Anonymous JTSEC #OpSudan Full Recon #49

#######################################################################################################################################
=======================================================================================================================================
Hostname 	sahl.gov.sd 	  	ISP 	HostDime.com, Inc.
Continent 	North America 	  	Flag
US
Country 	United States 	  	Country Code 	US
Region 	Florida 	  	Local time 	28 Mar 2019 16:16 EDT
City 	Orlando 	  	Postal Code 	32826
IP Address 	138.128.160.2 	  	Latitude 	28.583
  	  	  	Longitude 	-81.191
=======================================================================================================================================
#######################################################################################################################################
> sahl.gov.sd
Server:		185.93.180.131
Address:	185.93.180.131#53

Non-authoritative answer:
Name:	sahl.gov.sd
Address: 138.128.160.2
>
#######################################################################################################################################
HostIP:138.128.160.2
HostName:sahl.gov.sd

Gathered Inet-whois information for 138.128.160.2
---------------------------------------------------------------------------------------------------------------------------------------


inetnum:        138.128.144.0 - 138.130.255.255
netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr:          IPv4 address block not managed by the RIPE NCC
remarks:        ------------------------------------------------------
remarks:
remarks:        For registration information,
remarks:        you can consult the following sources:
remarks:
remarks:        IANA
remarks:        http://www.iana.org/assignments/ipv4-address-space
remarks:        http://www.iana.org/assignments/iana-ipv4-special-registry
remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space
remarks:
remarks:        AFRINIC (Africa)
remarks:        http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks:        APNIC (Asia Pacific)
remarks:        http://www.apnic.net/ whois.apnic.net
remarks:
remarks:        ARIN (Northern America)
remarks:        http://www.arin.net/ whois.arin.net
remarks:
remarks:        LACNIC (Latin America and the Carribean)
remarks:        http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks:        ------------------------------------------------------
country:        EU # Country is really world wide
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
status:         ALLOCATED UNSPECIFIED
mnt-by:         RIPE-NCC-HM-MNT
created:        2019-01-07T10:49:49Z
last-modified:  2019-01-07T10:49:49Z
source:         RIPE

role:           Internet Assigned Numbers Authority
address:        see http://www.iana.org.
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
nic-hdl:        IANA1-RIPE
remarks:        For more information on IANA services
remarks:        go to IANA web site at http://www.iana.org.
mnt-by:         RIPE-NCC-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2001-09-22T09:31:27Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.93.2 (BLAARKOP)


Gathered Inic-whois information for sahl.gov.sd
---------------------------------------------------------------------------------------------------------------------------------------
Error: Unable to connect - Invalid Host
ERROR: Connection to InicWhois Server sd.whois-servers.net failed
close error

Gathered Netcraft information for sahl.gov.sd
---------------------------------------------------------------------------------------------------------------------------------------

Retrieving Netcraft.com information for sahl.gov.sd
Netcraft.com Information gathered

Gathered Subdomain information for sahl.gov.sd
---------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
HostName:www.sahl.gov.sd
HostIP:138.128.160.2
Searching Altavista.com:80...
Found 1 possible subdomain(s) for host sahl.gov.sd, Searched 0 pages containing 0 results

Gathered E-Mail information for sahl.gov.sd
---------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host sahl.gov.sd, Searched 0 pages containing 0 results

Gathered TCP Port information for 138.128.160.2
---------------------------------------------------------------------------------------------------------------------------------------

 Port		State

21/tcp		open
53/tcp		open
80/tcp		open
110/tcp		open
143/tcp		open

Portscan Finished: Scanned 150 ports, 4 ports were in state closed
#######################################################################################################################################
[i] Scanning Site: http://sahl.gov.sd


B A S I C   I N F O
=======================================================================================================================================


[+] Site Title:   شركة مطارات السودان القابضة
[+] IP address: 138.128.160.2
[+] Web Server: Could Not Detect
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt!


G E O  I P  L O O K  U P
=======================================================================================================================================

[i] IP Address: 138.128.160.2
[i] Country: United States
[i] State: Florida
[i] City: Orlando
[i] Latitude: 28.5826
[i] Longitude: -81.1907


H T T P   H E A D E R S
=======================================================================================================================================


[i]  HTTP/1.1 302 Found
[i]  Date: Thu, 28 Mar 2019 20:20:57 GMT
[i]  X-Powered-By: PHP/5.6.40
[i]  Location: http://sahl.gov.sd/index.php/ar/
[i]  Content-Length: 0
[i]  Content-Type: text/html; charset=UTF-8
[i]  Connection: close
[i]  HTTP/1.1 200 OK
[i]  Date: Thu, 28 Mar 2019 20:20:58 GMT
[i]  X-Powered-By: PHP/5.6.40
[i]  Set-Cookie: user_lang=ar; expires=Thu, 28-Mar-2019 22:20:58 GMT; Max-Age=7200; path=/
[i]  Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2239d502c10fbe1e1913eaffce1f62efcc%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%2277.243.183.14%22%3Bs%3A10%3A%22user_agent%22%3Bb%3A0%3Bs%3A13%3A%22last_activity%22%3Bi%3A1553804458%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D678003dc70a9b787aa903ecb3d07e99d; expires=Thu, 28-Mar-2019 22:20:58 GMT; Max-Age=7200; path=/
[i]  Content-Length: 15864
[i]  Content-Type: text/html; charset=UTF-8
[i]  Connection: close


D N S   L O O K U P
=======================================================================================================================================

sahl.gov.sd.		14399	IN	MX	0 sahl.gov.sd.
sahl.gov.sd.		21599	IN	SOA	ns1.click-grafix.com. karouri.gmail.com. 2019031801 3600 7200 1209600 86400
sahl.gov.sd.		21599	IN	NS	ns2.click-grafix.com.
sahl.gov.sd.		21599	IN	NS	ns1.click-grafix.com.
sahl.gov.sd.		14399	IN	A	138.128.160.2


S U B N E T   C A L C U L A T I O N
=======================================================================================================================================

Address       = 138.128.160.2
Network       = 138.128.160.2 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 138.128.160.2 - 138.128.160.2 }


N M A P   P O R T   S C A N
=======================================================================================================================================

Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 20:21 UTC
Nmap scan report for sahl.gov.sd (138.128.160.2)
Host is up (0.034s latency).
rDNS record for 138.128.160.2: server.click-grafix.com

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   closed   ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
#######################################################################################################################################
[?] Enter the target: example( http://domain.com )
http://sahl.gov.sd/index.php/ar/
[!] IP Address : 138.128.160.2
[!] sahl.gov.sd doesn't seem to use a CMS
[+] Honeypot Probabilty: 30%
---------------------------------------------------------------------------------------------------------------------------------------
[~] Trying to gather whois information for sahl.gov.sd
[+] Whois information found
[-] Unable to build response, visit https://who.is/whois/sahl.gov.sd
---------------------------------------------------------------------------------------------------------------------------------------
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   closed   ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds
---------------------------------------------------------------------------------------------------------------------------------------

[+] DNS Records
ns1.click-grafix.com. (138.128.160.3) AS33182 HostDime.com, Inc. United States
ns2.click-grafix.com. (138.128.160.4) AS33182 HostDime.com, Inc. United States

[+] MX Records
0 (138.128.160.2) AS33182 HostDime.com, Inc. United States

[+] Host Records (A)
sahl.gov.sdHTTP: (server.click-grafix.com) (138.128.160.2) AS33182 HostDime.com, Inc. United States

[+] TXT Records

[+] DNS Map: https://dnsdumpster.com/static/map/sahl.gov.sd.png

[>] Initiating 3 intel modules
[>] Loading Alpha module (1/3)
[>] Beta module deployed (2/3)
[>] Gamma module initiated (3/3)


[+] Emails found:
---------------------------------------------------------------------------------------------------------------------------------------
pixel-155380446693336-web-@sahl.gov.sd
pixel-1553804468260954-web-@sahl.gov.sd

[+] Hosts found in search engines:
---------------------------------------------------------------------------------------------------------------------------------------
[-] Resolving hostnames IPs...
138.128.160.2:www.sahl.gov.sd
[+] Virtual hosts:
---------------------------------------------------------------------------------------------------------------------------------------
138.128.160.2	click.sd
138.128.160.2	mahgoubsons
138.128.160.2	sudanports.gov.sd
138.128.160.2	sudapet
138.128.160.2	saria
138.128.160.2	www.ariab
138.128.160.2	www.fasrc.org
138.128.160.2	mohe.gov.sd
138.128.160.2	aou.edu.sd
138.128.160.2	wre.gov.sd
138.128.160.2	audit.gov.sd
138.128.160.2	saudisb.sd
138.128.160.2	www.tpsudan.gov.sd
138.128.160.2	sudapost.sd
138.128.160.2	www.sudanports.gov.sd
138.128.160.2	maak.sd
#######################################################################################################################################
Enter Address Website = sahl.gov.sd

Reversing IP With HackTarget 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------

[+] 138.128.160.2
[+] aacpd.org
[+] aayan.com.qa
[+] abaad.sd
[+] abanos.net
[+] abdeenandco.com
[+] adding-sd.com
[+] advocatemakki.com
[+] adyagroup.net
[+] agrogate-holdings.com
[+] ahqsudan.com
[+] alamjadsteel.com
[+] alanfalgroup.com
[+] alanfaljabra.com
[+] albadaael.com
[+] albarakafinancial.com
[+] alfala.com
[+] alitimadgroup.com
[+] aljazeerabank.com.sd
[+] almamoonoil.com
[+] aloaloa.com
[+] alomergroup.com
[+] alrawabi.yassirkambalgroup.com
[+] alsundusiamedical.com
[+] alwatanyia.com
[+] alwathbagroup.com
[+] alzawaya-medical.com
[+] anpm.co
[+] aou.edu.sd
[+] apg-sd.com
[+] app.advocatemakki.com
[+] apple-login.org.rakhie.net
[+] arabiawork.com
[+] arech.apg-sd.com
[+] arenboutique.com
[+] ariabmining.net
[+] ar.nileuniversity-edu.com
[+] aseelcomplex.yassirkambalgroup.com
[+] aseel.yassirkambalgroup.com
[+] ashrafelsharif.com
[+] badawi.alzawaya-medical.com
[+] bajrawiafab.com
[+] bargos.apg-sd.com
[+] basma-ocf.org
[+] beautyconceptlounge.com
[+] benzcenter.net
[+] berigdar.berigdargroup.com
[+] berigdar.com
[+] berigdargroup.com
[+] bivetsud.com
[+] blog.aloaloa.com
[+] bmcproject.net
[+] brandavenue.net
[+] casiexpress.net
[+] cctctraining.com
[+] citi.online.yam-cdc.com
[+] clarionlaserclinic.ie
[+] clickgrafix.co
[+] click-grafix.com
[+] click.sd
[+] clicksd.info
[+] codon-med.com
[+] coffeecroptrading.com
[+] conference.sudanesephysicians.org
[+] cpanel.aacpd.org
[+] cpanel.aayan.com.qa
[+] cpanel.abanos.net
[+] cpanel.abdeenandco.com
[+] cpanel.adding-sd.com
[+] cpanel.advocatemakki.com
[+] cpanel.adyagroup.net
[+] cpanel.agrogate-holdings.com
[+] cpanel.ahqsudan.com
[+] cpanel.alamjadsteel.com
[+] cpanel.alanfalgroup.com
[+] cpanel.alanfaljabra.com
[+] cpanel.albadaael.com
[+] cpanel.albarakafinancial.com
[+] cpanel.alfala.com
[+] cpanel.alitimadgroup.com
[+] cpanel.almamoonoil.com
[+] cpanel.aloaloa.com
[+] cpanel.alomergroup.com
[+] cpanel.alsundusiamedical.com
[+] cpanel.alwatanyia.com
[+] cpanel.alwathbagroup.com
[+] cpanel.alzawaya-medical.com
[+] cpanel.anpm.co
[+] cpanel.apg-sd.com
[+] cpanel.arenboutique.com
[+] cpanel.ariabmining.net
[+] cpanel.ashrafelsharif.com
[+] cpanel.bajrawiafab.com
[+] cpanel.basma-ocf.org
[+] cpanel.beautyconceptlounge.com
[+] cpanel.benzcenter.net
[+] cpanel.berigdar.com
[+] cpanel.berigdargroup.com
[+] cpanel.bivetsud.com
[+] cpanel.bmcproject.net
[+] cpanel.brandavenue.net
[+] cpanel.casiexpress.net
[+] cpanel.cctctraining.com
[+] cpanel.clarionlaserclinic.ie
[+] cpanel.clickgrafix.co
[+] cpanel.click-grafix.com
[+] cpanel.clicksd.info
[+] cpanel.codon-med.com
[+] cpanel.coffeecroptrading.com
[+] cpanel.crimsonlights-sd.com
[+] cpanel.dallahpharma.net
[+] cpanel.dandaradentalcenter.com
[+] cpanel.das-diesel.com
[+] cpanel.difafvillage.com
[+] cpanel.dirnour.com
[+] cpanel.ecogroupsd.com
[+] cpanel.eims.ae
[+] cpanel.elgadal.com
[+] cpanel.elitihadlogistics.com
[+] cpanel.elmohandis-paints.com
[+] cpanel.elprincesudan.com
[+] cpanel.eltagtrading.com
[+] cpanel.emitradingco.com
[+] cpanel.etegahat-ap.com
[+] cpanel.extra-pharma.com
[+] cpanel.farha-sd.com
[+] cpanel.fasrc.org
[+] cpanel.flynas-sudan.com
[+] cpanel.focusschool-sd.com
[+] cpanel.forwomenbywomen.org
[+] cpanel.gdsudan.com
[+] cpanel.geocad-sd.com
[+] cpanel.giadservices.com
[+] cpanel.gladiator-bdc.com
[+] cpanel.gpo-sd.com
[+] cpanel.hamza-farm.com
[+] cpanel.hcs-sd.com
[+] cpanel.higleig.com
[+] cpanel.hishamkarouri.com
[+] cpanel.hopemedicalsd.com
[+] cpanel.ideagp.com
[+] cpanel.ideal-sdn.com
[+] cpanel.indonile.com
[+] cpanel.indonileexport.com
[+] cpanel.ingawetrading.com
[+] cpanel.interpowersd.com
[+] cpanel.jubaauto.com
[+] cpanel.khartoum-int.net
[+] cpanel.kmc-sd.com
[+] cpanel.ktcesudan.com
[+] cpanel.ladconsult.com
[+] cpanel.lanjico.com
[+] cpanel.lowcosttravelcenter.com
[+] cpanel.lulamab.com
[+] cpanel.lunatusmed.com
[+] cpanel.maak-sd.com
[+] cpanel.mahgoubsons.com
[+] cpanel.mamedmedical.com
[+] cpanel.manar-group.com
[+] cpanel.marwacoenterprises.com
[+] cpanel.mechatronic-sd.com
[+] cpanel.medanico.com
[+] cpanel.medicare-sd.com
[+] cpanel.medpharma-sd.com
[+] cpanel.mieragspace.com
[+] cpanel.mmmc-sd.net
[+] cpanel.mohamedoweida.com
[+] cpanel.moontrade.net
[+] cpanel.mssmanal.com
[+] cpanel.mudalala.qa
[+] cpanel.musanadaholding.com
[+] cpanel.nabiltrade.com
[+] cpanel.nagi.photo
[+] cpanel.nilecement.org
[+] cpanel.nileuniversity-edu.com
[+] cpanel.nisosd.com
[+] cpanel.niss.tech
[+] cpanel.nlicfinance.com
[+] cpanel.npetroleum.com
[+] cpanel.numberone-sd.com
[+] cpanel.nuspetro.com
[+] cpanel.oit-sd.com
[+] cpanel.olgaecs.com
[+] cpanel.osamaalgadee.com
[+] cpanel.osool-sd.com
[+] cpanel.paradisehotels-sd.com
[+] cpanel.pawfreight.com
[+] cpanel.petroall.net
[+] cpanel.pts-sd.com
[+] cpanel.radmedco.com
[+] cpanel.raheeg.com
[+] cpanel.rakhie.net
[+] cpanel.rcctsd.com
[+] cpanel.rittal-sd.com
[+] cpanel.rocketeng.net
[+] cpanel.ryecons.com
[+] cpanel.sabintod.com
[+] cpanel.sangsl.com
[+] cpanel.scmsltd.com
[+] cpanel.second-step.co
[+] cpanel.senahypermarket.com
[+] cpanel.shakak.org
[+] cpanel.shikhalkarori.com
[+] cpanel.shirouqpaints.net
[+] cpanel.shoyum.com
[+] cpanel.sinnarshipping.com
[+] cpanel.skhcsudan.com
[+] cpanel.skyart-sd.com
[+] cpanel.smacosd.com
[+] cpanel.soed-sd.org
[+] cpanel.srptechnology.com
[+] cpanel.stiltgroup.org
[+] cpanel.sudanbcisd.net
[+] cpanel.sudanesephysicians.org
[+] cpanel.sudanpile.com
[+] cpanel.sudanwork.com
[+] cpanel.summit-schools.com
[+] cpanel.supergeneral-sd.com
[+] cpanel.tajcogroup.com
[+] cpanel.tanglewood-sd.com
[+] cpanel.tawakolmedical.com
[+] cpanel.tawseelsudan.com
[+] cpanel.tbmlawfirm.com
[+] cpanel.tharjatheng.com
[+] cpanel.transways.ae
[+] cpanel.tstmatjar.com
[+] cpanel.wgarasud.com
[+] cpanel.whitewaters-sd.com
[+] cpanel.yam-cdc.com
[+] cpanel.yasminycl.com
[+] cpanel.yassirkambalgroup.com
[+] cpanel.yathribyp.com
[+] cpanel.zawayabricks.com
[+] crimsonlights-sd.com
[+] dallahpharma.alwathbagroup.com
[+] dallahpharma.net
[+] dandaradentalcenter.com
[+] das-diesel.com
[+] design.alwatanyia.com
[+] difafvillage.com
[+] digitalmarketingafrica.net
[+] dindir.higleig.com
[+] dirnour.com
[+] dps.com.sd
[+] easyhotel.advocatemakki.com
[+] ecogroupsd.com
[+] edge.ideagp.com
[+] eims.ae
[+] elgadal.com
[+] elitihadlogistics.com
[+] elmohandis-paints.com
[+] elprincesudan.com
[+] eltagtrading.com
[+] emitradingco.com
[+] engcouncil.sd
[+] etegahat-ap.com
[+] exams.nileuniversity-edu.com
[+] extra-pharma.com
[+] farha-sd.com
[+] farha-sd.tanglewood-sd.com
[+] fasrc.org
[+] flynas-sudan.com
[+] focusschool-sd.com
[+] forwomenbywomen.org
[+] fresh.yassirkambalgroup.com
[+] gadc01.goldenarrow.sd
[+] gdsudan.com
[+] geocad-sd.com
[+] giadservices.com
[+] gladiator-bdc.com
[+] goldenarrow.sd
[+] gpo-sd.com
[+] green.yassirkambalgroup.com
[+] hamza-farm.com
[+] hcs-sd.com
[+] higleig.com
[+] hopemedicalsd.com
[+] ideagp.com
[+] ideal-sdn.com
[+] iec.gov.sd
[+] indonile.com
[+] indonileexport.com
[+] ingawetrading.com
[+] interpowersd.com
[+] it.alanfalgroup.com
[+] jubaauto.com
[+] khartoum-int.net
[+] kmc-sd.com
[+] ktcesudan.com
[+] ladconsult.com
[+] lanjico.com
[+] lowcosttravelcenter.com
[+] lulamab.com
[+] lunatusmed.com
[+] maak.sd
[+] mahgoubsons.com
[+] mail.pawfreight.com
[+] mamedmedical.com
[+] manar-group.com
[+] marwacoenterprises.com
[+] mdisam.paradisehotels-sd.com
[+] mechatronic-sd.com
[+] medanico.com
[+] med.gov.sd
[+] medicare-sd.com
[+] medpharma-sd.com
[+] mieragspace.com
[+] milestonesd.com
[+] mmmc-sd.net
[+] mohamedoweida.com
[+] mohe.gov.sd
[+] moodle.nileuniversity-edu.com
[+] moontrade.net
[+] mssmanal.com
[+] mudalala.qa
[+] musanadaholding.com
[+] nabiltrade.com
[+] nagi.photo
[+] nilecement.org
[+] nileuniversity-edu.com
[+] nisosd.com
[+] niss.tech
[+] nlicfinance.com
[+] npetroleum.com
[+] numberone-sd.com
[+] nuspetro.com
[+] oau.edu.sd
[+] oit-sd.com
[+] olgaecs.com
[+] omiga.yassirkambalgroup.com
[+] openskies247.com
[+] osamaalgadee.com
[+] osool-sd.com
[+] owner.advocatemakki.com
[+] paradisehotels-sd.com
[+] pawfreight.com
[+] petroall.net
[+] portal.iec.gov.sd
[+] powerblue.yassirkambalgroup.com
[+] pts-sd.com
[+] radmedco.com
[+] raheeg.com
[+] rakhie.net
[+] rcctsd.com
[+] reports.lowcosttravelcenter.com
[+] rikaz.sd
[+] rittal-sd.com
[+] rocketeng.net
[+] rotana.mechatronic-sd.com
[+] ryecons.com
[+] sabintod.com
[+] sangsl.com
[+] saria.sd
[+] saudisb.sd
[+] scmsltd.com
[+] second-step.co
[+] secure-paypal.org.rakhie.net
[+] senahypermarket.com
[+] server2.click-grafix.com
[+] server.click-grafix.com
[+] sgsuae.com
[+] shakak.org
[+] shikhalkarori.com
[+] shirouqpaints.net
[+] shoyum.com
[+] sidcotel.sd
[+] sinnarshipping.com
[+] skhcsudan.com
[+] skyart-sd.com
[+] smacosd.com
[+] soed-sd.org
[+] sonic.yassirkambalgroup.com
[+] srptechnology.com
[+] ssia.sd
[+] stiltgroup.org
[+] students.nileuniversity-edu.com
[+] sudanbcisd.net
[+] sudanesephysicians.org
[+] sudanpile.com
[+] sudanports.gov.sd
[+] sudanwork.com
[+] sudapet.sd
[+] sudapost.sd
[+] summit-schools.com
[+] supergeneral-sd.com
[+] tadamonbank-sd.com
[+] tajcogroup.com
[+] talawiet.org.sd
[+] tanglewood-sd.com
[+] tawakolmedical.com
[+] tbmlawfirm.com
[+] test.almamoonoil.com
[+] test.mechatronic-sd.com
[+] test.tajcogroup.com
[+] tharjatheng.com
[+] tpsudan.gov.sd
[+] transways.ae
[+] tstmatjar.com
[+] webdisk.aacpd.org
[+] webdisk.aayan.com.qa
[+] webdisk.abanos.net
[+] webdisk.abdeenandco.com
[+] webdisk.adding-sd.com
[+] webdisk.advocatemakki.com
[+] webdisk.adyagroup.net
[+] webdisk.agrogate-holdings.com
[+] webdisk.ahqsudan.com
[+] webdisk.alamjadsteel.com
[+] webdisk.alanfalgroup.com
[+] webdisk.alanfaljabra.com
[+] webdisk.albadaael.com
[+] webdisk.albarakafinancial.com
[+] webdisk.alfala.com
[+] webdisk.alitimadgroup.com
[+] webdisk.almamoonoil.com
[+] webdisk.aloaloa.com
[+] webdisk.alomergroup.com
[+] webdisk.alsundusiamedical.com
[+] webdisk.alwatanyia.com
[+] webdisk.alwathbagroup.com
[+] webdisk.alzawaya-medical.com
[+] webdisk.anpm.co
[+] webdisk.apg-sd.com
[+] webdisk.arenboutique.com
[+] webdisk.ariabmining.net
[+] webdisk.ashrafelsharif.com
[+] webdisk.bajrawiafab.com
[+] webdisk.basma-ocf.org
[+] webdisk.beautyconceptlounge.com
[+] webdisk.benzcenter.net
[+] webdisk.berigdar.com
[+] webdisk.berigdargroup.com
[+] webdisk.bivetsud.com
[+] webdisk.bmcproject.net
[+] webdisk.brandavenue.net
[+] webdisk.casiexpress.net
[+] webdisk.cctctraining.com
[+] webdisk.clarionlaserclinic.ie
[+] webdisk.clickgrafix.co
[+] webdisk.click-grafix.com
[+] webdisk.clicksd.info
[+] webdisk.codon-med.com
[+] webdisk.coffeecroptrading.com
[+] webdisk.crimsonlights-sd.com
[+] webdisk.dallahpharma.net
[+] webdisk.dandaradentalcenter.com
[+] webdisk.das-diesel.com
[+] webdisk.difafvillage.com
[+] webdisk.dirnour.com
[+] webdisk.ecogroupsd.com
[+] webdisk.eims.ae
[+] webdisk.elgadal.com
[+] webdisk.elitihadlogistics.com
[+] webdisk.elmohandis-paints.com
[+] webdisk.elprincesudan.com
[+] webdisk.eltagtrading.com
[+] webdisk.emitradingco.com
[+] webdisk.etegahat-ap.com
[+] webdisk.extra-pharma.com
[+] webdisk.farha-sd.com
[+] webdisk.fasrc.org
[+] webdisk.flynas-sudan.com
[+] webdisk.focusschool-sd.com
[+] webdisk.forwomenbywomen.org
[+] webdisk.gdsudan.com
[+] webdisk.geocad-sd.com
[+] webdisk.giadservices.com
[+] webdisk.gladiator-bdc.com
[+] webdisk.gpo-sd.com
[+] webdisk.hamza-farm.com
[+] webdisk.hcs-sd.com
[+] webdisk.higleig.com
[+] webdisk.hishamkarouri.com
[+] webdisk.hopemedicalsd.com
[+] webdisk.ideagp.com
[+] webdisk.ideal-sdn.com
[+] webdisk.indonile.com
[+] webdisk.indonileexport.com
[+] webdisk.ingawetrading.com
[+] webdisk.interpowersd.com
[+] webdisk.jubaauto.com
[+] webdisk.khartoum-int.net
[+] webdisk.kmc-sd.com
[+] webdisk.ktcesudan.com
[+] webdisk.ladconsult.com
[+] webdisk.lanjico.com
[+] webdisk.lowcosttravelcenter.com
[+] webdisk.lulamab.com
[+] webdisk.lunatusmed.com
[+] webdisk.maak-sd.com
[+] webdisk.mahgoubsons.com
[+] webdisk.mamedmedical.com
[+] webdisk.manar-group.com
[+] webdisk.marwacoenterprises.com
[+] webdisk.mechatronic-sd.com
[+] webdisk.medanico.com
[+] webdisk.medicare-sd.com
[+] webdisk.medpharma-sd.com
[+] webdisk.mieragspace.com
[+] webdisk.mmmc-sd.net
[+] webdisk.mohamedoweida.com
[+] webdisk.moontrade.net
[+] webdisk.mssmanal.com
[+] webdisk.mudalala.qa
[+] webdisk.musanadaholding.com
[+] webdisk.nabiltrade.com
[+] webdisk.nagi.photo
[+] webdisk.nilecement.org
[+] webdisk.nileuniversity-edu.com
[+] webdisk.nisosd.com
[+] webdisk.niss.tech
[+] webdisk.nlicfinance.com
[+] webdisk.npetroleum.com
[+] webdisk.numberone-sd.com
[+] webdisk.nuspetro.com
[+] webdisk.oit-sd.com
[+] webdisk.olgaecs.com
[+] webdisk.osamaalgadee.com
[+] webdisk.osool-sd.com
[+] webdisk.paradisehotels-sd.com
[+] webdisk.pawfreight.com
[+] webdisk.petroall.net
[+] webdisk.pts-sd.com
[+] webdisk.radmedco.com
[+] webdisk.raheeg.com
[+] webdisk.rakhie.net
[+] webdisk.rcctsd.com
[+] webdisk.rittal-sd.com
[+] webdisk.rocketeng.net
[+] webdisk.ryecons.com
[+] webdisk.sabintod.com
[+] webdisk.sangsl.com
[+] webdisk.scmsltd.com
[+] webdisk.second-step.co
[+] webdisk.senahypermarket.com
[+] webdisk.shakak.org
[+] webdisk.shikhalkarori.com
[+] webdisk.shirouqpaints.net
[+] webdisk.shoyum.com
[+] webdisk.sinnarshipping.com
[+] webdisk.skhcsudan.com
[+] webdisk.skyart-sd.com
[+] webdisk.smacosd.com
[+] webdisk.soed-sd.org
[+] webdisk.srptechnology.com
[+] webdisk.stiltgroup.org
[+] webdisk.sudanbcisd.net
[+] webdisk.sudanesephysicians.org
[+] webdisk.sudanpile.com
[+] webdisk.sudanwork.com
[+] webdisk.summit-schools.com
[+] webdisk.supergeneral-sd.com
[+] webdisk.tajcogroup.com
[+] webdisk.tanglewood-sd.com
[+] webdisk.tawakolmedical.com
[+] webdisk.tawseelsudan.com
[+] webdisk.tbmlawfirm.com
[+] webdisk.tharjatheng.com
[+] webdisk.transways.ae
[+] webdisk.tstmatjar.com
[+] webdisk.wgarasud.com
[+] webdisk.whitewaters-sd.com
[+] webdisk.yam-cdc.com
[+] webdisk.yasminycl.com
[+] webdisk.yassirkambalgroup.com
[+] webdisk.yathribyp.com
[+] webdisk.zawayabricks.com
[+] webmail.aacpd.org
[+] webmail.aayan.com.qa
[+] webmail.abanos.net
[+] webmail.abdeenandco.com
[+] webmail.adding-sd.com
[+] webmail.advocatemakki.com
[+] webmail.adyagroup.net
[+] webmail.agrogate-holdings.com
[+] webmail.ahqsudan.com
[+] webmail.alamjadsteel.com
[+] webmail.alanfalgroup.com
[+] webmail.alanfaljabra.com
[+] webmail.albadaael.com
[+] webmail.albarakafinancial.com
[+] webmail.alfala.com
[+] webmail.alitimadgroup.com
[+] webmail.almamoonoil.com
[+] webmail.aloaloa.com
[+] webmail.alomergroup.com
[+] webmail.alsundusiamedical.com
[+] webmail.alwatanyia.com
[+] webmail.alwathbagroup.com
[+] webmail.alzawaya-medical.com
[+] webmail.anpm.co
[+] webmail.apg-sd.com
[+] webmail.arenboutique.com
[+] webmail.ariabmining.net
[+] webmail.ashrafelsharif.com
[+] webmail.bajrawiafab.com
[+] webmail.basma-ocf.org
[+] webmail.beautyconceptlounge.com
[+] webmail.benzcenter.net
[+] webmail.berigdar.com
[+] webmail.berigdargroup.com
[+] webmail.bivetsud.com
[+] webmail.bmcproject.net
[+] webmail.brandavenue.net
[+] webmail.casiexpress.net
[+] webmail.cctctraining.com
[+] webmail.clarionlaserclinic.ie
[+] webmail.clickgrafix.co
[+] webmail.click-grafix.com
[+] webmail.clicksd.info
[+] webmail.codon-med.com
[+] webmail.coffeecroptrading.com
[+] webmail.crimsonlights-sd.com
[+] webmail.dallahpharma.net
[+] webmail.dandaradentalcenter.com
[+] webmail.das-diesel.com
[+] webmail.difafvillage.com
[+] webmail.dirnour.com
[+] webmail.ecogroupsd.com
[+] webmail.eims.ae
[+] webmail.elgadal.com
[+] webmail.elitihadlogistics.com
[+] webmail.elmohandis-paints.com
[+] webmail.elprincesudan.com
[+] webmail.eltagtrading.com
[+] webmail.emitradingco.com
[+] webmail.etegahat-ap.com
[+] webmail.extra-pharma.com
[+] webmail.farha-sd.com
[+] webmail.fasrc.org
[+] webmail.flynas-sudan.com
[+] webmail.focusschool-sd.com
[+] webmail.forwomenbywomen.org
[+] webmail.gdsudan.com
[+] webmail.geocad-sd.com
[+] webmail.giadservices.com
[+] webmail.gladiator-bdc.com
[+] webmail.gpo-sd.com
[+] webmail.hamza-farm.com
[+] webmail.hcs-sd.com
[+] webmail.higleig.com
[+] webmail.hishamkarouri.com
[+] webmail.hopemedicalsd.com
[+] webmail.ideagp.com
[+] webmail.ideal-sdn.com
[+] webmail.indonile.com
[+] webmail.indonileexport.com
[+] webmail.ingawetrading.com
[+] webmail.interpowersd.com
[+] webmail.jubaauto.com
[+] webmail.khartoum-int.net
[+] webmail.kmc-sd.com
[+] webmail.ktcesudan.com
[+] webmail.ladconsult.com
[+] webmail.lanjico.com
[+] webmail.lowcosttravelcenter.com
[+] webmail.lulamab.com
[+] webmail.lunatusmed.com
[+] webmail.maak-sd.com
[+] webmail.mahgoubsons.com
[+] webmail.mamedmedical.com
[+] webmail.manar-group.com
[+] webmail.marwacoenterprises.com
[+] webmail.mechatronic-sd.com
[+] webmail.medanico.com
[+] webmail.medicare-sd.com
[+] webmail.medpharma-sd.com
[+] webmail.mieragspace.com
[+] webmail.mmmc-sd.net
[+] webmail.mohamedoweida.com
[+] webmail.moontrade.net
[+] webmail.mssmanal.com
[+] webmail.mudalala.qa
[+] webmail.musanadaholding.com
[+] webmail.nabiltrade.com
[+] webmail.nagi.photo
[+] webmail.nilecement.org
[+] webmail.nileuniversity-edu.com
[+] webmail.nisosd.com
[+] webmail.niss.tech
[+] webmail.nlicfinance.com
[+] webmail.npetroleum.com
[+] webmail.numberone-sd.com
[+] webmail.nuspetro.com
[+] webmail.oit-sd.com
[+] webmail.olgaecs.com
[+] webmail.osamaalgadee.com
[+] webmail.osool-sd.com
[+] webmail.paradisehotels-sd.com
[+] webmail.pawfreight.com
[+] webmail.petroall.net
[+] webmail.pts-sd.com
[+] webmail.radmedco.com
[+] webmail.raheeg.com
[+] webmail.rakhie.net
[+] webmail.rcctsd.com
[+] webmail.rittal-sd.com
[+] webmail.rocketeng.net
[+] webmail.ryecons.com
[+] webmail.sabintod.com
[+] webmail.sangsl.com
[+] webmail.scmsltd.com
[+] webmail.second-step.co
[+] webmail.senahypermarket.com
[+] webmail.shakak.org
[+] webmail.shikhalkarori.com
[+] webmail.shirouqpaints.net
[+] webmail.shoyum.com
[+] webmail.sinnarshipping.com
[+] webmail.skhcsudan.com
[+] webmail.skyart-sd.com
[+] webmail.smacosd.com
[+] webmail.soed-sd.org
[+] webmail.srptechnology.com
[+] webmail.stiltgroup.org
[+] webmail.sudanbcisd.net
[+] webmail.sudanesephysicians.org
[+] webmail.sudanpile.com
[+] webmail.sudanwork.com
[+] webmail.summit-schools.com
[+] webmail.supergeneral-sd.com
[+] webmail.tajcogroup.com
[+] webmail.tanglewood-sd.com
[+] webmail.tawakolmedical.com
[+] webmail.tawseelsudan.com
[+] webmail.tbmlawfirm.com
[+] webmail.tharjatheng.com
[+] webmail.transways.ae
[+] webmail.tstmatjar.com
[+] webmail.wgarasud.com
[+] webmail.whitewaters-sd.com
[+] webmail.yam-cdc.com
[+] webmail.yasminycl.com
[+] webmail.yassirkambalgroup.com
[+] webmail.yathribyp.com
[+] webmail.zawayabricks.com
[+] westvilledevelopers.co.za
[+] wgarasud.com
[+] whitewaters-sd.com
[+] whm.click-grafix.com
[+] wre.gov.sd
[+] www.alrawabi.yassirkambalgroup.com
[+] www.app.advocatemakki.com
[+] www.apple-login.org.rakhie.net
[+] www.arech.apg-sd.com
[+] www.ar.nileuniversity-edu.com
[+] www.aseelcomplex.yassirkambalgroup.com
[+] www.aseel.yassirkambalgroup.com
[+] www.badawi.alzawaya-medical.com
[+] www.bargos.apg-sd.com
[+] www.berigdar.berigdargroup.com
[+] www.blog.aloaloa.com
[+] www.citi.online.yam-cdc.com
[+] www.conference.sudanesephysicians.org
[+] www.dallahpharma.alwathbagroup.com
[+] www.design.alwatanyia.com
[+] www.dindir.higleig.com
[+] www.easyhotel.advocatemakki.com
[+] www.edge.ideagp.com
[+] www.exams.nileuniversity-edu.com
[+] www.farha-sd.tanglewood-sd.com
[+] www.fresh.yassirkambalgroup.com
[+] www.green.yassirkambalgroup.com
[+] www.it.alanfalgroup.com
[+] www.mahgoubsons.com
[+] www.mail.pawfreight.com
[+] www.mdisam.paradisehotels-sd.com
[+] www.moodle.nileuniversity-edu.com
[+] www.omiga.yassirkambalgroup.com
[+] www.owner.advocatemakki.com
[+] www.powerblue.yassirkambalgroup.com
[+] www.reports.lowcosttravelcenter.com
[+] www.rotana.mechatronic-sd.com
[+] www.secure-paypal.org.rakhie.net
[+] www.sonic.yassirkambalgroup.com
[+] www.students.nileuniversity-edu.com
[+] www.test.almamoonoil.com
[+] www.test.mechatronic-sd.com
[+] www.test.tajcogroup.com
[+] yam-cdc.com
[+] yasminycl.com
[+] yassirkambalgroup.com
[+] yathribyp.com
[+] zawayabricks.com
#######################################################################################################################################

Reverse IP With YouGetSignal 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------

[*] IP: 138.128.160.2
[*] Domain: sahl.gov.sd
[*] Total Domains: 48

[+] adding-sd.com
[+] alfala.com
[+] aljazeerabank.com.sd
[+] aloaloa.com
[+] aou.edu.sd
[+] apg-sd.com
[+] audit.gov.sd
[+] bajafar.sd
[+] benzcenter.net
[+] click.sd
[+] cm.sd
[+] cpd.gov.sd
[+] eims.ae
[+] engcouncil.sd
[+] giadservices.com
[+] gpo-sd.com
[+] iec.gov.sd
[+] indonileexport.com
[+] khairport.gov.sd
[+] khmedical.edu.sd
[+] mofdgoia.gov.sd
[+] mohe.gov.sd
[+] mssmanal.com
[+] nileuniversity-edu.com
[+] petroall.net
[+] sahl.gov.sd
[+] sidcotel.sd
[+] ssia.sd
[+] sudafast.edu.sd
[+] sudan.gov.sd
[+] sudanap.org
[+] sudanconsumers.org
[+] sudanports.gov.sd
[+] sudapet.sd
[+] sudapost.sd
[+] tpsudan.gov.sd
[+] wre.gov.sd
[+] www.aljazeerabank.com.sd
[+] www.cpd.gov.sd
[+] www.dandaradentalcenter.com
[+] www.goldenarrow.sd
[+] www.iec.gov.sd
[+] www.khmedical.edu.sd
[+] www.mohe.gov.sd
[+] www.studentwelfare.sd
[+] www.sudan.gov.sd
[+] www.sudapet.sd
[+] www.tararealestate.sd
#######################################################################################################################################

Geo IP Lookup 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------

[+] IP Address: 138.128.160.2
[+] Country: United States
[+] State: Florida
[+] City: Orlando
[+] Latitude: 28.5826
[+] Longitude: -81.1907
#######################################################################################################################################

Bypass Cloudflare 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------

[!] CloudFlare Bypass 138.128.160.2 | ftp.sahl.gov.sd
[!] CloudFlare Bypass 138.128.160.2 | cpanel.sahl.gov.sd
[!] CloudFlare Bypass 138.128.160.2 | webmail.sahl.gov.sd
[!] CloudFlare Bypass 127.0.0.1 | localhost.sahl.gov.sd
[!] CloudFlare Bypass 138.128.160.2 | mail.sahl.gov.sd
[!] CloudFlare Bypass 138.128.160.2 | www.sahl.gov.sd
#######################################################################################################################################

DNS Lookup 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------

[+] sahl.gov.sd.		14399	IN	MX	0 sahl.gov.sd.
[+] sahl.gov.sd.		21599	IN	SOA	ns1.click-grafix.com. karouri.gmail.com. 2019031801 3600 7200 1209600 86400
[+] sahl.gov.sd.		21599	IN	NS	ns1.click-grafix.com.
[+] sahl.gov.sd.		21599	IN	NS	ns2.click-grafix.com.
[+] sahl.gov.sd.		14399	IN	A	138.128.160.2
#######################################################################################################################################

Show HTTP Header 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------

[+] HTTP/1.1 302 Moved Temporarily
[+] Date: Thu, 28 Mar 2019 20:20:58 GMT
[+] Server: Apache
[+] X-Powered-By: PHP/5.6.40
[+] Location: http://sahl.gov.sd/index.php/ar/
[+] Connection: close
[+] Content-Type: text/html; charset=UTF-8
#######################################################################################################################################

Port Scan 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------

Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 20:21 UTC
Nmap scan report for sahl.gov.sd (138.128.160.2)
Host is up (0.033s latency).
rDNS record for 138.128.160.2: server.click-grafix.com

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   closed   ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.95 seconds
#######################################################################################################################################

Traceroute 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------

Start: 2019-03-28T20:21:09+0000
HOST: web01                                Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 45.79.12.201                          0.0%     3    0.7   0.8   0.6   1.1   0.3
  2.|-- 45.79.12.0                            0.0%     3    1.0   0.8   0.5   1.0   0.3
  3.|-- ae-37.a01.dllstx04.us.bb.gin.ntt.net  0.0%     3    1.5   1.5   1.3   1.8   0.2
  4.|-- ae-9.r10.dllstx09.us.bb.gin.ntt.net   0.0%     3    1.3   1.5   1.3   1.6   0.1
  5.|-- ???                                  100.0     3    0.0   0.0   0.0   0.0   0.0
  6.|-- ae-1-8.bar1.Orlando1.Level3.net       0.0%     3   43.7  46.5  43.4  52.3   5.0
  7.|-- HOSTDIME.bar1.Orlando1.Level3.net     0.0%     3   45.2  45.2  45.2  45.3   0.1
  8.|-- xe-1-3-core2.orl.hostdime.com         0.0%     3  369.1 341.2 315.2 369.1  27.0
  9.|-- server.click-grafix.com               0.0%     3   44.0  43.7  43.5  44.0   0.3
#######################################################################################################################################

Ping 'sahl.gov.sd'
---------------------------------------------------------------------------------------------------------------------------------------


Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-03-28 20:21 UTC
SENT (0.4715s) ICMP [104.237.144.6 > 138.128.160.2 Echo request (type=8/code=0) id=25827 seq=1] IP [ttl=64 id=1506 iplen=28 ]
RCVD (0.6684s) ICMP [138.128.160.2 > 104.237.144.6 Echo reply (type=0/code=0) id=25827 seq=1] IP [ttl=54 id=38085 iplen=28 ]
SENT (1.4717s) ICMP [104.237.144.6 > 138.128.160.2 Echo request (type=8/code=0) id=25827 seq=3] IP [ttl=64 id=1506 iplen=28 ]
RCVD (1.6885s) ICMP [138.128.160.2 > 104.237.144.6 Echo reply (type=0/code=0) id=25827 seq=3] IP [ttl=54 id=38754 iplen=28 ]
SENT (2.4726s) ICMP [104.237.144.6 > 138.128.160.2 Echo request (type=8/code=0) id=25827 seq=3] IP [ttl=64 id=1506 iplen=28 ]
RCVD (2.7083s) ICMP [138.128.160.2 > 104.237.144.6 Echo reply (type=0/code=0) id=25827 seq=3] IP [ttl=54 id=39035 iplen=28 ]
SENT (3.4742s) ICMP [104.237.144.6 > 138.128.160.2 Echo request (type=8/code=0) id=25827 seq=4] IP [ttl=64 id=1506 iplen=28 ]
RCVD (3.5243s) ICMP [138.128.160.2 > 104.237.144.6 Echo reply (type=0/code=0) id=25827 seq=4] IP [ttl=54 id=39702 iplen=28 ]

Max rtt: 235.481ms | Min rtt: 50.069ms | Avg rtt: 174.854ms
Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
Nping done: 1 IP address pinged in 3.53 seconds
#######################################################################################################################################
; <<>> DiG 9.11.5-P4-1-Debian <<>> sahl.gov.sd
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38665
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sahl.gov.sd.			IN	A

;; ANSWER SECTION:
sahl.gov.sd.		14047	IN	A	138.128.160.2

;; Query time: 113 msec
;; SERVER: 185.93.180.131#53(185.93.180.131)
;; WHEN: jeu mar 28 16:35:51 EDT 2019
;; MSG SIZE  rcvd: 56
#######################################################################################################################################
; <<>> DiG 9.11.5-P4-1-Debian <<>> +trace sahl.gov.sd
;; global options: +cmd
.			82660	IN	NS	i.root-servers.net.
.			82660	IN	NS	a.root-servers.net.
.			82660	IN	NS	g.root-servers.net.
.			82660	IN	NS	j.root-servers.net.
.			82660	IN	NS	c.root-servers.net.
.			82660	IN	NS	m.root-servers.net.
.			82660	IN	NS	e.root-servers.net.
.			82660	IN	NS	d.root-servers.net.
.			82660	IN	NS	k.root-servers.net.
.			82660	IN	NS	h.root-servers.net.
.			82660	IN	NS	f.root-servers.net.
.			82660	IN	NS	b.root-servers.net.
.			82660	IN	NS	l.root-servers.net.
.			82660	IN	RRSIG	NS 8 0 518400 20190410180000 20190328170000 16749 . aeZpCpmGmdqJqzmAAykoQ7wZqQmhewYVCxg4+5Y7YoQVdORaDf4Bo/hP 9U1DWJTCgZ2GeRagQ/vXoIM3R7R99DGkza1aSoruMdeqbEx3oKFDwoIn tcsPBAhtx1pyHCWWR/vEo555hjCEK7UtVrV6x+27GiE1c1+EG4mGJKKr fsN1nfrO0ossLofQTdxQzyRa+Y/KwPel4dYKzsbMRavshju24cda+2mI u9Tj91SL20wJwDO4UXoBo/5YazmT5kxgG7mJW67V5S3CFRIGpSldstD3 V5qkyL1Ej+zkiVKYADlwAYTt8rz05XZq56uIqBp43uW7vfNVAG6kr+bz hHx3Zg==
;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 110 ms

sd.			172800	IN	NS	ns1.uaenic.ae.
sd.			172800	IN	NS	ns-sd.afrinic.net.
sd.			172800	IN	NS	ans1.sis.sd.
sd.			172800	IN	NS	ns2.uaenic.ae.
sd.			172800	IN	NS	sd.cctld.authdns.ripe.net.
sd.			172800	IN	NS	ans2.canar.sd.
sd.			172800	IN	NS	ans1.canar.sd.
sd.			86400	IN	NSEC	se. NS RRSIG NSEC
sd.			86400	IN	RRSIG	NSEC 8 1 86400 20190410180000 20190328170000 16749 . omv+b/dD8pwbLJ1x9EK4mYNQEeKDXGJ8ZKtnKcMxpic57Y0cBCQ3muZl qu1L+r6KO4nHePVMuhtOQmKhY2DY92PKyolq0UZvQ3dYlOvqUuhSYbQv Md1MVdEXB9eRS676RetXmC/gF6jjjr6MJQiAfqXKEZpRErdSDju6apKI JmVYCN8SLIpmJ7a9LJ1gJeijEIEXFRCJHXD0nTWKJMqMlkkabnR5Qk2N gaVlGUhWMnTysv1gL90DjCW/Bh8N4N1Ewg1+6DqNxHVwJnZcbSRnkog4 RtM8ajFYNzGzjODhgu5QqZLibo/L/91eEdK2ivRv6etNOwzt0u/ppNs/ sZYuGw==
;; Received 726 bytes from 192.5.5.241#53(f.root-servers.net) in 119 ms

sahl.gov.sd.		14400	IN	NS	ns1.click-grafix.com.
sahl.gov.sd.		14400	IN	NS	ns2.click-grafix.com.
;; Received 92 bytes from 193.0.9.109#53(sd.cctld.authdns.ripe.net) in 126 ms

sahl.gov.sd.		14400	IN	A	138.128.160.2
sahl.gov.sd.		86400	IN	NS	ns2.click-grafix.com.
sahl.gov.sd.		86400	IN	NS	ns1.click-grafix.com.
;; Received 140 bytes from 138.128.160.3#53(ns1.click-grafix.com) in 242 ms
#######################################################################################################################################
[*] Performing General Enumeration of Domain: sahl.gov.sd
[-] DNSSEC is not configured for sahl.gov.sd
[*] 	 SOA ns1.click-grafix.com 138.128.160.3
[*] 	 NS ns1.click-grafix.com 138.128.160.3
[*] 	 Bind Version for 138.128.160.3 9.9.4-RedHat-9.9.4-73.el7_6
[*] 	 NS ns2.click-grafix.com 138.128.160.4
[*] 	 Bind Version for 138.128.160.4 9.9.4-RedHat-9.9.4-73.el7_6
[*] 	 MX sahl.gov.sd 138.128.160.2
[*] 	 A sahl.gov.sd 138.128.160.2
[*] Enumerating SRV Records
[-] No SRV Records Found for sahl.gov.sd
[+] 0 Records Found
#######################################################################################################################################
[*] Processing domain sahl.gov.sd
[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
[+] Getting nameservers
138.128.160.3 - ns1.click-grafix.com
138.128.160.4 - ns2.click-grafix.com
[-] Zone transfer failed

[+] MX records found, added to target list
0 sahl.gov.sd.

[*] Scanning sahl.gov.sd for A records
138.128.160.2 - sahl.gov.sd
138.128.160.2 - cpanel.sahl.gov.sd
138.128.160.2 - ftp.sahl.gov.sd
127.0.0.1 - localhost.sahl.gov.sd
138.128.160.2 - mail.sahl.gov.sd
138.128.160.2 - webdisk.sahl.gov.sd
138.128.160.2 - webmail.sahl.gov.sd
138.128.160.2 - whm.sahl.gov.sd
138.128.160.2 - www.sahl.gov.sd
#######################################################################################################################################
Ip Address	Status	Type	Domain Name			Server
----------	------	----	-----------			------
138.128.160.2   200     host    ftp.sahl.gov.sd			Apache
127.0.0.1               host    localhost.sahl.gov.sd
138.128.160.2   302     alias   mail.sahl.gov.sd		Apache
138.128.160.2	302	host	sahl.gov.sd			Apache
138.128.160.2   301     host    webmail.sahl.gov.sd		Apache
138.128.160.2   302     alias   www.sahl.gov.sd			Apache
138.128.160.2	302	host	sahl.gov.sd			Apache
#######################################################################################################################################
[+] Testing domain
     	www.sahl.gov.sd          138.128.160.2
[+] Dns resolving
       Domain name               Ip address              Name server
       sahl.gov.sd             138.128.160.2       server.click-grafix.com
Found 1 host(s) for sahl.gov.sd
[+] Testing wildcard
	Ok, no wildcard found.

[+] Scanning for subdomain on sahl.gov.sd
[!] Wordlist not specified. I scannig with my internal wordlist...
    Estimated time about 211.03 seconds

        Subdomain                Ip address              Name server

     ftp.sahl.gov.sd           138.128.160.2       server.click-grafix.com
  localhost.sahl.gov.sd          127.0.0.1                localhost
     mail.sahl.gov.sd          138.128.160.2       server.click-grafix.com
   webmail.sahl.gov.sd         138.128.160.2       server.click-grafix.com
     www.sahl.gov.sd           138.128.160.2       server.click-grafix.com
#######################################################################################################################################
=======================================================================================================================================
| External hosts:
| [+] External Host Found: http://ajax.googleapis.com
| [+] External Host Found: http://netdna.bootstrapcdn.com
| [+] External Host Found: http://html5shim.googlecode.com
=======================================================================================================================================
| E-mails:
| [+] E-mail Found: tigani-hamed@yahoo.com
| [+] E-mail Found: info@sahl.gov.sd
=======================================================================================================================================
#######################################################################################################################################
dnsenum VERSION:1.2.4

-----   sahl.gov.sd   -----


Host's addresses:
__________________

sahl.gov.sd.                             13569    IN    A        138.128.160.2


Name Servers:
______________

ns2.click-grafix.com.                    13569    IN    A        138.128.160.4
ns1.click-grafix.com.                    13569    IN    A        138.128.160.3


Mail (MX) Servers:
___________________

sahl.gov.sd.                             13568    IN    A        138.128.160.2


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for sahl.gov.sd on ns2.click-grafix.com ...

Trying Zone Transfer for sahl.gov.sd on ns1.click-grafix.com ...

brute force file not specified, bay.
#######################################################################################################################################

                 ____        _     _ _     _   _____
                / ___| _   _| |__ | (_)___| |_|___ / _ __
                \___ \| | | | '_ \| | / __| __| |_ \| '__|
                 ___) | |_| | |_) | | \__ \ |_ ___) | |
                |____/ \__,_|_.__/|_|_|___/\__|____/|_|

                # Coded By Ahmed Aboul-Ela - @aboul3la

[-] Enumerating subdomains now for sahl.gov.sd
[-] verbosity is enabled, will show the subdomains results in realtime
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
Yahoo: www.sahl.gov.sd
[-] Saving results to file: /usr/share/sniper/loot//domains/domains-sahl.gov.sd.txt
[-] Total Unique Subdomains Found: 1
www.sahl.gov.sd
#######################################################################################################################################


Running Source: Ask
Running Source: Archive.is
Running Source: Baidu
Running Source: Bing
Running Source: CertDB
Running Source: CertificateTransparency
Running Source: Certspotter
Running Source: Commoncrawl
Running Source: Crt.sh
Running Source: Dnsdb
Running Source: DNSDumpster
Running Source: DNSTable
Running Source: Dogpile
Running Source: Exalead
Running Source: Findsubdomains
Running Source: Googleter
Running Source: Hackertarget
Running Source: Ipv4Info
Running Source: PTRArchive
Running Source: Sitedossier
Running Source: Threatcrowd
Running Source: ThreatMiner
Running Source: WaybackArchive
Running Source: Yahoo

Running enumeration on sahl.gov.sd

dnsdb: Unexpected return status 503

waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.sahl.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL

archiveis: Get http://archive.is/*.sahl.gov.sd: dial tcp 185.135.82.99:80: connect: connection timed out


Starting Bruteforcing of sahl.gov.sd with 9985 words

Total 10 Unique subdomains found for sahl.gov.sd

.sahl.gov.sd
cpanel.sahl.gov.sd
ftp.sahl.gov.sd
localhost.sahl.gov.sd
mail.sahl.gov.sd
webdisk.sahl.gov.sd
webmail.sahl.gov.sd
whm.sahl.gov.sd
www.sahl.gov.sd
www.sahl.gov.sd
#######################################################################################################################################
[*] Processing domain sahl.gov.sd
[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
[+] Getting nameservers
138.128.160.3 - ns1.click-grafix.com
138.128.160.4 - ns2.click-grafix.com
[-] Zone transfer failed

[+] MX records found, added to target list
0 sahl.gov.sd.

[*] Scanning sahl.gov.sd for A records
138.128.160.2 - sahl.gov.sd
138.128.160.2 - ftp.sahl.gov.sd
127.0.0.1 - localhost.sahl.gov.sd
138.128.160.2 - mail.sahl.gov.sd
138.128.160.2 - webmail.sahl.gov.sd
138.128.160.2 - www.sahl.gov.sd
#######################################################################################################################################
[+] sahl.gov.sd has no SPF record!
[*] No DMARC record found. Looking for organizational record
[+] No organizational DMARC record
[+] Spoofing possible for sahl.gov.sd!
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 16:38 EDT
Nmap scan report for sahl.gov.sd (138.128.160.2)
Host is up (0.22s latency).
rDNS record for 138.128.160.2: server.click-grafix.com
Not shown: 457 filtered ports, 9 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE
21/tcp  open  ftp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
465/tcp open  smtps
587/tcp open  submission
993/tcp open  imaps
995/tcp open  pop3s
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 16:39 EDT
Nmap scan report for sahl.gov.sd (138.128.160.2)
Host is up (0.13s latency).
rDNS record for 138.128.160.2: server.click-grafix.com
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open          domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 16:39 EDT
Nmap scan report for sahl.gov.sd (138.128.160.2)
Host is up (0.23s latency).
rDNS record for 138.128.160.2: server.click-grafix.com

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Pure-FTPd
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 15 hops

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   112.05 ms 10.253.200.1
2   115.06 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   112.09 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   112.14 ms be3577.agr22.fra03.atlas.cogentco.com (154.25.5.53)
5   112.13 ms be2533.ccr41.fra03.atlas.cogentco.com (130.117.48.158)
6   128.29 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
7   192.74 ms be3628.ccr42.jfk02.atlas.cogentco.com (154.54.27.169)
8   201.37 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
9   210.16 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
10  219.74 ms be2784.rcr21.jax01.atlas.cogentco.com (154.54.28.106)
11  225.78 ms be3639.rcr51.mco01.atlas.cogentco.com (154.24.19.133)
12  225.99 ms te0-0-1-0.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.23.202)
13  226.77 ms 38.104.89.26
14  610.42 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  243.85 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 16:51 EDT
Nmap scan report for sahl.gov.sd (138.128.160.2)
Host is up (0.23s latency).
rDNS record for 138.128.160.2: server.click-grafix.com

PORT   STATE SERVICE VERSION
53/tcp open  domain  ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
|_dns-fuzz: Server didn't response to our probe, can't fuzz
| dns-nsec-enum:
|_  No NSEC records found
| dns-nsec3-enum:
|_  DNSSEC NSEC3 not supported
| dns-nsid:
|_  bind.version: 9.9.4-RedHat-9.9.4-73.el7_6
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.18 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 15 hops
Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7

Host script results:
| dns-brute:
|_  DNS Brute-force hostnames: No results.

TRACEROUTE (using port 53/tcp)
HOP RTT       ADDRESS
1   116.90 ms 10.253.200.1
2   117.73 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   117.31 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   117.76 ms be3577.agr22.fra03.atlas.cogentco.com (154.25.5.53)
5   117.78 ms be2534.ccr42.fra03.atlas.cogentco.com (130.117.48.210)
6   131.98 ms be2800.ccr42.par01.atlas.cogentco.com (154.54.58.238)
7   201.55 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197)
8   205.36 ms be2807.ccr42.dca01.atlas.cogentco.com (154.54.40.110)
9   217.77 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
10  218.00 ms be2785.rcr21.jax01.atlas.cogentco.com (154.54.28.110)
11  223.34 ms be3639.rcr51.mco01.atlas.cogentco.com (154.24.19.133)
12  223.36 ms te0-0-1-0.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.23.202)
13  228.91 ms 38.104.89.26
14  388.87 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  229.38 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
http://sahl.gov.sd [302 Found] Apache, Country[UNITED STATES][US], HTTPServer[Apache], IP[138.128.160.2], PHP[5.6.40], RedirectLocation[http://sahl.gov.sd/index.php/ar/], X-Powered-By[PHP/5.6.40]
http://sahl.gov.sd/index.php/ar/ [200 OK] Apache, CodeIgniter-PHP-Framework[ci_session Cookie], Cookies[ci_session,user_lang], Country[UNITED STATES][US], Frame, Google-API[ajax/libs/jquery/1.9.1/jquery.min.js], HTML5, HTTPServer[Apache], IP[138.128.160.2], JQuery[1.11.0], PHP[5.6.40], PasswordField[memberpassword], Script[text/javascript], Title[شركة مطارات السودان القابضة], X-Powered-By[PHP/5.6.40]
#######################################################################################################################################

wig - WebApp Information Gatherer


Scanning http://sahl.gov.sd...
_____________________ SITE INFO ______________________
IP              Title
138.128.160.2   شركة مطارات السودان القابضة

______________________ VERSION _______________________
Name            Versions           Type
Apache                             Platform
PHP             5.6.40             Platform

____________________ INTERESTING _____________________
URL             Note               Type
/install.php    Installation file  Interesting
/test.php       Test file          Interesting

______________________________________________________
Time: 56.7 sec  Urls: 618          Fingerprints: 40401
#######################################################################################################################################
HTTP/1.1 302 Moved Temporarily
Date: Thu, 28 Mar 2019 20:53:38 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Location: http://sahl.gov.sd/index.php/ar/
Connection: close
Content-Type: text/html; charset=UTF-8

HTTP/1.1 302 Moved Temporarily
Date: Thu, 28 Mar 2019 20:53:38 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Location: http://sahl.gov.sd/index.php/ar/
Connection: close
Content-Type: text/html; charset=UTF-8

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2019 20:53:39 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Set-Cookie: user_lang=ar; expires=Thu, 28-Mar-2019 22:53:39 GMT; Max-Age=7200; path=/
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22aee3dfba87f96de7e94b6325516c67c2%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%2277.243.183.14%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A11%3A%22curl%2F7.64.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1553806419%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Db9bc8dfcf0c7958794a2694528eb48de; expires=Thu, 28-Mar-2019 22:53:39 GMT; Max-Age=7200; path=/
Connection: close
Content-Type: text/html; charset=UTF-8
#######################################################################################################################################
 Apache
 jQuery 1.11.0
 CodeIgniter
 PHP 5.6.40
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 16:54 EDT
Nmap scan report for sahl.gov.sd (138.128.160.2)
Host is up (0.23s latency).
rDNS record for 138.128.160.2: server.click-grafix.com

PORT    STATE SERVICE VERSION
110/tcp open  pop3    Dovecot pop3d
| pop3-brute:
|   Accounts: No valid accounts found
|   Statistics: Performed 85 guesses in 62 seconds, average tps: 1.5
|_  ERROR: Failed to connect.
|_pop3-capabilities: PIPELINING TOP CAPA AUTH-RESP-CODE UIDL RESP-CODES SASL(PLAIN LOGIN) USER STLS
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 15 hops

TRACEROUTE (using port 443/tcp)
HOP RTT       ADDRESS
1   111.43 ms 10.253.200.1
2   111.47 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   111.84 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   111.87 ms be3576.agr41.fra03.atlas.cogentco.com (154.25.5.49)
5   112.20 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
6   126.04 ms be2800.ccr42.par01.atlas.cogentco.com (154.54.58.238)
7   197.62 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197)
8   202.14 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
9   212.32 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
10  217.28 ms be2784.rcr21.jax01.atlas.cogentco.com (154.54.28.106)
11  230.26 ms be3641.rcr52.mco01.atlas.cogentco.com (154.24.22.125)
12  230.25 ms te0-0-1-3.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.25.30)
13  228.40 ms 38.104.89.26
14  231.68 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  228.13 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
https://sahl.gov.sd [302 Found] Apache, Country[UNITED STATES][US], HTTPServer[Apache], IP[138.128.160.2], PHP[5.6.40], RedirectLocation[http://sahl.gov.sd/index.php/ar/], X-Powered-By[PHP/5.6.40]
http://sahl.gov.sd/index.php/ar/ [200 OK] Apache, CodeIgniter-PHP-Framework[ci_session Cookie], Cookies[ci_session,user_lang], Country[UNITED STATES][US], Frame, Google-API[ajax/libs/jquery/1.9.1/jquery.min.js], HTML5, HTTPServer[Apache], IP[138.128.160.2], JQuery[1.11.0], PHP[5.6.40], PasswordField[memberpassword], Script[text/javascript], Title[شركة مطارات السودان القابضة], X-Powered-By[PHP/5.6.40]
#######################################################################################################################################
 Apache
 jQuery 1.11.0
 CodeIgniter
 PHP 5.6.40
#######################################################################################################################################
Version: 1.11.13-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 138.128.160.2

Testing SSL server sahl.gov.sd on port 443 using SNI name sahl.gov.sd

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
Accepted  TLSv1.2  256 bits  AES256-SHA256
Accepted  TLSv1.2  256 bits  AES256-SHA
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA
Accepted  TLSv1.2  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.2  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA
Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.1  256 bits  AES256-SHA
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.1  128 bits  AES128-SHA
Accepted  TLSv1.1  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.1  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA
Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.0  256 bits  AES256-SHA
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.0  128 bits  AES128-SHA
Accepted  TLSv1.0  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.0  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  sahl.gov.sd
Altnames: DNS:sahl.gov.sd, DNS:mail.sahl.gov.sd, DNS:www.sahl.gov.sd
Issuer:   sahl.gov.sd

Not valid before: Aug 12 19:41:13 2017 GMT
Not valid after:  Aug 12 19:41:13 2018 GMT
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:03 EDT
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.21s latency).
Not shown: 460 filtered ports, 9 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE
53/tcp  open  domain
80/tcp  open  http
143/tcp open  imap
443/tcp open  https
465/tcp open  smtps
587/tcp open  submission
993/tcp open  imaps
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:03 EDT
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.21s latency).
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open          domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:03 EDT
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.23s latency).

PORT   STATE SERVICE VERSION
53/tcp open  domain  ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
|_dns-fuzz: Server didn't response to our probe, can't fuzz
| dns-nsec-enum:
|_  No NSEC records found
| dns-nsec3-enum:
|_  DNSSEC NSEC3 not supported
| dns-nsid:
|_  bind.version: 9.9.4-RedHat-9.9.4-73.el7_6
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (90%)
OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: Linux 4.4 (90%), Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 4.0 (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 15 hops
Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7

Host script results:
| dns-brute:
|   DNS Brute-force hostnames:
|     mail.click-grafix.com - 138.128.160.2
|     www.click-grafix.com - 138.128.160.2
|     ftp.click-grafix.com - 138.128.160.2
|     ns1.click-grafix.com - 138.128.160.3
|     ns2.click-grafix.com - 138.128.160.4
|_    server.click-grafix.com - 138.128.160.2

TRACEROUTE (using port 53/tcp)
HOP RTT       ADDRESS
1   115.39 ms 10.253.200.1
2   115.42 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   115.80 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   115.97 ms be3576.agr41.fra03.atlas.cogentco.com (154.25.5.49)
5   116.41 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
6   130.28 ms be2800.ccr42.par01.atlas.cogentco.com (154.54.58.238)
7   198.15 ms be3628.ccr42.jfk02.atlas.cogentco.com (154.54.27.169)
8   204.95 ms be2807.ccr42.dca01.atlas.cogentco.com (154.54.40.110)
9   214.35 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
10  222.22 ms be2785.rcr21.jax01.atlas.cogentco.com (154.54.28.110)
11  226.58 ms be3641.rcr52.mco01.atlas.cogentco.com (154.24.22.125)
12  225.91 ms te0-0-1-3.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.25.30)
13  225.27 ms 38.104.89.26
14  387.25 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  225.34 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:04 EDT
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.23s latency).

PORT   STATE         SERVICE VERSION
67/udp open|filtered dhcps
|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
Too many fingerprints match this host to give specific OS details
Network Distance: 15 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   114.67 ms 10.253.200.1
2   115.04 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   115.06 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   115.46 ms be3577.agr22.fra03.atlas.cogentco.com (154.25.5.53)
5   115.44 ms be2533.ccr41.fra03.atlas.cogentco.com (130.117.48.158)
6   131.48 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
7   200.67 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197)
8   204.41 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
9   216.66 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
10  221.36 ms be2784.rcr21.jax01.atlas.cogentco.com (154.54.28.106)
11  223.10 ms be3639.rcr51.mco01.atlas.cogentco.com (154.24.19.133)
12  226.02 ms te0-0-1-0.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.23.202)
13  225.99 ms 38.104.89.26
14  237.46 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  226.01 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:06 EDT
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.23s latency).

PORT   STATE         SERVICE VERSION
68/udp open|filtered dhcpc
Too many fingerprints match this host to give specific OS details
Network Distance: 15 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   113.43 ms 10.253.200.1
2   113.46 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   113.46 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   113.47 ms be3577.agr22.fra03.atlas.cogentco.com (154.25.5.53)
5   113.62 ms be2533.ccr41.fra03.atlas.cogentco.com (130.117.48.158)
6   129.62 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
7   199.22 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197)
8   203.26 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
9   214.05 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
10  219.09 ms be2784.rcr21.jax01.atlas.cogentco.com (154.54.28.106)
11  222.99 ms be3639.rcr51.mco01.atlas.cogentco.com (154.24.19.133)
12  224.39 ms te0-0-1-0.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.23.202)
13  225.76 ms 38.104.89.26
14  456.34 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  226.18 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:08 EDT
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.23s latency).

PORT   STATE         SERVICE VERSION
69/udp open|filtered tftp
Too many fingerprints match this host to give specific OS details
Network Distance: 15 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   111.77 ms 10.253.200.1
2   111.99 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   112.19 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   112.58 ms be3577.agr22.fra03.atlas.cogentco.com (154.25.5.53)
5   112.39 ms be2533.ccr41.fra03.atlas.cogentco.com (130.117.48.158)
6   128.97 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
7   198.25 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197)
8   202.22 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
9   213.08 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
10  217.88 ms be2784.rcr21.jax01.atlas.cogentco.com (154.54.28.106)
11  223.16 ms be3639.rcr51.mco01.atlas.cogentco.com (154.24.19.133)
12  224.83 ms te0-0-1-0.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.23.202)
13  224.80 ms 38.104.89.26
14  507.57 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  225.38 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
wig - WebApp Information Gatherer


Scanning http://138.128.160.2...
_________________ SITE INFO __________________
IP              Title
138.128.160.2

__________________ VERSION ___________________
Name            Versions   Type
Apache                     Platform

______________________________________________
Time: 34.3 sec  Urls: 601  Fingerprints: 40401
#######################################################################################################################################
HTTP/1.1 200 OK
Date: Thu, 28 Mar 2019 21:11:06 GMT
Server: Apache
Last-Modified: Wed, 30 Jan 2019 02:03:25 GMT
ETag: "70a0253-a3-580a350ab9540"
Accept-Ranges: bytes
Content-Length: 163
Connection: close
Content-Type: text/html

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2019 21:11:07 GMT
Server: Apache
Last-Modified: Wed, 30 Jan 2019 02:03:25 GMT
ETag: "70a0253-a3-580a350ab9540"
Accept-Ranges: bytes
Content-Length: 163
Connection: close
Content-Type: text/html
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:11 EDT
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.22s latency).

PORT    STATE         SERVICE VERSION
123/udp open|filtered ntp
Too many fingerprints match this host to give specific OS details
Network Distance: 15 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   110.61 ms 10.253.200.1
2   110.64 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   111.07 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   111.41 ms be3577.agr22.fra03.atlas.cogentco.com (154.25.5.53)
5   111.10 ms be2533.ccr41.fra03.atlas.cogentco.com (130.117.48.158)
6   128.19 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
7   197.24 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197)
8   201.04 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
9   211.66 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
10  216.88 ms be2784.rcr21.jax01.atlas.cogentco.com (154.54.28.106)
11  222.02 ms be3639.rcr51.mco01.atlas.cogentco.com (154.24.19.133)
12  223.84 ms te0-0-1-0.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.23.202)
13  226.11 ms 38.104.89.26
14  301.72 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  224.35 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:13 EDT
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.23s latency).

PORT    STATE         SERVICE VERSION
161/tcp filtered      snmp
161/udp open|filtered snmp
Too many fingerprints match this host to give specific OS details
Network Distance: 15 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   116.87 ms 10.253.200.1
2   117.23 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   117.25 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   117.64 ms be3577.agr22.fra03.atlas.cogentco.com (154.25.5.53)
5   117.26 ms be2533.ccr41.fra03.atlas.cogentco.com (130.117.48.158)
6   129.86 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
7   198.87 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197)
8   203.23 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
9   215.67 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
10  219.09 ms be2784.rcr21.jax01.atlas.cogentco.com (154.54.28.106)
11  223.50 ms be3639.rcr51.mco01.atlas.cogentco.com (154.24.19.133)
12  230.74 ms te0-0-1-0.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.23.202)
13  230.56 ms 38.104.89.26
14  246.18 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  231.19 ms server.click-grafix.com (138.128.160.2)
#######################################################################################################################################
Version: 1.11.13-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 138.128.160.2

Testing SSL server 138.128.160.2 on port 443 using SNI name 138.128.160.2

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
Accepted  TLSv1.2  256 bits  AES256-SHA256
Accepted  TLSv1.2  256 bits  AES256-SHA
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA
Accepted  TLSv1.2  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.2  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA
Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.1  256 bits  AES256-SHA
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.1  128 bits  AES128-SHA
Accepted  TLSv1.1  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.1  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA
Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.0  256 bits  AES256-SHA
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.0  128 bits  AES128-SHA
Accepted  TLSv1.0  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.0  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  server.click-grafix.com
Altnames: DNS:server.click-grafix.com, DNS:www.server.click-grafix.com
Issuer:   cPanel, Inc. Certification Authority

Not valid before: Jul 24 00:00:00 2018 GMT
Not valid after:  Jul 24 23:59:59 2019 GMT
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:21 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 17:21
Completed NSE at 17:21, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 17:21
Completed NSE at 17:21, 0.00s elapsed
Initiating Ping Scan at 17:21
Scanning 138.128.160.2 [4 ports]
Completed Ping Scan at 17:21, 0.26s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:21
Completed Parallel DNS resolution of 1 host. at 17:21, 0.03s elapsed
Initiating Connect Scan at 17:21
Scanning server.click-grafix.com (138.128.160.2) [65535 ports]
Discovered open port 587/tcp on 138.128.160.2
Discovered open port 143/tcp on 138.128.160.2
Discovered open port 53/tcp on 138.128.160.2
Discovered open port 443/tcp on 138.128.160.2
Discovered open port 80/tcp on 138.128.160.2
Discovered open port 993/tcp on 138.128.160.2
Connect Scan Timing: About 5.24% done; ETC: 17:31 (0:09:21 remaining)
Connect Scan Timing: About 7.04% done; ETC: 17:35 (0:13:26 remaining)
Connect Scan Timing: About 13.98% done; ETC: 17:32 (0:09:20 remaining)
Connect Scan Timing: About 16.86% done; ETC: 17:36 (0:12:39 remaining)
Connect Scan Timing: About 20.83% done; ETC: 17:36 (0:11:51 remaining)
Connect Scan Timing: About 31.95% done; ETC: 17:32 (0:07:42 remaining)
Connect Scan Timing: About 46.47% done; ETC: 17:30 (0:04:44 remaining)
Connect Scan Timing: About 63.44% done; ETC: 17:28 (0:02:40 remaining)
Connect Scan Timing: About 82.22% done; ETC: 17:27 (0:01:06 remaining)
Completed Connect Scan at 17:26, 332.94s elapsed (65535 total ports)
Initiating Service scan at 17:26
Scanning 6 services on server.click-grafix.com (138.128.160.2)
Completed Service scan at 17:27, 14.51s elapsed (6 services on 1 host)
Initiating OS detection (try #1) against server.click-grafix.com (138.128.160.2)
Retrying OS detection (try #2) against server.click-grafix.com (138.128.160.2)
adjust_timeouts2: packet supposedly had rtt of -55473 microseconds.  Ignoring time.
Initiating Traceroute at 17:27
Completed Traceroute at 17:27, 0.41s elapsed
Initiating Parallel DNS resolution of 15 hosts. at 17:27
Completed Parallel DNS resolution of 15 hosts. at 17:27, 2.56s elapsed
NSE: Script scanning 138.128.160.2.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 17:27
NSE Timing: About 99.15% done; ETC: 17:27 (0:00:00 remaining)
NSE Timing: About 99.51% done; ETC: 17:28 (0:00:00 remaining)
Completed NSE at 17:28, 75.49s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.48s elapsed
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up, received syn-ack ttl 51 (0.13s latency).
Scanned at 2019-03-28 17:21:20 EDT for 432s
Not shown: 65024 filtered ports, 505 closed ports
Reason: 65024 no-responses and 505 conn-refused
PORT    STATE SERVICE    REASON  VERSION
53/tcp  open  domain     syn-ack ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
| dns-nsid:
|_  bind.version: 9.9.4-RedHat-9.9.4-73.el7_6
80/tcp  open  http       syn-ack Apache httpd
| http-methods:
|   Supported Methods: HEAD GET POST OPTIONS TRACE
|_  Potentially risky methods: TRACE
|_http-server-header: Apache
|_http-title: Site doesn't have a title (text/html).
143/tcp open  imap       syn-ack Dovecot imapd
|_imap-capabilities: ENABLE listed AUTH=LOGINA0001 NAMESPACE AUTH=PLAIN LITERAL+ post-login capabilities ID Pre-login IMAP4rev1 SASL-IR IDLE LOGIN-REFERRALS have STARTTLS more OK
|_ssl-date: TLS randomness does not represent time
443/tcp open  ssl/http   syn-ack Apache httpd
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=server.click-grafix.com/organizationalUnitName=PositiveSSL
| Subject Alternative Name: DNS:server.click-grafix.com, DNS:www.server.click-grafix.com
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US/localityName=Houston
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2018-07-24T00:00:00
| Not valid after:  2019-07-24T23:59:59
| MD5:   ef36 53dc cdf1 d27c e2d0 51c4 6362 d6d4
| SHA-1: 5187 e008 54ad a324 08d4 0e7b d84f e8f2 393e f965
| -----BEGIN CERTIFICATE-----
| MIIGQTCCBSmgAwIBAgIQT8KCl+8zC7CQ9uYDxKIzzTANBgkqhkiG9w0BAQsFADBy
| MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxEDAOBgNVBAcTB0hvdXN0b24xFTAT
| BgNVBAoTDGNQYW5lbCwgSW5jLjEtMCsGA1UEAxMkY1BhbmVsLCBJbmMuIENlcnRp
| ZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MDcyNDAwMDAwMFoXDTE5MDcyNDIzNTk1
| OVowWzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQL
| EwtQb3NpdGl2ZVNTTDEgMB4GA1UEAxMXc2VydmVyLmNsaWNrLWdyYWZpeC5jb20w
| ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/fYpGJ02yX0eUG2ihh+im
| 4DFiPfcFjX9vXOEAW93ToJNROXhCyRpd23JSO86fgQEiP4TKKMbnFYMnruTrOBKQ
| OGpFXjvFItBqjYBSdePxNcvCpU6inBzN3ZUpqw3WHCi+qoHUzkqE27gkaoygdtuL
| jl1EihNp0s/wBRt63AE+eU3re1KxOy1eBi3PEvP7+AIhWEqd2iyfHjfNRu3tlRgj
| O3W/y3CnhuEOyyX4LOwxPvkQHDGSSxqiiqoH0zEnHGbIQYA2c2AnRQ3yOnjn13ZC
| r48pR3b52/mpW8s6aJDmjdHUnbemv0k9Ijj8JpS5UBvzcKD0alLY3rrKi8B7vvg9
| AgMBAAGjggLoMIIC5DAfBgNVHSMEGDAWgBR+A1plQWunfgrhuJ0I6h2OHWrHZTAd
| BgNVHQ4EFgQU2Y+20s8w+YOm4cOKR3iXmedjQtYwDgYDVR0PAQH/BAQDAgWgMAwG
| A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1Ud
| IARIMEYwOgYLKwYBBAGyMQECAjQwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1
| cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMEwGA1UdHwRFMEMwQaA/oD2GO2h0
| dHA6Ly9jcmwuY29tb2RvY2EuY29tL2NQYW5lbEluY0NlcnRpZmljYXRpb25BdXRo
| b3JpdHkuY3JsMH0GCCsGAQUFBwEBBHEwbzBHBggrBgEFBQcwAoY7aHR0cDovL2Ny
| dC5jb21vZG9jYS5jb20vY1BhbmVsSW5jQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5j
| cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA/BgNVHREE
| ODA2ghdzZXJ2ZXIuY2xpY2stZ3JhZml4LmNvbYIbd3d3LnNlcnZlci5jbGljay1n
| cmFmaXguY29tMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcA7ku9t3XOYLrhQmkf
| q+GeZqMPfl+wctiDAMR7iXqo/csAAAFkyjfecAAABAMASDBGAiEA1gkICLUOquHw
| AbNuhRP932fABvQx/+D0Qtu7lAgKv0oCIQDMLECO0bYVBaBlw4p77z18sp6AZJpR
| ahZtv+puBgXVqQB1AHR+2oMxrTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAAB
| ZMo33q0AAAQDAEYwRAIgTfm2myATuvcT4nGzpxhuDgAZn2e+aBu22mYZZwgMB3IC
| IAjo+/G1DzbhaInmiI27aPg5Srwh7CcoPJhywc3He6EzMA0GCSqGSIb3DQEBCwUA
| A4IBAQA0wnmt9+d7pK/TtY+V+WeqpJ/v0EOAJYRQiP5ThRfjifn4SP+vVi7kc6dr
| gmkG35Ti9xlNI9H6Hmwc1zDHJuwyom3YaaKm01tq4i3stIZVsAQUxQO4gXoK3PUX
| ChLIa88YomTA6ZXJTftzbmZ1bwNAtwfWgzdQmhSZD7uP8x93qoB+KkLzBTV716cV
| pBcac3fq6sVIfnGlxNtQwFHClfuR/kWu1s/Efsj0ftRSNi9Yu1jjWny4OZ6Pfmli
| RzZ3EDSRfGtYYxaGIU9JRJClVUC8Ax335PlsodeibkYSMIrYAdXVLhbM0dPrZGje
| BOfeO+nIKr9fTlkEPMP6DkTuTxC1
|_-----END CERTIFICATE-----
|_ssl-date: TLS randomness does not represent time
587/tcp open  smtp       syn-ack Exim smtpd 4.91
| smtp-commands: server.click-grafix.com Hello server.click-grafix.com [77.243.183.14], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
| ssl-cert: Subject: commonName=server.click-grafix.com/organizationalUnitName=PositiveSSL
| Subject Alternative Name: DNS:server.click-grafix.com, DNS:www.server.click-grafix.com
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US/localityName=Houston
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2018-07-24T00:00:00
| Not valid after:  2019-07-24T23:59:59
| MD5:   ef36 53dc cdf1 d27c e2d0 51c4 6362 d6d4
| SHA-1: 5187 e008 54ad a324 08d4 0e7b d84f e8f2 393e f965
| -----BEGIN CERTIFICATE-----
| MIIGQTCCBSmgAwIBAgIQT8KCl+8zC7CQ9uYDxKIzzTANBgkqhkiG9w0BAQsFADBy
| MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxEDAOBgNVBAcTB0hvdXN0b24xFTAT
| BgNVBAoTDGNQYW5lbCwgSW5jLjEtMCsGA1UEAxMkY1BhbmVsLCBJbmMuIENlcnRp
| ZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MDcyNDAwMDAwMFoXDTE5MDcyNDIzNTk1
| OVowWzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQL
| EwtQb3NpdGl2ZVNTTDEgMB4GA1UEAxMXc2VydmVyLmNsaWNrLWdyYWZpeC5jb20w
| ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/fYpGJ02yX0eUG2ihh+im
| 4DFiPfcFjX9vXOEAW93ToJNROXhCyRpd23JSO86fgQEiP4TKKMbnFYMnruTrOBKQ
| OGpFXjvFItBqjYBSdePxNcvCpU6inBzN3ZUpqw3WHCi+qoHUzkqE27gkaoygdtuL
| jl1EihNp0s/wBRt63AE+eU3re1KxOy1eBi3PEvP7+AIhWEqd2iyfHjfNRu3tlRgj
| O3W/y3CnhuEOyyX4LOwxPvkQHDGSSxqiiqoH0zEnHGbIQYA2c2AnRQ3yOnjn13ZC
| r48pR3b52/mpW8s6aJDmjdHUnbemv0k9Ijj8JpS5UBvzcKD0alLY3rrKi8B7vvg9
| AgMBAAGjggLoMIIC5DAfBgNVHSMEGDAWgBR+A1plQWunfgrhuJ0I6h2OHWrHZTAd
| BgNVHQ4EFgQU2Y+20s8w+YOm4cOKR3iXmedjQtYwDgYDVR0PAQH/BAQDAgWgMAwG
| A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1Ud
| IARIMEYwOgYLKwYBBAGyMQECAjQwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1
| cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMEwGA1UdHwRFMEMwQaA/oD2GO2h0
| dHA6Ly9jcmwuY29tb2RvY2EuY29tL2NQYW5lbEluY0NlcnRpZmljYXRpb25BdXRo
| b3JpdHkuY3JsMH0GCCsGAQUFBwEBBHEwbzBHBggrBgEFBQcwAoY7aHR0cDovL2Ny
| dC5jb21vZG9jYS5jb20vY1BhbmVsSW5jQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5j
| cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA/BgNVHREE
| ODA2ghdzZXJ2ZXIuY2xpY2stZ3JhZml4LmNvbYIbd3d3LnNlcnZlci5jbGljay1n
| cmFmaXguY29tMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcA7ku9t3XOYLrhQmkf
| q+GeZqMPfl+wctiDAMR7iXqo/csAAAFkyjfecAAABAMASDBGAiEA1gkICLUOquHw
| AbNuhRP932fABvQx/+D0Qtu7lAgKv0oCIQDMLECO0bYVBaBlw4p77z18sp6AZJpR
| ahZtv+puBgXVqQB1AHR+2oMxrTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAAB
| ZMo33q0AAAQDAEYwRAIgTfm2myATuvcT4nGzpxhuDgAZn2e+aBu22mYZZwgMB3IC
| IAjo+/G1DzbhaInmiI27aPg5Srwh7CcoPJhywc3He6EzMA0GCSqGSIb3DQEBCwUA
| A4IBAQA0wnmt9+d7pK/TtY+V+WeqpJ/v0EOAJYRQiP5ThRfjifn4SP+vVi7kc6dr
| gmkG35Ti9xlNI9H6Hmwc1zDHJuwyom3YaaKm01tq4i3stIZVsAQUxQO4gXoK3PUX
| ChLIa88YomTA6ZXJTftzbmZ1bwNAtwfWgzdQmhSZD7uP8x93qoB+KkLzBTV716cV
| pBcac3fq6sVIfnGlxNtQwFHClfuR/kWu1s/Efsj0ftRSNi9Yu1jjWny4OZ6Pfmli
| RzZ3EDSRfGtYYxaGIU9JRJClVUC8Ax335PlsodeibkYSMIrYAdXVLhbM0dPrZGje
| BOfeO+nIKr9fTlkEPMP6DkTuTxC1
|_-----END CERTIFICATE-----
|_ssl-date: TLS randomness does not represent time
993/tcp open  ssl/imaps? syn-ack
|_ssl-date: TLS randomness does not represent time
Device type: general purpose|storage-misc|firewall
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (93%), Synology DiskStation Manager 5.X (87%), WatchGuard Fireware 11.X (87%), FreeBSD 6.X (86%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/o:freebsd:freebsd:6.2
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 3.10 - 3.12 (93%), Linux 4.4 (93%), Linux 4.9 (92%), Linux 3.10 (88%), Linux 3.10 - 3.16 (88%), Linux 4.0 (88%), Linux 3.11 - 4.1 (87%), Linux 2.6.32 (87%), Linux 2.6.32 or 3.10 (87%), Linux 2.6.39 (87%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.70%E=4%D=3/28%OT=53%CT=22%CU=%PV=N%DS=15%DC=T%G=N%TM=5C9D3C80%P=x86_64-pc-linux-gnu)
SEQ(SP=104%GCD=2%ISR=10D%TI=Z%TS=A)
OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
ECN(R=Y%DF=Y%TG=40%W=7210%O=M44FNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=N)
T7(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)

Uptime guess: 44.038 days (since Tue Feb 12 15:33:07 2019)
Network Distance: 15 hops
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   117.43 ms 10.253.200.1
2   118.50 ms w2.usinvelitvolupta.eu (89.249.64.129)
3   117.86 ms te0-3-1-5.201.nr51.b015923-1.fra03.atlas.cogentco.com (149.6.146.253)
4   118.49 ms be3577.agr22.fra03.atlas.cogentco.com (154.25.5.53)
5   118.26 ms be2533.ccr41.fra03.atlas.cogentco.com (130.117.48.158)
6   135.11 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
7   203.71 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197)
8   207.52 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
9   218.78 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
10  223.83 ms be2784.rcr21.jax01.atlas.cogentco.com (154.54.28.106)
11  228.73 ms be3639.rcr51.mco01.atlas.cogentco.com (154.24.19.133)
12  230.32 ms te0-0-1-0.nr11.b006655-1.mco01.atlas.cogentco.com (154.24.23.202)
13  230.30 ms 38.104.89.26
14  288.51 ms xe-1-3-core2.orl.hostdime.com (72.29.88.46)
15  231.15 ms server.click-grafix.com (138.128.160.2)

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 433.24 seconds
           Raw packets sent: 126 (10.528KB) | Rcvd: 268 (123.205KB)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-28 17:28 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 17:28
Completed Parallel DNS resolution of 1 host. at 17:28, 0.03s elapsed
Initiating UDP Scan at 17:28
Scanning server.click-grafix.com (138.128.160.2) [14 ports]
Discovered open port 53/udp on 138.128.160.2
Completed UDP Scan at 17:28, 2.27s elapsed (14 total ports)
Initiating Service scan at 17:28
Scanning 12 services on server.click-grafix.com (138.128.160.2)
Service scan Timing: About 16.67% done; ETC: 17:38 (0:08:10 remaining)
Completed Service scan at 17:30, 102.59s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against server.click-grafix.com (138.128.160.2)
Retrying OS detection (try #2) against server.click-grafix.com (138.128.160.2)
Initiating Traceroute at 17:30
Completed Traceroute at 17:30, 7.29s elapsed
Initiating Parallel DNS resolution of 1 host. at 17:30
Completed Parallel DNS resolution of 1 host. at 17:30, 0.01s elapsed
NSE: Script scanning 138.128.160.2.
Initiating NSE at 17:30
Completed NSE at 17:30, 20.29s elapsed
Initiating NSE at 17:30
Completed NSE at 17:30, 1.18s elapsed
Nmap scan report for server.click-grafix.com (138.128.160.2)
Host is up (0.17s latency).

PORT     STATE         SERVICE      VERSION
53/udp   open          domain       ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
| dns-nsid:
|_  bind.version: 9.9.4-RedHat-9.9.4-73.el7_6
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  filtered      netbios-ns
138/udp  filtered      netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details
Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7

TRACEROUTE (using port 137/udp)
HOP RTT       ADDRESS
1   110.59 ms 10.253.200.1
2   ... 3
4   113.44 ms 10.253.200.1
5   110.57 ms 10.253.200.1
6   110.57 ms 10.253.200.1
7   110.57 ms 10.253.200.1
8   110.58 ms 10.253.200.1
9   110.58 ms 10.253.200.1
10  110.67 ms 10.253.200.1
11  ... 18
19  114.45 ms 10.253.200.1
20  110.34 ms 10.253.200.1
21  ... 27
28  110.57 ms 10.253.200.1
29  110.75 ms 10.253.200.1
30  113.17 ms 10.253.200.1

NSE: Script Post-scanning.
Initiating NSE at 17:30
Completed NSE at 17:30, 0.00s elapsed
Initiating NSE at 17:30
Completed NSE at 17:30, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 139.70 seconds
           Raw packets sent: 135 (11.696KB) | Rcvd: 499 (147.476KB)
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          138.128.160.2
+ Target Hostname:    sahl.gov.sd
+ Target Port:        80
+ Start Time:         2019-03-28 16:30:48 (GMT-4)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: No banner retrieved
+ Retrieved x-powered-by header: PHP/5.6.40
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: http://sahl.gov.sd/index.php/ar/
+ Server banner has changed from '' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
+ Server may leak inodes via ETags, header found with file /, inode: 118096467, size: 163, mtime: Tue Jan 29 21:03:25 2019
+ Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
+ /securecontrolpanel/: Web Server Control Panel
+ /webmail/: Web based mail package installed.
+ /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
+ OSVDB-2117: /cpanel/: Web-based control panel
---------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          138.128.160.2
+ Target Hostname:    138.128.160.2
+ Target Port:        443
---------------------------------------------------------------------------------------------------------------------------------------
+ SSL Info:        Subject:  /OU=Domain Control Validated/OU=PositiveSSL/CN=server.click-grafix.com
                   Ciphers:  ECDHE-RSA-AES256-GCM-SHA384
                   Issuer:   /C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
+ Start Time:         2019-03-28 17:03:13 (GMT-4)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: Apache
+ Server may leak inodes via ETags, header found with file /, inode: 118096467, size: 163, mtime: Tue Jan 29 21:03:25 2019
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Hostname '138.128.160.2' does not match certificate's names: server.click-grafix.com
+ Allowed HTTP Methods: HEAD, GET, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
+ OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
---------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################
                                              Anonymous JTSEC #OpSudan Full Recon #49