- Nikto v2.5.0 --------------------------------------------------------------------------- + Target IP: 62.212.239.164 + Target Hostname: kupon.gfn.co.az + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Subject: /CN=kupon.gfn.co.az Altnames: coupon.gfn.co.az, cupon.gfn.co.az, kupon.gfn.co.az, shop.gfn.co.az, www.coupon.gfn.co.az, www.cupon.gfn.co.az, www.kupon.gfn.co.az, www.shop.gfn.co.az Ciphers: TLS_AES_256_GCM_SHA384 Issuer: /C=US/O=Let's Encrypt/CN=R10 + Start Time: 2024-07-17 04:53:28 (GMT-4) --------------------------------------------------------------------------- + Server: Apache/2.4.61 (Ubuntu) + /: Cookie OCSESSID created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /: Cookie OCSESSID created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /: Cookie language created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /: Cookie language created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /: Cookie currency created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /: Cookie currency created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/ + No CGI Directories found (use '-C all' to force check all possible dirs) + /robots.txt: contains 14 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt + /: The Content-Encoding header is set to "deflate" which may mean that the server is vulnerable to the BREACH attack. See: http://breachattack.com/ + /: Web Server returns a valid response with junk HTTP methods which may cause false positives. + /: DEBUG HTTP verb may show server debugging information. See: https://docs.microsoft.com/en-us/visualstudio/debugger/how-to-enable-debugging-for-aspnet-applications?view=vs-2017 + /config.php: PHP Config file may contain database IDs and passwords. + /wordpress/wp-app.log: Wordpress' wp-app.log may leak application/system details. + http://100.100.100.200/latest/meta-data/: The Alibaba Cloud host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure. + 8143 requests: 0 error(s) and 15 item(s) reported on remote host + End Time: 2024-07-17 08:01:39 (GMT-4) (11291 seconds) --------------------------------------------------------------------------- + 1 host(s) tested ********************************************************************* Portions of the server's headers (Apache/2.4.61) are not in the Nikto 2.5.0 database or are newer than the known string. Would you like to submit this information (*no server specific data*) to CIRT.net for a Nikto update (or you may email to sullo@cirt.net) (y/n)?