This is a redacted preview of an actual RedRadar OSINT report. Your full report includes detailed findings, remediation steps, and risk ratings for every item.
Discovered 23 subdomains. staging.example-startup.com and dev.example-startup.com are publicly accessible with no authentication. old-api.example-startup.com is serving a deprecated API version with known CVEs.
No SPF record found. DMARC policy set to p=none — domain is spoofable. DKIM not configured for transactional mail subdomain. DNSSEC not enabled.
Main domain: TLS 1.3 configured correctly. api.example-startup.com still accepts TLS 1.0/1.1 connections. Certificate for mail.example-startup.com expires in 11 days.
Primary IP (203.0.113.42) not listed on any major blocklists. No spam reports. ASN has good reputation. No prior abuse history found.
2 credential sets found in public paste sites referencing this domain. A GitHub repository (now deleted) contained an exposed .env file with database credentials — rotation recommended immediately.
Detected: Nginx 1.18.0, Node.js 18.12.0, WordPress 6.3.1. CVE-2023-44487 (HTTP/2 Rapid Reset, CVSS 7.5) applicable to Nginx version. WordPress plugin WP-Statistics has CVE-2024-1234 (unauthenticated SQLi, CVSS 9.8).
Your full report includes complete finding details, step-by-step remediation guidance, and CVSS scoring for every vulnerability — all delivered as a professional PDF in 24 hours.
Order Your Report →