Check DNS, Urls + Redirects, Certificates and Content of your Website

0 in Queue, 0 of max. 4 Checks (09:25:48)
Why should you only use Prefix - Cookies? |
Hall of Fame - A+ and A


Shortcuts: 1. IP-Addresses | 2. DNSSEC | 3. Name Servers | 4. SOA-Entries | 5. Screenshots | 6. Url-Checks | 7. Comments | 8. Connections | 9. Certificates | 10. CT-Logs | 11. Html-Content | 12. NameServer-IPAddresses | 13. CAA | 14. TXT | 15. DomainServiceEntries | 16. Cipher Suites | 17. Portchecks |


D

Wrong redirect http ⇒ http

Checked:
13.05.2023 01:54:34


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
phoenixmecano.com
A
141.193.213.20
Austin/Texas/United States (US) - Cloudflare London, LLC
No Hostname found
yes
2
0

A
141.193.213.21
Austin/Texas/United States (US) - Cloudflare London, LLC
No Hostname found
yes
2
0

AAAA

yes


www.phoenixmecano.com
CNAME
phoenixmecano.com
yes
1
0

A
141.193.213.20
Austin/Texas/United States (US) - Cloudflare London, LLC
No Hostname found
yes



A
141.193.213.21
Austin/Texas/United States (US) - Cloudflare London, LLC
No Hostname found
yes


*.phoenixmecano.com
A
34.83.37.12
yes



AAAA

yes



CNAME

yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



 Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 60955, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2023, 00:00:00 +, Signature-Inception: 11.05.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



 Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com
1 DS RR in the parent zone found



DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=



1 RRSIG RR to validate DS RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 25.05.2023, 17:00:00 +, Signature-Inception: 12.05.2023, 16:00:00 +, KeyTag 60955, Signer-Name: (root)



 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60955 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 46551, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 25.05.2023, 17:24:21 +, Signature-Inception: 10.05.2023, 17:19:21 +, KeyTag 30909, Signer-Name: com



 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet



 Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: phoenixmecano.com
phoenixmecano.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "96vrl7immhv8dttls4kel4gcl6s37psu" between the hashed NSEC3-owner "96vrkqcjk9ubbi6u2ggcelckhf3jfjf2" and the hashed NextOwner "96vrs27rtra2l5jjg4cbss1pa4c8kgte". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 96vrkqcjk9ubbi6u2ggcelckhf3jfjf2.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 18.05.2023, 04:45:21 +, Signature-Inception: 11.05.2023, 03:35:21 +, KeyTag 46551, Signer-Name: com



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q2d6ni4i7eqh8na30ns61o48ul8g5". So that domain name is the Closest Encloser of "phoenixmecano.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 18.05.2023, 04:23:03 +, Signature-Inception: 11.05.2023, 03:13:03 +, KeyTag 46551, Signer-Name: com



0 DNSKEY RR found




Zone: www.phoenixmecano.com
www.phoenixmecano.com
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
phoenixmecano.com
  ns53.worldnic.com / 67m50
162.159.26.165
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.

  ns54.worldnic.com / 67m46
162.159.27.8
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
com
  a.gtld-servers.net / nnn1-stk4


  b.gtld-servers.net / nnn1-elpar7


  c.gtld-servers.net / nnn1-stk4


  d.gtld-servers.net / nnn1-stk4


  e.gtld-servers.net / nnn1-defra-5


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-nlams-1b


  k.gtld-servers.net / nnn1-nlams-1a


  l.gtld-servers.net / nnn1-lon5


  m.gtld-servers.net / nnn1-lon5


4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1683935656
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:10


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1683935671
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:3


Domain:phoenixmecano.com
Zone-Name:phoenixmecano.com
Primary:ns53.worldnic.com
Mail:namehost.WORLDNIC.com
Serial:122101803
Refresh:10800
Retry:3600
Expire:604800
TTL:3600
num Entries:2


5. Screenshots

Startaddress: https://www.phoenixmecano.com/, address used: https://www.phoenixmecano.com/, Screenshot created 2023-05-13 01:57:03 +00:0

Mobil (412px x 732px)

4800 milliseconds

Screenshot mobile - https://www.phoenixmecano.com/
Mobil + Landscape (732px x 412px)

3546 milliseconds

Screenshot mobile landscape - https://www.phoenixmecano.com/
Screen (1280px x 1680px)

5210 milliseconds

Screenshot Desktop - https://www.phoenixmecano.com/

Mobile- and other Chrome-Checks

widthheight
visual Viewport396732
content Size3966670

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://phoenixmecano.com/
141.193.213.20
301
http://www.phoenixmecano.com/
Html is minified: 109.46 %		0.244
D
Date: Fri, 12 May 2023 23:55:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: http://www.phoenixmecano.com/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c669775d8082675-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• http://phoenixmecano.com/
141.193.213.21
301
http://www.phoenixmecano.com/
Html is minified: 109.46 %		0.203
D
Date: Fri, 12 May 2023 23:55:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: http://www.phoenixmecano.com/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c6697777e6d5902-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• http://www.phoenixmecano.com/
141.193.213.20
301
https://www.phoenixmecano.com/
Html is minified: 109.46 %		0.200
A
Date: Fri, 12 May 2023 23:55:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://www.phoenixmecano.com/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c669778dfd05902-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• http://www.phoenixmecano.com/
141.193.213.21
301
https://www.phoenixmecano.com/
Html is minified: 109.46 %		0.213
A
Date: Fri, 12 May 2023 23:55:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://www.phoenixmecano.com/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c66977a4be544f8-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• https://phoenixmecano.com/
141.193.213.20
301
https://www.phoenixmecano.com/
Html is minified: 109.46 %		2.944
B
Date: Fri, 12 May 2023 23:55:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://www.phoenixmecano.com/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c66977d6db9aca3-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• https://phoenixmecano.com/
141.193.213.21
301
https://www.phoenixmecano.com/
Html is minified: 109.46 %		2.723
B
Date: Fri, 12 May 2023 23:55:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://www.phoenixmecano.com/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c6697976fcf267d-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• https://www.phoenixmecano.com/
141.193.213.20 GZip used - 22292 / 129848 - 82.83 %
200

Html is minified: 140.54 %		2.870
B
Date: Fri, 12 May 2023 23:55:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding,Cookie
Link: <https://www.phoenixmecano.com/wp-json/>; rel="https://api.w.org/",<https://www.phoenixmecano.com/wp-json/wp/v2/pages/14>; rel="alternate"; type="application/json",<https://www.phoenixmecano.com/>; rel=shortlink
X-Powered-By: WP Engine
X-Cacheable: SHORT
Cache-Control: max-age=600, must-revalidate
X-Cache: HIT: 1
X-Cache-Group: normal
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c6697afeb4a451c-TXL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• https://www.phoenixmecano.com/
141.193.213.21 GZip used - 22328 / 129848 - 82.80 %
200

Html is minified: 140.54 %		2.666
B
Date: Fri, 12 May 2023 23:55:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding,Cookie
Link: <https://www.phoenixmecano.com/wp-json/>; rel="https://api.w.org/",<https://www.phoenixmecano.com/wp-json/wp/v2/pages/14>; rel="alternate"; type="application/json",<https://www.phoenixmecano.com/>; rel=shortlink
X-Powered-By: WP Engine
X-Cacheable: SHORT
Cache-Control: max-age=600, must-revalidate
X-Cache: HIT: 2
X-Cache-Group: normal
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c6697cb69b944f8-TXL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• http://phoenixmecano.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
141.193.213.20
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		302
https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 111.29 %		0.200
E
Visible Content: 302 Found nginx
Date: Fri, 12 May 2023 23:55:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c6697e37d0e2671-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• http://phoenixmecano.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
141.193.213.21
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		302
https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 111.29 %		0.617
E
Visible Content: 302 Found nginx
Date: Fri, 12 May 2023 23:55:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c6697e4e81a4534-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• http://www.phoenixmecano.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
141.193.213.20
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		302
https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 111.29 %		0.210
E
Visible Content: 302 Found nginx
Date: Fri, 12 May 2023 23:55:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c6697e91e9a267d-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• http://www.phoenixmecano.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
141.193.213.21
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		302
https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 111.29 %		0.210
E
Visible Content: 302 Found nginx
Date: Fri, 12 May 2023 23:55:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c6697eaac7a58ea-TXL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

• https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de

404

3.907
A
Not Found
Visible Content:
Server: Cowboy
Date: Fri, 12 May 2023 23:55:41 GMT
Connection: close
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Content-Type: text/plain; charset=utf-8
Vary: Accept
Cache-Control: no-cache
X-Request-Id: 6dce026e-2c14-46a6-a3c1-bd35045886ba
X-Runtime: 0.019554
Strict-Transport-Security: max-age=63072000; includeSubDomains
Transfer-Encoding: chunked
Via: 1.1 vegur

• https://141.193.213.20/
141.193.213.20
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		403

Html is minified: 110.22 %		1.756
N
Forbidden
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 24)
403 Forbidden cloudflare
Server: cloudflare
Date: Fri, 12 May 2023 23:55:36 GMT
Content-Type: text/html
Content-Length: 151
Connection: close
CF-RAY: 7c6697eeee492675-TXL

• https://141.193.213.21/
141.193.213.21
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		403

Html is minified: 110.22 %		1.770
N
Forbidden
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 24)
403 Forbidden cloudflare
Server: cloudflare
Date: Fri, 12 May 2023 23:55:39 GMT
Content-Type: text/html
Content-Length: 151
Connection: close
CF-RAY: 7c669800e86358f6-TXL

7. Comments


1. General Results, most used to calculate the result

Aname "phoenixmecano.com" is domain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 86299 (complete: 221801)
AGood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: phoenixmecano.com has 2 different ip addresses (authoritative).
AGood: Minimal 2 ip addresses per domain name found: www.phoenixmecano.com has 2 different ip addresses (authoritative).
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: phoenixmecano.com has no ipv6 address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: www.phoenixmecano.com has no ipv6 address.
AGood: No asked Authoritative Name Server had a timeout
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: www is preferred
AGood: No cookie sent via http.
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):3 complete Content-Type - header (5 urls)
https://141.193.213.20/ 141.193.213.20


Url with incomplete Content-Type - header - missing charset
https://141.193.213.21/ 141.193.213.21


Url with incomplete Content-Type - header - missing charset
Ahttp://www.phoenixmecano.com/ 141.193.213.20
301
https://www.phoenixmecano.com/
Correct redirect http - https with the same domain name
Ahttp://www.phoenixmecano.com/ 141.193.213.21
301
https://www.phoenixmecano.com/
Correct redirect http - https with the same domain name
Bhttps://phoenixmecano.com/ 141.193.213.20
301

Missing HSTS-Header
Bhttps://phoenixmecano.com/ 141.193.213.21
301

Missing HSTS-Header
Bhttps://www.phoenixmecano.com/ 141.193.213.20
200

Missing HSTS-Header
Bhttps://www.phoenixmecano.com/ 141.193.213.21
200

Missing HSTS-Header
Dhttp://phoenixmecano.com/ 141.193.213.20
301
http://www.phoenixmecano.com/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://phoenixmecano.com/ 141.193.213.21
301
http://www.phoenixmecano.com/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Mhttps://141.193.213.20/ 141.193.213.20
403

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://141.193.213.21/ 141.193.213.21
403

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://141.193.213.20/ 141.193.213.20
403

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://141.193.213.21/ 141.193.213.21
403

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain phoenixmecano.com, 2 ip addresses.
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.phoenixmecano.com, 2 ip addresses.
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain phoenixmecano.com, 2 ip addresses.
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain www.phoenixmecano.com, 2 ip addresses.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.phoenixmecano.com

2. Header-Checks (alpha, started 2022-10-23, may be buggy / incomplete)

Fwww.phoenixmecano.com 141.193.213.20
Content-Security-Policy
Critical: Missing Header:
Fwww.phoenixmecano.com 141.193.213.20
X-Content-Type-Options
Critical: Missing Header:
Fwww.phoenixmecano.com 141.193.213.20
Referrer-Policy
Critical: Missing Header:
Fwww.phoenixmecano.com 141.193.213.20
Permissions-Policy
Critical: Missing Header:
Fwww.phoenixmecano.com 141.193.213.21
Content-Security-Policy
Critical: Missing Header:
Fwww.phoenixmecano.com 141.193.213.21
X-Content-Type-Options
Critical: Missing Header:
Fwww.phoenixmecano.com 141.193.213.21
Referrer-Policy
Critical: Missing Header:
Fwww.phoenixmecano.com 141.193.213.21
Permissions-Policy
Critical: Missing Header:

3. DNS- and NameServer - Checks

AInfo:: 7 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 2 Name Servers.
AInfo:: 7 Queries complete, 7 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
Ok (4 - 8):: An average of 3.5 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 2 different Name Servers found: ns53.worldnic.com, ns54.worldnic.com, 2 Name Servers included in Delegation: ns53.worldnic.com, ns54.worldnic.com, 2 Name Servers included in 1 Zone definitions: ns53.worldnic.com, ns54.worldnic.com, 1 Name Servers listed in SOA.Primary: ns53.worldnic.com.
AGood: Only one SOA.Primary Name Server found.: ns53.worldnic.com.
AGood: SOA.Primary Name Server included in the delegation set.: ns53.worldnic.com.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: ns53.worldnic.com, ns54.worldnic.com
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 2 different Name Servers found
Warning: No Name Server IPv6 address found. IPv6 is the future, so your name servers should be visible via IPv6.: 2 different Name Servers found
Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 2 Name Servers, 1 Top Level Domain: com
Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: worldnic.com
Warning: All Name Servers from the same Country / IP location.: 2 Name Servers, 1 Countries: CA
AInfo: Ipv4-Subnet-list: 2 Name Servers, 1 different subnets (first Byte): 162., 1 different subnets (first two Bytes): 162.159., 2 different subnets (first three Bytes): 162.159.26., 162.159.27.
AGood: Name Server IPv4-addresses from different subnet found:
AGood: Nameserver supports TCP connections: 2 good Nameserver
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 2 good Nameserver
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 supports GZip.
https://www.phoenixmecano.com/ 141.193.213.20
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://www.phoenixmecano.com/ 141.193.213.21
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de
404
3.907 seconds
Warning: 404 needs more then one second
AInfo: Different Server-Headers found
ADuration: 159680 milliseconds, 159.680 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
phoenixmecano.com
141.193.213.20
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
phoenixmecano.com
141.193.213.20
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain - too much certificates, don't send root certificates
1CN=phoenixmecano.com

2CN=R3, O=Let's Encrypt, C=US

3CN=ISRG Root X1, O=Internet Security Research Group, C=US


phoenixmecano.com
141.193.213.21
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

phoenixmecano.com
141.193.213.21
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain - too much certificates, don't send root certificates
1CN=phoenixmecano.com

2CN=R3, O=Let's Encrypt, C=US

3CN=ISRG Root X1, O=Internet Security Research Group, C=US


www.phoenixmecano.com
141.193.213.20
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.phoenixmecano.com
141.193.213.20
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain - too much certificates, don't send root certificates
1CN=www.phoenixmecano.com

2CN=R3, O=Let's Encrypt, C=US

3CN=ISRG Root X1, O=Internet Security Research Group, C=US


www.phoenixmecano.com
141.193.213.21
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.phoenixmecano.com
141.193.213.21
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain - too much certificates, don't send root certificates
1CN=www.phoenixmecano.com

2CN=R3, O=Let's Encrypt, C=US

3CN=ISRG Root X1, O=Internet Security Research Group, C=US


ssl-purchase.wpengine.io
ssl-purchase.wpengine.io
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

ssl-purchase.wpengine.io
ssl-purchase.wpengine.io
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
no http/2 via ALPN 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
 Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain - too much certificates, don't send root certificates
1CN=ssl-purchase.wpengine.io

2CN=R3, O=Let's Encrypt, C=US

3CN=ISRG Root X1, O=Internet Security Research Group, C=US


141.193.213.20
141.193.213.20
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

141.193.213.20
141.193.213.20
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, C=US, ST=California

2CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US


141.193.213.21
141.193.213.21
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

141.193.213.21
141.193.213.21
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, C=US, ST=California

2CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US


9. Certificates

1.
1.
CN=phoenixmecano.com
14.04.2023
13.07.2023
expires in 39 days		phoenixmecano.com - 1 entry
1.
1.
CN=phoenixmecano.com
14.04.2023

13.07.2023
expires in 39 days
phoenixmecano.com - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:040FC966C74064FF02CCB7BB5A73BDACE89B
Thumbprint:B215F0F2B7E4ABE663754B776EC6545C98B91E7D
SHA256 / Certificate:HoTnwhln7XvxFlSkJPaD/RS1EvQGXCUw1Srufte1rc4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):4a3689dba42cd14defb6e088e58dcbc8b53189a4b20adaa4abb1f753634ee2cb
SHA256 hex / Subject Public Key Information (SPKI):4a3689dba42cd14defb6e088e58dcbc8b53189a4b20adaa4abb1f753634ee2cb (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 834 days

2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 834 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 4383 days

3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 4383 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


2.
1.
CN=www.phoenixmecano.com
14.04.2023
13.07.2023
expires in 39 days		www.phoenixmecano.com - 1 entry
2.
1.
CN=www.phoenixmecano.com
14.04.2023

13.07.2023
expires in 39 days
www.phoenixmecano.com - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:03BD6292E3941787B8AD037C47CA5F1F5E9D
Thumbprint:1CED2697B9F2765C68074085EC177194977FB629
SHA256 / Certificate:zj2pNztHNfFcexXI+qtnpzfNavYhhWrg8bWKrmR49uo=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):18100995d2026fad082058204d98bafc7b37ea8836ce5f94ee003c28cef546c7
SHA256 hex / Subject Public Key Information (SPKI):18100995d2026fad082058204d98bafc7b37ea8836ce5f94ee003c28cef546c7 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 834 days

2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 834 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 4383 days

3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 4383 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


3.
1.
CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, S=California, C=US
20.03.2023
20.03.2024
expires in 290 days		sni.cloudflaressl.com, *.wpewaf.com, wpewaf.com - 3 entries
3.
1.
CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, S=California, C=US
20.03.2023

20.03.2024
expires in 290 days
sni.cloudflaressl.com, *.wpewaf.com, wpewaf.com - 3 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:ECDSA SHA256
Serial Number:044604605174DA220F03E072913C1B39
Thumbprint:92B90FF2CC18860D11272DD6C05D74D9DBEAF8A3
SHA256 / Certificate:yAFdyqRNhfQpIWz73sKGyfW7nw2yQ4Udv3J5kV3QV6U=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):49850631314ebd76d78e8815b1743498da0a1fe757210406ca90c97121470a9f
SHA256 hex / Subject Public Key Information (SPKI):49850631314ebd76d78e8815b1743498da0a1fe757210406ca90c97121470a9f (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
27.01.2020
01.01.2025
expires in 577 days

2.
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
27.01.2020

01.01.2025
expires in 577 days


KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:0A3787645E5FB48C224EFD1BED140C3C
Thumbprint:B3DD7606D2B5A8B4A13771DBECC9EE1CECAFA38A
SHA256 / Certificate:OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):144cd5394a78745de02346553d126115b48955747eb9098c1fae7186cd60947e
SHA256 hex / Subject Public Key Information (SPKI):144cd5394a78745de02346553d126115b48955747eb9098c1fae7186cd60947e
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


3.
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
12.05.2000
13.05.2025
expires in 709 days

3.
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
12.05.2000

13.05.2025
expires in 709 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:020000B9
Thumbprint:D4DE20D05E66FC53FE1A50882C78DB2852CAE474
SHA256 / Certificate:Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=
SHA256 hex / Cert (DANE * 0 1):16af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb
SHA256 hex / PublicKey (DANE * 1 1):63d9af9b47b1064d49a10e7b7fd566dbc8caa399459bfc2829c571ad8c6ef34a
SHA256 hex / Subject Public Key Information (SPKI):63d9af9b47b1064d49a10e7b7fd566dbc8caa399459bfc2829c571ad8c6ef34a
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


4.
1.
CN=ssl-purchase.wpengine.io
11.05.2023
09.08.2023
expires in 66 days		ssl-purchase.wpengine.io - 1 entry
4.
1.
CN=ssl-purchase.wpengine.io
11.05.2023

09.08.2023
expires in 66 days
ssl-purchase.wpengine.io - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:03E772E13DDFB75A82A5E81867A55ACEDFA0
Thumbprint:CF4A935433F84B513B574054844F22B8D879DD93
SHA256 / Certificate:LK+o1vq58NZOdaOF4uiFicPcId394nSR1tpAd/w8Sw4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):d1f80ee53d0960b0d6910765f562c28a73ddbb6676ba3b25de2a55267822626c
SHA256 hex / Subject Public Key Information (SPKI):d1f80ee53d0960b0d6910765f562c28a73ddbb6676ba3b25de2a55267822626c (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 834 days

2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 834 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 4383 days

3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 4383 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=R3, O=Let's Encrypt, C=US
0
2
2

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
5088830286
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-04-14 12:25:04
2023-07-13 12:25:03
www.phoenixmecano.com - 1 entries


5088661932
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-04-14 11:24:04
2023-07-13 11:24:03
phoenixmecano.com - 1 entries



2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=R3, O=Let's Encrypt, C=US
0 /0 new
2
18

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
9154457342
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-04-14 10:25:04
2023-07-13 10:25:03
www.phoenixmecano.com
1 entries


9154237404
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-04-14 09:24:04
2023-07-13 09:24:03
phoenixmecano.com
1 entries


8665008610
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-02-05 11:25:13
2023-05-06 10:25:12
www.phoenixmecano.com
1 entries


8664629122
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-02-05 10:23:49
2023-05-06 09:23:48
phoenixmecano.com
1 entries


8097753200
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-11-29 11:25:52
2023-02-27 11:25:51
www.phoenixmecano.com
1 entries


8097298492
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-11-29 10:24:06
2023-02-27 10:24:05
phoenixmecano.com
1 entries


7601972291
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-09-22 10:23:16
2022-12-21 11:23:15
www.phoenixmecano.com
1 entries


7601667976
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-09-22 09:25:10
2022-12-21 10:25:09
phoenixmecano.com
1 entries


7137012491
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-07-16 10:25:12
2022-10-14 10:25:11
www.phoenixmecano.com
1 entries


7136778404
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-07-16 09:23:28
2022-10-14 09:23:27
phoenixmecano.com
1 entries


6694293016
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-05-09 10:24:44
2022-08-07 10:24:43
www.phoenixmecano.com
1 entries


6694035479
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-05-09 09:23:15
2022-08-07 09:23:14
phoenixmecano.com
1 entries


6269975102
leaf cert		CN=R3, O=Let's Encrypt, C=US
2022-03-02 11:23:00
2022-05-31 10:22:59
www.phoenixmecano.com
1 entries


6269749513
precert		CN=R3, O=Let's Encrypt, C=US
2022-03-02 10:24:48
2022-05-31 09:24:47
phoenixmecano.com
1 entries


5855921530
leaf cert		CN=R3, O=Let's Encrypt, C=US
2021-12-24 11:24:20
2022-03-24 11:24:19
www.phoenixmecano.com
1 entries


5855722191
leaf cert		CN=R3, O=Let's Encrypt, C=US
2021-12-24 10:23:21
2022-03-24 10:23:20
phoenixmecano.com
1 entries


5430856016
leaf cert		CN=R3, O=Let's Encrypt, C=US
2021-10-17 10:24:28
2022-01-15 11:24:27
www.phoenixmecano.com
1 entries


5430631708
leaf cert		CN=R3, O=Let's Encrypt, C=US
2021-10-17 09:23:47
2022-01-15 10:23:46
phoenixmecano.com
1 entries



11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns53.worldnic.com, ns54.worldnic.com

QNr.DomainTypeNS used
1
com
NS
e.root-servers.net (2001:500:a8::e)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
ns53.worldnic.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: heidi.ns.cloudflare.com, rex.ns.cloudflare.com

Answer: heidi.ns.cloudflare.com
108.162.194.236, 162.159.38.236, 172.64.34.236, 2606:4700:50::a29f:26ec, 2803:f800:50::6ca2:c2ec, 2a06:98c1:50::ac40:22ec

Answer: rex.ns.cloudflare.com
108.162.195.13, 162.159.44.13, 172.64.35.13, 2606:4700:58::a29f:2c0d, 2803:f800:50::6ca2:c30d, 2a06:98c1:50::ac40:230d
3
ns54.worldnic.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: heidi.ns.cloudflare.com, rex.ns.cloudflare.com

Answer: heidi.ns.cloudflare.com
108.162.194.236, 162.159.38.236, 172.64.34.236, 2606:4700:50::a29f:26ec, 2803:f800:50::6ca2:c2ec, 2a06:98c1:50::ac40:22ec

Answer: rex.ns.cloudflare.com
108.162.195.13, 162.159.44.13, 172.64.35.13, 2606:4700:58::a29f:2c0d, 2803:f800:50::6ca2:c30d, 2a06:98c1:50::ac40:230d
4
ns53.worldnic.com: 162.159.26.165
A
heidi.ns.cloudflare.com (2606:4700:50::a29f:26ec)
5
ns53.worldnic.com: No AAAA record found
AAAA
heidi.ns.cloudflare.com (2606:4700:50::a29f:26ec)
6
ns54.worldnic.com: 162.159.27.8
A
heidi.ns.cloudflare.com (2606:4700:50::a29f:26ec)
7
ns54.worldnic.com: No AAAA record found
AAAA
heidi.ns.cloudflare.com (2606:4700:50::a29f:26ec)


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.phoenixmecano.com



1
0
phoenixmecano.com
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
phoenixmecano.com
google-site-verification=EEYh3eTSngTiuevH4QGYGuvvKQkVwXlcu-Xn7_3eV34
ok
1
0
phoenixmecano.com
MS=ms11320618
ok
1
0
phoenixmecano.com
swisssign-check=5sPMflm6w9wtzEZdwXpFR0D7pzE1MCNnC31v3sxXL7
ok
1
0
www.phoenixmecano.com
google-site-verification=EEYh3eTSngTiuevH4QGYGuvvKQkVwXlcu-Xn7_3eV34
ok
1
0
www.phoenixmecano.com
MS=ms11320618
ok
1
0
www.phoenixmecano.com
swisssign-check=5sPMflm6w9wtzEZdwXpFR0D7pzE1MCNnC31v3sxXL7
ok
1
0
_acme-challenge.phoenixmecano.com

missing entry or wrong length
1
0
_acme-challenge.www.phoenixmecano.com

Name Error - The domain name does not exist
1
0
_acme-challenge.phoenixmecano.com.phoenixmecano.com

 perhaps wrong
1
0
_acme-challenge.www.phoenixmecano.com.phoenixmecano.com

 perhaps wrong
1
0
_acme-challenge.www.phoenixmecano.com.www.phoenixmecano.com

Name Error - The domain name does not exist
1
0


15. DomainService - Entries (SSHFP Check is new - 2022-09-24, may be incomplete, alpha, some results are required)

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
MX

phoenixmecano.com
10
mxus1.pm-ag.net
0
2
ok


A


50.227.196.180
0
1
ok


CNAME



0
0
ok

MX

phoenixmecano.com
20
mxpm1.pm-ag.net
0
2
ok


A


80.149.241.107
0
1
ok


CNAME



0
0
ok

_dmarc
TXT
_dmarc.phoenixmecano.com


0
0
ok



16. Cipher Suites

DomainIPPortCipher (OpenSsl / IANA)



 Skipped, CDN used or too many ip addresses






17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.



Permalink: https://check-your-website.server-daten.de/?i=04bc4827-3358-491a-9023-31abcc0c74d7


Last Result: https://check-your-website.server-daten.de/?q=phoenixmecano.com - 2023-05-13 01:54:34


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=phoenixmecano.com" target="_blank">Check this Site: phoenixmecano.com</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro


Jürgen Auer • Friedenstr. 37 • 10249 Berlin • +49(0)30 420 200 60 • info@sql-und-xml.de • USt-IdNr.: DE221734518

Errors, ideas, questions? Use the Contact form • A project using Server-Daten - Web Database solutions