Check DNS, Urls + Redirects, Certificates and Content of your Website


 

 

N

 

No trusted Certificate

 

Checked:
08.07.2021 08:59:07

 

Older results

No older results found

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
2602:806:a003:40e::3000:2621
AAAA
2602:806:a003:40e::3000:2621
Naperville/Illinois/United States (US) - Peter Jin Technologies LLC

yes


 

2. DNSSEC

 

No DNSSEC - Informations found

 

3. Name Servers

 

No Nameserver entries found

 

4. SOA-Entries

 

No SOA entries found

5. Screenshots

No Screenshot listed, because no screenshot found. Perhaps the check is too old, the feature startet 2019-12-23.

 

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://[2602:0806:a003:040e:0000:0000:3000:2621]/
2602:806:a003:40e::3000:2621 No Compression used - 2041 / 5209 - 39.18 % possible
200

Html is minified: 197.61 %
0.330
H
strict-transport-security: max-age=31536000
x-frame-options: DENY
content-security-policy: default-src 'self'; style-src 'unsafe-inline'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Content-Length: 5209
Date: Thu, 08 Jul 2021 06:59:11 GMT
Connection: close

• https://[2602:0806:a003:040e:0000:0000:3000:2621]/
2602:806:a003:40e::3000:2621 No Compression used - 2041 / 5209 - 39.18 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/2305
200

Html is minified: 197.61 %
Other inline scripts (∑/total): 0/0
4.436
N
Certificate error: RemoteCertificateNameMismatch
strict-transport-security: max-age=31536000
x-frame-options: DENY
content-security-policy: default-src 'self'; style-src 'unsafe-inline'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Content-Length: 5209
Date: Thu, 08 Jul 2021 06:59:12 GMT
Connection: close

• http://[2602:0806:a003:040e:0000:0000:3000:2621]/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2602:806:a003:40e::3000:2621
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0
0.310
A
Not Found
Visible Content: Cannot GET /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 208
Date: Thu, 08 Jul 2021 06:59:17 GMT
Connection: close

• https://[2602:0806:a003:040e:0000:0000:3000:2621]/
2602:806:a003:40e::3000:2621 No Compression used - 2042 / 5209 - 39.20 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/2305
200

Html is minified: 197.61 %
Other inline scripts (∑/total): 0/0
3.766
N
Certificate error: RemoteCertificateNameMismatch
strict-transport-security: max-age=31536000
x-frame-options: DENY
content-security-policy: default-src 'self'; style-src 'unsafe-inline'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Content-Length: 5209
Date: Thu, 08 Jul 2021 06:59:17 GMT
Connection: close

 

7. Comments


1. General Results, most used to calculate the result

Aname "2602:806:a003:40e::3000:2621" is ipv6 address, public suffix is not defined
AGood: All ip addresses are public addresses
AGood: one preferred version: non-www is preferred
AGood: No cookie sent via http.
AGood: every https has a Strict Transport Security Header
AGood: HSTS max-age is long enough, 31536000 seconds = 365 days
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
CError - more then one version with Http-Status 200. After all redirects, all users (and search engines) should see the same https url: Non-www or www, but not both with http status 200.
HFatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
Nhttps://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch

2. Header-Checks


3. DNS- and NameServer - Checks


4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
https://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: https result with status 200 and size greater then 1024 Bytes without Compression found. Add Compression support (gzip, deflate, br - these are checked) so the html content is compressed.
https://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: https result with status 200 and size greater then 1024 Bytes without Compression found. Add Compression support (gzip, deflate, br - these are checked) so the html content is compressed.
https://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
https://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AInfo: No img element found, no alt attribute checked
http://[2602:0806:a003:040e:0000:0000:3000:2621]/ 2602:806:a003:40e::3000:2621
200

Warning: HSTS header sent via http has no effect
ADuration: 24370 milliseconds, 24.370 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
[2602:0806:a003:040e:0000:0000:3000:2621]
2602:806:a003:40e::3000:2621
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
[2602:0806:a003:040e:0000:0000:3000:2621]
2602:806:a003:40e::3000:2621
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
no http/2 via ALPN 
Tls.1.2
no Tls.1.1
no Tls.1.0
no http/2 via ALPN
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=ipv6-things.srv.peterjin.org


2CN=E1, O=Let's Encrypt, C=US


3CN=ISRG Root X2, O=Internet Security Research Group, C=US


[2602:0806:a003:040e:0000:0000:3000:2621]
2602:806:a003:40e::3000:2621
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok

[2602:0806:a003:040e:0000:0000:3000:2621]
2602:806:a003:40e::3000:2621
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
no http/2 via ALPN 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no http/2 via ALPN
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=ipv6-things.srv.peterjin.org


2CN=E1, O=Let's Encrypt, C=US


3CN=ISRG Root X2, O=Internet Security Research Group, C=US

 

9. Certificates

1.
1.
CN=ipv6-things.srv.peterjin.org
09.05.2021
07.08.2021
1222 days expired
*.aliases.peterjin.org, *.colors.misc.peterjin.org, *.misc.peterjin.org, *.ptable.misc.peterjin.org, *.scp.rdns.peterjin.org, *.t.rdns.peterjin.org, ipv6-things.srv.peterjin.org - 7 entries
1.
1.
CN=ipv6-things.srv.peterjin.org
09.05.2021

07.08.2021
1222 days expired


*.aliases.peterjin.org, *.colors.misc.peterjin.org, *.misc.peterjin.org, *.ptable.misc.peterjin.org, *.scp.rdns.peterjin.org, *.t.rdns.peterjin.org, ipv6-things.srv.peterjin.org - 7 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:ECDSA SHA384
Serial Number:03B07F4F8F4766EEA4154FB10265704D4127
Thumbprint:2A516EBF90E544DC7BBC670107174C3B4FCF5FF2
SHA256 / Certificate:L9XS74R+/lsoUQvekiuID9pCrzoCnWyOGM6adpEMsu4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):13fbf7bf5c19a338c284f3559352245a6fb748a95cf89fb526afc7d2b68fff02
SHA256 hex / Subject Public Key Information (SPKI):13fbf7bf5c19a338c284f3559352245a6fb748a95cf89fb526afc7d2b68fff02
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://e1.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=ipv6-things.srv.peterjin.org
09.05.2021
07.08.2021
1222 days expired
*.aliases.peterjin.org, *.colors.misc.peterjin.org, *.misc.peterjin.org, *.ptable.misc.peterjin.org, *.scp.rdns.peterjin.org, *.t.rdns.peterjin.org, ipv6-things.srv.peterjin.org - 7 entries

2.
CN=ipv6-things.srv.peterjin.org
09.05.2021

07.08.2021
1222 days expired


*.aliases.peterjin.org, *.colors.misc.peterjin.org, *.misc.peterjin.org, *.ptable.misc.peterjin.org, *.scp.rdns.peterjin.org, *.t.rdns.peterjin.org, ipv6-things.srv.peterjin.org - 7 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:ECDSA SHA384
Serial Number:03B07F4F8F4766EEA4154FB10265704D4127
Thumbprint:2A516EBF90E544DC7BBC670107174C3B4FCF5FF2
SHA256 / Certificate:L9XS74R+/lsoUQvekiuID9pCrzoCnWyOGM6adpEMsu4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):13fbf7bf5c19a338c284f3559352245a6fb748a95cf89fb526afc7d2b68fff02
SHA256 hex / Subject Public Key Information (SPKI):13fbf7bf5c19a338c284f3559352245a6fb748a95cf89fb526afc7d2b68fff02
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://e1.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=E1, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 278 days


3.
CN=E1, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 278 days




KeyalgorithmEC Public Key (384 bit, secp384r1)
Signatur:ECDSA SHA384
Serial Number:00B3BDDFF8A7845BBCE903A04135B34A45
Thumbprint:091E8EA1B256A312962AF6C140C0FBF079A407B3
SHA256 / Certificate:RklOMDeQWd8YvlISQwXmBvxZBw5bIQds4ROVS2BRfNo=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
SHA256 hex / Subject Public Key Information (SPKI):276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)




4.
CN=E1, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 278 days


4.
CN=E1, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 278 days




KeyalgorithmEC Public Key (384 bit, secp384r1)
Signatur:ECDSA SHA384
Serial Number:00B3BDDFF8A7845BBCE903A04135B34A45
Thumbprint:091E8EA1B256A312962AF6C140C0FBF079A407B3
SHA256 / Certificate:RklOMDeQWd8YvlISQwXmBvxZBw5bIQds4ROVS2BRfNo=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)




5.
CN=ISRG Root X2, O=Internet Security Research Group, C=US
04.09.2020
15.09.2025
expires in 278 days


5.
CN=ISRG Root X2, O=Internet Security Research Group, C=US
04.09.2020

15.09.2025
expires in 278 days




KeyalgorithmEC Public Key (384 bit, secp384r1)
Signatur:SHA256 With RSA-Encryption
Serial Number:079E492886376FD40848C23FC631E463
Thumbprint:151682F5218C0A511C28F4060A73B9CA78CE9A53
SHA256 / Certificate:iwW2jMZZ5e0PyzjyyUL7/SAOby/5+F1jxplO9eCwJwE=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):762195c225586ee6c0237456e2107dc54f1efc21f61a792ebd515913cce68332
SHA256 hex / Subject Public Key Information (SPKI):762195c225586ee6c0237456e2107dc54f1efc21f61a792ebd515913cce68332
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




6.
CN=ISRG Root X2, O=Internet Security Research Group, C=US
04.09.2020
17.09.2040
expires in 5759 days


6.
CN=ISRG Root X2, O=Internet Security Research Group, C=US
04.09.2020

17.09.2040
expires in 5759 days




KeyalgorithmEC Public Key (384 bit, secp384r1)
Signatur:ECDSA SHA384
Serial Number:41D29DD172EAEEA780C12C6CE92F8752
Thumbprint:BDB1B93CD5978D45C6261455F8DB95C75AD153AF
SHA256 / Certificate:aXKbjhWobvwXelevtxcd/GSt0owvyozxUH40RTzLFHA=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):762195c225586ee6c0237456e2107dc54f1efc21f61a792ebd515913cce68332
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:





7.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 3827 days


7.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 3827 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found

 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found

 

11. Html-Content - Entries

Summary

No data found or small Code-update

 

Details

Small Code Update - wait one minute

 

12. Html-Parsing via https://validator.w3.org/nu/

Small Code update, wait one minute

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

 

 

No NameServer - IP address - Informations found

 

14. CAA - Entries

No CAA entries found

 

15. TXT - Entries

No TXT entries found

 

16. DomainService - Entries

No DomainServiceEntries entries found

 

 

17. Cipher Suites

No Ciphers found

 

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

 

 

Permalink: https://check-your-website.server-daten.de/?i=d5f2c1d2-4f47-44a0-9f77-e9e49075b50e

 

Last Result: https://check-your-website.server-daten.de/?q=%5B2602%3A806%3Aa003%3A40e%3A%3A3000%3A2621%5D - 2021-07-08 08:59:07

 

Do you like this page? Support this tool, add a link on your page:

 

<a href="https://check-your-website.server-daten.de/?q=%5B2602%3A806%3Aa003%3A40e%3A%3A3000%3A2621%5D" target="_blank">Check this Site: %5B2602%3A806%3Aa003%3A40e%3A%3A3000%3A2621%5D</a>

 

 

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

 

QR-Code of this page - https://check-your-website.server-daten.de/?d=[2602:806:a003:40e::3000:2621]