DNS & HTTP Analysis for Xbox.com
- Details
- Category: Tool Processing Reports
Processing Domain Xbox.com on 27/03/2019 06:46:18 pm
Processing DNS Records
Basic Checks
Here we check the basic functioning and security of your DNS
- Zone Queries 7 Record Types and 26 Records Found
- Zone Transfer Failed
Nameservers
Here we check the setup of your nameservers
- ns4.msft.net 208.76.45.53 Match
- ns1.msft.net 208.84.0.53 Match
- ns2.msft.net 208.84.2.53 Match
- ns3.msft.net 193.221.113.53 Match
Processing TXT Records
DMARC Record:
The DMARC Record defines how MTA's should response when parsing DKIM and SPF records
- v=dmarc1 ( The Version of this record)
- p=none ( The Policy to implement on FAIL)
- rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. ( Reporting URI of aggregate reports)
- ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. ( Reporting URI for forensic reports)
- fo=1:s:d ( Dictates what type of authentication/alignment vulnerabilities are reported)
Unknown Record:
This Record can be safely ignored
- b1939ppdagdjxs+54riwgyuzfcm+s+pe66upoheq+9z264ynfene2cvruxq+5ugtdqiou8jqz5akrvfcuvpfxq==
Docusign Record:
Docusign is a company offering document signing services but since a data breach and other security concerns this is rarely used today and you should consider removing it.
- docusign=c2837ae3-ac1e-446d-b257-c2328dce901a
Facebook Domain Verification Record:
This record is used by Facebook to validate domain ownership when creating company pages
- facebook-domain-verification=n2md3enk4k9r4s6kylpqmekhxyyrq7
Google Domain Verification Record:
This record is used by Google to validate domain ownership when setting up Google Analytics etc
- google-site-verification=e70djcpsqnxzda_pc9i_vo_bpu9hlmlqhtvsxegheqc
SPF Record:
The SPF Record defines which IP addresses are permitted to send email on this domain's behalf
- v=spf1 ( The SPF Format Version Number)
- ip4:65.55.42.0/24 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
- ip4:65.55.76.0/24 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
- mx:xbox.com
- include:_spf-ssg-a.microsoft.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
- include:spf.protection.outlook.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
- ~all ( Permit other hosts but take note)
Processing MX (Mail Exchanger) Records
These Records determine the servers (mail servers) responsible for handling your incomming email. Each service is given a priority and they will be used in that order. If all the priorities are the same then they will be used in a round-robin fashion
- Priority 10 handled by host xbox-com.mail.protection.outlook.com. [104.47.54.36] Valid
- Email Handled By Microsoft Corporation
- Port 25 (smtp) : Open
Processing CNAME (Alias) Records
These records are aliases making one hostname relate to another. These are often used to match hosts back to clusters or internal referencs that may change.
- Host: www.xbox.com. www.xbox.com.akadns.net.
Processing A (IPv4 Address) Records
These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain. The www record is the most common one and will be used to identify your website address
- Host: ns1.msft.net. = IP: [208.84.0.53] Valid Unreachable TX:1 RX:0 LOSS:100%
- Host: ns2.msft.net. = IP: [208.84.2.53] Valid Unreachable TX:1 RX:0 LOSS:100%
- Host: ns3.msft.net. = IP: [193.221.113.53] Valid Unreachable TX:1 RX:0 LOSS:100%
- Host: ns4.msft.net. = IP: [208.76.45.53] Valid Reachable (18.678ms)
- Host: xbox.com. = IP: [104.215.148.63] Valid Unreachable TX:1 RX:0 LOSS:100%
- Host: xbox.com. = IP: [13.77.161.179] Valid Unreachable TX:1 RX:0 LOSS:100%
- Host: xbox.com. = IP: [40.112.72.205] Valid Unreachable TX:1 RX:0 LOSS:100%
- Host: xbox.com. = IP: [40.113.200.201] Valid Unreachable TX:1 RX:0 LOSS:100%
- Host: xbox.com. = IP: [40.76.4.15] Valid Unreachable TX:1 RX:0 LOSS:100%
Processing AAAA (IPv6 Address) Records
These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain
- Host: ns1.msft.net. = IP: [2620:0:30:0:0:0:0:53] Valid
- Host: ns2.msft.net. = IP: [2620:0:32:0:0:0:0:53] Valid
- Host: ns3.msft.net. = IP: [2620:0:34:0:0:0:0:53] Valid
- Host: ns4.msft.net. = IP: [2620:0:37:0:0:0:0:53] Valid
Processing Domain Public Records
- We have been unable to find the website IP from the zone
- Performed an additional out-of-zone lookup to find website host [88.221.40.118]
Domain Name WHOIS Information - Xbox.com
- Domain Name: XBOX.COM
- Registry Domain ID: 1013326_DOMAIN_COM-VRSN
- Registrar WHOIS Server: whois.corporatedomains.com
- Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
- Updated Date: 2018-12-13T06:53:09Z
- Creation Date: 1996-12-18T05:00:00Z
- Registry Expiry Date: 2019-12-17T05:00:00Z
- Registrar: CSC Corporate Domains, Inc.
- Registrar IANA ID: 299
- Registrar Abuse Contact Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
- Registrar Abuse Contact Phone: 8887802723
- Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
- Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
- Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
- Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
- Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
- Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
- Name Server: NS1.MSFT.NET
- Name Server: NS2.MSFT.NET
- Name Server: NS3.MSFT.NET
- Name Server: NS4.MSFT.NET
- DNSSEC: unsigned
- URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
Website Hosting WHOIS Information - 88.221.40.118
- NetRange: 88.0.0.0 - 88.255.255.255
- CIDR: 88.0.0.0/8
- NetName: 88-RIPE
- NetHandle: NET-88-0-0-0-1
- Parent: ()
- NetType: Allocated to RIPE NCC
- OriginAS:
- Organization: RIPE Network Coordination Centre (RIPE)
- RegDate: 2004-04-01
- Updated: 2009-05-18
- Ref: https://rdap.arin.net/registry/ip/88.0.0.0
- ResourceLink: https://apps.db.ripe.net/search/query.html
- ResourceLink: whois.ripe.net
- OrgName: RIPE Network Coordination Centre
- OrgId: RIPE
- Address: P.O. Box 10096
- City: Amsterdam
- StateProv:
- PostalCode: 1001EB
- Country: NL
- RegDate:
- Updated: 2013-07-29
- Ref: https://rdap.arin.net/registry/entity/RIPE
- ReferralServer: whois://whois.ripe.net
- ResourceLink: https://apps.db.ripe.net/search/query.html
- OrgTechHandle: RNO29-ARIN
- OrgTechName: RIPE NCC Operations
- OrgTechPhone: +31 20 535 4444
- OrgTechEmail: This email address is being protected from spambots. You need JavaScript enabled to view it.
- OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
- OrgAbuseHandle: ABUSE3850-ARIN
- OrgAbuseName: Abuse Contact
- OrgAbusePhone: +31205354444
- OrgAbuseEmail: This email address is being protected from spambots. You need JavaScript enabled to view it.
- OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
- inetnum: 88.221.40.0 - 88.221.43.255
- netname: AKAMAI-PA
- descr: Akamai Technologies
- country: EU
- admin-c: NARA1-RIPE
- admin-c: NF1714-RIPE
- tech-c: NARA1-RIPE
- tech-c: NF1714-RIPE
- status: ASSIGNED PA
- mnt-by: AKAM1-RIPE-MNT
- mnt-routes: AKAM1-RIPE-MNT
- created: 2009-02-09T22:28:21Z
- last-modified: 2009-02-09T22:28:21Z
- source: RIPE
- role: Network Architecture Role Account
- address: Akamai Technologies
- address: 8 Cambridge Center
- address: Cambridge, MA 02142
- phone: +1-617-938-3130
- abuse-mailbox: This email address is being protected from spambots. You need JavaScript enabled to view it.
- admin-c: NF1714-RIPE
- admin-c: CKAK-RIPE
- tech-c: NF1714-RIPE
- tech-c: JP1944-RIPE
- tech-c: APB15-RIPE
- tech-c: CKAK-RIPE
- tech-c: TBAK-RIPE
- tech-c: NB782-RIPE
- tech-c: RM4844-RIPE
- tech-c: JZ2012-RIPE
- nic-hdl: NARA1-RIPE
- mnt-by: AKAM1-RIPE-MNT
- created: 2002-03-06T09:02:17Z
- last-modified: 2017-07-12T16:18:37Z
- person: Noam Freedman
- address: Akamai Technologies
- address: 8 Cambridge Center
- address: Cambridge, MA 02142
- phone: +1-617-938-3130
- nic-hdl: NF1714-RIPE
- mnt-by: AKAM1-RIPE-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2017-10-30T21:45:05Z
- route: 88.221.40.0/22
- descr: Akamai Technologies
- origin: AS16625
- mnt-by: AKAM1-RIPE-MNT
- created: 2017-01-27T15:00:05Z
- last-modified: 2017-01-27T15:00:05Z
- source: RIPE
- route: 88.221.40.0/22
- descr: Akamai Technologies
- origin: AS20940
- mnt-by: AKAM1-RIPE-MNT
- created: 2017-01-27T15:00:05Z
- last-modified: 2017-01-27T15:00:05Z
- source: RIPE
Processing Website
Website Headers for www.Xbox.com
We will obtain the headers from your website and parse them for validity
- Web Server Header is Missing
- Request Response HTTP/1.1 302 Moved Temporarily
- SSL is available and enabled
- Certificate Name /C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=Microsoft Corporation/CN=*.xbox.com
Certificate Issued ToCertificate Issuer
- Country US
- City WA
- Locality Redmond
- Organisation Microsoft Corporation
- Certificate Scope *.xbox.com
Certificate Validity
- Country US
- Organisation Microsoft Corporation
- Certificate Scope Microsoft IT TLS CA 5
Certificate Ciphers
- Valid From 171128180329Z
- Valid To 191128180329Z
Certificate Extensions
- SN RSA-SHA256
- LN sha256WithRSAEncryption
- Alternative Hostnames DNS:*.xbox.com
- Key Usage TLS Web Client Authentication, TLS Web Server Authentication
- There was a redirect to https://www.xbox.com/
- There was a SECOND redirect - This is not good practice
- Valid methods for a specified resource (Allow) Missing
- Control options for the current connection (Connection) Found : keep-alive
- Specifies Technology in use (X-Powered-By) Missing
Security Related
- modifies the algorithm used to populate the Referer header (Referrer-Policy) Missing
- stops pages when they detect XSS (X-XSS-Protection) Missing
- Allow and Deny the use of browser features (Feature-Policy) Missing
- Platform for Privacy Preferences (P3P) Missing
Cross Origin Resource Sharing
- (Access-Control-Allow-Origin) Missing
- (Access-Control-Allow-Credentials) Missing
- (Access-Control-Expose-Headers) Missing
- (Access-Control-Max-Age) Missing
- (Access-Control-Allow-Methods) Missing
- (Access-Control-Allow-Headers) Missing
Content Headers
- The natural language or languages of the intended audience (Content-Language) Missing
- The form of encoding used (Transfer-Encoding) Missing
- The length of the response body (Content-Length) Found : 0
- The Media type of the body of the request (Content-Type) Missing
- The date and time of generation (Date) Found : Wed, 27 Mar 2019 18:44:10 GMT
- An opportunity to raise a File Download dialogue box (Content-Disposition) Missing
- The type of encoding used on the data (Content-Encoding) Missing
- An alternate location for the returned data (Content-Location) Missing
- Where in a full body message this partial message belongs (Content-Range) Missing
- An identifier for a specific version of a resource (ETag) Missing
- how to match future request headers (Vary) Missing
Caching Control
- Tells caches whether they may cache this object (Cache-Control) Found : private, max-age=166
- Gives the date/time after which the response is considered stale (Expires) Missing
- The last modified date for the requested object (Last-Modified) Missing
- Implementation-specific fields for caching (Pragma) Missing
- From an Intermediate cache (X-Cache-Action) Missing
- Intermediate Cache Hits count (X-Cache-Hits) Missing
- Intermediate Cache Age (X-Cache-Age) Missing
- Informs the client of proxies through which the response was sent (Via) Missing
- The Age this page has been cached in a proxy (Age) Missing
Strict Transport Security (HSTS) Policy
- A HSTS Policy for the client with scope (Strict-Transport-Security) Found : max-age=10886400
Cookies and Fragments
- Cookie Data (Set-Cookie) Found : aka_locale=GB; domain=.www.xbox.com
Robots.txt
- You have a robots.txt file and it appears to be valid
User-agent: * Disallow: /error Disallow: /*Search?q* Disallow: /*results?k* Disallow: /_layouts/ Disallow: /_vti_bin/ Disallow: /*/contact-us?isChatCallAvailable=false Sitemap: https://www.xbox.com/sitemap.xml
Processing Website Profile Data
Technology Profile Xbox.com
We will check for fingerprints of common website technologies
- Failed to succesfully profile the website.
Meta Profile https://www.xbox.com/
We will check the entire body for metadata
- ms_locale :
- viewport : initial-scale=1
- twitter:card : summary
- twitter:site : @xbox
- twitter:title : Xbox | Official Site
- twitter:description : Experience the new generation of games and entertainment with Xbox. Play Xbox games and stream video on all your devices.
- ms_sitesec : xbox
- ms_gpn : www.xbox.com
- google-site-verification : DwwA91vK7HXTFtFONAd_bxf4GIRuu7I4fIgQ_kMRX58
- msvalidate_01 : F0E116C6ABD19476DB260626F67AE0A4
- description : Explore the hottest games on Xbox. Bundles, exclusives, accessories and more.
- keywords : Microsoft, store, products, support, Xbox One, Xbox 360, games, gaming on windows, Xbox Live, entertainment, Star Wars™ Battlefront™, Xbox, shop, coming soon, new, sale, bundle, Xbox One S Battlefield 1 Special Edition Bundle, Early Enlister Deluxe Edition, 1TB, accessories, consoles, Gears of War 4, pre-order, NFL on Xbox, NFL, 4K entertainment system, NFL fans, play, most reliable, gaming network, backward compatibility, Xbox Play Anywhere, community, Windows 10 PC, Xbox 360 games, advanced features, Xbox accessories, Xbox Design Lab, personalize, Xbox Wireless Controller, color, Xbox Elite Wireless Controller, Gears of War 4 Limited Edition, Xbox One Special Edition Armed Forces Stereo Headset, design yours, redeem code, events, Xbox Wire, sales, specials
- robots : INDEX, FOLLOW
Processing Completed
The process is now completed and the results are shown above. Please take a moment to consider each test and its response. DNS, SMTP and HTTP are not simple protocols and it is way beyond the scope of this tool to suggest improvements, but you are welcome to request assistance via our Forum.