- Nikto 
---------------------------------------------------------------------------
+ Target IP:          23.204.11.32
+ Target Hostname:    www.aliexpress.com
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /C=CN/ST=\xE6\xB5\x99\xE6\xB1\x9F\xE7\x9C\x81/L=\xE6\x9D\xAD\xE5\xB7\x9E\xE5\xB8\x82/O=Alibaba Cloud Computing Ltd./CN=ae01.alicdn.com
                   Altnames: ae01.alicdn.com, a.aliexpress.com, acs.aliexpress.com, acs.aliexpress.us, activities.aliexpress.com, aeis.alicdn.com, aelive-ru.alicdn.com, aeliveqa-center.alicdn.com, aeproductsourcesite.alicdn.com, aeu.alicdn.com, ajax.aliexpress.com, api.dos.aliexpress.com, api.m.aliexpress.com, ar.aliexpress.com, assets.alicdn.com, b.alicdn.com, best.aliexpress.com, brands.aliexpress.com, cdp.aliexpress.com, cn.m.aliexpress.com, connectkeyword.aliexpress.com, de.aliexpress.com, desc.aliexpress.com, detect-us-ak.aliexpress-media.com, es.aliexpress.com, feedback.aliexpress.com, fr.aliexpress.com, g.alicdn.com, group.aliexpress.com, gtreu.aliexpress.com, gtrhz.aliexpress.com, gtrru.aliexpress.com, gtrus.aliexpress.com, h5.aliexpress.com, he.aliexpress.com, hotproducts.aliexpress.com, i.alicdn.com, id.aliexpress.com, ilce.aliexpress.com, img.alicdn.com, is.alicdn.com, it.aliexpress.com, ja.aliexpress.com, ko.aliexpress.com, lazada.alicdn.com, lighthouse.aliexpress.com, login.aliexpress.com, login.aliexpress.us, m.aliexpress.com, m.aliexpress.us, m.ar.aliexpress.com, m.de.aliexpress.com, m.es.aliexpress.com, m.fr.aliexpress.com, m.he.aliexpress.com, m.id.aliexpress.com, m.it.aliexpress.com, m.ja.aliexpress.com, m.ko.aliexpress.com, m.nl.aliexpress.com, m.pl.aliexpress.com, m.pt.aliexpress.com, m.ru.aliexpress.com, m.th.aliexpress.com, m.tr.aliexpress.com, m.vi.aliexpress.com, macc.aliexpress.com, mbest.aliexpress.com, medusa.alicdn.com, message.aliexpress.com, msu.aliexpress.com, my.aliexpress.com, nl.aliexpress.com, passport.aliexpress.com, pl.aliexpress.com, promotion.aliexpress.com, pt.aliexpress.com, ru.aliexpress.com, s.click.aliexpress.com, sale.aliexpress.com, selection.aliexpress.com, shoppingcart.aliexpress.com, shoppingcart1.aliexpress.com, ssr.aliexpress.com, style.alibaba.com, style.aliexpress.com, th.aliexpress.com, tr.aliexpress.com, u.alicdn.com, us-click.aliexpress.com, us.ae.aliexpress.com, us.cobra.aliexpress.com, vi.aliexpress.com, www.aliexpress.com, www.aliexpress.us
                   Ciphers:  TLS_AES_256_GCM_SHA384
                   Issuer:   /C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
+ Start Time:         2024-11-23 14:13:35 (GMT-5)
---------------------------------------------------------------------------
+ Server: Tengine/Aserver
+ /: Cookie ali_apache_id created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie ali_apache_id created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: IP address found in the 'ali_apache_id' cookie. The IP is "33.1.233.162".
+ /: Cookie xman_us_f created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie xman_us_f created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie acs_usuc_t created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie acs_usuc_t created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie intl_locale created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie intl_locale created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie aep_usuc_f created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie aep_usuc_f created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie xman_t created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie intl_common_forever created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie xman_f created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Retrieved access-control-allow-origin header: https://hz.aliexpress.com.
+ /: Uncommon header 'server-timing' found, with multiple values: (cdn-cache; desc=MISS,edge; dur=37,origin; dur=14,ak_p; desc="1732389215898_398664869_3963254021_6478_8148_6_7_-";dur=1,).
+ /: Uncommon header 'eagleeye-traceid' found, with contents: 2101e9a217323892159354749e6d88.
+ Root page / redirects to: https://www.aliexpress.us/?gatewayAdapt=glo2usa&_randl_shipto=US
+ /LAYRFePK.db: IP address found in the 'x-akamai-fwd-auth-data' header. The IP is "23.195.36.165". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /LAYRFePK.db: IP address found in the 'x-akamai-fwd-auth-data' header. The IP is "172.96.166.66". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /LAYRFePK.db: Uncommon header 'x-akamai-fwd-auth-data' found, with contents: 2145870972, 23.195.36.165, 1732389216, 172.96.166.66.
+ /LAYRFePK.db: Uncommon header 'x-akamai-fwd-auth-sha' found, with contents: 0F2EA695BED36090314D0F78FAA7F90D0C185E9476BDFDF644426930F69FFFAE.
+ /LAYRFePK.db: Uncommon header 'x-akamai-fwd-auth-sign' found, with contents: /iG4oiGVk2oEEf6/diPsuVmwnhhKy8MRSHyiAyDqrphtkizzltnBOme976v1nfH2aPjgUIEx0foxvB1uBvn6xNVlLHjN3wP7ktE7qfjWtHw=.
+ /LAYRFePK.htaccess: Uncommon header 'bxpunish' found, with contents: 1.
+ /LAYRFePK.htaccess: Uncommon header 'x-akamai-transformed' found, with contents: 9 343 0 pmb=mRUM,2.
+ /LAYRFePK.htaccess: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /LAYRFePK.htm: Cookie JSESSIONID created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /LAYRFePK.htm: Retrieved x-application-context header: ae-buyer-homepage-f:prod:7001.
+ /LAYRFePK.htm: Uncommon header 'x-application-context' found, with contents: ae-buyer-homepage-f:prod:7001.
+ /LAYRFePK.js: Cookie e_id created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /LAYRFePK.js: Cookie e_id created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /LAYRFePK.js: IP address found in the 'z_ak_client_ip' header. The IP is "23.47.58.133". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /LAYRFePK.js: IP address found in the 'aliaka_real_ip' header. The IP is "172.96.166.66". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /crossdomain.xml contains 10 lines which include the following domains: *.taobao.com *.taohua.com *.aliway.com *.alibaba-inc.com *.etao.com *.tmall.com *.alipay.com *.aliyun.com *.aliloan.com *.taobao.net . See: http://jeremiahgrossman.blogspot.com/2008/05/crossdomainxml-invites-cross-site.html
+ /robots.txt: Cookie XSRF-TOKEN created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /robots.txt:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /store/all-wholesale-products/*/: Cookie x5secdata created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /store/all-wholesale-products/*/: Cookie x5secdata created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /robots.txt: Entry '/store/all-wholesale-products/*/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file
+ /robots.txt: Entry '/wholesale.html$' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file
+ : Server banner changed from 'Tengine/Aserver' to 'AkamaiGHost'.
+ /robots.txt: Entry '/store/*ajax.htm$' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file
+ /detail/*Ajax.do$: Cookie ; Domain created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /detail/*Ajax.do$: Cookie ; Domain created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /detail/*Ajax.do$: Cookie _mle_tmp_harden0 created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /detail/*Ajax.do$: Uncommon header 'resin-trace' found, with contents: ali_resin_trace=ae_cause_refer=other.
+ /robots.txt: Entry '/api/data_homepage.do' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file
+ /robots.txt: contains 74 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt
+ Scan terminated: 0 error(s) and 47 item(s) reported on remote host
+ End Time:           2024-11-23 14:14:36 (GMT-5) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested