Processing Domain mozilla.org on 29/03/2019 19:59:38

• This tool is available free to use at GENSupport
• Help and Support for your DNS or HTTP issues available on our Forum
• The version that produced this report is 1.004b

Processing DNS Records

Basic Checks

Here we check the basic functioning and security of your DNS

• Zone Queries 8 Record Types and 25 Records Found
• Zone Transfer Failed
• Zone Dump
  • RRSIG
    • _dmarc.mozilla.org. TTL 3600 TXT 7 3 3600 20190401152254 20190329142254 31247 mozilla.org. gZodbESRVeeLv+rv5YcP3/PzXDsZcjWaWFrYwQ5mEGL530TNERumB4xQXH39eJ6QVy+xMEhnYW/pqb1O1ijei1/uZUAeXBOn9bUDNGUmTlXKjyS7uwyFjJRVeltRDi0+TfGAWVjdm9jMhncU62YVxBmaNAKWxHv+opmb9ITp0xk=
    • cmne9d38gmkpejnab2m1vlmi9530u0d7.mozilla.org. TTL 60 NSEC3 7 3 60 20190401152254 20190329142254 31247 mozilla.org. F35+VCvjZ5VyM1LWSo3quKEoxgcXyalMHir6dQtVbyVNDGp2IGivwOzBq7Luboo17JhjLT1piOmD39QUWU6uiU0Wr2h44ATsnBFZdkhxAKjCGu6tAfe6NfbPR/AQqrplHcT6jJdiA2Ug8zxEbB77AoAZyEOuaYVIVTmaVRezEQ4=
    • mozilla.org. TTL 3600 NS 7 2 3600 20190401152254 20190329142254 31247 mozilla.org. vsDZ/2AC5v0KNHAEf1k6KJAjEWoyr27W0YQxD2gYOYQzmWS6nkhQ9BqHVJyNGw2h8kQLL0HNCdDM8GwLPOttTfIDv0lkuDRro1kz4eBzPXPqPeHhI3GnKdELccoVOShkcOu/iky1OqxuqOagKTh3dIPAzENSJjeLhgQfw5yEdYQ=
    • mozilla.org. TTL 3600 SOA 7 2 3600 20190401152254 20190329142254 31247 mozilla.org. pde4AwM8ZCOTII9F5uZSk3PxPltWuk8j08Mp/gDLvKOmuRAZlg4Lg1Pmpr3mKEWeDXu3IC9SoI6FlYXnWV7txOFpExGBL7yVr8WkOx6oHewSHpcHvrKlOF5Ix9ALenz6RG+zG8oQ4fWitjupELuS71KkWVyXVwVQq613xz8ko0g=
    • mozilla.org. TTL 60 A 7 2 60 20190401152254 20190329142254 31247 mozilla.org. nbRruKYaW+BY6ZC5a0YJSrGG/17q/FcVDZMsbxFi67h/BE0CdhAmqV/mPH+icQ1RIHAuv3PdFT1TjplCC7Vr6rVM3z5QJom2PRWAtK+8qLSfPZMDadLpX4L76rJz3tUPUSC6L/DLBMgjTj5Xvdr2RVOPMIXoCH+Mi1rpUHghiHY=
    • mozilla.org. TTL 60 MX 7 2 60 20190401152254 20190329142254 31247 mozilla.org. aoxz2Y+gzCErbBdYRn8oQdLJkyyqnhS1N1Tf4u2rIAPRl2UMiSfblF/QwVklFaMl8XqK2Kd7vE4eN4/6ZDFsNkp+MwA3CfMhq31ewQGP0cOdpWpXM8d+mNzCsIEdhtVBa3+1sKVPGfv9Tcp8OJAmkCc6MSvkSO7e3c529usSDj4=
    • mozilla.org. TTL 60 TXT 7 2 60 20190401152254 20190329142254 31247 mozilla.org. ROfUHW0s7ODndsXE9anZdekVRcs2woxNxB76S3MAVEloHFH904tqN5TegMAcx2gD279r7RHjYgQ5rc0U/OGsIS2MxduEpm9iObHqT9seHtOzCgf59NGiyYhQRIdP0JBs7cNbTUwcPHSBQL3ihOpVk65E8odTqMIMF4J7qY409Rk=
    • www.mozilla.org. TTL 60 CNAME 7 3 60 20190401152254 20190329142254 31247 mozilla.org. PK9mxmjpgcr8JQ0H9/W6krAy1w+wWdfP/DDgwTAnpOgFRCDz9wISqvDu1UTpekVef5i8Qyej61VM0ctsIogsaxY5rAfdnEwYCWjSuXpNBRVbKaHqrCKMe5KTJLjDRdlqITTCLKI9I2FCXnRrB386Vi9wNotrLLGSYD3jf9ybMfI=
  • TXT
    • _dmarc.mozilla.org. TTL 3600 "v=DMARC1; p=none; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it."
    • mozilla.org. TTL 60 "google-site-verification=E1vBHtOW-D9IlAj-pbRM-8PrOSiPDT48lrwRlW82ysw"
    • mozilla.org. TTL 60 "google-site-verification=Lo_B34AJAe70BQVNF1Fo1zGGJudPmw9bLTnP2C8lV-s"
    • mozilla.org. TTL 60 "v=spf1 include:_spf.mozilla.com include:_spf.google.com ~all"
    • mozilla.org. TTL 60 "yandex-verification"
  • NSEC3
    • cmne9d38gmkpejnab2m1vlmi9530u0d7.mozilla.org. TTL 60 1 0 1 58B4250BE3119A6B ZblrNi/qBATidnsasrwKMr4sBbU= A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM
  • NS
    • mozilla.org. TTL 3600 ns1-240.akam.net.
    • mozilla.org. TTL 3600 ns4-64.akam.net.
    • mozilla.org. TTL 3600 ns5-65.akam.net.
    • mozilla.org. TTL 3600 ns7-66.akam.net.
  • SOA
    • mozilla.org. TTL 3600 infoblox1.private.mdc2.mozilla.com. sysadmins.mozilla.org. 2019040360 180 180 1209600 60
  • A
    • mozilla.org. TTL 60 63.245.208.195
  • MX
    • mozilla.org. TTL 60 1 aspmx.l.google.com.
    • mozilla.org. TTL 60 10 aspmx3.googlemail.com.
    • mozilla.org. TTL 60 5 alt1.aspmx.l.google.com.
    • mozilla.org. TTL 60 5 alt2.aspmx.l.google.com.
  • CNAME
    • www.mozilla.org. TTL 60 www.mozilla.org.cdn.cloudflare.net.

Nameservers

Here we check the setup of your nameservers. All nameservers on your domain should be listed in the zone and returned in an ANY query along with corresponding A and/or AAAA records resolving their address.

• ns4-64.akam.net 84.53.139.64 Found and Match. ( Missing from Zone Address Records )
• ns1-240.akam.net 193.108.91.240 Found and Match. ( Missing from Zone Address Records )
• ns7-66.akam.net 96.7.49.66 Found and Match. ( Missing from Zone Address Records )
• ns5-65.akam.net 184.85.248.65 Found and Match. ( Missing from Zone Address Records )

Processing TXT Records

DMARC Record:

The DMARC Record defines how MTA's should response when parsing DKIM and SPF records

• v=dmarc1 (The Version of this record)
• p=none (The Policy to implement on FAIL)
• rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. (Reporting URI of aggregate reports)

Google Domain Verification Record

This record is used by Google to validate domain ownership when setting up Google Analytics etc

• google-site-verification=e1vbhtow-d9ilaj-pbrm-8prosipdt48lrwrlw82ysw

Google Domain Verification Record

This record is used by Google to validate domain ownership when setting up Google Analytics etc

• google-site-verification=lo_b34ajae70bqvnf1fo1zggjudpmw9bltnp2c8lv-s

SPF Record:

The SPF Record defines which IP addresses are permitted to send email on this domain's behalf

• v=spf1 (The SPF Format Version Number)
• include:_spf.mozilla.com (The SPF Record listed here should be used - Additional look-ups required)
• include:_spf.google.com (The SPF Record listed here should be used - Additional look-ups required)
• ~all (Permit servers listed in A records - Not a great idea)

Yandex Search Engine Domain Verification Record

This record is used by Yandex (A Russian Search Engine) to verify domain submissions to their webmaster tools

• yandex-verification

Processing MX (Mail Exchanger) Records

These Records determine the servers (mail servers) responsible for handling your incomming email. Each service is given a priority and they will be used in that order. If all the priorities are the same then they will be used in a round-robin fashion

• Priority 1 handled by host aspmx.l.google.com. [64.233.166.26] Valid
• Email Handled By Google Corporation
• Port 25 (smtp) : Open
• Priority 10 handled by host aspmx3.googlemail.com. [74.125.68.27] Valid
• Email Handled By Google Corporation
• Port 25 (smtp) : Open
• Priority 5 handled by host alt1.aspmx.l.google.com. [74.125.205.26] Valid
• Email Handled By Google Corporation
• Port 25 (smtp) : Open
• Priority 5 handled by host alt2.aspmx.l.google.com. [74.125.68.26] Valid
• Email Handled By Google Corporation
• Port 25 (smtp) : Open

Processing CNAME (Alias) Records

These records are aliases making one hostname relate to another. These are often used to match hosts back to clusters or internal referencs that may change.

• www.mozilla.org. www.mozilla.org.cdn.cloudflare.net.

Processing A (IPv4 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain. The www record is the most common one and will be used to identify your website address

• Host: mozilla.org. = IP: [63.245.208.195] Valid Reachable (144.655ms)

Processing AAAA (IPv6 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain

Processing Domain Public Records

Domain Name WHOIS Information - mozilla.org

• Domain Name MOZILLA.ORG
• Registry Domain ID D1409563-LROR
• Registrar WHOIS Server whois.markmonitor.com
• Registrar URL: http://www.markmonitor.com
• Updated Date: 2018-12-22T10:05:05Z
• Creation Date: 1998-01-24T05:00:00Z
• Registry Expiry Date: 2021-01-23T05:00:00Z
• Registrar Registration Expiration Date
• Registrar MarkMonitor Inc.
• Registrar IANA ID 292
• Registrar Abuse Contact Email This email address is being protected from spambots. You need JavaScript enabled to view it.
• Registrar Abuse Contact Phone +1.2083895740
• Reseller
• Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
• Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
• Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
• Registrant Organization Mozilla Corporation
• Registrant State/Province CA
• Registrant Country US
• Name Server NS5-65.AKAM.NET
• Name Server NS7-66.AKAM.NET
• Name Server NS4-64.AKAM.NET
• Name Server NS1-240.AKAM.NET
• DNSSEC signedDelegation
• URL of the ICANN Whois Inaccuracy Complaint Form https //www.icann.org/wicf/)

Website Hosting WHOIS Information - 63.245.208.195

• Mozilla Corporation MOZNET-1 (NET-63-245-208-0-1) 63.245.208.0 - 63.245.223.255
• Mozilla MOZILLA-MDC1 (NET-63-245-208-0-2) 63.245.208.0 - 63.245.209.255

Processing Website

Website Headers for www.mozilla.org

We will obtain the headers from your website and parse them for validity

• Web Server is cloudflare
• Request Response HTTP/1.1 200 OK OK
• SSL is available and enabled
• Certificate Name /C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=WebOps/CN=www.mozilla.org

Certificate Issued To

• Country US
• City California
• Locality Mountain View
• Organisation Mozilla Corporation
• Certificate Scope www.mozilla.org

Certificate Issuer

• Country US
• Organisation DigiCert Inc
• Certificate Scope DigiCert SHA2 Secure Server CA

Certificate Validity

• Valid From 181105000000Z
• Valid To 191113120000Z

Certificate Ciphers

• SN RSA-SHA256
• LN sha256WithRSAEncryption

Certificate Extensions

• Alternative Hostnames DNS:www.mozilla.org, DNS:mozilla.org
• Key Usage TLS Web Server Authentication, TLS Web Client Authentication
• There was a redirect to https://www.mozilla.org/en-US/
• Valid methods for a specified resource (Allow) Missing
• Control options for the current connection (Connection) : keep-alive
• Specifies Technology in use (X-Powered-By) Missing

Security Related

• modifies the algorithm used to populate the Referer header (Referrer-Policy) Missing
• stops pages when they detect XSS (X-XSS-Protection) Missing
• Allow and Deny the use of browser features (Feature-Policy) Missing
• Platform for Privacy Preferences (P3P) Missing

Cross Origin Resource Sharing

• (Access-Control-Allow-Origin) Missing
• (Access-Control-Allow-Credentials) Missing
• (Access-Control-Expose-Headers) Missing
• (Access-Control-Max-Age) Missing
• (Access-Control-Allow-Methods) Missing
• (Access-Control-Allow-Headers) Missing

Content Headers

• The natural language or languages of the intended audience (Content-Language) Missing
• The form of encoding used (Transfer-Encoding) Missing
• The length of the response body (Content-Length) Missing
• The Media type of the body of the request (Content-Type) : text/html; charset=utf-8
• The date and time of generation (Date) : Fri, 29 Mar 2019 19:57:22 GMT
• An opportunity to raise a File Download dialogue box (Content-Disposition) Missing
• The type of encoding used on the data (Content-Encoding) Missing
• An alternate location for the returned data (Content-Location) Missing
• Where in a full body message this partial message belongs (Content-Range) Missing
• An identifier for a specific version of a resource (ETag) : "909beeea82c36caed9bf8b7b113d38a6"
• how to match future request headers (Vary) Missing

Caching Control

• Tells caches whether they may cache this object (Cache-Control) : max-age=600
• Gives the date/time after which the response is considered stale (Expires) : Fri, 29 Mar 2019 17:10:15 GMT
• The last modified date for the requested object (Last-Modified) Missing
• Implementation-specific fields for caching (Pragma) Missing
• From an Intermediate cache (X-Cache-Action) Missing
• Intermediate Cache Hits count (X-Cache-Hits) Missing
• Intermediate Cache Age (X-Cache-Age) Missing
• Informs the client of proxies through which the response was sent (Via) Missing
• The Age this page has been cached in a proxy (Age) Missing

Strict Transport Security (HSTS) Policy

• A HSTS Policy for the client with scope (Strict-Transport-Security) Missing

Cookies and Fragments

• Cookie Data (Set-Cookie) Missing

Robots.txt

• You have a robots.txt file and it appears to be valid
  • Allow Entries (0) - Specific Allow
  • Disallow Entries (5) - Specific Disallow
    • /*/firstrun/
    • /*/newsletter/existing/
    • /*/whatsnew/
    • /*/etc/
  • Sitemap Entries (1) - Sitemaps
    • https://www.mozilla.org/sitemap.xml
  • Other Entries (3)
    • user-agent: linkchecker
    • crawl-delay: 1
    • user-agent: *

Processing Website Profile Data

Website Render for www.mozilla.org



Technology Profile mozilla.org

We will check for fingerprints of common website technologies

• Failed to succesfully profile the website, it is likely either custom or plain HTML.

Meta Profile https://www.mozilla.org/en-US/

We will check the entire body for metadata

• viewport : width=device-width, initial-scale=1
• msvalidate_01 : B7B177115A634927D608514DA17B2574
• google-site-verification : U9a6gH32vLIykvntaDToj-ytYhlZ1AfAgVEKstixQIE
• description : Mozilla is the not-for-profit behind the lightning fast Firefox browser. We put people over profit to give everyone more power online.
• twitter:card : summary
• twitter:site : @mozilla
• twitter:domain : mozilla.org
• twitter:app:name:googleplay : Firefox
• twitter:app:id:googleplay : org.mozilla.firefox
• twitter:app:name:iphone : Firefox
• twitter:app:id:iphone : 989804926
• twitter:app:name:ipad : Firefox
• twitter:app:id:ipad : 989804926

Feature Profile https://www.mozilla.org/en-US/

We will check for common HTML, Javascript and CSS Features

• DocType html (141161)
• Document Validated No
• Tawk.to No
• FontAwesome No
• Google Web Fonts No
• T3 Framework No
• Google Structured Data Yes
• Google Analytics No
• Mamoto Analytics No
• JQuery No
• RequireJS No
• jQuery No

Processing Completed

The process is now completed and the results are shown above. Please take a moment to consider each test and its response. DNS, SMTP and HTTP are not simple protocols and it is way beyond the scope of this tool to suggest improvements, but you are welcome to request assistance via our Forum.