culimatch.com

HTML metadata

Technology

CDN

Cloudflare

jQuery

3.1.1 known XSS (<3.5)

Stack

PHP

Third-party hosts loaded (4)

• maxcdn.bootstrapcdn.com×2
• code.jquery.com×1
• kit.fontawesome.com×1
• www.google.com×1

Registration

Registrar

Hosting Concepts B.V. d/b/a Registrar.eu

Created

2011-10-02

Expires

2026-10-02 123 days left

Updated

2025-10-02

Name servers

• darl.ns.cloudflare.com
• nelly.ns.cloudflare.com

DNS records live

NS

• darl.ns.cloudflare.com
• nelly.ns.cloudflare.com

MX

• 1 mx.power2all.com

Verified for

• Google

Email authentication strong

SPF

v=spf1 a mx ip4:5.2.72.105/32 ip4:109.72.83.200/29 ip4:109.72.83.208/29 ip4:109.72.83.216/30 -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:dmarc@power2all.com; ruf=mailto:dmarc@power2all.com; fo=0; adkim=r; aspf=r; rf=afrf; sp=none

policy: reject (enforced) · sp=none

DKIM

• dkim: v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVP3Mam0E+nwWLuf0hRMp7J9DkliFSZgktp09IocklfMx5d3pIsB+17kO2rrM2FkDh6F…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.culimatch.com/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing Permissions Policy

Links to (3)

• 12flex.nl×1
• once.eu×1
• wa.me×1

Linked from (1)

• kookevenementen.nl×1