Check DNS, Urls + Redirects, Certificates and Content of your Website

hide

skip EDNS-Check

skip Content-Check

check links

Http as Destination - no encryption

Checked:
20.11.2021 17:00:55

Older results

H - 15.11.2021 00:48:58

H - 15.11.2021 00:22:45

I - 05.10.2021 08:44:56

H - 29.08.2021 16:27:32

H - 29.08.2021 16:13:53

H - 29.08.2021 14:30:43

H - 30.07.2021 18:45:15

H - 29.05.2021 04:53:53

H - 10.05.2021 02:49:16

H - 22.12.2020 10:44:06

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
iana.org	A	192.0.43.8 Anthony/Kansas/United States (US) - ICANN Hostname: 43-8.any.icann.org	yes	1	0
	AAAA	2001:500:88:200::8 Los Angeles/California/United States (US) - ICANN	yes
www.iana.org	CNAME	ianawww.vip.icann.org	yes	1	0
	A	192.0.46.8 Washington/District of Columbia/United States (US) - ICANN Hostname: 46-8.dc.icann.org	yes
	AAAA	2620:0:2830:200::b:8 Troy/New York/United States (US) - ICANN	yes
*.iana.org	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 14748, Flags 256


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.12.2021, 00:00:00 +, Signature-Inception: 20.11.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: org
org	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=


	2 RRSIG RR to validate DS RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 03.12.2021, 05:00:00 +, Signature-Inception: 20.11.2021, 04:00:00 +, KeyTag 14748, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14748 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 26974, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 63858, Flags 256


	Public Key with Algorithm 8, KeyTag 63966, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 900 sec, Signature-expiration: 08.12.2021, 15:23:27 +, Signature-Inception: 17.11.2021, 14:23:27 +, KeyTag 26974, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26974 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest "T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: iana.org
iana.org	6 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 6730, DigestType 1 and Digest FaHucJ5RwGUnmdnNNko3rLjmcoU=


	DS with Algorithm 8, KeyTag 6730, DigestType 2 and Digest /KA3dvozq1c2mq6LCJk49AAeIICUNic0JCp+vk3bV1U=


	DS with Algorithm 8, KeyTag 14351, DigestType 1 and Digest TAjAV1Tdp8z2K0GsRQhz0nEiHMM=


	DS with Algorithm 8, KeyTag 14351, DigestType 2 and Digest 4aDJLAZjICJA/DSB90fQCQHNFOJouIShFC16R12xqBA=


	DS with Algorithm 8, KeyTag 39817, DigestType 1 and Digest SyY09p7djQdB2oYp4gZLBegTjlE=


	DS with Algorithm 8, KeyTag 39817, DigestType 2 and Digest X7cq6Ew1o13ff6JOp5HNl2PENgl5wMu2/yxAevmuWAI=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 08.12.2021, 15:23:27 +, Signature-Inception: 17.11.2021, 14:23:27 +, KeyTag 63966, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 63966 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 3795, Flags 256


	Public Key with Algorithm 8, KeyTag 21911, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 39817, Flags 257 (SEP = Secure Entry Point)


	2 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 09.12.2021, 06:31:36 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 21911, Signer-Name: iana.org


	RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 09.12.2021, 06:31:36 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 39817, Signer-Name: iana.org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 21911 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39817 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 39817, DigestType 1 and Digest "SyY09p7djQdB2oYp4gZLBegTjlE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 39817, DigestType 2 and Digest "X7cq6Ew1o13ff6JOp5HNl2PENgl5wMu2/yxAevmuWAI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	RRSIG Type 1 validates the A - Result: 192.0.43.8 Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.12.2021, 22:34:00 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 3795, Signer-Name: iana.org


	RRSIG Type 16 validates the TXT - Result: MS=ms22660639 v=spf1 redirect=icann.org c9e864a6c53444038d34fe3a22513b74 docusign=b2d7c7b0-4627-494b-a7aa-682ee87c265d smartsheet-site-validation=CcnvONgQ2ibuzf2zHZxgPaWUqTwt-Sjr google-site-verification=iIqTTcUxND4wZOeVe5Ho728rH3JOSDnssYsYJ7pUtQQ Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 08.12.2021, 16:30:33 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 3795, Signer-Name: iana.org


	RRSIG Type 28 validates the AAAA - Result: 2001:0500:0088:0200:0000:0000:0000:0008 Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 09.12.2021, 00:24:39 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 3795, Signer-Name: iana.org


	CNAME-Query sends a valid NSEC RR as result with the query name "iana.org" equal the NSEC-owner "iana.org" and the NextOwner "api.iana.org". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 09.12.2021, 08:10:48 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 3795, Signer-Name: iana.org


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.iana.org) sends a valid NSEC RR as result with the owner name iana.org. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "iana.org" and the NextOwner "api.iana.org". So that NSEC confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.iana.org) sends a valid NSEC RR as result with the query name "_443._tcp.iana.org" between the NSEC-owner "iana.org" and the NextOwner "api.iana.org". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.iana.org) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.iana.org" between the NSEC-owner "iana.org" and the NextOwner "api.iana.org". So the zone confirmes the not-existence of that Wildcard-expansion. Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 09.12.2021, 08:10:48 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 3795, Signer-Name: iana.org


	Status: Good. NXDomain-Proof required and found.


	CAA-Query sends a valid NSEC RR as result with the query name "iana.org" equal the NSEC-owner "iana.org" and the NextOwner "api.iana.org". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner iana.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 09.12.2021, 08:10:48 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 3795, Signer-Name: iana.org


	Status: Good. NoData-Proof required and found.

Zone: www.iana.org
www.iana.org	0 DS RR in the parent zone found


	RRSIG Type 5 validates the CNAME - Result: ianawww.vip.icann.org Validated: RRSIG-Owner www.iana.org., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 09.12.2021, 08:02:44 +, Signature-Inception: 17.11.2021, 22:42:49 +, KeyTag 3795, Signer-Name: iana.org

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 14748, Flags 256


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.12.2021, 00:00:00 +, Signature-Inception: 20.11.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: org
org	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=


	2 RRSIG RR to validate DS RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 03.12.2021, 05:00:00 +, Signature-Inception: 20.11.2021, 04:00:00 +, KeyTag 14748, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14748 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 26974, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 63858, Flags 256


	Public Key with Algorithm 8, KeyTag 63966, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 900 sec, Signature-expiration: 08.12.2021, 15:23:27 +, Signature-Inception: 17.11.2021, 14:23:27 +, KeyTag 26974, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26974 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest "T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: icann.org
icann.org	3 DS RR in the parent zone found


	DS with Algorithm 7, KeyTag 17248, DigestType 2 and Digest iFz4ps81/Vxhnh1ItZr7IwY7up/sUv8l+ZCUy6EJEKI=


	DS with Algorithm 7, KeyTag 18060, DigestType 2 and Digest a+AhgYufEO2YGgOsv3TwHjH7FcWGgK0MS6pGS/N6dSM=


	DS with Algorithm 7, KeyTag 23584, DigestType 2 and Digest r1ekkmQBAoCSCaoAW5PDK3rMg3NLx4XPpQtRaIKZzWE=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner icann.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 08.12.2021, 15:23:27 +, Signature-Inception: 17.11.2021, 14:23:27 +, KeyTag 63966, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 63966 used to validate the DS RRSet in the parent zone


	5 DNSKEY RR found


	Public Key with Algorithm 7, KeyTag 18060, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 7, KeyTag 21275, Flags 256


	Public Key with Algorithm 7, KeyTag 23584, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 7, KeyTag 48458, Flags 256


	Public Key with Algorithm 7, KeyTag 49175, Flags 256


	2 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner icann.org., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.12.2021, 19:14:48 +, Signature-Inception: 17.11.2021, 22:42:59 +, KeyTag 18060, Signer-Name: icann.org


	RRSIG-Owner icann.org., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.12.2021, 19:14:48 +, Signature-Inception: 17.11.2021, 22:42:59 +, KeyTag 23584, Signer-Name: icann.org


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 18060 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 23584 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 18060, DigestType 2 and Digest "a+AhgYufEO2YGgOsv3TwHjH7FcWGgK0MS6pGS/N6dSM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	• Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 23584, DigestType 2 and Digest "r1ekkmQBAoCSCaoAW5PDK3rMg3NLx4XPpQtRaIKZzWE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: vip.icann.org
vip.icann.org	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 6025, DigestType 2 and Digest Tar9xiUozvyMj1K1DXDYIhFb2cD2ZiplBWA+8YQB/kk=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner vip.icann.org., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 09.12.2021, 05:34:45 +, Signature-Inception: 17.11.2021, 22:42:59 +, KeyTag 49175, Signer-Name: icann.org


	• Status: Good - Algorithmus 7 and DNSKEY with KeyTag 49175 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 6025, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 20940, Flags 256


	Public Key with Algorithm 8, KeyTag 45318, Flags 256


	3 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner vip.icann.org., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 27.11.2021, 08:11:35 +, Signature-Inception: 20.11.2021, 07:11:35 +, KeyTag 6025, Signer-Name: vip.icann.org


	RRSIG-Owner vip.icann.org., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 27.11.2021, 08:11:35 +, Signature-Inception: 20.11.2021, 07:11:35 +, KeyTag 20940, Signer-Name: vip.icann.org


	RRSIG-Owner vip.icann.org., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 27.11.2021, 08:11:35 +, Signature-Inception: 20.11.2021, 07:11:35 +, KeyTag 45318, Signer-Name: vip.icann.org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 6025 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20940 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 45318 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 6025, DigestType 2 and Digest "Tar9xiUozvyMj1K1DXDYIhFb2cD2ZiplBWA+8YQB/kk=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ianawww.vip.icann.org
ianawww.vip.icann.org	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "vtfmkt56sil99j951r22dl6jga7fgsk1" between the hashed NSEC3-owner "vtfmkt56sil99j951r22dl6jga7fgsk1" and the hashed NextOwner "vtfmkt56sil99j951r22dl6jga7fgsk2". So the parent zone confirmes the not-existence of a DS RR. Bitmap: NS, RRSIG Validated: RRSIG-Owner vtfmkt56sil99j951r22dl6jga7fgsk1.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 60 sec, Signature-expiration: 27.11.2021, 14:23:40 +, Signature-Inception: 20.11.2021, 13:23:40 +, KeyTag 20940, Signer-Name: vip.icann.org


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "vtfmkt56sil99j951r22dl6jga7fgsk1" between the hashed NSEC3-owner "vtfmkt56sil99j951r22dl6jga7fgsk1" and the hashed NextOwner "vtfmkt56sil99j951r22dl6jga7fgsk2". So the parent zone confirmes the not-existence of a DS RR. Bitmap: NS, RRSIG Validated: RRSIG-Owner vtfmkt56sil99j951r22dl6jga7fgsk1.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 60 sec, Signature-expiration: 27.11.2021, 14:23:40 +, Signature-Inception: 20.11.2021, 13:23:40 +, KeyTag 45318, Signer-Name: vip.icann.org


	0 DNSKEY RR found





	RRSIG Type 1 validates the A - Result: 192.0.46.8 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 30 sec, Signature-expiration: 27.11.2021, 08:11:33 +, Signature-Inception: 20.11.2021, 07:11:33 +, KeyTag 20940, Signer-Name: vip.icann.org


	RRSIG Type 1 validates the A - Result: 192.0.46.8 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 30 sec, Signature-expiration: 27.11.2021, 08:11:33 +, Signature-Inception: 20.11.2021, 07:11:33 +, KeyTag 20940, Signer-Name: vip.icann.org


	RRSIG Type 28 validates the AAAA - Result: 2620:0000:2830:0200:0000:0000:000B:0008 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 30 sec, Signature-expiration: 27.11.2021, 08:11:33 +, Signature-Inception: 20.11.2021, 07:11:33 +, KeyTag 20940, Signer-Name: vip.icann.org


	RRSIG Type 28 validates the AAAA - Result: 2620:0000:2830:0200:0000:0000:000B:0008 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 30 sec, Signature-expiration: 27.11.2021, 08:11:33 +, Signature-Inception: 20.11.2021, 07:11:33 +, KeyTag 20940, Signer-Name: vip.icann.org


	RRSIG Type 1 validates the A - Result: 192.0.46.8 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 30 sec, Signature-expiration: 26.11.2021, 08:22:40 +, Signature-Inception: 19.11.2021, 07:22:40 +, KeyTag 45318, Signer-Name: vip.icann.org


	RRSIG Type 1 validates the A - Result: 192.0.46.8 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 30 sec, Signature-expiration: 26.11.2021, 08:22:40 +, Signature-Inception: 19.11.2021, 07:22:40 +, KeyTag 45318, Signer-Name: vip.icann.org


	RRSIG Type 28 validates the AAAA - Result: 2620:0000:2830:0200:0000:0000:000B:0008 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 30 sec, Signature-expiration: 26.11.2021, 08:22:43 +, Signature-Inception: 19.11.2021, 07:22:43 +, KeyTag 45318, Signer-Name: vip.icann.org


	RRSIG Type 28 validates the AAAA - Result: 2620:0000:2830:0200:0000:0000:000B:0008 Validated: RRSIG-Owner ianawww.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 30 sec, Signature-expiration: 26.11.2021, 08:22:43 +, Signature-Inception: 19.11.2021, 07:22:43 +, KeyTag 45318, Signer-Name: vip.icann.org


	CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "v57dp8gqqji2gvri78nu4mca2pe5a5k4" equal the hashed NSEC3-owner "v57dp8gqqji2gvri78nu4mca2pe5a5k4" and the hashed NextOwner "v57dp8gqqji2gvri78nu4mca2pe5a5k5". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: MX, TXT, RRSIG Validated: RRSIG-Owner v57dp8gqqji2gvri78nu4mca2pe5a5k4.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 60 sec, Signature-expiration: 27.11.2021, 10:39:31 +, Signature-Inception: 20.11.2021, 09:39:31 +, KeyTag 45318, Signer-Name: vip.icann.org


	Status: Good. NoData-Proof required and found.


	TXT-Query sends a valid NSEC3 RR as result with the hashed query name "v57dp8gqqji2gvri78nu4mca2pe5a5k4" equal the hashed NSEC3-owner "v57dp8gqqji2gvri78nu4mca2pe5a5k4" and the hashed NextOwner "v57dp8gqqji2gvri78nu4mca2pe5a5k5". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: 13, MX, RRSIG Validated: RRSIG-Owner v57dp8gqqji2gvri78nu4mca2pe5a5k4.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 60 sec, Signature-expiration: 27.11.2021, 11:24:09 +, Signature-Inception: 20.11.2021, 10:24:09 +, KeyTag 45318, Signer-Name: vip.icann.org


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.ianawww.vip.icann.org) sends a valid NSEC3 RR as result with the hashed owner name "f5l8b0pum6bh3u3oo8aas85ual3j8bk7" (unhashed: _tcp.ianawww.vip.icann.org). So that's the Closest Encloser of the query name. Bitmap: No Bitmap? Validated: RRSIG-Owner f5l8b0pum6bh3u3oo8aas85ual3j8bk7.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 60 sec, Signature-expiration: 27.11.2021, 16:03:27 +, Signature-Inception: 20.11.2021, 15:03:27 +, KeyTag 45318, Signer-Name: vip.icann.org


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "615dhjhcpqjhl2qhg37690n2ps5l0jik" (unhashed: *._tcp.ianawww.vip.icann.org) with the owner "615dhjhcpqjhl2qhg37690n2ps5l0jij" and the NextOwner "615dhjhcpqjhl2qhg37690n2ps5l0jil". So that NSEC3 confirms the not-existence of the Wildcard expansion. Bitmap: No Bitmap? Validated: RRSIG-Owner 615dhjhcpqjhl2qhg37690n2ps5l0jij.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 60 sec, Signature-expiration: 27.11.2021, 16:03:27 +, Signature-Inception: 20.11.2021, 15:03:27 +, KeyTag 45318, Signer-Name: vip.icann.org


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query (_443._tcp.ianawww.vip.icann.org) sends a valid NSEC3 RR as result with the hashed query name "9md2mihu6uedmlf5erh4fnc7rhh8u2bj" between the hashed NSEC3-owner "9md2mihu6uedmlf5erh4fnc7rhh8u2bi" and the hashed NextOwner "9md2mihu6uedmlf5erh4fnc7rhh8u2bk". So the zone confirmes the not-existence of that TLSA RR. Bitmap: No Bitmap? Validated: RRSIG-Owner 9md2mihu6uedmlf5erh4fnc7rhh8u2bi.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 60 sec, Signature-expiration: 27.11.2021, 16:03:27 +, Signature-Inception: 20.11.2021, 15:03:27 +, KeyTag 45318, Signer-Name: vip.icann.org


	Status: Good. NXDomain-Proof required and found.


	CAA-Query sends a valid NSEC3 RR as result with the hashed query name "vtfmkt56sil99j951r22dl6jga7fgsk1" equal the hashed NSEC3-owner "vtfmkt56sil99j951r22dl6jga7fgsk1" and the hashed NextOwner "vtfmkt56sil99j951r22dl6jga7fgsk2". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: MX, TXT, RRSIG Validated: RRSIG-Owner vtfmkt56sil99j951r22dl6jga7fgsk1.vip.icann.org., Algorithm: 8, 4 Labels, original TTL: 60 sec, Signature-expiration: 27.11.2021, 14:23:32 +, Signature-Inception: 20.11.2021, 13:23:32 +, KeyTag 45318, Signer-Name: vip.icann.org


	Status: Good. NoData-Proof required and found.

3. Name Servers

Domain	Nameserver	NS-IP
iana.org	• a.iana-servers.net / iad.aservers.dns.icann.org	199.43.135.53 Ashburn/Virginia/United States (US) - ICANN	•
	•	2001:500:8f::53 Ashburn/Virginia/United States (US) - ICANN	•
	• b.iana-servers.net / iad.bservers.dns.icann.org	199.43.133.53 Ashburn/Virginia/United States (US) - ICANN	•
	•	2001:500:8d::53 Ashburn/Virginia/United States (US) - ICANN	•
	• c.iana-servers.net / ns012b.app9.ams2.afilias-nst.info	199.43.134.53 Miami/Florida/United States (US) - Afilias, Inc.	•
	•	2001:500:8e::53 Zurich/Switzerland (CH) - Afilias, Inc.	•
	• ns.icann.org / iad.nsicann.dns.icann.org	199.4.138.53 Los Angeles/California/United States (US) - ICANN	•
	•	2001:500:89::53 Los Angeles/California/United States (US) - ICANN	•
	T sns.dns.icann.org	192.0.32.162 Los Angeles/California/United States (US) - ICANN
org	• a0.org.afilias-nst.info
	• a2.org.afilias-nst.info
	• b0.org.afilias-nst.org
	• b2.org.afilias-nst.org
	• c0.org.afilias-nst.info
	• d0.org.afilias-nst.org

ianawww.vip.icann.org	• gtm1.lax.icann.org	192.0.32.252 Los Angeles/California/United States (US) - ICANN	•
	•	2620:0:2d0:296::252 Los Angeles/California/United States (US) - ICANN	•
vip.icann.org	• gtm1.dc.icann.org	192.0.47.252 Washington/District of Columbia/United States (US) - ICANN	•
	•	2620:0:2830:296::252 Troy/New York/United States (US) - ICANN	•
	• gtm1.lax.icann.org	192.0.32.252 Los Angeles/California/United States (US) - ICANN	•
	•	2620:0:2d0:296::252 Los Angeles/California/United States (US) - ICANN	•
	• gtm1.mdr.icann.org	192.0.36.252 Anchorage/Alaska/United States (US) - ICANN	•
	•	2620:0:2ed0:296::252 Los Angeles/California/United States (US) - ICANN	•
icann.org	• a.icann-servers.net / iad.aservers.dns.icann.org	199.43.135.53 Ashburn/Virginia/United States (US) - ICANN	•
	•	2001:500:8f::53 Ashburn/Virginia/United States (US) - ICANN	•
	• b.icann-servers.net / iad.bservers.dns.icann.org	199.43.133.53 Ashburn/Virginia/United States (US) - ICANN	•
	•	2001:500:8d::53 Ashburn/Virginia/United States (US) - ICANN	•
	• c.icann-servers.net / ns012b.app25.ams2.afilias-nst.info	199.43.134.53 Miami/Florida/United States (US) - Afilias, Inc.	•
	•	2001:500:8e::53 Zurich/Switzerland (CH) - Afilias, Inc.	•
	• ns.icann.org / iad.nsicann.dns.icann.org	199.4.138.53 Los Angeles/California/United States (US) - ICANN	•
	•	2001:500:89::53 Los Angeles/California/United States (US) - ICANN	•
	• sns.dns.icann.org
org	• a0.org.afilias-nst.info
	• a2.org.afilias-nst.info
	• b0.org.afilias-nst.org
	• b2.org.afilias-nst.org
	• c0.org.afilias-nst.info
	• d0.org.afilias-nst.org

4. SOA-Entries

Domain:	org
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	6

Domain:	iana.org
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1

Domain:	iana.org
Zone-Name:	iana.org
Primary:	sns.dns.icann.org
Mail:	noc.dns.icann.org
Serial:	2021111701
Refresh:	7200
Retry:	3600
Expire:	1209600
TTL:	3600
num Entries:	8


Domain:	org
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	6

Domain:	icann.org
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1

Domain:	icann.org
Zone-Name:	icann.org
Primary:	sns.dns.icann.org
Mail:	noc.dns.icann.org
Serial:	2021111724
Refresh:	10800
Retry:	3600
Expire:	1209600
TTL:	3600
num Entries:	8

Domain:	vip.icann.org
Zone-Name:	vip.icann.org
Primary:	gtm1.lax.icann.org
Mail:	hostmaster.gtm1.lax.icann.org
Serial:	2021110102
Refresh:	10800
Retry:	3600
Expire:	604800
TTL:	60
num Entries:	6

Domain:	ianawww.vip.icann.org
Zone-Name:	vip.icann.org
Primary:	gtm1.lax.icann.org
Mail:	hostmaster.gtm1.lax.icann.org
Serial:	2021110102
Refresh:	10800
Retry:	3600
Expire:	604800
TTL:	60
num Entries:	2

5. Screenshots

Startaddress: https://www.iana.org, address used: https://www.iana.org/, Screenshot created 2021-11-20 17:05:23 +00:0

Mobil (412px x 732px)

671 milliseconds

Screenshot mobile - https://www.iana.org/

Mobil + Landscape (732px x 412px)

686 milliseconds

Screenshot mobile landscape - https://www.iana.org/

Screen (1280px x 1680px)

2391 milliseconds

Screenshot Desktop - https://www.iana.org/

Mobile- and other Chrome-Checks

	width	height
visual Viewport	396	732
content Size	396	1666

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

Chrome-Connection: secure. secure connection settings. The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_256_GCM.

Chrome-Resources : secure. all served securely. All resources on this page are served securely.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://iana.org/ 192.0.43.8	301	https://www.iana.org/ Html is minified: 100.00 %	0.230	E
Date: Sat, 20 Nov 2021 16:04:09 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 24 Nov 2021 16:04:09 GMT
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://iana.org/ 2001:500:88:200::8	301	https://www.iana.org/ Html is minified: 100.00 %	0.234	E
Date: Sat, 20 Nov 2021 16:04:09 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 24 Nov 2021 16:04:09 GMT
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://www.iana.org/ 192.0.46.8 GZip used - 1663 / 6190 - 73.13 %	200	Html is minified: 158.43 %	0.233	H
Date: Sat, 20 Nov 2021 16:04:09 GMT
Server: Apache
Last-Modified: Tue, 05 Oct 2021 16:40:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff,nosniff
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Expires: Sat, 20 Nov 2021 16:25:20 GMT
Referrer-Policy: origin-when-cross-origin
Age: 2329
Cache-Control: public, max-age=3600
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://.gstatic.com;
Content-Length: 1663
Connection: close
Content-Type: text/html; charset=UTF-8

• http://www.iana.org/ 2620:0:2830:200::b:8 GZip used - 1663 / 6190 - 73.13 %	200	Html is minified: 158.43 %	0.223	H
Date: Sat, 20 Nov 2021 16:01:42 GMT
Server: Apache
Vary: Accept-Encoding
Last-Modified: Tue, 05 Oct 2021 16:40:44 GMT
X-Frame-Options: SAMEORIGIN
Expires: Sat, 20 Nov 2021 16:08:36 GMT
Referrer-Policy: origin-when-cross-origin
X-Content-Type-Options: nosniff
Age: 3333
Content-Encoding: gzip
Cache-Control: public, max-age=3600
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://.gstatic.com;
Content-Length: 1663
Connection: close
Content-Type: text/html; charset=UTF-8

• https://iana.org/ 192.0.43.8	301	https://www.iana.org/ Html is minified: 100.00 %	3.980	B
Date: Sat, 20 Nov 2021 16:04:11 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 24 Nov 2021 16:04:11 GMT
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://iana.org/ 2001:500:88:200::8	301	https://www.iana.org/ Html is minified: 100.00 %	3.170	B
Date: Sat, 20 Nov 2021 16:04:15 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 24 Nov 2021 16:04:15 GMT
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://www.iana.org/ 192.0.46.8 GZip used - 1663 / 6190 - 73.13 % Inline-JavaScript (∑/total): 3/331 Inline-CSS (∑/total): 0/0	200	Html is minified: 158.43 %	3.387	A
Date: Sat, 20 Nov 2021 15:50:03 GMT
Server: Apache
Vary: Accept-Encoding
Last-Modified: Tue, 05 Oct 2021 16:40:44 GMT
X-Frame-Options: SAMEORIGIN
Expires: Sat, 20 Nov 2021 16:37:20 GMT
Referrer-Policy: origin-when-cross-origin
X-Content-Type-Options: nosniff
Age: 1618
Content-Encoding: gzip
Cache-Control: public, max-age=3600
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://.gstatic.com;
Content-Length: 1663
Connection: close
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=48211200; preload

• https://www.iana.org/ 2620:0:2830:200::b:8 GZip used - 1663 / 6190 - 73.13 % Inline-JavaScript (∑/total): 3/331 Inline-CSS (∑/total): 0/0	200	Html is minified: 158.43 %	3.157	A
Date: Sat, 20 Nov 2021 16:01:42 GMT
Server: Apache
Vary: Accept-Encoding
Last-Modified: Tue, 05 Oct 2021 16:40:44 GMT
X-Frame-Options: SAMEORIGIN
Expires: Sat, 20 Nov 2021 16:08:36 GMT
Referrer-Policy: origin-when-cross-origin
X-Content-Type-Options: nosniff
Age: 3346
Content-Encoding: gzip
Cache-Control: public, max-age=3600
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://.gstatic.com;
Content-Length: 1663
Connection: close
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=48211200; preload

• http://iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 192.0.43.8 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	301	https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 100.00 %	0.217	E
Visible Content: Moved Permanently The document has moved here .
Date: Sat, 20 Nov 2021 16:04:27 GMT
Server: Apache
Location: https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Cache-Control: max-age=345600
Expires: Wed, 24 Nov 2021 16:04:27 GMT
Content-Length: 298
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2001:500:88:200::8 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	301	https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 100.00 %	0.210	E
Visible Content: Moved Permanently The document has moved here .
Date: Sat, 20 Nov 2021 16:04:27 GMT
Server: Apache
Location: https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Cache-Control: max-age=345600
Expires: Wed, 24 Nov 2021 16:04:27 GMT
Content-Length: 298
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 192.0.46.8 Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 0/0	404	Html is minified: 144.03 %	0.227	A
Not Found
Visible Content: Domains Protocols Numbers About This page does not exist. If you believe this page should exist, please let us know by reporting the problem to iana@iana.org and we will investigate a solution. Domain Names Root Zone Registry .INT Registry .ARPA Registry IDN Repository Number Resources Abuse Information Protocols Protocol Registries Time Zone Database About Us Presentations Reports Performance Reviews Excellence Contact Us The IANA functions coordinate the Internet’s globally unique identifiers, and are provided by Public Technical Identifiers , an affiliate of ICANN . Privacy Policy Terms of Service
Date: Sat, 20 Nov 2021 16:04:28 GMT
Server: Apache
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3863
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=3600
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://.gstatic.com;
Connection: close

• http://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2620:0:2830:200::b:8 Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 0/0	404	Html is minified: 144.03 %	0.240	A
Not Found
Visible Content: Domains Protocols Numbers About This page does not exist. If you believe this page should exist, please let us know by reporting the problem to iana@iana.org and we will investigate a solution. Domain Names Root Zone Registry .INT Registry .ARPA Registry IDN Repository Number Resources Abuse Information Protocols Protocol Registries Time Zone Database About Us Presentations Reports Performance Reviews Excellence Contact Us The IANA functions coordinate the Internet’s globally unique identifiers, and are provided by Public Technical Identifiers , an affiliate of ICANN . Privacy Policy Terms of Service
Date: Sat, 20 Nov 2021 16:04:28 GMT
Server: Apache
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3863
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=3600
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://.gstatic.com;
Connection: close

• https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 0/0	404	Html is minified: 144.03 %	3.344	A
Not Found
Visible Content: Domains Protocols Numbers About This page does not exist. If you believe this page should exist, please let us know by reporting the problem to iana@iana.org and we will investigate a solution. Domain Names Root Zone Registry .INT Registry .ARPA Registry IDN Repository Number Resources Abuse Information Protocols Protocol Registries Time Zone Database About Us Presentations Reports Performance Reviews Excellence Contact Us The IANA functions coordinate the Internet’s globally unique identifiers, and are provided by Public Technical Identifiers , an affiliate of ICANN . Privacy Policy Terms of Service
Date: Sat, 20 Nov 2021 16:04:45 GMT
Server: Apache
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3863
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=3600
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://.gstatic.com;
Connection: close
Strict-Transport-Security: max-age=48211200; preload

• https://192.0.43.8/ 192.0.43.8	302	https://www.iana.org/ Html is minified: 100.00 %	3.380	N
Certificate error: RemoteCertificateNameMismatch
Date: Sat, 20 Nov 2021 16:04:29 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 24 Nov 2021 16:04:29 GMT
Content-Length: 205
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://192.0.46.8/ 192.0.46.8	301	https://www.iana.org/ Html is minified: 100.00 %	3.360	N
Certificate error: RemoteCertificateNameMismatch
Date: Sat, 20 Nov 2021 16:04:37 GMT
Server: Apache
Location: https://www.iana.org/
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1
Strict-Transport-Security: max-age=48211200; preload

• https://[2001:0500:0088:0200:0000:0000:0000:0008]/ 2001:500:88:200::8	302	https://www.iana.org/ Html is minified: 100.00 %	3.470	N
Certificate error: RemoteCertificateNameMismatch
Date: Sat, 20 Nov 2021 16:04:33 GMT
Server: Apache
Location: https://www.iana.org/
Cache-Control: max-age=345600
Expires: Wed, 24 Nov 2021 16:04:33 GMT
Content-Length: 205
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://[2620:0000:2830:0200:0000:0000:000b:0008]/ 2620:0:2830:200::b:8	301	https://www.iana.org/ Html is minified: 100.00 %	3.466	N
Certificate error: RemoteCertificateNameMismatch
Date: Sat, 20 Nov 2021 16:04:41 GMT
Server: Apache
Location: https://www.iana.org/
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1
Strict-Transport-Security: max-age=48211200; preload

7. Comments

	1. General Results, most used to calculate the result
A	name "iana.org" is domain, public suffix is ".org", top-level-domain is ".org", top-level-domain-type is "generic", tld-manager is "Public Interest Registry (PIR)", num .org-domains preloaded: 5635 (complete: 168171)
A	good: All ip addresses are public addresses
A	Good: Minimal 2 ip addresses per domain name found: iana.org has 2 different ip addresses (authoritative).
A	Good: Minimal 2 ip addresses per domain name found: www.iana.org has 2 different ip addresses (authoritative).
A	Good: Ipv4 and Ipv6 addresses per domain name found: iana.org has 1 ipv4, 1 ipv6 addresses
A	Good: Ipv4 and Ipv6 addresses per domain name found: www.iana.org has 1 ipv4, 1 ipv6 addresses
A	good: No asked Authoritative Name Server had a timeout
A	https://192.0.46.8/ 192.0.46.8	301	https://www.iana.org/	correct redirect https to https
A	https://192.0.46.8/ 192.0.46.8	301	https://www.iana.org/	correct redirect https to https
A	https://[2620:0000:2830:0200:0000:0000:000b:0008]/ 2620:0:2830:200::b:8	301	https://www.iana.org/	correct redirect https to https
A	https://[2620:0000:2830:0200:0000:0000:000b:0008]/ 2620:0:2830:200::b:8	301	https://www.iana.org/	correct redirect https to https
A	good: one preferred version: www is preferred
A	Good: No cookie sent via http.
	Warning: HSTS preload sent, but not in Preload-List. Never send a preload directive if you don't know what preload means. Check https://hstspreload.org/ to learn the basics about the Google-Preload list. If you send a preload directive, you should immediately add your domain to the HSTS preload list via https://hstspreload.org/ . If Google accepts the domain, so the status is "pending": Note that new entries are hardcoded into the Chrome source code and can take several months before they reach the stable version. So you will see this message some months. If you don't want that or if you don't understand "preload", but if you send a preload directive and if you have correct A-redirects, everybody can add your domain to that list. Then you may have problems, it's not easy to undo that. So if you don't want your domain preloaded, remove the preload directive.
	HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
B	https://iana.org/ 192.0.43.8	301		Missing HSTS-Header
B	https://iana.org/ 2001:500:88:200::8	301		Missing HSTS-Header
C	Error - more then one version with Http-Status 200. After all redirects, all users (and search engines) should see the same https url: Non-www or www, but not both with http status 200.
E	http://iana.org/ 192.0.43.8	301	https://www.iana.org/	Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
E	http://iana.org/ 2001:500:88:200::8	301	https://www.iana.org/	Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
H	Fatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
N	https://192.0.43.8/ 192.0.43.8	302	https://www.iana.org/	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://[2001:0500:0088:0200:0000:0000:0000:0008]/ 2001:500:88:200::8	302	https://www.iana.org/	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://192.0.46.8/ 192.0.46.8	301	https://www.iana.org/	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://[2620:0000:2830:0200:0000:0000:000b:0008]/ 2620:0:2830:200::b:8	301	https://www.iana.org/	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
X	Fatal error: Nameserver doesn't support TCP connection: sns.dns.icann.org / 192.0.32.162: Timeout
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain iana.org, 2 ip addresses.
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.iana.org, 2 ip addresses.
	Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain iana.org, 2 ip addresses, 1 different http results.
	Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain www.iana.org, 2 ip addresses, 1 different http results.
	2. DNS- and NameServer - Checks
A	Info:: 8 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 5 Name Servers.
A	Info:: 8 Queries complete, 8 with IPv6, 0 with IPv4.
A	Good: All DNS Queries done via IPv6.
A	Good: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.a.iana-servers.net (199.43.135.53, 2001:500:8f::53), ns.icann.org (199.4.138.53, 2001:500:89::53), b.iana-servers.net (199.43.133.53, 2001:500:8d::53), c.iana-servers.net (199.43.134.53, 2001:500:8e::53), ns.icann.org (199.4.138.53, 2001:500:89::53)
A	Good (1 - 3.0):: An average of 1.6 queries per domain name server required to find all ip addresses of all name servers.
A	Info:: 5 different Name Servers found: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org, sns.dns.icann.org, 4 Name Servers included in Delegation: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org, 4 Name Servers included in 2 Zone definitions: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org, 1 Name Servers listed in SOA.Primary: sns.dns.icann.org.
A	Good: Only one SOA.Primary Name Server found.: sns.dns.icann.org.
	Error: SOA.Primary Name Server not included in the delegation set.: sns.dns.icann.org.
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A	Good: Minimal 2 different name servers (public suffix and public ip address) found: 5 different Name Servers found
A	Good: Some Name Servers have IPv6 addresses: 4 Name Servers with IPv6 found (1 Name Servers without IPv6)
A	Good: Name servers with different Top Level Domains / Public Suffix List entries found: 5 Name Servers, 2 Top Level Domains: org, net
A	Good: Name Servers with different domain names found.: 2 different Domains found
A	Good: Name servers with different Country locations found: 5 Name Servers, 2 Countries: CH, US
A	Info: Ipv4-Subnet-list: 5 Name Servers, 2 different subnets (first Byte): 192., 199., 3 different subnets (first two Bytes): 192.0., 199.4., 199.43., 5 different subnets (first three Bytes): 192.0.32., 199.4.138., 199.43.133., 199.43.134., 199.43.135.
A	Good: Name Server IPv4-addresses from different subnet found:
A	Info: IPv6-Subnet-list: 4 Name Servers with IPv6, 1 different subnets (first block): 2001:, 1 different subnets (first two blocks): 2001:0500:, 4 different subnets (first three blocks): 2001:0500:0089:, 2001:0500:008d:, 2001:0500:008e:, 2001:0500:008f:, 4 different subnets (first four blocks): 2001:0500:0089:0000:, 2001:0500:008d:0000:, 2001:0500:008e:0000:, 2001:0500:008f:0000:
A	Good: Name Server IPv6 addresses from different subnets found.
A	Info: Nameserver mit different domain names found. May be a problem with DNS-Updates
X	Nameserver Timeout checking Echo Capitalization: sns.dns.icann.org / 192.0.32.162
X	Nameserver Timeout checking EDNS512: sns.dns.icann.org / 192.0.32.162
	Nameserver doesn't pass all EDNS-Checks: a0.org.afilias-nst.info: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: a0.org.afilias-nst.info: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: a2.org.afilias-nst.info: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: a2.org.afilias-nst.info: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: b0.org.afilias-nst.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: b0.org.afilias-nst.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: b2.org.afilias-nst.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: b2.org.afilias-nst.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: c0.org.afilias-nst.info: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: c0.org.afilias-nst.info: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: d0.org.afilias-nst.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: d0.org.afilias-nst.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: sns.dns.icann.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: sns.dns.icann.org / 192.0.32.162: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
A	Good: All SOA have the same Serial Number
	Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.
	3. Content- and Performance-critical Checks
A	Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: Every https result with status 200 supports GZip.
	https://www.iana.org/ 192.0.46.8	200		Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
	https://www.iana.org/ 2620:0:2830:200::b:8	200		Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
	https://www.iana.org/ 192.0.46.8	200		Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
	https://www.iana.org/ 2620:0:2830:200::b:8	200		Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
	https://www.iana.org/ 192.0.46.8	200		Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
	https://www.iana.org/ 2620:0:2830:200::b:8	200		Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
	https://www.iana.org/ 192.0.46.8	200		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	https://www.iana.org/ 2620:0:2830:200::b:8	200		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	http://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 192.0.46.8	404		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	http://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2620:0:2830:200::b:8	404		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
	Warning: CSS / JavaScript found without GZip support. Send these ressources with GZip. 5 external CSS / JavaScript files without GZip found - 10 with GZip, 15 complete
	Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 5 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 10 with Cache-Control long enough, 15 complete.
	Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 1 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 2 with Cache-Control long enough, 3 complete.
A	Good: All checked attribute values are enclosed in quotation marks (" or ').
A	Good: All img-elements have a valid alt-attribute.: 3 img-elements found.
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
	https://www.iana.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404	3.344 seconds	Warning: 404 needs more then one second
A	Duration: 276570 milliseconds, 276.570 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

iana.org

192.0.43.8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

iana.org

192.0.43.8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

iana.org

2001:500:88:200::8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

iana.org

2001:500:88:200::8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

www.iana.org

192.0.46.8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

www.iana.org

192.0.46.8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

www.iana.org

2620:0:2830:200::b:8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

www.iana.org

2620:0:2830:200::b:8

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0

www.iana.org

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

www.iana.org

443

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0

192.0.43.8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

192.0.43.8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

192.0.46.8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

192.0.46.8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

[2001:0500:0088:0200:0000:0000:0000:0008]

2001:500:88:200::8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

[2001:0500:0088:0200:0000:0000:0000:0008]

2001:500:88:200::8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

[2620:0000:2830:0200:0000:0000:000b:0008]

2620:0:2830:200::b:8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

[2620:0000:2830:0200:0000:0000:000b:0008]

2620:0:2830:200::b:8

443

name does not match

Tls12

ECDH Ephermal

384

Aes256

256

Sha384

error checking OCSP stapling

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0

9. Certificates

CN=*.iana.org, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, S=California, C=US

03.12.2020

04.01.2022
expires in 37 days

*.iana.org, iana.org - 2 entries

CN=*.iana.org, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, S=California, C=US

03.12.2020

04.01.2022
expires in 37 days

*.iana.org, iana.org - 2 entries

Keyalgorithm	RSA encryption (4096 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0E1D79D48A9C91B7AD27F536DE9EEA97
Thumbprint:	F65D118887C8D7AA4831B4787CA7DF0455224F89
SHA256 / Certificate:	A2t52t6DmSBtoV320+177hgMb5DxPVLrIw91NBu9j78=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	d56f85824b6ed2ab15b9040c20b574515d9a0ab415ca253b42cbc915a11de18d
SHA256 hex / Subject Public Key Information (SPKI):	d56f85824b6ed2ab15b9040c20b574515d9a0ab415ca253b42cbc915a11de18d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=*.iana.org, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, S=California, C=US

03.12.2020

04.01.2022
expires in 37 days

*.iana.org, iana.org - 2 entries

CN=*.iana.org, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, S=California, C=US

03.12.2020

04.01.2022
expires in 37 days

*.iana.org, iana.org - 2 entries

Keyalgorithm	RSA encryption (4096 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0E1D79D48A9C91B7AD27F536DE9EEA97
Thumbprint:	F65D118887C8D7AA4831B4787CA7DF0455224F89
SHA256 / Certificate:	A2t52t6DmSBtoV320+177hgMb5DxPVLrIw91NBu9j78=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	d56f85824b6ed2ab15b9040c20b574515d9a0ab415ca253b42cbc915a11de18d
SHA256 hex / Subject Public Key Information (SPKI):	d56f85824b6ed2ab15b9040c20b574515d9a0ab415ca253b42cbc915a11de18d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

24.09.2020

24.09.2030
expires in 3222 days

CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

24.09.2020

24.09.2030
expires in 3222 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0A3508D55C292B017DF8AD65C00FF7E4
Thumbprint:	6938FD4D98BAB03FAADB97B34396831E3780AEA1
SHA256 / Certificate:	JXaHE9O0Wfk4LSpZT4XzRwn9KokwcxVCpBRv+yRr7Gk=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	450799901e36ce751fb0320815621189811c2a5ee71f0345c160ab9cc3096d57
SHA256 hex / Subject Public Key Information (SPKI):	450799901e36ce751fb0320815621189811c2a5ee71f0345c160ab9cc3096d57
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

24.09.2020

24.09.2030
expires in 3222 days

CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

24.09.2020

24.09.2030
expires in 3222 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0A3508D55C292B017DF8AD65C00FF7E4
Thumbprint:	6938FD4D98BAB03FAADB97B34396831E3780AEA1
SHA256 / Certificate:	JXaHE9O0Wfk4LSpZT4XzRwn9KokwcxVCpBRv+yRr7Gk=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	450799901e36ce751fb0320815621189811c2a5ee71f0345c160ab9cc3096d57
SHA256 hex / Subject Public Key Information (SPKI):	450799901e36ce751fb0320815621189811c2a5ee71f0345c160ab9cc3096d57
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 3634 days

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 3634 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	083BE056904246B1A1756AC95991C74A
Thumbprint:	A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
SHA256 / Certificate:	Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=
SHA256 hex / Cert (DANE * 0 1):	4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161
SHA256 hex / PublicKey (DANE * 1 1):	aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SHA256 hex / Subject Public Key Information (SPKI):	aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

07.12.2016

10.05.2025
expires in 1259 days

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

07.12.2016

10.05.2025
expires in 1259 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0F5BC3A176CB789E2020C7893C8167B4
Thumbprint:	FB20FA8A6A93B375F054814F9E00273EA51A6138
SHA256 / Certificate:	bay7iUUTex2tQhGwQ2774G8SrONpBJc7Ra4ldAgj02k=
SHA256 hex / Cert (DANE * 0 1):	6dacbb8945137b1dad4211b0436efbe06f12ace36904973b45ae25740823d369
SHA256 hex / PublicKey (DANE * 1 1):	aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SHA256 hex / Subject Public Key Information (SPKI):	aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

12.05.2000

13.05.2025
expires in 1262 days

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

12.05.2000

13.05.2025
expires in 1262 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	020000B9
Thumbprint:	D4DE20D05E66FC53FE1A50882C78DB2852CAE474
SHA256 / Certificate:	Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=
SHA256 hex / Cert (DANE * 0 1):	16af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb
SHA256 hex / PublicKey (DANE * 1 1):	63d9af9b47b1064d49a10e7b7fd566dbc8caa399459bfc2829c571ad8c6ef34a
SHA256 hex / Subject Public Key Information (SPKI):	63d9af9b47b1064d49a10e7b7fd566dbc8caa399459bfc2829c571ad8c6ef34a
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer				last 7 days	active	num Certs
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	1	1
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US				0	0	1

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
2113253690 precert	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2020-12-03 00:00:00	2022-01-03 23:59:59	*.iana.org, iana.org - 2 entries
262970317 leaf cert	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	2017-12-14 00:00:00	2021-01-27 12:00:00	*.iana.org, iana.org - 2 entries

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

Issuer				last 7 days	active	num Certs
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	1	1
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US				0	0	1

CRT-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
3757301777 leaf cert	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2020-12-02 23:00:00	2022-01-03 22:59:59	*.iana.org, iana.org 2 entries
283160301 leaf cert	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	2017-12-13 23:00:00	2021-01-27 11:00:00	*.iana.org, iana.org 2 entries

11. Html-Content - Entries

Summary

							Subresource Integrity (SRI)
Domainname	HtmlElement	rel/property	∑	∑ size	∑ problems	∑ int.	∑ ext.	∑ Origin poss.	∑ SRI ParseErrors	∑ SRI valid	∑ SRI missing
https://www.iana.org/ 192.0.46.8	a		35		0			0	0	0
	link	stylesheet	1	7,210 Bytes	0	1	0	0	0	0
	link	other	2	7,406 Bytes	0	1	0	0	0	0
	meta	other	3		0			0	0	0
	script		2	30,970 Bytes	0	2	0	0	0	0
https://www.iana.org/ 2620:0:2830:200::b:8	a		35		0			0	0	0
	link	stylesheet	1		0	1	0	0	0	0
	link	other	2	7,406 Bytes	0	1	0	0	0	0
	meta	other	3		0			0	0	0
	script		2	30,970 Bytes	0	2	0	0	0	0

Details

Domainname

Html-Element

name/equiv/ property/rel

href/src/content

HttpStatus

msg

∑

Status

https://www.iana.org/
192.0.46.8

/about

/about/excellence

/about/presentations

/abuse

/contact

/domains

/domains/arpa

/domains/idn-tables

/domains/int

/domains/root

/domains/root/db

/numbers

/performance

/protocols

/protocols/apply

/reports

/reviews

/time-zones

about/

http://pti.icann.org

http://www.icann.org/

https://www.icann.org/privacy/policy

https://www.icann.org/privacy/tos

link

canonical

https://iana.org/

link

shortcut icon

/_img/bookmark_icon.ico

200

image/vnd.microsoft.icon, X-Content-Type-Options nosniff found

Cache-Control: public, s-maxage=86402, max-age=604814 with long duration found.

No GZip - 7406 Bytes

link

stylesheet

/_css/2022/iana_website.css

200

text/css, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 7210/35604 Bytes

local SRI possible, possible hash-values:

sha256-YTuZov2HJ9k8bif+2qjB70fdeMO4kgXEMu/hlZYHy/M=
sha384-J6gHX70iKSREFH/XPgJnqkq/hn+do5DWeBWdT3j/HqcILQVuUctRn4U7U8oW9cf5
sha512-GjNSS5T/faD6We8vkqm3WF+LxwJ7KsjuRxHD5xAtqPFfvQNYArU8vmKvz1jdXN4SpZyRDJMDOSBiFM2nvGeH/A==

Content loaded via url("...")

/_img/2011.1/icons/icon_alert.png

/_img/2015.1/iana-logo-header-notext.svg

/_img/2015.1/iana-logo-homepage.svg

/_img/2022/fonts/NotoSans-Bold.woff

/_img/2022/fonts/NotoSansDevanagari-Regular.ttf

/_img/2022/fonts/NotoSansHebrew-Regular.ttf

/_img/2022/fonts/NotoSans-Italic.woff

/_img/2022/fonts/NotoSans-Regular.woff

/_img/2022/fonts/SourceCodePro-Regular.woff

meta

utf-8

meta

Content-type

text/html; charset=utf-8

meta

viewport

width=device-width, initial-scale=1

script

src

/_js/iana.js

200

Missing defer / async attribute.

application/javascript, X-Content-Type-Options nosniff found

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip required: 68 Bytes

local SRI possible, possible hash-values:

sha256-QyglbUDNqgR9mUYLQ/bXc2aYKXXokaky744Ac2/YLho=
sha384-YHoX2g/hbU7JG4iM5VOtWnFnkHst6Lqub+piTUpM6SGbp+z7jf13muAZnhztJXtf
sha512-Odxwt9EUvU+Q45iET6joG0p576jhOXGl0zOchG/bmPV0tlaZTxFQ+2pOtw50c3j/lKCmHBlM6Wmr7QCzWOUGnw==

script

src

/_js/jquery.js

200

Missing defer / async attribute.

application/javascript, X-Content-Type-Options nosniff found

No Cache-Control - header

GZip: 30902/89501 Bytes

local SRI possible, possible hash-values:

sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=
sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK
sha512-894YE6QWD5I59HgZOGReFYm4dnWc1Qt5NtvYSaNcOP+u1T9qYdvdihz0PPSiiqn/+/3e7Jo4EaG7TubfWGUrMQ==

2620:0:2830:200::b:8

/about

/about/excellence

/about/presentations

/abuse

/contact

/domains

/domains/arpa

/domains/idn-tables

/domains/int

/domains/root

/domains/root/db

/numbers

/performance

/protocols

/protocols/apply

/reports

/reviews

/time-zones

about/

http://pti.icann.org

http://www.icann.org/

https://www.icann.org/privacy/policy

https://www.icann.org/privacy/tos

link

canonical

https://iana.org/

link

shortcut icon

/_img/bookmark_icon.ico

200

image/vnd.microsoft.icon, X-Content-Type-Options nosniff found

Cache-Control: public, s-maxage=86402, max-age=604814 with long duration found.

No GZip - 7406 Bytes

link

stylesheet

/_css/2022/iana_website.css

200

text/css, X-Content-Type-Options nosniff found

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 7210/35604 Bytes

local SRI possible, possible hash-values:

Content loaded via url("...")

/_img/2011.1/icons/icon_alert.png

/_img/2015.1/iana-logo-header-notext.svg

/_img/2015.1/iana-logo-homepage.svg

/_img/2022/fonts/NotoSans-Bold.woff

/_img/2022/fonts/NotoSansDevanagari-Regular.ttf

/_img/2022/fonts/NotoSansHebrew-Regular.ttf

/_img/2022/fonts/NotoSans-Italic.woff

/_img/2022/fonts/NotoSans-Regular.woff

/_img/2022/fonts/SourceCodePro-Regular.woff

meta

utf-8

meta

Content-type

text/html; charset=utf-8

meta

viewport

width=device-width, initial-scale=1

script

src

/_js/iana.js

200

Missing defer / async attribute.

application/javascript, X-Content-Type-Options nosniff found

No Cache-Control - header

GZip required: 68 Bytes

local SRI possible, possible hash-values:

script

src

/_js/jquery.js

200

Missing defer / async attribute.

application/javascript, missing X-Content-Type-Options nosniff

Cache-Control: public, s-maxage=86402, max-age=604814 - with long duration found.

GZip: 30902/89501 Bytes

local SRI possible, possible hash-values:

12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: a.iana-servers.net, b.iana-servers.net, c.iana-servers.net, ns.icann.org, sns.dns.icann.org

QNr.	Domain	Type	NS used
1	net	NS	d.root-servers.net (2001:500:2d::d)
	Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2	a.iana-servers.net: 199.43.135.53, 2001:500:8f::53	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: b.iana-servers.net 199.43.133.53, 2001:500:8d::53
	Answer: c.iana-servers.net 199.43.134.53, 2001:500:8e::53
3	org	NS	k.root-servers.net (2001:7fd::1)
	Answer: a0.org.afilias-nst.info, a2.org.afilias-nst.info, b0.org.afilias-nst.org, b2.org.afilias-nst.org, c0.org.afilias-nst.info, d0.org.afilias-nst.org
4	ns.icann.org: 199.4.138.53, 2001:500:89::53	NS	a0.org.afilias-nst.info (2001:500:e::1)
5	sns.dns.icann.org	NS	a0.org.afilias-nst.info (2001:500:e::1)
	Answer: a.icann-servers.net, b.icann-servers.net, c.icann-servers.net, ns.icann.org
	Answer: ns.icann.org 199.4.138.53, 2001:500:89::53
6	a.icann-servers.net: 199.43.135.53, 2001:500:8f::53	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: b.icann-servers.net 199.43.133.53, 2001:500:8d::53
	Answer: c.icann-servers.net 199.43.134.53, 2001:500:8e::53
7	sns.dns.icann.org: 192.0.32.162	A	a.icann-servers.net (2001:500:8f::53)
8	sns.dns.icann.org: No AAAA record found	AAAA	a.icann-servers.net (2001:500:8f::53)

13. CAA - Entries

Domainname	flag	Value	∑ Queries
ianawww.vip.icann.org	0	no CAA entry found	1
vip.icann.org	0	no CAA entry found	1
www.iana.org			1
icann.org	0	no CAA entry found	1
iana.org	0	no CAA entry found	1
org	0	no CAA entry found	1
	0	no CAA entry found	1

14. TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
iana.org	c9e864a6c53444038d34fe3a22513b74	ok	1
iana.org	docusign=b2d7c7b0-4627-494b-a7aa-682ee87c265d	ok	1
iana.org	google-site-verification=iIqTTcUxND4wZOeVe5Ho728rH3JOSDnssYsYJ7pUtQQ	ok	1
iana.org	MS=ms22660639	ok	1
iana.org	smartsheet-site-validation=CcnvONgQ2ibuzf2zHZxgPaWUqTwt-Sjr	ok	1
iana.org	v=spf1 redirect=icann.org	ok	1
www.iana.org			1
ianawww.vip.icann.org		ok	1
_acme-challenge.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.www.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.iana.org.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.www.iana.org.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.ianawww.vip.icann.org		Name Error - The domain name does not exist	1
_acme-challenge.www.iana.org.www.iana.org		Name Error - The domain name does not exist	1
_acme-challenge.ianawww.vip.icann.org.ianawww.vip.icann.org		Name Error - The domain name does not exist	1

15. Portchecks

Domain or IP	Port	Description	Result	Answer
iana.org	21	FTP	open
421 Please use ftp.iana.org instead.
iana.org	21	FTP	open	421 Please use ftp.iana.org instead.
iana.org	22	SSH

iana.org	22	SSH
iana.org	25	SMTP

iana.org	25	SMTP
iana.org	53	DNS

iana.org	53	DNS
iana.org	110	POP3

iana.org	110	POP3
iana.org	143	IMAP

iana.org	143	IMAP
iana.org	465	SMTP (encrypted)

iana.org	465	SMTP (encrypted)
iana.org	587	SMTP (encrypted, submission)

iana.org	587	SMTP (encrypted, submission)
iana.org	993	IMAP (encrypted)

iana.org	993	IMAP (encrypted)
iana.org	995	POP3 (encrypted)

iana.org	995	POP3 (encrypted)
iana.org	1433	MS SQL

iana.org	1433	MS SQL
iana.org	2082	cPanel (http)

iana.org	2082	cPanel (http)
iana.org	2083	cPanel (https)

iana.org	2083	cPanel (https)
iana.org	2086	WHM (http)

iana.org	2086	WHM (http)
iana.org	2087	WHM (https)

iana.org	2087	WHM (https)
iana.org	2089	cPanel Licensing

iana.org	2089	cPanel Licensing
iana.org	2095	cPanel Webmail (http)

iana.org	2095	cPanel Webmail (http)
iana.org	2096	cPanel Webmail (https)

iana.org	2096	cPanel Webmail (https)
iana.org	2222	DirectAdmin (http)

iana.org	2222	DirectAdmin (http)
iana.org	2222	DirectAdmin (https)

iana.org	2222	DirectAdmin (https)
iana.org	3306	mySql

iana.org	3306	mySql
iana.org	5224	Plesk Licensing

iana.org	5224	Plesk Licensing
iana.org	5432	PostgreSQL

iana.org	5432	PostgreSQL
iana.org	8080	Ookla Speedtest (http)

iana.org	8080	Ookla Speedtest (http)
iana.org	8080	Ookla Speedtest (https)

iana.org	8080	Ookla Speedtest (https)
iana.org	8083	VestaCP http

iana.org	8083	VestaCP http
iana.org	8083	VestaCP https

iana.org	8083	VestaCP https
iana.org	8443	Plesk Administration (https)

iana.org	8443	Plesk Administration (https)
iana.org	8447	Plesk Installer + Updates

iana.org	8447	Plesk Installer + Updates
iana.org	8880	Plesk Administration (http)

iana.org	8880	Plesk Administration (http)
iana.org	10000	Webmin (http)

iana.org	10000	Webmin (http)
iana.org	10000	Webmin (https)

iana.org	10000	Webmin (https)
www.iana.org	21	FTP

www.iana.org	21	FTP
www.iana.org	22	SSH

www.iana.org	22	SSH
www.iana.org	25	SMTP

www.iana.org	25	SMTP
www.iana.org	53	DNS

www.iana.org	53	DNS
www.iana.org	110	POP3

www.iana.org	110	POP3
www.iana.org	143	IMAP

www.iana.org	143	IMAP
www.iana.org	465	SMTP (encrypted)

www.iana.org	465	SMTP (encrypted)
www.iana.org	587	SMTP (encrypted, submission)

www.iana.org	587	SMTP (encrypted, submission)
www.iana.org	993	IMAP (encrypted)

www.iana.org	993	IMAP (encrypted)
www.iana.org	995	POP3 (encrypted)

www.iana.org	995	POP3 (encrypted)
www.iana.org	1433	MS SQL

www.iana.org	1433	MS SQL
www.iana.org	2082	cPanel (http)

www.iana.org	2082	cPanel (http)
www.iana.org	2083	cPanel (https)

www.iana.org	2083	cPanel (https)
www.iana.org	2086	WHM (http)

www.iana.org	2086	WHM (http)
www.iana.org	2087	WHM (https)

www.iana.org	2087	WHM (https)
www.iana.org	2089	cPanel Licensing

www.iana.org	2089	cPanel Licensing
www.iana.org	2095	cPanel Webmail (http)

www.iana.org	2095	cPanel Webmail (http)
www.iana.org	2096	cPanel Webmail (https)

www.iana.org	2096	cPanel Webmail (https)
www.iana.org	2222	DirectAdmin (http)

www.iana.org	2222	DirectAdmin (http)
www.iana.org	2222	DirectAdmin (https)

www.iana.org	2222	DirectAdmin (https)
www.iana.org	3306	mySql

www.iana.org	3306	mySql
www.iana.org	5224	Plesk Licensing

www.iana.org	5224	Plesk Licensing
www.iana.org	5432	PostgreSQL

www.iana.org	5432	PostgreSQL
www.iana.org	8080	Ookla Speedtest (http)

www.iana.org	8080	Ookla Speedtest (http)
www.iana.org	8080	Ookla Speedtest (https)

www.iana.org	8080	Ookla Speedtest (https)
www.iana.org	8083	VestaCP http

www.iana.org	8083	VestaCP http
www.iana.org	8083	VestaCP https

www.iana.org	8083	VestaCP https
www.iana.org	8443	Plesk Administration (https)

www.iana.org	8443	Plesk Administration (https)
www.iana.org	8447	Plesk Installer + Updates

www.iana.org	8447	Plesk Installer + Updates
www.iana.org	8880	Plesk Administration (http)

www.iana.org	8880	Plesk Administration (http)
www.iana.org	10000	Webmin (http)

www.iana.org	10000	Webmin (http)
www.iana.org	10000	Webmin (https)

www.iana.org	10000	Webmin (https)
192.0.43.8	21	FTP	open
421 Please use ftp.iana.org instead.
192.0.43.8	21	FTP	open	421 Please use ftp.iana.org instead.
192.0.43.8	22	SSH

192.0.43.8	22	SSH
192.0.43.8	25	SMTP

192.0.43.8	25	SMTP
192.0.43.8	53	DNS

192.0.43.8	53	DNS
192.0.43.8	110	POP3

192.0.43.8	110	POP3
192.0.43.8	143	IMAP

192.0.43.8	143	IMAP
192.0.43.8	465	SMTP (encrypted)

192.0.43.8	465	SMTP (encrypted)
192.0.43.8	587	SMTP (encrypted, submission)

192.0.43.8	587	SMTP (encrypted, submission)
192.0.43.8	993	IMAP (encrypted)

192.0.43.8	993	IMAP (encrypted)
192.0.43.8	995	POP3 (encrypted)

192.0.43.8	995	POP3 (encrypted)
192.0.43.8	1433	MS SQL

192.0.43.8	1433	MS SQL
192.0.43.8	2082	cPanel (http)

192.0.43.8	2082	cPanel (http)
192.0.43.8	2083	cPanel (https)

192.0.43.8	2083	cPanel (https)
192.0.43.8	2086	WHM (http)

192.0.43.8	2086	WHM (http)
192.0.43.8	2087	WHM (https)

192.0.43.8	2087	WHM (https)
192.0.43.8	2089	cPanel Licensing

192.0.43.8	2089	cPanel Licensing
192.0.43.8	2095	cPanel Webmail (http)

192.0.43.8	2095	cPanel Webmail (http)
192.0.43.8	2096	cPanel Webmail (https)

192.0.43.8	2096	cPanel Webmail (https)
192.0.43.8	2222	DirectAdmin (http)

192.0.43.8	2222	DirectAdmin (http)
192.0.43.8	2222	DirectAdmin (https)

192.0.43.8	2222	DirectAdmin (https)
192.0.43.8	3306	mySql

192.0.43.8	3306	mySql
192.0.43.8	5224	Plesk Licensing

192.0.43.8	5224	Plesk Licensing
192.0.43.8	5432	PostgreSQL

192.0.43.8	5432	PostgreSQL
192.0.43.8	8080	Ookla Speedtest (http)

192.0.43.8	8080	Ookla Speedtest (http)
192.0.43.8	8080	Ookla Speedtest (https)

192.0.43.8	8080	Ookla Speedtest (https)
192.0.43.8	8083	VestaCP http

192.0.43.8	8083	VestaCP http
192.0.43.8	8083	VestaCP https

192.0.43.8	8083	VestaCP https
192.0.43.8	8443	Plesk Administration (https)

192.0.43.8	8443	Plesk Administration (https)
192.0.43.8	8447	Plesk Installer + Updates

192.0.43.8	8447	Plesk Installer + Updates
192.0.43.8	8880	Plesk Administration (http)

192.0.43.8	8880	Plesk Administration (http)
192.0.43.8	10000	Webmin (http)

192.0.43.8	10000	Webmin (http)
192.0.43.8	10000	Webmin (https)

192.0.43.8	10000	Webmin (https)
192.0.46.8	21	FTP

192.0.46.8	21	FTP
192.0.46.8	22	SSH

192.0.46.8	22	SSH
192.0.46.8	25	SMTP

192.0.46.8	25	SMTP
192.0.46.8	53	DNS

192.0.46.8	53	DNS
192.0.46.8	110	POP3

192.0.46.8	110	POP3
192.0.46.8	143	IMAP

192.0.46.8	143	IMAP
192.0.46.8	465	SMTP (encrypted)

192.0.46.8	465	SMTP (encrypted)
192.0.46.8	587	SMTP (encrypted, submission)

192.0.46.8	587	SMTP (encrypted, submission)
192.0.46.8	993	IMAP (encrypted)

192.0.46.8	993	IMAP (encrypted)
192.0.46.8	995	POP3 (encrypted)

192.0.46.8	995	POP3 (encrypted)
192.0.46.8	1433	MS SQL

192.0.46.8	1433	MS SQL
192.0.46.8	2082	cPanel (http)

192.0.46.8	2082	cPanel (http)
192.0.46.8	2083	cPanel (https)

192.0.46.8	2083	cPanel (https)
192.0.46.8	2086	WHM (http)

192.0.46.8	2086	WHM (http)
192.0.46.8	2087	WHM (https)

192.0.46.8	2087	WHM (https)
192.0.46.8	2089	cPanel Licensing

192.0.46.8	2089	cPanel Licensing
192.0.46.8	2095	cPanel Webmail (http)

192.0.46.8	2095	cPanel Webmail (http)
192.0.46.8	2096	cPanel Webmail (https)

192.0.46.8	2096	cPanel Webmail (https)
192.0.46.8	2222	DirectAdmin (http)

192.0.46.8	2222	DirectAdmin (http)
192.0.46.8	2222	DirectAdmin (https)

192.0.46.8	2222	DirectAdmin (https)
192.0.46.8	3306	mySql

192.0.46.8	3306	mySql
192.0.46.8	5224	Plesk Licensing

192.0.46.8	5224	Plesk Licensing
192.0.46.8	5432	PostgreSQL

192.0.46.8	5432	PostgreSQL
192.0.46.8	8080	Ookla Speedtest (http)

192.0.46.8	8080	Ookla Speedtest (http)
192.0.46.8	8080	Ookla Speedtest (https)

192.0.46.8	8080	Ookla Speedtest (https)
192.0.46.8	8083	VestaCP http

192.0.46.8	8083	VestaCP http
192.0.46.8	8083	VestaCP https

192.0.46.8	8083	VestaCP https
192.0.46.8	8443	Plesk Administration (https)

192.0.46.8	8443	Plesk Administration (https)
192.0.46.8	8447	Plesk Installer + Updates

192.0.46.8	8447	Plesk Installer + Updates
192.0.46.8	8880	Plesk Administration (http)

192.0.46.8	8880	Plesk Administration (http)
192.0.46.8	10000	Webmin (http)

192.0.46.8	10000	Webmin (http)
192.0.46.8	10000	Webmin (https)

192.0.46.8	10000	Webmin (https)

Permalink: https://check-your-website.server-daten.de/?i=3083add1-3e11-47a8-acbb-531ba93b7299

Last Result: https://check-your-website.server-daten.de/?q=iana.org - 2021-11-20 17:00:55

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=iana.org" target="_blank">Check this Site: iana.org</a>

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

Mobile- and other Chrome-Checks

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. DNS- and NameServer - Checks

3. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

11. Html-Content - Entries

Summary

Details

12. Nameserver - IP-Adresses

13. CAA - Entries

14. TXT - Entries

15. Portchecks