Dr . Who Dr.Who lives at drwho.me — audit-grade domain evidence.
additional context — IP + user-agent lookups lookups that complement a dossier — useful when investigating a finding, but not part of the dossier engine itself.
2 MX record(s) present
Why it matters: MX records direct inbound mail. Misconfiguration silently breaks email delivery and lets attackers stand up parallel MX hosts for spoofing campaigns (ISO 27001 A.8.21).
pri=10 mxa-00154901.gslb.pphosted.com.pri=10 mxb-00154901.gslb.pphosted.com.fetched 2026-05-23T09:27:02.621Z
~all softfail — receivers may still accept
Why it matters: SPF tells receiving servers which hosts may send mail for the domain. Without it, any sender can forge the envelope-from — the primary mechanism behind business-email-compromise (SOC 2 CC6.7).
Recommendations
Move to -all (hardfail) once your mail flow is confirmed — softfail gives no real protection v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all fetched 2026-05-23T09:27:02.622Z
DNSSEC not configured — no DS or DNSKEY records found
Why it matters: DNSSEC cryptographically signs DNS responses, blocking cache-poisoning attacks. US federal civilian agencies are required to enable it under OMB M-22-09 (NIST SC-20).
Recommendations
Enable DNSSEC in your DNS provider's control panel and add the resulting DS record at your registrar
enabled no
DS records —
DNSKEY records — fetched 2026-05-23T09:27:02.628Z
not applicable: no _mta-sts TXT record
Why it matters: MTA-STS forces inbound SMTP to use TLS and refuse downgraded connections. Without it, an in-path attacker can strip TLS and read mail in plaintext (SOC 2 CC6.7).
p=reject — strict policy
Why it matters: DMARC binds SPF and DKIM into an enforceable policy (quarantine or reject) and surfaces spoofing attempts via aggregate reports. `p=none` or absent means spoofing succeeds silently (SOC 2 CC6.7).
v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com,mailto:dmarc.reports.rua@dell.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com,mailto:dmarc.reports.ruf@dell.com;
v= DMARC1
p= reject
fo= 1
rua= mailto:dmarc_rua@emaildefense.proofpoint.com,mailto:dmarc.reports.rua@dell.com
ruf= mailto:dmarc_ruf@emaildefense.proofpoint.com,mailto:dmarc.reports.ruf@dell.com fetched 2026-05-23T09:27:02.630Z
not applicable: no TLSRPT record
Why it matters: TLS-RPT publishes a reporting address for SMTP-TLS failures. Without it, downgrade attacks on inbound mail go unnoticed (SOC 2 CC7.2).
A/AAAA records present
Why it matters: Without authoritative A or AAAA records on the apex, the domain is unreachable. Missing baseline DNS shows up in vendor reviews as evidence of unmanaged infrastructure (SOC 2 CC6.6).
A ttl=369 143.166.30.172ttl=369 143.166.136.12
AAAA — NS ttl=1200 ns4ns.dell.com.ttl=1200 ns1ak.dell.com.ttl=1200 ns3ak.dell.com.ttl=1200 ns3ns.dell.com.ttl=1200 ns2ns.dell.com.ttl=1200 ns4ak.dell.com.ttl=1200 ns2ak.dell.com.ttl=1200 ns1ns.dell.com.SOA ttl=1200 ns1ak.dell.com. dnsadmin.dell.com. 2023165727 900 300 1209600 3600CAA ttl=86400 \# 31 00 0c 63 6f 6e 74 61 63 74 65 6d 61 69 6c 70 6b 69 61 64 6d 69 6e 40 64 65 6c 6c 2e 63 6f 6dttl=86400 \# 31 00 05 69 6f 64 65 66 6d 61 69 6c 74 6f 3a 70 6b 69 61 64 6d 69 6e 40 64 65 6c 6c 2e 63 6f 6dttl=86400 \# 93 00 05 69 73 73 75 65 64 69 67 69 63 65 72 74 2e 63 6f 6d 3b 20 61 63 63 6f 75 6e 74 3d 62 33 34 66 64 32 38 36 64 62 30 33 63 63 61 64 30 32 30 66 30 61 37 35 30 31 30 64 64 37 35 35 34 34 65 61 66 32 62 39 36 37 31 39 35 62 34 62 65 63 62 36 34 36 30 63 39 32 34 64 33 35 63 39TXT ttl=1200 "cloudhealth=bc69ab72-7a50-49ba-89a9-0d53240d15a2"ttl=1200 "atlassian-domain-verification=j9YpPzaCTsYFH/eiKtH/oDcidmulqCugV4IEw68a1ZPVuHzr2DDDG1lD65u6JW0o"ttl=1200 "asv=83f2d0acacad2f4158293ec47e883a4b"ttl=1200 "flexera-domain-verification-ctmwxigmayiwqrmo"ttl=1200 "e2ma-verification=m7wfb"ttl=1200 "smartsheet-site-validation=J5RH52vn3V/FgihifRPzrpJUqsvtA8GANA7f7LrvXa4="ttl=1200 "quickbase-site-verification- 40a3684dbcf76a86d05e354550d69663186a5266"ttl=1200 "onetrust-domain-verification=b715692cd6d3495b8e6a709660e5260b"ttl=1200 "bb64r23qq9aaah3vd3r5uq9utv"ttl=1200 "smartsheet-site-validation=xFJhW-jeML60zGSv2rn0zep8mAMKJDFC"ttl=1200 "qqmail-site-verification=159655b28ba37a1bf10d033484c7f0ec420a2404b0a"ttl=1200 "Dynatrace-site-verification=881dac98-a064-4209-b3b6-c6040c25494e__kn6o11769vjjocnot25vq690ai"ttl=1200 "cisco-ci-domain-verification=56563590a1c39189e9cadd3608d531e95f0a25e56cf5b7f2674abbceb0fe53b9"ttl=1200 "v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all"ttl=1200 "smartsheet-site-validation=7wc_AkCiyYrI0rlwwyicx80fxmuwrtA0"fetched 2026-05-23T09:27:02.622Z
ttl=1200 "onetrust-domain-verification=49052d6669b540f498122f8048811d2b"
ttl=1200 "fastly-domain-delegation-Myray90Zz88jTg39d-716408-20231121"
ttl=1200 "miro-verification=2e47890b4adca24d555313d983416861efb55bd6"
ttl=1200 "autodesk-domain-verification=ScQgMSLe4a3JtK26uHuW"
ttl=1200 "asv=ff29bd171f3e713fb874b1ee4796fc6d"
ttl=1200 "zpJgV1vrEp/xXNL+QgrMsBQZ4b4teTyu+7GveMS/VpCGC/f4UAUgBVqsp4vsdoOlTW/abanUeQZLcGV6mktRig=="
ttl=1200 "google-site-verification=YogqtnoKF39HPLDsBmWJ1MEDE61FlW9mxcv8pj0YnHs"
ttl=1200 "ze1L10p2gcp6KoLtxwGnih+R2kfMG3Smv3bwcfM6BulVVDjAioGFvK3vkysMnK8KnZjvgJH2A+WSKxUKt1CJ6A=="
ttl=1200 "google-site-verification=0DwgSA7jKo3L7Ru9mgADzMSZa4pdI9cgd23Oi7emlcU"
ttl=1200 "paloaltonetworks-site-verification=8f979c57c9ebc77575be2e89be3e2a1cc3989edbcce659383f8c688829d2f44e"
ttl=1200 "mongodb-site-verification=ONmGF6vmmU4qYSw35mezpfTakF8BCHSo"
ttl=1200 "fastly-domain-delegation-fddelt730748-1-10-24"
ttl=1200 "apple-domain-verification=o7mwptigWukHdTVy"
ttl=1200 "63326dd7-38b0-45ab-90b8-beb6da41f93a"
ttl=1200 "1F107218FE7299A2F12DBB324F204A5188736E1592ED69FBFFE64DA964133943"
ttl=1200 "anthropic-domain-verification-85ekq9=MCsiF8FQJ9sN5vK5QI0yl44CK"
ttl=1200 "adobe-idp-site-verification=6d8b0174-f0c1-4c05-b1fb-4babe44dfc80"
ttl=1200 "cb50fc6b462746eb75eeb9349664de7c2948ae9f"cert valid for 112 days
Why it matters: A valid current TLS certificate is the baseline for data in transit. Expiry, weak chain, or hostname mismatch break HTTPS and fail PCI 4.2.1 / SOC 2 CC6.1.
subject cn: dell.com
issuer: DigiCert Global G2 TLS RSA SHA256 2020 CA1 / DigiCert Inc
valid: Aug 12 00:00:00 2025 GMT → Sep 12 23:59:59 2026 GMT
authorized: yes
sha256: 0B:99:C4:29:D9:5F:B5:BB:59:D4:BF:31:D9:19:E4:D9:D6:04:BE:11:BE:5F:5B:08:22:61:65:05:F9:4A:E3:0F fetched 2026-05-23T09:27:02.741Z
no CORS headers — cross-origin requests blocked by default
Why it matters: Overly permissive CORS (wildcard with credentials, or reflected origin) lets any origin read authenticated responses from this domain. OWASP A05 misconfiguration territory (NIST AC-4).
origin https://drwho.me method GET preflight status 301 access-control-* headers
access-control-allow-origin —
access-control-allow-methods —
access-control-allow-headers —
access-control-allow-credentials —
access-control-max-age —
access-control-expose-headers — no access-control-* headers returned — site does not advertise CORS to this origin
fetched 2026-05-23T09:27:02.777Z
check failed: crt.sh: Error: crt.sh http 429; certspotter: Error: certspotter http 429
Why it matters: Every certificate issued for this domain is published in Certificate Transparency logs — including subdomains you may have forgotten. Unknown subdomains in CT are pre-disclosed attack surface (ISO 27001 A.8.16).
crt.sh: Error: crt.sh http 429; certspotter: Error: certspotter http 429
HTTPS served correctly
Why it matters: Bare HTTP requests must redirect to HTTPS without dropping the user mid-chain. Plain-text fallback or open redirects fail PCI 4.2.1 and feed phishing chains (SOC 2 CC6.6).
final status: 200 · 3 hops
[301] https://dell.com/[302] https://www.dell.com/[200] https://www.dell.com/en-usfetched 2026-05-23T09:27:03.012Z
no DKIM selectors found — likely not configured
Why it matters: DKIM signs outbound mail so receivers can detect tampering. Missing selectors or rotated-away keys break DMARC alignment and let receivers downgrade trust (ISO 27001 A.8.24).
Recommendations
Enable DKIM signing in your mail provider and publish the provided TXT record Common selectors: google._domainkey, selector1._domainkey (Microsoft), mail._domainkey no DKIM record on probed selectors (default, google, k1, selector1, selector2, mxvault)
server-timing
dtSInfo;desc="0", dtRpid;desc="-673002819", CEM;desc="", rtt;desc="RTT = Excellent", rtt-value;desc="RTT Duration";dur=2,GRN;desc="Request Number=0.e5c83017.1779528423.d21660ce"
set-cookie bm_sz=B034BC82C5B88A7BDE844275492177AC~YAAQ5cgwF9eHFDeeAQAADdcoVB82qwttermohnMWr59/OWzZ3iODPACtWeN6fRnOLuV+xnDLhuNQw04NCuDnBaRfiG8yhrUcTTQw5G21I/EYVhJrHD9icm0ismEBcig9JgtHz3FW3SpmA0cJaUzgdPhUJxn/NOagEw/yoJlggGQN36pw91rgJssHtzFbB6Q5CLDZV+MIhpoj6gx2JYgr/J95XrZ6wqA6ujuezyHXPLrFsgWZSPRq7tE9COzBrPRpt1/qNvFs9+4DYUGh48xnaknSrJKBf1N4bb5U7vxiRZpk84We7U5hESXoMF9SZ1ym/Sp1qyPyufbIbTEF2H+fkszzkiimXwiElzmW~3753526~3488067; Domain=.dell.com; Path=/; Expires=Sat, 23 May 2026 13:27:03 GMT; Max-Age=14400; SameSite=None; Secure
traceresponse 00-c3f6df8281e4ede2bf68038641331ab7-0925c822047b9750-01
x-akamai-erpolicy Responsive_redirects
x-akamai-transformed 0 - 0 -
x-dt-tracestate 2bb1908f-93bd442c@dt
x-html-minification-powered-by WebMarkupMin
x-upstream https://homepage-PROD
x-vcap-request-id 8a6a9f89-1287-45ad-6d19-9a9232674829 domain registered until 2026-11-21
Why it matters: Registrar and expiry tell auditors the domain is owned, current, and not about to lapse. An expired or about-to-expire domain fails business-continuity evidence (SOC 2 A1.2).
registrar SafeNames Ltd.
created 1988-11-22T05:00:00Z
expires 2026-11-21T05:00:00Z
statuses clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited, clientTransferProhibited https://icann.org/epp#clientTransferProhibited, clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited, serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited, serverTransferProhibited https://icann.org/epp#serverTransferProhibited fetched 2026-05-23T09:27:03.215Z
B
Mostly compliant · 4 items need attention
Aggregate grade across 15 checks. Auditors typically flag any High-severity finding.
Pass 11
Warn 4
Fail 0 What an auditor would flag first medium SPF
~all softfail — receivers may still accept
SOC 2 CC6.7 ISO 27001 A.13.2.1
low DKIM
no DKIM selectors found — likely not configured
SOC 2 CC6.7
low Security headers
4 security header(s) missing
SOC 2 CC6.6 ISO 27001 A.14.1.2
Need this as an artifact your auditor can verify?
Your dell.com scan flagged 1 medium and 3 low findings. A signed pack covers the apex plus up to 100 CT-discovered subdomains, Ed25519-signed and ISO-timestamped, delivered in 10–30 minutes.
15-check summary DNS records A/AAAA records present MX 2 MX record(s) present SPF ~all softfail — receivers may still accept DMARC p=reject — strict policy DKIM no DKIM selectors found — likely not configured TLS certificate cert valid for 112 days Redirect chain HTTPS served correctly Security headers 4 security header(s) missing CORS no CORS headers — cross-origin requests blocked by default Web surface HTTPS surface reachable (robots ✓, sitemap ✗, title ✓) MTA-STS not applicable: no _mta-sts TXT record TLS-RPT not applicable: no TLSRPT record DNSSEC DNSSEC not configured — no DS or DNSKEY records found WHOIS domain registered until 2026-11-21 Certificate Transparency check failed: crt.sh: Error: crt.sh http 429; certspotter: Error: certspotter http 429 HTTPS surface reachable (robots ✓, sitemap ✗, title ✓)
Why it matters: Public files — robots.txt, sitemap.xml, head meta — are what attackers see first during reconnaissance. Misadvertised paths, stale sitemaps, and verbose generators leak more than intended (ISO 27001 A.8.9).
robots.txt
present User-agent: *
#Temporary launch entries
Disallow: /csbapi/unified-communication/*
Disallow: *.less$
Disallow: /en-ca/shop/sfc/sf/alienware-desktops
Disallow: /en-ca/shop/sfc/sf/alienware-desktops
Disallow: /di/idp/dwa/
Disallow: /dci/idp/dwa/
Disallow: /en-in/shop/pdr/
Disallow: /buyer/
Disallow: /en-au/outlet/*?
Disallow: /pt-br/outlet/*?
Disallow: /zh-cn/outlet/*?
Disallow: /post
Disallow: */api/
Disallow: *intake
Disallow: *cacheKey
#Shop
Allow: /*/ar/4009?appliedRefinements=2828
Allow: /en-ph/*/sc/
Allow: /en-vn/*/sc/
Disallow: /*/cart/*
Disallow: /*/buy/*
Disallow: /*/ar/*?appliedRefinements=*,*
Disallow: /*/ar/*?appliedrefinements=*,*
Disallow: */gaming/performance/
Disallow: /*.php
Disallow: */reviewselections/
Disallow: */pdr/
Disallow: */iserviceselection/
Disallow: */serviceselection/
Disallow: */cty/pdp/ispd/
Disallow: /quote/
Disallow: /csbapi/
Disallow: *boomerang
Disallow: */apd/*/quickview$
Disallow: *bvstate=
Disallow: *pr_rd_page=*
#Support
Disallow: /support/kbdoc/*/000287599
Disallow: /support/incidents-online/*/contactus/product/
Disallow: /support/ips/
Disallow: /support/*/ru/ru/
Disallow: /support/order-status/*/packingslip*
Disallow: /support/search/
Disallow: /support/Search/
Disallow: /support/home/cassette.axd/*
Disallow: /support/home/*/*/*/Diagnostics/*
Disallow: /support/home/*/*/*/Drivers/DownloadList/*
Disallow: /support/home/*/*/*/Drivers/DriversList/*
Disallow: /support/home/*/*/*/Drivers/EmailSubscription/*
Disallow: /support/home/*/*/*/Drivers/OneClick/*
Disallow: /support/manuals/*/*/*/flyout/
Disallow: /support/csbapi/
Disallow: /support/clientconnection/
Disallow: /support/*/tab_mob/
Disallow: /support/coveo-dell/*
Disallow: /support/components/*
Disallow: /support/article{lwp}/*
Allow: */home/*/product-support/servicetag/*/configuration*
Disallow: /support/*/servicetag/*
Disallow: /support/*/ServiceTag/*
Disallow: /support/Diagnostics/*
Disallow: /support/diagnostics/*
Disallow: /support/*/chat/*
Disallow: /support/sitealerts/*-*/
Disallow: /support/order-status/*/order-collection
Disallow: */support/*/ru-ua
Disallow: */support/*/en-ua
Disallow: */support/*/ua/ru/
Disallow: */support/*/ua/uk/
Disallow: */support/*/ua/en/
Disallow: /support/*/ips/
Disallow: /support/productsmfe/
Disallow: /support/kbdoc/*/article/lkbprint
Disallow: /support/driver/*/api/drvdetails/swbsuccessors
#Sitelite
Allow: /cs-cz/lp$
Allow: /cs-cz/lp/contact-us
Allow: /cs-cz/lp/homepage$
Allow: /el-gr/lp$
Allow: /el-gr/lp/contact-us
Allow: /el-gr/lp/homepage$
Allow: /en-ae/lp$
Allow: /en-ae/lp/contact-us
Allow: /en-ae/lp/homepage$
Allow: /en-af/lp$
Allow: /en-af/lp/contact-us
Allow: /en-af/lp/homepage$
Allow: /en-ag/lp$
Allow: /en-ag/lp/contact-us
Allow: /en-ag/lp/homepage$
Allow: /en-ai/lp$
Allow: /en-ai/lp/contact-us
Allow: /en-ai/lp/homepage$
Allow: /en-al/lp$
Allow: /en-al/lp/contact-us
Allow: /en-al/lp/homepage$
Allow: /en-ao/lp$
Allow: /en-ao/lp/contact-us
Allow: /en-ao/lp/homepage$
Allow: /en-aw/lp$
Allow: /en-aw/lp/contact-us
Allow: /en-aw/lp/homepage$
Allow: /en-ba/lp$
Allow: /en-ba/lp/contact-us
Allow: /en-ba/lp/homepage$
Allow: /en-bb/lp$
Allow: /en-bb/lp/contact-us
Allow: /en-bb/lp/homepage$
Allow: /en-bd/lp$
Allow: /en-bd/lp/contact-us
Allow: /en-bd/lp/homepage$
Allow: /en-bh/lp$
Allow: /en-bh/lp/contact-us
Allow: /en-bh/lp/homepage$
Allow: /en-bm/lp$
Allow: /en-bm/lp/contact-us
Allow: /en-bm/lp/homepage$
Allow: /en-bn/lp$
Allow: /en-bn/lp/contact-us
Allow: /en-bn/lp/homepage$
Allow: /en-bs/lp$
Allow: /en-bs/lp/contact-us
Allow: /en-bs/lp/homepage$
Allow: /en-bt/lp$
Allow: /en-bt/lp/contact-us
Allow: /en-bt/lp/homepage$
Allow: /en-bw/lp$
Allow: /en-bw/lp/contact-us
Allow: /en-bw/lp/homepage$
Allow: /en-bz/lp$
Allow: /en-bz/lp/contact-us
Allow: /en-bz/lp/homepage$
Allow: /en-cv/lp$
Allow: /en-cv/lp/contact-us
Allow: /en-cv/lp/homepage$
Allow: /en-cy/lp$
Allow: /en-cy/lp/contact-us
Allow: /en-cy/lp/homepage$
Allow: /en-dm/lp$
Allow: /en-dm/lp/contact-us
Allow: /en-dm/lp/homepage$
Allow: /en-ee/lp$
Allow: /en-ee/lp/contact-us
Allow: /en-ee/lp/homepage$
Allow: /en-eg/lp$
Allow: /en-eg/lp/cont head
title Computers, Monitors & Technology Solutions | Dell USA description Dell provides technology solutions, services & support. Buy Laptops, Touch Screen PCs, Desktops, Servers, Storage, Monitors, Gaming & Accessories social
og:url https://www.dell.com/en-us
og:title Computers, Monitors & Technology Solutions | Dell USA
og:description Dell provides technology solutions, services & support. Buy Laptops, Touch Screen PCs, Desktops, Servers, Storage, Monitors, Gaming & Accessories
og:type Homepage
og:image https://i.dell.com/is/image/DellContent/content/dam/images/logos/dell-technologies/stacked/digital/delltech-logo-stk-blue-rgb.png?wid=1346&hei=710&fit=fit
og:site_name Dell
twitter:url https://www.dell.com/en-us
twitter:title Computers, Monitors & Technology Solutions | Dell USA
twitter:description Dell provides technology solutions, services & support. Buy Laptops, Touch Screen PCs, Desktops, Servers, Storage, Monitors, Gaming & Accessories
twitter:card summary_large_image
twitter:image https://i.dell.com/is/image/DellContent/content/dam/images/logos/dell-technologies/stacked/digital/delltech-logo-stk-blue-rgb.png?wid=1346&hei=710&fit=fit
twitter:site @Dell fetched 2026-05-23T09:27:03.588Z