Scan report for "blinkit.com"

  1. Nikto Online
  2. Scan report for "blinkit.com"
Membership level: Free member
Summary

Found

167

Duration

1min 1sec

Date

2025-01-12

IP

104.18.35.23

Report
Nikto scan (max 60 sec) (nikto -host blinkit.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.18.35.23, 172.64.152.233, 2606:4700:4400::6812:2317, 2606:4700:4400::ac40:98e9
+ Target IP:          104.18.35.23
+ Target Hostname:    blinkit.com
+ Target Port:        80
+ Start Time:         2025-01-11 21:12:41 (GMT-8)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Retrieved access-control-allow-origin header: *.
+ /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1".
+ /A2PVUyNO.txt: Uncommon header 'cf-mitigated' found, with contents: challenge.
+ /A2PVUyNO.txt: Uncommon header 'origin-agent-cluster' found, with contents: ?1.
+ /A2PVUyNO.txt: Uncommon header 'critical-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /A2PVUyNO.txt: Uncommon header 'cf-chl-out' found, with contents: Bs9S8MZLLbwIopm0SjImyBt06ibXl11IoXLV8dwIJiLNX7rTT6zuBB8cqf8QRJBYg4Kz5LsY2FdpYY0hKNJWwBa4fMDj6en/uAz/Q2o4id2QInMsq5TxWFFFLkY0SZebO5WfcDXEeLOeixRzic2lew==$wBPPGvcAu2Gl/GLa1C/5+w==.
+ /A2PVUyNO.txt: Uncommon header 'x-content-options' found, with contents: nosniff.
+ /A2PVUyNO.txt: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /A2PVUyNO.txt: IP address found in the '_cfuvid' cookie. The IP is "0.0.1.1".
+ /cgi-914/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /scripts/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scripts/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php.
+ /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist.
+ /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin.
+ /cgi/finger: finger other users, may be other commands?.
+ /scripts/finger: finger other users, may be other commands?.
+ /fcgi-bin/finger: finger other users, may be other commands?.
+ /cgi-914/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgibin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-home/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /~root/: Allowed to browse root's home directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1013
+ /cgi-bin/wrap: Allows viewing of directories.
+ /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
+ /help/: Help directory should not be accessible.
+ /cgibin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-home/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cfdocs/expeval/openfile.cfm: Can use to expose the system/server path.
+ /cgi-914/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-sys/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /tsweb/: Microsoft TSAC found. See: https://web.archive.org/web/20040910030506/http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
+ /vgn/performance/TMT: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available.
+ /vgn/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/stylepreviewer: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Select: Vignette CMS admin/maintenance script available.
+ /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dir>. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-028
+ /SiteServer/Admin/commerce/foundation/domain.asp: Displays known domains of which that server is involved. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/commerce/foundation/DSN.asp: Displays all DSNs configured for selected ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/admin/findvserver.asp: Gives a list of installed Site Server components. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current search catalog configurations.
+ /IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
+ /bb-dnbd/faxsurvey: This may allow arbitrary command execution.
+ /SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp: Microsoft Site Server used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420
+ /prd.i/pgen/: Has MS Merchant Server 1.0.
+ /siteseed/: Siteseed pre 1.4.2 have 'major' security problems.
+ /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
+ /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html
+ /cgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgibin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /fcgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-home/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /uploadn.asp: An ASP page that allows attackers to upload files to server.
+ /uploadx.asp: An ASP page that allows attackers to upload files to server.
+ /server/: Possibly Macromedia JRun or CRX WebDAV upload.
+ /vgn/ac/delete: Vignette CMS admin/maintenance script available.
+ /vgn/ac/index: Vignette CMS admin/maintenance script available.
+ /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available.
+ /vgn/asp/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/errors: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/controller: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
+ /forum/admin/wwforum.mdb: Web Wiz Forums password database found. See: https://seclists.org/bugtraq/2003/Apr/238
+ /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
+ /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382
+ /database/db2000.mdb: Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root. See: https://www.medae.co/en/max/web-app
+ /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
+ /cms/typo3conf/: This may contain sensitive TYPO3 files.
+ /site/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo/typo3conf/database.sql: TYPO3 SQL file found.
+ /webcart/config/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /WS_FTP.ini: Can contain saved passwords for FTP sites.
+ /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17660
+ /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in.
+ /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein.
+ /jamdb/: JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.
+ /cgibin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /scripts/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-home/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-914/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-sys/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgibin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-914/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-sys/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgibin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /scripts/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-sys/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgibin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /perl/-e%20print%20Hello: The Perl interpreter on the Novell system may allow any command to be executed. See: http://www.securityfocus.com/bid/5520
+ /securecontrolpanel/: Web Server Control Panel.
+ /siteminder: This may be an indication that the server is running Siteminder for SSO.
+ /nsn/..%5Cutil/attrib.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/chkvol.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/del.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/glist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/lancard.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/send.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/type.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cweb/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cwebdemo/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /cgi/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /scripts/archie: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/date: Gateway to the unix command, may be able to submit extra commands.
+ /scripts/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/redirect: Redirects via URL from form.
+ /cgi/redirect: Redirects via URL from form.
+ /scripts/redirect: Redirects via URL from form.
+ /fcgi-bin/redirect: Redirects via URL from form.
+ /cgi/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /scripts/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /CVS/Entries: CVS Entries file may contain directory listing information.
+ /LOGIN.PWD: MIPCD password file with unencrypted passwords. MIPDCD should not have the web interface enabled.
+ /cgi-914/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-sys/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgibin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /fcgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-914/query: Echoes back result of your GET.
+ /cgi/query: Echoes back result of your GET.
+ /cgi-sys/query: Echoes back result of your GET.
+ /scripts/query: Echoes back result of your GET.
+ /fcgi-bin/query: Echoes back result of your GET.
+ /cgi-home/query: Echoes back result of your GET.
+ /cgi-sys/test-env: May echo environment variables or give directory listings.
+ /cgibin/test-env: May echo environment variables or give directory listings.
+ /fcgi-bin/test-env: May echo environment variables or give directory listings.
+ /cgi-home/test-env: May echo environment variables or give directory listings.
+ /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
+ /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-018
+ Scan terminated: 0 error(s) and 167 item(s) reported on remote host
+ End Time:           2025-01-11 21:13:42 (GMT-8) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
blinkit.com
Target IP
104.18.35.23
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host blinkit.com -maxtime 60
Duration
Quick report
Scan date
12 Jan 2025 00:13
Copy scan report
Download report
Remove scan result
$
Total scans
Check ports
API - Scan ID