Check DNS, Urls + Redirects, Certificates and Content of your Website

hide

skip EDNS-Check

skip Content-Check

check links

Http as Destination - no encryption

Checked:
31.10.2020 01:33:28

Older results

H - 30.10.2020 01:35:39

H - 29.10.2020 02:09:27

H - 29.10.2020 02:00:57

H - 28.10.2020 02:08:15

H - 28.10.2020 02:00:02

H - 27.10.2020 11:00:34

H - 27.10.2020 02:07:29

H - 27.10.2020 01:59:16

H - 26.10.2020 02:08:23

H - 26.10.2020 01:59:50

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
iana.org	A	192.0.43.8 Los Angeles/California/United States (US) - ICANN Hostname: 43-8.any.icann.org	yes	1	0
	AAAA	2001:500:88:200::8 Los Angeles/California/United States (US) - ICANN	yes
www.iana.org	CNAME	ianawww.vip.icann.org	yes	1	0
	A	192.0.47.8 Los Angeles/California/United States (US) - ICANN Hostname: www.iana.org	yes
	AAAA	2620:0:2d0:200::8 Los Angeles/California/United States (US) - ICANN	yes
*.iana.org	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 26116, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.11.2020, 00:00:00 +, Signature-Inception: 21.10.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: org
org	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=


	2 RRSIG RR to validate DS RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 12.11.2020, 21:00:00 +, Signature-Inception: 30.10.2020, 20:00:00 +, KeyTag 26116, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26116 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 26974, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 34266, Flags 256


	Public Key with Algorithm 8, KeyTag 63858, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 900 sec, Signature-expiration: 18.11.2020, 15:28:48 +, Signature-Inception: 28.10.2020, 14:28:48 +, KeyTag 26974, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26974 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest "T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: iana.org
iana.org	6 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 6730, DigestType 1 and Digest FaHucJ5RwGUnmdnNNko3rLjmcoU=


	DS with Algorithm 8, KeyTag 6730, DigestType 2 and Digest /KA3dvozq1c2mq6LCJk49AAeIICUNic0JCp+vk3bV1U=


	DS with Algorithm 8, KeyTag 14351, DigestType 1 and Digest TAjAV1Tdp8z2K0GsRQhz0nEiHMM=


	DS with Algorithm 8, KeyTag 14351, DigestType 2 and Digest 4aDJLAZjICJA/DSB90fQCQHNFOJouIShFC16R12xqBA=


	DS with Algorithm 8, KeyTag 39817, DigestType 1 and Digest SyY09p7djQdB2oYp4gZLBegTjlE=


	DS with Algorithm 8, KeyTag 39817, DigestType 2 and Digest X7cq6Ew1o13ff6JOp5HNl2PENgl5wMu2/yxAevmuWAI=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 18.11.2020, 15:28:48 +, Signature-Inception: 28.10.2020, 14:28:48 +, KeyTag 63858, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 63858 used to validate the DS RRSet in the parent zone


	4 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 21911, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 32754, Flags 256


	Public Key with Algorithm 8, KeyTag 39817, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 56046, Flags 256


	2 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 07.11.2020, 08:12:12 +, Signature-Inception: 16.10.2020, 20:44:27 +, KeyTag 21911, Signer-Name: iana.org


	RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 07.11.2020, 08:12:12 +, Signature-Inception: 16.10.2020, 20:44:27 +, KeyTag 39817, Signer-Name: iana.org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 21911 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39817 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 39817, DigestType 1 and Digest "SyY09p7djQdB2oYp4gZLBegTjlE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 39817, DigestType 2 and Digest "X7cq6Ew1o13ff6JOp5HNl2PENgl5wMu2/yxAevmuWAI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	RRSIG Type 1 validates the A - Result: 192.0.43.8 Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.11.2020, 16:36:37 +, Signature-Inception: 25.10.2020, 20:44:27 +, KeyTag 32754, Signer-Name: iana.org


	RRSIG Type 16 validates the TXT - Result: MS=ms22660639 v=spf1 redirect=icann.org c9e864a6c53444038d34fe3a22513b74 docusign=b2d7c7b0-4627-494b-a7aa-682ee87c265d smartsheet-site-validation=CcnvONgQ2ibuzf2zHZxgPaWUqTwt-Sjr google-site-verification=iIqTTcUxND4wZOeVe5Ho728rH3JOSDnssYsYJ7pUtQQ Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.11.2020, 07:18:38 +, Signature-Inception: 30.10.2020, 02:44:27 +, KeyTag 32754, Signer-Name: iana.org


	RRSIG Type 28 validates the AAAA - Result: 2001:0500:0088:0200:0000:0000:0000:0008 Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 16.11.2020, 06:55:02 +, Signature-Inception: 25.10.2020, 20:44:27 +, KeyTag 32754, Signer-Name: iana.org


	CNAME-Query sends a valid NSEC RR as result with the query name "iana.org" equal the NSEC-owner "iana.org" and the NextOwner "api.iana.org". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.11.2020, 11:35:39 +, Signature-Inception: 25.10.2020, 08:44:27 +, KeyTag 32754, Signer-Name: iana.org


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.iana.org) sends a valid NSEC RR as result with the owner name iana.org. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "iana.org" and the NextOwner "api.iana.org". So that NSEC confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.iana.org) sends a valid NSEC RR as result with the query name "_443._tcp.iana.org" between the NSEC-owner "iana.org" and the NextOwner "api.iana.org". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.iana.org) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.iana.org" between the NSEC-owner "iana.org" and the NextOwner "api.iana.org". So the zone confirmes the not-existence of that Wildcard-expansion. Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.11.2020, 11:35:39 +, Signature-Inception: 25.10.2020, 08:44:27 +, KeyTag 32754, Signer-Name: iana.org


	Status: Good. NXDomain-Proof required and found.


	CAA-Query sends a valid NSEC RR as result with the query name "iana.org" equal the NSEC-owner "iana.org" and the NextOwner "api.iana.org". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.11.2020, 11:35:39 +, Signature-Inception: 25.10.2020, 08:44:27 +, KeyTag 32754, Signer-Name: iana.org


	Status: Good. NoData-Proof required and found.

Zone: www.iana.org
www.iana.org	2 DS RR in the parent zone found


	DS with Algorithm 7, KeyTag 45993, DigestType 1 and Digest a3Nc7mQDPhksQKXzPvCCX9eptig=


	DS with Algorithm 7, KeyTag 45993, DigestType 2 and Digest TMi2M33gNRREKzu6bAp37+iMBtYlouT7l1k+jIdNQmA=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner vip.icann.org., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 06.11.2020, 02:00:19 +, Signature-Inception: 15.10.2020, 19:31:17 +, KeyTag 23205, Signer-Name: icann.org


	• not checked


	RRSIG Type 5 validates the CNAME - Result: ianawww.vip.icann.org Validated: RRSIG-Owner www.iana.org., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 16.11.2020, 18:59:23 +, Signature-Inception: 26.10.2020, 06:44:27 +, KeyTag 32754, Signer-Name: iana.org

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 26116, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.11.2020, 00:00:00 +, Signature-Inception: 21.10.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: org
org	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=


	2 RRSIG RR to validate DS RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 12.11.2020, 21:00:00 +, Signature-Inception: 30.10.2020, 20:00:00 +, KeyTag 26116, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26116 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 26974, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 34266, Flags 256


	Public Key with Algorithm 8, KeyTag 63858, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 900 sec, Signature-expiration: 18.11.2020, 15:28:48 +, Signature-Inception: 28.10.2020, 14:28:48 +, KeyTag 26974, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26974 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest "T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: icann.org
icann.org	3 DS RR in the parent zone found


	DS with Algorithm 7, KeyTag 17248, DigestType 2 and Digest iFz4ps81/Vxhnh1ItZr7IwY7up/sUv8l+ZCUy6EJEKI=


	DS with Algorithm 7, KeyTag 18060, DigestType 2 and Digest a+AhgYufEO2YGgOsv3TwHjH7FcWGgK0MS6pGS/N6dSM=


	DS with Algorithm 7, KeyTag 23584, DigestType 2 and Digest r1ekkmQBAoCSCaoAW5PDK3rMg3NLx4XPpQtRaIKZzWE=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner icann.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 18.11.2020, 15:28:48 +, Signature-Inception: 28.10.2020, 14:28:48 +, KeyTag 63858, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 63858 used to validate the DS RRSet in the parent zone


	5 DNSKEY RR found


	Public Key with Algorithm 7, KeyTag 2537, Flags 256


	Public Key with Algorithm 7, KeyTag 12204, Flags 256


	Public Key with Algorithm 7, KeyTag 18060, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 7, KeyTag 23205, Flags 256


	Public Key with Algorithm 7, KeyTag 23584, Flags 257 (SEP = Secure Entry Point)


	2 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner icann.org., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 20.11.2020, 13:38:42 +, Signature-Inception: 30.10.2020, 16:56:24 +, KeyTag 18060, Signer-Name: icann.org


	RRSIG-Owner icann.org., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 20.11.2020, 13:38:42 +, Signature-Inception: 30.10.2020, 16:56:24 +, KeyTag 23584, Signer-Name: icann.org


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 18060 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 23584 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 18060, DigestType 2 and Digest "a+AhgYufEO2YGgOsv3TwHjH7FcWGgK0MS6pGS/N6dSM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	• Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 23584, DigestType 2 and Digest "r1ekkmQBAoCSCaoAW5PDK3rMg3NLx4XPpQtRaIKZzWE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: vip.icann.org
vip.icann.org	2 DS RR in the parent zone found


	DS with Algorithm 7, KeyTag 45993, DigestType 1 and Digest a3Nc7mQDPhksQKXzPvCCX9eptig=


	DS with Algorithm 7, KeyTag 45993, DigestType 2 and Digest TMi2M33gNRREKzu6bAp37+iMBtYlouT7l1k+jIdNQmA=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner vip.icann.org., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 06.11.2020, 02:00:19 +, Signature-Inception: 15.10.2020, 19:31:17 +, KeyTag 23205, Signer-Name: icann.org


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 23205 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 7, KeyTag 34049, Flags 256


	Public Key with Algorithm 7, KeyTag 35822, Flags 256


	Public Key with Algorithm 7, KeyTag 45993, Flags 257 (SEP = Secure Entry Point)


	3 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner vip.icann.org., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2020, 07:13:40 +, Signature-Inception: 27.10.2020, 07:13:40 +, KeyTag 34049, Signer-Name: vip.icann.org


	RRSIG-Owner vip.icann.org., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2020, 07:13:40 +, Signature-Inception: 27.10.2020, 07:13:40 +, KeyTag 35822, Signer-Name: vip.icann.org


	RRSIG-Owner vip.icann.org., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2020, 07:13:40 +, Signature-Inception: 27.10.2020, 07:13:40 +, KeyTag 45993, Signer-Name: vip.icann.org


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 34049 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 35822 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 45993 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 45993, DigestType 1 and Digest "a3Nc7mQDPhksQKXzPvCCX9eptig=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	• Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 45993, DigestType 2 and Digest "TMi2M33gNRREKzu6bAp37+iMBtYlouT7l1k+jIdNQmA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ianawww.vip.icann.org
ianawww.vip.icann.org	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "023o8rkihndbiom131l07n523hrtils3" between the hashed NSEC3-owner "023o8rkihndbiom131l07n523hrtils3" and the hashed NextOwner "023o8rkihndbiom131l07n523hrtils4". So the parent zone confirmes the not-existence of a DS RR. Bitmap: NS, RRSIG Validated: RRSIG-Owner 023o8rkihndbiom131l07n523hrtils3.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 60 sec, Signature-expiration: 06.11.2020, 17:46:07 +, Signature-Inception: 30.10.2020, 17:46:07 +, KeyTag 34049, Signer-Name: vip.icann.org


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "023o8rkihndbiom131l07n523hrtils3" between the hashed NSEC3-owner "023o8rkihndbiom131l07n523hrtils3" and the hashed NextOwner "023o8rkihndbiom131l07n523hrtils4". So the parent zone confirmes the not-existence of a DS RR. Bitmap: NS, RRSIG Validated: RRSIG-Owner 023o8rkihndbiom131l07n523hrtils3.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 60 sec, Signature-expiration: 06.11.2020, 17:46:07 +, Signature-Inception: 30.10.2020, 17:46:07 +, KeyTag 35822, Signer-Name: vip.icann.org


	0 DNSKEY RR found





	RRSIG Type 1 validates the A - Result: 192.0.47.8 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 30 sec, Signature-expiration: 03.11.2020, 07:13:39 +, Signature-Inception: 27.10.2020, 07:13:39 +, KeyTag 34049, Signer-Name: vip.icann.org


	RRSIG Type 1 validates the A - Result: 192.0.47.8 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 30 sec, Signature-expiration: 03.11.2020, 07:13:39 +, Signature-Inception: 27.10.2020, 07:13:39 +, KeyTag 34049, Signer-Name: vip.icann.org


	RRSIG Type 28 validates the AAAA - Result: 2620:0000:02D0:0200:0000:0000:0000:0008 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 30 sec, Signature-expiration: 03.11.2020, 07:13:40 +, Signature-Inception: 27.10.2020, 07:13:40 +, KeyTag 34049, Signer-Name: vip.icann.org


	RRSIG Type 28 validates the AAAA - Result: 2620:0000:02D0:0200:0000:0000:0000:0008 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 30 sec, Signature-expiration: 03.11.2020, 07:13:40 +, Signature-Inception: 27.10.2020, 07:13:40 +, KeyTag 34049, Signer-Name: vip.icann.org


	RRSIG Type 1 validates the A - Result: 192.0.47.8 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 30 sec, Signature-expiration: 07.11.2020, 00:31:26 +, Signature-Inception: 31.10.2020, 00:31:26 +, KeyTag 35822, Signer-Name: vip.icann.org


	RRSIG Type 1 validates the A - Result: 192.0.47.8 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 30 sec, Signature-expiration: 07.11.2020, 00:31:26 +, Signature-Inception: 31.10.2020, 00:31:26 +, KeyTag 35822, Signer-Name: vip.icann.org


	RRSIG Type 28 validates the AAAA - Result: 2620:0000:02D0:0200:0000:0000:0000:0008 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 30 sec, Signature-expiration: 07.11.2020, 00:31:21 +, Signature-Inception: 31.10.2020, 00:31:21 +, KeyTag 35822, Signer-Name: vip.icann.org


	RRSIG Type 28 validates the AAAA - Result: 2620:0000:02D0:0200:0000:0000:0000:0008 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 30 sec, Signature-expiration: 07.11.2020, 00:31:21 +, Signature-Inception: 31.10.2020, 00:31:21 +, KeyTag 35822, Signer-Name: vip.icann.org


	CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "023o8rkihndbiom131l07n523hrtils3" equal the hashed NSEC3-owner "023o8rkihndbiom131l07n523hrtils3" and the hashed NextOwner "023o8rkihndbiom131l07n523hrtils4". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: TXT, RRSIG Validated: RRSIG-Owner 023o8rkihndbiom131l07n523hrtils3.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 60 sec, Signature-expiration: 06.11.2020, 17:46:14 +, Signature-Inception: 30.10.2020, 17:46:14 +, KeyTag 35822, Signer-Name: vip.icann.org


	Status: Good. NoData-Proof required and found.


	TXT-Query sends a valid NSEC3 RR as result with the hashed query name "023o8rkihndbiom131l07n523hrtils3" equal the hashed NSEC3-owner "023o8rkihndbiom131l07n523hrtils3" and the hashed NextOwner "023o8rkihndbiom131l07n523hrtils4". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: 13, RRSIG Validated: RRSIG-Owner 023o8rkihndbiom131l07n523hrtils3.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 60 sec, Signature-expiration: 06.11.2020, 23:38:05 +, Signature-Inception: 30.10.2020, 23:38:05 +, KeyTag 35822, Signer-Name: vip.icann.org


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.ianawww.vip.icann.org) sends a valid NSEC3 RR as result with the hashed owner name "3c6ruv5f534c6e6akb0sg14o1pnt3hdu" (unhashed: _tcp.ianawww.vip.icann.org). So that's the Closest Encloser of the query name. Bitmap: No Bitmap? Validated: RRSIG-Owner 3c6ruv5f534c6e6akb0sg14o1pnt3hdu.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 60 sec, Signature-expiration: 07.11.2020, 00:35:33 +, Signature-Inception: 31.10.2020, 00:35:33 +, KeyTag 35822, Signer-Name: vip.icann.org


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "5s27t4amjgdmfsfs9nfn3g0453sf5nrd" (unhashed: *._tcp.ianawww.vip.icann.org) with the owner "5s27t4amjgdmfsfs9nfn3g0453sf5nrc" and the NextOwner "5s27t4amjgdmfsfs9nfn3g0453sf5nre". So that NSEC3 confirms the not-existence of the Wildcard expansion. Bitmap: No Bitmap? Validated: RRSIG-Owner 5s27t4amjgdmfsfs9nfn3g0453sf5nrc.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 60 sec, Signature-expiration: 07.11.2020, 00:35:33 +, Signature-Inception: 31.10.2020, 00:35:33 +, KeyTag 35822, Signer-Name: vip.icann.org


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query (_443._tcp.ianawww.vip.icann.org) sends a valid NSEC3 RR as result with the hashed query name "rj3bfemnrqcnm10v50n9lvta9uih6dk3" between the hashed NSEC3-owner "rj3bfemnrqcnm10v50n9lvta9uih6dk2" and the hashed NextOwner "rj3bfemnrqcnm10v50n9lvta9uih6dk4". So the zone confirmes the not-existence of that TLSA RR. Bitmap: No Bitmap? Validated: RRSIG-Owner rj3bfemnrqcnm10v50n9lvta9uih6dk2.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 60 sec, Signature-expiration: 07.11.2020, 00:35:33 +, Signature-Inception: 31.10.2020, 00:35:33 +, KeyTag 35822, Signer-Name: vip.icann.org


	Status: Good. NXDomain-Proof required and found.


	CAA-Query sends a valid NSEC3 RR as result with the hashed query name "or6qa45upibdjkcfkmnjnbdelthokhrt" equal the hashed NSEC3-owner "or6qa45upibdjkcfkmnjnbdelthokhrt" and the hashed NextOwner "or6qa45upibdjkcfkmnjnbdelthokhru". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: TXT, RRSIG Validated: RRSIG-Owner or6qa45upibdjkcfkmnjnbdelthokhrt.vip.icann.org., Algorithm: 7, 4 Labels, original TTL: 60 sec, Signature-expiration: 06.11.2020, 18:18:53 +, Signature-Inception: 30.10.2020, 18:18:53 +, KeyTag 35822, Signer-Name: vip.icann.org


	Status: Good. NoData-Proof required and found.

3. Name Servers

Domain	Nameserver	NS-IP
iana.org	• a.iana-servers.net / iad.aservers.dns.icann.org	199.43.135.53 Ashburn/Virginia/United States (US) - ICANN	•
	•	2001:500:8f::53 Los Angeles/California/United States (US) - ICANN	•
	• b.iana-servers.net / iad.bservers.dns.icann.org	199.43.133.53 Ashburn/Virginia/United States (US) - ICANN	•
	•	2001:500:8d::53 Los Angeles/California/United States (US) - ICANN	•
	• c.iana-servers.net / ns012b.app25.ams2.afilias-nst.info	199.43.134.53 Washington/District of Columbia/United States (US) - Afilias, Inc.	•
	•	2001:500:8e::53 Los Angeles/California/United States (US) - ICANN	•
	• ns.icann.org / iad.nsicann.dns.icann.org	199.4.138.53 Los Angeles/California/United States (US) - ICANN	•
	•	2001:500:89::53 Los Angeles/California/United States (US) - ICANN	•
	• sns.dns.icann.org / 6c617830312e6773692d646973747269627574696f6e2e646e732e6963616e6e2e6f7267	192.0.32.162 Los Angeles/California/United States (US) - ICANN	•
org	• a0.org.afilias-nst.info / ns000b.app21.ams2.afilias-nst.info		•
	• a2.org.afilias-nst.info / LHR4		•
	• b0.org.afilias-nst.org / ns000b.app12.ams2.afilias-nst.info		•
	• b2.org.afilias-nst.org / LHR3		•
	• c0.org.afilias-nst.info / app5.iad1.hosts.meta.redstone.afilias-nst.info-2		•
	• d0.org.afilias-nst.org / ns000b.app12.ams2.afilias-nst.info		•

ianawww.vip.icann.org	• gtm1.lax.icann.org	192.0.32.252 Los Angeles/California/United States (US) - ICANN	•
	•	2620:0:2d0:296::252 Los Angeles/California/United States (US) - ICANN	•
vip.icann.org	• gtm1.dc.icann.org	192.0.47.252 Los Angeles/California/United States (US) - ICANN	•
	•	2620:0:2830:296::252 Troy/New York/United States (US) - ICANN	•
	• gtm1.lax.icann.org	192.0.32.252 Los Angeles/California/United States (US) - ICANN	•
	•	2620:0:2d0:296::252 Los Angeles/California/United States (US) - ICANN	•
	• gtm1.mdr.icann.org	192.0.36.252 Los Angeles/California/United States (US) - ICANN	•
	•	2620:0:2ed0:296::252 Los Angeles/California/United States (US) - ICANN	•
icann.org	• a.icann-servers.net / iad.aservers.dns.icann.org	199.43.135.53 Ashburn/Virginia/United States (US) - ICANN	•
	•	2001:500:8f::53 Los Angeles/California/United States (US) - ICANN	•
	• b.icann-servers.net / iad.bservers.dns.icann.org	199.43.133.53 Ashburn/Virginia/United States (US) - ICANN	•
	•	2001:500:8d::53 Los Angeles/California/United States (US) - ICANN	•
	• c.icann-servers.net / ns012b.app27.ams2.afilias-nst.info	199.43.134.53 Washington/District of Columbia/United States (US) - Afilias, Inc.	•
	•	2001:500:8e::53 Los Angeles/California/United States (US) - ICANN	•
	• ns.icann.org / iad.nsicann.dns.icann.org	199.4.138.53 Los Angeles/California/United States (US) - ICANN	•
	•	2001:500:89::53 Los Angeles/California/United States (US) - ICANN	•
	• sns.dns.icann.org
org	• a0.org.afilias-nst.info / ns000b.app3.ams2.afilias-nst.info		•
	• a2.org.afilias-nst.info / LHR5		•
	• b0.org.afilias-nst.org / ns000a.app1.ams2.afilias-nst.info		•
	• b2.org.afilias-nst.org / LHR3		•
	• c0.org.afilias-nst.info / app1.iad1.hosts.meta.redstone.afilias-nst.info-2		•
	• d0.org.afilias-nst.org / ns000b.app19.ams2.afilias-nst.info		•

4. SOA-Entries

Domain:	org
Zone-Name:	org
Primary:	a0.org.afilias-nst.info
Mail:	noc.afilias-nst.info
Serial:	2014127525
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	86400
num Entries:	6

Domain:	iana.org
Zone-Name:	iana.org
Primary:	sns.dns.icann.org
Mail:	noc.dns.icann.org
Serial:	2020092961
Refresh:	7200
Retry:	3600
Expire:	1209600
TTL:	3600
num Entries:	9


Domain:	org
Zone-Name:	org
Primary:	a0.org.afilias-nst.info
Mail:	noc.afilias-nst.info
Serial:	2014127525
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	86400
num Entries:	3

Domain:	org
Zone-Name:	org
Primary:	a0.org.afilias-nst.info
Mail:	noc.afilias-nst.info
Serial:	2014127526
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	86400
num Entries:	3

Domain:	icann.org
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1

Domain:	icann.org
Zone-Name:	icann.org
Primary:	sns.dns.icann.org
Mail:	noc.dns.icann.org
Serial:	2020103004
Refresh:	10800
Retry:	3600
Expire:	1209600
TTL:	3600
num Entries:	8

Domain:	vip.icann.org
Zone-Name:	vip.icann.org
Primary:	gtm1.lax.icann.org
Mail:	hostmaster.gtm1.lax.icann.org
Serial:	2020103002
Refresh:	10800
Retry:	3600
Expire:	604800
TTL:	60
num Entries:	6

Domain:	ianawww.vip.icann.org
Zone-Name:	vip.icann.org
Primary:	gtm1.lax.icann.org
Mail:	hostmaster.gtm1.lax.icann.org
Serial:	2020103002
Refresh:	10800
Retry:	3600
Expire:	604800
TTL:	60
num Entries:	2

5. Screenshots

Startaddress: https://www.iana.org, address used: https://www.iana.org/, Screenshot created 2020-10-31 01:38:52 +00:0

Mobil (412px x 732px)

445 milliseconds

Screenshot mobile - https://www.iana.org/

Mobil + Landscape (732px x 412px)

451 milliseconds

Screenshot mobile landscape - https://www.iana.org/

Screen (1280px x 1680px)

1159 milliseconds

Screenshot Desktop - https://www.iana.org/

Mobile- and other Chrome-Checks

	width	height
visual Viewport	396	732
content Size	396	1432

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

Chrome-Connection: secure. secure connection settings. The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_256_GCM.

Chrome-Resources : secure. all served securely. All resources on this page are served securely.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://iana.org/ 192.0.43.8	301	https://www.iana.org/ Html is minified: 100.00 %	0.234	E
Date: Sat, 31 Oct 2020 00:36:16 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 04 Nov 2020 00:36:16 GMT
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://iana.org/ 2001:500:88:200::8	301	https://www.iana.org/ Html is minified: 100.00 %	0.217	E
Date: Sat, 31 Oct 2020 00:36:16 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 04 Nov 2020 00:36:16 GMT
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://www.iana.org/ 192.0.47.8 GZip used - 1850 / 6735 - 72.53 %	200	Html is minified: 154.72 %	0.220	H
Date: Sat, 31 Oct 2020 00:22:03 GMT
Server: Apache
Last-Modified: Thu, 24 May 2018 19:50:35 GMT
Vary: Accept-Encoding
Expires: Sat, 31 Oct 2020 00:40:28 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests
Age: 3347
Content-Encoding: gzip
Cache-Control: public, max-age=3600
Content-Length: 1850
Connection: close
Content-Type: text/html; charset=UTF-8

• http://www.iana.org/ 2620:0:2d0:200::8 GZip used - 1850 / 6735 - 72.53 %	200	Html is minified: 154.72 %	0.310	H
Date: Sat, 31 Oct 2020 00:36:16 GMT
Server: Apache
Last-Modified: Thu, 24 May 2018 19:40:12 GMT
Age: 1728
Content-Encoding: gzip
Expires: Sat, 31 Oct 2020 01:10:37 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests
Cache-Control: public, max-age=3600
Content-Length: 1850
Connection: close
Content-Type: text/html; charset=UTF-8

• https://iana.org/ 192.0.43.8	301	https://www.iana.org/ Html is minified: 100.00 %	3.686	B
Date: Sat, 31 Oct 2020 00:36:17 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 04 Nov 2020 00:36:17 GMT
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://iana.org/ 2001:500:88:200::8	301	https://www.iana.org/ Html is minified: 100.00 %	3.076	B
Date: Sat, 31 Oct 2020 00:36:21 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 04 Nov 2020 00:36:21 GMT
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://www.iana.org/ 192.0.47.8 GZip used - 1850 / 6735 - 72.53 % Inline-JavaScript (∑/total): 3/331 Inline-CSS (∑/total): 0/0	200	Html is minified: 154.72 %	3.450	A
Date: Sat, 31 Oct 2020 00:30:45 GMT
Server: Apache
Last-Modified: Thu, 24 May 2018 19:50:35 GMT
Vary: Accept-Encoding
Expires: Sat, 31 Oct 2020 00:55:40 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests
Age: 2443
Content-Encoding: gzip
Cache-Control: public, max-age=3600
Content-Length: 1850
Connection: close
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=48211200; preload

• https://www.iana.org/ 2620:0:2d0:200::8 GZip used - 1850 / 6735 - 72.53 % Inline-JavaScript (∑/total): 3/331 Inline-CSS (∑/total): 0/0	200	Html is minified: 154.72 %	4.000	A
Date: Sat, 31 Oct 2020 00:36:29 GMT
Server: Apache
Last-Modified: Thu, 24 May 2018 19:40:12 GMT
Vary: Accept-Encoding
Expires: Sat, 31 Oct 2020 01:10:46 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests
Age: 1543
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Cache-Control: public, max-age=3600
Connection: close
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=48211200; preload

• http://iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 192.0.43.8 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	301	https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 100.00 %	0.234	E
Visible Content: Moved Permanently The document has moved here .
Date: Sat, 31 Oct 2020 00:36:33 GMT
Server: Apache
Location: https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Cache-Control: max-age=345600
Expires: Wed, 04 Nov 2020 00:36:33 GMT
Content-Length: 298
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2001:500:88:200::8 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	301	https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 100.00 %	0.207	E
Visible Content: Moved Permanently The document has moved here .
Date: Sat, 31 Oct 2020 00:36:33 GMT
Server: Apache
Location: https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Cache-Control: max-age=345600
Expires: Wed, 04 Nov 2020 00:36:33 GMT
Content-Length: 298
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 192.0.47.8 Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 0/0	404	Html is minified: 123.52 %	0.233	A
NOT FOUND
Visible Content: Domains Numbers Protocols About Us This page does not exist. If you believe this page should exist, please let us know by reporting the problem to iana@iana.org and we will investigate a solution. Domain Names Root Zone Registry .INT Registry .ARPA Registry IDN Repository Number Resources Abuse Information Protocols Protocol Registries Time Zone Database About Us Presentations Reports Performance Reviews Excellence Contact Us The IANA functions coordinate the Internet’s globally unique identifiers, and are provided by Public Technical Identifiers , an affiliate of ICANN . Privacy Policy Terms of Service
Date: Sat, 31 Oct 2020 00:36:33 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Expires: Sat, 31 Oct 2020 01:36:33 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Transfer-Encoding: chunked

• http://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2620:0:2d0:200::8 Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 0/0	404	Html is minified: 123.52 %	0.314	A
NOT FOUND
Visible Content: Domains Numbers Protocols About Us This page does not exist. If you believe this page should exist, please let us know by reporting the problem to iana@iana.org and we will investigate a solution. Domain Names Root Zone Registry .INT Registry .ARPA Registry IDN Repository Number Resources Abuse Information Protocols Protocol Registries Time Zone Database About Us Presentations Reports Performance Reviews Excellence Contact Us The IANA functions coordinate the Internet’s globally unique identifiers, and are provided by Public Technical Identifiers , an affiliate of ICANN . Privacy Policy Terms of Service
Date: Sat, 31 Oct 2020 00:36:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Expires: Sat, 31 Oct 2020 01:36:34 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Transfer-Encoding: chunked

• https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 0/0	404	Html is minified: 123.52 %	3.843	A
NOT FOUND
Visible Content: Domains Numbers Protocols About Us This page does not exist. If you believe this page should exist, please let us know by reporting the problem to iana@iana.org and we will investigate a solution. Domain Names Root Zone Registry .INT Registry .ARPA Registry IDN Repository Number Resources Abuse Information Protocols Protocol Registries Time Zone Database About Us Presentations Reports Performance Reviews Excellence Contact Us The IANA functions coordinate the Internet’s globally unique identifiers, and are provided by Public Technical Identifiers , an affiliate of ICANN . Privacy Policy Terms of Service
Date: Sat, 31 Oct 2020 00:36:51 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Expires: Sat, 31 Oct 2020 01:36:51 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=48211200; preload

• https://192.0.43.8/ 192.0.43.8	302	https://www.iana.org/ Html is minified: 100.00 %	3.673	N
Certificate error: RemoteCertificateNameMismatch
Date: Sat, 31 Oct 2020 00:36:34 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 04 Nov 2020 00:36:34 GMT
Content-Length: 205
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://192.0.47.8/ 192.0.47.8	301	https://www.iana.org/ Html is minified: 100.00 %	3.453	N
Certificate error: RemoteCertificateNameMismatch
Date: Sat, 31 Oct 2020 00:36:42 GMT
Server: Apache
Location: https://www.iana.org/
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1
Strict-Transport-Security: max-age=48211200; preload

• https://[2001:0500:0088:0200:0000:0000:0000:0008]/ 2001:500:88:200::8	302	https://www.iana.org/ Html is minified: 100.00 %	3.594	N
Certificate error: RemoteCertificateNameMismatch
Date: Sat, 31 Oct 2020 00:36:38 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 04 Nov 2020 00:36:38 GMT
Content-Length: 205
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://[2620:0000:02d0:0200:0000:0000:0000:0008]/ 2620:0:2d0:200::8	301	https://www.iana.org/ Html is minified: 100.00 %	4.154	N
Certificate error: RemoteCertificateNameMismatch
Date: Sat, 31 Oct 2020 00:36:46 GMT
Server: Apache
Location: https://www.iana.org/
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1
Strict-Transport-Security: max-age=48211200; preload

7. Comments

	1. General Results, most used to calculate the result
A	name "iana.org" is domain, public suffix is ".org", top-level-domain is ".org", top-level-domain-type is "generic", tld-manager is "Public Interest Registry (PIR)", num .org-domains preloaded: 4748 (complete: 131120)
A	good: All ip addresses are public addresses
A	Good: Minimal 2 ip addresses per domain name found: iana.org has 2 different ip addresses (authoritative).
A	Good: Minimal 2 ip addresses per domain name found: www.iana.org has 2 different ip addresses (authoritative).
A	Good: Ipv4 and Ipv6 addresses per domain name found: iana.org has 1 ipv4, 1 ipv6 addresses
A	Good: Ipv4 and Ipv6 addresses per domain name found: www.iana.org has 1 ipv4, 1 ipv6 addresses
A	good: No asked Authoritative Name Server had a timeout
A	https://192.0.47.8/ 192.0.47.8	301	https://www.iana.org/	correct redirect https to https
A	https://192.0.47.8/ 192.0.47.8	301	https://www.iana.org/	correct redirect https to https
A	https://[2620:0000:02d0:0200:0000:0000:0000:0008]/ 2620:0:2d0:200::8	301	https://www.iana.org/	correct redirect https to https
A	https://[2620:0000:02d0:0200:0000:0000:0000:0008]/ 2620:0:2d0:200::8	301	https://www.iana.org/	correct redirect https to https
A	good: one preferred version: www is preferred
A	Good: No cookie sent via http.
	Warning: HSTS preload sent, but not in Preload-List. Never send a preload directive if you don't know what preload means. Check https://hstspreload.org/ to learn the basics about the Google-Preload list. If you send a preload directive, you should immediately add your domain to the HSTS preload list via https://hstspreload.org/ . If Google accepts the domain, so the status is "pending": Note that new entries are hardcoded into the Chrome source code and can take several months before they reach the stable version. So you will see this message some months. If you don't want that or if you don't understand "preload", but if you send a preload directive and if you have correct A-redirects, everybody can add your domain to that list. Then you may have problems, it's not easy to undo that. So if you don't want your domain preloaded, remove the preload directive.
	HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
B	https://iana.org/ 192.0.43.8	301		Missing HSTS-Header
B	https://iana.org/ 2001:500:88:200::8	301		Missing HSTS-Header
C	Error - more then one version with Http-Status 200. After all redirects, all users (and search engines) should see the same https url: Non-www or www, but not both with http status 200.
E	http://iana.org/ 192.0.43.8	301	https://www.iana.org/	Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
E	http://iana.org/ 2001:500:88:200::8	301	https://www.iana.org/	Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
H	Fatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
N	https://192.0.43.8/ 192.0.43.8	302	https://www.iana.org/	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://[2001:0500:0088:0200:0000:0000:0000:0008]/ 2001:500:88:200::8	302	https://www.iana.org/	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://192.0.47.8/ 192.0.47.8	301	https://www.iana.org/	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://[2620:0000:02d0:0200:0000:0000:0000:0008]/ 2620:0:2d0:200::8	301	https://www.iana.org/	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain iana.org, 2 ip addresses.
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.iana.org, 2 ip addresses.
	Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain iana.org, 2 ip addresses, 1 different http results.
	Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain www.iana.org, 2 ip addresses, 1 different http results.
	2. DNS- and NameServer - Checks
A	Info:: 8 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 5 Name Servers.
A	Info:: 8 Queries complete, 8 with IPv6, 0 with IPv4.
A	Good: All DNS Queries done via IPv6.
A	Good: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.a.iana-servers.net (199.43.135.53, 2001:500:8f::53), ns.icann.org (199.4.138.53, 2001:500:89::53), b.iana-servers.net (199.43.133.53, 2001:500:8d::53), c.iana-servers.net (199.43.134.53, 2001:500:8e::53), ns.icann.org (199.4.138.53, 2001:500:89::53)
A	Good (1 - 3.0):: An average of 1.6 queries per domain name server required to find all ip addresses of all name servers.
A	Info:: 5 different Name Servers found: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org, sns.dns.icann.org, 4 Name Servers included in Delegation: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org, 4 Name Servers included in 1 Zone definitions: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org, 1 Name Servers listed in SOA.Primary: sns.dns.icann.org.
A	Good: Only one SOA.Primary Name Server found.: sns.dns.icann.org.
	Error: SOA.Primary Name Server not included in the delegation set.: sns.dns.icann.org.
A	Good: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A	Good: Minimal 2 different name servers (public suffix and public ip address) found: 5 different Name Servers found
A	Good: Some Name Servers have IPv6 addresses: 4 Name Servers with IPv6 found (1 Name Servers without IPv6)
A	Good: Name servers with different Top Level Domains / Public Suffix List entries found: 5 Name Servers, 2 Top Level Domains: org, net
A	Good: Name Servers with different domain names found.: 2 different Domains found
	Warning: All Name Servers from the same Country / IP location.: 5 Name Servers, 1 Countries: US
A	Info: Ipv4-Subnet-list: 5 Name Servers, 2 different subnets (first Byte): 192., 199., 3 different subnets (first two Bytes): 192.0., 199.4., 199.43., 5 different subnets (first three Bytes): 192.0.32., 199.4.138., 199.43.133., 199.43.134., 199.43.135.
A	Good: Name Server IPv4-addresses from different subnet found:
A	Info: IPv6-Subnet-list: 4 Name Servers with IPv6, 1 different subnets (first block): 2001:, 1 different subnets (first two blocks): 2001:0500:, 4 different subnets (first three blocks): 2001:0500:0089:, 2001:0500:008d:, 2001:0500:008e:, 2001:0500:008f:, 4 different subnets (first four blocks): 2001:0500:0089:0000:, 2001:0500:008d:0000:, 2001:0500:008e:0000:, 2001:0500:008f:0000:
A	Good: Name Server IPv6 addresses from different subnets found.
A	Good: Nameserver supports TCP connections: 9 good Nameserver
A	Info: Nameserver mit different domain names found. May be a problem with DNS-Updates
A	Good: Nameserver supports Echo Capitalization: 9 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 9 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 9 good Nameserver
	Nameserver doesn't pass all EDNS-Checks: b0.org.afilias-nst.org: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: ok (ns000b.app12.ams2.afilias-nst.info). COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: sns.dns.icann.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
A	Good: All SOA have the same Serial Number
	Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.
	3. Content- and Performance-critical Checks
A	Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: Every https result with status 200 supports GZip.
	https://www.iana.org/ 192.0.47.8	200		Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
	https://www.iana.org/ 2620:0:2d0:200::8	200		Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
	https://www.iana.org/ 192.0.47.8	200		Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
	https://www.iana.org/ 2620:0:2d0:200::8	200		Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
	https://www.iana.org/ 2620:0:2d0:200::8	200		Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
	https://www.iana.org/ 192.0.47.8	200		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	https://www.iana.org/ 2620:0:2d0:200::8	200		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	http://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 192.0.47.8	404		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	http://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2620:0:2d0:200::8	404		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	Warning: CSS / JavaScript found without GZip support. Send these ressources with GZip. 5 external CSS / JavaScript files without GZip found - 15 with GZip, 20 complete
	Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 1 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 19 with Cache-Control long enough, 20 complete.
A	Good: All images are sent with a long Cache-Control header (minimum 7 days). So the browser can reuse these files, no download is required. 3 image files with long Cache-Control max-age found
A	Good: All checked attribute values are enclosed in quotation marks (" or ').
A	Good: All img-elements have a valid alt-attribute.: 3 img-elements found.
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
	https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404	3.843 seconds	Warning: 404 needs more then one second
A	Duration: 330130 milliseconds, 330.130 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

iana.org

192.0.43.8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

iana.org

192.0.43.8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
Tls.1.1
Tls.1.0

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
Tls.1.1
Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

iana.org

2001:500:88:200::8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

iana.org

2001:500:88:200::8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
Tls.1.1
Tls.1.0

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
Tls.1.1
Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

www.iana.org

192.0.47.8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

www.iana.org

192.0.47.8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

www.iana.org

2620:0:2d0:200::8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

www.iana.org

2620:0:2d0:200::8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

www.iana.org

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

www.iana.org

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

192.0.43.8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

192.0.43.8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
Tls.1.1
Tls.1.0

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
Tls.1.1
Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

192.0.47.8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

192.0.47.8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

http/2 via ALPN supported
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

http/2 via ALPN supported
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

[2001:0500:0088:0200:0000:0000:0000:0008]

2001:500:88:200::8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

[2001:0500:0088:0200:0000:0000:0000:0008]

2001:500:88:200::8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
Tls.1.1
Tls.1.0

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
Tls.1.1
Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

[2620:0000:02d0:0200:0000:0000:0000:0008]

2620:0:2d0:200::8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

[2620:0000:02d0:0200:0000:0000:0000:0008]

2620:0:2d0:200::8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

Chain (complete)	1	CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, C=US, ST=California
	2	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

9. Certificates

CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, S=California, C=US

14.12.2017

27.01.2021
expires in 88 days

*.iana.org, iana.org - 2 entries

CN=*.iana.org, OU=IT Operations, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, S=California, C=US

14.12.2017

27.01.2021
expires in 88 days

*.iana.org, iana.org - 2 entries

Keyalgorithm	RSA encryption (4096 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	02D5691A50745CB3D2F09504025FA086
Thumbprint:	16F6EAC02A76ABAE6AB627ACCCBE917B050261A0
SHA256 / Certificate:	O9K/ONsQkUYEUMXMSZkPPUE1IgCEYSQPtXnoSRSvYvs=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	d56f85824b6ed2ab15b9040c20b574515d9a0ab415ca253b42cbc915a11de18d
SHA256 hex / Subject Public Key Information (SPKI):	6c74a0766fa6f5f4bf289190187b39a5086c700ab5db6d8b51bc985e5ca5cf79
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

22.10.2013

22.10.2028
expires in 2913 days

CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

22.10.2013

22.10.2028
expires in 2913 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	04E1E7A4DC5CF2F36DC02B42B85D159F
Thumbprint:	A031C46782E6E6C662C2C87C76DA9AA62CCABD8E
SHA256 / Certificate:	GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
SHA256 hex / Cert (DANE * 0 1):	19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0
SHA256 hex / PublicKey (DANE * 1 1):	936bfae7bc41b0e55ed4f411c0eb07b30ddbb064f657322acf92bee7db0d430b
SHA256 hex / Subject Public Key Information (SPKI):	52d4ef822ed8221c2cc1104485d0c52e7d01dd0a6ecda08204f3784cec3f4daf
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)

CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 4027 days

CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 4027 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	02AC5C266A0B409B8F0B79F2AE462577
Thumbprint:	5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
SHA256 / Certificate:	dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=
SHA256 hex / Cert (DANE * 0 1):	7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf
SHA256 hex / PublicKey (DANE * 1 1):	5a889647220e54d6bd8a16817224520bb5c78e58984bd570506388b9de0f075f
SHA256 hex / Subject Public Key Information (SPKI):	fd7961a0192a5cad26b74160a14732cf8625b6e21d65b4faf7bc5c2f968f5a33
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer				last 7 days	active	num Certs
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US				0	1	1

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
262970317 leaf cert	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	2017-12-14 00:00:00	2021-01-27 12:00:00	*.iana.org, iana.org - 2 entries

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

Issuer				last 7 days	active	num Certs
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US				0	1	1

CRT-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
283160301 leaf cert	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	2017-12-13 23:00:00	2021-01-27 11:00:00	*.iana.org, iana.org 2 entries

11. Html-Content - Entries

Summary

							Subresource Integrity (SRI)
Domainname	HtmlElement	rel/property	∑	∑ size	∑ problems	∑ int.	∑ ext.	∑ Origin poss.	∑ SRI ParseErrors	∑ SRI valid	∑ SRI missing
https://www.iana.org/ 192.0.47.8	a		36		0			0	0	0
	link	stylesheet	2	16,361 Bytes	0	2	0	0	0	0
	link	other	2	7,406 Bytes	0	1	0	0	0	0
	meta	other	3		0			0	0	0
	script		2	33,006 Bytes	0	2	0	0	0	0
https://www.iana.org/ 2620:0:2d0:200::8	a		36		0			0	0	0
	link	stylesheet	2	16,361 Bytes	0	2	0	0	0	0
	link	other	2	7,406 Bytes	0	1	0	0	0	0
	meta	other	3		0			0	0	0
	script		2	33,006 Bytes	0	2	0	0	0	0

Details

Domainname

Html-Element

name/equiv/ property/rel

href/src/content

HttpStatus

msg

∑

Status

https://www.iana.org/
192.0.47.8

/about

/about/excellence

/about/presentations

/abuse

/contact

/domains

/domains/arpa

/domains/idn-tables

/domains/int

/domains/root

/domains/root/db

/numbers

/performance

/protocols

/protocols/apply

/reports

/reviews

/time-zones

about/

http://pti.icann.org

http://www.icann.org/

https://icann.org/privacy

https://www.icann.org/privacy/policy

https://www.icann.org/privacy/tos

link

canonical

http://iana.org/

link

shortcut icon

/_img/bookmark_icon.ico

200

image/vnd.microsoft.icon, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 with long duration found.

No GZip - 7406 Bytes

link

stylesheet

/_css/2015.1/print.css

200

text/css, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 7659/37683 Bytes

local SRI possible, possible hash-values:

sha256-obVA+A51OsGb8Jk6n/uUyMd0x7x5f6pDK8Hv7Uq/hKw=
sha384-PGAfSopFvEoTPnfh0R+Ajhl4oHTiWhj04NfnbvAmYCBrNC48AN/cs4f7p9LXGD5w
sha512-WS9dchycpcVuFnoWcvxUun3YPiQKw6mH9/GkrOUIokpBwZ+dAjGhKO2QtwfQY/QH4YL7kQJ2G5XqW0tkpTx8iA==

Content loaded via url("...")

/_img/2011.1/icons/icon_alert.png

/_img/2015.1/fonts/NotoSans-Bold.woff

/_img/2015.1/fonts/NotoSansDevanagari-Regular.ttf

/_img/2015.1/fonts/NotoSansHebrew-Regular.ttf

/_img/2015.1/fonts/NotoSans-Italic.woff

/_img/2015.1/fonts/NotoSans-Regular.woff

/_img/2015.1/fonts/SourceCodePro-Regular.woff

/_img/2015.1/iana-logo-header-notext.svg

/_img/2015.1/iana-logo-homepage.svg

link

stylesheet

/_css/2015.1/screen.css

200

text/css, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 8702/45831 Bytes

local SRI possible, possible hash-values:

sha256-/y8pg0/D8rqoCDHB4wFIScabfVrG+FLycO8Eb/c16Sw=
sha384-1/YdTshbZWeupSiyGnKbbEYC02lS7V2zVoEhnygLQ22DGEpCxPBS04qPPg+pRkQ7
sha512-mMzagS5+yvAqUYuf/hAhkMcRTbZf1fB4mUfcSFz6BewCw8nC2fz/cGt0ST8tJPF7pF1gT1ctf0TEXL1NNpg1+A==

Content loaded via url("...")

/_img/2011.1/icons/icon_alert.png

/_img/2015.1/fonts/NotoSans-Bold.woff

/_img/2015.1/fonts/NotoSansDevanagari-Regular.ttf

/_img/2015.1/fonts/NotoSansHebrew-Regular.ttf

/_img/2015.1/fonts/NotoSans-Italic.woff

/_img/2015.1/fonts/NotoSans-Regular.woff

/_img/2015.1/fonts/SourceCodePro-Regular.woff

/_img/2015.1/iana-logo-header-notext.svg

/_img/2015.1/iana-logo-homepage.svg

meta

utf-8

meta

Content-type

text/html; charset=utf-8

meta

viewport

width=device-width, initial-scale=1

script

src

/_js/2013.1/iana.js

200

Missing defer / async attribute.

application/javascript, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip required: 68 Bytes

local SRI possible, possible hash-values:

sha256-QyglbUDNqgR9mUYLQ/bXc2aYKXXokaky744Ac2/YLho=
sha384-YHoX2g/hbU7JG4iM5VOtWnFnkHst6Lqub+piTUpM6SGbp+z7jf13muAZnhztJXtf
sha512-Odxwt9EUvU+Q45iET6joG0p576jhOXGl0zOchG/bmPV0tlaZTxFQ+2pOtw50c3j/lKCmHBlM6Wmr7QCzWOUGnw==

script

src

/_js/2013.1/jquery.js

200

Missing defer / async attribute.

application/javascript, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 32938/93068 Bytes

local SRI possible, possible hash-values:

sha256-f6DVw/U4x2+HjgEqw5BZf67Kq/5vudRZuRkljnbF344=
sha384-cQEZEagVXvxPpIzLzXzmQmKEf7awh3wIOawxi1PbDNoiidnNGFmhsbCgJaMP6f9F
sha512-synHs+rLg2WDVE9U0oHVJURDCiqft60GcWOW7tXySy8oIr0Hjl3K9gv7Bq/gSj4NDVpc5vmsNkMGGJ6t2VpUMA==

2620:0:2d0:200::8

/about

/about/excellence

/about/presentations

/abuse

/contact

/domains

/domains/arpa

/domains/idn-tables

/domains/int

/domains/root

/domains/root/db

/numbers

/performance

/protocols

/protocols/apply

/reports

/reviews

/time-zones

about/

http://pti.icann.org

http://www.icann.org/

https://icann.org/privacy

https://www.icann.org/privacy/policy

https://www.icann.org/privacy/tos

link

canonical

http://iana.org/

link

shortcut icon

/_img/bookmark_icon.ico

200

image/vnd.microsoft.icon, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 with long duration found.

No GZip - 7406 Bytes

link

stylesheet

/_css/2015.1/print.css

200

text/css, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 7659/37683 Bytes

local SRI possible, possible hash-values:

Content loaded via url("...")

/_img/2011.1/icons/icon_alert.png

/_img/2015.1/fonts/NotoSans-Bold.woff

/_img/2015.1/fonts/NotoSansDevanagari-Regular.ttf

/_img/2015.1/fonts/NotoSansHebrew-Regular.ttf

/_img/2015.1/fonts/NotoSans-Italic.woff

/_img/2015.1/fonts/NotoSans-Regular.woff

/_img/2015.1/fonts/SourceCodePro-Regular.woff

/_img/2015.1/iana-logo-header-notext.svg

/_img/2015.1/iana-logo-homepage.svg

link

stylesheet

/_css/2015.1/screen.css

200

text/css, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 8702/45831 Bytes

local SRI possible, possible hash-values:

Content loaded via url("...")

/_img/2011.1/icons/icon_alert.png

/_img/2015.1/fonts/NotoSans-Bold.woff

/_img/2015.1/fonts/NotoSansDevanagari-Regular.ttf

/_img/2015.1/fonts/NotoSansHebrew-Regular.ttf

/_img/2015.1/fonts/NotoSans-Italic.woff

/_img/2015.1/fonts/NotoSans-Regular.woff

/_img/2015.1/fonts/SourceCodePro-Regular.woff

/_img/2015.1/iana-logo-header-notext.svg

/_img/2015.1/iana-logo-homepage.svg

meta

utf-8

meta

Content-type

text/html; charset=utf-8

meta

viewport

width=device-width, initial-scale=1

script

src

/_js/2013.1/iana.js

200

Missing defer / async attribute.

application/javascript, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip required: 68 Bytes

local SRI possible, possible hash-values:

script

src

/_js/2013.1/jquery.js

200

Missing defer / async attribute.

application/javascript, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 32938/93068 Bytes

local SRI possible, possible hash-values:

12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org, sns.dns.icann.org

QNr.	Domain	Type	NS used
1	net	NS	l.root-servers.net (2001:500:9f::42)
	Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2	a.iana-servers.net: 199.43.135.53, 2001:500:8f::53	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: b.iana-servers.net 199.43.133.53, 2001:500:8d::53
	Answer: c.iana-servers.net 199.43.134.53, 2001:500:8e::53
3	org	NS	g.root-servers.net (2001:500:12::d0d)
	Answer: a0.org.afilias-nst.info, a2.org.afilias-nst.info, b0.org.afilias-nst.org, b2.org.afilias-nst.org, c0.org.afilias-nst.info, d0.org.afilias-nst.org
4	ns.icann.org: 199.4.138.53, 2001:500:89::53	NS	a0.org.afilias-nst.info (2001:500:e::1)
5	sns.dns.icann.org	NS	a0.org.afilias-nst.info (2001:500:e::1)
	Answer: a.icann-servers.net, b.icann-servers.net, c.icann-servers.net, ns.icann.org
	Answer: ns.icann.org 199.4.138.53, 2001:500:89::53
6	a.icann-servers.net: 199.43.135.53, 2001:500:8f::53	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: b.icann-servers.net 199.43.133.53, 2001:500:8d::53
	Answer: c.icann-servers.net 199.43.134.53, 2001:500:8e::53
7	sns.dns.icann.org: 192.0.32.162	A	a.icann-servers.net (2001:500:8f::53)
8	sns.dns.icann.org: No AAAA record found	AAAA	a.icann-servers.net (2001:500:8f::53)

13. CAA - Entries

Domainname	flag	Value	∑ Queries
ianawww.vip.icann.org	0	no CAA entry found	1
vip.icann.org	0	no CAA entry found	1
www.iana.org			1
icann.org	0	no CAA entry found	1
iana.org	0	no CAA entry found	1
org	0	no CAA entry found	1
	0	no CAA entry found	1

14. TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
iana.org	c9e864a6c53444038d34fe3a22513b74	ok	1
iana.org	docusign=b2d7c7b0-4627-494b-a7aa-682ee87c265d	ok	1
iana.org	google-site-verification=iIqTTcUxND4wZOeVe5Ho728rH3JOSDnssYsYJ7pUtQQ	ok	1
iana.org	MS=ms22660639	ok	1
iana.org	smartsheet-site-validation=CcnvONgQ2ibuzf2zHZxgPaWUqTwt-Sjr	ok	1
iana.org	v=spf1 redirect=icann.org	ok	1
www.iana.org			1
ianawww.vip.icann.org		ok	1
_acme-challenge.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.www.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.iana.org.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.www.iana.org.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.ianawww.vip.icann.org		Name Error - The domain name does not exist	1
_acme-challenge.www.iana.org.www.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.ianawww.vip.icann.org.ianawww.vip.icann.org		Name Error - The domain name does not exist	1

15. Portchecks

Domain or IP	Port	Description	Result	Answer
iana.org	21	FTP	open
421 Please use ftp.iana.org instead.
iana.org	21	FTP	open	421 Please use ftp.iana.org instead.
iana.org	22	SSH

iana.org	22	SSH
iana.org	25	SMTP

iana.org	25	SMTP
iana.org	53	DNS

iana.org	53	DNS
iana.org	110	POP3

iana.org	110	POP3
iana.org	143	IMAP

iana.org	143	IMAP
iana.org	465	SMTP (encrypted)

iana.org	465	SMTP (encrypted)
iana.org	587	SMTP (encrypted, submission)

iana.org	587	SMTP (encrypted, submission)
iana.org	993	IMAP (encrypted)

iana.org	993	IMAP (encrypted)
iana.org	995	POP3 (encrypted)

iana.org	995	POP3 (encrypted)
iana.org	1433	MS SQL

iana.org	1433	MS SQL
iana.org	2082	cPanel (http)

iana.org	2082	cPanel (http)
iana.org	2083	cPanel (https)

iana.org	2083	cPanel (https)
iana.org	2086	WHM (http)

iana.org	2086	WHM (http)
iana.org	2087	WHM (https)

iana.org	2087	WHM (https)
iana.org	2089	cPanel Licensing

iana.org	2089	cPanel Licensing
iana.org	2095	cPanel Webmail (http)

iana.org	2095	cPanel Webmail (http)
iana.org	2096	cPanel Webmail (https)

iana.org	2096	cPanel Webmail (https)
iana.org	2222	DirectAdmin (http)

iana.org	2222	DirectAdmin (http)
iana.org	2222	DirectAdmin (https)

iana.org	2222	DirectAdmin (https)
iana.org	3306	mySql

iana.org	3306	mySql
iana.org	5224	Plesk Licensing

iana.org	5224	Plesk Licensing
iana.org	5432	PostgreSQL

iana.org	5432	PostgreSQL
iana.org	8080	Ookla Speedtest (http)

iana.org	8080	Ookla Speedtest (http)
iana.org	8080	Ookla Speedtest (https)

iana.org	8080	Ookla Speedtest (https)
iana.org	8083	VestaCP http

iana.org	8083	VestaCP http
iana.org	8083	VestaCP https

iana.org	8083	VestaCP https
iana.org	8443	Plesk Administration (https)

iana.org	8443	Plesk Administration (https)
iana.org	8447	Plesk Installer + Updates

iana.org	8447	Plesk Installer + Updates
iana.org	8880	Plesk Administration (http)

iana.org	8880	Plesk Administration (http)
iana.org	10000	Webmin (http)

iana.org	10000	Webmin (http)
iana.org	10000	Webmin (https)

iana.org	10000	Webmin (https)
www.iana.org	21	FTP	open
220 IANA FTP Server
www.iana.org	21	FTP	open	220 IANA FTP Server
www.iana.org	22	SSH

www.iana.org	22	SSH
www.iana.org	25	SMTP

www.iana.org	25	SMTP
www.iana.org	53	DNS

www.iana.org	53	DNS
www.iana.org	110	POP3

www.iana.org	110	POP3
www.iana.org	143	IMAP

www.iana.org	143	IMAP
www.iana.org	465	SMTP (encrypted)

www.iana.org	465	SMTP (encrypted)
www.iana.org	587	SMTP (encrypted, submission)

www.iana.org	587	SMTP (encrypted, submission)
www.iana.org	993	IMAP (encrypted)

www.iana.org	993	IMAP (encrypted)
www.iana.org	995	POP3 (encrypted)

www.iana.org	995	POP3 (encrypted)
www.iana.org	1433	MS SQL

www.iana.org	1433	MS SQL
www.iana.org	2082	cPanel (http)

www.iana.org	2082	cPanel (http)
www.iana.org	2083	cPanel (https)

www.iana.org	2083	cPanel (https)
www.iana.org	2086	WHM (http)

www.iana.org	2086	WHM (http)
www.iana.org	2087	WHM (https)

www.iana.org	2087	WHM (https)
www.iana.org	2089	cPanel Licensing

www.iana.org	2089	cPanel Licensing
www.iana.org	2095	cPanel Webmail (http)

www.iana.org	2095	cPanel Webmail (http)
www.iana.org	2096	cPanel Webmail (https)

www.iana.org	2096	cPanel Webmail (https)
www.iana.org	2222	DirectAdmin (http)

www.iana.org	2222	DirectAdmin (http)
www.iana.org	2222	DirectAdmin (https)

www.iana.org	2222	DirectAdmin (https)
www.iana.org	3306	mySql

www.iana.org	3306	mySql
www.iana.org	5224	Plesk Licensing

www.iana.org	5224	Plesk Licensing
www.iana.org	5432	PostgreSQL

www.iana.org	5432	PostgreSQL
www.iana.org	8080	Ookla Speedtest (http)

www.iana.org	8080	Ookla Speedtest (http)
www.iana.org	8080	Ookla Speedtest (https)

www.iana.org	8080	Ookla Speedtest (https)
www.iana.org	8083	VestaCP http

www.iana.org	8083	VestaCP http
www.iana.org	8083	VestaCP https

www.iana.org	8083	VestaCP https
www.iana.org	8443	Plesk Administration (https)

www.iana.org	8443	Plesk Administration (https)
www.iana.org	8447	Plesk Installer + Updates

www.iana.org	8447	Plesk Installer + Updates
www.iana.org	8880	Plesk Administration (http)

www.iana.org	8880	Plesk Administration (http)
www.iana.org	10000	Webmin (http)

www.iana.org	10000	Webmin (http)
www.iana.org	10000	Webmin (https)

www.iana.org	10000	Webmin (https)
192.0.43.8	21	FTP	open
421 Please use ftp.iana.org instead.
192.0.43.8	21	FTP	open	421 Please use ftp.iana.org instead.
192.0.43.8	22	SSH

192.0.43.8	22	SSH
192.0.43.8	25	SMTP

192.0.43.8	25	SMTP
192.0.43.8	53	DNS

192.0.43.8	53	DNS
192.0.43.8	110	POP3

192.0.43.8	110	POP3
192.0.43.8	143	IMAP

192.0.43.8	143	IMAP
192.0.43.8	465	SMTP (encrypted)

192.0.43.8	465	SMTP (encrypted)
192.0.43.8	587	SMTP (encrypted, submission)

192.0.43.8	587	SMTP (encrypted, submission)
192.0.43.8	993	IMAP (encrypted)

192.0.43.8	993	IMAP (encrypted)
192.0.43.8	995	POP3 (encrypted)

192.0.43.8	995	POP3 (encrypted)
192.0.43.8	1433	MS SQL

192.0.43.8	1433	MS SQL
192.0.43.8	2082	cPanel (http)

192.0.43.8	2082	cPanel (http)
192.0.43.8	2083	cPanel (https)

192.0.43.8	2083	cPanel (https)
192.0.43.8	2086	WHM (http)

192.0.43.8	2086	WHM (http)
192.0.43.8	2087	WHM (https)

192.0.43.8	2087	WHM (https)
192.0.43.8	2089	cPanel Licensing

192.0.43.8	2089	cPanel Licensing
192.0.43.8	2095	cPanel Webmail (http)

192.0.43.8	2095	cPanel Webmail (http)
192.0.43.8	2096	cPanel Webmail (https)

192.0.43.8	2096	cPanel Webmail (https)
192.0.43.8	2222	DirectAdmin (http)

192.0.43.8	2222	DirectAdmin (http)
192.0.43.8	2222	DirectAdmin (https)

192.0.43.8	2222	DirectAdmin (https)
192.0.43.8	3306	mySql

192.0.43.8	3306	mySql
192.0.43.8	5224	Plesk Licensing

192.0.43.8	5224	Plesk Licensing
192.0.43.8	5432	PostgreSQL

192.0.43.8	5432	PostgreSQL
192.0.43.8	8080	Ookla Speedtest (http)

192.0.43.8	8080	Ookla Speedtest (http)
192.0.43.8	8080	Ookla Speedtest (https)

192.0.43.8	8080	Ookla Speedtest (https)
192.0.43.8	8083	VestaCP http

192.0.43.8	8083	VestaCP http
192.0.43.8	8083	VestaCP https

192.0.43.8	8083	VestaCP https
192.0.43.8	8443	Plesk Administration (https)

192.0.43.8	8443	Plesk Administration (https)
192.0.43.8	8447	Plesk Installer + Updates

192.0.43.8	8447	Plesk Installer + Updates
192.0.43.8	8880	Plesk Administration (http)

192.0.43.8	8880	Plesk Administration (http)
192.0.43.8	10000	Webmin (http)

192.0.43.8	10000	Webmin (http)
192.0.43.8	10000	Webmin (https)

192.0.43.8	10000	Webmin (https)
192.0.47.8	21	FTP	open
220 IANA FTP Server
192.0.47.8	21	FTP	open	220 IANA FTP Server
192.0.47.8	22	SSH

192.0.47.8	22	SSH
192.0.47.8	25	SMTP

192.0.47.8	25	SMTP
192.0.47.8	53	DNS

192.0.47.8	53	DNS
192.0.47.8	110	POP3

192.0.47.8	110	POP3
192.0.47.8	143	IMAP

192.0.47.8	143	IMAP
192.0.47.8	465	SMTP (encrypted)

192.0.47.8	465	SMTP (encrypted)
192.0.47.8	587	SMTP (encrypted, submission)

192.0.47.8	587	SMTP (encrypted, submission)
192.0.47.8	993	IMAP (encrypted)

192.0.47.8	993	IMAP (encrypted)
192.0.47.8	995	POP3 (encrypted)

192.0.47.8	995	POP3 (encrypted)
192.0.47.8	1433	MS SQL

192.0.47.8	1433	MS SQL
192.0.47.8	2082	cPanel (http)

192.0.47.8	2082	cPanel (http)
192.0.47.8	2083	cPanel (https)

192.0.47.8	2083	cPanel (https)
192.0.47.8	2086	WHM (http)

192.0.47.8	2086	WHM (http)
192.0.47.8	2087	WHM (https)

192.0.47.8	2087	WHM (https)
192.0.47.8	2089	cPanel Licensing

192.0.47.8	2089	cPanel Licensing
192.0.47.8	2095	cPanel Webmail (http)

192.0.47.8	2095	cPanel Webmail (http)
192.0.47.8	2096	cPanel Webmail (https)

192.0.47.8	2096	cPanel Webmail (https)
192.0.47.8	2222	DirectAdmin (http)

192.0.47.8	2222	DirectAdmin (http)
192.0.47.8	2222	DirectAdmin (https)

192.0.47.8	2222	DirectAdmin (https)
192.0.47.8	3306	mySql

192.0.47.8	3306	mySql
192.0.47.8	5224	Plesk Licensing

192.0.47.8	5224	Plesk Licensing
192.0.47.8	5432	PostgreSQL

192.0.47.8	5432	PostgreSQL
192.0.47.8	8080	Ookla Speedtest (http)

192.0.47.8	8080	Ookla Speedtest (http)
192.0.47.8	8080	Ookla Speedtest (https)

192.0.47.8	8080	Ookla Speedtest (https)
192.0.47.8	8083	VestaCP http

192.0.47.8	8083	VestaCP http
192.0.47.8	8083	VestaCP https

192.0.47.8	8083	VestaCP https
192.0.47.8	8443	Plesk Administration (https)

192.0.47.8	8443	Plesk Administration (https)
192.0.47.8	8447	Plesk Installer + Updates

192.0.47.8	8447	Plesk Installer + Updates
192.0.47.8	8880	Plesk Administration (http)

192.0.47.8	8880	Plesk Administration (http)
192.0.47.8	10000	Webmin (http)

192.0.47.8	10000	Webmin (http)
192.0.47.8	10000	Webmin (https)

192.0.47.8	10000	Webmin (https)

Permalink: https://check-your-website.server-daten.de/?i=02304172-1121-4e60-8bd2-0b1480c2e187

Last Result: https://check-your-website.server-daten.de/?q=iana.org - 2020-10-31 01:33:28

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=iana.org" target="_blank">Check this Site: iana.org</a>

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

Mobile- and other Chrome-Checks

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. DNS- and NameServer - Checks

3. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

11. Html-Content - Entries

Summary

Details

12. Nameserver - IP-Adresses

13. CAA - Entries

14. TXT - Entries

15. Portchecks