Scan report for "blinkit.com"

  1. Nikto Online
  2. Scan report for "blinkit.com"
Membership level: Free member
Summary

Found

50

Duration

1min 1sec

Date

2025-06-12

IP

104.18.35.23

Report
Nikto scan (max 60 sec) (nikto -host blinkit.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.18.35.23, 172.64.152.233, 2606:4700:4400::ac40:98e9, 2606:4700:4400::6812:2317
+ Target IP:          104.18.35.23
+ Target Hostname:    blinkit.com
+ Target Port:        80
+ Start Time:         2025-06-12 08:26:04 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Retrieved access-control-allow-origin header: *.
+ /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1".
+ /sovY2gPj.gif: IP address found in the '_cfuvid' cookie. The IP is "0.0.1.1".
+ All CGI directories 'found', use '-C none' to test none
+ /blinkitcom.war: Uncommon header 'origin-agent-cluster' found, with contents: ?1.
+ /blinkitcom.war: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /blinkitcom.war: Uncommon header 'critical-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /blinkitcom.war: Uncommon header 'cf-mitigated' found, with contents: challenge.
+ /blinkitcom.war: Uncommon header 'server-timing' found, with contents: chlray;desc="94ea5d799d4cc69d".
+ /cgi.cgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /webcgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-914/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-915/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /fcgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-exe/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-bin-sdb/cart32.exe: request cart32.exe/cart32clientlist.
+ /scripts/samples/details.idc: NT ODBC Remote Compromise. See: http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc
+ /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709
+ /bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /mpcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /ows-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /htbin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-bin-sdb/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-mod/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614
+ /bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /ows-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-sys/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-local/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgibin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgis/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-win/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-perl/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /scgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin-sdb/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-mod/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi.cgi/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-914/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /mpcgi/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /ows-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-local/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgis/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /scripts/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-win/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /fcgi-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-perl/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cfdocs/expeval/openfile.cfm: Can use to expose the system/server path.
+ Scan terminated: 0 error(s) and 50 item(s) reported on remote host
+ End Time:           2025-06-12 08:27:05 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
blinkit.com
Target IP
104.18.35.23
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host blinkit.com -maxtime 60
Duration
Quick report
Scan date
12 Jun 2025 11:27
Copy scan report
Download report
Remove scan result
$
Total scans
Check ports
API - Scan ID