Check DNS, Urls + Redirects, Certificates and Content of your Website


Update: 2020-03-04 - now 90 days later. All affected Letsencrypt certificates should be renewed. Time to remove that Info.





1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
157.240.7.20
A
157.240.7.20
Singapore//Singapore (SG) - Facebook, Inc.
Hostname: edge-star-shv-01-sin6.facebook.com
yes



2. DNSSEC


No DNSSEC - Informations found


3. Name Servers


No Nameserver entries found


4. SOA-Entries


No SOA entries found

5. Screenshots

Startaddress: https://www.facebook.com, address used: https://www.facebook.com/, Screenshot created 2020-05-05 05:33:11 +00:0

Mobil (412px x 732px)

840 milliseconds

Screenshot mobile - https://www.facebook.com/
Mobil + Landscape (732px x 412px)

821 milliseconds

Screenshot mobile landscape - https://www.facebook.com/
Screen (1280px x 1680px)

980 milliseconds

Screenshot Desktop - https://www.facebook.com/

Mobile- and other Chrome-Checks

widthheight
visual Viewport396716
content Size9801013

Fatal: Horizontal scrollbar detected. Content-size width is greater then visual Viewport width.

Chrome-Connection: secure. secure connection settings. The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_128_GCM.

Chrome-Resources : secure. all served securely. All resources on this page are served securely.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://157.240.7.20:443/
157.240.7.20
-8

1.100
W
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.

• https://157.240.7.20:443/
157.240.7.20
301
https://www.facebook.com/
6.316
N
Certificate error: RemoteCertificateNameMismatch
Location: https://www.facebook.com/
Content-Type: text/html; charset="utf-8"
X-FB-Debug: crcQqLWkupckyWdRZRccsh6i+a9eW8ro865hhGdG4GZq7QMrZq5gO+mRIQy0FUEtseFJw/dEDfX6p6ynKqg4Jg==
Date: Tue, 05 May 2020 03:32:41 GMT
Alt-Svc: h3-27=":443"; ma=3600
Connection: close
Content-Length: 0

• https://www.facebook.com/
GZip used - 44282 / 168721 - 73.75 %
200

Html is minified: 480.18 %
2.273
B
Content-Encoding: gzip
Cache-Control: private, no-cache, no-store, must-revalidate
Pragma: no-cache
Strict-Transport-Security: max-age=15552000; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Content-Type: text/html; charset="utf-8"
X-FB-Debug: eGXHceeNHJZWC00RfBlvmmc388dheFiSlV00wQEd6ODAE531RrAQc7DiePTHHPFOIogl6l64QnTOX9pIZoIMyA==
Date: Tue, 05 May 2020 03:32:54 GMT
Alt-Svc: h3-27=":443"; ma=3600
Connection: close

• http://157.240.7.20:443/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
157.240.7.20
-8

1.090
W
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
Visible Content:

• https://157.240.7.20:443/
157.240.7.20
301
https://www.facebook.com/
5.947
N
Certificate error: RemoteCertificateNameMismatch
Location: https://www.facebook.com/
Content-Type: text/html; charset="utf-8"
X-FB-Debug: uAUVVIR+e1dMChZtWHL6iYIqotKtb+wD6i51dZhCb0y6ENChA73gdu6RuLZulcOp6cz5R2Uyi/IdZdcsH5Yh/w==
Date: Tue, 05 May 2020 03:32:48 GMT
Alt-Svc: h3-27=":443"; ma=3600
Connection: close
Content-Length: 0

7. Comments


1. General Results, most used to calculate the result

Aname "157.240.7.20" is ipv4 address, public suffix is not defined
Agood: All ip addresses are public addresses
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: 157.240.7.20 has no ipv6 address.
Agood: destination is https
Agood - only one version with Http-Status 200
Agood: one preferred version: www is preferred
Warning: HSTS preload sent, but not in Preload-List. Never send a preload directive if you don't know what preload means. Check https://hstspreload.org/ to learn the basics about the Google-Preload list. If you send a preload directive, you should **immediately** add your domain to the HSTS preload list via https://hstspreload.org/ . If Google accepts the domain, so the status is "pending": Note that new entries are hardcoded into the Chrome source code and can take several months before they reach the stable version. So you will see this message some months. If you don't want that or if you don't understand "preload", but if you send a preload directive and if you have correct A-redirects, everybody can add your domain to that list. Then you may have problems, it's not easy to undo that. So if you don't want your domain preloaded, remove the preload directive.
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Bwarning: HSTS max-age is too short - minimum 31536000 = 365 days required, 15552000 seconds = 180 days found
Bhttps://157.240.7.20:443/ 157.240.7.20
301

Missing HSTS-Header
Bhttps://157.240.7.20:443/ 157.240.7.20
301

Missing HSTS-Header
Nhttps://157.240.7.20:443/ 157.240.7.20
301
https://www.facebook.com/
Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://157.240.7.20:443/ 157.240.7.20
301
https://www.facebook.com/
Error - Certificate isn't trusted, RemoteCertificateNameMismatch

2. DNS- and NameServer - Checks


3. Content- and Performance-critical Checks

http://157.240.7.20:443/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 157.240.7.20
-8

Fatal: Check of /.well-known/acme-challenge/random-filename is blocked, http connection error. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 supports GZip.
https://www.facebook.com/
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 39903 milliseconds, 39.903 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
157.240.7.20
157.240.7.20
443
name does not match
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
157.240.7.20
157.240.7.20
443
name does not match
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
Chain (complete)
1CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, C=US, ST=California

2CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US


www.facebook.com
www.facebook.com
443
ok
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok

www.facebook.com
www.facebook.com
443
ok
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
Chain (complete)
1CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, C=US, ST=California

2CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US


157.240.7.20
157.240.7.20
443
name does not match
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok

157.240.7.20
157.240.7.20
443
name does not match
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
Tls.1.1
Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
Tls.1.1
Tls.1.0
Chain (complete)
1CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, C=US, ST=California

2CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US


9. Certificates

1.
1.
CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, S=California, C=US
15.04.2020
14.07.2020
expires in 40 days
*.facebook.com, *.facebook.net, *.fb.com, *.fbcdn.net, *.fbsbx.com, *.messenger.com, facebook.com, fb.com, messenger.com, *.m.facebook.com, *.xx.fbcdn.net, *.xy.fbcdn.net, *.xz.fbcdn.net - 13 entries
1.
1.
CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, S=California, C=US
15.04.2020

14.07.2020
expires in 40 days
*.facebook.com, *.facebook.net, *.fb.com, *.fbcdn.net, *.fbsbx.com, *.messenger.com, facebook.com, fb.com, messenger.com, *.m.facebook.com, *.xx.fbcdn.net, *.xy.fbcdn.net, *.xz.fbcdn.net - 13 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:0EDFA59AE5B142667DA98E439B6B858F
Thumbprint:BBE7A097C792B22D00381269E464E904964BC741
SHA256 / Certificate:dC7FLoIaUZ9wy1ZklOOkG2NRAmvPUFXQzDAft1XCB5E=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):1c37b27e4ef8db29ab2aa0797648b48fb298e78028c75e4186f629d06340cfd0
SHA256 hex / Subject Public Key Information (SPKI):3d1410b7a44018df42d20dfad60a4b76df80eb1881c52a221b6583ab62a74d5d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes


2.
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
22.10.2013
22.10.2028
expires in 3062 days


2.
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
22.10.2013

22.10.2028
expires in 3062 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:04E1E7A4DC5CF2F36DC02B42B85D159F
Thumbprint:A031C46782E6E6C662C2C87C76DA9AA62CCABD8E
SHA256 / Certificate:GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
SHA256 hex / Cert (DANE * 0 1):19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0
SHA256 hex / PublicKey (DANE * 1 1):936bfae7bc41b0e55ed4f411c0eb07b30ddbb064f657322acf92bee7db0d430b
SHA256 hex / Subject Public Key Information (SPKI):52d4ef822ed8221c2cc1104485d0c52e7d01dd0a6ecda08204f3784cec3f4daf
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no


3.
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
10.11.2006
10.11.2031
expires in 4176 days


3.
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
10.11.2006

10.11.2031
expires in 4176 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:02AC5C266A0B409B8F0B79F2AE462577
Thumbprint:5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
SHA256 / Certificate:dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=
SHA256 hex / Cert (DANE * 0 1):7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf
SHA256 hex / PublicKey (DANE * 1 1):5a889647220e54d6bd8a16817224520bb5c78e58984bd570506388b9de0f075f
SHA256 hex / Subject Public Key Information (SPKI):fd7961a0192a5cad26b74160a14732cf8625b6e21d65b4faf7bc5c2f968f5a33
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

No CRT - CT-Log entries found


11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses (alpha)

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.


13. CAA - Entries

No CAA entries found


14. TXT - Entries

No TXT entries found


15. Portchecks

No Port checks



Permalink: https://check-your-website.server-daten.de/?i=7b8f1c4e-d0ff-422b-a249-bc0b19102493


Last Result: https://check-your-website.server-daten.de/?q=157.240.7.20%3a443 - 2020-05-05 05:32:35


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=157.240.7.20%3a443" target="_blank">Check this Site: 157.240.7.20:443</a>