medicalsport.pl

HTML metadata

Technology

Server

Apache

CMS

WordPress

jQuery

1.11.3 known XSS (<3.5)

Analytics

• Google Tag Manager

Fonts

• Adobe Fonts
• Google Fonts

Third-party hosts loaded (5)

• ajax.googleapis.com×2
• fonts.googleapis.com×2
• www.google.com×2
• use.typekit.net×1
• www.googletagmanager.com×1

Social

• instagram
• facebook

Contact

Phone

• 815251414

DNS records live

NS

• ns.lh.pl
• ns2.lighthosting.net

MX

• 1 aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

Verified for

• Google

Email authentication partial

SPF

v=spf1 include:_spf.mlsend.com include:_spf.emaillabs.net.pl include:_spf.google.com include:_spf.lh.pl ~all

softfail (~all)

DMARC

v=DMARC1; p=none; aspf=r; adkim=r

policy: none (monitoring only)

DKIM

• google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEd7HpPN9CwpgR1AEwNFn/5oU5CnwKGLIiu92RmZ+oFWedhCYZm6wCfmIEYLRvdDedUUv28y1fhZzQ…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://medicalsport.pl/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (16)

• vanguardngr.com×1
• sportmed24.pl×1
• slotyonlinepolska.com×1
• slottica.com.pl×1
• slotsjudge-pl.com×1
• rehaakademia.pl×1
• polscekasyno.pl×1
• pinup-306.com×1
• normatec.pl×1
• niger-gouv.org×1
• mostbet-309.net×1
• kinesio.com.pl×1
• instagram.com×1
• hyperice.com.pl×1
• facebook.com×1
• cepsports.pl×1

Linked from (1)

• polmed.org.pl×1