finaspan.be

HTML metadata

Technology

Server

nginx

Stack

Laravel

Fonts

• Google Fonts

Third-party hosts loaded (4)

• shuttle-storage.s3.amazonaws.com×9
• fonts.googleapis.com×4
• shuttle-assets-new.s3.amazonaws.com×3
• kit.fontawesome.com×2

Contact

Phone

• 05896545723

DNS records live

NS

• ns1.european-server.eu
• ns3.european-server.com
• ns4.european-server.com

MX

• 10 d04.altospam.net
• 10 g51.altospam.com

TXT

• _m00f3ixm3j4om4mkwrftkuswvn55u05
• jt5fx65cc6xcq5k9d5hnlzvnmg5r15wr

Verified for

• Microsoft 365

Email authentication partial

SPF

v=spf1 mx a ip4:217.21.185.84 ip4:91.183.124.217 ip4:78.29.229.48/29 include:spf.protection.outlook.com include:spf.mandrillapp.com -all

strict (-all)

DMARC

v=DMARC1; p=none; rua=mailto:d4304bf83e21387@rep.dmarcanalyzer.com; ruf=mailto:d4304bf83e21387@for.dmarcanalyzer.com; fo=1;

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76aFs4kb+eoDG4BZGdHtvpY3pVzK7bh9RUzoaVSbEU/AAC70KBuZxakOdHyIdCBNPzn7sCQAha1l53…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.finaspan.be/en

present

• strict-transport-security
• content-security-policy
• x-content-type-options

findings

• CSP allows unsafe inline scripts/styles
• missing frame protection
• missing Referrer Policy
• missing Permissions Policy

Links to (1)

• cdesign.be×1

Linked from (1)

• aranya-fineer.nl×1