{"domain":"example.com","findings":[{"checkSlug":"spf","data":{"records":[]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.8.20","NIST SC-8"],"host":"example.com","recommendations":["Publish an SPF TXT record covering all senders"],"severity":"critical","severityReason":"No SPF record published — sender authentication absent","status":"ok","subdomain":""},{"checkSlug":"tls","data":{"notAfter":"2026-04-27T00:00:00Z"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.1","ISO 27001 A.8.24","NIST SC-8(1)"],"host":"example.com","recommendations":["Renew the TLS certificate immediately"],"severity":"critical","severityReason":"Certificate expired 14 days ago","status":"ok","subdomain":""},{"checkSlug":"ct_log","data":{"issuers":["E-Sign Sample CA"]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC7.2","ISO 27001 A.8.16","NIST SI-4"],"host":"example.com","recommendations":[],"severity":"high","severityReason":"Unexpected CT log entry from unfamiliar issuer","status":"ok","subdomain":""},{"checkSlug":"dkim","data":{"selectorsChecked":["default"]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.8.24","NIST SC-8"],"host":"example.com","recommendations":["Publish a DKIM key for the default selector"],"severity":"high","severityReason":"DKIM selector default not found","status":"ok","subdomain":""},{"checkSlug":"dmarc","data":{"policy":"none"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.5.14","NIST SC-8"],"host":"example.com","recommendations":["Tighten DMARC policy to quarantine then reject after monitoring"],"severity":"high","severityReason":"DMARC policy is p=none (monitor-only)","status":"ok","subdomain":""},{"checkSlug":"headers","data":{"hsts":null},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7(8)"],"host":"example.com","recommendations":["Add HSTS header with max-age >= 31536000"],"severity":"high","severityReason":"Strict-Transport-Security header missing","status":"ok","subdomain":""},{"checkSlug":"cors","data":{"reflects":true},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST AC-4"],"host":"example.com","recommendations":[],"severity":"medium","severityReason":"Access-Control-Allow-Origin reflects arbitrary origin","status":"ok","subdomain":""},{"checkSlug":"dnssec","data":{"ds":null},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.20","NIST SC-20"],"host":"example.com","recommendations":[],"severity":"medium","severityReason":"DNSSEC NS records exist but no DS record at parent zone","status":"ok","subdomain":""},{"checkSlug":"mta_sts","data":{"mode":"testing"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.8.24","NIST SC-8"],"host":"example.com","recommendations":[],"severity":"medium","severityReason":"MTA-STS policy mode is `testing`, not `enforce`","status":"ok","subdomain":""},{"checkSlug":"redirects","data":{"http":200,"https":200},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7"],"host":"example.com","recommendations":[],"severity":"medium","severityReason":"HTTP does not redirect to HTTPS","status":"ok","subdomain":""},{"checkSlug":"tlsrpt","data":{"rua":"mailto:tlsrpt@example.com"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC7.2","ISO 27001 A.8.16","NIST AU-6"],"host":"example.com","recommendations":[],"severity":"medium","severityReason":"TLSRPT record present but rua URI is unreachable","status":"ok","subdomain":""},{"checkSlug":"whois","data":{"expiresIn":28},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC2.3","ISO 27001 A.5.20","NIST PE-2"],"host":"example.com","recommendations":[],"severity":"medium","severityReason":"Registrant info is private but expiry in 28 days","status":"ok","subdomain":""},{"checkSlug":"dns","data":{"aaaa":[]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.20","NIST SC-20"],"host":"example.com","recommendations":[],"severity":"low","severityReason":"AAAA record absent (IPv6 unreachable)","status":"ok","subdomain":""},{"checkSlug":"dns","data":{"suspicious":["api=demo-***"]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.20","NIST SC-20"],"host":"example.com","recommendations":[],"severity":"low","severityReason":"TXT record contains plaintext API key fragment (case-insensitive 'api')","status":"ok","subdomain":""},{"checkSlug":"headers","data":{"csp":null},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7(8)"],"host":"example.com","recommendations":[],"severity":"low","severityReason":"Content-Security-Policy header missing","status":"ok","subdomain":""},{"checkSlug":"headers","data":{"xcto":null},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7(8)"],"host":"example.com","recommendations":[],"severity":"low","severityReason":"X-Content-Type-Options header missing","status":"ok","subdomain":""},{"checkSlug":"headers","data":{"referrerPolicy":null},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7(8)"],"host":"example.com","recommendations":[],"severity":"low","severityReason":"Referrer-Policy header missing","status":"ok","subdomain":""},{"checkSlug":"mx","data":{"backupPriority":5},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.8.21","NIST SC-8"],"host":"example.com","recommendations":[],"severity":"low","severityReason":"MX backup priority value is below 10 (non-standard)","status":"ok","subdomain":""},{"checkSlug":"redirects","data":{"protocol":"HTTP/1.1"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7"],"host":"example.com","recommendations":[],"severity":"low","severityReason":"Final redirect target uses HTTP/1.1 not HTTP/2","status":"ok","subdomain":""},{"checkSlug":"web-surface","data":{"sensitivePaths":["/admin"]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.9","NIST CM-7"],"host":"example.com","recommendations":[],"severity":"low","severityReason":"robots.txt exposes /admin path","status":"ok","subdomain":""},{"checkSlug":"cors","data":{"preflight":{"acao":"https://example.com"}},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST AC-4"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"ct_log","data":{"entries":8},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC7.2","ISO 27001 A.8.16","NIST SI-4"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"dkim","data":{"selectorsChecked":["default","google","mail"]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.8.24","NIST SC-8"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"dmarc","data":{"policy":"none","rua":"mailto:dmarc@example.com"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.5.14","NIST SC-8"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"dns","data":{"records":{"A":["93.184.216.34"],"NS":["a.iana-servers.net"]}},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.20","NIST SC-20"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"dns","data":{"records":{"A":["93.184.216.34"]}},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.20","NIST SC-20"],"host":"www.example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":"www.example.com"},{"checkSlug":"headers","data":{"hsts":"max-age=63072000; includeSubDomains; preload"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7(8)"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"headers","data":{"hsts":null},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7(8)"],"host":"www.example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":"www.example.com"},{"checkSlug":"mx","data":{"records":[]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.8.21","NIST SC-8"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"redirects","data":{"chain":["http://example.com","https://example.com/"]},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.23","NIST SC-7"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"spf","data":{"exists":true},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.7","ISO 27001 A.8.20","NIST SC-8"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"tls","data":{"issuer":"DigiCert TLS RSA SHA256 2020 CA1","notAfter":"2026-12-31T00:00:00Z"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.1","ISO 27001 A.8.24","NIST SC-8(1)"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"tls","data":{"issuer":"DigiCert TLS RSA SHA256 2020 CA1"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.1","ISO 27001 A.8.24","NIST SC-8(1)"],"host":"www.example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":"www.example.com"},{"checkSlug":"web-surface","data":{"robots":"User-agent: *\nDisallow: /admin\n"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC6.6","ISO 27001 A.8.9","NIST CM-7"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""},{"checkSlug":"whois","data":{"registrar":"ICANN Reserved"},"fetchedAt":"2026-05-11T12:00:00.000Z","frameworks":["SOC 2 CC2.3","ISO 27001 A.5.20","NIST PE-2"],"host":"example.com","recommendations":[],"severity":"info","severityReason":null,"status":"ok","subdomain":""}],"scanJobId":"sj_sample_v1","scannedAt":"2026-05-11T12:00:00.000Z","summary":{"bySeverity":{"critical":2,"high":4,"info":15,"low":8,"medium":6},"totalFindings":35,"totalHosts":2},"version":"1"}