================================================================================ BURKINA FASO INFRASTRUCTURE PROBE — 2026-03-04 Probed from external (US residential IP) ================================================================================ ################################################################################ ## ## ## *** HIGH-INTEREST FINDINGS *** ## ## ## ################################################################################ [CRITICAL] mail.rcpb.bf — Microsoft Exchange Server 2019 (OWA + ECP EXPOSED) - OWA login page LIVE at https://mail.rcpb.bf/owa/auth/logon.aspx (HTTP 200) - Exchange Admin Center (ECP) LIVE at https://mail.rcpb.bf/ecp (HTTP 200) - Exchange version: 15.2.1748.26 (Exchange Server 2019 CU15) - Internal hostname disclosed: VM-FCPB-MAIL (x-feserver header) - IIS/10.0, ASP.NET 4.0.30319 - Autodiscover at autodiscover.rcpb.bf returns 401 with NTLM/Negotiate/Basic auth - Basic realm disclosed: "mail.rcpb.bf" - x-oauth-enabled: True, x-soap-enabled: True, x-wssecurity-enabled: True - RCPB = Reseau des Caisses Populaires du Burkina (major microfinance network) ** Exchange 2019 CU15 — check for ProxyShell/ProxyLogon/ProxyNotShell patches ** [CRITICAL] ebank.bcb.bf — BCB-Online E-Banking Portal (LIVE LOGIN) - HTTPS 200 — full login form exposed at https://ebank.bcb.bf/index.ebk - Platform version disclosed in meta: "6.9.3,,2bbd588" (git commit hash) - Login form: POST /loginPost.ebk with fields: login, mdp (password), tokenId - BCB = Banque Commerciale du Burkina - Server: Apache, HSTS enabled, X-Frame-Options: DENY - Cookie: ebkid (session), SameSite=Strict ** Live internet banking login — brute-force/credential-stuffing target ** [CRITICAL] sogecashnet.societegenerale.bf — Societe Generale Burkina E-Banking - HTTPS 200 at https://sogecashnet.societegenerale.bf/smartoffice/ - Platform: SmartOffice (Sopra Banking Software) - Login form: POST to FR/session.lyo and session.lyo - NOTICE ON PAGE: "A partir de ce 31 decembre 2025 votre plateforme e-banking, SOGECASHNET, sera remplacee par MYBUSINESS" — MIGRATION IN PROGRESS - Demo page exposed: ../../smartofficeDemo/FR/demo.htm ** Live bank login + demo environment exposed + platform in migration (risky state) ** [CRITICAL] e-coris.corisbank.bf — Coris Bank E-Banking Portal (LIVE LOGIN) - Redirects to https://e-banking.coris-bank.com/ (HTTP 200) - Behind BigIP load balancer (F5) - Built with Bootstrap 3.3.7 - Made by Ecodafrik (developer attribution) - Server stack: nginx + PleskLin (Plesk on Linux) - Strong CSP and security headers present ** Live e-banking login for one of Burkina Faso's largest banks ** [CRITICAL] esintax.bf / e-sintax.bf — National Tax Filing System (LIVE LOGIN) - HTTPS 200 at https://esintax.bf — eSINTAX V5.0 - Title: "eSINTAX Burkina Faso - Teledeclaration et telepaiement des impots" - Official DGI (Direction Generale des Impots) portal - Login form with field: "ntd" (Numero eSINTAX) + password - Also has expert-comptable (accountant) login at /index/login-expert-comptable - PHP backend (PHPSESSID cookie), Apache server - Load-balanced: SERVERID cookie (s2, s5 observed) - e-sintax.bf also resolves to same platform (HTTPS 200) ** National tax authority login — contains taxpayer data for all of Burkina Faso ** [CRITICAL] esintax.impots.gov.bf — Tax System (Old Instance?) - HTTP 200 on http://esintax.impots.gov.bf (no HTTPS) - Server: Apache/2.4.10 (Debian) — VERSION DISCLOSED - Apache 2.4.10 is extremely outdated (2014 era, Debian Jessie) - Page body was empty/minimal on probe — may be API backend or decommissioned ** Ancient Apache version on government tax infrastructure ** [HIGH] cpanel.sig.bf — cPanel Login Page (FULLY EXPOSED) - HTTPS 200 — cPanel login page at https://cpanel.sig.bf - Title: "cPanel Login" - Server: Apache (cPanel-managed) - Session cookies: cprelogin, cpsession, roundcube_sessid, PPA_ID - SIG = Service d'Information du Gouvernement (Government Information Service) ** Direct cPanel admin access to government hosting infrastructure ** [HIGH] webmail.sig.bf — cPanel Webmail Login (FULLY EXPOSED) - HTTPS 200 — Webmail login at https://webmail.sig.bf - Title: "Webmail Login" - cPanel webmail interface with Roundcube backend - Same hosting infrastructure as cpanel.sig.bf ** Government webmail login — same cPanel cluster as cpanel.sig.bf ** [HIGH] mail.agriculture.bf — Roundcube Webmail (LIVE LOGIN) - HTTPS 200 — redirects to https://mail.agriculture.bf/roundcube/ - Title: "LWS Webmail :: Welcome to LWS Webmail" - Roundcube version: 1.6.13 (rcversion:10613 = 1.06.13) - Hosted on LWS (French hosting provider) — mail09.lwspanel.com backend - HSTS enabled, session cookie: roundcube_sessid ** Ministry of Agriculture webmail — open login page ** [HIGH] mail.sotraco.bf — Roundcube Webmail (LIVE LOGIN) - HTTPS 200 — redirects to https://mail.sotraco.bf/webmail/ - Title: "Roundcube Webmail :: Welcome to Roundcube Webmail" - Roundcube version: 1.5.13 (rcversion:10513 = 1.05.13) - Server: LiteSpeed, x-tuned-by: N0C (PlanetHoster) - HTTP/3 (QUIC) enabled - SOTRACO = Societe de Transport en Commun de Ouagadougou ** Public transit company webmail — open Roundcube login ** [HIGH] mail.onatel.bf — Axigen Webmail (LIVE LOGIN) - HTTPS 200 — Axigen Webmail login page - Server: Axigen-Webmail - HTTP redirects to HTTPS on port 443 - Strong security headers: CSP, HSTS, X-Frame-Options, X-XSS-Protection - React-based login UI (react-login/build/) - ONATEL = Office National des Telecommunications (national telco) ** National telecom company mail server — Axigen platform exposed ** [HIGH] moodle.academiedepolice.bf — Police Academy Moodle LMS (LIVE) - HTTPS 200 — Moodle learning management system - Title: "Plateforme Pedagogique de l'Academie de Police du Burkina Faso" - Theme: eguru, Language: French - Theme revision timestamp: 1520268333 = March 5, 2018 - Moodle JS revision: 1472120698 = August 25, 2016 ** Moodle instance appears to be from 2016-2018 era — likely VERY outdated ** ** Police academy training platform — may contain law enforcement curriculum ** [HIGH] bibliotheque.academiedepolice.bf — Police Academy Library System (LIVE) - HTTPS 200 — PMB (PhpMyBibliographie) library management system - PMB version: 4.2.1 (v5.19) — DISCLOSED IN FOOTER - Database name disclosed: academie_bdpmb (via cookie and page body) - Record count: 789 notices (books/documents) - Admin login page ACCESSIBLE at /admin.php (HTTP 200, login form present) - OPAC (public catalog) at /opac_css/ - Cookie discloses DB: PhpMyBibli-OPACDB=academie_bdpmb ** PMB 4.2.1 is extremely outdated — admin login exposed, DB name leaked ** ** Contains police academy library catalog — law enforcement training materials ** [MEDIUM] autodiscover.sonabhy.bf — Microsoft 365 (O365 Tenant Confirmed) - HTTP redirects to https://outlook.office365.com/mail/?realm=sonabhy.bf - Autodiscover redirects to autodiscover-s.outlook.com - SONABHY = Societe Nationale Burkinabe d'Hydrocarbures (national fuel company) ** Confirms O365 tenant for sonabhy.bf — potential for password spray attacks ** [MEDIUM] cloud.btic.bf — Service Behind Load Balancer (503) - HTTPS returns 503 Service Unavailable - "No server is available to handle this request" - HTTP redirects to HTTPS - BTIC = Burkina TIC (government IT agency) ** Cloud service exists but backend is down — revisit later ** [MEDIUM] cpanel.unibio.bf — OpenResty Server Exposed - HTTPS 415 Unsupported Media Type - Server: openresty/1.27.1.1 — VERSION DISCLOSED - OpenResty 1.27.1.1 (nginx-based) ** Server version fully exposed — check for known OpenResty vulnerabilities ** [LOW] cpanel.edifice.bf / cpanel.edimedia.bf — Minimal Response - HTTP 200 with body "n0c" (PlanetHoster/N0C platform marker) - Server: LiteSpeed - Content-Length: 4 bytes ** Hosting parked but server responds — may have cPanel on non-standard port ** [LOW] postebank.sonapost.bf — Misconfigured SSL - HTTP 301 -> https://postebank.sonapost.bf/ (Apache) - HTTPS returns: "Missing Client Root for Host postebank.sonapost.bf" - Likely client certificate authentication required - SONAPOST = Societe Nationale des Postes (national postal service) bank ** Banking portal exists but requires client cert — internal access only ** [LOW] webmail.corisbank.bf — HTTPS Redirect Only - HTTP 301 -> HTTPS (nginx + Plesk) - HTTPS connection fails/times out ** May be accessible internally or intermittently ** [LOW] mail.sig.bf — Redirects to WordPress Site - Redirects to https://www.sig.bf/ (WordPress) - Server: Apache, WP-JSON API exposed ** Not a mail server — DNS alias points to main website ** ################################################################################ ## ## ## DETAILED PROBE RESULTS BY CATEGORY ## ## ## ################################################################################ ================================================================================ CATEGORY: DEFENSE/GOV INTRANET ================================================================================ --- intranet.defense.bf --- Status: NO RESPONSE (HTTPS and HTTP) Notes: DNS may not resolve externally, or host is firewalled. --- mail.defense.bf --- Status: NO RESPONSE (HTTPS and HTTP) Notes: DNS may not resolve externally, or host is firewalled. --- autodiscover.defense.bf --- Status: NO RESPONSE (HTTPS and HTTP) Notes: DNS may not resolve externally, or host is firewalled. --- intranet.agriculture.bf --- Status: NO RESPONSE (HTTPS and HTTP) Notes: DNS may not resolve externally, or host is firewalled. --- owa.agriculture.bf --- Status: NO RESPONSE (HTTPS and HTTP) Notes: DNS may not resolve externally, or host is firewalled. --- mail.agriculture.bf --- Status: LIVE (HTTPS 200) Platform: Roundcube 1.6.13 on LWS hosting (mail09.lwspanel.com) Title: "LWS Webmail :: Welcome to LWS Webmail" Headers: HSTS, X-Frame-Options: sameorigin, X-Robots-Tag: noindex Login: Open Roundcube login page ================================================================================ CATEGORY: GOV MAIL ================================================================================ --- mail.sig.bf --- Status: REDIRECT (301 -> https://www.sig.bf/) Platform: WordPress on Apache Notes: Not a mail server — redirects to main SIG WordPress site WP-JSON API: https://www.sig.bf/wp-json/ --- mail.arcep.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- webmail.arcep.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- webmail.assembleenationale.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- webmail.sig.bf --- Status: LIVE (HTTPS 200) Platform: cPanel Webmail (Roundcube backend) Title: "Webmail Login" Headers: X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff Cookies: webmailrelogin, webmailsession, roundcube_sessid, PPA_ID Login: Open cPanel webmail login page --- webmail.tresor.bf --- Status: NO RESPONSE (HTTPS and HTTP) ================================================================================ CATEGORY: CRITICAL INFRASTRUCTURE ================================================================================ --- mail.sonabhy.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- mail1.sonabhy.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- mail2.sonabhy.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- autodiscover.sonabhy.bf --- Status: LIVE (HTTP only) Platform: Microsoft 365 HTTP 301 -> https://outlook.office365.com/mail/?realm=sonabhy.bf Autodiscover: Redirects to autodiscover-s.outlook.com Server: Microsoft-IIS/10.0 Notes: Confirms SONABHY uses Office 365 --- mail.onatel.bf --- Status: LIVE (HTTPS 200) Platform: Axigen Webmail Server: Axigen-Webmail Headers: CSP, HSTS (31536000s), X-Frame-Options: sameorigin, X-XSS-Protection Login: Axigen React-based login UI --- email.onatel.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- efacture.onatel.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- autodiscover.onatel.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- mail.lonab.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- postebank.sonapost.bf --- Status: PARTIAL (HTTP 301, HTTPS error) HTTP: 301 -> https://postebank.sonapost.bf/ (Apache, X-Frame-Options: SAMEORIGIN) HTTPS: "Missing Client Root for Host postebank.sonapost.bf" Notes: Requires client certificate — likely internal banking portal --- mail.sonar.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- mail.sotraco.bf --- Status: LIVE (HTTPS 200) Platform: Roundcube 1.5.13 on LiteSpeed (PlanetHoster/N0C) Title: "Roundcube Webmail :: Welcome to Roundcube Webmail" Path: /webmail/ Headers: X-Frame-Options: sameorigin, HTTP/3 QUIC support Login: Open Roundcube login page ================================================================================ CATEGORY: BANKING ================================================================================ --- ebank.bcb.bf --- Status: LIVE (HTTPS 200) Platform: BCB-Online (custom e-banking, version 6.9.3, commit 2bbd588) Title: "BCB-Online" Login: POST /loginPost.ebk (fields: login, mdp, tokenId, codeLangueSelected) Headers: HSTS (3150000000s + 31536000s), X-Frame-Options: DENY, X-XSS-Protection Notes: French-language interface, autocomplete disabled on login field --- ebanking.bacb.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- e-coris.corisbank.bf --- Status: LIVE (HTTPS 200, redirects to e-banking.coris-bank.com) Platform: Custom e-banking portal (Bootstrap 3.3.7, by Ecodafrik) Title: "Bienvenue sur la plateforme E-coris" Server chain: nginx (PleskLin) -> BigIP (F5) -> backend Headers: Strong CSP, HSTS, X-Frame-Options: DENY, X-XSS-Protection Login: Open e-banking portal --- webmail.corisbank.bf --- Status: PARTIAL (HTTP 301 -> HTTPS, HTTPS times out) Server: nginx + Plesk HSTS: max-age=15768000; includeSubDomains --- mail.rcpb.bf --- Status: LIVE (HTTPS — Exchange Server) Platform: Microsoft Exchange Server 2019 CU15 (15.2.1748.26) Server: Microsoft-IIS/10.0 OWA: https://mail.rcpb.bf/owa/auth/logon.aspx (HTTP 200, title: "Outlook") ECP: https://mail.rcpb.bf/ecp (HTTP 200, title: "Exchange Admin Center") Internal hostname: VM-FCPB-MAIL (x-feserver header) ASP.NET version: 4.0.30319 --- autodiscover.rcpb.bf --- Status: LIVE (HTTPS 401/404) Server: Microsoft-IIS/10.0, Microsoft-HTTPAPI/2.0 Autodiscover endpoint: 401 with NTLM/Negotiate/Basic OWA version confirmed: 15.2.1748.26 Internal hostname: VM-FCPB-MAIL Auth methods: NTLM, Negotiate, Basic (realm: mail.rcpb.bf) OAuth enabled, SOAP enabled, WSSecurity enabled --- intranet.rcpb.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- mail.cbaofaso.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- autodiscover.cbaofaso.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- sogecashnet.societegenerale.bf --- Status: LIVE (HTTPS 200) Platform: SmartOffice (Sopra Banking Software) Title: "SOGECASHNET | SOCIETE GENERALE BURKINA FASO" Path: /smartoffice/ Login: POST to FR/session.lyo Demo: ../../smartofficeDemo/FR/demo.htm Notice: Migration to "MYBUSINESS" platform announced for Dec 31, 2025 Notes: Platform in migration state — increased attack surface during transition ================================================================================ CATEGORY: ADMIN PANELS ================================================================================ --- cpanel.sig.bf --- Status: LIVE (HTTPS 200) Platform: cPanel Title: "cPanel Login" Server: Apache Cookies: cprelogin, cpsession, roundcube_sessid, PPA_ID Login: Full cPanel login interface --- cpanel.onaser.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- cpanel.edifice.bf --- Status: LIVE (HTTP 200, HTTPS no response) Server: LiteSpeed Body: "n0c" (PlanetHoster marker) Content-Length: 4 bytes --- cpanel.edimedia.bf --- Status: LIVE (HTTP 200, HTTPS no response) Server: LiteSpeed Body: "n0c" (PlanetHoster marker) Content-Length: 4 bytes --- cpanel.globalsolutions.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- cpanel.unibio.bf --- Status: LIVE (HTTPS 415, HTTP 415) Server: openresty/1.27.1.1 (version disclosed) Response: "415 Unsupported Media Type" --- cpanel.universiteenligne.bf --- Status: NO RESPONSE (HTTPS and HTTP) ================================================================================ CATEGORY: DEVOPS/MONITORING ================================================================================ --- zabbix.btic.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- git2.btic.bf --- Status: NO RESPONSE (HTTPS and HTTP) --- cloud.btic.bf --- Status: LIVE (HTTPS 503) Response: "503 Service Unavailable — No server is available to handle this request" HTTP: 302 -> HTTPS Notes: Behind load balancer/reverse proxy, backend is down --- cloud2.btic.bf --- Status: NO RESPONSE (HTTPS and HTTP) ================================================================================ CATEGORY: TAX SYSTEMS ================================================================================ --- esintax.impots.gov.bf --- Status: LIVE (HTTP 200 only, no HTTPS) Server: Apache/2.4.10 (Debian) — FULL VERSION DISCLOSED Notes: Apache 2.4.10 is from 2014 (Debian Jessie era), extremely outdated Page content was empty/minimal — may be legacy or API-only --- esintax.bf --- Status: LIVE (HTTPS 200) Platform: eSINTAX V5.0 (PHP) Title: "eSINTAX Burkina Faso - Teledeclaration et telepaiement des impots" Server: Apache (load-balanced, SERVERID cookie) Login: ntd (Numero eSINTAX) + password Additional: Expert-comptable login at /index/login-expert-comptable Description: Official tax declaration and payment portal for DGI Burkina Faso --- e-sintax.bf --- Status: LIVE (HTTPS 200, HTTP 302 -> HTTPS) Platform: Same eSINTAX V5.0 portal Server: Apache Notes: Alternate domain pointing to same tax platform ================================================================================ CATEGORY: POLICE ================================================================================ --- moodle.academiedepolice.bf --- Status: LIVE (HTTPS 200) Platform: Moodle (theme: eguru) Title: "Plateforme Pedagogique de l'Academie de Police du Burkina Faso" Language: French Theme revision: 1520268333 (March 5, 2018) JS revision: 1472120698 (August 25, 2016) Admin: /admin/ accessible (303 redirect to /admin/index.php) Notes: Moodle instance appears to be from 2016-2018 — likely severely outdated --- bibliotheque.academiedepolice.bf --- Status: LIVE (HTTPS 200) Platform: PMB (PhpMyBibliographie) 4.2.1 (v5.19) Title: "PMB" Database: academie_bdpmb (disclosed via cookie and page body) Records: 789 notices Admin: /admin.php accessible (HTTP 200, login form present) OPAC: /opac_css/ accessible (public catalog) Version: 4.2.1 — FULLY DISCLOSED IN FOOTER Notes: Very outdated PMB version, admin login exposed, DB name leaked ################################################################################ ## ## ## SUMMARY STATISTICS ## ## ## ################################################################################ Total domains probed: 53 Live/responding: 22 No response: 31 LIVE TARGETS BREAKDOWN: Open login pages: 12 E-banking portals: 4 (BCB, Coris, SocGen, PosteBank) Webmail logins: 5 (agriculture, sig, sotraco, onatel, rcpb) cPanel/admin panels: 2 (sig cPanel, sig webmail) Tax system logins: 3 (esintax.bf, e-sintax.bf, esintax.impots.gov.bf) Police/education: 2 (moodle, bibliotheque) O365 tenants confirmed: 1 (sonabhy.bf) Cloud/infra (down): 1 (cloud.btic.bf) VERSION DISCLOSURES: - Exchange Server 2019 CU15 (15.2.1748.26) — mail.rcpb.bf - Apache/2.4.10 (Debian) — esintax.impots.gov.bf - Roundcube 1.6.13 — mail.agriculture.bf - Roundcube 1.5.13 — mail.sotraco.bf - PMB 4.2.1 — bibliotheque.academiedepolice.bf - OpenResty 1.27.1.1 — cpanel.unibio.bf - BCB-Online 6.9.3 (commit 2bbd588) — ebank.bcb.bf - eSINTAX V5.0 — esintax.bf - Axigen Webmail (version unknown) — mail.onatel.bf - Moodle ~2016-2018 era — moodle.academiedepolice.bf INTERNAL HOSTNAMES DISCLOSED: - VM-FCPB-MAIL — mail.rcpb.bf / autodiscover.rcpb.bf (Exchange) PRIORITY TARGETS FOR DEEPER RECON: 1. mail.rcpb.bf — Exchange 2019, OWA+ECP exposed, version known 2. ebank.bcb.bf — Live banking login, version disclosed 3. esintax.bf — National tax system, PHP login 4. sogecashnet.societegenerale.bf — Bank in platform migration 5. bibliotheque.academiedepolice.bf — Ancient PMB, admin login exposed 6. moodle.academiedepolice.bf — Ancient Moodle, police training content 7. cpanel.sig.bf — Government cPanel admin access 8. esintax.impots.gov.bf — Ancient Apache on tax infrastructure ================================================================================ END OF PROBE — Generated 2026-03-04 ================================================================================