laventanadelarte.es

HTML metadata

Technology

Server

Apache

jQuery

1.4.2 known XSS (<3.5)

Stack

PHP

Social widgets

• YouTube Embed

Third-party hosts loaded (5)

• gtranslate.net×9
• ajax.googleapis.com×1
• translate.google.com×1
• www.google.com×1
• www.youtube.com×1

Social

• facebook
• twitter
• instagram

DNS records live

NS

• ns1.cdmon.net
• ns2.cdmon.net
• ns3.cdmon.net
• ns4.cdmondns-01.org
• ns5.cdmondns-01.com

MX

• 10 mail.laventanadelarte.es

TXT

• DgNVDvJq8KaZQhuKZvX58iGab5OifjAUIaxO5v875i8
• 5TKgPMYIXr4zT2H6nJYJ5Sh1wN5mh_prn5e3dq3220M
• v=spf2.0/pra ip4:46.16.60.0/23 ip4:46.16.60.177 ip4:134.0.10.118 a:cdmon.com include:srv.cat include:laventanadelarte.ip-zone.com a mx -all

Email authentication partial

SPF

v=spf1 include:spf.ipzmarketing.com ip4:46.16.60.0/23 ip4:46.16.60.177 ip4:134.0.10.118 a:cdmon.com include:srv.cat a mx -all

strict (-all)

DMARC

v=DMARC1;p=none;

policy: none (monitoring only)

DKIM

• dkim: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSAHkvh8dRCsiMTud+hfC+MX2MgmO8PQHHcGxoim7mI+FhgOiOS5WgBUpZsZ60M2eLhBbJkMFLjC1OS0xDf9suh+Tl4tV…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.laventanadelarte.es/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (11)

• dibujosporsonrisas.org×3
• facebook.com×3
• flg.es×3
• instagram.com×3
• lacasaencendida.es×3
• mecd.gob.es×3
• montsequi.com×3
• museowurth.es×3
• promociondelarte.com×3
• tesla-coin.tech×3
• twitter.com×3

Linked from (2)

• caldonjuan.com×3
• dibujosporsonrisas.org×2