Scan report for "insider.sternpinball.com"

  1. Nikto Online
  2. Scan report for "insider.sternpinball.com"
Membership level: Free member
Summary

Found

12

Duration

38sec

Date

2026-03-07

IP

99.84.160.57

Report
Nikto scan (max 60 sec) (nikto -host insider.sternpinball.com -maxtime 60)
- Nikto v2.6.0
---------------------------------------------------------------------------
+ Your Nikto installation is out of date.
+ Target IP:          99.84.160.57
+ Target Hostname:    insider.sternpinball.com
+ Target Port:        80
+ Platform:           Unknown
+ Start Time:         2026-03-07 12:31:25 (GMT-5)
---------------------------------------------------------------------------
+ Server: CloudFront
+ Multiple IPs found: 99.84.160.57, 99.84.160.53, 99.84.160.126, 99.84.160.18
+ [999986] /: Retrieved via header: 1.1 9b467d1b9559306c930b2f8176043a22.cloudfront.net (CloudFront).
+ No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped.
+ [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ [999962] /: Server banner changed from 'CloudFront' to 'AmazonS3'.
+ [999967] /: Web Server returns a valid response with junk HTTP methods which may cause false positives.
+ [000126] /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ [007101] /.well-known/assetlinks.json: Google Asset Links Specification file may contain server info. See: RFC-5785 https://github.com/google/digitalassetlinks/blob/master/well-known/details.md
+ [007257] /.well-known/apple-app-site-association: Apple Universal Links. See: RFC-5785
+ [007258] /.well-known/assetlinks.json: Android App Links. See: RFC-5785
+ [007352] /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ [999986] /: Retrieved access-control-allow-origin header: *.
+ 8162 requests: 0 errors and 12 items reported on the remote host
+ End Time:           2026-03-07 12:32:03 (GMT-5) (38 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
insider.sternpinball.com
Target IP
99.84.160.57
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host insider.sternpinball.com -maxtime 60
Duration
Quick report
Scan date
07 Mar 2026 12:32
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID