ajio.com

RSA keys shorter than 2048 bits are considered weak. Current key is approximately 1296 bits.

The MX hostname has no A or AAAA records.

Certificate subject 'gwsmtp012.ril.com' does not match hostname 'mx01.ajio.com'. SANs: mx02.relbio.com, mx01.relbio.com, relay03.ril.com, mx06.rfhospital.org, relay01.ril.com, mail06.visionexpress.in, mx01.recron.com, gwsmtp011.ril.com, mx03.resq.in, mx05.rfhospital.org, mx02.resq.in, mx04.reliancefoundation.org, mx05.resq.in, mx01.rfhospital.org, mx03.relbio.com, mx06.relbio.com, mx01.jiobp.com, mx04.recron.com, mx01.reliancefoundation.org, relay04.ril.com, mta3.gcptcl.in, mx02.qwik.co.in, mx03.rfhospital.org, relay06.ril.com, mta4.gcptcl.in, mx04.jiobp.com, mx06.recron.com, mail01.visionexpress.in, mail04.visionexpress.in, mx03.reliancefoundation.org, mx03.jiobp.com, mx03.recron.com, mx05.recron.com, gwhydsmtp013.ril.com, mx06.qwik.co.in, mx03.qwik.co.in, gwjgsmtp014.ril.com, mx05.reliancefoundation.org, relay02.ril.com, mx05.relbio.com, mx04.qwik.co.in, mx02.jiobp.com, mta5.gcptcl.in, gwsmtp012.ril.com, www.gwsmtp012.ril.com, gwsmtp015.ril.com, mx01.qwik.co.in, mail03.visionexpress.in, mx04.resq.in, mx06.resq.in, mx04.rfhospital.org

Certificate subject 'gwsmtp012.ril.com' does not match hostname 'mx03.ajio.com'. SANs: mx02.relbio.com, mx01.relbio.com, relay03.ril.com, mx06.rfhospital.org, relay01.ril.com, mail06.visionexpress.in, mx01.recron.com, gwsmtp011.ril.com, mx03.resq.in, mx05.rfhospital.org, mx02.resq.in, mx04.reliancefoundation.org, mx05.resq.in, mx01.rfhospital.org, mx03.relbio.com, mx06.relbio.com, mx01.jiobp.com, mx04.recron.com, mx01.reliancefoundation.org, relay04.ril.com, mta3.gcptcl.in, mx02.qwik.co.in, mx03.rfhospital.org, relay06.ril.com, mta4.gcptcl.in, mx04.jiobp.com, mx06.recron.com, mail01.visionexpress.in, mail04.visionexpress.in, mx03.reliancefoundation.org, mx03.jiobp.com, mx03.recron.com, mx05.recron.com, gwhydsmtp013.ril.com, mx06.qwik.co.in, mx03.qwik.co.in, gwjgsmtp014.ril.com, mx05.reliancefoundation.org, relay02.ril.com, mx05.relbio.com, mx04.qwik.co.in, mx02.jiobp.com, mta5.gcptcl.in, gwsmtp012.ril.com, www.gwsmtp012.ril.com, gwsmtp015.ril.com, mx01.qwik.co.in, mail03.visionexpress.in, mx04.resq.in, mx06.resq.in, mx04.rfhospital.org

Certificate subject 'gwsmtp012.ril.com' does not match hostname 'mx04.ajio.com'. SANs: mx02.relbio.com, mx01.relbio.com, relay03.ril.com, mx06.rfhospital.org, relay01.ril.com, mail06.visionexpress.in, mx01.recron.com, gwsmtp011.ril.com, mx03.resq.in, mx05.rfhospital.org, mx02.resq.in, mx04.reliancefoundation.org, mx05.resq.in, mx01.rfhospital.org, mx03.relbio.com, mx06.relbio.com, mx01.jiobp.com, mx04.recron.com, mx01.reliancefoundation.org, relay04.ril.com, mta3.gcptcl.in, mx02.qwik.co.in, mx03.rfhospital.org, relay06.ril.com, mta4.gcptcl.in, mx04.jiobp.com, mx06.recron.com, mail01.visionexpress.in, mail04.visionexpress.in, mx03.reliancefoundation.org, mx03.jiobp.com, mx03.recron.com, mx05.recron.com, gwhydsmtp013.ril.com, mx06.qwik.co.in, mx03.qwik.co.in, gwjgsmtp014.ril.com, mx05.reliancefoundation.org, relay02.ril.com, mx05.relbio.com, mx04.qwik.co.in, mx02.jiobp.com, mta5.gcptcl.in, gwsmtp012.ril.com, www.gwsmtp012.ril.com, gwsmtp015.ril.com, mx01.qwik.co.in, mail03.visionexpress.in, mx04.resq.in, mx06.resq.in, mx04.rfhospital.org

Certificate subject 'gwsmtp012.ril.com' does not match hostname 'mx05.ajio.com'. SANs: mx02.relbio.com, mx01.relbio.com, relay03.ril.com, mx06.rfhospital.org, relay01.ril.com, mail06.visionexpress.in, mx01.recron.com, gwsmtp011.ril.com, mx03.resq.in, mx05.rfhospital.org, mx02.resq.in, mx04.reliancefoundation.org, mx05.resq.in, mx01.rfhospital.org, mx03.relbio.com, mx06.relbio.com, mx01.jiobp.com, mx04.recron.com, mx01.reliancefoundation.org, relay04.ril.com, mta3.gcptcl.in, mx02.qwik.co.in, mx03.rfhospital.org, relay06.ril.com, mta4.gcptcl.in, mx04.jiobp.com, mx06.recron.com, mail01.visionexpress.in, mail04.visionexpress.in, mx03.reliancefoundation.org, mx03.jiobp.com, mx03.recron.com, mx05.recron.com, gwhydsmtp013.ril.com, mx06.qwik.co.in, mx03.qwik.co.in, gwjgsmtp014.ril.com, mx05.reliancefoundation.org, relay02.ril.com, mx05.relbio.com, mx04.qwik.co.in, mx02.jiobp.com, mta5.gcptcl.in, gwsmtp012.ril.com, www.gwsmtp012.ril.com, gwsmtp015.ril.com, mx01.qwik.co.in, mail03.visionexpress.in, mx04.resq.in, mx06.resq.in, mx04.rfhospital.org

Certificate subject 'gwsmtp012.ril.com' does not match hostname 'mx06.ajio.com'. SANs: mx02.relbio.com, mx01.relbio.com, relay03.ril.com, mx06.rfhospital.org, relay01.ril.com, mail06.visionexpress.in, mx01.recron.com, gwsmtp011.ril.com, mx03.resq.in, mx05.rfhospital.org, mx02.resq.in, mx04.reliancefoundation.org, mx05.resq.in, mx01.rfhospital.org, mx03.relbio.com, mx06.relbio.com, mx01.jiobp.com, mx04.recron.com, mx01.reliancefoundation.org, relay04.ril.com, mta3.gcptcl.in, mx02.qwik.co.in, mx03.rfhospital.org, relay06.ril.com, mta4.gcptcl.in, mx04.jiobp.com, mx06.recron.com, mail01.visionexpress.in, mail04.visionexpress.in, mx03.reliancefoundation.org, mx03.jiobp.com, mx03.recron.com, mx05.recron.com, gwhydsmtp013.ril.com, mx06.qwik.co.in, mx03.qwik.co.in, gwjgsmtp014.ril.com, mx05.reliancefoundation.org, relay02.ril.com, mx05.relbio.com, mx04.qwik.co.in, mx02.jiobp.com, mta5.gcptcl.in, gwsmtp012.ril.com, www.gwsmtp012.ril.com, gwsmtp015.ril.com, mx01.qwik.co.in, mail03.visionexpress.in, mx04.resq.in, mx06.resq.in, mx04.rfhospital.org

Without MTA-STS, mail transport encryption cannot be enforced and is vulnerable to downgrade attacks.

STARTTLS alone is vulnerable to downgrade attacks. Neither MTA-STS nor DANE is configured to enforce encryption.

No CAA records are configured. Any certificate authority can issue certificates for this domain.

Without TLS-RPT, you will not receive reports about TLS negotiation failures.

No evidence of ARC (Authenticated Received Chain) support on MX servers. Forwarded messages may lose authentication.

The SPF record is properly configured with valid syntax and within lookup limits.

SPF record is within safe DNS packet size limits.

No RFC 8301 compliance issues detected in DKIM key configuration.

All DKIM keys use RSA-2048+ or Ed25519, consistent with current best practices.

External DMARC report destinations have valid authorization records per RFC 7489 §7.1.

DMARC subdomain policy enforces quarantine or reject on unauthenticated subdomain mail.

The DMARC record does not use any tags deprecated in DMARCbis (pct, rf, ri).

Domain has SPF, DKIM, and DMARC — meeting Google/Yahoo 2024 bulk sender requirements for email authentication.

No open relay, VRFY/EXPN, or banner disclosure issues detected.

The mail server accepts postmaster@ and abuse@ and uses a valid FQDN in EHLO.

IPv6 records are present and properly configured.

All nameservers are responsive, consistent, and properly secured.

All authoritative nameservers return consistent answers with proper AA flags.

All critical DNS record TTLs are within recommended ranges.

No DKIM key record with v=2 was found across common selectors. DKIM2 is an emerging standard and not yet widely deployed.

DKIM alignment is relaxed, SPF alignment is relaxed.

Failure reports generated when any authentication mechanism fails.

The DMARC record does not include the np (non-existent subdomain policy) tag. Consider adding np=reject to protect non-existent subdomains under DMARCbis.

The DMARC record does not include the psd (public suffix domain) indicator. Consider adding psd=n to explicitly identify this as an organizational domain.

The primary MX does not advertise REQUIRETLS (RFC 8689). This is an emerging standard — MTA-STS and DANE provide adequate TLS enforcement for most deployments.

DANE is not configured for any MX server. This is optional but provides strong certificate binding.

BIMI is not configured. Your brand logo will not display in supporting email clients.

Detected open mail-related ports: 25

DKIM signing is configured. RFC 8058 compliance depends on List-Unsubscribe and List-Unsubscribe-Post headers being included in outbound messages and DKIM signatures.

All MX IPs are in the same /16 network. Consider diversifying across networks for resilience.

Serial: 2022113054, Refresh: 10800s, Retry: 900s, Expire: 1209600s, Min TTL: 86400s

The MX record points to au-mail.em.sdlproducts.com which has no A record. This may indicate a decommissioned mail provider (Unknown). Attackers can potentially re-register this hostname to hijack inbound mail.

The domain uses NSEC records for DNSSEC authenticated denial of existence. NSEC records can be walked to enumerate all names in the zone, effectively disclosing the entire zone contents.

The domain is highly enumerable. Zone transfers, NSEC zone walking, or a combination of factors make it easy to discover all DNS records.

The subdomain www.ajio.com resolves to 2a02:26f0:9d00::1748:251a which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The subdomain www.ajio.com resolves to 2a02:26f0:9d00::1748:2560 which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The subdomain ftp.ajio.com resolves to 116.50.83.240 which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The subdomain ns1.ajio.com resolves to 49.45.43.42 which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The subdomain ns1.ajio.com resolves to 2405:200:800:0:49:45:43:42 which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The subdomain ns2.ajio.com resolves to 49.45.43.43 which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The subdomain ns2.ajio.com resolves to 2405:200:800:0:49:45:43:43 which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The subdomain api.ajio.com resolves to 49.40.59.11 which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The subdomain store.ajio.com resolves to 49.40.59.16 which is not responding on ports 80 or 443. This may indicate a decommissioned server.

The domain uses NSEC records for authenticated denial of existence. NSEC allows zone walking.

A TXT record contains a software identifier or version string: "103.20.18".

The DNS server responds to ANY queries with 1 record(s). The low record count limits amplification risk, but ANY responses still aid reconnaissance.

The domain has explicit MX records — no implicit A-record fallback delivery.

No non-routable IP addresses or internal references were found in public DNS records.

No Microsoft Autodiscover, Mozilla Autoconfig, or email SRV records were found.

Subdomains were enumerated via Certificate Transparency logs, DNS wordlist brute-forcing, and DNS record analysis.

Certificate Transparency logs contain 0 certificate(s) for ajio.com and its subdomains. Each certificate reveals subdomain names.

DNSKEY and/or DS records are present, indicating DNSSEC is configured.

The SMTP banner identifies as 'mx05.rgtil.com' but the MX hostname is 'mx05.ajio.com' and PTR resolves to 'mx05.reputare.co.in'. Microsoft and other receivers flag this mismatch as suspicious infrastructure.

The Strict-Transport-Security header is not set on https://ajio.com.

Domain and MX IPs checked against 55 DNSBLs — no listings found.

Found security.txt at https://ajio.com/.well-known/security.txt.

Certificate for ajio.com expires on 2026-10-24.

The certificate for ajio.com is issued by a third-party CA.

The certificate for ajio.com uses an acceptable signature algorithm.

The certificate for ajio.com uses an adequate RSA key of 2048 bits.

The certificate for ajio.com contains Signed Certificate Timestamps.

No known weak cipher suites detected on ajio.com.

Domain ajio.com expires on 2035-06-20.

Domain ajio.com has clientTransferProhibited and clientDeleteProhibited locks.

MX records for ajio.com do not match known disposable email provider patterns.

Domain ajio.com was registered 2008-06-20.

No wildcard MX records detected for ajio.com.

The .com TLD is not on known abuse watchlists.

DMARC rua/ruf addresses do not point to known URL shortener services.

No MX records point to known dynamic DNS service domains.

Primary MX (mx03.ajio.com) uses TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 including Forward Secrecy.

DNS-based Safe Browsing lookup returned no results. Full verification requires the Google Safe Browsing API key.

Abuse contact information retrieved via abusix.org DNS lookup.

PhishTank phishing database check requires an API key.

Sender Score reputation check requires an API key.

Cisco Talos IP reputation check requires an API key.

HTTPS request to https://webmail.ajio.com failed or timed out.

Registrar: GoDaddy.com, LLC | Created: 2008-06-20 | Expires: 2035-06-20 | Updated: 2026-05-12

Domain ajio.com has WHOIS privacy/redaction enabled.

Checking IPs against known bulletproof hosting providers requires a threat intelligence API key.

Checking domain against threat intelligence feeds requires API keys (e.g., VirusTotal, AbuseIPDB).

26 registered lookalike domain(s) that could be used for phishing against your brand. Showing top 5 of 26. Domains with MX records can send and receive email, making them high-risk phishing vectors.