Check DNS, Urls + Redirects, Certificates and Content of your Website




L

Loop - it's impossible to use this site

Checked:
02.04.2024 12:58:11


Older results


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
intranet.exantportals.com


yes
2
2
www.intranet.exantportals.com

Name Error
yes
2
1
intranet.exantportals.com
A
77.65.127.155
Warsaw/Mazovia/Poland (PL) - INEA sp. z o.o.
No Hostname found
no



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 5613, Flags 256



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 30903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.04.2024, 00:00:00 +, Signature-Inception: 01.04.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com
1 DS RR in the parent zone found



DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=



1 RRSIG RR to validate DS RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 15.04.2024, 05:00:00 +, Signature-Inception: 02.04.2024, 04:00:00 +, KeyTag 5613, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5613 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 4534, Flags 256



Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 12.04.2024, 14:02:35 +, Signature-Inception: 28.03.2024, 13:57:35 +, KeyTag 19718, Signer-Name: com



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: exantportals.com
exantportals.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "uls5apdb6f3sh4etqhfqnph8cp40ipom" between the hashed NSEC3-owner "uls59dlfdmeenjc20vngrjfud3iq7o7p" and the hashed NextOwner "uls5bp8poolmt15qbb2gf5fqbqctinpa". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner uls59dlfdmeenjc20vngrjfud3iq7o7p.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.04.2024, 10:37:44 +, Signature-Inception: 02.04.2024, 09:27:44 +, KeyTag 4534, Signer-Name: com



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q2d6ni4i7eqh8na30ns61o48ul8g5". So that domain name is the Closest Encloser of "exantportals.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 06.04.2024, 04:24:49 +, Signature-Inception: 30.03.2024, 03:14:49 +, KeyTag 4534, Signer-Name: com



1 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 28565, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner exantportals.com., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.04.2024, 00:00:00 +, Signature-Inception: 21.03.2024, 00:00:00 +, KeyTag 28565, Signer-Name: exantportals.com



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 28565 used to validate the DNSKEY RRSet



Error: DNSKEY 28565 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.

Zone: intranet.exantportals.com
intranet.exantportals.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "2j1lh46b5t7u3jihp9j19op4ammg8ebn" between the hashed NSEC3-owner "2j1lh46b5t7u3jihp9j19op4ammg8ebn" and the hashed NextOwner "51atfgvc7baq15lq79ul0kiu1cl2akac". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner 2j1lh46b5t7u3jihp9j19op4ammg8ebn.exantportals.com., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.04.2024, 00:00:00 +, Signature-Inception: 21.03.2024, 00:00:00 +, KeyTag 28565, Signer-Name: exantportals.com

Zone: www.intranet.exantportals.com
www.intranet.exantportals.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "tdmdd4a31h5ouphe222r9q7776em1g7n" between the hashed NSEC3-owner "rsuoi0u060mh9bkrqs6h43vu1epuuq6c" and the hashed NextOwner "vhlnbdo4bvqm2dgiv7j0qtarq3ltn1nd". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner rsuoi0u060mh9bkrqs6h43vu1epuuq6c.exantportals.com., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.04.2024, 00:00:00 +, Signature-Inception: 21.03.2024, 00:00:00 +, KeyTag 28565, Signer-Name: exantportals.com



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "2j1lh46b5t7u3jihp9j19op4ammg8ebn" as Owner. That's the Hash of "intranet.exantportals.com" with the NextHashedOwnerName "51atfgvc7baq15lq79ul0kiu1cl2akac". So that domain name is the Closest Encloser of "www.intranet.exantportals.com". Opt-Out: False.
Bitmap: A, RRSIG Validated: RRSIG-Owner 2j1lh46b5t7u3jihp9j19op4ammg8ebn.exantportals.com., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.04.2024, 00:00:00 +, Signature-Inception: 21.03.2024, 00:00:00 +, KeyTag 28565, Signer-Name: exantportals.com



The ClosestEncloser says, that "*.intranet.exantportals.com" with the Hash "hvgshslcnsefhruprcsirkglnf2i71e1" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "g2fop6p98pflnb6mh4i2c13qdu4qchc8" and the Next Owner "p9jqqgeobrtbs511opr7due4lm2s7knn", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: A, RRSIG Validated: RRSIG-Owner g2fop6p98pflnb6mh4i2c13qdu4qchc8.exantportals.com., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.04.2024, 00:00:00 +, Signature-Inception: 21.03.2024, 00:00:00 +, KeyTag 28565, Signer-Name: exantportals.com


3. Name Servers

DomainNameserverNS-IP
www.intranet.exantportals.com
  ns1.aftermarket.pl

exantportals.com
X  ns1.aftermarket.pl / amac-sg1


  ns2.aftermarket.pl

com
  a.gtld-servers.net / nnn1-defra-5


  b.gtld-servers.net / nnn1-eltxl1


  c.gtld-servers.net / nnn1-defra-5


  d.gtld-servers.net / nnn1-defra-5


  e.gtld-servers.net / nnn1-defra-5


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-ein1


  k.gtld-servers.net / nnn1-ein1


  l.gtld-servers.net / nnn1-ein2


  m.gtld-servers.net / nnn1-ein1


4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1712055478
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:13


Domain:exantportals.com
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:exantportals.com
Zone-Name:exantportals.com
Primary:ns1.aftermarket.pl
Mail:kontakt.aftermarket.pl
Serial:2404021122
Refresh:3600
Retry:15
Expire:86400
TTL:3600
num Entries:1


Domain:www.intranet.exantportals.com
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


5. Screenshots

No Screenshot listed, because no screenshot found. Perhaps the check is too old, the feature startet 2019-12-23.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://intranet.exantportals.com/
77.65.127.155
303
https://intranet.exantportals.com/
Html is minified: 102.75 %
0.516
A
Location: https://intranet.exantportals.com/
Server:
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Security-Policy-Report-Only: default-src 'self'
Date: Tue, 02 Apr 2024 11:00:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 187

• https://intranet.exantportals.com/
77.65.127.155
302
https://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
Html is minified: 219.84 %
8.227
N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Cache-Control: private
Location: /183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
Server:
Set-Cookie: ASP.NET_SessionId=gw4rxi1psmipssp314h5fekt; path=/; secure; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Security-Policy-Report-Only: default-src 'self'
Date: Tue, 02 Apr 2024 11:00:14 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 5929

• https://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f

302
https://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
Html is minified: 103.68 %
2.720
L
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Cache-Control: no-cache
Pragma: no-cache
Location: /183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
Server:
Set-Cookie: __LOGINCOOKIE__=76FA71AD3395943207B11CDFCB13996EC6173C181156B19A36CDE37A1B0E029A9AB7F80CAF6F26480CF190288F9B78DF68B8B61646BFE678503D7DAF0537F3977E8ABAF399A84E6D1735B65516C2C97715B0D4E255A56B10F8EE5A778C42CCD8D8F0BFF149560976A83C7E0CD97E90D1F4B2634412C799A809D3D1FE90C3A937940C7AAB8611D30024F38D92C9B2FAA3BF856524388CA45A50ECD8F16CBEAF909CF3F63F; path=/; secure; HttpOnly
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Security-Policy-Report-Only: default-src 'self'
Date: Tue, 02 Apr 2024 11:00:21 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Expires: -1
Content-Length: 169

• http://intranet.exantportals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
77.65.127.155
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
303
https://intranet.exantportals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 101.99 %
0.083
A
Visible Content:
Location: https://intranet.exantportals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Server:
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Security-Policy-Report-Only: default-src 'self'
Date: Tue, 02 Apr 2024 11:00:17 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 256

• https://intranet.exantportals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/4
404

Html is minified: 212.07 %
2.426
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Visible Content:
Server:
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Security-Policy-Report-Only: default-src 'self'
Date: Tue, 02 Apr 2024 11:00:24 GMT
Connection: close
Content-Type: text/html
Content-Length: 1230

• https://77.65.127.155/
77.65.127.155
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 103.96 %
2.490
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 02 Apr 2024 11:00:17 GMT
Connection: close
Content-Type: text/html; charset=us-ascii
Content-Length: 315

7. Comments


1. General Results, most used to calculate the result

Aname "intranet.exantportals.com" is subdomain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 93017 (complete: 240622)
AGood: All ip addresses are public addresses
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Ahttps://intranet.exantportals.com/ 77.65.127.155
302
https://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
Correct redirect https to https
AGood: No cookie sent via http.
AGood: every cookie sent via https is marked as secure
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):1 complete Content-Type - header (2 urls)
https://intranet.exantportals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Url with incomplete Content-Type - header - missing charset
Ahttp://intranet.exantportals.com/ 77.65.127.155
303
https://intranet.exantportals.com/
Correct redirect http - https with the same domain name
Bhttps://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
302

Missing HSTS-Header
Bhttps://intranet.exantportals.com/ 77.65.127.155
302

Missing HSTS-Header
Bhttps://intranet.exantportals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Missing HSTS-Header
Bhttps://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
302
__LOGINCOOKIE__=76FA71AD3395943207B11CDFCB13996EC6173C181156B19A36CDE37A1B0E029A9AB7F80CAF6F26480CF190288F9B78DF68B8B61646BFE678503D7DAF0537F3977E8ABAF399A84E6D1735B65516C2C97715B0D4E255A56B10F8EE5A778C42CCD8D8F0BFF149560976A83C7E0CD97E90D1F4B2634412C799A809D3D1FE90C3A937940C7AAB8611D30024F38D92C9B2FAA3BF856524388CA45A50ECD8F16CBEAF909CF3F63F; path=/; secure; HttpOnly
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
CError - no version with Http-Status 200
HFatal error: No https - result with http-status 200, no encryption
Lhttps://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
302
https://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
Error direct loop
Mhttps://77.65.127.155/ 77.65.127.155
404

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
302
https://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://intranet.exantportals.com/ 77.65.127.155
302
https://intranet.exantportals.com/183-logowanie/lang/pl-PL/default.aspx?ReturnUrl=%2f
Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://intranet.exantportals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://77.65.127.155/ 77.65.127.155
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
XFatal error: Nameserver doesn't support TCP connection: ns1.aftermarket.pl: Fatal error (-14). Details: Unable to read data from the transport connection: Ein Verbindungsversuch ist fehlgeschlagen, da die Gegenstelle nach einer bestimmten Zeitspanne nicht richtig reagiert hat, oder die hergestellte Verbindung war fehlerhaft, da der verbundene Host nicht reagiert hat.. - Ein Verbindungsversuch ist fehlgeschlagen, da die Gegenstelle nach einer bestimmten Zeitspanne nicht richtig reagiert hat, oder die hergestellte Verbindung war fehlerhaft, da der verbundene Host nicht reagiert hat
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.intranet.exantportals.com

2. Header-Checks

U

No https result with http status 2** or 4** (standard-check) found, no header checked.

3. DNS- and NameServer - Checks

A
A
AInfo:: 2 different Name Servers found: ns1.aftermarket.pl, ns2.aftermarket.pl, 2 Name Servers included in Delegation: ns1.aftermarket.pl, ns2.aftermarket.pl, 0 Name Servers included in 1 Zone definitions: , 1 Name Servers listed in SOA.Primary: ns1.aftermarket.pl.
AGood: Only one SOA.Primary Name Server found.: ns1.aftermarket.pl.
AGood: SOA.Primary Name Server included in the delegation set.: ns1.aftermarket.pl.
AGood: All Name Server Domain Names have a Public Suffix.
A
AGood: Nameserver supports Echo Capitalization: 1 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 1 good Nameserver
Nameserver doesn't pass all EDNS-Checks: ns1.aftermarket.pl: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: ns1.aftermarket.pl: OP100: fatal timeout. FLAGS: fatal timeout. V1: ok. V1OP100: ok. V1FLAGS: fatal timeout. DNSSEC: ok. V1DNSSEC: fatal timeout. NSID: ok (amac-sg1). COOKIE: ok. CLIENTSUBNET: fatal timeout.
Nameserver doesn't pass all EDNS-Checks: ns2.aftermarket.pl: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://intranet.exantportals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
2.426 seconds
Warning: 404 needs more then one second
https://77.65.127.155/ 77.65.127.155
404
2.490 seconds
Warning: 404 needs more then one second
AInfo: Different Server-Headers found
ADuration: 141010 milliseconds, 141.010 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
intranet.exantportals.com
intranet.exantportals.com
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
intranet.exantportals.com
intranet.exantportals.com
443
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Self signed certificate
1CN=FRONTSERVER.exant.local


intranet.exantportals.com
77.65.127.155
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

intranet.exantportals.com
77.65.127.155
443
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Self signed certificate
1CN=FRONTSERVER.exant.local


77.65.127.155
77.65.127.155
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

77.65.127.155
77.65.127.155
443
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Self signed certificate
1CN=FRONTSERVER.exant.local


9. Certificates

1.
1.
CN=FRONTSERVER.exant.local
02.04.2024
02.04.2025
expires in 311 days

1.
1.
CN=FRONTSERVER.exant.local
02.04.2024

02.04.2025
expires in 311 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:6D8B3F24D65D078549BD368C91256F96
Thumbprint:4C8FAC47BF117475BE853F504E6D9108AA54F1C8
SHA256 / Certificate:uzR1UqSKM+wCncYn4koMAizxirHcf6y2n0oYnhjANww=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):f742a606e271473f9382283acb70a9d00c5ae2f44859df07abfbe96a256e0bf7
SHA256 hex / Subject Public Key Information (SPKI):f742a606e271473f9382283acb70a9d00c5ae2f44859df07abfbe96a256e0bf7 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

2.
1.
CN=FRONTSERVER.exant.local
04.05.2022
04.05.2023
388 days expired

2.
1.
CN=FRONTSERVER.exant.local
04.05.2022

04.05.2023
388 days expired


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:136A492F1890878345F3D413749408DD
Thumbprint:C7701A7BC51B6999DABE49592A5D315C9A9EA499
SHA256 / Certificate:ooiRbsLMsfteyS36ldFTv+3dJnyW7arcJKKWRIN1S7E=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):cf1aa824d5aeea1ad53573da031eeb0797ef41ae9224ef17ec9f6057e87d3b3f
SHA256 hex / Subject Public Key Information (SPKI):cf1aa824d5aeea1ad53573da031eeb0797ef41ae9224ef17ec9f6057e87d3b3f (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=R3, O=Let's Encrypt, C=US
0 /0 new
0
2

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
11625126059
leaf cert
CN=R3, O=Let's Encrypt, C=US
2024-01-01 15:04:48
2024-03-31 14:04:47
intranet.exantportals.com
1 entries


10685940781
leaf cert
CN=R3, O=Let's Encrypt, C=US
2023-10-09 03:11:46
2024-01-07 04:11:45
intranet.exantportals.com
1 entries



11. Html-Content - Entries

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://77.65.127.155/
77.65.127.155
meta
other
1

0


0
0
0

Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://77.65.127.155/
77.65.127.155
meta
Content-Type
text/html; charset=us-ascii


1
ok








12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:


No NameServer - IP address - Informations found


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
exantportals.com
0

no CAA entry found
2
1
com
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
exantportals.com

ok
1
0
_acme-challenge.intranet.exantportals.com.exantportals.com


2
2


15. DomainService - Entries

No DomainServiceEntries entries found



16. Cipher Suites

No results


17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.



Permalink: https://check-your-website.server-daten.de/?i=698ee636-5349-4044-adc7-ff6d3eca533b


Last Result: https://check-your-website.server-daten.de/?q=intranet.exantportals.com - 2024-04-02 12:58:11


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=intranet.exantportals.com" target="_blank">Check this Site: intranet.exantportals.com</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro