pacoon.de

HTML metadata

Technology

Server

Apache

Social

• linkedin
• facebook
• instagram

Contact

Phone

• 89 890 45 75-0
• 40 368 81 48-20
• +49 40 368 81 48 80

Registration

Updated

2018-06-08

Name servers

• ns3.dns.space.net.
• ns4.dns.space.net.
• ns.space.net.

DNS records live

NS

• ns.space.net
• ns3.dns.space.net
• ns4.dns.space.net

MX

• 100 pacoon-de.mail.protection.outlook.com

Verified for

• Apple
• Brevo
• Google
• Microsoft 365

Email authentication partial

SPF

v=spf1 a mx ip4:212.114.227.232 include:spf.protection.outlook.com include:ispgateway.de ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIZjynSDo6fpPva0Cnlwa4FMtTnnqCOV3anBCSqpssRp0DZNWn3ofWscRcofYCprbbVLD9XEKUb+VQ…
• selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwniJXWLGW7LeuzHbv/LyU+m/A36YzVXJv6Z9fmvjYZCHfmVnhsIv6yJ5i98VVCTxApKNIMJ+GhK73U…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.pacoon.de/

present

• strict-transport-security
• content-security-policy
• x-content-type-options
• referrer-policy
• permissions-policy

findings

• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing frame protection
• weak content type protection

Links to (4)

• facebook.com×3
• instagram.com×3
• linkedin.com×3
• xing.com×3

Linked from (1)

• ppwrcheck.com×3