Scan report for "admcondominiosuniao.com.br"

  1. Nikto Online
  2. Scan report for "admcondominiosuniao.com.br"
Membership level: Free member
Summary

Found

92

Duration

1min 1sec

Date

2025-06-14

IP

104.21.96.1

Report
Nikto scan (max 60 sec) (nikto -host admcondominiosuniao.com.br -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.21.96.1, 104.21.80.1, 104.21.48.1, 104.21.32.1, 104.21.64.1, 104.21.16.1, 104.21.112.1, 2606:4700:3030::6815:4001, 2606:4700:3030::6815:3001, 2606:4700:3030::6815:7001, 2606:4700:3030::6815:2001, 2606:4700:3030::6815:5001, 2606:4700:3030::6815:6001, 2606:4700:3030::6815:1001
+ Target IP:          104.21.96.1
+ Target Hostname:    admcondominiosuniao.com.br
+ Target Port:        80
+ Start Time:         2025-06-14 07:36:11 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'cf-mitigated' found, with contents: challenge.
+ /: Uncommon header 'origin-agent-cluster' found, with contents: ?1.
+ /: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /: Uncommon header 'server-timing' found, with multiple values: (chlray;desc="94fa8efccfb6f7c3",cfL4;desc="?proto=TCP&rtt=974&min_rtt=974&rtt_var=487&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=205&delivery_rate=0&cwnd=173&unsent_bytes=0&cid=0000000000000000&ts=0&x=0",).
+ /: Uncommon header 'critical-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist.
+ /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
+ /forums//administrator/config.php: PHP Config file may contain database IDs and passwords.
+ /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password. See: https://vulners.com/exploitdb/EDB-ID:23027
+ /guestbook/admin.php: Guestbook admin page available without authentication.
+ /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
+ /forum/admin/wwforum.mdb: Web Wiz Forums password database found. See: https://seclists.org/bugtraq/2003/Apr/238
+ /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password. See: https://www.exploit-db.com/exploits/22484
+ /admin/config.php: PHP Config file may contain database IDs and passwords.
+ /administrator/config.php: PHP Config file may contain database IDs and passwords.
+ /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein.
+ /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /admin/system_footer.php: myphpnuke version 1.8.8_final_7 reveals detailed system information.
+ /admin.php?en_log_id=0&action=config: EasyNews version 4.3 allows remote admin access. This PHP file should be protected. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5412
+ /admin.php?en_log_id=0&action=users: EasyNews version 4.3 allows remote admin access. This PHP file should be protected. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5412
+ /admin.php4?reg_login=1: Mon Album version 0.6.2d allows remote admin access. This should be protected.
+ /admin/admin_phpinfo.php4: Mon Album version 0.6.2d allows remote admin access. This should be protected.
+ /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0995
+ /thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin: paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'. See: OSVDB-2225
+ /admin/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672
+ //admin/admin.shtml: Axis network camera may allow admin bypass by using double-slashes before URLs. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0240
+ /admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein. See: OSVDB-2813
+ //admin/aindex.htm: FlexWATCH firmware 2.2 is vulnerable to authentication bypass by prepending an extra /'s. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3604
+ /admin/wg_user-info.ml: WebGate Web Eye exposes user names and passwords. See: OSVDB-2922
+ /admin.htm: This might be interesting.
+ /admin.html: This might be interesting.
+ /admin.php: This might be interesting.
+ /admin.php3: This might be interesting.
+ /admin.shtml: This might be interesting.
+ /admin/: This might be interesting.
+ /administration/: This might be interesting.
+ /administrator/: This might be interesting.
+ /cart/: This might be interesting.
+ /cfdocs/exampleapp/publish/admin/addcontent.cfm: This might be interesting.
+ /cfdocs/exampleapp/publish/admin/application.cfm: This might be interesting.
+ /datos/: This might be interesting.
+ /db/: This might be interesting.
+ /dbase/: This might be interesting.
+ /demo/: This might be interesting.
+ /demos/: This might be interesting.
+ /dev/: This might be interesting.
+ /devel/: This might be interesting.
+ /development/: This might be interesting.
+ /dir/: This might be interesting.
+ /directory/: This might be interesting.
+ /DMR/: This might be interesting.
+ /doc-html/: This might be interesting.
+ /down/: This might be interesting.
+ /download/: This might be interesting.
+ /downloads/: This might be interesting.
+ /easylog/easylog.html: Seen in carding forums. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /ejemplo/: This might be interesting.
+ /ejemplos/: This might be interesting.
+ /employees/: This might be interesting.
+ /envia/: This might be interesting.
+ /enviamail/: This might be interesting.
+ /excel/: This might be interesting.
+ /Excel/: This might be interesting.
+ /ministats/admin.cgi: This might be interesting.
+ /admin/auth.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cfg/configscreen.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cfg/configsite.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cfg/configsql.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cfg/configtache.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cms/htmltags.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/credit_card_info.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/exec.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/index.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/modules/cache.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/objects.inc.php4: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/script.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/settings.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/templates/header.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/upload.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin_t/include/aff_liste_langue.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /caupo/admin/admin_workspace.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /doc/admin/index.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /php/gaestebuch/admin/index.php: This might be interesting: has been seen in web logs from an unknown scanner.
+ /bin/admin.pl: Default FrontPage CGI found. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /cgi-bin/admin.pl: Default FrontPage CGI found. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /scripts/admin.pl: Default FrontPage CGI found. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /_vti_bin/admin.pl: Default FrontPage CGI found. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /_vti_pvt/administrators.pwd: Default FrontPage file found, may be a password file. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /admin/admin.php?adminpy=1: PY-Membres 4.2 may allow administrator access. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1198
+ /webapp/admin/_pages/_bc4jadmin/: Oracle JSP files. See: CWE-552
+ Scan terminated: 0 error(s) and 92 item(s) reported on remote host
+ End Time:           2025-06-14 07:37:12 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
admcondominiosuniao.com.br
Target IP
104.21.96.1
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host admcondominiosuniao.com.br -maxtime 60
Duration
Quick report
Scan date
14 Jun 2025 10:37
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID