Nikto no limit SSL scan (nikto -host www.aeromexicorewards.com -ssl)
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 104.22.66.113, 104.22.67.113, 172.67.8.126, 2606:4700:10::6816:4371, 2606:4700:10::ac43:87e, 2606:4700:10::6816:4271
+ Target IP: 104.22.66.113
+ Target Hostname: www.aeromexicorewards.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /CN=aeromexicorewards.com
Altnames: aeromexicorewards.com, *.aeromexicorewards.com
Ciphers: TLS_AES_256_GCM_SHA384
Issuer: /C=US/O=Google Trust Services LLC/CN=GTS CA 1P5
+ Start Time: 2024-04-20 03:25:40 (GMT-4)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1".
+ /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /: The site uses TLS and the Strict-Transport-Security HTTP header is set with max-age=0. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ /OaZiFHj0.prf: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ /OaZiFHj0.prf: Uncommon header 'cf-mitigated' found, with contents: challenge.
+ /OaZiFHj0.prf: Uncommon header 'origin-agent-cluster' found, with contents: ?1.
+ /OaZiFHj0.prf: Uncommon header 'cf-chl-out' found, with contents: xqme3JnuJ1XDNP2MGupgtFv1lmRy9yTYXMy3g2f1TBvl9RgxMW3KT/X+SeQWwmcLU5j0CwMZmfDxb7XB2LKr7yiKsktdJGIuaYMoS670Nm6G/yl3nERih4X0J3SMVGlTbY/oScKsJ7FXDua7uUjDNQ==$EpTmLyelXcHArOkxsCZsPw==.
+ /OaZiFHj0.UploadServlet: Cookie qtrans_front_language created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /OaZiFHj0.UploadServlet: Uncommon header 'x-redirect-by' found, with contents: WordPress.
+ /OaZiFHj0.pdf: Cookie PHPSESSID created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /OaZiFHj0.pdf: Link header found with value: <https://www.aeromexicorewards.com/mx/wp-json/>; rel="https://api.w.org/". See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link
+ /OaZiFHj0.apw: IP address found in the 'report-to' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /OaZiFHj0.apw: IP address found in the 'content-security-policy-report-only' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ All CGI directories 'found', use '-C none' to test none
+ /robots.txt:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /robots.txt: contains 2 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt
+ /: The Content-Encoding header is set to "deflate" which may mean that the server is vulnerable to the BREACH attack. See: http://breachattack.com/
+ Scan terminated: 20 error(s) and 16 item(s) reported on remote host
+ End Time: 2024-04-20 03:26:14 (GMT-4) (34 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested