upa.it

HTML metadata

Technology

Server

Microsoft-IIS

CMS

Gatsby

jQuery

3.3.1 known XSS (<3.5)

Stack

ASP.NET

Third-party hosts loaded (2)

• ajax.googleapis.com×1
• cdn.speakup.ai×1

Social

• linkedin
• youtube
• instagram

Contact

Phone

• +39 02 58303741
• 80050350158

DNS records live

NS

• ns1-04.azure-dns.com
• ns2-04.azure-dns.net
• ns3-04.azure-dns.org
• ns4-04.azure-dns.info

MX

• 0 upa-it.mail.protection.outlook.com

TXT

Show 14 TXT records

• 2vb96pp7jc04x3x8znxqzy568qr50rhs
• r3690g9323s9b82fw8h3nh1vs84rjltb
• 36yc3yh918zm6w21dqxfgd6dpx76hbsy
• jdbwv0vrptqbr27pkt3mjr5b8420dr15
• 6k46x1k2g4n9klgpmklnfkvs5yxv70f5
• ds4mxlm8s2nc5cxkw65470fbp3mk2ldb
• _gp2gz7lk6f8ko6lebrrqjxat16mdrg5
• _fh32l3f5fze5kamxbcgnwvxwhfa8fpa
• _ud46bd33s7e1rekxa7o66st4pckjrn8
• _sk0veak5m9ixcv77a7amraj2fvlvmsf
• _r0ngb34amm8z50npi2r4hzg62b0d8kn
• _g545lbcj8awo3gok2lqq3vcvj41tckk
• _b7q1tq3b8p09f5worpewexjwg0u4sg8
• jjsjps4z6fb8bxrygkp89dd1bhggg7wb

Verified for

• Google
• Microsoft 365

Email authentication strong

SPF

v=spf1 include:spf.protection.outlook.com include:spf.engitel.com mx -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; pct=100; adkim=r; aspf=r

policy: quarantine

DKIM

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMCwmxACQ+bU7wzza2gYvTk4Rwot6oAimBcIYGUIKw/PXAG0EGObMZV4Gqfvfp3GOw75sdNQTgJIDNYtEsyW…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.upa.it/en/index.html

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (6)

• youtube.com×1
• youtu.be×1
• tableau.com×1
• polimi.it×1
• linkedin.com×1
• instagram.com×1

Linked from (2)

• osservatoriobe.com×1
• audioutdoor.it×1