Processing Domain talktalkplc.com on 28/03/2019 06:43:10 pm

Processing DNS Records

Basic Checks

Here we check the basic functioning and security of your DNS

• Zone Queries 6 Record Types and 45 Records Found
• Zone Transfer Failed
• Zone Dump
  • NS
    • . TTL 518400 a.root-servers.net.
    • . TTL 518400 b.root-servers.net.
    • . TTL 518400 c.root-servers.net.
    • . TTL 518400 d.root-servers.net.
    • . TTL 518400 e.root-servers.net.
    • . TTL 518400 f.root-servers.net.
    • . TTL 518400 g.root-servers.net.
    • . TTL 518400 h.root-servers.net.
    • . TTL 518400 i.root-servers.net.
    • . TTL 518400 j.root-servers.net.
    • . TTL 518400 k.root-servers.net.
    • . TTL 518400 l.root-servers.net.
    • . TTL 518400 m.root-servers.net.
    • talktalkplc.com. TTL 3200 ds0.opaltelecom.net.
    • talktalkplc.com. TTL 3200 ds1.opaltelecom.net.
    • talktalkplc.com. TTL 3200 ds2.opaltelecom.net.
  • TXT
    • _dmarc.talktalkplc.com. TTL 300 "v=DMARC1; p=reject; fo=1; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;"
    • talktalkplc.com. TTL 300 "MS=ms45086587"
    • talktalkplc.com. TTL 300 "google-site-verification=C33f2HQ5YrBhFIsMKEQkqzk90dUQwFBX7pol_6kTVdE"
    • talktalkplc.com. TTL 300 "v=spf1 a include:_netblocks.talktalkplc.com include:_netblocks2.talktalkplc.com include:_spf.salesforce.com include:servers.mcsv.net include:spf.protection.outlook.com -all"
    • talktalkplc.com. TTL 300 "wCBOY9f6mU5VzzTW0lrcNNyKzl1+tHCUQLQe4NCAZC+8DVvGTjkOdVPwJy/jf3j12f9SDjIO3c5gXb61iocX1Q=="
  • A
    • a.root-servers.net. TTL 3600000 198.41.0.4
    • b.root-servers.net. TTL 3600000 192.228.79.201
    • c.root-servers.net. TTL 3600000 192.33.4.12
    • d.root-servers.net. TTL 3600000 128.8.10.90
    • e.root-servers.net. TTL 3600000 192.203.230.10
    • f.root-servers.net. TTL 3600000 192.5.5.241
    • g.root-servers.net. TTL 3600000 192.112.36.4
    • h.root-servers.net. TTL 3600000 128.63.2.53
    • i.root-servers.net. TTL 3600000 192.36.148.17
    • j.root-servers.net. TTL 3600000 192.58.128.30
    • k.root-servers.net. TTL 3600000 193.0.14.129
    • l.root-servers.net. TTL 3600000 198.32.64.12
    • m.root-servers.net. TTL 3600000 202.12.27.33
    • mx1.talktalkplc.com. TTL 300 62.24.202.82
    • mx2.talktalkplc.com. TTL 300 62.24.202.83
    • mx3.talktalkplc.com. TTL 300 62.24.139.14
    • mx4.talktalkplc.com. TTL 300 62.24.139.15
    • talktalkplc.com. TTL 300 52.17.152.5
  • MX
    • talktalkplc.com. TTL 300 10 mx1.talktalkplc.com.
    • talktalkplc.com. TTL 300 10 mx2.talktalkplc.com.
    • talktalkplc.com. TTL 300 10 mx3.talktalkplc.com.
    • talktalkplc.com. TTL 300 10 mx4.talktalkplc.com.
  • SOA
    • talktalkplc.com. TTL 3200 ds0.opaltelecom.net. noc.opaltelecom.net. 2019022200 1200 3600 1728000 1200
  • CNAME
    • www.talktalkplc.com. TTL 300 pub.talktalkplc.alchemy-digital.co.uk.

Nameservers

Here we check the setup of your nameservers

• ds0.opaltelecom.net 62.24.128.200 Match
• ds1.opaltelecom.net 62.24.202.57 Match
• ds2.opaltelecom.net 62.24.134.4 Match

Processing TXT Records

DMARC Record:

The DMARC Record defines how MTA's should response when parsing DKIM and SPF records

• v=dmarc1 ( The Version of this record)
• p=reject ( The Policy to implement on FAIL)
• fo=1 ( Dictates what type of authentication/alignment vulnerabilities are reported)
• rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. ( Reporting URI of aggregate reports)
• ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. ( Reporting URI for forensic reports)

Microsoft Office 365 Verification Record:

This record is used to identify this domain as an Office 365 domain

• ms=ms45086587

Google Domain Verification Record:

This record is used by Google to validate domain ownership when setting up Google Analytics etc

• google-site-verification=c33f2hq5yrbhfismkeqkqzk90duqwfbx7pol_6ktvde

SPF Record:

The SPF Record defines which IP addresses are permitted to send email on this domain's behalf

• v=spf1 ( The SPF Format Version Number)
• a
• include:_netblocks.talktalkplc.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
• include:_netblocks2.talktalkplc.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
• include:_spf.salesforce.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
• include:servers.mcsv.net ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
• include:spf.protection.outlook.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
• -all ( Permit ONLY the hosts listed)

Unknown Record:

This Record can be safely ignored

• wcboy9f6mu5vzztw0lrcnnykzl1+thcuqlqe4ncazc+8dvvgtjkodvpwjy/jf3j12f9sdjio3c5gxb61iocx1q==

Processing MX (Mail Exchanger) Records

These Records determine the servers (mail servers) responsible for handling your incomming email. Each service is given a priority and they will be used in that order. If all the priorities are the same then they will be used in a round-robin fashion

• Priority 10 handled by host mx1.talktalkplc.com. [62.24.202.82] Valid
• Email Handled Locally
• Forward DNS 62.24.202.82 mx1.talktalkplc.com
Reverse DNS mx1.talktalkplc.com 62.24.202.82
• Port 25 (smtp) : Open
• Not Listed in any blacklists
• Priority 10 handled by host mx2.talktalkplc.com. [62.24.202.83] Valid
• Email Handled Locally
• Forward DNS 62.24.202.83 mx2.talktalkplc.com
Reverse DNS mx2.talktalkplc.com 62.24.202.83
• Port 25 (smtp) : Open
• Not Listed in any blacklists
• Priority 10 handled by host mx3.talktalkplc.com. [62.24.139.14] Valid
• Email Handled Locally
• Forward DNS 62.24.139.14 mx3.talktalkplc.com
Reverse DNS mx3.talktalkplc.com 62.24.139.14
• Port 25 (smtp) : Open
• Not Listed in any blacklists
• Priority 10 handled by host mx4.talktalkplc.com. [62.24.139.15] Valid
• Email Handled Locally
• Forward DNS 62.24.139.15 mx4.talktalkplc.com
Reverse DNS mx4.talktalkplc.com 62.24.139.15
• Port 25 (smtp) : Open
• Not Listed in any blacklists

Processing CNAME (Alias) Records

These records are aliases making one hostname relate to another. These are often used to match hosts back to clusters or internal referencs that may change.

• www.talktalkplc.com. pub.talktalkplc.alchemy-digital.co.uk.

Processing A (IPv4 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain. The www record is the most common one and will be used to identify your website address

• Host: a.root-servers.net. = IP: [198.41.0.4] Valid Reachable (14.796ms)
• Host: b.root-servers.net. = IP: [192.228.79.201] Valid Reachable (124.901ms)
• Host: c.root-servers.net. = IP: [192.33.4.12] Valid Reachable (22.182ms)
• Host: d.root-servers.net. = IP: [128.8.10.90] Valid Unreachable TX:1 RX:0 LOSS:100%
• Host: e.root-servers.net. = IP: [192.203.230.10] Valid Reachable (14.339ms)
• Host: f.root-servers.net. = IP: [192.5.5.241] Valid Reachable (13.934ms)
• Host: g.root-servers.net. = IP: [192.112.36.4] Valid Unreachable TX:1 RX:0 LOSS:100%
• Host: h.root-servers.net. = IP: [128.63.2.53] Valid Unreachable TX:1 RX:0 LOSS:100%
• Host: i.root-servers.net. = IP: [192.36.148.17] Valid Reachable (42.734ms)
• Host: j.root-servers.net. = IP: [192.58.128.30] Valid Reachable (285.391ms)
• Host: k.root-servers.net. = IP: [193.0.14.129] Valid Reachable (14.515ms)
• Host: l.root-servers.net. = IP: [198.32.64.12] Valid Unreachable TX:1 RX:0 LOSS:100%
• Host: m.root-servers.net. = IP: [202.12.27.33] Valid Reachable (24.815ms)
• Host: mx1.talktalkplc.com. = IP: [62.24.202.82] Valid Reachable (29.863ms)
• Host: mx2.talktalkplc.com. = IP: [62.24.202.83] Valid Reachable (29.705ms)
• Host: mx3.talktalkplc.com. = IP: [62.24.139.14] Valid Reachable (19.649ms)
• Host: mx4.talktalkplc.com. = IP: [62.24.139.15] Valid Reachable (19.448ms)
• Host: talktalkplc.com. = IP: [52.17.152.5] Valid Unreachable TX:1 RX:0 LOSS:100%

Processing AAAA (IPv6 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain

Processing Domain Public Records

Domain Name WHOIS Information - talktalkplc.com

• Domain Name TALKTALKPLC.COM
• Registry Domain ID 1587972321_DOMAIN_COM-VRSN
• Registrar WHOIS Server whois.corporatedomains.com
• Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
• Updated Date: 2019-03-04T06:30:53Z
• Creation Date: 2010-03-08T12:32:19Z
• Registry Expiry Date: 2020-03-08T12:32:19Z
• Registrar CSC Corporate Domains, Inc.
• Registrar IANA ID 299
• Registrar Abuse Contact Email This email address is being protected from spambots. You need JavaScript enabled to view it.
• Registrar Abuse Contact Phone 8887802723
• Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
• Name Server DS0.OPALTELECOM.NET
• Name Server DS1.OPALTELECOM.NET
• Name Server DS2.OPALTELECOM.NET
• DNSSEC unsigned
• URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

Website Hosting WHOIS Information - 198.41.0.4

• NetRange 198.41.0.0 - 198.41.3.255
• CIDR 198.41.0.0/22
• NetName INTERNIC1
• NetHandle NET-198-41-0-0-1
• Parent NET198 (NET-198-0-0-0-0)
• NetType Direct Assignment
• OriginAS
• Organization VeriSign Infrastructure & Operations (VIO-2)
• RegDate 1993-01-04
• Updated 2012-03-02
• Ref: https://rdap.arin.net/registry/ip/198.41.0.0
• OrgName VeriSign Infrastructure & Operations
• OrgId VIO-2
• Address 12061 Bluemont Way
• City Reston
• StateProv VA
• PostalCode 20190
• Country US
• RegDate 2002-07-11
• Updated 2019-02-01
• Ref: https://rdap.arin.net/registry/entity/VIO-2
• OrgAbuseHandle NETWO480-ARIN
• OrgAbuseName Network Admin
• OrgAbusePhone +1-703-948-4300
• OrgAbuseEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETWO480-ARIN
• OrgTechHandle NETWO480-ARIN
• OrgTechName Network Admin
• OrgTechPhone +1-703-948-4300
• OrgTechEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
• OrgTechRef: https://rdap.arin.net/registry/entity/NETWO480-ARIN
• OrgTechHandle GORMA115-ARIN
• OrgTechName Gorman, Brad
• OrgTechPhone +1-703-948-4484
• OrgTechEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
• OrgTechRef: https://rdap.arin.net/registry/entity/GORMA115-ARIN
• OrgTechHandle QUESA30-ARIN
• OrgTechName Quesada, Christopher
• OrgTechPhone +1-571-455-9378
• OrgTechEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
• OrgTechRef: https://rdap.arin.net/registry/entity/QUESA30-ARIN

Processing Website

Website Headers for www.talktalkplc.com

We will obtain the headers from your website and parse them for validity



• Web Server is TalkTalk httpd
• Request Response HTTP/1.1 200 OK OK
• SSL is available and enabled
• Certificate Name /CN=www.talktalkplc.com

Certificate Issued To

• Country
• City
• Locality
• Organisation
• Certificate Scope www.talktalkplc.com

Certificate Issuer

• Country US
• Organisation Let's Encrypt
• Certificate Scope Let's Encrypt Authority X3

Certificate Validity

• Valid From 190319221522Z
• Valid To 190617221522Z

Certificate Ciphers

• SN RSA-SHA256
• LN sha256WithRSAEncryption

Certificate Extensions

• Alternative Hostnames DNS:auth.talktalkgroup.com, DNS:auth.talktalkplc.com, DNS:careers.talktalk.co.uk, DNS:www.careers.talktalk.co.uk, DNS:www.talktalkgroup.co.uk, DNS:www.talktalkgroup.com, DNS:www.talktalkplc.com
• Key Usage TLS Web Server Authentication, TLS Web Client Authentication
• There was a redirect to https://www.talktalkgroup.com/
• Valid methods for a specified resource (Allow) Missing
• Control options for the current connection (Connection) Missing
• Specifies Technology in use (X-Powered-By) Missing

Security Related

• modifies the algorithm used to populate the Referer header (Referrer-Policy) Missing
• stops pages when they detect XSS (X-XSS-Protection) : 1; mode=block
• Allow and Deny the use of browser features (Feature-Policy) Missing
• Platform for Privacy Preferences (P3P) Missing

Cross Origin Resource Sharing

• (Access-Control-Allow-Origin) Missing
• (Access-Control-Allow-Credentials) Missing
• (Access-Control-Expose-Headers) Missing
• (Access-Control-Max-Age) Missing
• (Access-Control-Allow-Methods) Missing
• (Access-Control-Allow-Headers) Missing

Content Headers

• The natural language or languages of the intended audience (Content-Language) Missing
• The form of encoding used (Transfer-Encoding) Missing
• The length of the response body (Content-Length) : 20760
• The Media type of the body of the request (Content-Type) : text/html;charset=UTF-8
• The date and time of generation (Date) : Thu, 28 Mar 2019 18:30:54 GMT
• An opportunity to raise a File Download dialogue box (Content-Disposition) Missing
• The type of encoding used on the data (Content-Encoding) Missing
• An alternate location for the returned data (Content-Location) Missing
• Where in a full body message this partial message belongs (Content-Range) Missing
• An identifier for a specific version of a resource (ETag) Missing
• how to match future request headers (Vary) Missing

Caching Control

• Tells caches whether they may cache this object (Cache-Control) : no-cache
• Gives the date/time after which the response is considered stale (Expires) : Thu, 01 Jan 1970 00:00:00 GMT
• The last modified date for the requested object (Last-Modified) : Thu, 28 Mar 2019 18:30:54 GMT
• Implementation-specific fields for caching (Pragma) : no-cache
• From an Intermediate cache (X-Cache-Action) Missing
• Intermediate Cache Hits count (X-Cache-Hits) Missing
• Intermediate Cache Age (X-Cache-Age) Missing
• Informs the client of proxies through which the response was sent (Via) Missing
• The Age this page has been cached in a proxy (Age) Missing

Strict Transport Security (HSTS) Policy

• A HSTS Policy for the client with scope (Strict-Transport-Security) : max-age=31536000; includeSubDomains; preload

Cookies and Fragments

• Cookie Data (Set-Cookie) : VISITOR=returning;Path=/;HttpOnly;Secure

Robots.txt

• You do not appear to have a robots.txt file. This is ok

Processing Website Profile Data

Website Render for www.talktalkplc.com



Technology Profile talktalkplc.com

We will check for fingerprints of common website technologies



• Failed to succesfully profile the website.

Meta Profile https://www.talktalkgroup.com/

We will check the entire body for metadata



• description :
• keywords :
• viewport : width=device-width, initial-scale=1

Feature Profile https://www.talktalkgroup.com/

We will check for common HTML, Javascript and CSS Features



• DocType html (38578)
• Document Validated No
• Tawk.to No
• FontAwesome No
• Google Web Fonts No
• T3 Framework No
• Google Structured Data No
• Google Analytics Yes
• Mamoto Analytics No
• JQuery Yes

Processing Completed

The process is now completed and the results are shown above. Please take a moment to consider each test and its response. DNS, SMTP and HTTP are not simple protocols and it is way beyond the scope of this tool to suggest improvements, but you are welcome to request assistance via our Forum.