50
高风险
2026-05-21 05:57:50
发现的安全问题
- ⚠️[LOW] 服务器信息泄露
- ⚠️[HIGH] 敏感路径暴露
- ⚠️[MEDIUM] 缺少 HTTP 安全头
修复建议
- 💡添加 DMARC 记录增强邮件安全
- 💡配置 Web 服务器添加这些安全头
- 💡移除或修改 Server/X-Powered-By 响应头
- 💡限制对这些路径的访问或添加认证
🌐域名信息
目标域名loreal.com
注册域名loreal.com
顶级域名.com
🛡️威胁情报 (7 platforms)
Blacklist未列入黑名单
Malware0
Phishing0
Abuse Score0/100
🐛发现的漏洞 (3)
MEDIUM缺少 HTTP 安全头
缺少以下安全头: Referrer-Policy, Permissions-Policy
修复建议: 配置 Web 服务器添加这些安全头
LOW服务器信息泄露
响应头泄露服务器信息: Server: cloudflare
修复建议: 移除或修改 Server/X-Powered-By 响应头
HIGH敏感路径暴露
发现可访问的敏感路径: /.env, /.git/config
修复建议: 限制对这些路径的访问或添加认证
🔌开放端口 (4)
80
http
443
https
8080
unknown
8443
unknown
🌐DNS 记录
A: 104.18.112.145
A: 104.19.175.222
AAAA: 2606:4700::6813:afde
AAAA: 2606:4700::6812:7091
MX: 10 mxa-002fa101.gslb.pphosted.com.
MX: 10 mxb-002fa101.gslb.pphosted.com.
NS: nina.ns.cloudflare.com.
NS: tim.ns.cloudflare.com.
TXT: "5SaYU5hNk3z7hZpz7XRW4YG9ANb2h0f2X56diV9Hs3A="
TXT: "atlassian-domain-verification=bn/BDCZwqJip86I9cUADCkDkkJiDu3kAwaKmaGx56No4b2wRZKzGIUFBVpVvUfGE"
TXT: "google-site-verification=el6nM8ZV1UJNUYMC8qbahD7l9."
TXT: "canva-site-verification=8scXFNxc4dhT78w9EAarRg"
TXT: "cisco-ci-domain-verification=62c68ed79717f1c0611b66f9098c71ea27b7a9878cb5f3fbca4b3d48be21e7a5"
TXT: "wrike-verification=MzAwMTI3MDpkZGMyNTNkNTVjNTczMzY2ZjYzZDhkYTNiMGFkMTVlNWEyNWQxYTk0ZDQxOTE5ZGQ4Nzk3MDJkNDczYWE0MWQy"
TXT: "google-site-verification=Q98w2UTy_UNR3OJviYItjd5xBVYy_lXTWAsRtFvVi_Y"
TXT: "google-site-verification=5KeQicuk1pzMJo5kS_Wj3F3ofq0SzVq8wJEABNOPgCQ"
TXT: "figma-domain-verification=c424bc6af3b7647cf8a06852bcb817be547d3f958b450d4514f05229f5289273-1712856071"
TXT: "adobe-idp-site-verification=460b54c37ed4a8f7374d125cc7a5d9d3a8986bc751b0ad81873cce32ebc2b638"
TXT: "MS=ms76119620"
TXT: "webexdomainverification.=b5fc7ddf-da76-493a-8361-1b1cc11b0a5c"
TXT: "wrike-verification=NDM5OTE3MzpmOWI5MjE1NTE4MWMzMzQ0ZjE1NjBmOTJlMzEzYzg1ZDcwOWM4YzI0Mzg3NjM2Yjc4YzBhZDQ3Y2Q1Nzc1ODc0"
TXT: "onetrust-domain-verification=063e5173c6cd481f8e9704eb8aaa0bf6"
TXT: "webexdomainverification.=2a8a0126-0861-4a55-b2d9-f2698b4dd216"
TXT: "K0kN+td/PZIY379TcSApMDRr+fX4Xi6/WYqtMOZKJtfQPUDmRiNwldeCpU1p7xhwxfWrIQeahUYy/OTfseCCMA=="
TXT: "apple-domain-verification=LCSAFn6kSunBB5pm"
TXT: "bG9yZWFs"
TXT: "have-i-been-pwned-verification=59f5a825e6baf1b717c8faf9a72773ad"
TXT: "workplace-domain-verification=qeex91UfNxL0itD9hxAZws0hsAGUVK"
TXT: "docusign=02c9df16-8976-430c-94a9-676708ae2d5d"
TXT: "rhino_accounts=287292d79c99df3770473bca9026d72b"
TXT: "uber-domain-verification=6e58e48c-ff4a-44f7-9a1a-710cbcf41ef8"
TXT: "docusign=1f90f6b4-53f5-45ac-a49b-2cfc1d4680d1"
TXT: "webexdomainverification.=f8a40878-df5d-4fc9-9b50-06c1c97239f1"
TXT: "onetrust-domain-verification=ca105efa1ae04db38e6db57ab6016a7f"
TXT: "apple-domain-verification=vKhBfWnvBt4Rir2P"
TXT: "2faec61e69"
TXT: "onetrust-domain-verification=d3f699c915db469ea65f3b22131f2f5b"
TXT: "cisco-ci-domain-verification=42dd029d8ba09c5cecd8ff6d3f6f4ca1e791d315ec2dfa9078bb3735f894beb8"
TXT: "MS=ms85695895"
TXT: "graphpad.com:domain-verification=Vy2wumWzeN3uMyPtLfTv9A"
TXT: "MS=ms50945594"
TXT: "postman-domain-verification=e53f8f3446c71510bfa568dc8287d2e5b2ecd1d7c893476e2c79080955725ec3be354df18911b73d5101c82a01f78b1857b7aff6a96f1545a3b62d5dcb1fbe04"
TXT: "v=spf1 mx:loreal.com include:spf.protection.outlook.com include:spf-002fa101.pphosted.com ip4:81.255.154.127 ip4:81.255.155.127 ip4:4.180.104.182 -all"
TXT: "infoblox-domain-mastery=2270439ba3b8d390d53ae6b5303d002d30a9430e436524a5e6a60226ffd0b865f4"
TXT: "google-site-verification=W3_mR_a360jHPcJnRtORp0G3QKkQH5-DJeGHYXHEW0Y"
TXT: "onetrust-domain-verification=089d132022d14f2e9edbcbabd1e58c47"
SOA: nina.ns.cloudflare.com. dns.cloudflare.com. 2404759942 10000 2400 604800 1800
📋HTTP 响应头
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains;preload
Content-Security-Policy: frame-ancestors 'self'
Server: cloudflare