← new scan
~/scans/anchor.host.report
⇣ export pdf
target anchor.host
resolved162.159.134.42
scanned 2026-07-12 14:29:25
modules 7 of 7 completed
// overall risk
HIGH Risk
12 issues across 7 modules — 1 high, 5 medium, 6 low
0 critical
1 high
5 medium
6 low
0 ok
01
WHOIS & DNS
DNS records retrieved — SPF & DMARC present
· LOW
// whois
registrar Tucows Domains Inc.
created 2014-09-17
expires 2026-09-17
updated 2025-09-09
nameserver ns1.anchor.host
nameserver ns2.anchor.host
nameserver ns3.anchor.host
nameserver ns4.anchor.host
status client update prohibited
status client transfer prohibited
// dns records
A 162.159.134.42
AAAA 2606:4700:7::a29f:872a
AAAA 2606:4700:7::a29f:862a
www A 162.159.134.42
MX 5 alt1.aspmx.l.google.com
MX 5 alt2.aspmx.l.google.com
MX 10 alt3.aspmx.l.google.com
MX 10 alt4.aspmx.l.google.com
MX 1 aspmx.l.google.com
NS ns1.anchor.host
NS ns2.anchor.host
NS ns3.anchor.host
NS ns4.anchor.host
// ip whois (1)
162.159.134.42 SSL unavailable for this endpoint, order a key at https://members.ip-api.com/ whois ↗
// email security
// txt records (3)
txt.01 ca3-a645006ccce54075b8c00fa94b49c41c
txt.02 status-page-domain-verification=1wd90tn86qvx
txt.03 google-site-verification=bxhJ4BJRguHAz7-qlHvwFiq0lU3LGblwudxsacLvQ-c
// findings (6)
  • ok SPF record present
  • ok DMARC record present
  • ok 5 MX record(s) configured
  • · low No CAA records — any certificate authority can issue certs for this domain
  • · low No MTA-STS DNS record at _mta-sts — inbound mail can be downgraded
  • · low No TLS-RPT record at _smtp._tls — no visibility into TLS delivery failures
02
SSL / TLS Certificate
Valid certificate, expires in 44 days — TLSv1.3
· LOW
// raw output
issuer WE1
subject anchor.host
valid from May 27 22:15:59 2026 UTC
valid to Aug 25 23:15:55 2026 UTC
tls version TLSv1.3
// findings (3)
  • · low Certificate renews in 44 days — check auto-renewal
  • ok TLS 1.3 in use — best available protocol
  • ok HTTP redirects to HTTPS in 1 hop(s)
03
CMS Detection
WordPress detected — 3 plugins found
OK
// raw output
platform WordPress
theme anchor
plugins 3 detected
plugin.01 captaincore-manager
plugin.02 cleantalk-spam-protect
plugin.03 woocommerce
xmlrpc.php not accessible
login path /wp-login.php
user enum protected
// findings (1)
  • ok WordPress hardening looks reasonable
04
Security Headers
6 of 7 headers missing
HIGH
// raw output
HSTS MISSING
CSP MISSING
X-Frame-Options MISSING
X-Content-Type-Options ok (nosniff)
Referrer-Policy MISSING
Permissions-Policy MISSING
Cross-Origin-Opener MISSING
// findings (8)
  • medium HSTS not set — browsers may allow HTTP connections
  • high X-Frame-Options missing — clickjacking attacks possible
  • medium Referrer-Policy missing — leaking referrer data to third parties
  • medium Content-Security-Policy missing — site exposed to XSS injection
  • medium Permissions-Policy missing — browser features not restricted
  • · low Cross-Origin-Opener-Policy not set
  • ok X-Content-Type-Options is configured
  • · low No /.well-known/security.txt — researchers cannot find a contact for vulnerability reports
05
Raw HTTP Headers
HTTP/3 · 19 headers · cloudflare
OK
// detected
Cloudflare Site is fronted by Cloudflare — WAF, DDoS protection and CDN caching active
Kinsta Hosting provider: Kinsta — detected via Kinsta-specific response headers
HTTP/3 HTTP/3 (QUIC) in use — fastest available protocol, low latency and connection migration
GZIP compression Response is GZIP-compressed — reduces bandwidth usage
Cookie security All 1 cookie(s) have Secure, HttpOnly and SameSite set
// raw headers (19)
status HTTP/3 200
nel {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
date Sun, 12 Jul 2026 14:28:57 GMT
vary Accept-Encoding
cf-ray a1a0bcc2afe52972-ORD
server cloudflare
alt-svc h3=":443"; ma=86400
ki-edge v=28.4.3;mv=99.9.9
ki-origin o1i
report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare…
set-cookie __cf_bm=yOlgIqkw02neobf7rthVO9.LnmRvMQjRY9cnugsp6Ao-1783866537.390721-1.0.1.1-QH…
content-type text/html; charset=UTF-8
ki-cache-type None
x-kinsta-cache HIT
cf-cache-status DYNAMIC
content-encoding gzip
ki-cf-cache-status BYPASS
x-edge-location-klb 1
x-content-type-options nosniff
// findings (5)
  • ok Cloudflare detected (WAF + CDN)
  • ok Hosting: Kinsta (ki-* / x-kinsta-cache headers present)
  • ok HTTP/3 enabled — best available
  • ok GZIP compression active
  • ok 1 cookie(s) — all flags set correctly
06
External JS Libraries
1 external script from 1 domain
MEDIUM
// raw output
external scripts 1 from 1 domain(s)
domain fd.cleantalk.org (1 file)
static /ct-bot-detector-wrapper.js
sri-missing https://fd.cleantalk.org/ct-bot-detector-wrapper.js?ver=6.82
// findings (2)
  • ok 1 external script loaded from 1 domain
  • medium No Subresource Integrity (SRI) hashes — a CDN compromise would silently inject malicious code
07
Malware & Blocklists
Clean — not present on any monitored blocklist
OK
// raw output
Google Safe Browsing clean
VirusTotal clean
injected scripts 0 detected
malware patterns 0 matches
// findings (3)
  • ok Google Safe Browsing — clean
  • ok VirusTotal — clean
  • ok No malware signatures found across monitored blocklists
// end of report · anchor.host · 2026-07-12 14:29:25 ↻ scan again