- Nikto v2.6.0
---------------------------------------------------------------------------
+ Your Nikto installation is out of date.
+ Target IP:          172.67.209.18
+ Target Hostname:    desync.reselling.pro
+ Target Port:        80
+ Platform:           Unknown
+ Start Time:         2026-03-17 20:56:24 (GMT-4)
---------------------------------------------------------------------------
+ Server: cloudflare
+ Multiple IPs found: 172.67.209.18, 104.21.58.221, 2606:4700:3033::ac43:d112, 2606:4700:3034::6815:3add
+ [011799] /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ [999106] /: Cloudflare detected via cf-ray header. Recommend proxying via Burp or mitmproxy to avoid TLS fingerprint blocks. See: https://github.com/sullo/nikto/wiki/Using-a-Proxy
+ No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped.
+ [999996] /robots.txt: contains 9 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt
+ [999100] /: Uncommon header(s) 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+ [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ [800264] /: cloudflare - Cloudflare detected via banner. Recommend proxying via Burp or mitmproxy to avoid TLS fingerprint blocks if not already proxying.
+ [003355] /pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>: Oracle 9iAS is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2029
+ [003410] /shopadmin.asp?Password=abc&UserName=\"><script>alert(foo)</script>: VP-ASP Shopping Cart 5.50 shopadmin.asp UserName Variable XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3685
+ [003411] /phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>: PHP contains a flaw that allows a remote cross site scripting attack. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
+ [003412] /phpinfo.php?cx[]=xsVgykzSYoQDJbSbx4DRQDJUP3BjWeVnTNJuIQRLqbrjUAVCmlRp2AOUwYxYBBJImYgXLfE2AnotmmovNz26QiXVblIZzBOClDA7ZORkVsE4NB8V9nr4BHbOCNuJTVEWJxfenyk1Nf94FFUYwDyNu49TZxR8VQkjcHQfdBwPgTSkeVcQXDSnjZzG1K5NKD99k4hZR6KdYf2mDAvqUZTn9CesKovaalQlswvpNOeQJQHOD1Nwd4GQ9uglW4ZOmoaU9c50UpyP19iPzeoFxcs2iLXkRlNC3pmglc0n7u8b7BHZKMWz7eUd0GTMS5XYyYIAiIrY37YYgSieeMRUa0u76PAQod296u3P4mQRggrGsQpmWvX8u7oymnllwxuv95wFT8TOqGifhKNvc0okIFxGqaOH9ZlP2AX7XqImYFSmdhB7FdPaUegnqSH8QXzCsrRhfG19SlpqdEeZwf41yL4jSV02XYExsWSzIbBjNJsLBBORf6HW8VS7krEEDvSC66H5poE6loGteBqQwuh5Y5ufg4AK9aTPM2Hy4vnxGRvy9F6GOgEMHYGVIR3M2VXh6YWkHwzloBbIfCsIYLA5YTeLdKJZsPrQqIO1wrsTzTQmDT5xAOK6PtGxrrGUzJWr7I69P9mn50UnUHLGoLSChibC7JlYZpOCeENsrnP6nvoW7WbIm1jFxMTwG9lmeNgV5H9bX9tZ4OAgMcCrNINex3r5ded2tCHwa4v4rEg2hLNqlH8EfRt4218O7Z93X1PBXrxlchC9QClQTiHLpznyVv7S3YrVVM12bE8iQhPX5Xx5imM6FNVzlx9hyG8rdlhON7CYlAoVuZ2kqPZ8ShZFOJAA4sclivxKuIOqA1Cl0N814X5iAKX2dNPRBD1E0YBW2ke5L37Pk3thGoYIBwqNQ4VeBrxJEurAXJgBhAGDBBDpZWlC1mMeepMDLYlXXSZn7htXBuVlbx8gmyXyqxp98Nu8TRIjjEnnKWMZvblvX5oJX9MmMtYldwaqG6EoNxOwd0T2gJbDz10UWvKWmg94Q4YYCGzpyxBtiiugniFbd13w33hMqWoHOpHlIecFYV4diXMU4W3HokH4wMycRHjpTbr8sobXfRuSuIKhpJ6aduO6l1orBC4RreWXBoGoBLUovRKGekkvHkRjJj5w4zbcXYRj2lRj0q9o4vT2yOC5w7UI49CKozzNpbTkBxjsAXtTDJDw00ECQSMFZPZcxcZuMzJl1FjjpevclZgRxYOTzMnXV8UKeBxrfNMzHY9H5oWDYeyyc9KYK0eFUgu5ZAGyDjYkCg6wCNnv6wkSovsdcm3hHpreI4ptpy4y90EPaUUVlddPQq7OxtFq9FddwRKd60aT57hR4OZFMFeIlzg3iSQU6DE01Lvi7GMShTuCHxW9qyBL6yS6mryiifsMWSpv4lWRLLpiA2HkVDspPtLEMQbWUlrrfjjhvf31sXChvZoChcKBwiPWwp0t6Arko50y2BE3a8FXEiVXQVSGQbDGRSNGeSOkgxYm1vVWo0B9PmwFdtPlrxTpHxE10h19dHHKxEhqlCloUZkBynQhx6bDquLifwuVGl5HZupDG06GZcM3KJyKHHFyH3K8OJA020i5X8EiAhva1BhTYgNOV51tOiFAW02c1BKMCNKcx2OrdFqz24LHCoiI6WCyJ9d1e4wOyTP6kpWAFBCgiMTA7J5vJdace85ulxRB1IX2TkrJV5jViqaJ7lA1y2cmvTYVpAikFKM4hllKPAwtLH0SwTVAvdISmJSgQ5BgEyHjyO076D1QHWBWero8V6ZU02GqoYvlgojsMvKWmzLjwoXisp4wu4CatMZaXKfEVdgEQGunTl7uqsfZNfam0r56S7IXiPQcGChMwCf1JH9GOWWCYbRFRsaasTnmzCdw70R7iozHCoO0UpfplARSjuGPxebxRu0BFMVsqkRk80dJrBjCVqoRtmhL4ZF4sviHtLdsJHG6SwJrsPDhmq2f9UyKoki18X1pywCELXPJICdrpvukiaOCcD8QiaAn8BfDB9jxvdq40N2U2GkXI2eeYI4cnK4viY3PUILlAuVP74hmRCdsK2GteSf3SYRhJ6w97hw11X0vHCHRjsublqyO0PcvA181Mt9P7DYGmYiyjVTwkU36tiPEYtIuhH65ljluxvNqxi9QWV9MWXbqcVvsZIZpjXVrE9uHzurzTUe1DEBQ2MZKe6iYR0DXId8OqOYunwhg974xbL23bo9pq8cEms6OiU3JgpM0M3JwqctrZJXrHMxmGZw2BPZfvLyaC2cbyH7y8hTIKTn2GFY1R1BFxUML8kYh1oUEXHzH61Dxw1KwnAUW1JWBKTxJJdntH0dw0Htuoc73wTNwtWliHldDw9TJ2AQHBsPpMx7lxeQ1jnnjH6sbFfAcdU6f0qc4PhzpDdPshLvYMncemvGNqiULJjmYQ0IFjKJmmUjhNSJnrtGkgXpnrZc5qB6fE1lM3krVlawdAz56upyPrM282p3T5qJobaQaB7uYx7DPwUzZi2MRleRJTkmppoe31crR2ThSvWBnRhuRBmYWTH7UsGRinK8rZtpV6bf6ljVPjlMl51kJOjXGMs3yjexy4ZbS3Rqyy2O7VgzqMM2y3dDDhYYGMbmngWm0AOnrQME1lrwCFq0gkbrHYmkR5ED0gGjdhciJSTU9Bz6UjKnGJ8YaFFpsLZcKYfBUpGBa2lfElhKsyZ8zHNeav1ntuacaGqXrbfyWXTcWL0XMfgw9KeUgzwxi8N86k4iya9sNd7TeIyi1bqG1ILxEQ4GveQJEhe4hndKXJPp8FFkuQ3YNKuQobVzTqQc1fxEVsqRkopiMTAoixJv1TlZhzpyuv9xwDaezxUXBgnAkntnqdwuPfJ2LB87Zno5h7bEA6X8D7YZY2GiEPLIXNDbt6mPYD42aFEFBGKWIAYA3C9W5f0KpWohLQ21EVsvnHRiFsZ47tsIUVwfxEervqWhVLSUq6sdmNjvHF5nuSTqSKmJsKh5zgDHqX2vQ8QSgq6Z82wkBk62P56HGbDN3Rz6Ld3VsIAkIjMk0UCpTNAfZ4axLTgDhcBOkv9w6Fk8iQHa5pqboNIngcHGeKO0xfHjZSVj6532bYURxmansagfRkCOhT0EUl30CipmIg5Uvlq8xfKmM6Q5nN8yqDoYnWAOeTsqCjTxXOb4vPIUlPH3evHxAS03Jb9XlgyvPEwR29biiPreAuiUx5mUg6LSIW3zE5SFh1O6zhsoTnFdxLndiRwdX3ziVFtC4JSM7A8jUxeucud97yMF97dLHI9cYB5y9k5BztWQjBPef9hwpxI2d7Ff0bFqy0tgGNpEufPb1kMFvCCeeHSaLgt0LOZSywTSP9zuA4yJHlMLHiuZsPODM7VsDbRo6JSMp3hR9Jk1jzJKAJt8OVjnpI67hmxOPL0oGti3F9fLtkGYlfVBkr5aou6Ud3xHV1DlfznjPZWqjAQMTMtjjNkQdzS1vYIvqeLkyM3omLhyDEsOMd5B1lyslJkYY5s9gfTfs2g8nQtHO7Uj6V6lIMrmcM4libg4GpZfmkVhv573O7sRTVVSw3YObsjEFeqWhIpWqdh7unyHVTn6zdHFFFoUoKwSj14rrhXnsO8CEKkxQMGYTCxQtmBVuV79wKj3sPZrHGZeLrYVeiaTZRTqMnmPaPX9CLNL0tyUrbZbLzHRGQbnJggqa6TmOQZDndiLfltSoJLxXByXjmEGovdDp0nePgvws0M9pHJT2CaB2AwZuHMTy5NmVlFWXkCm8ynwTRCoGAKhx804sX2ZfS0FpX5FsqsehU3DTud3lYhC8afGYnUrwiQJtNnHjfrXpA2XAMzbDOWirpc5HmQDXFtKmBH423kU3PPkG3p8egAvzziBX3USV6MKNnMKJIm0pBhkNblRm6Dx8rDtXULsxE92UW9TI29hRZ1XXuEi3x4ThybqmXkWsVFK8bEJlQGNbjVYZjF2g631QMdOAZGFu0tGpDEArh02yB8u6eAPFSEGFrSubrJxNTywcxYkTQbv0YYdmX2eCIdS7x5l4g1151GfQgicRNL4V9p6eIUcxPLkEhlrSmthnAUQKpdZ8bCn0Usr6p3Ss<script>alert(foo)</script>: PHP 5.1.2 and 4.4.2 phpinfo() Function Long Array XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1663 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
+ Scan terminated: 2 errors and 14 items reported on the remote host
+ End Time:           2026-03-17 20:57:54 (GMT-4) (90 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested