Shortcuts: 1. Basic DNS | 2. Url-Checks | 3. Comments | 4. Connections | 5. Certificates | 6. CT-Logs | 7. Html-Content | 8. CAA | 9. TXT |


N

No trusted Certificate

Checked:
15.05.2019 15:39:25


Older results

No older results found

1. Basic DNS and Nameserver Checks

HostTIP-Addressis auth.∑ Queries∑ Timeout
clickshield-staging.24metrics.com
A
35.233.96.203
yes
1
0

AAAA

yes


www.clickshield-staging.24metrics.com
A
35.233.96.203
yes
1
0

AAAA

yes



Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2019, 00:00:00, Signature-Inception: 11.05.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
com
1 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 28.05.2019, 05:00:00, Signature-Inception: 15.05.2019, 04:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 3800, Flags 256

Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2019, 18:25:33, Signature-Inception: 12.05.2019, 18:20:33, KeyTag 30909, Signer-Name: com

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
24metrics.com
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


clickshield-staging.24metrics.com
0 DS RR in the parent zone found

0 DNSKEY RR found


www.clickshield-staging.24metrics.com
0 DS RR in the parent zone found


DomainNameserverNS-IP
www.clickshield-staging.24metrics.com
  ns-219.awsdns-27.com / eaa5fd01ce2a81f5fa220e82d6143760 -

clickshield-staging.24metrics.com
  ns-219.awsdns-27.com / eaa5fd01ce2a81f5fa220e82d6143760 -
205.251.192.219

 
2600:9000:5300:db00::1
24metrics.com
  ns-1428.awsdns-50.org / d23e598e3a96b5ffe1b039cdfda72041 -


  ns-1662.awsdns-15.co.uk / b340d564a4767d4fe02f9753ab7fd59b -


  ns-219.awsdns-27.com / eaa5fd01ce2a81f5fa220e82d6143760 -


  ns-602.awsdns-11.net / f04f8e211d9fe4ef7e5b866f3055b8e4 -

com
  a.gtld-servers.net


  b.gtld-servers.net


  c.gtld-servers.net


  d.gtld-servers.net


  e.gtld-servers.net


  f.gtld-servers.net


  g.gtld-servers.net


  h.gtld-servers.net


  i.gtld-servers.net


  j.gtld-servers.net


  k.gtld-servers.net


  l.gtld-servers.net


  m.gtld-servers.net



SOA - records (beta)

Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557927552
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:13


Domain:24metrics.com
Primary:ns-219.awsdns-27.com
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:4


Domain:clickshield-staging.24metrics.com
Primary:ns-219.awsdns-27.com
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:2


Domain:www.clickshield-staging.24metrics.com
Primary:ns-219.awsdns-27.com
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:1


2. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://clickshield-staging.24metrics.com/
35.233.96.203
308
https://clickshield-staging.24metrics.com/
0.047
A
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:40:03 GMT
Content-Type: text/html
Content-Length: 172
Connection: close
Location: https://clickshield-staging.24metrics.com/

• http://www.clickshield-staging.24metrics.com/
35.233.96.203
404

0.044
M
Not Found
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:40:03 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Connection: close

• https://clickshield-staging.24metrics.com/
35.233.96.203
401

0.264
N
Unauthorized
Certificate error: RemoteCertificateChainErrors
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:40:03 GMT
Content-Type: text/html
Content-Length: 180
Connection: close
WWW-Authenticate: Basic realm="Authentication Required"
Strict-Transport-Security: max-age=15724800; includeSubDomains

• https://www.clickshield-staging.24metrics.com/
35.233.96.203
404

0.237
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:40:04 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Connection: close
Strict-Transport-Security: max-age=15724800; includeSubDomains

• http://clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.233.96.203
308
https://clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.050
A
Visible Content: 308 Permanent Redirect nginx/1.15.10
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:40:04 GMT
Content-Type: text/html
Content-Length: 172
Connection: close
Location: https://clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• http://www.clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.233.96.203
404

0.047
A
Not Found
Visible Content: default backend - 404
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:40:04 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Connection: close

• https://clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

401

0.233
N
Unauthorized
Certificate error: RemoteCertificateChainErrors
Visible Content: 401 Authorization Required nginx/1.15.10
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:40:04 GMT
Content-Type: text/html
Content-Length: 180
Connection: close
WWW-Authenticate: Basic realm="Authentication Required"
Strict-Transport-Security: max-age=15724800; includeSubDomains

3. Comments

Aname "clickshield-staging.24metrics.com" is subdomain, public suffix is "com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):3 complete Content-Type - header (5 urls)
https://clickshield-staging.24metrics.com/ 35.233.96.203


Url with incomplete Content-Type - header - missing charset
https://clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Url with incomplete Content-Type - header - missing charset
Ahttp://clickshield-staging.24metrics.com/ 35.233.96.203
308
https://clickshield-staging.24metrics.com/
correct redirect http - https with the same domain name
CError - no version with Http-Status 200
Hfatal error: No https - result with http-status 200, no encryption
Mhttp://www.clickshield-staging.24metrics.com/ 35.233.96.203
404

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://clickshield-staging.24metrics.com/ 35.233.96.203
401

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://www.clickshield-staging.24metrics.com/ 35.233.96.203
404

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://clickshield-staging.24metrics.com/ 35.233.96.203
401

Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://www.clickshield-staging.24metrics.com/ 35.233.96.203
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
401

Error - Certificate isn't trusted, RemoteCertificateChainErrors
AGood: Nameserver supports TCP connections: 2 good Nameserver
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 2 good Nameserver
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
ADuration: 42936 milliseconds, 42.936 seconds


4. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
clickshield-staging.24metrics.com
35.233.96.203
443
Certificate/chain invalid
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Chain (complete)
1CN=clickshield-staging.24metrics.com

2CN=Fake LE Intermediate X1
www.clickshield-staging.24metrics.com
35.233.96.203
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Self signed certificate
1CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co


5. Certificates

1.
1.
CN=clickshield-staging.24metrics.com
15.05.2019
13.08.2019
expires in 79 days
clickshield-staging.24metrics.com - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00FA126679F15ACFC8722AD1F7C82F4961947C
Thumbprint:C76D63345018C07C42688B41D7D112F17C55CAEC
SHA256 / Certificate:oq3tGZnpAE5oWeqdJpIx6LhJ0gcOR6uBzgmDfil9d8g=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):799aace2ad96a308d9a8093245d81cae0de4e0bcd7de770aad146f82b2ec366e
OCSP - Url:http://ocsp.stg-int-x1.letsencrypt.org
OCSP - must staple:no
Certificate Transparency:yes

RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.

2.
CN=Fake LE Intermediate X1
24.05.2016
24.05.2036
expires in 6208 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008BE12A0E5944ED3C546431F097614FE5
Thumbprint:4EEE7398C1A3DAF91DA16689DB8243927A271B9A
SHA256 / Certificate:qZwbcdoyrdlClxT3HnQK/cVDxPfwEqdI0kp4m4vz1sc=
SHA256 hex / Cert (DANE * 0 1):a99c1b71da32add9429714f71e740afdc543c4f7f012a748d24a789b8bf3d6c7
SHA256 hex / PublicKey (DANE * 1 1):25ec31d428b56d5f8d9b09432ad80276097501a242e17ec6ea5c95810c712c02
OCSP - Url:http://ocsp.stg-root-x1.letsencrypt.org/
OCSP - must staple:no
Certificate Transparency:no


3.
CN=Fake LE Root X1
23.03.2016
23.03.2036
expires in 6146 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00A73D64A0404B29B2E532CE129E7B37DF
Thumbprint:B3F73C419DAC14711F4B97192BF89C7DEA7A7794
SHA256 / Certificate:IZxP/PsE8dOtbKebK1xsD0STF3qA+jfM5/yaMt8oMj0=
SHA256 hex / Cert (DANE * 0 1):219c4ffcfb04f1d3ad6ca79b2b5c6c0f4493177a80fa37cce7fc9a32df28323d
SHA256 hex / PublicKey (DANE * 1 1):5b7b5b32631b6ad5e6dcabbc7b21b6b23334b9345e90b22caa2c27770bb9da8d
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no


2.
1.
CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co
15.05.2019
14.05.2020
expires in 354 days
ingress.local - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:455997BFED21BAB9C1BEE40C5661D7B9
Thumbprint:E0B2050038FB1B3832EEBEB53AB4298496687345
SHA256 / Certificate:nflypxkDUyfIkse4oNJ2o2esvML55RTWn/f6bNzZxLk=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):b9ddcf709fa937aa740ec3f93344200f55d494463047044e11b0c7dd63b4a26a
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


6. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
7
7

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
903664642
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-05-10 06:42:07
2019-08-08 06:42:07
geoip.clickshield-staging.24metrics.com
1 entries


887708137
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-30 10:03:45
2019-07-29 10:03:45
global-fallback-app.clickshield-staging.24metrics.com
1 entries


887688890
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-30 09:44:01
2019-07-29 09:44:01
global-redirect-app.clickshield-staging.24metrics.com
1 entries


857439272
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-10 19:28:43
2019-07-09 19:28:43
redirect-app.clickshield-staging.24metrics.com
1 entries


851557197
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-07 09:17:55
2019-07-06 09:17:55
redirect-app.clickshield-staging.24metrics.com
1 entries


845200627
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-03 11:45:46
2019-07-02 11:45:46
grafana.clickshield-staging.24metrics.com
1 entries


835978218
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 08:13:36
2019-06-27 08:13:36
tracker.clickshield-staging.24metrics.com
1 entries



2. Source crt.sh - old and new certificates, sometimes very slow.

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
7
15

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1459606890
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-05-10 04:42:07
2019-08-08 04:42:07
geoip.clickshield-staging.24metrics.com
1 entries


1432085277
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-30 08:03:45
2019-07-29 08:03:45
global-fallback-app.clickshield-staging.24metrics.com
1 entries


1432048983
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-30 07:44:01
2019-07-29 07:44:01
global-redirect-app.clickshield-staging.24metrics.com
1 entries


1376969958
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-10 17:28:43
2019-07-09 17:28:43
redirect-app.clickshield-staging.24metrics.com
1 entries


1368677565
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-07 07:17:55
2019-07-06 07:17:55
redirect-app.clickshield-staging.24metrics.com
1 entries


1358981461
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-03 09:45:46
2019-07-02 09:45:46
grafana.clickshield-staging.24metrics.com
1 entries


1349477404
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 07:13:36
2019-06-27 06:13:36
tracker.clickshield-staging.24metrics.com
1 entries


1172834484
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-02-03 09:10:45
2019-05-04 08:10:45
*.tracker.clickshield-staging.24metrics.com
1 entries


1149799619
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-01-27 11:55:34
2019-04-27 10:55:34
tracker.clickshield-staging.24metrics.com
1 entries


1003328350
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-12-05 10:07:52
2019-03-05 10:07:52
*.tracker.clickshield-staging.24metrics.com
1 entries


984021867
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-28 12:54:39
2019-02-26 12:54:39
tracker.clickshield-staging.24metrics.com
1 entries


983974914
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-28 12:30:17
2019-02-26 12:30:17
tracker.clickshield-staging.24metrics.com
1 entries


968181223
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-22 14:25:53
2019-02-20 14:25:53
tracker.clickshield-staging.24metrics.com
1 entries


965170351
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-21 12:30:55
2019-02-19 12:30:55
tracker.clickshield-staging.24metrics.com
1 entries


932499207
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-09 12:20:47
2019-02-07 12:20:47
tracker.clickshield-staging.24metrics.com
1 entries



7. Html-Content - Entries (BETA - mixed content and other checks)

No Html-Content entries found. Only checked if https + status 200/401/403/404


8. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.clickshield-staging.24metrics.com
0

no CAA entry found
1
0
clickshield-staging.24metrics.com
0

no CAA entry found
1
0
24metrics.com
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0


9. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
clickshield-staging.24metrics.com

ok
1
0
www.clickshield-staging.24metrics.com

ok
1
0
_acme-challenge.clickshield-staging.24metrics.com

missing entry or wrong length
1
0
_acme-challenge.www.clickshield-staging.24metrics.com

missing entry or wrong length
1
0
_acme-challenge.clickshield-staging.24metrics.com.24metrics.com

Name Error - The domain name does not exist
1
0
_acme-challenge.clickshield-staging.24metrics.com.clickshield-staging.24metrics.com

perhaps wrong
1
0
_acme-challenge.www.clickshield-staging.24metrics.com.clickshield-staging.24metrics.com

perhaps wrong
1
0
_acme-challenge.www.clickshield-staging.24metrics.com.www.clickshield-staging.24metrics.com

perhaps wrong
1
0



Permalink: https://check-your-website.server-daten.de/?i=628517f0-2224-45cb-ae3f-9e575a0a0902


Last Result: https://check-your-website.server-daten.de/?q=clickshield-staging.24metrics.com - 2019-05-15 15:39:25