- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.21.48.1, 104.21.32.1, 104.21.80.1, 104.21.96.1, 104.21.112.1, 104.21.64.1, 104.21.16.1, 2606:4700:3030::6815:4001, 2606:4700:3030::6815:2001, 2606:4700:3030::6815:5001, 2606:4700:3030::6815:6001, 2606:4700:3030::6815:1001, 2606:4700:3030::6815:7001, 2606:4700:3030::6815:3001
+ Target IP:          104.21.48.1
+ Target Hostname:    stin.ac.id
+ Target Port:        80
+ Start Time:         2025-07-13 09:30:07 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ Root page / redirects to: https://stin.ac.id/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /robots.txt: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /login.asp: Uncommon header 'server-timing' found, with contents: cfL4;desc="?proto=TCP&rtt=6241&min_rtt=1048&rtt_var=3401&sent=500&recv=493&lost=0&retrans=0&sent_bytes=280489&recv_bytes=97343&delivery_rate=6038365&cwnd=148&unsent_bytes=0&cid=0000000000000000&ts=0&x=0".
+ /: Uncommon header 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ /wp-admin/: Uncommon header 'cf-mitigated' found, with contents: challenge.
+ /wp-admin/: Uncommon header 'origin-agent-cluster' found, with contents: ?1.
+ /wp-admin/: Uncommon header 'critical-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /wp-admin/: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ Scan terminated: 0 error(s) and 8 item(s) reported on remote host
+ End Time:           2025-07-13 09:31:08 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested