Activity Log

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://d-t-f.ru/ [45.130.41.86]
[+] Started: Sat Oct 18 10:43:55 2025

Interesting Finding(s):

[+] Headers
| Interesting Entry: server: nginx-reuseport/1.21.1
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://d-t-f.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
|  - /?s=
|  - /page/*/?s=
|  - /search/
|  - /wp-json/
|  - /?rest_route=
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] WordPress readme found: https://d-t-f.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] This site has 'Must Use Plugins': https://d-t-f.ru/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] The external WP-Cron seems to be enabled: https://d-t-f.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.3 identified (Latest, released on 2025-09-30).
| Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://d-t-f.ru/wp-includes/css/dashicons.min.css?ver=6.8.3
|  - https://d-t-f.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.8.3
| Confirmed By: Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://d-t-f.ru/wp-includes/js/wp-util.min.js?ver=6.8.3
|  - https://d-t-f.ru/wp-includes/js/wp-backbone.min.js?ver=6.8.3

[+] WordPress theme in use: buddyboss-theme
| Location: https://d-t-f.ru/wp-content/themes/buddyboss-theme/
| Readme: https://d-t-f.ru/wp-content/themes/buddyboss-theme/readme.txt
| Style URL: https://d-t-f.ru/wp-content/themes/buddyboss-theme/style.css
| Style Name: BuddyBoss Theme
| Style URI: https://www.buddyboss.com/
| Description: BuddyBoss Theme makes the BuddyBoss Platform look beautiful....
| Author: BuddyBoss
| Author URI: https://www.buddyboss.com/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.10.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://d-t-f.ru/wp-content/themes/buddyboss-theme/style.css, Match: 'Version:        2.10.0'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] *
| Location: https://d-t-f.ru/wp-content/plugins/*/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] buddyboss-platform
| Location: https://d-t-f.ru/wp-content/plugins/buddyboss-platform/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.14.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform/readme.txt

[+] buddyboss-platform-pro
| Location: https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.8.0 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/readme.txt

[+] buddypress-user-blog
| Location: https://d-t-f.ru/wp-content/plugins/buddypress-user-blog/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.3.5 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddypress-user-blog/readme.txt

[+] embed-pdf-viewer
| Location: https://d-t-f.ru/wp-content/plugins/embed-pdf-viewer/
| Latest Version: 2.4.6 (up to date)
| Last Updated: 2024-11-01T18:21:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.4.6 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/embed-pdf-viewer/readme.txt

[+] js_composer
| Location: https://d-t-f.ru/wp-content/plugins/js_composer/
| Last Updated: 2025-10-13T22:54:14.000Z
| [!] The version is out of date, the latest version is 8.7
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
|  Urls In 404 Page (Passive Detection)
|  Body Tag (Passive Detection)
|
| [!] 4 vulnerabilities identified:
|
| [!] Title: WPBakery Page Builder for WordPress < 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.6
|     References:
|      - https://wpscan.com/vulnerability/7a663b5f-5389-4525-8ad7-1ec2b70a09dc
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7502
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7c80143-c328-4cd1-95db-67de2edc058c
|
| [!] Title: WPBakery Page Builder < 8.7 - Stored Cross-Site Scripting via vc_custom_heading Shortcode
|     Fixed in: 8.7
|     References:
|      - https://wpscan.com/vulnerability/266c25ac-89e5-4fb1-8890-7b9075dc12d6
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11161
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/2772cade-c625-437a-b57b-ce8a2e3393bf
|
| [!] Title: WPBakery Page Builder < 8.7 - Stored Cross-Site Scripting via Custom JS Module
|     Fixed in: 8.7
|     References:
|      - https://wpscan.com/vulnerability/3f7ba5d6-4731-4d02-bb06-ea00fcffa875
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11160
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c42cc4e-34e7-4f14-b850-7ba5dd2ae099
|
| [!] Title: WPBakery Page Builder < 8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.7
|     References:
|      - https://wpscan.com/vulnerability/813fbabf-e900-4067-a85c-e4144ad5fb68
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10006
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7b12e5-0de7-45f4-84e0-083818912623
|
| Version: 8.5 (80% confidence)
| Found By: Body Tag (Passive Detection)
|  - https://d-t-f.ru/, Match: 'js-comp-ver-8.5'
| Confirmed By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=8.5
|  - https://d-t-f.ru/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=8.5

[+] pdfjs-viewer-shortcode
| Location: https://d-t-f.ru/wp-content/plugins/pdfjs-viewer-shortcode/
| Last Updated: 2025-07-30T14:27:00.000Z
| [!] The version is out of date, the latest version is 2.2.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.2.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/pdfjs-viewer-shortcode/readme.txt

[+] protected-video
| Location: https://d-t-f.ru/wp-content/plugins/protected-video/
| Latest Version: 1.11.6 (up to date)
| Last Updated: 2024-07-06T10:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.11.6 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/protected-video/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/protected-video/readme.txt

[+] related-products-manager-woocommerce
| Location: https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/
| Latest Version: 1.6.4 (up to date)
| Last Updated: 2025-07-23T11:26:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.6.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/readme.txt

[+] saphali-woocommerce-lite
| Location: https://d-t-f.ru/wp-content/plugins/saphali-woocommerce-lite/
| Latest Version: 2.0.1 (up to date)
| Last Updated: 2025-02-23T21:26:00.000Z
|
| Found By: Meta Tag (Passive Detection)
|
| Version: 2.0.1 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/saphali-woocommerce-lite/readme.txt

[+] simple-lightbox
| Location: https://d-t-f.ru/wp-content/plugins/simple-lightbox/
| Latest Version: 2.9.4 (up to date)
| Last Updated: 2025-04-21T22:37:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.9.4 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/simple-lightbox/client/css/app.css?ver=2.9.4
| Confirmed By:
|  Readme - Stable Tag (Aggressive Detection)
|   - https://d-t-f.ru/wp-content/plugins/simple-lightbox/readme.txt
|  Readme - ChangeLog Section (Aggressive Detection)
|   - https://d-t-f.ru/wp-content/plugins/simple-lightbox/readme.txt

[+] top-10
| Location: https://d-t-f.ru/wp-content/plugins/top-10/
| Latest Version: 4.1.1 (up to date)
| Last Updated: 2025-05-05T13:56:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.1.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/top-10/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/top-10/readme.txt

[+] tutor
| Location: https://d-t-f.ru/wp-content/plugins/tutor/
| Last Updated: 2025-09-30T10:26:00.000Z
| [!] The version is out of date, the latest version is 3.8.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Tutor LMS < 3.8.0 - Authenticated (Administrator+) SQL Injection
|     Fixed in: 3.8.0
|     References:
|      - https://wpscan.com/vulnerability/e28b3cbc-c60b-4b3c-bb96-f2fddffb7c41
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58993
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/91ca027c-0483-44de-b19e-243ccb2c7b31
|
| Version: 3.6.0 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/tutor/readme.txt

[+] tutor-pro
| Location: https://d-t-f.ru/wp-content/plugins/tutor-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Tutor LMS Pro – eLearning and online course solution < 3.7.1 - Authenticated (Tutor Instructor+) SQL Injection
|     Fixed in: 3.7.1
|     References:
|      - https://wpscan.com/vulnerability/8b62df50-3803-4dc3-8160-714adedbc38a
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6184
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b41d134-be9e-469f-b26b-ac30d95db0a3
|
| Version: 3.0.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/tutor-pro/readme.txt

[+] wc-frontend-manager
| Location: https://d-t-f.ru/wp-content/plugins/wc-frontend-manager/
| Latest Version: 6.7.21 (up to date)
| Last Updated: 2025-07-14T07:55:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 6.7.21 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wc-frontend-manager/readme.txt

[+] woocommerce
| Location: https://d-t-f.ru/wp-content/plugins/woocommerce/
| Last Updated: 2025-09-29T13:50:00.000Z
| [!] The version is out of date, the latest version is 10.2.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 10.2.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=10.2.1
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/readme.txt

[+] wordpress-seo-premium
| Location: https://d-t-f.ru/wp-content/plugins/wordpress-seo-premium/
| Last Updated: 2025-10-07T08:40:28.000Z
| [!] The version is out of date, the latest version is 26.1
|
| Found By: Comment (Passive Detection)
|
| Version: 25.4 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wordpress-seo-premium/readme.txt

[+] wpdiscuz
| Location: https://d-t-f.ru/wp-content/plugins/wpdiscuz/
| Latest Version: 7.6.34 (up to date)
| Last Updated: 2025-09-19T10:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 7.6.34 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wpdiscuz/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:01:09
Checking Config Backups - Time: 00:00:01 <    > (3 / 137)  2.18%  ETA: 00:00:49
Checking Config Backups - Time: 00:00:01 <    > (4 / 137)  2.91%  ETA: 00:00:39
Checking Config Backups - Time: 00:00:01 <    > (5 / 137)  3.64%  ETA: 00:00:31
Checking Config Backups - Time: 00:00:01 <    > (6 / 137)  4.37%  ETA: 00:00:37
Checking Config Backups - Time: 00:00:01 <    > (7 / 137)  5.10%  ETA: 00:00:33
Checking Config Backups - Time: 00:00:01 <    > (8 / 137)  5.83%  ETA: 00:00:29
Checking Config Backups - Time: 00:00:01 <    > (9 / 137)  6.56%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:02 <   > (10 / 137)  7.29%  ETA: 00:00:29
Checking Config Backups - Time: 00:00:02 <   > (11 / 137)  8.02%  ETA: 00:00:28
Checking Config Backups - Time: 00:00:02 <   > (12 / 137)  8.75%  ETA: 00:00:26
Checking Config Backups - Time: 00:00:02 <   > (13 / 137)  9.48%  ETA: 00:00:24
Checking Config Backups - Time: 00:00:02 <   > (14 / 137) 10.21%  ETA: 00:00:23
Checking Config Backups - Time: 00:00:02 <   > (15 / 137) 10.94%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:02 <   > (16 / 137) 11.67%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:02 <   > (17 / 137) 12.40%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:03 <   > (18 / 137) 13.13%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:03 <   > (20 / 137) 14.59%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (21 / 137) 15.32%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (22 / 137) 16.05%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (23 / 137) 16.78%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:04 <   > (24 / 137) 17.51%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:04 <   > (25 / 137) 18.24%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (26 / 137) 18.97%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (27 / 137) 19.70%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (28 / 137) 20.43%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (29 / 137) 21.16%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (30 / 137) 21.89%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (31 / 137) 22.62%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (32 / 137) 23.35%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (33 / 137) 24.08%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (34 / 137) 24.81%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (36 / 137) 26.27%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:05 <   > (37 / 137) 27.00%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (38 / 137) 27.73%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (39 / 137) 28.46%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (40 / 137) 29.19%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (41 / 137) 29.92%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (42 / 137) 30.65%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (43 / 137) 31.38%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:07 <   > (44 / 137) 32.11%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:07 <   > (45 / 137) 32.84%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (47 / 137) 34.30%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (48 / 137) 35.03%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (49 / 137) 35.76%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (50 / 137) 36.49%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (51 / 137) 37.22%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:08 <=  > (52 / 137) 37.95%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:08 <=  > (53 / 137) 38.68%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:08 <=  > (54 / 137) 39.41%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:08 <=  > (56 / 137) 40.87%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:08 <=  > (57 / 137) 41.60%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:09 <=  > (58 / 137) 42.33%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:09 <=  > (60 / 137) 43.79%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:09 <=  > (62 / 137) 45.25%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:09 <=  > (63 / 137) 45.98%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:09 <=  > (65 / 137) 47.44%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (67 / 137) 48.90%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (68 / 137) 49.63%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (70 / 137) 51.09%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:09 <=  > (72 / 137) 52.55%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:09 <=  > (73 / 137) 53.28%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:09 <=  > (75 / 137) 54.74%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:09 <=  > (77 / 137) 56.20%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:09 <=  > (78 / 137) 56.93%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:09 <=  > (80 / 137) 58.39%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:09 <=  > (82 / 137) 59.85%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:09 <=  > (83 / 137) 60.58%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (85 / 137) 62.04%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (87 / 137) 63.50%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (88 / 137) 64.23%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (90 / 137) 65.69%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (92 / 137) 67.15%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (93 / 137) 67.88%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (95 / 137) 69.34%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (97 / 137) 70.80%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <== > (98 / 137) 71.53%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (100 / 137) 72.99%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (101 / 137) 73.72%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (102 / 137) 74.45%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (103 / 137) 75.18%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (104 / 137) 75.91%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (105 / 137) 76.64%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (106 / 137) 77.37%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (108 / 137) 78.83%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (109 / 137) 79.56%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (110 / 137) 80.29%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (111 / 137) 81.02%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (113 / 137) 82.48%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:10 <= > (114 / 137) 83.21%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:10 <= > (115 / 137) 83.94%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:11 <= > (116 / 137) 84.67%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:11 <= > (118 / 137) 86.13%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:11 <= > (119 / 137) 86.86%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (121 / 137) 88.32%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (123 / 137) 89.78%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (124 / 137) 90.51%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (126 / 137) 91.97%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (127 / 137) 92.70%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (128 / 137) 93.43%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (129 / 137) 94.16%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (130 / 137) 94.89%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (131 / 137) 95.62%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (132 / 137) 96.35%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (134 / 137) 97.81%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <=> (137 / 137) 100.00% Time: 00:00:14

[i] No Config Backups Found.

[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 20
| Requests Remaining: 5

[+] Finished: Sat Oct 18 10:44:26 2025
[+] Requests Done: 161
[+] Cached Requests: 79
[+] Data Sent: 39.378 KB
[+] Data Received: 430.826 KB
[+] Memory used: 276.738 MB
[+] Elapsed time: 00:00:30

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://d-t-f.ru/ [45.130.41.86]
[+] Started: Sat Oct 18 10:40:32 2025

Interesting Finding(s):

[+] Headers
| Interesting Entry: server: nginx-reuseport/1.21.1
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://d-t-f.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
|  - /?s=
|  - /page/*/?s=
|  - /search/
|  - /wp-json/
|  - /?rest_route=
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] WordPress readme found: https://d-t-f.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] This site has 'Must Use Plugins': https://d-t-f.ru/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] The external WP-Cron seems to be enabled: https://d-t-f.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.3 identified (Latest, released on 2025-09-30).
| Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://d-t-f.ru/wp-includes/css/dashicons.min.css?ver=6.8.3
|  - https://d-t-f.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.8.3
| Confirmed By: Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://d-t-f.ru/wp-includes/js/wp-util.min.js?ver=6.8.3
|  - https://d-t-f.ru/wp-includes/js/wp-backbone.min.js?ver=6.8.3

[+] WordPress theme in use: buddyboss-theme
| Location: https://d-t-f.ru/wp-content/themes/buddyboss-theme/
| Readme: https://d-t-f.ru/wp-content/themes/buddyboss-theme/readme.txt
| Style URL: https://d-t-f.ru/wp-content/themes/buddyboss-theme/style.css
| Style Name: BuddyBoss Theme
| Style URI: https://www.buddyboss.com/
| Description: BuddyBoss Theme makes the BuddyBoss Platform look beautiful....
| Author: BuddyBoss
| Author URI: https://www.buddyboss.com/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.10.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://d-t-f.ru/wp-content/themes/buddyboss-theme/style.css, Match: 'Version:        2.10.0'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] *
| Location: https://d-t-f.ru/wp-content/plugins/*/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] buddyboss-platform
| Location: https://d-t-f.ru/wp-content/plugins/buddyboss-platform/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.14.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform/readme.txt

[+] buddyboss-platform-pro
| Location: https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.8.0 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/readme.txt

[+] buddypress-user-blog
| Location: https://d-t-f.ru/wp-content/plugins/buddypress-user-blog/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.3.5 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddypress-user-blog/readme.txt

[+] embed-pdf-viewer
| Location: https://d-t-f.ru/wp-content/plugins/embed-pdf-viewer/
| Latest Version: 2.4.6 (up to date)
| Last Updated: 2024-11-01T18:21:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.4.6 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/embed-pdf-viewer/readme.txt

[+] js_composer
| Location: https://d-t-f.ru/wp-content/plugins/js_composer/
| Last Updated: 2025-10-13T22:54:14.000Z
| [!] The version is out of date, the latest version is 8.7
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
|  Urls In 404 Page (Passive Detection)
|  Body Tag (Passive Detection)
|
| Version: 8.5 (80% confidence)
| Found By: Body Tag (Passive Detection)
|  - https://d-t-f.ru/, Match: 'js-comp-ver-8.5'
| Confirmed By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=8.5
|  - https://d-t-f.ru/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=8.5

[+] pdfjs-viewer-shortcode
| Location: https://d-t-f.ru/wp-content/plugins/pdfjs-viewer-shortcode/
| Last Updated: 2025-07-30T14:27:00.000Z
| [!] The version is out of date, the latest version is 2.2.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.2.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/pdfjs-viewer-shortcode/readme.txt

[+] protected-video
| Location: https://d-t-f.ru/wp-content/plugins/protected-video/
| Latest Version: 1.11.6 (up to date)
| Last Updated: 2024-07-06T10:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.11.6 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/protected-video/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/protected-video/readme.txt

[+] related-products-manager-woocommerce
| Location: https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/
| Latest Version: 1.6.4 (up to date)
| Last Updated: 2025-07-23T11:26:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.6.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/readme.txt

[+] saphali-woocommerce-lite
| Location: https://d-t-f.ru/wp-content/plugins/saphali-woocommerce-lite/
| Latest Version: 2.0.1 (up to date)
| Last Updated: 2025-02-23T21:26:00.000Z
|
| Found By: Meta Tag (Passive Detection)
|
| Version: 2.0.1 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/saphali-woocommerce-lite/readme.txt

[+] simple-lightbox
| Location: https://d-t-f.ru/wp-content/plugins/simple-lightbox/
| Latest Version: 2.9.4 (up to date)
| Last Updated: 2025-04-21T22:37:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.9.4 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/simple-lightbox/client/css/app.css?ver=2.9.4
| Confirmed By:
|  Readme - Stable Tag (Aggressive Detection)
|   - https://d-t-f.ru/wp-content/plugins/simple-lightbox/readme.txt
|  Readme - ChangeLog Section (Aggressive Detection)
|   - https://d-t-f.ru/wp-content/plugins/simple-lightbox/readme.txt

[+] top-10
| Location: https://d-t-f.ru/wp-content/plugins/top-10/
| Latest Version: 4.1.1 (up to date)
| Last Updated: 2025-05-05T13:56:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.1.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/top-10/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/top-10/readme.txt

[+] tutor
| Location: https://d-t-f.ru/wp-content/plugins/tutor/
| Last Updated: 2025-09-30T10:26:00.000Z
| [!] The version is out of date, the latest version is 3.8.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.6.0 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/tutor/readme.txt

[+] tutor-pro
| Location: https://d-t-f.ru/wp-content/plugins/tutor-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.0.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/tutor-pro/readme.txt

[+] wc-frontend-manager
| Location: https://d-t-f.ru/wp-content/plugins/wc-frontend-manager/
| Latest Version: 6.7.21 (up to date)
| Last Updated: 2025-07-14T07:55:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 6.7.21 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wc-frontend-manager/readme.txt

[+] woocommerce
| Location: https://d-t-f.ru/wp-content/plugins/woocommerce/
| Last Updated: 2025-09-29T13:50:00.000Z
| [!] The version is out of date, the latest version is 10.2.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 10.2.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=10.2.1
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/readme.txt

[+] wordpress-seo-premium
| Location: https://d-t-f.ru/wp-content/plugins/wordpress-seo-premium/
| Last Updated: 2025-10-07T08:40:28.000Z
| [!] The version is out of date, the latest version is 26.1
|
| Found By: Comment (Passive Detection)
|
| Version: 25.4 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wordpress-seo-premium/readme.txt

[+] wpdiscuz
| Location: https://d-t-f.ru/wp-content/plugins/wpdiscuz/
| Latest Version: 7.6.34 (up to date)
| Last Updated: 2025-09-19T10:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 7.6.34 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wpdiscuz/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:01:53
Checking Config Backups - Time: 00:00:01 <    > (3 / 137)  2.18%  ETA: 00:00:58
Checking Config Backups - Time: 00:00:01 <    > (4 / 137)  2.91%  ETA: 00:00:44
Checking Config Backups - Time: 00:00:01 <    > (6 / 137)  4.37%  ETA: 00:00:32
Checking Config Backups - Time: 00:00:01 <    > (8 / 137)  5.83%  ETA: 00:00:32
Checking Config Backups - Time: 00:00:01 <    > (9 / 137)  6.56%  ETA: 00:00:29
Checking Config Backups - Time: 00:00:02 <   > (11 / 137)  8.02%  ETA: 00:00:25
Checking Config Backups - Time: 00:00:02 <   > (12 / 137)  8.75%  ETA: 00:00:23
Checking Config Backups - Time: 00:00:02 <   > (13 / 137)  9.48%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:02 <   > (14 / 137) 10.21%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:02 <   > (15 / 137) 10.94%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:02 <   > (16 / 137) 11.67%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:02 <   > (17 / 137) 12.40%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (18 / 137) 13.13%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (19 / 137) 13.86%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (20 / 137) 14.59%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (21 / 137) 15.32%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (22 / 137) 16.05%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:03 <   > (23 / 137) 16.78%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (24 / 137) 17.51%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (25 / 137) 18.24%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:04 <   > (26 / 137) 18.97%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (27 / 137) 19.70%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (28 / 137) 20.43%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (29 / 137) 21.16%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (30 / 137) 21.89%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (31 / 137) 22.62%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (32 / 137) 23.35%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:05 <   > (33 / 137) 24.08%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:05 <   > (34 / 137) 24.81%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:05 <   > (35 / 137) 25.54%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (36 / 137) 26.27%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:07 <   > (40 / 137) 29.19%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:07 <   > (41 / 137) 29.92%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:07 <   > (43 / 137) 31.38%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:07 <   > (45 / 137) 32.84%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:07 <=  > (47 / 137) 34.30%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:07 <=  > (48 / 137) 35.03%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:07 <=  > (49 / 137) 35.76%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:08 <=  > (50 / 137) 36.49%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:08 <=  > (51 / 137) 37.22%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:08 <=  > (52 / 137) 37.95%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:08 <=  > (53 / 137) 38.68%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:08 <=  > (54 / 137) 39.41%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:09 <=  > (55 / 137) 40.14%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:09 <=  > (56 / 137) 40.87%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:09 <=  > (59 / 137) 43.06%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:09 <=  > (60 / 137) 43.79%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:09 <=  > (63 / 137) 45.98%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:09 <=  > (66 / 137) 48.17%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:09 <=  > (68 / 137) 49.63%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (69 / 137) 50.36%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (71 / 137) 51.82%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:09 <=  > (72 / 137) 52.55%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:10 <=  > (73 / 137) 53.28%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:10 <=  > (74 / 137) 54.01%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:10 <=  > (75 / 137) 54.74%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:10 <=  > (77 / 137) 56.20%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:10 <=  > (78 / 137) 56.93%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:10 <=  > (79 / 137) 57.66%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:10 <=  > (80 / 137) 58.39%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (82 / 137) 59.85%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (83 / 137) 60.58%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (84 / 137) 61.31%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (85 / 137) 62.04%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (88 / 137) 64.23%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (89 / 137) 64.96%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (90 / 137) 65.69%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <== > (93 / 137) 67.88%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (94 / 137) 68.61%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (95 / 137) 69.34%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (98 / 137) 71.53%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <== > (99 / 137) 72.26%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (100 / 137) 72.99%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (102 / 137) 74.45%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:11 <= > (103 / 137) 75.18%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:11 <= > (104 / 137) 75.91%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:11 <= > (105 / 137) 76.64%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (106 / 137) 77.37%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (107 / 137) 78.10%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (109 / 137) 79.56%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (111 / 137) 81.02%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (112 / 137) 81.75%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (114 / 137) 83.21%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:11 <= > (116 / 137) 84.67%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (117 / 137) 85.40%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (118 / 137) 86.13%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (119 / 137) 86.86%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (120 / 137) 87.59%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (121 / 137) 88.32%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (123 / 137) 89.78%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:12 <= > (124 / 137) 90.51%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (125 / 137) 91.24%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (126 / 137) 91.97%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (127 / 137) 92.70%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (129 / 137) 94.16%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (131 / 137) 95.62%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (132 / 137) 96.35%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (134 / 137) 97.81%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <=> (137 / 137) 100.00% Time: 00:00:14

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Sat Oct 18 10:41:24 2025
[+] Requests Done: 210
[+] Cached Requests: 8
[+] Data Sent: 52.501 KB
[+] Data Received: 2.721 MB
[+] Memory used: 286.773 MB
[+] Elapsed time: 00:00:52

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

Usage: wpscan [options]
--url URL                                 The URL of the blog to scan
Allowed Protocols: http, https
Default Protocol if none provided: http
This option is mandatory unless update or help or hh or version is/are supplied
-h, --help                                    Display the simple help and exit
--hh                                      Display the full help and exit
--version                                 Display the version and exit
-v, --verbose                                 Verbose mode
--[no-]banner                             Whether or not to display the banner
Default: true
-o, --output FILE                             Output to FILE
-f, --format FORMAT                           Output results in the format supplied
Available choices: cli-no-colour, cli-no-color, json, cli
--detection-mode MODE                     Default: mixed
Available choices: mixed, passive, aggressive
--user-agent, --ua VALUE
--random-user-agent, --rua                Use a random user-agent for each scan
--http-auth login:password
-t, --max-threads VALUE                       The max threads to use
Default: 5
--throttle MilliSeconds                   Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
--request-timeout SECONDS                 The request timeout in seconds
Default: 60
--connect-timeout SECONDS                 The connection timeout in seconds
Default: 30
--disable-tls-checks                      Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
--proxy protocol://IP:port                Supported protocols depend on the cURL installed
--proxy-auth login:password
--cookie-string COOKIE                    Cookie string to use in requests, format: cookie1=value1[; cookie2=value2]
--cookie-jar FILE-PATH                    File to read and write cookies
Default: /tmp/wpscan/cookie_jar.txt
--force                                   Do not check if the target is running WordPress or returns a 403
--[no-]update                             Whether or not to update the Database
--api-token TOKEN                         The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile
--wp-content-dir DIR                      The wp-content directory if custom or not detected, such as "wp-content"
--wp-plugins-dir DIR                      The plugins directory if custom or not detected, such as "wp-content/plugins"
-e, --enumerate [OPTS]                        Enumeration Process
Available Choices:
vp   Vulnerable plugins
ap   All plugins
p    Popular plugins
vt   Vulnerable themes
at   All themes
t    Popular themes
tt   Timthumbs
cb   Config backups
dbe  Db exports
u    User IDs range. e.g: u1-5
Range separator to use: '-'
Value if no argument supplied: 1-10
m    Media IDs range. e.g m1-15
Note: Permalink setting must be set to "Plain" for those to be detected
Range separator to use: '-'
Value if no argument supplied: 1-100
Separator to use between the values: ','
Default: All Plugins, Config Backups
Value if no argument supplied: vp,vt,tt,cb,dbe,u,m
Incompatible choices (only one of each group/s can be used):
- vp, ap, p
- vt, at, t
--exclude-content-based REGEXP_OR_STRING  Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
Both the headers and body are checked. Regexp delimiters are not required.
--plugins-detection MODE                  Use the supplied mode to enumerate Plugins.
Default: passive
Available choices: mixed, passive, aggressive
--plugins-version-detection MODE          Use the supplied mode to check plugins' versions.
Default: mixed
Available choices: mixed, passive, aggressive
--exclude-usernames REGEXP_OR_STRING      Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.
-P, --passwords FILE-PATH                     List of passwords to use during the password attack.
If no --username/s option supplied, user enumeration will be run.
-U, --usernames LIST                          List of usernames to use during the password attack.
Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt'
--multicall-max-passwords MAX_PWD         Maximum number of passwords to send by request with XMLRPC multicall
Default: 500
--password-attack ATTACK                  Force the supplied attack to be used rather than automatically determining one.
Multicall will only work against WP < 4.4
Available choices: wp-login, xmlrpc, xmlrpc-multicall
--login-uri URI                           The URI of the login page if different from /wp-login.php
--stealthy                                Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive

[!] To see full list of options use --hh.

One of the following options is required: --url, --update, --help, --hh, --version

Please use --help/-h for the list of available options.

One of the following options is required: --url, --update, --help, --hh, --version

Please use --help/-h for the list of available options.

Scan Aborted: --enumerate Unknown choice: https://d-t-f.ru

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/ [77.234.209.76]
[+] Started: Fri Oct 17 14:27:52 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx
|  - x-powered-by: PHP/7.4.21
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 5.7.2 identified (Insecure, released on 2021-05-12).
| Found By: Rss Generator (Passive Detection)
|  - https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/?feed=rss2, <generator>https://wordpress.org/?v=5.7.2</generator>
|  - https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/?feed=comments-rss2, <generator>https://wordpress.org/?v=5.7.2</generator>

[+] WordPress theme in use: twentytwentyone
| Location: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-content/themes/twentytwentyone/
| Last Updated: 2025-08-05T00:00:00.000Z
| Readme: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-content/themes/twentytwentyone/readme.txt
| [!] The version is out of date, the latest version is 2.6
| Style URL: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-content/themes/twentytwentyone/style.css?ver=1.3
| Style Name: Twenty Twenty-One
| Style URI: https://wordpress.org/themes/twentytwentyone/
| Description: Twenty Twenty-One is a blank canvas for your ideas and it makes the block editor your best brush. Wi...
| Author: the WordPress team
| Author URI: https://wordpress.org/
|
| Found By: Css Style In Homepage (Passive Detection)
|
| Version: 1.3 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-content/themes/twentytwentyone/style.css?ver=1.3, Match: 'Version: 1.3'

[+] Enumerating Users (via Passive and Aggressive Methods)

Brute Forcing Author IDs - Time: 00:00:00 <    > (0 / 10)  0.00%  ETA: ??:??:??
Brute Forcing Author IDs - Time: 00:00:00 <    > (1 / 10) 10.00%  ETA: 00:00:04
Brute Forcing Author IDs - Time: 00:00:00 <=   > (3 / 10) 30.00%  ETA: 00:00:01
Brute Forcing Author IDs - Time: 00:00:00 <=   > (4 / 10) 40.00%  ETA: 00:00:01
Brute Forcing Author IDs - Time: 00:00:01 <==  > (6 / 10) 60.00%  ETA: 00:00:01
Brute Forcing Author IDs - Time: 00:00:01 <==> (10 / 10) 100.00% Time: 00:00:01

[i] User(s) Identified:

[+] admin
| Found By: Rss Generator (Passive Detection)
| Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Fri Oct 17 14:28:03 2025
[+] Requests Done: 54
[+] Cached Requests: 6
[+] Data Sent: 18.799 KB
[+] Data Received: 381.028 KB
[+] Memory used: 186.16 MB
[+] Elapsed time: 00:00:11

Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-17 08:56 UTC
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.03 seconds

Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-15 16:38 UTC
Nmap scan report for 158.160.30.101
Host is up (0.14s latency).
Not shown: 985 filtered tcp ports (no-response)
PORT     STATE  SERVICE
20/tcp   closed ftp-data
21/tcp   closed ftp
22/tcp   open   ssh
80/tcp   closed http
81/tcp   closed hosts2-ns
443/tcp  closed https
3000/tcp open   ppp
5432/tcp closed postgresql
8000/tcp closed http-alt
8080/tcp closed http-proxy
8200/tcp closed trivnet1
9000/tcp closed cslistener
9001/tcp closed tor-orport
9090/tcp open   zeus-admin
9200/tcp closed wap-wsp

Nmap done: 1 IP address (1 host up) scanned in 7.73 seconds

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://xn--80aafaongc8bexciei0t.xn--p1ai/ [46.254.18.79]
[+] Started: Tue Oct 14 07:35:20 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - Server: nginx/1.20.2
|  - X-Powered-By: PHP/7.4.28
|  - WPO-Cache-Status: cached
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://xn--80aafaongc8bexciei0t.xn--p1ai/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
|  - /wp-content/uploads/wpo/wpo-plugins-tables-list.json
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://xn--80aafaongc8bexciei0t.xn--p1ai/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://xn--80aafaongc8bexciei0t.xn--p1ai/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.7.4 identified (Outdated, released on 2025-09-30).
| Found By: Rss Generator (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/feed/, <generator>https://wordpress.org/?v=6.7.4</generator>
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/comments/feed/, <generator>https://wordpress.org/?v=6.7.4</generator>

[+] WordPress theme in use: astra
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/themes/astra/
| Last Updated: 2025-10-07T00:00:00.000Z
| Readme: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/themes/astra/readme.txt
| [!] The version is out of date, the latest version is 4.11.13
| Style URL: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/themes/astra/style.css
| Style Name: Astra
| Style URI: https://wpastra.com/
| Description: Astra is fast, fully customizable & beautiful WordPress theme suitable for blog, personal portfolio,...
| Author: Brainstorm Force
| Author URI: https://wpastra.com/about/?utm_source=theme_preview&utm_medium=author_link&utm_campaign=astra_theme
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.8.7 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/themes/astra/style.css, Match: 'Version: 4.8.7'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] chaty
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/chaty/
| Last Updated: 2025-10-06T05:49:00.000Z
| [!] The version is out of date, the latest version is 3.4.8
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.3.3 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/chaty/readme.txt

[+] contact-form-7
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/contact-form-7/
| Last Updated: 2025-09-30T02:16:00.000Z
| [!] The version is out of date, the latest version is 6.1.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
|  Urls In 404 Page (Passive Detection)
|  Hidden Input (Passive Detection)
|
| Version: 6.0.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=6.0.1
| Confirmed By:
|  Hidden Input (Passive Detection)
|   - https://xn--80aafaongc8bexciei0t.xn--p1ai/, Match: '6.0.1'
|  Readme - Stable Tag (Aggressive Detection)
|   - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/contact-form-7/readme.txt

[+] elementor
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/
| Last Updated: 2025-10-05T13:55:00.000Z
| [!] The version is out of date, the latest version is 3.32.4
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.25.11 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.25.11
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.11
| Confirmed By:
|  Readme - Stable Tag (Aggressive Detection)
|   - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/readme.txt
|  Readme - ChangeLog Section (Aggressive Detection)
|   - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/readme.txt

[+] elementor-pro
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.23.1 (90% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.23.1
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.23.1
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.23.1
| Confirmed By: Change Log (Aggressive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/changelog.txt, Match: '#### 3.23.1 -'

[+] header-footer-elementor
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/header-footer-elementor/
| Last Updated: 2025-09-19T07:30:00.000Z
| [!] The version is out of date, the latest version is 2.5.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.0.3 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/header-footer-elementor/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/header-footer-elementor/readme.txt

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Tue Oct 14 07:35:40 2025
[+] Requests Done: 2
[+] Cached Requests: 51
[+] Data Sent: 700 B
[+] Data Received: 122.127 KB
[+] Memory used: 269.621 MB
[+] Elapsed time: 00:00:19

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://xn--80aafaongc8bexciei0t.xn--p1ai/ [46.254.18.79]
[+] Started: Tue Oct 14 07:31:02 2025

[!] Task timed out and was killed inside container.
Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - Server: nginx/1.20.2
|  - X-Powered-By: PHP/7.4.28
|  - WPO-Cache-Status: cached
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://xn--80aafaongc8bexciei0t.xn--p1ai/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
|  - /wp-content/uploads/wpo/wpo-plugins-tables-list.json
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://xn--80aafaongc8bexciei0t.xn--p1ai/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://xn--80aafaongc8bexciei0t.xn--p1ai/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.7.4 identified (Outdated, released on 2025-09-30).
| Found By: Rss Generator (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/feed/, <generator>https://wordpress.org/?v=6.7.4</generator>
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/comments/feed/, <generator>https://wordpress.org/?v=6.7.4</generator>

[+] WordPress theme in use: astra
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/themes/astra/
| Last Updated: 2025-10-07T00:00:00.000Z
| Readme: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/themes/astra/readme.txt
| [!] The version is out of date, the latest version is 4.11.13
| Style URL: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/themes/astra/style.css
| Style Name: Astra
| Style URI: https://wpastra.com/
| Description: Astra is fast, fully customizable & beautiful WordPress theme suitable for blog, personal portfolio,...
| Author: Brainstorm Force
| Author URI: https://wpastra.com/about/?utm_source=theme_preview&utm_medium=author_link&utm_campaign=astra_theme
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.8.7 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/themes/astra/style.css, Match: 'Version: 4.8.7'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] chaty
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/chaty/
| Last Updated: 2025-10-06T05:49:00.000Z
| [!] The version is out of date, the latest version is 3.4.8
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.3.3 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/chaty/readme.txt

[+] contact-form-7
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/contact-form-7/
| Last Updated: 2025-09-30T02:16:00.000Z
| [!] The version is out of date, the latest version is 6.1.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
|  Urls In 404 Page (Passive Detection)
|  Hidden Input (Passive Detection)
|
| Version: 6.0.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=6.0.1
| Confirmed By:
|  Hidden Input (Passive Detection)
|   - https://xn--80aafaongc8bexciei0t.xn--p1ai/, Match: '6.0.1'
|  Readme - Stable Tag (Aggressive Detection)
|   - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/contact-form-7/readme.txt

[+] elementor
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/
| Last Updated: 2025-10-05T13:55:00.000Z
| [!] The version is out of date, the latest version is 3.32.4
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.25.11 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.25.11
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.11
| Confirmed By:
|  Readme - Stable Tag (Aggressive Detection)
|   - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/readme.txt
|  Readme - ChangeLog Section (Aggressive Detection)
|   - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor/readme.txt

[+] elementor-pro
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.23.1 (90% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.23.1
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.23.1
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.23.1
| Confirmed By: Change Log (Aggressive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/elementor-pro/changelog.txt, Match: '#### 3.23.1 -'

[+] header-footer-elementor
| Location: https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/header-footer-elementor/
| Last Updated: 2025-09-19T07:30:00.000Z
| [!] The version is out of date, the latest version is 2.5.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.0.3 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/header-footer-elementor/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://xn--80aafaongc8bexciei0t.xn--p1ai/wp-content/plugins/header-footer-elementor/readme.txt

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Tue Oct 14 07:34:48 2025
[+] Requests Done: 46
[+] Cached Requests: 7
[+] Data Sent: 14.559 KB
[+] Data Received: 887.617 KB
[+] Memory used: 269.445 MB
[+] Elapsed time: 00:03:46

Read proxies.yaml from /etc/theHarvester/proxies.yaml
*******************************************************************
*  _   _                                            _             *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __|  _ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 4.8.2                                              *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* [email protected]                                   *
*                                                                 *
*******************************************************************

[*] No IPs found.

[*] No emails found.

[*] No people found.

[*] No hosts found.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

One of the following options is required: --url, --update, --help, --hh, --version

Please use --help/-h for the list of available options.

Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-09 08:19 UTC
Nmap scan report for metrostroy.com (77.244.216.3)
Host is up (0.13s latency).
Not shown: 89 filtered tcp ports (no-response), 8 filtered tcp ports (host-prohibited)
PORT    STATE SERVICE  VERSION
21/tcp  open  ftp      vsftpd 3.0.2
80/tcp  open  http     nginx 1.24.0
|_http-server-header: nginx/1.24.0
|_http-title: Did not follow redirect to https://www.metrostroy.ru/
443/tcp open  ssl/http nginx 1.24.0
|_http-server-header: nginx/1.24.0
|_http-title: Did not follow redirect to https://www.metrostroy.ru/
| ssl-cert: Subject: commonName=metrostroy.com
| Subject Alternative Name: DNS:metrostroy.com, DNS:metrostroy.ru, DNS:www.metrostroy.com, DNS:www.metrostroy.ru
| Not valid before: 2025-08-21T18:23:57
|_Not valid after:  2025-11-19T18:23:56
|_ssl-date: TLS randomness does not represent time
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 3.10 - 4.11 (97%), Linux 3.2 - 4.14 (97%), Linux 5.1 - 5.15 (97%), Linux 3.13 - 4.4 (91%), Linux 3.16 - 4.6 (91%), Linux 3.8 - 3.16 (91%), Linux 4.10 (91%), Linux 4.4 (91%), OpenWrt 19.07 (Linux 4.14) (91%), Linux 2.6.32 (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops
Service Info: OS: Unix

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   0.02 ms   172.17.0.1
2   132.17 ms 64.233.175.122
3   133.07 ms 74.125.244.134
4   128.29 ms 92.53.93.152
5   128.66 ms 92.53.93.34
6   128.88 ms 77.244.216.3

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 28.07 seconds

Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-09 08:15 UTC
Failed to resolve "\-A".
Nmap scan report for metrostroy.com (77.244.216.3)
Host is up (0.13s latency).
Not shown: 89 filtered tcp ports (no-response), 8 filtered tcp ports (host-prohibited)
PORT    STATE SERVICE
21/tcp  open  ftp
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 3.29 seconds

Read proxies.yaml from /etc/theHarvester/proxies.yaml
*******************************************************************
*  _   _                                            _             *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __|  _ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 4.8.2                                              *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* [email protected]                                   *
*                                                                 *
*******************************************************************

[*] No IPs found.

[*] No emails found.

[*] No people found.

[*] No hosts found.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://c-ens.by/ [31.130.202.240]
[+] Started: Sun Sep 28 19:37:44 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx/1.20.2
|  - x-powered-by: PHP/7.4.33
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://c-ens.by/robots.txt
| Interesting Entries:
|  - /wp-admin

|  - /wp-includes

|  - /wp-content/plugins

|  - /wp-content/cache

|  - /wp-json/

|  - /xmlrpc.php

|  - /readme.html

|  - /*?

|  - /?s=

|  - /chart #

|  - /*account/

|  - /*node

|  - /*tag

|  - /*content

|  - /*vavya

|  - /*calendar

|  - /*fdsasa

|  - /*ttttt

|  - /*dsfsfs

|  - /*sdfsdfsd

|  - /*agencies

|  - /*analitycs

|  - /*test

|  - /*%

|  - /*href

|  - /*pvpvvpv

|  - /*+

|  - /*tracker

|  - /*_kvartira

|  - *term

|  - *apapv

|  - *rshlold

|  - *accountn

|  - *auth

|  - /*.css

|  - /*.js

|  - /wp-content/themes/

|  - /wp-content/uploads/

| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://c-ens.by/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://c-ens.by/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] This site has 'Must Use Plugins': https://c-ens.by/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] The external WP-Cron seems to be enabled: https://c-ens.by/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Aggressive Detection)
|  - https://c-ens.by/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://c-ens.by/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[+] WordPress theme in use: c-ens
| Location: https://c-ens.by/wp-content/themes/c-ens/
| Style URL: https://c-ens.by/wp-content/themes/c-ens/style.css
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] *
| Location: https://c-ens.by/wp-content/plugins/*/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] easy-fancybox
| Location: https://c-ens.by/wp-content/plugins/easy-fancybox/
| Latest Version: 2.3.17 (up to date)
| Last Updated: 2025-06-13T19:21:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.3.17 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://c-ens.by/wp-content/plugins/easy-fancybox/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:01:21
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:39
Checking Config Backups - Time: 00:00:00 <    > (4 / 137)  2.91%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:00 <    > (6 / 137)  4.37%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:00 <    > (7 / 137)  5.10%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:00 <    > (9 / 137)  6.56%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:00 <   > (11 / 137)  8.02%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:00 <   > (12 / 137)  8.75%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:00 <   > (14 / 137) 10.21%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (16 / 137) 11.67%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (18 / 137) 13.13%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:01 <   > (20 / 137) 14.59%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:01 <   > (21 / 137) 15.32%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:01 <   > (23 / 137) 16.78%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:01 <   > (25 / 137) 18.24%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (28 / 137) 20.43%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (30 / 137) 21.89%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (33 / 137) 24.08%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (35 / 137) 25.54%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (36 / 137) 26.27%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (38 / 137) 27.73%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (40 / 137) 29.19%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (41 / 137) 29.92%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (44 / 137) 32.11%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (45 / 137) 32.84%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <   > (46 / 137) 33.57%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <=  > (49 / 137) 35.76%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (50 / 137) 36.49%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (51 / 137) 37.22%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (54 / 137) 39.41%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (55 / 137) 40.14%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (56 / 137) 40.87%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (60 / 137) 43.79%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (65 / 137) 47.44%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (66 / 137) 48.17%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (70 / 137) 51.09%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (71 / 137) 51.82%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (75 / 137) 54.74%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (76 / 137) 55.47%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (80 / 137) 58.39%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (85 / 137) 62.04%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (90 / 137) 65.69%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (91 / 137) 66.42%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (95 / 137) 69.34%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <== > (96 / 137) 70.07%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (100 / 137) 72.99%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (101 / 137) 73.72%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (105 / 137) 76.64%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (110 / 137) 80.29%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (115 / 137) 83.94%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (120 / 137) 87.59%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (125 / 137) 91.24%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:03 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <=> (137 / 137) 100.00% Time: 00:00:04

[i] No Config Backups Found.

[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 4
| Requests Remaining: 21

[+] Finished: Sun Sep 28 19:37:58 2025
[+] Requests Done: 145
[+] Cached Requests: 50
[+] Data Sent: 35.566 KB
[+] Data Received: 127.482 KB
[+] Memory used: 270.305 MB
[+] Elapsed time: 00:00:13

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://c-ens.by/ [31.130.202.240]
[+] Started: Sun Sep 28 19:35:25 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx/1.20.2
|  - x-powered-by: PHP/7.4.33
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://c-ens.by/robots.txt
| Interesting Entries:
|  - /wp-admin

|  - /wp-includes

|  - /wp-content/plugins

|  - /wp-content/cache

|  - /wp-json/

|  - /xmlrpc.php

|  - /readme.html

|  - /*?

|  - /?s=

|  - /chart #

|  - /*account/

|  - /*node

|  - /*tag

|  - /*content

|  - /*vavya

|  - /*calendar

|  - /*fdsasa

|  - /*ttttt

|  - /*dsfsfs

|  - /*sdfsdfsd

|  - /*agencies

|  - /*analitycs

|  - /*test

|  - /*%

|  - /*href

|  - /*pvpvvpv

|  - /*+

|  - /*tracker

|  - /*_kvartira

|  - *term

|  - *apapv

|  - *rshlold

|  - *accountn

|  - *auth

|  - /*.css

|  - /*.js

|  - /wp-content/themes/

|  - /wp-content/uploads/

| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://c-ens.by/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://c-ens.by/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] This site has 'Must Use Plugins': https://c-ens.by/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] The external WP-Cron seems to be enabled: https://c-ens.by/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Aggressive Detection)
|  - https://c-ens.by/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://c-ens.by/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[+] WordPress theme in use: c-ens
| Location: https://c-ens.by/wp-content/themes/c-ens/
| Style URL: https://c-ens.by/wp-content/themes/c-ens/style.css
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] Enumerating Vulnerable Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] No plugins Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Sun Sep 28 19:35:50 2025
[+] Requests Done: 45
[+] Cached Requests: 7
[+] Data Sent: 11.175 KB
[+] Data Received: 722.019 KB
[+] Memory used: 267.91 MB
[+] Elapsed time: 00:00:25