neec-audio.de

HTML metadata

Technology

Server

nginx

jQuery

2.2.4 known XSS (<3.5)

Analytics

• Google Tag Manager

Third-party hosts loaded (6)

• le-cdn.website-editor.net×27
• cdn.website-editor.net×6
• static-cdn.website-editor.net×4
• ms-cdn.website-editor.net×1
• px.ads.linkedin.com×1
• www.googletagmanager.com×1

Social

• facebook
• twitter
• instagram
• youtube
• linkedin

Contact

Email

• tonne@neec-audio.de

Registration

Updated

2018-06-04

Name servers

• ns1016.ui-dns.org.
• ns1026.ui-dns.biz.
• ns1087.ui-dns.de.
• ns1105.ui-dns.com.

DNS records live

NS

• ns1016.ui-dns.org
• ns1026.ui-dns.biz
• ns1087.ui-dns.de
• ns1105.ui-dns.com

MX

• 0 neecaudio-de01b.mail.protection.outlook.com

Verified for

• Google

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.de include:spf.protection.outlook.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.neec-audio.de/

present

• strict-transport-security
• content-security-policy
• x-content-type-options

findings

• CSP uses wildcard sources
• missing frame protection
• missing Referrer Policy
• missing Permissions Policy

Links to (8)

• youtube.com×1
• wa.me×1
• voidacoustics.com×1
• twitter.com×1
• linkedin.com×1
• instagram.com×1
• facebook.com×1
• ecler.com×1

Linked from (1)

• elektrotechnik-ahrends.de×1