Check DNS, Urls + Redirects, Certificates and Content of your Website


 

 

B

 

Missing HSTS or Cookie-warnings

 

Checked:
15.05.2024 19:45:19

 

Older results

 

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
global.com
A
188.212.35.66
London/England/United Kingdom (GB) - NetConnex Broadband Ltd.
Hostname: global-media-sites.nh-serv.co.uk
yes
2
0

AAAA

yes


www.global.com
CNAME
global.com
yes
1
0

A
188.212.35.66
London/England/United Kingdom (GB) - NetConnex Broadband Ltd.
Hostname: global-media-sites.nh-serv.co.uk
yes


*.global.com
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






Status: Valid because published






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 5613, Flags 256






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2024, 00:00:00 +, Signature-Inception: 11.05.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: com

com
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=






1 RRSIG RR to validate DS RR found






RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 28.05.2024, 05:00:00 +, Signature-Inception: 15.05.2024, 04:00:00 +, KeyTag 5613, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5613 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 956, Flags 256






Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 22.05.2024, 14:02:35 +, Signature-Inception: 07.05.2024, 13:57:35 +, KeyTag 19718, Signer-Name: com






Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: global.com

global.com
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "m8moo8qhd4k6o1hgenqdm9bdd7jgtpfg" between the hashed NSEC3-owner "m8moig0iib3blh39thegjbdlhn9l7ieq" and the hashed NextOwner "m8mooaebkqug33g99alrooomqotj1ncr". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner m8moig0iib3blh39thegjbdlhn9l7ieq.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.05.2024, 04:34:45 +, Signature-Inception: 13.05.2024, 03:24:45 +, KeyTag 956, Signer-Name: com






DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q2d6ni4i7eqh8na30ns61o48ul8g5". So that domain name is the Closest Encloser of "global.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.05.2024, 04:25:01 +, Signature-Inception: 13.05.2024, 03:15:01 +, KeyTag 956, Signer-Name: com






0 DNSKEY RR found









Zone: www.global.com

www.global.com
0 DS RR in the parent zone found

 

3. Name Servers

DomainNameserverNS-IP
global.com
  ns0.as39202.net
81.20.49.93
Enfield/England/United Kingdom (GB) - GLOBAL-EQX


  ns1.as39202.net
81.20.49.60
Enfield/England/United Kingdom (GB) - GLOBAL-EQX


  ns2.as39202.co.uk
81.20.48.93
Enfield/England/United Kingdom (GB) - Global Radio

com
  a.gtld-servers.net / nnn1-par6


  b.gtld-servers.net / nnn1-elwaw4


  c.gtld-servers.net / nnn1-par6


  d.gtld-servers.net / nnn1-par6


  e.gtld-servers.net / nnn1-par6


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-frmrs-2


  k.gtld-servers.net / nnn1-frmrs-2


  l.gtld-servers.net / nnn1-ein3


  m.gtld-servers.net / nnn1-nlams-2e

 

4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1715795099
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:12


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1715795114
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:global.com
Zone-Name:global.com
Primary:ns0.as39202.net
Mail:domains.as39202.net
Serial:2024051003
Refresh:300
Retry:600
Expire:2419200
TTL:3600
num Entries:3


5. Screenshots

Startaddress: https://global.com/, address used: https://global.com/, Screenshot created 2024-05-15 19:49:51 +00:0

 

Mobil (412px x 732px)

 

1141 milliseconds

 

Screenshot mobile - https://global.com/
Mobil + Landscape (732px x 412px)

 

1121 milliseconds

 

Screenshot mobile landscape - https://global.com/
Screen (1280px x 1680px)

 

1278 milliseconds

 

Screenshot Desktop - https://global.com/

 

Mobile- and other Chrome-Checks


widthheight
visual Viewport412732
content Size412732

 

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://global.com/
188.212.35.66
301
https://global.com/
Html is minified: 109.46 %
0.054
A
Date: Wed, 15 May 2024 17:46:04 GMT
Connection: close
Location: https://global.com/
X-Served-By: f1bdbba5d865d058fb864afdae8da418
Content-Type: text/html
Content-Length: 162

• http://www.global.com/
188.212.35.66
301
https://www.global.com/
Html is minified: 109.46 %
0.050
A
Date: Wed, 15 May 2024 17:46:04 GMT
Connection: close
Location: https://www.global.com/
X-Served-By: f1bdbba5d865d058fb864afdae8da418
Content-Type: text/html
Content-Length: 162

• https://www.global.com/
188.212.35.66
301
https://global.com/

3.637
A
Date: Wed, 15 May 2024 17:46:09 GMT
Connection: close
Cache-Control: max-age=3600
X-Redirect-By: WordPress
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://global.com/
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: upgrade-insecure-requests
X-Served-By: f1bdbba5d865d058fb864afdae8da418
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 15 May 2024 18:46:09 GMT

• https://global.com/
188.212.35.66
200

Html is minified: 148.33 %
3.370
A
Date: Wed, 15 May 2024 17:46:05 GMT
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: upgrade-insecure-requests
X-Served-By: f1bdbba5d865d058fb864afdae8da418
Content-Type: text/html; charset=UTF-8
Content-Length: 21408
Last-Modified: Wed, 15 May 2024 17:25:41 GMT
Content-Encoding: gzip

• http://global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
188.212.35.66
301
https://global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.46 %
0.056
A
Visible Content:
Date: Wed, 15 May 2024 17:46:13 GMT
Connection: close
Location: https://global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Served-By: f1bdbba5d865d058fb864afdae8da418
Content-Type: text/html
Content-Length: 162

• http://www.global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
188.212.35.66
301
https://www.global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.46 %
0.057
A
Visible Content:
Date: Wed, 15 May 2024 17:46:13 GMT
Connection: close
Location: https://www.global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Served-By: f1bdbba5d865d058fb864afdae8da418
Content-Type: text/html
Content-Length: 162

• https://global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

404

Html is minified: 188.45 %
3.794
B
Not Found
Visible Content:
Date: Wed, 15 May 2024 17:46:19 GMT
Connection: close
Cache-Control: must-revalidate, no-cache, max-age=0
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Set-Cookie: uk_region_suggest=yes; expires=Thu, 16-May-2024 17:46:19 GMT; Max-Age=86400; path=/; domain=.global.com
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Served-By: f1bdbba5d865d058fb864afdae8da418
Content-Type: text/html; charset=UTF-8
Content-Length: 11836
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Content-Encoding: gzip

• https://www.global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

404


3.587
A
Not Found
Visible Content:
Date: Wed, 15 May 2024 17:46:23 GMT
Connection: close
Cache-Control: max-age=3600
X-Redirect-By: WordPress
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Served-By: f1bdbba5d865d058fb864afdae8da418
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 15 May 2024 18:46:23 GMT

• https://188.212.35.66/
188.212.35.66
-16


3.577
W
UnknownError - An error occurred while sending the request.
Certificate error: RemoteCertificateNameMismatch

 

7. Comments


1. General Results, most used to calculate the result

Aname "global.com" is domain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 94244 (complete: 244198)
AGood: All ip addresses are public addresses
Warning: Only one ip address found: global.com has only one ip address.
Warning: Only one ip address found: www.global.com has only one ip address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: global.com has no ipv6 address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: www.global.com has no ipv6 address.
AGood: No asked Authoritative Name Server had a timeout
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: non-www is preferred
AGood: No cookie sent via http.
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Ahttp://global.com/ 188.212.35.66
301
https://global.com/
Correct redirect http - https with the same domain name
Ahttp://www.global.com/ 188.212.35.66
301
https://www.global.com/
Correct redirect http - https with the same domain name
Bhttps://global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
uk_region_suggest=yes; expires=Thu, 16-May-2024 17:46:19 GMT; Max-Age=86400; path=/; domain=.global.com
Cookie sent via https, but not marked as secure
Bhttps://global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
uk_region_suggest=yes; expires=Thu, 16-May-2024 17:46:19 GMT; Max-Age=86400; path=/; domain=.global.com
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Nhttps://188.212.35.66/ 188.212.35.66
-16

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
XFatal error: Nameserver doesn't support TCP connection: ns1.as39202.net / 81.20.49.60: Timeout
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain global.com, 1 ip addresses.
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain www.global.com, 1 ip addresses.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.global.com

2. Header-Checks

Aglobal.com 188.212.35.66
Content-Security-Policy
Ok: Header without syntax errors found: upgrade-insecure-requests
F

Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
E

Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
E

Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E

Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
F

Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
F

Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
A
X-Frame-Options
Ok: Header without syntax errors found: SAMEORIGIN
B

Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
Fglobal.com 188.212.35.66
X-Content-Type-Options
Critical: Missing Header:
Fglobal.com 188.212.35.66
Referrer-Policy
Critical: Missing Header:
Fglobal.com 188.212.35.66
Permissions-Policy
Critical: Missing Header:

3. DNS- and NameServer - Checks

AInfo:: 4 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 3 Name Servers.
AInfo:: 4 Queries complete, 4 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
AGood: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.ns0.as39202.net (81.20.49.93), ns2.as39202.co.uk (81.20.48.93), ns1.as39202.net (81.20.49.60)
AGood (1 - 3.0):: An average of 1.3 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 3 different Name Servers found: ns0.as39202.net, ns1.as39202.net, ns2.as39202.co.uk, 3 Name Servers included in Delegation: ns0.as39202.net, ns1.as39202.net, ns2.as39202.co.uk, 3 Name Servers included in 1 Zone definitions: ns0.as39202.net, ns1.as39202.net, ns2.as39202.co.uk, 1 Name Servers listed in SOA.Primary: ns0.as39202.net.
AGood: Only one SOA.Primary Name Server found.: ns0.as39202.net.
AGood: SOA.Primary Name Server included in the delegation set.: ns0.as39202.net.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: ns0.as39202.net, ns1.as39202.net, ns2.as39202.co.uk
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 3 different Name Servers found
Warning: No Name Server IPv6 address found. IPv6 is the future, so your name servers should be visible via IPv6.: 3 different Name Servers found
AGood: Name servers with different Top Level Domains / Public Suffix List entries found: 3 Name Servers, 2 Top Level Domains: net, co.uk
AGood: Name Servers with different domain names found.: 2 different Domains found
Warning: All Name Servers from the same Country / IP location.: 3 Name Servers, 1 Countries: GB
AInfo: Ipv4-Subnet-list: 3 Name Servers, 1 different subnets (first Byte): 81., 1 different subnets (first two Bytes): 81.20., 2 different subnets (first three Bytes): 81.20.48., 81.20.49.
AGood: Name Server IPv4-addresses from different subnet found:
AGood: Nameserver supports Echo Capitalization: 3 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 3 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 3 good Nameserver
AGood: All SOA have the same Serial Number
AGood: CAA entries found, creating certificate is limited: amazon.com is allowed to create certificates
AGood: CAA entries found, creating certificate is limited: Digicert.com is allowed to create certificates
AGood: CAA entries found, creating certificate is limited: globalsign.com is allowed to create certificates
AGood: CAA entries found, creating certificate is limited: letsencrypt.org is allowed to create certificates
AGood: CAA entries found, creating certificate is limited: pki.goog is allowed to create certificates

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
https://global.com/ 188.212.35.66
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
3.794 seconds
Warning: 404 needs more then one second
https://www.global.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
3.587 seconds
Warning: 404 needs more then one second
ADuration: 288283 milliseconds, 288.283 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
global.com
188.212.35.66
443
ok
Tls12
ECDH Ephermal
384
Aes256
256
Sha384
supported
ok
global.com
188.212.35.66
443
ok
Tls12

ECDH Ephermal
384
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.global.com, O=GLOBAL MEDIA GROUP SERVICES LIMITED, L=London, C=GB


2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


www.global.com
188.212.35.66
443
ok
Tls12
ECDH Ephermal
384
Aes256
256
Sha384
supported
ok

www.global.com
188.212.35.66
443
ok
Tls12

ECDH Ephermal
384
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.global.com, O=GLOBAL MEDIA GROUP SERVICES LIMITED, L=London, C=GB


2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


global.com
global.com
443
ok
Tls12
ECDH Ephermal
384
Aes256
256
Sha384
supported
ok

global.com
global.com
443
ok
Tls12

ECDH Ephermal
384
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.global.com, O=GLOBAL MEDIA GROUP SERVICES LIMITED, L=London, C=GB


2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


www.global.com
www.global.com
443
ok
Tls12
ECDH Ephermal
384
Aes256
256
Sha384
supported
ok

www.global.com
www.global.com
443
ok
Tls12

ECDH Ephermal
384
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.global.com, O=GLOBAL MEDIA GROUP SERVICES LIMITED, L=London, C=GB


2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


188.212.35.66
188.212.35.66
443
name does not match
Tls12
ECDH Ephermal
384
Aes256
256
Sha384
supported
ok

188.212.35.66
188.212.35.66
443
name does not match
Tls12

ECDH Ephermal
384
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=global-media-sites.nh-serv.co.uk


2CN=R3, O=Let's Encrypt, C=US

 

9. Certificates

1.
1.
CN=*.global.com, O=GLOBAL MEDIA GROUP SERVICES LIMITED, L=London, C=GB
10.01.2024
31.01.2025
expires in 11 days
*.global.com, global.com - 2 entries
1.
1.
CN=*.global.com, O=GLOBAL MEDIA GROUP SERVICES LIMITED, L=London, C=GB
10.01.2024

31.01.2025
expires in 11 days


*.global.com, global.com - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:088D228C947C3A60A37D709DA74FD8D3
Thumbprint:AA8F00AE6E73F11E64ACE4BB40CCF0A8C16FADBB
SHA256 / Certificate:lamyWzx96I0rPcJxc6tJ3ikp8nFywDAhdnWmBDxXmgM=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):3a9783eb0116b78163bb92dc94ec9cf79617250ca8c43b7e29c5cdf6cedb0741
SHA256 hex / Subject Public Key Information (SPKI):3a9783eb0116b78163bb92dc94ec9cf79617250ca8c43b7e29c5cdf6cedb0741 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
30.03.2021
30.03.2031
expires in 2260 days


2.
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
30.03.2021

30.03.2031
expires in 2260 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0CF5BD062B5602F47AB8502C23CCF066
Thumbprint:1B511ABEAD59C6CE207077C0BF0E0043B1382612
SHA256 / Certificate:yAJfn8Zf38lbPKjMeGe5pYe1J3lzlXkXRj/IE9C2Jak=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013
15.01.2038
expires in 4743 days


3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013

15.01.2038
expires in 4743 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




2.
1.
CN=global-media-sites.nh-serv.co.uk
29.03.2024
27.06.2024
207 days expired
global-media-sites.nh-serv.co.uk, phpmyadmin.global-media-sites.nh-serv.co.uk - 2 entries
2.
1.
CN=global-media-sites.nh-serv.co.uk
29.03.2024

27.06.2024
207 days expired


global-media-sites.nh-serv.co.uk, phpmyadmin.global-media-sites.nh-serv.co.uk - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:04DC22D905F05055A0DCF13C009ED6DD90C1
Thumbprint:67856A42F9465FCC8BFAE5D4BE2B4EE9125A3C03
SHA256 / Certificate:E39t/t52pzj3TC8KwjbLEkE3aTn4mQ5APs/NzdlLmjI=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c43f91240d49b08fa45945fe495a7ba573a714a6ee3709b3854d04d40ef6c965
SHA256 hex / Subject Public Key Information (SPKI):c43f91240d49b08fa45945fe495a7ba573a714a6ee3709b3854d04d40ef6c965 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 238 days


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 238 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)




3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 3787 days


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 3787 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found

 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found

 

11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404

 

12. Html-Parsing via https://validator.w3.org/nu/

Small Code update, wait one minute

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns0.as39202.net, ns1.as39202.net, ns2.as39202.co.uk

 

QNr.DomainTypeNS used
1
net
NS
a.root-servers.net (2001:503:ba3e::2:30)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
ns0.as39202.net: 81.20.49.93
NS
b.gtld-servers.net (2001:503:231d::2:30)

Answer: ns2.as39202.net
81.20.48.93

Answer: ns1.as39202.net
81.20.49.60
3
uk
NS
m.root-servers.net (2001:dc3::35)

Answer: dns1.nic.uk, dns2.nic.uk, dns3.nic.uk, dns4.nic.uk, nsa.nic.uk, nsb.nic.uk, nsc.nic.uk, nsd.nic.uk
4
ns2.as39202.co.uk: 81.20.48.93
NS
dns1.nic.uk (2a01:618:400::1)

Answer: ns1.as39202.co.uk
81.20.49.60

Answer: ns0.as39202.co.uk
81.20.49.93

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.global.com
5
issue
amazon.com
1
0

5
issue
Digicert.com
1
0

5
issue
globalsign.com
1
0

5
issue
letsencrypt.org
1
0

5
iodef
mailto:caa@global.com
1
0

5
issue
pki.goog
1
0
global.com
5
issue
amazon.com
1
0

5
issue
Digicert.com
1
0

5
issue
globalsign.com
1
0

5
issue
letsencrypt.org
1
0

5
iodef
mailto:caa@global.com
1
0

5
issue
pki.goog
1
0
com
0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
global.com
00d20000000mmv3eac
ok
1
0
global.com
2qxhvts0fgp64qy0hss70zdnblfsvj79
ok
1
0
global.com
4z9j2kbrf9ddxfg7xl3bltxfb0yl685s
ok
1
0
global.com
atlassian-domain-verification=WRY3TsWc/4wJMQJEsB73r/zioqPDv/94Cv+L9WN5OxDFQORpGyKmNbSf1cYXzql2
ok
1
0
global.com
cisco-ci-domain-verification=6c9a0db845421f1470074314cf7af5091bcc083680f25d00e7b82d1e6ee1b0e0
ok
1
0
global.com
MS=ms19686437
ok
1
0
global.com
ZOOM_verify_gNrTa2-6TpqkSt4FGT9Cxw
ok
1
0
www.global.com
amazon-business-verification=fd79a077a23be37ea9fd2a2e928ad2aa8f82fc9601870fedd0e058f350d7608f
ok
1
0
www.global.com
apple-domain-verification=IPpkKh3Btr02zcnG
ok
1
0
www.global.com
google-site-verification=uky43s_VHvomSpkuJme5SknEIhacMDFbZargit3patw
ok
1
0
www.global.com
ZOOM_verify_gNrTa2-6TpqkSt4FGT9Cxw
ok
1
0
_acme-challenge.global.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.global.com

Name Error - The domain name does not exist
1
0
_acme-challenge.global.com.global.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.global.com.global.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.global.com.www.global.com

Name Error - The domain name does not exist
1
0

 

16. DomainService - Entries

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
MX

global.com
0
global-com.mail.protection.outlook.com
01ok

CNAME


ok

CNAME


ok
_dmarc
TXT
_dmarc.global.com

v=DMARC1; p=reject; rua=mailto:globalhosting@eu.cp-dmarc.com;
ok
_dmarc
TXT
global.com._report._dmarc.eu.cp-dmarc.com

mailto:globalhosting@eu.cp-dmarc.com
okMail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.
_dmarc
TXT
global.com._report._dmarc.eu.cp-dmarc.com

v=DMARC1
okConfirmed. Sending reports to external domain is allowed.

 

 

17. Cipher Suites

Summary
DomainIPPortnum CipherstimeStd.ProtocolForward Secrecy
global.com
188.212.35.66
443
10 Ciphers53.20 sec
0 without, 10 FS
100.00 %
www.global.com
188.212.35.66
443
10 Ciphers53.25 sec
0 without, 10 FS
100.00 %
Complete

2
20 Ciphers
10.00 Ciphers/Check
106.45 sec53.23 sec/Check
0 without, 20 FS
100.00 %

Details
DomainIPPortCipher (OpenSsl / IANA)
global.com
188.212.35.66
443
ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS
10 Ciphers, 53.20 sec
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDH
RSA
AESGCM(256)
AEAD




DHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0x00,0x9F
FS

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

DH
RSA
AESGCM(256)
AEAD




DHE-RSA-AES256-CCM8
(Secure)
TLSv1.2
0xC0,0xA3
FS

TLS_DHE_RSA_WITH_AES_256_CCM_8

DH
RSA
AESCCM8(256)
AEAD




DHE-RSA-AES256-CCM
(Secure)
TLSv1.2
0xC0,0x9F
FS

TLS_DHE_RSA_WITH_AES_256_CCM

DH
RSA
AESCCM(256)
AEAD




ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDH
RSA
AESGCM(128)
AEAD




DHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0x00,0x9E
FS

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

DH
RSA
AESGCM(128)
AEAD




ECDHE-RSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x28
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

ECDH
RSA
AES(256)
SHA384




DHE-RSA-AES256-SHA256
(Weak)
TLSv1.2
0x00,0x6B
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

DH
RSA
AES(256)
SHA256




ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

ECDH
RSA
AES(256)
SHA1




DHE-RSA-AES256-SHA
(Weak)
SSLv3
0x00,0x39
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

DH
RSA
AES(256)
SHA1

www.global.com
188.212.35.66
443
ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS
10 Ciphers, 53.25 sec
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDH
RSA
AESGCM(256)
AEAD




DHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0x00,0x9F
FS

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

DH
RSA
AESGCM(256)
AEAD




DHE-RSA-AES256-CCM8
(Secure)
TLSv1.2
0xC0,0xA3
FS

TLS_DHE_RSA_WITH_AES_256_CCM_8

DH
RSA
AESCCM8(256)
AEAD




DHE-RSA-AES256-CCM
(Secure)
TLSv1.2
0xC0,0x9F
FS

TLS_DHE_RSA_WITH_AES_256_CCM

DH
RSA
AESCCM(256)
AEAD




ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDH
RSA
AESGCM(128)
AEAD




DHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0x00,0x9E
FS

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

DH
RSA
AESGCM(128)
AEAD




ECDHE-RSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x28
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

ECDH
RSA
AES(256)
SHA384




DHE-RSA-AES256-SHA256
(Weak)
TLSv1.2
0x00,0x6B
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

DH
RSA
AES(256)
SHA256




ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

ECDH
RSA
AES(256)
SHA1




DHE-RSA-AES256-SHA
(Weak)
SSLv3
0x00,0x39
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

DH
RSA
AES(256)
SHA1

 

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

 

 

Permalink: https://check-your-website.server-daten.de/?i=b0c25e95-2011-4408-9a2e-30b8765568cd

 

Last Result: https://check-your-website.server-daten.de/?q=global.com - 2024-05-15 19:45:19

 

Do you like this page? Support this tool, add a link on your page:

 

<a href="https://check-your-website.server-daten.de/?q=global.com" target="_blank">Check this Site: global.com</a>

 

 

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

 

QR-Code of this page - https://check-your-website.server-daten.de/?d=global.com