Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-04 13:44 Mitteleuropäische Sommerzeit
NSE: Loaded 157 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 13:44
Completed NSE at 13:44, 0.01s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 13:44
Completed NSE at 13:44, 0.01s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 13:44
Completed NSE at 13:44, 0.01s elapsed
Initiating Ping Scan at 13:44
Scanning prescene.us.to (146.112.61.106) [4 ports]
Completed Ping Scan at 13:45, 3.75s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:45
Completed Parallel DNS resolution of 1 host. at 13:45, 0.10s elapsed
DNS resolution of 1 IPs took 0.58s. Mode: Async [#: 4, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 13:45
Scanning prescene.us.to (146.112.61.106) [1000 ports]
Discovered open port 443/tcp on 146.112.61.106
Discovered open port 80/tcp on 146.112.61.106
Discovered open port 443/tcp on 146.112.61.106
Completed SYN Stealth Scan at 13:45, 22.66s elapsed (1000 total ports)
Initiating Service scan at 13:45
Scanning 2 services on prescene.us.to (146.112.61.106)
Completed Service scan at 13:45, 28.28s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against prescene.us.to (146.112.61.106)
Retrying OS detection (try #2) against prescene.us.to (146.112.61.106)
Initiating Traceroute at 13:45
Completed Traceroute at 13:45, 0.09s elapsed
Initiating Parallel DNS resolution of 13 hosts. at 13:45
Completed Parallel DNS resolution of 13 hosts. at 13:45, 0.07s elapsed
DNS resolution of 13 IPs took 0.07s. Mode: Async [#: 4, OK: 3, NX: 10, DR: 0, SF: 0, TR: 13, CN: 0]
NSE: Script scanning 146.112.61.106.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 13:45
Completed NSE at 13:46, 5.51s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 13:46
Completed NSE at 13:46, 1.08s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 13:46
Completed NSE at 13:46, 0.01s elapsed
Nmap scan report for prescene.us.to (146.112.61.106)
Host is up, received syn-ack ttl 51 (0.036s latency).
rDNS record for 146.112.61.106: hit-adult.opendns.com
Scanned at 2025-04-04 13:45:01 Mitteleuropäische Sommerzeit for 63s
Not shown: 997 filtered tcp ports (no-response), 1 filtered tcp ports (admin-prohibited)
PORT    STATE SERVICE   REASON         VERSION
80/tcp  open  http      syn-ack ttl 51 Cisco Umbrella
|_http-server-header: Cisco Umbrella
| fingerprint-strings: 
|   GetRequest: 
|     HTTP/1.1 403 Forbidden
|     Server: Cisco Umbrella
|     Date: Fri, 04 Apr 2025 11:45:11 GMT
|     Content-Type: text/html
|     Content-Length: 514
|     Connection: close
|     <html><head><script type="text/javascript">location.replace("https://block.opendns.com/?url=73748564698078667479856672&ablock&server=fra1&prefs=&tagging=&nref");</script></head></html>
|   HTTPOptions: 
|     HTTP/1.1 303 See Other
|     Server: Cisco Umbrella
|     Date: Fri, 04 Apr 2025 11:45:12 GMT
|     Content-Type: text/html
|     Content-Length: 0
|     Connection: close
|     Location: http://hit_domaintag/
|     X-Frame-Options: SAMEORIGIN
|     X-Content-Type-Options: nosniff
|_    X-Xss-Protection: 1; mode=block
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Site doesn't have a title (text/html).
443/tcp open  ssl/https syn-ack ttl 51 Cisco Umbrella
| fingerprint-strings: 
|   GetRequest: 
|     HTTP/1.1 403 Forbidden
|     Server: Cisco Umbrella
|     Date: Fri, 04 Apr 2025 11:45:18 GMT
|     Content-Type: text/html
|     Content-Length: 514
|     Connection: close
|     <html><head><script type="text/javascript">location.replace("https://block.opendns.com/?url=73748564698078667479856672&ablock&server=fra2&prefs=&tagging=&nref");</script></head></html>
|   HTTPOptions: 
|     HTTP/1.1 303 See Other
|     Server: Cisco Umbrella
|     Date: Fri, 04 Apr 2025 11:45:19 GMT
|     Content-Type: text/html
|     Content-Length: 0
|     Connection: close
|     Location: http://hit_domaintag/
|     X-Frame-Options: SAMEORIGIN
|     X-Content-Type-Options: nosniff
|_    X-Xss-Protection: 1; mode=block
|_http-server-header: Cisco Umbrella
| ssl-cert: Subject: commonName=prescene.us.to/organizationName=OpenDNS, Inc./stateOrProvinceName=California/countryName=US/localityName=San Francisco
| Subject Alternative Name: DNS:prescene.us.to
| Issuer: commonName=Cisco Umbrella Secondary SubCA fra-SG/organizationName=Cisco
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2025-04-02T11:45:12
| Not valid after:  2025-04-07T11:45:12
| MD5:   220b:dcd9:3373:8266:2c57:3f2a:710d:28df
| SHA-1: eb93:5fbd:fc88:4a13:a961:44a2:e3cd:0cf7:f156:95ba
| -----BEGIN CERTIFICATE-----
| MIIDRjCCAi6gAwIBAgIEZ/BVxzANBgkqhkiG9w0BAQsFADBAMQ4wDAYDVQQKDAVD
| aXNjbzEuMCwGA1UEAwwlQ2lzY28gVW1icmVsbGEgU2Vjb25kYXJ5IFN1YkNBIGZy
| YS1TRzAeFw0yNTA0MDIxMTQ1MTJaFw0yNTA0MDcxMTQ1MTJaMGsxCzAJBgNVBAYT
| AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
| MRYwFAYDVQQKDA1PcGVuRE5TLCBJbmMuMRcwFQYDVQQDDA5wcmVzY2VuZS51cy50
| bzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZ72/tg7qJDLBRv/IUV
| IjhAfeCd6iLj28zNQ/bUStHoUDKq/8z5N52ReC/ZfukAYQMj/7pFN25XHwXovqyw
| ZJWICQ3sMHHocGXgdyqTK/mDVAs1uGJR8513OlUO3D9FHZVduE0O5VIdgk64yv0Q
| PRmigK74zfFXhlw92qCi96VO7L9uxJvSjUaynhXRYVFcOCkrYXvb9qrbWbB99MBU
| X0MTx2ScyXrrZ2YXk9tatVbuEF2lPDlcD+EulLV/AZjbZZJU+7y3+RUeCKHvYho3
| lx//psXNkG6Bh0a09fnATfVyi6BuAc1u3nbj9jmNv+33CeZIEAJ+pysD+T1Xw2k/
| I6ECAwEAAaMdMBswGQYDVR0RBBIwEIIOcHJlc2NlbmUudXMudG8wDQYJKoZIhvcN
| AQELBQADggEBABXzN66JE1uIuuMScuaTBiUjN3wClvuAbLhIeT3zObTw7XKTPH69
| Uz1kXWoMonjejMSy1mah3LT4q7SuGeXvjK0eTQxGDeLrOHShBhw9OvmXTuO2M/L6
| fePfsUpZbXcws3h9NFsuBadnpyOfVTGsOtTDbftkkqZJ5aNAzmgwqQuMhnp1zb6I
| VVQvK7NO5uRjY2SA85n3koujbD1jI8hR0avRt4hHEOGQYSm5Bd0QIyHwOGjMBszo
| fROvFIOUPaWHIT94CqoH+8pHz/ggJyYd36Hwsd3MqXYzU9efRX5xJ7dJWvjVrGqg
| igr+myIcTX2DFj9XIEEv1yhQ2RooQoFkdPE=
|_-----END CERTIFICATE-----
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Site doesn't have a title (text/html).
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=7.95%I=7%D=4/4%Time=67EFC65B%P=i686-pc-windows-windows%r(G
SF:etRequest,29A,"HTTP/1\.1\x20403\x20Forbidden\r\nServer:\x20Cisco\x20Umb
SF:rella\r\nDate:\x20Fri,\x2004\x20Apr\x202025\x2011:45:11\x20GMT\r\nConte
SF:nt-Type:\x20text/html\r\nContent-Length:\x20514\r\nConnection:\x20close
SF:\r\n\r\n<html><head><script\x20type=\"text/javascript\">location\.repla
SF:ce\(\"https://block\.opendns\.com/\?url=73748564698078667479856672&ablo
SF:ck&server=fra1&prefs=&tagging=&nref\"\);</script></head></html>\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\n")%r(HTTPOptions,116,"HTTP/1\.1\x20303\
SF:x20See\x20Other\r\nServer:\x20Cisco\x20Umbrella\r\nDate:\x20Fri,\x2004\
SF:x20Apr\x202025\x2011:45:12\x20GMT\r\nContent-Type:\x20text/html\r\nCont
SF:ent-Length:\x200\r\nConnection:\x20close\r\nLocation:\x20http://hit_dom
SF:aintag/\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-Content-Type-Options:\x2
SF:0nosniff\r\nX-Xss-Protection:\x201;\x20mode=block\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=7.95%T=SSL%I=7%D=4/4%Time=67EFC662%P=i686-pc-windows-wind
SF:ows%r(GetRequest,29A,"HTTP/1\.1\x20403\x20Forbidden\r\nServer:\x20Cisco
SF:\x20Umbrella\r\nDate:\x20Fri,\x2004\x20Apr\x202025\x2011:45:18\x20GMT\r
SF:\nContent-Type:\x20text/html\r\nContent-Length:\x20514\r\nConnection:\x
SF:20close\r\n\r\n<html><head><script\x20type=\"text/javascript\">location
SF:\.replace\(\"https://block\.opendns\.com/\?url=737485646980786674798566
SF:72&ablock&server=fra2&prefs=&tagging=&nref\"\);</script></head></html>\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\n")%r(HTTPOptions,116,"HTTP/1\.1\
SF:x20303\x20See\x20Other\r\nServer:\x20Cisco\x20Umbrella\r\nDate:\x20Fri,
SF:\x2004\x20Apr\x202025\x2011:45:19\x20GMT\r\nContent-Type:\x20text/html\
SF:r\nContent-Length:\x200\r\nConnection:\x20close\r\nLocation:\x20http://
SF:hit_domaintag/\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-Content-Type-Opti
SF:ons:\x20nosniff\r\nX-Xss-Protection:\x201;\x20mode=block\r\n\r\n");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|general purpose|storage-misc
Running (JUST GUESSING): Crestron 2-Series (86%), Linux 2.6.X|3.X|4.X|5.X (86%), HP embedded (85%)
OS CPE: cpe:/o:crestron:2_series cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 cpe:/h:hp:p2000_g3
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
Aggressive OS guesses: Crestron XPanel control system (86%), Linux 2.6.32 - 3.13 (86%), Linux 3.2 - 4.14 (86%), Linux 4.15 - 5.19 (86%), Linux 2.6.32 - 3.10 (85%), HP P2000 G3 NAS device (85%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.95%E=4%D=4/4%OT=80%CT=%CU=%PV=N%DS=14%DC=T%G=N%TM=67EFC67C%P=i686-pc-windows-windows)
SEQ(SP=103%GCD=1%ISR=108%TI=Z%II=I%TS=20)
SEQ(SP=FA%GCD=1%ISR=105%TI=Z%II=I%TS=21)
OPS(O1=M528ST11NW9%O2=M528ST11NW9%O3=M528NNT11NW9%O4=M528ST11NW9%O5=M528ST11NW9%O6=M528ST11)
WIN(W1=A9B0%W2=A9B0%W3=A9B0%W4=A9B0%W5=A9B0%W6=A9B0)
ECN(R=Y%DF=Y%TG=40%W=A564%O=M528NNSNW9%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)

Uptime guess: 0.000 days (since Fri Apr  4 13:45:56 2025)
Network Distance: 14 hops
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 443/tcp)
HOP RTT      ADDRESS
1   3.00 ms  10.212.44.254
2   17.00 ms 10.70.0.1
3   18.00 ms 172.16.164.250
4   20.00 ms 10.89.143.1
5   24.00 ms 10.73.69.50
6   24.00 ms 10.64.21.37
7   24.00 ms 10.64.21.75
8   24.00 ms 192.168.2.194
9   26.00 ms 80.154.91.13
10  31.00 ms m-ef2-i.m.de.net.dtag.de (217.5.110.6)
11  29.00 ms 80.150.168.185
12  49.00 ms ae0.cr7-fra2.ip4.gtt.net (89.149.137.6)
13  35.00 ms opendns-gw.ip4.gtt.net (77.67.95.70)
14  34.00 ms hit-adult.opendns.com (146.112.61.106)

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 13:46
Completed NSE at 13:46, 0.01s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 13:46
Completed NSE at 13:46, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 13:46
Completed NSE at 13:46, 0.00s elapsed
Read data files from: C:\Tools\NMAP
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 77.14 seconds
           Raw packets sent: 3103 (140.120KB) | Rcvd: 141 (7.440KB)
