- Nikto --------------------------------------------------------------------------- + Multiple IPs found: 104.18.34.116, 172.64.153.140 + Target IP: 104.18.34.116 + Target Hostname: nordpass.com + Target Port: 80 + Start Time: 2024-11-18 03:42:09 (GMT-5) --------------------------------------------------------------------------- + Server: cloudflare + /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1". + /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + Root page / redirects to: https://nordpass.com/ + /9luASDUD.lst: Uncommon header 'origin-agent-cluster' found, with contents: ?1. + /9luASDUD.lst: Uncommon header 'cf-mitigated' found, with contents: challenge. + /9luASDUD.lst: Uncommon header 'x-content-options' found, with contents: nosniff. + /9luASDUD.lst: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA. + /9luASDUD.lst: Uncommon header 'critical-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA. + /9luASDUD.lst: Uncommon header 'cf-chl-out' found, with contents: rFN+oREHBqme0+NouKV9id6u48rZStbUyrJhyjUB1EJb00AgB2tzX9VErO++2S1Nsxwku18wD9bNlVufPKjmAH2nvvbdmpdtWfeVbnxj8jFqEXmkxwkkhRopM4zmtivILAFmpmDX/3mfXgqPmD2TpQ==$T+M4Znmq1W4iMxwEVGkY0w==. + /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1724 + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). + /members.asp?SF=%22;}alert(223344);function%20x()\{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: OSVDB-4598 + /forum_members.asp?find=%22;}alert(9823);function%20x()\{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: OSVDB-2946 + Scan terminated: 0 error(s) and 13 item(s) reported on remote host + End Time: 2024-11-18 03:43:10 (GMT-5) (61 seconds) --------------------------------------------------------------------------- + 1 host(s) tested