Check DNS, Urls + Redirects, Certificates and Content of your Website


 

 

T

 

Timeout

 

Checked:
04.02.2025 16:31:12

 

Older results

No older results found

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
aovpn.bt.com
A
62.7.240.240
Slough/England/United Kingdom (GB) - BT Public Internet Service
No Hostname found
yes
1
0

AAAA

yes


www.aovpn.bt.com
A

yes
1
0

AAAA

yes


aovpn.bt.com
A
62.172.219.140
Enfield/England/United Kingdom (GB) - British Telecommunications PLC
No Hostname found
no


*.bt.com
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


*.aovpn.bt.com
A

yes



AAAA

yes



CNAME

yes


 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






Status: Valid because published






3 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 26470, Flags 256






Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.02.2025, 00:00:00 +, Signature-Inception: 31.01.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: com

com
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=






1 RRSIG RR to validate DS RR found






RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.02.2025, 05:00:00 +, Signature-Inception: 04.02.2025, 04:00:00 +, KeyTag 26470, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 13, KeyTag 23202, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 16.02.2025, 15:02:35 +, Signature-Inception: 01.02.2025, 14:57:35 +, KeyTag 19718, Signer-Name: com






Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: bt.com

bt.com
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "7m4cucm9bc1j2qlrq0sr32s64988m7g2" between the hashed NSEC3-owner "7m4cpb082v3hdm3rs2j4dphob3spenlp" and the hashed NextOwner "7m4d3j3gnf3mk64r9u2cfdc9jkvdmvtn". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 7m4cpb082v3hdm3rs2j4dphob3spenlp.com., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 09.02.2025, 02:41:46 +, Signature-Inception: 02.02.2025, 01:31:46 +, KeyTag 23202, Signer-Name: com






DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q3udg8cekkae7rukpgct1dvssh8ll". So that domain name is the Closest Encloser of "bt.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 08.02.2025, 00:26:34 +, Signature-Inception: 31.01.2025, 23:16:34 +, KeyTag 23202, Signer-Name: com






0 DNSKEY RR found









Zone: aovpn.bt.com

aovpn.bt.com
0 DS RR in the parent zone found






0 DNSKEY RR found









Zone: www.aovpn.bt.com

www.aovpn.bt.com
0 DS RR in the parent zone found

 

3. Name Servers

DomainNameserverNS-IP
aovpn.bt.com
  dy-gslb-ext-1.gss.bt.com
62.239.6.87
London/England/United Kingdom (GB) - British Telecommunications PLC


  sa-gslb-ext-1.gss.bt.com
62.172.50.58
Loughborough/England/United Kingdom (GB) - BTnet UK Core

bt.com
  dydns0.bt.com
193.113.32.156
London/England/United Kingdom (GB) - BTRL


  dydns1.bt.com
193.113.32.157
London/England/United Kingdom (GB) - BTRL


  eddns0.bt.com
193.113.57.242
London/England/United Kingdom (GB) - BTRL


  eddns1.bt.com
193.113.57.243
London/England/United Kingdom (GB) - BTRL

com
  a.gtld-servers.net / nnn1-defra-5


  b.gtld-servers.net / nnn1-ellux2


  c.gtld-servers.net / nnn1-defra-5


  d.gtld-servers.net / nnn1-par6


  e.gtld-servers.net / nnn1-defra-5


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-frmrs-2


  k.gtld-servers.net / nnn1-ein4


  l.gtld-servers.net / nnn1-frmrs-2


  m.gtld-servers.net / nnn1-ein1

 

4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1738683043
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:3


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1738683058
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:10


Domain:bt.com
Zone-Name:bt.com
Primary:eddns0.bt.com
Mail:zzdnsr.bt.com
Serial:2006030398
Refresh:28800
Retry:7200
Expire:604800
TTL:600
num Entries:4


Domain:aovpn.bt.com
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:2


5. Screenshots

Startaddress: https://aovpn.bt.com/, address used: https://aovpn.bt.com/, Screenshot created 2025-02-04 16:37:58 +00:0

 

Mobil (412px x 732px)

 

1061 milliseconds

 

Screenshot mobile - https://aovpn.bt.com/
Mobil + Landscape (732px x 412px)

 

1078 milliseconds

 

Screenshot mobile landscape - https://aovpn.bt.com/
Screen (1280px x 1680px)

 

1172 milliseconds

 

Screenshot Desktop - https://aovpn.bt.com/

 

Mobile- and other Chrome-Checks


widthheight
visual Viewport412716
content Size960716

 

Fatal: Horizontal scrollbar detected. Content-size width is greater then visual Viewport width.

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://aovpn.bt.com/
62.7.240.240
-14


10.030
T
Timeout - The operation has timed out.

• http://aovpn.bt.com/
62.172.219.140
-14


10.020
T
Timeout - The operation has timed out.

• https://aovpn.bt.com/
62.7.240.240 No Compression used - 593 / 703 - 84.35 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 154.85 %
Other inline scripts (∑/total): 0/0
3.654
B
Accept-Ranges: bytes
ETag: "9276c0b979ed61:0"
Server: Microsoft-IIS/10.0
Date: Tue, 04 Feb 2025 15:34:53 GMT
Content-Type: text/html
Last-Modified: Thu, 09 Apr 2020 14:18:22 GMT
Content-Length: 703

• https://aovpn.bt.com/
62.172.219.140 No Compression used - 593 / 703 - 84.35 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 154.85 %
Other inline scripts (∑/total): 0/0
3.700
B
Accept-Ranges: bytes
ETag: "c27b4f6c4edbd51:0"
Server: Microsoft-IIS/10.0
Date: Tue, 04 Feb 2025 15:34:20 GMT
Content-Type: text/html
Last-Modified: Tue, 04 Feb 2020 11:29:54 GMT
Content-Length: 703

• http://aovpn.bt.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
62.7.240.240
-14


10.044
T
Timeout - The operation has timed out.
Visible Content:

• http://aovpn.bt.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
62.172.219.140
-14


10.030
T
Timeout - The operation has timed out.
Visible Content:

• https://62.7.240.240/
62.7.240.240 No Compression used - 593 / 703 - 84.35 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 154.85 %
Other inline scripts (∑/total): 0/0
3.610
N
Certificate error: RemoteCertificateNameMismatch
Accept-Ranges: bytes
ETag: "a79b30de73ed61:0"
Server: Microsoft-IIS/10.0
Date: Tue, 04 Feb 2025 15:35:23 GMT
Content-Type: text/html
Last-Modified: Thu, 09 Apr 2020 13:36:26 GMT
Content-Length: 703

• https://62.172.219.140/
62.172.219.140 No Compression used - 593 / 703 - 84.35 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 154.85 %
Other inline scripts (∑/total): 0/0
3.607
N
Certificate error: RemoteCertificateNameMismatch
Accept-Ranges: bytes
ETag: "24a7188d872ad51:0"
Server: Microsoft-IIS/10.0
Date: Tue, 04 Feb 2025 15:35:18 GMT
Content-Type: text/html
Last-Modified: Mon, 24 Jun 2019 12:22:55 GMT
Content-Length: 703

 

7. Comments


1. General Results, most used to calculate the result

Aname "aovpn.bt.com" is subdomain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 103088 (complete: 263653)
AGood: All ip addresses are public addresses
Warning: Only one ip address found: aovpn.bt.com has only one ip address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: aovpn.bt.com has no ipv6 address.
AGood: No asked Authoritative Name Server had a timeout
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: non-www is preferred
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (4 urls)
https://aovpn.bt.com/ 62.7.240.240


Url with incomplete Content-Type - header - missing charset
https://aovpn.bt.com/ 62.172.219.140


Url with incomplete Content-Type - header - missing charset
https://62.7.240.240/ 62.7.240.240


Url with incomplete Content-Type - header - missing charset
https://62.172.219.140/ 62.172.219.140


Url with incomplete Content-Type - header - missing charset
Bhttps://aovpn.bt.com/ 62.7.240.240
200

Missing HSTS-Header
Bhttps://aovpn.bt.com/ 62.172.219.140
200

Missing HSTS-Header
Nhttps://62.7.240.240/ 62.7.240.240
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://62.172.219.140/ 62.172.219.140
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Oaovpn.bt.com / 62.7.240.240 / 443


Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 7 Cipher Suites without Forward Secrecy found
XFatal error: Nameserver doesn't support TCP connection: dy-gslb-ext-1.gss.bt.com / 62.239.6.87: Timeout
XFatal error: Nameserver doesn't support TCP connection: sa-gslb-ext-1.gss.bt.com / 62.172.50.58: Timeout
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain aovpn.bt.com, 1 ip addresses, 1 different http results.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.aovpn.bt.com

2. Header-Checks

Faovpn.bt.com 62.7.240.240
Content-Security-Policy
Critical: Missing Header:
Faovpn.bt.com 62.7.240.240
X-Content-Type-Options
Critical: Missing Header:
Faovpn.bt.com 62.7.240.240
Referrer-Policy
Critical: Missing Header:
Faovpn.bt.com 62.7.240.240
Permissions-Policy
Critical: Missing Header:
Baovpn.bt.com 62.7.240.240
Cross-Origin-Embedder-Policy
Info: Missing Header
Baovpn.bt.com 62.7.240.240
Cross-Origin-Opener-Policy
Info: Missing Header
Baovpn.bt.com 62.7.240.240
Cross-Origin-Resource-Policy
Info: Missing Header
Faovpn.bt.com 62.172.219.140
Content-Security-Policy
Critical: Missing Header:
Faovpn.bt.com 62.172.219.140
X-Content-Type-Options
Critical: Missing Header:
Faovpn.bt.com 62.172.219.140
Referrer-Policy
Critical: Missing Header:
Faovpn.bt.com 62.172.219.140
Permissions-Policy
Critical: Missing Header:
Baovpn.bt.com 62.172.219.140
Cross-Origin-Embedder-Policy
Info: Missing Header
Baovpn.bt.com 62.172.219.140
Cross-Origin-Opener-Policy
Info: Missing Header
Baovpn.bt.com 62.172.219.140
Cross-Origin-Resource-Policy
Info: Missing Header

3. DNS- and NameServer - Checks

AInfo:: 2 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 4 Name Servers.
AInfo:: 2 Queries complete, 2 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
AGood: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.dydns0.bt.com (193.113.32.156), dydns1.bt.com (193.113.32.157), eddns0.bt.com (193.113.57.242), eddns1.bt.com (193.113.57.243)
AGood (1 - 3.0):: An average of 0.5 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 4 different Name Servers found: dydns0.bt.com, dydns1.bt.com, eddns0.bt.com, eddns1.bt.com, 4 Name Servers included in Delegation: dydns0.bt.com, dydns1.bt.com, eddns0.bt.com, eddns1.bt.com, 4 Name Servers included in 1 Zone definitions: DYDNS0.BT.COM, DYDNS1.BT.COM, EDDNS0.BT.COM, EDDNS1.BT.COM, 1 Name Servers listed in SOA.Primary: eddns0.bt.com.
AGood: Only one SOA.Primary Name Server found.: eddns0.bt.com.
AGood: SOA.Primary Name Server included in the delegation set.: eddns0.bt.com.
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AInfo: Ipv4-Subnet-list: 4 Name Servers, 1 different subnets (first Byte): 193., 1 different subnets (first two Bytes): 193.113., 2 different subnets (first three Bytes): 193.113.32., 193.113.57.
AGood: Name Server IPv4-addresses from different subnet found:
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
Nameserver doesn't pass all EDNS-Checks: dy-gslb-ext-1.gss.bt.com / 62.239.6.87: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. FLAGS: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: sa-gslb-ext-1.gss.bt.com / 62.172.50.58: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. FLAGS: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

http://aovpn.bt.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 62.7.240.240
-14

Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://aovpn.bt.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 62.172.219.140
-14

Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: No https + http status 200 with inline CSS / JavaScript found
https://aovpn.bt.com/ 62.7.240.240
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://aovpn.bt.com/ 62.172.219.140
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://62.7.240.240/ 62.7.240.240
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://62.172.219.140/ 62.172.219.140
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
AGood: All images with internal compression not compressed. Some Images (.png, .jpg, .jpeg, .webp, .gif) are already compressed, so an additional compression isn't helpful. 2 images (type image/png, image/jpg, image/jpeg, image/webp, image/gif) found without additional Compression. Not required because these images are already compressed
Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 2 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 2 complete.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AGood: All img-elements have a valid alt-attribute.: 4 img-elements found.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 412890 milliseconds, 412.890 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
aovpn.bt.com
62.7.240.240
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
aovpn.bt.com
62.7.240.240
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=aovpn.bt.com, O=British Telecommunications Public Limited Company, L=LONDON, C=GB, serialNumber=01800000


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


aovpn.bt.com
62.172.219.140
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

aovpn.bt.com
62.172.219.140
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=aovpn.bt.com, O=British Telecommunications Public Limited Company, L=LONDON, C=GB, serialNumber=01800000


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


62.7.240.240
62.7.240.240
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

62.7.240.240
62.7.240.240
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=aovpn.bt.com, O=British Telecommunications Public Limited Company, L=LONDON, C=GB, serialNumber=01800000


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


62.172.219.140
62.172.219.140
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

62.172.219.140
62.172.219.140
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=aovpn.bt.com, O=British Telecommunications Public Limited Company, L=LONDON, C=GB, serialNumber=01800000


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

 

9. Certificates

1.
1.
CN=aovpn.bt.com, O=British Telecommunications Public Limited Company, L=LONDON, C=GB, SERIALNUMBER=01800000, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB
15.11.2024
17.12.2025
expires in 301 days
aovpn.bt.com - 1 entry
1.
1.
CN=aovpn.bt.com, O=British Telecommunications Public Limited Company, L=LONDON, C=GB, SERIALNUMBER=01800000, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB
15.11.2024

17.12.2025
expires in 301 days


aovpn.bt.com - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0631C69393824877B4CF9C76A2AA586B
Thumbprint:88E6C9B2A8F3351F1EFABDBBF0DB4A80AA5B24D5
SHA256 / Certificate:v/pX7X4pt7HngEiLVas70t78dEebarq7pteDp//RE6M=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):95cce68036f523d1e07f9da897ac34c443d9ada9574c6cef733e2e206fdc2970
SHA256 hex / Subject Public Key Information (SPKI):95cce68036f523d1e07f9da897ac34c443d9ada9574c6cef733e2e206fdc2970 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
02.07.2020
02.07.2030
expires in 1959 days


2.
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
02.07.2020

02.07.2030
expires in 1959 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:01678F1FEF882255D8B0A70E6B7BB220
Thumbprint:090A16F9BA16001B2EC130F80523E5B5EB259158
SHA256 / Certificate:lYjvdBmeRazvzM/AxHAQ6fKjeh3UTGGk4cazNNpa9hQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c3d23c5aba47af56004b40ee82f2c6b2b23d566d72124640ca594ac5e9975dfe
SHA256 hex / Subject Public Key Information (SPKI):c3d23c5aba47af56004b40ee82f2c6b2b23d566d72124640ca594ac5e9975dfe
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013
15.01.2038
expires in 4713 days


3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013

15.01.2038
expires in 4713 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
0
1
1

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
8667374710
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-11-15 00:00:00
2025-12-16 23:59:59
aovpn.bt.com - 1 entries


 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found

 

11. Html-Content - Entries

Summary


Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://aovpn.bt.com/
62.7.240.240
a

1

0


0
0
0


img

1
99,710 Bytes
0
1
0
0
0
0


meta
other
1

0


0
0
0

https://aovpn.bt.com/
62.172.219.140
a

1

0


0
0
0


img

1
99,710 Bytes
0
1
0
0
0
0


meta
other
1

0


0
0
0

https://62.7.240.240/
62.7.240.240
a

1

0


0
0
0


img

1

0


0
0
0


meta
other
1

0


0
0
0

https://62.172.219.140/
62.172.219.140
a

1

0


0
0
0


img

1

0


0
0
0


meta
other
1

0


0
0
0

 

Details (currently limited to 500 rows - some problems with spam users)

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
62.7.240.240
a

http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409


1
ok















img
src
iisstart.png
200

1
ok
alt: IISimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 99710 Bytes






ETag: "71131de73ed61:0"



meta
Content-Type
text/html; charset=iso-8859-1


1
ok














https://aovpn.bt.com/
62.172.219.140
a

http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409


1
ok















img
src
iisstart.png
200

1
ok
alt: IISimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 99710 Bytes






ETag: "702cf114b27ad51:0"



meta
Content-Type
text/html; charset=iso-8859-1


1
ok














https://62.7.240.240/
62.7.240.240
a

http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409


1
ok















img
src
iisstart.png


1
ok
alt: IIS














meta
Content-Type
text/html; charset=iso-8859-1


1
ok














https://62.172.219.140/
62.172.219.140
a

http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409


1
ok















img
src
iisstart.png


1
ok
alt: IIS














meta
Content-Type
text/html; charset=iso-8859-1


1
ok














 

12. Html-Parsing via https://validator.w3.org/nu/

Url used (first standard-https-result with http status 200): https://aovpn.bt.com/

Summary

Good: No non-document-errors
3 errors
3 warnings

TypeMessagenum found
1.errorLegacy encoding windows-1252 used. Documents must use UTF-8.1
2.errorObsolete doctype. Expected <!DOCTYPE html>.1
3.errorBad value text/html; charset=iso-8859-1 for attribute content on element meta: charset= must be followed by utf-8.1
4.warningConsider adding a lang attribute to the html start tag to declare the language of this document.1
5.warningUsing windows-1252 instead of the declared encoding iso-8859-1.1
6.warningThe type attribute for the style element is not needed and should be omitted.1

Details


TypeMessage + Sample
1errorLegacy encoding windows-1252 used. Documents must use UTF-8.


2errorObsolete doctype. Expected <!DOCTYPE html>.

From line 1, column 1 to line 1, column 109

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html
3errorBad value text/html; charset=iso-8859-1 for attribute content on element meta: charset= must be followed by utf-8.

From line 4, column 1 to line 4, column 74

"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <titl
4warningConsider adding a lang attribute to the html start tag to declare the language of this document.

From line 1, column 110 to line 2, column 43

rict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head
5warningUsing windows-1252 instead of the declared encoding iso-8859-1.

From line 4, column 74 to line 4, column 74


6warningThe type attribute for the style element is not needed and should be omitted.

From line 6, column 1 to line 6, column 23

r</title> <style type="text/css"> <!--

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: dydns0.bt.com, dydns1.bt.com, eddns0.bt.com, eddns1.bt.com

 

QNr.DomainTypeNS used
1
com
NS
d.root-servers.net (2001:500:2d::d)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
dydns0.bt.com: 193.113.32.156
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: dydns1.bt.com
193.113.32.157

Answer: eddns0.bt.com
193.113.57.242

Answer: eddns1.bt.com
193.113.57.243

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.aovpn.bt.com
0

no CAA entry found
1
0
aovpn.bt.com
0

no CAA entry found
1
0
bt.com
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
bt.com
_fu9wexpb3hl7k2jggs33dn43b3mbtum
ok
1
0
bt.com
2bd4fhc993k7qlzn6d378k8hqxb12s3f
ok
1
0
bt.com
9123-70F4-5236-027D-644B-81E0-D859-AECD
ok
1
0
bt.com
apple-domain-verification=2wmMLKFJFlWPklL2
ok
1
0
bt.com
apple-domain-verification=8qEsid9JR22QL8DO
ok
1
0
bt.com
apple-domain-verification=JCy70GnffQDcBVIR
ok
1
0
bt.com
atlassian-domain-verification=XLWtzSfK6U83Hg5Um61jVLjNzqR9ygXELexMNfqJJshefny8hFi3KNAK/Hb4xAYl
ok
1
0
bt.com
atlassian-sending-domain-verification=ae1e2cb6-0959-4f25-b37a-4c66b4e5e468
ok
1
0
bt.com
autodesk-domain-verification=vmIPnr1GseHte8Ol4tdd
ok
1
0
bt.com
DNRynrIWZj7FpJ7nTv6o0S9OiH9++PvCF6byh33McE4=
ok
1
0
bt.com
dtm-domain-verification=HykUdMm1ucjXduqd9uBIS35Us7ii2mDrjiqE5PqPhm4
ok
1
0
bt.com
facebook-domain-verification=6ismgdmuzqf1lp6gse48wa4oz2isw5
ok
1
0
bt.com
fastly-domain-delegation-5Lazp7wYoooiwDL9dEWZ-422411-2021-07-22
ok
1
0
bt.com
globalsign-domain-verification=DAA742FBA19F6967D3D3A8DC2BE96867
ok
1
0
bt.com
google-site-verification=G7I_80VRER7Wgn3V-aNWBFijdpE4JGSzMq_WlbrbN7Y
ok
1
0
bt.com
google-site-verification=jqIuLoI2xscRdokU7DZrf026zMImlQIQwAHVT3bgMUk
ok
1
0
bt.com
MS173292
ok
1
0
bt.com
MS442395
ok
1
0
bt.com
MS514229
ok
1
0
bt.com
onetrust-domain-verification=4e5dad68ca124ab68bc54c9a68781fa5
ok
1
0
bt.com
paloaltonetworks-site-verification=4358a4575e5e2f27af9887fb7c598966be5752014419bcd03eaa89f5367f1e08
ok
1
0
bt.com
v=spf1 a:smtp1.bt.com include:spf.protection.outlook.com include:www.thrs.bt.com ip4:62.7.242.136/29 ip4:62.239.224.234/31 ip4:62.239.224.236/31 ip4:62.239.224.98/31 ip4:193.113.108.40/31 ip4:212.140.59.179 ip4:212.140.56.164 ip4:212.49.128.65 ip4:200.47.123.3 ip4:147.149.196.177 ip4:147.149.100.81 ip4:147.149.196.181 ip4:147.149.100.78 ~all
ok
1
0
bt.com
VISA= 54D62E662CD075058ACEB7C8D7E18208
ok
1
0
bt.com
VISA=84192C66FC3D59E1C49F8CE0F1963626
ok
1
0
bt.com
vmware-cloud-verification-be6dfc6d-61b7-4e1b-af28-e75a39c7fb50
ok
1
0
bt.com
vrelnrisb1a3v4qqq54fjbjbbs
ok
1
0
bt.com
x6MWUs7ki3ZXYAZgVHRipb4Y7L33ZqthzG8Wbb4vSlE=
ok
1
0
aovpn.bt.com

ok
1
0
www.aovpn.bt.com

ok
1
0
_acme-challenge.aovpn.bt.com

missing entry or wrong length
1
0
_acme-challenge.www.aovpn.bt.com

missing entry or wrong length
1
0
_acme-challenge.aovpn.bt.com.bt.com

Name Error - The domain name does not exist
1
0
_acme-challenge.aovpn.bt.com.aovpn.bt.com

perhaps wrong
1
0
_acme-challenge.www.aovpn.bt.com.aovpn.bt.com

perhaps wrong
1
0
_acme-challenge.www.aovpn.bt.com.www.aovpn.bt.com

perhaps wrong
1
0

 

16. DomainService - Entries

No DomainServiceEntries entries found

 

 

17. Cipher Suites

Summary
DomainIPPortnum CipherstimeStd.ProtocolForward Secrecy
aovpn.bt.com
62.7.240.240
443
17 Ciphers78.71 sec
7 without, 10 FS
58.82 %
Complete

1
17 Ciphers
17.00 Ciphers/Check
78.71 sec78.71 sec/Check
7 without, 10 FS
58.82 %

Details
DomainIPPortCipher (OpenSsl / IANA)
aovpn.bt.com
62.7.240.240
443
ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS
17 Ciphers, 78.71 sec
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDH
RSA
AESGCM(256)
AEAD




DHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0x00,0x9F
FS

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

DH
RSA
AESGCM(256)
AEAD




ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDH
RSA
AESGCM(128)
AEAD




DHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0x00,0x9E
FS

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

DH
RSA
AESGCM(128)
AEAD




ECDHE-RSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x28
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

ECDH
RSA
AES(256)
SHA384




AES256-GCM-SHA384
(Weak)
TLSv1.2
0x00,0x9D
No FS

TLS_RSA_WITH_AES_256_GCM_SHA384

RSA
RSA
AESGCM(256)
AEAD




AES256-SHA256
(Weak)
TLSv1.2
0x00,0x3D
No FS

TLS_RSA_WITH_AES_256_CBC_SHA256

RSA
RSA
AES(256)
SHA256




ECDHE-RSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x27
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

ECDH
RSA
AES(128)
SHA256




AES128-GCM-SHA256
(Weak)
TLSv1.2
0x00,0x9C
No FS

TLS_RSA_WITH_AES_128_GCM_SHA256

RSA
RSA
AESGCM(128)
AEAD




AES128-SHA256
(Weak)
TLSv1.2
0x00,0x3C
No FS

TLS_RSA_WITH_AES_128_CBC_SHA256

RSA
RSA
AES(128)
SHA256




ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

ECDH
RSA
AES(256)
SHA1




ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

ECDH
RSA
AES(128)
SHA1




DHE-RSA-AES256-SHA
(Weak)
SSLv3
0x00,0x39
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

DH
RSA
AES(256)
SHA1




AES256-SHA
(Weak)
SSLv3
0x00,0x35
No FS

TLS_RSA_WITH_AES_256_CBC_SHA

RSA
RSA
AES(256)
SHA1




DES-CBC3-SHA
(Weak)
SSLv3
0x00,0x0A
No FS

TLS_RSA_WITH_3DES_EDE_CBC_SHA

RSA
RSA
3DES(168)
SHA1




DHE-RSA-AES128-SHA
(Weak)
SSLv3
0x00,0x33
FS

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

DH
RSA
AES(128)
SHA1




AES128-SHA
(Weak)
SSLv3
0x00,0x2F
No FS

TLS_RSA_WITH_AES_128_CBC_SHA

RSA
RSA
AES(128)
SHA1

 

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

 

 

Permalink: https://check-your-website.server-daten.de/?i=e8f5ff19-5efe-468b-8bb7-a63939ed0f69

 

Last Result: https://check-your-website.server-daten.de/?q=aovpn.bt.com - 2025-02-04 16:31:12

 

Do you like this page? Support this tool, add a link on your page:

 

<a href="https://check-your-website.server-daten.de/?q=aovpn.bt.com" target="_blank">Check this Site: aovpn.bt.com</a>

 

 

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

 

QR-Code of this page - https://check-your-website.server-daten.de/?d=aovpn.bt.com