- Nikto --------------------------------------------------------------------------- + Multiple IPs found: 172.67.202.84, 104.21.69.7, 2606:4700:3033::ac43:ca54, 2606:4700:3031::6815:4507 + Target IP: 172.67.202.84 + Target Hostname: xhamster.desi + Target Port: 80 + Start Time: 2024-09-02 15:24:15 (GMT-4) --------------------------------------------------------------------------- + Server: cloudflare + /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc + Root page / redirects to: https://xhamster.desi + /7rmpqsqS.old: Uncommon header 'origin-agent-cluster' found, with contents: ?1. + /7rmpqsqS.old: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA. + /7rmpqsqS.old: Uncommon header 'cf-chl-out' found, with contents: ETNI838vYZ0fbKO0jz1EzcBFmnuiTJq1YJH+PaHeMjK2qneWus4kffx2L1z2oZGX7aDNAtqWUHJhG1bVLfmtlzmor2+2jYgRYmP5h6AXg5EJiLolHevriB+pMCQioeRzuuz/5ahVLCbKwD+m7iCIBQ==$MEW7f/Wf4/VAedTs1hS+cQ==. + /7rmpqsqS.old: Uncommon header 'cf-mitigated' found, with contents: challenge. + /7rmpqsqS.old: Uncommon header 'critical-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA. + /7rmpqsqS.old: Uncommon header 'x-content-options' found, with contents: nosniff. + No CGI Directories found (use '-C all' to force check all possible dirs) + /crossdomain.xml: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/ + /crossdomain.xml contains 5 lines which include the following domains: *.xhamster.com" secure="false *.xhamster.xxx" secure="false *.xhamstercams.xxx" secure="false *.xhcdn.com" secure="false *.godev.ws" secure="false . See: http://jeremiahgrossman.blogspot.com/2008/05/crossdomainxml-invites-cross-site.html + /robots.txt:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + /robots.txt: Entry '/embed/' is returned a non-forbidden or redirect HTTP code (307). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /robots.txt: contains 125 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt + Scan terminated: 0 error(s) and 12 item(s) reported on remote host + End Time: 2024-09-02 15:25:16 (GMT-4) (61 seconds) --------------------------------------------------------------------------- + 1 host(s) tested