Scan Report: taletok.com

01

WHOIS & DNS

DNS records retrieved — SPF & DMARC present

· LOW

▸

// whois

// dns records

A                     185.113.11.31
www A                 185.113.11.31
MX 0                  mail.taletok.com

// ip whois (1)

185.113.11.31         SSL unavailable for this endpoint, order a key at https://members.ip-api.com/ whois ↗

// lookup on dnsarchive.net

same IP 185.113.11.31 ↗

same MX mail.taletok.com ↗

// email security

✓ SPF

v=spf1 mx include:relay.mailchannels.net ~all

✓ DMARC

v=DMARC1; p=none;

// findings (7)

✓ ok SPF record present
✓ ok DMARC record present
✓ ok 1 MX record(s) configured
· low No CAA records — any certificate authority can issue certs for this domain
· low No MTA-STS DNS record at _mta-sts — inbound mail can be downgraded
· low No TLS-RPT record at _smtp._tls — no visibility into TLS delivery failures
· low Certificate Transparency: 19 subdomain(s) ever issued certs — autodiscover.taletok.com, blog.taletok.com, cpanel.taletok.com, cpcalendars.taletok.com, cpcontacts.taletok.com, gardsten.taletok.com (+13 more)

// external references

DNS history on dnsarchive.net ↗

02

SSL / TLS Certificate

Valid certificate, expires in 47 days — TLSv1.3

· LOW

▸

03

CMS Detection

WordPress detected — 1 plugins found

◐ MEDIUM

▸

04

Security Headers

7 of 7 headers missing

▲ HIGH

▾

// raw output

HSTS                        MISSING
CSP                         MISSING
X-Frame-Options             MISSING
X-Content-Type-Options      MISSING
Referrer-Policy             MISSING
Permissions-Policy          MISSING
Cross-Origin-Opener         MISSING

// findings (8)

◐ medium HSTS not set — browsers may allow HTTP connections
▲ high X-Content-Type-Options missing — MIME-sniffing possible
▲ high X-Frame-Options missing — clickjacking attacks possible
◐ medium Referrer-Policy missing — leaking referrer data to third parties
◐ medium Content-Security-Policy missing — site exposed to XSS injection
◐ medium Permissions-Policy missing — browser features not restricted
· low Cross-Origin-Opener-Policy not set
· low No /.well-known/security.txt — researchers cannot find a contact for vulnerability reports

05

Raw HTTP Headers

HTTP/3 · 8 headers · LiteSpeed

▲ HIGH

▾

// detected

◉ LiteSpeed Web server: LiteSpeed

✖ PHP version exposed X-Powered-By leaks the PHP version: PHP/8.2.30 — strip this header (expose_php = Off or Header unset X-Powered-By)

⚡ HTTP/3 HTTP/3 (QUIC) in use — fastest available protocol, low latency and connection migration

// raw headers (8)

status                        HTTP/3 200
date                          Fri, 01 May 2026 13:05:00 GMT
vary                          Accept-Encoding, Cookie
server                        LiteSpeed
alt-svc                       h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-… 
content-type                  text/html; charset=UTF-8
x-powered-by                  PHP/8.2.30
cache-control                 max-age=3, must-revalidate

// findings (5)

✓ ok Web server: LiteSpeed
▲ high PHP version exposed via X-Powered-By: PHP/8.2.30
✓ ok HTTP/3 enabled — best available
· low No response compression detected — consider enabling GZIP or Brotli
✓ ok Cache-Control: max-age=3, must-revalidate

06

External JS Libraries

No external JS libraries detected

✓ OK

▸

07

Malware & Blocklists

Clean — not present on any monitored blocklist

✓ OK

▸