Just a moment...

HTTPS

TARGET_ANALYSIS

amphibee.fr

IP: 0.0.0.0

ASN: AS0

A comprehensive security and network analysis report for amphibee.fr. Server: cloudflare.

Primary Port: 443
Scan Time: 4/12/2026, 11:50:47 AM
Shareable Report Link: https://sechttp.com/scan/amphibee.fr

Detailed Security Analysis

Attack Path & DDoS Defense Analysis

Attacker

L4 Traffic

L7 Traffic

AS0 (cloudflare POP)

L4 Defended

L7 Bypassed

L4 Blocked

L7 Traffic

Your Server

Defense Summary

While cloudflare provides robust protection against Layer 4 (network-level) attacks, your server remains potentially vulnerable to sophisticated Layer 7 (application-level) attacks that can bypass standard CDN defenses. Additional WAF rules and application-side security measures are recommended.

Layer 4 Defense

cloudflare provides robust SYN flood, UDP amplification, and volumetric attack protection at the network edge.

Layer 7 Vulnerabilities

Application-layer attacks targeting 0 exposed API endpoints require additional WAF rules and rate limiting.

Server Information Disclosure

LOW

INFO-001

Description

The server is disclosing its software type: cloudflare. This can help attackers identify potential vulnerabilities.

Recommendation

Configure your web server to hide or modify the Server header to prevent information disclosure.

Missing or Invalid HSTS Header

MEDIUM

SEC-001

Description

The Strict-Transport-Security header is not properly configured, leaving the site vulnerable to man-in-the-middle attacks.

Recommendation

Implement HSTS by adding the Strict-Transport-Security header with a proper max-age value to force HTTPS connections.

Missing X-Frame-Options Header

MEDIUM

SEC-002

Description

The site is not protected against clickjacking attacks.

Recommendation

Add the X-Frame-Options header with value 'DENY' or 'SAMEORIGIN' to prevent clickjacking.

Sensitive Information Exposure in JavaScript

HIGH

JS-001

Description

Found 1 potentially sensitive variables exposed in client-side JavaScript code.

Recommendation

Review and remove sensitive information from client-side code. Use environment variables and server-side processing for sensitive data.

Currently Testing

No fuzzing data available for this scan.

Port Scan Results

   Port Service Status Version 
HTTP  CLOSED   -  
HTTPS  OPEN   TLS 1.3  
SSH  FILTERED   -  
MySQL  CLOSED   -  
  

Port	Service	Status	Version
80	HTTP	CLOSED	-
443	HTTPS	OPEN	TLS 1.3
22	SSH	FILTERED	-
3306	MySQL	CLOSED	-

HTTP Headers Analysis

age: 2632 
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} 
via: 1.1 96d4d067-a626-4e25-866d-db1f3597e818 (Varnish/8.0) 
date: Sun, 12 Apr 2026 11:50:44 GMT 
link: <https://amphibee.fr/wp-json/>; rel="https://api.w.org/", <https://amphibee.fr/wp-json/wp/v2/pages/5>; rel="alternate"; title="JSON"; type="application/json", <https://amphibee.fr/>; rel=shortlink 
vary: Accept-Encoding 
cf-ray: 9eb203dc3e5e08f4-LAX 
server: cloudflare 
alt-svc: h3=":443"; ma=86400 
sozu-id: 01KP0RF9KWYSJK2X5WRBK7FZTH 
x-cache: HIT 
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ff%2FiKPf1E3oNAuY0WsQKlk7dN08wi%2BWUQKztd7oZB5qmMOXBBu7484fdmzPuHgFylwFjpezFP43cfITERH4RZ9HKLA%2B25inrL5CYu%2BVjpyA4ldRP9qO3aa1a3kP6"}]} 
x-varnish: 1835099 2328337 
connection: keep-alive 
set-cookie:XSRF-TOKEN=eyJpdiI6IkJ0dWdFL3cya3hUTjNvS3czR2hsSGc9PSIsInZhbHVlIjoiVW5ZSjhYaVQ3ZTZzcStnQ0ZpUHJhRG8vWFZNUkpVQzI1WEdUbC9oVlB4eEs0cUhaS0Job2Z6OGFEZmhWamVzR3dMcklVS0ZFTmFHTXFJSWpyQURjS0ZIaVlyOSs0ZFpCRWRndXphdE9ZakpSbGl5VHI3V3Z0eFgxaUxHZWZXMFkiLCJtYWMiOiI3ZjcxZWRiNzgzM2E5ZDQyZWI2NmQyOWRmYmYyZThmYjY4MTE0NjAzMTVjMTQ1MDc3ZDQ1NDBlNTBjNTZiY2NkIiwidGFnIjoiIn0%3D; expires=Sun, 12 Apr 2026 13:06:52 GMT; Max-Age=7200; path=/; samesite=lax
amphibee_session=eyJpdiI6IjVFMEltaW13Ulo5MEEwZmVzUmpPZXc9PSIsInZhbHVlIjoiM0V5MGxLbEQ2Z2dMa1NrdmpSbjhDSnZQUEtJcmhKN3daRmR1S3pOZDY0cVJoY2QyZGZyTXVNLzBwUkYwMTJIc2EvNzY5alVhMUFmNUhSZU9OcWxMcm5WU0E2ZXNrY2g0UVhtZUZTbmNDSHFVWXRTYjJxMjdpSEpUSFlrWlRmUTUiLCJtYWMiOiI2MzhmZGEzZWM3ZWE4MDhmZTA5ZTc5OTJjMGQ5Yzk4MzQ1ZmYyZjE5ZjFjZjdlYmExNjFjMGFkNGYyYTEyYzJkIiwidGFnIjoiIn0%3D; expires=Sun, 12 Apr 2026 13:06:52 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Clever-Cloud-Sticky-Id=lttqz6ymtiwgbdsfnzfoga; Path=/
content-type: text/html; charset=utf-8 
x-powered-by: Pollora 
cache-control: max-age=3600, must-revalidate, public 
server-timing: cfCacheStatus;desc="DYNAMIC", cfEdge;dur=12,cfOrigin;dur=553 
cf-cache-status: DYNAMIC 
speculation-rules: "/cdn-cgi/speculation" 
transfer-encoding: chunked 

Currently Testing

Peering information is being analyzed.

Currently Testing

Internet Exchange data is being collected.

JavaScript Analysis

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Exposed JavaScript Variables

1 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
url
 e 

Risk: Information disclosure via client-side exposure
 
Total: 1 exposed variables found

API Domain Analysis

2 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

cloudflareinsights.com

Reachable

HTTPS Enabled

Security Note:

External API domains should be validated for proper authentication and rate limiting

EXTERNAL_API_DOMAIN

github.com

Reachable

HTTPS Enabled

Security Note:

External API domains should be validated for proper authentication and rate limiting

JavaScript Resources

2 Files

JavaScript files loaded by the application

https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516

"https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516"

Security Recommendations

• Avoid exposing sensitive variables in client-side code
• Implement proper API authentication and rate limiting
• Use environment variables for sensitive configuration
• Regularly audit client-side code for information leaks
• Minimize the amount of sensitive data processed on the client side

Historical Scan Records (1)

Just a moment...

No description found

65/100

4 issues

2026-04-12, 1::5::40