Scan report for "asifhasanansari.com.np"

- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.21.49.137, 172.67.163.129, 2606:4700:3035::6815:3189, 2606:4700:3030::ac43:a381
+ Target IP:          104.21.49.137
+ Target Hostname:    asifhasanansari.com.np
+ Target Port:        80
+ Start Time:         2025-11-18 08:42:04 (GMT-8)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'cf-mitigated' found, with contents: challenge.
+ /: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /: Uncommon header 'critical-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /: Uncommon header 'origin-agent-cluster' found, with contents: ?1.
+ /: Uncommon header 'server-timing' found, with multiple values: (chlray;desc="9a08eb437f02ae39",cfL4;desc="?proto=TCP&rtt=1016&min_rtt=1016&rtt_var=508&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=201&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0",).
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /robots.txt: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /robots.txt: contains 9 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt
+ /: Uncommon header 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php.
+ /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist.
+ /pbserver/pbserver.dll: This may contain a buffer overflow. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/MS00-094
+ /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
+ /pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow file upload without authentication.
+ /phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior are vulnerable to file upload bug.
+ /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
+ /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files.
+ /upload.asp: An ASP page that allows attackers to upload files to server.
+ /uploadn.asp: An ASP page that allows attackers to upload files to server.
+ /uploadx.asp: An ASP page that allows attackers to upload files to server.
+ /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads.
+ /server/: Possibly Macromedia JRun or CRX WebDAV upload.
+ /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See: https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt
+ /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1247
+ /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
+ /................../config.sys: PWS allows files to be read by prepending multiple '.' characters. At worst, IIS, not PWS, should be used.
+ /dostuff.php?action=modify_user: Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0599,https://sourceforge.net/projects/blahzdns/
+ /accounts/getuserdesc.asp: Hosting Controller 2002 administration page is available. This should be protected. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0776
+ /agentadmin.php: Immobilier agentadmin.php contains multiple SQL injection vulnerabilities. See: OSVDB-35876
+ /sqldump.sql: Database SQL?.
+ /level/16/exec/: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /cpanel/: Web-based control panel. See: OSVDB-2117
+ /shopping/diag_dbtest.asp: VP-ASP Shopping Cart 5.0 contains multiple SQL injection vulnerabilities. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0560
+ /wwwboard/passwd.txt: The wwwboard password file is browsable. Change wwwboard to store this file elsewhere, or upgrade to the latest version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0930
+ /photo/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access. See: OSVDB-2695
+ /photodata/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access. See: OSVDB-2695
+ /msadc/msadcs.dll: . See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1011 BID-529 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2098/MS98-004 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2099/MS99-025 http://attrition.org/security/advisory/individual/rfp/rfp.9902.rds_iis
+ /iisadmpwd/aexp2.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /iisadmpwd/aexp2b.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /iisadmpwd/aexp3.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /iisadmpwd/aexp4.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /iisadmpwd/aexp4b.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ //admin/aindex.htm: FlexWATCH firmware 2.2 is vulnerable to authentication bypass by prepending an extra /'s. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3604
+ /admin/wg_user-info.ml: WebGate Web Eye exposes user names and passwords. See: OSVDB-2922
+ /showmail.pl: @Mail WebMail 3.52 allows attacker to read arbitrary user's mailbox. Requires knowing valid user name and appending ?Folder=../../victim@somehost.com/mbox/Inbox to the showmail.pl file. See: OSVDB-2944
+ /reademail.pl: @Mail WebMail 3.52 contains an SQL injection that allows attacker to read any email message for any address registered in the system. Example to append to reademail.pl: ?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='victim@atmail.com&print=1. See: OSVDB-2948
+ /iissamples/exair/search/query.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0449
+ /buddies.blt: Buddy List?.
+ /buddy.blt: Buddy List?.
+ /buddylist.blt: Buddy List?.
+ /sqlnet.log: Oracle log file found.
+ /acceso/: This might be interesting.
+ /access.log: This might be interesting.
+ /access/: This might be interesting.
+ /acciones/: This might be interesting.
+ /account/: This might be interesting.
+ /accounting/: This might be interesting.
+ /activex/: This might be interesting.
+ /adm/: This might be interesting.
+ /admin.htm: This might be interesting.
+ /admin.html: This might be interesting.
+ /admin.php: This might be interesting.
+ /admin.php3: This might be interesting.
+ /admin.shtml: This might be interesting.
+ /admin/: This might be interesting.
+ /Administration/: This might be interesting.
+ /administration/: This might be interesting.
+ /administrator/: This might be interesting.
+ /Admin_files/: This might be interesting.
+ /advwebadmin/: This might be interesting: probably HostingController, www.hostingcontroller.com.
+ /Agent/: This might be interesting.
+ /Agentes/: This might be interesting.
+ /agentes/: This might be interesting.
+ /Agents/: This might be interesting.
+ /analog/: This might be interesting.
+ /apache/: This might be interesting.
+ /app/: This might be interesting.
+ /applicattion/: This might be interesting.
+ /applicattions/: This might be interesting.
+ /apps/: This might be interesting.
+ /archivar/: This might be interesting.
+ /archive/: This might be interesting.
+ /archives/: This might be interesting.
+ /archivo/: This might be interesting.
+ /asp/: This might be interesting.
+ /Asp/: This might be interesting.
+ /atc/: This might be interesting.
+ /auth/: This might be interesting.
+ /awebvisit.stat: This might be interesting.
+ /ayuda/: This might be interesting.
+ /backdoor/: This might be interesting.
+ /backup/: This might be interesting.
+ /bak/: This might be interesting.
+ /banca/: This might be interesting.
+ /jservdocs/: Default Apache JServ docs should be removed. See: CWE-552
+ /dc/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /dc/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /applist.asp: Citrix server may allow remote users to view applications installed without authenticating. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0502
+ /launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica: Citrix server may reveal sensitive information by accessing the 'advanced' tab on the login screen. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0301
+ /_layouts/alllibs.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. See: https://seclists.org/bugtraq/2003/Nov/226
+ /_layouts/settings.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. See: https://seclists.org/bugtraq/2003/Nov/226
+ /_layouts/userinfo.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. See: https://seclists.org/bugtraq/2003/Nov/226
+ /iissamples/exair/howitworks/Code.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0449
+ /iissamples/exair/howitworks/Codebrw1.asp: This is a default IIS script/file which should be removed, it may allow a DoS against the server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0449 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2099/MS99-013
+ /globals.jsa: Oracle globals.jsa file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0562
+ /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325 https://securiteam.com/exploits/5HP0M2A60G/
+ /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325 https://securiteam.com/exploits/5HP0M2A60G/
+ Scan terminated: 0 error(s) and 109 item(s) reported on remote host
+ End Time:           2025-11-18 08:43:05 (GMT-8) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Trustpilot

Target

asifhasanansari.com.np

Target IP

104.21.49.137

Scan method

Nikto scan (max 60 sec)

Run command

nikto -host asifhasanansari.com.np -maxtime 60

Duration

61s

Quick report

Order full scan ($7.99/one time)

Scan date

18 Nov 2025 11:43

Copy scan report

Download report

Remove scan result

$

Total scans

About 2 times

Check ports

Use Portscanner Tool

API - Scan ID

c88fcd410dabe59df3a8ab3799c192a3fb4c1d8a