Processing Domain kfc.co.uk on 27/03/2019 09:20:41 pm

Processing DNS Records

Basic Checks

Here we check the basic functioning and security of your DNS

• Zone Queries 6 Record Types and 14 Records Found
• Zone Transfer Failed

Nameservers

Here we check the setup of your nameservers

• ns3.memset.com 31.222.188.99 Match
• ns3.memset.com 31.222.188.99 Match
• ns2.memset.com 78.31.107.87 Match
• ns2.memset.com 78.31.107.87 Match
• ns1.memset.com 89.200.136.74 Match
• ns1.memset.com 89.200.136.74 Match

Processing TXT Records

DMARC Record:

The DMARC Record defines how MTA's should response when parsing DKIM and SPF records

• v=dmarc1 ( The Version of this record)
• p=none ( The Policy to implement on FAIL)
• sp=none ( The Policy to implement for subdomains on FAIL)
• rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. ( Reporting URI of aggregate reports)
• ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. ( Reporting URI for forensic reports)
• rf=afrf
• pct=100 ( The Percentage of Messages subject to filtering)
• ri=86400
• fo=1 ( Dictates what type of authentication/alignment vulnerabilities are reported)

SPF Record:

The SPF Record defines which IP addresses are permitted to send email on this domain's behalf

• v=spf1 ( The SPF Format Version Number)
• include:spf.protection.outlook.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
• a:mx1smtp.yum.com
• a:mx2smtp.yum.com
• include:mail.zendesk.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
• ~all ( Permit other hosts but take note)

Unknown Record:

This Record can be safely ignored

• ms=ms43586709

Processing MX (Mail Exchanger) Records

These Records determine the servers (mail servers) responsible for handling your incomming email. Each service is given a priority and they will be used in that order. If all the priorities are the same then they will be used in a round-robin fashion

• Priority 10 handled by host kfc-co-uk.mail.protection.outlook.com. [104.47.41.36] Valid
• Email Handled By Microsoft Corporation
• Port 25 (smtp) : Open

Processing CNAME (Alias) Records

These records are aliases making one hostname relate to another. These are often used to match hosts back to clusters or internal referencs that may change.

• Host: www.kfc.co.uk. kfc-oo-prod-clb-1517316267.eu-west-1.elb.amazonaws.com.

Processing A (IPv4 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain. The www record is the most common one and will be used to identify your website address

• Host: kfc.co.uk. = IP: [54.171.229.222] Valid Unreachable TX:1 RX:0 LOSS:100%
• Host: kfc.co.uk. = IP: [54.72.194.234] Valid Unreachable TX:1 RX:0 LOSS:100%
• Host: ns1.memset.com. = IP: [89.200.136.74] Valid Reachable (14.512ms)
• Host: ns2.memset.com. = IP: [78.31.107.87] Valid Reachable (14.491ms)
• Host: ns3.memset.com. = IP: [31.222.188.99] Valid Reachable (17.584ms)

Processing AAAA (IPv6 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain

Processing Domain Public Records

Domain Name WHOIS Information - kfc.co.uk

• Domain name:
• kfc.co.uk
• Data validation:
• Nominet was able to match the registrant's name and address against a 3rd party data source on 12-Jul-2017
• Registrar:
• TUCOWS Inc t/a TUCOWS [Tag = TUCOWS-CA]
• URL: http://www.tucowsdomains.com
• Relevant dates:
• Registered on: before Aug-1996
• Expiry date: 30-Aug-2019
• Last updated: 12-Jul-2017
• Registration status:
• Registered until expiry date.
• Name servers:
• ns1.memset.com
• ns2.memset.com
• ns3.memset.com
• WHOIS lookup made at 21:17:21 27-Mar-2019

Website Hosting WHOIS Information - 54.171.229.222

• NetRange: 54.160.0.0 - 54.175.255.255
• CIDR: 54.160.0.0/12
• NetName: AMAZON-2011L
• NetHandle: NET-54-160-0-0-1
• Parent: NET54 (NET-54-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2014-06-20
• Updated: 2014-06-20
• Ref: https://rdap.arin.net/registry/ip/54.160.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2017-01-28
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-266-4064
• OrgNOCEmail: This email address is being protected from spambots. You need JavaScript enabled to view it.
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-266-4064
• OrgAbuseEmail: This email address is being protected from spambots. You need JavaScript enabled to view it.
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-266-4064
• OrgTechEmail: This email address is being protected from spambots. You need JavaScript enabled to view it.
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN

Processing Website

Website Headers for www.kfc.co.uk

We will obtain the headers from your website and parse them for validity



• Web Server Header is Missing
• Request Response HTTP/1.1 200 OK
• SSL is available and enabled
• Certificate Name /CN=kfc.co.uk
Certificate Issued To
• Country
• City
• Locality
• Organisation
• Certificate Scope kfc.co.uk
Certificate Issuer
• Country US
• Organisation Amazon
• Certificate Scope Amazon
Certificate Validity
• Valid From 181226000000Z
• Valid To 200126120000Z
Certificate Ciphers
• SN RSA-SHA256
• LN sha256WithRSAEncryption
Certificate Extensions
• Alternative Hostnames DNS:kfc.co.uk, DNS:kfc.ie, DNS:www.kfc.co.uk, DNS:www.kfc.ie, DNS:mmapi.kfc.co.uk, DNS:assets.kfc.co.uk
• Key Usage TLS Web Server Authentication, TLS Web Client Authentication
• There was a redirect to https://www.kfc.co.uk/
• Valid methods for a specified resource (Allow) Missing
• Control options for the current connection (Connection) Found : keep-alive
• Specifies Technology in use (X-Powered-By) Missing

Security Related

• modifies the algorithm used to populate the Referer header (Referrer-Policy) Missing
• stops pages when they detect XSS (X-XSS-Protection) Found : 1; mode=block
• Allow and Deny the use of browser features (Feature-Policy) Missing
• Platform for Privacy Preferences (P3P) Missing

Cross Origin Resource Sharing

• (Access-Control-Allow-Origin) Missing
• (Access-Control-Allow-Credentials) Missing
• (Access-Control-Expose-Headers) Missing
• (Access-Control-Max-Age) Missing
• (Access-Control-Allow-Methods) Missing
• (Access-Control-Allow-Headers) Missing

Content Headers

• The natural language or languages of the intended audience (Content-Language) Missing
• The form of encoding used (Transfer-Encoding) Missing
• The length of the response body (Content-Length) Missing
• The Media type of the body of the request (Content-Type) Found : text/html; charset=UTF-8
• The date and time of generation (Date) Found : Wed, 27 Mar 2019 21:17:22 GMT
• An opportunity to raise a File Download dialogue box (Content-Disposition) Missing
• The type of encoding used on the data (Content-Encoding) Missing
• An alternate location for the returned data (Content-Location) Missing
• Where in a full body message this partial message belongs (Content-Range) Missing
• An identifier for a specific version of a resource (ETag) Missing
• how to match future request headers (Vary) Found : Accept-Encoding

Caching Control

• Tells caches whether they may cache this object (Cache-Control) Found : no-cache, no-store, private
• Gives the date/time after which the response is considered stale (Expires) Found : Wed, 27 Mar 2019 22:17:22 GMT
• The last modified date for the requested object (Last-Modified) Missing
• Implementation-specific fields for caching (Pragma) Missing
• From an Intermediate cache (X-Cache-Action) Missing
• Intermediate Cache Hits count (X-Cache-Hits) Missing
• Intermediate Cache Age (X-Cache-Age) Missing
• Informs the client of proxies through which the response was sent (Via) Missing
• The Age this page has been cached in a proxy (Age) Found : 0

Strict Transport Security (HSTS) Policy

• A HSTS Policy for the client with scope (Strict-Transport-Security) Found : max-age=31536000; includeSubDomains

Cookies and Fragments

• Cookie Data (Set-Cookie) Found : AWSELB=E36F193858CF0600364308D7487F5DC89E4D105C320934709751D917FD41BA4247FA1910D16F004A1BFD7D987D7B3D3F215F884C1134924EF471A82D1F16186F29D1D2A6;PATH=/;MAX-AGE=3600

Robots.txt

• You do not appear to have a robots.txt file. This is ok

Processing Website Profile Data

Technology Profile kfc.co.uk

We will check for fingerprints of common website technologies



• Failed to succesfully profile the website.

Meta Profile https://www.kfc.co.uk/

We will check the entire body for metadata



• viewport : width=device-width, initial-scale=1, user-scalable=no
• theme-color : #ffffff
• mobile-web-app-capable : yes
• apple-mobile-web-app-capable : yes
• apple-mobile-web-app-status-bar-style : default
• apple-mobile-web-app-title : KFC
• msapplication-tilecolor : #ffffff
• msapplication-tileimage : /mstile-144x144.png
• format-detection : telephone=no
• description : Click here for the Finger Lickin' Good menu, find a restaurant or order for delivery near you. The chicken, the whole chicken and nothing but the chicken.
• twitter:card : summary
• twitter:site : @KFCUKI
• twitter:url : https://www.kfc.co.uk
• apple-itunes-app : app-id=933130307
• google-play-app : app-id=com.yum.colonelsclub

Processing Completed

The process is now completed and the results are shown above. Please take a moment to consider each test and its response. DNS, SMTP and HTTP are not simple protocols and it is way beyond the scope of this tool to suggest improvements, but you are welcome to request assistance via our Forum.