Analysis Results

http://bluewave.net

Analyzed on September 13, 2025, 11:15 p.m. Click "Rescan Website" to get the latest data

Analysis Successful
Network Information
IP Address: 35.231.87.104
IP WHOIS Information:
  • ASN: 396982
  • ASN Description: GOOGLE-CLOUD-PLATFORM, US
  • Country: US
  • Description: Google LLC
  • CIDR: 35.208.0.0/12, 35.224.0.0/12, 35.240.0.0/13
Ping Test Check AbuseIPDB Other Websites on Same IP
Domain Information
  • Registrar: GoDaddy.com, LLC
  • Created: September 04, 1996
  • Expires: September 03, 2028
  • Last Updated: May 18, 2023
  • Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited clientRenewProhibited https://icann.org/epp#clientRenewProhibited clientTransferProhibited https://icann.org/epp#clientTransferProhibited clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
  • Name Servers:
    • NS23.DOMAINCONTROL.COM
    • NS24.DOMAINCONTROL.COM
DNS Records
Learn about DNS Records
A Records (IPv4 Addresses)
Domain IP Address
bluewave.net 35.231.87.104
MX Records (Mail Servers)
Priority Mail Server
0 bluewave-net.mail.protection.outlook.com.
TXT Records
Domain Text Record
bluewave.net "google-site-verification=GNoAb6FYc1gJBRYcnUxMm2JnoKHB3038VO6bggh3UwU"
bluewave.net "v=spf1 include:spf.protection.outlook.com -all"
bluewave.net "apple-domain-verification=VON55BFgOv2Cb0HL"
bluewave.net "MS=ms29836872"
bluewave.net "MS=ms49320965"
WWW Subdomain Records
Subdomain Type Value
www.bluewave.net A 35.231.87.104
Services Detected (3 found)
Office 365
Office 365

Email hosted on Office 365

Learn More
Apple
Apple

Apple services detected

Learn More
Google Search Console
Google Search Console

Google Search Console services detected

Learn More
View DNS History on DNS Archive
Check GeoIP Blocking
Blocklisting Status
Learn about Blocklisting Status
Overall Status: CLEAN No blocklisting detected
Services Checked: 2
VirusTotal: CLEAN
Domain is clean according to 0 scanners
No threats detected by any security scanner
Google Safe Browsing: CLEAN
Domain is not blocklisted by Google Safe Browsing
No threats detected
Hosting Information
Provider: WP Engine (medium confidence)
Detection Method: HTTP Headers
Matched Headers:
  • x-powered-by: wp engine
Company Information:

Enterprise WordPress hosting platform with advanced security, performance optimization, and developer tools.

Website
Portal
Contact:
Social Media:
Content Management System
CMS Detected: WordPress
Active Theme: bluewave-technology-group
Detected Plugins (3):
3d-flipbook-dflip-lite duracelltomi-google-tag-manager wp-rocket
Themes

1

Plugins

3

WordPress Security Analysis
FAILED
Learn about WordPress Security Analysis
XMLRPC.php Security Test PASSED

XMLRPC.php is properly protected (HTTP 403)

HTTP Status: 403

Recommendation: XMLRPC.php is properly secured.
WP-Login.php Security Test FAILED

WP-Login page is accessible without CAPTCHA protection

HTTP Status: 200

Recommendation: Implement CAPTCHA protection on wp-login.php and consider using a firewall to block brute force attacks.
User Enumeration Test PASSED

User enumeration is properly protected

Test Results:

Endpoint: http://bluewave.net/wp-json/wp/v2/users

Status: PASSED

Message: Endpoint properly protected (HTTP 401)

HTTP Status: 401

Endpoint: http://bluewave.net/?rest_route=/wp/v2/users

Status: PASSED

Message: Endpoint properly protected (HTTP 401)

HTTP Status: 401

Recommendation: WordPress REST API user enumeration is properly secured.
Failed Security Tests:
  • WP-Login
Request Assistance
Security Headers Analysis
Need help understanding security headers? View our comprehensive documentation to learn about each header and how to implement them.
Present Security Headers
Referrer-Policy
X-Frame-Options
Permissions-Policy
X-Content-Type-Options
Content-Security-Policy
Strict-Transport-Security
Missing Security Headers
X-XSS-Protection
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy
Request Assistance
External JavaScripts Detected
Only scripts from different domains are shown
Domain Script URL Type
boards.greenhouse.io https://boards.greenhouse.io/embed/job_board/js?for=bluewavetechnologygroup External
cdn.userway.org https://cdn.userway.org/widget.js External
www.googletagmanager.com https://www.googletagmanager.com/gtm.js Inline Reference
Malware Analysis Details
Suspicious Patterns Detected
Suspicious setTimeout with redirect

Delayed redirect that could be malicious

Severity: MEDIUM

Matches Found: 1

Sample Matches:
setTimeout(function() { load_slider(); load_iframe(); }, 1000); // tagline = localStorage.getItem('tagline'); // if (tagline == 'off') { // jQuery(".top-bar").css("display", "none"); // } else { // jQuery(".top-bar").show(); // } jQuery(this).mousedown(function() { load_slider(); load_iframe(); }); jQuery(this).mousemove(function() { load_slider(); load_iframe(); }); jQuery(this).scroll(function() { load_slider(); load_iframe(); }); jQuery(this).mouseup(function() { load_slider(); load_iframe(); }); jQuery(this).click(function() { load_slider(); load_iframe(); }); jQuery(this).keypress(function() { load_slider(); load_iframe(); }); var flag = 0; function load_slider() { if (flag == 0) { var data_bg = jQuery('.custom-lazystyle').attr('data-style'); jQuery('.custom-lazystyle').css("background-image", "url(" + data_bg + ")"); jQuery('.custom-lazystyle').fadeIn('2000'); jQuery('.custom-bg').fadeOut('2000'); jQuery('.main-banner').fadeIn('2000'); flag = 1; } } var flag_iframe = 0; function load_iframe() { if (flag_iframe == 0) { jQuery('body iframe').each(function() { if (jQuery(this).hasClass('custom-lazyload')) { var data_src = jQuery(this).attr('data-src'); jQuery(this).attr('src', data_src); jQuery(this).fadeIn(1000); jQuery('#play-now').removeAttr('disabled'); } }); flag_iframe = 1; } } //Owl Carouel Slider Script jQuery('.owl-carousel').each(function() { var $carousel = jQuery(this); var $items = ($carousel.data('items') !== undefined) ? $carousel.data('items') : 1; var $items_tablet = ($carousel.data('items-tablet') !== undefined) ? $carousel.data('items-tablet') : 1; var $items_mobile_landscape = ($carousel.data('items-mobile-landscape') !== undefined) ? $carousel.data('items-mobile-landscape') : 1; var $items_mobile_portrait = ($carousel.data('items-mobile-portrait') !== undefined) ? $carousel.data('items-mobile-portrait') : 1; $carousel.owlCarousel({ loop: ($carousel.data('loop') !== undefined) ? $carousel.data('loop') : true, items: $carousel.data('items'), margin: ($carousel.data('margin') !== undefined) ? $carousel.data('margin') : 0, dots: ($carousel.data('dots') !== undefined) ? $carousel.data('dots') : true, nav: ($carousel.data('nav') !== undefined) ? $carousel.data('nav') : true, navText: [""], autoplay: ($carousel.data('autoplay') !== undefined) ? $carousel.data('autoplay') : true, autoplayTimeout: ($carousel.data('autoplay-timeout') !== undefined) ? $carousel.data('autoplay-timeout') : 4000, animateIn: ($carousel.data('animatein') !== undefined) ? $carousel.data('animatein') : false, animateOut: ($carousel.data('animateout') !== undefined) ? $carousel.data('animateout') : false, mouseDrag: ($carousel.data('mouse-drag') !== undefined) ? $carousel.data('mouse-drag') : true, autoWidth: ($carousel.data('auto-width') !== undefined) ? $carousel.data('auto-width') : false, autoHeight: ($carousel.data('auto-height') !== undefined) ? $carousel.data('auto-height') : false, center: ($carousel.data('center') !== undefined) ? $carousel.data('center') : false, responsiveClass: true, dotsEachNumber: true, smartSpeed: 150, autoPlay: 50, autoplayHoverPause: true, animateOut: 'fadeOut', animateIn: 'fadeIn', responsive: { 0: { items: $items_mobile_portrait, }, 768: { items: $items_mobile_landscape, }, 992: { items: $items_tablet, }, 1200: { items: $items, } } }); var totLength = jQuery('.owl-dot', $carousel).length; jQuery('.total-no', $carousel).html(totLength); jQuery('.current-no', $carousel).html(totLength); $carousel.owlCarousel(); jQuery('.current-no', $carousel).html(1); $carousel.on('changed.owl.carousel', function(event) { var total_items = event.page.count; var currentNum = event.page.index + 1; jQuery('.total-no', $carousel).html(total_items); jQuery('.current-no', $carousel).html(currentNum); }); }); }); });</script> <script>window.addEventListener('DOMContentLoaded', function() { jQuery(document).ready(function() { var querystring = location
Recommendations
  • Review and clean suspicious HTML patterns
  • Consider using a Web Application Firewall (WAF)
Request Assistance
HTTP Headers
Learn about HTTP Headers
HTTP Response Code
200 OK - Request successful
HTTP Protocol Version
Excellent! Your website is using HTTP/2

Your website is using a modern HTTP protocol version, which provides better performance and security features.

Information Disclosure: Server Version

Header: server
Value: nginx

Server Type: Nginx

The Server header reveals server version information, which can be used by attackers to identify vulnerabilities.
Gzip Compression Enabled 👍

Great! This site is using Gzip compression to improve performance and reduce bandwidth usage.

Header Value
date Sat, 13 Sep 2025 23:15:47 GMT
link <https://bluewave.net/wp-json/>; rel="https://api.w.org/", <https://bluewave.net/wp-json/wp/v2/pages/85>; rel="alternate"; title="JSON"; type="application/json", <https://bluewave.net/>; rel=shortlink
vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
server nginx
x-cache HIT: 1
x-cacheable SHORT
content-type text/html; charset=UTF-8
http_version HTTP/2
x-powered-by WP Engine
cache-control max-age=600, must-revalidate
x-cache-group normal
referrer-policy no-referrer-when-downgrade
x-frame-options SAMEORIGIN
content-encoding gzip
permissions-policy accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), interest-cohort=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-script=(), sync-xhr=(), usb=(), vertical-scroll=(), web-share=(), wake-lock=(), xr-spatial-tracking=()
x-content-type-options nosniff
content-security-policy upgrade-insecure-requests
strict-transport-security max-age=31536000
Service Disclaimer

Free Service: This website security analyzer is provided as a free service to help website owners and administrators identify potential security issues and improve their website's security posture.

Donations: We welcome and appreciate donations to help us maintain and improve this service. Your support helps us keep this tool free and continuously enhance its capabilities.

Affiliate Links: We may use affiliate links for various security services, hosting providers, and security tools mentioned throughout this analysis. If you choose to purchase any of these services through our links, we may receive a small commission at no additional cost to you. This helps support the development and maintenance of this free service.

Support Our Service

Help us keep this tool free and improve it further

Buy us a Coffee Make a Donation via PayPal
Please wait, running the scan...
This may take a few moments