Check DNS, Urls + Redirects, Certificates and Content of your Website




P

Tls-Protocol error

Checked:
10.07.2024 15:43:53


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
nortontiles.ampxdirect.com
CNAME
geo.ampxdirect.com
yes
1
0

CNAME
adlanding.admarketplace.net.akadns.net
yes


www.nortontiles.ampxdirect.com
CNAME
geo.ampxdirect.com
yes
1
0

CNAME
adlanding.admarketplace.net.akadns.net
yes


nortontiles.ampxdirect.com
A
104.218.72.27
New York/United States (US) - adMarketplace, Inc.
No Hostname found
no


www.nortontiles.ampxdirect.com
A
104.218.72.27
New York/United States (US) - adMarketplace, Inc.
No Hostname found
no


*.ampxdirect.com
A

yes



AAAA

yes



CNAME
geo.ampxdirect.com
yes


*.nortontiles.ampxdirect.com
A

yes



AAAA

yes



CNAME
geo.ampxdirect.com
yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 5613, Flags 256



Public Key with Algorithm 8, KeyTag 20038, Flags 256



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.07.2024, 00:00:00 +, Signature-Inception: 01.07.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com
1 DS RR in the parent zone found



DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=



2 RRSIG RR to validate DS RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.07.2024, 05:00:00 +, Signature-Inception: 10.07.2024, 04:00:00 +, KeyTag 20038, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20038 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 956, Flags 256



Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 21.07.2024, 14:02:35 +, Signature-Inception: 06.07.2024, 13:57:35 +, KeyTag 19718, Signer-Name: com



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ampxdirect.com
ampxdirect.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "3vd5tsvn26nuu3o9rg5k7aak84uk4mli" between the hashed NSEC3-owner "3vd5tns29c9238nnjcpqs9lbgptqd7te" and the hashed NextOwner "3vd60q42if50u77t1su8mn2dacmpd62o". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 3vd5tns29c9238nnjcpqs9lbgptqd7te.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 14.07.2024, 02:22:51 +, Signature-Inception: 07.07.2024, 01:12:51 +, KeyTag 956, Signer-Name: com



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q2d6ni4i7eqh8na30ns61o48ul8g5". So that domain name is the Closest Encloser of "ampxdirect.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 15.07.2024, 00:24:54 +, Signature-Inception: 07.07.2024, 23:14:54 +, KeyTag 956, Signer-Name: com



0 DNSKEY RR found




Zone: nortontiles.ampxdirect.com
nortontiles.ampxdirect.com
0 DS RR in the parent zone found

Zone: www.nortontiles.ampxdirect.com
www.nortontiles.ampxdirect.com
0 DS RR in the parent zone found

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 5613, Flags 256



Public Key with Algorithm 8, KeyTag 20038, Flags 256



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.07.2024, 00:00:00 +, Signature-Inception: 01.07.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com
1 DS RR in the parent zone found



DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=



2 RRSIG RR to validate DS RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.07.2024, 05:00:00 +, Signature-Inception: 10.07.2024, 04:00:00 +, KeyTag 20038, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20038 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 956, Flags 256



Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 21.07.2024, 14:02:35 +, Signature-Inception: 06.07.2024, 13:57:35 +, KeyTag 19718, Signer-Name: com



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ampxdirect.com
ampxdirect.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "3vd5tsvn26nuu3o9rg5k7aak84uk4mli" between the hashed NSEC3-owner "3vd5tns29c9238nnjcpqs9lbgptqd7te" and the hashed NextOwner "3vd60q42if50u77t1su8mn2dacmpd62o". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 3vd5tns29c9238nnjcpqs9lbgptqd7te.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 14.07.2024, 02:22:51 +, Signature-Inception: 07.07.2024, 01:12:51 +, KeyTag 956, Signer-Name: com



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q2d6ni4i7eqh8na30ns61o48ul8g5". So that domain name is the Closest Encloser of "ampxdirect.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 15.07.2024, 00:24:54 +, Signature-Inception: 07.07.2024, 23:14:54 +, KeyTag 956, Signer-Name: com



0 DNSKEY RR found




Zone: geo.ampxdirect.com
geo.ampxdirect.com
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
ampxdirect.com
  ns1-238.akam.net
193.108.91.238
Paris/Île-de-France/France (FR) - Akamai International B.V.


 
2600:1401:2::ee
Piscataway/New Jersey/United States (US) - Akamai International B.V.


  ns4-65.akam.net
84.53.139.65
Los Angeles/California/United States (US) - Akamai Technologies


  ns5-64.akam.net
184.85.248.64
Los Angeles/California/United States (US) - Akamai International B.V.


  ns7-64.akam.net
96.7.49.64
Cambridge/Massachusetts/United States (US) - Akamai International B.V.

com
  a.gtld-servers.net / nnn1-par6


  b.gtld-servers.net / nnn1-elwaw4


  c.gtld-servers.net / nnn1-par6


  d.gtld-servers.net / nnn1-par6


  e.gtld-servers.net / nnn1-par6


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-frmrs-2


  k.gtld-servers.net / nnn1-frmrs-2


  l.gtld-servers.net / nnn1-frmrs-2


  m.gtld-servers.net / nnn1-ein3


ampxdirect.com
  ns1-238.akam.net
193.108.91.238
Paris/Île-de-France/France (FR) - Akamai International B.V.


 
2600:1401:2::ee
Piscataway/New Jersey/United States (US) - Akamai International B.V.


  ns4-65.akam.net
84.53.139.65
Los Angeles/California/United States (US) - Akamai Technologies


  ns5-64.akam.net
184.85.248.64
Los Angeles/California/United States (US) - Akamai International B.V.


  ns7-64.akam.net
96.7.49.64
Cambridge/Massachusetts/United States (US) - Akamai International B.V.

com
  a.gtld-servers.net / nnn1-par6


  b.gtld-servers.net / nnn1-elwaw4


  c.gtld-servers.net / nnn1-par6


  d.gtld-servers.net / nnn1-par6


  e.gtld-servers.net / nnn1-par6


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-frmrs-2


  k.gtld-servers.net / nnn1-frmrs-2


  l.gtld-servers.net / nnn1-frmrs-2


  m.gtld-servers.net / nnn1-ein2


4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1720619005
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1720619020
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:12


Domain:ampxdirect.com
Zone-Name:ampxdirect.com
Primary:ns7-64.akam.net
Mail:hostmaster.akamai.com
Serial:1548788284
Refresh:43200
Retry:7200
Expire:604800
TTL:7200
num Entries:5



Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1720619035
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:7


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1720619050
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:6


Domain:ampxdirect.com
Zone-Name:ampxdirect.com
Primary:ns7-64.akam.net
Mail:hostmaster.akamai.com
Serial:1548788284
Refresh:43200
Retry:7200
Expire:604800
TTL:7200
num Entries:5


5. Screenshots

No Screenshot listed, because no url-check with https + http status 200-299, 400-599 + not-ACME-check found.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://nortontiles.ampxdirect.com/
104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
0.200
D
Location: http://www.ampxsearch.com/?offset=0&q=
Cache-Control: no-store, must-revalidate, no-cache
Pragma: no-cache
Server: akka-http/10.2.5
Date: Wed, 10 Jul 2024 13:45:06 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Length: 0

• http://www.nortontiles.ampxdirect.com/
104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
0.204
D
Location: http://www.ampxsearch.com/?offset=0&q=
Cache-Control: no-store, must-revalidate, no-cache
Pragma: no-cache
Server: akka-http/10.2.5
Date: Wed, 10 Jul 2024 13:45:06 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Length: 0

• http://www.ampxsearch.com/?offset=0&q=

-1

0.090
R
NameResolutionFailure - Der angegebene Host ist unbekannt. (www.ampxsearch.com:80)

• https://nortontiles.ampxdirect.com/
104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
2.516
F
Location: http://www.ampxsearch.com/?offset=0&q=
Cache-Control: no-store, must-revalidate, no-cache
Pragma: no-cache
Server: akka-http/10.2.5
Date: Wed, 10 Jul 2024 13:45:07 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Length: 0

• https://www.nortontiles.ampxdirect.com/
104.218.72.27
-16

0.190
P
UnknownError - The SSL connection could not be established, see inner exception. - Unable to read data from the transport connection (FF: PR_CONNECT_RESET_ERROR)

• http://nortontiles.ampxdirect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.218.72.27
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
400

Html is minified: 100.00 %
0.190
M
Bad Request
Visible Content:
Server: akka-http/10.2.5
Date: Wed, 10 Jul 2024 13:45:10 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 46

• http://www.nortontiles.ampxdirect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.218.72.27
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
400

Html is minified: 100.00 %
0.187
M
Bad Request
Visible Content:
Server: akka-http/10.2.5
Date: Wed, 10 Jul 2024 13:45:11 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 46

• https://104.218.72.27/
104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
2.420
N
Certificate error: RemoteCertificateNameMismatch
Location: http://www.ampxsearch.com/?offset=0&q=
Cache-Control: no-store, must-revalidate, no-cache
Pragma: no-cache
Server: akka-http/10.2.5
Date: Wed, 10 Jul 2024 13:45:12 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Length: 0

7. Comments


1. General Results, most used to calculate the result

Aname "nortontiles.ampxdirect.com" is subdomain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 94787 (complete: 245733)
AGood: All ip addresses are public addresses
AGood: No asked Authoritative Name Server had a timeout
AGood: No cookie sent via http.
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
Bhttps://nortontiles.ampxdirect.com/ 104.218.72.27
302

Missing HSTS-Header
CError - no version with Http-Status 200
Dhttp://nortontiles.ampxdirect.com/ 104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://www.nortontiles.ampxdirect.com/ 104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
HFatal error: No https - result with http-status 200, no encryption
Nhttps://104.218.72.27/ 104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
Error - Certificate isn't trusted, RemoteCertificateNameMismatch
OOld connection: RSA Key Exchange is unsecure. Use Diffie-Hellman or Elliptic Curve Diffi-Hellmann Key Exchange to support Forward Secrecy
OOld connection: SHA1 as Hash Algorithm is deprecated. Switch to SHA256 or SHA384. If your certificate has SHA256, first check your domain via ssllabs.com and update weak Cipher Suites. Forward Secrecy support is required. The part "Cipher Suites" should have a preference. First Cipher Suite with SHA instead of SHA256 or higher - that's the problem, change that. If that doesn't help, check if there is an old Firewall / router or something else, that supports only SHA1. Update that component.
Rhttp://nortontiles.ampxdirect.com/ 104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
Redirect to not existing domain
Rhttp://www.nortontiles.ampxdirect.com/ 104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
Redirect to not existing domain
Rhttps://nortontiles.ampxdirect.com/ 104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
Redirect to not existing domain
Rhttps://104.218.72.27/ 104.218.72.27
302
http://www.ampxsearch.com/?offset=0&q=
Redirect to not existing domain
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.nortontiles.ampxdirect.com

2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05)

U

No https result with http status 2** or 4** (standard-check) found, no header checked.

3. DNS- and NameServer - Checks

AInfo:: 13 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 4 Name Servers.
AInfo:: 13 Queries complete, 13 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
Ok (4 - 8):: An average of 3.3 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 4 different Name Servers found: ns1-238.akam.net, ns4-65.akam.net, ns5-64.akam.net, ns7-64.akam.net, 4 Name Servers included in Delegation: ns1-238.akam.net, ns4-65.akam.net, ns5-64.akam.net, ns7-64.akam.net, 4 Name Servers included in 1 Zone definitions: ns1-238.akam.net, ns4-65.akam.net, ns5-64.akam.net, ns7-64.akam.net, 1 Name Servers listed in SOA.Primary: ns7-64.akam.net.
AGood: Only one SOA.Primary Name Server found.: ns7-64.akam.net.
AGood: SOA.Primary Name Server included in the delegation set.: ns7-64.akam.net.
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AInfo: Ipv4-Subnet-list: 4 Name Servers, 4 different subnets (first Byte): 184., 193., 84., 96., 4 different subnets (first two Bytes): 184.85., 193.108., 84.53., 96.7., 4 different subnets (first three Bytes): 184.85.248., 193.108.91., 84.53.139., 96.7.49.
AExcellent: Every Name Server IPv4-address starts with an unique Byte.
AInfo: IPv6-Subnet-list: 1 Name Servers with IPv6, 1 different subnets (first block): 2600:, 1 different subnets (first two blocks): 2600:1401:, 1 different subnets (first three blocks): 2600:1401:0002:, 1 different subnets (first four blocks): 2600:1401:0002:0000:
Fatal: All Name Server IPv6 addresses from the same subnet.
AGood: Nameserver supports TCP connections: 10 good Nameserver
AGood: Nameserver supports Echo Capitalization: 10 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 10 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 10 good Nameserver
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

http://nortontiles.ampxdirect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 104.218.72.27
400

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status between 400 and 499, but not 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.nortontiles.ampxdirect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 104.218.72.27
400

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status between 400 and 499, but not 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 86303 milliseconds, 86.303 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
nortontiles.ampxdirect.com
104.218.72.27
443
ok
Tls12
RsaKeyX
2048
Aes256
256
Sha1
error checking OCSP stapling
weak
nortontiles.ampxdirect.com
104.218.72.27
443
ok
Tls12

RsaKeyX
2048
Aes256
256
Sha1
error checking OCSP stapling
weak
no http/2 via ALPN 
No SNI required - domain included in main certificate
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
No SNI required - domain included in main certificate
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2


104.218.72.27
104.218.72.27
443
name does not match
Tls12
RsaKeyX
2048
Aes256
256
Sha1
error checking OCSP stapling
weak

104.218.72.27
104.218.72.27
443
name does not match
Tls12

RsaKeyX
2048
Aes256
256
Sha1
error checking OCSP stapling
weak
no http/2 via ALPN 
Cert sent without SNI
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
Cert sent without SNI
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2


9. Certificates

1.
1.
CN=*.ampxdirect.com
02.08.2023
15.08.2024
expires in 33 days
*.ampxdirect.com, ampxdirect.com - 2 entries
1.
1.
CN=*.ampxdirect.com
02.08.2023

15.08.2024
expires in 33 days
*.ampxdirect.com, ampxdirect.com - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0A99591CA1F9C933FF41CD41DB96CF87
Thumbprint:FF94960C348F5851815EC220AE9C532437038254
SHA256 / Certificate:uaTo2GhSmFUsdgeC10TCVIv8GYrz7YllatZqmKQ2hmE=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):7642b97198c00aecbd9c01a9c24a5a5ba85732872a354468183a53238a492ac3
SHA256 hex / Subject Public Key Information (SPKI):7642b97198c00aecbd9c01a9c24a5a5ba85732872a354468183a53238a492ac3 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://status.geotrust.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
02.11.2017
02.11.2027
expires in 1207 days


2.
CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
02.11.2017

02.11.2027
expires in 1207 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0D07782A133FC6F9A57296E131FFD179
Thumbprint:8B3C5B9B867D4BE46D1CB5A01D45D67DC8E94082
SHA256 / Certificate:wG4wf3z8HTL6cqTAM8h7kAGa8hbwd11kl4ouymyKIw4=
SHA256 hex / Cert (DANE * 0 1):c06e307f7cfc1d32fa72a4c033c87b90019af216f0775d64978a2eca6c8a230e
SHA256 hex / PublicKey (DANE * 1 1):4831b9a2b12ff225fa30d7a7200c5af2740536944e07febe965b197571d936ab
SHA256 hex / Subject Public Key Information (SPKI):4831b9a2b12ff225fa30d7a7200c5af2740536944e07febe965b197571d936ab
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)


3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013
15.01.2038
expires in 4934 days


3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013

15.01.2038
expires in 4934 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
0
1
1

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
10046841016
precert
CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
2023-08-01 22:00:00
2024-08-14 21:59:59
*.ampxdirect.com, ampxdirect.com
2 entries



11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns1-238.akam.net, ns4-65.akam.net, ns5-64.akam.net, ns7-64.akam.net

QNr.DomainTypeNS used
1
net
NS
h.root-servers.net (2001:500:1::53)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
ns1-238.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
3
ns4-65.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
4
ns5-64.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
5
ns7-64.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
6
ns1-238.akam.net: 193.108.91.238
A
a1-67.akam.net (2600:1401:2::43)
7
ns1-238.akam.net: 2600:1401:2::ee
AAAA
a1-67.akam.net (2600:1401:2::43)
8
ns4-65.akam.net: 84.53.139.65
A
a1-67.akam.net (2600:1401:2::43)
9
ns4-65.akam.net: No AAAA record found
AAAA
a1-67.akam.net (2600:1401:2::43)
10
ns5-64.akam.net: 184.85.248.64
A
a1-67.akam.net (2600:1401:2::43)
11
ns5-64.akam.net: No AAAA record found
AAAA
a1-67.akam.net (2600:1401:2::43)
12
ns7-64.akam.net: 96.7.49.64
A
a1-67.akam.net (2600:1401:2::43)
13
ns7-64.akam.net: No AAAA record found
AAAA
a1-67.akam.net (2600:1401:2::43)


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.nortontiles.ampxdirect.com



1
0
nortontiles.ampxdirect.com



1
0
geo.ampxdirect.com



1
0
ampxdirect.com
0

no CAA entry found
1
0

0

no CAA entry found
1
0
com
0

no CAA entry found
1
0

0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
ampxdirect.com
31t4gpx91mchtq77zz6mt88tgvp1b3r0
ok
1
0
ampxdirect.com
hxfb6w49vrw6f8j39qwkyy7tcl7tlmjd
ok
1
0
ampxdirect.com
y5bfy1qkf4jjzjgz017q816sn63qhf74
ok
1
0
nortontiles.ampxdirect.com


1
0
www.nortontiles.ampxdirect.com


1
0
_acme-challenge.geo.ampxdirect.com

Name Error - The domain name does not exist
1
0
_acme-challenge.nortontiles.ampxdirect.com


1
0
_acme-challenge.www.nortontiles.ampxdirect.com


1
0
_acme-challenge.geo.ampxdirect.com.geo.ampxdirect.com

Name Error - The domain name does not exist
1
0
_acme-challenge.nortontiles.ampxdirect.com.ampxdirect.com


1
0
_acme-challenge.nortontiles.ampxdirect.com.nortontiles.ampxdirect.com


1
0
_acme-challenge.www.nortontiles.ampxdirect.com.nortontiles.ampxdirect.com


1
0
_acme-challenge.www.nortontiles.ampxdirect.com.www.nortontiles.ampxdirect.com


1
0


15. DomainService - Entries (SPF-Check is alpha - 2024-06-22, DMARC-Detailcheck is alpha - 2024-07-06)

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
SPF
TXT
nortontiles.ampxdirect.com

32768TXT expected, but CNAME found. CNAME not allowed, only TXT queries are allowed. See RFC 7208, 4.4.



16. Cipher Suites

No results


17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.



Permalink: https://check-your-website.server-daten.de/?i=94997d84-ef51-49ed-9726-b226c638a341


Last Result: https://check-your-website.server-daten.de/?q=nortontiles.ampxdirect.com - 2024-07-10 15:43:53


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=nortontiles.ampxdirect.com" target="_blank">Check this Site: nortontiles.ampxdirect.com</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page