artbonus.gov.it

HTML metadata

Technology

Server

Apache

jQuery

1.11 known XSS (<3.5)

Stack

PHP

Cookie consent

• Cookiebot

Fonts

• Google Fonts

Third-party hosts loaded (2)

• fonts.googleapis.com×2
• consent.cookiebot.com×1

Social

• facebook
• twitter
• youtube
• instagram
• linkedin

Contact

Email

• info@artbonus.gov.it
• assistenzatecnica@artbonus.gov.it

DNS records live

NS

• ns1.p03.dynect.net
• ns2.p03.dynect.net
• ns3.p03.dynect.net
• ns4.p03.dynect.net

MX

• 10 d337540.a.ess.de.barracudanetworks.com
• 20 d337540.b.ess.de.barracudanetworks.com

TXT

• BPL=1400214

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:musvc.com include:_spf.ietnetworks.com include:spf.ess.de.barracudanetworks.com -all

strict (-all)

DMARC

v=DMARC1; p=none; fo=1; rua=mailto:rua+artbonus.gov.it@dmarc.barracudanetworks.com; ruf=mailto:ruf+artbonus.gov.it@dmarc.barracudanetworks.com

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshskLN9yxShCyN0riTVyUC1w//kOMRQK3JbRzU/AKbN6FErTkY0UbT0xwbZ9OgVkMC2F7V9lxnMqLu…
• selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdv9w5cBRAa/DTXRZae5tn+m4bTmxIHM61iZeUYsABrBg3jCYaVVfCYd7+kdrjEHq8Crcbgjc9AU4N…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://artbonus.gov.it/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (7)

• ales-spa.com×1
• beniculturali.it×1
• facebook.com×1
• instagram.com×1
• linkedin.com×1
• twitter.com×1
• youtube.com×1

Linked from (1)

• areasismica.it×1