- Nikto v2.5.0 --------------------------------------------------------------------------- + Multiple IPs found: 104.22.66.113, 104.22.67.113, 172.67.8.126, 2606:4700:10::6816:4371, 2606:4700:10::ac43:87e, 2606:4700:10::6816:4271 + Target IP: 104.22.66.113 + Target Hostname: www.aeromexicorewards.com + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Subject: /CN=aeromexicorewards.com Altnames: aeromexicorewards.com, *.aeromexicorewards.com Ciphers: TLS_AES_256_GCM_SHA384 Issuer: /C=US/O=Google Trust Services LLC/CN=GTS CA 1P5 + Start Time: 2024-04-20 03:25:40 (GMT-4) --------------------------------------------------------------------------- + Server: cloudflare + /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1". + /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /: The site uses TLS and the Strict-Transport-Security HTTP header is set with max-age=0. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + /OaZiFHj0.prf: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA. + /OaZiFHj0.prf: Uncommon header 'cf-mitigated' found, with contents: challenge. + /OaZiFHj0.prf: Uncommon header 'origin-agent-cluster' found, with contents: ?1. + /OaZiFHj0.prf: Uncommon header 'cf-chl-out' found, with contents: xqme3JnuJ1XDNP2MGupgtFv1lmRy9yTYXMy3g2f1TBvl9RgxMW3KT/X+SeQWwmcLU5j0CwMZmfDxb7XB2LKr7yiKsktdJGIuaYMoS670Nm6G/yl3nERih4X0J3SMVGlTbY/oScKsJ7FXDua7uUjDNQ==$EpTmLyelXcHArOkxsCZsPw==. + /OaZiFHj0.UploadServlet: Cookie qtrans_front_language created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /OaZiFHj0.UploadServlet: Uncommon header 'x-redirect-by' found, with contents: WordPress. + /OaZiFHj0.pdf: Cookie PHPSESSID created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /OaZiFHj0.pdf: Link header found with value: ; rel="https://api.w.org/". See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link + /OaZiFHj0.apw: IP address found in the 'report-to' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /OaZiFHj0.apw: IP address found in the 'content-security-policy-report-only' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + All CGI directories 'found', use '-C none' to test none + /robots.txt:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + /robots.txt: contains 2 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt + /: The Content-Encoding header is set to "deflate" which may mean that the server is vulnerable to the BREACH attack. See: http://breachattack.com/ + Scan terminated: 20 error(s) and 16 item(s) reported on remote host + End Time: 2024-04-20 03:26:14 (GMT-4) (34 seconds) --------------------------------------------------------------------------- + 1 host(s) tested