collegiosancarlo.it

HTML metadata

Technology

Server

Apache

CMS

WordPress

jQuery

3.4.1 known XSS (<3.5)

Fonts

• Google Fonts

Third-party hosts loaded (5)

• cdn.jsdelivr.net×3
• code.jquery.com×2
• fonts.googleapis.com×2
• stackpath.bootstrapcdn.com×2
• gmpg.org×1

Social

• facebook
• linkedin

Contact

Phone

• 01867110155

DNS records live

NS

• ns1.dvloop.it
• ns2.dvloop.it

MX

• 10 collegiosancarlo-it.mail.protection.outlook.com

TXT

Show 4 TXT records

• z0d7cfd3ygjt5wpn4fh6975gmp1n4j6m
• reftab-domain-verification=e3fc06829d7c6428ce61ed078510b04e
• tsSymsYbbMzfvUcalWjSPcWKTrgAMEhzLmKgFPNoY7a5KEduSEHTV2uWEDwaWyRkgwSZADfyj4gx3ZPKpj68MA==
• waVmabJgS9SGWq9fWdzSDrY6na/IPPHhZ5pluDx/Yvw=

Verified for

• Apple
• Brevo
• Microsoft 365

Email authentication partial

SPF

v=spf1 ip4:86.107.33.22 +a +mx +ip4:86.107.36.17 +ip4:86.107.36.35 +include:spf.protection.outlook.com +include:mail.zendesk.com +include:spf.sendinblue.com -all

strict (-all)

DMARC

v=DMARC1; p=none; sp=none; rua=mailto:dmarc@mailinblue.com!10m; ruf=mailto:dmarc@mailinblue.com!10m; rf=afrf; pct=100; ri=86400

policy: none (monitoring only) · sp=none

DKIM

Show 5 DKIM selectors

• default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pseFpdnT12Gem6fkVAQ4Bw+bttLf2xf6Ca6ZL6e5P2e/MgP/PGBVN0uLjdpzSa+lIe9WhQyLhDqVm…
• selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHobIekir9D/smKeNXuxMH31PeVMN7UX6yBCxE+XoiNrhnZNwdrxROhC06VkyOpyd1iX3XnCW//c1v/r++CB…
• mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriVpVwQVedpi1Bwo7rA46Vsp31mDZ7pDqmKb66/ikgvuC//M6VVcVJoG//5/3uQncxHEWxTmgWy7pdR0qR…
• s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXBc3DdE7VuwKKK9y7eQgf9OMnBMLvZ1TLkaEOuOOErZwHjFzVt+dqjzimKNNbHbcq7KSPAO6bmWryJxSr/AKXfg…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.collegiosancarlo.it/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (2)

• linkedin.com×1
• facebook.com×1

Linked from (1)

• cyberhighschools.it×1