ASAAnti-Scam Arsenal

WiFi & network security check

Browser-side checks of your current connection. We can verify HTTPS, HTTP protocol version, WebRTC IP leak status, and your apparent ISP / location. Some checks (true DNS leak test, port scanning) need server-side or external tools — linked below.

Tests run automatically when this page loads. All checks happen in your browser; the only outbound call is to ipinfo.io for your apparent IP. We can't see your WiFi network name, encryption type, or DNS provider — the browser doesn't expose them.

Connection security score

0 / 100

0 / 0 checks passed

HTTPS connection

HTTP version

WebRTC IP leak

Running…

Public-IP lookup

Running…

Your network — what we can see

Public IP

ISP / org

Apparent location

Reverse DNS

HTTP protocol (this page)

Connection class

(not exposed)

If you're on public WiFi

We can't detect WiFi network details from a browser. If you're on a public network — café, hotel, airport — assume it's hostile until proven otherwise:

  • Don't access banking, email, or sensitive accounts without a VPN.
  • • Avoid logging into anything with a long-lived session token (avoid "Stay signed in").
  • • Watch for the captive-portal page: scammers sometimes set up rogue hotspots with names like "Free_Airport_WiFi" or imitating the real network. Confirm with venue staff.
  • • Be suspicious of certificate warnings — on a hostile network, those are exploitation attempts, not glitches. Never click through.

External tools we recommend

For things browsers can't do safely or accurately.

  • DNS Leak Test

    Reveals which DNS resolver(s) your traffic actually uses. Browsers can't do this — needs the test site's controlled DNS infrastructure.

  • Browserleaks

    Battery of leak tests: WebRTC, DNS, fonts, audio fingerprint, geolocation, etc. Run after enabling any privacy tool to confirm it works.

  • GRC ShieldsUp!

    Free port-scan from outside your network — shows which ports are exposed to the internet from your router.

  • SSL Labs

    Inspects TLS configuration of any HTTPS site you put in. Useful for checking your own services.

  • Cloudflare Speed Test

    Speed and latency, plus shows which Cloudflare data center you hit (useful for VPN sanity-checks).

Network safety tips

Most home-network compromises happen because of defaults — not advanced attacks.

Router hardening

  • Change the default admin password — every router model's default is in public databases.
  • Use WPA3 if your router supports it; otherwise WPA2-AES. Never WEP — it can be cracked in minutes.
  • Disable WPS (the push-button pairing). The PIN exchange has a known weakness.
  • Disable remote administration ("Manage from internet"). 99% of home users never need this.
  • Update firmware regularly. Most modern routers can auto-update — turn it on.
  • Review the connected-devices list every few months. Anything you don't recognize, kick.

DNS recommendations

  • Cloudflare 1.1.1.1 / 1.0.0.1 — fast, no logging, no ads.
  • Google 8.8.8.8 / 8.8.4.4 — reliable but Google sees your queries.
  • Quad9 9.9.9.9 — blocks malicious domains by default; slightly slower.
  • For households with kids, see /tools/child-safety for the family-filtered DNS variants.

Connection habits

  • Use a reputable VPN on public WiFi (Mullvad, Proton VPN, IVPN — paid; tighter privacy than free options).
  • Enable HTTPS-Only mode in your browser (Firefox: Settings → Privacy → HTTPS-Only Mode; Chrome: Settings → Privacy → Always use secure connections).
  • Use a password manager so each site has a unique password — public WiFi attackers usually only get one.
  • Disable file/printer sharing when on networks you don't trust.

Browser sandboxing is intentional — most of what a network admin wants to inspect (TLS cipher, DNS resolver, WiFi encryption type, open ports) is hidden from web pages. The external-tool links below run on infrastructure that can see those things.