Shortcuts: 1. Basic DNS | 2. Url-Checks | 3. Comments | 4. Connections | 5. Certificates | 6. CT-Logs | 7. Html-Content | 8. CAA | 9. TXT |


N

No trusted Certificate

Checked:
15.05.2019 17:55:57


Older results

No older results found

1. Basic DNS and Nameserver Checks

HostTIP-Addressis auth.∑ Queries∑ Timeout
mail.rflab.tk
A
181.122.74.84
yes
1
0

AAAA

yes


www.mail.rflab.tk

Name Error
yes
1
0


Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2019, 00:00:00, Signature-Inception: 11.05.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
tk
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner and the NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


rflab.tk
0 DS RR in the parent zone found

0 DNSKEY RR found


mail.rflab.tk
0 DS RR in the parent zone found

0 DNSKEY RR found


www.mail.rflab.tk
0 DS RR in the parent zone found


DomainNameserverNS-IP
www.mail.rflab.tk
  ns01.freenom.com

mail.rflab.tk
  ns01.freenom.com / aws2
54.171.131.39
rflab.tk
  ns01.freenom.com / aws2


  ns02.freenom.com / aws2


  ns03.freenom.com / NS0XPDNS


  ns04.freenom.com / aws3

tk
  a.ns.tk / ams


  b.ns.tk / ams


  c.ns.tk / ams


  d.ns.tk / ams



SOA - records (beta)

Domain:tk
Primary:a.ns.tk
Mail:joost.zuurbier.dot.tk
Serial:1557935577
Refresh:10800
Retry:3600
Expire:604800
TTL:5
num Entries:1


Domain:tk
Primary:a.ns.tk
Mail:joost.zuurbier.dot.tk
Serial:1557935646
Refresh:10800
Retry:3600
Expire:604800
TTL:5
num Entries:3


Domain:rflab.tk
Primary:ns01.freenom.com
Mail:soa.freenom.com
Serial:1557015257
Refresh:10800
Retry:3600
Expire:604800
TTL:3600
num Entries:4


Domain:mail.rflab.tk
Primary:ns01.freenom.com
Mail:soa.freenom.com
Serial:1557015257
Refresh:10800
Retry:3600
Expire:604800
TTL:3600
num Entries:1


2. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://mail.rflab.tk/
181.122.74.84
-14

10.027
T
Timeout - The operation has timed out

• https://mail.rflab.tk/
181.122.74.84
302
https://mail.rflab.tk/owa/
5.690
N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Cache-Control: no-cache
Pragma: no-cache
Location: https://mail.rflab.tk/owa/
Server: Microsoft-IIS/10.0
X-FEServer: EXC01
X-RequestId: 2af74fdf-17d4-4cb6-a3dd-fd152bfef411
Date: Wed, 15 May 2019 16:00:28 GMT
Connection: close
Content-Length: 0

• https://mail.rflab.tk/owa/

302
https://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0
2.650
N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Content-Type: text/html; charset=utf-8
Location: https://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0
Server: Microsoft-IIS/10.0
request-id: a705d4cf-34a3-4fa2-b3f9-6a57756ad453
X-Powered-By: ASP.NET
X-FEServer: EXC01
Date: Wed, 15 May 2019 16:00:41 GMT
Connection: close
Content-Length: 212

• https://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0

200

3.113
N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
request-id: ea93bc7b-ac3a-4f7e-adc4-b722b98202f5
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 15 May 2019 16:00:44 GMT
Connection: close
Content-Length: 27953

• http://mail.rflab.tk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
181.122.74.84
-14

10.027
T
Timeout - The operation has timed out
Visible Content:

3. Comments

Aname "mail.rflab.tk" is subdomain, public suffix is "tk", top-level-domain-type is "country-code", Country is Tokelau, tld-manager is "Telecommunication Tokelau Corporation (Teletok)"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Ahttps://mail.rflab.tk/owa/
302
https://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0
correct redirect https to https
Ahttps://mail.rflab.tk/ 181.122.74.84
302
https://mail.rflab.tk/owa/
correct redirect https to https
Agood: destination is https
Agood - only one version with Http-Status 200
Agood: one preferred version: non-www is preferred
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Bhttps://mail.rflab.tk/owa/
302

Missing HSTS-Header
Bhttps://mail.rflab.tk/ 181.122.74.84
302

Missing HSTS-Header
Bhttps://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0
200

Missing HSTS-Header
Nhttps://mail.rflab.tk/owa/
302
https://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0
Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://mail.rflab.tk/ 181.122.74.84
302
https://mail.rflab.tk/owa/
Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
XFatal error: Nameserver doesn't support TCP connection: ns01.freenom.com: Timeout
XFatal error: Nameserver doesn't support TCP connection: ns01.freenom.com / 54.171.131.39: Timeout
XFatal error: Nameserver doesn't support TCP connection: ns02.freenom.com: Timeout
AGood: Nameserver supports Echo Capitalization: 1 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 1 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 1 good Nameserver
Nameserver doesn't pass all EDNS-Checks: ns01.freenom.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
ADuration: 292510 milliseconds, 292.510 seconds


4. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
mail.rflab.tk
mail.rflab.tk
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
Self signed certificate
1CN=exc01
mail.rflab.tk
181.122.74.84
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
Self signed certificate
1CN=exc01


5. Certificates

1.
1.
CN=exc01
18.03.2019
18.03.2024
expires in 1758 days
exc01, exc01.rflab.tk - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:380B68492979638444A99E65A71F4B38
Thumbprint:E46F985A2AF2A212EEE5FB18BEBE30F53BB00A2B
SHA256 / Certificate:ysU6P0OKzTX4FwliXM0/qoJnx3nznI2DaYcH/20sUOo=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):79cff5c3ec1e548aaa82d726697763c853cb77be4f3b883555f5942e91a6751b
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


6. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow.

No CRT - CT-Log entries found


7. Html-Content - Entries (BETA - mixed content and other checks)

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0
a

1

0







img

1

0







link
other
1
7,886 Bytes
0
1
0





meta
other
3

0






Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://mail.rflab.tk/owa/auth/logon.aspx?url=https%3a%2f%2fmail.rflab.tk%2fowa%2f&reason=0

a

http://www.microsoft.com/windows/ie/downloads/default.mspx


1
ok



img
src
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAptJREFUeNqkU01LVFEYfu7XzJ17nZmyJBW0sgRDRAgLoi8tghZG9QNaR7tg2vQjbCu2a9Eq2qRGUYFBZAtLURzSUUcJG8d0ZnTu99fpPdIMSktfOOfcezjP8z7vc94jMMZwmJD5JAhCfWPm0e2+MGKDYRQNBCHrpTWi/1kaExFjY7defp6qneXJhb3pHwGBH4qy8uSIrp9NqjJ0TXsXuvZ0KfvjacEVsIlEzhXkofuvJ0f+I+BgVdOftfZe0OIsQBBTFxLX7raxCIH75vn3xOjwQDbQsSgfNw0pkXkwPjXCsWJNNjFlmttPaWrqKBBTEb9yr0No7tCEptaU3H3xMgQJp90imo2C7plGZvhmbx/H7hHwmnUJnWpjI8L1ZSg7fyBoSQWUHo4FIabFwEJE5HeLX4JmVzqrtjdYN5GM6k95FlhpE4q5A8GzEWzkITYkKYWEqLgG+C58IgiIMx1WkfX0/joBud2Tsrco+wokZ5dAIsL5Scgnu8ACH/7qTyL14RDYo/NJZqPq+D37FYDtlqHlp6n+xF7WYHkO8ZBkE6G9tgQ3BCwabsTdBwzbw34P5oohfZaKwHYB2CrA+bWCyKwgyC/AIU+qnIDAAYE3PAmG48/tU8Am1uXU9XR1A4rrQ6S2iHwP9pe3dIc2/OouTCLgJfBYNCVYrj9RV8A7rCIncwvSMWz5JIDUyW2dkXr1DmKnzxFBuVwDZw0JMxXkLC8YqxPw9vSk2NC62mQui2mUA9rsvpSX0o1+vL2r7InxFzXwp03R/G1GQx9Na6pOwIO3p6U0ZFbjLbl56QRY9tsZbyU7W/jwalyKq4/fb6sYLSq5JUPIfA28kRruwFvgwTuMNwmNG3RV58ntkAyb5jVz2bXMB97CYeKvAAMACjWGjcO+NcIAAAAASUVORK5CYII=
Image:


1
ok



link
shortcut icon
/owa/auth/15.1.1591/themes/resources/favicon.ico
200
7886 Bytes

1
ok



meta
Content-Type
text/html; CHARSET=utf-8


1
ok



meta
X-UA-Compatible
IE=10


1
ok



meta
Robots
NOINDEX, NOFOLLOW


1
ok



8. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
mail.rflab.tk
0

no CAA entry found
1
0
rflab.tk
0

no CAA entry found
1
0
tk
0

no CAA entry found
1
0


9. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
mail.rflab.tk

ok
1
0
_acme-challenge.mail.rflab.tk

Name Error - The domain name does not exist
1
0
_acme-challenge.mail.rflab.tk.rflab.tk

Name Error - The domain name does not exist
1
0
_acme-challenge.mail.rflab.tk.mail.rflab.tk

Name Error - The domain name does not exist
1
0



Permalink: https://check-your-website.server-daten.de/?i=fd1bc469-2bf5-4f23-9c00-aa14a52b88a9


Last Result: https://check-your-website.server-daten.de/?q=mail.rflab.tk - 2019-05-15 17:55:57