Ecuador WordPress Infrastructure
EXECUTIVE SUMMARY
Scope: 60+ government domains across military, judicial, financial, infrastructure, education sectors Method: WordPress REST API enumeration, sensitive path probing, paginated data download
Rounds 4 and 5 expanded coverage from the initial financial/executive/security sectors to all remaining government ministries, universities, military domains, and financial institutions. Key outcomes:
- 12 new WordPress sites fully enumerated and paginated
- 3 new financial WP sites discovered (CELEC, CFN, BCE)
- 7 new user accounts enumerated on CPCCS
- All 21 .mil.ec domains confirmed unreachable (well-segmented military network)
- 3 sites down (inclusion, obraspublicas, ambiente returning 503)
- WAF detections: BIESS (F5 BIG-IP), BCE (F5), contraloria (IIS soft-404), cnelep (soft-404)
- Total WP data: ~75,000 posts, ~190,000 media items, ~9,500 comments across 30+ sites
ROUND 4 FINDINGS (48 Domains Probed)
New WordPress Sites — Full Data Downloaded
| Domain |
Posts |
Media |
Comments |
Pages |
Categories |
Tags |
| agricultura.gob.ec |
14,209 |
15,221 |
— |
19 |
51 |
226 |
| inclusion.gob.ec |
22,525 |
15,313 |
4,549 |
31 |
52 |
2,054 |
| salud.gob.ec |
7,707 |
32,114 |
— |
18 |
57 |
971 |
| cpccs.gob.ec |
7,495 |
32,485 |
— |
866 |
26 |
1,190 |
| deporte.gob.ec |
7,835 |
10,007 |
22 |
45 |
19 |
445 |
| telecomunicaciones.gob.ec |
2,836 |
15,143 |
9 |
26 |
34 |
13 |
| trabajo.gob.ec |
838 |
5,120 |
— |
9 |
10 |
— |
| finanzas.gob.ec |
792 |
1,872 |
— |
25 |
23 |
30 |
| espoch.edu.ec |
10 |
9,378 |
— |
333 |
8 |
13 |
| uta.edu.ec |
281 |
1,302 |
— |
101 |
51 |
28 |
| ambiente.gob.ec |
1,340 |
13,363 |
— |
140 |
4 |
4 |
| obraspublicas.gob.ec |
6,790 |
8,621 |
— |
31 |
68 |
136 |
CPCCS User Enumeration (NEW — 7 Accounts)
Citizens' Participation and Social Control Council:
| ID |
Name |
Slug |
| 1 |
infraestructura |
infraestructura |
| 3 |
Belen Vasconez |
belen-vasconez |
| 6 |
Cesar Bermeo |
cesar-bermeo |
| 7 |
Daysi Tufino |
daysi-tufino |
| 8 |
Mauro Pilatasig |
mauro-pilatasig |
| 9 |
Rebeca Llasag |
rebeca-llasag |
| 10 |
Santiago Bolanos |
santiago-bolanos |
Military Sector Probe (21 .mil.ec Domains)
ALL UNREACHABLE from external network:
armada.mil.ec, ejercito.mil.ec, fuerzaaerea.mil.ec, fuerzanaval.mil.ec, fuerzaterrestre.mil.ec, comando.mil.ec, comaco.mil.ec, sstg.mil.ec, marina.mil.ec, espe.edu.ec, esmil.edu.ec, essuna.edu.ec, midena.gob.ec, isspol.gob.ec, policiaecuador.gob.ec, ministeriointerior.gob.ec, inteligencia.gob.ec, csirt.gob.ec, snai.gob.ec, defensa.ec
Assessment: Military infrastructure is well-segmented from public internet. Only previously-known sites (fae.mil.ec, issfa.mil.ec, ccffaa.mil.ec) remain accessible.
Sensitive Domain Probe (19 Domains)
| Domain |
Status |
Notes |
| igm.gob.ec |
Alive |
Apache/2.4.37 Rocky Linux, no WP, locked down |
| cnt.gob.ec |
Alive |
Nuxt.js app, no WP |
| cnelep.gob.ec |
Alive |
All paths return same 354KB page (soft 404 / WAF) |
| supercias.gob.ec |
HTTP 403 |
Alive but fully blocked |
| All others |
Unreachable |
Without www prefix |
ROUND 5 FINDINGS (www-prefix Discovery)
Several domains unreachable without www prefix became accessible:
New WordPress Sites
| Domain |
Posts |
Media |
Pages |
Categories |
Tags |
Notes |
| www.celec.gob.ec |
1,694 |
3,185 |
36 |
29 |
— |
nginx/1.14.1, users blocked (401), .git blocked (403) |
| www.cfn.fin.ec |
304 |
4,207 |
30 |
11 |
46 |
Apache, LiteSpeed Cache, Application Passwords auth enabled |
| www.bce.fin.ec |
498 |
1,252 |
172 |
4 |
10 |
F5 WAF, [email protected] security contact |
Infrastructure Discovery
| Domain |
Server |
Stack |
WAF |
Notes |
| www.contraloria.gob.ec |
IIS/10.0 |
ASP.NET, X-Powered-By: CGE |
Soft 404 (32KB for all paths) |
Comptroller General |
| www.biess.fin.ec |
IIS/7.5 |
ASP.NET 4.0.30319 |
F5 BIG-IP (cookie TS01f73070) |
Social Security Bank, ancient IIS |
| www.funcionjudicial.gob.ec |
Apache |
WordPress confirmed |
Full lockdown (401 on ALL WP API endpoints) |
Judicial Branch |
SERVER FINGERPRINTING SUMMARY
| Target |
Server |
PHP/Framework |
WAF/CDN |
| agricultura.gob.ec |
— |
WordPress + Wordfence |
Google Site Kit |
| celec.gob.ec |
nginx/1.14.1 |
WordPress |
— |
| cfn.fin.ec |
Apache |
WordPress + LiteSpeed Cache |
— |
| bce.fin.ec |
Reverse proxy |
WordPress + Elementor |
F5 BIG-IP |
| contraloria.gob.ec |
IIS/10.0 |
ASP.NET |
CGE |
| biess.fin.ec |
IIS/7.5 |
ASP.NET 4.0 |
F5 BIG-IP |
| funcionjudicial.gob.ec |
Apache |
WordPress |
Full API lockdown |
| igm.gob.ec |
Apache/2.4.37 |
Rocky Linux, OpenSSL/1.1.1k |
— |
| cnt.gob.ec |
— |
Nuxt.js |
— |
| espoch.edu.ec |
— |
WordPress + LiteSpeed Cache |
— |
| uta.edu.ec |
Apache/2.4.62 |
PHP/8.0.30, Rocky Linux |
— |
WORDPRESS PLUGIN DEPLOYMENT MAP
| Plugin |
Sites Deployed |
| Wordfence |
BCE, CELEC, Agricultura, Deporte, ESPOCH, Finanzas, Inclusion, Obras Publicas, Salud, Telecom, Trabajo, UTA |
| Elementor |
BCE, CELEC, CPCCS, ESPOCH, Trabajo, UTA |
| Google Site Kit |
Agricultura, Deporte, Inclusion, Obras Publicas, Salud, Telecom, Trabajo |
| Redirection |
BCE, CPCCS, UTA |
| Application Passwords |
CFN, CPCCS |
| LiteSpeed Cache |
CFN, ESPOCH |
| Forminator |
Obras Publicas |
| WP Statistics |
ESPOCH, UTA |
DATA DOWNLOAD STATUS
Fully Paginated (all pages downloaded)
| Site |
Files |
Size |
| agricultura-gob-ec |
301 |
141 MB |
| deporte-gob-ec |
188 |
73 MB |
| telecomunicaciones-gob-ec |
184 |
54 MB |
| educacion-gob-ec |
397 |
133 MB |
| trabajo-gob-ec |
63 |
30 MB |
| finanzas-gob-ec |
29 |
11 MB |
| espoch-edu-ec |
99 |
68 MB |
| uta-edu-ec |
21 |
49 MB |
| celec-gob-ec |
51 |
20 MB |
| cfn-fin-ec |
50 |
15 MB |
| bce-fin-ec |
22 |
17 MB |
| registrocivil-gob-ec |
52 |
23 MB |
| www-salud-gob-ec |
269 |
— |
| www-cpccs-gob-ec |
304 |
— |
Servers Down (503 — retry later)
| Site |
Known Data |
Status |
| inclusion.gob.ec |
22,525 posts, 15,313 media |
First page + comments downloaded |
| obraspublicas.gob.ec |
6,790 posts, 8,621 media |
First page only |
| ambiente.gob.ec |
1,340 posts, 13,363 media |
First page only |
NEW EMAIL ADDRESSES DISCOVERED
55 new government emails from Round 5 sites:
- CELEC (9): jhery.saavedra, juan.jara, juan.mogrovejo, pedro.espinoza + functional mailboxes
- CFN (19): cramirez, dchasi, jfrias, mapolo, mizquierdo, mmoncayo, mparedes + [email protected]
- BCE (27): atencionciudadana, biblioteca, comercializaciondeoro, dcv, seguridad + named staff