Anonymous JTSEC #OpAssange Full Recon #27

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname www.mundesley-pc.gov.uk ISP Gyron Internet Ltd
4. Continent Europe Flag
5. GB
6. Country United Kingdom Country Code GB
7. Region Unknown Local time 05 Sep 2019 06:24 BST
8. City Unknown Postal Code Unknown
9. IP Address 89.145.78.0 Latitude 51.496
10. Longitude -0.122
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > www.mundesley-pc.gov.uk
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. Name: www.mundesley-pc.gov.uk
19. Address: 89.145.78.0
20. >
21. #######################################################################################################################################
22.  
23. Domain:
24. mundesley-pc.gov.uk
25.  
26. Registered For:
27. Mundesley Parish Council
28.  
29. Domain Owner:
30. Mundesley Parish Council
31.  
32. Registered By:
33. Fasthosts Internet Ltd
34.  
35. Servers:
36. ns1.livedns.co.uk
37. ns2.livedns.co.uk
38.  
39. Registrant Contact:
40. Doreen Joy
41.  
42. Registrant Address:
43. Mundesley Parish Council
44. The Old Fire Station
45. Back Street
46. Mundesley
47. Norfolk
48. NR11 8JJ
49. United Kingdom
50. +44 1263 720 603 (Phone)
51. domains@stuarthutcheson.co.uk
52.  
53. Renewal date:
54. Monday 25th Oct 2021
55.  
56. Entry updated:
57. Thursday 1st August 2019
58.  
59. Entry created:
60. Thursday 26th October 2017
61.  
62. #######################################################################################################################################
63. [+] Target : www.mundesley-pc.gov.uk
64.  
65. [+] IP Address : 89.145.78.0
66.  
67. [+] Headers :
68.  
69. [+] Connection : close
70. [+] Cache-Control : no-cache, no-store, must-revalidate
71. [+] Pragma : no-cache
72. [+] Expires : 0
73. [+] Server : Apache/2.2.16 (Debian)
74. [+] Content-Length : 188982
75.  
76. [+] SSL Certificate Information :
77.  
78. [+] commonName : mundesley-pc.gov.uk
79. [+] countryName : US
80. [+] organizationName : Let's Encrypt
81. [+] commonName : Let's Encrypt Authority X3
82. [+] Version : 3
83. [+] Serial Number : 037EA441FD8A12F1B15F7E9085E0FCF09480
84. [+] Not Before : Jul 18 20:18:36 2019 GMT
85. [+] Not After : Oct 16 20:18:36 2019 GMT
86. [+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
87. [+] subject Alt Name : (('DNS', 'mundesley-pc.gov.uk'), ('DNS', 'www.mundesley-pc.gov.uk'))
88. [+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
89.  
90. [+] Whois Lookup :
91.  
92. [+] NIR : None
93. [+] ASN Registry : ripencc
94. [+] ASN : 29017
95. [+] ASN CIDR : 89.145.64.0/18
96. [+] ASN Country Code : GB
97. [+] ASN Date : 2006-01-31
98. [+] ASN Description : GYRON ====, GB
99. [+] cidr : 89.145.76.0/22
100. [+] name : G-CUS-MW01
101. [+] handle : GAT1-RIPE
102. [+] range : 89.145.76.0 - 89.145.79.255
103. [+] description : United Hosting IPv4 Assignment
104. This space is statically assigned
105. [+] country : GB
106. [+] state : None
107. [+] city : None
108. [+] address : Gyron Internet Ltd
109. 3 Centro
110. Boundary Way
111. Hemel Hempstead
112. HP2 7SU
113. United Kingdom
114. [+] postal_code : None
115. [+] emails : ['abuse@gyron.net']
116. [+] created : 2006-10-18T11:50:01Z
117. [+] updated : 2011-02-03T10:53:53Z
118.  
119. [+] Crawling Target...
120.  
121. [-] Error : 403
122. [+] Completed!
123. #######################################################################################################################################
124. [+] Starting At 2019-09-05 02:21:33.229471
125. [+] Collecting Information On: https://www.mundesley-pc.gov.uk/
126. [#] Status: 403
127. --------------------------------------------------
128. [#] Web Server Detected: Apache/2.2.16 (Debian)
129. [!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
130. - Cache-Control: no-cache, no-store, must-revalidate
131. - Pragma: no-cache
132. - Expires: 0
133. - Server: Apache/2.2.16 (Debian)
134. - Content-Length: 188983
135. --------------------------------------------------
136. [#] Finding Location..!
137. [#] as: AS29017 Gyron Internet Ltd
138. [#] city: Hemel Hempstead
139. [#] country: United Kingdom
140. [#] countryCode: GB
141. [#] isp: GYRON Gyron Internet Ltd AS29017
142. [#] lat: 51.7643
143. [#] lon: -0.432563
144. [#] org: Gyron Internet Ltd
145. [#] query: 89.145.78.0
146. [#] region: ENG
147. [#] regionName: England
148. [#] status: success
149. [#] timezone: Europe/London
150. [#] zip: HP2 7SU
151. --------------------------------------------------
152. [x] Didn't Detect WAF Presence on: https://www.mundesley-pc.gov.uk/
153. --------------------------------------------------
154. [#] Starting Reverse DNS
155. [-] Failed ! Fail
156. --------------------------------------------------
157. [!] Scanning Open Port
158. [#] 19/tcp open chargen
159. [#] 20/tcp open ftp-data
160. [#] 21/tcp open ftp
161. [#] 23/tcp open telnet
162. [#] 53/tcp open domain
163. [#] 79/tcp open finger
164. [#] 80/tcp open http
165. [#] 119/tcp open nntp
166. [#] 407/tcp open timbuktu
167. [#] 416/tcp open silverplatter
168. [#] 443/tcp open https
169. [#] 464/tcp open kpasswd5
170. [#] 545/tcp open ekshell
171. [#] 555/tcp open dsf
172. [#] 617/tcp open sco-dtmgr
173. [#] 636/tcp open ldapssl
174. [#] 666/tcp open doom
175. [#] 700/tcp open epp
176. [#] 900/tcp open omginitialrefs
177. [#] 1001/tcp open webpush
178. [#] 1002/tcp open windows-icfw
179. [#] 1022/tcp open exp2
180. [#] 1025/tcp open NFS-or-IIS
181. [#] 1026/tcp open LSA-or-nterm
182. [#] 1028/tcp open unknown
183. [#] 1041/tcp open danf-ak2
184. [#] 1117/tcp open ardus-mtrns
185. [#] 1165/tcp open qsm-gui
186. [#] 1169/tcp open tripwire
187. [#] 1218/tcp open aeroflight-ads
188. [#] 1233/tcp open univ-appserver
189. [#] 1247/tcp open visionpyramid
190. [#] 1272/tcp open cspmlockmgr
191. [#] 1719/tcp open h323gatestat
192. [#] 1720/tcp open h323q931
193. [#] 1723/tcp open pptp
194. [#] 1840/tcp open netopia-vo2
195. [#] 1862/tcp open mysql-cm-agent
196. [#] 1864/tcp open paradym-31
197. [#] 1914/tcp open elm-momentum
198. [#] 1972/tcp open intersys-cache
199. [#] 2000/tcp open cisco-sccp
200. [#] 2005/tcp open deslogin
201. [#] 2020/tcp open xinupageserver
202. [#] 2033/tcp open glogger
203. [#] 2034/tcp open scoremgr
204. [#] 2046/tcp open sdfunc
205. [#] 2068/tcp open avocentkvm
206. [#] 2105/tcp open eklogin
207. [#] 2106/tcp open ekshell
208. [#] 2222/tcp open EtherNetIP-1
209. [#] 2910/tcp open tdaccess
210. [#] 3017/tcp open event_listener
211. [#] 3261/tcp open winshadow
212. [#] 3737/tcp open xpanel
213. [#] 5000/tcp open upnp
214. [#] 5432/tcp open postgresql
215. [#] 5550/tcp open sdadmind
216. [#] 5718/tcp open dpm
217. [#] 5801/tcp open vnc-http-1
218. [#] 5900/tcp open vnc
219. [#] 5998/tcp open ncd-diag
220. [#] 6004/tcp open X11:4
221. [#] 6005/tcp open X11:5
222. [#] 6025/tcp open x11
223. [#] 6059/tcp open X11:59
224. [#] 6106/tcp open isdninfo
225. [#] 6667/tcp open irc
226. [#] 6669/tcp open irc
227. [#] 6969/tcp open acmsoda
228. [#] 7000/tcp open afs3-fileserver
229. [#] 8022/tcp open oa-system
230. [#] 8080/tcp open http-proxy
231. [#] 8089/tcp open unknown
232. [#] 8383/tcp open m2mservices
233. [#] 8899/tcp open ospf-lite
234. [#] 9002/tcp open dynamid
235. [#] 9009/tcp open pichat
236. [#] 9010/tcp open sdr
237. [#] 9091/tcp open xmltec-xmlmail
238. [#] 9102/tcp open jetdirect
239. [#] 9535/tcp open man
240. [#] 9594/tcp open msgsys
241. [#] 10003/tcp open documentum_s
242. [#] 12345/tcp open netbus
243. [#] 31337/tcp open Elite
244. [#] 32778/tcp open sometimes-rpc19
245. [#] 32780/tcp open sometimes-rpc23
246. [#] 49400/tcp open compaqdiag
247. --------------------------------------------------
248. [+] Collecting Information Disclosure!
249. [#] Detecting sitemap.xml file
250. [!] sitemap.xml File Found: https://www.mundesley-pc.gov.uk//sitemap.xml
251. [#] Detecting robots.txt file
252. [!] robots.txt File Found: https://www.mundesley-pc.gov.uk//robots.txt
253. [#] Detecting GNU Mailman
254. [-] GNU Mailman App Not Detected!?
255. --------------------------------------------------
256. [+] Crawling Url Parameter On: https://www.mundesley-pc.gov.uk/
257. --------------------------------------------------
258. [#] Searching Html Form !
259. [+] Html Form Discovered
260. [#] action: /verify.php
261. [#] class: None
262. [#] id: None
263. [#] method: post
264. --------------------------------------------------
265. [!] Found 1 dom parameter
266. [#] https://www.mundesley-pc.gov.uk//#
267. --------------------------------------------------
268. [!] 15 Internal Dynamic Parameter Discovered
269. [+] https://www.mundesley-pc.gov.uk//demo/GHH%20-%20Haxplorer/1.php?param=honey
270. [+] https://www.mundesley-pc.gov.uk//demo/GHH%20-%20PHP%20Ping/php-ping.php?param=honey
271. [+] https://www.mundesley-pc.gov.uk//demo/GHH%20-%20PHP%20Shell/phpshell.php?param=honey
272. [+] https://www.mundesley-pc.gov.uk//demo/GHH%20-%20PHPBB%20Install/phpBB2/install/install.php?param=honey
273. [+] https://www.mundesley-pc.gov.uk//demo/GHH%20-%20PHPFM/index.php?param=honey
274. [+] https://www.mundesley-pc.gov.uk//demo/GHH%20-%20PhpSysInfo/index.php?param=honey
275. [+] https://www.mundesley-pc.gov.uk//demo/GHH%20-%20SquirrelMail/src/login.php?param=honey
276. [+] https://www.mundesley-pc.gov.uk///demo/?GHH v1.1 - WebUtil 2.7
277. [+] https://www.mundesley-pc.gov.uk///demo/?GHH v1.1 - .mdb/admin.mdb
278. [+] https://www.mundesley-pc.gov.uk///demo/?GHH v1.1 - .sql/create.sql
279. [+] https://www.mundesley-pc.gov.uk///demo/?GHH v1.1 - AIM BuddyList/BuddyList.blt
280. [+] https://www.mundesley-pc.gov.uk///demo/?GHH v1.1 - File Upload Manager/
281. [+] https://www.mundesley-pc.gov.uk///demo/?GHH v1.1 - passlist.txt/passlist.txt
282. [+] https://www.mundesley-pc.gov.uk///demo/?GHH v1.1 - passwd.txt/passwd.txt
283. [+] https://www.mundesley-pc.gov.uk///demo/?GHH v1.1 - WebUtil 2.7/webutil.pl
284. --------------------------------------------------
285. [-] No external Dynamic Paramter Found!?
286. --------------------------------------------------
287. [!] 3 Internal links Discovered
288. [+] https://www.mundesley-pc.gov.uk///css/flag.css
289. [+] https://www.mundesley-pc.gov.uk//mailto:csapda@web-server.hu
290. [+] https://www.mundesley-pc.gov.uk//mailto:csapda@astrohost.com
291. --------------------------------------------------
292. [-] No External Link Found!?
293. --------------------------------------------------
294. [#] Mapping Subdomain..
295. [!] Found 3 Subdomain
296. - mail.mundesley-pc.gov.uk
297. - mundesley-pc.gov.uk
298. - www.mundesley-pc.gov.uk
299. --------------------------------------------------
300. [!] Done At 2019-09-05 02:26:28.524817
301. ######################################################################################################################################
302. [i] Scanning Site: https://www.mundesley-pc.gov.uk
303.  
304.  
305.  
306. B A S I C I N F O
307. ====================
308.  
309.  
310. [+] Site Title:
311. [+] IP address: 89.145.78.0
312. [+] Web Server: Apache/2.2.16 (Debian)
313. [+] CMS: Could Not Detect
314. [+] Cloudflare: Not Detected
315. [+] Robots File: Found
316.  
317. -------------[ contents ]----------------
318. User-agent: *
319. Disallow: /
320.  
321. User-agent: MJ12bot
322. Disallow: /
323.  
324. User-agent: rogerbot
325. Disallow: /
326.  
327. User-agent: dotbot
328. Disallow: /
329. -----------[end of contents]-------------
330.  
331.  
332.  
333. W H O I S L O O K U P
334. ========================
335.  
336.  
337. Domain:
338. mundesley-pc.gov.uk
339.  
340. Registered For:
341. Mundesley Parish Council
342.  
343. Domain Owner:
344. Mundesley Parish Council
345.  
346. Registered By:
347. Fasthosts Internet Ltd
348.  
349. Servers:
350. ns1.livedns.co.uk
351. ns2.livedns.co.uk
352.  
353. Registrant Contact:
354. Doreen Joy
355.  
356. Registrant Address:
357. Mundesley Parish Council
358. The Old Fire Station
359. Back Street
360. Mundesley
361. Norfolk
362. NR11 8JJ
363. United Kingdom
364. +44 1263 720 603 (Phone)
365. domains@stuarthutcheson.co.uk
366.  
367. Renewal date:
368. Monday 25th Oct 2021
369.  
370. Entry updated:
371. Thursday 1st August 2019
372.  
373. Entry created:
374. Thursday 26th October 2017
375.  
376.  
377.  
378.  
379.  
380. G E O I P L O O K U P
381. =========================
382.  
383. [i] IP Address: 89.145.78.0
384. [i] Country: United Kingdom
385. [i] State:
386. [i] City:
387. [i] Latitude: 51.4964
388. [i] Longitude: -0.1224
389.  
390.  
391.  
392.  
393. H T T P H E A D E R S
394. =======================
395.  
396.  
397. [i] HTTP/1.1 403 Forbidden
398. [i] Connection: close
399. [i] Cache-Control: no-cache, no-store, must-revalidate
400. [i] Pragma: no-cache
401. [i] Expires: 0
402. [i] Server: Apache/2.2.16 (Debian)
403. [i] Content-Length: 188983
404.  
405.  
406.  
407.  
408. D N S L O O K U P
409. ===================
410.  
411. mundesley-pc.gov.uk. 3599 IN A 89.145.78.0
412. mundesley-pc.gov.uk. 3599 IN NS ns1.livedns.co.uk.
413. mundesley-pc.gov.uk. 3599 IN NS ns2.livedns.co.uk.
414. mundesley-pc.gov.uk. 3599 IN NS ns3.livedns.co.uk.
415. mundesley-pc.gov.uk. 3599 IN SOA ns1.livedns.co.uk. admin.mundesley-pc.gov.uk. 1524990353 10800 3600 604800 3600
416. mundesley-pc.gov.uk. 3599 IN MX 0 mundesleypc-gov-uk02c.mail.protection.outlook.com.
417. mundesley-pc.gov.uk. 3599 IN TXT "MS=ms57028444"
418. mundesley-pc.gov.uk. 3599 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
419.  
420.  
421.  
422.  
423. S U B N E T C A L C U L A T I O N
424. ====================================
425.  
426. Address = 89.145.78.0
427. Network = 89.145.78.0 / 32
428. Netmask = 255.255.255.255
429. Broadcast = not needed on Point-to-Point links
430. Wildcard Mask = 0.0.0.0
431. Hosts Bits = 0
432. Max. Hosts = 1 (2^0 - 0)
433. Host Range = { 89.145.78.0 - 89.145.78.0 }
434.  
435.  
436.  
437. N M A P P O R T S C A N
438. ============================
439.  
440. Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-05 06:21 UTC
441. Nmap scan report for mundesley-pc.gov.uk (89.145.78.0)
442. Host is up (0.070s latency).
443. rDNS record for 89.145.78.0: pegasus.terrassl.net
444.  
445. PORT STATE SERVICE
446. 21/tcp open ftp
447. 22/tcp filtered ssh
448. 23/tcp open telnet
449. 80/tcp open http
450. 110/tcp filtered pop3
451. 143/tcp filtered imap
452. 443/tcp open https
453. 3389/tcp filtered ms-wbt-server
454.  
455. Nmap done: 1 IP address (1 host up) scanned in 2.39 seconds
456.  
457.  
458.  
459. S U B - D O M A I N F I N D E R
460. ==================================
461.  
462.  
463. [i] Total Subdomains Found : 2
464.  
465. [+] Subdomain: mail.mundesley-pc.gov.uk
466. [-] IP: 213.171.216.40
467.  
468. [+] Subdomain: www.mundesley-pc.gov.uk
469. [-] IP: 89.145.78.0
470. #######################################################################################################################################
471. Trying "mundesley-pc.gov.uk"
472. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49398
473. ;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 3, ADDITIONAL: 3
474.  
475. ;; QUESTION SECTION:
476. ;mundesley-pc.gov.uk. IN ANY
477.  
478. ;; ANSWER SECTION:
479. mundesley-pc.gov.uk. 3600 IN TXT "MS=ms57028444"
480. mundesley-pc.gov.uk. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
481. mundesley-pc.gov.uk. 3600 IN MX 0 mundesleypc-gov-uk02c.mail.protection.outlook.com.
482. mundesley-pc.gov.uk. 3600 IN SOA ns1.livedns.co.uk. admin.mundesley-pc.gov.uk. 1524990353 10800 3600 604800 3600
483. mundesley-pc.gov.uk. 3600 IN A 89.145.78.0
484. mundesley-pc.gov.uk. 3600 IN NS ns2.livedns.co.uk.
485. mundesley-pc.gov.uk. 3600 IN NS ns1.livedns.co.uk.
486. mundesley-pc.gov.uk. 3600 IN NS ns3.livedns.co.uk.
487.  
488. ;; AUTHORITY SECTION:
489. mundesley-pc.gov.uk. 3600 IN NS ns2.livedns.co.uk.
490. mundesley-pc.gov.uk. 3600 IN NS ns1.livedns.co.uk.
491. mundesley-pc.gov.uk. 3600 IN NS ns3.livedns.co.uk.
492.  
493. ;; ADDITIONAL SECTION:
494. ns1.livedns.co.uk. 34785 IN A 217.160.81.244
495. ns2.livedns.co.uk. 10090 IN A 217.160.82.244
496. ns3.livedns.co.uk. 11923 IN A 217.160.83.244
497.  
498. Received 400 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 1182 ms
499. #######################################################################################################################################
500.  
501. ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace mundesley-pc.gov.uk
502. ;; global options: +cmd
503. . 85001 IN NS i.root-servers.net.
504. . 85001 IN NS h.root-servers.net.
505. . 85001 IN NS l.root-servers.net.
506. . 85001 IN NS e.root-servers.net.
507. . 85001 IN NS k.root-servers.net.
508. . 85001 IN NS j.root-servers.net.
509. . 85001 IN NS g.root-servers.net.
510. . 85001 IN NS f.root-servers.net.
511. . 85001 IN NS c.root-servers.net.
512. . 85001 IN NS b.root-servers.net.
513. . 85001 IN NS m.root-servers.net.
514. . 85001 IN NS d.root-servers.net.
515. . 85001 IN NS a.root-servers.net.
516. . 85001 IN RRSIG NS 8 0 518400 20190917170000 20190904160000 59944 . kJzCa4mgmQtUH+7dsVMu4/C6/jIQxEQDEXuU796OWvahRokNyKlHUZEG lmo2VzR1knfamOY3e5m1lQm4ML/bT6wnvw6oFxBOHYw6ICOG6zuxn6S4 j3i8auNLT9LmPKGdGBawaN1lZQDogx2BcSGSfIv5oCFzlsfsSePa2jse L7x2Ah2D4eXZsOeXOknM13u20zcFpriyqRw2+WFQ9+UZGubU2H/Wfgvt J7nmNzVDJPr/Pnxdor73aHkqrTdjHwxaf+/nCYG6t1diLtymapgfzERf VwzyGxUrrgFJcjCf1mZeWZZmxkSUWBCvy3IuFmwETUlc7pIs9wWdA1vQ wc3u/g==
517. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 170 ms
518.  
519. uk. 172800 IN NS nsa.nic.uk.
520. uk. 172800 IN NS dns1.nic.uk.
521. uk. 172800 IN NS dns2.nic.uk.
522. uk. 172800 IN NS dns3.nic.uk.
523. uk. 172800 IN NS dns4.nic.uk.
524. uk. 172800 IN NS nsc.nic.uk.
525. uk. 172800 IN NS nsd.nic.uk.
526. uk. 172800 IN NS nsb.nic.uk.
527. uk. 86400 IN DS 43876 8 2 A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353 BC659603
528. uk. 86400 IN RRSIG DS 8 1 86400 20190918050000 20190905040000 59944 . pTy1O0qnDa8QFnjHG8uLA3kE0LSl2chxPki1H6PCgfvqlq6urZWHhyhc 2+VXYtadahxfxtJHtbbmNaYfMV5NHsPACxeuYBBah2/JCqAxmNre1HYJ RbsD/W7IQ0iVtdUsOAV9Px8HYf2W48OIri4QfiXuGyfPpPu1C3fsHlwI Ucun+8yt5L5Ph0VEsm9ZICfb/630i2L8GhYiOP+JplMVkHgI9HnHwu0B wDJux9KI5PIbGcdV2dpyDVLOKARfY6jH5SXNyV5K3qvd8LXBbFR/2WM9 FVXhgA2fNopv6pt1vY+Is1Y1UIGR5og/4SGDkMQSHIeFIuy/cO+jiCbq qUDcZw==
529. ;; Received 803 bytes from 2001:dc3::35#53(m.root-servers.net) in 89 ms
530.  
531. gov.uk. 172800 IN NS ns0.ja.net.
532. gov.uk. 172800 IN NS ns1.surfnet.nl.
533. gov.uk. 172800 IN NS ns2.ja.net.
534. gov.uk. 172800 IN NS ns3.ja.net.
535. gov.uk. 172800 IN NS ns4.ja.net.
536. gov.uk. 172800 IN NS auth00.ns.de.uu.net.
537. gov.uk. 172800 IN NS auth50.ns.de.uu.net.
538. gov.uk. 300 IN DS 17539 8 2 2F0A0A65DB9E930F5B2C0425F67DF66416C076124652A281D9A8FFA7 73828F57
539. gov.uk. 300 IN RRSIG DS 8 2 300 20190918101947 20190904095516 43056 uk. THIHDoQWrvY90/IJqLD5/7cTTZ5KEmGhoKCmvmMkEvjYPCtm8ygot9Un VffuzT3bFkykND6ldeIA0baGeew7qWD1Ue0aAO1f2admT/5CM9RV9wvI RuYp8CvnvqG0qO9EQaADFAtdesDrha13dhqgg40kDPBCgHrYrBOyuIqC uF0=
540. ;; Received 415 bytes from 2a01:618:404::1#53(dns3.nic.uk) in 105 ms
541.  
542. mundesley-pc.gov.uk. 86400 IN NS ns1.livedns.co.uk.
543. mundesley-pc.gov.uk. 86400 IN NS ns2.livedns.co.uk.
544. KKLL3AB3UP9O8E7NBCPIOE643RP1FEUG.gov.uk. 14400 IN NSEC3 1 0 10 - KKORTM598IFOR37DSAO5MUFI90788C6V NS
545. KKLL3AB3UP9O8E7NBCPIOE643RP1FEUG.gov.uk. 14400 IN RRSIG NSEC3 8 3 14400 20191004130752 20190904130752 924 gov.uk. dqVa1/KQgioYswT4LrDvUQpVDJWaD2GIBrahiqmKu5+cyAoWd9LLQ0ur X7xW3jvMI/CPJui6Xmj/IHezb3j1seel2e+PqW41vWzeuYIEcUaLlwnO lsPWz9Iu4hORNAk+m277w4O64py+RMABRGHEv0JHDFlwVOGfuv4nLoDe ndQ=
546. ;; Received 335 bytes from 2001:600:1c0:e000::35:6#53(auth00.ns.de.uu.net) in 119 ms
547.  
548. mundesley-pc.gov.uk. 3600 IN A 89.145.78.0
549. ;; Received 64 bytes from 217.160.82.244#53(ns2.livedns.co.uk) in 107 ms
550. #######################################################################################################################################
551. [*] Performing General Enumeration of Domain: mundesley-pc.gov.uk
552. [-] DNSSEC is not configured for mundesley-pc.gov.uk
553. [*] SOA ns1.livedns.co.uk 217.160.81.244
554. [*] NS ns2.livedns.co.uk 217.160.82.244
555. [*] Bind Version for 217.160.82.244 Served by PowerDNS - https://www.powerdns.com/
556. [*] NS ns1.livedns.co.uk 217.160.81.244
557. [*] Bind Version for 217.160.81.244 Served by PowerDNS - https://www.powerdns.com/
558. [*] MX mundesleypc-gov-uk02c.mail.protection.outlook.com 104.47.20.36
559. [*] MX mundesleypc-gov-uk02c.mail.protection.outlook.com 104.47.21.36
560. [*] A mundesley-pc.gov.uk 89.145.78.0
561. [*] TXT mundesley-pc.gov.uk MS=ms57028444
562. [*] TXT mundesley-pc.gov.uk v=spf1 include:spf.protection.outlook.com -all
563. [*] Enumerating SRV Records
564. [-] No SRV Records Found for mundesley-pc.gov.uk
565. [+] 0 Records Found
566. #######################################################################################################################################
567. [*] Processing domain mundesley-pc.gov.uk
568. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
569. [+] Getting nameservers
570. 217.160.82.244 - ns2.livedns.co.uk
571. 217.160.81.244 - ns1.livedns.co.uk
572. [-] Zone transfer failed
573.  
574. [+] TXT records found
575. "MS=ms57028444"
576. "v=spf1 include:spf.protection.outlook.com -all"
577.  
578. [+] MX records found, added to target list
579. 0 mundesleypc-gov-uk02c.mail.protection.outlook.com.
580.  
581. [*] Scanning mundesley-pc.gov.uk for A records
582. 89.145.78.0 - mundesley-pc.gov.uk
583. 40.101.137.24 - autodiscover.mundesley-pc.gov.uk
584. 40.101.138.216 - autodiscover.mundesley-pc.gov.uk
585. 40.101.138.8 - autodiscover.mundesley-pc.gov.uk
586. 213.171.216.40 - mail.mundesley-pc.gov.uk
587. 213.171.216.40 - mailserver.mundesley-pc.gov.uk
588. 213.171.216.50 - smtp.mundesley-pc.gov.uk
589. 213.171.216.231 - webmail.mundesley-pc.gov.uk
590. 89.145.78.0 - www.mundesley-pc.gov.uk
591. #######################################################################################################################################
592.  
593.  
594.  
595. AVAILABLE PLUGINS
596. -----------------
597.  
598. RobotPlugin
599. OpenSslCipherSuitesPlugin
600. HeartbleedPlugin
601. FallbackScsvPlugin
602. SessionRenegotiationPlugin
603. OpenSslCcsInjectionPlugin
604. SessionResumptionPlugin
605. HttpHeadersPlugin
606. EarlyDataPlugin
607. CertificateInfoPlugin
608. CompressionPlugin
609.  
610.  
611.  
612. CHECKING HOST(S) AVAILABILITY
613. -----------------------------
614.  
615. 89.145.78.0:443 => 89.145.78.0
616.  
617.  
618.  
619.  
620. SCAN RESULTS FOR 89.145.78.0:443 - 89.145.78.0
621. ----------------------------------------------
622.  
623. * Deflate Compression:
624. OK - Compression disabled
625.  
626. * Certificate Information:
627. Content
628. SHA1 Fingerprint: 1e26051a4de5c5c3f77be8a14de7b73ca71e8490
629. Common Name: bench-memorial-plaques.co.uk
630. Issuer: Let's Encrypt Authority X3
631. Serial Number: 274404741044414810180390160691012314592224
632. Not Before: 2019-07-22 20:11:07
633. Not After: 2019-10-20 20:11:07
634. Signature Algorithm: sha256
635. Public Key Algorithm: RSA
636. Key Size: 2048
637. Exponent: 65537 (0x10001)
638. DNS Subject Alternative Names: ['bench-memorial-plaques.co.uk', 'cpanel.bench-memorial-plaques.co.uk', 'mail.bench-memorial-plaques.co.uk', 'webdisk.bench-memorial-plaques.co.uk', 'webmail.bench-memorial-plaques.co.uk', 'www.bench-memorial-plaques.co.uk']
639.  
640. Trust
641. Hostname Validation: FAILED - Certificate does NOT match 89.145.78.0
642. Android CA Store (9.0.0_r9): OK - Certificate is trusted
643. Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
644. Java CA Store (jdk-12.0.1): OK - Certificate is trusted
645. Mozilla CA Store (2019-03-14): OK - Certificate is trusted
646. Windows CA Store (2019-05-27): OK - Certificate is trusted
647. Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
648. Received Chain: bench-memorial-plaques.co.uk --> Let's Encrypt Authority X3
649. Verified Chain: bench-memorial-plaques.co.uk --> Let's Encrypt Authority X3 --> DST Root CA X3
650. Received Chain Contains Anchor: OK - Anchor certificate not sent
651. Received Chain Order: OK - Order is valid
652. Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
653.  
654. Extensions
655. OCSP Must-Staple: NOT SUPPORTED - Extension not found
656. Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
657.  
658. OCSP Stapling
659. NOT SUPPORTED - Server did not send back an OCSP response
660.  
661. * OpenSSL Heartbleed:
662. OK - Not vulnerable to Heartbleed
663.  
664. * TLSV1 Cipher Suites:
665. Server rejected all cipher suites.
666.  
667. * Downgrade Attacks:
668. TLS_FALLBACK_SCSV: OK - Supported
669.  
670. * TLSV1_1 Cipher Suites:
671. Forward Secrecy OK - Supported
672. RC4 OK - Not Supported
673.  
674. Preferred:
675. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
676. Accepted:
677. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
678. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
679. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
680. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
681. TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
682. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
683. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
684. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
685. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
686. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
687. TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
688. TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
689.  
690. * TLS 1.2 Session Resumption Support:
691. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
692. With TLS Tickets: OK - Supported
693.  
694. * Session Renegotiation:
695. Client-initiated Renegotiation: OK - Rejected
696. Secure Renegotiation: OK - Supported
697.  
698. * TLSV1_2 Cipher Suites:
699. Forward Secrecy OK - Supported
700. RC4 OK - Not Supported
701.  
702. Preferred:
703. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
704. Accepted:
705. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
706. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
707. TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
708. TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
709. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
710. TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
711. TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
712. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
713. TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
714. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
715. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 403 Forbidden
716. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
717. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
718. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
719. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
720. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
721. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
722. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
723. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
724. TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
725. TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
726. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
727. TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
728. TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
729.  
730. * OpenSSL CCS Injection:
731. OK - Not vulnerable to OpenSSL CCS injection
732.  
733. * SSLV2 Cipher Suites:
734. Server rejected all cipher suites.
735.  
736. * TLSV1_3 Cipher Suites:
737. Server rejected all cipher suites.
738.  
739. * SSLV3 Cipher Suites:
740. Server rejected all cipher suites.
741.  
742. * ROBOT Attack:
743. OK - Not vulnerable
744.  
745.  
746. SCAN COMPLETED IN 32.80 S
747. -------------------------
748. #######################################################################################################################################
749.  
750.  
751. Domains still to check: 1
752. Checking if the hostname mundesley-pc.gov.uk. given is in fact a domain...
753.  
754. Analyzing domain: mundesley-pc.gov.uk.
755. Checking NameServers using system default resolver...
756. IP: 217.160.82.244 (Germany)
757. HostName: ns2.livedns.co.uk Type: NS
758. HostName: ns2.livedns.co.uk Type: PTR
759. IP: 217.160.81.244 (Germany)
760. HostName: ns1.livedns.co.uk Type: NS
761. HostName: ns1.livedns.co.uk Type: PTR
762.  
763. Checking MailServers using system default resolver...
764. IP: 104.47.21.36 (United States)
765. HostName: mundesleypc-gov-uk02c.mail.protection.outlook.com Type: MX
766. HostName: mail-lo2gbr010036.inbound.protection.outlook.com Type: PTR
767. IP: 104.47.20.36 (United States)
768. HostName: mundesleypc-gov-uk02c.mail.protection.outlook.com Type: MX
769. HostName: mail-cwlgbr010036.inbound.protection.outlook.com Type: PTR
770.  
771. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
772. No zone transfer found on nameserver 217.160.82.244
773. No zone transfer found on nameserver 217.160.81.244
774.  
775. Checking SPF record...
776.  
777. Checking SPF record...
778. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 207.46.100.0/24, but only the network IP
779. New IP found: 207.46.100.0
780. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 207.46.163.0/24, but only the network IP
781. New IP found: 207.46.163.0
782. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 65.55.169.0/24, but only the network IP
783. New IP found: 65.55.169.0
784. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 157.56.110.0/23, but only the network IP
785. New IP found: 157.56.110.0
786. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 157.55.234.0/24, but only the network IP
787. New IP found: 157.55.234.0
788. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 213.199.154.0/24, but only the network IP
789. New IP found: 213.199.154.0
790. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 213.199.180.128/26, but only the network IP
791. New IP found: 213.199.180.128
792. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 52.100.0.0/14, but only the network IP
793. New IP found: 52.100.0.0
794.  
795. Checking SPF record...
796. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 157.56.112.0/24, but only the network IP
797. New IP found: 157.56.112.0
798. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 207.46.51.64/26, but only the network IP
799. New IP found: 207.46.51.64
800. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 64.4.22.64/26, but only the network IP
801. New IP found: 64.4.22.64
802. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.92.0.0/15, but only the network IP
803. New IP found: 40.92.0.0
804. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.107.0.0/16, but only the network IP
805. New IP found: 40.107.0.0
806. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 134.170.140.0/24, but only the network IP
807. New IP found: 134.170.140.0
808.  
809. Checking SPF record...
810. There are no IPv4 addresses in the SPF. Maybe IPv6.
811. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.128.0/19, but only the network IP
812. New IP found: 23.103.128.0
813. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.198.0/23, but only the network IP
814. New IP found: 23.103.198.0
815. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 65.55.88.0/24, but only the network IP
816. New IP found: 65.55.88.0
817. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.47.0.0/17, but only the network IP
818. New IP found: 104.47.0.0
819. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.200.0/21, but only the network IP
820. New IP found: 23.103.200.0
821. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.208.0/21, but only the network IP
822. New IP found: 23.103.208.0
823. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.191.0/24, but only the network IP
824. New IP found: 23.103.191.0
825. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.32.180.0/23, but only the network IP
826. New IP found: 216.32.180.0
827. WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 94.245.120.64/26, but only the network IP
828. New IP found: 94.245.120.64
829. New hostname found: 2202::/48
830. There are no IPv4 addresses in the SPF. Maybe IPv6.
831.  
832. Checking 193 most common hostnames using system default resolver...
833. IP: 89.145.78.0 (United Kingdom)
834. HostName: www.mundesley-pc.gov.uk. Type: A
835. IP: 213.171.216.40 (United Kingdom)
836. HostName: mail.mundesley-pc.gov.uk. Type: A
837. IP: 213.171.216.231 (United Kingdom)
838. HostName: webmail.mundesley-pc.gov.uk. Type: A
839. IP: 213.171.216.50 (United Kingdom)
840. HostName: smtp.mundesley-pc.gov.uk. Type: A
841.  
842. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
843. Checking netblock 65.55.169.0
844. Checking netblock 52.100.0.0
845. Checking netblock 89.145.78.0
846. Checking netblock 65.55.88.0
847. Checking netblock 207.46.100.0
848. Checking netblock 157.55.234.0
849. Checking netblock 94.245.120.0
850. Checking netblock 216.32.180.0
851. Checking netblock 213.171.216.0
852. Checking netblock 217.160.81.0
853. Checking netblock 23.103.128.0
854. Checking netblock 64.4.22.0
855. Checking netblock 157.56.110.0
856. Checking netblock 23.103.208.0
857. Checking netblock 23.103.198.0
858. Checking netblock 207.46.163.0
859. Checking netblock 104.47.21.0
860. Checking netblock 134.170.140.0
861. Checking netblock 213.199.154.0
862. Checking netblock 23.103.191.0
863. Checking netblock 40.107.0.0
864. Checking netblock 40.92.0.0
865. Checking netblock 157.56.112.0
866. Checking netblock 207.46.51.0
867. Checking netblock 104.47.0.0
868. Checking netblock 213.199.180.0
869. Checking netblock 217.160.82.0
870. Checking netblock 23.103.200.0
871. Checking netblock 104.47.20.0
872.  
873. Searching for mundesley-pc.gov.uk. emails in Google
874.  
875. Checking 31 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
876. Host 65.55.169.0 is up (reset ttl 64)
877. Host 52.100.0.0 is up (reset ttl 64)
878. Host 89.145.78.0 is up (reset ttl 64)
879. Host 65.55.88.0 is up (reset ttl 64)
880. Host 207.46.100.0 is up (reset ttl 64)
881. Host 157.55.234.0 is up (reset ttl 64)
882. Host 94.245.120.64 is up (reset ttl 64)
883. Host 216.32.180.0 is up (reset ttl 64)
884. Host 213.171.216.231 is up (echo-reply ttl 246)
885. Host 217.160.81.244 is up (reset ttl 64)
886. Host 23.103.128.0 is up (reset ttl 64)
887. Host 213.171.216.50 is up (reset ttl 64)
888. Host 64.4.22.64 is up (reset ttl 64)
889. Host 157.56.110.0 is up (reset ttl 64)
890. Host 23.103.208.0 is up (reset ttl 64)
891. Host 23.103.198.0 is up (reset ttl 64)
892. Host 207.46.163.0 is up (reset ttl 64)
893. Host 213.171.216.40 is up (echo-reply ttl 246)
894. Host 104.47.21.36 is up (reset ttl 64)
895. Host 134.170.140.0 is up (reset ttl 64)
896. Host 213.199.154.0 is up (reset ttl 64)
897. Host 23.103.191.0 is up (reset ttl 64)
898. Host 40.107.0.0 is up (reset ttl 64)
899. Host 40.92.0.0 is up (reset ttl 64)
900. Host 157.56.112.0 is up (reset ttl 64)
901. Host 207.46.51.64 is up (reset ttl 64)
902. Host 104.47.0.0 is up (reset ttl 64)
903. Host 213.199.180.128 is up (reset ttl 64)
904. Host 217.160.82.244 is up (echo-reply ttl 59)
905. Host 23.103.200.0 is up (reset ttl 64)
906. Host 104.47.20.36 is up (reset ttl 64)
907.  
908. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
909. Scanning ip 65.55.169.0 ():
910. Scanning ip 52.100.0.0 ():
911. Scanning ip 89.145.78.0 (www.mundesley-pc.gov.uk.):
912. 53/tcp open domain syn-ack ttl 50 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
913. | dns-nsid:
914. |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
915. Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (91%)
916. OS Info: Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
917. Scanning ip 65.55.88.0 ():
918. Scanning ip 207.46.100.0 ():
919. Scanning ip 157.55.234.0 ():
920. Scanning ip 94.245.120.64 ():
921. Scanning ip 216.32.180.0 ():
922. Scanning ip 213.171.216.231 (webmail.mundesley-pc.gov.uk.):
923. 80/tcp open http syn-ack ttl 55 nginx
924. |_http-favicon: Unknown favicon MD5: C158FFDB11844ECC3EE02B86AA8E1A0B
925. | http-methods:
926. |_ Supported Methods: GET HEAD POST OPTIONS
927. |_http-title: Webmail :: Welcome to Webmail
928. 443/tcp open ssl/http syn-ack ttl 55 nginx
929. | http-methods:
930. |_ Supported Methods: GET HEAD POST OPTIONS
931. |_http-title: Webmail :: Welcome to Webmail
932. | ssl-cert: Subject: commonName=webmail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
933. | Subject Alternative Name: DNS:webmail.livemail.co.uk
934. | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
935. | Public Key type: rsa
936. | Public Key bits: 2048
937. | Signature Algorithm: sha256WithRSAEncryption
938. | Not valid before: 2018-12-10T00:00:00
939. | Not valid after: 2020-12-09T12:00:00
940. | MD5: e6ce 8502 b7b4 cf72 ac63 d3ab 19d7 acad
941. |_SHA-1: cd2f e5b3 1740 fd64 335d 9b7f 9861 6b65 4a8c 5709
942. |_ssl-date: TLS randomness does not represent time
943. | tls-alpn:
944. |_ http/1.1
945. | tls-nextprotoneg:
946. |_ http/1.1
947. Device type: general purpose|storage-misc|media device|WAP
948. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (87%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
949. Scanning ip 217.160.81.244 (ns1.livedns.co.uk (PTR)):
950. 53/tcp open domain syn-ack ttl 59 PowerDNS 3.3 or later
951. | dns-nsid:
952. | NSID: dns-pub-nl-ams-nkf04.server.lan (646e732d7075622d6e6c2d616d732d6e6b6630342e7365727665722e6c616e)
953. | id.server: dns-pub-nl-ams-nkf04.server.lan
954. |_ bind.version: Served by PowerDNS - https://www.powerdns.com/
955. Scanning ip 23.103.128.0 ():
956. Scanning ip 213.171.216.50 (smtp.mundesley-pc.gov.uk.):
957. 465/tcp open ssl/smtps? syn-ack ttl 55
958. |_smtp-commands: Couldn't establish connection on port 465
959. 587/tcp open smtp syn-ack ttl 57 Postfix smtpd
960. |_smtp-commands: smtp.livemail.co.uk, PIPELINING, SIZE 153600000, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
961. |_ssl-date: TLS randomness does not represent time
962. Device type: storage-misc|general purpose
963. Running (JUST GUESSING): HP embedded (85%), Linux 3.X|4.X (85%)
964. OS Info: Service Info: Host: smtp.livemail.co.uk
965. Scanning ip 64.4.22.64 ():
966. Scanning ip 157.56.110.0 ():
967. Scanning ip 23.103.208.0 ():
968. Scanning ip 23.103.198.0 ():
969. Scanning ip 207.46.163.0 ():
970. Scanning ip 213.171.216.40 (mail.mundesley-pc.gov.uk.):
971. 110/tcp open pop3 syn-ack ttl 55 Dovecot pop3d
972. |_pop3-capabilities: STLS RESP-CODES AUTH-RESP-CODE UIDL PIPELINING USER SASL(PLAIN) TOP CAPA
973. | ssl-cert: Subject: commonName=mail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
974. | Subject Alternative Name: DNS:mail.livemail.co.uk
975. | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
976. | Public Key type: rsa
977. | Public Key bits: 2048
978. | Signature Algorithm: sha256WithRSAEncryption
979. | Not valid before: 2018-12-06T00:00:00
980. | Not valid after: 2020-12-06T12:00:00
981. | MD5: fa44 ec75 70eb 9d71 2787 1022 09c3 d5f8
982. |_SHA-1: 869e a9ca a4f4 f83e 1b80 9056 13db 9adc 15de c62d
983. 143/tcp open imap syn-ack ttl 55 Dovecot imapd
984. |_imap-capabilities: more STARTTLS LOGIN-REFERRALS have SASL-IR listed IDLE LITERAL+ OK post-login capabilities ID ENABLE IMAP4rev1 AUTH=PLAINA0001 Pre-login
985. | ssl-cert: Subject: commonName=mail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
986. | Subject Alternative Name: DNS:mail.livemail.co.uk
987. | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
988. | Public Key type: rsa
989. | Public Key bits: 2048
990. | Signature Algorithm: sha256WithRSAEncryption
991. | Not valid before: 2018-12-06T00:00:00
992. | Not valid after: 2020-12-06T12:00:00
993. | MD5: fa44 ec75 70eb 9d71 2787 1022 09c3 d5f8
994. |_SHA-1: 869e a9ca a4f4 f83e 1b80 9056 13db 9adc 15de c62d
995. 993/tcp open ssl/imap syn-ack ttl 55 Dovecot imapd
996. |_imap-capabilities: have LOGIN-REFERRALS more SASL-IR listed IDLE LITERAL+ OK post-login capabilities ID ENABLE IMAP4rev1 AUTH=PLAINA0001 Pre-login
997. | ssl-cert: Subject: commonName=mail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
998. | Subject Alternative Name: DNS:mail.livemail.co.uk
999. | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
1000. | Public Key type: rsa
1001. | Public Key bits: 2048
1002. | Signature Algorithm: sha256WithRSAEncryption
1003. | Not valid before: 2018-12-06T00:00:00
1004. | Not valid after: 2020-12-06T12:00:00
1005. | MD5: fa44 ec75 70eb 9d71 2787 1022 09c3 d5f8
1006. |_SHA-1: 869e a9ca a4f4 f83e 1b80 9056 13db 9adc 15de c62d
1007. 995/tcp open ssl/pop3 syn-ack ttl 57 Dovecot pop3d
1008. |_pop3-capabilities: UIDL RESP-CODES PIPELINING USER AUTH-RESP-CODE SASL(PLAIN) TOP CAPA
1009. | ssl-cert: Subject: commonName=mail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
1010. | Subject Alternative Name: DNS:mail.livemail.co.uk
1011. | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
1012. | Public Key type: rsa
1013. | Public Key bits: 2048
1014. | Signature Algorithm: sha256WithRSAEncryption
1015. | Not valid before: 2018-12-06T00:00:00
1016. | Not valid after: 2020-12-06T12:00:00
1017. | MD5: fa44 ec75 70eb 9d71 2787 1022 09c3 d5f8
1018. |_SHA-1: 869e a9ca a4f4 f83e 1b80 9056 13db 9adc 15de c62d
1019. Device type: general purpose|storage-misc
1020. Scanning ip 104.47.21.36 (mail-lo2gbr010036.inbound.protection.outlook.com (PTR)):
1021. Scanning ip 134.170.140.0 ():
1022. Scanning ip 213.199.154.0 ():
1023. Scanning ip 23.103.191.0 ():
1024. Scanning ip 40.107.0.0 ():
1025. Scanning ip 40.92.0.0 ():
1026. Scanning ip 157.56.112.0 ():
1027. Scanning ip 207.46.51.64 ():
1028. Scanning ip 104.47.0.0 ():
1029. Scanning ip 213.199.180.128 ():
1030. Scanning ip 217.160.82.244 (ns2.livedns.co.uk (PTR)):
1031. 53/tcp open domain syn-ack ttl 59 PowerDNS 3.3 or later
1032. | dns-nsid:
1033. | NSID: dns-pub-nl-ams-nkf03.server.lan (646e732d7075622d6e6c2d616d732d6e6b6630332e7365727665722e6c616e)
1034. | id.server: dns-pub-nl-ams-nkf03.server.lan
1035. |_ bind.version: Served by PowerDNS - https://www.powerdns.com/
1036. Scanning ip 23.103.200.0 ():
1037. Scanning ip 104.47.20.36 (mail-cwlgbr010036.inbound.protection.outlook.com (PTR)):
1038. WebCrawling domain's web servers... up to 50 max links.
1039.  
1040. + URL to crawl: http://webmail.mundesley-pc.gov.uk.
1041. + Date: 2019-09-05
1042.  
1043. + Crawling URL: http://webmail.mundesley-pc.gov.uk.:
1044. + Links:
1045. + Crawling http://webmail.mundesley-pc.gov.uk.
1046. + Crawling http://webmail.mundesley-pc.gov.uk./skins/googie_larry/styles.css?s=1426489652 (File! Not crawling it.)
1047. + Crawling http://webmail.mundesley-pc.gov.uk./skins/googie_larry/svggradients.css?s=1401897190 (File! Not crawling it.)
1048. + Crawling http://webmail.mundesley-pc.gov.uk./skins/googie_larry/iehacks.css?s=1401897190 (File! Not crawling it.)
1049. + Crawling http://webmail.mundesley-pc.gov.uk./skins/googie_larry/ie7hacks.css?s=1401897190 (File! Not crawling it.)
1050. + Crawling http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/themes/larry/jquery-ui.css?s=1566991207 (File! Not crawling it.)
1051. + Crawling http://webmail.mundesley-pc.gov.uk./skins/googie_larry/ui.js?s=1401897190 (File! Not crawling it.)
1052. + Crawling http://webmail.mundesley-pc.gov.uk./fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,800,700,600,300 (404 Not Found)
1053. + Crawling http://webmail.mundesley-pc.gov.uk./program/js/jquery.min.js?s=1566991445 (File! Not crawling it.)
1054. + Crawling http://webmail.mundesley-pc.gov.uk./program/js/common.min.js?s=1566991207 (File! Not crawling it.)
1055. + Crawling http://webmail.mundesley-pc.gov.uk./program/js/app.min.js?s=1566991207 (File! Not crawling it.)
1056. + Crawling http://webmail.mundesley-pc.gov.uk./program/js/jstz.min.js?s=1566991446 (File! Not crawling it.)
1057. + Crawling http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/jquery-ui.min.js?s=1566991207 (File! Not crawling it.)
1058. + Crawling http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/i18n/jquery.ui.datepicker-en-GB.js?s=1566991207 (File! Not crawling it.)
1059. + Searching for directories...
1060. - Found: http://webmail.mundesley-pc.gov.uk./fonts.googleapis.com/
1061. - Found: http://webmail.mundesley-pc.gov.uk./skins/
1062. - Found: http://webmail.mundesley-pc.gov.uk./skins/googie_larry/
1063. - Found: http://webmail.mundesley-pc.gov.uk./skins/googie_larry/images/
1064. - Found: http://webmail.mundesley-pc.gov.uk./branding/
1065. - Found: http://webmail.mundesley-pc.gov.uk./branding/fasthosts/
1066. - Found: http://webmail.mundesley-pc.gov.uk./plugins/
1067. - Found: http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/
1068. - Found: http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/themes/
1069. - Found: http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/themes/larry/
1070. - Found: http://webmail.mundesley-pc.gov.uk./program/
1071. - Found: http://webmail.mundesley-pc.gov.uk./program/js/
1072. - Found: http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/
1073. - Found: http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/i18n/
1074. + Searching open folders...
1075. - http://webmail.mundesley-pc.gov.uk./fonts.googleapis.com/ (404 Not Found)
1076. - http://webmail.mundesley-pc.gov.uk./skins/ (403 Forbidden)
1077. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/ (403 Forbidden)
1078. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/images/ (403 Forbidden)
1079. - http://webmail.mundesley-pc.gov.uk./branding/ (403 Forbidden)
1080. - http://webmail.mundesley-pc.gov.uk./branding/fasthosts/ (403 Forbidden)
1081. - http://webmail.mundesley-pc.gov.uk./plugins/ (403 Forbidden)
1082. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/ (403 Forbidden)
1083. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/themes/ (403 Forbidden)
1084. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/themes/larry/ (403 Forbidden)
1085. - http://webmail.mundesley-pc.gov.uk./program/ (403 Forbidden)
1086. - http://webmail.mundesley-pc.gov.uk./program/js/ (403 Forbidden)
1087. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/ (403 Forbidden)
1088. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/i18n/ (403 Forbidden)
1089. + Crawl finished successfully.
1090. ----------------------------------------------------------------------
1091. Summary of http://http://webmail.mundesley-pc.gov.uk.
1092. ----------------------------------------------------------------------
1093. + Links crawled:
1094. - http://webmail.mundesley-pc.gov.uk.
1095. - http://webmail.mundesley-pc.gov.uk./fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,800,700,600,300 (404 Not Found)
1096. Total links crawled: 2
1097.  
1098. + Links to files found:
1099. - http://webmail.mundesley-pc.gov.uk./branding/fasthosts/whitelabel.jpg
1100. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/i18n/jquery.ui.datepicker-en-GB.js?s=1566991207
1101. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/jquery-ui.min.js?s=1566991207
1102. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/themes/larry/jquery-ui.css?s=1566991207
1103. - http://webmail.mundesley-pc.gov.uk./program/js/app.min.js?s=1566991207
1104. - http://webmail.mundesley-pc.gov.uk./program/js/common.min.js?s=1566991207
1105. - http://webmail.mundesley-pc.gov.uk./program/js/jquery.min.js?s=1566991445
1106. - http://webmail.mundesley-pc.gov.uk./program/js/jstz.min.js?s=1566991446
1107. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/ie7hacks.css?s=1401897190
1108. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/iehacks.css?s=1401897190
1109. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/images/favicon.ico
1110. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/styles.css?s=1426489652
1111. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/svggradients.css?s=1401897190
1112. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/ui.js?s=1401897190
1113. Total links to files: 14
1114.  
1115. + Externals links found:
1116. Total external links: 0
1117.  
1118. + Email addresses found:
1119. Total email address found: 0
1120.  
1121. + Directories found:
1122. - http://webmail.mundesley-pc.gov.uk./branding/ (403 Forbidden)
1123. - http://webmail.mundesley-pc.gov.uk./branding/fasthosts/ (403 Forbidden)
1124. - http://webmail.mundesley-pc.gov.uk./fonts.googleapis.com/ (404 Not Found)
1125. - http://webmail.mundesley-pc.gov.uk./plugins/ (403 Forbidden)
1126. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/ (403 Forbidden)
1127. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/ (403 Forbidden)
1128. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/js/i18n/ (403 Forbidden)
1129. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/themes/ (403 Forbidden)
1130. - http://webmail.mundesley-pc.gov.uk./plugins/jqueryui/themes/larry/ (403 Forbidden)
1131. - http://webmail.mundesley-pc.gov.uk./program/ (403 Forbidden)
1132. - http://webmail.mundesley-pc.gov.uk./program/js/ (403 Forbidden)
1133. - http://webmail.mundesley-pc.gov.uk./skins/ (403 Forbidden)
1134. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/ (403 Forbidden)
1135. - http://webmail.mundesley-pc.gov.uk./skins/googie_larry/images/ (403 Forbidden)
1136. Total directories: 14
1137.  
1138. + Directory indexing found:
1139. Total directories with indexing: 0
1140.  
1141. ----------------------------------------------------------------------
1142.  
1143.  
1144. + URL to crawl: https://webmail.mundesley-pc.gov.uk.
1145. + Date: 2019-09-05
1146.  
1147. + Crawling URL: https://webmail.mundesley-pc.gov.uk.:
1148. + Links:
1149. + Crawling https://webmail.mundesley-pc.gov.uk.
1150. + Searching for directories...
1151. + Searching open folders...
1152.  
1153. --Finished--
1154. Summary information for domain mundesley-pc.gov.uk.
1155. -----------------------------------------
1156.  
1157. Domain Ips Information:
1158. IP: 65.55.169.0
1159. Type: SPF
1160. Is Active: True (reset ttl 64)
1161. IP: 52.100.0.0
1162. Type: SPF
1163. Is Active: True (reset ttl 64)
1164. IP: 89.145.78.0
1165. HostName: www.mundesley-pc.gov.uk. Type: A
1166. Country: United Kingdom
1167. Is Active: True (reset ttl 64)
1168. Port: 53/tcp open domain syn-ack ttl 50 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
1169. Script Info: | dns-nsid:
1170. Script Info: |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
1171. Script Info: Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (91%)
1172. Os Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1173. IP: 65.55.88.0
1174. Type: SPF
1175. Is Active: True (reset ttl 64)
1176. IP: 207.46.100.0
1177. Type: SPF
1178. Is Active: True (reset ttl 64)
1179. IP: 157.55.234.0
1180. Type: SPF
1181. Is Active: True (reset ttl 64)
1182. IP: 94.245.120.64
1183. Type: SPF
1184. Is Active: True (reset ttl 64)
1185. IP: 216.32.180.0
1186. Type: SPF
1187. Is Active: True (reset ttl 64)
1188. IP: 213.171.216.231
1189. HostName: webmail.mundesley-pc.gov.uk. Type: A
1190. Country: United Kingdom
1191. Is Active: True (echo-reply ttl 246)
1192. Port: 80/tcp open http syn-ack ttl 55 nginx
1193. Script Info: |_http-favicon: Unknown favicon MD5: C158FFDB11844ECC3EE02B86AA8E1A0B
1194. Script Info: | http-methods:
1195. Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1196. Script Info: |_http-title: Webmail :: Welcome to Webmail
1197. Port: 443/tcp open ssl/http syn-ack ttl 55 nginx
1198. Script Info: | http-methods:
1199. Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1200. Script Info: |_http-title: Webmail :: Welcome to Webmail
1201. Script Info: | ssl-cert: Subject: commonName=webmail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
1202. Script Info: | Subject Alternative Name: DNS:webmail.livemail.co.uk
1203. Script Info: | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
1204. Script Info: | Public Key type: rsa
1205. Script Info: | Public Key bits: 2048
1206. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1207. Script Info: | Not valid before: 2018-12-10T00:00:00
1208. Script Info: | Not valid after: 2020-12-09T12:00:00
1209. Script Info: | MD5: e6ce 8502 b7b4 cf72 ac63 d3ab 19d7 acad
1210. Script Info: |_SHA-1: cd2f e5b3 1740 fd64 335d 9b7f 9861 6b65 4a8c 5709
1211. Script Info: |_ssl-date: TLS randomness does not represent time
1212. Script Info: | tls-alpn:
1213. Script Info: |_ http/1.1
1214. Script Info: | tls-nextprotoneg:
1215. Script Info: |_ http/1.1
1216. Script Info: Device type: general purpose|storage-misc|media device|WAP
1217. Script Info: Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (87%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
1218. IP: 217.160.81.244
1219. HostName: ns1.livedns.co.uk Type: NS
1220. HostName: ns1.livedns.co.uk Type: PTR
1221. Country: Germany
1222. Is Active: True (reset ttl 64)
1223. Port: 53/tcp open domain syn-ack ttl 59 PowerDNS 3.3 or later
1224. Script Info: | dns-nsid:
1225. Script Info: | NSID: dns-pub-nl-ams-nkf04.server.lan (646e732d7075622d6e6c2d616d732d6e6b6630342e7365727665722e6c616e)
1226. Script Info: | id.server: dns-pub-nl-ams-nkf04.server.lan
1227. Script Info: |_ bind.version: Served by PowerDNS - https://www.powerdns.com/
1228. IP: 23.103.128.0
1229. Type: SPF
1230. Is Active: True (reset ttl 64)
1231. IP: 213.171.216.50
1232. HostName: smtp.mundesley-pc.gov.uk. Type: A
1233. Country: United Kingdom
1234. Is Active: True (reset ttl 64)
1235. Port: 465/tcp open ssl/smtps? syn-ack ttl 55
1236. Script Info: |_smtp-commands: Couldn't establish connection on port 465
1237. Port: 587/tcp open smtp syn-ack ttl 57 Postfix smtpd
1238. Script Info: |_smtp-commands: smtp.livemail.co.uk, PIPELINING, SIZE 153600000, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1239. Script Info: |_ssl-date: TLS randomness does not represent time
1240. Script Info: Device type: storage-misc|general purpose
1241. Script Info: Running (JUST GUESSING): HP embedded (85%), Linux 3.X|4.X (85%)
1242. Os Info: Host: smtp.livemail.co.uk
1243. IP: 64.4.22.64
1244. Type: SPF
1245. Is Active: True (reset ttl 64)
1246. IP: 157.56.110.0
1247. Type: SPF
1248. Is Active: True (reset ttl 64)
1249. IP: 23.103.208.0
1250. Type: SPF
1251. Is Active: True (reset ttl 64)
1252. IP: 23.103.198.0
1253. Type: SPF
1254. Is Active: True (reset ttl 64)
1255. IP: 207.46.163.0
1256. Type: SPF
1257. Is Active: True (reset ttl 64)
1258. IP: 213.171.216.40
1259. HostName: mail.mundesley-pc.gov.uk. Type: A
1260. Country: United Kingdom
1261. Is Active: True (echo-reply ttl 246)
1262. Port: 110/tcp open pop3 syn-ack ttl 55 Dovecot pop3d
1263. Script Info: |_pop3-capabilities: STLS RESP-CODES AUTH-RESP-CODE UIDL PIPELINING USER SASL(PLAIN) TOP CAPA
1264. Script Info: | ssl-cert: Subject: commonName=mail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
1265. Script Info: | Subject Alternative Name: DNS:mail.livemail.co.uk
1266. Script Info: | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
1267. Script Info: | Public Key type: rsa
1268. Script Info: | Public Key bits: 2048
1269. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1270. Script Info: | Not valid before: 2018-12-06T00:00:00
1271. Script Info: | Not valid after: 2020-12-06T12:00:00
1272. Script Info: | MD5: fa44 ec75 70eb 9d71 2787 1022 09c3 d5f8
1273. Script Info: |_SHA-1: 869e a9ca a4f4 f83e 1b80 9056 13db 9adc 15de c62d
1274. Port: 143/tcp open imap syn-ack ttl 55 Dovecot imapd
1275. Script Info: |_imap-capabilities: more STARTTLS LOGIN-REFERRALS have SASL-IR listed IDLE LITERAL+ OK post-login capabilities ID ENABLE IMAP4rev1 AUTH=PLAINA0001 Pre-login
1276. Script Info: | ssl-cert: Subject: commonName=mail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
1277. Script Info: | Subject Alternative Name: DNS:mail.livemail.co.uk
1278. Script Info: | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
1279. Script Info: | Public Key type: rsa
1280. Script Info: | Public Key bits: 2048
1281. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1282. Script Info: | Not valid before: 2018-12-06T00:00:00
1283. Script Info: | Not valid after: 2020-12-06T12:00:00
1284. Script Info: | MD5: fa44 ec75 70eb 9d71 2787 1022 09c3 d5f8
1285. Script Info: |_SHA-1: 869e a9ca a4f4 f83e 1b80 9056 13db 9adc 15de c62d
1286. Port: 993/tcp open ssl/imap syn-ack ttl 55 Dovecot imapd
1287. Script Info: |_imap-capabilities: have LOGIN-REFERRALS more SASL-IR listed IDLE LITERAL+ OK post-login capabilities ID ENABLE IMAP4rev1 AUTH=PLAINA0001 Pre-login
1288. Script Info: | ssl-cert: Subject: commonName=mail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
1289. Script Info: | Subject Alternative Name: DNS:mail.livemail.co.uk
1290. Script Info: | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
1291. Script Info: | Public Key type: rsa
1292. Script Info: | Public Key bits: 2048
1293. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1294. Script Info: | Not valid before: 2018-12-06T00:00:00
1295. Script Info: | Not valid after: 2020-12-06T12:00:00
1296. Script Info: | MD5: fa44 ec75 70eb 9d71 2787 1022 09c3 d5f8
1297. Script Info: |_SHA-1: 869e a9ca a4f4 f83e 1b80 9056 13db 9adc 15de c62d
1298. Port: 995/tcp open ssl/pop3 syn-ack ttl 57 Dovecot pop3d
1299. Script Info: |_pop3-capabilities: UIDL RESP-CODES PIPELINING USER AUTH-RESP-CODE SASL(PLAIN) TOP CAPA
1300. Script Info: | ssl-cert: Subject: commonName=mail.livemail.co.uk/organizationName=Fasthosts Internet Limited/stateOrProvinceName=Gloucestershire/countryName=GB
1301. Script Info: | Subject Alternative Name: DNS:mail.livemail.co.uk
1302. Script Info: | Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
1303. Script Info: | Public Key type: rsa
1304. Script Info: | Public Key bits: 2048
1305. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1306. Script Info: | Not valid before: 2018-12-06T00:00:00
1307. Script Info: | Not valid after: 2020-12-06T12:00:00
1308. Script Info: | MD5: fa44 ec75 70eb 9d71 2787 1022 09c3 d5f8
1309. Script Info: |_SHA-1: 869e a9ca a4f4 f83e 1b80 9056 13db 9adc 15de c62d
1310. Script Info: Device type: general purpose|storage-misc
1311. IP: 104.47.21.36
1312. HostName: mundesleypc-gov-uk02c.mail.protection.outlook.com Type: MX
1313. HostName: mail-lo2gbr010036.inbound.protection.outlook.com Type: PTR
1314. Country: United States
1315. Is Active: True (reset ttl 64)
1316. IP: 134.170.140.0
1317. Type: SPF
1318. Is Active: True (reset ttl 64)
1319. IP: 213.199.154.0
1320. Type: SPF
1321. Is Active: True (reset ttl 64)
1322. IP: 23.103.191.0
1323. Type: SPF
1324. Is Active: True (reset ttl 64)
1325. IP: 40.107.0.0
1326. Type: SPF
1327. Is Active: True (reset ttl 64)
1328. IP: 40.92.0.0
1329. Type: SPF
1330. Is Active: True (reset ttl 64)
1331. IP: 157.56.112.0
1332. Type: SPF
1333. Is Active: True (reset ttl 64)
1334. IP: 207.46.51.64
1335. Type: SPF
1336. Is Active: True (reset ttl 64)
1337. IP: 104.47.0.0
1338. Type: SPF
1339. Is Active: True (reset ttl 64)
1340. IP: 213.199.180.128
1341. Type: SPF
1342. Is Active: True (reset ttl 64)
1343. IP: 217.160.82.244
1344. HostName: ns2.livedns.co.uk Type: NS
1345. HostName: ns2.livedns.co.uk Type: PTR
1346. Country: Germany
1347. Is Active: True (echo-reply ttl 59)
1348. Port: 53/tcp open domain syn-ack ttl 59 PowerDNS 3.3 or later
1349. Script Info: | dns-nsid:
1350. Script Info: | NSID: dns-pub-nl-ams-nkf03.server.lan (646e732d7075622d6e6c2d616d732d6e6b6630332e7365727665722e6c616e)
1351. Script Info: | id.server: dns-pub-nl-ams-nkf03.server.lan
1352. Script Info: |_ bind.version: Served by PowerDNS - https://www.powerdns.com/
1353. IP: 23.103.200.0
1354. Type: SPF
1355. Is Active: True (reset ttl 64)
1356. IP: 104.47.20.36
1357. HostName: mundesleypc-gov-uk02c.mail.protection.outlook.com Type: MX
1358. HostName: mail-cwlgbr010036.inbound.protection.outlook.com Type: PTR
1359. Country: United States
1360. Is Active: True (reset ttl 64)
1361. #######################################################################################################################################
1362. [+] www.mundesley-pc.gov.uk has no SPF record!
1363. [*] No DMARC record found. Looking for organizational record
1364. [+] No organizational DMARC record
1365. [+] Spoofing possible for www.mundesley-pc.gov.uk!
1366. #######################################################################################################################################
1367. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:05 EDT
1368. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1369. Host is up (0.17s latency).
1370. rDNS record for 89.145.78.0: pegasus.terrassl.net
1371. Not shown: 410 filtered ports, 36 closed ports
1372. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1373. PORT STATE SERVICE
1374. 19/tcp open chargen
1375. 21/tcp open ftp
1376. 22/tcp open ssh
1377. 23/tcp open telnet
1378. 53/tcp open domain
1379. 79/tcp open finger
1380. 80/tcp open http
1381. 110/tcp open pop3
1382. 137/tcp open netbios-ns
1383. 143/tcp open imap
1384. 407/tcp open timbuktu
1385. 443/tcp open https
1386. 465/tcp open smtps
1387. 587/tcp open submission
1388. 617/tcp open sco-dtmgr
1389. 993/tcp open imaps
1390. 995/tcp open pop3s
1391. 1158/tcp open lsnr
1392. 1720/tcp open h323q931
1393. 1723/tcp open pptp
1394. 2000/tcp open cisco-sccp
1395. 2222/tcp open EtherNetIP-1
1396. 3306/tcp open mysql
1397. 5000/tcp open upnp
1398. 5432/tcp open postgresql
1399. 5900/tcp open vnc
1400. 6106/tcp open isdninfo
1401. 6667/tcp open irc
1402. 7000/tcp open afs3-fileserver
1403. 8080/tcp open http-proxy
1404. 8686/tcp open sun-as-jmxrmi
1405. 8899/tcp open ospf-lite
1406. 9002/tcp open dynamid
1407. 9010/tcp open sdr
1408. 10008/tcp open octopus
1409. 12345/tcp open netbus
1410. 22222/tcp open easyengine
1411.  
1412. Nmap done: 1 IP address (1 host up) scanned in 10.25 seconds
1413. #######################################################################################################################################
1414. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:05 EDT
1415. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1416. Host is up (0.076s latency).
1417. rDNS record for 89.145.78.0: pegasus.terrassl.net
1418. Not shown: 2 filtered ports
1419. PORT STATE SERVICE
1420. 53/udp open domain
1421. 67/udp open|filtered dhcps
1422. 68/udp open|filtered dhcpc
1423. 69/udp open|filtered tftp
1424. 88/udp open|filtered kerberos-sec
1425. 123/udp open|filtered ntp
1426. 139/udp open|filtered netbios-ssn
1427. 161/udp open|filtered snmp
1428. 162/udp open|filtered snmptrap
1429. 389/udp open|filtered ldap
1430. 500/udp open|filtered isakmp
1431. 520/udp open|filtered route
1432. 2049/udp open|filtered nfs
1433.  
1434. Nmap done: 1 IP address (1 host up) scanned in 2.03 seconds
1435. #######################################################################################################################################
1436. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:05 EDT
1437. NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1438. NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1439. NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
1440. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1441. Host is up (0.17s latency).
1442. rDNS record for 89.145.78.0: pegasus.terrassl.net
1443.  
1444. PORT STATE SERVICE VERSION
1445. 21/tcp open ftp Pure-FTPd
1446. | ftp-brute:
1447. | Accounts: No valid accounts found
1448. |_ Statistics: Performed 5835 guesses in 591 seconds, average tps: 9.7
1449. |_ftp-libopie: ERROR: Script execution failed (use -d to debug)
1450. |_vulscan: ERROR: Script execution failed (use -d to debug)
1451. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1452. Device type: specialized|WAP|phone
1453. Running: iPXE 1.X, Linux 2.4.X|2.6.X, Sony Ericsson embedded
1454. OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:sonyericsson:u8i_vivaz
1455. OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone
1456.  
1457. TRACEROUTE (using port 21/tcp)
1458. HOP RTT ADDRESS
1459. 1 65.77 ms 10.245.204.1
1460. 2 97.61 ms R43.static.amanah.com (104.245.144.129)
1461. 3 97.64 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1462. 4 97.66 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
1463. 5 97.65 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
1464. 6 97.67 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
1465. 7 ... 8
1466. 9 161.96 ms GLOBAL-CROS.ear2.London15.Level3.net (64.209.97.98)
1467. 10 129.17 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
1468. 11 156.42 ms 83-223-96-109.as29017.net (83.223.96.109)
1469. 12 158.10 ms be11.asr01.thn.as20860.net (130.180.202.24)
1470. 13 158.05 ms be10.asr01.dc5.as20860.net (130.180.202.45)
1471. 14 158.11 ms po256.net2.north.dc5.as20860.net (130.180.203.6)
1472. 15 158.09 ms 1-103-223-83.xssl.net (83.223.103.1)
1473. 16 ... 30
1474. #######################################################################################################################################
1475. # general
1476. (gen) banner: SSH-2.0-OpenSSH_7.4
1477. (gen) software: OpenSSH 7.4
1478. (gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
1479. (gen) compression: enabled (zlib@openssh.com)
1480.  
1481. # key exchange algorithms
1482. (kex) curve25519-sha256 -- [warn] unknown algorithm
1483. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
1484. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1485. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1486. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1487. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1488. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1489. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1490. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1491. `- [info] available since OpenSSH 4.4
1492. (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1493. (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
1494. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1495. `- [warn] using weak hashing algorithm
1496. `- [info] available since OpenSSH 2.3.0
1497. (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1498. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1499. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1500. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1501. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1502. `- [warn] using small 1024-bit modulus
1503. `- [warn] using weak hashing algorithm
1504. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1505.  
1506. # host-key algorithms
1507. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1508. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
1509. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
1510. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1511. `- [warn] using weak random number generator could reveal the key
1512. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1513. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
1514.  
1515. # encryption algorithms (ciphers)
1516. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
1517. `- [info] default cipher since OpenSSH 6.9.
1518. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1519. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
1520. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1521. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
1522. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
1523. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1524. `- [warn] using weak cipher mode
1525. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1526. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1527. `- [warn] using weak cipher mode
1528. `- [info] available since OpenSSH 2.3.0
1529. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1530. `- [warn] using weak cipher mode
1531. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1532. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1533. `- [fail] disabled since Dropbear SSH 0.53
1534. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1535. `- [warn] using weak cipher mode
1536. `- [warn] using small 64-bit block size
1537. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1538. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1539. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1540. `- [warn] using weak cipher mode
1541. `- [warn] using small 64-bit block size
1542. `- [info] available since OpenSSH 2.1.0
1543. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1544. `- [warn] using weak cipher
1545. `- [warn] using weak cipher mode
1546. `- [warn] using small 64-bit block size
1547. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1548.  
1549. # message authentication code algorithms
1550. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
1551. `- [info] available since OpenSSH 6.2
1552. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
1553. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
1554. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
1555. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
1556. `- [info] available since OpenSSH 6.2
1557. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1558. `- [warn] using small 64-bit tag size
1559. `- [info] available since OpenSSH 4.7
1560. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
1561. `- [info] available since OpenSSH 6.2
1562. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1563. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1564. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1565. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1566. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1567. `- [warn] using weak hashing algorithm
1568. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1569.  
1570. # algorithm recommendations (for OpenSSH 7.4)
1571. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1572. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1573. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
1574. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1575. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1576. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1577. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1578. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1579. (rec) -blowfish-cbc -- enc algorithm to remove
1580. (rec) -3des-cbc -- enc algorithm to remove
1581. (rec) -aes256-cbc -- enc algorithm to remove
1582. (rec) -cast128-cbc -- enc algorithm to remove
1583. (rec) -aes192-cbc -- enc algorithm to remove
1584. (rec) -aes128-cbc -- enc algorithm to remove
1585. (rec) -hmac-sha2-512 -- mac algorithm to remove
1586. (rec) -umac-128@openssh.com -- mac algorithm to remove
1587. (rec) -hmac-sha2-256 -- mac algorithm to remove
1588. (rec) -umac-64@openssh.com -- mac algorithm to remove
1589. (rec) -hmac-sha1 -- mac algorithm to remove
1590. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
1591. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
1592. #######################################################################################################################################
1593. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:16 EDT
1594. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1595. Host is up (0.13s latency).
1596. rDNS record for 89.145.78.0: pegasus.terrassl.net
1597.  
1598. PORT STATE SERVICE VERSION
1599. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
1600. |_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)
1601. |_ssh-brute: ERROR: Script execution failed (use -d to debug)
1602. |_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
1603. |_ssh-run: ERROR: Script execution failed (use -d to debug)
1604. | vulners:
1605. | cpe:/a:openbsd:openssh:7.4:
1606. | CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
1607. |_ CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
1608. |_vulscan: ERROR: Script execution failed (use -d to debug)
1609. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1610. Device type: general purpose
1611. Running: Linux 2.6.X
1612. OS CPE: cpe:/o:linux:linux_kernel:2.6
1613. OS details: Linux 2.6.18 - 2.6.22
1614.  
1615. TRACEROUTE (using port 22/tcp)
1616. HOP RTT ADDRESS
1617. 1 64.44 ms 10.245.204.1
1618. 2 96.08 ms R43.static.amanah.com (104.245.144.129)
1619. 3 96.18 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1620. 4 96.17 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
1621. 5 96.15 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
1622. 6 96.17 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
1623. 7 ... 8
1624. 9 161.39 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
1625. 10 128.14 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
1626. 11 123.04 ms 83-223-96-111.as29017.net (83.223.96.111)
1627. 12 180.28 ms be11.asr01.thn.as20860.net (130.180.202.24)
1628. 13 180.28 ms be10.asr02.dc5.as20860.net (130.180.202.47)
1629. 14 145.73 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
1630. 15 180.24 ms 1-103-223-83.xssl.net (83.223.103.1)
1631. 16 ... 30
1632. #######################################################################################################################################
1633. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
1634. RHOSTS => www.mundesley-pc.gov.uk
1635. RHOST => www.mundesley-pc.gov.uk
1636. [*] 89.145.78.0:22 - SSH - Using malformed packet technique
1637. [*] 89.145.78.0:22 - SSH - Starting scan
1638. [-] 89.145.78.0:22 - SSH - User 'admin' on could not connect
1639. [-] 89.145.78.0:22 - SSH - User 'administrator' on could not connect
1640. [-] 89.145.78.0:22 - SSH - User 'anonymous' on could not connect
1641. [-] 89.145.78.0:22 - SSH - User 'backup' on could not connect
1642. [-] 89.145.78.0:22 - SSH - User 'bee' on could not connect
1643. [-] 89.145.78.0:22 - SSH - User 'ftp' on could not connect
1644. [-] 89.145.78.0:22 - SSH - User 'guest' on could not connect
1645. [-] 89.145.78.0:22 - SSH - User 'GUEST' on could not connect
1646. [-] 89.145.78.0:22 - SSH - User 'info' on could not connect
1647. [-] 89.145.78.0:22 - SSH - User 'mail' on could not connect
1648. [+] 89.145.78.0:22 - SSH - User 'mailadmin' found
1649. [+] 89.145.78.0:22 - SSH - User 'msfadmin' found
1650. [+] 89.145.78.0:22 - SSH - User 'mysql' found
1651. [+] 89.145.78.0:22 - SSH - User 'nobody' found
1652. [+] 89.145.78.0:22 - SSH - User 'oracle' found
1653. [+] 89.145.78.0:22 - SSH - User 'owaspbwa' found
1654. [+] 89.145.78.0:22 - SSH - User 'postfix' found
1655. [+] 89.145.78.0:22 - SSH - User 'postgres' found
1656. [+] 89.145.78.0:22 - SSH - User 'private' found
1657. [+] 89.145.78.0:22 - SSH - User 'proftpd' found
1658. [+] 89.145.78.0:22 - SSH - User 'public' found
1659. [+] 89.145.78.0:22 - SSH - User 'root' found
1660. [+] 89.145.78.0:22 - SSH - User 'superadmin' found
1661. [+] 89.145.78.0:22 - SSH - User 'support' found
1662. [-] 89.145.78.0:22 - SSH - User 'sys' on could not connect
1663. [-] 89.145.78.0:22 - SSH - User 'system' on could not connect
1664. [-] 89.145.78.0:22 - SSH - User 'systemadmin' on could not connect
1665. [-] 89.145.78.0:22 - SSH - User 'systemadministrator' on could not connect
1666. [-] 89.145.78.0:22 - SSH - User 'test' on could not connect
1667. [-] 89.145.78.0:22 - SSH - User 'tomcat' on could not connect
1668. [-] 89.145.78.0:22 - SSH - User 'user' on could not connect
1669. [-] 89.145.78.0:22 - SSH - User 'webmaster' on could not connect
1670. [-] 89.145.78.0:22 - SSH - User 'www-data' on could not connect
1671. [-] 89.145.78.0:22 - SSH - User 'Fortimanager_Access' on could not connect
1672. [*] Scanned 1 of 1 hosts (100% complete)
1673. [*] Auxiliary module execution completed
1674. #######################################################################################################################################
1675. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:33 EDT
1676. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1677. Host is up.
1678. rDNS record for 89.145.78.0: pegasus.terrassl.net
1679.  
1680. PORT STATE SERVICE VERSION
1681. 23/tcp filtered telnet
1682. Too many fingerprints match this host to give specific OS details
1683.  
1684. TRACEROUTE (using proto 1/icmp)
1685. HOP RTT ADDRESS
1686. 1 68.42 ms 10.245.204.1
1687. 2 100.68 ms R43.static.amanah.com (104.245.144.129)
1688. 3 100.73 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1689. 4 100.75 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1690. 5 100.73 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
1691. 6 100.75 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
1692. 7 ... 8
1693. 9 167.06 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
1694. 10 134.08 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
1695. 11 129.24 ms 83-223-96-111.as29017.net (83.223.96.111)
1696. 12 182.98 ms be11.asr01.thn.as20860.net (130.180.202.24)
1697. 13 182.92 ms be10.asr01.dc5.as20860.net (130.180.202.45)
1698. 14 150.61 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
1699. 15 182.95 ms 1-103-223-83.xssl.net (83.223.103.1)
1700. 16 ... 30
1701. #######################################################################################################################################
1702. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:34 EDT
1703. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1704. Host is up.
1705. rDNS record for 89.145.78.0: pegasus.terrassl.net
1706.  
1707. PORT STATE SERVICE VERSION
1708. 53/tcp filtered domain
1709. Too many fingerprints match this host to give specific OS details
1710.  
1711. Host script results:
1712. | dns-brute:
1713. | DNS Brute-force hostnames:
1714. | www.mundesley-pc.gov.uk - 89.145.78.0
1715. | mail.mundesley-pc.gov.uk - 213.171.216.40
1716. |_ smtp.mundesley-pc.gov.uk - 213.171.216.50
1717.  
1718. TRACEROUTE (using proto 1/icmp)
1719. HOP RTT ADDRESS
1720. 1 64.17 ms 10.245.204.1
1721. 2 96.03 ms R43.static.amanah.com (104.245.144.129)
1722. 3 96.07 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1723. 4 96.09 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1724. 5 96.07 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
1725. 6 96.11 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
1726. 7 ... 8
1727. 9 160.37 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
1728. 10 127.82 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
1729. 11 140.47 ms 83-223-96-111.as29017.net (83.223.96.111)
1730. 12 180.85 ms be11.asr01.thn.as20860.net (130.180.202.24)
1731. 13 180.85 ms be10.asr01.dc5.as20860.net (130.180.202.45)
1732. 14 144.96 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
1733. 15 180.84 ms 1-103-223-83.xssl.net (83.223.103.1)
1734. 16 ... 30
1735. #######################################################################################################################################
1736. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:34 EDT
1737. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1738. Host is up.
1739. rDNS record for 89.145.78.0: pegasus.terrassl.net
1740.  
1741. PORT STATE SERVICE VERSION
1742. 79/tcp filtered finger
1743. Too many fingerprints match this host to give specific OS details
1744.  
1745. TRACEROUTE (using proto 1/icmp)
1746. HOP RTT ADDRESS
1747. 1 64.54 ms 10.245.204.1
1748. 2 96.16 ms R43.static.amanah.com (104.245.144.129)
1749. 3 96.16 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1750. 4 96.16 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1751. 5 96.16 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
1752. 6 96.19 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
1753. 7 115.89 ms ae-13-3511.ear2.London15.Level3.net (4.69.167.146)
1754. 8 189.77 ms ae-13-3511.ear2.London15.Level3.net (4.69.167.146)
1755. 9 160.69 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
1756. 10 128.65 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
1757. 11 156.97 ms 83-223-96-111.as29017.net (83.223.96.111)
1758. 12 159.43 ms be11.asr01.thn.as20860.net (130.180.202.24)
1759. 13 159.37 ms be10.asr01.dc5.as20860.net (130.180.202.45)
1760. 14 159.32 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
1761. 15 159.37 ms 1-103-223-83.xssl.net (83.223.103.1)
1762. 16 ... 30
1763. #######################################################################################################################################
1764. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:34 EDT
1765. NSE: Loaded 164 scripts for scanning.
1766. NSE: Script Pre-scanning.
1767. Initiating NSE at 03:34
1768. Completed NSE at 03:34, 0.00s elapsed
1769. Initiating NSE at 03:34
1770. Completed NSE at 03:34, 0.00s elapsed
1771. Initiating Parallel DNS resolution of 1 host. at 03:34
1772. Completed Parallel DNS resolution of 1 host. at 03:34, 0.02s elapsed
1773. Initiating SYN Stealth Scan at 03:34
1774. Scanning www.mundesley-pc.gov.uk (89.145.78.0) [1 port]
1775. Completed SYN Stealth Scan at 03:34, 0.54s elapsed (1 total ports)
1776. Initiating Service scan at 03:34
1777. Initiating OS detection (try #1) against www.mundesley-pc.gov.uk (89.145.78.0)
1778. Retrying OS detection (try #2) against www.mundesley-pc.gov.uk (89.145.78.0)
1779. Initiating Traceroute at 03:35
1780. Completed Traceroute at 03:35, 6.21s elapsed
1781. Initiating Parallel DNS resolution of 14 hosts. at 03:35
1782. Completed Parallel DNS resolution of 14 hosts. at 03:35, 0.18s elapsed
1783. NSE: Script scanning 89.145.78.0.
1784. Initiating NSE at 03:35
1785. Completed NSE at 03:35, 0.35s elapsed
1786. Initiating NSE at 03:35
1787. Completed NSE at 03:35, 0.00s elapsed
1788. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1789. Host is up.
1790. rDNS record for 89.145.78.0: pegasus.terrassl.net
1791.  
1792. PORT STATE SERVICE VERSION
1793. 80/tcp filtered http
1794. Too many fingerprints match this host to give specific OS details
1795.  
1796. TRACEROUTE (using proto 1/icmp)
1797. HOP RTT ADDRESS
1798. 1 64.51 ms 10.245.204.1
1799. 2 96.19 ms R43.static.amanah.com (104.245.144.129)
1800. 3 96.24 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1801. 4 96.28 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1802. 5 96.25 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
1803. 6 96.29 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
1804. 7 172.27 ms ae-13-3511.ear2.London15.Level3.net (4.69.167.146)
1805. 8 172.26 ms ae-13-3511.ear2.London15.Level3.net (4.69.167.146)
1806. 9 172.30 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
1807. 10 172.31 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
1808. 11 133.23 ms 83-223-96-111.as29017.net (83.223.96.111)
1809. 12 194.87 ms be11.asr01.thn.as20860.net (130.180.202.24)
1810. 13 194.81 ms be10.asr01.dc5.as20860.net (130.180.202.45)
1811. 14 162.54 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
1812. 15 194.81 ms 1-103-223-83.xssl.net (83.223.103.1)
1813. 16 ... 30
1814.  
1815. NSE: Script Post-scanning.
1816. Initiating NSE at 03:35
1817. Completed NSE at 03:35, 0.00s elapsed
1818. Initiating NSE at 03:35
1819. Completed NSE at 03:35, 0.00s elapsed
1820. #######################################################################################################################################
1821. HTTP/1.1 403 Forbidden
1822. Connection: close
1823. Cache-Control: no-cache, no-store, must-revalidate
1824. Pragma: no-cache
1825. Expires: 0
1826. Server: Apache/2.2.16 (Debian)
1827. Content-Length: 188986
1828.  
1829. HTTP/1.1 403 Forbidden
1830. Connection: close
1831. Cache-Control: no-cache, no-store, must-revalidate
1832. Pragma: no-cache
1833. Expires: 0
1834. Server: Apache/2.2.16 (Debian)
1835. Content-Length: 188986
1836. #######################################################################################################################################
1837. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:38 EDT
1838. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1839. Host is up (0.20s latency).
1840. rDNS record for 89.145.78.0: pegasus.terrassl.net
1841.  
1842. PORT STATE SERVICE VERSION
1843. 110/tcp filtered pop3
1844. Too many fingerprints match this host to give specific OS details
1845. Network Distance: 16 hops
1846.  
1847. TRACEROUTE (using port 80/tcp)
1848. HOP RTT ADDRESS
1849. 1 107.44 ms 10.245.204.1
1850. 2 140.33 ms R43.static.amanah.com (104.245.144.129)
1851. 3 140.40 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1852. 4 140.42 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1853. 5 140.39 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
1854. 6 140.41 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
1855. 7 113.60 ms ae-12-3510.ear2.London15.Level3.net (4.69.167.142)
1856. 8 189.68 ms ae-12-3510.ear2.London15.Level3.net (4.69.167.142)
1857. 9 191.30 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
1858. 10 140.52 ms ae2.core-1.maylands.hml.uk.as29017.net (89.145.125.77)
1859. 11 137.99 ms 83-223-96-111.as29017.net (83.223.96.111)
1860. 12 193.17 ms be11.asr01.ld5.as20860.net (130.180.202.26)
1861. 13 193.12 ms be10.asr02.dc5.as20860.net (130.180.202.47)
1862. 14 161.14 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
1863. 15 193.12 ms 1-103-223-83.xssl.net (83.223.103.1)
1864. 16 193.03 ms pegasus.terrassl.net (89.145.78.0)
1865. #######################################################################################################################################
1866. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:40 EDT
1867. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1868. Host is up (0.15s latency).
1869. rDNS record for 89.145.78.0: pegasus.terrassl.net
1870.  
1871. PORT STATE SERVICE VERSION
1872. 137/tcp open ftp ProFTPD 1.3.1
1873. | vulners:
1874. | cpe:/a:proftpd:proftpd:1.3.1:
1875. | CVE-2011-4130 9.0 https://vulners.com/cve/CVE-2011-4130
1876. | CVE-2010-3867 7.1 https://vulners.com/cve/CVE-2010-3867
1877. | CVE-2010-4652 6.8 https://vulners.com/cve/CVE-2010-4652
1878. | CVE-2009-0543 6.8 https://vulners.com/cve/CVE-2009-0543
1879. | CVE-2009-3639 5.8 https://vulners.com/cve/CVE-2009-3639
1880. | CVE-2011-1137 5.0 https://vulners.com/cve/CVE-2011-1137
1881. | CVE-2008-7265 4.0 https://vulners.com/cve/CVE-2008-7265
1882. |_ CVE-2012-6095 1.2 https://vulners.com/cve/CVE-2012-6095
1883. |_vulscan: ERROR: Script execution failed (use -d to debug)
1884. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1885. Device type: general purpose|specialized|storage-misc
1886. Running (JUST GUESSING): Linux 3.X|4.X (91%), Crestron 2-Series (87%), HP embedded (85%), Oracle VM Server 3.X (85%)
1887. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3 cpe:/o:oracle:vm_server:3.4.2 cpe:/o:linux:linux_kernel:4.1
1888. Aggressive OS guesses: Linux 3.10 - 4.11 (91%), Linux 3.2 - 4.9 (91%), Linux 3.18 (87%), Crestron XPanel control system (87%), Linux 3.16 (86%), HP P2000 G3 NAS device (85%), Oracle VM Server 3.4.2 (Linux 4.1) (85%)
1889. No exact OS matches for host (test conditions non-ideal).
1890. Network Distance: 16 hops
1891. Service Info: OS: Unix
1892.  
1893. TRACEROUTE (using port 80/tcp)
1894. HOP RTT ADDRESS
1895. 1 120.87 ms 10.245.204.1
1896. 2 152.66 ms R43.static.amanah.com (104.245.144.129)
1897. 3 152.76 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
1898. 4 152.78 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
1899. 5 152.74 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
1900. 6 152.76 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
1901. 7 ... 8
1902. 9 206.49 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
1903. 10 152.79 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
1904. 11 124.99 ms 83-223-96-111.as29017.net (83.223.96.111)
1905. 12 174.64 ms be11.asr01.thn.as20860.net (130.180.202.24)
1906. 13 174.65 ms be10.asr02.dc5.as20860.net (130.180.202.47)
1907. 14 174.68 ms po256.net2.north.dc5.as20860.net (130.180.203.6)
1908. 15 174.65 ms 1-103-223-83.xssl.net (83.223.103.1)
1909. 16 174.56 ms pegasus.terrassl.net (89.145.78.0)
1910. #######################################################################################################################################
1911. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:41 EDT
1912. NSE: Loaded 164 scripts for scanning.
1913. NSE: Script Pre-scanning.
1914. Initiating NSE at 03:41
1915. Completed NSE at 03:41, 0.00s elapsed
1916. Initiating NSE at 03:41
1917. Completed NSE at 03:41, 0.00s elapsed
1918. Initiating Parallel DNS resolution of 1 host. at 03:41
1919. Completed Parallel DNS resolution of 1 host. at 03:41, 0.03s elapsed
1920. Initiating SYN Stealth Scan at 03:41
1921. Scanning www.mundesley-pc.gov.uk (89.145.78.0) [1 port]
1922. Discovered open port 443/tcp on 89.145.78.0
1923. Completed SYN Stealth Scan at 03:41, 0.15s elapsed (1 total ports)
1924. Initiating Service scan at 03:41
1925. Scanning 1 service on www.mundesley-pc.gov.uk (89.145.78.0)
1926. Completed Service scan at 03:41, 13.53s elapsed (1 service on 1 host)
1927. Initiating OS detection (try #1) against www.mundesley-pc.gov.uk (89.145.78.0)
1928. Retrying OS detection (try #2) against www.mundesley-pc.gov.uk (89.145.78.0)
1929. Initiating Traceroute at 03:41
1930. Completed Traceroute at 03:41, 0.36s elapsed
1931. Initiating Parallel DNS resolution of 16 hosts. at 03:41
1932. Completed Parallel DNS resolution of 16 hosts. at 03:41, 0.27s elapsed
1933. NSE: Script scanning 89.145.78.0.
1934. Initiating NSE at 03:41
1935. NSE: [http-wordpress-enum 89.145.78.0:443] got no answers from pipelined queries
1936. Completed NSE at 03:49, 487.78s elapsed
1937. Initiating NSE at 03:49
1938. Completed NSE at 03:49, 2.00s elapsed
1939. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
1940. Host is up (0.14s latency).
1941. rDNS record for 89.145.78.0: pegasus.terrassl.net
1942.  
1943. PORT STATE SERVICE VERSION
1944. 443/tcp open ssl/http Apache httpd 2.2.16 ((Debian))
1945. |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
1946. | http-brute:
1947. |_ Path "/" does not require authentication
1948. |_http-chrono: Request times for /; avg: 16202.77ms; min: 16170.08ms; max: 16280.27ms
1949. |_http-csrf: Couldn't find any CSRF vulnerabilities.
1950. |_http-devframework: Wordpress detected. Found common traces on /
1951. |_http-dombased-xss: Couldn't find any DOM based XSS.
1952. |_http-errors: ERROR: Script execution failed (use -d to debug)
1953. |_http-feed: Couldn't find any feeds.
1954. |_http-fetch: Please enter the complete path of the directory to save data in.
1955. |_http-jsonp-detection: Couldn't find any JSONP endpoints.
1956. |_http-mobileversion-checker: No mobile version detected.
1957. | http-robots.txt: 1 disallowed entry
1958. |_/
1959. | http-security-headers:
1960. | Strict_Transport_Security:
1961. | HSTS not configured in HTTPS Server
1962. | Cache_Control:
1963. | Header: Cache-Control: no-cache, no-store, must-revalidate
1964. | Pragma:
1965. | Header: Pragma: no-cache
1966. | Expires:
1967. |_ Header: Expires: 0
1968. | http-sitemap-generator:
1969. | Directory structure:
1970. | Longest directory structure:
1971. | Depth: 0
1972. | Dir: /
1973. | Total files found (by extension):
1974. |_
1975. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1976. |_http-traceroute: ERROR: Script execution failed (use -d to debug)
1977. | http-vhosts:
1978. | 51 names had status 403
1979. |_76 names had status ERROR
1980. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
1981. |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1982. |_http-xssed: No previously reported XSS vuln.
1983. | vulners:
1984. | cpe:/a:apache:http_server:2.2.16:
1985. | CVE-2011-3192 7.8 https://vulners.com/cve/CVE-2011-3192
1986. | CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679
1987. | CVE-2017-7668 7.5 https://vulners.com/cve/CVE-2017-7668
1988. | CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169
1989. | CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167
1990. | CVE-2013-2249 7.5 https://vulners.com/cve/CVE-2013-2249
1991. | CVE-2012-0883 6.9 https://vulners.com/cve/CVE-2012-0883
1992. | CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312
1993. | CVE-2013-1862 5.1 https://vulners.com/cve/CVE-2013-1862
1994. | CVE-2014-0231 5.0 https://vulners.com/cve/CVE-2014-0231
1995. | CVE-2014-0098 5.0 https://vulners.com/cve/CVE-2014-0098
1996. | CVE-2013-6438 5.0 https://vulners.com/cve/CVE-2013-6438
1997. | CVE-2012-4557 5.0 https://vulners.com/cve/CVE-2012-4557
1998. | CVE-2011-3368 5.0 https://vulners.com/cve/CVE-2011-3368
1999. | CVE-2012-0031 4.6 https://vulners.com/cve/CVE-2012-0031
2000. | CVE-2011-3607 4.4 https://vulners.com/cve/CVE-2011-3607
2001. | CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975
2002. | CVE-2013-1896 4.3 https://vulners.com/cve/CVE-2013-1896
2003. | CVE-2012-4558 4.3 https://vulners.com/cve/CVE-2012-4558
2004. | CVE-2012-3499 4.3 https://vulners.com/cve/CVE-2012-3499
2005. | CVE-2012-0053 4.3 https://vulners.com/cve/CVE-2012-0053
2006. | CVE-2011-4317 4.3 https://vulners.com/cve/CVE-2011-4317
2007. | CVE-2011-3639 4.3 https://vulners.com/cve/CVE-2011-3639
2008. | CVE-2011-3348 4.3 https://vulners.com/cve/CVE-2011-3348
2009. | CVE-2011-0419 4.3 https://vulners.com/cve/CVE-2011-0419
2010. | CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612
2011. | CVE-2012-2687 2.6 https://vulners.com/cve/CVE-2012-2687
2012. |_ CVE-2011-4415 1.2 https://vulners.com/cve/CVE-2011-4415
2013. |_vulscan: ERROR: Script execution failed (use -d to debug)
2014. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2015. Device type: general purpose|specialized|storage-misc
2016. Running (JUST GUESSING): Linux 3.X|4.X (91%), Crestron 2-Series (87%), HP embedded (85%)
2017. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3
2018. Aggressive OS guesses: Linux 3.10 - 4.11 (91%), Linux 3.2 - 4.9 (91%), Linux 3.18 (89%), Crestron XPanel control system (87%), Linux 3.16 (86%), HP P2000 G3 NAS device (85%)
2019. No exact OS matches for host (test conditions non-ideal).
2020. Uptime guess: 16.730 days (since Mon Aug 19 10:18:22 2019)
2021. Network Distance: 16 hops
2022. TCP Sequence Prediction: Difficulty=254 (Good luck!)
2023. IP ID Sequence Generation: All zeros
2024.  
2025. TRACEROUTE (using port 443/tcp)
2026. HOP RTT ADDRESS
2027. 1 119.16 ms 10.245.204.1
2028. 2 158.49 ms R43.static.amanah.com (104.245.144.129)
2029. 3 158.45 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
2030. 4 158.50 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
2031. 5 158.43 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
2032. 6 158.50 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
2033. 7 236.40 ms ae-12-3510.ear2.London15.Level3.net (4.69.167.142)
2034. 8 202.18 ms ae-13-3511.ear2.London15.Level3.net (4.69.167.146)
2035. 9 236.47 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
2036. 10 158.66 ms ae2.core-1.maylands.hml.uk.as29017.net (89.145.125.77)
2037. 11 146.79 ms 83-223-96-111.as29017.net (83.223.96.111)
2038. 12 194.51 ms be11.asr01.ld5.as20860.net (130.180.202.26)
2039. 13 160.22 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2040. 14 194.34 ms po256.net2.north.dc5.as20860.net (130.180.203.6)
2041. 15 194.28 ms 1-103-223-83.xssl.net (83.223.103.1)
2042. 16 194.33 ms pegasus.terrassl.net (89.145.78.0)
2043.  
2044. NSE: Script Post-scanning.
2045. Initiating NSE at 03:49
2046. Completed NSE at 03:49, 0.00s elapsed
2047. Initiating NSE at 03:49
2048. Completed NSE at 03:49, 0.00s elapsed
2049. #######################################################################################################################################
2050. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:55 EDT
2051. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
2052. Host is up.
2053. rDNS record for 89.145.78.0: pegasus.terrassl.net
2054.  
2055. PORT STATE SERVICE VERSION
2056. 3306/tcp filtered mysql
2057. Too many fingerprints match this host to give specific OS details
2058.  
2059. TRACEROUTE (using proto 1/icmp)
2060. HOP RTT ADDRESS
2061. 1 64.50 ms 10.245.204.1
2062. 2 96.22 ms R43.static.amanah.com (104.245.144.129)
2063. 3 96.32 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
2064. 4 96.34 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
2065. 5 96.31 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
2066. 6 96.33 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
2067. 7 ... 8
2068. 9 160.48 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
2069. 10 128.35 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
2070. 11 121.24 ms 83-223-96-111.as29017.net (83.223.96.111)
2071. 12 176.73 ms be11.asr01.thn.as20860.net (130.180.202.24)
2072. 13 176.66 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2073. 14 144.44 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2074. 15 176.66 ms 1-103-223-83.xssl.net (83.223.103.1)
2075. 16 ... 30
2076. #######################################################################################################################################
2077. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:55 EDT
2078. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
2079. Host is up.
2080. rDNS record for 89.145.78.0: pegasus.terrassl.net
2081.  
2082. PORT STATE SERVICE VERSION
2083. 5432/tcp filtered postgresql
2084. Too many fingerprints match this host to give specific OS details
2085.  
2086. TRACEROUTE (using proto 1/icmp)
2087. HOP RTT ADDRESS
2088. 1 117.53 ms 10.245.204.1
2089. 2 149.44 ms R43.static.amanah.com (104.245.144.129)
2090. 3 149.53 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
2091. 4 149.55 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
2092. 5 149.51 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
2093. 6 149.54 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
2094. 7 ... 8
2095. 9 226.90 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
2096. 10 149.68 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
2097. 11 137.32 ms 83-223-96-111.as29017.net (83.223.96.111)
2098. 12 185.30 ms be11.asr01.thn.as20860.net (130.180.202.24)
2099. 13 185.24 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2100. 14 185.18 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2101. 15 185.24 ms 1-103-223-83.xssl.net (83.223.103.1)
2102. 16 ... 30
2103. #######################################################################################################################################
2104. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 03:58 EDT
2105. Nmap scan report for www.mundesley-pc.gov.uk (89.145.78.0)
2106. Host is up.
2107. rDNS record for 89.145.78.0: pegasus.terrassl.net
2108.  
2109. PORT STATE SERVICE VERSION
2110. 6667/tcp filtered irc
2111. Too many fingerprints match this host to give specific OS details
2112.  
2113. TRACEROUTE (using proto 1/icmp)
2114. HOP RTT ADDRESS
2115. 1 64.60 ms 10.245.204.1
2116. 2 96.43 ms R43.static.amanah.com (104.245.144.129)
2117. 3 96.48 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
2118. 4 96.52 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
2119. 5 96.54 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
2120. 6 96.51 ms level3.yyz02.atlas.cogentco.com (154.54.11.210)
2121. 7 ... 8
2122. 9 172.20 ms GYRON-INTER.ear2.London15.Level3.net (64.209.96.150)
2123. 10 172.21 ms ae2.core-2.maylands.hml.uk.as29017.net (89.145.125.69)
2124. 11 133.51 ms 83-223-96-111.as29017.net (83.223.96.111)
2125. 12 200.21 ms be11.asr01.thn.as20860.net (130.180.202.24)
2126. 13 200.13 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2127. 14 165.86 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2128. 15 200.16 ms 1-103-223-83.xssl.net (83.223.103.1)
2129. 16 ... 30
2130. #######################################################################################################################################
2131. dnsenum VERSION:1.2.4
2132.  
2133. ----- 89.145.78.0 -----
2134.  
2135.  
2136. Host's addresses:
2137. __________________
2138.  
2139.  
2140.  
2141. Name Servers:
2142. ______________
2143.  
2144. dns3.xssl.net. 1800 IN A 217.194.223.66
2145. dns1.xssl.net. 1799 IN A 82.145.61.87
2146. dns2.xssl.net. 1800 IN A 185.181.126.158
2147.  
2148.  
2149. Mail (MX) Servers:
2150. ___________________
2151.  
2152.  
2153.  
2154. Trying Zone Transfers and getting Bind Versions:
2155. _________________________________________________
2156.  
2157.  
2158. Trying Zone Transfer for 89.145.78.0 on dns3.xssl.net ...
2159.  
2160. Trying Zone Transfer for 89.145.78.0 on dns1.xssl.net ...
2161.  
2162. Trying Zone Transfer for 89.145.78.0 on dns2.xssl.net ...
2163.  
2164. brute force file not specified, bay.
2165. #######################################################################################################################################
2166. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:28 EDT
2167. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2168. Host is up (0.19s latency).
2169. Not shown: 451 filtered ports, 3 closed ports
2170. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2171. PORT STATE SERVICE
2172. 19/tcp open chargen
2173. 21/tcp open ftp
2174. 23/tcp open telnet
2175. 53/tcp open domain
2176. 79/tcp open finger
2177. 80/tcp open http
2178. 137/tcp open netbios-ns
2179. 407/tcp open timbuktu
2180. 443/tcp open https
2181. 617/tcp open sco-dtmgr
2182. 1158/tcp open lsnr
2183. 1720/tcp open h323q931
2184. 1723/tcp open pptp
2185. 2000/tcp open cisco-sccp
2186. 2222/tcp open EtherNetIP-1
2187. 5000/tcp open upnp
2188. 5432/tcp open postgresql
2189. 5900/tcp open vnc
2190. 6106/tcp open isdninfo
2191. 6667/tcp open irc
2192. 7000/tcp open afs3-fileserver
2193. 8080/tcp open http-proxy
2194. 8686/tcp open sun-as-jmxrmi
2195. 8899/tcp open ospf-lite
2196. 9002/tcp open dynamid
2197. 9010/tcp open sdr
2198. 10008/tcp open octopus
2199. 12345/tcp open netbus
2200. 22222/tcp open easyengine
2201.  
2202. Nmap done: 1 IP address (1 host up) scanned in 13.16 seconds
2203. #######################################################################################################################################
2204. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:29 EDT
2205. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2206. Host is up (0.15s latency).
2207. Not shown: 2 filtered ports
2208. PORT STATE SERVICE
2209. 53/udp open domain
2210. 67/udp open|filtered dhcps
2211. 68/udp open|filtered dhcpc
2212. 69/udp open|filtered tftp
2213. 88/udp open|filtered kerberos-sec
2214. 123/udp open|filtered ntp
2215. 139/udp open|filtered netbios-ssn
2216. 161/udp open|filtered snmp
2217. 162/udp open|filtered snmptrap
2218. 389/udp open|filtered ldap
2219. 500/udp open|filtered isakmp
2220. 520/udp open|filtered route
2221. 2049/udp open|filtered nfs
2222.  
2223. Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds
2224. #######################################################################################################################################
2225. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:29 EDT
2226. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2227. Host is up (0.24s latency).
2228.  
2229. PORT STATE SERVICE VERSION
2230. 21/tcp open ftp?
2231. | fingerprint-strings:
2232. | DNSStatusRequestTCP, DNSVersionBindReqTCP, JavaRMI, LANDesk-RC, LDAPBindReq, NCP, NULL, NotesRPC, RPCCheck, SMBProgNeg, TerminalServer, X11Probe:
2233. | 220 BitNinja FTP CAPTCHA server
2234. | FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, Help, Kerberos, LDAPSearchReq, LPDString, RTSPRequest, SIPOptions, SSLSessionReq, TLSSessionReq, TerminalServerCookie:
2235. | 220 BitNinja FTP CAPTCHA server
2236. |_ logged in.
2237. |_ftp-bounce: bounce working!
2238. | ftp-brute:
2239. | Accounts:
2240. | admin:admin - Valid credentials
2241. | sysadmin:123456 - Valid credentials
2242. | guest:123456 - Valid credentials
2243. | user:123456 - Valid credentials
2244. | web:123456789 - Valid credentials
2245. | administrator:<empty> - Valid credentials
2246. | netadmin:netadmin - Valid credentials
2247. | root:<empty> - Valid credentials
2248. | webadmin:webadmin - Valid credentials
2249. | test:123456789 - Valid credentials
2250. |_ Statistics: Performed 45 guesses in 11 seconds, average tps: 4.1
2251. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2252. SF-Port21-TCP:V=7.80%I=7%D=9/5%Time=5D70AB39%P=x86_64-pc-linux-gnu%r(NULL,
2253. SF:20,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n")%r(GenericLines,33,"
2254. SF:220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n530\x20Not\x20logged\x20in
2255. SF:\.\n")%r(Help,33,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n530\x20N
2256. SF:ot\x20logged\x20in\.\n")%r(GetRequest,33,"220\x20BitNinja\x20FTP\x20CAP
2257. SF:TCHA\x20server\n530\x20Not\x20logged\x20in\.\n")%r(HTTPOptions,33,"220\
2258. SF:x20BitNinja\x20FTP\x20CAPTCHA\x20server\n530\x20Not\x20logged\x20in\.\n
2259. SF:")%r(RTSPRequest,33,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n530\x
2260. SF:20Not\x20logged\x20in\.\n")%r(RPCCheck,20,"220\x20BitNinja\x20FTP\x20CA
2261. SF:PTCHA\x20server\n")%r(DNSVersionBindReqTCP,20,"220\x20BitNinja\x20FTP\x
2262. SF:20CAPTCHA\x20server\n")%r(DNSStatusRequestTCP,20,"220\x20BitNinja\x20FT
2263. SF:P\x20CAPTCHA\x20server\n")%r(SSLSessionReq,33,"220\x20BitNinja\x20FTP\x
2264. SF:20CAPTCHA\x20server\n530\x20Not\x20logged\x20in\.\n")%r(TerminalServerC
2265. SF:ookie,33,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n530\x20Not\x20lo
2266. SF:gged\x20in\.\n")%r(TLSSessionReq,33,"220\x20BitNinja\x20FTP\x20CAPTCHA\
2267. SF:x20server\n530\x20Not\x20logged\x20in\.\n")%r(Kerberos,33,"220\x20BitNi
2268. SF:nja\x20FTP\x20CAPTCHA\x20server\n530\x20Not\x20logged\x20in\.\n")%r(SMB
2269. SF:ProgNeg,20,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n")%r(X11Probe,
2270. SF:20,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n")%r(FourOhFourRequest
2271. SF:,33,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n530\x20Not\x20logged\
2272. SF:x20in\.\n")%r(LPDString,33,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server
2273. SF:\n530\x20Not\x20logged\x20in\.\n")%r(LDAPSearchReq,33,"220\x20BitNinja\
2274. SF:x20FTP\x20CAPTCHA\x20server\n530\x20Not\x20logged\x20in\.\n")%r(LDAPBin
2275. SF:dReq,20,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n")%r(SIPOptions,3
2276. SF:3,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n530\x20Not\x20logged\x2
2277. SF:0in\.\n")%r(LANDesk-RC,20,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\
2278. SF:n")%r(TerminalServer,20,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n"
2279. SF:)%r(NCP,20,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n")%r(NotesRPC,
2280. SF:20,"220\x20BitNinja\x20FTP\x20CAPTCHA\x20server\n")%r(JavaRMI,20,"220\x
2281. SF:20BitNinja\x20FTP\x20CAPTCHA\x20server\n");
2282. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2283. Device type: general purpose|specialized|storage-misc
2284. Running (JUST GUESSING): Linux 3.X|4.X (91%), Crestron 2-Series (87%), HP embedded (85%), Oracle VM Server 3.X (85%)
2285. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3 cpe:/o:oracle:vm_server:3.4.2 cpe:/o:linux:linux_kernel:4.1
2286. Aggressive OS guesses: Linux 3.10 - 4.11 (91%), Linux 3.2 - 4.9 (91%), Linux 3.18 (89%), Crestron XPanel control system (87%), Linux 3.16 (86%), HP P2000 G3 NAS device (85%), Oracle VM Server 3.4.2 (Linux 4.1) (85%)
2287. No exact OS matches for host (test conditions non-ideal).
2288. Network Distance: 12 hops
2289.  
2290. TRACEROUTE (using port 21/tcp)
2291. HOP RTT ADDRESS
2292. 1 179.57 ms 10.238.204.1
2293. 2 190.51 ms 45.131.4.2
2294. 3 190.50 ms 109.236.95.226
2295. 4 190.54 ms 109.236.95.173
2296. 5 190.57 ms ge-1-0-8.border-1.thn.lon.uk.as29017.net (80.249.209.84)
2297. 6 190.59 ms ae3.core-2.maylands.hml.uk.as29017.net (89.145.125.34)
2298. 7 190.61 ms 83-223-96-111.as29017.net (83.223.96.111)
2299. 8 190.67 ms be11.asr01.thn.as20860.net (130.180.202.24)
2300. 9 190.69 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2301. 10 190.70 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2302. 11 309.68 ms 1-103-223-83.xssl.net (83.223.103.1)
2303. 12 299.44 ms pegasus.terrassl.net (89.145.78.0)
2304. #######################################################################################################################################
2305. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:33 EDT
2306. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2307. Host is up (0.11s latency).
2308.  
2309. PORT STATE SERVICE VERSION
2310. 23/tcp open telnet?
2311. | fingerprint-strings:
2312. | DNSStatusRequestTCP, DNSVersionBindReqTCP, GenericLines, GetRequest, HTTPOptions, Help, RPCCheck, RTSPRequest, SSLSessionReq, tn3270:
2313. | This is an unrestricted telnet server.
2314. | Please do not user for production purposes
2315. | bash: command not found
2316. | NULL:
2317. | This is an unrestricted telnet server.
2318. |_ Please do not user for production purposes
2319. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2320. SF-Port23-TCP:V=7.80%I=7%D=9/5%Time=5D70AC30%P=x86_64-pc-linux-gnu%r(NULL,
2321. SF:58,"This\x20is\x20an\x20unrestricted\x20telnet\x20server\.\r\nPlease\x2
2322. SF:0do\x20not\x20user\x20for\x20production\x20purposes\r\n\r\n#\x20")%r(Ge
2323. SF:nericLines,74,"This\x20is\x20an\x20unrestricted\x20telnet\x20server\.\r
2324. SF:\nPlease\x20do\x20not\x20user\x20for\x20production\x20purposes\r\n\r\n#
2325. SF:\x20\x20bash:\x20command\x20not\x20found\r\n#\x20")%r(tn3270,74,"This\x
2326. SF:20is\x20an\x20unrestricted\x20telnet\x20server\.\r\nPlease\x20do\x20not
2327. SF:\x20user\x20for\x20production\x20purposes\r\n\r\n#\x20\x20bash:\x20comm
2328. SF:and\x20not\x20found\r\n#\x20")%r(GetRequest,74,"This\x20is\x20an\x20unr
2329. SF:estricted\x20telnet\x20server\.\r\nPlease\x20do\x20not\x20user\x20for\x
2330. SF:20production\x20purposes\r\n\r\n#\x20\x20bash:\x20command\x20not\x20fou
2331. SF:nd\r\n#\x20")%r(HTTPOptions,74,"This\x20is\x20an\x20unrestricted\x20tel
2332. SF:net\x20server\.\r\nPlease\x20do\x20not\x20user\x20for\x20production\x20
2333. SF:purposes\r\n\r\n#\x20\x20bash:\x20command\x20not\x20found\r\n#\x20")%r(
2334. SF:RTSPRequest,74,"This\x20is\x20an\x20unrestricted\x20telnet\x20server\.\
2335. SF:r\nPlease\x20do\x20not\x20user\x20for\x20production\x20purposes\r\n\r\n
2336. SF:#\x20\x20bash:\x20command\x20not\x20found\r\n#\x20")%r(RPCCheck,74,"Thi
2337. SF:s\x20is\x20an\x20unrestricted\x20telnet\x20server\.\r\nPlease\x20do\x20
2338. SF:not\x20user\x20for\x20production\x20purposes\r\n\r\n#\x20\x20bash:\x20c
2339. SF:ommand\x20not\x20found\r\n#\x20")%r(DNSVersionBindReqTCP,74,"This\x20is
2340. SF:\x20an\x20unrestricted\x20telnet\x20server\.\r\nPlease\x20do\x20not\x20
2341. SF:user\x20for\x20production\x20purposes\r\n\r\n#\x20\x20bash:\x20command\
2342. SF:x20not\x20found\r\n#\x20")%r(DNSStatusRequestTCP,74,"This\x20is\x20an\x
2343. SF:20unrestricted\x20telnet\x20server\.\r\nPlease\x20do\x20not\x20user\x20
2344. SF:for\x20production\x20purposes\r\n\r\n#\x20\x20bash:\x20command\x20not\x
2345. SF:20found\r\n#\x20")%r(Help,74,"This\x20is\x20an\x20unrestricted\x20telne
2346. SF:t\x20server\.\r\nPlease\x20do\x20not\x20user\x20for\x20production\x20pu
2347. SF:rposes\r\n\r\n#\x20\x20bash:\x20command\x20not\x20found\r\n#\x20")%r(SS
2348. SF:LSessionReq,74,"This\x20is\x20an\x20unrestricted\x20telnet\x20server\.\
2349. SF:r\nPlease\x20do\x20not\x20user\x20for\x20production\x20purposes\r\n\r\n
2350. SF:#\x20\x20bash:\x20command\x20not\x20found\r\n#\x20");
2351. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2352. Device type: specialized|WAP|phone
2353. Running: iPXE 1.X, Linux 2.4.X|2.6.X, Sony Ericsson embedded
2354. OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:sonyericsson:u8i_vivaz
2355. OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone
2356.  
2357. TRACEROUTE (using port 23/tcp)
2358. HOP RTT ADDRESS
2359. 1 217.63 ms 10.238.204.1
2360. 2 217.71 ms 45.131.4.3
2361. 3 217.70 ms 109.236.95.226
2362. 4 217.75 ms 109.236.95.167
2363. 5 217.78 ms ge-1-0-8.border-1.thn.lon.uk.as29017.net (80.249.209.84)
2364. 6 217.81 ms ae3.core-2.maylands.hml.uk.as29017.net (89.145.125.34)
2365. 7 321.64 ms 83-223-96-111.as29017.net (83.223.96.111)
2366. 8 321.68 ms be11.asr01.thn.as20860.net (130.180.202.24)
2367. 9 321.70 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2368. 10 113.47 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2369. 11 304.14 ms 1-103-223-83.xssl.net (83.223.103.1)
2370. 12 ... 30
2371. #######################################################################################################################################
2372. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:36 EDT
2373. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2374. Host is up (0.20s latency).
2375.  
2376. PORT STATE SERVICE VERSION
2377. 53/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
2378. |_dns-fuzz: Server didn't response to our probe, can't fuzz
2379. | dns-nsec-enum:
2380. |_ No NSEC records found
2381. | dns-nsec3-enum:
2382. |_ DNSSEC NSEC3 not supported
2383. | dns-nsid:
2384. |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
2385. |_vulscan: ERROR: Script execution failed (use -d to debug)
2386. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2387. Device type: general purpose
2388. Running (JUST GUESSING): Linux 3.X|4.X (90%)
2389. OS CPE: cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:4.4
2390. Aggressive OS guesses: Linux 3.10 (90%), Linux 3.10 - 3.16 (90%), Linux 3.10 - 3.12 (89%), Linux 4.4 (89%), Linux 4.9 (89%), Linux 4.0 (88%)
2391. No exact OS matches for host (test conditions non-ideal).
2392. Network Distance: 12 hops
2393. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
2394.  
2395. Host script results:
2396. | dns-brute:
2397. | DNS Brute-force hostnames:
2398. | admin.terrassl.net - 95.154.210.2
2399. | alpha.terrassl.net - 212.113.145.34
2400. | ns1.terrassl.net - 217.194.210.107
2401. | ns2.terrassl.net - 84.22.166.196
2402. | ns3.terrassl.net - 84.22.166.196
2403. | mail.terrassl.net - 95.154.210.2
2404. | www.terrassl.net - 95.154.210.2
2405. |_ ftp.terrassl.net - 95.154.210.2
2406.  
2407. TRACEROUTE (using port 53/tcp)
2408. HOP RTT ADDRESS
2409. 1 217.68 ms 10.238.204.1
2410. 2 217.72 ms 45.131.4.3
2411. 3 217.72 ms 109.236.95.224
2412. 4 217.74 ms 109.236.95.173
2413. 5 322.25 ms ge-1-0-8.border-1.thn.lon.uk.as29017.net (80.249.209.84)
2414. 6 322.30 ms ae3.core-2.maylands.hml.uk.as29017.net (89.145.125.34)
2415. 7 322.35 ms 83-223-96-111.as29017.net (83.223.96.111)
2416. 8 322.34 ms be11.asr01.thn.as20860.net (130.180.202.24)
2417. 9 322.34 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2418. 10 113.50 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2419. 11 304.62 ms 1-103-223-83.xssl.net (83.223.103.1)
2420. 12 307.93 ms pegasus.terrassl.net (89.145.78.0)
2421. #######################################################################################################################################
2422. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:36 EDT
2423. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2424. Host is up.
2425.  
2426. PORT STATE SERVICE VERSION
2427. 79/tcp filtered finger
2428. Too many fingerprints match this host to give specific OS details
2429.  
2430. TRACEROUTE (using proto 1/icmp)
2431. HOP RTT ADDRESS
2432. 1 258.91 ms 10.238.204.1
2433. 2 258.97 ms 45.131.4.2
2434. 3 258.96 ms 109.236.95.224
2435. 4 259.00 ms 109.236.95.173
2436. 5 259.02 ms ge-1-0-8.border-1.thn.lon.uk.as29017.net (80.249.209.84)
2437. 6 259.07 ms ae3.core-2.maylands.hml.uk.as29017.net (89.145.125.34)
2438. 7 259.10 ms 83-223-96-111.as29017.net (83.223.96.111)
2439. 8 259.14 ms be11.asr01.thn.as20860.net (130.180.202.24)
2440. 9 259.13 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2441. 10 112.64 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2442. 11 240.17 ms 1-103-223-83.xssl.net (83.223.103.1)
2443. 12 ... 30
2444. #######################################################################################################################################
2445. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:36 EDT
2446. NSE: Loaded 164 scripts for scanning.
2447. NSE: Script Pre-scanning.
2448. Initiating NSE at 02:36
2449. Completed NSE at 02:36, 0.00s elapsed
2450. Initiating NSE at 02:36
2451. Completed NSE at 02:36, 0.00s elapsed
2452. Initiating Parallel DNS resolution of 1 host. at 02:36
2453. Completed Parallel DNS resolution of 1 host. at 02:36, 0.03s elapsed
2454. Initiating SYN Stealth Scan at 02:36
2455. Scanning pegasus.terrassl.net (89.145.78.0) [1 port]
2456. Completed SYN Stealth Scan at 02:36, 0.55s elapsed (1 total ports)
2457. Initiating Service scan at 02:36
2458. Initiating OS detection (try #1) against pegasus.terrassl.net (89.145.78.0)
2459. Retrying OS detection (try #2) against pegasus.terrassl.net (89.145.78.0)
2460. Initiating Traceroute at 02:36
2461. Completed Traceroute at 02:36, 6.27s elapsed
2462. Initiating Parallel DNS resolution of 11 hosts. at 02:36
2463. Completed Parallel DNS resolution of 11 hosts. at 02:36, 0.40s elapsed
2464. NSE: Script scanning 89.145.78.0.
2465. Initiating NSE at 02:36
2466. Completed NSE at 02:36, 0.01s elapsed
2467. Initiating NSE at 02:36
2468. Completed NSE at 02:36, 0.00s elapsed
2469. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2470. Host is up.
2471.  
2472. PORT STATE SERVICE VERSION
2473. 80/tcp filtered http
2474. Too many fingerprints match this host to give specific OS details
2475.  
2476. TRACEROUTE (using proto 1/icmp)
2477. HOP RTT ADDRESS
2478. 1 248.46 ms 10.238.204.1
2479. 2 248.54 ms 45.131.4.2
2480. 3 248.53 ms 109.236.95.224
2481. 4 248.58 ms 109.236.95.173
2482. 5 248.60 ms ge-1-0-8.border-1.thn.lon.uk.as29017.net (80.249.209.84)
2483. 6 248.64 ms ae3.core-2.maylands.hml.uk.as29017.net (89.145.125.34)
2484. 7 248.68 ms 83-223-96-111.as29017.net (83.223.96.111)
2485. 8 248.71 ms be11.asr01.thn.as20860.net (130.180.202.24)
2486. 9 248.74 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2487. 10 144.44 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2488. 11 200.27 ms 1-103-223-83.xssl.net (83.223.103.1)
2489. 12 ... 30
2490.  
2491. NSE: Script Post-scanning.
2492. Initiating NSE at 02:36
2493. Completed NSE at 02:36, 0.00s elapsed
2494. Initiating NSE at 02:36
2495. Completed NSE at 02:36, 0.00s elapsed
2496. #######################################################################################################################################
2497. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:42 EDT
2498. NSE: Loaded 164 scripts for scanning.
2499. NSE: Script Pre-scanning.
2500. Initiating NSE at 02:42
2501. Completed NSE at 02:42, 0.00s elapsed
2502. Initiating NSE at 02:42
2503. Completed NSE at 02:42, 0.00s elapsed
2504. Initiating Parallel DNS resolution of 1 host. at 02:42
2505. Completed Parallel DNS resolution of 1 host. at 02:42, 0.11s elapsed
2506. Initiating SYN Stealth Scan at 02:42
2507. Scanning pegasus.terrassl.net (89.145.78.0) [1 port]
2508. Completed SYN Stealth Scan at 02:42, 0.54s elapsed (1 total ports)
2509. Initiating Service scan at 02:42
2510. Initiating OS detection (try #1) against pegasus.terrassl.net (89.145.78.0)
2511. Retrying OS detection (try #2) against pegasus.terrassl.net (89.145.78.0)
2512. Initiating Traceroute at 02:42
2513. Completed Traceroute at 02:42, 6.27s elapsed
2514. Initiating Parallel DNS resolution of 11 hosts. at 02:42
2515. Completed Parallel DNS resolution of 11 hosts. at 02:42, 0.27s elapsed
2516. NSE: Script scanning 89.145.78.0.
2517. Initiating NSE at 02:42
2518. Completed NSE at 02:42, 0.00s elapsed
2519. Initiating NSE at 02:42
2520. Completed NSE at 02:42, 0.00s elapsed
2521. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2522. Host is up.
2523.  
2524. PORT STATE SERVICE VERSION
2525. 443/tcp filtered https
2526. Too many fingerprints match this host to give specific OS details
2527.  
2528. TRACEROUTE (using proto 1/icmp)
2529. HOP RTT ADDRESS
2530. 1 145.07 ms 10.238.204.1
2531. 2 249.16 ms 45.131.4.2
2532. 3 249.11 ms 109.236.95.224
2533. 4 249.20 ms 109.236.95.173
2534. 5 249.28 ms ge-1-0-8.border-1.thn.lon.uk.as29017.net (80.249.209.84)
2535. 6 249.31 ms ae3.core-2.maylands.hml.uk.as29017.net (89.145.125.34)
2536. 7 249.34 ms 83-223-96-111.as29017.net (83.223.96.111)
2537. 8 249.40 ms be11.asr01.thn.as20860.net (130.180.202.24)
2538. 9 249.43 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2539. 10 249.43 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2540. 11 200.78 ms 1-103-223-83.xssl.net (83.223.103.1)
2541. 12 ... 30
2542.  
2543. NSE: Script Post-scanning.
2544. Initiating NSE at 02:42
2545. Completed NSE at 02:42, 0.00s elapsed
2546. Initiating NSE at 02:42
2547. Completed NSE at 02:42, 0.00s elapsed
2548. #######################################################################################################################################
2549. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:48 EDT
2550. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2551. Host is up.
2552.  
2553. PORT STATE SERVICE VERSION
2554. 5432/tcp filtered postgresql
2555. Too many fingerprints match this host to give specific OS details
2556.  
2557. TRACEROUTE (using proto 1/icmp)
2558. HOP RTT ADDRESS
2559. 1 225.65 ms 10.238.204.1
2560. 2 329.44 ms 45.131.4.2
2561. 3 329.49 ms 109.236.95.224
2562. 4 329.52 ms 109.236.95.173
2563. 5 329.55 ms ge-1-0-8.border-1.thn.lon.uk.as29017.net (80.249.209.84)
2564. 6 329.58 ms ae3.core-2.maylands.hml.uk.as29017.net (89.145.125.34)
2565. 7 329.61 ms 83-223-96-111.as29017.net (83.223.96.111)
2566. 8 329.64 ms be11.asr01.thn.as20860.net (130.180.202.24)
2567. 9 329.68 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2568. 10 121.43 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2569. 11 311.67 ms 1-103-223-83.xssl.net (83.223.103.1)
2570. 12 ... 30
2571. #######################################################################################################################################
2572. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:50 EDT
2573. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2574. Host is up.
2575.  
2576. PORT STATE SERVICE VERSION
2577. 6667/tcp filtered irc
2578. Too many fingerprints match this host to give specific OS details
2579.  
2580. TRACEROUTE (using proto 1/icmp)
2581. HOP RTT ADDRESS
2582. 1 220.94 ms 10.238.204.1
2583. 2 324.83 ms 45.131.4.2
2584. 3 324.80 ms 109.236.95.224
2585. 4 324.86 ms 109.236.95.173
2586. 5 324.88 ms ge-1-0-8.border-1.thn.lon.uk.as29017.net (80.249.209.84)
2587. 6 324.93 ms ae3.core-2.maylands.hml.uk.as29017.net (89.145.125.34)
2588. 7 324.91 ms 83-223-96-111.as29017.net (83.223.96.111)
2589. 8 324.99 ms be11.asr01.thn.as20860.net (130.180.202.24)
2590. 9 324.98 ms be10.asr01.dc5.as20860.net (130.180.202.45)
2591. 10 116.51 ms po256.net1.north.dc5.as20860.net (130.180.203.4)
2592. 11 307.27 ms 1-103-223-83.xssl.net (83.223.103.1)
2593. 12 ... 30
2594. #######################################################################################################################################
2595. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 02:51 EDT
2596. NSE: Loaded 47 scripts for scanning.
2597. NSE: Script Pre-scanning.
2598. Initiating NSE at 02:51
2599. Completed NSE at 02:51, 0.00s elapsed
2600. Initiating NSE at 02:51
2601. Completed NSE at 02:51, 0.00s elapsed
2602. Initiating Parallel DNS resolution of 1 host. at 02:51
2603. Completed Parallel DNS resolution of 1 host. at 02:51, 0.02s elapsed
2604. Initiating UDP Scan at 02:51
2605. Scanning pegasus.terrassl.net (89.145.78.0) [15 ports]
2606. Discovered open port 53/udp on 89.145.78.0
2607. Completed UDP Scan at 02:51, 2.47s elapsed (15 total ports)
2608. Initiating Service scan at 02:51
2609. Scanning 13 services on pegasus.terrassl.net (89.145.78.0)
2610. Service scan Timing: About 15.38% done; ETC: 03:02 (0:08:59 remaining)
2611. Completed Service scan at 02:53, 102.59s elapsed (13 services on 1 host)
2612. Initiating OS detection (try #1) against pegasus.terrassl.net (89.145.78.0)
2613. Retrying OS detection (try #2) against pegasus.terrassl.net (89.145.78.0)
2614. Initiating Traceroute at 02:53
2615. Completed Traceroute at 02:53, 7.13s elapsed
2616. Initiating Parallel DNS resolution of 1 host. at 02:53
2617. Completed Parallel DNS resolution of 1 host. at 02:53, 0.00s elapsed
2618. NSE: Script scanning 89.145.78.0.
2619. Initiating NSE at 02:53
2620. Completed NSE at 02:53, 7.83s elapsed
2621. Initiating NSE at 02:53
2622. Completed NSE at 02:53, 1.46s elapsed
2623. Nmap scan report for pegasus.terrassl.net (89.145.78.0)
2624. Host is up (0.19s latency).
2625.  
2626. PORT STATE SERVICE VERSION
2627. 53/udp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
2628. |_vulscan: ERROR: Script execution failed (use -d to debug)
2629. 67/udp open|filtered dhcps
2630. 68/udp open|filtered dhcpc
2631. 69/udp open|filtered tftp
2632. 88/udp open|filtered kerberos-sec
2633. 123/udp open|filtered ntp
2634. 137/udp filtered netbios-ns
2635. 138/udp filtered netbios-dgm
2636. 139/udp open|filtered netbios-ssn
2637. 161/udp open|filtered snmp
2638. 162/udp open|filtered snmptrap
2639. 389/udp open|filtered ldap
2640. 500/udp open|filtered isakmp
2641. |_ike-version: ERROR: Script execution failed (use -d to debug)
2642. 520/udp open|filtered route
2643. 2049/udp open|filtered nfs
2644. Too many fingerprints match this host to give specific OS details
2645. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
2646.  
2647. TRACEROUTE (using port 137/udp)
2648. HOP RTT ADDRESS
2649. 1 104.29 ms 10.238.204.1
2650. 2 ... 3
2651. 4 103.20 ms 10.238.204.1
2652. 5 250.79 ms 10.238.204.1
2653. 6 250.78 ms 10.238.204.1
2654. 7 250.77 ms 10.238.204.1
2655. 8 250.76 ms 10.238.204.1
2656. 9 250.72 ms 10.238.204.1
2657. 10 104.68 ms 10.238.204.1
2658. 11 ... 18
2659. 19 103.88 ms 10.238.204.1
2660. 20 104.56 ms 10.238.204.1
2661. 21 ... 28
2662. 29 103.04 ms 10.238.204.1
2663. 30 127.00 ms 10.238.204.1
2664.  
2665. NSE: Script Post-scanning.
2666. Initiating NSE at 02:53
2667. Completed NSE at 02:53, 0.00s elapsed
2668. Initiating NSE at 02:53
2669. Completed NSE at 02:53, 0.00s elapsed
2670. Read data files from: /usr/bin/../share/nmap
2671. #######################################################################################################################################
2672. [+] URL: https://www.mundesley-pc.gov.uk/
2673. [+] Started: Thu Sep 5 01:38:48 2019
2674.  
2675. Interesting Finding(s):
2676.  
2677. [+] https://www.mundesley-pc.gov.uk/
2678. | Interesting Entry: Server: Apache
2679. | Found By: Headers (Passive Detection)
2680. | Confidence: 100%
2681.  
2682. [+] https://www.mundesley-pc.gov.uk/robots.txt
2683. | Interesting Entries:
2684. | - /wp-admin/
2685. | - /wp-admin/admin-ajax.php
2686. | Found By: Robots Txt (Aggressive Detection)
2687. | Confidence: 100%
2688.  
2689. [+] https://www.mundesley-pc.gov.uk/xmlrpc.php
2690. | Found By: Direct Access (Aggressive Detection)
2691. | Confidence: 100%
2692. | References:
2693. | - http://codex.wordpress.org/XML-RPC_Pingback_API
2694. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2695. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2696. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2697. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2698.  
2699. [+] https://www.mundesley-pc.gov.uk/readme.html
2700. | Found By: Direct Access (Aggressive Detection)
2701. | Confidence: 100%
2702.  
2703. [+] https://www.mundesley-pc.gov.uk/wp-cron.php
2704. | Found By: Direct Access (Aggressive Detection)
2705. | Confidence: 60%
2706. | References:
2707. | - https://www.iplocation.net/defend-wordpress-from-ddos
2708. | - https://github.com/wpscanteam/wpscan/issues/1299
2709.  
2710. [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
2711. | Detected By: Meta Generator (Passive Detection)
2712. | - https://www.mundesley-pc.gov.uk/, Match: 'WordPress 5.2.2'
2713. | Confirmed By:
2714. | Plugin And Theme Query Parameter In Homepage (Passive Detection)
2715. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/uk-cookie-consent/assets/css/style.css?ver=5.2.2
2716. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/ubermenu/pro/assets/css/skins/simplegreen.css?ver=5.2.2
2717. | Rss Generator (Aggressive Detection)
2718. | - https://www.mundesley-pc.gov.uk/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
2719. | - https://www.mundesley-pc.gov.uk/comments/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
2720.  
2721. [+] WordPress theme in use: mundesleypc2017
2722. | Location: https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/
2723. | Style URL: https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/style.css
2724. | Style Name: Mundesley Parish Council
2725. | Style URI: https://www.mundesley-pc.gov.uk
2726. | Description: A WordPress powered website with a custom theme (design)...
2727. | Author: Josh.biz Web Design
2728. | Author URI: http://www.josh.biz
2729. |
2730. | Detected By: Css Style (Passive Detection)
2731. | Confirmed By: Urls In Homepage (Passive Detection)
2732. |
2733. | Version: 1.0 (80% confidence)
2734. | Detected By: Style (Passive Detection)
2735. | - https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/style.css, Match: 'Version: 1.0'
2736.  
2737. [+] Enumerating Users (via Passive and Aggressive Methods)
2738. Brute Forcing Author IDs - Time: 00:01:00 <==> (10 / 10) 100.00% Time: 00:01:00
2739.  
2740. [i] User(s) Identified:
2741.  
2742. [+] Doreen
2743. | Detected By: Rss Generator (Aggressive Detection)
2744.  
2745.  
2746. [+] Finished: Thu Sep 5 01:47:33 2019
2747. [+] Requests Done: 43
2748. [+] Cached Requests: 14
2749. [+] Data Sent: 5.981 KB
2750. [+] Data Received: 147.783 KB
2751. [+] Memory used: 95.906 MB
2752. [+] Elapsed time: 00:08:44
2753. #######################################################################################################################################
2754. [+] URL: https://www.mundesley-pc.gov.uk/
2755. [+] Started: Thu Sep 5 01:38:45 2019
2756.  
2757. Interesting Finding(s):
2758.  
2759. [+] https://www.mundesley-pc.gov.uk/
2760. | Interesting Entry: Server: Apache
2761. | Found By: Headers (Passive Detection)
2762. | Confidence: 100%
2763.  
2764. [+] https://www.mundesley-pc.gov.uk/robots.txt
2765. | Interesting Entries:
2766. | - /wp-admin/
2767. | - /wp-admin/admin-ajax.php
2768. | Found By: Robots Txt (Aggressive Detection)
2769. | Confidence: 100%
2770.  
2771. [+] https://www.mundesley-pc.gov.uk/xmlrpc.php
2772. | Found By: Direct Access (Aggressive Detection)
2773. | Confidence: 100%
2774. | References:
2775. | - http://codex.wordpress.org/XML-RPC_Pingback_API
2776. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2777. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2778. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2779. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2780.  
2781. [+] https://www.mundesley-pc.gov.uk/readme.html
2782. | Found By: Direct Access (Aggressive Detection)
2783. | Confidence: 100%
2784.  
2785. [+] https://www.mundesley-pc.gov.uk/wp-cron.php
2786. | Found By: Direct Access (Aggressive Detection)
2787. | Confidence: 60%
2788. | References:
2789. | - https://www.iplocation.net/defend-wordpress-from-ddos
2790. | - https://github.com/wpscanteam/wpscan/issues/1299
2791.  
2792. [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
2793. | Detected By: Meta Generator (Passive Detection)
2794. | - https://www.mundesley-pc.gov.uk/, Match: 'WordPress 5.2.2'
2795. | Confirmed By:
2796. | Plugin And Theme Query Parameter In Homepage (Passive Detection)
2797. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/uk-cookie-consent/assets/css/style.css?ver=5.2.2
2798. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/ubermenu/pro/assets/css/skins/simplegreen.css?ver=5.2.2
2799. | Rss Generator (Aggressive Detection)
2800. | - https://www.mundesley-pc.gov.uk/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
2801. | - https://www.mundesley-pc.gov.uk/comments/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
2802.  
2803. [+] WordPress theme in use: mundesleypc2017
2804. | Location: https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/
2805. | Style URL: https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/style.css
2806. | Style Name: Mundesley Parish Council
2807. | Style URI: https://www.mundesley-pc.gov.uk
2808. | Description: A WordPress powered website with a custom theme (design)...
2809. | Author: Josh.biz Web Design
2810. | Author URI: http://www.josh.biz
2811. |
2812. | Detected By: Css Style (Passive Detection)
2813. | Confirmed By: Urls In Homepage (Passive Detection)
2814. |
2815. | Version: 1.0 (80% confidence)
2816. | Detected By: Style (Passive Detection)
2817. | - https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/style.css, Match: 'Version: 1.0'
2818.  
2819. [+] Enumerating All Plugins (via Passive Methods)
2820. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
2821.  
2822. [i] Plugin(s) Identified:
2823.  
2824. [+] ari-fancy-lightbox
2825. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/ari-fancy-lightbox/
2826. | Latest Version: 1.3.6 (up to date)
2827. | Last Updated: 2019-04-06T06:31:00.000Z
2828. |
2829. | Detected By: Urls In Homepage (Passive Detection)
2830. |
2831. | Version: 1.3.6 (20% confidence)
2832. | Detected By: Query Parameter (Passive Detection)
2833. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/ari-fancy-lightbox/assets/fancybox/jquery.fancybox.min.css?ver=1.3.6
2834. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/ari-fancy-lightbox/assets/fancybox/jquery.fancybox.min.js?ver=1.3.6
2835.  
2836. [+] mappress-google-maps-for-wordpress
2837. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/mappress-google-maps-for-wordpress/
2838. | Latest Version: 2.53.1 (up to date)
2839. | Last Updated: 2019-07-11T21:30:00.000Z
2840. |
2841. | Detected By: Urls In Homepage (Passive Detection)
2842. | Confirmed By: Comment (Passive Detection)
2843. |
2844. | Version: 2.53.1 (70% confidence)
2845. | Detected By: Comment (Passive Detection)
2846. | - https://www.mundesley-pc.gov.uk/, Match: 'MapPress Easy Google Maps Version:2.53.1'
2847. | Confirmed By: Query Parameter (Passive Detection)
2848. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/mappress-google-maps-for-wordpress/css/mappress.css?ver=2.53.1%20PRO
2849.  
2850. [+] monarch
2851. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/monarch/
2852. |
2853. | Detected By: Urls In Homepage (Passive Detection)
2854. |
2855. | [!] 1 vulnerability identified:
2856. |
2857. | [!] Title: ElegantThemes - Privilege Escalation
2858. | Fixed in: 1.2.7
2859. | References:
2860. | - https://wpvulndb.com/vulnerabilities/8394
2861. | - http://www.pritect.net/blog/elegant-themes-security-vulnerability
2862. | - http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
2863. |
2864. | The version could not be determined.
2865.  
2866. [+] nextcellent-gallery-nextgen-legacy
2867. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/nextcellent-gallery-nextgen-legacy/
2868. | Latest Version: 1.9.35 (up to date)
2869. | Last Updated: 2017-10-16T09:19:00.000Z
2870. |
2871. | Detected By: Comment (Passive Detection)
2872. |
2873. | Version: 3.2.10 (60% confidence)
2874. | Detected By: Comment (Passive Detection)
2875. | - https://www.mundesley-pc.gov.uk/, Match: '<meta name="NextGEN" version="3.2.10"'
2876.  
2877. [+] nextgen-gallery
2878. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/nextgen-gallery/
2879. | Last Updated: 2019-08-28T00:11:00.000Z
2880. | [!] The version is out of date, the latest version is 3.2.11
2881. |
2882. | Detected By: Comment (Passive Detection)
2883. |
2884. | [!] 1 vulnerability identified:
2885. |
2886. | [!] Title: Nextgen Gallery < 3.2.11 - SQL Injection
2887. | Fixed in: 3.2.11
2888. | References:
2889. | - https://wpvulndb.com/vulnerabilities/9816
2890. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14314
2891. | - https://fortiguard.com/zeroday/FG-VD-19-099
2892. | - https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
2893. |
2894. | Version: 3.2.10 (60% confidence)
2895. | Detected By: Comment (Passive Detection)
2896. | - https://www.mundesley-pc.gov.uk/, Match: '<meta name="NextGEN" version="3.2.10"'
2897.  
2898. [+] ubermenu
2899. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/ubermenu/
2900. |
2901. | Detected By: Urls In Homepage (Passive Detection)
2902. |
2903. | The version could not be determined.
2904.  
2905. [+] uk-cookie-consent
2906. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/uk-cookie-consent/
2907. | Latest Version: 2.3.14
2908. | Last Updated: 2019-01-16T15:16:00.000Z
2909. |
2910. | Detected By: Urls In Homepage (Passive Detection)
2911. |
2912. | [!] 1 vulnerability identified:
2913. |
2914. | [!] Title: UK Cookie Consent <= 2.3.9 - Authenticated Stored Cross-Site Scripting (XSS)
2915. | Fixed in: 2.3.10
2916. | References:
2917. | - https://wpvulndb.com/vulnerabilities/9068
2918. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10310
2919. | - https://plugins.trac.wordpress.org/changeset/1863058/uk-cookie-consent
2920. |
2921. | The version could not be determined.
2922.  
2923. [+] wordfence
2924. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/wordfence/
2925. | Latest Version: 7.4.0
2926. | Last Updated: 2019-08-22T15:25:00.000Z
2927. |
2928. | Detected By: Javascript Var (Passive Detection)
2929. |
2930. | [!] 12 vulnerabilities identified:
2931. |
2932. | [!] Title: Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS
2933. | Fixed in: 3.8.7
2934. | Reference: https://wpvulndb.com/vulnerabilities/6140
2935. |
2936. | [!] Title: Wordfence 3.8.1 - Password Creation Restriction Bypass
2937. | Fixed in: 3.8.3
2938. | Reference: https://wpvulndb.com/vulnerabilities/6141
2939. |
2940. | [!] Title: Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS
2941. | Fixed in: 3.8.3
2942. | References:
2943. | - https://wpvulndb.com/vulnerabilities/6142
2944. | - https://packetstormsecurity.com/files/122993/
2945. | - https://www.securityfocus.com/bid/62053/
2946. |
2947. | [!] Title: Wordfence 3.3.5 - XSS & IAA
2948. | Fixed in: 3.3.7
2949. | References:
2950. | - https://wpvulndb.com/vulnerabilities/6143
2951. | - http://seclists.org/fulldisclosure/2012/Oct/139
2952. |
2953. | [!] Title: Wordfence 5.2.4 - Unspecified Issue
2954. | Fixed in: 5.2.5
2955. | Reference: https://wpvulndb.com/vulnerabilities/7581
2956. |
2957. | [!] Title: Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS
2958. | Fixed in: 5.2.5
2959. | References:
2960. | - https://wpvulndb.com/vulnerabilities/7582
2961. | - https://packetstormsecurity.com/files/128259/
2962. |
2963. | [!] Title: Wordfence 5.2.3 - Banned IP Functionality Bypass
2964. | Fixed in: 5.2.4
2965. | References:
2966. | - https://wpvulndb.com/vulnerabilities/7583
2967. | - https://packetstormsecurity.com/files/128259/
2968. | - http://seclists.org/fulldisclosure/2014/Sep/49
2969. | - https://vexatioustendencies.com/wordfence-v5-2-3-2-stored-xss-insufficient-logging-throttle-bypass-exploit-detection-bypass/
2970. |
2971. | [!] Title: Wordfence 5.2.3 - Multiple Vulnerabilities
2972. | Fixed in: 5.2.4
2973. | References:
2974. | - https://wpvulndb.com/vulnerabilities/7612
2975. | - https://vexatioustendencies.com/wordfence-v5-2-3-2-stored-xss-insufficient-logging-throttle-bypass-exploit-detection-bypass/
2976. |
2977. | [!] Title: Wordfence <= 5.2.4 - Multiple Vulnerabilities (XSS & Bypasses)
2978. | Fixed in: 5.2.5
2979. | References:
2980. | - https://wpvulndb.com/vulnerabilities/7636
2981. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4664
2982. | - https://secupress.me/blog/wordfence-5-2-5-security-update/
2983. | - https://www.securityfocus.com/bid/70915/
2984. |
2985. | [!] Title: Wordfence 5.2.2 - XSS in Referer Header
2986. | Fixed in: 5.2.3
2987. | References:
2988. | - https://wpvulndb.com/vulnerabilities/7698
2989. | - https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/
2990. |
2991. | [!] Title: Wordfence <= 5.1.4 - Cross-Site Scripting (XSS)
2992. | Fixed in: 5.1.5
2993. | References:
2994. | - https://wpvulndb.com/vulnerabilities/7711
2995. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4932
2996. |
2997. | [!] Title: Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass
2998. | Fixed in: 7.1.14
2999. | References:
3000. | - https://wpvulndb.com/vulnerabilities/9135
3001. | - http://www.waraxe.us/advisory-109.html
3002. | - https://packetstormsecurity.com/files/149845/
3003. |
3004. | The version could not be determined.
3005.  
3006. [+] wordpress-seo
3007. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/wordpress-seo/
3008. | Last Updated: 2019-09-03T07:32:00.000Z
3009. | [!] The version is out of date, the latest version is 12.0
3010. |
3011. | Detected By: Comment (Passive Detection)
3012. |
3013. | Version: 11.8 (60% confidence)
3014. | Detected By: Comment (Passive Detection)
3015. | - https://www.mundesley-pc.gov.uk/, Match: 'optimized with the Yoast SEO plugin v11.8 -'
3016.  
3017. [+] wp-rocket
3018. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/wp-rocket/
3019. |
3020. | Detected By: Comment (Passive Detection)
3021. |
3022. | [!] 1 vulnerability identified:
3023. |
3024. | [!] Title: WP Rocket <= 2.10.3 - Local File Inclusion (LFI)
3025. | Fixed in: 2.10.4
3026. | References:
3027. | - https://wpvulndb.com/vulnerabilities/8872
3028. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11658
3029. | - https://wp-rocket.me/changelog
3030. | - https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890
3031. |
3032. | The version could not be determined.
3033.  
3034. [+] wpfront-scroll-top
3035. | Location: https://www.mundesley-pc.gov.uk/wp-content/plugins/wpfront-scroll-top/
3036. | Latest Version: 2.0.2
3037. | Last Updated: 2019-05-21T06:27:00.000Z
3038. |
3039. | Detected By: Urls In Homepage (Passive Detection)
3040. |
3041. | The version could not be determined.
3042.  
3043. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
3044. Checking Config Backups - Time: 00:02:30 <=============> (21 / 21) 100.00% Time: 00:02:30
3045.  
3046. [i] No Config Backups Found.
3047.  
3048.  
3049. [+] Finished: Thu Sep 5 02:03:23 2019
3050. [+] Requests Done: 106
3051. [+] Cached Requests: 11
3052. [+] Data Sent: 8.998 KB
3053. [+] Data Received: 24.314 MB
3054. [+] Memory used: 201.77 MB
3055. [+] Elapsed time: 00:24:37
3056. #######################################################################################################################################
3057. [+] URL: https://www.mundesley-pc.gov.uk/
3058. [+] Started: Thu Sep 5 02:08:44 2019
3059.  
3060. Interesting Finding(s):
3061.  
3062. [+] https://www.mundesley-pc.gov.uk/
3063. | Interesting Entry: Server: Apache
3064. | Found By: Headers (Passive Detection)
3065. | Confidence: 100%
3066.  
3067. [+] https://www.mundesley-pc.gov.uk/robots.txt
3068. | Interesting Entries:
3069. | - /wp-admin/
3070. | - /wp-admin/admin-ajax.php
3071. | Found By: Robots Txt (Aggressive Detection)
3072. | Confidence: 100%
3073.  
3074. [+] https://www.mundesley-pc.gov.uk/xmlrpc.php
3075. | Found By: Direct Access (Aggressive Detection)
3076. | Confidence: 100%
3077. | References:
3078. | - http://codex.wordpress.org/XML-RPC_Pingback_API
3079. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
3080. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
3081. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
3082. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
3083.  
3084. [+] https://www.mundesley-pc.gov.uk/readme.html
3085. | Found By: Direct Access (Aggressive Detection)
3086. | Confidence: 100%
3087.  
3088. [+] https://www.mundesley-pc.gov.uk/wp-cron.php
3089. | Found By: Direct Access (Aggressive Detection)
3090. | Confidence: 60%
3091. | References:
3092. | - https://www.iplocation.net/defend-wordpress-from-ddos
3093. | - https://github.com/wpscanteam/wpscan/issues/1299
3094.  
3095. Fingerprinting the version - Time: 00:00:10 <=========> (362 / 362) 100.00% Time: 00:00:10
3096. [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
3097. | Detected By: Meta Generator (Passive Detection)
3098. | - https://www.mundesley-pc.gov.uk/, Match: 'WordPress 5.2.2'
3099. | Confirmed By:
3100. | Plugin And Theme Query Parameter In Homepage (Passive Detection)
3101. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/uk-cookie-consent/assets/css/style.css?ver=5.2.2
3102. | - https://www.mundesley-pc.gov.uk/wp-content/plugins/ubermenu/pro/assets/css/skins/simplegreen.css?ver=5.2.2
3103. | Unique Fingerprinting (Aggressive Detection)
3104. | - https://www.mundesley-pc.gov.uk/wp-admin/css/media.css md5sum is 16375f6512d5a1e04dbb884a02ba658a
3105.  
3106. [+] WordPress theme in use: mundesleypc2017
3107. | Location: https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/
3108. | Style URL: https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/style.css
3109. | Style Name: Mundesley Parish Council
3110. | Style URI: https://www.mundesley-pc.gov.uk
3111. | Description: A WordPress powered website with a custom theme (design)...
3112. | Author: Josh.biz Web Design
3113. | Author URI: http://www.josh.biz
3114. |
3115. | Detected By: Css Style (Passive Detection)
3116. | Confirmed By: Urls In Homepage (Passive Detection)
3117. |
3118. | Version: 1.0 (80% confidence)
3119. | Detected By: Style (Passive Detection)
3120. | - https://www.mundesley-pc.gov.uk/wp-content/themes/mundesleypc2017/style.css, Match: 'Version: 1.0'
3121.  
3122. [+] Enumerating Users (via Passive and Aggressive Methods)
3123. Brute Forcing Author IDs - Time: 00:00:05 <============> (10 / 10) 100.00% Time: 00:00:05
3124.  
3125. [i] User(s) Identified:
3126.  
3127. [+] Doreen
3128. | Detected By: Rss Generator (Aggressive Detection)
3129.  
3130. [+] joshbizadmin
3131. | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3132. | - https://www.mundesley-pc.gov.uk/author-sitemap.xml
3133.  
3134. [+] doreen
3135. | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3136. | - https://www.mundesley-pc.gov.uk/author-sitemap.xml
3137.  
3138.  
3139. [+] Finished: Thu Sep 5 02:10:19 2019
3140. [+] Requests Done: 94
3141. [+] Cached Requests: 10
3142. [+] Data Sent: 24.702 KB
3143. [+] Data Received: 1.445 MB
3144. [+] Memory used: 103.266 MB
3145. [+] Elapsed time: 00:01:34
3146. #######################################################################################################################################
3147. [INFO] ------TARGET info------
3148. [*] TARGET: https://www.mundesley-pc.gov.uk/
3149. [*] TARGET IP: 89.145.78.0
3150. [INFO] NO load balancer detected for www.mundesley-pc.gov.uk...
3151. [*] DNS servers: ns1.livedns.co.uk.
3152. [*] TARGET server: Apache
3153. [*] CC: GB
3154. [*] Country: United Kingdom
3155. [*] RegionCode: ENG
3156. [*] RegionName: England
3157. [*] City: Hemel Hempstead
3158. [*] ASN: AS29017
3159. [*] BGP_PREFIX: 89.145.64.0/18
3160. [*] ISP: GYRON Gyron Internet Ltd, GB
3161. [INFO] SSL/HTTPS certificate detected
3162. [*] Issuer: issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
3163. [*] Subject: subject=CN = mundesley-pc.gov.uk
3164. [ALERT] Let's Encrypt is commonly used for Phishing
3165. [INFO] DNS enumeration:
3166. [*] mail.mundesley-pc.gov.uk 213.171.216.40
3167. [*] webmail.mundesley-pc.gov.uk 213.171.216.231
3168. [INFO] Possible abuse mails are:
3169. [*] abuse@gyron.net
3170. [*] abuse@mundesley-pc.gov.uk
3171. [*] abuse@www.mundesley-pc.gov.uk
3172. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
3173. [ALERT] robots.txt file FOUND in http://www.mundesley-pc.gov.uk/robots.txt
3174. [INFO] Checking for HTTP status codes recursively from http://www.mundesley-pc.gov.uk/robots.txt
3175. [INFO] Status code Folders
3176. [*] 200 http://www.mundesley-pc.gov.uk/wp-admin/
3177. [INFO] Starting FUZZing in http://www.mundesley-pc.gov.uk/FUzZzZzZzZz...
3178. [INFO] Status code Folders
3179. [*] 200 http://www.mundesley-pc.gov.uk/news
3180. [ALERT] Look in the source code. It may contain passwords
3181. [INFO] Links found from https://www.mundesley-pc.gov.uk/ http://89.145.78.0/:
3182. [INFO] GOOGLE has 18,500 results (0.24 seconds) about http://www.mundesley-pc.gov.uk/
3183. [INFO] BING shows 89.145.78.0 is shared with 31,300 hosts/vhosts
3184. [INFO] Shodan detected the following opened ports on 89.145.78.0:
3185. [INFO] ------VirusTotal SECTION------
3186. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
3187. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
3188. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
3189. [INFO] ------Alexa Rank SECTION------
3190. [INFO] Percent of Visitors Rank in Country:
3191. [INFO] Percent of Search Traffic:
3192. [INFO] Percent of Unique Visits:
3193. [INFO] Total Sites Linking In:
3194. [INFO] Useful links related to www.mundesley-pc.gov.uk - 89.145.78.0:
3195. [*] https://www.virustotal.com/pt/ip-address/89.145.78.0/information/
3196. [*] https://www.hybrid-analysis.com/search?host=89.145.78.0
3197. [*] https://www.shodan.io/host/89.145.78.0
3198. [*] https://www.senderbase.org/lookup/?search_string=89.145.78.0
3199. [*] https://www.alienvault.com/open-threat-exchange/ip/89.145.78.0
3200. [*] http://pastebin.com/search?q=89.145.78.0
3201. [*] http://urlquery.net/search.php?q=89.145.78.0
3202. [*] http://www.alexa.com/siteinfo/www.mundesley-pc.gov.uk
3203. [*] http://www.google.com/safebrowsing/diagnostic?site=www.mundesley-pc.gov.uk
3204. [*] https://censys.io/ipv4/89.145.78.0
3205. [*] https://www.abuseipdb.com/check/89.145.78.0
3206. [*] https://urlscan.io/search/#89.145.78.0
3207. [*] https://github.com/search?q=89.145.78.0&type=Code
3208. [INFO] Useful links related to AS29017 - 89.145.64.0/18:
3209. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:29017
3210. [*] https://www.senderbase.org/lookup/?search_string=89.145.64.0/18
3211. [*] http://bgp.he.net/AS29017
3212. [*] https://stat.ripe.net/AS29017
3213. [INFO] Date: 05/09/19 | Time: 02:11:22
3214. [INFO] Total time: 2 minute(s) and 18 second(s)
3215. #######################################################################################################################################
3216. Anonymous JTSEC #OpAssange Full Recon #27