indexo.dev

zencap-am.fr

.fr crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 2364 ms crawled 2026-05-19

FR · 185.96.104.22 · AS200783 Ofi Invest Asset Management SA

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Zencap Asset Management
Description
Zencap AM est l’un des pionniers européens du financement de l’économie réelle, spécialisé dans la dette non cotée d’entreprises et d’actifs small et mid-cap
Language
fr-FR

Technology

Server
Apache
Fonts
  • Google Fonts

Third-party hosts loaded (2)

  • fonts.googleapis.com×2
  • form.ofi-am.fr×1

Social

Contact

Address
rue Roquépine - 75008

Registration

Registrar
GANDI
Created
2011-04-21
Expires
2026-08-31 102 days left
Updated
2025-08-05
Name servers
  • ns-103-b.gandi.net
  • ns-200-a.gandi.net
  • ns-228-c.gandi.net

DNS records live

NS
  • ns-103-b.gandi.net
  • ns-200-a.gandi.net
  • ns-228-c.gandi.net
MX
  • 0 zencapam-fr01e.mail.protection.outlook.com
TXT
  • knowbe4-site-verification=90733019a0b6a7f388d4a90f4af39f14
  • s+CARPNW452iT5+1P6tPaFFmv6qB+suGxYS67BFZ/mYSAigXOqP7fJlnRwgUVYpuf7Fl/UC9bmIPTozkbY020g==
  • riot-domain-verification=29dbbef5cf2e1dc5f88660f53b538c0b55200481a7abb49aa3d96eb23920
Verified for
  • Atlassian
  • Google

Email authentication partial

SPF
v=spf1 mx include:ofi-am.fr ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:dmarc_reports@ofi-invest.com
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtW0+eF07G8Un+JO0JYDXYWJlcNG3zIsrwsHl+7KGlgVqEDlYUvyPeKuA2o+UNbYqz5zWZCvHN8elQt3+n1b…
selectors probed

Certificate (current)

GandiCert
from 2025-08-06 to 2026-09-07
Expires in 109 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://zencap-am.fr/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak content type protection
Header values
referrer-policy
strict-origin-when-cross-origin, no-referrer, strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
geolocation=(), microphone=()
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'none'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://www.google-analytics.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; frame-src *.ofi-am.fr https://www.youtube.com https://www.youtube-nocookie.com; manifest-src 'self' *.ofi-am.fr; connect-src 'self' https://*.google-analytics.com; form-action 'self' *.ofi-am.fr
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin

Links to (3)

Linked from (1)