← sycrion.ruIllustrative example · not real data

Sample report

example-corp.eu

IP: 185.43.218.47Scanned: 2025-04-17T08:23:41ZDuration: 51sSources: 10 publicScan type: External passive + limited active
41
Posture score · external sources only · how it's calculated
3 HIGH4 MEDIUM2 LOW1 INFO

Findings (9)

Raw evidence

; DNS evidence for example-corp.eu
; Retrieved: 2025-04-17T08:23:43Z via direct resolver query

example-corp.eu.          3600  IN  A      185.43.218.47
example-corp.eu.          3600  IN  MX  10 mail.example-corp.eu.
example-corp.eu.          3600  IN  NS     ns1.your-server.de.
example-corp.eu.          3600  IN  NS     ns3.your-server.de.
example-corp.eu.          3600  IN  TXT    "v=spf1 include:_spf.google.com ~all"

; DMARC
_dmarc.example-corp.eu.  → NXDOMAIN  [FINDING: F-001 — DMARC absent]

; DKIM (checked common selectors: google, default, mail, dkim, selector1, selector2)
google._domainkey.example-corp.eu.  → NXDOMAIN
default._domainkey.example-corp.eu. → NXDOMAIN
mail._domainkey.example-corp.eu.    → NXDOMAIN
; Note: non-standard DKIM selectors are not checked

; DNSSEC
example-corp.eu.          → No DS record at parent, DNSSEC not enabled  [FINDING: F-007]

; CAA
example-corp.eu.          → NXDOMAIN  (no CAA record — any CA may issue certificates)
HTTP path probes — retrieved 2025-04-17T08:24:22Z70 paths checked · showing first 13
/.env200312BF-002 variant — read content
/.git/config200271BF-002
/backup.sql404
/admin302
/wp-admin404
/.DS_Store404
/config.php404
/phpinfo.php404
/.htaccess403
/server-status403
/actuator/health404
/actuator/env404
/.well-known/security404

Control references

Findings that relate to externally observable aspects of these framework articles. This is not a compliance assessment — it does not evaluate internal controls, organisational processes, or policy.

NIS2 Art. 21(2)(d)

3 findings

Email authentication (DMARC, SPF)

NIS2 Art. 21(2)(e)

1 finding

Transport security (HSTS)

NIS2 Art. 21(2)(h)

1 finding

DNSSEC

GDPR Art. 32(1)(a)

1 finding

Encryption in transit (TLS version)

ISO 27001 A.8.8

2 findings

Vulnerability management (nginx CVE, banner)

ISO 27001 A.8.12

1 finding

Information leakage (.git exposure)

Run this on your domain

Free scan. Results in 90 seconds. No installation, no credentials.

Assess your domain →

This is an illustrative example using a fictional domain. All data, IP addresses, and findings are simulated for demonstration purposes. Real scan output will reflect actual public data for the domain scanned. External passive scan only — does not reflect internal security posture.