Scan report for "youtube.com"
Summary
Found
89
Duration
1min 1sec
Date
2025-05-05
IP
142.250.188.238
Report
Nikto SSL scan (max 60 sec) (nikto -host youtube.com -ssl -maxtime 60)
- Nikto
---------------------------------------------------------------------------
+ Multiple IPs found: 142.250.188.238, 2607:f8b0:4007:80a::200e
+ Target IP: 142.250.188.238
+ Target Hostname: youtube.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /CN=*.google.com
Altnames: *.google.com, *.appengine.google.com, *.bdn.dev, *.origin-test.bdn.dev, *.cloud.google.com, *.crowdsource.google.com, *.datacompute.google.com, *.google.ca, *.google.cl, *.google.co.in, *.google.co.jp, *.google.co.uk, *.google.com.ar, *.google.com.au, *.google.com.br, *.google.com.co, *.google.com.mx, *.google.com.tr, *.google.com.vn, *.google.de, *.google.es, *.google.fr, *.google.hu, *.google.it, *.google.nl, *.google.pl, *.google.pt, *.googleapis.cn, *.googlevideo.com, *.gstatic.cn, *.gstatic-cn.com, googlecnapps.cn, *.googlecnapps.cn, googleapps-cn.com, *.googleapps-cn.com, gkecnapps.cn, *.gkecnapps.cn, googledownloads.cn, *.googledownloads.cn, recaptcha.net.cn, *.recaptcha.net.cn, recaptcha-cn.net, *.recaptcha-cn.net, widevine.cn, *.widevine.cn, ampproject.org.cn, *.ampproject.org.cn, ampproject.net.cn, *.ampproject.net.cn, google-analytics-cn.com, *.google-analytics-cn.com, googleadservices-cn.com, *.googleadservices-cn.com, googlevads-cn.com, *.googlevads-cn.com, googleapis-cn.com, *.googleapis-cn.com, googleoptimize-cn.com, *.googleoptimize-cn.com, doubleclick-cn.net, *.doubleclick-cn.net, *.fls.doubleclick-cn.net, *.g.doubleclick-cn.net, doubleclick.cn, *.doubleclick.cn, *.fls.doubleclick.cn, *.g.doubleclick.cn, dartsearch-cn.net, *.dartsearch-cn.net, googletraveladservices-cn.com, *.googletraveladservices-cn.com, googletagservices-cn.com, *.googletagservices-cn.com, googletagmanager-cn.com, *.googletagmanager-cn.com, googlesyndication-cn.com, *.googlesyndication-cn.com, *.safeframe.googlesyndication-cn.com, app-measurement-cn.com, *.app-measurement-cn.com, gvt1-cn.com, *.gvt1-cn.com, gvt2-cn.com, *.gvt2-cn.com, 2mdn-cn.net, *.2mdn-cn.net, googleflights-cn.net, *.googleflights-cn.net, admob-cn.com, *.admob-cn.com, googlesandbox-cn.com, *.googlesandbox-cn.com, *.safenup.googlesandbox-cn.com, *.gstatic.com, *.metric.gstatic.com, *.gvt1.com, *.gcpcdn.gvt1.com, *.gvt2.com, *.gcp.gvt2.com, *.url.google.com, *.youtube-nocookie.com, *.ytimg.com, android.com, *.android.com, *.flash.android.com, g.cn, *.g.cn, g.co, *.g.co, goo.gl, www.goo.gl, google-analytics.com, *.google-analytics.com, google.com, googlecommerce.com, *.googlecommerce.com, ggpht.cn, *.ggpht.cn, urchin.com, *.urchin.com, youtu.be, youtube.com, *.youtube.com, music.youtube.com, *.music.youtube.com, youtubeeducation.com, *.youtubeeducation.com, youtubekids.com, *.youtubekids.com, yt.be, *.yt.be, android.clients.google.com, *.android.google.cn, *.chrome.google.cn, *.developers.google.cn, *.aistudio.google.com
Ciphers: TLS_AES_256_GCM_SHA384
Issuer: /C=US/O=Google Trust Services/CN=WE2
+ Start Time: 2025-05-05 20:06:12 (GMT-7)
---------------------------------------------------------------------------
+ Server: ESF
+ /: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version.
+ /: Uncommon header 'origin-trial' found, with contents: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9.
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ Root page / redirects to: https://www.youtube.com/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ : Server banner changed from 'ESF' to 'sffe'.
+ /:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ Server is using a wildcard certificate: *.google.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.appengine.google.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.bdn.dev. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.origin-test.bdn.dev. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.cloud.google.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.crowdsource.google.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.datacompute.google.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.ca. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.cl. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.co.in. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.co.jp. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.co.uk. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.com.ar. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.com.au. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.com.br. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.com.co. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.com.mx. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.com.tr. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.com.vn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.de. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.es. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.fr. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.hu. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.it. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.nl. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.pl. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google.pt. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googleapis.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googlevideo.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gstatic.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gstatic-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googlecnapps.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googleapps-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gkecnapps.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googledownloads.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.recaptcha.net.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.recaptcha-cn.net. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.widevine.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.ampproject.org.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.ampproject.net.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google-analytics-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googleadservices-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googlevads-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googleapis-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googleoptimize-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.doubleclick-cn.net. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.fls.doubleclick-cn.net. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.g.doubleclick-cn.net. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.doubleclick.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.fls.doubleclick.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.g.doubleclick.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.dartsearch-cn.net. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googletraveladservices-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googletagservices-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googletagmanager-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googlesyndication-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.safeframe.googlesyndication-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.app-measurement-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gvt1-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gvt2-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.2mdn-cn.net. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googleflights-cn.net. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.admob-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googlesandbox-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.safenup.googlesandbox-cn.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gstatic.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.metric.gstatic.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gvt1.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gcpcdn.gvt1.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gvt2.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.gcp.gvt2.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.url.google.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.youtube-nocookie.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.ytimg.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.android.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.flash.android.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.g.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.g.co. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.google-analytics.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.googlecommerce.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.ggpht.cn. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ Server is using a wildcard certificate: *.urchin.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ /search: Uncommon header 'cross-origin-opener-policy-report-only' found, with contents: same-origin; report-to="youtube_main".
+ Scan terminated: 0 error(s) and 89 item(s) reported on remote host
+ End Time: 2025-05-05 20:07:13 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Detailed report
-
Target
youtube.com
-
Target IP
142.250.188.238
-
Scan method
Nikto SSL scan (max 60 sec)
-
Run command
nikto -host youtube.com -ssl -maxtime 60
- Duration
- Quick report
-
Scan date
05 May 2025 23:07
-
Copy scan report
- Download report
- Remove scan result
- Total scans
- Check ports
- API - Scan ID