Activity Log

Starting Nmap 7.95 ( https://nmap.org ) at 2025-11-05 21:11 UTC
Found no matches for the service mask 'civilavia.ru' and your specified protocols
QUITTING!

Starting Nmap 7.95 ( https://nmap.org ) at 2025-11-05 10:55 UTC
Nmap scan report for 188.128.56.48
Host is up.

PORT    STATE    SERVICE
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds

Starting Nmap 7.95 ( https://nmap.org ) at 2025-11-05 10:55 UTC
Nmap scan report for 188.128.56.48
Host is up.

PORT   STATE    SERVICE
80/tcp filtered http

Nmap done: 1 IP address (1 host up) scanned in 4.83 seconds

Starting Nmap 7.95 ( https://nmap.org ) at 2025-11-05 10:55 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.10 seconds

Querying RapidDNS for cyber-ed.ru subdomains
Querying DNSSpy for cyber-ed.ru subdomains
Querying GrepApp for cyber-ed.ru subdomains
Querying Riddler for cyber-ed.ru subdomains
Querying AbuseIPDB for cyber-ed.ru subdomains
Querying Arquivo for cyber-ed.ru subdomains
Querying CertSpotter for cyber-ed.ru subdomains
Querying DNSDumpster for cyber-ed.ru subdomains
Querying Gists for cyber-ed.ru subdomains
Querying Sublist3rAPI for cyber-ed.ru subdomains
Querying Wayback for cyber-ed.ru subdomains
Querying Brute Forcing for cyber-ed.ru subdomains
Querying Mnemonic for cyber-ed.ru subdomains
Querying SiteDossier for cyber-ed.ru subdomains
Querying Baidu for cyber-ed.ru subdomains
Querying DuckDuckGo for cyber-ed.ru subdomains
Querying HackerOne for cyber-ed.ru subdomains
Querying Active Crawl for cyber-ed.ru subdomains
Querying AlienVault for cyber-ed.ru subdomains
Querying Crtsh for cyber-ed.ru subdomains
Querying SubdomainCenter for cyber-ed.ru subdomains
Querying Active DNS for cyber-ed.ru subdomains
Querying Bing for cyber-ed.ru subdomains
Querying DNSHistory for cyber-ed.ru subdomains
Querying Yahoo for cyber-ed.ru subdomains
Querying ThreatMiner for cyber-ed.ru subdomains
Querying URLScan for cyber-ed.ru subdomains
Querying UKWebArchive for cyber-ed.ru subdomains
Querying DNS SRV for cyber-ed.ru subdomains
Querying Searchcode for cyber-ed.ru subdomains
Querying HackerTarget for cyber-ed.ru subdomains
Querying Google for cyber-ed.ru subdomains
Querying Pulsedive for cyber-ed.ru subdomains
Querying Synapsint for cyber-ed.ru subdomains
Querying Ask for cyber-ed.ru subdomains
Querying CommonCrawl for cyber-ed.ru subdomains
Querying HyperStat for cyber-ed.ru subdomains
Querying Digitorus for cyber-ed.ru subdomains
Querying Searx for cyber-ed.ru subdomains
Querying PKey for cyber-ed.ru subdomains
Querying Maltiverse for cyber-ed.ru subdomains
Querying HAW for cyber-ed.ru subdomains
Querying AnubisDB for cyber-ed.ru subdomains
Querying Greynoise for cyber-ed.ru subdomains
Querying LeakIX for cyber-ed.ru subdomains
cyber-ed.ru (FQDN) --> mx_record --> mx.yandex.net (FQDN)
cyber-ed.ru (FQDN) --> ns_record --> ns1.reg.ru (FQDN)
cyber-ed.ru (FQDN) --> ns_record --> ns2.reg.ru (FQDN)
mx.yandex.net (FQDN) --> a_record --> 77.88.21.249 (IPAddress)
mx.yandex.net (FQDN) --> aaaa_record --> 2a02:6b8::311 (IPAddress)
qr-api.cyber-ed.ru (FQDN) --> a_record --> 77.232.138.186 (IPAddress)
devsec.cyber-ed.ru (FQDN) --> a_record --> 176.57.64.213 (IPAddress)
one-task.cyber-ed.ru (FQDN) --> a_record --> 82.97.253.70 (IPAddress)
learn.cyber-ed.ru (FQDN) --> a_record --> 83.147.247.185 (IPAddress)
uploader.cyber-ed.ru (FQDN) --> a_record --> 178.154.245.151 (IPAddress)
labs.cyber-ed.ru (FQDN) --> a_record --> 82.97.253.70 (IPAddress)
step.cyber-ed.ru (FQDN) --> a_record --> 92.53.96.167 (IPAddress)
77.232.128.0/20 (Netblock) --> contains --> 77.232.138.186 (IPAddress)
176.57.64.0/22 (Netblock) --> contains --> 176.57.64.213 (IPAddress)
82.97.248.0/21 (Netblock) --> contains --> 82.97.253.70 (IPAddress)
83.147.244.0/22 (Netblock) --> contains --> 83.147.247.185 (IPAddress)
42145 (ASN) --> managed_by --> BSTV-AS (RIROrganization)
42145 (ASN) --> announces --> 77.232.128.0/20 (Netblock)
47959 (ASN) --> managed_by --> TELINEA (RIROrganization)
47959 (ASN) --> announces --> 176.57.64.0/22 (Netblock)
58224 (ASN) --> managed_by --> TCI (RIROrganization)
58224 (ASN) --> announces --> 82.97.248.0/21 (Netblock)
1239 (ASN) --> managed_by --> SPRINTLINK - Sprint (RIROrganization)
1239 (ASN) --> announces --> 83.147.244.0/22 (Netblock)
exam.cyber-ed.ru (FQDN) --> a_record --> 92.118.113.131 (IPAddress)
openday.cyber-ed.ru (FQDN) --> a_record --> 176.57.64.26 (IPAddress)
qr-admin.cyber-ed.ru (FQDN) --> a_record --> 77.232.138.186 (IPAddress)
monitoring.cyber-ed.ru (FQDN) --> a_record --> 212.113.122.160 (IPAddress)
test.cyber-ed.ru (FQDN) --> a_record --> 185.215.4.43 (IPAddress)
aw.cyber-ed.ru (FQDN) --> a_record --> 84.201.134.36 (IPAddress)
itpentest.cyber-ed.ru (FQDN) --> a_record --> 176.57.64.212 (IPAddress)
176.57.64.0/22 (Netblock) --> contains --> 176.57.64.26 (IPAddress)
2a02:6b8::/46 (Netblock) --> contains --> 2a02:6b8::311 (IPAddress)
92.53.96.0/22 (Netblock) --> contains --> 92.53.96.167 (IPAddress)
92.118.113.0/24 (Netblock) --> contains --> 92.118.113.131 (IPAddress)
178.154.245.0/24 (Netblock) --> contains --> 178.154.245.151 (IPAddress)
185.215.4.0/24 (Netblock) --> contains --> 185.215.4.43 (IPAddress)
84.201.128.0/18 (Netblock) --> contains --> 84.201.134.36 (IPAddress)
208722 (ASN) --> managed_by --> AS208722 (RIROrganization)
208722 (ASN) --> announces --> 2a02:6b8::/46 (Netblock)
9123 (ASN) --> managed_by --> TIMEWEB-AS (RIROrganization)
9123 (ASN) --> announces --> 92.53.96.0/22 (Netblock)
202423 (ASN) --> managed_by --> MGNHOST-AS (RIROrganization)
202423 (ASN) --> announces --> 92.118.113.0/24 (Netblock)
200350 (ASN) --> managed_by --> YANDEXCLOUD, RU (RIROrganization)
200350 (ASN) --> announces --> 178.154.245.0/24 (Netblock)
200350 (ASN) --> announces --> 84.201.128.0/18 (Netblock)
57724 (ASN) --> managed_by --> DDOS-GUARD (RIROrganization)
57724 (ASN) --> announces --> 185.215.4.0/24 (Netblock)
cyber-ed.ru (FQDN) --> a_record --> 178.154.245.151 (IPAddress)
sec-infra.cyber-ed.ru (FQDN) --> a_record --> 84.54.44.31 (IPAddress)
gitlab.cyber-ed.ru (FQDN) --> a_record --> 51.250.66.168 (IPAddress)
briefs.cyber-ed.ru (FQDN) --> a_record --> 217.25.89.213 (IPAddress)
176.57.64.0/22 (Netblock) --> contains --> 176.57.64.212 (IPAddress)
77.88.0.0/18 (Netblock) --> contains --> 77.88.21.249 (IPAddress)
212.113.122.0/24 (Netblock) --> contains --> 212.113.122.160 (IPAddress)
84.54.44.0/23 (Netblock) --> contains --> 84.54.44.31 (IPAddress)
9123 (ASN) --> managed_by --> TIMEWEB-AS, RU (RIROrganization)
9123 (ASN) --> announces --> 212.113.122.0/24 (Netblock)
13238 (ASN) --> managed_by --> YANDEX, RU (RIROrganization)
13238 (ASN) --> announces --> 77.88.0.0/18 (Netblock)
58024 (ASN) --> managed_by --> DZINET-AS (RIROrganization)
58024 (ASN) --> announces --> 84.54.44.0/23 (Netblock)
ns2.reg.ru (FQDN) --> a_record --> 194.58.117.16 (IPAddress)
ns2.reg.ru (FQDN) --> a_record --> 176.99.13.18 (IPAddress)
ns2.reg.ru (FQDN) --> a_record --> 176.99.13.12 (IPAddress)
ns2.reg.ru (FQDN) --> a_record --> 176.99.13.14 (IPAddress)
ns2.reg.ru (FQDN) --> a_record --> 176.99.13.16 (IPAddress)
ns2.reg.ru (FQDN) --> a_record --> 194.58.117.12 (IPAddress)
ns2.reg.ru (FQDN) --> a_record --> 194.58.117.14 (IPAddress)
ns2.reg.ru (FQDN) --> a_record --> 194.58.117.18 (IPAddress)
ns2.reg.ru (FQDN) --> aaaa_record --> 2a00:f940:9::1:2 (IPAddress)
ns2.reg.ru (FQDN) --> aaaa_record --> 2a00:f940:9::2:2 (IPAddress)
vault.cyber-ed.ru (FQDN) --> a_record --> 89.169.136.195 (IPAddress)
51.250.0.0/17 (Netblock) --> contains --> 51.250.66.168 (IPAddress)
200350 (ASN) --> announces --> 51.250.0.0/17 (Netblock)
qr-front.cyber-ed.ru (FQDN) --> a_record --> 77.232.138.186 (IPAddress)
lms-test.cyber-ed.ru (FQDN) --> a_record --> 217.25.93.155 (IPAddress)
194.58.117.0/24 (Netblock) --> contains --> 194.58.117.14 (IPAddress)
194.58.117.0/24 (Netblock) --> contains --> 194.58.117.18 (IPAddress)
194.58.117.0/24 (Netblock) --> contains --> 194.58.117.16 (IPAddress)
89.169.128.0/18 (Netblock) --> contains --> 89.169.136.195 (IPAddress)
217.25.92.0/23 (Netblock) --> contains --> 217.25.93.155 (IPAddress)
9123 (ASN) --> announces --> 217.25.88.0/23 (Netblock)
9123 (ASN) --> announces --> 217.25.92.0/23 (Netblock)
197695 (ASN) --> managed_by --> AS-REG, RU (RIROrganization)
197695 (ASN) --> announces --> 194.58.117.0/24 (Netblock)
0 (ASN) --> managed_by --> Not routed (RIROrganization)
0 (ASN) --> announces --> 89.169.128.0/18 (Netblock)
www.cyber-ed.ru (FQDN) --> a_record --> 178.154.245.151 (IPAddress)
194.58.117.0/24 (Netblock) --> contains --> 194.58.117.12 (IPAddress)
176.99.13.0/24 (Netblock) --> contains --> 176.99.13.18 (IPAddress)
176.99.13.0/24 (Netblock) --> contains --> 176.99.13.16 (IPAddress)
176.99.13.0/24 (Netblock) --> contains --> 176.99.13.14 (IPAddress)
176.99.13.0/24 (Netblock) --> contains --> 176.99.13.12 (IPAddress)
2a00:f940:9::/48 (Netblock) --> contains --> 2a00:f940:9::2:2 (IPAddress)
2a00:f940:9::/48 (Netblock) --> contains --> 2a00:f940:9::1:2 (IPAddress)
197695 (ASN) --> announces --> 176.99.13.0/24 (Netblock)
197695 (ASN) --> announces --> 2a00:f940:9::/48 (Netblock)
web.cyber-ed.ru (FQDN) --> a_record --> 176.57.64.213 (IPAddress)
[!] Task timed out and was killed inside container.
blue.cyber-ed.ru (FQDN) --> a_record --> 176.57.64.213 (IPAddress)

The enumeration has finished

Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-28 10:12 UTC
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.03 seconds

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 47.77.4.100, 47.77.67.38
+ Target IP:          47.77.4.100
+ Target Hostname:    chat.qwen.ai
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /C=CN/ST=\xE6\xB5\x99\xE6\xB1\x9F\xE7\x9C\x81/L=\xE6\x9D\xAD\xE5\xB7\x9E\xE5\xB8\x82/O=\xE9\x98\xBF\xE9\x87\x8C\xE5\xB7\xB4\xE5\xB7\xB4\xEF\xBC\x88\xE4\xB8\xAD\xE5\x9B\xBD\xEF\xBC\x89\xE7\xBD\x91\xE7\xBB\x9C\xE6\x8A\x80\xE6\x9C\xAF\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8/CN=qwen.ai
Altnames: qwen.ai, *.qwen.ai
Ciphers:  TLS_AES_128_GCM_SHA256
Issuer:   /C=BE/O=GlobalSign nv-sa/CN=GlobalSign RSA OV SSL CA 2018
+ Start Time:         2025-10-21 23:21:24 (GMT0)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ /: Uncommon header 'x-request-id' found, with contents: 62806a31-452b-4ca1-947f-8439793d91f6.
+ /: Uncommon header 'ga-ap' found, with contents: na-vancouver-pop.
+ /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /: Cookie acw_tc created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie x-ap created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie x-ap created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /Lo3nKUCw.htaccess~: Uncommon header 'bxpunish' found, with contents: 1.
[!] Task timed out and was killed inside container.

- Nikto v2.5.0
---------------------------------------------------------------------------
+ ERROR: No host (-host) specified

Options:
-ask+               Whether to ask about submitting updates
yes   Ask about each (default)
no    Don't ask, don't send
auto  Don't ask, just send
-check6             Check if IPv6 is working (connects to ipv6.google.com or value set in nikto.conf)
-Cgidirs+           Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
-config+            Use this config file
-Display+           Turn on/off display outputs:
1     Show redirects
2     Show cookies received
3     Show all 200/OK responses
4     Show URLs which require authentication
D     Debug output
E     Display all HTTP errors
P     Print progress to STDOUT
S     Scrub output of IPs and hostnames
V     Verbose output
-dbcheck           Check database and other key files for syntax errors
-evasion+          Encoding technique:
1     Random URI encoding (non-UTF8)
2     Directory self-reference (/./)
3     Premature URL ending
4     Prepend long random string
5     Fake parameter
6     TAB as request spacer
7     Change the case of the URL
8     Use Windows directory separator (\)
A     Use a carriage return (0x0d) as a request spacer
B     Use binary value 0x0b as a request spacer
-followredirects   Follow 3xx redirects to new location
-Format+           Save file (-o) format:
csv   Comma-separated-value
json  JSON Format
htm   HTML Format
nbe   Nessus NBE format
sql   Generic SQL (see docs for schema)
txt   Plain text
xml   XML Format
(if not specified the format will be taken from the file extension passed to -output)
-Help              This help information
-host+             Target host/URL
-id+               Host authentication to use, format is id:pass or id:pass:realm
-ipv4                 IPv4 Only
-ipv6                 IPv6 Only
-key+              Client certificate key file
-list-plugins      List all available plugins, perform no testing
-maxtime+          Maximum testing time per host (e.g., 1h, 60m, 3600s)
-mutate+           Guess additional file names:
-mutate-options    Provide information for mutates
-nointeractive     Disables interactive features
-nolookup          Disables DNS lookups
-nossl             Disables the use of SSL
-noslash           Strip trailing slash from URL (e.g., '/admin/' to '/admin')
-no404             Disables nikto attempting to guess a 404 page
-Option            Over-ride an option in nikto.conf, can be issued multiple times
-output+           Write output to this file ('.' for auto-name)
-Pause+            Pause between tests (seconds)
-Plugins+          List of plugins to run (default: ALL)
-port+             Port to use (default 80)
-RSAcert+          Client certificate file
-root+             Prepend root value to all requests, format is /directory
-Save              Save positive responses to this directory ('.' for auto-name)
-ssl               Force ssl mode on port
-Tuning+           Scan tuning:
1     Interesting File / Seen in logs
2     Misconfiguration / Default File
3     Information Disclosure
4     Injection (XSS/Script/HTML)
5     Remote File Retrieval - Inside Web Root
6     Denial of Service
7     Remote File Retrieval - Server Wide
8     Command Execution / Remote Shell
9     SQL Injection
0     File Upload
a     Authentication Bypass
b     Software Identification
c     Remote Source Inclusion
d     WebService
e     Administrative Console
x     Reverse Tuning Options (i.e., include all except specified)
-timeout+          Timeout for requests (default 10 seconds)
-Userdbs           Load only user databases, not the standard databases
all   Disable standard dbs and load only user dbs
tests Disable only db_tests and load udb_tests
-useragent         Over-rides the default useragent
-until             Run until the specified time or duration
-url+              Target host/URL (alias of -host)
-usecookies        Use cookies from responses in future requests
-useproxy          Use the proxy defined in nikto.conf, or argument http://server:port
-Version           Print plugin and database versions
-vhost+            Virtual host (for Host header)
-404code           Ignore these HTTP codes as negative responses (always). Format is "302,301".
-404string         Ignore this string in response body content as negative response (always). Can be a regular expression.
+ requires a value

- Nikto v2.5.0
---------------------------------------------------------------------------
+ ERROR: No host (-host) specified

Options:
-ask+               Whether to ask about submitting updates
yes   Ask about each (default)
no    Don't ask, don't send
auto  Don't ask, just send
-check6             Check if IPv6 is working (connects to ipv6.google.com or value set in nikto.conf)
-Cgidirs+           Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
-config+            Use this config file
-Display+           Turn on/off display outputs:
1     Show redirects
2     Show cookies received
3     Show all 200/OK responses
4     Show URLs which require authentication
D     Debug output
E     Display all HTTP errors
P     Print progress to STDOUT
S     Scrub output of IPs and hostnames
V     Verbose output
-dbcheck           Check database and other key files for syntax errors
-evasion+          Encoding technique:
1     Random URI encoding (non-UTF8)
2     Directory self-reference (/./)
3     Premature URL ending
4     Prepend long random string
5     Fake parameter
6     TAB as request spacer
7     Change the case of the URL
8     Use Windows directory separator (\)
A     Use a carriage return (0x0d) as a request spacer
B     Use binary value 0x0b as a request spacer
-followredirects   Follow 3xx redirects to new location
-Format+           Save file (-o) format:
csv   Comma-separated-value
json  JSON Format
htm   HTML Format
nbe   Nessus NBE format
sql   Generic SQL (see docs for schema)
txt   Plain text
xml   XML Format
(if not specified the format will be taken from the file extension passed to -output)
-Help              This help information
-host+             Target host/URL
-id+               Host authentication to use, format is id:pass or id:pass:realm
-ipv4                 IPv4 Only
-ipv6                 IPv6 Only
-key+              Client certificate key file
-list-plugins      List all available plugins, perform no testing
-maxtime+          Maximum testing time per host (e.g., 1h, 60m, 3600s)
-mutate+           Guess additional file names:
-mutate-options    Provide information for mutates
-nointeractive     Disables interactive features
-nolookup          Disables DNS lookups
-nossl             Disables the use of SSL
-noslash           Strip trailing slash from URL (e.g., '/admin/' to '/admin')
-no404             Disables nikto attempting to guess a 404 page
-Option            Over-ride an option in nikto.conf, can be issued multiple times
-output+           Write output to this file ('.' for auto-name)
-Pause+            Pause between tests (seconds)
-Plugins+          List of plugins to run (default: ALL)
-port+             Port to use (default 80)
-RSAcert+          Client certificate file
-root+             Prepend root value to all requests, format is /directory
-Save              Save positive responses to this directory ('.' for auto-name)
-ssl               Force ssl mode on port
-Tuning+           Scan tuning:
1     Interesting File / Seen in logs
2     Misconfiguration / Default File
3     Information Disclosure
4     Injection (XSS/Script/HTML)
5     Remote File Retrieval - Inside Web Root
6     Denial of Service
7     Remote File Retrieval - Server Wide
8     Command Execution / Remote Shell
9     SQL Injection
0     File Upload
a     Authentication Bypass
b     Software Identification
c     Remote Source Inclusion
d     WebService
e     Administrative Console
x     Reverse Tuning Options (i.e., include all except specified)
-timeout+          Timeout for requests (default 10 seconds)
-Userdbs           Load only user databases, not the standard databases
all   Disable standard dbs and load only user dbs
tests Disable only db_tests and load udb_tests
-useragent         Over-rides the default useragent
-until             Run until the specified time or duration
-url+              Target host/URL (alias of -host)
-usecookies        Use cookies from responses in future requests
-useproxy          Use the proxy defined in nikto.conf, or argument http://server:port
-Version           Print plugin and database versions
-vhost+            Virtual host (for Host header)
-404code           Ignore these HTTP codes as negative responses (always). Format is "302,301".
-404string         Ignore this string in response body content as negative response (always). Can be a regular expression.
+ requires a value

Read proxies.yaml from /etc/theHarvester/proxies.yaml
*******************************************************************
*  _   _                                            _             *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __|  _ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 4.8.2                                              *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* [email protected]                                   *
*                                                                 *
*******************************************************************
usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-p] [-s]
[--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t]
[-r [DNS_RESOLVE]] [-n] [-c] [-f FILENAME] [-w WORDLIST]
[-a] [-q] [-b SOURCE]
theHarvester: error: the following arguments are required: -d/--domain

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://zrdshop.ru/ [31.31.196.231]
[+] Started: Mon Oct 20 19:23:44 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx
|  - x-powered-by: PHP/8.0.30
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://zrdshop.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/

|  - /wp-content/uploads/woocommerce_transient_files/

|  - /wp-content/uploads/woocommerce_uploads/

|  - /wp-admin/

|  - /wp-admin/admin-ajax.php

| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] WordPress readme found: https://zrdshop.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://zrdshop.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.3 identified (Latest, released on 2025-09-30).
| Found By: Rss Generator (Passive Detection)
|  - https://zrdshop.ru/feed/, <generator>https://wordpress.org/?v=6.8.3</generator>
|  - https://zrdshop.ru/comments/feed/, <generator>https://wordpress.org/?v=6.8.3</generator>
|  - https://zrdshop.ru/glavnaya/feed/, <generator>https://wordpress.org/?v=6.8.3</generator>

[+] WordPress theme in use: savoy
| Location: https://zrdshop.ru/wp-content/themes/savoy/
| Last Updated: 2025-10-10T17:23:09.000Z
| [!] The version is out of date, the latest version is 3.1.01
| Style URL: https://zrdshop.ru/wp-content/themes/savoy/style.css?ver=2.8.1
| Style Name: Savoy
| Style URI: http://themeforest.net/item/savoy-minimalist-ajax-woocommerce-theme/12537825
| Description: Savoy - Modern AJAX enabled WooCommerce theme....
| Author: NordicMade
| Author URI: http://www.nordicmade.com
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 2.8.1 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://zrdshop.ru/wp-content/themes/savoy/style.css?ver=2.8.1, Match: 'Version: 2.8.1'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] *
| Location: https://zrdshop.ru/wp-content/plugins/*/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] elementor
| Location: https://zrdshop.ru/wp-content/plugins/elementor/
| Last Updated: 2025-10-05T13:55:00.000Z
| [!] The version is out of date, the latest version is 3.32.4
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.30.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://zrdshop.ru/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.30.1
|  - https://zrdshop.ru/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.30.1
| Confirmed By:
|  Readme - Stable Tag (Aggressive Detection)
|   - https://zrdshop.ru/wp-content/plugins/elementor/readme.txt
|  Readme - ChangeLog Section (Aggressive Detection)
|   - https://zrdshop.ru/wp-content/plugins/elementor/readme.txt

[+] elementor-pro
| Location: https://zrdshop.ru/wp-content/plugins/elementor-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.28.1 (80% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://zrdshop.ru/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.28.1
|  - https://zrdshop.ru/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.28.1
| Confirmed By: Change Log (Aggressive Detection)
|  - https://zrdshop.ru/wp-content/plugins/elementor-pro/changelog.txt, Match: '#### 3.28.1 -'

[+] nm-portfolio
| Location: https://zrdshop.ru/wp-content/plugins/nm-portfolio/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] nm-wishlist
| Location: https://zrdshop.ru/wp-content/plugins/nm-wishlist/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] woo-retailcrm
| Location: https://zrdshop.ru/wp-content/plugins/woo-retailcrm/
| Last Updated: 2025-10-17T09:18:00.000Z
| [!] The version is out of date, the latest version is 5.0.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.8.14 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://zrdshop.ru/wp-content/plugins/woo-retailcrm/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://zrdshop.ru/wp-content/plugins/woo-retailcrm/readme.txt

[+] woocommerce
| Location: https://zrdshop.ru/wp-content/plugins/woocommerce/
| Last Updated: 2025-09-29T13:50:00.000Z
| [!] The version is out of date, the latest version is 10.2.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
|  Urls In 404 Page (Passive Detection)
|  Meta Generator (Passive Detection)
|
| Version: 9.9.5 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://zrdshop.ru/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=9.9.5
|  - https://zrdshop.ru/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=9.9.5
| Confirmed By:
|  Meta Generator (Passive Detection)
|   - https://zrdshop.ru/, Match: 'WooCommerce 9.9.5'
|  Readme - ChangeLog Section (Aggressive Detection)
|   - https://zrdshop.ru/wp-content/plugins/woocommerce/readme.txt

[+] wp-yandex-metrika
| Location: https://zrdshop.ru/wp-content/plugins/wp-yandex-metrika/
| Last Updated: 2025-09-25T10:44:00.000Z
| [!] The version is out of date, the latest version is 1.2.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.2.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://zrdshop.ru/wp-content/plugins/wp-yandex-metrika/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://zrdshop.ru/wp-content/plugins/wp-yandex-metrika/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:01:05
Checking Config Backups - Time: 00:00:00 <    > (3 / 137)  2.18%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:00 <    > (5 / 137)  3.64%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:00 <    > (7 / 137)  5.10%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:00 <    > (8 / 137)  5.83%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:00 <   > (10 / 137)  7.29%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:01 <   > (11 / 137)  8.02%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:01 <   > (13 / 137)  9.48%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:01 <   > (14 / 137) 10.21%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:01 <   > (16 / 137) 11.67%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:01 <   > (17 / 137) 12.40%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:01 <   > (19 / 137) 13.86%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:01 <   > (20 / 137) 14.59%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:01 <   > (21 / 137) 15.32%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:01 <   > (23 / 137) 16.78%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:01 <   > (24 / 137) 17.51%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:01 <   > (25 / 137) 18.24%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:01 <   > (28 / 137) 20.43%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:01 <   > (30 / 137) 21.89%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:02 <   > (33 / 137) 24.08%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:02 <   > (35 / 137) 25.54%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:02 <   > (36 / 137) 26.27%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:02 <   > (38 / 137) 27.73%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:02 <   > (40 / 137) 29.19%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:02 <   > (41 / 137) 29.92%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (42 / 137) 30.65%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (43 / 137) 31.38%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (45 / 137) 32.84%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (46 / 137) 33.57%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <=  > (47 / 137) 34.30%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <=  > (48 / 137) 35.03%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <=  > (50 / 137) 36.49%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (51 / 137) 37.22%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (53 / 137) 38.68%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (55 / 137) 40.14%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (56 / 137) 40.87%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (57 / 137) 41.60%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (58 / 137) 42.33%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (60 / 137) 43.79%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (62 / 137) 45.25%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (63 / 137) 45.98%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (65 / 137) 47.44%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (66 / 137) 48.17%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (68 / 137) 49.63%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (70 / 137) 51.09%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (71 / 137) 51.82%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (73 / 137) 53.28%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (75 / 137) 54.74%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (76 / 137) 55.47%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (78 / 137) 56.93%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (80 / 137) 58.39%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (83 / 137) 60.58%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (85 / 137) 62.04%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (88 / 137) 64.23%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (90 / 137) 65.69%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (91 / 137) 66.42%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (93 / 137) 67.88%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (95 / 137) 69.34%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:04 <== > (96 / 137) 70.07%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:04 <= > (101 / 137) 73.72%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:04 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:05 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:05 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:05 <=> (137 / 137) 100.00% Time: 00:00:05

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Mon Oct 20 19:24:14 2025
[+] Requests Done: 203
[+] Cached Requests: 7
[+] Data Sent: 49.577 KB
[+] Data Received: 1.967 MB
[+] Memory used: 271.898 MB
[+] Elapsed time: 00:00:30

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://d-t-f.ru/ [45.130.41.86]
[+] Started: Sat Oct 18 10:43:55 2025

Interesting Finding(s):

[+] Headers
| Interesting Entry: server: nginx-reuseport/1.21.1
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://d-t-f.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
|  - /?s=
|  - /page/*/?s=
|  - /search/
|  - /wp-json/
|  - /?rest_route=
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] WordPress readme found: https://d-t-f.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] This site has 'Must Use Plugins': https://d-t-f.ru/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] The external WP-Cron seems to be enabled: https://d-t-f.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.3 identified (Latest, released on 2025-09-30).
| Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://d-t-f.ru/wp-includes/css/dashicons.min.css?ver=6.8.3
|  - https://d-t-f.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.8.3
| Confirmed By: Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://d-t-f.ru/wp-includes/js/wp-util.min.js?ver=6.8.3
|  - https://d-t-f.ru/wp-includes/js/wp-backbone.min.js?ver=6.8.3

[+] WordPress theme in use: buddyboss-theme
| Location: https://d-t-f.ru/wp-content/themes/buddyboss-theme/
| Readme: https://d-t-f.ru/wp-content/themes/buddyboss-theme/readme.txt
| Style URL: https://d-t-f.ru/wp-content/themes/buddyboss-theme/style.css
| Style Name: BuddyBoss Theme
| Style URI: https://www.buddyboss.com/
| Description: BuddyBoss Theme makes the BuddyBoss Platform look beautiful....
| Author: BuddyBoss
| Author URI: https://www.buddyboss.com/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.10.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://d-t-f.ru/wp-content/themes/buddyboss-theme/style.css, Match: 'Version:        2.10.0'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] *
| Location: https://d-t-f.ru/wp-content/plugins/*/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] buddyboss-platform
| Location: https://d-t-f.ru/wp-content/plugins/buddyboss-platform/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.14.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform/readme.txt

[+] buddyboss-platform-pro
| Location: https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.8.0 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/readme.txt

[+] buddypress-user-blog
| Location: https://d-t-f.ru/wp-content/plugins/buddypress-user-blog/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.3.5 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddypress-user-blog/readme.txt

[+] embed-pdf-viewer
| Location: https://d-t-f.ru/wp-content/plugins/embed-pdf-viewer/
| Latest Version: 2.4.6 (up to date)
| Last Updated: 2024-11-01T18:21:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.4.6 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/embed-pdf-viewer/readme.txt

[+] js_composer
| Location: https://d-t-f.ru/wp-content/plugins/js_composer/
| Last Updated: 2025-10-13T22:54:14.000Z
| [!] The version is out of date, the latest version is 8.7
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
|  Urls In 404 Page (Passive Detection)
|  Body Tag (Passive Detection)
|
| [!] 4 vulnerabilities identified:
|
| [!] Title: WPBakery Page Builder for WordPress < 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.6
|     References:
|      - https://wpscan.com/vulnerability/7a663b5f-5389-4525-8ad7-1ec2b70a09dc
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7502
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7c80143-c328-4cd1-95db-67de2edc058c
|
| [!] Title: WPBakery Page Builder < 8.7 - Stored Cross-Site Scripting via vc_custom_heading Shortcode
|     Fixed in: 8.7
|     References:
|      - https://wpscan.com/vulnerability/266c25ac-89e5-4fb1-8890-7b9075dc12d6
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11161
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/2772cade-c625-437a-b57b-ce8a2e3393bf
|
| [!] Title: WPBakery Page Builder < 8.7 - Stored Cross-Site Scripting via Custom JS Module
|     Fixed in: 8.7
|     References:
|      - https://wpscan.com/vulnerability/3f7ba5d6-4731-4d02-bb06-ea00fcffa875
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11160
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c42cc4e-34e7-4f14-b850-7ba5dd2ae099
|
| [!] Title: WPBakery Page Builder < 8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.7
|     References:
|      - https://wpscan.com/vulnerability/813fbabf-e900-4067-a85c-e4144ad5fb68
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10006
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7b12e5-0de7-45f4-84e0-083818912623
|
| Version: 8.5 (80% confidence)
| Found By: Body Tag (Passive Detection)
|  - https://d-t-f.ru/, Match: 'js-comp-ver-8.5'
| Confirmed By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=8.5
|  - https://d-t-f.ru/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=8.5

[+] pdfjs-viewer-shortcode
| Location: https://d-t-f.ru/wp-content/plugins/pdfjs-viewer-shortcode/
| Last Updated: 2025-07-30T14:27:00.000Z
| [!] The version is out of date, the latest version is 2.2.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.2.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/pdfjs-viewer-shortcode/readme.txt

[+] protected-video
| Location: https://d-t-f.ru/wp-content/plugins/protected-video/
| Latest Version: 1.11.6 (up to date)
| Last Updated: 2024-07-06T10:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.11.6 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/protected-video/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/protected-video/readme.txt

[+] related-products-manager-woocommerce
| Location: https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/
| Latest Version: 1.6.4 (up to date)
| Last Updated: 2025-07-23T11:26:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.6.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/readme.txt

[+] saphali-woocommerce-lite
| Location: https://d-t-f.ru/wp-content/plugins/saphali-woocommerce-lite/
| Latest Version: 2.0.1 (up to date)
| Last Updated: 2025-02-23T21:26:00.000Z
|
| Found By: Meta Tag (Passive Detection)
|
| Version: 2.0.1 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/saphali-woocommerce-lite/readme.txt

[+] simple-lightbox
| Location: https://d-t-f.ru/wp-content/plugins/simple-lightbox/
| Latest Version: 2.9.4 (up to date)
| Last Updated: 2025-04-21T22:37:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.9.4 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/simple-lightbox/client/css/app.css?ver=2.9.4
| Confirmed By:
|  Readme - Stable Tag (Aggressive Detection)
|   - https://d-t-f.ru/wp-content/plugins/simple-lightbox/readme.txt
|  Readme - ChangeLog Section (Aggressive Detection)
|   - https://d-t-f.ru/wp-content/plugins/simple-lightbox/readme.txt

[+] top-10
| Location: https://d-t-f.ru/wp-content/plugins/top-10/
| Latest Version: 4.1.1 (up to date)
| Last Updated: 2025-05-05T13:56:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.1.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/top-10/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/top-10/readme.txt

[+] tutor
| Location: https://d-t-f.ru/wp-content/plugins/tutor/
| Last Updated: 2025-09-30T10:26:00.000Z
| [!] The version is out of date, the latest version is 3.8.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Tutor LMS < 3.8.0 - Authenticated (Administrator+) SQL Injection
|     Fixed in: 3.8.0
|     References:
|      - https://wpscan.com/vulnerability/e28b3cbc-c60b-4b3c-bb96-f2fddffb7c41
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58993
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/91ca027c-0483-44de-b19e-243ccb2c7b31
|
| Version: 3.6.0 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/tutor/readme.txt

[+] tutor-pro
| Location: https://d-t-f.ru/wp-content/plugins/tutor-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Tutor LMS Pro – eLearning and online course solution < 3.7.1 - Authenticated (Tutor Instructor+) SQL Injection
|     Fixed in: 3.7.1
|     References:
|      - https://wpscan.com/vulnerability/8b62df50-3803-4dc3-8160-714adedbc38a
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6184
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b41d134-be9e-469f-b26b-ac30d95db0a3
|
| Version: 3.0.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/tutor-pro/readme.txt

[+] wc-frontend-manager
| Location: https://d-t-f.ru/wp-content/plugins/wc-frontend-manager/
| Latest Version: 6.7.21 (up to date)
| Last Updated: 2025-07-14T07:55:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 6.7.21 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wc-frontend-manager/readme.txt

[+] woocommerce
| Location: https://d-t-f.ru/wp-content/plugins/woocommerce/
| Last Updated: 2025-09-29T13:50:00.000Z
| [!] The version is out of date, the latest version is 10.2.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 10.2.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=10.2.1
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/readme.txt

[+] wordpress-seo-premium
| Location: https://d-t-f.ru/wp-content/plugins/wordpress-seo-premium/
| Last Updated: 2025-10-07T08:40:28.000Z
| [!] The version is out of date, the latest version is 26.1
|
| Found By: Comment (Passive Detection)
|
| Version: 25.4 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wordpress-seo-premium/readme.txt

[+] wpdiscuz
| Location: https://d-t-f.ru/wp-content/plugins/wpdiscuz/
| Latest Version: 7.6.34 (up to date)
| Last Updated: 2025-09-19T10:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 7.6.34 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wpdiscuz/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:01:09
Checking Config Backups - Time: 00:00:01 <    > (3 / 137)  2.18%  ETA: 00:00:49
Checking Config Backups - Time: 00:00:01 <    > (4 / 137)  2.91%  ETA: 00:00:39
Checking Config Backups - Time: 00:00:01 <    > (5 / 137)  3.64%  ETA: 00:00:31
Checking Config Backups - Time: 00:00:01 <    > (6 / 137)  4.37%  ETA: 00:00:37
Checking Config Backups - Time: 00:00:01 <    > (7 / 137)  5.10%  ETA: 00:00:33
Checking Config Backups - Time: 00:00:01 <    > (8 / 137)  5.83%  ETA: 00:00:29
Checking Config Backups - Time: 00:00:01 <    > (9 / 137)  6.56%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:02 <   > (10 / 137)  7.29%  ETA: 00:00:29
Checking Config Backups - Time: 00:00:02 <   > (11 / 137)  8.02%  ETA: 00:00:28
Checking Config Backups - Time: 00:00:02 <   > (12 / 137)  8.75%  ETA: 00:00:26
Checking Config Backups - Time: 00:00:02 <   > (13 / 137)  9.48%  ETA: 00:00:24
Checking Config Backups - Time: 00:00:02 <   > (14 / 137) 10.21%  ETA: 00:00:23
Checking Config Backups - Time: 00:00:02 <   > (15 / 137) 10.94%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:02 <   > (16 / 137) 11.67%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:02 <   > (17 / 137) 12.40%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:03 <   > (18 / 137) 13.13%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:03 <   > (20 / 137) 14.59%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (21 / 137) 15.32%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (22 / 137) 16.05%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (23 / 137) 16.78%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:04 <   > (24 / 137) 17.51%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:04 <   > (25 / 137) 18.24%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (26 / 137) 18.97%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (27 / 137) 19.70%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (28 / 137) 20.43%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (29 / 137) 21.16%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (30 / 137) 21.89%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (31 / 137) 22.62%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (32 / 137) 23.35%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (33 / 137) 24.08%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (34 / 137) 24.81%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (36 / 137) 26.27%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:05 <   > (37 / 137) 27.00%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (38 / 137) 27.73%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (39 / 137) 28.46%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (40 / 137) 29.19%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (41 / 137) 29.92%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (42 / 137) 30.65%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (43 / 137) 31.38%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:07 <   > (44 / 137) 32.11%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:07 <   > (45 / 137) 32.84%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (47 / 137) 34.30%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (48 / 137) 35.03%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (49 / 137) 35.76%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (50 / 137) 36.49%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:07 <=  > (51 / 137) 37.22%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:08 <=  > (52 / 137) 37.95%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:08 <=  > (53 / 137) 38.68%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:08 <=  > (54 / 137) 39.41%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:08 <=  > (56 / 137) 40.87%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:08 <=  > (57 / 137) 41.60%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:09 <=  > (58 / 137) 42.33%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:09 <=  > (60 / 137) 43.79%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:09 <=  > (62 / 137) 45.25%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:09 <=  > (63 / 137) 45.98%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:09 <=  > (65 / 137) 47.44%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (67 / 137) 48.90%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (68 / 137) 49.63%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (70 / 137) 51.09%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:09 <=  > (72 / 137) 52.55%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:09 <=  > (73 / 137) 53.28%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:09 <=  > (75 / 137) 54.74%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:09 <=  > (77 / 137) 56.20%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:09 <=  > (78 / 137) 56.93%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:09 <=  > (80 / 137) 58.39%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:09 <=  > (82 / 137) 59.85%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:09 <=  > (83 / 137) 60.58%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (85 / 137) 62.04%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (87 / 137) 63.50%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (88 / 137) 64.23%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (90 / 137) 65.69%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (92 / 137) 67.15%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (93 / 137) 67.88%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (95 / 137) 69.34%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (97 / 137) 70.80%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <== > (98 / 137) 71.53%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (100 / 137) 72.99%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (101 / 137) 73.72%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (102 / 137) 74.45%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (103 / 137) 75.18%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (104 / 137) 75.91%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (105 / 137) 76.64%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (106 / 137) 77.37%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (108 / 137) 78.83%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (109 / 137) 79.56%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (110 / 137) 80.29%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (111 / 137) 81.02%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:10 <= > (113 / 137) 82.48%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:10 <= > (114 / 137) 83.21%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:10 <= > (115 / 137) 83.94%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:11 <= > (116 / 137) 84.67%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:11 <= > (118 / 137) 86.13%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:11 <= > (119 / 137) 86.86%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (121 / 137) 88.32%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (123 / 137) 89.78%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (124 / 137) 90.51%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (126 / 137) 91.97%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (127 / 137) 92.70%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (128 / 137) 93.43%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (129 / 137) 94.16%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (130 / 137) 94.89%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (131 / 137) 95.62%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (132 / 137) 96.35%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (134 / 137) 97.81%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <=> (137 / 137) 100.00% Time: 00:00:14

[i] No Config Backups Found.

[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 20
| Requests Remaining: 5

[+] Finished: Sat Oct 18 10:44:26 2025
[+] Requests Done: 161
[+] Cached Requests: 79
[+] Data Sent: 39.378 KB
[+] Data Received: 430.826 KB
[+] Memory used: 276.738 MB
[+] Elapsed time: 00:00:30

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://d-t-f.ru/ [45.130.41.86]
[+] Started: Sat Oct 18 10:40:32 2025

Interesting Finding(s):

[+] Headers
| Interesting Entry: server: nginx-reuseport/1.21.1
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://d-t-f.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
|  - /?s=
|  - /page/*/?s=
|  - /search/
|  - /wp-json/
|  - /?rest_route=
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] WordPress readme found: https://d-t-f.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] This site has 'Must Use Plugins': https://d-t-f.ru/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] The external WP-Cron seems to be enabled: https://d-t-f.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.3 identified (Latest, released on 2025-09-30).
| Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://d-t-f.ru/wp-includes/css/dashicons.min.css?ver=6.8.3
|  - https://d-t-f.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.8.3
| Confirmed By: Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://d-t-f.ru/wp-includes/js/wp-util.min.js?ver=6.8.3
|  - https://d-t-f.ru/wp-includes/js/wp-backbone.min.js?ver=6.8.3

[+] WordPress theme in use: buddyboss-theme
| Location: https://d-t-f.ru/wp-content/themes/buddyboss-theme/
| Readme: https://d-t-f.ru/wp-content/themes/buddyboss-theme/readme.txt
| Style URL: https://d-t-f.ru/wp-content/themes/buddyboss-theme/style.css
| Style Name: BuddyBoss Theme
| Style URI: https://www.buddyboss.com/
| Description: BuddyBoss Theme makes the BuddyBoss Platform look beautiful....
| Author: BuddyBoss
| Author URI: https://www.buddyboss.com/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.10.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://d-t-f.ru/wp-content/themes/buddyboss-theme/style.css, Match: 'Version:        2.10.0'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] *
| Location: https://d-t-f.ru/wp-content/plugins/*/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[+] buddyboss-platform
| Location: https://d-t-f.ru/wp-content/plugins/buddyboss-platform/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.14.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform/readme.txt

[+] buddyboss-platform-pro
| Location: https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.8.0 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddyboss-platform-pro/readme.txt

[+] buddypress-user-blog
| Location: https://d-t-f.ru/wp-content/plugins/buddypress-user-blog/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.3.5 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/buddypress-user-blog/readme.txt

[+] embed-pdf-viewer
| Location: https://d-t-f.ru/wp-content/plugins/embed-pdf-viewer/
| Latest Version: 2.4.6 (up to date)
| Last Updated: 2024-11-01T18:21:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.4.6 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/embed-pdf-viewer/readme.txt

[+] js_composer
| Location: https://d-t-f.ru/wp-content/plugins/js_composer/
| Last Updated: 2025-10-13T22:54:14.000Z
| [!] The version is out of date, the latest version is 8.7
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
|  Urls In 404 Page (Passive Detection)
|  Body Tag (Passive Detection)
|
| Version: 8.5 (80% confidence)
| Found By: Body Tag (Passive Detection)
|  - https://d-t-f.ru/, Match: 'js-comp-ver-8.5'
| Confirmed By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=8.5
|  - https://d-t-f.ru/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=8.5

[+] pdfjs-viewer-shortcode
| Location: https://d-t-f.ru/wp-content/plugins/pdfjs-viewer-shortcode/
| Last Updated: 2025-07-30T14:27:00.000Z
| [!] The version is out of date, the latest version is 2.2.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.2.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/pdfjs-viewer-shortcode/readme.txt

[+] protected-video
| Location: https://d-t-f.ru/wp-content/plugins/protected-video/
| Latest Version: 1.11.6 (up to date)
| Last Updated: 2024-07-06T10:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.11.6 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/protected-video/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/protected-video/readme.txt

[+] related-products-manager-woocommerce
| Location: https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/
| Latest Version: 1.6.4 (up to date)
| Last Updated: 2025-07-23T11:26:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.6.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/related-products-manager-woocommerce/readme.txt

[+] saphali-woocommerce-lite
| Location: https://d-t-f.ru/wp-content/plugins/saphali-woocommerce-lite/
| Latest Version: 2.0.1 (up to date)
| Last Updated: 2025-02-23T21:26:00.000Z
|
| Found By: Meta Tag (Passive Detection)
|
| Version: 2.0.1 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/saphali-woocommerce-lite/readme.txt

[+] simple-lightbox
| Location: https://d-t-f.ru/wp-content/plugins/simple-lightbox/
| Latest Version: 2.9.4 (up to date)
| Last Updated: 2025-04-21T22:37:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.9.4 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/simple-lightbox/client/css/app.css?ver=2.9.4
| Confirmed By:
|  Readme - Stable Tag (Aggressive Detection)
|   - https://d-t-f.ru/wp-content/plugins/simple-lightbox/readme.txt
|  Readme - ChangeLog Section (Aggressive Detection)
|   - https://d-t-f.ru/wp-content/plugins/simple-lightbox/readme.txt

[+] top-10
| Location: https://d-t-f.ru/wp-content/plugins/top-10/
| Latest Version: 4.1.1 (up to date)
| Last Updated: 2025-05-05T13:56:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.1.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/top-10/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/top-10/readme.txt

[+] tutor
| Location: https://d-t-f.ru/wp-content/plugins/tutor/
| Last Updated: 2025-09-30T10:26:00.000Z
| [!] The version is out of date, the latest version is 3.8.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.6.0 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/tutor/readme.txt

[+] tutor-pro
| Location: https://d-t-f.ru/wp-content/plugins/tutor-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.0.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/tutor-pro/readme.txt

[+] wc-frontend-manager
| Location: https://d-t-f.ru/wp-content/plugins/wc-frontend-manager/
| Latest Version: 6.7.21 (up to date)
| Last Updated: 2025-07-14T07:55:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 6.7.21 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wc-frontend-manager/readme.txt

[+] woocommerce
| Location: https://d-t-f.ru/wp-content/plugins/woocommerce/
| Last Updated: 2025-09-29T13:50:00.000Z
| [!] The version is out of date, the latest version is 10.2.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 10.2.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=10.2.1
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=10.2.1
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/woocommerce/readme.txt

[+] wordpress-seo-premium
| Location: https://d-t-f.ru/wp-content/plugins/wordpress-seo-premium/
| Last Updated: 2025-10-07T08:40:28.000Z
| [!] The version is out of date, the latest version is 26.1
|
| Found By: Comment (Passive Detection)
|
| Version: 25.4 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wordpress-seo-premium/readme.txt

[+] wpdiscuz
| Location: https://d-t-f.ru/wp-content/plugins/wpdiscuz/
| Latest Version: 7.6.34 (up to date)
| Last Updated: 2025-09-19T10:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 7.6.34 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://d-t-f.ru/wp-content/plugins/wpdiscuz/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:01:53
Checking Config Backups - Time: 00:00:01 <    > (3 / 137)  2.18%  ETA: 00:00:58
Checking Config Backups - Time: 00:00:01 <    > (4 / 137)  2.91%  ETA: 00:00:44
Checking Config Backups - Time: 00:00:01 <    > (6 / 137)  4.37%  ETA: 00:00:32
Checking Config Backups - Time: 00:00:01 <    > (8 / 137)  5.83%  ETA: 00:00:32
Checking Config Backups - Time: 00:00:01 <    > (9 / 137)  6.56%  ETA: 00:00:29
Checking Config Backups - Time: 00:00:02 <   > (11 / 137)  8.02%  ETA: 00:00:25
Checking Config Backups - Time: 00:00:02 <   > (12 / 137)  8.75%  ETA: 00:00:23
Checking Config Backups - Time: 00:00:02 <   > (13 / 137)  9.48%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:02 <   > (14 / 137) 10.21%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:02 <   > (15 / 137) 10.94%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:02 <   > (16 / 137) 11.67%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:02 <   > (17 / 137) 12.40%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (18 / 137) 13.13%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (19 / 137) 13.86%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (20 / 137) 14.59%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:03 <   > (21 / 137) 15.32%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (22 / 137) 16.05%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:03 <   > (23 / 137) 16.78%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (24 / 137) 17.51%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (25 / 137) 18.24%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:04 <   > (26 / 137) 18.97%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:04 <   > (27 / 137) 19.70%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (28 / 137) 20.43%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (29 / 137) 21.16%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (30 / 137) 21.89%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (31 / 137) 22.62%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:04 <   > (32 / 137) 23.35%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:05 <   > (33 / 137) 24.08%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:05 <   > (34 / 137) 24.81%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:05 <   > (35 / 137) 25.54%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (36 / 137) 26.27%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:07 <   > (40 / 137) 29.19%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:07 <   > (41 / 137) 29.92%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:07 <   > (43 / 137) 31.38%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:07 <   > (45 / 137) 32.84%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:07 <=  > (47 / 137) 34.30%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:07 <=  > (48 / 137) 35.03%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:07 <=  > (49 / 137) 35.76%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:08 <=  > (50 / 137) 36.49%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:08 <=  > (51 / 137) 37.22%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:08 <=  > (52 / 137) 37.95%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:08 <=  > (53 / 137) 38.68%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:08 <=  > (54 / 137) 39.41%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:09 <=  > (55 / 137) 40.14%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:09 <=  > (56 / 137) 40.87%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:09 <=  > (59 / 137) 43.06%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:09 <=  > (60 / 137) 43.79%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:09 <=  > (63 / 137) 45.98%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:09 <=  > (66 / 137) 48.17%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:09 <=  > (68 / 137) 49.63%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (69 / 137) 50.36%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:09 <=  > (71 / 137) 51.82%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:09 <=  > (72 / 137) 52.55%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:10 <=  > (73 / 137) 53.28%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:10 <=  > (74 / 137) 54.01%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:10 <=  > (75 / 137) 54.74%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:10 <=  > (77 / 137) 56.20%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:10 <=  > (78 / 137) 56.93%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:10 <=  > (79 / 137) 57.66%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:10 <=  > (80 / 137) 58.39%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (82 / 137) 59.85%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (83 / 137) 60.58%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (84 / 137) 61.31%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:10 <=  > (85 / 137) 62.04%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (88 / 137) 64.23%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (89 / 137) 64.96%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <=  > (90 / 137) 65.69%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:10 <== > (93 / 137) 67.88%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (94 / 137) 68.61%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (95 / 137) 69.34%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:10 <== > (98 / 137) 71.53%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <== > (99 / 137) 72.26%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (100 / 137) 72.99%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:10 <= > (102 / 137) 74.45%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:11 <= > (103 / 137) 75.18%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:11 <= > (104 / 137) 75.91%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:11 <= > (105 / 137) 76.64%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (106 / 137) 77.37%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (107 / 137) 78.10%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (109 / 137) 79.56%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (111 / 137) 81.02%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (112 / 137) 81.75%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:11 <= > (114 / 137) 83.21%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:11 <= > (116 / 137) 84.67%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (117 / 137) 85.40%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (118 / 137) 86.13%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (119 / 137) 86.86%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (120 / 137) 87.59%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (121 / 137) 88.32%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:12 <= > (123 / 137) 89.78%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:12 <= > (124 / 137) 90.51%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (125 / 137) 91.24%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (126 / 137) 91.97%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (127 / 137) 92.70%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (129 / 137) 94.16%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:13 <= > (131 / 137) 95.62%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (132 / 137) 96.35%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:14 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (134 / 137) 97.81%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:14 <=> (137 / 137) 100.00% Time: 00:00:14

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Sat Oct 18 10:41:24 2025
[+] Requests Done: 210
[+] Cached Requests: 8
[+] Data Sent: 52.501 KB
[+] Data Received: 2.721 MB
[+] Memory used: 286.773 MB
[+] Elapsed time: 00:00:52

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

Usage: wpscan [options]
--url URL                                 The URL of the blog to scan
Allowed Protocols: http, https
Default Protocol if none provided: http
This option is mandatory unless update or help or hh or version is/are supplied
-h, --help                                    Display the simple help and exit
--hh                                      Display the full help and exit
--version                                 Display the version and exit
-v, --verbose                                 Verbose mode
--[no-]banner                             Whether or not to display the banner
Default: true
-o, --output FILE                             Output to FILE
-f, --format FORMAT                           Output results in the format supplied
Available choices: cli-no-colour, cli-no-color, json, cli
--detection-mode MODE                     Default: mixed
Available choices: mixed, passive, aggressive
--user-agent, --ua VALUE
--random-user-agent, --rua                Use a random user-agent for each scan
--http-auth login:password
-t, --max-threads VALUE                       The max threads to use
Default: 5
--throttle MilliSeconds                   Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
--request-timeout SECONDS                 The request timeout in seconds
Default: 60
--connect-timeout SECONDS                 The connection timeout in seconds
Default: 30
--disable-tls-checks                      Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
--proxy protocol://IP:port                Supported protocols depend on the cURL installed
--proxy-auth login:password
--cookie-string COOKIE                    Cookie string to use in requests, format: cookie1=value1[; cookie2=value2]
--cookie-jar FILE-PATH                    File to read and write cookies
Default: /tmp/wpscan/cookie_jar.txt
--force                                   Do not check if the target is running WordPress or returns a 403
--[no-]update                             Whether or not to update the Database
--api-token TOKEN                         The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile
--wp-content-dir DIR                      The wp-content directory if custom or not detected, such as "wp-content"
--wp-plugins-dir DIR                      The plugins directory if custom or not detected, such as "wp-content/plugins"
-e, --enumerate [OPTS]                        Enumeration Process
Available Choices:
vp   Vulnerable plugins
ap   All plugins
p    Popular plugins
vt   Vulnerable themes
at   All themes
t    Popular themes
tt   Timthumbs
cb   Config backups
dbe  Db exports
u    User IDs range. e.g: u1-5
Range separator to use: '-'
Value if no argument supplied: 1-10
m    Media IDs range. e.g m1-15
Note: Permalink setting must be set to "Plain" for those to be detected
Range separator to use: '-'
Value if no argument supplied: 1-100
Separator to use between the values: ','
Default: All Plugins, Config Backups
Value if no argument supplied: vp,vt,tt,cb,dbe,u,m
Incompatible choices (only one of each group/s can be used):
- vp, ap, p
- vt, at, t
--exclude-content-based REGEXP_OR_STRING  Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
Both the headers and body are checked. Regexp delimiters are not required.
--plugins-detection MODE                  Use the supplied mode to enumerate Plugins.
Default: passive
Available choices: mixed, passive, aggressive
--plugins-version-detection MODE          Use the supplied mode to check plugins' versions.
Default: mixed
Available choices: mixed, passive, aggressive
--exclude-usernames REGEXP_OR_STRING      Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.
-P, --passwords FILE-PATH                     List of passwords to use during the password attack.
If no --username/s option supplied, user enumeration will be run.
-U, --usernames LIST                          List of usernames to use during the password attack.
Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt'
--multicall-max-passwords MAX_PWD         Maximum number of passwords to send by request with XMLRPC multicall
Default: 500
--password-attack ATTACK                  Force the supplied attack to be used rather than automatically determining one.
Multicall will only work against WP < 4.4
Available choices: wp-login, xmlrpc, xmlrpc-multicall
--login-uri URI                           The URI of the login page if different from /wp-login.php
--stealthy                                Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive

[!] To see full list of options use --hh.

One of the following options is required: --url, --update, --help, --hh, --version

Please use --help/-h for the list of available options.

One of the following options is required: --url, --update, --help, --hh, --version

Please use --help/-h for the list of available options.

Scan Aborted: --enumerate Unknown choice: https://d-t-f.ru

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/ [77.234.209.76]
[+] Started: Fri Oct 17 14:27:52 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx
|  - x-powered-by: PHP/7.4.21
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 5.7.2 identified (Insecure, released on 2021-05-12).
| Found By: Rss Generator (Passive Detection)
|  - https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/?feed=rss2, <generator>https://wordpress.org/?v=5.7.2</generator>
|  - https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/?feed=comments-rss2, <generator>https://wordpress.org/?v=5.7.2</generator>

[+] WordPress theme in use: twentytwentyone
| Location: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-content/themes/twentytwentyone/
| Last Updated: 2025-08-05T00:00:00.000Z
| Readme: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-content/themes/twentytwentyone/readme.txt
| [!] The version is out of date, the latest version is 2.6
| Style URL: https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-content/themes/twentytwentyone/style.css?ver=1.3
| Style Name: Twenty Twenty-One
| Style URI: https://wordpress.org/themes/twentytwentyone/
| Description: Twenty Twenty-One is a blank canvas for your ideas and it makes the block editor your best brush. Wi...
| Author: the WordPress team
| Author URI: https://wordpress.org/
|
| Found By: Css Style In Homepage (Passive Detection)
|
| Version: 1.3 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://722d3e4d-aa02-4c0a-b8df-6af736d8868a-log-in-me-app.web.lms.itmo.xyz/wp-content/themes/twentytwentyone/style.css?ver=1.3, Match: 'Version: 1.3'

[+] Enumerating Users (via Passive and Aggressive Methods)

Brute Forcing Author IDs - Time: 00:00:00 <    > (0 / 10)  0.00%  ETA: ??:??:??
Brute Forcing Author IDs - Time: 00:00:00 <    > (1 / 10) 10.00%  ETA: 00:00:04
Brute Forcing Author IDs - Time: 00:00:00 <=   > (3 / 10) 30.00%  ETA: 00:00:01
Brute Forcing Author IDs - Time: 00:00:00 <=   > (4 / 10) 40.00%  ETA: 00:00:01
Brute Forcing Author IDs - Time: 00:00:01 <==  > (6 / 10) 60.00%  ETA: 00:00:01
Brute Forcing Author IDs - Time: 00:00:01 <==> (10 / 10) 100.00% Time: 00:00:01

[i] User(s) Identified:

[+] admin
| Found By: Rss Generator (Passive Detection)
| Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Fri Oct 17 14:28:03 2025
[+] Requests Done: 54
[+] Cached Requests: 6
[+] Data Sent: 18.799 KB
[+] Data Received: 381.028 KB
[+] Memory used: 186.16 MB
[+] Elapsed time: 00:00:11

Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-17 08:56 UTC
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.03 seconds