Check DNS, Urls + Redirects, Certificates and Content of your Website



H

Http as Destination - no encryption

Checked:
18.04.2020 09:25:51


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
bitwarden.waibel.dev
CNAME
ghs.googlehosted.com
yes
1
0

A
172.217.17.147
Amsterdam/North Holland/Netherlands (NL) - Google LLC
Hostname: ams15s30-in-f147.1e100.net
yes



AAAA
2a00:1450:400e:807::2013
Amsterdam/North Holland/Netherlands (NL) - GOOGLE-2a

yes


www.bitwarden.waibel.dev

Name Error
yes
1
0
ghs.googlehosted.com
A
172.217.18.19
Frankfurt am Main/Hesse/Germany (DE) - Google LLC
No Hostname found
no


bitwarden.waibel.dev
A
172.217.18.19
Frankfurt am Main/Hesse/Germany (DE) - Google LLC
No Hostname found
no



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 48903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 02.05.2020, 00:00:00 +, Signature-Inception: 11.04.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: dev
dev
1 DS RR in the parent zone found



1 RRSIG RR to validate DS RR found



RRSIG-Owner dev., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 01.05.2020, 05:00:00 +, Signature-Inception: 18.04.2020, 04:00:00 +, KeyTag 48903, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48903 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 32463, Flags 256



Public Key with Algorithm 8, KeyTag 60074, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner dev., Algorithm: 8, 1 Labels, original TTL: 300 sec, Signature-expiration: 08.05.2020, 18:20:52 +, Signature-Inception: 16.04.2020, 18:20:52 +, KeyTag 60074, Signer-Name: dev



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60074 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 60074, DigestType 2 and Digest "uULizlrr9i/KWdBXB+bbt5UhHVQNitugLp6J6DNCR4U=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: waibel.dev
waibel.dev
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "otutov8i133r3sq11jafp4hfmrsf8rj6" between the hashed NSEC3-owner "otutov8i133r3sq11jafp4hfmrsf8rj6" and the hashed NextOwner "otv07pf47fnkb9656nngav67ag47s3pm". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: No Bitmap? Validated: RRSIG-Owner otutov8i133r3sq11jafp4hfmrsf8rj6.dev., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 08.05.2020, 18:20:52 +, Signature-Inception: 16.04.2020, 18:20:52 +, KeyTag 32463, Signer-Name: dev



0 DNSKEY RR found




Zone: bitwarden.waibel.dev
bitwarden.waibel.dev
0 DS RR in the parent zone found

Zone: www.bitwarden.waibel.dev
www.bitwarden.waibel.dev
0 DS RR in the parent zone found

Zone: (root)
(root)
1 DS RR published



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 48903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 02.05.2020, 00:00:00 +, Signature-Inception: 11.04.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com
1 DS RR in the parent zone found



1 RRSIG RR to validate DS RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 01.05.2020, 05:00:00 +, Signature-Inception: 18.04.2020, 04:00:00 +, KeyTag 48903, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48903 used to validate the DS RRSet in the parent zone



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 39844, Flags 256



Public Key with Algorithm 8, KeyTag 56311, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 30.04.2020, 18:24:21 +, Signature-Inception: 15.04.2020, 18:19:21 +, KeyTag 30909, Signer-Name: com



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 30.04.2020, 18:24:21 +, Signature-Inception: 15.04.2020, 18:19:21 +, KeyTag 30909, Signer-Name: com



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: googlehosted.com
googlehosted.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "6ngrlhc9jj422bkr9n40uv7rmmq82nva" between the hashed NSEC3-owner "6ngpsod76qckbfe1ujroj36jqtludtn5" and the hashed NextOwner "6ngs0nqfm803lfkduqq4g6it4br6qr0u". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 6ngpsod76qckbfe1ujroj36jqtludtn5.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 22.04.2020, 05:18:19 +, Signature-Inception: 15.04.2020, 04:08:19 +, KeyTag 56311, Signer-Name: com



0 DNSKEY RR found




Zone: ghs.googlehosted.com
ghs.googlehosted.com
0 DS RR in the parent zone found



0 DNSKEY RR found




3. Name Servers

DomainNameserverNS-IP
www.bitwarden.waibel.dev
  ns-cloud-c1.googledomains.com

waibel.dev
  ns-cloud-c1.googledomains.com


  ns-cloud-c2.googledomains.com


  ns-cloud-c3.googledomains.com


  ns-cloud-c4.googledomains.com

dev
  ns-tld1.charlestonroadregistry.com


  ns-tld2.charlestonroadregistry.com


  ns-tld3.charlestonroadregistry.com


  ns-tld4.charlestonroadregistry.com


  ns-tld5.charlestonroadregistry.com


ghs.googlehosted.com
  ns1.google.com
216.239.32.10
Alameda/California/United States (US) - Google LLC


 
2001:4860:4802:32::a
Ashburn/Virginia/United States (US) - Google LLC

googlehosted.com
  ns1.google.com


  ns2.google.com


  ns3.google.com


  ns4.google.com

com
  a.gtld-servers.net


  b.gtld-servers.net


  c.gtld-servers.net


  d.gtld-servers.net


  e.gtld-servers.net


  f.gtld-servers.net


  g.gtld-servers.net


  h.gtld-servers.net


  i.gtld-servers.net


  j.gtld-servers.net


  k.gtld-servers.net


  l.gtld-servers.net


  m.gtld-servers.net


4. SOA-Entries


Domain:dev
Zone-Name:
Primary:ns-tld1.charlestonroadregistry.com
Mail:cloud-dns-hostmaster.google.com
Serial:1
Refresh:21600
Retry:3600
Expire:259200
TTL:300
num Entries:5


Domain:waibel.dev
Zone-Name:
Primary:ns-cloud-c1.googledomains.com
Mail:cloud-dns-hostmaster.google.com
Serial:4
Refresh:21600
Retry:3600
Expire:259200
TTL:300
num Entries:4


Domain:www.bitwarden.waibel.dev
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1



Domain:com
Zone-Name:
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1587194739
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:9


Domain:com
Zone-Name:
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1587194754
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:4


Domain:googlehosted.com
Zone-Name:
Primary:ns1.google.com
Mail:dns-admin.google.com
Serial:307012551
Refresh:900
Retry:900
Expire:1800
TTL:60
num Entries:4


Domain:ghs.googlehosted.com
Zone-Name:
Primary:ns1.google.com
Mail:dns-admin.google.com
Serial:307012551
Refresh:900
Retry:900
Expire:1800
TTL:60
num Entries:2


5. Screenshots

No Screenshot listed, because no url-check with https + http status 200-299, 400-599 + not-ACME-check found.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://bitwarden.waibel.dev/
172.217.17.147
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
0.063
D
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:31 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://bitwarden.waibel.dev/
172.217.18.19
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
0.063
D
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:32 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://bitwarden.waibel.dev/
2a00:1450:400e:807::2013
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
0.080
D
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:32 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://triangle.asuscomm.com
GZip used - 570 / 1373 - 58.49 %
200

Html is minified: 114.99 %
0.776
H
Server: nginx
Date: Sat, 18 Apr 2020 07:26:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Last-Modified: Tue, 24 Mar 2020 20:22:46 GMT
ETag: W/"1d60219fad96a5d"
Referrer-Policy: same-origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; connect-src 'self' wss://bitwarden.waibel.dev https://api.pwnedpasswords.com https://twofactorauth.org; object-src 'self' blob:;
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip

• https://bitwarden.waibel.dev/
172.217.17.147
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
2.756
F
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:32 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://bitwarden.waibel.dev/
172.217.18.19
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
2.413
F
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:38 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://bitwarden.waibel.dev/
2a00:1450:400e:807::2013
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
2.267
F
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:35 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://bitwarden.waibel.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
172.217.17.147
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
0.070
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:40 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://bitwarden.waibel.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
172.217.18.19
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
0.067
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:41 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://bitwarden.waibel.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:1450:400e:807::2013
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://triangle.asuscomm.com
Html is minified: 101.35 %
0.063
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://triangle.asuscomm.com
Date: Sat, 18 Apr 2020 07:26:40 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

7. Comments


1. General Results, most used to calculate the result

Aname "bitwarden.waibel.dev" is subdomain, public suffix is "dev", top-level-domain-type is "generic", tld-manager is "Charleston Road Registry Inc."
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Agood - only one version with Http-Status 200
AExcellent: Main Domain is in the Google-Preload-List
AExcellent: Main Domain is in the Mozilla/Firefox-Preload-List
AHSTS-Preload-Status: Preloaded. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (1 urls)
http://triangle.asuscomm.com


Url with incomplete Content-Type - header - missing charset
Bhttps://bitwarden.waibel.dev/ 172.217.17.147
302

Missing HSTS-Header
Bhttps://bitwarden.waibel.dev/ 172.217.18.19
302

Missing HSTS-Header
Bhttps://bitwarden.waibel.dev/ 2a00:1450:400e:807::2013
302

Missing HSTS-Header
Dhttp://bitwarden.waibel.dev/ 172.217.17.147
302
http://triangle.asuscomm.com
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://bitwarden.waibel.dev/ 172.217.18.19
302
http://triangle.asuscomm.com
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://bitwarden.waibel.dev/ 2a00:1450:400e:807::2013
302
http://triangle.asuscomm.com
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://bitwarden.waibel.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 172.217.17.147
302
http://triangle.asuscomm.com
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://bitwarden.waibel.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 172.217.18.19
302
http://triangle.asuscomm.com
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://bitwarden.waibel.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:1450:400e:807::2013
302
http://triangle.asuscomm.com
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Fhttps://bitwarden.waibel.dev/ 172.217.17.147
302
http://triangle.asuscomm.com
wrong redirect https - http - never redirect https to http
Fhttps://bitwarden.waibel.dev/ 172.217.18.19
302
http://triangle.asuscomm.com
wrong redirect https - http - never redirect https to http
Fhttps://bitwarden.waibel.dev/ 2a00:1450:400e:807::2013
302
http://triangle.asuscomm.com
wrong redirect https - http - never redirect https to http
Hfatal error: No https - result with http-status 200, no encryption
HFatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.

2. DNS- and NameServer - Checks

AGood: Nameserver supports TCP connections: 4 good Nameserver
AGood: Nameserver supports Echo Capitalization: 4 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
Nameserver doesn't pass all EDNS-Checks: ns-cloud-c1.googledomains.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Agood: CAA entries found, creating certificate is limited: pki.goog is allowed to create certificates

3. Content- and Performance-critical Checks

Fatal: All checks of /.well-known/acme-challenge/random-filename have a redirect, destination doesn't have the random filename. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
AInfo: Different Server-Headers found
ADuration: 63483 milliseconds, 63.483 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
bitwarden.waibel.dev
172.217.17.147
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
bitwarden.waibel.dev
172.217.17.147
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
Chain (complete)
1CN=bitwarden.waibel.dev

2CN=GTS CA 1D2, O=Google Trust Services, C=US


bitwarden.waibel.dev
172.217.18.19
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok

bitwarden.waibel.dev
172.217.18.19
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
Chain (complete)
1CN=bitwarden.waibel.dev

2CN=GTS CA 1D2, O=Google Trust Services, C=US


bitwarden.waibel.dev
2a00:1450:400e:807::2013
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok

bitwarden.waibel.dev
2a00:1450:400e:807::2013
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
Chain (complete)
1CN=bitwarden.waibel.dev

2CN=GTS CA 1D2, O=Google Trust Services, C=US


9. Certificates

1.
1.
CN=bitwarden.waibel.dev
17.04.2020
16.07.2020
70 days expired
bitwarden.waibel.dev - 1 entry
1.
1.
CN=bitwarden.waibel.dev
17.04.2020

16.07.2020
70 days expired
bitwarden.waibel.dev - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:009D891EE058019B550A0000000029CDAC
Thumbprint:3034785C2DE98DAE887FECC5BC82460B67688269
SHA256 / Certificate:3FQ/gERHGpHblOEJbcRYWoQzvbeYRQNbZUu9oI2xGuU=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):699b55cdc7a36ac540109fcb3c160fd412bc76b24792f2cb4b16988199fbbae4
SHA256 hex / Subject Public Key Information (SPKI):7d50464182c766cbdb4c8a77e4a2b55498619dd9cac34337cd034845d21b831c
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.pki.goog/gts1d2
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


2.
CN=GTS CA 1D2, O=Google Trust Services, C=US
15.06.2017
15.12.2021
expires in 447 days


2.
CN=GTS CA 1D2, O=Google Trust Services, C=US
15.06.2017

15.12.2021
expires in 447 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:01E3B49D77CDF40C061916B6E3
Thumbprint:884CFCDA54385A12435E847A5F6B167A8CBE1E41
SHA256 / Certificate:1XCEwSeYcycess57hBWkHOkSa1RNhRi62H/xzlpgTaM=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):a8f7ab238b8cc18d55aed444e5a058f23210268a4b52e06ddbe183516330667e
SHA256 hex / Subject Public Key Information (SPKI):90c6a8bd6d5d00a2dde571764ed89fa66268d599b4af907976d9e1e702256737
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.pki.goog/gsr2
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


3.
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
15.12.2006
15.12.2021
expires in 447 days


3.
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
15.12.2006

15.12.2021
expires in 447 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:0400000000010F8626E60D
Thumbprint:75E0ABB6138512271C04F85FDDDE38E4B7242EFE
SHA256 / Certificate:ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=
SHA256 hex / Cert (DANE * 0 1):ca42dd41745fd0b81eb902362cf9d8bf719da1bd1b1efc946f5b4c99f42c1b9e
SHA256 hex / PublicKey (DANE * 1 1):8a27b5557b4bec7cc0305fbf3d53d1f71cd3f34910c5d65e27ecddb82077ba3d
SHA256 hex / Subject Public Key Information (SPKI):1754b08485041841edf669a70a973e653d0c50369810998bb2902a962d300349
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=GTS CA 1D2, O=Google Trust Services, C=US
0
0
1

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1564921697
precert
CN=GTS CA 1D2, O=Google Trust Services, C=US
2020-04-16 23:34:01
2020-07-15 23:34:01
bitwarden.waibel.dev - 1 entries



2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

No CRT - CT-Log entries found


11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
bitwarden.waibel.dev



1
0
ghs.googlehosted.com
0

no CAA entry found
1
0
googlehosted.com
5
issue
pki.goog
1
0
waibel.dev
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0
dev
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
waibel.dev

ok
1
0
googlehosted.com
v=spf1 -all
ok
1
0
ghs.googlehosted.com

ok
1
0
bitwarden.waibel.dev


1
0
_acme-challenge.bitwarden.waibel.dev

Name Error - The domain name does not exist
1
0
_acme-challenge.ghs.googlehosted.com


1
0
_acme-challenge.bitwarden.waibel.dev.waibel.dev

Name Error - The domain name does not exist
1
0
_acme-challenge.ghs.googlehosted.com.googlehosted.com


1
0
_acme-challenge.ghs.googlehosted.com.ghs.googlehosted.com


1
0
_acme-challenge.bitwarden.waibel.dev.bitwarden.waibel.dev

Name Error - The domain name does not exist
1
0


15. Portchecks

No Port checks



Permalink: https://check-your-website.server-daten.de/?i=51fa9566-dd02-4ccb-8ae6-52dfcd17e178


Last Result: https://check-your-website.server-daten.de/?q=bitwarden.waibel.dev - 2020-04-18 09:25:51


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=bitwarden.waibel.dev" target="_blank">Check this Site: bitwarden.waibel.dev</a>