Scan report for "turo.com"

  1. Nikto Online
  2. Scan report for "turo.com"
Membership level: Free member
Summary

Found

189

Duration

1min 1sec

Date

2025-10-17

IP

104.18.37.91

Report
Nikto scan (max 60 sec) (nikto -host turo.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.18.37.91, 172.64.150.165, 2606:4700:4406::ac40:96a5, 2a06:98c1:3105::6812:255b
+ Target IP:          104.18.37.91
+ Target Hostname:    turo.com
+ Target Port:        80
+ Start Time:         2025-10-17 20:37:18 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1".
+ /v0qIGu5A.chl+: IP address found in the '_cfuvid' cookie. The IP is "0.0.1.1".
+ /: Uncommon header 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ /webcgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgis/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin-sdb/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scgi-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi.cgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-perl/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin-sdb/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php.
+ /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
+ /cgi.cgi/finger: finger other users, may be other commands?.
+ /cgis/finger: finger other users, may be other commands?.
+ /cgi-win/finger: finger other users, may be other commands?.
+ /fcgi-bin/finger: finger other users, may be other commands?.
+ /cgi-perl/finger: finger other users, may be other commands?.
+ /cgi-bin-sdb/finger: finger other users, may be other commands?.
+ /cgi.cgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /webcgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-914/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /fcgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-home/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /scgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi.cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /webcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgis/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /fcgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-bin-sdb/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi.cgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /webcgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-914/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgis/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-win/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /fcgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-perl/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-bin-sdb/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
+ /vgn/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Saving: Vignette CMS admin/maintenance script available.
+ /scripts/tools/dsnform: Allows creation of ODBC Data Source.
+ /prd.i/pgen/: Has MS Merchant Server 1.0.
+ /siteseed/: Siteseed pre 1.4.2 have 'major' security problems.
+ /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.
+ /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
+ /webcgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-914/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-home/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-perl/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /scgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-bin-sdb/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /server/: Possibly Macromedia JRun or CRX WebDAV upload.
+ /vgn/ac/esave: Vignette CMS admin/maintenance script available.
+ /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
+ /vgn/ac/index: Vignette CMS admin/maintenance script available.
+ /vgn/asp/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/asp/status: Vignette CMS admin/maintenance script available.
+ /vgn/errors: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available.
+ /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
+ /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
+ /typo3conf/: This may contain sensitive TYPO3 files.
+ /cms/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo3/typo3conf/: This may contain sensitive TYPO3 files.
+ /vgn/license: Vignette server license file found. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0403
+ /webcart/config/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /jamdb/: JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.
+ /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0063
+ /cgi.cgi/aglimpse: This CGI may allow attackers to execute remote commands.
+ /webcgi/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-914/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-win/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-perl/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-bin-sdb/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi.cgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /webcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-914/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgis/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-win/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /fcgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-home/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-perl/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /scgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-bin-sdb/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi.cgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /webcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-914/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgis/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-win/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /fcgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-home/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-perl/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /scgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-bin-sdb/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /siteminder: This may be an indication that the server is running Siteminder for SSO.
+ /webcgi/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/archie: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /scgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/date: Gateway to the unix command, may be able to submit extra commands.
+ /webcgi/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/date: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /scgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/redirect: Redirects via URL from form.
+ /webcgi/redirect: Redirects via URL from form.
+ /cgi-914/redirect: Redirects via URL from form.
+ /cgi-bin/redirect: Redirects via URL from form.
+ /cgis/redirect: Redirects via URL from form.
+ /cgi-win/redirect: Redirects via URL from form.
+ /fcgi-bin/redirect: Redirects via URL from form.
+ /cgi-home/redirect: Redirects via URL from form.
+ /cgi-perl/redirect: Redirects via URL from form.
+ /scgi-bin/redirect: Redirects via URL from form.
+ /webcgi/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /scgi-bin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /webcgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-914/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgis/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-win/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /scgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /webcgi/query: Echoes back result of your GET.
+ /cgi-bin/query: Echoes back result of your GET.
+ /cgis/query: Echoes back result of your GET.
+ /cgi-win/query: Echoes back result of your GET.
+ /fcgi-bin/query: Echoes back result of your GET.
+ /cgi-home/query: Echoes back result of your GET.
+ /cgi-perl/query: Echoes back result of your GET.
+ /cgis/test-env: May echo environment variables or give directory listings.
+ /fcgi-bin/test-env: May echo environment variables or give directory listings.
+ /cgi-perl/test-env: May echo environment variables or give directory listings.
+ /scgi-bin/test-env: May echo environment variables or give directory listings.
+ /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web.
+ /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-018
+ Scan terminated: 0 error(s) and 189 item(s) reported on remote host
+ End Time:           2025-10-17 20:38:19 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
turo.com
Target IP
104.18.37.91
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host turo.com -maxtime 60
Duration
Quick report
Scan date
17 Oct 2025 23:38
Copy scan report
Download report
Remove scan result
$
Total scans
Check ports
API - Scan ID