Pulse

monitoring app365.fr

Random Pic

https://random-pic.app365.fr
Démarré 09/07/2026 13:00:33Terminé 09/07/2026 13:00:4915615 msStatut : PARTIALTrigger : schedule:cmph3vjhe0000q7za8x3o6j3g

Résumé

{
  "seo": {
    "ok": true,
    "lang": "fr",
    "score": 100,
    "title": "random·pic — galerie aléatoire de wallpapers",
    "h1Count": 1,
    "finalUrl": "https://random-pic.app365.fr/",
    "imgTotal": 0,
    "robotsOk": true,
    "canonical": "https://random-pic.app365.fr",
    "sitemapOk": true,
    "ogComplete": true,
    "jsonLdCount": 1,
    "titleLength": 44,
    "imgWithoutAlt": 0,
    "descriptionLength": 150
  },
  "tls": {
    "ok": true,
    "host": "random-pic.app365.fr",
    "cipher": "TLS_AES_128_GCM_SHA256",
    "issuer": "E7",
    "subject": "random-pic.app365.fr",
    "validTo": "2026-08-10T19:39:46.000Z",
    "protocol": "TLSv1.3",
    "daysToExpiry": 32
  },
  "deps": {
    "ok": true,
    "detected": [
      "1.1 Caddy",
      "Next.js"
    ],
    "versionedCount": 1
  },
  "ports": {
    "ok": true,
    "host": "random-pic.app365.fr",
    "scanned": 30,
    "services": {
      "22": "ssh OpenSSH 9.2p1 Debian 2+deb12u10 (protocol 2.0)",
      "80": "http Caddy httpd",
      "443": "ssl/http Caddy httpd"
    },
    "openPorts": [
      22,
      80,
      443
    ]
  },
  "uptime": {
    "ok": true,
    "method": "HEAD",
    "finalUrl": "https://random-pic.app365.fr/",
    "httpStatus": 200,
    "redirected": true,
    "responseTimeMs": 66
  },
  "headers": {
    "ok": true,
    "score": 94,
    "server": null,
    "headers": {
      "Referrer-Policy": "strict-origin-when-cross-origin",
      "X-Frame-Options": "DENY",
      "Permissions-Policy": "geolocation=(), microphone=(), camera=()",
      "X-Content-Type-Options": "nosniff",
      "Content-Security-Policy": "default-src 'self'; script-src 'self' 'unsafe-inline' analytics.app365.fr; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' analytics.app365.fr; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'",
      "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload"
    },
    "httpStatus": 200
  }
}

Findings (5)

UPTIME
  • INFORedirection vers https://random-pic.app365.fr/UPTIME_REDIRECT

    https://random-pic.app365.fr → https://random-pic.app365.fr/

    evidence
    {
      "to": "https://random-pic.app365.fr/",
      "from": "https://random-pic.app365.fr"
    }
HEADERS
  • LOWCSP présent mais avec unsafe-inline/unsafe-evalSEC_HEADER_CSP

    Affaiblit la protection XSS. Privilégier nonces/hashes.

    evidence
    {
      "value": "default-src 'self'; script-src 'self' 'unsafe-inline' analytics.app365.fr; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' analytics.app365.fr; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'",
      "header": "Content-Security-Policy",
      "recommend": "Définir une CSP restrictive"
    }
PORTS
  • HIGHPort 22/ssh ouvert publiquementPORT_OPEN_REMOTE

    Accès à distance exposé. À limiter par firewall ou désactiver si non utilisé.

    evidence
    {
      "port": 22,
      "service": "ssh OpenSSH 9.2p1 Debian 2+deb12u10 (protocol 2.0)",
      "category": "REMOTE"
    }
DEPS
  • LOWVersion divulguée via Via: 1.1 CaddyDEPS_VERSION_DISCLOSURE

    Exposer une version aide les attaquants à cibler les CVE connus. À masquer côté serveur ou reverse-proxy.

    evidence
    {
      "value": "1.1 Caddy",
      "header": "via",
      "detected": "1.1 Caddy"
    }
  • INFONext.js détectéDEPS_FRAMEWORK_HTML

    Signature détectée dans le HTML servi.

    evidence
    {
      "match": "<script src=\"/_next/static/",
      "framework": "Next.js"
    }