20
低风险
2026-05-21 05:16:17
发现的安全问题
- ⚠️[MEDIUM] 缺少 HTTP 安全头
修复建议
- 💡添加 DMARC 记录增强邮件安全
- 💡配置 Web 服务器添加这些安全头
🌐域名信息
目标域名billmelater.com
注册域名billmelater.com
顶级域名.com
🛡️威胁情报 (7 platforms)
Blacklist未列入黑名单
Malware0
Phishing0
Abuse Score0/100
🐛发现的漏洞 (1)
MEDIUM缺少 HTTP 安全头
缺少以下安全头: X-Frame-Options, Referrer-Policy
修复建议: 配置 Web 服务器添加这些安全头
🔌开放端口 (2)
80
http
443
https
🌐DNS 记录
A: 208.76.140.143
MX: 10 mx1.paypalcorp.com.
MX: 10 mx2.paypalcorp.com.
NS: pdns100.ultradns.com.
NS: pdns100.ultradns.net.
NS: ns1-pchnet.paypal.com.
NS: ns2-pchnet.paypal.com.
TXT: "MS=ms12915091"
TXT: "google-site-verification:c2yq7-fqaabWnH_q4tpi52ruBznq1C7dAaHV6nUqquI"
TXT: "v=spf1.0/pra include:ppcorp._spf.paypal.com include:rm04.net include:billmelater.messages1.com mx -all"
TXT: "v=spf2.0/pra include:ppcorp._spf.paypal.com include:rm04.net include:billmelater.messages1.com mx -all"
TXT: "v=spf1 include:ppcorp._spf.paypal.com include:rm04.net include:pp._spf.paypal.com include:billmelater.messages1.com mx -all"
SOA: ppdns.paypal.com. hostmaster.paypal.com. 1957 7200 600 1209600 300
📋HTTP 响应头
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.c
Permissions-Policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https:/