xjpvictor's Blog | 小老鼠，上灯台，两只耳朵竖起来

HTTPS

TARGET_ANALYSIS

blog.xjpvictor.info

IP: 192.81.130.130

ASN: AS63949

A comprehensive security and network analysis report for blog.xjpvictor.info. Server: nginx. Hosted in SG.

Primary Port: 443
Scan Time: 8/1/2025, 12:16:08 AM
Shareable Report Link: https://sechttp.com/scan/blog.xjpvictor.info

Detailed Security Analysis

Attack Path & DDoS Defense Analysis

Attacker

L4 Traffic

L7 Traffic

AS63949 (nginx POP)

L4 Defended

L7 Bypassed

L4 Blocked

L7 Traffic

Your Server

Defense Summary

While nginx provides robust protection against Layer 4 (network-level) attacks, your server remains potentially vulnerable to sophisticated Layer 7 (application-level) attacks that can bypass standard CDN defenses. Additional WAF rules and application-side security measures are recommended.

Layer 4 Defense

nginx provides robust SYN flood, UDP amplification, and volumetric attack protection at the network edge.

Layer 7 Vulnerabilities

Application-layer attacks targeting 0 exposed API endpoints require additional WAF rules and rate limiting.

Server Information Disclosure

LOW

INFO-001

Description

The server is disclosing its software type: nginx. This can help attackers identify potential vulnerabilities.

Recommendation

Configure your web server to hide or modify the Server header to prevent information disclosure.

Missing X-Frame-Options Header

MEDIUM

SEC-002

Description

The site is not protected against clickjacking attacks.

Recommendation

Add the X-Frame-Options header with value 'DENY' or 'SAMEORIGIN' to prevent clickjacking.

Sensitive Information Exposure in JavaScript

HIGH

JS-001

Description

Found 27 potentially sensitive variables exposed in client-side JavaScript code.

Recommendation

Review and remove sensitive information from client-side code. Use environment variables and server-side processing for sensitive data.

Currently Testing

No fuzzing data available for this scan.

Port Scan Results

   Port Service Status Version 
HTTP  CLOSED   -  
HTTPS  OPEN   TLS 1.3  
SSH  FILTERED   -  
MySQL  CLOSED   -  
  

Port	Service	Status	Version
80	HTTP	CLOSED	-
443	HTTPS	OPEN	TLS 1.3
22	SSH	FILTERED	-
3306	MySQL	CLOSED	-

HTTP Headers Analysis

date: Fri, 01 Aug 2025 00:16:03 GMT 
vary: Accept-Encoding, Accept-Encoding, Cookie 
pragma: cache 
server: nginx 
expires: Tue, 05 Aug 2025 20:49:43 GMT 
connection: keep-alive 
content-type: text/html; charset=UTF-8 
cache-control: max-age=604800 
transfer-encoding: chunked 
x-content-type-options: nosniff 
strict-transport-security: max-age=31536000; includeSubDomains; preload 

ASN Information

ASN: AS63949

IP Address: 192.81.130.130

Network Prefix: 192.81.128.0/21

Organization: AKAMAI-LINODE-AP

Country:

🇸🇬 SG

Name: AKAMAI-LINODE-AP

Upstream Providers (10)

AS20940

AKAMAI-ASN1

Akamai International B.V.

🇳🇱 NL

upstream

AS6939

HURRICANE

Hurricane Electric LLC

🇺🇸 US

upstream

AS9498

BBIL-AP

BHARTI Airtel Ltd.

🇮🇳 IN

upstream

AS174

COGENT-174

Cogent Communications

🇺🇸 US

upstream

AS32787

PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK

Akamai Technologies, Inc.

🇺🇸 US

upstream

AS20940

AKAMAI-ASN1

Akamai International B.V.

🇳🇱 NL

upstream

AS6939

HURRICANE

Hurricane Electric LLC

🇺🇸 US

upstream

AS9498

BBIL-AP

BHARTI Airtel Ltd.

🇮🇳 IN

upstream

AS174

COGENT-174

Cogent Communications

🇺🇸 US

upstream

AS32787

PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK

Akamai Technologies, Inc.

🇺🇸 US

upstream

Internet Exchange Points (26)

🇩🇪

DE-CIX Frankfurt

300 Gbps

Bandwidth

🇩🇪

DE-CIX Frankfurt

300 Gbps

Bandwidth

🇺🇸

DE-CIX New York

50 Gbps

Bandwidth

🇺🇸

NYIIX New York

100 Gbps

Bandwidth

🇸🇬

Equinix Singapore

100 Gbps

Bandwidth

🇺🇸

Equinix Dallas

100 Gbps

Bandwidth

🇬🇧

LINX LON1

100 Gbps

Bandwidth

🇬🇧

LONAP

100 Gbps

Bandwidth

🇯🇵

BBIX Tokyo

100 Gbps

Bandwidth

🇺🇸

Equinix San Jose

100 Gbps

Bandwidth

🇺🇸

SFMIX

100 Gbps

Bandwidth

🇨🇦

TorIX

100 Gbps

Bandwidth

🇮🇳

DE-CIX Mumbai

20 Gbps

Bandwidth

🇦🇺

Equinix Sydney

20 Gbps

Bandwidth

🇺🇸

Any2West

100 Gbps

Bandwidth

🇩🇪

DE-CIX Munich

10 Gbps

Bandwidth

🇩🇪

DE-CIX Hamburg

10 Gbps

Bandwidth

🇩🇪

DE-CIX Dusseldorf

10 Gbps

Bandwidth

🇦🇺

EdgeIX - Sydney

100 Gbps

Bandwidth

🇺🇸

CIX-ATL

100 Gbps

Bandwidth

🇯🇵

JPIX TOKYO

100 Gbps

Bandwidth

🇸🇬

SGIX

100 Gbps

Bandwidth

🇨🇦

ONIX

100 Gbps

Bandwidth

🇮🇳

NIXI Mumbai

20 Gbps

Bandwidth

🇺🇸

Digital Realty Atlanta

100 Gbps

Bandwidth

🇺🇸

DE-CIX Dallas

100 Gbps

Bandwidth

JavaScript Analysis

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Exposed JavaScript Variables

27 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
key
 qid 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 f 

Risk: Information disclosure via client-side exposure
 
LEAK
 
client
 we 

Risk: Information disclosure via client-side exposure
 
LEAK
 
cookie
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
domain
 void 

Risk: Information disclosure via client-side exposure
 
LEAK
 
apiVersion
 2.2 

Risk: Information disclosure via client-side exposure
 
LEAK
 
side_rails
 7 

Risk: Information disclosure via client-side exposure
 
LEAK
 
credentials
 include 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Vi.side_rails
 7 

Risk: Information disclosure via client-side exposure
 
LEAK
 
createScriptURL
 b 

Risk: Information disclosure via client-side exposure
 
LEAK
 
google_ad_client
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
image_sidebyside
 0 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Do.image_sidebyside
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
lo.image_sidebyside
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pub_control_image_sidebyside
 200 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mobile_banner_image_sidebyside
 0 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Do.pub_control_image_sidebyside
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Eo.pub_control_image_sidebyside
 200 

Risk: Information disclosure via client-side exposure
 
LEAK
 
lo.pub_control_image_sidebyside
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mo.pub_control_image_sidebyside
 200 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Do.mobile_banner_image_sidebyside
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
lo.mobile_banner_image_sidebyside
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pub_control_image_card_sidebyside
 250 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Do.pub_control_image_card_sidebyside
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Eo.pub_control_image_card_sidebyside
 250 

Risk: Information disclosure via client-side exposure
 
LEAK
 
lo.pub_control_image_card_sidebyside
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mo.pub_control_image_card_sidebyside
 250 

Risk: Information disclosure via client-side exposure
 
Total: 27 exposed variables found

API Domain Analysis

3 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

pagead2.googlesyndication.com

Reachable

HTTPS Enabled

Security Note:

External API domains should be validated for proper authentication and rate limiting

EXTERNAL_API_DOMAIN

googleads.g.doubleclick.net

Reachable

HTTPS Enabled

Security Note:

External API domains should be validated for proper authentication and rate limiting

EXTERNAL_API_DOMAIN

adsense.com

Reachable

HTTPS Enabled

Security Note:

External API domains should be validated for proper authentication and rate limiting

JavaScript Resources

4 Files

JavaScript files loaded by the application

//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

https://piwik.onemole.net/showads.js

"//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"

"https://piwik.onemole.net/showads.js"

Security Recommendations

• Avoid exposing sensitive variables in client-side code
• Implement proper API authentication and rate limiting
• Use environment variables for sensitive configuration
• Regularly audit client-side code for information leaks
• Minimize the amount of sensitive data processed on the client side

Historical Scan Records (1)