50
高风险
2026-05-21 03:29:37
发现的安全问题
- ⚠️[LOW] 服务器信息泄露
- ⚠️[HIGH] 敏感路径暴露
- ⚠️[MEDIUM] 缺少 HTTP 安全头
修复建议
- 💡添加 DMARC 记录增强邮件安全
- 💡配置 Web 服务器添加这些安全头
- 💡移除或修改 Server/X-Powered-By 响应头
- 💡限制对这些路径的访问或添加认证
🌐域名信息
目标域名uclahealth.org
注册域名uclahealth.org
顶级域名.org
🛡️威胁情报 (7 platforms)
Blacklist未列入黑名单
Malware0
Phishing0
Abuse Score0/100
🐛发现的漏洞 (3)
MEDIUM缺少 HTTP 安全头
缺少以下安全头: X-XSS-Protection, Permissions-Policy
修复建议: 配置 Web 服务器添加这些安全头
LOW服务器信息泄露
响应头泄露服务器信息: Server: cloudflare
修复建议: 移除或修改 Server/X-Powered-By 响应头
HIGH敏感路径暴露
发现可访问的敏感路径: /.env, /.git/config
修复建议: 限制对这些路径的访问或添加认证
🔌开放端口 (2)
80
http
443
https
🌐DNS 记录
A: 34.218.127.129
A: 44.224.64.152
MX: 10 mailstore1.secureserver.net.
MX: 0 smtp.secureserver.net.
NS: pdns01.domaincontrol.com.
NS: pdns02.domaincontrol.com.
TXT: "facebook-domain-verification=wrcy2hfndcn50vwybrhja6zzmkdk7w"
TXT: "apple-domain-verification=0HwP8RfDSjUDCuUwFdUpAydb1vfczyeWMQXZpCrzq34"
TXT: "sab2s3c6iaihe78butq1amjcq9"
TXT: "google-site-verification=GjXPx5s6QDqxSw_wSsUdJhaoViJScDL621uyMGTUJw4"
TXT: "v=spf1 include:secureserver.net -all"
TXT: "zenqms-domain-verification=27ecec644d190d8bdc9c9d4578f5b47d42f10493f1ac66790351be3e477ac0ca"
TXT: "smartsheet-site-validation=SZbuU4ZxgNoiNLzrNTUMDBs4AybiKTD-"
TXT: "D7684312"
TXT: "MS=ms48038480"
SOA: pdns01.domaincontrol.com. dns.jomax.net. 2026042902 28800 7200 604800 86400
📋HTTP 响应头
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self' blob: data: wss://127.0.0.1:* *.acsbapp.com *.bootstrapcdn.com *.casalemedia.com *.cloudflare.com *.c
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare