Anonymous JTSEC #OpIsis Full Recon #25

#######################################################################################################################################
=======================================================================================================================================
Hostname 	www.albetaqa.site 	  	ISP 	Liquid Web, L.L.C
Continent 	North America 	  	Flag
US
Country 	United States 	  	Country Code 	US
Region 	Michigan 	  	Local time 	27 Jun 2019 12:25 EDT
City 	Lansing 	  	Postal Code 	48917
IP Address 	67.225.171.176 	  	Latitude 	42.735
  	  	  	Longitude 	-84.625
======================================================================================================================================
#######################################################################################################################################
> www.albetaqa.site
Server:		185.93.180.131
Address:	185.93.180.131#53

Non-authoritative answer:
www.albetaqa.site	canonical name = albetaqa.site.
Name:	albetaqa.site
Address: 67.225.171.176
>
#######################################################################################################################################
[+] Target : www.albetaqa.site

[+] IP Address : 67.225.171.176

[+] Headers :

[+] Date : Thu, 27 Jun 2019 18:12:44 GMT
[+] Server : Apache
[+] Upgrade : h2,h2c
[+] Connection : Upgrade, Keep-Alive
[+] Last-Modified : Sat, 27 Apr 2019 12:36:20 GMT
[+] Accept-Ranges : bytes
[+] Cache-Control : max-age=600
[+] Expires : Thu, 27 Jun 2019 18:22:44 GMT
[+] Vary : Accept-Encoding,User-Agent
[+] Content-Encoding : gzip
[+] Content-Length : 742
[+] Keep-Alive : timeout=5, max=200
[+] Content-Type : text/html

[+] SSL Certificate Information :

[+] commonName : albetaqa.site
[+] countryName : US
[+] stateOrProvinceName : TX
[+] localityName : Houston
[+] organizationName : cPanel, Inc.
[+] commonName : cPanel, Inc. Certification Authority
[+] Version : 3
[+] Serial Number : AD78EFEC23087CA31E933D7B00C88971
[+] Not Before : May 17 00:00:00 2019 GMT
[+] Not After : Aug 15 23:59:59 2019 GMT
[+] OCSP : ('http://ocsp.comodoca.com',)
[+] subject Alt Name : (('DNS', 'albetaqa.site'), ('DNS', 'cpanel.albetaqa.site'), ('DNS', 'mail.albetaqa.site'), ('DNS', 'webdisk.albetaqa.site'), ('DNS', 'webmail.albetaqa.site'), ('DNS', 'www.albetaqa.site'))
[+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
[+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)

[+] Whois Lookup :

[+] NIR : None
[+] ASN Registry : arin
[+] ASN : 32244
[+] ASN CIDR : 67.225.128.0/17
[+] ASN Country Code : US
[+] ASN Date : 2007-11-26
[+] ASN Description : LIQUIDWEB - Liquid Web, L.L.C, US
[+] cidr : 67.225.128.0/17
[+] name : LIQUIDWEB
[+] handle : NET-67-225-128-0-1
[+] range : 67.225.128.0 - 67.225.255.255
[+] description : Liquid Web, L.L.C
[+] country : US
[+] state : MI
[+] city : Lansing
[+] address : 4210 Creyts Rd.
[+] postal_code : 48917
[+] emails : ['ipadmin@liquidweb.com', 'abuse@liquidweb.com']
[+] created : 2007-11-26
[+] updated : 2016-12-19

[+] Crawling Target...

[+] Looking for robots.txt........[ Found ]
[+] Extracting robots Links.......[ 0 ]
[+] Looking for sitemap.xml.......[ Found ]
[+] Extracting sitemap Links......[ 0 ]
[+] Extracting CSS Links..........[ 2 ]
[+] Extracting Javascript Links...[ 2 ]
[+] Extracting Internal Links.....[ 1 ]
[+] Extracting External Links.....[ 1 ]
[+] Extracting Images.............[ 5 ]

[+] Total Links Extracted : 11

[+] Dumping Links in /opt/FinalRecon/dumps/www.albetaqa.site.dump
[+] Completed!
#######################################################################################################################################
[+] Starting At 2019-06-27 14:12:45.732523
[+] Collecting Information On: www.albetaqa.site
[#] Status: 200
---------------------------------------------------------------------------------------------------------------------------------------
[#] Web Server Detected: Apache
[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
- Date: Thu, 27 Jun 2019 18:12:46 GMT
- Server: Apache
- Last-Modified: Sat, 27 Apr 2019 12:36:20 GMT
- Accept-Ranges: bytes
- Cache-Control: max-age=600
- Expires: Thu, 27 Jun 2019 18:22:46 GMT
- Vary: Accept-Encoding,User-Agent
- Content-Encoding: gzip
- Content-Length: 742
- Keep-Alive: timeout=5, max=199
- Connection: Keep-Alive
- Content-Type: text/html
---------------------------------------------------------------------------------------------------------------------------------------
[#] Finding Location..!
[#] as: AS32244 Liquid Web, L.L.C
[#] city: Lansing
[#] country: United States
[#] countryCode: US
[#] isp: Liquid Web, L.L.C
[#] lat: 42.6898
[#] lon: -84.6427
[#] org: SourceDNS
[#] query: 67.225.171.176
[#] region: MI
[#] regionName: Michigan
[#] status: success
[#] timezone: America/Detroit
[#] zip: 48917
---------------------------------------------------------------------------------------------------------------------------------------
[x] Didn't Detect WAF Presence on: https://www.albetaqa.site/main/
---------------------------------------------------------------------------------------------------------------------------------------
[#] Starting Reverse DNS
[!] Found 1 any Domain
- albetaqa.site
---------------------------------------------------------------------------------------------------------------------------------------
[!] Scanning Open Port
[#] 21/tcp  open ftp
[#] 22/tcp  open ssh
[#] 53/tcp  open domain
[#] 80/tcp  open http
[#] 110/tcp  open pop3
[#] 143/tcp  open imap
[#] 443/tcp  open https
[#] 465/tcp  open smtps
[#] 587/tcp  open submission
[#] 993/tcp  open imaps
[#] 995/tcp  open pop3s
---------------------------------------------------------------------------------------------------------------------------------------
[+] Collecting Information Disclosure!
######################################################################################################################################
[i] Scanning Site: http://www.albetaqa.site


B A S I C   I N F O
====================


[+] Site Title: موقع البطاقة
[+] IP address: 67.225.171.176
[+] Web Server: Apache
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt!
#######################################################################################################################################


W H O I S   L O O K U P
========================

	Domain Name: ALBETAQA.SITE
Registry Domain ID: D21226306-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com/
Updated Date: 2018-01-11T06:29:05.0Z
Creation Date: 2016-05-22T06:13:30.0Z
Registry Expiry Date: 2027-05-22T23:59:59.0Z
Registrar: Name.com LLC
Registrar IANA ID: 625
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Domain Protection Services, Inc.
Registrant State/Province: CO
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS.LIQUIDWEB.COM
Name Server: NS1.LIQUIDWEB.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.4252982607
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2019-06-27T18:13:13.0Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<

The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)

Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
#######################################################################################################################################


G E O  I P  L O O K  U P
=========================

[i] IP Address: 67.225.171.176
[i] Country: United States
[i] State: Michigan
[i] City: Lansing
[i] Latitude: 42.7348
[i] Longitude: -84.6245
#######################################################################################################################################


H T T P   H E A D E R S
=======================


[i]  HTTP/1.1 301 Moved Permanently
[i]  Date: Thu, 27 Jun 2019 18:13:14 GMT
[i]  Server: Apache
[i]  Location: https://www.albetaqa.site/main/
[i]  Cache-Control: max-age=600
[i]  Expires: Thu, 27 Jun 2019 18:23:14 GMT
[i]  Content-Length: 239
[i]  Connection: close
[i]  Content-Type: text/html; charset=iso-8859-1
[i]  HTTP/1.1 200 OK
[i]  Date: Thu, 27 Jun 2019 18:13:16 GMT
[i]  Server: Apache
[i]  Upgrade: h2,h2c
[i]  Connection: Upgrade, close
[i]  Last-Modified: Sat, 27 Apr 2019 12:36:20 GMT
[i]  Accept-Ranges: bytes
[i]  Content-Length: 3795
[i]  Cache-Control: max-age=600
[i]  Expires: Thu, 27 Jun 2019 18:23:16 GMT
[i]  Vary: Accept-Encoding,User-Agent
[i]  Content-Type: text/html
#######################################################################################################################################


D N S   L O O K U P
===================

albetaqa.site.		299	IN	A	67.225.171.176
albetaqa.site.		299	IN	NS	ns1.liquidweb.com.
albetaqa.site.		299	IN	NS	ns.liquidweb.com.
albetaqa.site.		299	IN	SOA	ns.liquidweb.com. admin.liquidweb.com. 2019042504 86400 7200 3600000 14400
albetaqa.site.		299	IN	MX	10 albetaqa.site.
albetaqa.site.		3599	IN	TXT	"v=spf1 +mx +a +ip4:67.225.171.176 ~all"
#######################################################################################################################################


S U B N E T   C A L C U L A T I O N
====================================

Address       = 67.225.171.176
Network       = 67.225.171.176 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 67.225.171.176 - 67.225.171.176 }
#######################################################################################################################################


N M A P   P O R T   S C A N
============================

Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:13 UTC
Nmap scan report for albetaqa.site (67.225.171.176)
Host is up (0.028s latency).
rDNS record for 67.225.171.176: host1.albetaqa.site

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds
#######################################################################################################################################


S U B - D O M A I N   F I N D E R
==================================


[i] Total Subdomains Found : 1

[+] Subdomain: host.albetaqa.site
[-] IP: 67.225.171.75
#######################################################################################################################################
Enter Address Website = 67.225.171.176


Reversing IP With HackTarget '67.225.171.176'
------------------------------------------------

[+] abo3mmar.com
[+] albetaqa.site
[+] db01.lipstickalley.com


Reverse IP With YouGetSignal '67.225.171.176'
------------------------------------------------

[*] IP: 67.225.171.176
[*] Domain: 67.225.171.176
[*] Total Domains: 1

[+] albetaqa.site
#######################################################################################################################################


Geo IP Lookup '67.225.171.176'
---------------------------------

[+] IP Address: 67.225.171.176
[+] Country: United States
[+] State: Michigan
[+] City: Lansing
[+] Latitude: 42.7348
[+] Longitude: -84.6245
#######################################################################################################################################


Whois '67.225.171.176'
-------------------------

[+] #
[+] # ARIN WHOIS data and services are subject to the Terms of Use
[+] # available at: https://www.arin.net/resources/registry/whois/tou/
[+] #
[+] # If you see inaccuracies in the results, please report at
[+] # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
[+] #
[+] # Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
[+] #
[+] NetRange:       67.225.128.0 - 67.225.255.255
[+] CIDR:           67.225.128.0/17
[+] NetName:        LIQUIDWEB
[+] NetHandle:      NET-67-225-128-0-1
[+] Parent:         NET67 (NET-67-0-0-0-0)
[+] NetType:        Direct Allocation
[+] OriginAS:       AS32244
[+] Organization:   Liquid Web, L.L.C (LQWB)
[+] RegDate:        2007-11-26
[+] Updated:        2016-12-19
[+] Ref:            https://rdap.arin.net/registry/ip/67.225.128.0
[+] OrgName:        Liquid Web, L.L.C
[+] OrgId:          LQWB
[+] Address:        4210 Creyts Rd.
[+] City:           Lansing
[+] StateProv:      MI
[+] PostalCode:     48917
[+] Country:        US
[+] RegDate:        2001-07-19
[+] Updated:        2016-10-21
[+] Ref:            https://rdap.arin.net/registry/entity/LQWB
[+] ReferralServer:  rwhois://rwhois.liquidweb.com:4321
[+] OrgAbuseHandle: ABUSE551-ARIN
[+] OrgAbuseName:   Abuse
[+] OrgAbusePhone:  +1-800-580-4985
[+] OrgAbuseEmail:  abuse@liquidweb.com
[+] OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE551-ARIN
[+] OrgTechHandle: IPADM47-ARIN
[+] OrgTechName:   IP Administrator
[+] OrgTechPhone:  +1-800-580-4985
[+] OrgTechEmail:  ipadmin@liquidweb.com
[+] OrgTechRef:    https://rdap.arin.net/registry/entity/IPADM47-ARIN
[+] #
[+] # ARIN WHOIS data and services are subject to the Terms of Use
[+] # available at: https://www.arin.net/resources/registry/whois/tou/
[+] #
[+] # If you see inaccuracies in the results, please report at
[+] # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
[+] #
[+] # Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
[+] #
[+] Found a referral to rwhois.liquidweb.com:4321.
[+] %rwhois V-1.5:003eef:00 rwhois.z.int.liquidweb.com (by Network Solutions, Inc. V-1.5.9.5)
[+] network:Class-Name:network
[+] network:ID:NETBLK-SOURCEDNS.67.225.128.0/17
[+] network:Auth-Area:67.225.128.0/17
[+] network:Network-Name:SOURCEDNS-67.225.128.0
[+] network:IP-Network:67.225.128.0/17
[+] network:IP-Network-Block:67.225.128.0 - 67.225.255.255
[+] network:Organization;I:SOURCEDNS
[+] network:Org-Name:SourceDNS
[+] network:Street-Address:4210 Creyts Rd.
[+] network:City:Lansing
[+] network:State:MI
[+] network:Postal-Code:48917
[+] network:Country-Code:US
[+] network:Tech-Contact;I:admin@sourcedns.com
[+] network:Created:20071126
[+] network:Updated:20071126
[+] network:Updated-By:admin@sourcedns.com
[+] network:Abuse:abuse@sourcedns.com
[+] %referral rwhois://root.rwhois.net:4321/auth-area=.
#######################################################################################################################################


Show HTTP Header '67.225.171.176'
------------------------------------

[+] HTTP/1.1 200 OK
[+] Date: Thu, 27 Jun 2019 18:12:51 GMT
[+] Server: Apache
[+] Upgrade: h2,h2c
[+] Connection: Upgrade
[+] Last-Modified: Wed, 30 Jan 2019 02:03:25 GMT
[+] Accept-Ranges: bytes
[+] Content-Length: 163
[+] Cache-Control: max-age=600
[+] Expires: Thu, 27 Jun 2019 18:22:51 GMT
[+] Vary: Accept-Encoding,User-Agent
[+] Content-Type: text/html
#######################################################################################################################################


Port Scan '67.225.171.176'
-----------------------------

Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:12 UTC
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up (0.028s latency).

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.28 seconds
#######################################################################################################################################

Traceroute '67.225.171.176'
------------------------------

Start: 2019-06-27T18:12:58+0000
HOST: web01                                  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 45.79.12.201                            0.0%     3    0.9   0.8   0.6   0.9   0.1
  2.|-- 45.79.12.0                              0.0%     3    0.6   0.5   0.4   0.6   0.1
  3.|-- 45.79.12.9                              0.0%     3    0.5   0.8   0.5   1.5   0.5
  4.|-- 199.245.16.65                           0.0%     3    1.5   1.6   1.5   1.6   0.1
  5.|-- ???                                    100.0     3    0.0   0.0   0.0   0.0   0.0
  6.|-- ae-1-11.bear2.Washington111.Level3.net 66.7%     3   33.4  33.4  33.4  33.4   0.0
  7.|-- ???                                    100.0     3    0.0   0.0   0.0   0.0   0.0
  8.|-- lw-dc3-core2-eth2-19.rtr.liquidweb.com  0.0%     3   45.1  45.2  45.1  45.3   0.1
  9.|-- lw-dc3-dist13-po6.rtr.liquidweb.com     0.0%     3   45.3  44.3  43.8  45.3   0.8
 10.|-- host1.albetaqa.site                     0.0%     3   44.5  44.4  44.3  44.5   0.1
#######################################################################################################################################
Trying "albetaqa.site"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40476
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;albetaqa.site.			IN	ANY

;; ANSWER SECTION:
albetaqa.site.		3600	IN	TXT	"v=spf1 +mx +a +ip4:67.225.171.176 ~all"
albetaqa.site.		300	IN	MX	10 albetaqa.site.
albetaqa.site.		300	IN	SOA	ns.liquidweb.com. admin.liquidweb.com. 2019042504 86400 7200 3600000 14400
albetaqa.site.		300	IN	A	67.225.171.176
albetaqa.site.		300	IN	NS	ns1.liquidweb.com.
albetaqa.site.		300	IN	NS	ns.liquidweb.com.

;; AUTHORITY SECTION:
albetaqa.site.		300	IN	NS	ns.liquidweb.com.
albetaqa.site.		300	IN	NS	ns1.liquidweb.com.

;; ADDITIONAL SECTION:
albetaqa.site.		300	IN	A	67.225.171.176
ns1.liquidweb.com.	101515	IN	A	69.16.223.254
ns.liquidweb.com.	141558	IN	A	69.16.222.254

Received 280 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 165 ms
######################################################################################################################################
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace albetaqa.site
;; global options: +cmd
.			82834	IN	NS	i.root-servers.net.
.			82834	IN	NS	h.root-servers.net.
.			82834	IN	NS	k.root-servers.net.
.			82834	IN	NS	m.root-servers.net.
.			82834	IN	NS	e.root-servers.net.
.			82834	IN	NS	f.root-servers.net.
.			82834	IN	NS	c.root-servers.net.
.			82834	IN	NS	g.root-servers.net.
.			82834	IN	NS	d.root-servers.net.
.			82834	IN	NS	a.root-servers.net.
.			82834	IN	NS	b.root-servers.net.
.			82834	IN	NS	l.root-servers.net.
.			82834	IN	NS	j.root-servers.net.
.			82834	IN	RRSIG	NS 8 0 518400 20190710140000 20190627130000 25266 . MMS8np0YuoEUwBfBJ3n4c3Bdk4bC1AgAWbCqWlFD7WpsFBl8X+wj/niX ATCD1NEZeN5bYeFgX70Id2puOiBt2K1HlpmzsoLR/xyMVkMYEaa/Nphj ZE30dnWV3jOo9NvKSo1wPra5zEwhoH6+5InnxVT6pIPVJy+3wQA9Tw3k zlokEGTG+FummV5J+gE9xO+MqBtw6e3BGv0xjsBNzFqvrEDMU7K5ueVH mOnjfT2Hl3jwxC0oKy3QEfbr3gUWLaOSHP4X5AAL7zax8EImdBLu8bFi EojEepyxOsSdHaaPMUkC469kXqSCME2kVyQPFXwPmxObLwMyt5R5oR1k diJlCw==
;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 176 ms

site.			172800	IN	NS	a.nic.site.
site.			172800	IN	NS	b.nic.site.
site.			172800	IN	NS	c.nic.site.
site.			172800	IN	NS	d.nic.site.
site.			86400	IN	DS	51676 8 1 90DDBEEEB973B0F8719ED763FB6EEDE97C73ABF5
site.			86400	IN	DS	51676 8 2 883175F6F5C68EA81563B62D1B2B79B6A997D60DC6E20CC70AFD0CD6 B7E82F62
site.			86400	IN	RRSIG	DS 8 1 86400 20190710140000 20190627130000 25266 . ewNXPC3IZ0OwraXkeo7yv/GFz/cKbxe8+VPNWEybc4X8afXf8ft5bLJK +M5nuGB7nDyo2108YxgVAIak/NnGHHENOhKtemEP6PPurCisUCrCvSmw MmdZLiLjEJNsl1AKoQZlFEu7pIYzNyOotlhPLmLlD+k6DUwq3ecnq5UQ MkFF56u8x7qOQBLaFTZA2D4ZLE6Hy7glBMpytWqW65TVdKG4FnIU4xcr mjYYQ9WO1clcTtNDcqP7vo0DsJY24JCHm8Z7PBOv75TaSkSubt2ArZXn tjyC6uuib+PsaBhJ2kIsmlaNCcgPYaQuzlWw3xrN+c+6+jHNyS+MIyXe h4b/aA==
;; Received 657 bytes from 2001:500:2f::f#53(f.root-servers.net) in 24 ms

albetaqa.SITE.		3600	IN	NS	ns1.liquidweb.com.
albetaqa.SITE.		3600	IN	NS	ns.liquidweb.com.
dc7qjc1dvd5sfqovl8iihrqd1scolsuv.SITE. 3600 IN NSEC3 1 1 1 - DCAMM45Q3CIGD177UI92GQI2LCQ6HNMN NS SOA RRSIG DNSKEY NSEC3PARAM
dc7qjc1dvd5sfqovl8iihrqd1scolsuv.SITE. 3600 IN RRSIG NSEC3 8 2 3600 20190713032805 20190613083911 14493 site. UiVBIeKrbRwsumQIKGgMLrFrQSI1Ea8GBEuVQ+LFMDRbecTO/kcHebnW QLBaePz999vO+5Hbn9Ci76d+G8/r9zezx/cef13L8/nlJcinpRxG3S31 +V156iZyihoQxZ1S1pLKamS7WiR8psCy0xPgHo2p/1YfEBx+frjTko3I fGQ=
8e0pf7ud4t3mpo309pvrr0cbieifho6t.SITE. 3600 IN NSEC3 1 1 1 - 8EM72I6VP6UHTKFUF8ULVR356M4JHA1A NS DS RRSIG
8e0pf7ud4t3mpo309pvrr0cbieifho6t.SITE. 3600 IN RRSIG NSEC3 8 2 3600 20190717034035 20190616192506 14493 site. GX7D7nnAXbzvmIIONmsfl23zWMh8rKDH8DpuSdA+qtOnFSE7pY6r51ev ifG9wt/7vMBjB+FAfZ1tRNK+4leyhvuYWfFiVjyXxrHjljJVSi8uz6l0 Z8qJ+f0+/XQU4D9FxPRQlaomHbLEu5iBr6KE0NspS1k6oT/5vlt+v+Ch pfM=
;; Received 590 bytes from 185.38.99.5#53(c.nic.site) in 178 ms

albetaqa.site.		300	IN	A	67.225.171.176
;; Received 58 bytes from 69.16.223.254#53(ns1.liquidweb.com) in 293 ms
#######################################################################################################################################
[*] Performing General Enumeration of Domain: albetaqa.site
[-] DNSSEC is not configured for albetaqa.site
[*] 	 SOA ns.liquidweb.com 69.16.222.254
[*] 	 NS ns.liquidweb.com 69.16.222.254
[*] 	 NS ns1.liquidweb.com 69.16.223.254
[*] 	 MX albetaqa.site 67.225.171.176
[*] 	 A albetaqa.site 67.225.171.176
[*] 	 TXT albetaqa.site v=spf1 +mx +a +ip4:67.225.171.176 ~all
[*] Enumerating SRV Records
[-] No SRV Records Found for albetaqa.site
[+] 0 Records Found
#######################################################################################################################################
[*] Processing domain albetaqa.site
[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
[+] Getting nameservers
69.16.222.254 - ns.liquidweb.com
69.16.223.254 - ns1.liquidweb.com
[-] Zone transfer failed

[+] TXT records found
"v=spf1 +mx +a +ip4:67.225.171.176 ~all"

[+] MX records found, added to target list
10 albetaqa.site.

[*] Scanning albetaqa.site for A records
67.225.171.176 - albetaqa.site
67.225.171.176 - ftp.albetaqa.site
67.225.171.176 - mail.albetaqa.site
67.225.171.176 - smtp.albetaqa.site
67.225.171.176 - www.albetaqa.site
######################################################################################################################################
Ip Address	Status	Type	Domain Name			Server
----------	------	----	-----------			------
67.225.171.176          alias   ftp.albetaqa.site
67.225.171.176		host	albetaqa.site
67.225.171.176          host    host1.albetaqa.site
67.225.171.176          alias   mail.albetaqa.site
67.225.171.176		host	albetaqa.site
67.225.171.176          host    smtp.albetaqa.site
67.225.171.176          alias   www.albetaqa.site
67.225.171.176		host	albetaqa.site
#######################################################################################################################################
[+] Testing domain
    	www.albetaqa.site         67.225.171.176
[+] Dns resolving
       Domain name               Ip address              Name server
      albetaqa.site            67.225.171.176        host1.albetaqa.site
Found 1 host(s) for albetaqa.site
[+] Testing wildcard
	Ok, no wildcard found.

[+] Scanning for subdomain on albetaqa.site
[!] Wordlist not specified. I scannig with my internal wordlist...
    Estimated time about 286.63 seconds

        Subdomain                Ip address              Name server

    ftp.albetaqa.site          67.225.171.176        host1.albetaqa.site
   host1.albetaqa.site         67.225.171.176        host1.albetaqa.site
    mail.albetaqa.site         67.225.171.176        host1.albetaqa.site
    smtp.albetaqa.site         67.225.171.176        host1.albetaqa.site
    www.albetaqa.site          67.225.171.176        host1.albetaqa.site
#######################################################################################################################################
WhatWeb report for http://albetaqa.site
Status    : 301 Moved Permanently
Title     : 301 Moved Permanently
IP        : 67.225.171.176
Country   : UNITED STATES, US

Summary   : Apache, HTTPServer[Apache], RedirectLocation[https://www.albetaqa.site/main/]

Detected Plugins:
[ Apache ]
	The Apache HTTP Server Project is an effort to develop and
	maintain an open-source HTTP server for modern operating
	systems including UNIX and Windows NT. The goal of this
	project is to provide a secure, efficient and extensible
	server that provides HTTP services in sync with the current
	HTTP standards.

	Google Dorks: (3)
	Website     : http://httpd.apache.org/

[ HTTPServer ]
	HTTP server header string. This plugin also attempts to
	identify the operating system from the server header.

	String       : Apache (from server string)

[ RedirectLocation ]
	HTTP Server string location. used with http-status 301 and
	302

	String       : https://www.albetaqa.site/main/ (from location)

HTTP Headers:
	HTTP/1.1 301 Moved Permanently
	Date: Thu, 27 Jun 2019 19:50:05 GMT
	Server: Apache
	Location: https://www.albetaqa.site/main/
	Cache-Control: max-age=600
	Expires: Thu, 27 Jun 2019 20:00:05 GMT
	Content-Length: 239
	Connection: close
	Content-Type: text/html; charset=iso-8859-1

WhatWeb report for https://www.albetaqa.site/main/
Status    : 200 OK
Title     : موقع البطاقة
IP        : 67.225.171.176
Country   : UNITED STATES, US

Summary   : JQuery, Apache, HTTPServer[Apache], Script[text/javascript], HTML5, UncommonHeaders[upgrade]

Detected Plugins:
[ Apache ]
	The Apache HTTP Server Project is an effort to develop and
	maintain an open-source HTTP server for modern operating
	systems including UNIX and Windows NT. The goal of this
	project is to provide a secure, efficient and extensible
	server that provides HTTP services in sync with the current
	HTTP standards.

	Google Dorks: (3)
	Website     : http://httpd.apache.org/

[ HTML5 ]
	HTML version 5, detected by the doctype declaration


[ HTTPServer ]
	HTTP server header string. This plugin also attempts to
	identify the operating system from the server header.

	String       : Apache (from server string)

[ JQuery ]
	A fast, concise, JavaScript that simplifies how to traverse
	HTML documents, handle events, perform animations, and add
	AJAX.

	Website     : http://jquery.com/

[ Script ]
	This plugin detects instances of script HTML elements and
	returns the script language/type.

	String       : text/javascript

[ UncommonHeaders ]
	Uncommon HTTP server headers. The blacklist includes all
	the standard headers and many non standard but common ones.
	Interesting but fairly common headers should have their own
	plugins, eg. x-powered-by, server and x-aspnet-version.
	Info about headers can be found at www.http-stats.com

	String       : upgrade (from headers)

HTTP Headers:
	HTTP/1.1 200 OK
	Date: Thu, 27 Jun 2019 19:50:05 GMT
	Server: Apache
	Upgrade: h2,h2c
	Connection: Upgrade, close
	Last-Modified: Sat, 27 Apr 2019 12:36:20 GMT
	Accept-Ranges: bytes
	Cache-Control: max-age=600
	Expires: Thu, 27 Jun 2019 20:00:05 GMT
	Vary: Accept-Encoding,User-Agent
	Content-Encoding: gzip
	Content-Length: 742
	Content-Type: text/html
#######################################################################################################################################
DNS Servers for albetaqa.site:
	ns1.liquidweb.com
	ns.liquidweb.com

Trying zone transfer first...
	Testing ns1.liquidweb.com
		Request timed out or transfer not allowed.
	Testing ns.liquidweb.com
		Request timed out or transfer not allowed.

Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force

Checking for wildcard DNS...
Nope. Good.
Now performing 2280 test(s)...
67.225.171.176	host1.albetaqa.site
67.225.171.176	ftp.albetaqa.site
67.225.171.176	mail.albetaqa.site
67.225.171.176	smtp.albetaqa.site
67.225.171.176	www.albetaqa.site

Subnets found (may want to probe here using nmap or unicornscan):
	67.225.171.0-255 : 5 hostnames found.

Done with Fierce scan: http://ha.ckers.org/fierce/
Found 5 entries.

Have a nice day.
#######################################################################################################################################


 AVAILABLE PLUGINS
 --------------------------------------------------------------------------------------------------------------------------------------

  FallbackScsvPlugin
  RobotPlugin
  HeartbleedPlugin
  EarlyDataPlugin
  CertificateInfoPlugin
  SessionResumptionPlugin
  SessionRenegotiationPlugin
  OpenSslCipherSuitesPlugin
  HttpHeadersPlugin
  CompressionPlugin
  OpenSslCcsInjectionPlugin


 CHECKING HOST(S) AVAILABILITY
 --------------------------------------------------------------------------------------------------------------------------------------

   67.225.171.176:443                       => 67.225.171.176


 SCAN RESULTS FOR 67.225.171.176:443 - 67.225.171.176
 --------------------------------------------------------------------------------------------------------------------------------------

 * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

 * Downgrade Attacks:
       TLS_FALLBACK_SCSV:                 OK - Supported

 * Certificate Information:
     Content
       SHA1 Fingerprint:                  f049d8fdd47d08802d0b30896be3f722f569ae9a
       Common Name:                       albetaqa.site
       Issuer:                            cPanel, Inc. Certification Authority
       Serial Number:                     230584385098398486776167602988081777009
       Not Before:                        2019-05-17 00:00:00
       Not After:                         2019-08-15 23:59:59
       Signature Algorithm:               sha256
       Public Key Algorithm:              RSA
       Key Size:                          2048
       Exponent:                          65537 (0x10001)
       DNS Subject Alternative Names:     ['albetaqa.site', 'cpanel.albetaqa.site', 'mail.albetaqa.site', 'webdisk.albetaqa.site', 'webmail.albetaqa.site', 'www.albetaqa.site']

     Trust
       Hostname Validation:               FAILED - Certificate does NOT match 67.225.171.176
       Android CA Store (9.0.0_r9):       OK - Certificate is trusted
       iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
       Java CA Store (jdk-11.0.2):        OK - Certificate is trusted
       macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
       Mozilla CA Store (2018-11-22):     OK - Certificate is trusted
       OPENJDK CA Store (jdk-11.0.2):     OK - Certificate is trusted
       Windows CA Store (2018-12-08):     OK - Certificate is trusted
       Symantec 2018 Deprecation:         OK - Not a Symantec-issued certificate
       Received Chain:                    albetaqa.site --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
       Verified Chain:                    albetaqa.site --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
       Received Chain Contains Anchor:    OK - Anchor certificate not sent
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain

     Extensions
       OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
       Certificate Transparency:          WARNING - Only 2 SCTs included but Google recommends 3 or more

     OCSP Stapling
       OCSP Response Status:              successful
       Validation w/ Mozilla Store:       OK - Response is trusted
       Responder Id:                      7E035A65416BA77E0AE1B89D08EA1D8E1D6AC765
       Cert Status:                       good
       Cert Serial Number:                AD78EFEC23087CA31E933D7B00C88971
       This Update:                       Jun 21 00:15:27 2019 GMT
       Next Update:                       Jun 28 00:15:27 2019 GMT

 * TLSV1_3 Cipher Suites:
      Server rejected all cipher suites.

 * TLS 1.2 Session Resumption Support:
      With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
      With TLS Tickets:                  OK - Supported

 * SSLV3 Cipher Suites:
      Server rejected all cipher suites.

 * Session Renegotiation:
       Client-initiated Renegotiation:    OK - Rejected
       Secure Renegotiation:              OK - Supported

 * OpenSSL Heartbleed:
                                          OK - Not vulnerable to Heartbleed

 * ROBOT Attack:
                                          OK - Not vulnerable, RSA cipher suites not supported

 * TLSV1_1 Cipher Suites:
      Server rejected all cipher suites.

 * Deflate Compression:
                                          OK - Compression disabled

 * TLSV1 Cipher Suites:
      Server rejected all cipher suites.

 * OpenSSL CCS Injection:
                                          OK - Not vulnerable to OpenSSL CCS injection

 * TLSV1_2 Cipher Suites:
       Forward Secrecy                    OK - Supported
       RC4                                OK - Not Supported

     Preferred:
        None - Server followed client cipher suite preference.
     Accepted:
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384                            256 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384                            256 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256                            128 bits      HTTP 200 OK
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256                            128 bits      HTTP 200 OK


 SCAN COMPLETED IN 15.65 S
 -------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################

Domains still to check: 1
	Checking if the hostname albetaqa.site. given is in fact a domain...

Analyzing domain: albetaqa.site.
	Checking NameServers using system default resolver...
		IP: 69.16.223.254 (United States)
			HostName: ns1.liquidweb.com 			Type: NS
			HostName: ns1.liquidweb.com			Type: PTR
		IP: 69.16.222.254 (United States)
			HostName: ns.liquidweb.com 			Type: NS
			HostName: ns.liquidweb.com			Type: PTR

	Checking MailServers using system default resolver...
		IP: 67.225.171.176 (United States)
			HostName: albetaqa.site 			Type: MX
			HostName: host1.albetaqa.site			Type: PTR

	Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
		No zone transfer found on nameserver 69.16.222.254
		No zone transfer found on nameserver 69.16.223.254

	Checking SPF record...

	Checking 192 most common hostnames using system default resolver...
		IP: 67.225.171.176 (United States)
			HostName: albetaqa.site 			Type: MX
			HostName: host1.albetaqa.site			Type: PTR
			Type: SPF
			HostName: www.albetaqa.site. 			Type: A
		IP: 67.225.171.176 (United States)
			HostName: albetaqa.site 			Type: MX
			HostName: host1.albetaqa.site			Type: PTR
			Type: SPF
			HostName: www.albetaqa.site. 			Type: A
			HostName: ftp.albetaqa.site. 			Type: A
		IP: 67.225.171.176 (United States)
			HostName: albetaqa.site 			Type: MX
			HostName: host1.albetaqa.site			Type: PTR
			Type: SPF
			HostName: www.albetaqa.site. 			Type: A
			HostName: ftp.albetaqa.site. 			Type: A
			HostName: mail.albetaqa.site. 			Type: A
		IP: 67.225.171.176 (United States)
			HostName: albetaqa.site 			Type: MX
			HostName: host1.albetaqa.site			Type: PTR
			Type: SPF
			HostName: www.albetaqa.site. 			Type: A
			HostName: ftp.albetaqa.site. 			Type: A
			HostName: mail.albetaqa.site. 			Type: A
			HostName: smtp.albetaqa.site. 			Type: A

	Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
		Checking netblock 69.16.222.0
		Checking netblock 69.16.223.0
		Checking netblock 67.225.171.0

	Searching for albetaqa.site. emails in Google

	Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
		Host 69.16.222.254 is up (reset ttl 64)
		Host 69.16.223.254 is up (reset ttl 64)
		Host 67.225.171.176 is up (reset ttl 64)

	Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
		Scanning ip 69.16.222.254 (ns.liquidweb.com (PTR)):
			53/tcp  open   domain?      syn-ack ttl 48
				| dns-nsid:
				|   NSID: n01.b2.authdns.liquidweb.com (6e30312e62322e61757468646e732e6c69717569647765622e636f6d)
				|_  id.server: n01.b2.authdns.liquidweb.com
				| fingerprint-strings:
				|   DNSVersionBindReqTCP:
				|     version
				|_    bind
		Scanning ip 69.16.223.254 (ns1.liquidweb.com (PTR)):
			53/tcp  open   domain?      syn-ack ttl 49
				| dns-nsid:
				|   NSID: n01.b2.authdns.liquidweb.com (6e30312e62322e61757468646e732e6c69717569647765622e636f6d)
				|_  id.server: n01.b2.authdns.liquidweb.com
				| fingerprint-strings:
				|   DNSVersionBindReqTCP:
				|     version
				|_    bind
		Scanning ip 67.225.171.176 (smtp.albetaqa.site.):
			21/tcp    open   ftp          syn-ack ttl 49 Pure-FTPd
				| ssl-cert: Subject: commonName=host1.albetaqa.site
				| Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				| Public Key type: rsa
				| Public Key bits: 2048
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2019-04-26T00:00:00
				| Not valid after:  2020-04-25T23:59:59
				| MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				|_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
				|_ssl-date: TLS randomness does not represent time
			22/tcp    open   ssh          syn-ack ttl 49 OpenSSH 7.4 (protocol 2.0)
				| ssh-hostkey:
				|   2048 65:ad:46:13:12:8e:80:b5:67:60:0a:ae:34:8d:35:5e (RSA)
				|_  256 0a:56:d2:2e:05:dd:61:0d:b8:24:0a:3a:d2:ac:34:00 (ECDSA)
			53/tcp    open   domain       syn-ack ttl 49 ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
				| dns-nsid:
				|_  bind.version: 9.9.4-RedHat-9.9.4-74.el7_6.1
			80/tcp    open   http         syn-ack ttl 49 Apache httpd
				| http-methods:
				|_  Supported Methods: POST OPTIONS HEAD GET
				|_http-server-header: Apache
				|_http-title: Site doesn't have a title (text/html).
			110/tcp   open   pop3         syn-ack ttl 49 Dovecot pop3d
				|_pop3-capabilities: RESP-CODES PIPELINING USER STLS TOP SASL(PLAIN LOGIN) CAPA UIDL AUTH-RESP-CODE
				| ssl-cert: Subject: commonName=host1.albetaqa.site
				| Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				| Public Key type: rsa
				| Public Key bits: 2048
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2019-04-26T00:00:00
				| Not valid after:  2020-04-25T23:59:59
				| MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				|_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			143/tcp   open   imap         syn-ack ttl 49 Dovecot imapd
				|_imap-capabilities: IDLE IMAP4rev1 NAMESPACE Pre-login ENABLE OK listed AUTH=PLAIN ID post-login SASL-IR have more LITERAL+ capabilities AUTH=LOGINA0001 STARTTLS LOGIN-REFERRALS
				| ssl-cert: Subject: commonName=host1.albetaqa.site
				| Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				| Public Key type: rsa
				| Public Key bits: 2048
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2019-04-26T00:00:00
				| Not valid after:  2020-04-25T23:59:59
				| MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				|_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			443/tcp   open   ssl/http     syn-ack ttl 49 Apache httpd
				| http-methods:
				|_  Supported Methods: POST OPTIONS HEAD GET
				|_http-server-header: Apache
				|_http-title: \xD9\x85\xD9\x88\xD9\x82\xD8\xB9 \xD8\xA7\xD9\x84\xD8\xA8\xD8\xB7\xD8\xA7\xD9\x82\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xAF\xD8\xB9\xD9\x88\xD9\x8A - albetaqa.site
				| ssl-cert: Subject: commonName=albetaqa.site
				| Subject Alternative Name: DNS:albetaqa.site, DNS:cpanel.albetaqa.site, DNS:mail.albetaqa.site, DNS:webdisk.albetaqa.site, DNS:webmail.albetaqa.site, DNS:www.albetaqa.site
				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				| Public Key type: rsa
				| Public Key bits: 2048
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2019-05-17T00:00:00
				| Not valid after:  2019-08-15T23:59:59
				| MD5:   5f23 3545 47dc 2040 97db f15a ed10 148f
				|_SHA-1: f049 d8fd d47d 0880 2d0b 3089 6be3 f722 f569 ae9a
			465/tcp   open   ssl/smtp     syn-ack ttl 49 Exim smtpd 4.92
				| smtp-commands: host1.albetaqa.site Hello nmap.scanme.org [185.210.217.55], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
				|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
				| ssl-cert: Subject: commonName=host1.albetaqa.site
				| Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				| Public Key type: rsa
				| Public Key bits: 2048
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2019-04-26T00:00:00
				| Not valid after:  2020-04-25T23:59:59
				| MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				|_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			587/tcp   open   smtp         syn-ack ttl 49 Exim smtpd 4.92
				| smtp-commands: host1.albetaqa.site Hello nmap.scanme.org [185.210.217.55], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
				|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
				| ssl-cert: Subject: commonName=host1.albetaqa.site
				| Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				| Public Key type: rsa
				| Public Key bits: 2048
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2019-04-26T00:00:00
				| Not valid after:  2020-04-25T23:59:59
				| MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				|_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			993/tcp   open   imaps?       syn-ack ttl 49
				|_imap-capabilities: IDLE IMAP4rev1 NAMESPACE Pre-login ENABLE OK listed AUTH=PLAIN ID post-login SASL-IR more capabilities LITERAL+ AUTH=LOGINA0001 have LOGIN-REFERRALS
				| ssl-cert: Subject: commonName=host1.albetaqa.site
				| Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				| Public Key type: rsa
				| Public Key bits: 2048
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2019-04-26T00:00:00
				| Not valid after:  2020-04-25T23:59:59
				| MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				|_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			995/tcp   open   pop3s?       syn-ack ttl 49
				|_pop3-capabilities: SASL(PLAIN LOGIN) USER TOP AUTH-RESP-CODE PIPELINING CAPA UIDL RESP-CODES
				| ssl-cert: Subject: commonName=host1.albetaqa.site
				| Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				| Public Key type: rsa
				| Public Key bits: 2048
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2019-04-26T00:00:00
				| Not valid after:  2020-04-25T23:59:59
				| MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				|_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
				Device type: general purpose|storage-misc|media device|WAP
				Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
			OS Info: Service Info: Host: host1.albetaqa.site; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
	WebCrawling domain's web servers... up to 50 max links.

	+ URL to crawl: http://smtp.albetaqa.site.
	+ Date: 2019-06-27

	+ Crawling URL: http://smtp.albetaqa.site.:
		+ Links:
			+ Crawling http://smtp.albetaqa.site. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
		+ Searching for directories...
		+ Searching open folders...


	+ URL to crawl: http://ftp.albetaqa.site.
	+ Date: 2019-06-27

	+ Crawling URL: http://ftp.albetaqa.site.:
		+ Links:
			+ Crawling http://ftp.albetaqa.site. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
		+ Searching for directories...
		+ Searching open folders...


	+ URL to crawl: http://www.albetaqa.site.
	+ Date: 2019-06-27

	+ Crawling URL: http://www.albetaqa.site.:
		+ Links:
			+ Crawling http://www.albetaqa.site.
		+ Searching for directories...
		+ Searching open folders...


	+ URL to crawl: http://mail.albetaqa.site.
	+ Date: 2019-06-27

	+ Crawling URL: http://mail.albetaqa.site.:
		+ Links:
			+ Crawling http://mail.albetaqa.site.
		+ Searching for directories...
		+ Searching open folders...


	+ URL to crawl: http://albetaqa.site
	+ Date: 2019-06-27

	+ Crawling URL: http://albetaqa.site:
		+ Links:
			+ Crawling http://albetaqa.site
		+ Searching for directories...
			- Found: http://albetaqa.site/metro/
			- Found: http://albetaqa.site/metro/css/
			- Found: http://albetaqa.site/css/
			- Found: http://albetaqa.site/js/
			- Found: http://albetaqa.site/metro/js/
			- Found: http://albetaqa.site/images/
		+ Searching open folders...
			- http://albetaqa.site/metro/  (No Open Folder)
			- http://albetaqa.site/metro/css/  (No Open Folder)
			- http://albetaqa.site/css/  (No Open Folder)
			- http://albetaqa.site/js/  (No Open Folder)
			- http://albetaqa.site/metro/js/  (No Open Folder)
			- http://albetaqa.site/images/
			>>> Directory indexing at: http://albetaqa.site/images/
		+ Crawling directories with indexing:
			+ Crawling http://albetaqa.site/images/
		+ Crawling directories with indexing finished


	+ URL to crawl: https://smtp.albetaqa.site.
	+ Date: 2019-06-27

	+ Crawling URL: https://smtp.albetaqa.site.:
		+ Links:
			+ Crawling https://smtp.albetaqa.site.
		+ Searching for directories...
		+ Searching open folders...


	+ URL to crawl: https://ftp.albetaqa.site.
	+ Date: 2019-06-27

	+ Crawling URL: https://ftp.albetaqa.site.:
		+ Links:
			+ Crawling https://ftp.albetaqa.site.
		+ Searching for directories...
		+ Searching open folders...


	+ URL to crawl: https://www.albetaqa.site.
	+ Date: 2019-06-27

	+ Crawling URL: https://www.albetaqa.site.:
		+ Links:
			+ Crawling https://www.albetaqa.site.
		+ Searching for directories...
		+ Searching open folders...


	+ URL to crawl: https://mail.albetaqa.site.
	+ Date: 2019-06-27

	+ Crawling URL: https://mail.albetaqa.site.:
		+ Links:
			+ Crawling https://mail.albetaqa.site.
		+ Searching for directories...
		+ Searching open folders...


	+ URL to crawl: https://albetaqa.site
	+ Date: 2019-06-27

	+ Crawling URL: https://albetaqa.site:
		+ Links:
			+ Crawling https://albetaqa.site
		+ Searching for directories...
			- Found: https://albetaqa.site/metro/
			- Found: https://albetaqa.site/metro/css/
			- Found: https://albetaqa.site/css/
			- Found: https://albetaqa.site/js/
			- Found: https://albetaqa.site/metro/js/
			- Found: https://albetaqa.site/images/
		+ Searching open folders...
			- https://albetaqa.site/metro/  (No Open Folder)
			- https://albetaqa.site/metro/css/  (No Open Folder)
			- https://albetaqa.site/css/  (No Open Folder)
			- https://albetaqa.site/js/  (No Open Folder)
			- https://albetaqa.site/metro/js/  (No Open Folder)
			- https://albetaqa.site/images/
			>>> Directory indexing at: https://albetaqa.site/images/
		+ Crawling directories with indexing:
			+ Crawling https://albetaqa.site/images/
		+ Crawling directories with indexing finished

--Finished--
Summary information for domain albetaqa.site.
---------------------------------------------------------------------------------------------------------------------------------------

	Domain Ips Information:
		IP: 69.16.222.254
			HostName: ns.liquidweb.com 			Type: NS
			HostName: ns.liquidweb.com			Type: PTR
			Country: United States
			Is Active: True (reset ttl 64)
			Port: 53/tcp  open   domain?      syn-ack ttl 48
				Script Info: | dns-nsid:
				Script Info: |   NSID: n01.b2.authdns.liquidweb.com (6e30312e62322e61757468646e732e6c69717569647765622e636f6d)
				Script Info: |_  id.server: n01.b2.authdns.liquidweb.com
				Script Info: | fingerprint-strings:
				Script Info: |   DNSVersionBindReqTCP:
				Script Info: |     version
				Script Info: |_    bind
		IP: 69.16.223.254
			HostName: ns1.liquidweb.com 			Type: NS
			HostName: ns1.liquidweb.com			Type: PTR
			Country: United States
			Is Active: True (reset ttl 64)
			Port: 53/tcp  open   domain?      syn-ack ttl 49
				Script Info: | dns-nsid:
				Script Info: |   NSID: n01.b2.authdns.liquidweb.com (6e30312e62322e61757468646e732e6c69717569647765622e636f6d)
				Script Info: |_  id.server: n01.b2.authdns.liquidweb.com
				Script Info: | fingerprint-strings:
				Script Info: |   DNSVersionBindReqTCP:
				Script Info: |     version
				Script Info: |_    bind
		IP: 67.225.171.176
			HostName: albetaqa.site 			Type: MX
			HostName: host1.albetaqa.site			Type: PTR
			Type: SPF
			HostName: www.albetaqa.site. 			Type: A
			HostName: ftp.albetaqa.site. 			Type: A
			HostName: mail.albetaqa.site. 			Type: A
			HostName: smtp.albetaqa.site. 			Type: A
			Country: United States
			Is Active: True (reset ttl 64)
			Port: 21/tcp    open   ftp          syn-ack ttl 49 Pure-FTPd
				Script Info: | ssl-cert: Subject: commonName=host1.albetaqa.site
				Script Info: | Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 2048
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2019-04-26T00:00:00
				Script Info: | Not valid after:  2020-04-25T23:59:59
				Script Info: | MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				Script Info: |_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
				Script Info: |_ssl-date: TLS randomness does not represent time
			Port: 22/tcp    open   ssh          syn-ack ttl 49 OpenSSH 7.4 (protocol 2.0)
				Script Info: | ssh-hostkey:
				Script Info: |   2048 65:ad:46:13:12:8e:80:b5:67:60:0a:ae:34:8d:35:5e (RSA)
				Script Info: |_  256 0a:56:d2:2e:05:dd:61:0d:b8:24:0a:3a:d2:ac:34:00 (ECDSA)
			Port: 53/tcp    open   domain       syn-ack ttl 49 ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
				Script Info: | dns-nsid:
				Script Info: |_  bind.version: 9.9.4-RedHat-9.9.4-74.el7_6.1
			Port: 80/tcp    open   http         syn-ack ttl 49 Apache httpd
				Script Info: | http-methods:
				Script Info: |_  Supported Methods: POST OPTIONS HEAD GET
				Script Info: |_http-server-header: Apache
				Script Info: |_http-title: Site doesn't have a title (text/html).
			Port: 110/tcp   open   pop3         syn-ack ttl 49 Dovecot pop3d
				Script Info: |_pop3-capabilities: RESP-CODES PIPELINING USER STLS TOP SASL(PLAIN LOGIN) CAPA UIDL AUTH-RESP-CODE
				Script Info: | ssl-cert: Subject: commonName=host1.albetaqa.site
				Script Info: | Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 2048
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2019-04-26T00:00:00
				Script Info: | Not valid after:  2020-04-25T23:59:59
				Script Info: | MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				Script Info: |_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			Port: 143/tcp   open   imap         syn-ack ttl 49 Dovecot imapd
				Script Info: |_imap-capabilities: IDLE IMAP4rev1 NAMESPACE Pre-login ENABLE OK listed AUTH=PLAIN ID post-login SASL-IR have more LITERAL+ capabilities AUTH=LOGINA0001 STARTTLS LOGIN-REFERRALS
				Script Info: | ssl-cert: Subject: commonName=host1.albetaqa.site
				Script Info: | Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 2048
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2019-04-26T00:00:00
				Script Info: | Not valid after:  2020-04-25T23:59:59
				Script Info: | MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				Script Info: |_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			Port: 443/tcp   open   ssl/http     syn-ack ttl 49 Apache httpd
				Script Info: | http-methods:
				Script Info: |_  Supported Methods: POST OPTIONS HEAD GET
				Script Info: |_http-server-header: Apache
				Script Info: |_http-title: \xD9\x85\xD9\x88\xD9\x82\xD8\xB9 \xD8\xA7\xD9\x84\xD8\xA8\xD8\xB7\xD8\xA7\xD9\x82\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xAF\xD8\xB9\xD9\x88\xD9\x8A - albetaqa.site
				Script Info: | ssl-cert: Subject: commonName=albetaqa.site
				Script Info: | Subject Alternative Name: DNS:albetaqa.site, DNS:cpanel.albetaqa.site, DNS:mail.albetaqa.site, DNS:webdisk.albetaqa.site, DNS:webmail.albetaqa.site, DNS:www.albetaqa.site
				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 2048
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2019-05-17T00:00:00
				Script Info: | Not valid after:  2019-08-15T23:59:59
				Script Info: | MD5:   5f23 3545 47dc 2040 97db f15a ed10 148f
				Script Info: |_SHA-1: f049 d8fd d47d 0880 2d0b 3089 6be3 f722 f569 ae9a
			Port: 465/tcp   open   ssl/smtp     syn-ack ttl 49 Exim smtpd 4.92
				Script Info: | smtp-commands: host1.albetaqa.site Hello nmap.scanme.org [185.210.217.55], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
				Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
				Script Info: | ssl-cert: Subject: commonName=host1.albetaqa.site
				Script Info: | Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 2048
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2019-04-26T00:00:00
				Script Info: | Not valid after:  2020-04-25T23:59:59
				Script Info: | MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				Script Info: |_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			Port: 587/tcp   open   smtp         syn-ack ttl 49 Exim smtpd 4.92
				Script Info: | smtp-commands: host1.albetaqa.site Hello nmap.scanme.org [185.210.217.55], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
				Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
				Script Info: | ssl-cert: Subject: commonName=host1.albetaqa.site
				Script Info: | Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 2048
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2019-04-26T00:00:00
				Script Info: | Not valid after:  2020-04-25T23:59:59
				Script Info: | MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				Script Info: |_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			Port: 993/tcp   open   imaps?       syn-ack ttl 49
				Script Info: |_imap-capabilities: IDLE IMAP4rev1 NAMESPACE Pre-login ENABLE OK listed AUTH=PLAIN ID post-login SASL-IR more capabilities LITERAL+ AUTH=LOGINA0001 have LOGIN-REFERRALS
				Script Info: | ssl-cert: Subject: commonName=host1.albetaqa.site
				Script Info: | Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 2048
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2019-04-26T00:00:00
				Script Info: | Not valid after:  2020-04-25T23:59:59
				Script Info: | MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				Script Info: |_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
			Port: 995/tcp   open   pop3s?       syn-ack ttl 49
				Script Info: |_pop3-capabilities: SASL(PLAIN LOGIN) USER TOP AUTH-RESP-CODE PIPELINING CAPA UIDL RESP-CODES
				Script Info: | ssl-cert: Subject: commonName=host1.albetaqa.site
				Script Info: | Subject Alternative Name: DNS:host1.albetaqa.site, DNS:www.host1.albetaqa.site
				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 2048
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2019-04-26T00:00:00
				Script Info: | Not valid after:  2020-04-25T23:59:59
				Script Info: | MD5:   2ce4 375d 927c 0fbd 4708 13a1 4c76 5bee
				Script Info: |_SHA-1: e64e 8476 8887 6d56 db2d efa7 d6b8 eff6 efc0 9ad0
				Script Info: Device type: general purpose|storage-misc|media device|WAP
				Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
			Os Info:  Host: host1.albetaqa.site; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
			Open Folders: http://albetaqa.site/images/
			Open Folders: http://albetaqa.site/images/
			Open Folders: https://albetaqa.site/images/

#######################################################################################################################################
dnsenum VERSION:1.2.4

-----   www.albetaqa.site   -----


Host's addresses:
__________________

albetaqa.site.                           300      IN    A        67.225.171.176


Name Servers:
______________

ns1.liquidweb.com.                       86360    IN    A        69.16.223.254
ns.liquidweb.com.                        86387    IN    A        69.16.222.254


Mail (MX) Servers:
___________________

albetaqa.site.                           299      IN    A        67.225.171.176


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for www.albetaqa.site on ns1.liquidweb.com ...

Trying Zone Transfer for www.albetaqa.site on ns.liquidweb.com ...

brute force file not specified, bay.
#######################################################################################################################################
[3/25] http://www.albetaqa.site/books/pdf/m/s4rmdan.pdf
[4/25] https://www.albetaqa.site/books/pdf/m/adabwahkam.pdf
[5/25] https://www.albetaqa.site/books/pdf/m/gwam3klm.pdf
[6/25] http://www.albetaqa.site/books/pdf/m/ahkammsajd.pdf
[7/25] http://www.albetaqa.site/books/pdf/m/ad3yanbwya.pdf
[8/25] https://www.albetaqa.site/books/pdf/m/s4azkar.pdf
[9/25] https://www.albetaqa.site/books/pdf/m/s2azkar.pdf
[10/25] http://www.albetaqa.site/books/pdf/m/fdaelshabh.pdf
[11/25] https://www.albetaqa.site/books/pdf/m/ya2tyzman.pdf
[12/25] https://www.albetaqa.site/books/pdf/m/alrhmh.pdf
[13/25] http://www.albetaqa.site/books/pdf/m/knozazkar.pdf
[14/25] https://www.albetaqa.site/books/pdf/m/lbeeb.pdf
[15/25] http://www.albetaqa.site/books/pdf/m/ashratsa3h.pdf
[16/25] https://www.albetaqa.site/books/pdf/m/s3rmdan.pdf
[17/25] https://www.albetaqa.site/books/pdf/m/s3azkar.pdf
[18/25] https://www.albetaqa.site/books/pdf/m/mfatyhrzk.pdf
[19/25] http://www.albetaqa.site/books/pdf/m/sbhanallah.pdf
[20/25] https://www.albetaqa.site/books/pdf/m/wsaya.pdf
[21/25] http://www.albetaqa.site/books/pdf/m/sfthajj.pdf
[22/25] http://www.albetaqa.site/books/pdf/m/brwaldyn.pdf
[23/25] http://www.albetaqa.site/books/pdf/m/allmny.pdf
[24/25] https://www.albetaqa.site/books/pdf/q/084alensheqaq.pdf
[25/25] https://www.albetaqa.site/books/pdf/m/LaYhznon.pdf
---------------------------------------------------------------------------------------------------------------------------------------

[+] List of software found:
--------------------------------------------------------------------------------------------------------------------------------------
Adobe Acrobat 9.0 Image Conversion Plug-in
Adobe Acrobat 9.0
Adobe Acrobat 7.0 Image Conversion Plug-in
Adobe Acrobat 7

#######################################################################################################################################

SubOver v.1.2              Nizamul Rana (@Ice3man)
==================================================


[~] Enjoy your hunt !
[Not Vulnerable] .www.albetaqa.site
[Not Vulnerable] 67.225.171.176
[Not Vulnerable] domain
[Not Vulnerable] www.albetaqa.site
[Not Vulnerable] 128.65.195.96
[Not Vulnerable] www.banque-comores.km
#######################################################################################################################################
50.28.0.0/18
50.28.64.0/19
50.57.240.0/20
64.50.144.0/20
64.50.144.0/23
64.50.148.0/22
64.50.152.0/21
64.91.224.0/19
67.43.0.0/20
67.225.128.0/18
67.225.128.0/17
67.227.128.0/17
69.16.192.0/18
69.16.192.0/19
69.16.192.0/20
69.16.208.0/21
69.16.216.0/22
69.16.220.0/23
69.16.222.0/23
69.16.224.0/19
69.167.128.0/18
72.52.128.0/17
159.135.48.0/20
162.255.68.0/23
172.255.59.0/24
184.106.55.0/24
185.202.28.0/22
192.126.88.0/22
192.251.32.0/24
207.246.248.0/21
209.59.128.0/18
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:31 EDT
Nmap scan report for www.albetaqa.site (67.225.171.176)
Host is up (0.054s latency).
rDNS record for 67.225.171.176: host1.albetaqa.site
Not shown: 442 filtered ports, 23 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
465/tcp open  smtps
587/tcp open  submission
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 2.73 seconds
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:31 EDT
Nmap scan report for www.albetaqa.site (67.225.171.176)
Host is up (0.026s latency).
rDNS record for 67.225.171.176: host1.albetaqa.site
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open          domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:31 EDT
Nmap scan report for www.albetaqa.site (67.225.171.176)
Host is up (0.051s latency).
rDNS record for 67.225.171.176: host1.albetaqa.site

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Pure-FTPd
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 14 hops

TRACEROUTE (using port 21/tcp)
HOP RTT      ADDRESS
1   21.54 ms 10.248.200.1
2   46.17 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   30.75 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
4   21.58 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
5   22.00 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   22.00 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
7   29.21 ms be3259.ccr31.yyz02.atlas.cogentco.com (154.54.41.205)
8   36.80 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
9   43.61 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
10  43.67 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
11  43.09 ms 38.32.96.98
12  57.45 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
13  57.00 ms lw-dc3-dist14-po6.rtr.liquidweb.com (69.167.128.79)
14  55.25 ms host1.albetaqa.site (67.225.171.176)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:42 EDT
Nmap scan report for www.albetaqa.site (67.225.171.176)
Host is up.
rDNS record for 67.225.171.176: host1.albetaqa.site

PORT   STATE    SERVICE VERSION
22/tcp filtered ssh
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   27.11 ms 10.248.200.1
2   27.61 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   39.08 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
4   27.16 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
5   21.99 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   21.85 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
7   29.13 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
8   36.26 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
9   44.07 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
10  45.25 ms be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178)
11  44.48 ms 38.32.96.98
12  52.85 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
13  53.00 ms lw-dc3-dist14-po6.rtr.liquidweb.com (69.167.128.79)
14  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 19:02 EDT
Nmap scan report for www.albetaqa.site (67.225.171.176)
Host is up.
rDNS record for 67.225.171.176: host1.albetaqa.site

PORT   STATE    SERVICE VERSION
53/tcp filtered domain
Too many fingerprints match this host to give specific OS details

Host script results:
| dns-brute:
|   DNS Brute-force hostnames:
|     ftp.albetaqa.site - 67.225.171.176
|     smtp.albetaqa.site - 67.225.171.176
|     mail.albetaqa.site - 67.225.171.176
|_    www.albetaqa.site - 67.225.171.176

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   21.87 ms 10.248.200.1
2   22.29 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   40.28 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
4   22.10 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
5   22.50 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   22.52 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
7   29.91 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
8   37.32 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
9   44.30 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
10  44.95 ms be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178)
11  50.03 ms 38.32.96.98
12  58.62 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
13  58.01 ms lw-dc3-dist14-po6.rtr.liquidweb.com (69.167.128.79)
14  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 19:12 EDT
Nmap scan report for www.albetaqa.site (67.225.171.176)
Host is up.
rDNS record for 67.225.171.176: host1.albetaqa.site

PORT    STATE         SERVICE VERSION
123/udp open|filtered ntp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   28.26 ms 10.248.200.1
2   28.33 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
3   49.49 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
4   28.34 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
5   28.39 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
6   28.42 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
7   35.95 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
8   42.96 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
9   44.36 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
10  45.88 ms be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178)
11  43.90 ms 38.32.96.98
12  51.97 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
13  58.61 ms lw-dc3-dist14-po6.rtr.liquidweb.com (69.167.128.79)
14  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 19:20 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 19:20
Completed NSE at 19:20, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 19:20
Completed NSE at 19:20, 0.00s elapsed
Initiating Ping Scan at 19:20
Scanning www.albetaqa.site (67.225.171.176) [4 ports]
Completed Ping Scan at 19:20, 2.05s elapsed (1 total hosts)
Nmap scan report for www.albetaqa.site (67.225.171.176) [host down, received no-response]
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 19:20
Completed NSE at 19:20, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 19:20
Completed NSE at 19:20, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.58 seconds
           Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 19:20 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:20
Completed NSE at 19:20, 0.00s elapsed
Initiating NSE at 19:20
Completed NSE at 19:20, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 19:20
Completed Parallel DNS resolution of 1 host. at 19:20, 0.02s elapsed
Initiating UDP Scan at 19:20
Scanning www.albetaqa.site (67.225.171.176) [14 ports]
Completed UDP Scan at 19:20, 1.26s elapsed (14 total ports)
Initiating Service scan at 19:20
Scanning 12 services on www.albetaqa.site (67.225.171.176)
Service scan Timing: About 8.33% done; ETC: 19:39 (0:17:47 remaining)
Completed Service scan at 19:22, 102.58s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against www.albetaqa.site (67.225.171.176)
Retrying OS detection (try #2) against www.albetaqa.site (67.225.171.176)
Initiating Traceroute at 19:22
Completed Traceroute at 19:22, 7.05s elapsed
Initiating Parallel DNS resolution of 1 host. at 19:22
Completed Parallel DNS resolution of 1 host. at 19:22, 0.00s elapsed
NSE: Script scanning 67.225.171.176.
Initiating NSE at 19:22
Completed NSE at 19:22, 20.31s elapsed
Initiating NSE at 19:22
Completed NSE at 19:22, 1.02s elapsed
Nmap scan report for www.albetaqa.site (67.225.171.176)
Host is up (0.027s latency).
rDNS record for 67.225.171.176: host1.albetaqa.site

PORT     STATE         SERVICE      VERSION
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  filtered      netbios-ns
138/udp  filtered      netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using port 137/udp)
HOP RTT      ADDRESS
1   22.02 ms 10.248.200.1
2   ... 3
4   21.78 ms 10.248.200.1
5   31.35 ms 10.248.200.1
6   31.36 ms 10.248.200.1
7   31.36 ms 10.248.200.1
8   29.88 ms 10.248.200.1
9   24.49 ms 10.248.200.1
10  22.96 ms 10.248.200.1
11  ... 18
19  20.51 ms 10.248.200.1
20  20.76 ms 10.248.200.1
21  ... 22
23  21.65 ms 10.248.200.1
24  ... 29
30  21.93 ms 10.248.200.1

NSE: Script Post-scanning.
Initiating NSE at 19:22
Completed NSE at 19:22, 0.00s elapsed
Initiating NSE at 19:22
Completed NSE at 19:22, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 135.49 seconds
           Raw packets sent: 147 (13.614KB) | Rcvd: 26 (2.922KB)
#######################################################################################################################################
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#


NetRange:       67.225.128.0 - 67.225.255.255
CIDR:           67.225.128.0/17
NetName:        LIQUIDWEB
NetHandle:      NET-67-225-128-0-1
Parent:         NET67 (NET-67-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS32244
Organization:   Liquid Web, L.L.C (LQWB)
RegDate:        2007-11-26
Updated:        2016-12-19
Ref:            https://rdap.arin.net/registry/ip/67.225.128.0


OrgName:        Liquid Web, L.L.C
OrgId:          LQWB
Address:        4210 Creyts Rd.
City:           Lansing
StateProv:      MI
PostalCode:     48917
Country:        US
RegDate:        2001-07-19
Updated:        2016-10-21
Ref:            https://rdap.arin.net/registry/entity/LQWB

ReferralServer:  rwhois://rwhois.liquidweb.com:4321

OrgAbuseHandle: ABUSE551-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-800-580-4985
OrgAbuseEmail:  abuse@liquidweb.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE551-ARIN

OrgTechHandle: IPADM47-ARIN
OrgTechName:   IP Administrator
OrgTechPhone:  +1-800-580-4985
OrgTechEmail:  ipadmin@liquidweb.com
OrgTechRef:    https://rdap.arin.net/registry/entity/IPADM47-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#


Renvoi trouvé vers rwhois.liquidweb.com:4321.

%rwhois V-1.5:003eef:00 rwhois.z.int.liquidweb.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOURCEDNS.67.225.128.0/17
network:Auth-Area:67.225.128.0/17
network:Network-Name:SOURCEDNS-67.225.128.0
network:IP-Network:67.225.128.0/17
network:IP-Network-Block:67.225.128.0 - 67.225.255.255
network:Organization;I:SOURCEDNS
network:Org-Name:SourceDNS
network:Street-Address:4210 Creyts Rd.
network:City:Lansing
network:State:MI
network:Postal-Code:48917
network:Country-Code:US
network:Tech-Contact;I:admin@sourcedns.com
network:Created:20071126
network:Updated:20071126
network:Updated-By:admin@sourcedns.com
network:Abuse:abuse@sourcedns.com
#######################################################################################################################################
===============================================
-=Subfinder v1.1.3 github.com/subfinder/subfinder
===============================================


Running Source: Ask
Running Source: Archive.is
Running Source: Baidu
Running Source: Bing
Running Source: CertDB
Running Source: CertificateTransparency
Running Source: Certspotter
Running Source: Commoncrawl
Running Source: Crt.sh
Running Source: Dnsdb
Running Source: DNSDumpster
Running Source: DNSTable
Running Source: Dogpile
Running Source: Exalead
Running Source: Findsubdomains
Running Source: Googleter
Running Source: Hackertarget
Running Source: Ipv4Info
Running Source: PTRArchive
Running Source: Sitedossier
Running Source: Threatcrowd
Running Source: ThreatMiner
Running Source: WaybackArchive
Running Source: Yahoo

Running enumeration on 67.225.171.176

dnsdb: Unexpected return status 503

certspotter: json: cannot unmarshal object into Go value of type []certspotter.certspotterObject

waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.67.225.171.176/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL

ipv4info: <nil>

dogpile: Get https://www.dogpile.com/search/web?q=67.225.171.176&qsi=1: EOF


Starting Bruteforcing of 67.225.171.176 with 9985 words

Total 1 Unique subdomains found for 67.225.171.176

.67.225.171.176
#######################################################################################################################################
[+] 67.225.171.176 has no SPF record!
[*] No DMARC record found. Looking for organizational record
[+] No organizational DMARC record
[+] Spoofing possible for 67.225.171.176!
#######################################################################################################################################
dig: '.67.225.171.176' is not a legal name (empty label)

SubOver v.1.2              Nizamul Rana (@Ice3man)
==================================================


[~] Enjoy your hunt !
[Not Vulnerable] .67.225.171.176
[Not Vulnerable] 128.65.195.96
[Not Vulnerable] 67.225.171.176
[Not Vulnerable] domain
[Not Vulnerable] www.albetaqa.site
[Not Vulnerable] www.banque-comores.km
#######################################################################################################################################
50.28.0.0/18
50.28.64.0/19
50.57.240.0/20
64.50.144.0/20
64.50.144.0/23
64.50.148.0/22
64.50.152.0/21
64.91.224.0/19
67.43.0.0/20
67.225.128.0/18
67.225.128.0/17
67.227.128.0/17
69.16.192.0/18
69.16.192.0/19
69.16.192.0/20
69.16.208.0/21
69.16.216.0/22
69.16.220.0/23
69.16.222.0/23
69.16.224.0/19
69.167.128.0/18
72.52.128.0/17
159.135.48.0/20
162.255.68.0/23
172.255.59.0/24
184.106.55.0/24
185.202.28.0/22
192.126.88.0/22
192.251.32.0/24
207.246.248.0/21
209.59.128.0/18
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 17:27 EDT
Warning: 67.225.171.176 giving up on port because retransmission cap hit (2).
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up (0.34s latency).
Not shown: 462 filtered ports, 3 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
465/tcp open  smtps
587/tcp open  submission
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 108.62 seconds
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 17:29 EDT
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up (0.19s latency).
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open          domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 2.83 seconds
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 17:29 EDT
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up (0.28s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Pure-FTPd
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (90%)
OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: Linux 4.4 (90%), Linux 3.10 - 3.12 (89%), Linux 4.9 (87%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 18 hops

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   172.84 ms 10.247.200.1
2   174.01 ms 213.184.122.97
3   172.88 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   175.06 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
5   173.46 ms bzq-219-189-34.dsl.bezeqint.net (62.219.189.34)
6   211.63 ms ix-ae-4-0.tcore2.wyn-marseille.as6453.net (80.231.200.73)
7   306.35 ms if-ae-9-2.tcore2.l78-london.as6453.net (80.231.200.14)
8   307.35 ms if-ae-15-2.tcore2.ldn-london.as6453.net (80.231.131.118)
9   315.39 ms if-ae-32-2.tcore2.nto-new-york.as6453.net (63.243.216.22)
10  306.74 ms if-ae-12-2.tcore1.n75-new-york.as6453.net (66.110.96.5)
11  318.97 ms 66.110.96.130
12  304.49 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
13  317.74 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
14  336.99 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
15  339.51 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
16  330.09 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
17  339.87 ms lw-dc3-dist14-po5.rtr.liquidweb.com (69.167.128.75)
18  339.06 ms host1.albetaqa.site (67.225.171.176)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 17:40 EDT
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up.

PORT   STATE    SERVICE VERSION
22/tcp filtered ssh
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   177.83 ms 10.247.200.1
2   179.44 ms 213.184.122.97
3   177.87 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   178.66 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
5   178.69 ms bzq-179-124-54.cust.bezeqint.net (212.179.124.54)
6   210.96 ms ix-ae-4-0.tcore2.wyn-marseille.as6453.net (80.231.200.73)
7   305.55 ms if-ae-9-2.tcore2.l78-london.as6453.net (80.231.200.14)
8   306.55 ms if-ae-15-2.tcore2.ldn-london.as6453.net (80.231.131.118)
9   314.37 ms if-ae-32-2.tcore2.nto-new-york.as6453.net (63.243.216.22)
10  305.64 ms if-ae-12-2.tcore1.n75-new-york.as6453.net (66.110.96.5)
11  306.14 ms 66.110.96.150
12  310.91 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
13  326.33 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
14  336.49 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
15  339.15 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
16  339.20 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
17  340.40 ms lw-dc3-dist14-po5.rtr.liquidweb.com (69.167.128.75)
18  ... 30
#######################################################################################################################################
USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
RHOSTS => 67.225.171.176
RHOST => 67.225.171.176
[*] 67.225.171.176:22 - SSH - Using malformed packet technique
[*] 67.225.171.176:22 - SSH - Starting scan
[-] 67.225.171.176:22 - SSH - User 'admin' on could not connect
[-] 67.225.171.176:22 - SSH - User 'administrator' on could not connect
[-] 67.225.171.176:22 - SSH - User 'anonymous' on could not connect
[-] 67.225.171.176:22 - SSH - User 'backup' on could not connect
[-] 67.225.171.176:22 - SSH - User 'bee' on could not connect
[-] 67.225.171.176:22 - SSH - User 'ftp' on could not connect
[-] 67.225.171.176:22 - SSH - User 'guest' on could not connect
[-] 67.225.171.176:22 - SSH - User 'GUEST' on could not connect
[-] 67.225.171.176:22 - SSH - User 'info' on could not connect
[-] 67.225.171.176:22 - SSH - User 'mail' on could not connect
[-] 67.225.171.176:22 - SSH - User 'mailadmin' on could not connect
[-] 67.225.171.176:22 - SSH - User 'msfadmin' on could not connect
[-] 67.225.171.176:22 - SSH - User 'mysql' on could not connect
[-] 67.225.171.176:22 - SSH - User 'nobody' on could not connect
[-] 67.225.171.176:22 - SSH - User 'oracle' on could not connect
[-] 67.225.171.176:22 - SSH - User 'owaspbwa' on could not connect
[-] 67.225.171.176:22 - SSH - User 'postfix' on could not connect
[-] 67.225.171.176:22 - SSH - User 'postgres' on could not connect
[-] 67.225.171.176:22 - SSH - User 'private' on could not connect
[-] 67.225.171.176:22 - SSH - User 'proftpd' on could not connect
[-] 67.225.171.176:22 - SSH - User 'public' on could not connect
[-] 67.225.171.176:22 - SSH - User 'root' on could not connect
[-] 67.225.171.176:22 - SSH - User 'superadmin' on could not connect
[-] 67.225.171.176:22 - SSH - User 'support' on could not connect
[-] 67.225.171.176:22 - SSH - User 'sys' on could not connect
[-] 67.225.171.176:22 - SSH - User 'system' on could not connect
[-] 67.225.171.176:22 - SSH - User 'systemadmin' on could not connect
[-] 67.225.171.176:22 - SSH - User 'systemadministrator' on could not connect
[-] 67.225.171.176:22 - SSH - User 'test' on could not connect
[-] 67.225.171.176:22 - SSH - User 'tomcat' on could not connect
[-] 67.225.171.176:22 - SSH - User 'user' on could not connect
[-] 67.225.171.176:22 - SSH - User 'webmaster' on could not connect
[-] 67.225.171.176:22 - SSH - User 'www-data' on could not connect
[-] 67.225.171.176:22 - SSH - User 'Fortimanager_Access' on could not connect
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:00 EDT
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up.

PORT   STATE    SERVICE VERSION
53/tcp filtered domain
Too many fingerprints match this host to give specific OS details

Host script results:
| dns-brute:
|   DNS Brute-force hostnames:
|     www.albetaqa.site - 67.225.171.176
|     ftp.albetaqa.site - 67.225.171.176
|     mail.albetaqa.site - 67.225.171.176
|_    smtp.albetaqa.site - 67.225.171.176

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   175.66 ms 10.247.200.1
2   176.85 ms 213.184.122.97
3   182.07 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   176.12 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
5   176.51 ms bzq-179-124-54.cust.bezeqint.net (212.179.124.54)
6   214.42 ms ix-ae-4-0.tcore2.wyn-marseille.as6453.net (80.231.200.73)
7   309.24 ms if-ae-9-2.tcore2.l78-london.as6453.net (80.231.200.14)
8   309.93 ms if-ae-15-2.tcore2.ldn-london.as6453.net (80.231.131.118)
9   318.39 ms if-ae-32-2.tcore2.nto-new-york.as6453.net (63.243.216.22)
10  309.33 ms if-ae-12-2.tcore1.n75-new-york.as6453.net (66.110.96.5)
11  306.79 ms 66.110.96.150
12  311.38 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
13  327.38 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
14  337.40 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
15  340.42 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
16  337.60 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
17  340.99 ms lw-dc3-dist14-po5.rtr.liquidweb.com (69.167.128.75)
18  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:01 EDT
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up.

PORT   STATE         SERVICE VERSION
67/udp open|filtered dhcps
|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   173.02 ms 10.247.200.1
2   174.02 ms 213.184.122.97
3   176.00 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   173.43 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
5   173.61 ms bzq-179-124-54.cust.bezeqint.net (212.179.124.54)
6   211.87 ms ix-ae-4-0.tcore2.wyn-marseille.as6453.net (80.231.200.73)
7   306.30 ms if-ae-9-2.tcore2.l78-london.as6453.net (80.231.200.14)
8   306.65 ms if-ae-15-2.tcore2.ldn-london.as6453.net (80.231.131.118)
9   314.91 ms if-ae-32-2.tcore2.nto-new-york.as6453.net (63.243.216.22)
10  306.51 ms if-ae-12-2.tcore1.n75-new-york.as6453.net (66.110.96.5)
11  306.22 ms 66.110.96.150
12  311.81 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
13  325.48 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
14  336.61 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
15  339.58 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
16  338.25 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
17  339.19 ms lw-dc3-dist14-po5.rtr.liquidweb.com (69.167.128.75)
18  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:03 EDT
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up.

PORT   STATE         SERVICE VERSION
68/udp open|filtered dhcpc
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   175.01 ms 10.247.200.1
2   178.74 ms 213.184.122.97
3   176.78 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   176.96 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
5   178.72 ms bzq-179-124-54.cust.bezeqint.net (212.179.124.54)
6   214.37 ms ix-ae-4-0.tcore2.wyn-marseille.as6453.net (80.231.200.73)
7   307.12 ms if-ae-9-2.tcore2.l78-london.as6453.net (80.231.200.14)
8   307.43 ms if-ae-15-2.tcore2.ldn-london.as6453.net (80.231.131.118)
9   315.85 ms if-ae-32-2.tcore2.nto-new-york.as6453.net (63.243.216.22)
10  307.21 ms if-ae-12-2.tcore1.n75-new-york.as6453.net (66.110.96.5)
11  311.35 ms 66.110.96.150
12  315.88 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
13  330.30 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
14  341.69 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
15  344.87 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
16  337.12 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
17  339.92 ms lw-dc3-dist14-po5.rtr.liquidweb.com (69.167.128.75)
18  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:04 EDT
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up.

PORT   STATE         SERVICE VERSION
69/udp open|filtered tftp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   178.27 ms 10.247.200.1
2   179.35 ms 213.184.122.97
3   178.44 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   178.57 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
5   178.96 ms bzq-179-124-54.cust.bezeqint.net (212.179.124.54)
6   210.04 ms ix-ae-4-0.tcore2.wyn-marseille.as6453.net (80.231.200.73)
7   304.84 ms if-ae-9-2.tcore2.l78-london.as6453.net (80.231.200.14)
8   305.01 ms if-ae-15-2.tcore2.ldn-london.as6453.net (80.231.131.118)
9   313.48 ms if-ae-32-2.tcore2.nto-new-york.as6453.net (63.243.216.22)
10  304.92 ms if-ae-12-2.tcore1.n75-new-york.as6453.net (66.110.96.5)
11  305.59 ms 66.110.96.150
12  310.37 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
13  325.74 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
14  336.36 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
15  338.56 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
16  336.86 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
17  340.10 ms lw-dc3-dist14-po5.rtr.liquidweb.com (69.167.128.75)
18  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:10 EDT
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up.

PORT    STATE         SERVICE VERSION
123/udp open|filtered ntp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   174.60 ms 10.247.200.1
2   176.41 ms 213.184.122.97
3   176.05 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   176.11 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
5   176.39 ms bzq-179-124-54.cust.bezeqint.net (212.179.124.54)
6   213.22 ms ix-ae-4-0.tcore2.wyn-marseille.as6453.net (80.231.200.73)
7   ...
8   306.23 ms if-ae-15-2.tcore2.ldn-london.as6453.net (80.231.131.118)
9   329.38 ms if-ae-32-2.tcore2.nto-new-york.as6453.net (63.243.216.22)
10  306.21 ms if-ae-12-2.tcore1.n75-new-york.as6453.net (66.110.96.5)
11  306.08 ms 66.110.96.150
12  311.28 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
13  325.32 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
14  336.41 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
15  339.43 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
16  337.95 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
17  340.50 ms lw-dc3-dist14-po5.rtr.liquidweb.com (69.167.128.75)
18  ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:17 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 18:18
Completed NSE at 18:18, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 18:18
Completed NSE at 18:18, 0.00s elapsed
Initiating Ping Scan at 18:18
Scanning 67.225.171.176 [4 ports]
Completed Ping Scan at 18:18, 2.04s elapsed (1 total hosts)
Nmap scan report for 67.225.171.176 [host down, received no-response]
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 18:18
Completed NSE at 18:18, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 18:18
Completed NSE at 18:18, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.57 seconds
           Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-27 18:18 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 18:18
Completed NSE at 18:18, 0.00s elapsed
Initiating NSE at 18:18
Completed NSE at 18:18, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 18:18
Completed Parallel DNS resolution of 1 host. at 18:18, 0.03s elapsed
Initiating UDP Scan at 18:18
Scanning host1.albetaqa.site (67.225.171.176) [14 ports]
Completed UDP Scan at 18:18, 2.61s elapsed (14 total ports)
Initiating Service scan at 18:18
Scanning 12 services on host1.albetaqa.site (67.225.171.176)
Service scan Timing: About 8.33% done; ETC: 18:36 (0:17:03 remaining)
Completed Service scan at 18:19, 102.60s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against host1.albetaqa.site (67.225.171.176)
Retrying OS detection (try #2) against host1.albetaqa.site (67.225.171.176)
Initiating Traceroute at 18:19
Completed Traceroute at 18:20, 7.39s elapsed
Initiating Parallel DNS resolution of 1 host. at 18:20
Completed Parallel DNS resolution of 1 host. at 18:20, 0.00s elapsed
NSE: Script scanning 67.225.171.176.
Initiating NSE at 18:20
Completed NSE at 18:20, 20.33s elapsed
Initiating NSE at 18:20
Completed NSE at 18:20, 1.33s elapsed
Nmap scan report for host1.albetaqa.site (67.225.171.176)
Host is up (0.17s latency).

PORT     STATE         SERVICE      VERSION
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  filtered      netbios-ns
138/udp  filtered      netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using port 137/udp)
HOP RTT       ADDRESS
1   172.20 ms 10.247.200.1
2   ... 3
4   172.20 ms 10.247.200.1
5   174.04 ms 10.247.200.1
6   174.03 ms 10.247.200.1
7   174.03 ms 10.247.200.1
8   174.02 ms 10.247.200.1
9   174.02 ms 10.247.200.1
10  174.05 ms 10.247.200.1
11  ... 18
19  171.85 ms 10.247.200.1
20  171.76 ms 10.247.200.1
21  ... 27
28  171.96 ms 10.247.200.1
29  171.79 ms 10.247.200.1
30  172.42 ms 10.247.200.1

NSE: Script Post-scanning.
Initiating NSE at 18:20
Completed NSE at 18:20, 0.00s elapsed
Initiating NSE at 18:20
Completed NSE at 18:20, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 140.93 seconds
           Raw packets sent: 148 (13.692KB) | Rcvd: 24 (2.638KB)
#######################################################################################################################################
Hosts
=====

address         mac  name                   os_name  os_flavor  os_sp  purpose  info  comments
-------         ---  ----                   -------  ---------  -----  -------  ----  --------
67.225.171.176       host1.albetaqa.site    Unknown                    device
128.65.195.96        h2web50.infomaniak.ch  Unknown                    device

Services
========

host            port  proto  name          state     info
----            ----  -----  ----          -----     ----
67.225.171.176  21    tcp    ftp           open
67.225.171.176  22    tcp    ssh           open
67.225.171.176  53    tcp    domain        open
67.225.171.176  53    udp    domain        open
67.225.171.176  67    udp    dhcps         unknown
67.225.171.176  68    udp    dhcpc         unknown
67.225.171.176  69    udp    tftp          unknown
67.225.171.176  80    tcp    http          open
67.225.171.176  88    udp    kerberos-sec  unknown
67.225.171.176  110   tcp    pop3          open
67.225.171.176  123   udp    ntp           unknown
67.225.171.176  137   udp    netbios-ns    filtered
67.225.171.176  138   udp    netbios-dgm   filtered
67.225.171.176  139   udp    netbios-ssn   unknown
67.225.171.176  143   tcp    imap          open
67.225.171.176  161   udp    snmp          unknown
67.225.171.176  162   udp    snmptrap      unknown
67.225.171.176  389   udp    ldap          unknown
67.225.171.176  443   tcp    https         open
67.225.171.176  465   tcp    smtps         open
67.225.171.176  520   udp    route         unknown
67.225.171.176  587   tcp    submission    open
67.225.171.176  993   tcp    imaps         open
67.225.171.176  995   tcp    pop3s         open
67.225.171.176  2049  udp    nfs           unknown
128.65.195.96   21    tcp    ftp           open
128.65.195.96   22    tcp    ssh           open
128.65.195.96   53    udp    domain        unknown
128.65.195.96   67    udp    dhcps         unknown
128.65.195.96   68    udp    dhcpc         unknown
128.65.195.96   69    udp    tftp          unknown
128.65.195.96   80    tcp    http          open
128.65.195.96   88    udp    kerberos-sec  unknown
128.65.195.96   123   udp    ntp           unknown
128.65.195.96   137   udp    netbios-ns    filtered
128.65.195.96   138   udp    netbios-dgm   filtered
128.65.195.96   139   udp    netbios-ssn   unknown
128.65.195.96   161   udp    snmp          unknown
128.65.195.96   162   udp    snmptrap      unknown
128.65.195.96   389   udp    ldap          unknown
128.65.195.96   443   tcp    https         open
128.65.195.96   520   udp    route         unknown
128.65.195.96   2049  udp    nfs           unknown
128.65.195.96   2222  tcp    ethernetip-1  open
#######################################################################################################################################
[I] Threads: 5
[-] Target: https://www.albetaqa.site (67.225.171.176)
[I] Server: Apache
[L] X-Frame-Options: Not Enforced
[I] Strict-Transport-Security: Not Enforced
[I] X-Content-Security-Policy: Not Enforced
[I] X-Content-Type-Options: Not Enforced
[L] Robots.txt Found: https://www.albetaqa.site/robots.txt
[I] CMS Detection: WordPress
[H] Configuration File Found: https://www.albetaqa.site/wp-config
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php~
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.txt
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.old
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php_old
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php-old
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.save
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.swp
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.swo
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php_bak
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php-bak
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.original
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.old
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.orig
[H] Configuration File Found: https://www.albetaqa.site/wp-config.php.bak
[H] Configuration File Found: https://www.albetaqa.site/wp-config.save
[H] Configuration File Found: https://www.albetaqa.site/wp-config.old
[H] Configuration File Found: https://www.albetaqa.site/wp-config.bak
[H] Configuration File Found: https://www.albetaqa.site/wp-config.orig
[H] Configuration File Found: https://www.albetaqa.site/wp-config.txt
[M] XML-RPC services are enabled
[I] Autocomplete Off Not Found: https://www.albetaqa.site/wp-login.php
[-] Default WordPress Files:
[I] https://www.albetaqa.site/license.txt
[I] https://www.albetaqa.site/readme.html
[I] https://www.albetaqa.site/wp-content/themes/twentyeleven/license.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyeleven/readme.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyfifteen/genericons/COPYING.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyfifteen/genericons/LICENSE.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyfifteen/readme.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyfourteen/genericons/COPYING.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyfourteen/genericons/LICENSE.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyfourteen/genericons/README.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyfourteen/readme.txt
[I] https://www.albetaqa.site/wp-content/themes/twentynineteen/readme.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyseventeen/README.txt
[I] https://www.albetaqa.site/wp-content/themes/twentysixteen/genericons/COPYING.txt
[I] https://www.albetaqa.site/wp-content/themes/twentysixteen/genericons/LICENSE.txt
[I] https://www.albetaqa.site/wp-content/themes/twentysixteen/readme.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyten/license.txt
[I] https://www.albetaqa.site/wp-content/themes/twentyten/readme.txt
[I] https://www.albetaqa.site/wp-content/themes/twentythirteen/genericons/COPYING.txt
[I] https://www.albetaqa.site/wp-content/themes/twentythirteen/genericons/LICENSE.txt
[I] https://www.albetaqa.site/wp-content/themes/twentythirteen/genericons/README.txt
[I] https://www.albetaqa.site/wp-content/themes/twentythirteen/readme.txt
[I] https://www.albetaqa.site/wp-content/themes/twentytwelve/readme.txt
[I] https://www.albetaqa.site/wp-includes/ID3/license.commercial.txt
[I] https://www.albetaqa.site/wp-includes/ID3/license.txt
[I] https://www.albetaqa.site/wp-includes/ID3/readme.txt
[I] https://www.albetaqa.site/wp-includes/images/crystal/license.txt
[I] https://www.albetaqa.site/wp-includes/js/plupload/license.txt
[I] https://www.albetaqa.site/wp-includes/js/swfupload/license.txt
[I] https://www.albetaqa.site/wp-includes/js/tinymce/license.txt
[-] Searching Wordpress Plugins ...
[I] "+plugin+"
[I] $plugin
[I] 1-flash-gallery
[M]  EDB-ID: 17801 "WordPress Plugin 1 Flash Gallery 1.30 < 1.5.7a - Arbitrary File Upload (Metasploit)"
[I] 1-jquery-photo-gallery-slideshow-flash
[M]  EDB-ID: 36382 "WordPress Plugin 1-jquery-photo-gallery-Slideshow-flash 1.01 - Cross-Site Scripting"
[I] 2-click-socialmedia-buttons
[M]  EDB-ID: 37178 "WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities"
[I] Calendar
[M]  EDB-ID: 21715 "WordPress Plugin spider Calendar - Multiple Vulnerabilities"
[I] Calendar-Script
[M]  EDB-ID: 38018 "WordPress Plugin PHP Event Calendar - 'cid' SQL Injection"
[I] Enigma2.php?boarddir=http:
[I] FlagEm
[M]  EDB-ID: 38674 "WordPress Plugin FlagEm - 'cID' Cross-Site Scripting"
[I] Lead-Octopus-Power
[M]  EDB-ID: 39269 "WordPress Plugin Lead Octopus Power - 'id' SQL Injection"
[I] Premium_Gallery_Manager
[M]  EDB-ID: 34538 "WordPress Plugin Premium Gallery Manager - Configuration Access"
[M]  EDB-ID: 39111 "WordPress Plugin Premium Gallery Manager - Arbitrary File Upload"
[I] Tevolution
[M]  EDB-ID: 40976 "WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload"
[I] a-gallery
[M]  EDB-ID: 17872 "Multiple WordPress Plugins - 'timthumb.php' File Upload"
[I] a-to-z-category-listing
[M]  EDB-ID: 17809 "WordPress Plugin A to Z Category Listing 1.3 - SQL Injection"
[I] abtest
[M]  EDB-ID: 39577 "WordPress Plugin Abtest - Local File Inclusion"
[I] accept-signups
[M]  EDB-ID: 35136 "WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scripting"
[I] acf-frontend-display
[I] ad-wizz
[M]  EDB-ID: 35561 "WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting"
[I] admin_panel.php?wp_footnotes_current_settings[post_footnotes]=&lt;
/bin/sh: 1: lt: not found
/bin/sh: 1: [&=/]: not found
[I] admin_panel.php?wp_footnotes_current_settings[pre_footnotes]=&lt;
/bin/sh: 1: lt: not found
/bin/sh: 1: [&=/]: not found
[I] adminimize
[M]  EDB-ID: 36325 "WordPress Plugin Adminimize 1.7.21 - 'page' Cross-Site Scripting"
[I] adrotate
[M]  EDB-ID: 17888 "WordPress Plugin AdRotate 3.6.5 - SQL Injection"
[M]  EDB-ID: 18114 "WordPress Plugin AdRotate 3.6.6 - SQL Injection"
[M]  EDB-ID: 31834 "WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection"
[I] ads-box
[M]  EDB-ID: 38060 "WordPress Plugin Ads Box - 'count' SQL Injection"
[I] advanced-dewplayer
[M]  EDB-ID: 38936 "WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal"
[I] advanced-text-widget
[M]  EDB-ID: 36324 "WordPress Plugin Advanced Text Widget 2.0 - 'page' Cross-Site Scripting"
[I] advanced-uploader
[M]  EDB-ID: 38867 "WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities"
[I] advertizer
[M]  EDB-ID: 17750 "WordPress Plugin Advertizer 1.0 - SQL Injection"
[I] age-verification
[M]  EDB-ID: 18350 "WordPress Plugin Age Verification 0.4 - Open Redirect"
[M]  EDB-ID: 36540 "WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection"
[I] ajax-category-dropdown
[M]  EDB-ID: 17207 "WordPress Plugin Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities"
[I] ajax-store-locator-wordpress_0
[M]  EDB-ID: 35493 "WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download"
[I] ajaxgallery
[M]  EDB-ID: 17686 "WordPress Plugin Ajax Gallery 3.0 - SQL Injection"
[I] akismet
[M]  EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
[M]  EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
[I] alert-before-your-post
[M]  EDB-ID: 36323 "WordPress Plugin Alert Before Your Post - 'name' Cross-Site Scripting"
[I] all-in-one-event-calendar
[M]  EDB-ID: 37075 "WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget-form.php?title' Cross-Site Scripting"
[M]  EDB-ID: 37076 "WordPress Plugin All-in-One Event Calendar 1.4 - 'box_publish_button.php?button_value' Cross-Site Scripting"
[M]  EDB-ID: 37077 "WordPress Plugin All-in-One Event Calendar 1.4 - 'save_successful.php?msg' Cross-Site Scripting"
[M]  EDB-ID: 37078 "WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Cross-Site Scripting Vulnerabilities"
[I] all-in-one-wp-security-and-firewall
[M]  EDB-ID: 34854 "WordPress Plugin All In One WP Security & Firewall 3.8.3 - Persistent Cross-Site Scripting"
[I] all-video-gallery
[M]  EDB-ID: 22427 "WordPress Plugin All Video Gallery 1.1 - SQL Injection"
[I] allow-php-in-posts-and-pages
[M]  EDB-ID: 17688 "WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection"
[I] allwebmenus-wordpress-menu-plugin
[M]  EDB-ID: 17861 "WordPress Plugin AllWebMenus 1.1.3 - Remote File Inclusion"
[M]  EDB-ID: 18407 "WordPress Plugin AllWebMenus < 1.1.9 Menu Plugin - Arbitrary File Upload"
[I] alo-easymail
[I] annonces
[M]  EDB-ID: 17863 "WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion"
[I] answer-my-question
[M]  EDB-ID: 40771 "WordPress Plugin Answer My Question 1.3 - SQL Injection"
[I] appointment-booking-calendar
[M]  EDB-ID: 39309 "WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection"
[M]  EDB-ID: 39319 "WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection"
[M]  EDB-ID: 39341 "WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities"
[M]  EDB-ID: 39342 "WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection"
[I] aspose-doc-exporter
[M]  EDB-ID: 36559 "WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download"
[I] asset-manager
[M]  EDB-ID: 18993 "WordPress Plugin Asset Manager 0.2 - Arbitrary File Upload"
[I] audio
[M]  EDB-ID: 35258 "WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting"
[I] audio-player
[M]  EDB-ID: 38300 "WordPress Plugin Audio Player - 'playerID' Cross-Site Scripting"
[I] auto-attachments
[I] aviary-image-editor-add-on-for-gravity-forms
[M]  EDB-ID: 37275 "WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload"
[I] backwpup
[M]  EDB-ID: 35400 "WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities"
[I] baggage-freight
[M]  EDB-ID: 46061 "WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload"
[I] baggage_shipping
[I] bbpress
[M]  EDB-ID: 22396 "WordPress Plugin bbPress - Multiple Vulnerabilities"
[I] bezahlcode-generator
[M]  EDB-ID: 35286 "WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting"
[I] booking
[M]  EDB-ID: 27399 "WordPress Plugin Booking Calendar 4.1.4 - Cross-Site Request Forgery"
[I] booking-calendar-contact-form
[M]  EDB-ID: 37003 "WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities"
[I] bookx
[M]  EDB-ID: 39251 "WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion"
[I] brandfolder
[M]  EDB-ID: 39591 "WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion"
[I] cac-featured-content
[I] candidate-application-form
[M]  EDB-ID: 37754 "WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download"
[I] catalog
[M]  EDB-ID: 25724 "WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities"
[M]  EDB-ID: 38639 "WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities"
[I] category-grid-view-gallery
[M]  EDB-ID: 38625 "WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting"
[I] category-list-portfolio-page
[I] cevhershare
[M]  EDB-ID: 17891 "WordPress Plugin CevherShare 2.0 - SQL Injection"
[I] cforms
[M]  EDB-ID: 34946 "WordPress Plugin cformsII 11.5/13.1 - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities"
[I] cforms2
[M]  EDB-ID: 35879 "WordPress Plugin Cforms 14.7 - Remote Code Execution"
[I] chenpress
[M]  EDB-ID: 37522 "WordPress Plugin chenpress - Arbitrary File Upload"
[I] church-admin
[M]  EDB-ID: 37483 "WordPress Plugin church_admin - 'id' Cross-Site Scripting"
[I] cimy-counter
[M]  EDB-ID: 14057 "WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting"
[M]  EDB-ID: 34195 "WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting / Cross-Site Scripting"
[I] clickdesk-live-support-chat
[M]  EDB-ID: 36338 "WordPress Plugin ClickDesk Live Support 2.0 - 'cdwidget' Cross-Site Scripting"
[I] cloudsafe365-for-wp
[M]  EDB-ID: 37681 "WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure"
[I] cm-download-manager
[M]  EDB-ID: 35324 "WordPress Plugin CM Download Manager 2.0.0 - Code Injection"
[I] cms-pack
[I] cnhk-slideshow
[M]  EDB-ID: 39190 "WordPress Plugin cnhk-Slideshow - Arbitrary File Upload"
[I] comicpress-manager
[M]  EDB-ID: 35393 "WordPress Plugin ComicPress Manager 1.4.9 - 'lang' Cross-Site Scripting"
[I] comment-rating
[M]  EDB-ID: 16221 "WordPress Plugin Comment Rating 2.9.23 - Multiple Vulnerabilities"
[M]  EDB-ID: 24552 "WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities"
[M]  EDB-ID: 36487 "WordPress Plugin Comment Rating 2.9.20 - 'path' Cross-Site Scripting"
[I] community-events
[M]  EDB-ID: 17798 "WordPress Plugin Community Events 1.2.1 - SQL Injection"
[I] complete-gallery-manager
[M]  EDB-ID: 28377 "WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload"
[I] contact-form-generator
[M]  EDB-ID: 38086 "WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities"
[I] contact-form-wordpress
[M]  EDB-ID: 17980 "WordPress Plugin Contact Form 2.7.5 - SQL Injection"
[I] contus-hd-flv-player
[M]  EDB-ID: 17678 "WordPress Plugin Contus HD FLV Player 1.3 - SQL Injection"
[M]  EDB-ID: 37377 "WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload"
[I] contus-video-gallery
[M]  EDB-ID: 34161 "WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities"
[I] contus-video-galleryversion-10
[M]  EDB-ID: 37373 "WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload"
[I] copyright-licensing-tools
[M]  EDB-ID: 17749 "WordPress Plugin iCopyright(R) Article Tools 1.1.4 - SQL Injection"
[I] count-per-day
[M]  EDB-ID: 17857 "WordPress Plugin Count per Day 2.17 - SQL Injection"
[M]  EDB-ID: 18355 "WordPress Plugin Count Per Day - Multiple Vulnerabilities"
[M]  EDB-ID: 20862 "WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting"
[I] couponer
[M]  EDB-ID: 17759 "WordPress Plugin Couponer 1.2 - SQL Injection"
[I] cp-polls
[M]  EDB-ID: 39513 "WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities"
[I] cp-reservation-calendar
[M]  EDB-ID: 38187 "WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection"
[I] cpl
[M]  EDB-ID: 11458 "WordPress Plugin Copperleaf Photolog 0.16 - SQL Injection"
[I] crawlrate-tracker
[M]  EDB-ID: 17755 "WordPress Plugin Crawl Rate Tracker 2.0.2 - SQL Injection"
[I] crayon-syntax-highlighter
[M]  EDB-ID: 37946 "WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion"
[I] custom-background
[M]  EDB-ID: 39135 "WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload"
[I] custom-content-type-manager
[M]  EDB-ID: 19058 "WordPress Plugin Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload"
[I] custom-tables
[M]  EDB-ID: 37482 "WordPress Plugin custom tables - 'key' Cross-Site Scripting"
[I] cysteme-finder
[M]  EDB-ID: 40295 "WordPress Plugin CYSTEME Finder 1.3 - Arbitrary File Disclosure/Arbitrary File Upload"
[I] daily-maui-photo-widget
[M]  EDB-ID: 35673 "WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities"
[I] db-backup
[M]  EDB-ID: 35378 "WordPress Plugin DB Backup - Arbitrary File Download"
[I] disclosure-policy-plugin
[M]  EDB-ID: 17865 "WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion"
[I] dm-albums
[M]  EDB-ID: 9043 "Adobe Flash Selection.SetSelection - Use-After-Free"
[M]  EDB-ID: 9048 "Adobe Flash TextField.replaceText - Use-After-Free"
[I] dmsguestbook
[I] downloads-manager
[M]  EDB-ID: 6127 "Pixel Studio 2.17 - Denial of Service (PoC)"
[I] dp-thumbnail
[I] drag-drop-file-uploader
[M]  EDB-ID: 19057 "WordPress Plugin drag and drop file upload 0.1 - Arbitrary File Upload"
[I] dukapress
[M]  EDB-ID: 35346 "WordPress Plugin DukaPress 2.5.2 - Directory Traversal"
[I] duplicator
[M]  EDB-ID: 38676 "WordPress Plugin Duplicator - Cross-Site Scripting"
[M]  EDB-ID: 44288 "WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting"
[I] dzs-videogallery
[M]  EDB-ID: 29834 "WordPress Plugin dzs-videogallery - Arbitrary File Upload"
[M]  EDB-ID: 30063 "WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure"
[M]  EDB-ID: 39250 "WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection"
[M]  EDB-ID: 39553 "WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities"
[I] dzs-zoomsounds
[M]  EDB-ID: 37166 "WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload"
[I] easy-contact-form-lite
[M]  EDB-ID: 17680 "WordPress Plugin Easy Contact Form Lite 1.0.7 - SQL Injection"
[I] easy-contact-forms-exporter
[M]  EDB-ID: 19013 "WordPress Plugin Easy Contact Forms Export 1.1.0 - Information Disclosure"
[I] ebook-download
[M]  EDB-ID: 39575 "WordPress Plugin eBook Download 1.1 - Directory Traversal"
[I] eco-annu
[M]  EDB-ID: 38019 "WordPress Plugin Eco-annu - 'eid' SQL Injection"
[I] editormonkey
[M]  EDB-ID: 17284 "WordPress Plugin EditorMonkey 2.5 - 'FCKeditor' Arbitrary File Upload"
[I] email-newsletter
[M]  EDB-ID: 37356 "WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure"
[I] evarisk
[M]  EDB-ID: 17738 "WordPress Plugin Evarisk 5.1.3.6 - SQL Injection"
[M]  EDB-ID: 37399 "WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload"
[I] event-registration
[M]  EDB-ID: 17751 "WordPress Plugin Event Registration 5.4.3 - SQL Injection"
[I] eventify
[M]  EDB-ID: 17794 "WordPress Plugin Eventify - Simple Events 1.7.f SQL Injection"
[I] extend-wordpress
[I] facebook-opengraph-meta-plugin
[M]  EDB-ID: 17773 "WordPress Plugin Facebook Opengraph Meta 1.0 - SQL Injection"
[I] fbgorilla
[M]  EDB-ID: 39283 "WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection"
[I] fbpromotions
[M]  EDB-ID: 17737 "WordPress Plugin Facebook Promotions 1.3.3 - SQL Injection"
[I] fcchat
[M]  EDB-ID: 35289 "WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting"
[M]  EDB-ID: 37370 "WordPress Plugin FCChat Widget 2.2.x - 'upload.php' Arbitrary File Upload"
[I] feature-slideshow
[M]  EDB-ID: 35285 "WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting"
[I] featurific-for-wordpress
[M]  EDB-ID: 36339 "WordPress Plugin Featurific For WordPress 1.6.2 - 'snum' Cross-Site Scripting"
[I] feed
[M]  EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
[I] feedlist
[M]  EDB-ID: 34973 "WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting"
[I] feedweb
[M]  EDB-ID: 38414 "WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting"
[I] fgallery
[M]  EDB-ID: 4993 "GitList 0.6.0 - Argument Injection (Metasploit)"
[I] file-groups
[M]  EDB-ID: 17677 "WordPress Plugin File Groups 1.1.2 - SQL Injection"
[I] filedownload
[M]  EDB-ID: 17858 "WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure"
[I] finder
[M]  EDB-ID: 37677 "WordPress Plugin Finder - 'order' Cross-Site Scripting"
[I] firestats
[M]  EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
[M]  EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
[M]  EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
[I] flash-album-gallery
[M]  EDB-ID: 16947 "WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities"
[M]  EDB-ID: 36383 "WordPress Plugin flash-album-gallery - 'facebook.php' Cross-Site Scripting"
[M]  EDB-ID: 36434 "WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting"
[M]  EDB-ID: 36444 "WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting"
[I] flexible-custom-post-type
[M]  EDB-ID: 36317 "WordPress Plugin Flexible Custom Post Type - 'id' Cross-Site Scripting"
[I] flipbook
[M]  EDB-ID: 37452 "WordPress Plugin Flip Book - 'PHP.php' Arbitrary File Upload"
[I] font-uploader
[M]  EDB-ID: 18994 "WordPress Plugin Font Uploader 1.2.4 - Arbitrary File Upload"
[I] formcraft
[M]  EDB-ID: 30002 "WordPress Plugin Formcraft - SQL Injection"
[I] forum-server
[M]  EDB-ID: 16235 "WordPress Plugin Forum Server 1.6.5 - SQL Injection"
[M]  EDB-ID: 17828 "WordPress Plugin Forum Server 1.7 - SQL Injection"
[I] foxypress
[M]  EDB-ID: 18991 "WordPress Plugin Foxypress 0.4.1.1 < 0.4.2.1 - Arbitrary File Upload"
[M]  EDB-ID: 22374 "WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities"
[I] front-end-upload
[M]  EDB-ID: 19008 "WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload"
[I] front-file-manager
[M]  EDB-ID: 19012 "WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload"
[I] fs-real-estate-plugin
[M]  EDB-ID: 22071 "WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection"
[I] gallery-images
[M]  EDB-ID: 34524 "WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection"
[M]  EDB-ID: 39807 "WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities"
[I] gallery-plugin
[M]  EDB-ID: 18998 "WordPress Plugin Gallery 3.06 - Arbitrary File Upload"
[M]  EDB-ID: 38209 "WordPress Plugin Gallery - 'filename_1' Arbitrary File Access"
[I] gd-star-rating
[M]  EDB-ID: 17973 "WordPress Plugin GD Star Rating 1.9.10 - SQL Injection"
[M]  EDB-ID: 35373 "WordPress Plugin GD Star Rating 1.9.7 - 'wpfn' Cross-Site Scripting"
[M]  EDB-ID: 35835 "WordPress Plugin GD Star Rating - 'votes' SQL Injection"
[I] gift-voucher
[M]  EDB-ID: 45255 "WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection"
[I] global-content-blocks
[M]  EDB-ID: 17687 "WordPress Plugin Global Content Blocks 1.2 - SQL Injection"
[I] global-flash-galleries
[M]  EDB-ID: 39059 "WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload"
[I] google-document-embedder
[M]  EDB-ID: 35371 "WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection"
[M]  EDB-ID: 35447 "WordPress Plugin Google Document Embedder 2.5.16 - 'mysql_real_escpae_string' Bypass SQL Injection"
[I] google-mp3-audio-player
[M]  EDB-ID: 35460 "WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download"
[I] gracemedia-media-player
[M]  EDB-ID: 46537 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion"
[I] grapefile
[M]  EDB-ID: 17760 "WordPress Plugin grapefile 1.1 - Arbitrary File Upload"
[I] gwolle-gb
[M]  EDB-ID: 38861 "WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion"
[I] hb-audio-gallery-lite
[M]  EDB-ID: 39589 "WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download"
[I] hd-webplayer
[M]  EDB-ID: 20918 "WordPress Plugin HD Webplayer 1.1 - SQL Injection"
[I] history-collection
[M]  EDB-ID: 37254 "WordPress Plugin History Collection 1.1.1 - Arbitrary File Download"
[I] hitasoft_player
[M]  EDB-ID: 38012 "WordPress Plugin FLV Player - 'id' SQL Injection"
[I] html5avmanager
[M]  EDB-ID: 18990 "WordPress Plugin HTML5 AV Manager 0.2.7 - Arbitrary File Upload"
[I] i-dump-iphone-to-wordpress-photo-uploader
[M]  EDB-ID: 36691 "WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload"
[I] iframe-admin-pages
[M]  EDB-ID: 37179 "WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting"
[I] igit-posts-slider-widget
[M]  EDB-ID: 35392 "WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Cross-Site Scripting"
[I] image-export
[M]  EDB-ID: 39584 "WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure"
[I] image-gallery-with-slideshow
[M]  EDB-ID: 17761 "WordPress Plugin image Gallery with Slideshow 1.5 - Multiple Vulnerabilities"
[I] imdb-widget
[M]  EDB-ID: 39621 "WordPress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion"
[I] inboundio-marketing
[M]  EDB-ID: 36478 "WordPress Plugin InBoundio Marketing 1.0 - Arbitrary File Upload"
[I] indeed-membership-pro
[I] inline-gallery
[M]  EDB-ID: 35418 "WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting"
[I] insert-php
[M]  EDB-ID: 41308 "WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection"
[I] invit0r
[M]  EDB-ID: 37403 "WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload"
[I] ip-logger
[M]  EDB-ID: 17673 "WordPress Plugin IP-Logger 3.0 - SQL Injection"
[I] is-human
[M]  EDB-ID: 17299 "WordPress Plugin Is-human 1.4.2 - Remote Command Execution"
[I] islidex
[I] iwant-one-ihave-one
[M]  EDB-ID: 16236 "WordPress Plugin IWantOneButton 3.0.1 - Multiple Vulnerabilities"
[I] jetpack
[M]  EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
[I] jibu-pro
[M]  EDB-ID: 45305 "WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting"
[I] joliprint
[M]  EDB-ID: 37176 "WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities"
[I] jquery-mega-menu
[M]  EDB-ID: 16250 "WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion"
[I] jrss-widget
[M]  EDB-ID: 34977 "WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure"
[I] js-appointment
[M]  EDB-ID: 17724 "WordPress Plugin Js-appointment 1.5 - SQL Injection"
[I] jtrt-responsive-tables
[M]  EDB-ID: 43110 "WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection"
[I] kino-gallery
[I] kish-guest-posting
[I] kittycatfish
[M]  EDB-ID: 41919 "WordPress Plugin KittyCatfish 2.2 - SQL Injection"
[I] knews
[M]  EDB-ID: 37484 "WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting"
[I] knr-author-list-widget
[M]  EDB-ID: 17791 "WordPress Plugin KNR Author List Widget 2.0.0 - SQL Injection"
[I] lanoba-social-plugin
[M]  EDB-ID: 36326 "WordPress Plugin Lanoba Social 1.0 - 'action' Cross-Site Scripting"
[I] lazy-content-slider
[M]  EDB-ID: 40070 "WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)"
[I] lazy-seo
[M]  EDB-ID: 28452 "WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload"
[I] lazyest-gallery
[M]  EDB-ID: 35435 "WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Cross-Site Scripting"
[I] lb-mixed-slideshow
[M]  EDB-ID: 37418 "WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload"
[I] leaguemanager
[M]  EDB-ID: 24789 "WordPress Plugin LeagueManager 3.8 - SQL Injection"
[I] leenkme
[I] levelfourstorefront
[M]  EDB-ID: 38158 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection"
[M]  EDB-ID: 38159 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php?reqID' SQL Injection"
[M]  EDB-ID: 38160 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php?reqID' SQL Injection"
[I] like-dislike-counter-for-posts-pages-and-comments
[M]  EDB-ID: 34553 "WordPress Plugin Like Dislike Counter 1.2.3 - SQL Injection"
[I] link-library
[M]  EDB-ID: 17887 "WordPress Plugin Link Library 5.2.1 - SQL Injection"
[I] lisl-last-image-slider
[I] livesig
[M]  EDB-ID: 17864 "WordPress Plugin Livesig 0.4 - Remote File Inclusion"
[I] localize-my-post
[M]  EDB-ID: 45439 "WordPress Plugin Localize My Post 1.0 - Local File Inclusion"
[I] madebymilk
[M]  EDB-ID: 38041 "WordPress Theme Madebymilk - 'id' SQL Injection"
[I] mail-masta
[M]  EDB-ID: 40290 "WordPress Plugin Mail Masta 1.0 - Local File Inclusion"
[M]  EDB-ID: 41438 "WordPress Plugin Mail Masta 1.0 - SQL Injection"
[I] mailz
[M]  EDB-ID: 17866 "WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion"
[M]  EDB-ID: 18276 "WordPress Plugin Mailing List - Arbitrary File Download"
[I] media-library-categories
[M]  EDB-ID: 17628 "WordPress Plugin Media Library Categories 1.0.6 - SQL Injection"
[I] meenews
[M]  EDB-ID: 36340 "WordPress Plugin NewsLetter Meenews 5.1 - 'idnews' Cross-Site Scripting"
[I] membership-simplified-for-oap-members-only
[M]  EDB-ID: 41622 "Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download"
[I] mingle-forum
[M]  EDB-ID: 15943 "WordPress Plugin mingle forum 1.0.26 - Multiple Vulnerabilities"
[M]  EDB-ID: 17894 "WordPress Plugin Mingle Forum 1.0.31 - SQL Injection"
[I] mm-forms-community
[M]  EDB-ID: 17725 "WordPress Plugin MM Forms Community 1.2.3 - SQL Injection"
[M]  EDB-ID: 18997 "WordPress Plugin MM Forms Community 2.2.6 - Arbitrary File Upload"
[I] monsters-editor-10-for-wp-super-edit
[M]  EDB-ID: 37654 "WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload"
[I] mukioplayer-for-wordpress
[M]  EDB-ID: 38755 "WordPress Plugin mukioplayer4wp - 'cid' SQL Injection"
[I] myflash
[M]  EDB-ID: 3828 "Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)"
[I] mystat
[M]  EDB-ID: 17740 "WordPress Plugin mySTAT 2.6 - SQL Injection"
[I] nextgen-gallery
[M]  EDB-ID: 12098 "WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting"
[M]  EDB-ID: 38178 "WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting"
[M]  EDB-ID: 39100 "WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal"
[I] nextgen-smooth-gallery
[M]  EDB-ID: 14541 "WordPress Plugin NextGEN Smooth Gallery 0.12 - Blind SQL Injection"
[I] ocim-mp3
[M]  EDB-ID: 39498 "WordPress Plugin Ocim MP3 - SQL Injection"
[I] odihost-newsletter-plugin
[M]  EDB-ID: 17681 "WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection"
[I] old-post-spinner
[M]  EDB-ID: 16251 "WordPress Plugin OPS Old Post Spinner 2.2.1 - Local File Inclusion"
[I] olimometer
[M]  EDB-ID: 40804 "WordPress Plugin Olimometer 2.56 - SQL Injection"
[I] omni-secure-files
[M]  EDB-ID: 19009 "WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload"
[I] oqey-gallery
[M]  EDB-ID: 17779 "WordPress Plugin oQey Gallery 0.4.8 - SQL Injection"
[M]  EDB-ID: 35288 "WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Cross-Site Scripting"
[I] oqey-headers
[M]  EDB-ID: 17730 "WordPress Plugin oQey Headers 0.3 - SQL Injection"
[I] page-flip-image-gallery
[M]  EDB-ID: 30084 "WordPress Plugin page-flip-image-gallery - Arbitrary File Upload"
[M]  EDB-ID: 7543 "Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure"
[I] paid-downloads
[M]  EDB-ID: 17797 "WordPress Plugin Paid Downloads 2.01 - SQL Injection"
[M]  EDB-ID: 36135 "WordPress Plugin Auctions 1.8.8 - 'wpa_id' SQL Injection"
[I] participants-database
[I] pay-with-tweet.php
[M]  EDB-ID: 18330 "WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities"
[I] paypal-currency-converter-basic-for-woocommerce
[M]  EDB-ID: 37253 "WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read"
[I] peugeot-music-plugin
[M]  EDB-ID: 44737 "WordPress Plugin Peugeot Music - Arbitrary File Upload"
[I] photocart-link
[M]  EDB-ID: 39623 "WordPress Plugin Photocart Link 1.6 - Local File Inclusion"
[I] photoracer
[M]  EDB-ID: 17720 "WordPress Plugin Photoracer 1.0 - SQL Injection"
[M]  EDB-ID: 17731 "WordPress Plugin Photoracer 1.0 - Multiple Vulnerabilities"
[M]  EDB-ID: 8961 "WordPress Plugin Photoracer 1.0 - 'id' SQL Injection"
[I] photosmash-galleries
[M]  EDB-ID: 35429 "WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting"
[M]  EDB-ID: 38872 "WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload"
[I] php_speedy_wp
[I] phpfreechat
[M]  EDB-ID: 37485 "WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting"
[I] pica-photo-gallery
[M]  EDB-ID: 19016 "WordPress Plugin PICA Photo Gallery 1.0 - Remote File Disclosure"
[M]  EDB-ID: 19055 "WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload"
[I] pictpress
[M]  EDB-ID: 4695 "Karaoke Video Creator 2.2.8 - Denial of Service"
[I] picturesurf-gallery
[M]  EDB-ID: 37371 "WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload"
[I] placester
[M]  EDB-ID: 35562 "WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting"
[I] player
[M]  EDB-ID: 38458 "WordPress Plugin Spider Video Player - 'theme' SQL Injection"
[I] plg_novana
[I] plugin-dir
[M]  EDB-ID: 22853 "WordPress Plugin Facebook Survey 1.0 - SQL Injection"
[I] plugin-newsletter
[M]  EDB-ID: 19018 "WordPress Plugin NewsLetter 1.5 - Remote File Disclosure"
[I] podpress
[M]  EDB-ID: 38376 "WordPress Plugin podPress - 'playerID' Cross-Site Scripting"
[I] portable-phpmyadmin
[M]  EDB-ID: 23356 "WordPress Plugin Portable phpMyAdmin - Authentication Bypass"
[I] post-highlights
[M]  EDB-ID: 17790 "WordPress Plugin post highlights 2.2 - SQL Injection"
[I] post-recommendations-for-wordpress
[M]  EDB-ID: 37506 "WordPress Plugin Post Recommendations - 'abspath' Remote File Inclusion"
[I] powerhouse-museum-collection-image-grid
[M]  EDB-ID: 35287 "WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Cross-Site Scripting"
[I] premium_gallery_manager
[I] pretty-link
[M]  EDB-ID: 36233 "WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities"
[M]  EDB-ID: 36408 "WordPress Plugin Pretty Link 1.5.2 - 'pretty-bar.php' Cross-Site Scripting"
[M]  EDB-ID: 37196 "WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting"
[M]  EDB-ID: 38324 "WordPress Plugin Pretty Link - Cross-Site Scripting"
[I] profiles
[M]  EDB-ID: 17739 "WordPress Plugin Profiles 2.0 RC1 - SQL Injection"
[I] proplayer
[M]  EDB-ID: 17616 "WordPress Plugin ProPlayer 4.7.7 - SQL Injection"
[M]  EDB-ID: 25605 "WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection"
[I] pure-html
[M]  EDB-ID: 17758 "WordPress Plugin PureHTML 1.0.0 - SQL Injection"
[I] q-and-a-focus-plus-faq
[M]  EDB-ID: 39806 "WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities"
[I] radykal-fancy-gallery
[M]  EDB-ID: 19398 "WordPress Plugin Fancy Gallery 1.2.4 - Arbitrary File Upload"
[I] rating-widget
[I] rb-agency
[M]  EDB-ID: 40333 "WordPress Plugin RB Agency 2.4.7 - Local File Disclosure"
[I] rbxgallery
[M]  EDB-ID: 19019 "WordPress Plugin RBX Gallery 2.1 - Arbitrary File Upload"
[I] real3d-flipbook
[M]  EDB-ID: 40055 "WordPress Plugin Real3D FlipBook - Multiple Vulnerabilities"
[I] really-easy-slider
[I] really-simple-guest-post
[M]  EDB-ID: 37209 "WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion"
[I] recent-backups
[M]  EDB-ID: 37752 "WordPress Plugin Recent Backups 0.7 - Arbitrary File Download"
[I] recipe
[M]  EDB-ID: 31228 "WordPress Plugin Recipes Blog - 'id' SQL Injection"
[I] reciply
[M]  EDB-ID: 35265 "WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload"
[I] reflex-gallery
[M]  EDB-ID: 36374 "WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload"
[I] rekt-slideshow
[I] related-sites
[M]  EDB-ID: 9054 "Adobe Flash TextField.tabIndex Setter - Use-After-Free"
[I] relocate-upload
[M]  EDB-ID: 17869 "WordPress Plugin Relocate Upload 0.14 - Remote File Inclusion"
[I] rent-a-car
[I] resume-submissions-job-postings
[M]  EDB-ID: 19791 "WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload"
[I] rich-widget
[M]  EDB-ID: 37653 "WordPress Plugin Rich Widget - Arbitrary File Upload"
[I] ripe-hd-player
[M]  EDB-ID: 24229 "WordPress Plugin Ripe HD FLV Player - SQL Injection"
[I] robotcpa
[M]  EDB-ID: 37252 "WordPress Plugin RobotCPA V5 - Local File Inclusion"
[I] rss-feed-reader
[M]  EDB-ID: 35261 "WordPress Plugin RSS Feed Reader 0.1 - 'rss_url' Cross-Site Scripting"
[I] s3bubble-amazon-s3-html-5-video-with-adverts
[M]  EDB-ID: 37494 "WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download"
[I] scormcloud
[M]  EDB-ID: 17793 "WordPress Plugin SCORM Cloud 1.0.6.6 - SQL Injection"
[I] se-html5-album-audio-player
[M]  EDB-ID: 37274 "WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal"
[I] search-autocomplete
[M]  EDB-ID: 17767 "WordPress Plugin SearchAutocomplete 1.0.8 - SQL Injection"
[I] securimage-wp
[M]  EDB-ID: 38510 "WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting"
[I] sell-downloads
[M]  EDB-ID: 38868 "WordPress Plugin Sell Download 1.0.16 - Local File Disclosure"
[I] sendit
[M]  EDB-ID: 17716 "WordPress Plugin SendIt 1.5.9 - Blind SQL Injection"
[I] seo-automatic-seo-tools
[M]  EDB-ID: 34975 "WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal"
[I] seo-watcher
[M]  EDB-ID: 38782 "WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution"
[I] sermon-browser
[M]  EDB-ID: 17214 "WordPress Plugin SermonBrowser 0.43 - SQL Injection"
[M]  EDB-ID: 35657 "WordPress Plugin Sermon Browser 0.43 - Cross-Site Scripting / SQL Injection"
[I] sexy-contact-form
[M]  EDB-ID: 34922 "WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload"
[M]  EDB-ID: 35057 "WordPress Plugin 0.9.7 / Joomla! Component 2.0.0 Creative Contact Form - Arbitrary File Upload"
[I] sf-booking
[M]  EDB-ID: 43475 "WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure"
[I] sfbrowser
[M]  EDB-ID: 19054 "WordPress Plugin SfBrowser 1.4.5 - Arbitrary File Upload"
[I] sfwd-lms
[I] sh-slideshow
[M]  EDB-ID: 17748 "WordPress Plugin SH Slideshow 3.1.4 - SQL Injection"
[I] sharebar
[M]  EDB-ID: 37201 "WordPress Plugin Sharebar 1.2.1 - SQL Injection / Cross-Site Scripting"
[I] si-contact-form
[M]  EDB-ID: 36050 "WordPress Plugin Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting"
[I] simple-ads-manager
[M]  EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
[M]  EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
[M]  EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
[M]  EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
[I] simple-download-button-shortcode
[M]  EDB-ID: 19020 "WordPress Plugin Simple Download Button ShortCode 1.0 - Remote File Disclosure"
[I] simple-fields
[M]  EDB-ID: 44425 "WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution"
[I] simple-forum
[I] site-editor
[M]  EDB-ID: 44340 "Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion"
[I] site-import
[M]  EDB-ID: 39558 "WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion"
[I] skysa-official
[M]  EDB-ID: 36363 "WordPress Plugin Skysa App Bar - 'idnews' Cross-Site Scripting"
[I] slider-image
[M]  EDB-ID: 37361 "WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities"
[I] slideshow-gallery-2
[M]  EDB-ID: 36631 "WordPress Plugin Slideshow Gallery 1.1.x - 'border' Cross-Site Scripting"
[I] slideshow-jquery-image-gallery
[M]  EDB-ID: 37948 "WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities"
[I] smart-flv
[M]  EDB-ID: 38331 "WordPress Plugin Smart Flv - 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities"
[I] smart-google-code-inserter
[I] sniplets
[M]  EDB-ID: 5194 "Wansview 1.0.2 - Denial of Service (PoC)"
[I] social-discussions
[M]  EDB-ID: 22158 "WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities"
[I] social-slider-2
[M]  EDB-ID: 17617 "WordPress Plugin Social Slider 5.6.5 - SQL Injection"
[I] socialfit
[M]  EDB-ID: 37481 "WordPress Plugin SocialFit - 'msg' Cross-Site Scripting"
[I] sodahead-polls
[I] sp-client-document-manager
[M]  EDB-ID: 35313 "WordPress Plugin SP Client Document Manager 2.4.1 - SQL Injection"
[M]  EDB-ID: 36576 "WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection"
[I] spicy-blogroll
[M]  EDB-ID: 26804 "WordPress Plugin Spicy Blogroll - Local File Inclusion"
[I] spider-event-calendar
[M]  EDB-ID: 25723 "WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities"
[I] spiffy
[M]  EDB-ID: 38441 "WordPress Plugin Spiffy XSPF Player - 'playlist_id' SQL Injection"
[I] st_newsletter
[M]  EDB-ID: 31096 "WordPress Plugin ShiftThis NewsLetter - SQL Injection"
[M]  EDB-ID: 6777 "Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)"
[I] store-locator-le
[M]  EDB-ID: 18989 "WordPress Plugin Google Maps via Store Locator 2.7.1 < 3.0.1 - Multiple Vulnerabilities"
[I] taggator
[I] taggedalbums
[M]  EDB-ID: 38023 "WordPress Plugin Tagged Albums - 'id' SQL Injection"
[I] tagninja
[M]  EDB-ID: 35300 "WordPress Plugin TagNinja 1.0 - 'id' Cross-Site Scripting"
[I] tera-charts
[M]  EDB-ID: 39256 "WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal"
[M]  EDB-ID: 39257 "WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal"
[I] the-welcomizer
[M]  EDB-ID: 36445 "WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting"
[I] thecartpress
[M]  EDB-ID: 17860 "WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion"
[M]  EDB-ID: 36481 "WordPress Plugin TheCartPress 1.6 - 'OptionsPostsList.php' Cross-Site Scripting"
[M]  EDB-ID: 38869 "WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities"
[I] thinkun-remind
[M]  EDB-ID: 19021 "WordPress Plugin Thinkun Remind 1.1.3 - Remote File Disclosure"
[I] tinymce-thumbnail-gallery
[M]  EDB-ID: 19022 "WordPress Plugin TinyMCE Thumbnail Gallery 1.0.7 - Remote File Disclosure"
[I] topquark
[M]  EDB-ID: 19053 "WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload"
[I] track-that-stat
[M]  EDB-ID: 37204 "WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting"
[I] trafficanalyzer
[M]  EDB-ID: 38439 "WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting"
[I] tune-library
[M]  EDB-ID: 17816 "WordPress Plugin Tune Library 2.17 - SQL Injection"
[I] ucan-post
[M]  EDB-ID: 18390 "WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting"
[I] ultimate-product-catalogue
[M]  EDB-ID: 36823 "WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)"
[M]  EDB-ID: 36824 "WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)"
[M]  EDB-ID: 36907 "WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities"
[M]  EDB-ID: 39974 "WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation"
[M]  EDB-ID: 40012 "WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload"
[M]  EDB-ID: 40174 "WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection"
[I] ungallery
[M]  EDB-ID: 17704 "WordPress Plugin UnGallery 1.5.8 - Local File Disclosure"
[I] uploader
[M]  EDB-ID: 35255 "WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting"
[M]  EDB-ID: 38163 "WordPress Plugin Uploader - Arbitrary File Upload"
[M]  EDB-ID: 38355 "WordPress Plugin Uploader - 'blog' Cross-Site Scripting"
[I] uploadify-integration
[M]  EDB-ID: 37070 "WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities"
[I] uploads
[I] upm-polls
[M]  EDB-ID: 17627 "WordPress Plugin UPM Polls 1.0.3 - SQL Injection"
[I] user-avatar
[I] user-meta
[M]  EDB-ID: 19052 "WordPress Plugin User Meta 1.1.1 - Arbitrary File Upload"
[I] userpro
[M]  EDB-ID: 46083 "Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation"
[I] users-ultra
[I] verve-meta-boxes
[I] videowhisper-live-streaming-integration
[M]  EDB-ID: 31986 "WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities"
[I] videowhisper-video-conference-integration
[M]  EDB-ID: 36617 "WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload"
[M]  EDB-ID: 36618 "WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload"
[I] videowhisper-video-presentation
[M]  EDB-ID: 17771 "WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection"
[M]  EDB-ID: 37357 "WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload"
[I] vk-gallery
[I] vodpod-video-gallery
[M]  EDB-ID: 34976 "WordPress Plugin Vodpod Video Gallery 3.1.5 - 'vodpod_gallery_thumbs.php' Cross-Site Scripting"
[I] wassup
[I] webinar_plugin
[M]  EDB-ID: 22300 "WordPress Plugin Easy Webinar - Blind SQL Injection"
[I] webplayer
[I] website-contact-form-with-file-upload
[M]  EDB-ID: 36952 "WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion"
[I] website-faq
[M]  EDB-ID: 19400 "WordPress Plugin Website FAQ 1.0 - SQL Injection"
[I] wechat-broadcast
[M]  EDB-ID: 45438 "WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion"
[I] woocommerce
[M]  EDB-ID: 43196 "WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal"
[I] woopra
[M]  EDB-ID: 38783 "WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution"
[I] wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg
[M]  EDB-ID: 17763 "Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference"
[I] wordpress-member-private-conversation
[M]  EDB-ID: 37353 "WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload"
[I] wordpress-processing-embed
[M]  EDB-ID: 35066 "WordPress Plugin Processing Embed 0.5 - 'pluginurl' Cross-Site Scripting"
[I] wordtube
[M]  EDB-ID: 3825 "GoodiWare GoodReader iPhone - '.XLS' Denial of Service"
[I] work-the-flow-file-upload
[M]  EDB-ID: 36640 "WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload"
[I] wp-adserve
[I] wp-audio-gallery-playlist
[M]  EDB-ID: 17756 "WordPress Plugin Audio Gallery Playlist 0.12 - SQL Injection"
[I] wp-automatic
[M]  EDB-ID: 19187 "WordPress Plugin Automatic 2.0.3 - SQL Injection"
[I] wp-autosuggest
[M]  EDB-ID: 45977 "WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection"
[I] wp-autoyoutube
[M]  EDB-ID: 18353 "WordPress Plugin wp-autoyoutube - Blind SQL Injection"
[I] wp-bannerize
[M]  EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
[M]  EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
[M]  EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
[I] wp-banners-lite
[M]  EDB-ID: 38410 "WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection"
[I] wp-booking-calendar
[M]  EDB-ID: 44769 "Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting"
[I] wp-business-intelligence
[M]  EDB-ID: 36600 "WordPress Plugin Business Intelligence - SQL Injection (Metasploit)"
[I] wp-business-intelligence-lite
[I] wp-cal
[M]  EDB-ID: 4992 "Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC)"
[I] wp-comment-remix
[I] wp-content
[M]  EDB-ID: 37123 "WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting"
[I] wp-copysafe-pdf
[M]  EDB-ID: 39254 "WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload"
[I] wp-cumulus
[M]  EDB-ID: 10228 "WordPress Plugin WP-Cumulus 1.20 - Full Path Disclosure / Cross-Site Scripting"
[M]  EDB-ID: 33371 "WordPress Plugin WP-Cumulus 1.x - 'tagcloud.swf' Cross-Site Scripting"
[I] wp-custom-pages
[M]  EDB-ID: 17119 "WordPress Plugin Custom Pages 0.5.0.1 - Local File Inclusion"
[I] wp-ds-faq
[M]  EDB-ID: 17683 "WordPress Plugin DS FAQ 1.3.2 - SQL Injection"
[I] wp-e-commerce
[M]  EDB-ID: 36018 "WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting"
[I] wp-easycart
[M]  EDB-ID: 35730 "WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload"
[I] wp-ecommerce-shop-styling
[M]  EDB-ID: 37530 "WordPress Plugin WP E-Commerce Shop Styling 2.5 - Arbitrary File Download"
[I] wp-events-calendar
[M]  EDB-ID: 44785 "WordPress Plugin Events Calendar - SQL Injection"
[I] wp-featured-post-with-thumbnail
[M]  EDB-ID: 35262 "WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting"
[I] wp-filebase
[M]  EDB-ID: 17808 "WordPress Plugin WP-Filebase Download Manager 0.2.9 - SQL Injection"
[I] wp-filemanager
[M]  EDB-ID: 25440 "WordPress Plugin wp-FileManager - Arbitrary File Download"
[M]  EDB-ID: 38515 "WordPress Plugin wp-FileManager - 'path' Arbitrary File Download"
[M]  EDB-ID: 4844 "STDU Explorer 1.0.201 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution"
[I] wp-footnotes
[M]  EDB-ID: 31092 "WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities"
[I] wp-forum
[M]  EDB-ID: 7738 "WordPress Plugin WP-Forum 1.7.8 - SQL Injection"
[I] wp-glossary
[M]  EDB-ID: 18055 "WordPress Plugin Glossary - SQL Injection"
[I] wp-google-drive
[M]  EDB-ID: 44435 "WordPress Plugin Google Drive 2.2 - Remote Code Execution"
[I] wp-gpx-maps
[M]  EDB-ID: 19050 "WordPress Plugin wp-gpx-map 1.1.21 - Arbitrary File Upload"
[I] wp-imagezoom
[M]  EDB-ID: 37243 "WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities"
[M]  EDB-ID: 37419 "WordPress Plugin Wp-ImageZoom - 'file' Remote File Disclosure"
[M]  EDB-ID: 38063 "WordPress Theme Wp-ImageZoom - 'id' SQL Injection"
[I] wp-livephp
[M]  EDB-ID: 36483 "WordPress Plugin WP Live.php 1.2.1 - 's' Cross-Site Scripting"
[I] wp-lytebox
[I] wp-marketplace
[I] wp-menu-creator
[M]  EDB-ID: 17689 "WordPress Plugin Menu Creator 1.1.7 - SQL Injection"
[I] wp-mobile-detector
[M]  EDB-ID: 39891 "WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload"
[I] wp-people
[M]  EDB-ID: 31230 "WordPress Plugin wp-people 2.0 - 'wp-people-popup.php' SQL Injection"
[I] wp-polls
[M]  EDB-ID: 10256 "WordPress Plugin WP-Polls 2.x - Incorrect Flood Filter"
[I] wp-property
[M]  EDB-ID: 18987 "WordPress Plugin WP-Property 1.35.0 - Arbitrary File Upload"
[I] wp-publication-archive
[M]  EDB-ID: 35263 "WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure"
[I] wp-realty
[M]  EDB-ID: 29021 "WordPress Plugin Realty - Blind SQL Injection"
[M]  EDB-ID: 38808 "WordPress Plugin WP-Realty - 'listing_id' SQL Injection"
[M]  EDB-ID: 39109 "WordPress Plugin Relevanssi - 'category_name' SQL Injection"
[I] wp-responsive-thumbnail-slider
[M]  EDB-ID: 45099 "WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)"
[I] wp-safe-search
[M]  EDB-ID: 35067 "WordPress Plugin Safe Search - 'v1' Cross-Site Scripting"
[I] wp-shopping-cart
[M]  EDB-ID: 6867 "Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow"
[I] wp-source-control
[M]  EDB-ID: 39287 "WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal"
[I] wp-spamfree
[M]  EDB-ID: 17970 "WordPress Plugin WP-SpamFree Spam Plugin - SQL Injection"
[I] wp-starsratebox
[M]  EDB-ID: 35634 "WordPress Plugin WP-StarsRateBox 1.1 - 'j' SQL Injection"
[I] wp-stats-dashboard
[I] wp-support-plus-responsive-ticket-system
[M]  EDB-ID: 34589 "SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Local Privilege Escalation"
[I] wp-survey-and-quiz-tool
[M]  EDB-ID: 34974 "WordPress Plugin WP Survey And Quiz Tool 1.2.1 - Cross-Site Scripting"
[I] wp-swimteam
[M]  EDB-ID: 37601 "WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download"
[I] wp-symposium
[M]  EDB-ID: 17679 "WordPress Plugin Symposium 0.64 - SQL Injection"
[M]  EDB-ID: 35505 "WordPress Plugin Symposium 14.10 - SQL Injection"
[M]  EDB-ID: 35543 "WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload"
[M]  EDB-ID: 37822 "WordPress Plugin WP Symposium 15.1 - Blind SQL Injection"
[M]  EDB-ID: 37824 "WordPress Plugin WP Symposium 15.1 - 'get_album_item.php' SQL Injection"
[I] wp-syntax
[M]  EDB-ID: 9431 "Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption"
[I] wp-table
[M]  EDB-ID: 3824 "Office^2 iPhone - '.XLS' Denial of Service"
[I] wp-table-reloaded
[M]  EDB-ID: 38251 "WordPress Plugin WP-Table Reloaded - 'id' Cross-Site Scripting"
[I] wp-twitter-feed
[M]  EDB-ID: 35084 "WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting"
[I] wp-whois
[M]  EDB-ID: 36488 "WordPress Plugin WHOIS 1.4.2 3 - 'domain' Cross-Site Scripting"
[I] wp-with-spritz
[M]  EDB-ID: 44544 "WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion"
[I] wpSS
[M]  EDB-ID: 39279 "WordPress Plugin wpSS - 'ss_handler.php' SQL Injection"
[M]  EDB-ID: 5486 "PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service"
[I] wp_rokintroscroller
[M]  EDB-ID: 38767 "WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities"
[I] wp_rokmicronews
[M]  EDB-ID: 38768 "WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities"
[I] wp_roknewspager
[M]  EDB-ID: 38756 "WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities"
[I] wp_rokstories
[M]  EDB-ID: 38757 "WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities"
[I] wpeasystats
[M]  EDB-ID: 17862 "WordPress Plugin WPEasyStats 1.8 - Remote File Inclusion"
[I] wpforum
[M]  EDB-ID: 17684 "WordPress Plugin Forum 1.7.8 - SQL Injection"
[I] wpmarketplace
[M]  EDB-ID: 18988 "WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload"
[I] wpsite-background-takeover
[M]  EDB-ID: 44417 "WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal"
[I] wpstorecart
[M]  EDB-ID: 19023 "ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions"
[I] wptf-image-gallery
[M]  EDB-ID: 37751 "WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download"
[I] wptouch
[M]  EDB-ID: 18039 "WordPress Plugin wptouch - SQL Injection"
[I] x7host-videox7-ugc-plugin
[M]  EDB-ID: 35257 "WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting"
[M]  EDB-ID: 35264 "WordPress Plugin Featured Content 0.0.1 - 'listid' Cross-Site Scripting"
[I] xcloner-backup-and-restore
[M]  EDB-ID: 16246 "Joomla! Component com_xcloner-backupandrestore - Remote Command Execution"
[I] xerte-online
[M]  EDB-ID: 38157 "WordPress Plugin Xerte Online - 'save.php' Arbitrary File Upload"
[I] xml-and-csv-import-in-article-content
[M]  EDB-ID: 39576 "WordPress Plugin Import CSV 1.0 - Directory Traversal"
[I] xorbin-analog-flash-clock
[M]  EDB-ID: 38608 "WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Cross-Site Scripting"
[I] xorbin-digital-flash-clock
[M]  EDB-ID: 38621 "WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Cross-Site Scripting"
[I] yolink-search
[M]  EDB-ID: 17757 "WordPress Plugin yolink Search 1.1.4 - SQL Injection"
[I] yousaytoo-auto-publishing-plugin
[M]  EDB-ID: 36620 "WordPress Plugin YouSayToo auto-publishing 1.0 - 'submit' Cross-Site Scripting"
[I] yt-audio-streaming-audio-from-youtube
[M]  EDB-ID: 35394 "WordPress Plugin YT-Audio 1.7 - 'v' Cross-Site Scripting"
[I] zarzadzanie_kontem
[M]  EDB-ID: 38050 "WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload"
[I] zingiri-forum
[M]  EDB-ID: 38101 "WordPress Plugin Zingiri Forums - 'language' Local File Inclusion"
[I] zingiri-web-shop
[M]  EDB-ID: 17867 "WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion"
[M]  EDB-ID: 37406 "WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload"
[M]  EDB-ID: 38046 "WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload"
[I] zotpress
[M]  EDB-ID: 17778 "WordPress Plugin Zotpress 4.4 - SQL Injection"
[I] Checking for Directory Listing Enabled ...

[-] Date & Time: 27/06/2019 13:47:03
[-] Completed in: 1:18:12
#######################################################################################################################################
[INFO] Date: 27/06/19 | Time: 14:01:38
[INFO] ------TARGET info------
[*] TARGET: https://www.albetaqa.site/lang/arb/
[*] TARGET IP: 67.225.171.176
[INFO] NO load balancer detected for www.albetaqa.site...
[*] DNS servers: albetaqa.site.
[*] TARGET server: Apache
[*] CC: US
[*] Country: United States
[*] RegionCode: MI
[*] RegionName: Michigan
[*] City: Lansing
[*] ASN: AS32244
[*] BGP_PREFIX: 67.225.128.0/17
[*] ISP: LIQUIDWEB - Liquid Web, L.L.C, US
[INFO] SSL/HTTPS certificate detected
[*] Issuer: issuer=C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
[*] Subject: subject=CN = albetaqa.site
[INFO] DNS enumeration:
[*] ftp.albetaqa.site 	 albetaqa.site. 67.225.171.176
[*] mail.albetaqa.site 	 albetaqa.site. 67.225.171.176
[INFO] Possible abuse mails are:
[*] abuse@albetaqa.site
[*] abuse@sourcedns.com
[*] abuse@www.albetaqa.site
[*] admin@sourcedns.com
[*] ipadmin@liquidweb.com
[*] lisa@webclickhosting.com
[INFO] NO PAC (Proxy Auto Configuration) file FOUND
[INFO] Checking for HTTP status codes recursively from /lang/arb/
[INFO] Status code 	 Folders
[*] 	 200 		 http://www.albetaqa.site/lang/
[ALERT] robots.txt file FOUND in http://www.albetaqa.site/robots.txt
[INFO] Checking for HTTP status codes recursively from http://www.albetaqa.site/robots.txt
[INFO] Status code 	 Folders
[INFO] Starting FUZZing in http://www.albetaqa.site/FUzZzZzZzZz...
[INFO] Status code 	 Folders
[*] 	 200 		 http://www.albetaqa.site/index
[*] 	 200 		 http://www.albetaqa.site/images
[*] 	 200 		 http://www.albetaqa.site/download
[*] 	 200 		 http://www.albetaqa.site/2006
[*] 	 200 		 http://www.albetaqa.site/news
[*] 	 200 		 http://www.albetaqa.site/crack
[*] 	 200 		 http://www.albetaqa.site/serial
[*] 	 200 		 http://www.albetaqa.site/warez
[*] 	 200 		 http://www.albetaqa.site/full
[*] 	 200 		 http://www.albetaqa.site/12
[ALERT] Look in the source code. It may contain passwords
[INFO] Links found from https://www.albetaqa.site/lang/arb/ http://67.225.171.176/:
[*] http://67.225.171.176/cgi-sys/defaultwebpage.cgi
[*] https://albetaqa.design/main/
[*] https://instagram.com/albetaqasite
[*] https://itunes.apple.com/app/id1059217316
[*] https://play.google.com/store/apps/details?id=com.albetaqasite
[*] https://twitter.com/albetaqasite
[*] https://www.albetaqa.site/lang/arb
[*] https://www.albetaqa.site/lang/arb/
[*] https://www.albetaqa.site/lang/arb/?cat=1
[*] https://www.albetaqa.site/lang/arb/?cat=16
[*] https://www.albetaqa.site/lang/arb/?cat=269
[*] https://www.albetaqa.site/lang/arb/?cat=286
[*] https://www.albetaqa.site/lang/arb/?cat=399
[*] https://www.albetaqa.site/lang/arb/?feed=comments-rss2
[*] https://www.albetaqa.site/lang/arb/?feed=rss2
[*] https://www.albetaqa.site/lang/arb/?i=c-abasa004
[*] https://www.albetaqa.site/lang/arb/?i=c-adabwahkam080
[*] https://www.albetaqa.site/lang/arb/?i=c-adabwahkam123
[*] https://www.albetaqa.site/lang/arb/?i=c-adabwahkam207
[*] https://www.albetaqa.site/lang/arb/?i=c-al3yd041
[*] https://www.albetaqa.site/lang/arb/?i=c-alakhlaq017
[*] https://www.albetaqa.site/lang/arb/?i=c-alrhmh057
[*] https://www.albetaqa.site/lang/arb/?i=c-alsdqa033
[*] https://www.albetaqa.site/lang/arb/?i=c-asaelhnaby046
[*] https://www.albetaqa.site/lang/arb/?i=c-asmahosna054
[*] https://www.albetaqa.site/lang/arb/?i=c-azan-slah043
[*] https://www.albetaqa.site/lang/arb/?i=c-dkholjnnh015
[*] https://www.albetaqa.site/lang/arb/?i=c-fdaelshabh043
[*] https://www.albetaqa.site/lang/arb/?i=c-insan025
[*] https://www.albetaqa.site/lang/arb/?i=c-kbaer021
[*] https://www.albetaqa.site/lang/arb/?i=c-klmatquran040
[*] https://www.albetaqa.site/lang/arb/?i=c-klmatquran068
[*] https://www.albetaqa.site/lang/arb/?i=c-klmatquran088
[*] https://www.albetaqa.site/lang/arb/?i=c-mahwa2gr044
[*] https://www.albetaqa.site/lang/arb/?i=c-mar2a102
[*] https://www.albetaqa.site/lang/arb/?i=c-masjed001
[*] https://www.albetaqa.site/lang/arb/?i=c-mhbtat027
[*] https://www.albetaqa.site/lang/arb/?i=c-mnhyat012
[*] https://www.albetaqa.site/lang/arb/?i=c-mnhyat033
[*] https://www.albetaqa.site/lang/arb/?i=c-mohrrm018
[*] https://www.albetaqa.site/lang/arb/?i=c-motlqh121
[*] https://www.albetaqa.site/lang/arb/?i=c-mqyydh022
[*] https://www.albetaqa.site/lang/arb/?i=c-naby089
[*] https://www.albetaqa.site/lang/arb/?i=c-naby099
[*] https://www.albetaqa.site/lang/arb/?i=c-nwaya050
[*] https://www.albetaqa.site/lang/arb/?i=c-qlbslym009
[*] https://www.albetaqa.site/lang/arb/?i=c-qodsyya022
[*] https://www.albetaqa.site/lang/arb/?i=c-quran026
[*] https://www.albetaqa.site/lang/arb/?i=c-quran043
[*] https://www.albetaqa.site/lang/arb/?i=c-ramdan022
[*] https://www.albetaqa.site/lang/arb/?i=c-ramdan077
[*] https://www.albetaqa.site/lang/arb/?i=c-rqaeq008
[*] https://www.albetaqa.site/lang/arb/?i=c-rqaeq027
[*] https://www.albetaqa.site/lang/arb/?i=c-s4rmdan005
[*] https://www.albetaqa.site/lang/arb/?i=c-salaf004
[*] https://www.albetaqa.site/lang/arb/?i=c-salaf017
[*] https://www.albetaqa.site/lang/arb/?i=c-sfatmlaeka059
[*] https://www.albetaqa.site/lang/arb/?i=c-slatlyel019
[*] https://www.albetaqa.site/lang/arb/?i=c-twba-ebtla049
[*] https://www.albetaqa.site/lang/arb/?i=c-w3d-w3yd016
[*] https://www.albetaqa.site/lang/arb/?i=c-zkah-sdqa026
[*] https://www.albetaqa.site/lang/arb/?i=c-zkah-sdqa054
[*] https://www.albetaqa.site/lang/arb/?i=c-zwgyen029
[*] https://www.albetaqa.site/lang/arb/?i=p-002albqra111-113
[*] https://www.albetaqa.site/lang/arb/?i=p-002albqra114-115
[*] https://www.albetaqa.site/lang/arb/?i=p-002albqra116-119
[*] https://www.albetaqa.site/lang/arb/?i=p-002albqra120-121
[*] https://www.albetaqa.site/lang/arb/?i=p-002albqra122-123
[*] https://www.albetaqa.site/lang/arb/?i=p-002albqra124
[*] https://www.albetaqa.site/lang/arb/?i=p-002albqra125-126
[*] https://www.albetaqa.site/lang/arb/?i=p-ahkam074
[*] https://www.albetaqa.site/lang/arb/?i=p-ahkam127
[*] https://www.albetaqa.site/lang/arb/?i=p-ahkam128
[*] https://www.albetaqa.site/lang/arb/?i=p-akhlaq042
[*] https://www.albetaqa.site/lang/arb/?i=p-akhlaq136
[*] https://www.albetaqa.site/lang/arb/?i=p-allemtflk059
[*] https://www.albetaqa.site/lang/arb/?i=p-allemtflk096
[*] https://www.albetaqa.site/lang/arb/?i=p-almal005
[*] https://www.albetaqa.site/lang/arb/?i=p-aqareb017
[*] https://www.albetaqa.site/lang/arb/?i=p-aqedaqa023
[*] https://www.albetaqa.site/lang/arb/?i=p-aqwalwaf3al104
[*] https://www.albetaqa.site/lang/arb/?i=p-aqwalwaf3al155
[*] https://www.albetaqa.site/lang/arb/?i=p-aqwalwaf3al206
[*] https://www.albetaqa.site/lang/arb/?i=p-asma-sfat046
[*] https://www.albetaqa.site/lang/arb/?i=p-asma-sfat087
[*] https://www.albetaqa.site/lang/arb/?i=p-asma-sfat088
[*] https://www.albetaqa.site/lang/arb/?i=p-asma-sfat089
[*] https://www.albetaqa.site/lang/arb/?i=p-asma-sfat090
[*] https://www.albetaqa.site/lang/arb/?i=p-asma-sfat091
[*] https://www.albetaqa.site/lang/arb/?i=p-asma-sfat092
[*] https://www.albetaqa.site/lang/arb/?i=p-azan-slah016
[*] https://www.albetaqa.site/lang/arb/?i=p-azan-slah036
[*] https://www.albetaqa.site/lang/arb/?i=p-azan-slah112
[*] https://www.albetaqa.site/lang/arb/?i=p-azan-slah194
[*] https://www.albetaqa.site/lang/arb/?i=p-azan-slah195
[*] https://www.albetaqa.site/lang/arb/?i=p-azan-slah196
[*] https://www.albetaqa.site/lang/arb/?i=p-azan-slah197
[*] https://www.albetaqa.site/lang/arb/?i=p-ebadat057
[*] https://www.albetaqa.site/lang/arb/?i=p-ebadat058
[*] https://www.albetaqa.site/lang/arb/?i=p-fdaelshabh009
[*] https://www.albetaqa.site/lang/arb/?i=p-hajj-omra009
[*] https://www.albetaqa.site/lang/arb/?i=p-hdod-kfarat004
[*] https://www.albetaqa.site/lang/arb/?i=p-hdod-kfarat015
[*] https://www.albetaqa.site/lang/arb/?i=p-jnna-nar062
[*] https://www.albetaqa.site/lang/arb/?i=p-masjed085
[*] https://www.albetaqa.site/lang/arb/?i=p-mqyydh001
[*] https://www.albetaqa.site/lang/arb/?i=p-mtnw3h063
[*] https://www.albetaqa.site/lang/arb/?i=p-naby084
[*] https://www.albetaqa.site/lang/arb/?i=p-quran070
[*] https://www.albetaqa.site/lang/arb/?i=p-rmdan014
[*] https://www.albetaqa.site/lang/arb/?i=p-rqaeq324
[*] https://www.albetaqa.site/lang/arb/?i=p-rqaeq325
[*] https://www.albetaqa.site/lang/arb/?i=p-sawm001
[*] https://www.albetaqa.site/lang/arb/?i=p-shbabyat070
[*] https://www.albetaqa.site/lang/arb/?i=p-swar-ayat017
[*] https://www.albetaqa.site/lang/arb/?i=p-tfakkor066
[*] https://www.albetaqa.site/lang/arb/?i=p-tfakkor067
[*] https://www.albetaqa.site/lang/arb/?i=p-tfakkor068
[*] https://www.albetaqa.site/lang/arb/?i=p-tfakkor069
[*] https://www.albetaqa.site/lang/arb/?i=p-tfakkor070
[*] https://www.albetaqa.site/lang/arb/?i=p-tfseer046
[*] https://www.albetaqa.site/lang/arb/?i=p-tfseer063
[*] https://www.albetaqa.site/lang/arb/?i=p-tharh034
[*] https://www.albetaqa.site/lang/arb/?i=p-tshbyh092
[*] https://www.albetaqa.site/lang/arb/?i=p-twba-ebtla038
[*] https://www.albetaqa.site/lang/arb/?i=p-waled-ebn001-2
[*] https://www.albetaqa.site/lang/arb/?i=p-zkah-sdqa051
[*] https://www.albetaqa.site/lang/arb/?p=123687
[*] https://www.albetaqa.site/lang/arb/?p=1868
[*] https://www.albetaqa.site/lang/arb/?p=1894
[*] https://www.albetaqa.site/lang/arb/?p=2191
[*] https://www.albetaqa.site/lang/arb/?p=2478
[*] https://www.albetaqa.site/lang/arb/?p=2571
[*] https://www.albetaqa.site/lang/arb/?p=3210
[*] https://www.albetaqa.site/lang/arb/?p=3344
[*] https://www.albetaqa.site/lang/arb/?p=3662
[*] https://www.albetaqa.site/lang/arb/?p=3707
[*] https://www.albetaqa.site/lang/arb/?p=37463
[*] https://www.albetaqa.site/lang/arb/?p=69075
[*] https://www.albetaqa.site/lang/arb/?p=70415
[*] https://www.albetaqa.site/lang/arb/?p=76340
[*] https://www.albetaqa.site/lang/arb/?p=79
[*] https://www.albetaqa.site/lang/arb/?p=80
[*] https://www.albetaqa.site/lang/arb/?p=81
[*] https://www.albetaqa.site/lang/arb/?p=82
[*] https://www.albetaqa.site/lang/arb/?p=83323
[*] https://www.albetaqa.site/lang/arb/?p=87221
[*] https://www.albetaqa.site/lang/arb/?p=87235
[*] https://www.albetaqa.site/lang/arb/?p=87264
[*] https://www.albetaqa.site/lang/arb/?p=87543
[*] https://www.albetaqa.site/lang/arb/?p=898
[*] https://www.albetaqa.site/lang/arb/?paged=2
[*] https://www.albetaqa.site/lang/arb/?paged=3
[*] https://www.albetaqa.site/lang/arb/?paged=354
[*] https://www.albetaqa.site/lang/arb/?paged=4
[*] https://www.albetaqa.site/lang/arb/?paged=5
[*] https://www.albetaqa.site/lang/arb/?paged=6
[*] https://www.albetaqa.site/lang/arb/?paged=7
[*] https://www.albetaqa.site/lang/arb/?page_id=11569
[*] https://www.albetaqa.site/lang/arb/?page_id=13
[*] https://www.albetaqa.site/lang/arb/?page_id=17
[*] https://www.albetaqa.site/lang/arb/?page_id=20080
[*] https://www.albetaqa.site/lang/arb/?page_id=36741
[*] https://www.albetaqa.site/lang/arb/?page_id=40588
[*] https://www.albetaqa.site/lang/arb/?page_id=40589
[*] https://www.albetaqa.site/lang/arb/?page_id=40590
[*] https://www.albetaqa.site/lang/arb/?page_id=40591
[*] https://www.albetaqa.site/lang/arb/?page_id=4602
[*] https://www.albetaqa.site/lang/arb/?page_id=46580
[*] https://www.albetaqa.site/lang/arb/?page_id=69017
[*] https://www.albetaqa.site/lang/arb/?page_id=87241
[*] https://www.facebook.com/albetaqasite
[*] https://www.pinterest.com/albetaqasite/
[*] https://www.telegram.me/albetaqasite
[*] https://www.youtube.com/albetaqasite
[INFO] BING shows 67.225.171.176 is shared with 20 hosts/vhosts
[INFO] Shodan detected the following opened ports on 67.225.171.176:
[*] 0
[*] 1
[*] 110
[*] 143
[*] 2082
[*] 2083
[*] 2086
[*] 2087
[*] 21
[*] 22
[*] 3
[*] 4
[*] 443
[*] 465
[*] 53
[*] 587
[*] 6
[*] 75
[*] 80
[*] 993
[*] 995
[INFO] ------VirusTotal SECTION------
[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
[INFO] ------Alexa Rank SECTION------
[INFO] Percent of Visitors Rank in Country:
[INFO] Percent of Search Traffic:
[INFO] Percent of Unique Visits:
[INFO] Total Sites Linking In:
[*] Total  Sites
[INFO] Useful links related to www.albetaqa.site - 67.225.171.176:
[*] https://www.virustotal.com/pt/ip-address/67.225.171.176/information/
[*] https://www.hybrid-analysis.com/search?host=67.225.171.176
[*] https://www.shodan.io/host/67.225.171.176
[*] https://www.senderbase.org/lookup/?search_string=67.225.171.176
[*] https://www.alienvault.com/open-threat-exchange/ip/67.225.171.176
[*] http://pastebin.com/search?q=67.225.171.176
[*] http://urlquery.net/search.php?q=67.225.171.176
[*] http://www.alexa.com/siteinfo/www.albetaqa.site
[*] http://www.google.com/safebrowsing/diagnostic?site=www.albetaqa.site
[*] https://censys.io/ipv4/67.225.171.176
[*] https://www.abuseipdb.com/check/67.225.171.176
[*] https://urlscan.io/search/#67.225.171.176
[*] https://github.com/search?q=67.225.171.176&type=Code
[INFO] Useful links related to AS32244 - 67.225.128.0/17:
[*] http://www.google.com/safebrowsing/diagnostic?site=AS:32244
[*] https://www.senderbase.org/lookup/?search_string=67.225.128.0/17
[*] http://bgp.he.net/AS32244
[*] https://stat.ripe.net/AS32244
[INFO] Date: 27/06/19 | Time: 14:03:43
[INFO] Total time: 2 minute(s) and 5 second(s)
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          67.225.171.176
+ Target Hostname:    67.225.171.176
+ Target Port:        443
---------------------------------------------------------------------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=albetaqa.site
                   Ciphers:  ECDHE-RSA-AES256-GCM-SHA384
                   Issuer:   /C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
+ Start Time:         2019-06-27 17:07:13 (GMT-4)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: Apache
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.
: Connection timed out
+ Scan terminated:  20 error(s) and 5 item(s) reported on remote host
+ End Time:           2019-06-27 17:14:04 (GMT-4) (411 seconds)
---------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################
                                            Anonymous JTSEC #OpIsis Full Recon #25