- Nikto --------------------------------------------------------------------------- + Target IP: 23.204.11.32 + Target Hostname: www.aliexpress.com + Target Port: 80 + Start Time: 2024-09-04 06:09:34 (GMT-4) --------------------------------------------------------------------------- + Server: Tengine/Aserver + /: IP address found in the 'x-akamai-fwd-auth-data' header. The IP is "23.195.36.165". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /: IP address found in the 'x-akamai-fwd-auth-data' header. The IP is "172.96.166.66". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /: Uncommon header 'x-akamai-fwd-auth-data' found, with contents: 1142285613, 23.195.36.165, 1725444574, 172.96.166.66. + /: Uncommon header 'x-akamai-fwd-auth-sha' found, with contents: BC04BCB2ED8A1CC512A66B502BB1627590474A05B0B8AB7AFFDE4F517CAAD6C0. + /: Uncommon header 'eagleeye-traceid' found, with contents: 210318ec17254445742423444ec6b4. + /: Uncommon header 'x-akamai-fwd-auth-sign' found, with contents: yOD9FE2YxTcTkl0kDQvRg5eZvDtKDwrtZI9qKEVdBWEfWaSZyR+D9ry67k2jQuNmB2W5UE6vr9f2l786uSeEogsJ02b/2lr5G36ZAp5hCsE=. + /: Uncommon header 'server-timing' found, with multiple values: (edge; dur=15,origin; dur=12,cdn-cache; desc=MISS,ak_p; desc="1725444574230_398664869_781429670_2720_7215_1_0_-";dur=1,). + Root page / redirects to: https://www.aliexpress.com/ + /MfEwrGFU.js: IP address found in the 'aliaka_real_ip' header. The IP is "172.96.166.66". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /MfEwrGFU.js: Uncommon header 'z_ak_client_ip' found, with contents: 127.0.0.1. + No CGI Directories found (use '-C all' to force check all possible dirs) + /favicon.ico: Retrieved access-control-allow-origin header: http://hz.aliexpress.com. + /favicon.ico: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/ + : Server banner changed from 'Tengine/Aserver' to 'AkamaiGHost'. + /Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000: Cookie ali_apache_id created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000: IP address found in the 'ali_apache_id' cookie. The IP is "33.1.236.31". + /Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000: Cookie xman_us_f created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000: Cookie intl_locale created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000: Cookie acs_usuc_t created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000: Cookie aep_usuc_f created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000: Retrieved x-application-context header: global-biz-gateway:9901. + /Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000: Uncommon header 'x-application-context' found, with contents: global-biz-gateway:9901. + Scan terminated: 0 error(s) and 20 item(s) reported on remote host + End Time: 2024-09-04 06:10:35 (GMT-4) (61 seconds) --------------------------------------------------------------------------- + 1 host(s) tested