laeng.ch

HTML metadata

Technology

jQuery

2.2.4 known XSS (<3.5)

Fonts

• Google Fonts

Third-party hosts loaded (3)

• ajax.googleapis.com×1
• fonts.googleapis.com×1
• maps.googleapis.com×1

Social

• facebook

Contact

Phone

• 0041344474455

DNS records live

NS

• ns1.cyon.ch
• ns2.cyon.ch

MX

• 0 laeng-ch.mail.protection.outlook.com

TXT

• MS=0E12FB4EA7E062DCE22A2B04047D5016E386E935

Verified for

• Microsoft 365

Email authentication weak

SPF

v=spf1 ip4:213.221.210.246 include:spf.tmes.trendmicro.com include:spf.protection.outlook.com -all

strict (-all)

DMARC

not published

DKIM

• default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HAgnosdfRZSm/Sd5B8z2bzCsvFoR20TCgLKamCjghsY/zuSVOSSLZUkiBJktVwO2DpgGm4vDUgXbJ…
• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9h/WXxRxj19rbusoz7YwWN3FlukvdvaBjhu3LKC4HIp3ReIcm/RoD+bxSxJ3nrmeEF0o4y0c1j73X…
• selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonyuFD7mo3kPCQhYC0zKcZlp+frytglztwqwW/BnccFa8G5TaeLYoh7RjpgTCIVsz+rggumoPLRNkF…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://laeng.ch/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (25)

• zurflueh.ch×1
• wesco.ch×1
• vzug.ch×1
• siemens.ch×1
• minergie.ch×1
• miele.ch×1
• kwc.ch×1
• kiener-haustechnik.ch×1
• google.com×1
• gaggenau.ch×1
• fritzenfluh.ch×1
• franke.ch×1
• fors.ch×1
• fischer-ersigen.ch×1
• facebook.com×1
• electrolux.ch×1
• eisinger.ch×1
• d-baumberger.ch×1
• cafefischer.ch×1
• bosch.ch×1
• blaeuenstein.ch×1
• bill-traumbad.ch×1
• bauknecht.ch×1
• astb.ch×1
• arwa.ch×1

Linked from (1)

• localnet-arena.ch×1