· 6 years ago · Oct 06, 2019, 03:09 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname nymasons.org ISP Liquid Web, L.L.C
4Continent North America Flag
5US
6Country United States Country Code US
7Region Michigan Local time 05 Oct 2019 19:54 EDT
8City Lansing Postal Code 48917
9IP Address 67.225.255.187 Latitude 42.735
10 Longitude -84.625
11=======================================================================================================================================
12#######################################################################################################################################
13> nymasons.org
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: nymasons.org
19Address: 67.225.255.187
20>
21#######################################################################################################################################
22Domain Name: NYMASONS.ORG
23Registry Domain ID: D412357-LROR
24Registrar WHOIS Server: whois.enom.com
25Registrar URL: http://www.enom.com
26Updated Date: 2019-08-12T21:10:13Z
27Creation Date: 1997-08-12T04:00:00Z
28Registry Expiry Date: 2020-08-11T04:00:00Z
29Registrar Registration Expiration Date:
30Registrar: eNom, Inc.
31Registrar IANA ID: 48
32Registrar Abuse Contact Email: abuse@enom.com
33Registrar Abuse Contact Phone: +1.4252982646
34Reseller:
35Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
36Registrant Organization: Grand Lodge F&A Masons
37Registrant State/Province: NY
38Registrant Country: US
39Name Server: NS1.GRIDFAST.NET
40Name Server: NS2.GRIDFAST.NET
41DNSSEC: unsigned
42#######################################################################################################################################
43[+] Target : nymasons.org
44
45[+] IP Address : 67.225.255.187
46
47[+] Headers :
48
49[+] Date : Sun, 06 Oct 2019 00:44:19 GMT
50[+] Server : Apache
51[+] X-Powered-By : PHP/7.0.33
52[+] Link : <https://nymasons.org/site/wp-json/>; rel="https://api.w.org/", <https://nymasons.org/site/>; rel=shortlink
53[+] Set-Cookie : wordpress_google_apps_login=69b4cea6e0fdb8db33ca1e944b65cf32; path=/; secure
54[+] Cache-Control : max-age=600
55[+] Expires : Sun, 06 Oct 2019 00:54:19 GMT
56[+] Vary : Accept-Encoding,User-Agent
57[+] Content-Encoding : gzip
58[+] Strict-Transport-Security : max-age=31536000
59[+] Content-Length : 17849
60[+] Keep-Alive : timeout=5, max=100
61[+] Connection : Keep-Alive
62[+] Content-Type : text/html; charset=UTF-8
63
64[+] SSL Certificate Information :
65
66[+] commonName : nymasons.org
67[+] countryName : US
68[+] stateOrProvinceName : TX
69[+] localityName : Houston
70[+] organizationName : cPanel, Inc.
71[+] commonName : cPanel, Inc. Certification Authority
72[+] Version : 3
73[+] Serial Number : C90A1C5B5F943D05A4AE89D750BBD78D
74[+] Not Before : Aug 11 00:00:00 2019 GMT
75[+] Not After : Nov 9 23:59:59 2019 GMT
76[+] OCSP : ('http://ocsp.comodoca.com',)
77[+] subject Alt Name : (('DNS', 'nymasons.org'), ('DNS', 'cpanel.nymasons.org'), ('DNS', 'mail.nymasons.org'), ('DNS', 'webdisk.nymasons.org'), ('DNS', 'webmail.nymasons.org'), ('DNS', 'www.nymasons.org'))
78[+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
79[+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
80
81[+] Whois Lookup :
82
83[+] NIR : None
84[+] ASN Registry : arin
85[+] ASN : 32244
86[+] ASN CIDR : 67.225.128.0/17
87[+] ASN Country Code : US
88[+] ASN Date : 2007-11-26
89[+] ASN Description : LIQUIDWEB - Liquid Web, L.L.C, US
90[+] cidr : 67.225.128.0/17
91[+] name : LIQUIDWEB
92[+] handle : NET-67-225-128-0-1
93[+] range : 67.225.128.0 - 67.225.255.255
94[+] description : Liquid Web, L.L.C
95[+] country : US
96[+] state : MI
97[+] city : Lansing
98[+] address : 4210 Creyts Rd.
99[+] postal_code : 48917
100[+] emails : ['abuse@liquidweb.com', 'ipadmin@liquidweb.com']
101[+] created : 2007-11-26
102[+] updated : 2016-12-19
103
104[+] Crawling Target...
105
106[+] Looking for robots.txt........[ Not Found ]
107[+] Looking for sitemap.xml.......[ Not Found ]
108[+] Extracting CSS Links..........[ 10 ]
109[+] Extracting Javascript Links...[ 12 ]
110[+] Extracting Internal Links.....[ 44 ]
111[+] Extracting External Links.....[ 30 ]
112[+] Extracting Images.............[ 28 ]
113
114[+] Total Links Extracted : 124
115
116[+] Dumping Links in /opt/FinalRecon/dumps/nymasons.org.dump
117[+] Completed!
118#######################################################################################################################################
119[+] Starting At 2019-10-05 20:46:30.524923
120[+] Collecting Information On: https://nymasons.org/site/
121[#] Status: 200
122--------------------------------------------------
123[#] Web Server Detected: Apache
124[#] X-Powered-By: PHP/7.0.33
125[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
126- Date: Sun, 06 Oct 2019 00:46:28 GMT
127- Server: Apache
128- X-Powered-By: PHP/7.0.33
129- Link: <https://nymasons.org/site/wp-json/>; rel="https://api.w.org/", <https://nymasons.org/site/>; rel=shortlink
130- Set-Cookie: wordpress_google_apps_login=9f31c8e8ac29afe46e55f42365d7a2d0; path=/; secure
131- Cache-Control: max-age=600
132- Expires: Sun, 06 Oct 2019 00:56:28 GMT
133- Vary: Accept-Encoding,User-Agent
134- Content-Encoding: gzip
135- Strict-Transport-Security: max-age=31536000
136- Content-Length: 17851
137- Keep-Alive: timeout=5, max=100
138- Connection: Keep-Alive
139- Content-Type: text/html; charset=UTF-8
140--------------------------------------------------
141[#] Finding Location..!
142[#] as: AS32244 Liquid Web, L.L.C
143[#] city: Lansing
144[#] country: United States
145[#] countryCode: US
146[#] isp: Liquid Web, L.L.C
147[#] lat: 42.6898
148[#] lon: -84.6427
149[#] org: SourceDNS
150[#] query: 67.225.255.187
151[#] region: MI
152[#] regionName: Michigan
153[#] status: success
154[#] timezone: America/Detroit
155[#] zip: 48917
156--------------------------------------------------
157[x] Didn't Detect WAF Presence on: https://nymasons.org/site/
158--------------------------------------------------
159[#] Starting Reverse DNS
160[-] Failed ! Fail
161--------------------------------------------------
162[!] Scanning Open Port
163[#] 21/tcp open ftp
164[#] 22/tcp open ssh
165[#] 53/tcp open domain
166[#] 80/tcp open http
167[#] 110/tcp open pop3
168[#] 143/tcp open imap
169[#] 443/tcp open https
170[#] 465/tcp open smtps
171[#] 587/tcp open submission
172[#] 993/tcp open imaps
173[#] 995/tcp open pop3s
174--------------------------------------------------
175[+] Collecting Information Disclosure!
176[#] Detecting sitemap.xml file
177[!] sitemap.xml File Found: https://nymasons.org/site/sitemap_index.xml
178[#] Detecting robots.txt file
179[-] robots.txt file not Found!?
180[#] Detecting GNU Mailman
181[-] GNU Mailman App Not Detected!?
182--------------------------------------------------
183[+] Crawling Url Parameter On: https://nymasons.org/site/
184--------------------------------------------------
185[#] Searching Html Form !
186[+] Html Form Discovered
187[#] action: https://nymasons.org/site/
188[#] class: ['searchform']
189[#] id: searchform
190[#] method: get
191--------------------------------------------------
192[!] Found 4 dom parameter
193[#] https://nymasons.org/site/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnymasons.org%2Fsite%2F&format=xml
194[#] https://nymasonicbrotherhoodfund.org/component/jdonation/?view=donation&Itemid=455
195[#] https://nymasonicbrotherhoodfund.org/component/jdonation/?view=donation&Itemid=455
196[#] https://nymasons.org/site/committees-departments-programs/youth-committee/#awards
197--------------------------------------------------
198[!] 4 Internal Dynamic Parameter Discovered
199[+] https://nymasons.org/site/xmlrpc.php?rsd
200[+] https://nymasons.org/site/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnymasons.org%2Fsite%2F
201[+] https://nymasons.org/site/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnymasons.org%2Fsite%2F&format=xml
202[+] https://nymasons.org/site/?feed=rss2
203--------------------------------------------------
204[!] 2 External Dynamic Parameter Discovered
205[#] https://nymasonicbrotherhoodfund.org/component/jdonation/?view=donation&Itemid=455
206[#] https://nymasonicbrotherhoodfund.org/component/jdonation/?view=donation&Itemid=455
207--------------------------------------------------
208[!] 73 Internal links Discovered
209[+] https://nymasons.org/site/xmlrpc.php
210[+] https://nymasons.org/site/
211[+] https://nymasons.org/site/feed/
212[+] https://nymasons.org/site/comments/feed/
213[+] https://nymasons.org/site/wp-includes/wlwmanifest.xml
214[+] https://nymasons.org/site/wp-content/uploads/2018-pin.png
215[+] https://nymasons.org/site/wp-content/cache/et/global/et-divi-customizer-global-1569719869877.min.css
216[+] https://nymasons.org/site/
217[+] https://nymasons.org/site/
218[+] https://nymasons.org/site/grand-lodge/
219[+] https://nymasons.org/site/grand-lodge-officers-2018-2020/
220[+] https://nymasons.org/site/past-grand-masters/
221[+] https://nymasons.org/site/grand-lecturers-page/
222[+] https://nymasons.org/site/grand-lodge/grand-lodges/
223[+] https://nymasons.org/site/prince-hall-liaison/
224[+] https://nymasons.org/site/committees-departments-programs/
225[+] https://nymasons.org/site/hall-tours/
226[+] https://nymasons.org/site/districts-lodges/
227[+] https://nymasons.org/site/districts-lodges/
228[+] https://nymasons.org/site/lodge-locator/
229[+] https://nymasons.org/site/lodges-research/
230[+] https://nymasons.org/site/districts-lodges/district-grand-lodge-syria-lebanon/
231[+] https://nymasons.org/site/news/
232[+] https://nymasons.org/site/store/
233[+] https://nymasons.org/site/contact-us/
234[+] http://nymasons.org/discover
235[+] https://nymasons.org/site/police-square-club-100th-year-anniversary/
236[+] https://nymasons.org/site/author/master/
237[+] https://nymasons.org/site/category/news-events/
238[+] https://nymasons.org/site/police-square-club-100th-year-anniversary/
239[+] https://nymasons.org/site/labor-day-message/
240[+] https://nymasons.org/site/author/master/
241[+] https://nymasons.org/site/category/grand-masters-message/
242[+] https://nymasons.org/site/labor-day-message/
243[+] https://nymasons.org/site/teena-davern-day-at-the-mcc/
244[+] https://nymasons.org/site/author/master/
245[+] https://nymasons.org/site/category/news-events/
246[+] https://nymasons.org/site/teena-davern-day-at-the-mcc/
247[+] https://nymasons.org/site/page/2/
248[+] https://nymasons.org/site/the-gateway-painting-by-paul-orban-1930/
249[+] https://nymasons.org/site/author/artifacts/
250[+] https://nymasons.org/site/category/artifacts/
251[+] https://nymasons.org/site/the-gateway-painting-by-paul-orban-1930/
252[+] https://nymasons.org/site/painting-by-paul-orban-1930-obelisk-cornerstone-ceremony/
253[+] https://nymasons.org/site/author/artifacts/
254[+] https://nymasons.org/site/category/artifacts/
255[+] https://nymasons.org/site/painting-by-paul-orban-1930-obelisk-cornerstone-ceremony/
256[+] https://nymasons.org/site/magic-lantern-slide-projector-and-slides-late-1800s-early-1900s/
257[+] https://nymasons.org/site/author/artifacts/
258[+] https://nymasons.org/site/category/artifacts/
259[+] https://nymasons.org/site/magic-lantern-slide-projector-and-slides-late-1800s-early-1900s/
260[+] https://nymasons.org/site/apron-1813-marquis-de-lafayette/
261[+] https://nymasons.org/site/author/artifacts/
262[+] https://nymasons.org/site/category/artifacts/
263[+] https://nymasons.org/site/apron-1813-marquis-de-lafayette/
264[+] https://nymasons.org/site/committees-departments-programs/brotherhood-fund-committee/
265[+] https://nymasons.org/site/committees-departments-programs/brotherhood-fund-committee/
266[+] https://nymasons.org/site/grand-lecturers-page/
267[+] https://nymasons.org/site/grand-lecturers-page/
268[+] https://nymasons.org/site/ritual-renaissance/
269[+] https://nymasons.org/site/concordant-related-masonic-bodies-new-york/
270[+] http://nymasons.org
271[+] https://nymasons.org/site/leadership-education-forms/
272[+] https://nymasons.org/site/ritual-renaissance/
273[+] http://eapapplication.nymasons.org/
274[+] https://nymasons.org/site/lodge-services/
275[+] https://nymasons.org/site/lodge-services/
276[+] https://nymasons.org/site/lodge-services/
277[+] http://mori.nymasons.org:8080/mori/
278[+] https://nymasons.org/site/reforming-districts/
279[+] https://nymasons.org/site/northstar/
280[+] https://nymasons.org/site/restoring-civility/
281[+] https://nymasons.org/site/hirams-highlights/
282--------------------------------------------------
283[!] 37 External links Discovered
284[#] http://DiscoverMasonry.Com
285[#] https://nymasonicbrotherhoodfund.org/2019-special-communication.html
286[#] http://www.campturk.org/
287[#] http://www.masonichomeny.org/
288[#] https://www.mmrl.edu/
289[#] http://nymasoniclibrary.org/
290[#] https://nymasonicbrotherhoodfund.org/legacy-brick.html
291[#] http://www.masonichomeny.org/about-us/masonic-fraternity/empire-state-mason-magazine/
292[#] http://www.masonichomeny.org/about-us/masonic-fraternity/empire-state-mason-magazine/
293[#] http://masonichallnyc.org/
294[#] http://www.ny-royal-arch.org/
295[#] http://www.nycryptic.org/
296[#] http://www.grandcommanderyktny.org/
297[#] http://www.nyscottishritemasons.org/
298[#] http://oesny.org/
299[#] http://ootny.org/
300[#] http://www.nyiorg.org/
301[#] http://www.amaranthny.org/
302[#] http://www.nydemolay.org/
303[#] http://mwv.wnymasons.com
304[#] https://forms.gle/Ci6Dbg4fcEnyEkJ77
305[#] https://forms.gle/M3VNsnVQyD1fgn82A
306[#] https://www.irs.gov/Charities-&-Non-Profits/Annual-Electronic-Filing-Requirement-for-Small-Exempt-Organizations-Form-990-N-e-Postcard
307[#] https://guardingthewestgate.com/
308[#] https://groups.yahoo.com/neo/groups/Atholl1781/info
309[#] https://www.facebook.com/NYMasons
310[#] https://twitter.com/GrandLodgeofNY
311[#] https://www.youtube.com/channel/UCLeD7xgJSTvpBGVrFrTX2ag
312[#] http://masonichallnyc.org/
313[#] http://nymasoniclibrary.org/
314[#] http://www.campturk.org/
315[#] http://www.masonichomeny.org/
316[#] https://www.mmrl.edu/
317[#] https://www.facebook.com/NYMasons
318[#] https://twitter.com/GrandLodgeofNY
319[#] http://www.elegantthemes.com
320[#] http://www.wordpress.org
321--------------------------------------------------
322[#] Mapping Subdomain..
323[!] Found 4 Subdomain
324- glnyeducation.nymasons.org
325- eapapplication.nymasons.org
326- nymasons.org
327- www.nymasons.org
328--------------------------------------------------
329[!] Done At 2019-10-05 20:47:15.161253
330#######################################################################################################################################
331[i] Scanning Site: https://nymasons.org
332
333
334
335B A S I C I N F O
336====================
337
338
339[+] Site Title: Welcome! - Grand Lodge of Free & Accepted Masons of the State of New York
340[+] IP address: 67.225.255.187
341[+] Web Server: Apache
342[+] CMS: WordPress
343[+] Cloudflare: Not Detected
344[+] Robots File: Could NOT Find robots.txt!
345
346
347
348
349W H O I S L O O K U P
350========================
351
352 Domain Name: NYMASONS.ORG
353Registry Domain ID: D412357-LROR
354Registrar WHOIS Server: whois.enom.com
355Registrar URL: http://www.enom.com
356Updated Date: 2019-08-12T21:10:13Z
357Creation Date: 1997-08-12T04:00:00Z
358Registry Expiry Date: 2020-08-11T04:00:00Z
359Registrar Registration Expiration Date:
360Registrar: eNom, Inc.
361Registrar IANA ID: 48
362Registrar Abuse Contact Email: abuse@enom.com
363Registrar Abuse Contact Phone: +1.4252982646
364Reseller:
365Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
366Registrant Organization: Grand Lodge F&A Masons
367Registrant State/Province: NY
368Registrant Country: US
369Name Server: NS1.GRIDFAST.NET
370Name Server: NS2.GRIDFAST.NET
371DNSSEC: unsigned
372URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
373>>> Last update of WHOIS database: 2019-10-06T00:53:39Z <<<
374
375For more information on Whois status codes, please visit https://icann.org/epp
376
377
378
379
380
381G E O I P L O O K U P
382=========================
383
384[i] IP Address: 67.225.255.187
385[i] Country: United States
386[i] State: Michigan
387[i] City: Lansing
388[i] Latitude: 42.7348
389[i] Longitude: -84.6245
390
391
392
393
394H T T P H E A D E R S
395=======================
396
397
398[i] HTTP/1.1 301 Moved Permanently
399[i] Date: Sun, 06 Oct 2019 00:54:41 GMT
400[i] Server: Apache
401[i] Location: http://www.NyMasons.Org/site/
402[i] Cache-Control: max-age=600
403[i] Expires: Sun, 06 Oct 2019 01:04:41 GMT
404[i] Content-Length: 237
405[i] Connection: close
406[i] Content-Type: text/html; charset=iso-8859-1
407[i] HTTP/1.1 301 Moved Permanently
408[i] Date: Sun, 06 Oct 2019 00:54:42 GMT
409[i] Server: Apache
410[i] X-Powered-By: PHP/7.0.33
411[i] X-Redirect-By: WordPress
412[i] Set-Cookie: wordpress_google_apps_login=3519fe7836d96feb56db2791a32de253; path=/; secure
413[i] Location: https://www.NyMasons.Org/site/
414[i] Cache-Control: max-age=600
415[i] Expires: Sun, 06 Oct 2019 01:04:42 GMT
416[i] Vary: User-Agent
417[i] Content-Length: 0
418[i] Connection: close
419[i] Content-Type: text/html; charset=UTF-8
420[i] HTTP/1.1 301 Moved Permanently
421[i] Date: Sun, 06 Oct 2019 00:54:44 GMT
422[i] Server: Apache
423[i] X-Powered-By: PHP/7.0.33
424[i] X-Redirect-By: WordPress
425[i] Set-Cookie: wordpress_google_apps_login=874090194bb5b3081e3da1a3fee39d4d; path=/; secure
426[i] Location: https://nymasons.org/site/
427[i] Cache-Control: max-age=600
428[i] Expires: Sun, 06 Oct 2019 01:04:44 GMT
429[i] Vary: User-Agent
430[i] Strict-Transport-Security: max-age=31536000
431[i] Content-Length: 0
432[i] Connection: close
433[i] Content-Type: text/html; charset=UTF-8
434[i] HTTP/1.1 200 OK
435[i] Date: Sun, 06 Oct 2019 00:54:47 GMT
436[i] Server: Apache
437[i] X-Powered-By: PHP/7.0.33
438[i] Link: <https://nymasons.org/site/wp-json/>; rel="https://api.w.org/", <https://nymasons.org/site/>; rel=shortlink
439[i] Set-Cookie: wordpress_google_apps_login=386cb10a1e54f667c285002a959f7a95; path=/; secure
440[i] Cache-Control: max-age=600
441[i] Expires: Sun, 06 Oct 2019 01:04:47 GMT
442[i] Vary: Accept-Encoding,User-Agent
443[i] Strict-Transport-Security: max-age=31536000
444[i] Connection: close
445[i] Content-Type: text/html; charset=UTF-8
446
447
448
449
450D N S L O O K U P
451===================
452
453nymasons.org. 1799 IN A 67.225.255.187
454nymasons.org. 3599 IN NS ns1.gridfast.net.
455nymasons.org. 3599 IN NS ns2.gridfast.net.
456nymasons.org. 3599 IN SOA ns1.gridfast.net. noc.cloudaccess.net. 2014052901 10800 3600 604800 300
457nymasons.org. 1799 IN MX 5 mx1.cloudaccess.net.
458nymasons.org. 3599 IN MX 10 mx2.cloudaccess.net.
459nymasons.org. 1799 IN TXT "v=spf1 a mx include:_spf_whitelisted-block.cloudaccess.net include:spf.constantcontact.com ip4:67.227.136.101 ip4:67.225.255.187 -all"
460
461
462
463
464S U B N E T C A L C U L A T I O N
465====================================
466
467Address = 67.225.255.187
468Network = 67.225.255.187 / 32
469Netmask = 255.255.255.255
470Broadcast = not needed on Point-to-Point links
471Wildcard Mask = 0.0.0.0
472Hosts Bits = 0
473Max. Hosts = 1 (2^0 - 0)
474Host Range = { 67.225.255.187 - 67.225.255.187 }
475
476
477
478N M A P P O R T S C A N
479============================
480
481Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-06 00:54 UTC
482Nmap scan report for nymasons.org (67.225.255.187)
483Host is up (0.028s latency).
484rDNS record for 67.225.255.187: silverstar2.kenhost.com
485
486PORT STATE SERVICE
48721/tcp open ftp
48822/tcp open ssh
48923/tcp filtered telnet
49080/tcp open http
491110/tcp open pop3
492143/tcp open imap
493443/tcp open https
4943389/tcp filtered ms-wbt-server
495
496Nmap done: 1 IP address (1 host up) scanned in 1.41 seconds
497
498
499
500S U B - D O M A I N F I N D E R
501==================================
502
503
504[i] Total Subdomains Found : 3
505
506[+] Subdomain: eapapplication.nymasons.org
507[-] IP: 129.121.15.234
508
509[+] Subdomain: glnyeducation.nymasons.org
510[-] IP: 45.55.97.70
511
512[+] Subdomain: www.nymasons.org
513[-] IP: 67.225.255.187
514#######################################################################################################################################
515Enter Address Website = nymasons.org
516
517
518
519Reversing IP With HackTarget 'nymasons.org'
520----------------------------------------------
521
522[+] 4armpower.com
523[+] abbott.nickelcity.net
524[+] abbottappraisalagency.com
525[+] academy.teachselfawareness.com
526[+] acbwny.org
527[+] acupuncturecorporationamerica.com
528[+] acupuncturecorporationofamerica.com
529[+] alb3rt.kenville.net
530[+] alleganymasons.org
531[+] amdusa.org
532[+] america-a-nation-thats-lost-its-way.com
533[+] amorphous.press
534[+] amvets45ny.com
535[+] amvets45ny.org
536[+] ancientlandmarks.com
537[+] angryavatar.com
538[+] appraisals.nickelcity.net
539[+] artsyenglish.com
540[+] artsyidiomas.com
541[+] askfarmerstew.com
542[+] athelstanusa.org
543[+] atticachamber.com
544[+] automationintegratorsinc.com
545[+] backyardpartysupply.com
546[+] balintawak.org
547[+] bbs.rustaz.com
548[+] bcwrt.nickelcity.net
549[+] black-unicorn.org
550[+] blacktigerkali.com
551[+] blackunicornwood.com
552[+] blessedtrinitybuffalo.org
553[+] blog.supersailormoon.com
554[+] bluebeardedphotographer.com
555[+] bonusparts.com
556[+] boxcarsatan.com
557[+] breidenstein.net
558[+] breidensteinappraisals.com
559[+] brsc.nickelcity.net
560[+] brsc.us
561[+] bsocialmedia.com
562[+] bsocialnow.com
563[+] buffaloautismproject.org
564[+] buffaloboudoir.com
565[+] buffalocivilwar.com
566[+] buffalomartialartsexpo.com
567[+] buffaloracin.org
568[+] buffaloreanimate.org
569[+] buffumhouse.org
570[+] buyadomain.silverstarsites.net
571[+] cardinalhomeinspections.com
572[+] cazenovia.cortland-madison-masons.org
573[+] cecm.nickelcity.net
574[+] checkmarkww.com
575[+] chrispics.rustaz.com
576[+] christinaestock.com
577[+] clown.nickelcity.net
578[+] communitywatersportscenter.org
579[+] considerreconsider.com
580[+] cortland-madison-masons.org
581[+] countrydentistry.com
582[+] cpanel.abbottappraisalagency.com
583[+] cpanel.acupuncturecorporationofamerica.com
584[+] cpanel.alleganymasons.org
585[+] cpanel.allwny.com
586[+] cpanel.amdusa.org
587[+] cpanel.amorphous.press
588[+] cpanel.angryavatar.com
589[+] cpanel.askfarmerstew.com
590[+] cpanel.athelstanusa.org
591[+] cpanel.atticachamber.com
592[+] cpanel.automationintegratorsinc.com
593[+] cpanel.backyardpartysupply.com
594[+] cpanel.balintawak.org
595[+] cpanel.black-unicorn.org
596[+] cpanel.blacktigerkali.com
597[+] cpanel.bobhubbard.net
598[+] cpanel.bobhubbardphotography.com
599[+] cpanel.bonusparts.com
600[+] cpanel.boxcarsatan.com
601[+] cpanel.bsocialmedia.com
602[+] cpanel.bucciericpa.com
603[+] cpanel.buffaloautismproject.org
604[+] cpanel.buffaloboudoir.com
605[+] cpanel.buffalomartialartsexpo.com
606[+] cpanel.buffaloracin.org
607[+] cpanel.buffaloreanimate.org
608[+] cpanel.buffumhouse.org
609[+] cpanel.cardinalhomeinspections.com
610[+] cpanel.checkmarkww.com
611[+] cpanel.christinaestock.com
612[+] cpanel.communitywatersportscenter.org
613[+] cpanel.considerreconsider.com
614[+] cpanel.cortland-madison-masons.org
615[+] cpanel.customonlinetraining.com
616[+] cpanel.datuhartman.com
617[+] cpanel.datustribe.com
618[+] cpanel.dcgckt.org
619[+] cpanel.dentifax.com
620[+] cpanel.dewinthouse.org
621[+] cpanel.digitalsquareclub.org
622[+] cpanel.enduranceintrospection.com
623[+] cpanel.eagleopticalproducts.com
624[+] cpanel.eclecticmartialarts.club
625[+] cpanel.eriecountymasons.org
626[+] cpanel.excellencetakeseffort.com
627[+] cpanel.facesforfundraising.com
628[+] cpanel.facesofbuffalo.com
629[+] cpanel.fmaclub.net
630[+] cpanel.fmatalk.com
631[+] cpanel.followthezebras.com
632[+] cpanel.forearmpower.com
633[+] cpanel.fplco.com
634[+] cpanel.gcktct.org
635[+] cpanel.gcktnj.org
636[+] cpanel.gcktwv.org
637[+] cpanel.geekgrills.com
638[+] cpanel.geeksbearinggifts.com
639[+] cpanel.greatlakeswatersportinstitute.org
640[+] cpanel.heartdoodle.com
641[+] cpanel.hadjitemple61.org
642[+] cpanel.heresyandhearsay.com
643[+] cpanel.herneswood.org
644[+] cpanel.hillsidehomedelivery.com
645[+] cpanel.homeofdecorativeart.com
646[+] cpanel.horizonma.com
647[+] cpanel.hraktp.org
648[+] cpanel.hubbard.photography
649[+] cpanel.hustle-tec.com
650[+] cpanel.ichfohio.com
651[+] cpanel.insituhealthcare.com
652[+] cpanel.integraenterprises.com
653[+] cpanel.internationalkenpo.com
654[+] cpanel.jefferson-lewis-masons.org
655[+] cpanel.jeffersondistrictmasons.org
656[+] cpanel.justiceleagueofwny.com
657[+] cpanel.kenhost.com
658[+] cpanel.kentropolis.com
659[+] cpanel.kenville.net
660[+] cpanel.keysertechnical.com
661[+] cpanel.kiltedpetphotographer.com
662[+] cpanel.knightmasons.org
663[+] cpanel.knightstemplar.org
664[+] cpanel.kuntawcanam.com
665[+] cpanel.kych.org
666[+] cpanel.kyotours.com
667[+] cpanel.lacrossmonuments.com
668[+] cpanel.lifeenhance.org
669[+] cpanel.livinginwny.com
670[+] cpanel.lodge26.org
671[+] cpanel.mainstreetagency.com
672[+] cpanel.markdivincenzo.com
673[+] cpanel.martialartsbuffalo.com
674[+] cpanel.masonicdigitaltrust.org
675[+] cpanel.metrorobertspropertypreservation.com
676[+] cpanel.mtyorkrite.org
677[+] cpanel.mjmcdiscoveries.com
678[+] cpanel.mjrobson.com
679[+] cpanel.modernarnisminute.com
680[+] cpanel.mwsite.org
681[+] cpanel.nativeofferings.com
682[+] cpanel.ndyorkrite.org
683[+] cpanel.netflections.net
684[+] cpanel.neutralitygroup.com
685[+] cpanel.nickelcity.net
686[+] cpanel.ny-royal-arch.org
687[+] cpanel.nycryptic.org
688[+] cpanel.nymasons.net
689[+] cpanel.nyshighschoolrodeo.com
690[+] cpanel.olshop.org
691[+] cpanel.omaraengineeringpc.com
692[+] cpanel.onegoodchurch.com
693[+] cpanel.operatives-usa.org
694[+] cpanel.oswegodistrictmasons.org
695[+] cpanel.pagrandchapter.org
696[+] cpanel.pagrandcouncil.org
697[+] cpanel.pandba.com
698[+] cpanel.pcscustomtraining.com
699[+] cpanel.peopleleap.com
700[+] cpanel.petdoodle.org
701[+] cpanel.phoenixscuba.com
702[+] cpanel.phoenixscubaandwatersports.com
703[+] cpanel.piedmontbando.org
704[+] cpanel.pilatesartstudio.com
705[+] cpanel.pol-tek.com
706[+] cpanel.polishunion.com
707[+] cpanel.presasarnis.com
708[+] cpanel.pugadlawinma.com
709[+] cpanel.queencitylabanlaro.com
710[+] cpanel.queencitypinups.com
711[+] cpanel.radediting.com
712[+] cpanel.safetyid.org
713[+] cpanel.sanfordallen.com
714[+] cpanel.richardsonandpullen.com
715[+] cpanel.roofmastersroof.com
716[+] cpanel.rustaz.com
717[+] cpanel.rustaz.net
718[+] cpanel.saunadetoxprogram.com
719[+] cpanel.sawarehouses.com
720[+] cpanel.schererelectric.com
721[+] cpanel.scifipics.com
722[+] cpanel.scubabsawny.com
723[+] cpanel.sdyorkrite.org
724[+] cpanel.seventhmasonicdistrict.org
725[+] cpanel.sherryarndtart.com
726[+] cpanel.silverstarsites.net
727[+] cpanel.sirianniart.com
728[+] cpanel.skurla.net
729[+] cpanel.smilemosaic.com
730[+] cpanel.snapwrist.com
731[+] cpanel.sockdollies.com
732[+] cpanel.sricf.org
733[+] cpanel.ssomacanada.ca
734[+] cpanel.steampunkharley.com
735[+] cpanel.stitchsloft.com
736[+] cpanel.susanhubbardphotography.com
737[+] cpanel.susiesfunart.com
738[+] cpanel.teachselfawareness.com
739[+] cpanel.thenorthridge.com
740[+] cpanel.thereikihealingcenter.com
741[+] cpanel.thetrinityfirm.com
742[+] cpanel.ticeassociates.biz
743[+] cpanel.vagckt.org
744[+] cpanel.unicorngenesis.com
745[+] cpanel.urbandevelopmentservices.com
746[+] cpanel.vigilantfire.com
747[+] cpanel.vtyorkrite.org
748[+] cpanel.waterfrontcommunitycenter.org
749[+] cpanel.waynecountynymasons.org
750[+] cpanel.wdsupplies.com
751[+] cpanel.wholeworldbook.com
752[+] cpanel.wmarnis.com
753[+] cpanel.wnyadaptiverecexpo.org
754[+] cpanel.wnyadaptivewatersports.org
755[+] cpanel.wnylanterncorps.com
756[+] cpanel.wnylodgeofresearch.us
757[+] cpanel.wnymasons.com
758[+] cpanel.wnywildlife.com
759[+] cpanel.yorkrite.com
760[+] cpanel.yorkrite.org
761[+] cpanel.yorkriteco.org
762[+] cpanel.yorkritect.org
763[+] cpanel.yorkritela.org
764[+] cpanel.yorkriteor.org
765[+] cpanel.yorkritewa.org
766[+] cpanel.yorkritewi.org
767[+] cpanel.yorkritewy.org
768[+] cpanel.youroutdoorlivingspace.com
769[+] cpanel.yrscna.org
770[+] cushmanlodge.com
771[+] customonlinetraining.com
772[+] dakmed.com
773[+] datuhartman.com
774[+] datustribe.com
775[+] daveselectricservice.com
776[+] dayandnightsewer.com
777[+] dc-1ac723359b12.bobhubbardphotography.com
778[+] dc-87b7f5ef8f90.bobhubbard.net
779[+] dcgckt.org
780[+] dentifax.com
781[+] dewinthouse.org
782[+] digitalsquareclub.org
783[+] dlr.nickelcity.net
784[+] dlrassociates.com
785[+] dns.kenhost.com
786[+] dns.silverstarsites.net
787[+] dogears.christinaestock.com
788[+] dogearsbookstore.org
789[+] eagleoptical.com
790[+] eagleopticalproducts.com
791[+] echoes.nickelcity.net
792[+] echoesthroughtime.com
793[+] echoesthroughtime.org
794[+] eclecticmartialarts.club
795[+] electaustinharig.com
796[+] enduranceintrospection.com
797[+] enzo.wnywildlife.com
798[+] eponaranch.com
799[+] eponaranch.mjmcdiscoveries.com
800[+] eriecountymasons.org
801[+] erieparishunited.com
802[+] excalibur.nickelcity.net
803[+] excaliburls.com
804[+] excellencetakeseffort.com
805[+] facesforfundraising.com
806[+] facesofbuffalo.com
807[+] falconsprint.wnywildlife.com
808[+] fandom.black-unicorn.org
809[+] fmaclub.com
810[+] fmaclub.net
811[+] fmatalk.com
812[+] followthezebras.com
813[+] forearmpower.com
814[+] forum.silverstarsites.net
815[+] forums.rustaz.com
816[+] freedomlounge.nickelcity.net
817[+] gcktct.org
818[+] gcktnj.org
819[+] gcktwv.org
820[+] geekgrills.com
821[+] geeksbearinggifts.com
822[+] geneseeautomotive.com
823[+] germanmasoniccharitablefoundation.org
824[+] germanmasonicpark.org
825[+] gmcf.us
826[+] grandpostmwv.com
827[+] greatlakeswatersportinstitute.org
828[+] hadjitemple61.org
829[+] halo.kenville.net
830[+] heartdoodle.com
831[+] helpdesk.silverstarsites.net
832[+] heresyandhearsay.com
833[+] herneswood.net
834[+] herneswood.org
835[+] hillsidehomedelivery.com
836[+] hiram105.com
837[+] hiram105.org
838[+] holyarkchapter.org
839[+] homeinspectionswny.nickelcity.net
840[+] homeofdecorativeart.com
841[+] horizonma.com
842[+] hosting.kentropolis.com
843[+] houseofsons.kentropolis.com
844[+] hraktp.org
845[+] hubbard.photography
846[+] hustle-tec.com
847[+] ichfohio.com
848[+] indianpark.nickelcity.net
849[+] internationalkenpo.com
850[+] insituhealthcare.com
851[+] insituhealthuae.com
852[+] integraenterprises.com
853[+] integrity.lifeenhance.org
854[+] ionic.dev.seventhmasonicdistrict.org
855[+] ioniclodgeno88.com
856[+] ioniclodgeno88.org
857[+] jefferson-lewis-masons.org
858[+] jeffersondistrictmasons.org
859[+] joekulbacki.com
860[+] justiceleagueofwny.com
861[+] ken-ton.eriecountymasons.org
862[+] ken-ton1186.com
863[+] ken.kenville.net
864[+] kenhost.com
865[+] kenskenpoguide.internationalkenpo.com
866[+] kentroplis.com
867[+] kentropolis.com
868[+] kenville.net
869[+] keysertechnical.com
870[+] kiltedpetphotographer.com
871[+] knightmasons.org
872[+] knightstemplar.org
873[+] kulbacki.nickelcity.net
874[+] kuntawcanam.com
875[+] kych.org
876[+] kyotours.com
877[+] lacrossmonuments.com
878[+] langfordtesting.com
879[+] languageleap.peopleleap.com
880[+] languageleapinstitute.com
881[+] lebvfc.com
882[+] lemuriagiftstore.com
883[+] lifeenhance.org
884[+] lifeintegritycenter.com
885[+] livinginwny.com
886[+] lodge26.org
887[+] lor.wnymasons.com
888[+] madonnacouncil2535.com
889[+] mail.bobhubbard.net
890[+] mail.bobhubbardphotography.com
891[+] mail.bucciericpa.com
892[+] mail.dayandnightsewer.com
893[+] mail.goworldscape.com
894[+] mail.hubbard.photography
895[+] mail.hubbardphotos.com
896[+] mail.olshop.org
897[+] mail.phoenixscuba.com
898[+] mail.schererelectric.com
899[+] mainstreetagency.com
900[+] manginohome.com
901[+] markdivincenzo.com
902[+] martialartsbuffalo.com
903[+] masonicdigitaltrust.org
904[+] metropropertypreservation.com
905[+] metrorobertspropertypreservation.com
906[+] mhr.kyotours.com
907[+] mjlande.com
908[+] mjmcdiscoveries.com
909[+] mjrobson.com
910[+] modernarnisminute.com
911[+] mta-sts.amorphous.press
912[+] mta-sts.christinaestock.com
913[+] mta-sts.cortland-madison-masons.org
914[+] mta-sts.eriecountymasons.org
915[+] mta-sts.kenville.net
916[+] mta-sts.lifeenhance.org
917[+] mta-sts.netflections.net
918[+] mta-sts.nickelcity.net
919[+] mta-sts.seventhmasonicdistrict.org
920[+] mta-sts.wnymasons.com
921[+] mtyorkrite.org
922[+] mwsite.org
923[+] mwv.wnymasons.com
924[+] nationaldomestigraphic.com
925[+] nativeofferings.com
926[+] ndyorkrite.org
927[+] netflections.net
928[+] neutralitygroup.com
929[+] nickelcity.net
930[+] noble9th.org
931[+] ns1.masonicdigitaltrust.org
932[+] ns1.silverstarsites.net
933[+] ny-royal-arch.org
934[+] nymasons.net
935[+] nymasons.org
936[+] nycryptic.org
937[+] nyram.org
938[+] nyshighschoolrodeo.com
939[+] omaraengineering.com
940[+] omaraengineeringpc.com
941[+] onegoodchurch.com
942[+] operatives-usa.org
943[+] oswegodistrictmasons.org
944[+] otherflock.org
945[+] pagrandchapter.org
946[+] pagrandcouncil.org
947[+] pandba.com
948[+] pcscustomtraining.com
949[+] peapodpage.com
950[+] peopleleap.com
951[+] periodpaperartisan.com
952[+] petdoodle.org
953[+] phoenixscuba.com
954[+] phoenixscubaandwatersports.com
955[+] piedmontbando.org
956[+] pilatesartstudio.com
957[+] pol-tek.com
958[+] polishunion.com
959[+] pondoes.org
960[+] portfolio.kentropolis.com
961[+] presasarnis.com
962[+] proactivecomplianceehs.com
963[+] pugadlawinma.com
964[+] queencitylabanlaro.com
965[+] queencitypinups.com
966[+] radediting.com
967[+] ravenskeep.org
968[+] re.kenville.net
969[+] rejuvenationhome.org
970[+] reikiforchildren.com
971[+] richardsonandpullen.com
972[+] richardsonpullen.com
973[+] ring44.nickelcity.net
974[+] rjopepc.com
975[+] roofmastersroof.com
976[+] rpg.black-unicorn.org
977[+] rustaz.com
978[+] rustaz.net
979[+] safetyid.org
980[+] sanfordallen.com
981[+] sauna.lifeenhance.org
982[+] saunadetoxprogram.com
983[+] sawarehouses.com
984[+] scifipics.com
985[+] school.olshop.org
986[+] scubabsabuffalo.com
987[+] scubabsawny.com
988[+] sdyorkrite.org
989[+] seventhmasonicdistrict.org
990[+] shepardlegalaid.com
991[+] sherryarndtart.com
992[+] silverstar2.kenhost.com
993[+] silverstarsites.net
994[+] sirianniart.com
995[+] skurla.net
996[+] smilemosaic.com
997[+] snapwrist.com
998[+] sockdollies.com
999[+] southbuffalobaseball.com
1000[+] southhill.nickelcity.net
1001[+] southhillfarm.com
1002[+] squirrelcrossing.lifeenhance.org
1003[+] sricf.org
1004[+] ssomacanada.ca
1005[+] steampunkharley.com
1006[+] stitchsloft.com
1007[+] supersailormoon.com
1008[+] susanhubbardphotography.com
1009[+] susiesfunart.com
1010[+] sx.lifeenhance.org
1011[+] taichi.kenville.net
1012[+] tallysmarine.com
1013[+] teacherstoolsandtreasures.com
1014[+] teachselfawareness.com
1015[+] tech.lifeenhance.org
1016[+] thenorthridge.com
1017[+] thereikihealingcenter.com
1018[+] thetrinityfirm.com
1019[+] ticeassociates.biz
1020[+] tonys.nickelcity.net
1021[+] tonysranchhouse.com
1022[+] traubenfest.com
1023[+] travelingmanfestival.com
1024[+] treylotz.com
1025[+] ttt.nickelcity.net
1026[+] unicorngenesis.com
1027[+] urbandevelopmentservices.com
1028[+] us.polishunion.com
1029[+] vagckt.org
1030[+] valley.wnymasons.com
1031[+] valleyofbuffalo.org
1032[+] vigilantfire.com
1033[+] vtyorkrite.org
1034[+] waterfrontcommunitycenter.org
1035[+] waynecountynymasons.org
1036[+] wdsupplies.com
1037[+] webdisk.abbottappraisalagency.com
1038[+] webdisk.acupuncturecorporationofamerica.com
1039[+] webdisk.alleganymasons.org
1040[+] webdisk.amdusa.org
1041[+] webdisk.amorphous.press
1042[+] webdisk.angryavatar.com
1043[+] webdisk.askfarmerstew.com
1044[+] webdisk.athelstanusa.org
1045[+] webdisk.atticachamber.com
1046[+] webdisk.automationintegratorsinc.com
1047[+] webdisk.backyardpartysupply.com
1048[+] webdisk.balintawak.org
1049[+] webdisk.black-unicorn.org
1050[+] webdisk.blacktigerkali.com
1051[+] webdisk.bobhubbard.net
1052[+] webdisk.bobhubbardphotography.com
1053[+] webdisk.bonusparts.com
1054[+] webdisk.boxcarsatan.com
1055[+] webdisk.bsocialmedia.com
1056[+] webdisk.bucciericpa.com
1057[+] webdisk.buffaloautismproject.org
1058[+] webdisk.buffaloboudoir.com
1059[+] webdisk.buffalomartialartsexpo.com
1060[+] webdisk.buffaloracin.org
1061[+] webdisk.buffaloreanimate.org
1062[+] webdisk.buffumhouse.org
1063[+] webdisk.cardinalhomeinspections.com
1064[+] webdisk.checkmarkww.com
1065[+] webdisk.christinaestock.com
1066[+] webdisk.communitywatersportscenter.org
1067[+] webdisk.considerreconsider.com
1068[+] webdisk.cortland-madison-masons.org
1069[+] webdisk.customonlinetraining.com
1070[+] webdisk.datuhartman.com
1071[+] webdisk.datustribe.com
1072[+] webdisk.dcgckt.org
1073[+] webdisk.dentifax.com
1074[+] webdisk.dewinthouse.org
1075[+] webdisk.digitalsquareclub.org
1076[+] webdisk.eagleopticalproducts.com
1077[+] webdisk.eclecticmartialarts.club
1078[+] webdisk.enduranceintrospection.com
1079[+] webdisk.eriecountymasons.org
1080[+] webdisk.excellencetakeseffort.com
1081[+] webdisk.facesforfundraising.com
1082[+] webdisk.facesofbuffalo.com
1083[+] webdisk.fmaclub.net
1084[+] webdisk.fmatalk.com
1085[+] webdisk.followthezebras.com
1086[+] webdisk.forearmpower.com
1087[+] webdisk.fplco.com
1088[+] webdisk.gcktct.org
1089[+] webdisk.gcktnj.org
1090[+] webdisk.gcktwv.org
1091[+] webdisk.geekgrills.com
1092[+] webdisk.geeksbearinggifts.com
1093[+] webdisk.greatlakeswatersportinstitute.org
1094[+] webdisk.hadjitemple61.org
1095[+] webdisk.heartdoodle.com
1096[+] webdisk.heresyandhearsay.com
1097[+] webdisk.herneswood.org
1098[+] webdisk.hillsidehomedelivery.com
1099[+] webdisk.homeofdecorativeart.com
1100[+] webdisk.horizonma.com
1101[+] webdisk.hraktp.org
1102[+] webdisk.hubbard.photography
1103[+] webdisk.hustle-tec.com
1104[+] webdisk.ichfohio.com
1105[+] webdisk.insituhealthcare.com
1106[+] webdisk.integraenterprises.com
1107[+] webdisk.internationalkenpo.com
1108[+] webdisk.jefferson-lewis-masons.org
1109[+] webdisk.jeffersondistrictmasons.org
1110[+] webdisk.justiceleagueofwny.com
1111[+] webdisk.kenhost.com
1112[+] webdisk.kentropolis.com
1113[+] webdisk.kenville.net
1114[+] webdisk.keysertechnical.com
1115[+] webdisk.kiltedpetphotographer.com
1116[+] webdisk.knightmasons.org
1117[+] webdisk.knightstemplar.org
1118[+] webdisk.kuntawcanam.com
1119[+] webdisk.kych.org
1120[+] webdisk.kyotours.com
1121[+] webdisk.lacrossmonuments.com
1122[+] webdisk.lodge26.org
1123[+] webdisk.lifeenhance.org
1124[+] webdisk.livinginwny.com
1125[+] webdisk.mainstreetagency.com
1126[+] webdisk.markdivincenzo.com
1127[+] webdisk.martialartsbuffalo.com
1128[+] webdisk.masonicdigitaltrust.org
1129[+] webdisk.metrorobertspropertypreservation.com
1130[+] webdisk.mtyorkrite.org
1131[+] webdisk.mjmcdiscoveries.com
1132[+] webdisk.mjrobson.com
1133[+] webdisk.modernarnisminute.com
1134[+] webdisk.mwsite.org
1135[+] webdisk.nativeofferings.com
1136[+] webdisk.ndyorkrite.org
1137[+] webdisk.netflections.net
1138[+] webdisk.neutralitygroup.com
1139[+] webdisk.nickelcity.net
1140[+] webdisk.ny-royal-arch.org
1141[+] webdisk.nycryptic.org
1142[+] webdisk.nymasons.net
1143[+] webdisk.nyshighschoolrodeo.com
1144[+] webdisk.olshop.org
1145[+] webdisk.omaraengineeringpc.com
1146[+] webdisk.onegoodchurch.com
1147[+] webdisk.operatives-usa.org
1148[+] webdisk.pcscustomtraining.com
1149[+] webdisk.peopleleap.com
1150[+] webdisk.petdoodle.org
1151[+] webdisk.phoenixscuba.com
1152[+] webdisk.phoenixscubaandwatersports.com
1153[+] webdisk.piedmontbando.org
1154[+] webdisk.pilatesartstudio.com
1155[+] webdisk.oswegodistrictmasons.org
1156[+] webdisk.pagrandchapter.org
1157[+] webdisk.pagrandcouncil.org
1158[+] webdisk.pandba.com
1159[+] webdisk.pol-tek.com
1160[+] webdisk.polishunion.com
1161[+] webdisk.presasarnis.com
1162[+] webdisk.pugadlawinma.com
1163[+] webdisk.queencitylabanlaro.com
1164[+] webdisk.queencitypinups.com
1165[+] webdisk.radediting.com
1166[+] webdisk.richardsonandpullen.com
1167[+] webdisk.roofmastersroof.com
1168[+] webdisk.rustaz.com
1169[+] webdisk.rustaz.net
1170[+] webdisk.safetyid.org
1171[+] webdisk.sanfordallen.com
1172[+] webdisk.saunadetoxprogram.com
1173[+] webdisk.sawarehouses.com
1174[+] webdisk.schererelectric.com
1175[+] webdisk.scifipics.com
1176[+] webdisk.scubabsawny.com
1177[+] webdisk.sdyorkrite.org
1178[+] webdisk.seventhmasonicdistrict.org
1179[+] webdisk.sherryarndtart.com
1180[+] webdisk.silverstarsites.net
1181[+] webdisk.stitchsloft.com
1182[+] webdisk.sricf.org
1183[+] webdisk.ssomacanada.ca
1184[+] webdisk.smilemosaic.com
1185[+] webdisk.snapwrist.com
1186[+] webdisk.sockdollies.com
1187[+] webdisk.sirianniart.com
1188[+] webdisk.skurla.net
1189[+] webdisk.susiesfunart.com
1190[+] webdisk.teachselfawareness.com
1191[+] webdisk.thenorthridge.com
1192[+] webdisk.thereikihealingcenter.com
1193[+] webdisk.thetrinityfirm.com
1194[+] webdisk.ticeassociates.biz
1195[+] webdisk.unicorngenesis.com
1196[+] webdisk.urbandevelopmentservices.com
1197[+] webdisk.vigilantfire.com
1198[+] webdisk.vagckt.org
1199[+] webdisk.vtyorkrite.org
1200[+] webdisk.waterfrontcommunitycenter.org
1201[+] webdisk.waynecountynymasons.org
1202[+] webdisk.wdsupplies.com
1203[+] webdisk.wmarnis.com
1204[+] webdisk.wnyadaptiverecexpo.org
1205[+] webdisk.wnyadaptivewatersports.org
1206[+] webdisk.wnylanterncorps.com
1207[+] webdisk.wnylodgeofresearch.us
1208[+] webdisk.wnymasons.com
1209[+] webdisk.wnywildlife.com
1210[+] webdisk.wholeworldbook.com
1211[+] webdisk.yorkrite.com
1212[+] webdisk.yorkrite.org
1213[+] webdisk.yorkriteco.org
1214[+] webdisk.yorkritect.org
1215[+] webdisk.yorkritela.org
1216[+] webdisk.yorkriteor.org
1217[+] webdisk.yorkritewa.org
1218[+] webdisk.yorkritewi.org
1219[+] webdisk.yorkritewy.org
1220[+] webdisk.youroutdoorlivingspace.com
1221[+] webdisk.yrscna.org
1222[+] webersgardencenter.net
1223[+] webmail.abbottappraisalagency.com
1224[+] webmail.acupuncturecorporationofamerica.com
1225[+] webmail.alleganymasons.org
1226[+] webmail.amdusa.org
1227[+] webmail.amorphous.press
1228[+] webmail.angryavatar.com
1229[+] webmail.atticachamber.com
1230[+] webmail.automationintegratorsinc.com
1231[+] webmail.askfarmerstew.com
1232[+] webmail.athelstanusa.org
1233[+] webmail.backyardpartysupply.com
1234[+] webmail.balintawak.org
1235[+] webmail.black-unicorn.org
1236[+] webmail.blacktigerkali.com
1237[+] webmail.bobhubbard.net
1238[+] webmail.bobhubbardphotography.com
1239[+] webmail.bonusparts.com
1240[+] webmail.boxcarsatan.com
1241[+] webmail.bsocialmedia.com
1242[+] webmail.bucciericpa.com
1243[+] webmail.buffaloautismproject.org
1244[+] webmail.buffaloboudoir.com
1245[+] webmail.buffalomartialartsexpo.com
1246[+] webmail.buffaloracin.org
1247[+] webmail.buffaloreanimate.org
1248[+] webmail.buffumhouse.org
1249[+] webmail.checkmarkww.com
1250[+] webmail.cardinalhomeinspections.com
1251[+] webmail.christinaestock.com
1252[+] webmail.communitywatersportscenter.org
1253[+] webmail.considerreconsider.com
1254[+] webmail.cortland-madison-masons.org
1255[+] webmail.customonlinetraining.com
1256[+] webmail.dentifax.com
1257[+] webmail.datuhartman.com
1258[+] webmail.datustribe.com
1259[+] webmail.dcgckt.org
1260[+] webmail.dewinthouse.org
1261[+] webmail.digitalsquareclub.org
1262[+] webmail.eagleopticalproducts.com
1263[+] webmail.eclecticmartialarts.club
1264[+] webmail.enduranceintrospection.com
1265[+] webmail.eriecountymasons.org
1266[+] webmail.excellencetakeseffort.com
1267[+] webmail.facesforfundraising.com
1268[+] webmail.facesofbuffalo.com
1269[+] webmail.fmaclub.net
1270[+] webmail.fmatalk.com
1271[+] webmail.followthezebras.com
1272[+] webmail.forearmpower.com
1273[+] webmail.gcktct.org
1274[+] webmail.gcktnj.org
1275[+] webmail.gcktwv.org
1276[+] webmail.geekgrills.com
1277[+] webmail.geeksbearinggifts.com
1278[+] webmail.greatlakeswatersportinstitute.org
1279[+] webmail.hadjitemple61.org
1280[+] webmail.heartdoodle.com
1281[+] webmail.heresyandhearsay.com
1282[+] webmail.herneswood.org
1283[+] webmail.hillsidehomedelivery.com
1284[+] webmail.homeofdecorativeart.com
1285[+] webmail.horizonma.com
1286[+] webmail.integraenterprises.com
1287[+] webmail.internationalkenpo.com
1288[+] webmail.hraktp.org
1289[+] webmail.hubbard.photography
1290[+] webmail.hustle-tec.com
1291[+] webmail.insituhealthcare.com
1292[+] webmail.ichfohio.com
1293[+] webmail.justiceleagueofwny.com
1294[+] webmail.jefferson-lewis-masons.org
1295[+] webmail.jeffersondistrictmasons.org
1296[+] webmail.kenhost.com
1297[+] webmail.kentropolis.com
1298[+] webmail.kenville.net
1299[+] webmail.keysertechnical.com
1300[+] webmail.kiltedpetphotographer.com
1301[+] webmail.knightmasons.org
1302[+] webmail.knightstemplar.org
1303[+] webmail.kuntawcanam.com
1304[+] webmail.kych.org
1305[+] webmail.kyotours.com
1306[+] webmail.lacrossmonuments.com
1307[+] webmail.lifeenhance.org
1308[+] webmail.livinginwny.com
1309[+] webmail.lodge26.org
1310[+] webmail.markdivincenzo.com
1311[+] webmail.martialartsbuffalo.com
1312[+] webmail.masonicdigitaltrust.org
1313[+] webmail.mainstreetagency.com
1314[+] webmail.metrorobertspropertypreservation.com
1315[+] webmail.mjmcdiscoveries.com
1316[+] webmail.mjrobson.com
1317[+] webmail.modernarnisminute.com
1318[+] webmail.mtyorkrite.org
1319[+] webmail.mwsite.org
1320[+] webmail.nativeofferings.com
1321[+] webmail.ndyorkrite.org
1322[+] webmail.netflections.net
1323[+] webmail.neutralitygroup.com
1324[+] webmail.nickelcity.net
1325[+] webmail.ny-royal-arch.org
1326[+] webmail.nycryptic.org
1327[+] webmail.nymasons.net
1328[+] webmail.nyshighschoolrodeo.com
1329[+] webmail.olshop.org
1330[+] webmail.omaraengineeringpc.com
1331[+] webmail.operatives-usa.org
1332[+] webmail.oswegodistrictmasons.org
1333[+] webmail.pagrandchapter.org
1334[+] webmail.pagrandcouncil.org
1335[+] webmail.pandba.com
1336[+] webmail.pcscustomtraining.com
1337[+] webmail.pol-tek.com
1338[+] webmail.polishunion.com
1339[+] webmail.presasarnis.com
1340[+] webmail.peopleleap.com
1341[+] webmail.petdoodle.org
1342[+] webmail.phoenixscuba.com
1343[+] webmail.phoenixscubaandwatersports.com
1344[+] webmail.piedmontbando.org
1345[+] webmail.pilatesartstudio.com
1346[+] webmail.radediting.com
1347[+] webmail.pugadlawinma.com
1348[+] webmail.queencitylabanlaro.com
1349[+] webmail.queencitypinups.com
1350[+] webmail.richardsonandpullen.com
1351[+] webmail.roofmastersroof.com
1352[+] webmail.sanfordallen.com
1353[+] webmail.saunadetoxprogram.com
1354[+] webmail.sawarehouses.com
1355[+] webmail.schererelectric.com
1356[+] webmail.rustaz.com
1357[+] webmail.rustaz.net
1358[+] webmail.scifipics.com
1359[+] webmail.scubabsawny.com
1360[+] webmail.sdyorkrite.org
1361[+] webmail.silverstarsites.net
1362[+] webmail.sirianniart.com
1363[+] webmail.seventhmasonicdistrict.org
1364[+] webmail.sherryarndtart.com
1365[+] webmail.skurla.net
1366[+] webmail.smilemosaic.com
1367[+] webmail.snapwrist.com
1368[+] webmail.sricf.org
1369[+] webmail.ssomacanada.ca
1370[+] webmail.sockdollies.com
1371[+] webmail.susiesfunart.com
1372[+] webmail.stitchsloft.com
1373[+] webmail.teachselfawareness.com
1374[+] webmail.thenorthridge.com
1375[+] webmail.thereikihealingcenter.com
1376[+] webmail.thetrinityfirm.com
1377[+] webmail.ticeassociates.biz
1378[+] webmail.unicorngenesis.com
1379[+] webmail.urbandevelopmentservices.com
1380[+] webmail.vagckt.org
1381[+] webmail.vigilantfire.com
1382[+] webmail.vtyorkrite.org
1383[+] webmail.waterfrontcommunitycenter.org
1384[+] webmail.waynecountynymasons.org
1385[+] webmail.wdsupplies.com
1386[+] webmail.wholeworldbook.com
1387[+] webmail.wmarnis.com
1388[+] webmail.wnyadaptiverecexpo.org
1389[+] webmail.wnyadaptivewatersports.org
1390[+] webmail.wnylanterncorps.com
1391[+] webmail.wnylodgeofresearch.us
1392[+] webmail.wnymasons.com
1393[+] webmail.wnywildlife.com
1394[+] webmail.yorkrite.com
1395[+] webmail.yorkrite.org
1396[+] webmail.yorkriteco.org
1397[+] webmail.yorkritect.org
1398[+] webmail.yorkritela.org
1399[+] webmail.yorkriteor.org
1400[+] webmail.yorkritewa.org
1401[+] webmail.yorkritewi.org
1402[+] webmail.yorkritewy.org
1403[+] webmail.youroutdoorlivingspace.com
1404[+] webmail.yrscna.org
1405[+] westernnewyorkadaptivewatersports.org
1406[+] westernstarlodge1185.com
1407[+] westsenecalodge.com
1408[+] whm.facesforfundraising.com
1409[+] whm.horizonma.com
1410[+] whm.unicorngenesis.com
1411[+] wholeworldbook.com
1412[+] whm.kenhost.com
1413[+] whm.masonicdigitaltrust.org
1414[+] whm.mwsite.org
1415[+] whm.phoenixscuba.com
1416[+] whm.sawarehouses.com
1417[+] whm.silverstarsites.net
1418[+] wmarnis.com
1419[+] wnyadaptiverecexpo.org
1420[+] wnyadaptivewatersports.org
1421[+] wnylanterncorps.com
1422[+] wnylodgeofresearch.us
1423[+] wnymasons.com
1424[+] wnywildlife.com
1425[+] worldmodernarnis.com
1426[+] www.academy.teachselfawareness.com
1427[+] www.alb3rt.kenville.net
1428[+] www.bbs.rustaz.com
1429[+] www.buffaloracin.org
1430[+] www.buyadomain.silverstarsites.net
1431[+] www.chrispics.rustaz.com
1432[+] www.enzo.wnywildlife.com
1433[+] www.eponaranch.mjmcdiscoveries.com
1434[+] www.falconsprint.wnywildlife.com
1435[+] www.fandom.black-unicorn.org
1436[+] www.forum.silverstarsites.net
1437[+] www.forums.rustaz.com
1438[+] www.halo.kenville.net
1439[+] www.helpdesk.silverstarsites.net
1440[+] www.hosting.kentropolis.com
1441[+] www.houseofsons.kentropolis.com
1442[+] www.ionic.dev.seventhmasonicdistrict.org
1443[+] www.kenskenpoguide.internationalkenpo.com
1444[+] www.languageleap.peopleleap.com
1445[+] www.mhr.kyotours.com
1446[+] www.nymasons.org
1447[+] www.portfolio.kentropolis.com
1448[+] www.rpg.black-unicorn.org
1449[+] www.sauna.lifeenhance.org
1450[+] www.school.olshop.org
1451[+] www.squirrelcrossing.lifeenhance.org
1452[+] www.sx.lifeenhance.org
1453[+] yorkrite.com
1454[+] yorkrite.org
1455[+] yorkriteco.org
1456[+] yorkritect.org
1457[+] yorkritela.org
1458[+] yorkriteor.org
1459[+] yorkritewa.org
1460[+] yorkritewi.org
1461[+] yorkritewy.org
1462[+] youroutdoorlivingspace.com
1463[+] yrscna.org
1464[+] ywacupuncture.com
1465[+] zuleikagrotto.org
1466
1467
1468
1469Reverse IP With YouGetSignal 'nymasons.org'
1470----------------------------------------------
1471
1472[*] IP: 67.225.255.187
1473[*] Domain: nymasons.org
1474[*] Total Domains: 1
1475
1476[+] nymasons.org
1477
1478
1479
1480Geo IP Lookup 'nymasons.org'
1481-------------------------------
1482
1483[+] IP Address: 67.225.255.187
1484[+] Country: United States
1485[+] State: Michigan
1486[+] City: Lansing
1487[+] Latitude: 42.7348
1488[+] Longitude: -84.6245
1489
1490
1491
1492Whois 'nymasons.org'
1493-----------------------
1494
1495[+] Domain Name: NYMASONS.ORG
1496[+] Registry Domain ID: D412357-LROR
1497[+] Registrar WHOIS Server: whois.enom.com
1498[+] Registrar URL: http://www.enom.com
1499[+] Updated Date: 2019-08-12T21:10:13Z
1500[+] Creation Date: 1997-08-12T04:00:00Z
1501[+] Registry Expiry Date: 2020-08-11T04:00:00Z
1502[+] Registrar Registration Expiration Date:
1503[+] Registrar: eNom, Inc.
1504[+] Registrar IANA ID: 48
1505[+] Registrar Abuse Contact Email: abuse@enom.com
1506[+] Registrar Abuse Contact Phone: +1.4252982646
1507[+] Reseller:
1508[+] Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
1509[+] Registrant Organization: Grand Lodge F&A Masons
1510[+] Registrant State/Province: NY
1511[+] Registrant Country: US
1512[+] Name Server: NS1.GRIDFAST.NET
1513[+] Name Server: NS2.GRIDFAST.NET
1514[+] DNSSEC: unsigned
1515[+] URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
1516[+] >>> Last update of WHOIS database: 2019-10-06T01:01:14Z <<<
1517[+] For more information on Whois status codes, please visit https://icann.org/epp
1518
1519
1520
1521Bypass Cloudflare 'nymasons.org'
1522-----------------------------------
1523
1524
1525[!] CloudFlare Bypass 67.225.255.187 | www.nymasons.org
1526
1527
1528
1529DNS Lookup 'nymasons.org'
1530----------------------------
1531
1532[+] nymasons.org. 1799 IN A 67.225.255.187
1533[+] nymasons.org. 3599 IN NS ns1.gridfast.net.
1534[+] nymasons.org. 3599 IN NS ns2.gridfast.net.
1535[+] nymasons.org. 3599 IN SOA ns1.gridfast.net. noc.cloudaccess.net. 2014052901 10800 3600 604800 300
1536[+] nymasons.org. 1799 IN MX 5 mx1.cloudaccess.net.
1537[+] nymasons.org. 3599 IN MX 10 mx2.cloudaccess.net.
1538[+] nymasons.org. 1799 IN TXT "v=spf1 a mx include:_spf_whitelisted-block.cloudaccess.net include:spf.constantcontact.com ip4:67.227.136.101 ip4:67.225.255.187 -all"
1539
1540
1541
1542
1543Show HTTP Header 'nymasons.org'
1544----------------------------------
1545
1546[+] HTTP/1.1 301 Moved Permanently
1547[+] Date: Sun, 06 Oct 2019 01:02:35 GMT
1548[+] Server: Apache
1549[+] Location: http://www.NyMasons.Org/site/
1550[+] Cache-Control: max-age=600
1551[+] Expires: Sun, 06 Oct 2019 01:12:35 GMT
1552[+] Content-Type: text/html; charset=iso-8859-1
1553[+]
1554
1555
1556
1557Port Scan 'nymasons.org'
1558---------------------------
1559
1560Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-06 01:02 UTC
1561Nmap scan report for nymasons.org (67.225.255.187)
1562Host is up (0.030s latency).
1563rDNS record for 67.225.255.187: silverstar2.kenhost.com
1564
1565PORT STATE SERVICE
156621/tcp open ftp
156722/tcp open ssh
156823/tcp filtered telnet
156980/tcp open http
1570110/tcp open pop3
1571143/tcp open imap
1572443/tcp open https
15733389/tcp filtered ms-wbt-server
1574
1575Nmap done: 1 IP address (1 host up) scanned in 1.31 seconds
1576
1577
1578
1579
1580Cms Scan 'nymasons.org'
1581--------------------------
1582
1583[+] Cms : WordPress
1584[+] Web Servers : Apache
1585[+] Programming Languages : PHP
1586
1587
1588
1589Traceroute 'nymasons.org'
1590----------------------------
1591
1592Start: 2019-10-06T01:02:54+0000
1593HOST: web01 Loss% Snt Last Avg Best Wrst StDev
1594 1.|-- 45.79.12.201 0.0% 3 0.7 0.8 0.7 0.8 0.0
1595 2.|-- 45.79.12.0 0.0% 3 0.6 0.7 0.6 0.7 0.0
1596 3.|-- 45.79.12.9 0.0% 3 0.5 0.5 0.5 0.5 0.0
1597 4.|-- dls-b22-link.telia.net 0.0% 3 1.0 1.3 0.9 2.2 0.7
1598 5.|-- dls-b21-link.telia.net 0.0% 3 1.4 2.2 1.3 3.9 1.5
1599 6.|-- comcast-ic-318909-dls-b21.c.telia.net 0.0% 3 5.5 3.0 1.5 5.5 2.2
1600 7.|-- be-12441-cr02.dallas.tx.ibone.comcast.net 0.0% 3 2.4 3.1 2.4 4.0 0.8
1601 8.|-- be-12124-cr02.1601milehigh.co.ibone.comcast.net 0.0% 3 20.6 20.1 19.6 20.6 0.5
1602 9.|-- be-10521-cr02.350ecermak.il.ibone.comcast.net 0.0% 3 32.1 32.8 32.1 33.3 0.7
1603 10.|-- be-10577-pe03.350ecermak.il.ibone.comcast.net 0.0% 3 29.6 29.6 29.5 29.6 0.0
1604 11.|-- as32244-pe03.350ecermak.il.ibone.comcast.net 0.0% 3 31.3 31.2 31.1 31.3 0.1
1605 12.|-- lw-dc3-core2.rtr.liquidweb.com 0.0% 3 45.6 42.0 39.1 45.6 3.3
1606 13.|-- lw-dc3-storm2.rtr.liquidweb.com 0.0% 3 43.6 40.1 38.4 43.6 3.0
1607 14.|-- silverstar2.kenhost.com 0.0% 3 38.0 38.0 37.9 38.1 0.1
1608#######################################################################################################################################
1609Trying "nymasons.org"
1610;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24821
1611;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 2, ADDITIONAL: 2
1612
1613;; QUESTION SECTION:
1614;nymasons.org. IN ANY
1615
1616;; ANSWER SECTION:
1617nymasons.org. 1800 IN TXT "v=spf1 a mx include:_spf_whitelisted-block.cloudaccess.net include:spf.constantcontact.com ip4:67.227.136.101 ip4:67.225.255.187 -all"
1618nymasons.org. 1800 IN MX 10 mx2.cloudaccess.net.
1619nymasons.org. 1800 IN MX 5 mx1.cloudaccess.net.
1620nymasons.org. 3600 IN SOA ns1.gridfast.net. noc.cloudaccess.net. 2014052901 10800 3600 604800 300
1621nymasons.org. 1800 IN A 67.225.255.187
1622nymasons.org. 3600 IN NS ns2.gridfast.net.
1623nymasons.org. 3600 IN NS ns1.gridfast.net.
1624
1625;; AUTHORITY SECTION:
1626nymasons.org. 3600 IN NS ns1.gridfast.net.
1627nymasons.org. 3600 IN NS ns2.gridfast.net.
1628
1629;; ADDITIONAL SECTION:
1630ns1.gridfast.net. 39251 IN A 199.116.79.20
1631ns2.gridfast.net. 39251 IN A 199.116.79.200
1632
1633Received 392 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 278 ms
1634#######################################################################################################################################
1635
1636; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace nymasons.org
1637;; global options: +cmd
1638. 82491 IN NS m.root-servers.net.
1639. 82491 IN NS l.root-servers.net.
1640. 82491 IN NS f.root-servers.net.
1641. 82491 IN NS h.root-servers.net.
1642. 82491 IN NS g.root-servers.net.
1643. 82491 IN NS a.root-servers.net.
1644. 82491 IN NS k.root-servers.net.
1645. 82491 IN NS e.root-servers.net.
1646. 82491 IN NS d.root-servers.net.
1647. 82491 IN NS c.root-servers.net.
1648. 82491 IN NS b.root-servers.net.
1649. 82491 IN NS j.root-servers.net.
1650. 82491 IN NS i.root-servers.net.
1651. 82491 IN RRSIG NS 8 0 518400 20191018170000 20191005160000 22545 . s9jzg4vhpn/0jz/+2KSoxxtpNWBsxDL291IT6bgNJkqPySat+/z9/pRU 7WUgRXYn6HJNi/dUd5YB9qcXHZMlzPTsVPJ3P6vWtpUs14y44LCoqCUM FtCt7+Jzl7CZukiaBm+humJRicPAQ5jxjmCVETCJPj6eTww3rhFBwtz2 hSrAsQNMVPKF/wq/TINfYPeiqiClqUhNjc3mzlJ0xUXiGB3xiHDyxn0i fbEULSFqHH3oJbrfo/U1E9lhwo0vzEADgHndKEWKlj9zPbjJMSzWrczX j1i2CIWimSiKWRjpm52oG4sW5TN96dXmiRkZ4fQYCrrSG/3rOsz/ZUBP +YOl+A==
1652;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 110 ms
1653
1654org. 172800 IN NS a0.org.afilias-nst.info.
1655org. 172800 IN NS a2.org.afilias-nst.info.
1656org. 172800 IN NS b0.org.afilias-nst.org.
1657org. 172800 IN NS b2.org.afilias-nst.org.
1658org. 172800 IN NS c0.org.afilias-nst.info.
1659org. 172800 IN NS d0.org.afilias-nst.org.
1660org. 86400 IN DS 9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982
1661org. 86400 IN DS 9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891B FE7FF8E5
1662org. 86400 IN RRSIG DS 8 1 86400 20191018170000 20191005160000 22545 . OLi6ejW5DbjCi20JiyA/aT/tFXR/yD2Ztzamg/LyBddEoP2RETxdQkxd DGgb1iv1N8UGSzlP9gVfv3uFQHKOBOvHLXvWhbAQg6p14XjQZVSR5MJP G2DQTGMqB8HmebfPtZvhu8nxCRl2lDKH0NDdo3h3bNy6dZLb7zGv/3Ov a/FrhEVzZu9lx51NWZVqci2RejyVFrK2f4pmrpy7Yf9WoI2SOUkJzmQ9 VCqaN63YhaFuN3ROZ11CvFdVJrTe9gnVLmiLVloxazAGXBneFN3tD/yU wasK2+h0Q3JiFXBF5uL5hsxGOPxp2qPgWnJcXnRr6RHAm1lypAGt1wRN Rm3CSQ==
1663;; Received 814 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 42 ms
1664
1665nymasons.org. 86400 IN NS ns1.gridfast.net.
1666nymasons.org. 86400 IN NS ns2.gridfast.net.
1667h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM
1668h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20191027011608 20191006001608 36752 org. s8tEkqdzpn1mj6XU1/eG/dQm5qPhE6lBw31cFmPXKfOC9KHT9wXGyVAb c1DMN/G6vSvcjIvcbipNCWuTM45rMexV53wEWVwC22Zh5QwFe++aVYml Y0qtGQyHLydmBV400RMKRY9ic9MXuMXDXHcxmbsDDd/Ds3/+xP0p7K8l m70=
1669ouc3bc04a5q983hj7s43hsjp2aj02s30.org. 86400 IN NSEC3 1 1 1 D399EAAB OUCL3KJB82MNKRCDAI68TVCFCI3SP47H NS DS RRSIG
1670ouc3bc04a5q983hj7s43hsjp2aj02s30.org. 86400 IN RRSIG NSEC3 7 2 86400 20191022152255 20191001142255 36752 org. RR7f0Q4OmXP//UskvudCQ2WfVST4ILN7OkOs6Vw8BlcZsU5yFeV+fuVF Raw2aQmgwlEhgxV6tjeQYn0nN1Us9YtN872lBq7v2i6PPat7rkm3g4If LJEf5ZUf4U7tMNdWyhAOAvQ0uqcScnn4LPXX3KihFNyrQYGl0dp5HNs2 bhY=
1671;; Received 582 bytes from 2001:500:48::1#53(b2.org.afilias-nst.org) in 39 ms
1672
1673nymasons.org. 1800 IN A 67.225.255.187
1674;; Received 57 bytes from 199.116.79.200#53(ns2.gridfast.net) in 112 ms
1675#######################################################################################################################################
1676[*] Performing General Enumeration of Domain: nymasons.org
1677[-] DNSSEC is not configured for nymasons.org
1678[*] SOA ns1.gridfast.net 199.116.79.20
1679[*] NS ns2.gridfast.net 199.116.79.200
1680[*] Bind Version for 199.116.79.200 Served by PowerDNS - https://www.powerdns.com/
1681[*] NS ns1.gridfast.net 199.116.79.20
1682[*] Bind Version for 199.116.79.20 Served by PowerDNS - https://www.powerdns.com/
1683[*] MX mx1.cloudaccess.net 199.116.78.90
1684[*] MX mx2.cloudaccess.net 199.116.76.5
1685[*] A nymasons.org 67.225.255.187
1686[*] TXT nymasons.org v=spf1 a mx include:_spf_whitelisted-block.cloudaccess.net include:spf.constantcontact.com ip4:67.227.136.101 ip4:67.225.255.187 -all
1687[*] Enumerating SRV Records
1688[-] No SRV Records Found for nymasons.org
1689[+] 0 Records Found
1690#######################################################################################################################################
1691
1692 AVAILABLE PLUGINS
1693 -----------------
1694
1695 CompressionPlugin
1696 CertificateInfoPlugin
1697 OpenSslCcsInjectionPlugin
1698 SessionRenegotiationPlugin
1699 HttpHeadersPlugin
1700 FallbackScsvPlugin
1701 SessionResumptionPlugin
1702 EarlyDataPlugin
1703 OpenSslCipherSuitesPlugin
1704 RobotPlugin
1705 HeartbleedPlugin
1706
1707
1708
1709 CHECKING HOST(S) AVAILABILITY
1710 -----------------------------
1711
1712 67.225.255.187:443 => 67.225.255.187
1713
1714
1715
1716
1717 SCAN RESULTS FOR 67.225.255.187:443 - 67.225.255.187
1718 ----------------------------------------------------
1719
1720 * Certificate Information:
1721 Content
1722 SHA1 Fingerprint: 255b508adbdc43ddc97e62827caa9b75b71572ae
1723 Common Name: abbottappraisalagency.com
1724 Issuer: cPanel, Inc. Certification Authority
1725 Serial Number: 94444229233049293433048585134479895902
1726 Not Before: 2019-07-30 00:00:00
1727 Not After: 2019-10-28 23:59:59
1728 Signature Algorithm: sha256
1729 Public Key Algorithm: RSA
1730 Key Size: 2048
1731 Exponent: 65537 (0x10001)
1732 DNS Subject Alternative Names: ['abbottappraisalagency.com', 'cpanel.abbottappraisalagency.com', 'mail.abbottappraisalagency.com', 'webdisk.abbottappraisalagency.com', 'webmail.abbottappraisalagency.com', 'www.abbottappraisalagency.com']
1733
1734 Trust
1735 Hostname Validation: FAILED - Certificate does NOT match 67.225.255.187
1736 Android CA Store (9.0.0_r9): OK - Certificate is trusted
1737 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
1738 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
1739 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
1740 Windows CA Store (2019-05-27): OK - Certificate is trusted
1741 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
1742 Received Chain: abbottappraisalagency.com --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
1743 Verified Chain: abbottappraisalagency.com --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
1744 Received Chain Contains Anchor: OK - Anchor certificate not sent
1745 Received Chain Order: OK - Order is valid
1746 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
1747
1748 Extensions
1749 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1750 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
1751
1752 OCSP Stapling
1753 OCSP Response Status: successful
1754 Validation w/ Mozilla Store: OK - Response is trusted
1755 Responder Id: 7E035A65416BA77E0AE1B89D08EA1D8E1D6AC765
1756 Cert Status: good
1757 Cert Serial Number: 470D4C02A6A447151CA695F0484DED5E
1758 This Update: Oct 4 23:43:32 2019 GMT
1759 Next Update: Oct 11 23:43:32 2019 GMT
1760
1761 * Deflate Compression:
1762 OK - Compression disabled
1763
1764 * TLSV1_1 Cipher Suites:
1765 Forward Secrecy OK - Supported
1766 RC4 OK - Not Supported
1767
1768 Preferred:
1769 None - Server followed client cipher suite preference.
1770 Accepted:
1771 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1772 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1773 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1774 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1775 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1776 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1777 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1778 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1779 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1780
1781 * TLSV1 Cipher Suites:
1782 Forward Secrecy OK - Supported
1783 RC4 OK - Not Supported
1784
1785 Preferred:
1786 None - Server followed client cipher suite preference.
1787 Accepted:
1788 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1789 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1790 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1791 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1792 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1793 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1794 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1795 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1796 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1797
1798 * TLS 1.2 Session Resumption Support:
1799 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1800 With TLS Tickets: OK - Supported
1801
1802 * OpenSSL CCS Injection:
1803 OK - Not vulnerable to OpenSSL CCS injection
1804
1805 * SSLV3 Cipher Suites:
1806 Server rejected all cipher suites.
1807
1808 * SSLV2 Cipher Suites:
1809 Server rejected all cipher suites.
1810
1811 * Downgrade Attacks:
1812 TLS_FALLBACK_SCSV: OK - Supported
1813
1814 * Session Renegotiation:
1815 Client-initiated Renegotiation: OK - Rejected
1816 Secure Renegotiation: OK - Supported
1817
1818 * TLSV1_3 Cipher Suites:
1819 Server rejected all cipher suites.
1820
1821 * OpenSSL Heartbleed:
1822 OK - Not vulnerable to Heartbleed
1823
1824 * TLSV1_2 Cipher Suites:
1825 Forward Secrecy OK - Supported
1826 RC4 OK - Not Supported
1827
1828 Preferred:
1829 None - Server followed client cipher suite preference.
1830 Accepted:
1831 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1832 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1833 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1834 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1835 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1836 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1837 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1838 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1839 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1840 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1841 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1842 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1843 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1844 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1845 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1846 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1847 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1848 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1849 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1850 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1851 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1852 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - http://www.abbottappraisalagency.com/wp/
1853
1854 * ROBOT Attack:
1855 OK - Not vulnerable
1856
1857
1858 SCAN COMPLETED IN 22.58 S
1859 -------------------------
1860######################################################################################################################################
1861Domains still to check: 1
1862 Checking if the hostname nymasons.org. given is in fact a domain...
1863
1864Analyzing domain: nymasons.org.
1865 Checking NameServers using system default resolver...
1866 IP: 199.116.79.200 (United States)
1867 HostName: ns2.gridfast.net Type: NS
1868 HostName: ns2.gridfast.net Type: PTR
1869 IP: 199.116.79.20 (United States)
1870 HostName: ns1.gridfast.net Type: NS
1871 HostName: ns1.gridfast.net Type: PTR
1872
1873 Checking MailServers using system default resolver...
1874 IP: 199.116.78.90 (United States)
1875 HostName: mx1.cloudaccess.net Type: MX
1876 HostName: mx1.cloudaccess.net Type: PTR
1877 IP: 199.116.76.5 (United States)
1878 HostName: mx2.cloudaccess.net Type: MX
1879 HostName: mx2.cloudaccess.net Type: PTR
1880
1881 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1882 No zone transfer found on nameserver 199.116.79.20
1883 No zone transfer found on nameserver 199.116.79.200
1884
1885 Checking SPF record...
1886
1887 Checking SPF record...
1888 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.37.84.0/22, but only the network IP
1889 New IP found: 104.37.84.0
1890 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 199.116.76.0/22, but only the network IP
1891 New IP found: 199.116.76.0
1892
1893 Checking SPF record...
1894 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 208.75.120.0/22, but only the network IP
1895 New IP found: 208.75.120.0
1896 New IP found: 67.227.136.101
1897 New IP found: 67.225.255.187
1898
1899 Checking 192 most common hostnames using system default resolver...
1900 IP: 67.225.255.187 (United States)
1901 Type: SPF
1902 HostName: www.nymasons.org. Type: A
1903 HostName: silverstar2.kenhost.com Type: PTR
1904
1905 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1906 Checking netblock 199.116.78.0
1907 Checking netblock 67.225.255.0
1908 Checking netblock 199.116.76.0
1909 Checking netblock 199.116.79.0
1910 Checking netblock 67.227.136.0
1911 Checking netblock 208.75.120.0
1912 Checking netblock 104.37.84.0
1913
1914 Searching for nymasons.org. emails in Google
1915 GrandMaster@nymasons.org.
1916 inquiry@nymasons.org.
1917 TourGuides@nymasons.org.
1918
1919 Checking 9 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1920 Host 199.116.78.90 is up (echo-reply ttl 115)
1921 Host 67.225.255.187 is up (reset ttl 64)
1922 Host 199.116.76.5 is up (reset ttl 64)
1923 Host 199.116.76.0 is up (reset ttl 64)
1924 Host 199.116.79.20 is up (reset ttl 64)
1925 Host 67.227.136.101 is up (reset ttl 64)
1926 Host 208.75.120.0 is up (reset ttl 64)
1927 Host 199.116.79.200 is up (reset ttl 64)
1928 Host 104.37.84.0 is up (reset ttl 64)
1929
1930 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1931 Scanning ip 199.116.78.90 (mx1.cloudaccess.net (PTR)):
1932 80/tcp open http syn-ack ttl 115 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1933 |_http-server-header: Microsoft-HTTPAPI/2.0
1934 |_http-title: Not Found
1935 443/tcp open https? syn-ack ttl 115
1936 Running (JUST GUESSING): Microsoft Windows 2012|7|2008|8.1|Vista|2016 (93%)
1937 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1938 Scanning ip 67.225.255.187 (silverstar2.kenhost.com (PTR)):
1939 Scanning ip 199.116.76.5 (mx2.cloudaccess.net (PTR)):
1940 80/tcp open http syn-ack ttl 115 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1941 |_http-server-header: Microsoft-HTTPAPI/2.0
1942 |_http-title: Not Found
1943 443/tcp open https? syn-ack ttl 115
1944 Running (JUST GUESSING): Microsoft Windows 2012|2016|7|2008|8.1|Vista (93%)
1945 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1946 Scanning ip 199.116.76.0 ():
1947 Scanning ip 199.116.79.20 (ns1.gridfast.net (PTR)):
1948 53/tcp open domain syn-ack ttl 55 PowerDNS 3.3 or later
1949 | dns-nsid:
1950 | NSID: node3.anycasting.cloudaccess.net (6e6f6465332e616e7963617374696e672e636c6f75646163636573732e6e6574)
1951 | id.server: node3.anycasting.cloudaccess.net
1952 |_ bind.version: Served by PowerDNS - https://www.powerdns.com/
1953 Scanning ip 67.227.136.101 ():
1954 Scanning ip 208.75.120.0 ():
1955 Scanning ip 199.116.79.200 (ns2.gridfast.net (PTR)):
1956 53/tcp open domain syn-ack ttl 55 PowerDNS 3.3 or later
1957 | dns-nsid:
1958 | NSID: node3.anycasting.cloudaccess.net (6e6f6465332e616e7963617374696e672e636c6f75646163636573732e6e6574)
1959 | id.server: node3.anycasting.cloudaccess.net
1960 |_ bind.version: Served by PowerDNS - https://www.powerdns.com/
1961 Scanning ip 104.37.84.0 ():
1962 WebCrawling domain's web servers... up to 50 max links.
1963
1964 + URL to crawl: http://mx1.cloudaccess.net
1965 + Date: 2019-10-05
1966
1967 + Crawling URL: http://mx1.cloudaccess.net:
1968 + Links:
1969 + Crawling http://mx1.cloudaccess.net (404 Not Found)
1970 + Searching for directories...
1971 + Searching open folders...
1972
1973
1974 + URL to crawl: http://mx2.cloudaccess.net
1975 + Date: 2019-10-05
1976
1977 + Crawling URL: http://mx2.cloudaccess.net:
1978 + Links:
1979 + Crawling http://mx2.cloudaccess.net (404 Not Found)
1980 + Searching for directories...
1981 + Searching open folders...
1982
1983--Finished--
1984Summary information for domain nymasons.org.
1985-----------------------------------------
1986 Domain Specific Information:
1987 Email: GrandMaster@nymasons.org.
1988 Email: inquiry@nymasons.org.
1989 Email: TourGuides@nymasons.org.
1990
1991 Domain Ips Information:
1992 IP: 199.116.78.90
1993 HostName: mx1.cloudaccess.net Type: MX
1994 HostName: mx1.cloudaccess.net Type: PTR
1995 Country: United States
1996 Is Active: True (echo-reply ttl 115)
1997 Port: 80/tcp open http syn-ack ttl 115 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1998 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
1999 Script Info: |_http-title: Not Found
2000 Port: 443/tcp open https? syn-ack ttl 115
2001 Script Info: Running (JUST GUESSING): Microsoft Windows 2012|7|2008|8.1|Vista|2016 (93%)
2002 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2003 IP: 67.225.255.187
2004 Type: SPF
2005 HostName: www.nymasons.org. Type: A
2006 HostName: silverstar2.kenhost.com Type: PTR
2007 Country: United States
2008 Is Active: True (reset ttl 64)
2009 IP: 199.116.76.5
2010 HostName: mx2.cloudaccess.net Type: MX
2011 HostName: mx2.cloudaccess.net Type: PTR
2012 Country: United States
2013 Is Active: True (reset ttl 64)
2014 Port: 80/tcp open http syn-ack ttl 115 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2015 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
2016 Script Info: |_http-title: Not Found
2017 Port: 443/tcp open https? syn-ack ttl 115
2018 Script Info: Running (JUST GUESSING): Microsoft Windows 2012|2016|7|2008|8.1|Vista (93%)
2019 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2020 IP: 199.116.76.0
2021 Type: SPF
2022 Is Active: True (reset ttl 64)
2023 IP: 199.116.79.20
2024 HostName: ns1.gridfast.net Type: NS
2025 HostName: ns1.gridfast.net Type: PTR
2026 Country: United States
2027 Is Active: True (reset ttl 64)
2028 Port: 53/tcp open domain syn-ack ttl 55 PowerDNS 3.3 or later
2029 Script Info: | dns-nsid:
2030 Script Info: | NSID: node3.anycasting.cloudaccess.net (6e6f6465332e616e7963617374696e672e636c6f75646163636573732e6e6574)
2031 Script Info: | id.server: node3.anycasting.cloudaccess.net
2032 Script Info: |_ bind.version: Served by PowerDNS - https://www.powerdns.com/
2033 IP: 67.227.136.101
2034 Type: SPF
2035 Is Active: True (reset ttl 64)
2036 IP: 208.75.120.0
2037 Type: SPF
2038 Is Active: True (reset ttl 64)
2039 IP: 199.116.79.200
2040 HostName: ns2.gridfast.net Type: NS
2041 HostName: ns2.gridfast.net Type: PTR
2042 Country: United States
2043 Is Active: True (reset ttl 64)
2044 Port: 53/tcp open domain syn-ack ttl 55 PowerDNS 3.3 or later
2045 Script Info: | dns-nsid:
2046 Script Info: | NSID: node3.anycasting.cloudaccess.net (6e6f6465332e616e7963617374696e672e636c6f75646163636573732e6e6574)
2047 Script Info: | id.server: node3.anycasting.cloudaccess.net
2048 Script Info: |_ bind.version: Served by PowerDNS - https://www.powerdns.com/
2049 IP: 104.37.84.0
2050 Type: SPF
2051 Is Active: True (reset ttl 64)
2052#######################################################################################################################################
2053dnsenum VERSION:1.2.4
2054
2055----- nymasons.org -----
2056
2057
2058Host's addresses:
2059__________________
2060
2061nymasons.org. 1788 IN A 67.225.255.187
2062
2063
2064Name Servers:
2065______________
2066
2067ns1.gridfast.net. 86294 IN A 199.116.79.20
2068ns2.gridfast.net. 86388 IN A 199.116.79.200
2069
2070
2071Mail (MX) Servers:
2072___________________
2073
2074mx1.cloudaccess.net. 289 IN A 199.116.78.90
2075mx2.cloudaccess.net. 290 IN A 199.116.76.5
2076
2077
2078Trying Zone Transfers and getting Bind Versions:
2079_________________________________________________
2080
2081
2082Trying Zone Transfer for nymasons.org on ns1.gridfast.net ...
2083
2084Trying Zone Transfer for nymasons.org on ns2.gridfast.net ...
2085
2086brute force file not specified, bay.
2087#######################################################################################################################################
2088Domain Name: NYMASONS.ORG
2089Registry Domain ID: D412357-LROR
2090Registrar WHOIS Server: whois.enom.com
2091Registrar URL: http://www.enom.com
2092Updated Date: 2019-08-12T21:10:13Z
2093Creation Date: 1997-08-12T04:00:00Z
2094Registry Expiry Date: 2020-08-11T04:00:00Z
2095Registrar Registration Expiration Date:
2096Registrar: eNom, Inc.
2097Registrar IANA ID: 48
2098Registrar Abuse Contact Email: abuse@enom.com
2099Registrar Abuse Contact Phone: +1.4252982646
2100Reseller:
2101Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
2102Registrant Organization: Grand Lodge F&A Masons
2103Registrant State/Province: NY
2104Registrant Country: US
2105Name Server: NS1.GRIDFAST.NET
2106Name Server: NS2.GRIDFAST.NET
2107DNSSEC: unsigned
2108#######################################################################################################################################
2109[-] Enumerating subdomains now for nymasons.org
2110[-] verbosity is enabled, will show the subdomains results in realtime
2111[-] Searching now in Baidu..
2112[-] Searching now in Yahoo..
2113[-] Searching now in Google..
2114[-] Searching now in Bing..
2115[-] Searching now in Ask..
2116[-] Searching now in Netcraft..
2117[-] Searching now in DNSdumpster..
2118[-] Searching now in Virustotal..
2119[-] Searching now in ThreatCrowd..
2120[-] Searching now in SSL Certificates..
2121[-] Searching now in PassiveDNS..
2122SSL Certificates: glnyeducation.nymasons.org
2123SSL Certificates: hive.nymasons.org
2124SSL Certificates: www.hive.nymasons.org
2125SSL Certificates: cpanel.nymasons.org
2126SSL Certificates: mail.nymasons.org
2127SSL Certificates: webdisk.nymasons.org
2128SSL Certificates: webmail.nymasons.org
2129SSL Certificates: www.nymasons.org
2130SSL Certificates: graphics.nymasons.org
2131SSL Certificates: www.graphics.nymasons.org
2132Bing: eapapplication.nymasons.org
2133DNSdumpster: glnyeducation.nymasons.org
2134DNSdumpster: www.nymasons.org
2135DNSdumpster: eapapplication.nymasons.org
2136Yahoo: www.nymasons.org
2137Yahoo: eapapplication.nymasons.org
2138[-] Saving results to file: /usr/share/sniper/loot/workspace/nymasons.org/domains/domains-nymasons.org.txt
2139[-] Total Unique Subdomains Found: 11
2140www.nymasons.org
2141cpanel.nymasons.org
2142eapapplication.nymasons.org
2143glnyeducation.nymasons.org
2144graphics.nymasons.org
2145www.graphics.nymasons.org
2146hive.nymasons.org
2147www.hive.nymasons.org
2148mail.nymasons.org
2149webdisk.nymasons.org
2150webmail.nymasons.org
2151#######################################################################################################################################
2152===============================================
2153-=Subfinder v1.1.3 github.com/subfinder/subfinder
2154===============================================
2155
2156
2157Running Source: Ask
2158Running Source: Archive.is
2159Running Source: Baidu
2160Running Source: Bing
2161Running Source: CertDB
2162Running Source: CertificateTransparency
2163Running Source: Certspotter
2164Running Source: Commoncrawl
2165Running Source: Crt.sh
2166Running Source: Dnsdb
2167Running Source: DNSDumpster
2168Running Source: DNSTable
2169Running Source: Dogpile
2170Running Source: Exalead
2171Running Source: Findsubdomains
2172Running Source: Googleter
2173Running Source: Hackertarget
2174Running Source: Ipv4Info
2175Running Source: PTRArchive
2176Running Source: Sitedossier
2177Running Source: Threatcrowd
2178Running Source: ThreatMiner
2179Running Source: WaybackArchive
2180Running Source: Yahoo
2181
2182Running enumeration on nymasons.org
2183
2184dnsdb: Unexpected return status 404
2185
2186waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.nymasons.org/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
2187
2188
2189Starting Bruteforcing of nymasons.org with 9985 words
2190
2191Total 16 Unique subdomains found for nymasons.org
2192
2193.nymasons.org
2194cpanel.nymasons.org
2195donate.nymasons.org
2196donate.nymasons.org
2197eapapplication.nymasons.org
2198glnyeducation.nymasons.org
2199graphics.nymasons.org
2200hive.nymasons.org
2201mail.nymasons.org
2202mori.nymasons.org
2203webdisk.nymasons.org
2204webmail.nymasons.org
2205www.graphics.nymasons.org
2206www.hive.nymasons.org
2207www.nymasons.org
2208www.nymasons.org
2209#######################################################################################################################################
2210[*] Processing domain nymasons.org
2211[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
2212[+] Getting nameservers
2213199.116.79.20 - ns1.gridfast.net
2214199.116.79.200 - ns2.gridfast.net
2215[-] Zone transfer failed
2216
2217[+] TXT records found
2218"v=spf1 a mx include:_spf_whitelisted-block.cloudaccess.net include:spf.constantcontact.com ip4:67.227.136.101 ip4:67.225.255.187 -all"
2219
2220[+] MX records found, added to target list
22215 mx1.cloudaccess.net.
222210 mx2.cloudaccess.net.
2223
2224[*] Scanning nymasons.org for A records
222567.225.255.187 - nymasons.org
222667.225.255.187 - www.nymasons.org
2227#######################################################################################################################################
2228cpanel.nymasons.org
2229glnyeducation.nymasons.org
2230graphics.nymasons.org
2231hive.nymasons.org
2232mail.nymasons.org
2233webdisk.nymasons.org
2234webmail.nymasons.org
2235www.graphics.nymasons.org
2236www.hive.nymasons.org
2237www.nymasons.org
2238#######################################################################################################################################
2239eapapplication.nymasons.org
2240mori.nymasons.org
2241www.nymasons.org
2242#######################################################################################################################################
2243[*] Found SPF record:
2244[*] v=spf1 a mx include:_spf_whitelisted-block.cloudaccess.net include:spf.constantcontact.com ip4:67.227.136.101 ip4:67.225.255.187 -all
2245[*] SPF record contains an All item: -all
2246[*] Found DMARC record:
2247[*] v=DMARC1; p=reject; sp=none; rf=afrf; pct=100;
2248[-] DMARC policy set to reject
2249[-] Spoofing not possible for nymasons.org
2250#######################################################################################################################################
2251[Not Vulnerable] .nymasons.org
2252[Not Vulnerable] domain
2253[Not Vulnerable] glnyeducation.nymasons.org
2254[Not Vulnerable] mori.nymasons.org
2255[Not Vulnerable] hive.nymasons.org
2256[Not Vulnerable] graphics.nymasons.org
2257[Not Vulnerable] webmail.nymasons.org
2258[Not Vulnerable] www.graphics.nymasons.org
2259[Not Vulnerable] webdisk.nymasons.org
2260[Not Vulnerable] mail.nymasons.org
2261[Not Vulnerable] www.hive.nymasons.org
2262[Not Vulnerable] cpanel.nymasons.org
2263[Not Vulnerable] donate.nymasons.org
2264[Not Vulnerable] eapapplication.nymasons.org
2265[Not Vulnerable] www.nymasons.org
2266[Not Vulnerable] nymasons.org
2267#######################################################################################################################################
2268Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 22:41 EDT
2269Nmap scan report for nymasons.org (67.225.255.187)
2270Host is up (0.056s latency).
2271rDNS record for 67.225.255.187: silverstar2.kenhost.com
2272Not shown: 2 filtered ports
2273PORT STATE SERVICE
227453/udp open|filtered domain
227567/udp open|filtered dhcps
227668/udp open|filtered dhcpc
227769/udp open|filtered tftp
227888/udp open|filtered kerberos-sec
2279123/udp open|filtered ntp
2280139/udp open|filtered netbios-ssn
2281161/udp open|filtered snmp
2282162/udp open|filtered snmptrap
2283389/udp open|filtered ldap
2284500/udp open|filtered isakmp
2285520/udp open|filtered route
22862049/udp open|filtered nfs
2287
2288Nmap done: 1 IP address (1 host up) scanned in 4.43 seconds
2289#######################################################################################################################################
2290Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 21:57 EDT
2291Nmap scan report for silverstar2.kenhost.com (67.225.255.187)
2292Host is up (0.066s latency).
2293Not shown: 448 filtered ports, 24 closed ports
2294Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2295PORT STATE SERVICE
229621/tcp open ftp
229722/tcp open ssh
229853/tcp open domain
229980/tcp open http
2300110/tcp open pop3
2301143/tcp open imap
2302443/tcp open https
2303465/tcp open smtps
2304587/tcp open submission
2305993/tcp open imaps
2306995/tcp open pop3s
2307
2308Nmap done: 1 IP address (1 host up) scanned in 3.61 seconds
2309#######################################################################################################################################
2310Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 21:57 EDT
2311Nmap scan report for silverstar2.kenhost.com (67.225.255.187)
2312Host is up (0.044s latency).
2313Not shown: 3 filtered ports
2314PORT STATE SERVICE
231553/udp open domain
231667/udp open|filtered dhcps
231768/udp open|filtered dhcpc
231869/udp open|filtered tftp
231988/udp open|filtered kerberos-sec
2320123/udp open|filtered ntp
2321139/udp open|filtered netbios-ssn
2322162/udp open|filtered snmptrap
2323389/udp open|filtered ldap
2324500/udp open|filtered isakmp
2325520/udp open|filtered route
23262049/udp open|filtered nfs
2327
2328Nmap done: 1 IP address (1 host up) scanned in 1.45 seconds
2329#######################################################################################################################################
2330Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 21:57 EDT
2331Nmap scan report for silverstar2.kenhost.com (67.225.255.187)
2332Host is up (0.068s latency).
2333
2334PORT STATE SERVICE VERSION
233521/tcp open ftp Pure-FTPd
2336| vulscan: VulDB - https://vuldb.com:
2337| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
2338| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
2339| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
2340|
2341| MITRE CVE - https://cve.mitre.org:
2342| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
2343|
2344| SecurityFocus - https://www.securityfocus.com/bid/:
2345| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
2346|
2347| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2348| No findings
2349|
2350| Exploit-DB - https://www.exploit-db.com:
2351| No findings
2352|
2353| OpenVAS (Nessus) - http://www.openvas.org:
2354| No findings
2355|
2356| SecurityTracker - https://www.securitytracker.com:
2357| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
2358| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
2359| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
2360| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
2361|
2362| OSVDB - http://www.osvdb.org:
2363| No findings
2364|_
2365Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2366Device type: general purpose
2367Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
2368OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
2369Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 3.12 (89%), Linux 4.9 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
2370No exact OS matches for host (test conditions non-ideal).
2371Network Distance: 19 hops
2372
2373TRACEROUTE (using port 21/tcp)
2374HOP RTT ADDRESS
23751 86.04 ms 10.249.204.1
23762 86.08 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
23773 86.11 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
23784 86.11 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
23795 86.10 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
23806 86.17 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
23817 86.15 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
23828 86.20 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
23839 86.18 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
238410 27.26 ms if-ae-7-5.tcore1.nto-new-york.as6453.net (63.243.128.141)
238511 76.22 ms if-ae-9-2.tcore1.n75-new-york.as6453.net (63.243.128.122)
238612 37.14 ms 66.110.96.130
238713 55.58 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
238814 55.62 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
238915 55.59 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
239016 55.61 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
239117 73.76 ms lw-dc3-core1-eth2-19.rtr.liquidweb.com (209.59.157.244)
239218 73.79 ms lw-dc3-storm1.rtr.liquidweb.com (69.167.128.141)
239319 73.68 ms silverstar2.kenhost.com (67.225.255.187)
2394#######################################################################################################################################
2395Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 22:08 EDT
2396Nmap scan report for silverstar2.kenhost.com (67.225.255.187)
2397Host is up.
2398
2399PORT STATE SERVICE VERSION
240022/tcp filtered ssh
2401Too many fingerprints match this host to give specific OS details
2402
2403TRACEROUTE (using proto 1/icmp)
2404HOP RTT ADDRESS
24051 45.60 ms 10.249.204.1
24062 63.86 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
24073 81.37 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
24084 63.82 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
24095 63.86 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
24106 63.90 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
24117 63.94 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
24128 63.94 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
24139 63.91 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
241410 26.38 ms if-ae-7-2.tcore1.nto-new-york.as6453.net (63.243.128.25)
241511 51.04 ms if-ae-9-2.tcore1.n75-new-york.as6453.net (63.243.128.122)
241612 48.91 ms 66.110.96.146
241713 46.51 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
241814 64.58 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
241915 64.52 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
242016 64.58 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
242117 64.58 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
242218 64.59 ms lw-dc3-storm2.rtr.liquidweb.com (69.167.128.145)
242319 ... 30
2424#######################################################################################################################################
2425USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2426RHOSTS => 67.225.255.187
2427RHOST => 67.225.255.187
2428[*] 67.225.255.187:22 - SSH - Using malformed packet technique
2429[*] 67.225.255.187:22 - SSH - Starting scan
2430[-] 67.225.255.187:22 - SSH - User 'admin' on could not connect
2431[-] 67.225.255.187:22 - SSH - User 'administrator' on could not connect
2432[-] 67.225.255.187:22 - SSH - User 'anonymous' on could not connect
2433[-] 67.225.255.187:22 - SSH - User 'backup' on could not connect
2434[-] 67.225.255.187:22 - SSH - User 'bee' on could not connect
2435[-] 67.225.255.187:22 - SSH - User 'ftp' on could not connect
2436[-] 67.225.255.187:22 - SSH - User 'guest' on could not connect
2437[-] 67.225.255.187:22 - SSH - User 'GUEST' on could not connect
2438[-] 67.225.255.187:22 - SSH - User 'info' on could not connect
2439[-] 67.225.255.187:22 - SSH - User 'mail' on could not connect
2440[-] 67.225.255.187:22 - SSH - User 'mailadmin' on could not connect
2441[-] 67.225.255.187:22 - SSH - User 'msfadmin' on could not connect
2442[-] 67.225.255.187:22 - SSH - User 'mysql' on could not connect
2443[-] 67.225.255.187:22 - SSH - User 'nobody' on could not connect
2444[-] 67.225.255.187:22 - SSH - User 'oracle' on could not connect
2445[-] 67.225.255.187:22 - SSH - User 'owaspbwa' on could not connect
2446[-] 67.225.255.187:22 - SSH - User 'postfix' on could not connect
2447[-] 67.225.255.187:22 - SSH - User 'postgres' on could not connect
2448[-] 67.225.255.187:22 - SSH - User 'private' on could not connect
2449[-] 67.225.255.187:22 - SSH - User 'proftpd' on could not connect
2450[-] 67.225.255.187:22 - SSH - User 'public' on could not connect
2451[-] 67.225.255.187:22 - SSH - User 'root' on could not connect
2452[-] 67.225.255.187:22 - SSH - User 'superadmin' on could not connect
2453[-] 67.225.255.187:22 - SSH - User 'support' on could not connect
2454[-] 67.225.255.187:22 - SSH - User 'sys' on could not connect
2455[-] 67.225.255.187:22 - SSH - User 'system' on could not connect
2456[-] 67.225.255.187:22 - SSH - User 'systemadmin' on could not connect
2457[-] 67.225.255.187:22 - SSH - User 'systemadministrator' on could not connect
2458[-] 67.225.255.187:22 - SSH - User 'test' on could not connect
2459[-] 67.225.255.187:22 - SSH - User 'tomcat' on could not connect
2460[-] 67.225.255.187:22 - SSH - User 'user' on could not connect
2461[-] 67.225.255.187:22 - SSH - User 'webmaster' on could not connect
2462[-] 67.225.255.187:22 - SSH - User 'www-data' on could not connect
2463[-] 67.225.255.187:22 - SSH - User 'Fortimanager_Access' on could not connect
2464[*] Scanned 1 of 1 hosts (100% complete)
2465[*] Auxiliary module execution completed
2466#######################################################################################################################################
2467Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 22:29 EDT
2468Nmap scan report for silverstar2.kenhost.com (67.225.255.187)
2469Host is up.
2470
2471PORT STATE SERVICE VERSION
247253/tcp filtered domain
2473Too many fingerprints match this host to give specific OS details
2474
2475Host script results:
2476| dns-brute:
2477| DNS Brute-force hostnames:
2478| ns.kenhost.com - 67.225.255.187
2479| dns.kenhost.com - 67.225.255.187
2480| ns2.kenhost.com - 67.225.206.114
2481| dns2.kenhost.com - 67.225.206.114
2482| mail.kenhost.com - 67.225.255.187
2483| ftp.kenhost.com - 67.225.255.187
2484|_ www.kenhost.com - 67.225.255.187
2485
2486TRACEROUTE (using proto 1/icmp)
2487HOP RTT ADDRESS
24881 44.29 ms 10.249.204.1
24892 62.68 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
24903 62.80 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
24914 44.36 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
24925 44.38 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
24936 62.78 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
24947 62.78 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
24958 62.84 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
24969 62.84 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
249710 26.65 ms if-ae-7-2.tcore1.nto-new-york.as6453.net (63.243.128.25)
249811 50.06 ms if-ae-9-2.tcore1.n75-new-york.as6453.net (63.243.128.122)
249912 46.97 ms 66.110.96.146
250013 46.96 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
250114 65.69 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
250215 63.01 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
250316 63.00 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
250417 63.00 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
250518 63.00 ms lw-dc3-storm2.rtr.liquidweb.com (69.167.128.145)
250619 ... 30
2507#######################################################################################################################################
2508Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 22:29 EDT
2509NSE: Loaded 164 scripts for scanning.
2510NSE: Script Pre-scanning.
2511Initiating NSE at 22:29
2512Completed NSE at 22:29, 0.00s elapsed
2513Initiating NSE at 22:29
2514Completed NSE at 22:29, 0.00s elapsed
2515Initiating Parallel DNS resolution of 1 host. at 22:29
2516Completed Parallel DNS resolution of 1 host. at 22:29, 0.02s elapsed
2517Initiating SYN Stealth Scan at 22:29
2518Scanning silverstar2.kenhost.com (67.225.255.187) [1 port]
2519Completed SYN Stealth Scan at 22:29, 0.53s elapsed (1 total ports)
2520Initiating Service scan at 22:29
2521Initiating OS detection (try #1) against silverstar2.kenhost.com (67.225.255.187)
2522Retrying OS detection (try #2) against silverstar2.kenhost.com (67.225.255.187)
2523Initiating Traceroute at 22:29
2524Completed Traceroute at 22:29, 6.08s elapsed
2525Initiating Parallel DNS resolution of 18 hosts. at 22:29
2526Completed Parallel DNS resolution of 18 hosts. at 22:29, 0.15s elapsed
2527NSE: Script scanning 67.225.255.187.
2528Initiating NSE at 22:29
2529Completed NSE at 22:29, 0.01s elapsed
2530Initiating NSE at 22:29
2531Completed NSE at 22:29, 0.00s elapsed
2532Nmap scan report for silverstar2.kenhost.com (67.225.255.187)
2533Host is up.
2534
2535PORT STATE SERVICE VERSION
253680/tcp filtered http
2537Too many fingerprints match this host to give specific OS details
2538
2539TRACEROUTE (using proto 1/icmp)
2540HOP RTT ADDRESS
25411 44.35 ms 10.249.204.1
25422 44.42 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
25433 65.15 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
25444 44.46 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
25455 44.44 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
25466 65.10 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
25477 65.15 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
25488 65.17 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
25499 65.20 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
255010 26.76 ms if-ae-7-2.tcore1.nto-new-york.as6453.net (63.243.128.25)
255111 53.23 ms if-ae-9-2.tcore1.n75-new-york.as6453.net (63.243.128.122)
255212 51.17 ms 66.110.96.146
255313 51.16 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
255414 68.90 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
255515 68.85 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
255616 67.09 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
255717 67.08 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
255818 67.09 ms lw-dc3-storm2.rtr.liquidweb.com (69.167.128.145)
255919 ... 30
2560
2561NSE: Script Post-scanning.
2562Initiating NSE at 22:29
2563Completed NSE at 22:29, 0.00s elapsed
2564Initiating NSE at 22:29
2565Completed NSE at 22:29, 0.00s elapsed
2566#######################################################################################################################################
2567Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 22:32 EDT
2568NSE: Loaded 164 scripts for scanning.
2569NSE: Script Pre-scanning.
2570Initiating NSE at 22:32
2571Completed NSE at 22:32, 0.00s elapsed
2572Initiating NSE at 22:32
2573Completed NSE at 22:32, 0.00s elapsed
2574Initiating Parallel DNS resolution of 1 host. at 22:32
2575Completed Parallel DNS resolution of 1 host. at 22:32, 0.02s elapsed
2576Initiating SYN Stealth Scan at 22:32
2577Scanning silverstar2.kenhost.com (67.225.255.187) [1 port]
2578Completed SYN Stealth Scan at 22:32, 0.54s elapsed (1 total ports)
2579Initiating Service scan at 22:32
2580Initiating OS detection (try #1) against silverstar2.kenhost.com (67.225.255.187)
2581Retrying OS detection (try #2) against silverstar2.kenhost.com (67.225.255.187)
2582Initiating Traceroute at 22:32
2583Completed Traceroute at 22:32, 6.08s elapsed
2584Initiating Parallel DNS resolution of 18 hosts. at 22:32
2585Completed Parallel DNS resolution of 18 hosts. at 22:32, 0.15s elapsed
2586NSE: Script scanning 67.225.255.187.
2587Initiating NSE at 22:32
2588Completed NSE at 22:32, 0.01s elapsed
2589Initiating NSE at 22:32
2590Completed NSE at 22:32, 0.00s elapsed
2591Nmap scan report for silverstar2.kenhost.com (67.225.255.187)
2592Host is up.
2593
2594PORT STATE SERVICE VERSION
2595443/tcp filtered https
2596Too many fingerprints match this host to give specific OS details
2597
2598TRACEROUTE (using proto 1/icmp)
2599HOP RTT ADDRESS
26001 45.35 ms 10.249.204.1
26012 45.38 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
26023 63.12 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
26034 45.40 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
26045 45.41 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
26056 63.14 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
26067 63.16 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
26078 63.14 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
26089 63.18 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
260910 27.94 ms if-ae-7-2.tcore1.nto-new-york.as6453.net (63.243.128.25)
261011 50.28 ms if-ae-9-2.tcore1.n75-new-york.as6453.net (63.243.128.122)
261112 48.65 ms 66.110.96.146
261213 48.65 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
261314 68.29 ms be-10305-cr02.350ecermak.il.ibone.comcast.net (68.86.85.202)
261415 68.26 ms be-10577-pe03.350ecermak.il.ibone.comcast.net (68.86.86.2)
261516 66.30 ms as32244-pe03.350ecermak.il.ibone.comcast.net (50.242.150.130)
261617 66.30 ms lw-dc3-core2.rtr.liquidweb.com (209.59.157.50)
261718 84.29 ms lw-dc3-storm2.rtr.liquidweb.com (69.167.128.145)
261819 ... 30
2619
2620NSE: Script Post-scanning.
2621Initiating NSE at 22:32
2622Completed NSE at 22:32, 0.00s elapsed
2623Initiating NSE at 22:32
2624Completed NSE at 22:32, 0.00s elapsed
2625#######################################################################################################################################
2626Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 22:38 EDT
2627NSE: Loaded 47 scripts for scanning.
2628NSE: Script Pre-scanning.
2629Initiating NSE at 22:38
2630Completed NSE at 22:38, 0.00s elapsed
2631Initiating NSE at 22:38
2632Completed NSE at 22:38, 0.00s elapsed
2633Initiating Ping Scan at 22:38
2634Scanning 67.225.255.187 [4 ports]
2635Completed Ping Scan at 22:38, 3.04s elapsed (1 total hosts)
2636Nmap scan report for 67.225.255.187 [host down]
2637NSE: Script Post-scanning.
2638Initiating NSE at 22:38
2639Completed NSE at 22:38, 0.00s elapsed
2640Initiating NSE at 22:38
2641Completed NSE at 22:38, 0.00s elapsed
2642#######################################################################################################################################
2643Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 22:38 EDT
2644NSE: Loaded 47 scripts for scanning.
2645NSE: Script Pre-scanning.
2646Initiating NSE at 22:38
2647Completed NSE at 22:38, 0.00s elapsed
2648Initiating NSE at 22:38
2649Completed NSE at 22:38, 0.00s elapsed
2650Initiating Parallel DNS resolution of 1 host. at 22:38
2651Completed Parallel DNS resolution of 1 host. at 22:38, 0.02s elapsed
2652Initiating UDP Scan at 22:38
2653Scanning silverstar2.kenhost.com (67.225.255.187) [15 ports]
2654Completed UDP Scan at 22:38, 1.69s elapsed (15 total ports)
2655Initiating Service scan at 22:38
2656Scanning 12 services on silverstar2.kenhost.com (67.225.255.187)
2657Service scan Timing: About 8.33% done; ETC: 22:57 (0:17:47 remaining)
2658Completed Service scan at 22:40, 102.57s elapsed (12 services on 1 host)
2659Initiating OS detection (try #1) against silverstar2.kenhost.com (67.225.255.187)
2660Retrying OS detection (try #2) against silverstar2.kenhost.com (67.225.255.187)
2661Initiating Traceroute at 22:40
2662Completed Traceroute at 22:40, 7.09s elapsed
2663Initiating Parallel DNS resolution of 1 host. at 22:40
2664Completed Parallel DNS resolution of 1 host. at 22:40, 0.00s elapsed
2665NSE: Script scanning 67.225.255.187.
2666Initiating NSE at 22:40
2667Completed NSE at 22:40, 7.12s elapsed
2668Initiating NSE at 22:40
2669Completed NSE at 22:40, 1.01s elapsed
2670Nmap scan report for silverstar2.kenhost.com (67.225.255.187)
2671Host is up (0.070s latency).
2672
2673PORT STATE SERVICE VERSION
267453/udp open|filtered domain
267567/udp open|filtered dhcps
267668/udp open|filtered dhcpc
267769/udp open|filtered tftp
267888/udp open|filtered kerberos-sec
2679123/udp open|filtered ntp
2680137/udp filtered netbios-ns
2681138/udp filtered netbios-dgm
2682139/udp open|filtered netbios-ssn
2683161/udp open|filtered snmp
2684162/udp filtered snmptrap
2685389/udp open|filtered ldap
2686500/udp open|filtered isakmp
2687|_ike-version: ERROR: Script execution failed (use -d to debug)
2688520/udp open|filtered route
26892049/udp open|filtered nfs
2690Too many fingerprints match this host to give specific OS details
2691
2692TRACEROUTE (using port 138/udp)
2693HOP RTT ADDRESS
26941 ...
26952 39.59 ms 10.249.204.1
26963 ...
26974 41.02 ms 10.249.204.1
26985 68.61 ms 10.249.204.1
26996 68.61 ms 10.249.204.1
27007 68.61 ms 10.249.204.1
27018 68.61 ms 10.249.204.1
27029 68.59 ms 10.249.204.1
270310 46.32 ms 10.249.204.1
270411 ... 18
270519 19.94 ms 10.249.204.1
270620 45.80 ms 10.249.204.1
270721 ... 27
270828 17.07 ms 10.249.204.1
270929 ...
271030 18.23 ms 10.249.204.1
2711
2712NSE: Script Post-scanning.
2713Initiating NSE at 22:40
2714Completed NSE at 22:40, 0.00s elapsed
2715Initiating NSE at 22:40
2716Completed NSE at 22:40, 0.00s elapsed
2717#######################################################################################################################################
2718Hosts
2719=====
2720
2721address mac name os_name os_flavor os_sp purpose info comments
2722------- --- ---- ------- --------- ----- ------- ---- --------
272367.225.255.187 silverstar2.kenhost.com Unknown device
2724
2725Services
2726========
2727
2728host port proto name state info
2729---- ---- ----- ---- ----- ----
273067.225.255.187 53 udp domain open
273167.225.255.187 67 udp dhcps unknown
273267.225.255.187 68 udp dhcpc unknown
273367.225.255.187 69 udp tftp unknown
273467.225.255.187 88 udp kerberos-sec unknown
273567.225.255.187 123 udp ntp unknown
273667.225.255.187 137 udp netbios-ns filtered
273767.225.255.187 138 udp netbios-dgm filtered
273867.225.255.187 139 udp netbios-ssn unknown
273967.225.255.187 161 udp snmp unknown
274067.225.255.187 162 udp snmptrap unknown
274167.225.255.187 389 udp ldap unknown
274267.225.255.187 500 udp isakmp unknown
274367.225.255.187 520 udp route unknown
274467.225.255.187 2049 udp nfs unknown
2745#######################################################################################################################################
2746[+] URL: https://nymasons.org/site/
2747[+] Started: Sat Oct 5 20:01:33 2019
2748
2749Interesting Finding(s):
2750
2751[+] https://nymasons.org/site/
2752 | Interesting Entries:
2753 | - Server: Apache
2754 | - X-Powered-By: PHP/7.0.33
2755 | Found By: Headers (Passive Detection)
2756 | Confidence: 100%
2757
2758[+] https://nymasons.org/site/xmlrpc.php
2759 | Found By: Link Tag (Passive Detection)
2760 | Confidence: 100%
2761 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
2762 | References:
2763 | - http://codex.wordpress.org/XML-RPC_Pingback_API
2764 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2765 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2766 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2767 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2768
2769[+] https://nymasons.org/site/readme.html
2770 | Found By: Direct Access (Aggressive Detection)
2771 | Confidence: 100%
2772
2773[+] This site has 'Must Use Plugins': https://nymasons.org/site/wp-content/mu-plugins/
2774 | Found By: Direct Access (Aggressive Detection)
2775 | Confidence: 80%
2776 | Reference: http://codex.wordpress.org/Must_Use_Plugins
2777
2778[+] Upload directory has listing enabled: https://nymasons.org/site/wp-content/uploads/
2779 | Found By: Direct Access (Aggressive Detection)
2780 | Confidence: 100%
2781
2782[+] https://nymasons.org/site/wp-cron.php
2783 | Found By: Direct Access (Aggressive Detection)
2784 | Confidence: 60%
2785 | References:
2786 | - https://www.iplocation.net/defend-wordpress-from-ddos
2787 | - https://github.com/wpscanteam/wpscan/issues/1299
2788
2789[+] WordPress version 5.2.3 identified (Latest, released on 2019-09-05).
2790 | Detected By: Rss Generator (Passive Detection)
2791 | - https://nymasons.org/site/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
2792 | - https://nymasons.org/site/comments/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
2793
2794[+] WordPress theme in use: Divi
2795 | Location: https://nymasons.org/site/wp-content/themes/Divi/
2796 | Readme: https://nymasons.org/site/wp-content/themes/Divi/README.md
2797 | Style URL: https://nymasons.org/site/wp-content/themes/Divi/style.css?ver=3.29.3
2798 | Style Name: Divi
2799 | Style URI: http://www.elegantthemes.com/gallery/divi/
2800 | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection....
2801 | Author: Elegant Themes
2802 | Author URI: http://www.elegantthemes.com
2803 |
2804 | Detected By: Css Style (Passive Detection)
2805 |
2806 | Version: 3.29.3 (80% confidence)
2807 | Detected By: Style (Passive Detection)
2808 | - https://nymasons.org/site/wp-content/themes/Divi/style.css?ver=3.29.3, Match: 'Version: 3.29.3'
2809
2810[+] Enumerating All Plugins (via Passive Methods)
2811[+] Checking Plugin Versions (via Passive and Aggressive Methods)
2812
2813[i] Plugin(s) Identified:
2814
2815[+] cryptx
2816 | Location: https://nymasons.org/site/wp-content/plugins/cryptx/
2817 | Latest Version: 3.3.1 (up to date)
2818 | Last Updated: 2019-09-19T12:19:00.000Z
2819 |
2820 | Detected By: Urls In Homepage (Passive Detection)
2821 |
2822 | Version: 3.3.1 (100% confidence)
2823 | Detected By: Readme - Stable Tag (Aggressive Detection)
2824 | - https://nymasons.org/site/wp-content/plugins/cryptx/readme.txt
2825 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
2826 | - https://nymasons.org/site/wp-content/plugins/cryptx/readme.txt
2827
2828[+] divi-switch
2829 | Location: https://nymasons.org/site/wp-content/plugins/divi-switch/
2830 |
2831 | Detected By: Urls In Homepage (Passive Detection)
2832 |
2833 | The version could not be determined.
2834
2835[+] divi_module_menu
2836 | Location: https://nymasons.org/site/wp-content/plugins/divi_module_menu/
2837 |
2838 | Detected By: Urls In Homepage (Passive Detection)
2839 |
2840 | The version could not be determined.
2841
2842[+] google-analytics-for-wordpress
2843 | Location: https://nymasons.org/site/wp-content/plugins/google-analytics-for-wordpress/
2844 | Latest Version: 7.9.0 (up to date)
2845 | Last Updated: 2019-10-02T15:47:00.000Z
2846 |
2847 | Detected By: Urls In Homepage (Passive Detection)
2848 | Confirmed By: Monster Insights Comment (Passive Detection)
2849 |
2850 | Version: 7.9.0 (100% confidence)
2851 | Detected By: Monster Insights Comment (Passive Detection)
2852 | - https://nymasons.org/site/, Match: 'Google Analytics by MonsterInsights plugin v7.9.0 -'
2853 | Confirmed By:
2854 | Query Parameter (Passive Detection)
2855 | - https://nymasons.org/site/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js?ver=7.9.0
2856 | Readme - Stable Tag (Aggressive Detection)
2857 | - https://nymasons.org/site/wp-content/plugins/google-analytics-for-wordpress/readme.txt
2858
2859[+] google-drive-embedder
2860 | Location: https://nymasons.org/site/wp-content/plugins/google-drive-embedder/
2861 | Latest Version: 5.1 (up to date)
2862 | Last Updated: 2019-07-18T06:37:00.000Z
2863 |
2864 | Detected By: Urls In Homepage (Passive Detection)
2865 |
2866 | Version: 5.1 (100% confidence)
2867 | Detected By: Readme - Stable Tag (Aggressive Detection)
2868 | - https://nymasons.org/site/wp-content/plugins/google-drive-embedder/readme.txt
2869 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
2870 | - https://nymasons.org/site/wp-content/plugins/google-drive-embedder/readme.txt
2871
2872[+] wordpress-seo
2873 | Location: https://nymasons.org/site/wp-content/plugins/wordpress-seo/
2874 | Latest Version: 12.2 (up to date)
2875 | Last Updated: 2019-10-01T06:58:00.000Z
2876 |
2877 | Detected By: Comment (Passive Detection)
2878 |
2879 | Version: 12.2 (100% confidence)
2880 | Detected By: Comment (Passive Detection)
2881 | - https://nymasons.org/site/, Match: 'optimized with the Yoast SEO plugin v12.2 -'
2882 | Confirmed By:
2883 | Readme - Stable Tag (Aggressive Detection)
2884 | - https://nymasons.org/site/wp-content/plugins/wordpress-seo/readme.txt
2885 | Readme - ChangeLog Section (Aggressive Detection)
2886 | - https://nymasons.org/site/wp-content/plugins/wordpress-seo/readme.txt
2887
2888[+] wp-google-maps
2889 | Location: https://nymasons.org/site/wp-content/plugins/wp-google-maps/
2890 | Latest Version: 7.11.53 (up to date)
2891 | Last Updated: 2019-10-03T06:41:00.000Z
2892 |
2893 | Detected By: Urls In Homepage (Passive Detection)
2894 |
2895 | Version: 7.21.23 (50% confidence)
2896 | Detected By: Readme - ChangeLog Section (Aggressive Detection)
2897 | - https://nymasons.org/site/wp-content/plugins/wp-google-maps/readme.txt
2898
2899[+] Enumerating Config Backups (via Passive and Aggressive Methods)
2900 Checking Config Backups - Time: 00:00:08 <=============> (21 / 21) 100.00% Time: 00:00:08
2901
2902[i] No Config Backups Found.
2903
2904[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
2905[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
2906
2907[+] Finished: Sat Oct 5 20:02:41 2019
2908[+] Requests Done: 63
2909[+] Cached Requests: 15
2910[+] Data Sent: 19.179 KB
2911[+] Data Received: 2.138 MB
2912[+] Memory used: 130.852 MB
2913[+] Elapsed time: 00:01:07
2914#######################################################################################################################################
2915[+] URL: https://nymasons.org/site/
2916[+] Started: Sat Oct 5 20:01:28 2019
2917
2918Interesting Finding(s):
2919
2920[+] https://nymasons.org/site/
2921 | Interesting Entries:
2922 | - Server: Apache
2923 | - X-Powered-By: PHP/7.0.33
2924 | Found By: Headers (Passive Detection)
2925 | Confidence: 100%
2926
2927[+] https://nymasons.org/site/xmlrpc.php
2928 | Found By: Link Tag (Passive Detection)
2929 | Confidence: 100%
2930 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
2931 | References:
2932 | - http://codex.wordpress.org/XML-RPC_Pingback_API
2933 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2934 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2935 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2936 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2937
2938[+] https://nymasons.org/site/readme.html
2939 | Found By: Direct Access (Aggressive Detection)
2940 | Confidence: 100%
2941
2942[+] This site has 'Must Use Plugins': https://nymasons.org/site/wp-content/mu-plugins/
2943 | Found By: Direct Access (Aggressive Detection)
2944 | Confidence: 80%
2945 | Reference: http://codex.wordpress.org/Must_Use_Plugins
2946
2947[+] Upload directory has listing enabled: https://nymasons.org/site/wp-content/uploads/
2948 | Found By: Direct Access (Aggressive Detection)
2949 | Confidence: 100%
2950
2951[+] https://nymasons.org/site/wp-cron.php
2952 | Found By: Direct Access (Aggressive Detection)
2953 | Confidence: 60%
2954 | References:
2955 | - https://www.iplocation.net/defend-wordpress-from-ddos
2956 | - https://github.com/wpscanteam/wpscan/issues/1299
2957
2958[+] WordPress version 5.2.3 identified (Latest, released on 2019-09-05).
2959 | Detected By: Rss Generator (Passive Detection)
2960 | - https://nymasons.org/site/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
2961 | - https://nymasons.org/site/comments/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
2962
2963[+] WordPress theme in use: Divi
2964 | Location: https://nymasons.org/site/wp-content/themes/Divi/
2965 | Readme: https://nymasons.org/site/wp-content/themes/Divi/README.md
2966 | Style URL: https://nymasons.org/site/wp-content/themes/Divi/style.css?ver=3.29.3
2967 | Style Name: Divi
2968 | Style URI: http://www.elegantthemes.com/gallery/divi/
2969 | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection....
2970 | Author: Elegant Themes
2971 | Author URI: http://www.elegantthemes.com
2972 |
2973 | Detected By: Css Style (Passive Detection)
2974 |
2975 | Version: 3.29.3 (80% confidence)
2976 | Detected By: Style (Passive Detection)
2977 | - https://nymasons.org/site/wp-content/themes/Divi/style.css?ver=3.29.3, Match: 'Version: 3.29.3'
2978
2979[+] Enumerating Users (via Passive and Aggressive Methods)
2980 Brute Forcing Author IDs - Time: 00:00:04 <==> (10 / 10) 100.00% Time: 00:00:04
2981
2982[i] User(s) Identified:
2983
2984[+] master
2985 | Detected By: Author Posts - Author Pattern (Passive Detection)
2986 | Confirmed By:
2987 | Rss Generator (Passive Detection)
2988 | Rss Generator (Aggressive Detection)
2989 | Yoast Seo Author Sitemap (Aggressive Detection)
2990 | - https://nymasons.org/site/author-sitemap.xml
2991
2992[+] artifacts
2993 | Detected By: Author Posts - Author Pattern (Passive Detection)
2994 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
2995 | - https://nymasons.org/site/author-sitemap.xml
2996
2997[+] sardone
2998 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
2999 | - https://nymasons.org/site/author-sitemap.xml
3000
3001[+] williamson
3002 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3003 | - https://nymasons.org/site/author-sitemap.xml
3004
3005[+] kessler
3006 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3007 | - https://nymasons.org/site/author-sitemap.xml
3008
3009[+] thomas
3010 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3011 | - https://nymasons.org/site/author-sitemap.xml
3012
3013[+] libone
3014 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3015 | - https://nymasons.org/site/author-sitemap.xml
3016
3017[+] gilbert
3018 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3019 | - https://nymasons.org/site/author-sitemap.xml
3020
3021[+] sullivan
3022 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3023 | - https://nymasons.org/site/author-sitemap.xml
3024
3025[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
3026[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
3027
3028[+] Finished: Sat Oct 5 20:02:26 2019
3029[+] Requests Done: 64
3030[+] Cached Requests: 6
3031[+] Data Sent: 16.389 KB
3032[+] Data Received: 15.144 MB
3033[+] Memory used: 139.336 MB
3034[+] Elapsed time: 00:00:58
3035#######################################################################################################################################
3036[+] URL: https://nymasons.org/site/
3037[+] Started: Sat Oct 5 20:07:29 2019
3038
3039Interesting Finding(s):
3040
3041[+] https://nymasons.org/site/
3042 | Interesting Entries:
3043 | - Server: Apache
3044 | - X-Powered-By: PHP/7.0.33
3045 | Found By: Headers (Passive Detection)
3046 | Confidence: 100%
3047
3048[+] https://nymasons.org/site/xmlrpc.php
3049 | Found By: Link Tag (Passive Detection)
3050 | Confidence: 30%
3051 | References:
3052 | - http://codex.wordpress.org/XML-RPC_Pingback_API
3053 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
3054 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
3055 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
3056 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
3057
3058[+] https://nymasons.org/site/readme.html
3059 | Found By: Direct Access (Aggressive Detection)
3060 | Confidence: 100%
3061
3062[+] This site has 'Must Use Plugins': https://nymasons.org/site/wp-content/mu-plugins/
3063 | Found By: Direct Access (Aggressive Detection)
3064 | Confidence: 80%
3065 | Reference: http://codex.wordpress.org/Must_Use_Plugins
3066
3067[+] Upload directory has listing enabled: https://nymasons.org/site/wp-content/uploads/
3068 | Found By: Direct Access (Aggressive Detection)
3069 | Confidence: 100%
3070
3071[+] https://nymasons.org/site/wp-cron.php
3072 | Found By: Direct Access (Aggressive Detection)
3073 | Confidence: 60%
3074 | References:
3075 | - https://www.iplocation.net/defend-wordpress-from-ddos
3076 | - https://github.com/wpscanteam/wpscan/issues/1299
3077
3078[+] WordPress version 5.2.3 identified (Latest, released on 2019-09-05).
3079 | Detected By: Rss Generator (Passive Detection)
3080 | - https://nymasons.org/site/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
3081 | - https://nymasons.org/site/comments/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
3082
3083[+] WordPress theme in use: Divi
3084 | Location: https://nymasons.org/site/wp-content/themes/Divi/
3085 | Readme: https://nymasons.org/site/wp-content/themes/Divi/README.md
3086 | Style URL: https://nymasons.org/site/wp-content/themes/Divi/style.css?ver=3.29.3
3087 | Style Name: Divi
3088 | Style URI: http://www.elegantthemes.com/gallery/divi/
3089 | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection....
3090 | Author: Elegant Themes
3091 | Author URI: http://www.elegantthemes.com
3092 |
3093 | Detected By: Css Style (Passive Detection)
3094 |
3095 | Version: 3.29.3 (80% confidence)
3096 | Detected By: Style (Passive Detection)
3097 | - https://nymasons.org/site/wp-content/themes/Divi/style.css?ver=3.29.3, Match: 'Version: 3.29.3'
3098
3099[+] Enumerating Users (via Passive and Aggressive Methods)
3100 Brute Forcing Author IDs - Time: 00:00:02 <============> (10 / 10) 100.00% Time: 00:00:02
3101
3102[i] User(s) Identified:
3103
3104[+] master
3105 | Detected By: Author Posts - Author Pattern (Passive Detection)
3106 | Confirmed By:
3107 | Rss Generator (Passive Detection)
3108 | Rss Generator (Aggressive Detection)
3109 | Yoast Seo Author Sitemap (Aggressive Detection)
3110 | - https://nymasons.org/site/author-sitemap.xml
3111
3112[+] artifacts
3113 | Detected By: Author Posts - Author Pattern (Passive Detection)
3114 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
3115 | - https://nymasons.org/site/author-sitemap.xml
3116
3117[+] sardone
3118 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3119 | - https://nymasons.org/site/author-sitemap.xml
3120
3121[+] williamson
3122 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3123 | - https://nymasons.org/site/author-sitemap.xml
3124
3125[+] kessler
3126 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3127 | - https://nymasons.org/site/author-sitemap.xml
3128
3129[+] thomas
3130 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3131 | - https://nymasons.org/site/author-sitemap.xml
3132
3133[+] libone
3134 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3135 | - https://nymasons.org/site/author-sitemap.xml
3136
3137[+] gilbert
3138 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3139 | - https://nymasons.org/site/author-sitemap.xml
3140
3141[+] sullivan
3142 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3143 | - https://nymasons.org/site/author-sitemap.xml
3144
3145[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
3146[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
3147
3148[+] Finished: Sat Oct 5 20:07:40 2019
3149[+] Requests Done: 14
3150[+] Cached Requests: 40
3151[+] Data Sent: 4.093 KB
3152[+] Data Received: 61.964 KB
3153[+] Memory used: 119.145 MB
3154[+] Elapsed time: 00:00:10
3155#######################################################################################################################################
3156[INFO] ------TARGET info------
3157[*] TARGET: https://nymasons.org/site/
3158[*] TARGET IP: 67.225.255.187
3159[INFO] NO load balancer detected for nymasons.org...
3160[*] DNS servers: ns1.gridfast.net.
3161[*] TARGET server: Apache
3162[*] CC: US
3163[*] Country: United States
3164[*] RegionCode: MI
3165[*] RegionName: Michigan
3166[*] City: Lansing
3167[*] ASN: AS32244
3168[*] BGP_PREFIX: 67.225.128.0/17
3169[*] ISP: LIQUIDWEB - Liquid Web, L.L.C, US
3170[INFO] SSL/HTTPS certificate detected
3171[*] Issuer: issuer=C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
3172[*] Subject: subject=CN = nymasons.org
3173[INFO] DNS enumeration:
3174[INFO] Possible abuse mails are:
3175[*] abuse@nymasons.org
3176[*] abuse@sourcedns.com
3177[*] admin@sourcedns.com
3178[*] ipadmin@liquidweb.com
3179[*] lisa@webclickhosting.com
3180[INFO] NO PAC (Proxy Auto Configuration) file FOUND
3181[INFO] Starting FUZZing in http://nymasons.org/FUzZzZzZzZz...
3182[INFO] Status code Folders
3183[ALERT] Look in the source code. It may contain passwords
3184[ALERT] Content in http://nymasons.org/ AND http://www.nymasons.org/ is different
3185[INFO] MD5 for http://nymasons.org/ is: d659951f01c1466fa016f0eb096526fc
3186[INFO] MD5 for http://www.nymasons.org/ is: 840a43bb6a0539d888feaab3ed83f49f
3187[INFO] http://nymasons.org/ redirects to http://www.NyMasons.Org/site/
3188[INFO] http://www.nymasons.org/ redirects to http://www.NyMasons.Org/site/
3189[INFO] Links found from https://nymasons.org/site/ http://67.225.255.187/:
3190[*] http://67.225.255.187/cgi-sys/defaultwebpage.cgi
3191[*] https://www.wordfence.com/help/?query=locked-out
3192[INFO] GOOGLE has 9,500 results (0.19 seconds) about http://nymasons.org/
3193[INFO] Shodan detected the following opened ports on 67.225.255.187:
3194[*] 1
3195[*] 110
3196[*] 143
3197[*] 2083
3198[*] 2086
3199[*] 2087
3200[*] 21
3201[*] 22
3202[*] 4
3203[*] 443
3204[*] 53
3205[*] 80
3206[*] 993
3207[INFO] ------VirusTotal SECTION------
3208[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
3209[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
3210[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
3211[INFO] ------Alexa Rank SECTION------
3212[INFO] Percent of Visitors Rank in Country:
3213[INFO] Percent of Search Traffic:
3214[INFO] Percent of Unique Visits:
3215[INFO] Total Sites Linking In:
3216[*] Total Sites
3217[INFO] Useful links related to nymasons.org - 67.225.255.187:
3218[*] https://www.virustotal.com/pt/ip-address/67.225.255.187/information/
3219[*] https://www.hybrid-analysis.com/search?host=67.225.255.187
3220[*] https://www.shodan.io/host/67.225.255.187
3221[*] https://www.senderbase.org/lookup/?search_string=67.225.255.187
3222[*] https://www.alienvault.com/open-threat-exchange/ip/67.225.255.187
3223[*] http://pastebin.com/search?q=67.225.255.187
3224[*] http://urlquery.net/search.php?q=67.225.255.187
3225[*] http://www.alexa.com/siteinfo/nymasons.org
3226[*] http://www.google.com/safebrowsing/diagnostic?site=nymasons.org
3227[*] https://censys.io/ipv4/67.225.255.187
3228[*] https://www.abuseipdb.com/check/67.225.255.187
3229[*] https://urlscan.io/search/#67.225.255.187
3230[*] https://github.com/search?q=67.225.255.187&type=Code
3231[INFO] Useful links related to AS32244 - 67.225.128.0/17:
3232[*] http://www.google.com/safebrowsing/diagnostic?site=AS:32244
3233[*] https://www.senderbase.org/lookup/?search_string=67.225.128.0/17
3234[*] http://bgp.he.net/AS32244
3235[*] https://stat.ripe.net/AS32244
3236[INFO] Date: 05/10/19 | Time: 20:08:51
3237[INFO] Total time: 1 minute(s) and 26 second(s)
3238#######################################################################################################################################
3239[*] Load target domain: nymasons.org
3240 - starting scanning @ 2019-10-05 20:20:35
3241
3242[+] Running & Checking source to be used
3243---------------------------------------------
3244
3245 ⍥ Shodan [ ✕ ]
3246 ⍥ Webarchive [ ✔ ]
3247 ⍥ Dnsdumpster [ ✔ ]
3248 ⍥ Certspotter [ ✔ ]
3249 ⍥ Riddler [ ✔ ]
3250 ⍥ Hackertarget [ ✔ ]
3251 ⍥ Entrust [ ✔ ]
3252 ⍥ Certsh [ ✔ ]
3253 ⍥ Securitytrails [ ✕ ]
3254 ⍥ Censys [ ✕ ]
3255 ⍥ Bufferover [ ✔ ]
3256 ⍥ Threatminer [ ✔ ]
3257 ⍥ Threatcrowd [ ✔ ]
3258 ⍥ Binaryedge [ ✕ ]
3259 ⍥ Virustotal [ ✕ ]
3260 ⍥ Findsubdomain [ ✔ ]
3261
3262[+] Get & Count subdomain total From source
3263---------------------------------------------
3264
3265 ⍥ Hackertarget: Total Subdomain (4)
3266 ⍥ Findsubdomain: Total Subdomain (1)
3267 ⍥ Certspotter: Total Subdomain (11)
3268 ⍥ Threatminer: Total Subdomain (0)
3269 ⍥ Certsh: Total Subdomain (10)
3270 ⍥ BufferOver: Total Subdomain (3)
3271 ⍥ Entrust: Total Subdomain (1)
3272 ⍥ Threatcrowd: Total Subdomain (0)
3273 ⍥ Dnsdumpster: Total Subdomain (8)
3274 ⍥ Riddler: Total Subdomain (3)
3275 ⍥ Webarchive: Total Subdomain (437)
3276
3277[+] Parsing & Sorting list Domain
3278---------------------------------------------
3279
3280 ⍥ Total [13]
3281
3282 - cpanel.nymasons.org
3283 - eapapplication.nymasons.org
3284 - glnyeducation.nymasons.org
3285 - graphics.nymasons.org
3286 - hive.nymasons.org
3287 - mail.nymasons.org
3288 - mori.nymasons.org
3289 - nymasons.org
3290 - webdisk.nymasons.org
3291 - webmail.nymasons.org
3292 - www.graphics.nymasons.org
3293 - www.hive.nymasons.org
3294 - www.nymasons.org
3295
3296 ⍥ Total [13]
3297
3298[+] Probe subdomain for working on http/https
3299---------------------------------------------
3300
3301 - http://mori.nymasons.org
3302 - http://glnyeducation.nymasons.org
3303 - http://nymasons.org
3304 - http://eapapplication.nymasons.org
3305 - https://glnyeducation.nymasons.org
3306 - http://www.nymasons.org
3307 - https://nymasons.org
3308 - https://mori.nymasons.org
3309 - https://eapapplication.nymasons.org
3310 - https://www.nymasons.org
3311
3312 ⍥ Total [10]
3313
3314
3315[+] Check Live Host: Ping Sweep - ICMP PING
3316---------------------------------------------
3317
3318 ⍥ [DEAD] cpanel.nymasons.org
3319 ⍥ [LIVE] eapapplication.nymasons.org
3320 ⍥ [DEAD] glnyeducation.nymasons.org
3321 ⍥ [DEAD] graphics.nymasons.org
3322 ⍥ [DEAD] hive.nymasons.org
3323 ⍥ [DEAD] mail.nymasons.org
3324 ⍥ [LIVE] mori.nymasons.org
3325 ⍥ [LIVE] nymasons.org
3326 ⍥ [DEAD] webdisk.nymasons.org
3327 ⍥ [DEAD] webmail.nymasons.org
3328 ⍥ [DEAD] www.graphics.nymasons.org
3329 ⍥ [DEAD] www.hive.nymasons.org
3330 ⍥ [LIVE] www.nymasons.org
3331
3332[+] Check Resolving: Subdomains & Domains
3333---------------------------------------------
3334
3335 ⍥ Resolving domains to: RESOLVE ERROR
3336 ⍥ Resolving domains to: 129.121.15.234
3337 ⍥ Resolving domains to: 45.55.97.70
3338 ⍥ Resolving domains to: RESOLVE ERROR
3339 ⍥ Resolving domains to: RESOLVE ERROR
3340 ⍥ Resolving domains to: RESOLVE ERROR
3341 ⍥ Resolving domains to: 138.197.108.77
3342 ⍥ Resolving domains to: 67.225.255.187
3343 ⍥ Resolving domains to: RESOLVE ERROR
3344 ⍥ Resolving domains to: RESOLVE ERROR
3345 ⍥ Resolving domains to: RESOLVE ERROR
3346 ⍥ Resolving domains to: RESOLVE ERROR
3347 ⍥ Resolving domains to: 67.225.255.187
3348
3349[+] Subdomain TakeOver - Check Possible Vulns
3350---------------------------------------------
3351
3352 ⍥ [FAILS] En: Unknown http://mori.nymasons.org
3353 ⍥ [FAILS] En: Unknown http://glnyeducation.nymasons.org
3354 ⍥ [FAILS] En: Unknown http://nymasons.org
3355 ⍥ [FAILS] En: Unknown http://eapapplication.nymasons.org
3356 ⍥ [FAILS] En: Unknown http://www.nymasons.org
3357 ⍥ [FAILS] En: Unknown https://glnyeducation.nymasons.org
3358 ⍥ [FAILS] En: Unknown https://mori.nymasons.org
3359 ⍥ [FAILS] En: Unknown https://nymasons.org
3360 ⍥ [FAILS] En: Unknown https://eapapplication.nymasons.org
3361 ⍥ [FAILS] En: Unknown https://www.nymasons.org
3362
3363[+] Checks status code on port 80 and 443
3364---------------------------------------------
3365
3366 ⍥ [301] http://mori.nymasons.org
3367 ⍥ [301] http://glnyeducation.nymasons.org
3368 ⍥ [301] http://nymasons.org
3369 ⍥ [200] http://eapapplication.nymasons.org
3370 ⍥ [301] http://www.nymasons.org
3371 ⍥ [200] https://glnyeducation.nymasons.org
3372 ⍥ [000] https://mori.nymasons.org
3373 ⍥ [301] https://nymasons.org
3374 ⍥ [000] https://eapapplication.nymasons.org
3375 ⍥ [301] https://www.nymasons.org
3376
3377
3378 ⍥ Make template for reports
3379 - output/10-05-2019/nymasons.org/reports
3380
3381 ⍥ Successful Created ..
3382
3383[+] Sud⍥my has been sucessfully completed
3384---------------------------------------------
3385
3386 ⍥ Location output:
3387 - output/10-05-2019/nymasons.org
3388 - output/10-05-2019/nymasons.org/report
3389 - output/10-05-2019/nymasons.org/screenshots
3390#######################################################################################################################################
3391[I] Threads: 5
3392[-] Target: https://nymasons.org/site (67.225.255.187)
3393[I] Server: Apache
3394[I] X-Powered-By: PHP/7.0.33
3395[L] X-Frame-Options: Not Enforced
3396[I] X-Content-Security-Policy: Not Enforced
3397[I] X-Content-Type-Options: Not Enforced
3398[L] No Robots.txt Found
3399[I] CMS Detection: WordPress
3400[I] Wordpress Version: 5.2.3
3401[M] EDB-ID: 47361 "WordPress 5.2.3 - Cross-Site Host Modification"
3402[I] Wordpress Theme: Divi
3403[M] EDB-ID: 40042 "WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection"
3404[M] EDB-ID: 4397 "Claymore Dual GPU Miner 10.5 - Format String"
3405[M] XML-RPC services are enabled
3406[M] Website vulnerable to XML-RPC Brute Force Vulnerability
3407[I] Autocomplete Off Not Found: https://nymasons.org/site/wp-login.php
3408[-] Default WordPress Files:
3409[I] https://nymasons.org/site/license.txt
3410[I] https://nymasons.org/site/readme.html
3411[I] https://nymasons.org/site/wp-content/themes/twentyfifteen/genericons/COPYING.txt
3412[I] https://nymasons.org/site/wp-content/themes/twentyfifteen/genericons/LICENSE.txt
3413[I] https://nymasons.org/site/wp-content/themes/twentyfifteen/readme.txt
3414[I] https://nymasons.org/site/wp-content/themes/twentynineteen/readme.txt
3415[I] https://nymasons.org/site/wp-content/themes/twentyseventeen/README.txt
3416[I] https://nymasons.org/site/wp-content/themes/twentysixteen/genericons/COPYING.txt
3417[I] https://nymasons.org/site/wp-content/themes/twentysixteen/genericons/LICENSE.txt
3418[I] https://nymasons.org/site/wp-content/themes/twentysixteen/readme.txt
3419[I] https://nymasons.org/site/wp-includes/ID3/license.commercial.txt
3420[I] https://nymasons.org/site/wp-includes/ID3/license.txt
3421[I] https://nymasons.org/site/wp-includes/ID3/readme.txt
3422[I] https://nymasons.org/site/wp-includes/images/crystal/license.txt
3423[I] https://nymasons.org/site/wp-includes/js/plupload/license.txt
3424[I] https://nymasons.org/site/wp-includes/js/swfupload/license.txt
3425[I] https://nymasons.org/site/wp-includes/js/tinymce/license.txt
3426[-] Searching Wordpress Plugins ...
3427[I] all-video-gallery
3428[M] EDB-ID: 22427 "WordPress Plugin All Video Gallery 1.1 - SQL Injection"
3429[I] allow-php-in-posts-and-pages
3430[M] EDB-ID: 17688 "WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection"
3431[I] allwebmenus-wordpress-menu-plugin
3432[M] EDB-ID: 17861 "WordPress Plugin AllWebMenus 1.1.3 - Remote File Inclusion"
3433[M] EDB-ID: 18407 "WordPress Plugin AllWebMenus < 1.1.9 Menu Plugin - Arbitrary File Upload"
3434[I] alo-easymail
3435[I] annonces
3436[M] EDB-ID: 17863 "WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion"
3437[I] answer-my-question
3438[M] EDB-ID: 40771 "WordPress Plugin Answer My Question 1.3 - SQL Injection"
3439[I] appointment-booking-calendar
3440[M] EDB-ID: 39309 "WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection"
3441[M] EDB-ID: 39319 "WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection"
3442[M] EDB-ID: 39341 "WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities"
3443[M] EDB-ID: 39342 "WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection"
3444[I] aspose-doc-exporter
3445[M] EDB-ID: 36559 "WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download"
3446[I] asset-manager
3447[M] EDB-ID: 18993 "WordPress Plugin Asset Manager 0.2 - Arbitrary File Upload"
3448[I] audio
3449[M] EDB-ID: 35258 "WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting"
3450[I] audio-player
3451[M] EDB-ID: 38300 "WordPress Plugin Audio Player - 'playerID' Cross-Site Scripting"
3452[I] auto-attachments
3453[M] EDB-ID: 17872 "Multiple WordPress Plugins - 'timthumb.php' File Upload"
3454[I] aviary-image-editor-add-on-for-gravity-forms
3455[M] EDB-ID: 37275 "WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload"
3456[I] backwpup
3457[M] EDB-ID: 35400 "WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities"
3458[I] baggage-freight
3459[M] EDB-ID: 46061 "WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload"
3460[I] baggage_shipping
3461[I] bbpress
3462[M] EDB-ID: 22396 "WordPress Plugin bbPress - Multiple Vulnerabilities"
3463[I] bezahlcode-generator
3464[M] EDB-ID: 35286 "WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting"
3465[I] booking
3466[M] EDB-ID: 27399 "WordPress Plugin Booking Calendar 4.1.4 - Cross-Site Request Forgery"
3467[I] booking-calendar-contact-form
3468[M] EDB-ID: 37003 "WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities"
3469[I] bookx
3470[M] EDB-ID: 39251 "WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion"
3471[I] brandfolder
3472[M] EDB-ID: 39591 "WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion"
3473[I] cac-featured-content
3474[I] candidate-application-form
3475[M] EDB-ID: 37754 "WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download"
3476[I] catalog
3477[M] EDB-ID: 25724 "WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities"
3478[M] EDB-ID: 38639 "WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities"
3479[I] category-grid-view-gallery
3480[M] EDB-ID: 38625 "WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting"
3481[I] category-list-portfolio-page
3482[I] cevhershare
3483[M] EDB-ID: 17891 "WordPress Plugin CevherShare 2.0 - SQL Injection"
3484[I] cforms
3485[M] EDB-ID: 34946 "WordPress Plugin cformsII 11.5/13.1 - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities"
3486[I] cforms2
3487[M] EDB-ID: 35879 "WordPress Plugin Cforms 14.7 - Remote Code Execution"
3488[I] chenpress
3489[M] EDB-ID: 37522 "WordPress Plugin chenpress - Arbitrary File Upload"
3490[I] church-admin
3491[M] EDB-ID: 37483 "WordPress Plugin church_admin - 'id' Cross-Site Scripting"
3492[I] cimy-counter
3493[M] EDB-ID: 14057 "WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting"
3494[M] EDB-ID: 34195 "WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting / Cross-Site Scripting"
3495[I] clickdesk-live-support-chat
3496[M] EDB-ID: 36338 "WordPress Plugin ClickDesk Live Support 2.0 - 'cdwidget' Cross-Site Scripting"
3497[I] cloudsafe365-for-wp
3498[M] EDB-ID: 37681 "WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure"
3499[I] cm-download-manager
3500[M] EDB-ID: 35324 "WordPress Plugin CM Download Manager 2.0.0 - Code Injection"
3501[I] cms-pack
3502[I] cnhk-slideshow
3503[M] EDB-ID: 39190 "WordPress Plugin cnhk-Slideshow - Arbitrary File Upload"
3504[I] comicpress-manager
3505[M] EDB-ID: 35393 "WordPress Plugin ComicPress Manager 1.4.9 - 'lang' Cross-Site Scripting"
3506[I] comment-rating
3507[M] EDB-ID: 16221 "WordPress Plugin Comment Rating 2.9.23 - Multiple Vulnerabilities"
3508[M] EDB-ID: 24552 "WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities"
3509[M] EDB-ID: 36487 "WordPress Plugin Comment Rating 2.9.20 - 'path' Cross-Site Scripting"
3510[I] community-events
3511[M] EDB-ID: 17798 "WordPress Plugin Community Events 1.2.1 - SQL Injection"
3512[I] complete-gallery-manager
3513[M] EDB-ID: 28377 "WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload"
3514[I] contact-form-generator
3515[M] EDB-ID: 38086 "WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities"
3516[I] contact-form-wordpress
3517[M] EDB-ID: 17980 "WordPress Plugin Contact Form 2.7.5 - SQL Injection"
3518[I] contus-hd-flv-player
3519[M] EDB-ID: 17678 "WordPress Plugin Contus HD FLV Player 1.3 - SQL Injection"
3520[M] EDB-ID: 37377 "WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload"
3521[I] contus-video-gallery
3522[M] EDB-ID: 34161 "WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities"
3523[I] contus-video-galleryversion-10
3524[M] EDB-ID: 37373 "WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload"
3525[I] copyright-licensing-tools
3526[M] EDB-ID: 17749 "WordPress Plugin iCopyright(R) Article Tools 1.1.4 - SQL Injection"
3527[I] count-per-day
3528[M] EDB-ID: 17857 "WordPress Plugin Count per Day 2.17 - SQL Injection"
3529[M] EDB-ID: 18355 "WordPress Plugin Count Per Day - Multiple Vulnerabilities"
3530[M] EDB-ID: 20862 "WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting"
3531[I] couponer
3532[M] EDB-ID: 17759 "WordPress Plugin Couponer 1.2 - SQL Injection"
3533[I] cp-polls
3534[M] EDB-ID: 39513 "WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities"
3535[I] cp-reservation-calendar
3536[M] EDB-ID: 38187 "WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection"
3537[I] cpl
3538[M] EDB-ID: 11458 "WordPress Plugin Copperleaf Photolog 0.16 - SQL Injection"
3539[I] crawlrate-tracker
3540[M] EDB-ID: 17755 "WordPress Plugin Crawl Rate Tracker 2.0.2 - SQL Injection"
3541[I] crayon-syntax-highlighter
3542[M] EDB-ID: 37946 "WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion"
3543[I] cryptx v3.3.1
3544[I] custom-background
3545[M] EDB-ID: 39135 "WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload"
3546[I] custom-content-type-manager
3547[M] EDB-ID: 19058 "WordPress Plugin Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload"
3548[I] custom-tables
3549[M] EDB-ID: 37482 "WordPress Plugin custom tables - 'key' Cross-Site Scripting"
3550[I] cysteme-finder
3551[M] EDB-ID: 40295 "WordPress Plugin CYSTEME Finder 1.3 - Arbitrary File Disclosure/Arbitrary File Upload"
3552[I] daily-maui-photo-widget
3553[M] EDB-ID: 35673 "WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities"
3554[I] db-backup
3555[M] EDB-ID: 35378 "WordPress Plugin DB Backup - Arbitrary File Download"
3556[I] disclosure-policy-plugin
3557[M] EDB-ID: 17865 "WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion"
3558[I] divi-switch
3559[I] divi_module_menu
3560[I] dm-albums
3561[M] EDB-ID: 9043 "Adobe Flash Selection.SetSelection - Use-After-Free"
3562[M] EDB-ID: 9048 "Adobe Flash TextField.replaceText - Use-After-Free"
3563[I] dmsguestbook
3564[I] downloads-manager
3565[M] EDB-ID: 6127 "Pixel Studio 2.17 - Denial of Service (PoC)"
3566[I] dp-thumbnail
3567[I] drag-drop-file-uploader
3568[M] EDB-ID: 19057 "WordPress Plugin drag and drop file upload 0.1 - Arbitrary File Upload"
3569[I] dukapress
3570[M] EDB-ID: 35346 "WordPress Plugin DukaPress 2.5.2 - Directory Traversal"
3571[I] duplicator
3572[M] EDB-ID: 38676 "WordPress Plugin Duplicator - Cross-Site Scripting"
3573[M] EDB-ID: 44288 "WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting"
3574[I] dzs-videogallery
3575[M] EDB-ID: 29834 "WordPress Plugin dzs-videogallery - Arbitrary File Upload"
3576[M] EDB-ID: 30063 "WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure"
3577[M] EDB-ID: 39250 "WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection"
3578[M] EDB-ID: 39553 "WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities"
3579[I] dzs-zoomsounds
3580[M] EDB-ID: 37166 "WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload"
3581[I] easy-contact-form-lite
3582[M] EDB-ID: 17680 "WordPress Plugin Easy Contact Form Lite 1.0.7 - SQL Injection"
3583[I] easy-contact-forms-exporter
3584[M] EDB-ID: 19013 "WordPress Plugin Easy Contact Forms Export 1.1.0 - Information Disclosure"
3585[I] ebook-download
3586[M] EDB-ID: 39575 "WordPress Plugin eBook Download 1.1 - Directory Traversal"
3587[I] eco-annu
3588[M] EDB-ID: 38019 "WordPress Plugin Eco-annu - 'eid' SQL Injection"
3589[I] editormonkey
3590[M] EDB-ID: 17284 "WordPress Plugin EditorMonkey 2.5 - 'FCKeditor' Arbitrary File Upload"
3591[I] email-newsletter
3592[M] EDB-ID: 37356 "WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure"
3593[I] evarisk
3594[M] EDB-ID: 17738 "WordPress Plugin Evarisk 5.1.3.6 - SQL Injection"
3595[M] EDB-ID: 37399 "WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload"
3596[I] event-registration
3597[M] EDB-ID: 17751 "WordPress Plugin Event Registration 5.4.3 - SQL Injection"
3598[I] eventify
3599[M] EDB-ID: 17794 "WordPress Plugin Eventify - Simple Events 1.7.f SQL Injection"
3600[I] extend-wordpress
3601[I] facebook-opengraph-meta-plugin
3602[M] EDB-ID: 17773 "WordPress Plugin Facebook Opengraph Meta 1.0 - SQL Injection"
3603[I] fbgorilla
3604[M] EDB-ID: 39283 "WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection"
3605[I] fbpromotions
3606[M] EDB-ID: 17737 "WordPress Plugin Facebook Promotions 1.3.3 - SQL Injection"
3607[I] fcchat
3608[M] EDB-ID: 35289 "WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting"
3609[M] EDB-ID: 37370 "WordPress Plugin FCChat Widget 2.2.x - 'upload.php' Arbitrary File Upload"
3610[I] feature-slideshow
3611[M] EDB-ID: 35285 "WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting"
3612[I] featurific-for-wordpress
3613[M] EDB-ID: 36339 "WordPress Plugin Featurific For WordPress 1.6.2 - 'snum' Cross-Site Scripting"
3614[I] feed
3615[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
3616[I] feedlist
3617[M] EDB-ID: 34973 "WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting"
3618[I] feedweb
3619[M] EDB-ID: 38414 "WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting"
3620[I] fgallery
3621[M] EDB-ID: 4993 "GitList 0.6.0 - Argument Injection (Metasploit)"
3622[I] file-groups
3623[M] EDB-ID: 17677 "WordPress Plugin File Groups 1.1.2 - SQL Injection"
3624[I] filedownload
3625[M] EDB-ID: 17858 "WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure"
3626[I] finder
3627[M] EDB-ID: 37677 "WordPress Plugin Finder - 'order' Cross-Site Scripting"
3628[I] firestats
3629[M] EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
3630[M] EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
3631[M] EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
3632[I] flash-album-gallery
3633[M] EDB-ID: 16947 "WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities"
3634[M] EDB-ID: 36383 "WordPress Plugin flash-album-gallery - 'facebook.php' Cross-Site Scripting"
3635[M] EDB-ID: 36434 "WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting"
3636[M] EDB-ID: 36444 "WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting"
3637[I] flexible-custom-post-type
3638[M] EDB-ID: 36317 "WordPress Plugin Flexible Custom Post Type - 'id' Cross-Site Scripting"
3639[I] flipbook
3640[M] EDB-ID: 37452 "WordPress Plugin Flip Book - 'PHP.php' Arbitrary File Upload"
3641[I] font-uploader
3642[M] EDB-ID: 18994 "WordPress Plugin Font Uploader 1.2.4 - Arbitrary File Upload"
3643[I] formcraft
3644[M] EDB-ID: 30002 "WordPress Plugin Formcraft - SQL Injection"
3645[I] forum-server
3646[M] EDB-ID: 16235 "WordPress Plugin Forum Server 1.6.5 - SQL Injection"
3647[M] EDB-ID: 17828 "WordPress Plugin Forum Server 1.7 - SQL Injection"
3648[I] foxypress
3649[M] EDB-ID: 18991 "WordPress Plugin Foxypress 0.4.1.1 < 0.4.2.1 - Arbitrary File Upload"
3650[M] EDB-ID: 22374 "WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities"
3651[I] front-end-upload
3652[M] EDB-ID: 19008 "WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload"
3653[I] front-file-manager
3654[M] EDB-ID: 19012 "WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload"
3655[I] fs-real-estate-plugin
3656[M] EDB-ID: 22071 "WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection"
3657[I] gallery-images
3658[M] EDB-ID: 34524 "WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection"
3659[M] EDB-ID: 39807 "WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities"
3660[I] gallery-plugin
3661[M] EDB-ID: 18998 "WordPress Plugin Gallery 3.06 - Arbitrary File Upload"
3662[M] EDB-ID: 38209 "WordPress Plugin Gallery - 'filename_1' Arbitrary File Access"
3663[I] gd-star-rating
3664[M] EDB-ID: 17973 "WordPress Plugin GD Star Rating 1.9.10 - SQL Injection"
3665[M] EDB-ID: 35373 "WordPress Plugin GD Star Rating 1.9.7 - 'wpfn' Cross-Site Scripting"
3666[M] EDB-ID: 35835 "WordPress Plugin GD Star Rating - 'votes' SQL Injection"
3667[I] gift-voucher
3668[M] EDB-ID: 45255 "WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection"
3669[I] global-content-blocks
3670[M] EDB-ID: 17687 "WordPress Plugin Global Content Blocks 1.2 - SQL Injection"
3671[I] global-flash-galleries
3672[M] EDB-ID: 39059 "WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload"
3673[I] google-analytics-for-wordpress v7.9.0
3674[I] google-document-embedder
3675[M] EDB-ID: 35371 "WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection"
3676[M] EDB-ID: 35447 "WordPress Plugin Google Document Embedder 2.5.16 - 'mysql_real_escpae_string' Bypass SQL Injection"
3677[I] google-drive-embedder v5.1
3678[I] google-mp3-audio-player
3679[M] EDB-ID: 35460 "WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download"
3680[I] gracemedia-media-player
3681[M] EDB-ID: 46537 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion"
3682[I] grapefile
3683[M] EDB-ID: 17760 "WordPress Plugin grapefile 1.1 - Arbitrary File Upload"
3684[I] gwolle-gb
3685[M] EDB-ID: 38861 "WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion"
3686[I] hb-audio-gallery-lite
3687[M] EDB-ID: 39589 "WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download"
3688[I] hd-webplayer
3689[M] EDB-ID: 20918 "WordPress Plugin HD Webplayer 1.1 - SQL Injection"
3690[I] history-collection
3691[M] EDB-ID: 37254 "WordPress Plugin History Collection 1.1.1 - Arbitrary File Download"
3692[I] hitasoft_player
3693[M] EDB-ID: 38012 "WordPress Plugin FLV Player - 'id' SQL Injection"
3694[I] html5avmanager
3695[M] EDB-ID: 18990 "WordPress Plugin HTML5 AV Manager 0.2.7 - Arbitrary File Upload"
3696[I] i-dump-iphone-to-wordpress-photo-uploader
3697[M] EDB-ID: 36691 "WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload"
3698[I] iframe-admin-pages
3699[M] EDB-ID: 37179 "WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting"
3700[I] igit-posts-slider-widget
3701[M] EDB-ID: 35392 "WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Cross-Site Scripting"
3702[I] image-export
3703[M] EDB-ID: 39584 "WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure"
3704[I] image-gallery-with-slideshow
3705[M] EDB-ID: 17761 "WordPress Plugin image Gallery with Slideshow 1.5 - Multiple Vulnerabilities"
3706[I] imdb-widget
3707[M] EDB-ID: 39621 "WordPress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion"
3708[I] inboundio-marketing
3709[M] EDB-ID: 36478 "WordPress Plugin InBoundio Marketing 1.0 - Arbitrary File Upload"
3710[I] indeed-membership-pro
3711[I] inline-gallery
3712[M] EDB-ID: 35418 "WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting"
3713[I] insert-php
3714[M] EDB-ID: 41308 "WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection"
3715[I] invit0r
3716[M] EDB-ID: 37403 "WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload"
3717[I] ip-logger
3718[M] EDB-ID: 17673 "WordPress Plugin IP-Logger 3.0 - SQL Injection"
3719[I] is-human
3720[M] EDB-ID: 17299 "WordPress Plugin Is-human 1.4.2 - Remote Command Execution"
3721[I] islidex
3722[I] iwant-one-ihave-one
3723[M] EDB-ID: 16236 "WordPress Plugin IWantOneButton 3.0.1 - Multiple Vulnerabilities"
3724[I] jetpack
3725[M] EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
3726[I] jibu-pro
3727[M] EDB-ID: 45305 "WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting"
3728[I] joliprint
3729[M] EDB-ID: 37176 "WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities"
3730[I] jquery-mega-menu
3731[M] EDB-ID: 16250 "WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion"
3732[I] jrss-widget
3733[M] EDB-ID: 34977 "WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure"
3734[I] js-appointment
3735[M] EDB-ID: 17724 "WordPress Plugin Js-appointment 1.5 - SQL Injection"
3736[I] jtrt-responsive-tables
3737[M] EDB-ID: 43110 "WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection"
3738[I] kino-gallery
3739[I] kish-guest-posting
3740[I] kittycatfish
3741[M] EDB-ID: 41919 "WordPress Plugin KittyCatfish 2.2 - SQL Injection"
3742[I] knews
3743[M] EDB-ID: 37484 "WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting"
3744[I] knr-author-list-widget
3745[M] EDB-ID: 17791 "WordPress Plugin KNR Author List Widget 2.0.0 - SQL Injection"
3746[I] lanoba-social-plugin
3747[M] EDB-ID: 36326 "WordPress Plugin Lanoba Social 1.0 - 'action' Cross-Site Scripting"
3748[I] lazy-content-slider
3749[M] EDB-ID: 40070 "WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)"
3750[I] lazy-seo
3751[M] EDB-ID: 28452 "WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload"
3752[I] lazyest-gallery
3753[M] EDB-ID: 35435 "WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Cross-Site Scripting"
3754[I] lb-mixed-slideshow
3755[M] EDB-ID: 37418 "WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload"
3756[I] leaguemanager
3757[M] EDB-ID: 24789 "WordPress Plugin LeagueManager 3.8 - SQL Injection"
3758[I] leenkme
3759[I] levelfourstorefront
3760[M] EDB-ID: 38158 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection"
3761[M] EDB-ID: 38159 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php?reqID' SQL Injection"
3762[M] EDB-ID: 38160 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php?reqID' SQL Injection"
3763[I] like-dislike-counter-for-posts-pages-and-comments
3764[M] EDB-ID: 34553 "WordPress Plugin Like Dislike Counter 1.2.3 - SQL Injection"
3765[I] link-library
3766[M] EDB-ID: 17887 "WordPress Plugin Link Library 5.2.1 - SQL Injection"
3767[I] peugeot-music-plugin
3768[M] EDB-ID: 44737 "WordPress Plugin Peugeot Music - Arbitrary File Upload"
3769[I] photocart-link
3770[M] EDB-ID: 39623 "WordPress Plugin Photocart Link 1.6 - Local File Inclusion"
3771[I] photoracer
3772[M] EDB-ID: 17720 "WordPress Plugin Photoracer 1.0 - SQL Injection"
3773[M] EDB-ID: 17731 "WordPress Plugin Photoracer 1.0 - Multiple Vulnerabilities"
3774[M] EDB-ID: 8961 "WordPress Plugin Photoracer 1.0 - 'id' SQL Injection"
3775[I] photosmash-galleries
3776[M] EDB-ID: 35429 "WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting"
3777[M] EDB-ID: 38872 "WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload"
3778[I] php_speedy_wp
3779[I] phpfreechat
3780[M] EDB-ID: 37485 "WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting"
3781[I] pica-photo-gallery
3782[M] EDB-ID: 19016 "WordPress Plugin PICA Photo Gallery 1.0 - Remote File Disclosure"
3783[M] EDB-ID: 19055 "WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload"
3784[I] pictpress
3785[M] EDB-ID: 4695 "Karaoke Video Creator 2.2.8 - Denial of Service"
3786[I] picturesurf-gallery
3787[M] EDB-ID: 37371 "WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload"
3788[I] placester
3789[M] EDB-ID: 35562 "WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting"
3790[I] player
3791[M] EDB-ID: 38458 "WordPress Plugin Spider Video Player - 'theme' SQL Injection"
3792[I] plg_novana
3793[I] plugin-dir
3794[M] EDB-ID: 22853 "WordPress Plugin Facebook Survey 1.0 - SQL Injection"
3795[I] plugin-newsletter
3796[M] EDB-ID: 19018 "WordPress Plugin NewsLetter 1.5 - Remote File Disclosure"
3797[I] podpress
3798[M] EDB-ID: 38376 "WordPress Plugin podPress - 'playerID' Cross-Site Scripting"
3799[I] portable-phpmyadmin
3800[M] EDB-ID: 23356 "WordPress Plugin Portable phpMyAdmin - Authentication Bypass"
3801[I] post-highlights
3802[M] EDB-ID: 17790 "WordPress Plugin post highlights 2.2 - SQL Injection"
3803[I] post-recommendations-for-wordpress
3804[M] EDB-ID: 37506 "WordPress Plugin Post Recommendations - 'abspath' Remote File Inclusion"
3805[I] powerhouse-museum-collection-image-grid
3806[M] EDB-ID: 35287 "WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Cross-Site Scripting"
3807[I] premium_gallery_manager
3808[M] EDB-ID: 34538 "WordPress Plugin Premium Gallery Manager - Configuration Access"
3809[M] EDB-ID: 39111 "WordPress Plugin Premium Gallery Manager - Arbitrary File Upload"
3810[I] pretty-link
3811[M] EDB-ID: 36233 "WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities"
3812[M] EDB-ID: 36408 "WordPress Plugin Pretty Link 1.5.2 - 'pretty-bar.php' Cross-Site Scripting"
3813[M] EDB-ID: 37196 "WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting"
3814[M] EDB-ID: 38324 "WordPress Plugin Pretty Link - Cross-Site Scripting"
3815[I] profiles
3816[M] EDB-ID: 17739 "WordPress Plugin Profiles 2.0 RC1 - SQL Injection"
3817[I] proplayer
3818[M] EDB-ID: 17616 "WordPress Plugin ProPlayer 4.7.7 - SQL Injection"
3819[M] EDB-ID: 25605 "WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection"
3820[I] pure-html
3821[M] EDB-ID: 17758 "WordPress Plugin PureHTML 1.0.0 - SQL Injection"
3822[I] q-and-a-focus-plus-faq
3823[M] EDB-ID: 39806 "WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities"
3824[I] radykal-fancy-gallery
3825[M] EDB-ID: 19398 "WordPress Plugin Fancy Gallery 1.2.4 - Arbitrary File Upload"
3826[I] rating-widget
3827[I] rb-agency
3828[M] EDB-ID: 40333 "WordPress Plugin RB Agency 2.4.7 - Local File Disclosure"
3829[I] rbxgallery
3830[M] EDB-ID: 19019 "WordPress Plugin RBX Gallery 2.1 - Arbitrary File Upload"
3831[I] real3d-flipbook
3832[M] EDB-ID: 40055 "WordPress Plugin Real3D FlipBook - Multiple Vulnerabilities"
3833[I] really-easy-slider
3834[I] really-simple-guest-post
3835[M] EDB-ID: 37209 "WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion"
3836[I] recent-backups
3837[M] EDB-ID: 37752 "WordPress Plugin Recent Backups 0.7 - Arbitrary File Download"
3838[I] recipe
3839[M] EDB-ID: 31228 "WordPress Plugin Recipes Blog - 'id' SQL Injection"
3840[I] reciply
3841[M] EDB-ID: 35265 "WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload"
3842[I] reflex-gallery
3843[M] EDB-ID: 36374 "WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload"
3844[I] rekt-slideshow
3845[I] related-sites
3846[M] EDB-ID: 9054 "Adobe Flash TextField.tabIndex Setter - Use-After-Free"
3847[I] relocate-upload
3848[M] EDB-ID: 17869 "WordPress Plugin Relocate Upload 0.14 - Remote File Inclusion"
3849[I] rent-a-car
3850[I] resume-submissions-job-postings
3851[M] EDB-ID: 19791 "WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload"
3852[I] rich-widget
3853[M] EDB-ID: 37653 "WordPress Plugin Rich Widget - Arbitrary File Upload"
3854[I] ripe-hd-player
3855[M] EDB-ID: 24229 "WordPress Plugin Ripe HD FLV Player - SQL Injection"
3856[I] robotcpa
3857[M] EDB-ID: 37252 "WordPress Plugin RobotCPA V5 - Local File Inclusion"
3858[I] rss-feed-reader
3859[M] EDB-ID: 35261 "WordPress Plugin RSS Feed Reader 0.1 - 'rss_url' Cross-Site Scripting"
3860[I] s3bubble-amazon-s3-html-5-video-with-adverts
3861[M] EDB-ID: 37494 "WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download"
3862[I] scormcloud
3863[M] EDB-ID: 17793 "WordPress Plugin SCORM Cloud 1.0.6.6 - SQL Injection"
3864[I] se-html5-album-audio-player
3865[M] EDB-ID: 37274 "WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal"
3866[I] search-autocomplete
3867[M] EDB-ID: 17767 "WordPress Plugin SearchAutocomplete 1.0.8 - SQL Injection"
3868[I] securimage-wp
3869[M] EDB-ID: 38510 "WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting"
3870[I] sell-downloads
3871[M] EDB-ID: 38868 "WordPress Plugin Sell Download 1.0.16 - Local File Disclosure"
3872[I] sendit
3873[M] EDB-ID: 17716 "WordPress Plugin SendIt 1.5.9 - Blind SQL Injection"
3874[I] seo-automatic-seo-tools
3875[M] EDB-ID: 34975 "WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal"
3876[I] seo-watcher
3877[M] EDB-ID: 38782 "WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution"
3878[I] sermon-browser
3879[M] EDB-ID: 17214 "WordPress Plugin SermonBrowser 0.43 - SQL Injection"
3880[M] EDB-ID: 35657 "WordPress Plugin Sermon Browser 0.43 - Cross-Site Scripting / SQL Injection"
3881[I] sexy-contact-form
3882[M] EDB-ID: 34922 "WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload"
3883[M] EDB-ID: 35057 "WordPress Plugin 0.9.7 / Joomla! Component 2.0.0 Creative Contact Form - Arbitrary File Upload"
3884[I] sf-booking
3885[M] EDB-ID: 43475 "WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure"
3886[I] sfbrowser
3887[M] EDB-ID: 19054 "WordPress Plugin SfBrowser 1.4.5 - Arbitrary File Upload"
3888[I] sfwd-lms
3889[I] sh-slideshow
3890[M] EDB-ID: 17748 "WordPress Plugin SH Slideshow 3.1.4 - SQL Injection"
3891[I] sharebar
3892[M] EDB-ID: 37201 "WordPress Plugin Sharebar 1.2.1 - SQL Injection / Cross-Site Scripting"
3893[I] si-contact-form
3894[M] EDB-ID: 36050 "WordPress Plugin Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting"
3895[I] simple-ads-manager
3896[M] EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
3897[M] EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
3898[M] EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
3899[M] EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
3900[I] simple-download-button-shortcode
3901[M] EDB-ID: 19020 "WordPress Plugin Simple Download Button ShortCode 1.0 - Remote File Disclosure"
3902[I] simple-fields
3903[M] EDB-ID: 44425 "WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution"
3904[I] simple-forum
3905[I] site-editor
3906[M] EDB-ID: 44340 "Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion"
3907[I] site-import
3908[M] EDB-ID: 39558 "WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion"
3909[I] skysa-official
3910[M] EDB-ID: 36363 "WordPress Plugin Skysa App Bar - 'idnews' Cross-Site Scripting"
3911[I] slider-image
3912[M] EDB-ID: 37361 "WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities"
3913[I] slideshow-gallery-2
3914[M] EDB-ID: 36631 "WordPress Plugin Slideshow Gallery 1.1.x - 'border' Cross-Site Scripting"
3915[I] slideshow-jquery-image-gallery
3916[M] EDB-ID: 37948 "WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities"
3917[I] smart-flv
3918[M] EDB-ID: 38331 "WordPress Plugin Smart Flv - 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities"
3919[I] smart-google-code-inserter
3920[I] sniplets
3921[M] EDB-ID: 5194 "Wansview 1.0.2 - Denial of Service (PoC)"
3922[I] social-discussions
3923[M] EDB-ID: 22158 "WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities"
3924[I] social-slider-2
3925[M] EDB-ID: 17617 "WordPress Plugin Social Slider 5.6.5 - SQL Injection"
3926[I] socialfit
3927[M] EDB-ID: 37481 "WordPress Plugin SocialFit - 'msg' Cross-Site Scripting"
3928[I] sodahead-polls
3929[I] sp-client-document-manager
3930[M] EDB-ID: 35313 "WordPress Plugin SP Client Document Manager 2.4.1 - SQL Injection"
3931[M] EDB-ID: 36576 "WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection"
3932[I] spicy-blogroll
3933[M] EDB-ID: 26804 "WordPress Plugin Spicy Blogroll - Local File Inclusion"
3934[I] spider-event-calendar
3935[M] EDB-ID: 25723 "WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities"
3936[I] spiffy
3937[M] EDB-ID: 38441 "WordPress Plugin Spiffy XSPF Player - 'playlist_id' SQL Injection"
3938[I] st_newsletter
3939[M] EDB-ID: 31096 "WordPress Plugin ShiftThis NewsLetter - SQL Injection"
3940[M] EDB-ID: 6777 "Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)"
3941[I] store-locator-le
3942[M] EDB-ID: 18989 "WordPress Plugin Google Maps via Store Locator 2.7.1 < 3.0.1 - Multiple Vulnerabilities"
3943[I] taggator
3944[I] taggedalbums
3945[M] EDB-ID: 38023 "WordPress Plugin Tagged Albums - 'id' SQL Injection"
3946[I] tagninja
3947[M] EDB-ID: 35300 "WordPress Plugin TagNinja 1.0 - 'id' Cross-Site Scripting"
3948[I] tera-charts
3949[M] EDB-ID: 39256 "WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal"
3950[M] EDB-ID: 39257 "WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal"
3951[I] the-welcomizer
3952[M] EDB-ID: 36445 "WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting"
3953[I] thecartpress
3954[M] EDB-ID: 17860 "WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion"
3955[M] EDB-ID: 36481 "WordPress Plugin TheCartPress 1.6 - 'OptionsPostsList.php' Cross-Site Scripting"
3956[M] EDB-ID: 38869 "WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities"
3957[I] thinkun-remind
3958[M] EDB-ID: 19021 "WordPress Plugin Thinkun Remind 1.1.3 - Remote File Disclosure"
3959[I] tinymce-thumbnail-gallery
3960[M] EDB-ID: 19022 "WordPress Plugin TinyMCE Thumbnail Gallery 1.0.7 - Remote File Disclosure"
3961[I] topquark
3962[M] EDB-ID: 19053 "WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload"
3963[I] track-that-stat
3964[M] EDB-ID: 37204 "WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting"
3965[I] trafficanalyzer
3966[M] EDB-ID: 38439 "WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting"
3967[I] tune-library
3968[M] EDB-ID: 17816 "WordPress Plugin Tune Library 2.17 - SQL Injection"
3969[I] ucan-post
3970[M] EDB-ID: 18390 "WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting"
3971[I] ultimate-product-catalogue
3972[M] EDB-ID: 36823 "WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)"
3973[M] EDB-ID: 36824 "WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)"
3974[M] EDB-ID: 36907 "WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities"
3975[M] EDB-ID: 39974 "WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation"
3976[M] EDB-ID: 40012 "WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload"
3977[M] EDB-ID: 40174 "WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection"
3978[I] ungallery
3979[M] EDB-ID: 17704 "WordPress Plugin UnGallery 1.5.8 - Local File Disclosure"
3980[I] uploader
3981[M] EDB-ID: 35255 "WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting"
3982[M] EDB-ID: 38163 "WordPress Plugin Uploader - Arbitrary File Upload"
3983[M] EDB-ID: 38355 "WordPress Plugin Uploader - 'blog' Cross-Site Scripting"
3984[I] uploadify-integration
3985[M] EDB-ID: 37070 "WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities"
3986[I] uploads
3987[I] upm-polls
3988[M] EDB-ID: 17627 "WordPress Plugin UPM Polls 1.0.3 - SQL Injection"
3989[I] user-avatar
3990[I] user-meta
3991[M] EDB-ID: 19052 "WordPress Plugin User Meta 1.1.1 - Arbitrary File Upload"
3992[I] userpro
3993[M] EDB-ID: 46083 "Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation"
3994[M] EDB-ID: 47304 "WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting"
3995[I] users-ultra
3996[I] verve-meta-boxes
3997[I] videowhisper-live-streaming-integration
3998[M] EDB-ID: 31986 "WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities"
3999[I] videowhisper-video-conference-integration
4000[M] EDB-ID: 36617 "WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload"
4001[M] EDB-ID: 36618 "WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload"
4002[I] videowhisper-video-presentation
4003[M] EDB-ID: 17771 "WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection"
4004[M] EDB-ID: 37357 "WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload"
4005[I] vk-gallery
4006[I] vodpod-video-gallery
4007[M] EDB-ID: 34976 "WordPress Plugin Vodpod Video Gallery 3.1.5 - 'vodpod_gallery_thumbs.php' Cross-Site Scripting"
4008[I] wassup
4009[I] webinar_plugin
4010[M] EDB-ID: 22300 "WordPress Plugin Easy Webinar - Blind SQL Injection"
4011[I] webplayer
4012[I] website-contact-form-with-file-upload
4013[M] EDB-ID: 36952 "WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion"
4014[I] website-faq
4015[M] EDB-ID: 19400 "WordPress Plugin Website FAQ 1.0 - SQL Injection"
4016[I] wechat-broadcast
4017[M] EDB-ID: 45438 "WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion"
4018[I] woocommerce
4019[M] EDB-ID: 43196 "WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal"
4020[I] woopra
4021[M] EDB-ID: 38783 "WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution"
4022[I] wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg
4023[M] EDB-ID: 17763 "Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference"
4024[I] wordpress-member-private-conversation
4025[M] EDB-ID: 37353 "WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload"
4026[I] wordpress-processing-embed
4027[M] EDB-ID: 35066 "WordPress Plugin Processing Embed 0.5 - 'pluginurl' Cross-Site Scripting"
4028[I] wordtube
4029[M] EDB-ID: 3825 "GoodiWare GoodReader iPhone - '.XLS' Denial of Service"
4030[I] work-the-flow-file-upload
4031[M] EDB-ID: 36640 "WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload"
4032[I] wp-adserve
4033[I] wp-audio-gallery-playlist
4034[M] EDB-ID: 17756 "WordPress Plugin Audio Gallery Playlist 0.12 - SQL Injection"
4035[I] wp-automatic
4036[M] EDB-ID: 19187 "WordPress Plugin Automatic 2.0.3 - SQL Injection"
4037[I] wp-autosuggest
4038[M] EDB-ID: 45977 "WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection"
4039[I] wp-autoyoutube
4040[M] EDB-ID: 18353 "WordPress Plugin wp-autoyoutube - Blind SQL Injection"
4041[I] wp-bannerize
4042[M] EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
4043[M] EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
4044[M] EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
4045[I] wp-banners-lite
4046[M] EDB-ID: 38410 "WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection"
4047[I] wp-booking-calendar
4048[M] EDB-ID: 44769 "Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting"
4049[I] wp-business-intelligence
4050[M] EDB-ID: 36600 "WordPress Plugin Business Intelligence - SQL Injection (Metasploit)"
4051[I] wp-business-intelligence-lite
4052[I] wp-cal
4053[M] EDB-ID: 4992 "Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC)"
4054[I] wp-comment-remix
4055[I] wp-content
4056[M] EDB-ID: 19009 "WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload"
4057[M] EDB-ID: 37123 "WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting"
4058[I] wp-copysafe-pdf
4059[M] EDB-ID: 39254 "WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload"
4060[I] wp-cumulus
4061[M] EDB-ID: 10228 "WordPress Plugin WP-Cumulus 1.20 - Full Path Disclosure / Cross-Site Scripting"
4062[M] EDB-ID: 33371 "WordPress Plugin WP-Cumulus 1.x - 'tagcloud.swf' Cross-Site Scripting"
4063[I] wp-custom-pages
4064[M] EDB-ID: 17119 "WordPress Plugin Custom Pages 0.5.0.1 - Local File Inclusion"
4065[I] wp-ds-faq
4066[M] EDB-ID: 17683 "WordPress Plugin DS FAQ 1.3.2 - SQL Injection"
4067[I] wp-e-commerce
4068[M] EDB-ID: 36018 "WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting"
4069[I] wp-easycart
4070[M] EDB-ID: 35730 "WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload"
4071[I] wp-ecommerce-shop-styling
4072[M] EDB-ID: 37530 "WordPress Plugin WP E-Commerce Shop Styling 2.5 - Arbitrary File Download"
4073[I] wp-events-calendar
4074[M] EDB-ID: 44785 "WordPress Plugin Events Calendar - SQL Injection"
4075[I] wp-featured-post-with-thumbnail
4076[M] EDB-ID: 35262 "WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting"
4077[I] wp-filebase
4078[M] EDB-ID: 17808 "WordPress Plugin WP-Filebase Download Manager 0.2.9 - SQL Injection"
4079[I] wp-filemanager
4080[M] EDB-ID: 25440 "WordPress Plugin wp-FileManager - Arbitrary File Download"
4081[M] EDB-ID: 38515 "WordPress Plugin wp-FileManager - 'path' Arbitrary File Download"
4082[M] EDB-ID: 4844 "STDU Explorer 1.0.201 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution"
4083[I] wp-footnotes
4084[M] EDB-ID: 31092 "WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities"
4085[I] wp-forum
4086[M] EDB-ID: 7738 "WordPress Plugin WP-Forum 1.7.8 - SQL Injection"
4087[I] wp-glossary
4088[M] EDB-ID: 18055 "WordPress Plugin Glossary - SQL Injection"
4089[I] wp-google-drive
4090[M] EDB-ID: 44435 "WordPress Plugin Google Drive 2.2 - Remote Code Execution"
4091[I] wp-google-maps
4092[I] wp-gpx-maps
4093[M] EDB-ID: 19050 "WordPress Plugin wp-gpx-map 1.1.21 - Arbitrary File Upload"
4094[I] wp-imagezoom
4095[M] EDB-ID: 37243 "WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities"
4096[M] EDB-ID: 37419 "WordPress Plugin Wp-ImageZoom - 'file' Remote File Disclosure"
4097[M] EDB-ID: 38063 "WordPress Theme Wp-ImageZoom - 'id' SQL Injection"
4098[I] zingiri-web-shop
4099[M] EDB-ID: 17867 "WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion"
4100[M] EDB-ID: 37406 "WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload"
4101[M] EDB-ID: 38046 "WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload"
4102[I] zotpress
4103[M] EDB-ID: 17778 "WordPress Plugin Zotpress 4.4 - SQL Injection"
4104[I] Checking for Directory Listing Enabled ...
4105[L] https://nymasons.org/site/wp-admin/css
4106[L] https://nymasons.org/site/wp-admin/images
4107[L] https://nymasons.org/site/wp-admin/includes
4108[L] https://nymasons.org/site/wp-admin/js
4109[L] https://nymasons.org/site/wp-admin/maint
4110[L] https://nymasons.org/site/wp-includes
4111[L] https://nymasons.org/site/wp-includes/ID3
4112[L] https://nymasons.org/site/wp-includes/IXR
4113[L] https://nymasons.org/site/wp-includes/Requests
4114[L] https://nymasons.org/site/wp-includes/SimplePie
4115[L] https://nymasons.org/site/wp-includes/Text
4116[L] https://nymasons.org/site/wp-includes/blocks
4117[L] https://nymasons.org/site/wp-includes/certificates
4118[L] https://nymasons.org/site/wp-includes/css
4119[L] https://nymasons.org/site/wp-includes/customize
4120[L] https://nymasons.org/site/wp-includes/fonts
4121[L] https://nymasons.org/site/wp-includes/images
4122[L] https://nymasons.org/site/wp-includes/js
4123[L] https://nymasons.org/site/wp-includes/pomo
4124[L] https://nymasons.org/site/wp-includes/random_compat
4125[L] https://nymasons.org/site/wp-includes/rest-api
4126[L] https://nymasons.org/site/wp-includes/sodium_compat
4127[L] https://nymasons.org/site/wp-includes/theme-compat
4128[L] https://nymasons.org/site/wp-includes/widgets
4129[L] https://nymasons.org/site/wp-content/plugins/cryptx
4130[L] https://nymasons.org/site/wp-content/plugins/divi_module_menu
4131[L] https://nymasons.org/site/wp-content/plugins/google-drive-embedder
4132[L] https://nymasons.org/site/wp-content/plugins/wp-google-maps
4133[-] Date & Time: 05/10/2019 20:48:44
4134[-] Completed in: 0:47:07
4135#######################################################################################################################################
4136 Anonymous #OpKilluminati JTSEC Full Recon #15