35
中风险
2026-05-21 08:05:21
发现的安全问题
- ⚠️对外暴露了 3 个高风险服务端口
- ⚠️[MEDIUM] 缺少 HTTP 安全头
修复建议
- 💡添加 DMARC 记录增强邮件安全
- 💡配置 Web 服务器添加这些安全头
- 💡使用防火墙限制对这些端口的访问
🌐域名信息
目标域名sierraclub.org
注册域名sierraclub.org
顶级域名.org
🛡️威胁情报 (7 platforms)
Blacklist未列入黑名单
Malware0
Phishing0
Abuse Score0/100
🐛发现的漏洞 (1)
MEDIUM缺少 HTTP 安全头
缺少以下安全头: X-XSS-Protection, Permissions-Policy
修复建议: 配置 Web 服务器添加这些安全头
🔌开放端口 (7)
21
ftp
80
http
443
https
3306
unknown
3389
unknown
8080
unknown
8443
unknown
🌐DNS 记录
A: 199.83.133.200
A: 199.83.131.200
A: 199.83.134.200
MX: 100 alt4.aspmx.l.google.com.
MX: 10 aspmx.l.google.com.
MX: 100 alt3.aspmx.l.google.com.
MX: 50 alt2.aspmx.l.google.com.
MX: 50 alt1.aspmx.l.google.com.
NS: ns2.dnsmadeeasy.com.
NS: ns3.dnsmadeeasy.com.
NS: ns1.dnsmadeeasy.com.
NS: ns0.dnsmadeeasy.com.
NS: ns4.dnsmadeeasy.com.
TXT: "sbv5flvk2pkdq3e76mmnrrli8"
TXT: "globalsign-domain-verification=68BF77350A1290277BE354B71A983F8C"
TXT: "982gl.x.incapdns.net"
TXT: "v=spf1 include:_spf.sierraclub.org include:_spf.google.com include:_spf.salesforce.com include:em1936.sierraclub.org include:spf1.formassembly.com include:_spf1.mailgun.org include:_spf2.mailgun.org ~all"
TXT: "SFMC-K0zzqyWZlMjJFv92C2YatKuQvhb4Y43nYLjmPhV1"
TXT: "1bpf3tgu0clh4h7mte1jubr70u"
TXT: "globalsign-domain-verification=186c27a11733f8701e56a8ff834ff419"
TXT: "ZOOM_verify_JK16PB6bRcusiW_FlVtGPw"
TXT: "duo_sso_verification=dhFlnL9cZoy7na92QIsxPNSrSGTHcezShZMyEYrje3nhhLI9uPrDIzPsaAzz5leq"
TXT: "globalsign-domain-verification=FCF0FFE9248E5FB050EE4559A28A7873"
TXT: "globalsign-domain-verification=7A1E6B106E306B6D4BE38659D115C66A"
TXT: "globalsign-domain-verification=5e2ff394df8f2f33e431a33699610712"
TXT: "atlassian-sending-domain-verification=b8d03f39-cbee-42ce-a9d3-9282bbaad547"
TXT: "globalsign-domain-verification=6D904030DED169AF1097C90FD91F8893"
TXT: "apple-domain-verification=loQqMyydRX6GcsTz"
TXT: "facebook-domain-verification=q469pp5uo8p9bhs7whc8i3xrrxe9yb"
TXT: "MS=585E344DD5602BB42C97F00CA7BB76FA0F8C41F4"
TXT: "globalsign-domain-verification=40FC5B9372CD131A0B579E91633105DF"
TXT: "globalsign-domain-verification=8FD9F6C2739A2202373E780DD68C9DB7"
SOA: ns10.digicertdns.com. dns.digicertdns.com. 2009011186 43200 3600 1209600 180
📋HTTP 响应头
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' import: blob: https://www.googletagmanager.com
Referrer-Policy: strict-origin-when-cross-origin