1. Infrastructure Overview

Hosting Location: San Francisco, California, United States ISP: Railway Status: Online (HTTP 200)

The application is hosted on Railway cloud infrastructure. This suggests a managed hosting environment where OS-level access may be abstracted.

2. SSL/TSL Config

   • Certificate Authority: Let’s Encrypt (R13)
   • Key Type: RSA 2048-bit
   • Cipher: TLS_AES_128_GCM_SHA256
   • Validity: 90-day auto-renewal cycle
   • Domain match: Valid (CN and SAN aligned)

3. DNS.

   Cloudflare Name Servers:

   • eugene.ns.cloudflare.com
   • adel.ns.cloudflare.com

Risk: Exposing the origin server IP bypasses CDN/WAF protection mechanisms.

4. Detected Open Ports:

   • 22 (SSH)
   • 80 (HTTP)
   • 443 (HTTPS)

   Risk: For Port: 22 (SSH): Public SSH exposure increases attack surface:

   • Brute-force attempts
   • Credential stuffing
   • Automated scanning

5. DNSSEC Status: Not Found, the risk is allows potential DNS spoofing scenarios.

6. No security.txt

Conclusion: Overall, the current security posture demonstrates a stable and modern baseline configuration, particularly in terms of SSL/TLS implementation and limited exposed services. However, several infrastructure-level exposures remain, including public SSH access, visible origin IP, lack of DNSSEC, and absence of a security disclosure policy. While none of these findings indicate an immediate critical vulnerability, they increase reconnaissance visibility and potential attack surface. Strengthening network concealment, access control, and DNS integrity mechanisms would significantly improve resilience against automated attacks and targeted exploitation.

You can see all the reports here: https://jsonhero.io/j/zkvAeMsVXQbz