Anonymous JTSEC #OpYemen Full Recon #4

#######################################################################################################################################
=======================================================================================================================================
Hostname 	acd.gov.ae 	  	ISP 	LeaseWeb Netherlands B.V.
Continent 	Europe 	  	Flag
NL
Country 	Netherlands 	  	Country Code 	NL
Region 	Unknown 	  	Local time 	23 Mar 2019 20:18 CET
City 	Unknown 	  	Postal Code 	Unknown
IP Address 	85.17.16.71 	  	Latitude 	52.382
  	  	  	Longitude 	4.9

=======================================================================================================================================
#######################################################################################################################################
> acd.gov.ae
Server:		38.132.106.139
Address:	38.132.106.139#53

Non-authoritative answer:
Name:	acd.gov.ae
Address: 85.17.16.71
>
#######################################################################################################################################
Domain Name:                     acd.gov.ae
Registrar ID:                    Etisalat
Registrar Name:                  Etisalat
Status:                          ok

Registrant:                      Ajman Civil Defense
Eligibility Type:                Government Approved
Eligibility Name:                Ajman Civil Defense

Registrant Contact ID:           R056935
Registrant Contact Name:         Ajman Civil Defense
Registrant Contact Email:        Visit whois.aeda.ae for Web based WhoIs

Tech Contact ID:                 C073269
Tech Contact Name:               Mansour M
Tech Contact Email:              Visit whois.aeda.ae for Web based WhoIs

Name Server:                     ns1.dimofinf.net
Name Server:                     ns2.dimofinf.net
Name Server:                     ns3.dimofinf.net
#######################################################################################################################################
[i] Scanning Site: https://acd.gov.ae


B A S I C   I N F O
=======================================================================================================================================


[+] Site Title:
            الادارة العامة للدفاع المدني عجمان
[+] IP address: 85.17.16.71
[+] Web Server: nginx
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt!


W H O I S   L O O K U P
=======================================================================================================================================

	Domain Name:                     acd.gov.ae
Registrar ID:                    Etisalat
Registrar Name:                  Etisalat
Status:                          ok

Registrant:                      Ajman Civil Defense
Eligibility Type:                Government Approved
Eligibility Name:                Ajman Civil Defense

Registrant Contact ID:           R056935
Registrant Contact Name:         Ajman Civil Defense
Registrant Contact Email:        Visit whois.aeda.ae for Web based WhoIs

Tech Contact ID:                 C073269
Tech Contact Name:               Mansour M
Tech Contact Email:              Visit whois.aeda.ae for Web based WhoIs

Name Server:                     ns1.dimofinf.net
Name Server:                     ns2.dimofinf.net
Name Server:                     ns3.dimofinf.net


G E O  I P  L O O K  U P
=======================================================================================================================================

[i] IP Address: 85.17.16.71
[i] Country: Netherlands
[i] State:
[i] City:
[i] Latitude: 52.3824
[i] Longitude: 4.8995


H T T P   H E A D E R S
=======================================================================================================================================


[i]  HTTP/1.1 301 Moved Permanently
[i]  Server: nginx
[i]  Date: Sat, 23 Mar 2019 19:27:06 GMT
[i]  Content-Type: text/html; charset=iso-8859-1
[i]  Content-Length: 290
[i]  Connection: close
[i]  Location: https://acd.gov.ae/ar
[i]  X-XSS-Protection: 1; mode=block
[i]  X-Nginx-Cache-Status: MISS
[i]  X-Server-Powered-By: Dimofinf INC
[i]  HTTP/1.1 301 Moved Permanently
[i]  Server: nginx
[i]  Date: Sat, 23 Mar 2019 19:27:06 GMT
[i]  Content-Type: text/html; charset=iso-8859-1
[i]  Content-Length: 291
[i]  Connection: close
[i]  Location: https://acd.gov.ae/ar/
[i]  X-XSS-Protection: 1; mode=block
[i]  X-Nginx-Cache-Status: MISS
[i]  X-Server-Powered-By: Dimofinf INC
[i]  HTTP/1.1 200 OK
[i]  Server: nginx
[i]  Date: Sat, 23 Mar 2019 19:27:07 GMT
[i]  Content-Type: text/html
[i]  Connection: close
[i]  Vary: Accept-Encoding
[i]  X-Frame-Options: SAMEORIGIN
[i]  Set-Cookie: csrf_cookie_name=72dec6e7962eaa6512e6d56e3740e08b; expires=Mon, 01-Apr-2019 03:27:07 GMT; path=/; secure
[i]  Set-Cookie: ci_session=DY0vZu2FFqL110%2Bhi%2Bk%2F4Hpbzmgg%2B2l4R4ME87yD%2FNbtyVx%2FOLE67ziFaz4ueasZx3GIqu5BGbKxkgkHGcVtJ1ifxnPwNyX5sW%2FgD3IEwhKMV3diZIuNu4UsQ78su7FoWlhwdHWpUxRz46cwVN3kNOs4s9cdB3LszlFqDWjRSKdx%2FRzgwRX2WL9CAOlkMnFplcA%2Fnpnx4AovxB0pSKfp6F00rzM6UwhkiT7tSzD7MeJA4t6hyVyqCWWtjSSzcJI2u8aFVHgT2r4bG4Zvqxj7USLBwG3pCYYNCvmQ6o%2B%2BeaA%3Df0734b7d39e538c3096849d88d5f13b767b8b32e; path=/; secure
[i]  X-XSS-Protection: 1; mode=block
[i]  X-Nginx-Cache-Status: EXPIRED
[i]  X-Server-Powered-By: Dimofinf INC


D N S   L O O K U P
=======================================================================================================================================

acd.gov.ae.		14399	IN	TXT	"v=spf1 ip4:85.17.16.71 ip4:85.17.140.197 +a +mx +ip4:94.75.198.117 ~all"
acd.gov.ae.		21599	IN	SOA	ns1.dimofinf.net. dedicated.server.dimofinf.net.sa. 2018092304 3600 7200 1209600 86400
acd.gov.ae.		21599	IN	NS	ns1.dimofinf.net.
acd.gov.ae.		21599	IN	NS	ns2.dimofinf.net.
acd.gov.ae.		21599	IN	NS	ns3.dimofinf.net.
acd.gov.ae.		14399	IN	A	85.17.16.71
acd.gov.ae.		14399	IN	MX	0 acd.gov.ae.


S U B N E T   C A L C U L A T I O N
=======================================================================================================================================

Address       = 85.17.16.71
Network       = 85.17.16.71 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 85.17.16.71 - 85.17.16.71 }


N M A P   P O R T   S C A N
=======================================================================================================================================

Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 19:27 UTC
Nmap scan report for acd.gov.ae (85.17.16.71)
Host is up (0.088s latency).
rDNS record for 85.17.16.71: unlimited3.dimofinf.net

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds
######################################################################################################################################
[?] Enter the target: example( http://domain.com )
https://acd.gov.ae/ar/
[!] IP Address : 85.17.16.71
[!] acd.gov.ae doesn't seem to use a CMS
[+] Honeypot Probabilty: 30%
--------------------------------------------------------------------------------------------------------------------------------------
[~] Trying to gather whois information for acd.gov.ae
[+] Whois information found
[-] Unable to build response, visit https://who.is/whois/acd.gov.ae
--------------------------------------------------------------------------------------------------------------------------------------
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 1.75 seconds
---------------------------------------------------------------------------------------------------------------------------------------

[+] DNS Records
ns1.dimofinf.net. (45.55.127.247) AS14061 Digital Ocean, Inc. United States
ns3.dimofinf.net. (95.179.144.169) AS16022 Cosmoline Telecommunication Services S.A. Greece
ns2.dimofinf.net. (167.99.30.33) United States United States

[+] MX Records
0 (85.17.16.71) AS60781 LeaseWeb  B.V. Netherlands

[+] Host Records (A)
acd.gov.ae (unlimited3.dimofinf.net) (85.17.16.71) AS60781 LeaseWeb  B.V. Netherlands

[+] TXT Records
"v=spf1 ip4:85.17.16.71 ip4:85.17.140.197 +a +mx +ip4:94.75.198.117 ~all"

[+] DNS Map: https://dnsdumpster.com/static/map/acd.gov.ae.png

[>] Initiating 3 intel modules
[>] Loading Alpha module (1/3)
[>] Beta module deployed (2/3)
[>] Gamma module initiated (3/3)


[+] Emails found:
---------------------------------------------------------------------------------------------------------------------------------------
info@acd.gov.ae
pixel-1553369224278534-web-@acd.gov.ae
pixel-1553369225718162-web-@acd.gov.ae

[+] Hosts found in search engines:
---------------------------------------------------------------------------------------------------------------------------------------
[-] Resolving hostnames IPs...
85.17.16.71:www.acd.gov.ae
[+] Virtual hosts:
---------------------------------------------------------------------------------------------------------------------------------------
85.17.16.71	sanaacenter.org
85.17.16.71	theexecutiveclinic.care
85.17.16.71	www.qassimnews.com
85.17.16.71	acd.gov.ae
85.17.16.71	www.arartoday.org
85.17.16.71	tadawi.com
85.17.16.71	www.ahl-quran.com
85.17.16.71	daralthakafa.net
85.17.16.71	www.kcci.org.sa
85.17.16.71	www.chf9.com
85.17.16.71	www.noorld.com
85.17.16.71	www.smsstore.net
85.17.16.71	www.echobeirut.com
85.17.16.71	www.tawwater.com
85.17.16.71	s-t.sa
85.17.16.71	kpte.edu.sa
#######################################################################################################################################
Enter Address Website = acd.gov.ae

Reversing IP With HackTarget 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

[+] 4architects.net
[+] 4uexpo.brainybeauty.care
[+] 4uexpo.com
[+] 5brt.com
[+] 5brt.iwaleed.com
[+] 5hawas.com
[+] 6yb.net
[+] aaasnews.com
[+] aaba.aaba.sa
[+] aabaor.aaba.sa
[+] aaba.org.sa
[+] aaba.sa
[+] aali.top2top.net
[+] abha.city
[+] abhacity.altaledi.net
[+] abo-aadell.com
[+] abu3li.com
[+] abu-gais.com
[+] abuhaffash.com
[+] acd.gov.ae
[+] addonline.tasksaudi.com
[+] ae.edu.sa
[+] afaqalawazel.com.sa
[+] afaqalwazel.com
[+] agaarat.com
[+] ahawajigroup.com
[+] ahl-quran.com
[+] ahmedzagzoog.info
[+] akalinhukuk.org
[+] alahliaalhaditha.com
[+] alahsaonline.com
[+] alajiyalschools.com
[+] alalyan.net
[+] alamirkamalfarag.com
[+] alamirkamalfarag.net
[+] alashrygroup.com
[+] alashrygroup.rubixstore.com
[+] alasllm.com
[+] alasllm.net
[+] alasmari.net
[+] albirk.org.sa
[+] albrhajrah.com
[+] alfabread.com
[+] alfabread.net
[+] alfahirh.net
[+] alfahirh.net.sa
[+] alfalgi.sys-gen.com
[+] alfiqhia.org.sa
[+] algnob.com
[+] alhaiyrat.al-naddaf.com
[+] alhaiyrat.com
[+] alhayadra.com
[+] alhazza3.sa
[+] al-hosin.sch.sa
[+] ali.alalyan.net
[+] aljadiah.com
[+] al-jameel.com
[+] aljawharafactory.net
[+] aljoaf.net
[+] alkairiah.org
[+] alkhaldi.me
[+] alkuytem.com
[+] al-lina.sa
[+] alm3ally.ae
[+] alm3ally.alm3ally.com
[+] alm3ally.com
[+] alm3ally.net
[+] almahaniber.com
[+] almoona.com
[+] almtkamelstore.sa
[+] almurjanumra.com
[+] al-muthaqaf.net
[+] al-naddaf.com
[+] alolyan.net
[+] alrassclub.com
[+] alrawafedpress.com
[+] alremal.aswaqnajran.com
[+] alsahafa.alamirkamalfarag.net
[+] alsahafa.org
[+] alsaifcharity.org
[+] alsendian.com.sa
[+] alshehri.funlearn.us
[+] alshoogg.com
[+] alshref.net
[+] alsooman.com
[+] alsoque.com
[+] alsudaisholding.com
[+] altaledi.net
[+] alwajihah.com
[+] alzahban.alasmari.net
[+] alzahban.com
[+] a.mix-sat.net
[+] anbahail.com
[+] aon.sa
[+] api.aaba.sa
[+] ar-01.com
[+] arabinternalauditors.com
[+] arartoday.org
[+] ar.emanfathy.top2top.net
[+] art4arab.com
[+] art4arab.jwaadalfajer.com
[+] aryafcs.ayyar.net
[+] aryafcs.com.sa
[+] ascorp.info
[+] asem.ayyar.net
[+] asfms.org
[+] asfms.rubixstore.com
[+] ashwaqalmarshad.ayyar.net
[+] ashwaqalmarshad.com
[+] asnanmagazine.com
[+] assets.kcci.org.sa
[+] aswaqnajran.com
[+] atheerco.sa
[+] avl1.scitechs.tech
[+] awcc.com.sa
[+] ayar.ayyar.net
[+] ayarfilm.ayyar.net
[+] ayar.sa
[+] aytam-muhail.org
[+] ayyar.net
[+] b9mah.com
[+] baladi.mmc.gov.sa
[+] balsamalhayat.com
[+] basamaat.sa
[+] bbme.tasksaudi.com
[+] bbm.tasksaudi.com
[+] bbr.com.sa
[+] beta.sanaacenter.org
[+] beta.shotslab.com
[+] biralkbra.com
[+] bir-subikha.org
[+] bitcoincoins.net
[+] bitcoincoins.tasksaudi.com
[+] black-cow.com
[+] blog.smsstore.net
[+] bm.ayyar.net
[+] bnanaa.com
[+] brainybeauty.care
[+] brod-send.com
[+] brod-send.link-card.net
[+] calendar.alalyan.net
[+] card-com.link-card.net
[+] ccass.ws
[+] cdhcp.org
[+] chf9.com
[+] chibox.net
[+] coinsnow.net
[+] coinsnow.tasksaudi.com
[+] controlp.sa
[+] cookinghome.net
[+] cookkitchen.net
[+] cookkitchen.tasksaudi.com
[+] co.souqdreamtech.com
[+] costna1.lebaitok.com
[+] costna1.planlearn.com
[+] costna.com
[+] costna.lebaitok.com
[+] costna.planlearn.com
[+] cpanel.dojovz.com
[+] cpanel.mashahed.org
[+] cpanel.mcegulf.com
[+] cpanel.spiderweb-int.com
[+] cpanel.world0market.com
[+] cpanel.wurudcity.com
[+] cp.world0market.com
[+] creativetrader.com
[+] creativetrader.creativetrader.com
[+] creativetrader.net
[+] ctraderc.creativetrader.com
[+] ctrader.creativetrader.com
[+] cts.sa
[+] cutt.one
[+] czech-today.com
[+] danplastic.com
[+] daralislam.net
[+] daralthakafa.com.sa
[+] daralthakafa.net
[+] darco.sa
[+] dawaweninvest.com
[+] dawaweninvest.southwind.com.sa
[+] dc-5ea389333bd7.mix-sat.net
[+] dc-7bc60e6d114b.barada.org
[+] dc-7ea57a1a04a2.0096600.com
[+] dc-957a2eca721e.turkenterprise.com
[+] dc-b15882dc1b9c.emiregroup.com
[+] dc-bd0c179e3727.turkadventures.com
[+] dc-cb96bcca6bb4.alyasamin.com
[+] dc-f58d991a836c.emirehomes.com
[+] dcr.org.sa
[+] deifco.com
[+] deliciousdates.net
[+] deliciousdates.noorsa.net
[+] demo.kcci.org.sa
[+] dev.healthylife-store.com
[+] dhai3.ayyar.net
[+] dhai.ayyar.net
[+] dhouse.com.sa
[+] digitalways.com.sa
[+] dimot-now.net
[+] docs.alalyan.net
[+] dojovz.com
[+] drassaforum.com
[+] ds.aaba.sa
[+] ebdaa-am.sys-gen.com
[+] ec.com.kw
[+] echobeirut.com
[+] eci.sa
[+] ecoworldmag.net
[+] edu-muhayil.aytam-muhail.org
[+] edu-muhayil.com
[+] efadhar.com
[+] egylens.moverz-adv.com
[+] egylens.net
[+] ehealth.ayyar.net
[+] ehealthsa.ayyar.net
[+] ehealthsa.com
[+] ehealthsaorg2.ayyar.net
[+] eidbadr.com
[+] elsohiebtravel.com
[+] elsohiebtravel.rubixstore.com
[+] email.alalyan.net
[+] emanfathy.top2top.net
[+] emireinsaat.com
[+] emireturizm.com
[+] en.al-lina.sa
[+] eretina.ayyar.net
[+] eshraqtafif.com
[+] eshraqtafif.com.futurewit.com
[+] eshraqtafif.futurewit.com
[+] esociety.ayyar.net
[+] e.souqdreamtech.com
[+] esraa.top2top.net
[+] estithmar.org.sa
[+] evart.sa
[+] examsc.com
[+] examsc.tasksaudi.com
[+] far-edu.com
[+] fcp.sa
[+] fiap-sa.net
[+] foqaatstore.com
[+] forms.rsmbsma.com
[+] frtitanium.com
[+] funlearn.us
[+] funskids.com
[+] funskids.tasksaudi.com
[+] futurewit.com
[+] games.funskids.com
[+] gisksu.alasmari.net
[+] gisksu.com
[+] good-part.com
[+] groups.rawdahedu.gov.sa
[+] gsa-ksa.dimot-now.net
[+] g.souqdreamtech.com
[+] gulfsoft.net
[+] gulfsupply.com.sa
[+] gwtc.com.sa
[+] hadiasiri.com
[+] hadiasiri.link-card.net
[+] hameed.top2top.net
[+] haniphoto.com
[+] haqal-bir.org
[+] haql415.com
[+] hashimsarhan.com
[+] hayatfoundation.org.sa
[+] hazem.top2top.net
[+] hcdp.gov.sa
[+] healthylife-store.com
[+] helloegy.alamirkamalfarag.net
[+] helloegy.net
[+] heznah.khdsite.com
[+] heznah.net
[+] hilalcom.net
[+] hopish.net
[+] hormz.com
[+] imaneiat.com
[+] insat.com.sa
[+] islamsky.org
[+] islamsky.org.islamsky.org
[+] iswitch.sa
[+] itariq.net
[+] iwaleed.com
[+] jaf-female.com
[+] jeelmubdea.com
[+] jeelmubdea.lebaitok.com
[+] jeerah.sa
[+] jhaql.com
[+] joketech.com
[+] joketech.net
[+] jwaadalfajer.com
[+] k1429.com
[+] kasit.net
[+] kayan-ye.org
[+] kcci.org.sa
[+] kgh.med.sa
[+] khdsite.com
[+] kpte.edu.sa
[+] ksatalent.org
[+] ksavape.com
[+] ksawrestling.sa
[+] ksmsg.khdsite.com
[+] labibah.com
[+] lazimna.com
[+] lazimna.mts-jo.com
[+] lazmna.com
[+] lazmna.mts-jo.com
[+] leart.ayyar.net
[+] leart.sa
[+] lebaitok.com
[+] lhzah.com
[+] link-card.net
[+] l.lost-angel.net
[+] lmssat.com
[+] lost-angel.net
[+] lotus.sa
[+] madeingermany.shopping
[+] madinahriders.com
[+] madrasa-quranya-qus.com
[+] madrasa-quranya-qus.rubixstore.com
[+] mahmoudramadan.com
[+] mahmoudramadan.nashatak.com
[+] mahotels.net
[+] mail.0096600.com
[+] mail.almuslimi.net
[+] mail.alyasamin.com
[+] mail.barada.org
[+] mail.danplastic.com
[+] mail.qortobhedu.gov.sa
[+] mail.valuesource.com.sa
[+] mail.visit.com.sa
[+] mail.wtniaat.com
[+] majed.alalyan.net
[+] makec.com.sa
[+] mariamnabeil.top2top.net
[+] mashahed.org
[+] massarrent.com.sa
[+] ma-studios.net
[+] math3fif.com
[+] math3fif.futurewit.com
[+] mawed.sa
[+] mawtenalakhbar.alahsaonline.com
[+] mawtenalakhbar.com
[+] mcegulf.com
[+] mdrstna.com
[+] mdrstna.iwaleed.com
[+] mediafriendstravel.rubixstore.com
[+] mettleofmuslem.net
[+] minibaby.sa
[+] mixmaxeg.nashatak.com
[+] mix-sat.com
[+] mksholding.com.sa
[+] mksholding.southwind.com.sa
[+] mmc.gov.sa
[+] mollaborjan.com
[+] monomar.moverz-adv.com
[+] monomar.net
[+] moverz-adv.com
[+] mp3ar.funskids.com
[+] m.souqdreamtech.com
[+] mts-jo.com
[+] mustroke.com
[+] mwasalatmisr.verbintech.com
[+] my-power.net
[+] nashatak.com
[+] nawaonline.net
[+] nawatwater.sa
[+] nesmainternational.com
[+] netriacom.com
[+] news.aaba.sa
[+] news.abuhaffash.com
[+] news.net.sa
[+] newstepbay.com
[+] nextech.com.sa
[+] n.ntklm.com
[+] nookda.com
[+] noorld.com
[+] noorsa.net
[+] noorsms.net
[+] nourankhaled.top2top.net
[+] ntklm.com
[+] oils-brand.com
[+] old.kcci.org.sa
[+] olympia.care
[+] olympia.theexecutiveclinic.care
[+] openstoreksa.com
[+] opt.sa
[+] othmani.qurantech.com
[+] palqemam.com
[+] payrollgate.net
[+] peco.sa.com
[+] pharmachaingroup.com
[+] picasa.com.ayyar.net
[+] planlearn.com
[+] pm.ayyar.net
[+] pnc.com.sa
[+] points.lebaitok.com
[+] points.planlearn.com
[+] prayertimes.qurantech.com
[+] projects.dimofinf.net
[+] ptco-ksa.com
[+] pulmocon.ayyar.net
[+] q0qq.com
[+] qaraye.com
[+] qassimnews.com
[+] qmak.org
[+] qortobhedu.gov.sa
[+] qtel.com.sa
[+] qtel.southwind.com.sa
[+] qurantech.com
[+] qurantech.tasksaudi.com
[+] radamwebapi.ssth.com.sa
[+] radofhotels.com
[+] ramintgroup.com
[+] rania.top2top.net
[+] rawdahedu.gov.sa
[+] reflectionprod.com
[+] rekaazmt.net
[+] rewaitataa.com
[+] root.aljoaf.net
[+] rowad-academy.com
[+] rsmbsma.com
[+] rubixstore.com
[+] ryash.com.sa
[+] s3adblog.com
[+] s7cc.com.sa
[+] s.aaba.sa
[+] sacisforum.ayyar.net
[+] salahmohamd.top2top.net
[+] samaq-sa.com
[+] samir.top2top.net
[+] sanaacenter.org
[+] saraalmuhanna.ayyar.net
[+] saraalmuhanna.com
[+] saudiecho.ayyar.net
[+] saudisct.ayyar.net
[+] saudiusd.alasmari.net
[+] saudiusd.com
[+] sauuk.alasmari.net
[+] sauuk.com
[+] scitechs.com.sa
[+] scitechs.scitechs.com.sa
[+] scitechs.tech
[+] securitypolice.ayyar.net
[+] seeyounow.alamirkamalfarag.net
[+] seeyounow.net
[+] sgis.alasmari.net
[+] sgis.me
[+] shahdalazhaar.com
[+] sharkoony.com
[+] shotslab.com
[+] shotslab.moverz-adv.com
[+] siba-humanitarian-team.com
[+] sidramall.aswaqnajran.com
[+] signforyemen.net
[+] smanajran.com
[+] smsstore.net
[+] snape.tasksaudi.com
[+] snapiraq.tasksaudi.com
[+] snaps.tasksaudi.com
[+] snap.tasksaudi.com
[+] soc-s.com
[+] soc.ssrrr22.com
[+] souqdreamtech.com
[+] souqsawa.com
[+] southwind.com.sa
[+] spiderweb-int.com
[+] srpc-studio.com
[+] ssepilepsy.ayyar.net
[+] sso.ayyar.net
[+] sso.org.sa
[+] ssrrr22.com
[+] ssth.com.sa
[+] s-t.altaledi.net
[+] starlight.arabinternalauditors.com
[+] store.hadiasiri.com
[+] store.healthylife-store.com
[+] s-t.sa
[+] sts.com.sa
[+] sucantv.com
[+] sudanianews.net
[+] sudanpoem.net
[+] sunsetuae.alm3ally.com
[+] sunsetuae.com
[+] swa.verbintech.com
[+] syriansooq.com
[+] sys-gen.com
[+] tabashiralmajd.com.sa
[+] tabrak-najed.com
[+] tabukmc.com
[+] tadawi.com
[+] taifsheart.com
[+] tamkeen.info
[+] tanmiahtbashah.com
[+] tasksaudi.com
[+] tawasolsms.net
[+] tawwater.com
[+] tech-view.link-card.net
[+] tech-view.net
[+] tera-mall.com
[+] ter.brainybeauty.care
[+] ter.com.sa
[+] ter.sa
[+] tersa.brainybeauty.care
[+] test.alrawafedpress.com
[+] test.controlp.sa
[+] test.moverz-adv.com
[+] test.my-power.net
[+] t-g1mes.com
[+] t-g1mes.link-card.net
[+] theexecutiveclinic.care
[+] times.qurantech.com
[+] tnco.com.kw
[+] tokushimed.com
[+] toolsarts.com
[+] toolsarts.moverz-adv.com
[+] topazmena.com
[+] tr.al-lina.sa
[+] travelersholidays.com
[+] t-tabb-rr.com
[+] tu4tu.com
[+] tubeislam.net
[+] tube.jwaadalfajer.com
[+] turkieshop.com
[+] unitedgroup.moverz-adv.com
[+] unlimited3.dimofinf.net
[+] up.alkhaldi.me
[+] vb.aljoaf.net
[+] verbintech.com
[+] verbintech.rubixstore.com
[+] vibes-ksa.com
[+] wadi-abian.com.sa
[+] wateennews.com
[+] webdisk.dojovz.com
[+] webdisk.mashahed.org
[+] webdisk.mcegulf.com
[+] webdisk.spiderweb-int.com
[+] webdisk.wurudcity.com
[+] webmail.dojovz.com
[+] webmail.mashahed.org
[+] webmail.mcegulf.com
[+] webmail.spiderweb-int.com
[+] webmail.wurudcity.com
[+] webzone-eg.rubixstore.com
[+] wle3d.com
[+] wle3d.iwaleed.com
[+] wnstudiosa.ayyar.net
[+] wnstudiosa.com
[+] world0business.com
[+] world0holding.com
[+] world0market.com
[+] wp.hashimsarhan.com
[+] wurudcity.com
[+] www.4uexpo.brainybeauty.care
[+] www.5brt.iwaleed.com
[+] www.aaba.aaba.sa
[+] www.aabaor.aaba.sa
[+] www.abhacity.altaledi.net
[+] www.addonline.tasksaudi.com
[+] www.adm.aljoaf.net
[+] www.alashrygroup.rubixstore.com
[+] www.alfalgi.sys-gen.com
[+] www.alhaiyrat.al-naddaf.com
[+] www.ali.alalyan.net
[+] www.alm3ally.alm3ally.com
[+] www.alremal.aswaqnajran.com
[+] www.alsahafa.alamirkamalfarag.net
[+] www.alshehri.funlearn.us
[+] www.alzahban.alasmari.net
[+] www.api.aaba.sa
[+] www.ar.emanfathy.top2top.net
[+] www.art4arab.jwaadalfajer.com
[+] www.aryafcs.ayyar.net
[+] www.asem.ayyar.net
[+] www.asfms.rubixstore.com
[+] www.ashwaqalmarshad.ayyar.net
[+] www.assets.kcci.org.sa
[+] www.avl1.scitechs.tech
[+] www.ayar.ayyar.net
[+] www.ayarfilm.ayyar.net
[+] www.baladi.mmc.gov.sa
[+] www.barada.org
[+] www.bbme.tasksaudi.com
[+] www.bbm.tasksaudi.com
[+] www.beta.sanaacenter.org
[+] www.beta.shotslab.com
[+] www.bitcoincoins.tasksaudi.com
[+] www.blog.smsstore.net
[+] www.bm.ayyar.net
[+] www.brod-send.link-card.net
[+] www.calendar.alalyan.net
[+] www.card-com.link-card.net
[+] www.coinsnow.tasksaudi.com
[+] www.cookkitchen.tasksaudi.com
[+] www.co.souqdreamtech.com
[+] www.costna1.lebaitok.com
[+] www.costna.lebaitok.com
[+] www.costna.planlearn.com
[+] www.cpanel.world0market.com
[+] www.cp.world0market.com
[+] www.creativetrader.creativetrader.com
[+] www.ctraderc.creativetrader.com
[+] www.ctrader.creativetrader.com
[+] www.dawaweninvest.southwind.com.sa
[+] www.deliciousdates.noorsa.net
[+] www.demo.kcci.org.sa
[+] www.dev.healthylife-store.com
[+] www.dhai3.ayyar.net
[+] www.dhai.ayyar.net
[+] www.docs.alalyan.net
[+] www.ds.aaba.sa
[+] www.ebdaa-am.sys-gen.com
[+] www.edu-muhayil.aytam-muhail.org
[+] www.egylens.moverz-adv.com
[+] www.ehealth.ayyar.net
[+] www.ehealthsa.ayyar.net
[+] www.ehealthsaorg2.ayyar.net
[+] www.elsohiebtravel.rubixstore.com
[+] www.email.alalyan.net
[+] www.en.al-lina.sa
[+] www.eretina.ayyar.net
[+] www.eshraqtafif.com.futurewit.com
[+] www.eshraqtafif.futurewit.com
[+] www.esociety.ayyar.net
[+] www.e.souqdreamtech.com
[+] www.examsc.tasksaudi.com
[+] www.forms.rsmbsma.com
[+] www.forum.aljoaf.net
[+] www.funskids.tasksaudi.com
[+] www.games.funskids.com
[+] www.gisksu.alasmari.net
[+] www.groups.rawdahedu.gov.sa
[+] www.gsa-ksa.dimot-now.net
[+] www.g.souqdreamtech.com
[+] www.hadiasiri.link-card.net
[+] www.helloegy.alamirkamalfarag.net
[+] www.heznah.khdsite.com
[+] www.islamsky.org.islamsky.org
[+] www.jeelmubdea.lebaitok.com
[+] www.kpte.edu.sa
[+] www.ksmsg.khdsite.com
[+] www.lazimna.mts-jo.com
[+] www.lazmna.mts-jo.com
[+] www.leart.ayyar.net
[+] www.l.lost-angel.net
[+] www.madrasa-quranya-qus.rubixstore.com
[+] www.mahmoudramadan.nashatak.com
[+] www.majed.alalyan.net
[+] www.math3fif.futurewit.com
[+] www.mawtenalakhbar.alahsaonline.com
[+] www.mdrstna.iwaleed.com
[+] www.mediafriendstravel.rubixstore.com
[+] www.mixmaxeg.nashatak.com
[+] www.mksholding.southwind.com.sa
[+] www.monomar.moverz-adv.com
[+] www.mp3ar.funskids.com
[+] www.m.souqdreamtech.com
[+] www.mwasalatmisr.verbintech.com
[+] www.news.aaba.sa
[+] www.news.abuhaffash.com
[+] www.n.ntklm.com
[+] www.old.kcci.org.sa
[+] www.olympia.theexecutiveclinic.care
[+] www.othmani.qurantech.com
[+] www.picasa.com.ayyar.net
[+] www.planlearn.lebaitok.com
[+] www.pm.ayyar.net
[+] www.points.lebaitok.com
[+] www.prayertimes.qurantech.com
[+] www.pulmocon.ayyar.net
[+] www.qtel.southwind.com.sa
[+] www.qurantech.tasksaudi.com
[+] www.radamwebapi.ssth.com.sa
[+] www.root.aljoaf.net
[+] www.s.aaba.sa
[+] www.sacisforum.ayyar.net
[+] www.saraalmuhanna.ayyar.net
[+] www.saudiecho.ayyar.net
[+] www.saudisct.ayyar.net
[+] www.saudiusd.alasmari.net
[+] www.sauuk.alasmari.net
[+] www.scitechs.scitechs.com.sa
[+] www.securitypolice.ayyar.net
[+] www.seeyounow.alamirkamalfarag.net
[+] www.sgis.alasmari.net
[+] www.shotslab.moverz-adv.com
[+] www.sidramall.aswaqnajran.com
[+] www.snape.tasksaudi.com
[+] www.snapiraq.tasksaudi.com
[+] www.snaps.tasksaudi.com
[+] www.snap.tasksaudi.com
[+] www.soc.ssrrr22.com
[+] www.ssepilepsy.ayyar.net
[+] www.sso.ayyar.net
[+] www.s-t.altaledi.net
[+] www.starlight.arabinternalauditors.com
[+] www.store.hadiasiri.com
[+] www.store.healthylife-store.com
[+] www.sunsetuae.alm3ally.com
[+] www.swa.verbintech.com
[+] www.tech-view.link-card.net
[+] www.ter.brainybeauty.care
[+] www.tersa.brainybeauty.care
[+] www.test.alrawafedpress.com
[+] www.test.controlp.sa
[+] www.test.moverz-adv.com
[+] www.test.my-power.net
[+] www.t-g1mes.link-card.net
[+] www.times.qurantech.com
[+] www.toolsarts.moverz-adv.com
[+] www.tr.al-lina.sa
[+] www.tube.jwaadalfajer.com
[+] www.unitedgroup.moverz-adv.com
[+] www.up.alkhaldi.me
[+] www.vb.aljoaf.net
[+] www.verbintech.rubixstore.com
[+] www.webzone-eg.rubixstore.com
[+] www.wle3d.iwaleed.com
[+] www.wnstudiosa.ayyar.net
[+] www.wp.hashimsarhan.com
[+] www.wzone-eg.rubixstore.com
[+] www.xn--mgbacxr.news.net.sa
[+] www.xn--mgblgiz0gbclo.nashatak.com
[+] www.yawmiyat-m.yawmiyat-m.com
[+] wzone-eg.rubixstore.com
[+] xn--mgbacxr.news.net.sa
[+] xn--mgbacxr.xn--mgberp4a5d4ar
[+] xn--mgbdepm5hrakzpf.com
[+] xn--mgblgiz0gbclo.com
[+] xn--mgblgiz0gbclo.nashatak.com
[+] xpay.com.sa
[+] yanbout.com
[+] yarafuturegroup.com
[+] yawmiyat-m.com
[+] yawmiyat-m.net
[+] yawmiyat-m.yawmiyat-m.com
[+] youness-export.com
[+] youssef.top2top.net
[+] zicmc.com
[+] zizo.top2top.net
[+] zomah.biz
#######################################################################################################################################

Reverse IP With YouGetSignal 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

[*] IP: 85.17.16.71
[*] Domain: acd.gov.ae
[*] Total Domains: 9

[+] acd.gov.ae
[+] minibaby.sa
[+] mmc.gov.sa
[+] rawdahedu.gov.sa
[+] sts.com.sa
[+] sts.com.sa.
[+] www.mmc.gov.sa
[+] www.sts.com.sa
[+] www.sts.com.sa.
#######################################################################################################################################

Geo IP Lookup 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

[+] IP Address: 85.17.16.71
[+] Country: Netherlands
[+] State:
[+] City:
[+] Latitude: 52.3824
[+] Longitude: 4.8995
#######################################################################################################################################

Whois 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

[+] Domain Name:                     acd.gov.ae
[+] Registrar ID:                    Etisalat
[+] Registrar Name:                  Etisalat
[+] Status:                          ok
[+] Registrant:                      Ajman Civil Defense
[+] Eligibility Type:                Government Approved
[+] Eligibility Name:                Ajman Civil Defense
[+] Registrant Contact ID:           R056935
[+] Registrant Contact Name:         Ajman Civil Defense
[+] Registrant Contact Email:        Visit whois.aeda.ae for Web based WhoIs
[+] Tech Contact ID:                 C073269
[+] Tech Contact Name:               Mansour M
[+] Tech Contact Email:              Visit whois.aeda.ae for Web based WhoIs
[+] Name Server:                     ns1.dimofinf.net
[+] Name Server:                     ns2.dimofinf.net
[+] Name Server:                     ns3.dimofinf.net
#######################################################################################################################################

Bypass Cloudflare 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

[!] CloudFlare Bypass 85.17.16.71 | ftp.acd.gov.ae
[!] CloudFlare Bypass 85.17.16.71 | mail.acd.gov.ae
[!] CloudFlare Bypass 85.17.16.71 | www.acd.gov.ae
#######################################################################################################################################

DNS Lookup 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

[+] acd.gov.ae.		14399	IN	TXT	"v=spf1 ip4:85.17.16.71 ip4:85.17.140.197 +a +mx +ip4:94.75.198.117 ~all"
[+] acd.gov.ae.		21599	IN	SOA	ns1.dimofinf.net. dedicated.server.dimofinf.net.sa. 2018092304 3600 7200 1209600 86400
[+] acd.gov.ae.		21599	IN	NS	ns3.dimofinf.net.
[+] acd.gov.ae.		21599	IN	NS	ns2.dimofinf.net.
[+] acd.gov.ae.		21599	IN	NS	ns1.dimofinf.net.
[+] acd.gov.ae.		14399	IN	A	85.17.16.71
[+] acd.gov.ae.		14399	IN	MX	0 acd.gov.ae.
#######################################################################################################################################

Show HTTP Header 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

[+] HTTP/1.1 302 Found
[+] Server: nginx
[+] Date: Sat, 23 Mar 2019 19:26:49 GMT
[+] Content-Type: text/html; charset=iso-8859-1
[+] Content-Length: 263
[+] Connection: keep-alive
[+] Location: https://acd.gov.ae/
[+] X-XSS-Protection: 1; mode=block
[+] X-Nginx-Cache-Status: MISS
[+] X-Server-Powered-By: Dimofinf INC
#######################################################################################################################################

Port Scan 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 19:26 UTC
Nmap scan report for acd.gov.ae (85.17.16.71)
Host is up (0.092s latency).
rDNS record for 85.17.16.71: unlimited3.dimofinf.net

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 2.17 seconds
#######################################################################################################################################

Traceroute 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------

Start: 2019-03-23T19:26:59+0000
HOST: web01                               Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 45.79.12.202                         0.0%     3    0.9   1.2   0.9   1.7   0.4
  2.|-- 45.79.12.2                           0.0%     3    0.6   0.6   0.5   0.7   0.1
  3.|-- chi-ms1.us.leaseweb.net              0.0%     3    1.3   1.2   1.1   1.3   0.1
  4.|-- ???                                 100.0     3    0.0   0.0   0.0   0.0   0.0
  5.|-- ???                                 100.0     3    0.0   0.0   0.0   0.0   0.0
  6.|-- ae-102.br01.ams-01.nl.leaseweb.net   0.0%     3  111.9 111.8 111.6 111.9   0.2
  7.|-- be-10.cr02.ams-01.nl.leaseweb.net    0.0%     3  115.6 115.6 115.4 115.9   0.2
  8.|-- po-1002.ce01.ams-01.nl.leaseweb.net  0.0%     3  114.7 114.7 114.6 114.8   0.1
  9.|-- unlimited3.dimofinf.net              0.0%     3  115.1 114.9 114.8 115.1   0.1
#######################################################################################################################################

Ping 'acd.gov.ae'
---------------------------------------------------------------------------------------------------------------------------------------


Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-03-23 19:27 UTC
SENT (0.1938s) ICMP [104.237.144.6 > 85.17.16.71 Echo request (type=8/code=0) id=10407 seq=1] IP [ttl=64 id=41694 iplen=28 ]
RCVD (0.3966s) ICMP [85.17.16.71 > 104.237.144.6 Echo reply (type=0/code=0) id=10407 seq=1] IP [ttl=58 id=50931 iplen=28 ]
SENT (1.1946s) ICMP [104.237.144.6 > 85.17.16.71 Echo request (type=8/code=0) id=10407 seq=2] IP [ttl=64 id=41694 iplen=28 ]
RCVD (1.4166s) ICMP [85.17.16.71 > 104.237.144.6 Echo reply (type=0/code=0) id=10407 seq=2] IP [ttl=58 id=51372 iplen=28 ]
SENT (2.1965s) ICMP [104.237.144.6 > 85.17.16.71 Echo request (type=8/code=0) id=10407 seq=3] IP [ttl=64 id=41694 iplen=28 ]
RCVD (2.4365s) ICMP [85.17.16.71 > 104.237.144.6 Echo reply (type=0/code=0) id=10407 seq=3] IP [ttl=58 id=51494 iplen=28 ]
SENT (3.1985s) ICMP [104.237.144.6 > 85.17.16.71 Echo request (type=8/code=0) id=10407 seq=4] IP [ttl=64 id=41694 iplen=28 ]
RCVD (3.4565s) ICMP [85.17.16.71 > 104.237.144.6 Echo reply (type=0/code=0) id=10407 seq=4] IP [ttl=58 id=51935 iplen=28 ]

Max rtt: 257.944ms | Min rtt: 202.737ms | Avg rtt: 230.608ms
Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
Nping done: 1 IP address pinged in 3.46 seconds
#######################################################################################################################################
; <<>> DiG 9.11.5-P4-1-Debian <<>> acd.gov.ae
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34949
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;acd.gov.ae.			IN	A

;; ANSWER SECTION:
acd.gov.ae.		11622	IN	A	85.17.16.71

;; Query time: 34 msec
;; SERVER: 38.132.106.139#53(38.132.106.139)
;; WHEN: sam mar 23 16:53:13 EDT 2019
;; MSG SIZE  rcvd: 55
#######################################################################################################################################
; <<>> DiG 9.11.5-P4-1-Debian <<>> +trace acd.gov.ae
;; global options: +cmd
.			81414	IN	NS	j.root-servers.net.
.			81414	IN	NS	i.root-servers.net.
.			81414	IN	NS	e.root-servers.net.
.			81414	IN	NS	d.root-servers.net.
.			81414	IN	NS	a.root-servers.net.
.			81414	IN	NS	k.root-servers.net.
.			81414	IN	NS	g.root-servers.net.
.			81414	IN	NS	b.root-servers.net.
.			81414	IN	NS	h.root-servers.net.
.			81414	IN	NS	c.root-servers.net.
.			81414	IN	NS	f.root-servers.net.
.			81414	IN	NS	m.root-servers.net.
.			81414	IN	NS	l.root-servers.net.
.			81414	IN	RRSIG	NS 8 0 518400 20190405170000 20190323160000 16749 . XavZesZk7MAQYCJOGCWIRN5P2YhDAhE5CszyNRGFgP4uZKxAJySgCw9v K6ByPCCspFUUNAd15tY6wvcQzlNxuchtIyplOYU7DPBXMwsT5ga70KOx TWaGcAjdGMf7G9UCrLa0aqhDJjNmgDyyHzTy8nuQ8gpYJzzqHE9owqxQ TUmDimZE0CUuzDLn9khVnLp21Ga9dgA4N0VNNlkbhmvfldQU1eXXbMZq tBuRHq3Lp9HBW5TPn9hVtvWO7vQFHxgts/EwVqw0OgK+JqQ89VQerTN1 8LPkFFHyS++fpWk/1NMvwGy7ojk7eIVehIVbPUNtTUcCjBOGfjwBBdn+ dnmorA==
;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 34 ms

ae.			172800	IN	NS	ns1.aedns.ae.
ae.			172800	IN	NS	ns2.aedns.ae.
ae.			172800	IN	NS	sec3.apnic.net.
ae.			172800	IN	NS	sns-pb.isc.org.
ae.			172800	IN	NS	nsext-pch.aedns.ae.
ae.			86400	IN	NSEC	aeg. NS RRSIG NSEC
ae.			86400	IN	RRSIG	NSEC 8 1 86400 20190405180000 20190323170000 16749 . fM36NQ3lzxvEo7n9HGkniK/d6p4A5uVqCqS/LIHS7gk5szda6dc6VDgu qhSY07ukuy1OF4DPOPDMsPQO8m/RI6BUqeYPuXQq+a3YpnJCGd8zRIvq GTenvCp6KzBBtd9TmChMl5PhT62VkVZGxJ6PQVHFUZ4SmRoJut/diZa/ MNwsBcxeI4Wcra6lBWy2Nt+EyQpljwb0auCSmN0GKz8wCQk6H03cbfuT WomEjMEVK2PxN7Cwy9hy21D4HtekgBQVIXy4eHMGq5lvZxA+C0y2dLvF 8KEZaewxTvoSPLKyFNjIu26+Toz57n0Yhmejp758eqpH0bKo5YIRT5KN WJT8Yg==
;; Received 637 bytes from 2001:500:2f::f#53(f.root-servers.net) in 25 ms

acd.gov.ae.		3600	IN	NS	ns1.dimofinf.net.
acd.gov.ae.		3600	IN	NS	ns2.dimofinf.net.
acd.gov.ae.		3600	IN	NS	ns3.dimofinf.net.
;; Received 105 bytes from 79.98.121.73#53(ns2.aedns.ae) in 235 ms

acd.gov.ae.		14400	IN	A	85.17.16.71
acd.gov.ae.		86400	IN	NS	ns3.dimofinf.net.
acd.gov.ae.		86400	IN	NS	ns1.dimofinf.net.
acd.gov.ae.		86400	IN	NS	ns2.dimofinf.net.
;; Received 169 bytes from 167.99.30.33#53(ns2.dimofinf.net) in 266 ms
#######################################################################################################################################
[*] Performing General Enumeration of Domain: acd.gov.ae
[-] DNSSEC is not configured for acd.gov.ae
[*] 	 SOA ns1.dimofinf.net 45.55.127.247
[*] 	 NS ns2.dimofinf.net 167.99.30.33
[*] 	 Bind Version for 167.99.30.33 9.9.4-RedHat-9.9.4-73.el7_6
[*] 	 NS ns2.dimofinf.net 2400:6180:0:d1::5c5:c001
[*] 	 Bind Version for 2400:6180:0:d1::5c5:c001 9.9.4-RedHat-9.9.4-73.el7_6
[*] 	 NS ns1.dimofinf.net 45.55.127.247
[*] 	 Bind Version for 45.55.127.247 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
[*] 	 NS ns1.dimofinf.net 2604:a880:800:10::23:1001
[*] 	 Bind Version for 2604:a880:800:10::23:1001 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
[*] 	 NS ns3.dimofinf.net 95.179.144.169
[*] 	 Bind Version for 95.179.144.169 9.9.4-RedHat-9.9.4-73.el7_6
[*] 	 NS ns3.dimofinf.net 2001:19f0:5001:14ec:5400:1ff:fe99:544c
[*] 	 Bind Version for 2001:19f0:5001:14ec:5400:1ff:fe99:544c 9.9.4-RedHat-9.9.4-73.el7_6
[*] 	 MX acd.gov.ae 85.17.16.71
[*] 	 A acd.gov.ae 85.17.16.71
[*] 	 TXT acd.gov.ae v=spf1 ip4:85.17.16.71 ip4:85.17.140.197 +a +mx +ip4:94.75.198.117 ~all
[*] Enumerating SRV Records
[-] No SRV Records Found for acd.gov.ae
[+] 0 Records Found
#######################################################################################################################################
[*] Processing domain acd.gov.ae
[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
[+] Getting nameservers
167.99.30.33 - ns2.dimofinf.net
45.55.127.247 - ns1.dimofinf.net
95.179.144.169 - ns3.dimofinf.net
[-] Zone transfer failed

[+] TXT records found
"v=spf1 ip4:85.17.16.71 ip4:85.17.140.197 +a +mx +ip4:94.75.198.117 ~all"

[+] MX records found, added to target list
0 acd.gov.ae.

[*] Scanning acd.gov.ae for A records
85.17.16.71 - acd.gov.ae
85.17.16.71 - ftp.acd.gov.ae
85.17.16.71 - mail.acd.gov.ae
85.17.16.71 - www.acd.gov.ae
#######################################################################################################################################
[+] Testing domain
     	www.acd.gov.ae            85.17.16.71
[+] Dns resolving
       Domain name               Ip address              Name server
        acd.gov.ae              85.17.16.71        unlimited3.dimofinf.net
Found 1 host(s) for acd.gov.ae
[+] Testing wildcard
	Ok, no wildcard found.

[+] Scanning for subdomain on acd.gov.ae
[!] Wordlist not specified. I scannig with my internal wordlist...
    Estimated time about 39.23 seconds

        Subdomain                Ip address              Name server

      ftp.acd.gov.ae            85.17.16.71        unlimited3.dimofinf.net
     mail.acd.gov.ae            85.17.16.71        unlimited3.dimofinf.net
      www.acd.gov.ae            85.17.16.71        unlimited3.dimofinf.net
#######################################################################################################################################
Ip Address	Status	Type	Domain Name			Server
----------	------	----	-----------			------
85.17.16.71     403     alias   ftp.acd.gov.ae
85.17.16.71	403	host	acd.gov.ae
85.17.16.71     403     alias   mail.acd.gov.ae
85.17.16.71	403	host	acd.gov.ae
85.17.16.71     403     alias   www.acd.gov.ae
85.17.16.71	403	host	acd.gov.ae
#######################################################################################################################################
dnsenum VERSION:1.2.4

-----   acd.gov.ae   -----


Host's addresses:
__________________

acd.gov.ae.                              11465    IN    A        85.17.16.71


Name Servers:
______________

ns2.dimofinf.net.                        300      IN    A        167.99.30.33
ns1.dimofinf.net.                        300      IN    A        45.55.127.247
ns3.dimofinf.net.                        71072    IN    A        95.179.144.169


Mail (MX) Servers:
___________________

acd.gov.ae.                              11464    IN    A        85.17.16.71


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for acd.gov.ae on ns2.dimofinf.net ...

Trying Zone Transfer for acd.gov.ae on ns1.dimofinf.net ...

Trying Zone Transfer for acd.gov.ae on ns3.dimofinf.net ...

brute force file not specified, bay.
#######################################################################################################################################
Domain Name:                     acd.gov.ae
Registrar ID:                    Etisalat
Registrar Name:                  Etisalat
Status:                          ok

Registrant:                      Ajman Civil Defense
Eligibility Type:                Government Approved
Eligibility Name:                Ajman Civil Defense

Registrant Contact ID:           R056935
Registrant Contact Name:         Ajman Civil Defense
Registrant Contact Email:        Visit whois.aeda.ae for Web based WhoIs

Tech Contact ID:                 C073269
Tech Contact Name:               Mansour M
Tech Contact Email:              Visit whois.aeda.ae for Web based WhoIs

Name Server:                     ns1.dimofinf.net
Name Server:                     ns2.dimofinf.net
Name Server:                     ns3.dimofinf.net
#######################################################################################################################################
[+] List of users found:
---------------------------------------------------------------------------------------------------------------------------------------

[+] List of software found:
---------------------------------------------------------------------------------------------------------------------------------------
Adobe PDF Library 8.0
Adobe InDesign CS3 (5.0)

[+] List of paths and servers found:
--------------------------------------------------------------------------------------------------------------------------------------

[+] List of e-mails found:
---------------------------------------------------------------------------------------------------------------------------------------
info@acd.gov.ae
#######################################################################################################################################

                 ____        _     _ _     _   _____
                / ___| _   _| |__ | (_)___| |_|___ / _ __
                \___ \| | | | '_ \| | / __| __| |_ \| '__|
                 ___) | |_| | |_) | | \__ \ |_ ___) | |
                |____/ \__,_|_.__/|_|_|___/\__|____/|_|

                # Coded By Ahmed Aboul-Ela - @aboul3la

[-] Enumerating subdomains now for acd.gov.ae
[-] verbosity is enabled, will show the subdomains results in realtime
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
SSL Certificates: mail.acd.gov.ae
SSL Certificates: www.acd.gov.ae
SSL Certificates: m.acd.gov.ae
SSL Certificates: www.m.acd.gov.ae
Yahoo: www.acd.gov.ae
[-] Saving results to file: /usr/share/sniper/loot//domains/domains-acd.gov.ae.txt
[-] Total Unique Subdomains Found: 4
www.acd.gov.ae
m.acd.gov.ae
www.m.acd.gov.ae
mail.acd.gov.ae
#######################################################################################################################################
===============================================
-=Subfinder v1.1.3 github.com/subfinder/subfinder
===============================================


Running Source: Ask
Running Source: Archive.is
Running Source: Baidu
Running Source: Bing
Running Source: CertDB
Running Source: CertificateTransparency
Running Source: Certspotter
Running Source: Commoncrawl
Running Source: Crt.sh
Running Source: Dnsdb
Running Source: DNSDumpster
Running Source: DNSTable
Running Source: Dogpile
Running Source: Exalead
Running Source: Findsubdomains
Running Source: Googleter
Running Source: Hackertarget
Running Source: Ipv4Info
Running Source: PTRArchive
Running Source: Sitedossier
Running Source: Threatcrowd
Running Source: ThreatMiner
Running Source: WaybackArchive
Running Source: Yahoo

Running enumeration on acd.gov.ae

dnsdb: Unexpected return status 503

archiveis: Get http://archive.is/*.acd.gov.ae: dial tcp 212.80.216.76:80: connect: connection timed out


Starting Bruteforcing of acd.gov.ae with 9985 words

Total 8 Unique subdomains found for acd.gov.ae

.acd.gov.ae
ftp.acd.gov.ae
m.acd.gov.ae
mail.acd.gov.ae
mail.acd.gov.ae
www.acd.gov.ae
www.acd.gov.ae
www.m.acd.gov.ae
#######################################################################################################################################
[*] Processing domain acd.gov.ae
[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
[+] Getting nameservers
167.99.30.33 - ns2.dimofinf.net
95.179.144.169 - ns3.dimofinf.net
45.55.127.247 - ns1.dimofinf.net
[-] Zone transfer failed

[+] TXT records found
"v=spf1 ip4:85.17.16.71 ip4:85.17.140.197 +a +mx +ip4:94.75.198.117 ~all"

[+] MX records found, added to target list
0 acd.gov.ae.

[*] Scanning acd.gov.ae for A records
85.17.16.71 - acd.gov.ae
85.17.16.71 - ftp.acd.gov.ae
85.17.16.71 - mail.acd.gov.ae
85.17.16.71 - www.acd.gov.ae
#######################################################################################################################################
m.acd.gov.ae
mail.acd.gov.ae
www.acd.gov.ae
www.m.acd.gov.ae
#######################################################################################################################################
mail.acd.gov.ae
www.acd.gov.ae
#######################################################################################################################################
[*] Found SPF record:
[*] v=spf1 ip4:85.17.16.71 ip4:85.17.140.197 +a +mx +ip4:94.75.198.117 ~all
[*] SPF record contains an All item: ~all
[*] No DMARC record found. Looking for organizational record
[+] No organizational DMARC record
[+] Spoofing possible for acd.gov.ae!
#######################################################################################################################################
INFO[0000] Starting to process queue....
INFO[0000] Starting to process permutations....
INFO[0000] FORBIDDEN http://acd.s3.amazonaws.com (http://acd.gov.ae)
INFO[0000] FORBIDDEN http://acd-test.s3.amazonaws.com (http://acd.gov.ae)
INFO[0000] FORBIDDEN http://acd-backup.s3.amazonaws.com (http://acd.gov.ae)
INFO[0000] FORBIDDEN http://aws-acd.s3.amazonaws.com (http://acd.gov.ae)
INFO[0000] FORBIDDEN http://acd-media.s3.amazonaws.com (http://acd.gov.ae)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:20 EDT
Nmap scan report for acd.gov.ae (85.17.16.71)
Host is up (0.11s latency).
rDNS record for 85.17.16.71: unlimited3.dimofinf.net
Not shown: 461 filtered ports, 5 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
21/tcp   open  ftp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
8890/tcp open  ddi-tcp-3
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:20 EDT
Nmap scan report for acd.gov.ae (85.17.16.71)
Host is up (0.032s latency).
rDNS record for 85.17.16.71: unlimited3.dimofinf.net
Not shown: 2 filtered ports, 1 closed port
PORT     STATE         SERVICE
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:20 EDT
Nmap scan report for acd.gov.ae (85.17.16.71)
Host is up (0.10s latency).
rDNS record for 85.17.16.71: unlimited3.dimofinf.net

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Pure-FTPd
| ftp-brute:
|   Accounts: No valid accounts found
|_  Statistics: Performed 1740 guesses in 187 seconds, average tps: 10.7
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (89%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: Linux 3.10 - 3.12 (89%), Linux 4.4 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.18 (85%), Linux 3.2 - 4.9 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 13 hops

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   21.84 ms  10.252.200.1
2   22.26 ms  vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   26.92 ms  irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
4   22.27 ms  te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
5   22.70 ms  te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   22.92 ms  hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
7   92.06 ms  be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
8   101.51 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
9   102.88 ms be3434.rcr21.ams06.atlas.cogentco.com (154.54.59.50)
10  105.59 ms 149.6.0.206
11  118.29 ms ae-11.cr01.ams-01.nl.leaseweb.net (81.17.34.19)
12  102.88 ms po-1006.ce01.ams-01.nl.leaseweb.net (81.17.33.131)
13  102.98 ms unlimited3.dimofinf.net (85.17.16.71)
#######################################################################################################################################
wig - WebApp Information Gatherer


Scanning http://acd.gov.ae...
_____________________ SITE INFO ______________________
IP              Title
85.17.16.71     Unauthorized Access - Dimofinf Techn

______________________ VERSION _______________________
Name            Versions           Type

____________________ INTERESTING _____________________
URL             Note               Type
/readme.html    Readme file        Interesting
/install.php    Installation file  Interesting
/test.php       Test file          Interesting

______________________________________________________
Time: 79.9 sec  Urls: 599          Fingerprints: 40401
#######################################################################################################################################
HTTP/1.1 403 OK
Content-type: text/html

HTTP/1.1 403 OK
Content-type: text/html
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:26 EDT
Nmap scan report for acd.gov.ae (85.17.16.71)
Host is up (0.11s latency).
rDNS record for 85.17.16.71: unlimited3.dimofinf.net

PORT    STATE    SERVICE VERSION
110/tcp filtered pop3
Too many fingerprints match this host to give specific OS details
Network Distance: 13 hops

TRACEROUTE (using port 443/tcp)
HOP RTT       ADDRESS
1   21.99 ms  10.252.200.1
2   22.61 ms  vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   33.45 ms  irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
4   22.24 ms  te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
5   22.65 ms  te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   23.02 ms  hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
7   91.81 ms  be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
8   101.54 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
9   102.03 ms be3434.rcr21.ams06.atlas.cogentco.com (154.54.59.50)
10  104.27 ms leaseweb.demarc.cogentco.com (149.14.93.26)
11  102.68 ms ae-11.cr01.ams-01.nl.leaseweb.net (81.17.34.19)
12  102.92 ms po-1004.ce02.ams-01.nl.leaseweb.net (81.17.33.139)
13  102.50 ms unlimited3.dimofinf.net (85.17.16.71)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:22 EDT
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up (0.068s latency).
Not shown: 469 filtered ports, 3 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
8888/tcp open  sun-answerbook
8890/tcp open  ddi-tcp-3
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:22 EDT
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up (0.022s latency).
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:22 EDT
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up.

PORT   STATE         SERVICE VERSION
67/udp open|filtered dhcps
|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   26.01 ms  10.252.200.1
2   50.06 ms  vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   43.48 ms  irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
4   20.68 ms  te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
5   21.03 ms  te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   20.84 ms  hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
7   90.28 ms  be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
8   100.38 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
9   100.65 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
10  102.09 ms leaseweb.demarc.cogentco.com (149.14.93.10)
11  103.41 ms be-10.cr02.ams-01.nl.leaseweb.net (81.17.34.21)
12  101.18 ms po-1002.ce01.ams-01.nl.leaseweb.net (81.17.33.123)
13  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:24 EDT
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up.

PORT   STATE         SERVICE VERSION
68/udp open|filtered dhcpc
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   20.90 ms  10.252.200.1
2   21.31 ms  vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   42.36 ms  irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
4   21.28 ms  te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
5   21.81 ms  te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   21.77 ms  hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
7   90.99 ms  be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
8   100.47 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
9   101.18 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
10  102.69 ms leaseweb.demarc.cogentco.com (149.14.93.10)
11  105.61 ms be-10.cr02.ams-01.nl.leaseweb.net (81.17.34.21)
12  103.73 ms po-1002.ce01.ams-01.nl.leaseweb.net (81.17.33.123)
13  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:25 EDT
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up.

PORT   STATE         SERVICE VERSION
69/udp open|filtered tftp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   25.98 ms  10.252.200.1
2   26.38 ms  vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   45.28 ms  irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
4   26.38 ms  te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
5   26.78 ms  te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   21.09 ms  hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
7   90.41 ms  be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
8   99.69 ms  be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
9   100.52 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
10  101.78 ms leaseweb.demarc.cogentco.com (149.14.93.10)
11  105.30 ms be-10.cr02.ams-01.nl.leaseweb.net (81.17.34.21)
12  103.30 ms po-1002.ce01.ams-01.nl.leaseweb.net (81.17.33.123)
13  ... 30
#######################################################################################################################################

wig - WebApp Information Gatherer


Scanning http://85.17.16.71...
_____________________ SITE INFO ______________________
IP              Title
85.17.16.71     Unauthorized Access - Dimofinf Techn

______________________ VERSION _______________________
Name            Versions           Type

____________________ INTERESTING _____________________
URL             Note               Type
/readme.html    Readme file        Interesting
/install.php    Installation file  Interesting
/test.php       Test file          Interesting

______________________________________________________
Time: 85.3 sec  Urls: 599          Fingerprints: 40401
#######################################################################################################################################
HTTP/1.1 403 OK
Content-type: text/html

HTTP/1.1 403 OK
Content-type: text/html
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:29 EDT
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up.

PORT    STATE         SERVICE VERSION
123/udp open|filtered ntp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   21.97 ms  10.252.200.1
2   22.63 ms  vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   43.18 ms  irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
4   22.61 ms  te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
5   22.69 ms  te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   22.79 ms  hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
7   92.20 ms  be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
8   101.77 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
9   102.40 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
10  103.69 ms leaseweb.demarc.cogentco.com (149.14.93.10)
11  104.73 ms be-10.cr02.ams-01.nl.leaseweb.net (81.17.34.21)
12  102.53 ms po-1002.ce01.ams-01.nl.leaseweb.net (81.17.33.123)
13  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:32 EDT
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up (0.10s latency).

PORT    STATE         SERVICE VERSION
161/tcp filtered      snmp
161/udp open|filtered snmp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   29.64 ms  10.252.200.1
2   30.16 ms  vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   39.57 ms  irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
4   21.60 ms  te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
5   21.99 ms  te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   21.67 ms  hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
7   91.20 ms  be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
8   100.63 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
9   101.42 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
10  214.12 ms leaseweb.demarc.cogentco.com (149.14.93.10)
11  108.24 ms be-10.cr02.ams-01.nl.leaseweb.net (81.17.34.21)
12  106.37 ms po-1002.ce01.ams-01.nl.leaseweb.net (81.17.33.123)
13  ... 30
######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:36 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 16:36
Completed NSE at 16:36, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 16:36
Completed NSE at 16:36, 0.00s elapsed
Initiating Ping Scan at 16:36
Scanning 85.17.16.71 [4 ports]
Completed Ping Scan at 16:36, 0.14s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:36
Completed Parallel DNS resolution of 1 host. at 16:36, 0.03s elapsed
Initiating Connect Scan at 16:36
Scanning unlimited3.dimofinf.net (85.17.16.71) [65535 ports]
Discovered open port 21/tcp on 85.17.16.71
Discovered open port 22/tcp on 85.17.16.71
Discovered open port 8888/tcp on 85.17.16.71
Discovered open port 80/tcp on 85.17.16.71
Discovered open port 443/tcp on 85.17.16.71
Connect Scan Timing: About 17.68% done; ETC: 16:39 (0:02:24 remaining)
Connect Scan Timing: About 50.26% done; ETC: 16:38 (0:01:00 remaining)
Completed Connect Scan at 16:38, 100.28s elapsed (65535 total ports)
Initiating Service scan at 16:38
Scanning 5 services on unlimited3.dimofinf.net (85.17.16.71)
Service scan Timing: About 60.00% done; ETC: 16:41 (0:01:03 remaining)
Completed Service scan at 16:40, 100.06s elapsed (5 services on 1 host)
Initiating OS detection (try #1) against unlimited3.dimofinf.net (85.17.16.71)
Retrying OS detection (try #2) against unlimited3.dimofinf.net (85.17.16.71)
Initiating Traceroute at 16:40
Completed Traceroute at 16:40, 6.15s elapsed
Initiating Parallel DNS resolution of 12 hosts. at 16:40
Completed Parallel DNS resolution of 12 hosts. at 16:40, 2.53s elapsed
NSE: Script scanning 85.17.16.71.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 16:40
NSE Timing: About 99.71% done; ETC: 16:40 (0:00:00 remaining)
NSE Timing: About 99.85% done; ETC: 16:41 (0:00:00 remaining)
NSE Timing: About 99.85% done; ETC: 16:41 (0:00:00 remaining)
Completed NSE at 16:41, 91.56s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 16:41
Completed NSE at 16:41, 1.11s elapsed
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up, received syn-ack ttl 51 (0.021s latency).
Scanned at 2019-03-23 16:36:46 EDT for 307s
Not shown: 65527 filtered ports
Reason: 65527 no-responses
PORT     STATE  SERVICE         REASON       VERSION
21/tcp   open   ftp?            syn-ack
| fingerprint-strings:
|   GenericLines, GetRequest, Help, NULL:
|     Your connection to this server has been blocked in this network firewall.
|     need to contact the network admin at [security@dimofinf.net] for further information.
|     Your blocked IP address is 176.113.74.68.
|     This server's hostname is unlimited3.dimofinf.net.
|     more information visit: https://www.dimofinf.net/knowledgebase.php?action=displayarticle&id=446
|_    Dimofinf Technologies Inc.
|_ftp-bounce: ERROR: Script execution failed (use -d to debug)
22/tcp   open   ssh?            syn-ack
| fingerprint-strings:
|   GenericLines, GetRequest, HTTPOptions, NULL:
|     Your connection to this server has been blocked in this network firewall.
|     need to contact the network admin at [security@dimofinf.net] for further information.
|     Your blocked IP address is 176.113.74.68.
|     This server's hostname is unlimited3.dimofinf.net.
|     more information visit: https://www.dimofinf.net/knowledgebase.php?action=displayarticle&id=446
|_    Dimofinf Technologies Inc.
25/tcp   closed smtp            conn-refused
80/tcp   open   http            syn-ack
| fingerprint-strings:
|   GetRequest, HTTPOptions:
|     HTTP/1.1 403 OK
|     Content-type: text/html
|     <html>
|     <head>
|     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|     <title>Unauthorized Access - Dimofinf Technologies Inc</title>
|     <style type="text/css">body{background:#FAFAFA;color:#666666;}.container {color:#666666;margin:auto;width:950px;padding: 0 5px 5px 5px;}td{font-family:Tahoma, Lucida Grande, sans-serif;font-size:8pt;text-shadow: 1px 1px 0 #FFFFFF;}.line{background-image:url('http://www.dimofinf.net/images/firewall/line.png');background-repeat: no-repeat;background-position: left;} hr{background-color:#E7E7E7;border:0;border-top:1px solid #E7E7E7;height:0;margin:10px 0 10px 0;overflow:hidden;}ul {list-style: square;color: #0096D6;}li {font-size: 8pt; }li span {color: #666666;}</style>
|     </head>
|     <body>
|     <center>
|_    <div class="container"><span style="float:left;"><a target="_blank" href="https://www.dimofinf.n
|_http-title: Unauthorized Access - Dimofinf Technologies Inc
139/tcp  closed netbios-ssn     conn-refused
443/tcp  open   https?          syn-ack
| fingerprint-strings:
|   SSLSessionReq, TLSSessionReq:
|     HTTP/1.1 403 OK
|     Content-type: text/html
|     <html>
|     <head>
|     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|     <title>Unauthorized Access - Dimofinf Technologies Inc</title>
|     <style type="text/css">body{background:#FAFAFA;color:#666666;}.container {color:#666666;margin:auto;width:950px;padding: 0 5px 5px 5px;}td{font-family:Tahoma, Lucida Grande, sans-serif;font-size:8pt;text-shadow: 1px 1px 0 #FFFFFF;}.line{background-image:url('http://www.dimofinf.net/images/firewall/line.png');background-repeat: no-repeat;background-position: left;} hr{background-color:#E7E7E7;border:0;border-top:1px solid #E7E7E7;height:0;margin:10px 0 10px 0;overflow:hidden;}ul {list-style: square;color: #0096D6;}li {font-size: 8pt; }li span {color: #666666;}</style>
|     </head>
|     <body>
|     <center>
|_    <div class="container"><span style="float:left;"><a target="_blank" href="https://www.dimofinf.n
|_http-title: Unauthorized Access - Dimofinf Technologies Inc
445/tcp  closed microsoft-ds    conn-refused
8888/tcp open   sun-answerbook? syn-ack
| fingerprint-strings:
|   GetRequest, HTTPOptions:
|     HTTP/1.1 403 OK
|     Content-type: text/html
|     <html>
|     <head>
|     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|     <title>Unauthorized Access - Dimofinf Technologies Inc</title>
|     <style type="text/css">body{background:#FAFAFA;color:#666666;}.container {color:#666666;margin:auto;width:950px;padding: 0 5px 5px 5px;}td{font-family:Tahoma, Lucida Grande, sans-serif;font-size:8pt;text-shadow: 1px 1px 0 #FFFFFF;}.line{background-image:url('http://www.dimofinf.net/images/firewall/line.png');background-repeat: no-repeat;background-position: left;} hr{background-color:#E7E7E7;border:0;border-top:1px solid #E7E7E7;height:0;margin:10px 0 10px 0;overflow:hidden;}ul {list-style: square;color: #0096D6;}li {font-size: 8pt; }li span {color: #666666;}</style>
|     </head>
|     <body>
|     <center>
|_    <div class="container"><span style="float:left;"><a target="_blank" href="https://www.dimofinf.n
5 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port21-TCP:V=7.70%I=7%D=3/23%Time=5C969943%P=x86_64-pc-linux-gnu%r(NULL
SF:,188,"Your\x20connection\x20to\x20this\x20server\x20has\x20been\x20bloc
SF:ked\x20in\x20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20cont
SF:act\x20the\x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20f
SF:or\x20further\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20i
SF:s\x20176\.113\.74\.68\.\r\nThis\x20server's\x20hostname\x20is\x20unlimi
SF:ted3\.dimofinf\.net\.\r\nFor\x20more\x20information\x20visit:\x20https:
SF://www\.dimofinf\.net/knowledgebase\.php\?action=displayarticle&id=446\r
SF:\n\r\nDimofinf\x20Technologies\x20Inc\.\r\n")%r(GenericLines,188,"Your\
SF:x20connection\x20to\x20this\x20server\x20has\x20been\x20blocked\x20in\x
SF:20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20the\
SF:x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20furth
SF:er\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20176\.1
SF:13\.74\.68\.\r\nThis\x20server's\x20hostname\x20is\x20unlimited3\.dimof
SF:inf\.net\.\r\nFor\x20more\x20information\x20visit:\x20https://www\.dimo
SF:finf\.net/knowledgebase\.php\?action=displayarticle&id=446\r\n\r\nDimof
SF:inf\x20Technologies\x20Inc\.\r\n")%r(Help,188,"Your\x20connection\x20to
SF:\x20this\x20server\x20has\x20been\x20blocked\x20in\x20this\x20network\x
SF:20firewall\.\r\nYou\x20need\x20to\x20contact\x20the\x20network\x20admin
SF:\x20at\x20\[security@dimofinf\.net\]\x20for\x20further\x20information\.
SF:\r\nYour\x20blocked\x20IP\x20address\x20is\x20176\.113\.74\.68\.\r\nThi
SF:s\x20server's\x20hostname\x20is\x20unlimited3\.dimofinf\.net\.\r\nFor\x
SF:20more\x20information\x20visit:\x20https://www\.dimofinf\.net/knowledge
SF:base\.php\?action=displayarticle&id=446\r\n\r\nDimofinf\x20Technologies
SF:\x20Inc\.\r\n")%r(GetRequest,188,"Your\x20connection\x20to\x20this\x20s
SF:erver\x20has\x20been\x20blocked\x20in\x20this\x20network\x20firewall\.\
SF:r\nYou\x20need\x20to\x20contact\x20the\x20network\x20admin\x20at\x20\[s
SF:ecurity@dimofinf\.net\]\x20for\x20further\x20information\.\r\nYour\x20b
SF:locked\x20IP\x20address\x20is\x20176\.113\.74\.68\.\r\nThis\x20server's
SF:\x20hostname\x20is\x20unlimited3\.dimofinf\.net\.\r\nFor\x20more\x20inf
SF:ormation\x20visit:\x20https://www\.dimofinf\.net/knowledgebase\.php\?ac
SF:tion=displayarticle&id=446\r\n\r\nDimofinf\x20Technologies\x20Inc\.\r\n
SF:");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port22-TCP:V=7.70%I=7%D=3/23%Time=5C969943%P=x86_64-pc-linux-gnu%r(NULL
SF:,188,"Your\x20connection\x20to\x20this\x20server\x20has\x20been\x20bloc
SF:ked\x20in\x20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20cont
SF:act\x20the\x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20f
SF:or\x20further\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20i
SF:s\x20176\.113\.74\.68\.\r\nThis\x20server's\x20hostname\x20is\x20unlimi
SF:ted3\.dimofinf\.net\.\r\nFor\x20more\x20information\x20visit:\x20https:
SF://www\.dimofinf\.net/knowledgebase\.php\?action=displayarticle&id=446\r
SF:\n\r\nDimofinf\x20Technologies\x20Inc\.\r\n")%r(GenericLines,188,"Your\
SF:x20connection\x20to\x20this\x20server\x20has\x20been\x20blocked\x20in\x
SF:20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20the\
SF:x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20furth
SF:er\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20176\.1
SF:13\.74\.68\.\r\nThis\x20server's\x20hostname\x20is\x20unlimited3\.dimof
SF:inf\.net\.\r\nFor\x20more\x20information\x20visit:\x20https://www\.dimo
SF:finf\.net/knowledgebase\.php\?action=displayarticle&id=446\r\n\r\nDimof
SF:inf\x20Technologies\x20Inc\.\r\n")%r(GetRequest,188,"Your\x20connection
SF:\x20to\x20this\x20server\x20has\x20been\x20blocked\x20in\x20this\x20net
SF:work\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20the\x20network\x2
SF:0admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20further\x20informa
SF:tion\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20176\.113\.74\.68\.\
SF:r\nThis\x20server's\x20hostname\x20is\x20unlimited3\.dimofinf\.net\.\r\
SF:nFor\x20more\x20information\x20visit:\x20https://www\.dimofinf\.net/kno
SF:wledgebase\.php\?action=displayarticle&id=446\r\n\r\nDimofinf\x20Techno
SF:logies\x20Inc\.\r\n")%r(HTTPOptions,188,"Your\x20connection\x20to\x20th
SF:is\x20server\x20has\x20been\x20blocked\x20in\x20this\x20network\x20fire
SF:wall\.\r\nYou\x20need\x20to\x20contact\x20the\x20network\x20admin\x20at
SF:\x20\[security@dimofinf\.net\]\x20for\x20further\x20information\.\r\nYo
SF:ur\x20blocked\x20IP\x20address\x20is\x20176\.113\.74\.68\.\r\nThis\x20s
SF:erver's\x20hostname\x20is\x20unlimited3\.dimofinf\.net\.\r\nFor\x20more
SF:\x20information\x20visit:\x20https://www\.dimofinf\.net/knowledgebase\.
SF:php\?action=displayarticle&id=446\r\n\r\nDimofinf\x20Technologies\x20In
SF:c\.\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=7.70%I=7%D=3/23%Time=5C969949%P=x86_64-pc-linux-gnu%r(GetR
SF:equest,F15,"HTTP/1\.1\x20403\x20OK\r\nContent-type:\x20text/html\r\n\r\
SF:n<html>\r\r\n<head>\r\r\n<meta\x20http-equiv=\"Content-Type\"\x20conten
SF:t=\"text/html;\x20charset=UTF-8\">\r\r\n<title>Unauthorized\x20Access\x
SF:20-\x20Dimofinf\x20Technologies\x20Inc</title>\r\r\n<style\x20type=\"te
SF:xt/css\">body{background:#FAFAFA;color:#666666;}\.container\x20{color:#
SF:666666;margin:auto;width:950px;padding:\x200\x205px\x205px\x205px;}td{f
SF:ont-family:Tahoma,\x20Lucida\x20Grande,\x20sans-serif;font-size:8pt;tex
SF:t-shadow:\x201px\x201px\x200\x20#FFFFFF;}\.line{background-image:url\('
SF:http://www\.dimofinf\.net/images/firewall/line\.png'\);background-repea
SF:t:\x20no-repeat;background-position:\x20left;}\thr{background-color:#E7
SF:E7E7;border:0;border-top:1px\x20solid\x20#E7E7E7;height:0;margin:10px\x
SF:200\x2010px\x200;overflow:hidden;}ul\x20{list-style:\x20square;color:\x
SF:20#0096D6;}li\x20{font-size:\x208pt;\x20}li\x20span\x20{color:\x20#6666
SF:66;}</style>\r\r\n</head>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20clas
SF:s=\"container\"><span\x20style=\"float:left;\"><a\x20target=\"_blank\"\
SF:x20href=\"https://www\.dimofinf\.n")%r(HTTPOptions,F15,"HTTP/1\.1\x2040
SF:3\x20OK\r\nContent-type:\x20text/html\r\n\r\n<html>\r\r\n<head>\r\r\n<m
SF:eta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=U
SF:TF-8\">\r\r\n<title>Unauthorized\x20Access\x20-\x20Dimofinf\x20Technolo
SF:gies\x20Inc</title>\r\r\n<style\x20type=\"text/css\">body{background:#F
SF:AFAFA;color:#666666;}\.container\x20{color:#666666;margin:auto;width:95
SF:0px;padding:\x200\x205px\x205px\x205px;}td{font-family:Tahoma,\x20Lucid
SF:a\x20Grande,\x20sans-serif;font-size:8pt;text-shadow:\x201px\x201px\x20
SF:0\x20#FFFFFF;}\.line{background-image:url\('http://www\.dimofinf\.net/i
SF:mages/firewall/line\.png'\);background-repeat:\x20no-repeat;background-
SF:position:\x20left;}\thr{background-color:#E7E7E7;border:0;border-top:1p
SF:x\x20solid\x20#E7E7E7;height:0;margin:10px\x200\x2010px\x200;overflow:h
SF:idden;}ul\x20{list-style:\x20square;color:\x20#0096D6;}li\x20{font-size
SF::\x208pt;\x20}li\x20span\x20{color:\x20#666666;}</style>\r\r\n</head>\r
SF:\r\n<body>\r\r\n<center>\t\r\r\n<div\x20class=\"container\"><span\x20st
SF:yle=\"float:left;\"><a\x20target=\"_blank\"\x20href=\"https://www\.dimo
SF:finf\.n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=7.70%I=7%D=3/23%Time=5C969949%P=x86_64-pc-linux-gnu%r(SSL
SF:SessionReq,F15,"HTTP/1\.1\x20403\x20OK\r\nContent-type:\x20text/html\r\
SF:n\r\n<html>\r\r\n<head>\r\r\n<meta\x20http-equiv=\"Content-Type\"\x20co
SF:ntent=\"text/html;\x20charset=UTF-8\">\r\r\n<title>Unauthorized\x20Acce
SF:ss\x20-\x20Dimofinf\x20Technologies\x20Inc</title>\r\r\n<style\x20type=
SF:\"text/css\">body{background:#FAFAFA;color:#666666;}\.container\x20{col
SF:or:#666666;margin:auto;width:950px;padding:\x200\x205px\x205px\x205px;}
SF:td{font-family:Tahoma,\x20Lucida\x20Grande,\x20sans-serif;font-size:8pt
SF:;text-shadow:\x201px\x201px\x200\x20#FFFFFF;}\.line{background-image:ur
SF:l\('http://www\.dimofinf\.net/images/firewall/line\.png'\);background-r
SF:epeat:\x20no-repeat;background-position:\x20left;}\thr{background-color
SF::#E7E7E7;border:0;border-top:1px\x20solid\x20#E7E7E7;height:0;margin:10
SF:px\x200\x2010px\x200;overflow:hidden;}ul\x20{list-style:\x20square;colo
SF:r:\x20#0096D6;}li\x20{font-size:\x208pt;\x20}li\x20span\x20{color:\x20#
SF:666666;}</style>\r\r\n</head>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20
SF:class=\"container\"><span\x20style=\"float:left;\"><a\x20target=\"_blan
SF:k\"\x20href=\"https://www\.dimofinf\.n")%r(TLSSessionReq,F15,"HTTP/1\.1
SF:\x20403\x20OK\r\nContent-type:\x20text/html\r\n\r\n<html>\r\r\n<head>\r
SF:\r\n<meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20cha
SF:rset=UTF-8\">\r\r\n<title>Unauthorized\x20Access\x20-\x20Dimofinf\x20Te
SF:chnologies\x20Inc</title>\r\r\n<style\x20type=\"text/css\">body{backgro
SF:und:#FAFAFA;color:#666666;}\.container\x20{color:#666666;margin:auto;wi
SF:dth:950px;padding:\x200\x205px\x205px\x205px;}td{font-family:Tahoma,\x2
SF:0Lucida\x20Grande,\x20sans-serif;font-size:8pt;text-shadow:\x201px\x201
SF:px\x200\x20#FFFFFF;}\.line{background-image:url\('http://www\.dimofinf\
SF:.net/images/firewall/line\.png'\);background-repeat:\x20no-repeat;backg
SF:round-position:\x20left;}\thr{background-color:#E7E7E7;border:0;border-
SF:top:1px\x20solid\x20#E7E7E7;height:0;margin:10px\x200\x2010px\x200;over
SF:flow:hidden;}ul\x20{list-style:\x20square;color:\x20#0096D6;}li\x20{fon
SF:t-size:\x208pt;\x20}li\x20span\x20{color:\x20#666666;}</style>\r\r\n</h
SF:ead>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20class=\"container\"><span
SF:\x20style=\"float:left;\"><a\x20target=\"_blank\"\x20href=\"https://www
SF:\.dimofinf\.n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8888-TCP:V=7.70%I=7%D=3/23%Time=5C969949%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,F15,"HTTP/1\.1\x20403\x20OK\r\nContent-type:\x20text/html\r\n\
SF:r\n<html>\r\r\n<head>\r\r\n<meta\x20http-equiv=\"Content-Type\"\x20cont
SF:ent=\"text/html;\x20charset=UTF-8\">\r\r\n<title>Unauthorized\x20Access
SF:\x20-\x20Dimofinf\x20Technologies\x20Inc</title>\r\r\n<style\x20type=\"
SF:text/css\">body{background:#FAFAFA;color:#666666;}\.container\x20{color
SF::#666666;margin:auto;width:950px;padding:\x200\x205px\x205px\x205px;}td
SF:{font-family:Tahoma,\x20Lucida\x20Grande,\x20sans-serif;font-size:8pt;t
SF:ext-shadow:\x201px\x201px\x200\x20#FFFFFF;}\.line{background-image:url\
SF:('http://www\.dimofinf\.net/images/firewall/line\.png'\);background-rep
SF:eat:\x20no-repeat;background-position:\x20left;}\thr{background-color:#
SF:E7E7E7;border:0;border-top:1px\x20solid\x20#E7E7E7;height:0;margin:10px
SF:\x200\x2010px\x200;overflow:hidden;}ul\x20{list-style:\x20square;color:
SF:\x20#0096D6;}li\x20{font-size:\x208pt;\x20}li\x20span\x20{color:\x20#66
SF:6666;}</style>\r\r\n</head>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20cl
SF:ass=\"container\"><span\x20style=\"float:left;\"><a\x20target=\"_blank\
SF:"\x20href=\"https://www\.dimofinf\.n")%r(HTTPOptions,F15,"HTTP/1\.1\x20
SF:403\x20OK\r\nContent-type:\x20text/html\r\n\r\n<html>\r\r\n<head>\r\r\n
SF:<meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset
SF:=UTF-8\">\r\r\n<title>Unauthorized\x20Access\x20-\x20Dimofinf\x20Techno
SF:logies\x20Inc</title>\r\r\n<style\x20type=\"text/css\">body{background:
SF:#FAFAFA;color:#666666;}\.container\x20{color:#666666;margin:auto;width:
SF:950px;padding:\x200\x205px\x205px\x205px;}td{font-family:Tahoma,\x20Luc
SF:ida\x20Grande,\x20sans-serif;font-size:8pt;text-shadow:\x201px\x201px\x
SF:200\x20#FFFFFF;}\.line{background-image:url\('http://www\.dimofinf\.net
SF:/images/firewall/line\.png'\);background-repeat:\x20no-repeat;backgroun
SF:d-position:\x20left;}\thr{background-color:#E7E7E7;border:0;border-top:
SF:1px\x20solid\x20#E7E7E7;height:0;margin:10px\x200\x2010px\x200;overflow
SF::hidden;}ul\x20{list-style:\x20square;color:\x20#0096D6;}li\x20{font-si
SF:ze:\x208pt;\x20}li\x20span\x20{color:\x20#666666;}</style>\r\r\n</head>
SF:\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20class=\"container\"><span\x20
SF:style=\"float:left;\"><a\x20target=\"_blank\"\x20href=\"https://www\.di
SF:mofinf\.n");
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 3.10 - 4.11 (91%), HP P2000 G3 NAS device (90%), Linux 3.2 - 4.9 (90%), Linux 3.18 (89%), Linux 3.16 - 4.6 (89%), Linux 4.4 (89%), Linux 2.6.32 (89%), Infomir MAG-250 set-top box (89%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (89%), Linux 3.7 (89%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.70%E=4%D=3/23%OT=21%CT=25%CU=%PV=N%G=N%TM=5C969A11%P=x86_64-pc-linux-gnu)
SEQ(SP=FF%GCD=2%ISR=10C%TI=Z%CI=Z%TS=A)
OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=N)
U1(R=N)
IE(R=N)

Uptime guess: 20.431 days (since Sun Mar  3 05:21:23 2019)
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   21.30 ms  10.252.200.1
2   21.69 ms  vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   38.11 ms  irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
4   21.73 ms  te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
5   21.91 ms  te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   22.12 ms  hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
7   91.41 ms  be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
8   101.08 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
9   101.26 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
10  102.99 ms leaseweb.demarc.cogentco.com (149.14.93.10)
11  103.47 ms be-10.cr02.ams-01.nl.leaseweb.net (81.17.34.21)
12  101.40 ms po-1002.ce01.ams-01.nl.leaseweb.net (81.17.33.123)
13  ... 30

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 16:41
Completed NSE at 16:41, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 16:41
Completed NSE at 16:41, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 307.21 seconds
           Raw packets sent: 166 (11.424KB) | Rcvd: 329 (74.361KB)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-23 16:41 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 16:41
Completed NSE at 16:41, 0.00s elapsed
Initiating NSE at 16:41
Completed NSE at 16:41, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 16:41
Completed Parallel DNS resolution of 1 host. at 16:41, 0.03s elapsed
Initiating UDP Scan at 16:41
Scanning unlimited3.dimofinf.net (85.17.16.71) [14 ports]
Completed UDP Scan at 16:41, 1.25s elapsed (14 total ports)
Initiating Service scan at 16:41
Scanning 12 services on unlimited3.dimofinf.net (85.17.16.71)
Service scan Timing: About 8.33% done; ETC: 17:01 (0:17:47 remaining)
Completed Service scan at 16:43, 102.57s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against unlimited3.dimofinf.net (85.17.16.71)
Retrying OS detection (try #2) against unlimited3.dimofinf.net (85.17.16.71)
Initiating Traceroute at 16:43
Completed Traceroute at 16:43, 7.09s elapsed
Initiating Parallel DNS resolution of 1 host. at 16:43
Completed Parallel DNS resolution of 1 host. at 16:43, 0.01s elapsed
NSE: Script scanning 85.17.16.71.
Initiating NSE at 16:43
Completed NSE at 16:44, 20.31s elapsed
Initiating NSE at 16:44
Completed NSE at 16:44, 1.02s elapsed
Nmap scan report for unlimited3.dimofinf.net (85.17.16.71)
Host is up (0.023s latency).

PORT     STATE         SERVICE      VERSION
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  filtered      netbios-ns
138/udp  filtered      netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using port 137/udp)
HOP RTT      ADDRESS
1   20.05 ms 10.252.200.1
2   ... 3
4   23.45 ms 10.252.200.1
5   27.38 ms 10.252.200.1
6   27.37 ms 10.252.200.1
7   27.36 ms 10.252.200.1
8   27.36 ms 10.252.200.1
9   27.35 ms 10.252.200.1
10  27.37 ms 10.252.200.1
11  ... 18
19  20.24 ms 10.252.200.1
20  21.00 ms 10.252.200.1
21  ... 27
28  21.31 ms 10.252.200.1
29  21.51 ms 10.252.200.1
30  20.14 ms 10.252.200.1

NSE: Script Post-scanning.
Initiating NSE at 16:44
Completed NSE at 16:44, 0.00s elapsed
Initiating NSE at 16:44
Completed NSE at 16:44, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 135.45 seconds
           Raw packets sent: 147 (13.614KB) | Rcvd: 317 (56.830KB)
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          85.17.16.71
+ Target Hostname:    85.17.16.71
+ Target Port:        80
+ Start Time:         2019-03-23 16:21:36 (GMT-4)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: No banner retrieved
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ All CGI directories 'found', use '-C none' to test none
+ Server banner has changed from '' to 'nginx' which may suggest a WAF, load balancer or proxy is in place
+ 26553 requests: 7 error(s) and 3 item(s) reported on remote host
+ End Time:           2019-03-23 18:46:42 (GMT-4) (8706 seconds)
---------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################
--------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          85.17.16.71
+ Target Hostname:    acd.gov.ae
+ Target Port:        443
---------------------------------------------------------------------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=acd.gov.ae
                   Ciphers:  ECDHE-RSA-AES128-GCM-SHA256
                   Issuer:   /C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
+ Start Time:         2019-03-23 16:08:01 (GMT-4)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: nginx
+ Uncommon header 'x-server-powered-by' found, with contents: Dimofinf INC
+ Uncommon header 'x-nginx-cache-status' found, with contents: HIT
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie csrf_cookie_name created without the httponly flag
+ Cookie ci_session created without the httponly flag
+ Cookie PHPSESSID created without the secure flag
+ Cookie PHPSESSID created without the httponly flag
+ Cookie dim_sessionhash created without the secure flag
+ Cookie dim_lastvisit created without the httponly flag
+ Cookie dim_lastactivity created without the httponly flag
+ The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
---------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################
                                             Anonymous JTSEC #OpYemen Full Recon #4