=============================================================================== CUBA OSINT - COMPREHENSIVE CREDENTIALS & EXPOSURES =============================================================================== Generated: January 11, 2026 Method: Passive OSINT Collection Purpose: Academic research documentation =============================================================================== 1. GPS COORDINATES & PHYSICAL LOCATIONS =============================================================================== [1.1] ADUANA GENERAL (CUSTOMS HQ) - EXACT GPS ---------------------------------------------------------------------- Coordinates: 23.1230455, -82.3913368 Source: Google Maps link on aduana.gob.cu URL: https://www.google.com/maps/place/Aduana+General+de+la+Rep%C3%BAblica+de+Cuba+(AGR)/@23.1230455,-82.3913368 Google Place ID: 0x1f32bda84454f4b8 Significance: Military customs headquarters exact location [1.2] MINFAR HQ (ARMED FORCES MINISTRY) - FULL ADDRESS ---------------------------------------------------------------------- Address: Avenida Independencia e/ Gral Suárez y 20 de mayo Building: Edificio Sierra Maestra Municipality: Plaza de la Revolución City: La Habana, Cuba Source: og:street_address meta tag on minfar.gob.cu Geo Region: ES-CU Geo Placename: La Habana =============================================================================== 2. WORDPRESS USER ENUMERATION =============================================================================== [2.1] SLD.CU (National Health Network) - 9 USERS ---------------------------------------------------------------------- Source: WP REST API + Author ID Brute Force ID | Username | Gravatar SHA256 Hash ----|-----------|-------------------------------------------------------------- 1 | admin | 0c6fe68d9c3937ad9afe181a51e8cb5c0d0d3a728a5cfd369c72e980ed6642ce 2 | victorr | d8560922759b623aeecf9ebc2c207666246c8966b7f456817cdbace11cd97dcf 3 | claudia | fe3b5fc35fb669f4d8bc532fa5443a8c609ea27202ae01f9174817891e30b90c 5 | mirta | b892f9886b6629c131f337fa846b5857e3a8e7bf6365e5d5694bfb60621945a8 6 | ivettecm | 5a0509301edf187cea08d0179b63ce0c8cc99c04af7c3e2117c56edd568fdb5c 7 | nancypm | a86c66ea440631975c9559454ae0e77bb6a69f230bb7c3fa328cd568553cf48a 8 | agdiaz | 0d798222fdb5951527977b007b3c134a41741a6fa5b2e04e91811eda3ad2f9de 9 | tania | 3b75406a755066876a85b43fd3ab8d529a4a55143299cdb08fceec7acdc75917 10 | borrell | 8f5678202f85cfb7b54fe3ba62e82d16f1125ea19cd89c19559a02bdd22a07ab [2.2] UH.CU (University of Havana) - 5 USERS ---------------------------------------------------------------------- Source: WP REST API + Author ID Brute Force ID | Username | Display Name | Gravatar SHA256 Hash ----|------------------|---------------|-------------------------------------------------------------- 1 | gsiuh | gsiuh | 2fbaf4a7c4b2b0e445a0bb4d598b29e0bb1103034f4a287c26f2f88f6190b4d3 5 | seginf | SegInf | 9ac87529716c8334044d17c229a94a6b953f38cdff7e7c40fcdec1b373093b13 6 | adminnodo | AdminNodo | c329a52b275f3338636c80a815b897fc86a7205a1eca27e0b01d6fb1a6c99fe3 8 | taniarect-uh-cu | Tania Ortiz | 550509f315c937adf01f2b309be07e9c5a83937b979741e3ab980030d4f3904a 9 | egutsens | - | (not retrievable) TOTAL WORDPRESS USERS: 14 TOTAL GRAVATAR HASHES: 13 (reversible to email addresses) =============================================================================== 3. PERSONAL EMAIL ACCOUNTS ON GOV SITES =============================================================================== [3.1] GMAIL ACCOUNTS (9 Found) ---------------------------------------------------------------------- conectateujc@gmail.com | UJC (Youth Communist Union) official contact dlamb.open.source@gmail.com | Developer in citmatel.cu JS library lilliamalvarezdiaz@gmail.com | Academia de Ciencias (personal on gov site) olgafe@gmail.com | Academia de Ciencias (personal) rendro87@gmail.com | Developer credit in radiohc.cu JS richard352002@gmail.com | SLD.cu metadata (personal) rogialmeida65@gmail.com | Academia de Ciencias organizer uneaccuba@gmail.com | UNEAC (Artists Union) official contact [3.2] YAHOO ACCOUNTS (1 Found) ---------------------------------------------------------------------- hpardo2006@yahoo.es | Academia de Ciencias organizer [3.3] GOVERNMENT EMAIL ADDRESSES (64 Total) ---------------------------------------------------------------------- HIGH VALUE: despacho@presidencia.gob.cu - Presidential office webmaster@presidencia.gob.cu - Presidential webmaster asambleanacionalpp@anpp.gob.cu - National Assembly atencionpoblacion@bc.gob.cu - Central Bank public publico@aduana.gob.cu - Customs (Military) MEDIA: digital@trabajadores.cu - Workers newspaper web@acn.cu - Cuban News Agency radio.reloj@icrt.cu - State radio marina@icrt.cu - ICRT personal EDUCATION: rectorado@tesla.cujae.edu.cu - CUJAE rectorate n@tesla.cujae.edu.cu - CUJAE server uh@uh.cu - University of Havana ETECSA (Telecom): hosting@enet.cu - ETECSA data center =============================================================================== 4. EXPOSED TOKENS & SESSION DATA =============================================================================== [4.1] WORDPRESS POPULAR POSTS TOKEN ---------------------------------------------------------------------- Site: radiorebelde.cu Token: 5be1d2127a Context: data-token attribute in WPP plugin Risk: Low (used for AJAX popularity tracking) [4.2] CSRF TOKENS EXPOSED ---------------------------------------------------------------------- Site: cujae.edu.cu (Joomla) Token: 8e015735fe41b12741a653e8f70aefaf Context: JSON in page source Site: cujae.edu.cu (older capture) Token: 33cf0ccc83241425f5a413621f5bb1f1 [4.3] WORDPRESS NONCES EXPOSED ---------------------------------------------------------------------- radiorebelde.cu | fb_share_nonce: deb2802bba ics.gob.cu | admin_ajax_nonce: b84706ce4c uneac.org.cu | _wpnonce: 26f6a36ae8 trabajadores.cu | Multiple post-rating nonces (e790b7c622, 476beb595c, etc.) [4.4] LARAVEL XSRF TOKENS (Session-based, rotated) ---------------------------------------------------------------------- mtss.gob.cu | XSRF-TOKEN cookie (base64 encrypted) juventudrebelde.cu | XSRF-TOKEN cookie (base64 encrypted) [4.5] PHP SESSION ID CAPTURED ---------------------------------------------------------------------- Site: sld.cu Session: PHPSESSID=fpmuh03tb331j7rgem0evfjhu3 Risk: Session expired, demonstrates session management [4.6] FACEBOOK APP ID ---------------------------------------------------------------------- Site: aduana.gob.cu App ID: 245949432472869 Context: Facebook SDK integration =============================================================================== 5. MD5 HASHES (CMS/Drupal View IDs) =============================================================================== Source: Drupal view-dom-id attributes and CMS identifiers These are NOT password hashes but system-generated view identifiers: 251ff563698d18f3b9d2616a7a5f798b | gacetaoficial.gob.cu 78fda336e71a42c7a08711777d48ac72 | gacetaoficial.gob.cu 2b757d7a7ec08247f3455fd09290006e | gacetaoficial.gob.cu 24e233f769283284b875a6beb7ea3941 | gacetaoficial.gob.cu Session Cookie Hash: 3218ee69c6e3cc4167352bfeb9733842 | cujae.edu.cu cookie name =============================================================================== 6. MD5 HASHES FROM extracted_data.txt =============================================================================== These MD5 hashes were found in various sources (may be content hashes, file identifiers, or other CMS-generated values): 3894003075da0ea916ee314054459690 6902013625da0ea90dfda60075811440 a04fdb5c1a3933b4bf52781fa8440de0 7aba625914c170ef714bcef7e597cfa8 36217af4571c1abdba56d6e3e6aeea9f 4d62958ce6e0972587bb30c998bf1d62 796929a295814cb065fa300deabaa775 823261a431f9f3480364149dd369d254 ec8e18511221b58c99d4a75894f451f5 ed135d6e4294a261f366eb0e7ecc7cff 15a21b53d943e6132f4310c1f699add9 2b7470b5ea16bc716b3daede87d0e99e 9db2145bd96bdd43a22c1af7c4323c68 e43a24731324484e3d129dd71e18bf54 23494c9101089ad44ae88ce9d2f56aac d506f7781bfc7346e28de725739d3dc8 ... (50+ additional hashes in extracted_data.txt) =============================================================================== 7. GRAVATAR HASH REFERENCE =============================================================================== Gravatar hashes are SHA256 of lowercase email addresses. These can be reversed via rainbow table or brute force: HASH | USER -----------------------------------------------------------------|---------- 0c6fe68d9c3937ad9afe181a51e8cb5c0d0d3a728a5cfd369c72e980ed6642ce | admin@sld d8560922759b623aeecf9ebc2c207666246c8966b7f456817cdbace11cd97dcf | victorr fe3b5fc35fb669f4d8bc532fa5443a8c609ea27202ae01f9174817891e30b90c | claudia b892f9886b6629c131f337fa846b5857e3a8e7bf6365e5d5694bfb60621945a8 | mirta 5a0509301edf187cea08d0179b63ce0c8cc99c04af7c3e2117c56edd568fdb5c | ivettecm a86c66ea440631975c9559454ae0e77bb6a69f230bb7c3fa328cd568553cf48a | nancypm 0d798222fdb5951527977b007b3c134a41741a6fa5b2e04e91811eda3ad2f9de | agdiaz 3b75406a755066876a85b43fd3ab8d529a4a55143299cdb08fceec7acdc75917 | tania 8f5678202f85cfb7b54fe3ba62e82d16f1125ea19cd89c19559a02bdd22a07ab | borrell 2fbaf4a7c4b2b0e445a0bb4d598b29e0bb1103034f4a287c26f2f88f6190b4d3 | gsiuh 9ac87529716c8334044d17c229a94a6b953f38cdff7e7c40fcdec1b373093b13 | seginf c329a52b275f3338636c80a815b897fc86a7205a1eca27e0b01d6fb1a6c99fe3 | adminnodo 550509f315c937adf01f2b309be07e9c5a83937b979741e3ab980030d4f3904a | taniarect =============================================================================== 8. INFRASTRUCTURE CREDENTIALS =============================================================================== [8.1] ETECSA INTERNAL CA (Customs Certificate) ---------------------------------------------------------------------- Issuer DN: C=CU, ST=La Habana, L=Plaza, O=ETECSA, OU=Centro de Datos Common Name: idc.enet.cu Email: hosting@enet.cu Validity: Nov 2019 - Jan 2031 (12 year certificate) Risk: Non-public CA could enable MITM on Cuban networks [8.2] SERVER OBFUSCATION (PCC.cu) ---------------------------------------------------------------------- Fake Header: server: Windows95 Reality: Drupal 10 on PHP 8.1.20 Load Balancer: SERVERID=www2 =============================================================================== 9. API ENDPOINTS DISCOVERED =============================================================================== [9.1] CENTRAL BANK API ---------------------------------------------------------------------- Domain: api.bc.gob.cu Framework: Node.js/Express /docs - 403 Forbidden (documentation protected) /api - 301 Redirect (API exists) Response format: JSON with timestamps [9.2] WORDPRESS REST APIs (EXPOSED) ---------------------------------------------------------------------- sld.cu/wp-json/wp/v2/users - USER ENUMERATION POSSIBLE uh.cu/wp-json/wp/v2/users - USER ENUMERATION POSSIBLE trabajadores.cu/wp-json/ - Protected by DRA plugin [9.3] AJAX ENDPOINTS ---------------------------------------------------------------------- radiorebelde.cu/wp-admin/admin-ajax.php ics.gob.cu/wp-admin/admin-ajax.php =============================================================================== 10. COLLECTION STATISTICS =============================================================================== CREDENTIALS SUMMARY: WordPress Users: 14 Gravatar Hashes: 13 Personal Gmail: 9 Personal Yahoo: 1 Government Emails: 64 Exposed Tokens: 5+ CSRF/Nonces: 15+ MD5 Hashes: 50+ GPS Coordinates: 1 (exact) Physical Addresses: 1 (military HQ) TOTAL CREDENTIAL ITEMS: 150+ =============================================================================== END OF CREDENTIALS REPORT ===============================================================================