URL: https://regho.com/ [66.97.41.106] Started: Mon Jan 13 12:53:23 2025 Interesting Finding(s): Headers | Interesting Entries: | - Server: Apache/2.4.52 (Ubuntu) | - Access-Control-Allow-Origin: | - Access-Control-Allow-Credentials: true | - Access-Control-Max-Age: 86400 | - Access-Control-Allow-Methods: * | - Access-Control-Allow-Headers: * | - Access-Control-Expose-Headers: * | - X-Powered-By: Regho IaaS | - X-Download-Options: noopen | - X-DNS-Prefetch-Control: on | - X-UA-Compatible: IE=edge,chrome=1 | - Referrer-Policy: no-referrer | - Cross-Origin-Resource-Policy: cross-origin | - Cross-Origin-Embedder-Policy: unsafe-none | - Cross-Origin-Opener-Policy: same-origin | - Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(self), gyroscope=(), interest-cohort=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-script=(), sync-xhr=(), usb=(), vertical-scroll=(self), web-share=(), wake-lock=(), xr-spatial-tracking=() | - X-Robots-Tag: nofollow, noarchive, nosnippet, notranslate | - Via: 1.1 varnish (Varnish/7.0) | Found By: Headers (Passive Detection) | Confidence: 100% robots.txt found: https://regho.com/robots.txt | Interesting Entries: | - /wp-admin/ | - /wp-admin/admin-ajax.php | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% WordPress readme found: https://regho.com/readme.html | Found By: Direct Access (Aggressive Detection) | Confidence: 100% This site has 'Must Use Plugins': https://regho.com/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins The external WP-Cron seems to be enabled: https://regho.com/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 WordPress version 6.7.1 identified (Latest, released on 2024-11-21). | Found By: Query Parameter In Install Page (Aggressive Detection) | - https://regho.com/wp-includes/css/dashicons.min.css?ver=6.7.1 | - https://regho.com/wp-includes/css/buttons.min.css?ver=6.7.1 | - https://regho.com/wp-admin/css/forms.min.css?ver=6.7.1 | - https://regho.com/wp-admin/css/l10n.min.css?ver=6.7.1 | - https://regho.com/wp-admin/css/install.min.css?ver=6.7.1 WordPress theme in use: astra.bkp | Location: https://regho.com/wp-content/themes/astra.bkp/ | Readme: https://regho.com/wp-content/themes/astra.bkp/readme.txt | Style URL: https://regho.com/wp-content/themes/astra.bkp/style.css | Style Name: Astra | Style URI: https://wpastra.com/ | Description: Astra is fast, fully customizable & beautiful WordPress theme suitable for blog, personal portfolio,... | Author: Brainstorm Force | Author URI: https://wpastra.com/about/?utm_source=theme_preview&utm_medium=author_link&utm_campaign=astra_theme | | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection) | | Version: 4.3.1 (80% confidence) | Found By: Style (Passive Detection) | - https://regho.com/wp-content/themes/astra.bkp/style.css, Match: 'Version: 4.3.1' Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs -: |=================================================| User(s) Identified: apkahym | Found By: Wp Json Api (Aggressive Detection) | - https://regho.com/wp-json/wp/v2/users/?per_page=100&page=1 | Confirmed By: | Oembed API - Author URL (Aggressive Detection) | - https://regho.com/wp-json/oembed/1.0/embed?url=https://regho.com/&format=json | Author Id Brute Forcing - Author Pattern (Aggressive Detection) client | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) No WPScan API Token given, as a result vulnerability data has not been output. You can get a free API token with 25 daily requests by registering at https://wpscan.com/register Finished: Mon Jan 13 12:53:45 2025 Requests Done: 59 Cached Requests: 11 Data Sent: 15.444 KB Data Received: 1.089 MB Memory used: 192.031 MB Elapsed time: 00:00:22