.64 (mailpod1.networksolutionsemail.com (PTR)):
1051. Scanning ip 185.85.196.45 (www.htmedia.info.):
1052. 22/tcp open ssh syn-ack ttl 52 OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
1053. | ssh-hostkey:
1054. | 2048 a0:72:87:9b:6e:7c:d8:9e:ec:36:d0:a0:fd:31:4a:54 (RSA)
1055. | 256 a2:8f:6d:b0:f3:41:87:9c:a9:4c:59:0a:63:03:5a:cb (ECDSA)
1056. |_ 256 c3:0e:00:86:70:5e:2c:ee:40:4b:56:83:dc:dd:0c:3c (ED25519)
1057. 80/tcp open http syn-ack ttl 52 nginx 1.15.9 (Ubuntu)
1058. | http-methods:
1059. |_ Supported Methods: GET HEAD
1060. |_http-server-header: nginx/1.15.9 (Ubuntu)
1061. |_http-title: Apache2 Ubuntu Default Page: It works
1062. 443/tcp open ssl/http syn-ack ttl 52 nginx 1.15.9 (Ubuntu)
1063. |_http-server-header: nginx/1.15.9 (Ubuntu)
1064. |_http-title: 502 Bad Gateway
1065. | ssl-cert: Subject: commonName=al-aqsa.org
1066. | Subject Alternative Name: DNS:al-aqsa.org
1067. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1068. | Public Key type: rsa
1069. | Public Key bits: 2048
1070. | Signature Algorithm: sha256WithRSAEncryption
1071. | Not valid before: 2019-09-21T16:27:19
1072. | Not valid after: 2019-12-20T16:27:19
1073. | MD5: 4b13 707e 9805 fec2 bbaa fdae f91f 7eaf
1074. |_SHA-1: 6c84 e350 aef4 7357 8f0b 6bcb 8648 3387 8057 5ef2
1075. |_ssl-date: TLS randomness does not represent time
1076. | tls-alpn:
1077. | h2
1078. |_ http/1.1
1079. | tls-nextprotoneg:
1080. | h2
1081. |_ http/1.1
1082. OS Info: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1083. Scanning ip 185.136.97.88 (dns4.cloudns.net (PTR)):
1084. Scanning ip 185.136.99.88 (dns8.cloudns.net (PTR)):
1085. WebCrawling domain's web servers... up to 50 max links.
1086.  
1087. + URL to crawl: http://smtp.htmedia.info.
1088. + Date: 2019-09-24
1089.  
1090. + Crawling URL: http://smtp.htmedia.info.:
1091. + Links:
1092. + Crawling http://smtp.htmedia.info.
1093. + Searching for directories...
1094. - Found: http://smtp.htmedia.info./css/
1095. + Searching open folders...
1096. - http://smtp.htmedia.info./css/ (404 Not Found)
1097.  
1098.  
1099. + URL to crawl: http://mail.htmedia.info.
1100. + Date: 2019-09-24
1101.  
1102. + Crawling URL: http://mail.htmedia.info.:
1103. + Links:
1104. + Crawling http://mail.htmedia.info.
1105. + Searching for directories...
1106. - Found: http://mail.htmedia.info./css/
1107. + Searching open folders...
1108. - http://mail.htmedia.info./css/ (404 Not Found)
1109.  
1110.  
1111. + URL to crawl: https://smtp.htmedia.info.
1112. + Date: 2019-09-24
1113.  
1114. + Crawling URL: https://smtp.htmedia.info.:
1115. + Links:
1116. + Crawling https://smtp.htmedia.info.
1117. + Searching for directories...
1118. + Searching open folders...
1119.  
1120.  
1121. + URL to crawl: https://mail.htmedia.info.
1122. + Date: 2019-09-24
1123.  
1124. + Crawling URL: https://mail.htmedia.info.:
1125. + Links:
1126. + Crawling https://mail.htmedia.info.
1127. + Searching for directories...
1128. + Searching open folders...
1129.  
1130.  
1131. + URL to crawl: http://www.htmedia.info.
1132. + Date: 2019-09-24
1133.  
1134. + Crawling URL: http://www.htmedia.info.:
1135. + Links:
1136. + Crawling http://www.htmedia.info. (503 Service Unavailable)
1137. + Searching for directories...
1138. + Searching open folders...
1139.  
1140.  
1141. + URL to crawl: https://www.htmedia.info.
1142. + Date: 2019-09-24
1143.  
1144. + Crawling URL: https://www.htmedia.info.:
1145. + Links:
1146. + Crawling https://www.htmedia.info. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1147. + Searching for directories...
1148. + Searching open folders...
1149.  
1150. --Finished--
1151. Summary information for domain htmedia.info.
1152. -----------------------------------------
1153.  
1154. Domain Ips Information:
1155. IP: 205.178.146.235
1156. HostName: mail.htmedia.info. Type: A
1157. HostName: smtp.htmedia.info. Type: A
1158. Country: United States
1159. Is Active: True (reset ttl 64)
1160. Port: 80/tcp open http syn-ack ttl 52 Apache httpd (PHP 5.6.25)
1161. Script Info: | http-methods:
1162. Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1163. Script Info: |_http-server-header: Apache
1164. Script Info: | http-title: Webmail Login
1165. Script Info: |_Requested resource was ox6/interfaces/sso/
1166. Port: 110/tcp open pop3 syn-ack ttl 52 qmail pop3d
1167. Port: 143/tcp open imap syn-ack ttl 52 Courier Imapd (released 2008)
1168. Script Info: |_imap-capabilities: STARTTLSA0001 QUOTA completed IMAP4rev1 ACL2=UNION NAMESPACE OK ACL THREAD=REFERENCES THREAD=ORDEREDSUBJECT UIDPLUS CHILDREN IDLE SORT CAPABILITY
1169. Script Info: | ssl-cert: Subject: commonName=*.hostingplatform.com
1170. Script Info: | Subject Alternative Name: DNS:*.hostingplatform.com, DNS:hostingplatform.com
1171. Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1172. Script Info: | Public Key type: rsa
1173. Script Info: | Public Key bits: 2048
1174. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1175. Script Info: | Not valid before: 2017-08-22T00:00:00
1176. Script Info: | Not valid after: 2020-10-19T23:59:59
1177. Script Info: | MD5: 5855 2375 3084 9377 d5f2 0bc3 2470 0c9a
1178. Script Info: |_SHA-1: 3e85 7c56 9bf1 fd60 3d86 155b 0df0 5fd7 b507 ee2f
1179. Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -4s from scanner time.
1180. Port: 443/tcp open ssl/http syn-ack ttl 53 Apache httpd (PHP 5.6.25)
1181. Script Info: | http-methods:
1182. Script Info: |_ Supported Methods: GET HEAD POST
1183. Script Info: |_http-server-header: Apache
1184. Script Info: | http-title: Webmail Login
1185. Script Info: |_Requested resource was ox6/interfaces/sso/
1186. Script Info: | ssl-cert: Subject: commonName=*.networksolutionsemail.com
1187. Script Info: | Subject Alternative Name: DNS:*.networksolutionsemail.com, DNS:networksolutionsemail.com
1188. Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1189. Script Info: | Public Key type: rsa
1190. Script Info: | Public Key bits: 2048
1191. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1192. Script Info: | Not valid before: 2018-03-21T00:00:00
1193. Script Info: | Not valid after: 2020-03-20T23:59:59
1194. Script Info: | MD5: 43fe e80b fc52 3858 2807 9f5c 5d1d f652
1195. Script Info: |_SHA-1: fe8b 57c2 4e75 6873 5893 2c7c cde6 39e8 6fbd 2323
1196. Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
1197. Port: 587/tcp open smtp syn-ack ttl 53 netqmail smtpd 1.04
1198. Script Info: | smtp-commands: mailpod.hostingplatform.com, STARTTLS, PIPELINING, 8BITMIME, SIZE 65000000, AUTH LOGIN PLAIN CRAM-MD5,
1199. Script Info: |_ netqmail home page: http://qmail.org/netqmail
1200. Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -4s from scanner time.
1201. Port: 993/tcp open ssl/imap syn-ack ttl 53 Courier Imapd (released 2008)
1202. Script Info: |_imap-capabilities: completed QUOTA AUTH=PLAIN IMAP4rev1 OK NAMESPACE ACL2=UNIONA0001 ACL THREAD=REFERENCES THREAD=ORDEREDSUBJECT UIDPLUS CHILDREN IDLE SORT CAPABILITY
1203. Script Info: | ssl-cert: Subject: commonName=*.hostingplatform.com
1204. Script Info: | Subject Alternative Name: DNS:*.hostingplatform.com, DNS:hostingplatform.com
1205. Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1206. Script Info: | Public Key type: rsa
1207. Script Info: | Public Key bits: 2048
1208. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1209. Script Info: | Not valid before: 2017-08-22T00:00:00
1210. Script Info: | Not valid after: 2020-10-19T23:59:59
1211. Script Info: | MD5: 5855 2375 3084 9377 d5f2 0bc3 2470 0c9a
1212. Script Info: |_SHA-1: 3e85 7c56 9bf1 fd60 3d86 155b 0df0 5fd7 b507 ee2f
1213. Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
1214. Port: 995/tcp open ssl/pop3s? syn-ack ttl 52
1215. Script Info: |_ssl-date: 2019-09-25T02:44:26+00:00; -3s from scanner time.
1216. Os Info: Host: mail.hostingplatform.com; OS: Unix
1217. Script Info: |_clock-skew: mean: -3s, deviation: 0s, median: -3s
1218. IP: 185.136.98.88
1219. HostName: dns7.cloudns.net Type: NS
1220. HostName: dns7.cloudns.net Type: PTR
1221. Country: United States
1222. Is Active: True (echo-reply ttl 57)
1223. IP: 185.136.96.88
1224. HostName: dns3.cloudns.net Type: NS
1225. HostName: dns3.cloudns.net Type: PTR
1226. Country: United States
1227. Is Active: True (reset ttl 64)
1228. Port: 53/tcp open domain syn-ack ttl 57 (unknown banner: unknown)
1229. Script Info: | dns-nsid:
1230. Script Info: | NSID: ca1-3 (6361312d33)
1231. Script Info: | id.server: ca1-3
1232. Script Info: |_ bind.version: unknown
1233. Script Info: | fingerprint-strings:
1234. Script Info: | DNSVersionBindReqTCP:
1235. Script Info: | version
1236. Script Info: | bind
1237. Script Info: |_ unknown
1238. IP: 206.188.198.64
1239. HostName: inbound.htmedia.info.netsolmail.net Type: MX
1240. HostName: mailpod1.networksolutionsemail.com Type: PTR
1241. Country: United States
1242. Is Active: True (reset ttl 64)
1243. IP: 185.85.196.45
1244. HostName: www.htmedia.info. Type: A
1245. Country: United Kingdom
1246. Is Active: True (echo-reply ttl 52)
1247. Port: 22/tcp open ssh syn-ack ttl 52 OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
1248. Script Info: | ssh-hostkey:
1249. Script Info: | 2048 a0:72:87:9b:6e:7c:d8:9e:ec:36:d0:a0:fd:31:4a:54 (RSA)
1250. Script Info: | 256 a2:8f:6d:b0:f3:41:87:9c:a9:4c:59:0a:63:03:5a:cb (ECDSA)
1251. Script Info: |_ 256 c3:0e:00:86:70:5e:2c:ee:40:4b:56:83:dc:dd:0c:3c (ED25519)
1252. Port: 80/tcp open http syn-ack ttl 52 nginx 1.15.9 (Ubuntu)
1253. Script Info: | http-methods:
1254. Script Info: |_ Supported Methods: GET HEAD
1255. Script Info: |_http-server-header: nginx/1.15.9 (Ubuntu)
1256. Script Info: |_http-title: Apache2 Ubuntu Default Page: It works
1257. Port: 443/tcp open ssl/http syn-ack ttl 52 nginx 1.15.9 (Ubuntu)
1258. Script Info: |_http-server-header: nginx/1.15.9 (Ubuntu)
1259. Script Info: |_http-title: 502 Bad Gateway
1260. Script Info: | ssl-cert: Subject: commonName=al-aqsa.org
1261. Script Info: | Subject Alternative Name: DNS:al-aqsa.org
1262. Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1263. Script Info: | Public Key type: rsa
1264. Script Info: | Public Key bits: 2048
1265. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1266. Script Info: | Not valid before: 2019-09-21T16:27:19
1267. Script Info: | Not valid after: 2019-12-20T16:27:19
1268. Script Info: | MD5: 4b13 707e 9805 fec2 bbaa fdae f91f 7eaf
1269. Script Info: |_SHA-1: 6c84 e350 aef4 7357 8f0b 6bcb 8648 3387 8057 5ef2
1270. Script Info: |_ssl-date: TLS randomness does not represent time
1271. Script Info: | tls-alpn:
1272. Script Info: | h2
1273. Script Info: |_ http/1.1
1274. Script Info: | tls-nextprotoneg:
1275. Script Info: | h2
1276. Script Info: |_ http/1.1
1277. Os Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1278. IP: 185.136.97.88
1279. HostName: dns4.cloudns.net Type: NS
1280. HostName: dns4.cloudns.net Type: PTR
1281. Country: Europe
1282. Is Active: True (reset ttl 64)
1283. IP: 185.136.99.88
1284. HostName: dns8.cloudns.net Type: NS
1285. HostName: dns8.cloudns.net Type: PTR
1286. Country: Europe
1287. Is Active: True (reset ttl 64)
1288. #######################################################################################################################################
1289. dnsenum VERSION:1.2.4
1290.  
1291. ----- www.htmedia.info -----
1292.  
1293.  
1294. Host's addresses:
1295. __________________
1296.  
1297. htmedia.info. 1215 IN A 185.85.196.45
1298.  
1299.  
1300. Name Servers:
1301. ______________
1302.  
1303. dns8.cloudns.net. 85707 IN A 185.136.99.88
1304. dns4.cloudns.net. 49957 IN A 185.136.97.88
1305. dns3.cloudns.net. 49415 IN A 185.136.96.88
1306. dns7.cloudns.net. 86332 IN A 185.136.98.88
1307.  
1308.  
1309. Mail (MX) Servers:
1310. ___________________
1311.  
1312. inbound.htmedia.info.netsolmail.net. 5944 IN A 206.188.198.64
1313.  
1314.  
1315. Trying Zone Transfers and getting Bind Versions:
1316. _________________________________________________
1317.  
1318.  
1319. Trying Zone Transfer for www.htmedia.info on dns8.cloudns.net ...
1320.  
1321. Trying Zone Transfer for www.htmedia.info on dns4.cloudns.net ...
1322.  
1323. Trying Zone Transfer for www.htmedia.info on dns3.cloudns.net ...
1324.  
1325. Trying Zone Transfer for www.htmedia.info on dns7.cloudns.net ...
1326.  
1327. brute force file not specified, bay.
1328. ######################################################################################################################################
1329. [*] Processing domain www.htmedia.info
1330. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2', '192.168.0.1']
1331. [+] Getting nameservers
1332. 185.136.96.88 - dns3.cloudns.net
1333. 185.136.98.88 - dns7.cloudns.net
1334. 185.136.99.88 - dns8.cloudns.net
1335. 185.136.97.88 - dns4.cloudns.net
1336. [-] Zone transfer failed
1337.  
1338. [+] MX records found, added to target list
1339. 10 inbound.htmedia.info.netsolmail.net.
1340.  
1341. [*] Scanning www.htmedia.info for A records
1342. 185.85.196.45 - www.htmedia.info
1343. ######################################################################################################################################
1344. [+] www.htmedia.info has no SPF record!
1345. [*] No DMARC record found. Looking for organizational record
1346. [+] No organizational DMARC record
1347. [+] Spoofing possible for www.htmedia.info!
1348. ######################################################################################################################################
1349. INFO[0000] Starting to process queue....
1350. INFO[0000] Starting to process permutations....
1351. INFO[0000] FORBIDDEN http://htmedia.s3.amazonaws.com (http://htmedia.info)
1352. INFO[0000] FORBIDDEN http://htmedia-backup.s3.amazonaws.com (http://htmedia.info)
1353. ######################################################################################################################################
1354. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 23:05 EDT
1355. Nmap scan report for www.htmedia.info (185.85.196.45)
1356. Host is up (0.046s latency).
1357. rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
1358. Not shown: 477 filtered ports, 3 closed ports
1359. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1360. PORT STATE SERVICE
1361. 22/tcp open ssh
1362. 80/tcp open http
1363. 443/tcp open https
1364.  
1365. Nmap done: 1 IP address (1 host up) scanned in 4.09 seconds
1366. ######################################################################################################################################
1367. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 23:06 EDT
1368. Nmap scan report for www.htmedia.info (185.85.196.45)
1369. Host is up (0.075s latency).
1370. rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
1371. Not shown: 2 filtered ports
1372. PORT STATE SERVICE
1373. 53/udp open|filtered domain
1374. 67/udp open|filtered dhcps
1375. 68/udp open|filtered dhcpc
1376. 69/udp open|filtered tftp
1377. 88/udp open|filtered kerberos-sec
1378. 123/udp open|filtered ntp
1379. 139/udp open|filtered netbios-ssn
1380. 161/udp open|filtered snmp
1381. 162/udp open|filtered snmptrap
1382. 389/udp open|filtered ldap
1383. 500/udp open|filtered isakmp
1384. 520/udp open|filtered route
1385. 2049/udp open|filtered nfs
1386.  
1387. Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
1388. #######################################################################################################################################
1389. # general
1390. (gen) banner: SSH-2.0-OpenSSH_7.9p1 Ubuntu-10
1391. (gen) software: OpenSSH 7.9p1
1392. (gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
1393. (gen) compression: enabled (zlib@openssh.com)
1394.  
1395. # key exchange algorithms
1396. (kex) curve25519-sha256 -- [warn] unknown algorithm
1397. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
1398. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1399. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1400. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1401. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1402. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1403. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1404. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1405. `- [info] available since OpenSSH 4.4
1406. (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1407. (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
1408. (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1409. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1410. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1411.  
1412. # host-key algorithms
1413. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
1414. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
1415. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1416. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1417. `- [warn] using weak random number generator could reveal the key
1418. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1419. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
1420.  
1421. # encryption algorithms (ciphers)
1422. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
1423. `- [info] default cipher since OpenSSH 6.9.
1424. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1425. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
1426. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1427. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
1428. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
1429.  
1430. # message authentication code algorithms
1431. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
1432. `- [info] available since OpenSSH 6.2
1433. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
1434. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
1435. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
1436. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
1437. `- [info] available since OpenSSH 6.2
1438. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1439. `- [warn] using small 64-bit tag size
1440. `- [info] available since OpenSSH 4.7
1441. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
1442. `- [info] available since OpenSSH 6.2
1443. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1444. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1445. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1446. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1447. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1448. `- [warn] using weak hashing algorithm
1449. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1450.  
1451. # algorithm recommendations (for OpenSSH 7.9)
1452. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1453. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1454. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1455. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1456. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
1457. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1458. (rec) -hmac-sha2-512 -- mac algorithm to remove
1459. (rec) -umac-128@openssh.com -- mac algorithm to remove
1460. (rec) -hmac-sha2-256 -- mac algorithm to remove
1461. (rec) -umac-64@openssh.com -- mac algorithm to remove
1462. (rec) -hmac-sha1 -- mac algorithm to remove
1463. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
1464. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
1465. ######################################################################################################################################
1466. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
1467. RHOSTS => www.htmedia.info
1468. RHOST => www.htmedia.info
1469. [*] 185.85.196.45:22 - SSH - Using malformed packet technique
1470. [*] 185.85.196.45:22 - SSH - Starting scan
1471. [+] 185.85.196.45:22 - SSH - User 'admin' found
1472. [+] 185.85.196.45:22 - SSH - User 'administrator' found
1473. [+] 185.85.196.45:22 - SSH - User 'anonymous' found
1474. [+] 185.85.196.45:22 - SSH - User 'backup' found
1475. [+] 185.85.196.45:22 - SSH - User 'bee' found
1476. [+] 185.85.196.45:22 - SSH - User 'ftp' found
1477. [+] 185.85.196.45:22 - SSH - User 'guest' found
1478. [+] 185.85.196.45:22 - SSH - User 'GUEST' found
1479. [+] 185.85.196.45:22 - SSH - User 'info' found
1480. [+] 185.85.196.45:22 - SSH - User 'mail' found
1481. [+] 185.85.196.45:22 - SSH - User 'mailadmin' found
1482. [+] 185.85.196.45:22 - SSH - User 'msfadmin' found
1483. [+] 185.85.196.45:22 - SSH - User 'mysql' found
1484. [+] 185.85.196.45:22 - SSH - User 'nobody' found
1485. [+] 185.85.196.45:22 - SSH - User 'oracle' found
1486. [+] 185.85.196.45:22 - SSH - User 'owaspbwa' found
1487. [+] 185.85.196.45:22 - SSH - User 'postfix' found
1488. [+] 185.85.196.45:22 - SSH - User 'postgres' found
1489. [+] 185.85.196.45:22 - SSH - User 'private' found
1490. [+] 185.85.196.45:22 - SSH - User 'proftpd' found
1491. [+] 185.85.196.45:22 - SSH - User 'public' found
1492. [+] 185.85.196.45:22 - SSH - User 'root' found
1493. [+] 185.85.196.45:22 - SSH - User 'superadmin' found
1494. [+] 185.85.196.45:22 - SSH - User 'support' found
1495. [+] 185.85.196.45:22 - SSH - User 'sys' found
1496. [+] 185.85.196.45:22 - SSH - User 'system' found
1497. [+] 185.85.196.45:22 - SSH - User 'systemadmin' found
1498. [+] 185.85.196.45:22 - SSH - User 'systemadministrator' found
1499. [+] 185.85.196.45:22 - SSH - User 'test' found
1500. [+] 185.85.196.45:22 - SSH - User 'tomcat' found
1501. [+] 185.85.196.45:22 - SSH - User 'user' found
1502. [+] 185.85.196.45:22 - SSH - User 'webmaster' found
1503. [+] 185.85.196.45:22 - SSH - User 'www-data' found
1504. [+] 185.85.196.45:22 - SSH - User 'Fortimanager_Access' found
1505. [*] Scanned 1 of 1 hosts (100% complete)
1506. [*] Auxiliary module execution completed
1507. ######################################################################################################################################
1508. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 23:07 EDT
1509. NSE: Loaded 164 scripts for scanning.
1510. NSE: Script Pre-scanning.
1511. Initiating NSE at 23:07
1512. Completed NSE at 23:07, 0.00s elapsed
1513. Initiating NSE at 23:07
1514. Completed NSE at 23:07, 0.00s elapsed
1515. Initiating Parallel DNS resolution of 1 host. at 23:07
1516. Completed Parallel DNS resolution of 1 host. at 23:07, 0.03s elapsed
1517. Initiating SYN Stealth Scan at 23:07
1518. Scanning www.htmedia.info (185.85.196.45) [1 port]
1519. Discovered open port 80/tcp on 185.85.196.45
1520. Completed SYN Stealth Scan at 23:07, 0.10s elapsed (1 total ports)
1521. Initiating Service scan at 23:07
1522. Scanning 1 service on www.htmedia.info (185.85.196.45)
1523. Completed Service scan at 23:07, 5.31s elapsed (1 service on 1 host)
1524. Initiating OS detection (try #1) against www.htmedia.info (185.85.196.45)
1525. Retrying OS detection (try #2) against www.htmedia.info (185.85.196.45)
1526. Initiating Traceroute at 23:07
1527. Completed Traceroute at 23:07, 3.08s elapsed
1528. Initiating Parallel DNS resolution of 12 hosts. at 23:07
1529. Completed Parallel DNS resolution of 12 hosts. at 23:07, 0.28s elapsed
1530. NSE: Script scanning 185.85.196.45.
1531. Initiating NSE at 23:07
1532. Completed NSE at 23:07, 26.81s elapsed
1533. Initiating NSE at 23:07
1534. Completed NSE at 23:07, 0.47s elapsed
1535. Nmap scan report for www.htmedia.info (185.85.196.45)
1536. Host is up (0.082s latency).
1537. rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
1538.  
1539. PORT STATE SERVICE VERSION
1540. 80/tcp open http nginx 1.15.9 (Ubuntu)
1541. | http-brute:
1542. |_ Path "/" does not require authentication
1543. |_http-chrono: Request times for /; avg: 352.35ms; min: 286.02ms; max: 484.26ms
1544. |_http-csrf: Couldn't find any CSRF vulnerabilities.
1545. |_http-date: Wed, 25 Sep 2019 03:07:19 GMT; -4s from local time.
1546. |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1547. |_http-dombased-xss: Couldn't find any DOM based XSS.
1548. |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1549. | http-errors:
1550. | Spidering limited to: maxpagecount=40; withinhost=www.htmedia.info
1551. | Found the following error pages:
1552. |
1553. | Error Code: 502
1554. |_ http://www.htmedia.info:80/
1555. |_http-feed: Couldn't find any feeds.
1556. |_http-fetch: Please enter the complete path of the directory to save data in.
1557. | http-headers:
1558. | Server: nginx/1.15.9 (Ubuntu)
1559. | Date: Wed, 25 Sep 2019 03:07:32 GMT
1560. | Content-Type: text/html
1561. | Content-Length: 166
1562. | X-Varnish: 12715253
1563. | Age: 0
1564. | Via: 1.1 varnish (Varnish/6.1)
1565. | Connection: close
1566. |
1567. |_ (Request type: GET)
1568. |_http-jsonp-detection: Couldn't find any JSONP endpoints.
1569. |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
1570. |_http-mobileversion-checker: No mobile version detected.
1571. | http-robots.txt: 15 disallowed entries
1572. | /joomla/administrator/ /administrator/ /bin/ /cache/
1573. | /cli/ /components/ /includes/ /installation/ /language/
1574. |_/layouts/ /libraries/ /logs/ /modules/ /plugins/ /tmp/
1575. |_http-security-headers:
1576. |_http-server-header: nginx/1.15.9 (Ubuntu)
1577. | http-sitemap-generator:
1578. | Directory structure:
1579. | Longest directory structure:
1580. | Depth: 0
1581. | Dir: /
1582. | Total files found (by extension):
1583. |_
1584. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1585. |_http-title: 502 Bad Gateway
1586. | http-traceroute:
1587. | Status Code
1588. | Hop #1: 502
1589. | Hop #2: 502
1590. |_ Hop #3: 502
1591. | http-vhosts:
1592. |_127 names had status 502
1593. |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1594. |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1595. |_http-xssed: No previously reported XSS vuln.
1596. |_vulscan: ERROR: Script execution failed (use -d to debug)
1597. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1598. Aggressive OS guesses: Crestron XPanel control system (92%), ASUS RT-N56U WAP (Linux 3.4) (90%), Linux 3.1 (90%), Linux 3.16 (90%), Linux 3.2 (90%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (89%), HP P2000 G3 NAS device (89%), Linux 2.6.32 (88%), Linux 2.6.39 - 3.2 (88%), Infomir MAG-250 set-top box (88%)
1599. No exact OS matches for host (test conditions non-ideal).
1600. Uptime guess: 3.443 days (since Sat Sep 21 12:30:17 2019)
1601. Network Distance: 14 hops
1602. TCP Sequence Prediction: Difficulty=260 (Good luck!)
1603. IP ID Sequence Generation: All zeros
1604. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1605.  
1606. TRACEROUTE (using port 80/tcp)
1607. HOP RTT ADDRESS
1608. 1 43.71 ms 10.243.204.1
1609. 2 63.47 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1610. 3 63.53 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1611. 4 63.45 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1612. 5 63.52 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
1613. 6 63.51 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
1614. 7 63.60 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
1615. 8 63.59 ms be3528.rcr51.b054249-0.yyz02.atlas.cogentco.com (66.28.4.246)
1616. 9 63.59 ms 151.139.116.7
1617. 10 ...
1618. 11 73.02 ms 151.139.28.6
1619. 12 79.42 ms 151.139.28.20
1620. 13 ...
1621. 14 100.50 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
1622.  
1623. NSE: Script Post-scanning.
1624. Initiating NSE at 23:07
1625. Completed NSE at 23:07, 0.00s elapsed
1626. Initiating NSE at 23:07
1627. Completed NSE at 23:07, 0.00s elapsed
1628. ######################################################################################################################################
1629. http://www.htmedia.info [502 Bad Gateway] HTTPServer[Ubuntu Linux][nginx/1.15.9 (Ubuntu)], IP[185.85.196.45], Title[502 Bad Gateway], UncommonHeaders[x-varnish], Varnish, Via-Proxy[1.1 varnish (Varnish/6.1)], nginx[1.15.9]
1630. ######################################################################################################################################
1631.  
1632. wig - WebApp Information Gatherer
1633.  
1634.  
1635. Scanning http://www.htmedia.info...
1636. _____________________ SITE INFO ______________________
1637. IP Title
1638. 185.85.196.45 502 Bad Gateway
1639.  
1640. ______________________ VERSION _______________________
1641. Name Versions Type
1642. nginx 1.15.9 Platform
1643.  
1644. ____________________ INTERESTING _____________________
1645. URL Note Type
1646. /readme.html Readme file Interesting
1647. /install.php Installation file Interesting
1648. /robots.txt robots.txt index Interesting
1649. /test.php Test file Interesting
1650.  
1651. ______________________________________________________
1652. Time: 30.3 sec Urls: 539 Fingerprints: 40401
1653. ######################################################################################################################################
1654. HTTP/1.1 502 Bad Gateway
1655. Server: nginx/1.15.9 (Ubuntu)
1656. Date: Wed, 25 Sep 2019 03:08:19 GMT
1657. Content-Type: text/html
1658. Content-Length: 166
1659. X-Varnish: 7799600
1660. Age: 0
1661. Via: 1.1 varnish (Varnish/6.1)
1662. Connection: keep-alive
1663.  
1664. HTTP/1.1 502 Bad Gateway
1665. Server: nginx/1.15.9 (Ubuntu)
1666. Date: Wed, 25 Sep 2019 03:08:20 GMT
1667. Content-Type: text/html
1668. Content-Length: 166
1669. X-Varnish: 12715315
1670. Age: 0
1671. Via: 1.1 varnish (Varnish/6.1)
1672. Connection: keep-alive
1673. ######################################################################################################################################
1674. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 23:09 EDT
1675. NSE: Loaded 164 scripts for scanning.
1676. NSE: Script Pre-scanning.
1677. Initiating NSE at 23:09
1678. Completed NSE at 23:09, 0.00s elapsed
1679. Initiating NSE at 23:09
1680. Completed NSE at 23:09, 0.00s elapsed
1681. Initiating Parallel DNS resolution of 1 host. at 23:09
1682. Completed Parallel DNS resolution of 1 host. at 23:09, 0.02s elapsed
1683. Initiating SYN Stealth Scan at 23:09
1684. Scanning www.htmedia.info (185.85.196.45) [1 port]
1685. Discovered open port 443/tcp on 185.85.196.45
1686. Completed SYN Stealth Scan at 23:09, 0.07s elapsed (1 total ports)
1687. Initiating Service scan at 23:09
1688. Scanning 1 service on www.htmedia.info (185.85.196.45)
1689. Completed Service scan at 23:09, 15.44s elapsed (1 service on 1 host)
1690. Initiating OS detection (try #1) against www.htmedia.info (185.85.196.45)
1691. Retrying OS detection (try #2) against www.htmedia.info (185.85.196.45)
1692. Initiating Traceroute at 23:09
1693. Completed Traceroute at 23:09, 3.08s elapsed
1694. Initiating Parallel DNS resolution of 12 hosts. at 23:09
1695. Completed Parallel DNS resolution of 12 hosts. at 23:09, 0.28s elapsed
1696. NSE: Script scanning 185.85.196.45.
1697. Initiating NSE at 23:09
1698. Completed NSE at 23:09, 34.14s elapsed
1699. Initiating NSE at 23:09
1700. Completed NSE at 23:10, 3.66s elapsed
1701. Nmap scan report for www.htmedia.info (185.85.196.45)
1702. Host is up (0.063s latency).
1703. rDNS record for 185.85.196.45: 185-85-196-45.stackpathedge.net
1704.  
1705. PORT STATE SERVICE VERSION
1706. 443/tcp open ssl/http nginx 1.15.9 (Ubuntu)
1707. | http-brute:
1708. |_ Path "/" does not require authentication
1709. |_http-chrono: Request times for /; avg: 472.09ms; min: 398.94ms; max: 499.84ms
1710. |_http-csrf: Couldn't find any CSRF vulnerabilities.
1711. |_http-date: Wed, 25 Sep 2019 03:09:22 GMT; -5s from local time.
1712. |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1713. |_http-dombased-xss: Couldn't find any DOM based XSS.
1714. |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1715. | http-errors:
1716. | Spidering limited to: maxpagecount=40; withinhost=www.htmedia.info
1717. | Found the following error pages:
1718. |
1719. | Error Code: 502
1720. |_ https://www.htmedia.info:443/
1721. |_http-feed: Couldn't find any feeds.
1722. |_http-fetch: Please enter the complete path of the directory to save data in.
1723. | http-headers:
1724. | Server: nginx/1.15.9 (Ubuntu)
1725. | Date: Wed, 25 Sep 2019 03:09:36 GMT
1726. | Content-Type: text/html
1727. | Content-Length: 166
1728. | Connection: close
1729. |
1730. |_ (Request type: GET)
1731. |_http-jsonp-detection: Couldn't find any JSONP endpoints.
1732. |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
1733. |_http-mobileversion-checker: No mobile version detected.
1734. | http-security-headers:
1735. | Strict_Transport_Security:
1736. |_ HSTS not configured in HTTPS Server
1737. |_http-server-header: nginx/1.15.9 (Ubuntu)
1738. | http-sitemap-generator:
1739. | Directory structure:
1740. | Longest directory structure:
1741. | Depth: 0
1742. | Dir: /
1743. | Total files found (by extension):
1744. |_
1745. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1746. |_http-title: 502 Bad Gateway
1747. | http-traceroute:
1748. | Status Code
1749. | Hop #1: 502
1750. | Hop #2: 502
1751. |_ Hop #3: 502
1752. | http-vhosts:
1753. |_127 names had status 502
1754. |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1755. |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1756. |_http-xssed: No previously reported XSS vuln.
1757. |_vulscan: ERROR: Script execution failed (use -d to debug)
1758. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1759. Aggressive OS guesses: Crestron XPanel control system (92%), ASUS RT-N56U WAP (Linux 3.4) (90%), Linux 3.1 (90%), Linux 3.16 (90%), Linux 3.2 (90%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (89%), HP P2000 G3 NAS device (89%), Linux 2.6.32 (88%), Linux 2.6.39 - 3.2 (88%), Linux 3.1 - 3.2 (88%)
1760. No exact OS matches for host (test conditions non-ideal).
1761. Uptime guess: 3.492 days (since Sat Sep 21 11:21:59 2019)
1762. Network Distance: 14 hops
1763. TCP Sequence Prediction: Difficulty=263 (Good luck!)
1764. IP ID Sequence Generation: All zeros
1765. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1766.  
1767. TRACEROUTE (using port 443/tcp)
1768. HOP RTT ADDRESS
1769. 1 41.71 ms 10.243.204.1
1770. 2 61.30 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1771. 3 61.41 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1772. 4 61.37 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1773. 5 61.35 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
1774. 6 61.37 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
1775. 7 61.41 ms be3259.ccr31.yyz02.atlas.cogentco.com (154.54.41.205)
1776. 8 61.44 ms be3529.rcr51.b054249-0.yyz02.atlas.cogentco.com (154.54.24.194)
1777. 9 61.44 ms 151.139.116.7
1778. 10 ...
1779. 11 37.55 ms 151.139.28.6
1780. 12 53.68 ms 151.139.28.22
1781. 13 ...
1782. 14 74.47 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
1783.  
1784. NSE: Script Post-scanning.
1785. Initiating NSE at 23:10
1786. Completed NSE at 23:10, 0.00s elapsed
1787. Initiating NSE at 23:10
1788. Completed NSE at 23:10, 0.00s elapsed
1789. ######################################################################################################################################
1790. Version: 1.11.13-static
1791. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1792.  
1793. Connected to 185.85.196.45
1794.  
1795. Testing SSL server www.htmedia.info on port 443 using SNI name www.htmedia.info
1796.  
1797. TLS Fallback SCSV:
1798. Server supports TLS Fallback SCSV
1799.  
1800. TLS renegotiation:
1801. Secure session renegotiation supported
1802.  
1803. TLS Compression:
1804. Compression disabled
1805.  
1806. Heartbleed:
1807. TLS 1.2 not vulnerable to heartbleed
1808. TLS 1.1 not vulnerable to heartbleed
1809. TLS 1.0 not vulnerable to heartbleed
1810.  
1811. Supported Server Cipher(s):
1812. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1813. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1814. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1815. Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve P-256 DHE 256
1816. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1817. Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve P-256 DHE 256
1818. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1819. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1820. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1821. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1822. Accepted TLSv1.2 256 bits AES256-SHA256
1823. Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
1824. Accepted TLSv1.2 128 bits AES128-SHA256
1825. Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
1826. Accepted TLSv1.2 256 bits AES256-SHA
1827. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1828. Accepted TLSv1.2 128 bits AES128-SHA
1829. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1830. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1831. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1832. Accepted TLSv1.1 256 bits AES256-SHA
1833. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1834. Accepted TLSv1.1 128 bits AES128-SHA
1835. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1836. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1837. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1838. Accepted TLSv1.0 256 bits AES256-SHA
1839. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1840. Accepted TLSv1.0 128 bits AES128-SHA
1841. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1842.  
1843. SSL Certificate:
1844. Signature Algorithm: sha256WithRSAEncryption
1845. RSA Key Strength: 2048
1846.  
1847. Subject: al-aqsa.org
1848. Altnames: DNS:al-aqsa.org
1849. Issuer: Let's Encrypt Authority X3
1850.  
1851. Not valid before: Sep 21 16:27:19 2019 GMT
1852. Not valid after: Dec 20 16:27:19 2019 GMT
1853. #######################################################################################################################################
1854. --------------------------------------------------------
1855. <<<Yasuo discovered following vulnerable applications>>>
1856. --------------------------------------------------------
1857. +-------------------+----------------------------------------+-----------------------------------------------------+----------+----------+
1858. | App Name | URL to Application | Potential Exploit | Username | Password |
1859. +-------------------+----------------------------------------+-----------------------------------------------------+----------+----------+
1860. | JBoss jmx-console | https://185.85.196.45:443/jmx-console/ | ./exploit/multi/http/jboss_deploymentfilerepository | None | None |
1861. +-------------------+----------------------------------------+-----------------------------------------------------+----------+----------+
1862. ######################################################################################################################################
1863. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:35 EDT
1864. Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
1865. Host is up (0.071s latency).
1866. Not shown: 477 filtered ports, 3 closed ports
1867. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1868. PORT STATE SERVICE
1869. 22/tcp open ssh
1870. 80/tcp open http
1871. 443/tcp open https
1872.  
1873. Nmap done: 1 IP address (1 host up) scanned in 5.50 seconds
1874. ######################################################################################################################################
1875. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:35 EDT
1876. Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
1877. Host is up (0.060s latency).
1878. Not shown: 2 filtered ports
1879. PORT STATE SERVICE
1880. 53/udp open|filtered domain
1881. 67/udp open|filtered dhcps
1882. 68/udp open|filtered dhcpc
1883. 69/udp open|filtered tftp
1884. 88/udp open|filtered kerberos-sec
1885. 123/udp open|filtered ntp
1886. 139/udp open|filtered netbios-ssn
1887. 161/udp open|filtered snmp
1888. 162/udp open|filtered snmptrap
1889. 389/udp open|filtered ldap
1890. 500/udp open|filtered isakmp
1891. 520/udp open|filtered route
1892. 2049/udp open|filtered nfs
1893.  
1894. Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
1895. #######################################################################################################################################
1896. # general
1897. (gen) banner: SSH-2.0-OpenSSH_7.9p1 Ubuntu-10
1898. (gen) software: OpenSSH 7.9p1
1899. (gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
1900. (gen) compression: enabled (zlib@openssh.com)
1901.  
1902. # key exchange algorithms
1903. (kex) curve25519-sha256 -- [warn] unknown algorithm
1904. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
1905. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1906. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1907. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1908. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1909. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1910. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1911. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1912. `- [info] available since OpenSSH 4.4
1913. (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1914. (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
1915. (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1916. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1917. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1918.  
1919. # host-key algorithms
1920. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
1921. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
1922. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1923. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1924. `- [warn] using weak random number generator could reveal the key
1925. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1926. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
1927.  
1928. # encryption algorithms (ciphers)
1929. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
1930. `- [info] default cipher since OpenSSH 6.9.
1931. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1932. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
1933. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1934. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
1935. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
1936.  
1937. # message authentication code algorithms
1938. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
1939. `- [info] available since OpenSSH 6.2
1940. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
1941. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
1942. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
1943. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
1944. `- [info] available since OpenSSH 6.2
1945. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1946. `- [warn] using small 64-bit tag size
1947. `- [info] available since OpenSSH 4.7
1948. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
1949. `- [info] available since OpenSSH 6.2
1950. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1951. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1952. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1953. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1954. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1955. `- [warn] using weak hashing algorithm
1956. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1957.  
1958. # algorithm recommendations (for OpenSSH 7.9)
1959. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1960. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1961. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1962. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1963. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
1964. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1965. (rec) -hmac-sha2-512 -- mac algorithm to remove
1966. (rec) -umac-128@openssh.com -- mac algorithm to remove
1967. (rec) -hmac-sha2-256 -- mac algorithm to remove
1968. (rec) -umac-64@openssh.com -- mac algorithm to remove
1969. (rec) -hmac-sha1 -- mac algorithm to remove
1970. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
1971. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
1972. #######################################################################################################################################
1973. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:35 EDT
1974. NSE: [ssh-run] Failed to specify credentials and command to run.
1975. Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
1976. Host is up (0.063s latency).
1977.  
1978. PORT STATE SERVICE VERSION
1979. 22/tcp open ssh OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
1980. | ssh-auth-methods:
1981. | Supported authentication methods:
1982. |_ publickey
1983. |_ssh-brute: Password authentication not allowed
1984. | ssh-hostkey:
1985. | 2048 a0:72:87:9b:6e:7c:d8:9e:ec:36:d0:a0:fd:31:4a:54 (RSA)
1986. | 256 a2:8f:6d:b0:f3:41:87:9c:a9:4c:59:0a:63:03:5a:cb (ECDSA)
1987. |_ 256 c3:0e:00:86:70:5e:2c:ee:40:4b:56:83:dc:dd:0c:3c (ED25519)
1988. | ssh-publickey-acceptance:
1989. |_ Accepted Public Keys: No public keys accepted
1990. |_ssh-run: Failed to specify credentials and command to run.
1991. |_vulscan: ERROR: Script execution failed (use -d to debug)
1992. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1993. Aggressive OS guesses: Crestron XPanel control system (91%), ASUS RT-N56U WAP (Linux 3.4) (89%), Linux 3.1 (89%), Linux 3.16 (89%), Linux 3.2 (89%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (88%), HP P2000 G3 NAS device (88%), Linux 2.6.32 (87%), Linux 2.6.32 - 3.1 (87%), Linux 2.6.39 - 3.2 (87%)
1994. No exact OS matches for host (test conditions non-ideal).
1995. Network Distance: 14 hops
1996. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1997.  
1998. TRACEROUTE (using port 22/tcp)
1999. HOP RTT ADDRESS
2000. 1 41.21 ms 10.243.204.1
2001. 2 61.95 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2002. 3 62.00 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
2003. 4 61.92 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
2004. 5 62.00 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
2005. 6 62.00 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
2006. 7 62.05 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
2007. 8 62.10 ms be3528.rcr51.b054249-0.yyz02.atlas.cogentco.com (66.28.4.246)
2008. 9 62.09 ms 151.139.116.4
2009. 10 ...
2010. 11 73.16 ms 151.139.28.6
2011. 12 78.31 ms 151.139.28.22
2012. 13 ...
2013. 14 98.97 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
2014. #######################################################################################################################################
2015. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2016. RHOSTS => 185.85.196.45
2017. RHOST => 185.85.196.45
2018. [*] 185.85.196.45:22 - SSH - Using malformed packet technique
2019. [*] 185.85.196.45:22 - SSH - Starting scan
2020. [+] 185.85.196.45:22 - SSH - User 'admin' found
2021. [+] 185.85.196.45:22 - SSH - User 'administrator' found
2022. [+] 185.85.196.45:22 - SSH - User 'anonymous' found
2023. [+] 185.85.196.45:22 - SSH - User 'backup' found
2024. [+] 185.85.196.45:22 - SSH - User 'bee' found
2025. [+] 185.85.196.45:22 - SSH - User 'ftp' found
2026. [+] 185.85.196.45:22 - SSH - User 'guest' found
2027. [+] 185.85.196.45:22 - SSH - User 'GUEST' found
2028. [+] 185.85.196.45:22 - SSH - User 'info' found
2029. [+] 185.85.196.45:22 - SSH - User 'mail' found
2030. [+] 185.85.196.45:22 - SSH - User 'mailadmin' found
2031. [+] 185.85.196.45:22 - SSH - User 'msfadmin' found
2032. [+] 185.85.196.45:22 - SSH - User 'mysql' found
2033. [+] 185.85.196.45:22 - SSH - User 'nobody' found
2034. [+] 185.85.196.45:22 - SSH - User 'oracle' found
2035. [+] 185.85.196.45:22 - SSH - User 'owaspbwa' found
2036. [+] 185.85.196.45:22 - SSH - User 'postfix' found
2037. [+] 185.85.196.45:22 - SSH - User 'postgres' found
2038. [+] 185.85.196.45:22 - SSH - User 'private' found
2039. [+] 185.85.196.45:22 - SSH - User 'proftpd' found
2040. [+] 185.85.196.45:22 - SSH - User 'public' found
2041. [+] 185.85.196.45:22 - SSH - User 'root' found
2042. [+] 185.85.196.45:22 - SSH - User 'superadmin' found
2043. [+] 185.85.196.45:22 - SSH - User 'support' found
2044. [+] 185.85.196.45:22 - SSH - User 'sys' found
2045. [+] 185.85.196.45:22 - SSH - User 'system' found
2046. [+] 185.85.196.45:22 - SSH - User 'systemadmin' found
2047. [+] 185.85.196.45:22 - SSH - User 'systemadministrator' found
2048. [+] 185.85.196.45:22 - SSH - User 'test' found
2049. [+] 185.85.196.45:22 - SSH - User 'tomcat' found
2050. [+] 185.85.196.45:22 - SSH - User 'user' found
2051. [+] 185.85.196.45:22 - SSH - User 'webmaster' found
2052. [+] 185.85.196.45:22 - SSH - User 'www-data' found
2053. [+] 185.85.196.45:22 - SSH - User 'Fortimanager_Access' found
2054. [*] Scanned 1 of 1 hosts (100% complete)
2055. [*] Auxiliary module execution completed
2056. #######################################################################################################################################
2057. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:37 EDT
2058. NSE: Loaded 164 scripts for scanning.
2059. NSE: Script Pre-scanning.
2060. Initiating NSE at 22:37
2061. Completed NSE at 22:37, 0.00s elapsed
2062. Initiating NSE at 22:37
2063. Completed NSE at 22:37, 0.00s elapsed
2064. Initiating Parallel DNS resolution of 1 host. at 22:37
2065. Completed Parallel DNS resolution of 1 host. at 22:37, 0.02s elapsed
2066. Initiating SYN Stealth Scan at 22:37
2067. Scanning 185-85-196-45.stackpathedge.net (185.85.196.45) [1 port]
2068. Discovered open port 80/tcp on 185.85.196.45
2069. Completed SYN Stealth Scan at 22:37, 0.09s elapsed (1 total ports)
2070. Initiating Service scan at 22:37
2071. Scanning 1 service on 185-85-196-45.stackpathedge.net (185.85.196.45)
2072. Completed Service scan at 22:37, 5.87s elapsed (1 service on 1 host)
2073. Initiating OS detection (try #1) against 185-85-196-45.stackpathedge.net (185.85.196.45)
2074. Retrying OS detection (try #2) against 185-85-196-45.stackpathedge.net (185.85.196.45)
2075. Initiating Traceroute at 22:37
2076. Completed Traceroute at 22:37, 3.09s elapsed
2077. Initiating Parallel DNS resolution of 12 hosts. at 22:37
2078. Completed Parallel DNS resolution of 12 hosts. at 22:37, 0.28s elapsed
2079. NSE: Script scanning 185.85.196.45.
2080. Initiating NSE at 22:37
2081. Completed NSE at 22:38, 59.30s elapsed
2082. Initiating NSE at 22:38
2083. Completed NSE at 22:38, 0.34s elapsed
2084. Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
2085. Host is up (0.067s latency).
2086.  
2087. PORT STATE SERVICE VERSION
2088. 80/tcp open http nginx 1.15.9 (Ubuntu)
2089. | http-brute:
2090. |_ Path "/" does not require authentication
2091. |_http-chrono: Request times for /; avg: 504.32ms; min: 464.20ms; max: 567.63ms
2092. |_http-csrf: Couldn't find any CSRF vulnerabilities.
2093. |_http-date: Wed, 25 Sep 2019 02:37:17 GMT; -4s from local time.
2094. |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2095. |_http-dombased-xss: Couldn't find any DOM based XSS.
2096. |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2097. | http-errors:
2098. | Spidering limited to: maxpagecount=40; withinhost=185-85-196-45.stackpathedge.net
2099. | Found the following error pages:
2100. |
2101. | Error Code: 502
2102. |_ http://185-85-196-45.stackpathedge.net:80/
2103. |_http-feed: Couldn't find any feeds.
2104. |_http-fetch: Please enter the complete path of the directory to save data in.
2105. | http-headers:
2106. | Server: nginx/1.15.9 (Ubuntu)
2107. | Date: Wed, 25 Sep 2019 02:37:31 GMT
2108. | Content-Type: text/html
2109. | Content-Length: 166
2110. | X-Varnish: 1738776
2111. | Age: 0
2112. | Via: 1.1 varnish (Varnish/6.1)
2113. | Connection: close
2114. |
2115. |_ (Request type: GET)
2116. |_http-jsonp-detection: Couldn't find any JSONP endpoints.
2117. |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
2118. |_http-mobileversion-checker: No mobile version detected.
2119. |_http-security-headers:
2120. |_http-server-header: nginx/1.15.9 (Ubuntu)
2121. | http-sitemap-generator:
2122. | Directory structure:
2123. | Longest directory structure:
2124. | Depth: 0
2125. | Dir: /
2126. | Total files found (by extension):
2127. |_
2128. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2129. |_http-title: 502 Bad Gateway
2130. | http-traceroute:
2131. | Status Code
2132. | Hop #1: 502
2133. | Hop #2: 502
2134. |_ Hop #3: 502
2135. | http-vhosts:
2136. |_127 names had status 502
2137. |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2138. |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2139. |_http-xssed: No previously reported XSS vuln.
2140. |_vulscan: ERROR: Script execution failed (use -d to debug)
2141. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2142. Aggressive OS guesses: Crestron XPanel control system (92%), ASUS RT-N56U WAP (Linux 3.4) (90%), Linux 3.1 (90%), Linux 3.16 (90%), Linux 3.2 (90%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (89%), HP P2000 G3 NAS device (89%), Linux 2.6.32 (88%), Linux 2.6.39 - 3.2 (88%), Infomir MAG-250 set-top box (88%)
2143. No exact OS matches for host (test conditions non-ideal).
2144. Uptime guess: 3.439 days (since Sat Sep 21 12:06:44 2019)
2145. Network Distance: 14 hops
2146. TCP Sequence Prediction: Difficulty=257 (Good luck!)
2147. IP ID Sequence Generation: All zeros
2148. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
2149.  
2150. TRACEROUTE (using port 80/tcp)
2151. HOP RTT ADDRESS
2152. 1 41.59 ms 10.243.204.1
2153. 2 65.70 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2154. 3 65.62 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
2155. 4 65.53 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
2156. 5 65.59 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
2157. 6 65.58 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
2158. 7 65.69 ms be3259.ccr31.yyz02.atlas.cogentco.com (154.54.41.205)
2159. 8 65.71 ms be3529.rcr51.b054249-0.yyz02.atlas.cogentco.com (154.54.24.194)
2160. 9 65.68 ms 151.139.116.7
2161. 10 ...
2162. 11 36.12 ms 151.139.28.6
2163. 12 55.20 ms 151.139.28.20
2164. 13 ...
2165. 14 76.16 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
2166.  
2167. NSE: Script Post-scanning.
2168. Initiating NSE at 22:38
2169. Completed NSE at 22:38, 0.00s elapsed
2170. Initiating NSE at 22:38
2171. Completed NSE at 22:38, 0.00s elapsed
2172. #######################################################################################################################################
2173. HTTP/1.1 502 Bad Gateway
2174. Server: nginx/1.15.9 (Ubuntu)
2175. Date: Wed, 25 Sep 2019 02:38:37 GMT
2176. Content-Type: text/html
2177. Content-Length: 166
2178. X-Varnish: 10718385
2179. Age: 0
2180. Via: 1.1 varnish (Varnish/6.1)
2181. Connection: keep-alive
2182.  
2183. HTTP/1.1 502 Bad Gateway
2184. Server: nginx/1.15.9 (Ubuntu)
2185. Date: Wed, 25 Sep 2019 02:38:38 GMT
2186. Content-Type: text/html
2187. Content-Length: 166
2188. X-Varnish: 5112705
2189. Age: 0
2190. Via: 1.1 varnish (Varnish/6.1)
2191. Connection: keep-alive
2192. #######################################################################################################################################
2193. Version: 1.11.13-static
2194. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2195.  
2196. Connected to 185.85.196.45
2197.  
2198. Testing SSL server 185.85.196.45 on port 443 using SNI name 185.85.196.45
2199.  
2200. TLS Fallback SCSV:
2201. Server supports TLS Fallback SCSV
2202.  
2203. TLS renegotiation:
2204. Secure session renegotiation supported
2205.  
2206. TLS Compression:
2207. Compression disabled
2208.  
2209. Heartbleed:
2210. TLS 1.2 not vulnerable to heartbleed
2211. TLS 1.1 not vulnerable to heartbleed
2212. TLS 1.0 not vulnerable to heartbleed
2213.  
2214. Supported Server Cipher(s):
2215. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2216. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2217. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2218. Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve P-256 DHE 256
2219. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2220. Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve P-256 DHE 256
2221. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2222. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2223. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2224. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2225. Accepted TLSv1.2 256 bits AES256-SHA256
2226. Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
2227. Accepted TLSv1.2 128 bits AES128-SHA256
2228. Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
2229. Accepted TLSv1.2 256 bits AES256-SHA
2230. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
2231. Accepted TLSv1.2 128 bits AES128-SHA
2232. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
2233. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2234. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2235. Accepted TLSv1.1 256 bits AES256-SHA
2236. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
2237. Accepted TLSv1.1 128 bits AES128-SHA
2238. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
2239. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2240. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2241. Accepted TLSv1.0 256 bits AES256-SHA
2242. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
2243. Accepted TLSv1.0 128 bits AES128-SHA
2244. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
2245.  
2246. SSL Certificate:
2247. Signature Algorithm: sha256WithRSAEncryption
2248. RSA Key Strength: 2048
2249.  
2250. Subject: al-aqsa.org
2251. Altnames: DNS:al-aqsa.org
2252. Issuer: Let's Encrypt Authority X3
2253.  
2254. Not valid before: Sep 21 16:27:19 2019 GMT
2255. Not valid after: Dec 20 16:27:19 2019 GMT
2256. #######################################################################################################################################
2257. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:40 EDT
2258. NSE: Loaded 47 scripts for scanning.
2259. NSE: Script Pre-scanning.
2260. Initiating NSE at 22:40
2261. Completed NSE at 22:40, 0.00s elapsed
2262. Initiating NSE at 22:40
2263. Completed NSE at 22:40, 0.00s elapsed
2264. Initiating Ping Scan at 22:40
2265. Scanning 185.85.196.45 [4 ports]
2266. Completed Ping Scan at 22:40, 0.07s elapsed (1 total hosts)
2267. Initiating Parallel DNS resolution of 1 host. at 22:40
2268. Completed Parallel DNS resolution of 1 host. at 22:40, 0.02s elapsed
2269. Initiating SYN Stealth Scan at 22:40
2270. Scanning 185-85-196-45.stackpathedge.net (185.85.196.45) [65535 ports]
2271. Discovered open port 80/tcp on 185.85.196.45
2272. Discovered open port 443/tcp on 185.85.196.45
2273. Discovered open port 22/tcp on 185.85.196.45
2274. SYN Stealth Scan Timing: About 17.07% done; ETC: 22:43 (0:02:31 remaining)
2275. SYN Stealth Scan Timing: About 44.96% done; ETC: 22:42 (0:01:15 remaining)
2276. SYN Stealth Scan Timing: About 64.71% done; ETC: 22:42 (0:00:50 remaining)
2277. Completed SYN Stealth Scan at 22:42, 125.67s elapsed (65535 total ports)
2278. Initiating Service scan at 22:42
2279. Scanning 3 services on 185-85-196-45.stackpathedge.net (185.85.196.45)
2280. Completed Service scan at 22:42, 14.75s elapsed (3 services on 1 host)
2281. Initiating OS detection (try #1) against 185-85-196-45.stackpathedge.net (185.85.196.45)
2282. Retrying OS detection (try #2) against 185-85-196-45.stackpathedge.net (185.85.196.45)
2283. Initiating Traceroute at 22:43
2284. Completed Traceroute at 22:43, 0.06s elapsed
2285. Initiating Parallel DNS resolution of 2 hosts. at 22:43
2286. Completed Parallel DNS resolution of 2 hosts. at 22:43, 0.00s elapsed
2287. NSE: Script scanning 185.85.196.45.
2288. Initiating NSE at 22:43
2289. Completed NSE at 22:43, 3.63s elapsed
2290. Initiating NSE at 22:43
2291. Completed NSE at 22:43, 4.47s elapsed
2292. Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
2293. Host is up (0.053s latency).
2294. Not shown: 65529 filtered ports
2295. PORT STATE SERVICE VERSION
2296. 22/tcp open ssh OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
2297. |_vulscan: ERROR: Script execution failed (use -d to debug)
2298. 25/tcp closed smtp
2299. 80/tcp open http nginx 1.15.9 (Ubuntu)
2300. |_http-server-header: nginx/1.15.9 (Ubuntu)
2301. |_vulscan: ERROR: Script execution failed (use -d to debug)
2302. 139/tcp closed netbios-ssn
2303. 443/tcp open ssl/http nginx 1.15.9 (Ubuntu)
2304. |_http-server-header: nginx/1.15.9 (Ubuntu)
2305. |_vulscan: ERROR: Script execution failed (use -d to debug)
2306. 445/tcp closed microsoft-ds
2307. Aggressive OS guesses: HP P2000 G3 NAS device (91%), Linux 2.6.32 (90%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (90%), Linux 2.6.32 - 3.13 (89%), Infomir MAG-250 set-top box (89%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (89%), Ubiquiti AirOS 5.5.9 (89%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (88%), Linux 2.6.22 - 2.6.36 (88%), Linux 2.6.32 - 2.6.39 (88%)
2308. No exact OS matches for host (test conditions non-ideal).
2309. Uptime guess: 3.439 days (since Sat Sep 21 12:11:18 2019)
2310. Network Distance: 2 hops
2311. TCP Sequence Prediction: Difficulty=250 (Good luck!)
2312. IP ID Sequence Generation: All zeros
2313. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
2314.  
2315. TRACEROUTE (using port 25/tcp)
2316. HOP RTT ADDRESS
2317. 1 52.61 ms 10.243.204.1
2318. 2 52.60 ms 185-85-196-45.stackpathedge.net (185.85.196.45)
2319.  
2320. NSE: Script Post-scanning.
2321. Initiating NSE at 22:43
2322. Completed NSE at 22:43, 0.00s elapsed
2323. Initiating NSE at 22:43
2324. Completed NSE at 22:43, 0.00s elapsed
2325. Read data files from: /usr/bin/../share/nmap
2326. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2327. Nmap done: 1 IP address (1 host up) scanned in 153.06 seconds
2328. Raw packets sent: 131229 (5.777MB) | Rcvd: 3293 (267.349KB)
2329. ######################################################################################################################################
2330. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-24 22:43 EDT
2331. NSE: Loaded 47 scripts for scanning.
2332. NSE: Script Pre-scanning.
2333. Initiating NSE at 22:43
2334. Completed NSE at 22:43, 0.00s elapsed
2335. Initiating NSE at 22:43
2336. Completed NSE at 22:43, 0.00s elapsed
2337. Initiating Parallel DNS resolution of 1 host. at 22:43
2338. Completed Parallel DNS resolution of 1 host. at 22:43, 0.02s elapsed
2339. Initiating UDP Scan at 22:43
2340. Scanning 185-85-196-45.stackpathedge.net (185.85.196.45) [15 ports]
2341. Completed UDP Scan at 22:43, 1.74s elapsed (15 total ports)
2342. Initiating Service scan at 22:43
2343. Scanning 13 services on 185-85-196-45.stackpathedge.net (185.85.196.45)
2344. Service scan Timing: About 7.69% done; ETC: 23:04 (0:19:24 remaining)
2345. Completed Service scan at 22:44, 102.58s elapsed (13 services on 1 host)
2346. Initiating OS detection (try #1) against 185-85-196-45.stackpathedge.net (185.85.196.45)
2347. Retrying OS detection (try #2) against 185-85-196-45.stackpathedge.net (185.85.196.45)
2348. Initiating Traceroute at 22:44
2349. Completed Traceroute at 22:45, 7.09s elapsed
2350. Initiating Parallel DNS resolution of 1 host. at 22:45
2351. Completed Parallel DNS resolution of 1 host. at 22:45, 0.00s elapsed
2352. NSE: Script scanning 185.85.196.45.
2353. Initiating NSE at 22:45
2354. Completed NSE at 22:45, 7.11s elapsed
2355. Initiating NSE at 22:45
2356. Completed NSE at 22:45, 1.02s elapsed
2357. Nmap scan report for 185-85-196-45.stackpathedge.net (185.85.196.45)
2358. Host is up (0.052s latency).
2359.  
2360. PORT STATE SERVICE VERSION
2361. 53/udp open|filtered domain
2362. 67/udp open|filtered dhcps
2363. 68/udp open|filtered dhcpc
2364. 69/udp open|filtered tftp
2365. 88/udp open|filtered kerberos-sec
2366. 123/udp open|filtered ntp
2367. 137/udp filtered netbios-ns
2368. 138/udp filtered netbios-dgm
2369. 139/udp open|filtered netbios-ssn
2370. 161/udp open|filtered snmp
2371. 162/udp open|filtered snmptrap
2372. 389/udp open|filtered ldap
2373. 500/udp open|filtered isakmp
2374. |_ike-version: ERROR: Script execution failed (use -d to debug)
2375. 520/udp open|filtered route
2376. 2049/udp open|filtered nfs
2377. Too many fingerprints match this host to give specific OS details
2378.  
2379. TRACEROUTE (using port 138/udp)
2380. HOP RTT ADDRESS
2381. 1 21.05 ms 10.243.204.1
2382. 2 ... 3
2383. 4 36.20 ms 10.243.204.1
2384. 5 62.28 ms 10.243.204.1
2385. 6 62.27 ms 10.243.204.1
2386. 7 62.27 ms 10.243.204.1
2387. 8 62.24 ms 10.243.204.1
2388. 9 42.41 ms 10.243.204.1
2389. 10 21.42 ms 10.243.204.1
2390. 11 ... 18
2391. 19 69.14 ms 10.243.204.1
2392. 20 24.43 ms 10.243.204.1
2393. 21 ... 27
2394. 28 40.56 ms 10.243.204.1
2395. 29 55.46 ms 10.243.204.1
2396. 30 23.03 ms 10.243.204.1
2397.  
2398. NSE: Script Post-scanning.
2399. Initiating NSE at 22:45
2400. Completed NSE at 22:45, 0.00s elapsed
2401. Initiating NSE at 22:45
2402. Completed NSE at 22:45, 0.00s elapsed
2403. #######################################################################################################################################
2404. Hosts
2405. =====
2406.  
2407. address mac name os_name os_flavor os_sp purpose info comments
2408. ------- --- ---- ------- --------- ----- ------- ---- --------
2409. 185.85.196.45 185-85-196-45.stackpathedge.net embedded device
2410.  
2411. Services
2412. ========
2413.  
2414. host port proto name state info
2415. ---- ---- ----- ---- ----- ----
2416. 185.85.196.45 22 tcp ssh open OpenSSH 7.9p1 Ubuntu 10 Ubuntu Linux; protocol 2.0
2417. 185.85.196.45 25 tcp smtp closed
2418. 185.85.196.45 53 udp domain unknown
2419. 185.85.196.45 67 udp dhcps unknown
2420. 185.85.196.45 68 udp dhcpc unknown
2421. 185.85.196.45 69 udp tftp unknown
2422. 185.85.196.45 80 tcp http open nginx 1.15.9 Ubuntu
2423. 185.85.196.45 88 udp kerberos-sec unknown
2424. 185.85.196.45 123 udp ntp unknown
2425. 185.85.196.45 137 udp netbios-ns filtered
2426. 185.85.196.45 138 udp netbios-dgm filtered
2427. 185.85.196.45 139 tcp netbios-ssn closed
2428. 185.85.196.45 139 udp netbios-ssn unknown
2429. 185.85.196.45 161 udp snmp unknown
2430. 185.85.196.45 162 udp snmptrap unknown
2431. 185.85.196.45 389 udp ldap unknown
2432. 185.85.196.45 443 tcp ssl/http open nginx 1.15.9 Ubuntu
2433. 185.85.196.45 445 tcp microsoft-ds closed
2434. 185.85.196.45 500 udp isakmp unknown
2435. 185.85.196.45 520 udp route unknown
2436. 185.85.196.45 2049 udp nfs unknown
2437. #######################################################################################################################################
2438. Anonymous JTSEC #OpISIS Full Recon #16