Nikto scan report for "www.fortunecoins.com"

Summary

Found

108

Duration

1min 1sec

Date

2025-05-05

104.18.18.244

Report

Nikto scan (max 60 sec) (nikto -host www.fortunecoins.com -maxtime 60)

- Nikto
---------------------------------------------------------------------------
+ Multiple IPs found: 104.18.18.244, 104.18.19.244, 2606:4700::6812:13f4, 2606:4700::6812:12f4
+ Target IP: 104.18.18.244
+ Target Hostname: www.fortunecoins.com
+ Target Port: 80
+ Start Time: 2025-05-05 20:55:08 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ All CGI directories 'found', use '-C none' to test none
+ /webcgi/finger.pl: finger other users, may be other commands?.
+ /cgi-914/finger.pl: finger other users, may be other commands?.
+ /cgi-915/finger.pl: finger other users, may be other commands?.
+ /bin/finger.pl: finger other users, may be other commands?.
+ /cgi/finger.pl: finger other users, may be other commands?.
+ /cgi-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-sys/finger.pl: finger other users, may be other commands?.
+ /scripts/finger.pl: finger other users, may be other commands?.
+ /cgi-win/finger.pl: finger other users, may be other commands?.
+ /cgi-exe/finger.pl: finger other users, may be other commands?.
+ /cgi-home/finger.pl: finger other users, may be other commands?.
+ /cgi-bin-sdb/finger.pl: finger other users, may be other commands?.
+ /~root/: Allowed to browse root's home directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1013
+ /cgi.cgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /webcgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-914/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-915/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /mpcgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /htbin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /scripts/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-perl/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /scgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-mod/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi.cgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-914/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /mpcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /ows-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-sys/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgibin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /scripts/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-win/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /fcgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-exe/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-home/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-perl/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /scgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi.cgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /webcgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-914/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-915/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-local/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgibin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgis/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /scripts/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-win/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /fcgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-home/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /scgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-bin-sdb/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-mod/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /tsweb/: Microsoft TSAC found. See: https://web.archive.org/web/20040910030506/http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
+ /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/admin/findvserver.asp: Gives a list of installed Site Server components. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current search catalog configurations.
+ /SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp: Microsoft Site Server script used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420
+ /SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp: Microsoft Site Server used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420
+ /prd.i/pgen/: Has MS Merchant Server 1.0.
+ /readme.eml: Remote server may be infected with the Nimda virus.
+ /siteseed/: Siteseed pre 1.4.2 have 'major' security problems.
+ /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html
+ /upload.asp: An ASP page that allows attackers to upload files to server.
+ /cgi.cgi/.cobalt: May allow remote admin of CGI scripts.
+ /webcgi/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-914/.cobalt: May allow remote admin of CGI scripts.
+ /bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi/.cobalt: May allow remote admin of CGI scripts.
+ /mpcgi/.cobalt: May allow remote admin of CGI scripts.
+ /cgibin/.cobalt: May allow remote admin of CGI scripts.
+ /cgis/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-win/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-home/.cobalt: May allow remote admin of CGI scripts.
+ /scgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-mod/.cobalt: May allow remote admin of CGI scripts.
+ /cgi.cgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /webcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /mpcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /ows-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-local/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgibin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgis/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /fcgi-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-mod/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi.cgi/.access: Contains authorization information.
+ /webcgi/.access: Contains authorization information.
+ /cgi-914/.access: Contains authorization information.
+ /bin/.access: Contains authorization information.
+ /cgi/.access: Contains authorization information.
+ /cgi-bin/.access: Contains authorization information.
+ /ows-bin/.access: Contains authorization information.
+ /cgi-sys/.access: Contains authorization information.
+ /cgi-local/.access: Contains authorization information.
+ /cgis/.access: Contains authorization information.
+ /scripts/.access: Contains authorization information.
+ /cgi-win/.access: Contains authorization information.
+ /cgi-exe/.access: Contains authorization information.
+ /cgi-perl/.access: Contains authorization information.
+ /cgi-bin-sdb/.access: Contains authorization information.
+ /cgi-mod/.access: Contains authorization information.
+ /pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCart. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0609
+ /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
+ /typo3conf/: This may contain sensitive TYPO3 files.
+ /webcart/config/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /_mem_bin/auoconfig.asp: Displays the default AUO (LDAP) schema, including host and port.
+ Scan terminated: 0 error(s) and 108 item(s) reported on remote host
+ End Time: 2025-05-05 20:56:09 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Online Nikto scanner - Online Nikto web server scanner | Product Hunt

Detailed report

Target

www.fortunecoins.com

Target IP

104.18.18.244

Scan method

Nikto scan (max 60 sec)

Run command

nikto -host www.fortunecoins.com -maxtime 60

Duration

61s

Quick report

Order full scan ($7.99/one time)

Scan date

05 May 2025 23:56

Copy scan report

Download report

Remove scan result

Total scans

About 2 times

Check ports

Use Portscanner Tool

API - Scan ID

59397c3f9a07ffcb5bc653646db68e7fd30a524c

Scan report for "www.fortunecoins.com"

Summary

108

1min 1sec

2025-05-05

104.18.18.244

Report

Detailed report