Vulnerability Scan Result
| Title: | Attention Required! | Cloudflare |
| Description: | No description found |
| IP address | 104.26.15.97 |
| Country | - |
| AS number | AS13335 |
| Net name | Cloudflare Inc |
| IP address | 172.67.75.153 |
| Country | - |
| AS number | AS13335 |
| Net name | Cloudflare Inc |
| IP address | 104.26.14.97 |
| Country | - |
| AS number | AS13335 |
| Net name | Cloudflare Inc |
80/tcp | http | Cloudflare http proxy |
443/tcp | https | cloudflare |
8080/tcp | http | Cloudflare http proxy |
8443/tcp | https-alt | cloudflare |
| Software / Version | Category |
|---|---|
| Google Ads | Advertising |
| Pinterest Ads | Advertising |
| Twitter Ads | Advertising |
| Linkedin Insight Tag | Analytics |
| Trustpilot | Reviews |
| cdnjs | CDN |
| Crisp Live Chat | Live chat |
| Magnific Popup 4.26.1 | JavaScript libraries |
| FitVids.JS 4.26.1 | Widgets, Video players |
| Font Awesome | Font scripts |
| web-vitals | JavaScript libraries, RUM |
| jQuery Migrate 3.4.1 | JavaScript libraries |
| core-js 3.35.1 | JavaScript libraries |
| Google Analytics | Analytics |
| Google Font API | Font scripts |
| jQuery 3.7.1 | JavaScript libraries |
| jQuery Mobile 4.26.1 | Mobile frameworks |
| jQuery UI 1.13.3 | JavaScript libraries |
| Lightbox | JavaScript libraries |
| Moment.js 2.30.1 | JavaScript libraries |
| MySQL | Databases |
| Open Graph | Miscellaneous |
| PhotoSwipe | Photo galleries, JavaScript libraries |
| PHP | Programming languages |
| React 18.3.1 | JavaScript frameworks |
| Easy Pie Chart | JavaScript libraries |
| Select2 | JavaScript libraries |
| Google Ads Conversion Tracking | Analytics |
| Twitter Emoji (Twemoji) | Font scripts |
| Webpack | Miscellaneous |
| Module Federation | Miscellaneous |
| Priority Hints | Performance |
| WooCommerce 9.4.2 | Ecommerce, WordPress plugins |
| WordPress 6.7.1 | CMS, Blogs |
| Cookie Control | Cookie compliance |
| Cloudflare | CDN |
| Cookiebot 1 | Cookie compliance |
| Divi | Page builders, WordPress themes, WordPress plugins |
| Google Tag Manager | Tag managers |
| Pinterest Conversion Tag | Analytics |
| HSTS | Security |
| RSS | Miscellaneous |
| Cart Functionality | Ecommerce |
| Yoast SEO 23.9 | SEO, WordPress plugins |
Web Application Vulnerabilities
Evidence
| URL | Evidence |
|---|---|
| https://realt.co/marketplace | Response does not include the HTTP Content-Security-Policy security header or meta tag |
Vulnerability description
We noticed that the target application lacks the Content-Security-Policy (CSP) header in its HTTP responses. The CSP header is a security measure that instructs web browsers to enforce specific security rules, effectively preventing the exploitation of Cross-Site Scripting (XSS) vulnerabilities.
Recommendation
Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the application.
Classification
| CWE | CWE-693 |
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Evidence
| Software / Version | Category |
|---|---|
| Google Ads | Advertising |
| Pinterest Ads | Advertising |
| Twitter Ads | Advertising |
| Linkedin Insight Tag | Analytics |
| Trustpilot | Reviews |
| cdnjs | CDN |
| Crisp Live Chat | Live chat |
| Magnific Popup 4.26.1 | JavaScript libraries |
| FitVids.JS 4.26.1 | Widgets, Video players |
| Font Awesome | Font scripts |
| web-vitals | JavaScript libraries, RUM |
| jQuery Migrate 3.4.1 | JavaScript libraries |
| core-js 3.35.1 | JavaScript libraries |
| Google Analytics | Analytics |
| Google Font API | Font scripts |
| jQuery 3.7.1 | JavaScript libraries |
| jQuery Mobile 4.26.1 | Mobile frameworks |
| jQuery UI 1.13.3 | JavaScript libraries |
| Lightbox | JavaScript libraries |
| Moment.js 2.30.1 | JavaScript libraries |
| MySQL | Databases |
| Open Graph | Miscellaneous |
| PhotoSwipe | Photo galleries, JavaScript libraries |
| PHP | Programming languages |
| React 18.3.1 | JavaScript frameworks |
| Easy Pie Chart | JavaScript libraries |
| Select2 | JavaScript libraries |
| Google Ads Conversion Tracking | Analytics |
| Twitter Emoji (Twemoji) | Font scripts |
| Webpack | Miscellaneous |
| Module Federation | Miscellaneous |
| Priority Hints | Performance |
| WooCommerce 9.4.2 | Ecommerce, WordPress plugins |
| WordPress 6.7.1 | CMS, Blogs |
| Cookie Control | Cookie compliance |
| Cloudflare | CDN |
| Cookiebot 1 | Cookie compliance |
| Divi | Page builders, WordPress themes, WordPress plugins |
| Google Tag Manager | Tag managers |
| Pinterest Conversion Tag | Analytics |
| HSTS | Security |
| RSS | Miscellaneous |
| Cart Functionality | Ecommerce |
| Yoast SEO 23.9 | SEO, WordPress plugins |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.
Classification
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Evidence
Vulnerability description
We found the robots.txt on the target server. This file instructs web crawlers what URLs and endpoints of the web application they can visit and crawl. Website administrators often misuse this file while attempting to hide some web pages from the users.
Recommendation
We recommend you to manually review the entries from robots.txt and remove the ones which lead to sensitive locations in the website (ex. administration panels, configuration files, etc).
Classification
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Vulnerability description
Website is accessible.
Evidence
Vulnerability description
We have noticed that the server is missing the security.txt file, which is considered a good practice for web security. It provides a standardized way for security researchers and the public to report security vulnerabilities or concerns by outlining the preferred method of contact and reporting procedures.
Recommendation
We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.
Classification
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Infrastructure Vulnerabilities
Evidence
| Domain Queried | DNS Record Type | Description | Value |
|---|---|---|---|
| realt.co | SPF | Sender Policy Framework | "v=spf1 include:mxsspf.sendpulse.com include:amazonses.com include:_spf.google.com ~all" |
Vulnerability description
We found that the Sender Policy Framework (SPF) record for the domain is configured with ~all (soft fail), which indicates that emails from unauthorized IP addresses are not explicitly denied. Instead, the recipient mail server is instructed to treat these messages with suspicion but may still accept them. This configuration may not provide enough protection against email spoofing and unauthorized email delivery, leaving the domain more vulnerable to impersonation attempts.
Recommendation
We recommend changing the SPF record's ~all (soft fail) directive to -all (hard fail). The -all setting tells recipient mail servers to reject emails from any IP addresses not listed in the SPF record, providing stronger protection against email spoofing. Ensure that all legitimate IP addresses and services that send emails on behalf of your domain are properly included in the SPF record before implementing this change.
Evidence
| Domain Queried | DNS Record Type | Description | Value |
|---|---|---|---|
| _dmarc.realt.co | TXT | Text record | "v=DMARC1; p=none; sp=none; rua=mailto:dmarc_aggregate_analyser+09dd1a9988ea3c3488d28b3d72bea066@zerobounce.net!5k; ruf=mailto:dmarc_forensics_analyser+09dd1a9988ea3c3488d28b3d72bea066@zerobounce.net!5k; rf=afrf; pct=100; ri=86400; fo=1;" |
Vulnerability description
We found that the target uses p=none in the DMARC policy. The DMARC policy set to p=none means that the domain owner is not taking any action on emails that fail DMARC validation. This configuration effectively disables enforcement, allowing potentially spoofed or fraudulent emails to be delivered without any additional scrutiny.
Recommendation
We recommend changing the DMARC policy to p=quarantine or, ideally, p=reject to actively block or quarantine emails that fail DMARC validation. This will enhance the security of your domain against spoofing and phishing attacks by ensuring that only legitimate emails are delivered.
Evidence
| Domain Queried | DNS Record Type | Description | Value |
|---|---|---|---|
| _dmarc.realt.co | TXT | Text record | "v=DMARC1; p=none; sp=none; rua=mailto:dmarc_aggregate_analyser+09dd1a9988ea3c3488d28b3d72bea066@zerobounce.net!5k; ruf=mailto:dmarc_forensics_analyser+09dd1a9988ea3c3488d28b3d72bea066@zerobounce.net!5k; rf=afrf; pct=100; ri=86400; fo=1;" |
Vulnerability description
We found that the DMARC record for the domain is configured with sp=none, meaning that no policy is enforced for subdomains. This allows subdomains to send emails without being subject to DMARC checks, making it easier for attackers to spoof emails from these subdomains. Subdomains are often overlooked in email security, and attackers can exploit this misconfiguration to launch phishing or spoofing attacks from seemingly legitimate subdomains of a protected domain.
Recommendation
To mitigate the risk, we recommend that the subdomain policy should be updated to sp=reject to ensure that any email failing DMARC checks from subdomains is automatically rejected. This will help prevent unauthorized emails from being sent from subdomains, reducing the risk of spoofing and phishing. Additionally, it's important to regularly monitor DMARC reports to track email activity from subdomains and adjust policies as needed to maintain consistent security across the entire domain.
Evidence
| DKIM selector | Key type | Key size | Value |
|---|---|---|---|
| rsa | 1296 | "k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z+FApQ6ra2VsXfbJP3HE6wAO0YTVEJt1TmeczhEd2Jiz/fcabIISgXEdSpTYJhb0ct0VJRxcg4c8c7wIDAQAB" |
Vulnerability description
We found that the DKIM record uses common selectors. The use of common DKIM selectors such as default, test, dkim, or mail may indicate a lack of proper customization or key management. Attackers often target domains using such selectors because they suggest that the domain is relying on default configurations, which could be less secure and easier to exploit. This can increase the risk of DKIM key exposure or misuse.
Recommendation
We recommend using unique, customized selectors for each DKIM key to make it more difficult for attackers to predict and target the domain's DKIM records. Regularly rotate selectors and associated keys to further strengthen the security of your domain's email authentication infrastructure.
Evidence
| Domain Queried | DNS Record Type | Description | Value |
|---|---|---|---|
| realt.co | A | IPv4 address | 104.26.15.97 |
| realt.co | A | IPv4 address | 172.67.75.153 |
| realt.co | A | IPv4 address | 104.26.14.97 |
| realt.co | NS | Name server | alexandra.ns.cloudflare.com |
| realt.co | NS | Name server | tosana.ns.cloudflare.com |
| realt.co | MX | Mail server | 1 aspmx.l.google.com |
| realt.co | MX | Mail server | 10 alt3.aspmx.l.google.com |
| realt.co | MX | Mail server | 10 alt4.aspmx.l.google.com |
| realt.co | MX | Mail server | 5 alt1.aspmx.l.google.com |
| realt.co | MX | Mail server | 5 alt2.aspmx.l.google.com |
| realt.co | SOA | Start of Authority | alexandra.ns.cloudflare.com. dns.cloudflare.com. 2362072216 10000 2400 604800 1800 |
| realt.co | AAAA | IPv6 address | 2606:4700:20::ac43:4b99 |
| realt.co | AAAA | IPv6 address | 2606:4700:20::681a:f61 |
| realt.co | AAAA | IPv6 address | 2606:4700:20::681a:e61 |
| realt.co | TXT | Text record | "3afea31c-3051-4be7-a817-f5a394f93a45=d7a785b0fb66d5017ae0df06a9818a9636451be86d58fbc55a2ea43b5460dfed" |
| realt.co | TXT | Text record | "558f7b35-3385-46e1-a998-d850011b7b3c=d7a785b0fb66d5017ae0df06a9818a9636451be86d58fbc55a2ea43b5460dfed" |
| realt.co | TXT | Text record | "brevo-code:76b16119435d1205353e1b45c0bf3b46" |
| realt.co | TXT | Text record | "facebook-domain-verification=a" |
| realt.co | TXT | Text record | "google-site-verification=1WIigJmJalXb-TvxQNJ9FXEgGtSikGbJSOiVg3YvNL4" |
| realt.co | TXT | Text record | "wallet-connect-dns-verification=d7a785b0fb66d5017ae0df06a9818a9636451be86d58fbc55a2ea43b5460dfed" |
| realt.co | SPF | Sender Policy Framework | "v=spf1 include:mxsspf.sendpulse.com include:amazonses.com include:_spf.google.com ~all" |
| _dmarc.realt.co | TXT | Text record | "v=DMARC1; p=none; sp=none; rua=mailto:dmarc_aggregate_analyser+09dd1a9988ea3c3488d28b3d72bea066@zerobounce.net!5k; ruf=mailto:dmarc_forensics_analyser+09dd1a9988ea3c3488d28b3d72bea066@zerobounce.net!5k; rf=afrf; pct=100; ri=86400; fo=1;" |
Recommendation
We recommend reviewing all DNS records associated with the domain and identifying and removing unused or obsolete records.
Vulnerability description
OS detection couldn't determine the operating system.
Evidence
| DKIM selector | Key type | Key size | Value |
|---|---|---|---|
| rsa | 1422 | "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dmxCCs0kFpvqO1PsDy3wh2wA0pS6qJpQfxR40ZAsgg/ytvFzVDg06xNy0EPIS8Dme+0ELQMuonFhw0kXBk8pepKLI014XKbPipsKpZt8q2Nndic9gr32UPWjzP6y84uYd0ajd2UaxMzFAW7+aTAdiJ9ZRNTdUGRlbgj4hJcGd4l18c22Ip1bfRPV5sXlzG+W" "WWNlh+8u+l86ejWGfA3H2deKUnZMEdRiHn9T5SE0FKCoCHuYJfwD+YqADEvyU6Dio1g09J+0+Sn6Y+5Jo9ClcHEzwf3f8XCXtaRyXbQRuzNI8pFrqM5wbT8OYA0B0pIEU4h2JsW1Jqch68LXxkunwIDAQAB" | |
| k2 | rsa | 1422 | "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA0b90ObWaLDc+i9MtTNmGeWO009hr20fIxhGg6XBT2kjZ1DTThopSe1nAndsupmcBwlQ5Q6LJ+ZAxLcujnPIxM0ZBLmgpkv8u6RfY4eFP8OLvdAW3oSu" "B0DyLDigQX4Sj8wBO4YIdQH6AAmBeOsidsKAFNFUCpc3vCxtBDR12U+cBg724l3sBkMQ8evnz6idnqxq9QAVYh8k4kJ+RP+6cqTdy7LjIm8xY/bQNpQIpGUAuDo2DjLcCDun9DAI4Q/3z+Q0o9QuQIDAQAB;" |
| k3 | rsa | 1422 | "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYGiMSn7fsUqSvfSX40x9R1OlRtbNiCY80lHRIlcKx3XDIR7257aUx+q9CSIARdfTL6KCuLGNFx5g9TgVr6png4ajcieSQGtOehBgxnkDN8aAA5TX0FmFrcefJU0JoxLOF09EKgXxhSSHCk/ekVb0PXSboHXoZ9+EI404F1qhcwXXIgHXTaUthHTut2P6BBZh" "IXIgvDe/w49GchR7MRJqjNb7neEBbYHbgWuBTvvHCg7Gy6m6n9krYK+ROWq3dVvXy9plAGK3ygM+HtjIiMt7arRGMOF0WgDTz7YdN9BGpt6BvXxLnjiQcgS5T9n+cIyPZgiWzDMXNlaEEdKTEKxrwIDAQAB;" |
| rsa | 1296 | "k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z+FApQ6ra2VsXfbJP3HE6wAO0YTVEJt1TmeczhEd2Jiz/fcabIISgXEdSpTYJhb0ct0VJRxcg4c8c7wIDAQAB" | |
| smtpapi | rsa | 1296 | "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76yojh54Xu3uSbQ3JP0A7k8o8GutRF8zbFUA8n0ZH2y0cIEjMliXY4W4LwPA7m4q0ObmvSjhd63O9d8z1XkUBwIDAQAB" |
Evidence
| Software / Version | Category |
|---|---|
| Cloudflare | CDN |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.
Evidence
| Software / Version | Category |
|---|---|
| Cloudflare | CDN |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.