www.visiansystems.com

HTTPS

ZIEL_ANALYSE

IP: 0.0.0.0

ASN: AS0

Ein umfassender Sicherheits- und Netzwerkanalysebericht für www.visiansystems.com. Server: nginx/1.18.0 (Ubuntu).

Hauptport: 443
Scan-Zeit: 5/11/2026, 12:59:45 PM
Teilbarer Bericht-Link: https://sechttp.com/scan/www.visiansystems.com

Detaillierte Sicherheitsanalyse

Angriffspfad- und DDoS-Schutzanalyse

Angreifer

L4-Verkehr

L7-Verkehr

AS0 (nginx/1.18.0 (Ubuntu) POP)

L4 verteidigt

L7 umgangen

L4 blockiert

L7-Verkehr

Ihr Server

Verteidigungsübersicht

Während nginx/1.18.0 (Ubuntu) robusten Schutz gegen Angriffe der Schicht 4 (Netzwerkebene) bietet, bleibt Ihr Server potenziell anfällig für ausgeklügelte Angriffe der Schicht 7 (Anwendungsebene), die Standard-CDN-Abwehrmechanismen umgehen können. Zusätzliche WAF-Regeln und anwendungsspezifische Sicherheitsmaßnahmen werden empfohlen.

Schicht-4-Verteidigung

nginx/1.18.0 (Ubuntu) bietet robusten Schutz gegen SYN-Flood, UDP-Verstärkung und volumetrische Angriffe an der Netzwerkgrenze.

Schicht-7-Schwachstellen

Anwendungsangriffe, die auf 3 offengelegte API-Endpunkte abzielen, erfordern zusätzliche WAF-Regeln und Ratenbegrenzung.

Offenlegung von Serverinformationen

LOW

INFO-001

Beschreibung

Der Server gibt seinen Softwaretyp preis: nginx/1.18.0 (Ubuntu). Dies kann Angreifern helfen, potenzielle Schwachstellen zu identifizieren.

Empfehlung

Konfigurieren Sie Ihren Webserver so, dass der Server-Header ausgeblendet oder geändert wird, um die Offenlegung von Informationen zu verhindern.

Fehlender oder ungültiger HSTS-Header

MEDIUM

SEC-001

Beschreibung

Der Strict-Transport-Security-Header ist nicht richtig konfiguriert, wodurch die Website anfällig für Man-in-the-Middle-Angriffe ist.

Empfehlung

Implementieren Sie HSTS, indem Sie den Strict-Transport-Security-Header mit einem geeigneten max-age-Wert hinzufügen, um HTTPS-Verbindungen zu erzwingen.

Fehlender X-Frame-Options-Header

MEDIUM

SEC-002

Beschreibung

Die Website ist nicht gegen Clickjacking-Angriffe geschützt.

Empfehlung

Fügen Sie den X-Frame-Options-Header mit dem Wert 'DENY' oder 'SAMEORIGIN' hinzu, um Clickjacking zu verhindern.

Offenlegung sensibler Informationen in JavaScript

HIGH

JS-001

Beschreibung

Es wurden 159 potenziell sensible Variablen im clientseitigen JavaScript-Code gefunden.

Empfehlung

Überprüfen und entfernen Sie sensible Informationen aus dem clientseitigen Code. Verwenden Sie Umgebungsvariablen und serverseitige Verarbeitung für sensible Daten.

root@sechttp: /var/log/fuzz

 root@sechttp : ~ $ 
 >  [Code: 200]  
https://player.vimeo.com/api/player.js [SENSIBLE DATENLECK]  
 >  [Code: 403]  
https://vimeo.com/api/oembed.json?url={0}  [VERBOTEN] 
 >  [Code: 404]  
https://go.aniview.com/api/adserver6/vast/?${Ke({AV_PUBLISHERID:   
 [+] Scan abgeschlossen. Gefunden 1 potenzielle Lecks. 
root@sechttp:~$

Ergebnisse des Port-Scans

   Port Dienst Status Version 
HTTP  GESCHLOSSEN   -  
HTTPS  OFFEN   TLS 1.3  
SSH  GEFILTERT   -  
MySQL  GESCHLOSSEN   -  
  

Port	Dienst	Status	Version
80	HTTP	GESCHLOSSEN	-
443	HTTPS	OFFEN	TLS 1.3
22	SSH	GEFILTERT	-
3306	MySQL	GESCHLOSSEN	-

HTTP-Header-Analyse

date: Mon, 11 May 2026 12:59:37 GMT 
host: www.visiansystems.com 
pragma: no-cache 
server: nginx/1.18.0 (Ubuntu) 
expires: -1 
connection: keep-alive 
set-cookie:XSRF-TOKEN=eyJpdiI6IkpWWXdHMW5aRmpEWS9QMC92Wlk1VEE9PSIsInZhbHVlIjoiaFVvem9zQ1BYR3cxY09ZYjR6dDdYa29UOTFMZnBQN3VucUFRNnExN2lBZXlWUFdHMVE4OVNCdTRsaEdMRVpLT1IwS3Z6NmxNRkVQczhsUXpGQnRxZ2tzK3I5bURvSDdSK0wzMGhQb2lDVWNGN01Sck1wKytrcnQ4dWUza0ZYckYiLCJtYWMiOiJjN2Q2ZTJlZTYzZWIzNjkwZmMyYmUxMjEyOTc1MDI1NDQ1YjA5NzVjMGZiMzkyOTYzOTdjMzA0NGEwODFkYzU3IiwidGFnIjoiIn0%3D; expires=Mon, 11 May 2026 14:59:37 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IlVkNlhWZ2xPMVhTZUVPYWcxejdiOGc9PSIsInZhbHVlIjoidDJFQWJjTytFYS9CdTdkeGJybGoybEo0WDdlY2dZbXRDWjN2SC83QUZiR0l0MncyZHNYcURhNDdWVE12YkpsOXkwNkdUTE9sQUNCQjd1Q1ZQOG1KVXlZQjIzandsRHU3TVRpTVNnOElPNHBiMng1WmJsM1dFMC9XSzdQWmRFZUMiLCJtYWMiOiJkZDM3YTk0NDI0OWI2YjA0MjI4ZmEzYTA0OWRhMmRlZWQ2ZmY4OGJkNjQ0Y2U0NzkwODAyZTFkMWZjY2EwM2I3IiwidGFnIjoiIn0%3D; expires=Mon, 11 May 2026 14:59:37 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-type: text/html; charset=UTF-8 
x-powered-by: PHP/8.1.19 
cache-control: private, must-revalidate 
transfer-encoding: chunked 

Derzeit in der Testphase

Peering-Informationen werden analysiert.

Derzeit in der Testphase

Daten zu Internet-Austauschpunkten werden gesammelt.

JavaScript-Analyse

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Offengelegte JavaScript-Variablen

159 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
Url
 http 

Risk: Information disclosure via client-side exposure
 
LEAK
 
api
 https://noembed.com/embed?url=https://www.youtube.com/watch?v={0} 

Risk: Information disclosure via client-side exposure
 
LEAK
 
key
 t 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_key
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
code
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keys
 n 

Risk: Information disclosure via client-side exposure
 
LEAK
 
side
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Token
 W 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyup
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sideX
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sideY
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
AV_URL
 window 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Author
 Copyright 

Risk: Information disclosure via client-side exposure
 
LEAK
 
COOKIE
 D, dd M yy 

Risk: Information disclosure via client-side exposure
 
LEAK
 
access
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
altKey
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
bsKeys
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
codecs
 ${de[e]} 

Risk: Information disclosure via client-side exposure
 
LEAK
 
device
 r 

Risk: Information disclosure via client-side exposure
 
LEAK
 
encode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
inside
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
number
 i 

Risk: Information disclosure via client-side exposure
 
LEAK
 
tagUrl
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
TAB_KEY
 Tab 

Risk: Information disclosure via client-side exposure
 
LEAK
 
altSide
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientX
 this 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientY
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ctrlKey
 l 

Risk: Information disclosure via client-side exposure
 
LEAK
 
iconUrl
 https://cdn.plyr.io/3.7.2/plyr.svg 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyCode
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keydown
 _panelKeydown 

Risk: Information disclosure via client-side exposure
 
LEAK
 
metaKey
 o 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pureKey
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY
 bs.toast 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_altSide
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyUp
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_keydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
addEvent
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
charCode
 b 

Risk: Information disclosure via client-side exposure
 
LEAK
 
isMobile
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
isNumber
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyboard
 boolean 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keypress
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mainSide
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
noCookie
 true 

Risk: Information disclosure via client-side exposure
 
LEAK
 
shiftKey
 r 

Risk: Information disclosure via client-side exposure
 
LEAK
 
snapItem
 s 

Risk: Information disclosure via client-side exposure
 
LEAK
 
tokenize
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
uidEvent
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_KEY
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
TAB_KEY$1
 Tab 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_isNumber
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_keyEvent
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_mainSide
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
cleanKeys
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
i.keydown
 _keydown 

Risk: Information disclosure via client-side exposure
 
LEAK
 
snapIndex
 t 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlPrefix
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
wrapInner
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$1
 bs.tab 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$2
 bs.scrollspy 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$3
 bs.offcanvas 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$4
 bs.modal 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$5
 bs.focustrap 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$6
 bs.dropdown 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$7
 bs.collapse 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$8
 bs.carousel 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$9
 bs.button 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_KEY$a
 bs.alert 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ESCAPE_KEY
 Escape 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Y.keyboard
 boolean 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
capitalize
 h 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientRect
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientSize
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
handlerKey
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
offsetSide
 top 

Risk: Information disclosure via client-side exposure
 
LEAK
 
slideVideo
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
statusCode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
unsetSides
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_KEY$9
 .bs.swipe 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Wi.keyboard
 boolean 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyPress
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_tabKeydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientRects
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientWidth
 0 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyHandlers
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ki.keyboard
 boolean 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ARROW_UP_KEY
 ArrowUp 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_API_KEY
 .data-api 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ESCAPE_KEY$1
 Escape 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ESCAPE_KEY$2
 Escape 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientHeight
 0 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientOffset
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
copyIconCode
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
isOriginSide
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberFormat
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_KEYDOWN
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_panelKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_panelKeydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
computeStyles
 ue 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ARROW_DOWN_KEY
 ArrowDown 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ARROW_LEFT_KEY
 ArrowLeft 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ARROW_UP_KEY$1
 ArrowUp 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_API_KEY$1
 .data-api 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_API_KEY$2
 .data-api 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_API_KEY$3
 .data-api 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_API_KEY$4
 .data-api 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_API_KEY$5
 .data-api 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_API_KEY$6
 .data-api 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getOrderNumber
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getSideOffsets
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
isMobileDevice
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberOfChecks
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberOfMonths
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
playSlideVideo
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
stopSlideVideo
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ARROW_RIGHT_KEY
 ArrowRight 

Risk: Information disclosure via client-side exposure
 
LEAK
 
nextWhenVisible
 this 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ARROW_DOWN_KEY$1
 ArrowDown 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ARROW_LEFT_KEY$1
 ArrowLeft 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DATA_URL_PATTERN
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
KEY_TO_DIRECTION
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
SAFE_URL_PATTERN
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
altVariationSide
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
normalizeDataKey
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
popperClientRect
 referenceClientRect 

Risk: Information disclosure via client-side exposure
 
LEAK
 
rectToClientRect
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ARROW_RIGHT_KEY$1
 ArrowRight 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_KEYDOWN_TAB
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
elementClientRect
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mainVariationSide
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
slideVisibleClass
 swiper-slide-visible 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Default$5.keyboard
 true 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Default$6.keyboard
 true 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Default$b.keyboard
 true 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_getNumberOfMonths
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clippingClientRect
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getFreshSideObject
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyboardNavigation
 true 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_LOAD_DATA_API
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
closeOnOutsideClick
 true 

Risk: Information disclosure via client-side exposure
 
LEAK
 
referenceClientRect
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
touchReleaseOnEdges
 i 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_CLICK_DATA_API
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_KEYUP_DATA_API
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_closeOnClickOutside
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_intersectsWithSides
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
capitalizedDimension
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_KEYDOWN_DISMISS
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getBoundingClientRect
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
isAnySideFullyClipped
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DefaultType$5.keyboard
 boolean 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DefaultType$6.keyboard
 boolean 

Risk: Information disclosure via client-side exposure
 
LEAK
 
EVENT_KEYDOWN_DATA_API
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keysWithDifferentValues
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getClientRectFromMixedType
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getInnerBoundingClientRect
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
Total: 159 exposed variables found

API-Domänenanalyse

34 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

www.gstatic.com

Reachable

HTTPS Enabled

Security Note: