DNS & HTTP Analysis for firstgroup.com

Details
Category: Tool Processing Reports

Processing Domain firstgroup.com on 21/09/2022 00:11:56


  • This tool is available free to use at GENSupport
  • Help and Support for your DNS or HTTP issues available on our Forum
  • Whenever you see a clicking on it will take you to more help
  • The version of the data model that was used in this report is 1.008
  • The version that produced this report is 1.023b

Processing DNS Records

Basic Checks

Here we check the basic functioning and security of your DNS

  • Zone Queries 5 Record Types and 21 Records Found
  • Zone Transfer Failed
  • Zone Dump
    • TXT
      • _dmarc.firstgroup.com. TTL 3600 "v=DMARC1; p=none; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; fo=1"
      • firstgroup.com. TTL 3600 "F23TgLezKg61IxFeKSHiefmiQjG1rvn1k5E3vDt3/6fb58IdKUSTN6T5gDVDHO/bUqEF/iUQhgsFe2/jq0N+BQ=="
      • firstgroup.com. TTL 3600 "MS=ms91331169"
      • firstgroup.com. TTL 3600 "apple-domain-verification=9nCo1wKR3uKeepdu"
      • firstgroup.com. TTL 3600 "apple-domain-verification=K38y54GlHIEoOzyS"
      • firstgroup.com. TTL 3600 "docusign=1aba22ef-fd07-42f2-8e9f-8fdceedc2d4f"
      • firstgroup.com. TTL 3600 "docusign=91a08041-5b54-4965-a057-808cd736cacb"
      • firstgroup.com. TTL 3600 "dsqglgjstttbnq3c4myr220b9rswv152"
      • firstgroup.com. TTL 3600 "google-site-verification=aJtMoLR7ajwCBPNZoNAGOathYHua2OOrIg-MhhGDXkk"
      • firstgroup.com. TTL 3600 "nintex.5aa24ac1815d15453b08a1d6"
      • firstgroup.com. TTL 3600 "onetrust-domain-verification=15caeb4a49ea43fc88562e7b04a18a4b"
      • firstgroup.com. TTL 3600 "pardot_42692_*=ea9f011c5bd4a9e011c379e44d0b25ba5f4bf3b14b99d3f713b87e9f1b85a74f "
      • firstgroup.com. TTL 3600 "rmz1HCqrVtflB3uxvu9JvNx77C8i/93BrXUsKVc6qxk3L3Y/hZpeM4tzSZqk0pxRNQ3yU8qIwPIVbKeMBntSFA=="
      • firstgroup.com. TTL 3600 "v=spf1 ip4:216.143.12.211 ip4:81.130.233.206 ip4:217.35.70.33 ip4:193.240.183.247 ip4:208.117.55.133 include:us._netblocks.mimecast.com include:spf.protection.outlook.com include:eu._netblocks.mimecast.com include:email-od.com -all"
      • firstgroup.com. TTL 3600 "ypx097q5dksdz5vn2b2lp37pxk6n44jx"
    • NS
      • firstgroup.com. TTL 21600 udns1.cscdns.net.
      • firstgroup.com. TTL 21600 udns2.cscdns.uk.
    • SOA
      • firstgroup.com. TTL 21600 udns1.cscdns.net. premiumdns.support.neustar. 2019103145 10800 1800 3600000 21600
    • MX
      • firstgroup.com. TTL 300 50 us-smtp-inbound-1.mimecast.com.
      • firstgroup.com. TTL 300 50 us-smtp-inbound-2.mimecast.com.
    • CNAME
      • www.firstgroup.com. TTL 3600 firstgroup-web.eu-west-1.elasticbeanstalk.com.

Nameservers

Here we check the setup of your nameservers. All nameservers on your domain should be listed in the zone and returned in an ANY query along with corresponding A and/or AAAA records resolving their address.

  • udns1.cscdns.net 204.74.66.1 Found and Match. (Missing from Zone Address Records )
  • udns2.cscdns.uk 204.74.111.1 Found and Match. (Missing from Zone Address Records )
  • All Name Servers on Different Subnets

Processing 15 TXT Records

DMARC Record:

The DMARC Record defines how MTA's should response when parsing DKIM and SPF records

  • v=dmarc1 (The Version of this record)
  • p=none (The Policy to implement on FAIL)
  • rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. (Reporting URI of aggregate reports)
  • ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. (Reporting URI for forensic reports)
  • fo=1 (Dictates what type of authentication/alignment vulnerabilities are reported)

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • f23tglezkg61ixfekshiefmiqjg1rvn1k5e3vdt3/6fb58idkustn6t5gdvdho/buqef/iuqhgsfe2/jq0n+bq==

Microsoft Office 365 Verification Record

This record is used to identify this domain as an Office 365 domain

  • ms=ms91331169

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • apple-domain-verification=9nco1wkr3ukeepdu

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • apple-domain-verification=k38y54glhieoozys

Docusign Record

Docusign is a company offering document signing services but since a data breach and other security concerns this is rarely used today and you should consider removing it

  • docusign=1aba22ef-fd07-42f2-8e9f-8fdceedc2d4f

Docusign Record

Docusign is a company offering document signing services but since a data breach and other security concerns this is rarely used today and you should consider removing it

  • docusign=91a08041-5b54-4965-a057-808cd736cacb

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • dsqglgjstttbnq3c4myr220b9rswv152

Google Domain Verification Record

This record is used by Google to validate domain ownership when setting up Google Analytics etc

  • google-site-verification=ajtmolr7ajwcbpnzonagoathyhua2oorig-mhhgdxkk

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • nintex.5aa24ac1815d15453b08a1d6

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • onetrust-domain-verification=15caeb4a49ea43fc88562e7b04a18a4b

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • pardot_42692_*=ea9f011c5bd4a9e011c379e44d0b25ba5f4bf3b14b99d3f713b87e9f1b85a74f

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • rmz1hcqrvtflb3uxvu9jvnx77c8i/93brxuskvc6qxk3l3y/hzpem4tzszqk0pxrnq3yu8qiwpivbkembntsfa==

SPF Record:

The SPF Record defines which IP addresses are permitted to send email on this domain's behalf

  • v=spf1 (The SPF Format Version Number)
  • ip4:216.143.12.211 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:81.130.233.206 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:217.35.70.33 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:193.240.183.247 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:208.117.55.133 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • include:us._netblocks.mimecast.com (An Include - Additional look-ups required, some server's won't bother.)
  • include:spf.protection.outlook.com (An Include - Additional look-ups required, some server's won't bother.)
  • include:eu._netblocks.mimecast.com (An Include - Additional look-ups required, some server's won't bother.)
  • include:email-od.com (An Include - Additional look-ups required, some server's won't bother.)
  • -all (Permit ONLY the hosts listed)

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • ypx097q5dksdz5vn2b2lp37pxk6n44jx

Processing 2 MX (Mail Exchanger) Records

These Records determine the servers (mail servers) responsible for handling your incomming email. Each service is given a priority and they will be used in that order. If all the priorities are the same then they will be used in a round-robin fashion

  • Priority 50 handled by host us-smtp-inbound-1.mimecast.com. [205.139.110.141] Valid
    • Email Handled Third Party
    • Port 25 (smtp) : Open
  • Priority 50 handled by host us-smtp-inbound-2.mimecast.com. [207.211.30.221] Valid
    • Email Handled Third Party
    • Port 25 (smtp) : Open

Processing 1 CNAME (Alias) Records

These records are aliases making one hostname relate to another. These are often used to match hosts back to clusters or internal referencs that may change.

  • www.firstgroup.com. firstgroup-web.eu-west-1.elasticbeanstalk.com.

Processing 0 A (IPv4 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain. The www record is the most common one and will be used to identify your website address

  • There were no A Records in the zone and there should be

Processing AAAA (IPv6 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain

    Processing Domain Public Records

    • We have been unable to find the website IP from the zone
    • Performed an additional out-of-zone lookup to find website host [54.77.174.218]

      • Domain Name WHOIS Information - firstgroup.com

      • Domain Name FIRSTGROUP.COM
      • Registry Domain ID 3731403_DOMAIN_COM-VRSN
      • Registrar WHOIS Server whois.corporatedomains.com
      • Registrar URL: http://cscdbs.com
      • Updated Date: 2021-11-29T06:04:29Z
      • Creation Date: 1996-12-03T05:00:00Z
      • Registry Expiry Date: 2022-12-03T05:00:00Z
      • Registrar CSC Corporate Domains, Inc.
      • Registrar IANA ID 299
      • Registrar Abuse Contact Email This email address is being protected from spambots. You need JavaScript enabled to view it.
      • Registrar Abuse Contact Phone 8887802723
      • Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
      • Name Server UDNS1.CSCDNS.NET
      • Name Server UDNS2.CSCDNS.UK
      • DNSSEC unsigned
      • URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

      Website Hosting WHOIS Information - 54.77.174.218

      • NetRange 54.64.0.0 - 54.95.255.255
      • CIDR 54.64.0.0/11
      • NetHandle NET-54-64-0-0-1
      • Parent NET54 (NET-54-0-0-0-0)
      • NetType Direct Allocation
      • OriginAS
      • Organization Amazon Technologies Inc. (AT-88-Z)
      • RegDate 2014-06-20
      • Updated 2021-02-10
      • Ref: https://rdap.arin.net/registry/ip/54.64.0.0
      • OrgName Amazon Technologies Inc.
      • OrgId AT-88-Z
      • Address 410 Terry Ave N.
      • City Seattle
      • StateProv WA
      • PostalCode 98109
      • Country US
      • RegDate 2011-12-08
      • Updated 2021-07-28
      • Ref: https://rdap.arin.net/registry/entity/AT-88-Z
      • OrgRoutingHandle ARMP-ARIN
      • OrgRoutingName AWS RPKI Management POC
      • OrgRoutingPhone +1-206-266-4064
      • OrgRoutingEmail aws-rpki-routing-poc@amazon.com
      • OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
      • OrgRoutingHandle IPROU3-ARIN
      • OrgRoutingName IP Routing
      • OrgRoutingPhone +1-206-555-0000
      • OrgRoutingEmail aws-routing-poc@amazon.com
      • OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
      • OrgAbuseHandle AEA8-ARIN
      • OrgAbuseName Amazon EC2 Abuse
      • OrgAbusePhone +1-206-555-0000
      • OrgAbuseEmail abuse@amazonaws.com
      • OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
      • OrgNOCHandle AANO1-ARIN
      • OrgNOCName Amazon AWS Network Operations
      • OrgNOCPhone +1-206-555-0000
      • OrgNOCEmail amzn-noc-contact@amazon.com
      • OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
      • OrgTechHandle ANO24-ARIN
      • OrgTechName Amazon EC2 Network Operations
      • OrgTechPhone +1-206-555-0000
      • OrgTechEmail amzn-noc-contact@amazon.com
      • OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN

    Processing Website

      Website Headers for www.firstgroup.com

      We will obtain the headers from your website and parse them for validity

      • Web Server is Apache
      • Server header does not contain version information
      • Request Response HTTP/1.1 301 Moved Permanently Moved Permanently
      • SSL is not available
      • There was a redirect to https://firstbus.co.uk:443/
      • There was a SECOND redirect https://www.firstbus.co.uk/

        • General

        • allow Valid methods for a specified resource after a 405 : Missing
        • location For Redirects specifies the target [https://www.firstbus.co.uk/]
        • connection Control options for the current connection [keep-alive]
        • x-powered-by Specifies Technology in use - Security Risk : Missing
        • x-aspnet-version Specifies the ASP.net version - Security Risk : Missing
        • accept-ranges To advertise its support of partial requests : Missing
        • link Used to express typed relationship with another resource : Missing
        • upgrade HTTP/2 (The latest and faster version of HTTP is available : Missing

        Security

        • referrer-policy Modifies the algorithm used to populate the Referer Header [no-referrer-when-downgrade]
        • x-xss-protection Prevents pages loading when XSS is detected [1; mode=block]
        • feature-policy Allow or Deny the use of browser features : Missing
        • p3p Platform for Privacy Preferences : Missing
        • content-security-policy CSP Content Security Policy : Missing
        • x-frame-options Can we open this response in an iframe : Missing

        Cross Origin

        • access-control-allow-origin Can we share the response with the given origin : Missing
        • access-control-allow-credentials Tells Browsers whether to expose the response to frontend JavaScript : Missing
        • access-control-expose-headers Indicates which headers can be exposed as part of the Response : Missing
        • access-control-max-age Indicates how long the results of a preflight request can be stored : Missing
        • access-control-allow-methods Methods allowed when accessing the resource in response to a preflight request : Missing
        • access-control-allow-headers Indicates which headers can be used during the actual request : Missing

        Content

        • content-language The natural language or languages of the intended audience : Missing
        • transfer-encoding The form of encoding used : Missing
        • content-length The length of the response body : Missing
        • content-type The Media type of the Response Body [text/html; charset=iso-8859-1]
        • date The date and time of generation [Tue, 20 Sep 2022 23:11:57 GMT]
        • content-disposition An opportunity to raise a File Download dialogue box : Missing
        • content-encoding The type of encoding/compression used on the Response : Missing
        • content-location An alternate location for the returned data : Missing
        • content-range Where in a full body message this partial message belongs : Missing
        • etag An identifier for a specific version of a resource : Missing
        • vary how to match future request headers : Missing
        • x-content-type-options Types in Content-Type should NOT be changed : Missing

        Cache

        • cache-control Tells caches whether they may cache this object [max-age=1209600]
        • expires Gives the date/time after which the response is considered stale [Tue, 04 Oct 2022 23:11:57 GMT]
        • last-modified The last modified date for the requested object : Missing
        • pragma Implementation-specific fields for caching : Missing
        • x-cache-action From an Intermediate cache : Missing
        • x-cache-hits Intermediate Cache Hits count : Missing
        • x-cache-age Intermediate Cache Content Age : Missing
        • via Informs the client of proxies through which the response was sent : Missing
        • age The Age this page has been cached in a proxy : Missing
        • x-served-by The Cache that served this response : Missing
        • x-cache Indicates if the cache served cached content : Missing
        • x-via-fastly Specific headers from Fastly : Missing

        Strict Transport Security (HSTS) Policy

        • strict-transport-security A HSTS Policy for the client with scope [max-age=63072000; includeSubdomains; preload]

        Cookies and Fragments

        • set-cookie Cookie Data to store locally [AWSALBCORS=7ilLAAzgbSTnC8Sr3ghR8cb5uX+WefBXCZChBv4urkH7wJLPEC5a9+USxkzOHtaamzBrsBR+5Hs7ngDU6CU1Af/wJ6FYZ4qE1GN5UDwfJz3vJGfqyTg4zmUrFrDh; Expires=Tue, 27 Sep 2022 23:11:57 GMT; Path=/; SameSite=None; Secure]

        Other

        • x-backend-server Identifies the backend server providing this response : Missing
        • x-robots-tag Search engine Robot Directive : Missing
        • gen Used by some of the GEN Tools to verify zone ownership : Missing
        • cf-cache-status Cloudflare Specific Header indicating cache status for this response : Missing
        • x-aspnetmvc-version ASP MVC Version Number - Security Risk : Missing

        Not Profiled

        • x-permitted-cross-domain-policies [none]

      Robots.txt

      • You do not appear to have a robots.txt file. This is ok

    Processing Website Profile Data

      Website Render for www.firstgroup.com

      Technology Profile firstgroup.com

      We will check for fingerprints of common website technologies

        • Name : Drupal
        • Confidence : high
        • Version : 9.4.5

      MOZ Rank Profile https://firstbus.co.uk:443/

      We will retrieve your Ranking Profile from Moz.com

      • 0 The number of external, equity links
      • 0 The number of internal and external equity and non-equity links
      • 51 The Domain Authority (DA) ( 0->100 )
      • 27 The Page Authority (PA) ( 0->100 )
      • 2.700000048 The MozRank of the Domain ( 0->10 )

      Google Safe Browsing https://firstbus.co.uk:443/

      We will retrieve Safe Browsing Status from Google

      • This site is NOT listed as being unsafe by Google

      PhishTank Lookup https://firstbus.co.uk:443/

      We will check PhishTank to see if your site is listed

      • This site is NOT listed as being unsafe by PhishTank

      Alexa Rank Profile https://firstbus.co.uk:443/

      We will retrieve your Ranking Profile from Alexa.com

      • The number of external in links
      • Un-Ranked Your Alexa Rank

      Meta Profile https://firstbus.co.uk:443/

      We will check the entire body for metadata

      • description : Our UK Bus division operates around a fifth of local bus services in the UK and is one of the largest bus operators with a fleet of approximately 6,400 buses around the England, Scotland and Wales. We have bus routes serving 40 of the UK’s largest towns and cities providing great value public transport for students, commuters, leisure travellers and concession travellers.
      • abstract : Our UK Bus division operates around a fifth of local bus services in the UK and is one of the largest bus operators with a fleet of approximately 6,400 buses around the England, Scotland and Wales. We have bus routes serving 40 of the UK’s largest towns and cities providing great value public transport for students, commuters, leisure travellers and concession travellers.
      • mobileoptimized : width
      • handheldfriendly : true
      • viewport : width=device-width, initial-scale=1.0
      • apple-itunes-app : app-id=app-id=566586379
      • google-play-app : app-id=app-id=com.firstgroup.first.bus

    Processing Completed

    • Performance Profile
      • DNS Lookups : 0.48 seconds
      • DNS Folding/Unfolding : 0.00 seconds
      • DNS Nameserver Checks : 0.00 seconds
      • DNS TXT Records : 0.00 seconds
      • DNS MX Records : 0.33 seconds
      • DNS CNAME : 0.00 seconds
      • DNS Address : 0.00 seconds
      • WHOIS Lookups : 0.47 seconds
      • First CURL : 0.09 seconds
      • Second CURL : 0.17 seconds
      • SSL Lookup : 0.08 seconds
      • Header Parsing : 0.00 seconds
      • Robots.txt Parsing : 0.08 seconds
      • Website Profile : 10.64 seconds
      • Website MozData : 0.51 seconds
      • Safe Browsing : 0.14 seconds
      • PhishTank : 0.08 seconds
      • Website Alexa : 0.72 seconds
      • Website META : 0.69 seconds

    The process is now completed and the results are shown above. The raw processing data is available HERE. Please take a moment to consider each test and its response. DNS, SMTP and HTTP are not simple protocols and it is way beyond the scope of this tool to suggest improvements, but you are welcome to request assistance via our Forum.