asterpay.io
B · 70/100
19 passed
13 warnings
0 failed
audit-mnf1v2en
SSL / TLS
Valid HTTPS · 152ms
x402 discovery
/.well-known/x402.json found · v2 · 3 protocol(s) · 298ms
Agent discovery
/.well-known/agent.json — AsterPay · 182ms
llms.txt
Found (5086 chars) · 224ms
security.txt
Found · 151ms
CORS headers
origin: * (open — OK for public APIs) · 165ms
Security headers
2/5 — missing critical: strict-transport-security, content-security-policy · 164ms
Response time
109ms avg · 109ms
MCP server
/mcp/info responds · 181ms
API endpoints
3 endpoints found
Error handling
Returns 200 for unknown paths · 199ms
x402 compliance
No x402 payment gates found · 194ms
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 208ms
Documentation
/docs found · 328ms
robots.txt AI crawlers
6 AI crawlers configured: GPTBot, ClaudeBot, Anthropic, Google-Extended, PerplexityBot, Bytespider · 256ms
AI plugin manifest
/.well-known/ai-plugin.json not valid JSON · 219ms
OpenAPI spec
/openapi.json — Swagger 2.0, 69 paths · 675ms
Privacy / GDPR
/privacy found (6226 chars) · 321ms
Status / Health
/status found · 232ms
EU AI Act disclosure
/.well-known/model-card.json found (108054 chars) · 233ms
Travel Rule (FATF)
/.well-known/travel-rule.json found (non-JSON, 108054 chars) · 243ms
A2A Protocol (Google)
Agent Card — url, 3 skills, capabilities, v3.0.0, AELIRA LTD, auth: x402, streaming · 240ms
DNSSEC
No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records
No CAA records — any CA can issue certificates
DMARC / SPF
DMARC p=quarantine · SPF ~all (softfail)
Auth maturity
No authentication detected — open API or check failed
API versioning
/v1
Human oversight
/agent/stop — active (EU AI Act Art. 14) · 258ms
Terms of Service
/terms found (8091 chars) · 347ms
Content-Type
API paths return HTML: /v1/ returns HTML
Wallet trust
EVM 0x8004...a432 found but trust API unreachable
ERC-8004 on-chain
No EVM wallet found to verify on-chain registration
70
13 issues to fix
Warning — 13
Security headers needs attention
2/5 — missing critical: strict-transport-security, content-security-policy
Error handling needs attention
Returns 200 for unknown paths
x402 compliance needs attention
No x402 payment gates found
Rate limiting needs attention
No rate-limit headers (may still be rate-limited server-side)
AI plugin manifest needs attention
/.well-known/ai-plugin.json not valid JSON
Travel Rule (FATF) needs attention
/.well-known/travel-rule.json found (non-JSON, 108054 chars)
DNSSEC needs attention
No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records needs attention
No CAA records — any CA can issue certificates
DMARC / SPF needs attention
DMARC p=quarantine · SPF ~all (softfail)
Auth maturity needs attention
No authentication detected — open API or check failed
Content-Type needs attention
API paths return HTML: /v1/ returns HTML
Wallet trust needs attention
EVM 0x8004...a432 found but trust API unreachable
ERC-8004 on-chain needs attention
No EVM wallet found to verify on-chain registration
🎖️ Your API qualifies for the Probe trust badge
Footer seal
README badge
<a href="https://getprobe.xyz/report/audit-mnf1v2en" target="_blank" rel="noopener"><img src="https://getprobe.xyz/api/badge?domain=asterpay.io&style=seal" alt="Verified by Probe" width="120" height="140"></a>
[](https://getprobe.xyz/report/audit-mnf1v2en)
2026-03-31 20:08:45 UTC · getprobe.xyz