Check DNS, Urls + Redirects, Certificates and Content of your Website

...

skip EDNS-Check

skip Content-Check

check links

old / weak connection

Checked:
16.05.2026 17:55:53

Older results

O - 16.05.2026 01:50:23

O - 13.05.2026 21:55:45

O - 13.05.2026 00:01:12

O - 09.05.2026 22:53:14

O - 07.05.2026 21:31:15

X - 06.05.2026 11:15:38

X - 05.05.2026 16:44:35

X - 05.05.2026 10:35:03

O - 04.05.2026 17:28:07

O - 25.04.2026 08:45:51

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
safaricom.co.ke	A	45.223.18.17 New York/United States (US) - Incapsula Inc No Hostname found	yes	1	0
	A	45.223.28.17 San Mateo/California/United States (US) - Incapsula Inc No Hostname found	yes	1	0
	AAAA		yes
www.safaricom.co.ke	A	45.223.18.17 New York/United States (US) - Incapsula Inc No Hostname found	yes	1	0
	A	45.223.28.17 San Mateo/California/United States (US) - Incapsula Inc No Hostname found	yes	1	0
	AAAA		yes
*.safaricom.co.ke	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 54393, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2026, 00:00:00 +, Signature-Inception: 11.05.2026, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ke
ke	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 17597, DigestType 2 and Digest T+8LxI89Kft57qDfaVwuCj92j+HGYTPINjkJrJcuZdE=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner ke., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 29.05.2026, 05:00:00 +, Signature-Inception: 16.05.2026, 04:00:00 +, KeyTag 54393, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 54393 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 17597, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 50866, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner ke., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 28.05.2026, 10:03:40 +, Signature-Inception: 08.05.2026, 08:33:40 +, KeyTag 17597, Signer-Name: ke


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17597 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 17597, DigestType 2 and Digest "T+8LxI89Kft57qDfaVwuCj92j+HGYTPINjkJrJcuZdE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: co.ke
co.ke	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "gj3m6go6u87nbk40qbbptb6j23h5q51k" between the hashed NSEC3-owner "gj3m6go6u87nbk40qbbptb6j23h5q51k" and the hashed NextOwner "gr5h6c9j0bj5qe7303ukhe8i0re9r2vk". So the parent zone confirmes the not-existence of a DS RR. Bitmap: TXT, RRSIG Validated: RRSIG-Owner gj3m6go6u87nbk40qbbptb6j23h5q51k.ke., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 04.06.2026, 10:08:35 +, Signature-Inception: 15.05.2026, 08:38:35 +, KeyTag 50866, Signer-Name: ke


	0 DNSKEY RR found




Zone: safaricom.co.ke
safaricom.co.ke	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 12837, DigestType 2 and Digest GZyITb057YUIuiZioCgMZ4R10qN3nvOspFV0tQ39PeI=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner safaricom.co.ke., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 04.06.2026, 10:08:35 +, Signature-Inception: 15.05.2026, 08:38:35 +, KeyTag 50866, Signer-Name: ke


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 50866 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 12837, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 17069, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner safaricom.co.ke., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 12837, Signer-Name: safaricom.co.ke


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 12837 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 12837, DigestType 2 and Digest "GZyITb057YUIuiZioCgMZ4R10qN3nvOspFV0tQ39PeI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	RRSIG Type 1 validates the A - Result: 45.223.18.17 45.223.28.17 Validated: RRSIG-Owner safaricom.co.ke., Algorithm: 13, 3 Labels, original TTL: 14400 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	RRSIG Type 16 validates the TXT - Result: atlassian-domain-verification=mQ9tPbLWVp16NM0KF9o/AHU10eswUP40Q3Pcf4lj8qbV+ycAUhAhwhd9ochsxCIs v=spf1 exists:%{i}.spf.hc502-0.eu.iphmx.com ip4:196.201.213.93 ip4:196.201.213.118 ip4:196.201.213.42 ip4:196.201.213.106 ip4:196.201.213.221 ip4:196.201.213.222 ip4:41.90.221.28 ip4:41.90.221.29 ~all Validated: RRSIG-Owner safaricom.co.ke., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	RRSIG Type 257 validates the CAA - Result: 5\|issuedigicert.com 9\|issuewilddigicert.com Validated: RRSIG-Owner safaricom.co.ke., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "7u2obvuqao6s12nbakiu9e8gpglo1iki" equal the hashed NSEC3-owner "7u2obvuqao6s12nbakiu9e8gpglo1iki" and the hashed NextOwner "7u2obvuqao6s12nbakiu9e8gpglo1ikj". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner 7u2obvuqao6s12nbakiu9e8gpglo1iki.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NoData-Proof required and found.


	AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "7u2obvuqao6s12nbakiu9e8gpglo1iki" equal the hashed NSEC3-owner "7u2obvuqao6s12nbakiu9e8gpglo1iki" and the hashed NextOwner "7u2obvuqao6s12nbakiu9e8gpglo1ikj". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner 7u2obvuqao6s12nbakiu9e8gpglo1iki.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.safaricom.co.ke) sends a valid NSEC3 RR as result with the hashed owner name "nebpve6tjt85nl2seopkc9u3ddq8h56b" (unhashed: _tcp.safaricom.co.ke). So that's the Closest Encloser of the query name. Bitmap: No Bitmap? Validated: RRSIG-Owner nebpve6tjt85nl2seopkc9u3ddq8h56b.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query (_443._tcp.safaricom.co.ke) sends a valid NSEC3 RR as result with the hashed query name "h6s8ips6s18e67vv9hrs3c0e15m9fmim" between the hashed NSEC3-owner "h6s8ips6s18e67vv9hrs3c0e15m9fmil" and the hashed NextOwner "h6s8ips6s18e67vv9hrs3c0e15m9fmin". So the zone confirmes the not-existence of that TLSA RR. Bitmap: No Bitmap? Validated: RRSIG-Owner h6s8ips6s18e67vv9hrs3c0e15m9fmil.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "ac1uvnnv367ni19hgu3q9369mjlr3mjg" (unhashed: *._tcp.safaricom.co.ke) with the owner "ac1uvnnv367ni19hgu3q9369mjlr3mjf" and the NextOwner "ac1uvnnv367ni19hgu3q9369mjlr3mjh". So that NSEC3 confirms the not-existence of the Wildcard expansion. Bitmap: No Bitmap? Validated: RRSIG-Owner ac1uvnnv367ni19hgu3q9369mjlr3mjf.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NXDomain-Proof required and found.

Zone: www.safaricom.co.ke
www.safaricom.co.ke	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "u05346cq49v87impn8dggge7lck8k06k" between the hashed NSEC3-owner "u05346cq49v87impn8dggge7lck8k06k" and the hashed NextOwner "u05346cq49v87impn8dggge7lck8k06l". So the parent zone confirmes the not-existence of a DS RR. Bitmap: A, RRSIG Validated: RRSIG-Owner u05346cq49v87impn8dggge7lck8k06k.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	RRSIG Type 1 validates the A - Result: 45.223.18.17 45.223.28.17 Validated: RRSIG-Owner www.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 14400 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "u05346cq49v87impn8dggge7lck8k06k" equal the hashed NSEC3-owner "u05346cq49v87impn8dggge7lck8k06k" and the hashed NextOwner "u05346cq49v87impn8dggge7lck8k06l". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, RRSIG Validated: RRSIG-Owner u05346cq49v87impn8dggge7lck8k06k.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NoData-Proof required and found.


	TXT-Query sends a valid NSEC3 RR as result with the hashed query name "u05346cq49v87impn8dggge7lck8k06k" equal the hashed NSEC3-owner "u05346cq49v87impn8dggge7lck8k06k" and the hashed NextOwner "u05346cq49v87impn8dggge7lck8k06l". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, RRSIG Validated: RRSIG-Owner u05346cq49v87impn8dggge7lck8k06k.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NoData-Proof required and found.


	AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "u05346cq49v87impn8dggge7lck8k06k" equal the hashed NSEC3-owner "u05346cq49v87impn8dggge7lck8k06k" and the hashed NextOwner "u05346cq49v87impn8dggge7lck8k06l". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, RRSIG Validated: RRSIG-Owner u05346cq49v87impn8dggge7lck8k06k.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.www.safaricom.co.ke) sends a valid NSEC3 RR as result with the hashed owner name "u05346cq49v87impn8dggge7lck8k06k" (unhashed: www.safaricom.co.ke). So that's the Closest Encloser of the query name. Bitmap: A, RRSIG Validated: RRSIG-Owner u05346cq49v87impn8dggge7lck8k06k.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "do941i6nujpfpkp5a4mnudihrb3a4hg8" (unhashed: _tcp.www.safaricom.co.ke) with the owner "do941i6nujpfpkp5a4mnudihrb3a4hg7" and the NextOwner "do941i6nujpfpkp5a4mnudihrb3a4hg9". So that NSEC3 confirms the not-existence of the Next Closer Name. Bitmap: No Bitmap? Validated: RRSIG-Owner do941i6nujpfpkp5a4mnudihrb3a4hg7.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "svn2s74eigqehvj447ass7nsspe276ao" (unhashed: *.www.safaricom.co.ke) with the owner "svn2s74eigqehvj447ass7nsspe276an" and the NextOwner "svn2s74eigqehvj447ass7nsspe276ap". So that NSEC3 confirms the not-existence of the Wildcard expansion. Bitmap: No Bitmap? Validated: RRSIG-Owner svn2s74eigqehvj447ass7nsspe276an.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NXDomain-Proof required and found.


	CAA-Query sends a valid NSEC3 RR as result with the hashed query name "u05346cq49v87impn8dggge7lck8k06k" equal the hashed NSEC3-owner "u05346cq49v87impn8dggge7lck8k06k" and the hashed NextOwner "u05346cq49v87impn8dggge7lck8k06l". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, RRSIG Validated: RRSIG-Owner u05346cq49v87impn8dggge7lck8k06k.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2026, 00:00:00 +, Signature-Inception: 07.05.2026, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	Status: Good. NoData-Proof required and found.

3. Name Servers

Domain	Nameserver	NS-IP
www.safaricom.co.ke	• ns1.safaricombusiness.co.ke		•
safaricom.co.ke	• ns1.safaricombusiness.co.ke	41.203.208.129 Nairobi/Nairobi County/Kenya (KE) - Safaricom Limited	•
	• ns2.safaricombusiness.co.ke	197.248.128.1 Nairobi/Nairobi County/Kenya (KE) - Safaricom Limited	•
	• ns3.safaricombusiness.co.ke	197.248.128.2 Nairobi/Nairobi County/Kenya (KE) - Safaricom Limited	•
	• ns4.safaricombusiness.co.ke	41.203.208.130 Nairobi/Nairobi County/Kenya (KE) - Safaricom Limited	•
co.ke	• mzizi.kenic.or.ke	196.1.4.130 Nairobi/Nairobi County/Kenya (KE) - Kenya Network Information Centre	•
	•	196.1.4.3 Nairobi/Nairobi County/Kenya (KE) - Kenya Network Information Centre	•
	T	196.13.202.53 Nairobi/Nairobi County/Kenya (KE) - Kenya Network Information Centre
	•	2001:43f8:10:0:50c0:a8ff:feee:30 Nairobi/Nairobi County/Kenya (KE) - Kenya Network Information Centre	•
ke	• kenic.anycastdns.cz		•
	• mzizi.kenic.or.ke		•
	• ns.anycast.kenic.or.ke
	• ns-ke.afrinic.net		•

4. SOA-Entries

Domain:	ke
Zone-Name:	ke
Primary:	mzizi.kenic.or.ke
Mail:	hostmaster.kenic.or.ke
Serial:	2026051614
Refresh:	21600
Retry:	3600
Expire:	604800
TTL:	86400
num Entries:	4

Domain:	co.ke
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1

Domain:	co.ke
Zone-Name:	ke
Primary:	mzizi.kenic.or.ke
Mail:	hostmaster.kenic.or.ke
Serial:	2026051614
Refresh:	21600
Retry:	3600
Expire:	604800
TTL:	86400
num Entries:	3

Domain:	safaricom.co.ke
Zone-Name:	safaricom.co.ke
Primary:	ns1.safaricombusiness.co.ke
Mail:	ebt-ipss.safaricom.co.ke
Serial:	2026050800
Refresh:	86400
Retry:	7200
Expire:	3600000
TTL:	300
num Entries:	4

Domain:	www.safaricom.co.ke
Zone-Name:	safaricom.co.ke
Primary:	ns1.safaricombusiness.co.ke
Mail:	ebt-ipss.safaricom.co.ke
Serial:	2026050800
Refresh:	86400
Retry:	7200
Expire:	3600000
TTL:	300
num Entries:	1

5. Screenshots

Startaddress: https://www.safaricom.co.ke/, address used: https://www.safaricom.co.ke/, Screenshot created 2026-05-16 18:44:12 +00:0

Mobil (412px x 732px)

723 milliseconds

Screenshot mobile - https://www.safaricom.co.ke/

Mobil + Landscape (732px x 412px)

707 milliseconds

Screenshot mobile landscape - https://www.safaricom.co.ke/

Screen (1280px x 1680px)

1257 milliseconds

Screenshot Desktop - https://www.safaricom.co.ke/

Mobile- and other Chrome-Checks

	width	height
visual Viewport	412	717
content Size	539	717

Fatal: Horizontal scrollbar detected. Content-size width is greater then visual Viewport width.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://safaricom.co.ke/ 45.223.18.17	301	https://safaricom.co.ke/	0.220	A
Location: https://safaricom.co.ke/
Connection: close
Content-Length: 0

• http://safaricom.co.ke/ 45.223.28.17	301	https://safaricom.co.ke/	0.234	A
Location: https://safaricom.co.ke/
Connection: close
Content-Length: 0

• http://www.safaricom.co.ke/ 45.223.18.17	301	https://www.safaricom.co.ke/	0.220	A
Location: https://www.safaricom.co.ke/
Connection: close
Content-Length: 0

• http://www.safaricom.co.ke/ 45.223.28.17	301	https://www.safaricom.co.ke/	0.234	A
Location: https://www.safaricom.co.ke/
Connection: close
Content-Length: 0

• https://safaricom.co.ke/ 45.223.18.17	301	https://www.safaricom.co.ke/	5.187	A
Location: https://www.safaricom.co.ke/
Strict-Transport-Security: max-age=31536000
Connection: close
Content-Length: 0

• https://safaricom.co.ke/ 45.223.28.17	301	https://www.safaricom.co.ke/	5.390	A
Location: https://www.safaricom.co.ke/
Strict-Transport-Security: max-age=31536000
Connection: close
Content-Length: 0

• https://www.safaricom.co.ke/ 45.223.18.17 gzip used - 53473 / 284425 - 81.20 %	200	Html is minified: 191.49 %	5.844	B
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 16 May 2026 15:57:42 GMT
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' .blaze.co.ke polyfill.io unpkg.com .facebook.net .licdn.com .nse.co.ke .pusher.com .googletagmanager.com .youtube.com maps.gstatic.com .googleapis.com .google-analytics.com cdnjs.cloudflare.com .google.com googletagmanager.com cdn.jsdelivr.net .fontawesome.com .safaricom.co.ke *.safaricom.com; worker-src 'self' blob:
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Vary: Accept-Encoding
Cache-Control: no-store, must-revalidate, no-cache, post-check=0, pre-check=0
Pragma: no-cache
X-OneAgent-JS-Injection: true
X-ruxit-JS-Agent: true
ETag: "1778947062:dtagent1033526030604383161ws"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-15895327"
Set-Cookie: dtCookie=v_4_srv_2_sn_443C1D5A2840DDA400C4283C3F03CF8F_perc_100000_ol_0_mul_1_app-3A3fab408bed188a6d_1_rcs-3Acss_0; Path=/; Domain=.safaricom.co.ke,visid_incap_2320573=INVc9NnySbmiS9tBMS9j1+eTCGoAAAAAQUIPAAAAAAB4yuWc+my8LJ6jdfbb1j5t; expires=Sun, 16 May 2027 12:29:50 GMT; HttpOnly; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None,nlbi_2320573=MzFcelmOPVY3Ix8vuMqyPwAAAADs8yMdnXWN/4gU973fhaz0; HttpOnly; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None,incap_ses_1844_2320573=7/wrHK5oVS+8jrEC8zSXGfWTCGoAAAAAVsm1a4/rwAjYytCG4jyulw==; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 4d455abe9c408ddc198b94f7ff4a91ea.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD89-P3
X-Amz-Cf-Id: 1W-tSyOqFEh1uXuliQBqO9w1JEOWKQ-XOjUg7Oxmm6oS3qjZEVRkTA==
X-CDN: Imperva
X-Iinfo: 51-62951014-62951053 NNNN CT(4 6 0) RT(1778947061906 226) q(0 0 0 0) r(1 4) U12
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified: Sat, 16 May 2026 15:57:41 GMT
Content-Length: 53473

• https://www.safaricom.co.ke/ 45.223.28.17 gzip used - 53383 / 284431 - 81.23 %	200	Html is minified: 191.48 %	6.106	B
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 16 May 2026 15:57:49 GMT
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' .blaze.co.ke polyfill.io unpkg.com .facebook.net .licdn.com .nse.co.ke .pusher.com .googletagmanager.com .youtube.com maps.gstatic.com .googleapis.com .google-analytics.com cdnjs.cloudflare.com .google.com googletagmanager.com cdn.jsdelivr.net .fontawesome.com .safaricom.co.ke *.safaricom.com; worker-src 'self' blob:
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Vary: Accept-Encoding
Cache-Control: no-store, must-revalidate, no-cache, post-check=0, pre-check=0
Pragma: no-cache
X-OneAgent-JS-Injection: true
X-ruxit-JS-Agent: true
ETag: "1778947069:dtagent1033526030604383161ws"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1797960736"
Set-Cookie: dtCookie=v_4_srv_7_sn_FCFF772DE23B0CD77EA1CBD32E007458_perc_100000_ol_0_mul_1_app-3A3fab408bed188a6d_1_rcs-3Acss_1; Path=/; Domain=.safaricom.co.ke,visid_incap_2320573=CCfZgTX/T/yBLuspfjJUmeiTCGoAAAAAQUIPAAAAAAB54J0JrDwzThH+y/ca8KK0; expires=Sun, 16 May 2027 06:23:30 GMT; HttpOnly; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None,nlbi_2320573=jHQfeQNj/3GKNdcruMqyPwAAAAD0SZR7x5oB7IGkOY/bD2jR; HttpOnly; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None,incap_ses_1226_2320573=9BUudDff4CDeGxMqFqEDEf2TCGoAAAAADk7JBbuVMg2fq4V6QAG5LQ==; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 1358fd05ccefe30c8bdfa3da87c32660.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: YTO53-P1
X-Amz-Cf-Id: DS6G24-gPZOIwYJTWTimP37_Wxrvod1BQrxNp6ZrHqiw8eTg0aIBcQ==
X-CDN: Imperva
X-Iinfo: 7-88907928-88907951 NNNN CT(15 18 0) RT(1778947069097 256) q(0 0 1 9) r(1 5) U12
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified: Sat, 16 May 2026 15:57:48 GMT
Content-Length: 53383

• http://safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 45.223.18.17	301	https://safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.220	A
Visible Content:
Location: https://safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• http://safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 45.223.28.17	301	https://safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.250	A
Visible Content:
Location: https://safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• http://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 45.223.18.17	301	https://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.220	A
Visible Content:
Location: https://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• http://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 45.223.28.17	301	https://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.250	A
Visible Content:
Location: https://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• https://safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	301	https://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	4.907	A
Visible Content:
Location: https://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Strict-Transport-Security: max-age=31536000
Connection: close
Content-Length: 0

• https://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de gzip used - 4488 / 16952 - 73.53 %	404	Html is minified: 128.50 %	5.297	A
Not Found
Visible Content:
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 16 May 2026 15:58:24 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1601903689"
X-Frame-Options: SAMEORIGIN
Server: nginx
Cache-Control: no-store, must-revalidate, no-cache, post-check=0, pre-check=0
Pragma: no-cache
X-OneAgent-JS-Injection: true
X-ruxit-JS-Agent: true
ETag: "1778947104:dtagent1033526030604383161ws"
X-Cache: Error from cloudfront
Via: 1.1 efdcc66e9e8d02eefead50d956823812.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: YTO53-P1
X-Amz-Cf-Id: 5nNU8uG-02YWDD4PSiV8xbryYmB7VdajW1xtJupQxalPv76j8uGgzw==
Set-Cookie: nlbi_2320573=DS3NNiNFmXeAYPbvuMqyPwAAAAD8Vv/thMrSyQn+XlIwZX4T; HttpOnly; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None,incap_ses_1226_2320573=XykkLnb30BNoPBMqFqEDER+UCGoAAAAA8OhHqOWlr/7LbFmYeVFZ0A==; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000
X-CDN: Imperva
X-Iinfo: 2-38195276-38195285 NNYN CT(1 7 0) RT(1778947103588 123) q(0 1 1 140) r(1 4) U11
Content-Type: text/html; charset=utf-8
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified: Sat, 16 May 2026 15:58:23 GMT
Content-Encoding: gzip
Content-Length: 4488

• https://45.223.18.17/ 45.223.18.17	503	Html is minified: 100.00 %	8.734	N
Service Unavailable
Certificate error: RemoteCertificateNameMismatch
Cache-Control: no-store, no-cache
Connection: close
X-Iinfo: 46-51999649-0 0NNN RT(1778947077677 235) q(0 -1 -1 -1) r(0 -1)
Content-Type: text/html
Content-Length: 708

• https://45.223.28.17/ 45.223.28.17	503	Html is minified: 100.00 %	8.936	N
Service Unavailable
Certificate error: RemoteCertificateNameMismatch
Cache-Control: no-store, no-cache
Connection: close
X-Iinfo: 0-20589005-0 0NNN RT(1778947087429 253) q(0 -1 -1 -1) r(0 -1)
Content-Type: text/html
Content-Length: 707

7. Comments

	1. General Results, most used to calculate the result
A	name "safaricom.co.ke" is domain, public suffix is ".co.ke", top-level-domain is ".ke", top-level-domain-type is "country-code", Country is Kenya, tld-manager is "Kenya Network Information Center (KeNIC)", num .ke-domains preloaded: 71 (complete: 276475)
A	Good: All ip addresses are public addresses
A	Good: Minimal 2 ip addresses per domain name found: safaricom.co.ke has 2 different ip addresses (authoritative).
A	Good: Minimal 2 ip addresses per domain name found: www.safaricom.co.ke has 2 different ip addresses (authoritative).
	Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: safaricom.co.ke has no ipv6 address.
	Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: www.safaricom.co.ke has no ipv6 address.
A	Good: No asked Authoritative Name Server had a timeout
A	Good: destination is https
A	Good - only one version with Http-Status 200
A	Good: one preferred version: www is preferred
A	Good: No cookie sent via http.
	HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
A	http://safaricom.co.ke/ 45.223.18.17	301	https://safaricom.co.ke/	Correct redirect http - https with the same domain name
A	http://safaricom.co.ke/ 45.223.28.17	301	https://safaricom.co.ke/	Correct redirect http - https with the same domain name
A	http://www.safaricom.co.ke/ 45.223.18.17	301	https://www.safaricom.co.ke/	Correct redirect http - https with the same domain name
A	http://www.safaricom.co.ke/ 45.223.28.17	301	https://www.safaricom.co.ke/	Correct redirect http - https with the same domain name
B	https://www.safaricom.co.ke/ 45.223.18.17	200	dtCookie=v_4_srv_2_sn_443C1D5A2840DDA400C4283C3F03CF8F_perc_100000_ol_0_mul_1_app-3A3fab408bed188a6d_1_rcs-3Acss_0; Path=/; Domain=.safaricom.co.ke	Cookie sent via https, but not marked as secure
B	https://www.safaricom.co.ke/ 45.223.28.17	200	dtCookie=v_4_srv_7_sn_FCFF772DE23B0CD77EA1CBD32E007458_perc_100000_ol_0_mul_1_app-3A3fab408bed188a6d_1_rcs-3Acss_1; Path=/; Domain=.safaricom.co.ke	Cookie sent via https, but not marked as secure
B	https://www.safaricom.co.ke/ 45.223.18.17	200	dtCookie=v_4_srv_2_sn_443C1D5A2840DDA400C4283C3F03CF8F_perc_100000_ol_0_mul_1_app-3A3fab408bed188a6d_1_rcs-3Acss_0; Path=/; Domain=.safaricom.co.ke	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	https://www.safaricom.co.ke/ 45.223.28.17	200	dtCookie=v_4_srv_7_sn_FCFF772DE23B0CD77EA1CBD32E007458_perc_100000_ol_0_mul_1_app-3A3fab408bed188a6d_1_rcs-3Acss_1; Path=/; Domain=.safaricom.co.ke	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
N	https://45.223.18.17/ 45.223.18.17	503		Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://45.223.28.17/ 45.223.28.17	503		Error - Certificate isn't trusted, RemoteCertificateNameMismatch
O	safaricom.co.ke / 45.223.18.17 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.18.17 / 2083			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.18.17 / 2087			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.18.17 / 2096			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.18.17 / 2222			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.18.17 / 8080			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.18.17 / 8083			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.18.17 / 8443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.18.17 / 10000			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 2083			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 2087			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 2096			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 2222			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 8080			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 8083			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 8443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safaricom.co.ke / 45.223.28.17 / 10000			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	www.safaricom.co.ke / 45.223.18.17 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	www.safaricom.co.ke / 45.223.28.17 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
X	Fatal error: Nameserver doesn't support TCP connection: mzizi.kenic.or.ke / 196.13.202.53: Timeout
X	Fatal error: Nameserver doesn't support TCP connection: ns.anycast.kenic.or.ke: Timeout
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain safaricom.co.ke, 2 ip addresses.
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.safaricom.co.ke, 2 ip addresses.
	Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain safaricom.co.ke, 2 ip addresses.
	Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain www.safaricom.co.ke, 2 ip addresses.
B	No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.safaricom.co.ke
	2. Header-Checks
A	www.safaricom.co.ke 45.223.18.17	Content-Security-Policy		Ok: Header without syntax errors found: script-src 'self' 'unsafe-inline' 'unsafe-eval' .blaze.co.ke polyfill.io unpkg.com .facebook.net .licdn.com .nse.co.ke .pusher.com .googletagmanager.com .youtube.com maps.gstatic.com .googleapis.com .google-analytics.com cdnjs.cloudflare.com .google.com googletagmanager.com cdn.jsdelivr.net .fontawesome.com .safaricom.co.ke *.safaricom.com; worker-src 'self' blob:
F				Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
E				Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
E				Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E				Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
F				Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
F				Critical: script-src with 'unsafe-inline' or 'unsafe-eval' and without a nonce found. That's dangerous, don't use it. If you really need one of these unsafe directives, add a nonce.
A				Good: script-src without * and a scheme found.
A				Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A		X-Content-Type-Options		Ok: Header without syntax errors found: nosniff
A		Referrer-Policy		Ok: Header without syntax errors found: strict-origin-when-cross-origin
A		X-Frame-Options		Ok: Header without syntax errors found: SAMEORIGIN
B				Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A		X-Xss-Protection		Ok: Header without syntax errors found: 1; mode=block
B				Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
A	www.safaricom.co.ke 45.223.28.17	Content-Security-Policy		Ok: Header without syntax errors found: script-src 'self' 'unsafe-inline' 'unsafe-eval' .blaze.co.ke polyfill.io unpkg.com .facebook.net .licdn.com .nse.co.ke .pusher.com .googletagmanager.com .youtube.com maps.gstatic.com .googleapis.com .google-analytics.com cdnjs.cloudflare.com .google.com googletagmanager.com cdn.jsdelivr.net .fontawesome.com .safaricom.co.ke *.safaricom.com; worker-src 'self' blob:
F				Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
E				Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
E				Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E				Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
F				Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
F				Critical: script-src with 'unsafe-inline' or 'unsafe-eval' and without a nonce found. That's dangerous, don't use it. If you really need one of these unsafe directives, add a nonce.
A				Good: script-src without * and a scheme found.
A				Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A		X-Content-Type-Options		Ok: Header without syntax errors found: nosniff
A		Referrer-Policy		Ok: Header without syntax errors found: strict-origin-when-cross-origin
A		X-Frame-Options		Ok: Header without syntax errors found: SAMEORIGIN
B				Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A		X-Xss-Protection		Ok: Header without syntax errors found: 1; mode=block
B				Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
F	www.safaricom.co.ke 45.223.18.17	Permissions-Policy		Critical: Missing Header:
B	www.safaricom.co.ke 45.223.18.17	Cross-Origin-Embedder-Policy		Info: Missing Header
B	www.safaricom.co.ke 45.223.18.17	Cross-Origin-Opener-Policy		Info: Missing Header
B	www.safaricom.co.ke 45.223.18.17	Cross-Origin-Resource-Policy		Info: Missing Header
F	www.safaricom.co.ke 45.223.28.17	Permissions-Policy		Critical: Missing Header:
B	www.safaricom.co.ke 45.223.28.17	Cross-Origin-Embedder-Policy		Info: Missing Header
B	www.safaricom.co.ke 45.223.28.17	Cross-Origin-Opener-Policy		Info: Missing Header
B	www.safaricom.co.ke 45.223.28.17	Cross-Origin-Resource-Policy		Info: Missing Header
	3. DNS- and NameServer - Checks
A	Info:: 13 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 4 Name Servers.
A	Info:: 13 Queries complete, 5 with IPv6, 8 with IPv4.
	Warning: Only some DNS Queries done via ipv6. IPv6 is the future, so the name servers of your name servers should have ipv6 addresses.
	Ok (4 - 8):: An average of 3.3 queries per domain name server required to find all ip addresses of all name servers.
A	Info:: 4 different Name Servers found: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke, 4 Name Servers included in Delegation: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke, 4 Name Servers included in 1 Zone definitions: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke, 1 Name Servers listed in SOA.Primary: ns1.safaricombusiness.co.ke.
A	Good: Only one SOA.Primary Name Server found.: ns1.safaricombusiness.co.ke.
A	Good: SOA.Primary Name Server included in the delegation set.: ns1.safaricombusiness.co.ke.
A	Good: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A	Good: Minimal 2 different name servers (public suffix and public ip address) found: 4 different Name Servers found
	Warning: No Name Server IPv6 address found. IPv6 is the future, so your name servers should be visible via IPv6.: 4 different Name Servers found
	Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 4 Name Servers, 1 Top Level Domain: co.ke
	Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: safaricombusiness.co.ke
	Warning: All Name Servers from the same Country / IP location.: 4 Name Servers, 1 Countries: KE
A	Info: Ipv4-Subnet-list: 4 Name Servers, 2 different subnets (first Byte): 197., 41., 2 different subnets (first two Bytes): 197.248., 41.203., 2 different subnets (first three Bytes): 197.248.128., 41.203.208.
A	Good: Name Server IPv4-addresses from different subnet found:
A	Good: Nameserver supports TCP connections: 4 good Nameserver
A	Good: Nameserver supports Echo Capitalization: 4 good Nameserver
X	Nameserver Timeout checking Echo Capitalization: mzizi.kenic.or.ke / 196.13.202.53
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
X	Nameserver Timeout checking EDNS512: mzizi.kenic.or.ke / 196.13.202.53
A	Good: All SOA have the same Serial Number
A	Good: CAA entries found, creating certificate is limited: digicert.com is allowed to create certificates
A	Good: CAA entries found, creating certificate is limited: digicert.com is allowed to create wildcard-certificates
	4. Content- and Performance-critical Checks
A	Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
	https://www.safaricom.co.ke/ 45.223.18.17	200		Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
	https://www.safaricom.co.ke/ 45.223.28.17	200		Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
	https://www.safaricom.co.ke/ 45.223.18.17	200		Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
	https://www.safaricom.co.ke/ 45.223.28.17	200		Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
A	Info: No img element found, no alt attribute checked
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
	https://www.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404	5.297 seconds	Warning: 404 needs more then one second
A	Duration: 2904817 milliseconds, 2904.817 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

safaricom.co.ke

45.223.18.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

www.safaricom.co.ke

45.223.18.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

www.safaricom.co.ke

45.223.18.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

www.safaricom.co.ke

45.223.28.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

www.safaricom.co.ke

45.223.28.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

www.safaricom.co.ke

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

www.safaricom.co.ke

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

45.223.18.17

443

name does not match

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

45.223.18.17

443

name does not match

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=imperva.com
	2	CN=GlobalSign Atlas R3 DV TLS CA 2026 Q1, O=GlobalSign nv-sa, C=BE

45.223.28.17

443

name does not match

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

45.223.28.17

443

name does not match

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=imperva.com
	2	CN=GlobalSign Atlas R3 DV TLS CA 2026 Q1, O=GlobalSign nv-sa, C=BE

safaricom.co.ke

45.223.18.17

2083

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

2083

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

2083

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

2083

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.18.17

2087

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

2087

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

2087

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

2087

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.18.17

2096

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

2096

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

2096

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

2096

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.18.17

2222

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

2222

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

2222

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

2222

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.18.17

8080

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

8080

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

8080

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

8080

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.18.17

8083

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

8083

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

8083

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

8083

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.18.17

8443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

8443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

8443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

8443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.18.17

10000

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.18.17

10000

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

safaricom.co.ke

45.223.28.17

10000

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safaricom.co.ke

45.223.28.17

10000

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

9. Certificates

CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE

06.05.2026

21.11.2026
expires in 188 days

safaricom.co.ke, www.safaricom.co.ke - 2 entries

CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE

06.05.2026

21.11.2026
expires in 188 days

safaricom.co.ke, www.safaricom.co.ke - 2 entries

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0395FF5F98682375F833EF5CB97C1A02
Thumbprint:	654EC0209831AE88F8AFD1CC9107BEBB6EEEFF74
SHA256 / Certificate:	KLE1xHrkm8des+k6xNQ/Ns00SusMO0N5pm9xqRGiBKk=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	773ba77a2265d5253471f5b9509c4dca06db9ac81d5605dcc098218b67bcb4ce
SHA256 hex / Subject Public Key Information (SPKI):	773ba77a2265d5253471f5b9509c4dca06db9ac81d5605dcc098218b67bcb4ce (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE

06.05.2026

21.11.2026
expires in 188 days

safaricom.co.ke, www.safaricom.co.ke - 2 entries

CN=safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE

06.05.2026

21.11.2026
expires in 188 days

safaricom.co.ke, www.safaricom.co.ke - 2 entries

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0395FF5F98682375F833EF5CB97C1A02
Thumbprint:	654EC0209831AE88F8AFD1CC9107BEBB6EEEFF74
SHA256 / Certificate:	KLE1xHrkm8des+k6xNQ/Ns00SusMO0N5pm9xqRGiBKk=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	773ba77a2265d5253471f5b9509c4dca06db9ac81d5605dcc098218b67bcb4ce
SHA256 hex / Subject Public Key Information (SPKI):	773ba77a2265d5253471f5b9509c4dca06db9ac81d5605dcc098218b67bcb4ce (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

30.03.2021

30.03.2031
expires in 1778 days

CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

30.03.2021

30.03.2031
expires in 1778 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0CF5BD062B5602F47AB8502C23CCF066
Thumbprint:	1B511ABEAD59C6CE207077C0BF0E0043B1382612
SHA256 / Certificate:	yAJfn8Zf38lbPKjMeGe5pYe1J3lzlXkXRj/IE9C2Jak=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

30.03.2021

30.03.2031
expires in 1778 days

CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

30.03.2021

30.03.2031
expires in 1778 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0CF5BD062B5602F47AB8502C23CCF066
Thumbprint:	1B511ABEAD59C6CE207077C0BF0E0043B1382612
SHA256 / Certificate:	yAJfn8Zf38lbPKjMeGe5pYe1J3lzlXkXRj/IE9C2Jak=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

29.10.2024

09.11.2031
expires in 2002 days

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

29.10.2024

09.11.2031
expires in 2002 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0E7D75235CA83761577F4CCD24CD6D1D
Thumbprint:	B7402517EEAAC80AB04681186E8247BD7851CD0A
SHA256 / Certificate:	oNYJp+PENOh4qaHBvQZbjc8zqn7+4bEbx1zOXloEIIA=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.cn
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

01.08.2013

15.01.2038
expires in 4261 days

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

01.08.2013

15.01.2038
expires in 4261 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:	DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:	yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):	cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 2003 days

CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 2003 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	02AC5C266A0B409B8F0B79F2AE462577
Thumbprint:	5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
SHA256 / Certificate:	dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=
SHA256 hex / Cert (DANE * 0 1):	7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf
SHA256 hex / PublicKey (DANE * 1 1):	5a889647220e54d6bd8a16817224520bb5c78e58984bd570506388b9de0f075f
SHA256 hex / Subject Public Key Information (SPKI):	5a889647220e54d6bd8a16817224520bb5c78e58984bd570506388b9de0f075f
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=imperva.com

27.02.2026

28.05.2026
expires in 11 days

decrypt-uat.safaricom.co.ke, view360.safaricom.co.ke, employee-uat.safaricom.co.ke, internet.safaricom.co.ke, view360-ws.dxlsandbox.safaricom.co.ke, selfcare.safaricom.co.ke, uzima.safaricom.co.ke, itower.safaricom.co.ke, surepay.m-pesaforbusiness.co.ke, masoko.com, www.safaricomfoundation.org, partner-onboarding-portal.safaricom.co.ke, pretups.safaricom.co.ke, api.fsprod.safaricom.co.ke, newsroom.safaricom.co.ke, mpesaminiapps.safaricom.co.ke, sandbox.groups.safaricom.co.ke, miniapps.masoko.com, sp.surepay.m-pesaforbusiness.co.ke, mtahiniwa.safaricom.co.ke, ctf.safaricom.co.ke, safaricomwifi.safaricom.co.ke, api.merchant.fsdev.safaricom.co.ke, dspftp-uat.safaricom.co.ke, eflow-nps.safaricom.co.ke, mysacco.safaricom.co.ke, fmg01.ngao.safaricom.co.ke, sdwan.safaricombusiness.co.ke, www.guru.safaricom.co.ke, franchisesimswap-uat.safaricom.co.ke, myaccount.safaricom.co.ke, sui.safaricom.co.ke, games.safaricom.com, minio.safaricom.co.ke, admin.county.safaricom.co.ke, www.eflow.safaricom.co.ke, www.masoko.com, appsandbox.safaricom.co.ke, talenthub.safaricom.co.ke, pay.m-pesaforbusiness.co.ke, api.assetinfinitypoc.safaricom.co.ke, apistg.safaricom.co.ke, media.safaricom.com, dcbatf2.safaricom.co.ke, uat-neo-internet.safaricom.co.ke, fixedacsprod.safaricom.co.ke, graphql.nyotabeneficiary.safaricom.co.ke, webchat.safaricom.co.ke, mpesatraining.safaricom.co.ke, sbsi.safaricom.co.ke, uat-selfservice.business.safaricom.co.ke, sandbox.safaricom.co.ke, imperva.com, lbdsp-uat.safaricom.co.ke, uat-miniapps.masoko.com, dcbatf1.safaricom.com, nyotabeneficiary.safaricom.co.ke, county.safaricom.co.ke, sslcertificates.safaricom.co.ke, eflow.safaricom.co.ke, dealerportal.safaricom.co.ke, roaming.safaricom.co.ke, decode.safaricom.co.ke, aftersales.safaricom.co.ke, *.migration.fsprod.safaricom.co.ke, api.cardpayments-uat.safaricom.co.ke, www.uat.shop.masoko.com, ci.devsecops.safaricom.co.ke, zuri-ws.dxlapi.safaricom.co.ke, franchisesimswap.safaricom.co.ke, smartinventory.safaricom.co.ke, digitalservices.safaricom.com, qlikinsights.safaricom.co.ke, servicessp-uat.safaricom.co.ke, vms.safaricombusiness.co.ke, cellbase.safaricom.co.ke, daraja.safaricom.co.ke, shub.safaricom.co.ke, adxssp-uat.safaricom.co.ke, zuri-ws.dxlsandbox.safaricom.co.ke, sbom.devsecops.safaricom.co.ke, authdxl.safaricom.co.ke, appstg.safaricom.co.ke, guru.safaricom.co.ke, brandcontenthub.safaricom.co.ke, lbssp-uat.safaricom.co.ke, admin.digifarmkenya.com, buyer.digifarmkenya.com, www.ctf.safaricom.co.ke, ftth.safaricom.co.ke, assets.os.masoko.com, uat-partnerhub.safaricom.co.ke, www.someshafund.safaricom.co.ke, ibill.safaricom.co.ke, secure.api.safaricom.co.ke, www.guru-uat.safaricom.co.ke, api.county.safaricom.co.ke, jenkins.safaricom.co.ke, guru-uat.safaricom.co.ke, admin.business.safaricom.co.ke, iamsoss.safaricom.co.ke, vybcall.safaricom.com, secure.apistg.safaricom.co.ke, org.training.safaricom.co.ke, bulkemails.safaricom.co.ke, east.safaricomcloud.com, industrydigitaltalentprogram.safaricom.co.ke, api.mysacco.safaricom.co.ke, partnerhub.safaricom.co.ke, west.safaricomcloud.com, www.iotsimmanagement.safaricombusiness.co.ke, git-uat.safaricom.co.ke, secure.api.cardpayments.safaricom.co.ke, developer.safaricom.co.ke, api.ic-dxlsandbox.safaricom.co.ke, fintechoneapp.safaricom.co.ke, beta.accounts.safaricom.co.ke, luckydrawpromo.skiza.safaricom.com, sakahub.safaricom.co.ke, fafanuka.safaricom.co.ke, gitlab.safaricom.co.ke, dealermvp.safaricom.co.ke, webmail.safaricom.co.ke, faz01.ngao.safaricom.co.ke, cp.safaricom.com, www.m-pesaforbusiness.co.ke, uat-iotsimmanagement.safaricom.co.ke, www.business.safaricom.co.ke, uat-business.safaricom.co.ke, cms.county.safaricom.co.ke, dcbatf3.safaricom.co.ke, m-pesaforbusiness.co.ke, safaricomfoundation.org, www.citizenofthefuture.org, westvca.safaricomcloud.com, business.safaricom.co.ke - 136 entries

CN=imperva.com

27.02.2026

28.05.2026
expires in 11 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	01D0D37C97829B648F2FD89A11934AD2
Thumbprint:	0A43271FD28E52D1232228474CF12DD8C68888C6
SHA256 / Certificate:	bkow6UrTfI/U0KRzNpBGfe8Q43oFoNYRLc3FsTO8uUA=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	fb08dd846d5072bdf5e41fc7c05b1ac948542da60b7e2d049a9bade98c4383a4
SHA256 hex / Subject Public Key Information (SPKI):	fb08dd846d5072bdf5e41fc7c05b1ac948542da60b7e2d049a9bade98c4383a4 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.globalsign.com/ca/gsatlasr3dvtlsca2026q1
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=GlobalSign Atlas R3 DV TLS CA 2026 Q1, O=GlobalSign nv-sa, C=BE

15.10.2025

15.10.2027
expires in 516 days

CN=GlobalSign Atlas R3 DV TLS CA 2026 Q1, O=GlobalSign nv-sa, C=BE

15.10.2025

15.10.2027
expires in 516 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	008471F40B67F0DE163DD163A95FA7DAC3
Thumbprint:	ACE14D5C32D28F98EA3C412E97BB10FD8F5E26D2
SHA256 / Certificate:	Gm4eMQcyh0c5bHS3AZPVxO9y91ob5XBqUomSm/2xY/I=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	db829791e37339019108819cad86c179410f87155a201d05109231bf62cb7483
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp2.globalsign.com/rootr3
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

18.03.2009

18.03.2029
expires in 1036 days

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

18.03.2009

18.03.2029
expires in 1036 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	04000000000121585308A2
Thumbprint:	D69B561148F01C77C54578C10926DF5B856976AD
SHA256 / Certificate:	y7Ui17fxJ61qAROGW98c1BAufQdZr2NafPRyDcljxTs=
SHA256 hex / Cert (DANE * 0 1):	cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA256 hex / PublicKey (DANE * 1 1):	706bb1017c855c59169bad5c1781cf597f12d2cad2f63d1a4aa37493800ffb80
SHA256 hex / Subject Public Key Information (SPKI):	706bb1017c855c59169bad5c1781cf597f12d2cad2f63d1a4aa37493800ffb80
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer				last 7 days	active	num Certs
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE				0	0	5
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE				0	0	4
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	0	4
CN=GlobalSign Atlas R3 DV TLS CA 2022 Q3, O=GlobalSign nv-sa, C=BE				0	0	2
CN=GlobalSign Atlas R3 DV TLS CA 2022 Q4, O=GlobalSign nv-sa, C=BE				0	0	1
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1, O=GlobalSign nv-sa, C=BE				0	0	1
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	0	1

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
9467410055 leaf cert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2025-02-10 00:00:00	2026-02-09 23:59:59	safaricom.co.ke, www.safaricom.co.ke - 2 entries
6795590583 precert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2024-02-21 00:00:00	2025-02-20 23:59:59	safaricom.co.ke, www.safaricom.co.ke - 2 entries
6372671375 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-15 13:31:38	2024-06-12 13:31:38	*.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 9 entries
6354631914 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-12 13:59:01	2023-12-13 13:59:01	imperva.com, safaricom.co.ke - 2 entries
6277084697 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-29 13:28:00	2023-11-30 13:27:59	imperva.com, safaricom.co.ke - 2 entries
6234115638 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-22 13:27:00	2023-11-23 13:27:00	imperva.com, safaricom.co.ke - 2 entries
5826146209 precert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2023-09-09 00:00:00	2024-09-10 23:59:59	safaricom.co.ke, www.safaricom.co.ke - 2 entries
5414861170 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-21 13:14:59	2023-12-18 13:14:59	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
5414856402 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-21 13:13:56	2023-12-18 13:13:56	*.safaricom.co.ke, imperva.com, mjc.safaricom.co.ke, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 6 entries
5381252194 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-14 12:38:27	2023-06-15 12:38:27	imperva.com, safaricom.co.ke - 2 entries
5279562906 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-05-24 12:38:02	2023-05-25 12:38:02	imperva.com, safaricom.co.ke - 2 entries
5079462200 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-04-12 12:35:36	2023-04-13 12:35:26	imperva.com, safaricom.co.ke - 2 entries
4985866687 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1, O=GlobalSign nv-sa, C=BE	2023-03-23 12:35:03	2023-09-19 12:35:03	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
4959923832 precert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2023-03-17 00:00:00	2024-03-19 23:59:59	safaricom.co.ke, www.safaricom.co.ke - 2 entries
4582279050 precert	CN=GlobalSign Atlas R3 DV TLS CA 2022 Q4, O=GlobalSign nv-sa, C=BE	2022-12-22 11:36:42	2023-06-20 11:36:42	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
4208249099 precert	CN=GlobalSign Atlas R3 DV TLS CA 2022 Q3, O=GlobalSign nv-sa, C=BE	2022-09-22 10:41:22	2023-03-21 10:41:22	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
4208249092 precert	CN=GlobalSign Atlas R3 DV TLS CA 2022 Q3, O=GlobalSign nv-sa, C=BE	2022-09-22 10:41:20	2023-03-21 10:41:20	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
3820278444 leaf cert	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2022-06-08 00:00:00	2023-06-08 23:59:59	safaricom.co.ke, www.safaricom.co.ke - 2 entries

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuer				last 7 days	active	num Certs
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE				0	0	12
CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE				0	0	12
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE				0	0	5
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	0	3
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE				0	0	2
CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE				0	0	2
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1, O=GlobalSign nv-sa, C=BE				0	0	1

CRT-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
12906766922 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE	2024-04-30 12:11:51	2024-05-01 12:11:51	imperva.com, safaricom.co.ke 2 entries
12668749442 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE	2024-04-09 12:09:34	2024-04-10 12:09:34	imperva.com, safaricom.co.ke 2 entries
12591407507 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-04-02 12:08:50	2024-04-03 12:08:50	imperva.com, safaricom.co.ke 2 entries
12436131385 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-03-19 13:08:11	2024-03-20 13:08:11	imperva.com, safaricom.co.ke 2 entries
12358003579 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-03-12 13:07:17	2024-03-13 13:07:17	imperva.com, safaricom.co.ke 2 entries
12282964922 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-03-05 13:06:25	2024-03-06 13:06:25	imperva.com, safaricom.co.ke 2 entries
12208775198 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-02-27 13:05:48	2024-02-28 13:05:48	imperva.com, safaricom.co.ke 2 entries
12356877865 leaf cert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2024-02-20 23:00:00	2025-02-20 22:59:59	safaricom.co.ke, www.safaricom.co.ke 2 entries
12137028467 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-02-20 13:05:27	2024-02-21 13:05:27	imperva.com, safaricom.co.ke 2 entries
12065329324 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-02-13 13:04:29	2024-02-14 13:04:29	imperva.com, safaricom.co.ke 2 entries
11996009446 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-02-06 13:03:32	2024-02-07 13:03:32	imperva.com, safaricom.co.ke 2 entries
11917850432 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-01-30 13:02:56	2024-01-31 13:02:56	imperva.com, safaricom.co.ke 2 entries
11842955003 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-01-23 13:02:08	2024-01-24 13:02:08	imperva.com, safaricom.co.ke 2 entries
11765698390 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-01-16 13:01:59	2024-01-17 13:01:59	imperva.com, safaricom.co.ke 2 entries
11689931280 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-01-09 13:00:59	2024-01-10 13:00:59	imperva.com, safaricom.co.ke 2 entries
11585329097 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2024-01-02 13:00:47	2024-01-03 13:00:37	imperva.com, safaricom.co.ke 2 entries
11450401689 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-27 12:30:05	2023-12-28 12:30:05	imperva.com, safaricom.co.ke 2 entries
11447509030 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-26 13:00:03	2023-12-27 13:00:03	imperva.com, safaricom.co.ke 2 entries
11427928750 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-20 12:30:03	2023-12-21 12:30:03	imperva.com, safaricom.co.ke 2 entries
11424943641 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-19 12:59:04	2023-12-20 12:59:04	imperva.com, safaricom.co.ke 2 entries
11416579096 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-15 12:31:38	2024-06-12 11:31:38	*.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke 9 entries
10893141171 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-25 11:24:05	2023-10-26 11:24:05	imperva.com, safaricom.co.ke 2 entries
10882880205 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-24 11:54:05	2023-10-25 11:54:05	imperva.com, safaricom.co.ke 2 entries
10822298589 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-18 11:23:40	2023-10-19 11:23:40	imperva.com, safaricom.co.ke 2 entries
10812361170 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-17 11:53:40	2023-10-18 11:53:40	imperva.com, safaricom.co.ke 2 entries
10754278889 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-11 11:22:45	2023-10-12 11:22:45	imperva.com, safaricom.co.ke 2 entries
10753627084 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-10 11:52:42	2023-10-11 11:52:42	imperva.com, safaricom.co.ke 2 entries
10748126762 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-10-04 11:22:09	2023-10-05 11:22:09	imperva.com, safaricom.co.ke 2 entries
10747289583 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-10-03 11:52:07	2023-10-04 11:52:07	imperva.com, safaricom.co.ke 2 entries
10704014602 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-09-27 11:22:06	2023-09-28 11:22:06	imperva.com, safaricom.co.ke 2 entries
10696224372 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-09-26 11:51:07	2023-09-27 11:51:07	imperva.com, safaricom.co.ke 2 entries
10635050373 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-09-20 11:21:24	2023-09-21 11:21:24	imperva.com, safaricom.co.ke 2 entries
10339098229 precert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2023-09-08 22:00:00	2024-09-10 21:59:59	safaricom.co.ke, www.safaricom.co.ke 2 entries
10800889669 leaf cert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-21 11:14:59	2023-12-18 12:14:59	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke 10 entries
9709544566 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-21 11:13:56	2023-12-18 12:13:56	*.safaricom.co.ke, imperva.com, mjc.safaricom.co.ke, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke 6 entries
8969341088 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1, O=GlobalSign nv-sa, C=BE	2023-03-23 11:35:03	2023-09-19 10:35:03	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke 10 entries
9154420240 leaf cert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2023-03-16 23:00:00	2024-03-19 22:59:59	safaricom.co.ke, www.safaricom.co.ke 2 entries

11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404

12. Html-Parsing via https://validator.w3.org/nu/

	Type	Message	num found
Url used (first standard-https-result with http status 200): https://www.safaricom.co.ke/

Summary
	Good: No non-document-errors
	68 errors
	37 warnings
1.	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.	27
2.	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.	12
3.	error	Element `figcaption` not allowed as child of element `div` in this context. (Suppressing further errors from this subtree.)	4
4.	error	A `charset` attribute on a `meta` element found after the first 1024 bytes.	2
5.	error	Unclosed element `div`.	2
6.	error	A document must not include more than one `meta` element with a `charset` attribute.	1
7.	error	Element `title` not allowed as child of element `head` in this context. (Suppressing further errors from this subtree.)	1
8.	error	Element `style` not allowed as child of element `div` in this context. (Suppressing further errors from this subtree.)	1
9.	error	CSS: `background-blend-mode`: `plus-darker` is not a `background-blend-mode` value.	1
10.	error	Attribute `caption` not allowed on element `img` at this point.	1
11.	error	The element `a` with the attribute `href` must not appear as a descendant of the `button` element.	1
12.	error	No `p` element in scope but a `p` end tag seen.	1
13.	error	End tag `section` seen, but there were open elements.	1
14.	error	End tag for `body` seen, but there were unclosed elements.	1
15.	error	Stray start tag `section`.	1
16.	error	Attribute `target` not allowed on element `img` at this point.	1
17.	error	Attribute `help` not allowed on element `a` at this point.	1
18.	error	Element `div` not allowed as child of element `ul` in this context. (Suppressing further errors from this subtree.)	1
19.	error	Duplicate ID `menu-primary-menu`.	1
20.	error	End tag `br`.	1
21.	error	Attribute `value` not allowed on element `textarea` at this point.	1
22.	error	Duplicate ID `helpfull`.	1
23.	error	Duplicate ID `rapid_contact`.	1
24.	error	Duplicate attribute `id`.	1
25.	error	The value of the `for` attribute of the `label` element must be the ID of a non-hidden form control.	1
26.	error	Duplicate ID `search-overlay`.	1
27.	warning	The `type` attribute is unnecessary for JavaScript resources.	13
28.	warning	Empty heading.	8
29.	warning	The document is not mappable to XML 1.0 due to two consecutive hyphens in a comment.	6
30.	warning	Consider using the `h1` element as a top-level heading only — or else use the `headingoffset` attribute (otherwise, all `h1` elements are treated as top-level headings by many screen readers and other tools).	4
31.	warning	Consider avoiding viewport values that prevent users from resizing documents.	1
32.	warning	The first occurrence of ID `search-overlay` was here.	1
33.	warning	The `button` role is unnecessary for element `button`.	1
34.	warning	The first occurrence of ID `menu-primary-menu` was here.	1
35.	warning	The first occurrence of ID `helpfull` was here.	1
36.	warning	The first occurrence of ID `rapid_contact` was here.	1
Details
	Type	Message + Sample
1	error	A `charset` attribute on a `meta` element found after the first 1024 bytes.
		From line 53, column 25 to line 53, column 25
		charset="utf-8"> <meta ht
2	error	A document must not include more than one `meta` element with a `charset` attribute.
		From line 101, column 5 to line 101, column 26
		ipt> <meta charset="utf-8"> <met
3	error	A `charset` attribute on a `meta` element found after the first 1024 bytes.
		From line 101, column 25 to line 101, column 25
		charset="utf-8"> <meta name=
4	error	Element `title` not allowed as child of element `head` in this context. (Suppressing further errors from this subtree.)
		From line 105, column 2 to line 105, column 8
		</title> <title>Safari
5	error	Unclosed element `div`.
		From line 328, column 1 to line 328, column 25
		<body> <div class="mainwrapper"> <
6	error	Element `figcaption` not allowed as child of element `div` in this context. (Suppressing further errors from this subtree.)
		From line 453, column 37 to line 453, column 78
		<figcaption class="item__caption-content">
7	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 458, column 73 to line 458, column 76
		<h4></h4>
8	error	Element `figcaption` not allowed as child of element `div` in this context. (Suppressing further errors from this subtree.)
		From line 490, column 37 to line 490, column 78
		<figcaption class="item__caption-content">
9	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 495, column 73 to line 495, column 76
		<h4></h4>
10	error	Element `figcaption` not allowed as child of element `div` in this context. (Suppressing further errors from this subtree.)
		From line 527, column 37 to line 527, column 78
		<figcaption class="item__caption-content">
11	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 532, column 73 to line 532, column 76
		<h4></h4>
12	error	Element `figcaption` not allowed as child of element `div` in this context. (Suppressing further errors from this subtree.)
		From line 564, column 37 to line 564, column 78
		<figcaption class="item__caption-content">
13	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 569, column 73 to line 569, column 76
		<h4></h4>
14	error	Element `style` not allowed as child of element `div` in this context. (Suppressing further errors from this subtree.)
		From line 597, column 1 to line 597, column 7
		der --> <style> /
15	error	CSS: `background-blend-mode`: `plus-darker` is not a `background-blend-mode` value.
		From line 830, column 53 to line 830, column 58
		s-darker, normal;
16	error	Attribute `caption` not allowed on element `img` at this point.
		From line 1541, column 34 to line 1541, column 225
		ls-large"><img class="card-img-top lazy" alt="safaricom app" data-src="images/bu/WhatNew_ChapaDimba-WhatNew.jpg" src="/images/bu/WhatNew_ChapaDimba-WhatNew.jpg" caption="false" width="508" height="250"> <div
17	error	The element `a` with the attribute `href` must not appear as a descendant of the `button` element.
		From line 1547, column 96 to line 1547, column 196
		re white"><a href="https://chapadimba.safaricom.co.ke/registration/" target="_blank" rel="noopener noreferrer">Regist
18	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1550, column 34 to line 1550, column 123
		ls-small"><img class="card-img-top lazy" alt="Card image cap" data-src="/images/e-sim-card-new.png"> <div
19	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 1553, column 1 to line 1553, column 4
		riff</h2> <h4>Get 50
20	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1587, column 25 to line 1587, column 91
		ider-box"><img class="lazy" alt="" data-src="images/logos/DataAndVoice1.png"><br> <
21	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1599, column 25 to line 1599, column 98
		ider-box"><img class="lazy" alt="" data-src="/images/logos/PromotionsAndOffers.png"><br> <
22	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1632, column 25 to line 1632, column 93
		ider-box"><img class="lazy" alt="" data-src="images/MicrosoftTeams-image1.png"><br> <
23	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1646, column 25 to line 1646, column 85
		ider-box"><img class="lazy" alt="" data-src="images/bu/VALUE-ADDd.jpg"><br> <
24	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1675, column 25 to line 1675, column 95
		ider-box"><img class="lazy" alt="" data-src="images/bu/INTERNET-FOR-BUSINES.jpg"><br> <
25	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1687, column 25 to line 1687, column 80
		ider-box"><img class="lazy" alt="" data-src="images/bu/VOICE.jpg"><br> <
26	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1699, column 25 to line 1699, column 93
		ider-box"><img class="lazy" alt="" data-src="images/bu/MPESA-FOR-BUSINES.webp"><br> <
27	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1730, column 25 to line 1730, column 113
		ider-box"><img class="card-img-top lazy" alt="Card image cap" data-src="images/fulizahomepage.jpg"> <div
28	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 1733, column 1 to line 1733, column 4
		liza</h2> <h4>Comple
29	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1737, column 25 to line 1737, column 118
		ider-box"><img class="card-img-top lazy" alt="Card image cap" data-src="images/logos/PochLaiashara.png"> <div
30	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 1740, column 1 to line 1740, column 4
		hara</h2> <h4>Receiv
31	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1744, column 25 to line 1744, column 89
		ider-box"><img class="lazy" alt="" data-src="images/logos/LipNaM-PESA.png"> <div
32	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 1747, column 1 to line 1747, column 4
		PESA</h2> <h4>You ca
33	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1769, column 13 to line 1769, column 113
		<img class="card-img-top lazy" data-src="images/banners/Home_Fibre2.jpg" alt="Internet For Business">
34	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 1772, column 15 to line 1772, column 18
		<h4>Connec
35	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1783, column 13 to line 1783, column 180
		<img class="card-img-top lazy" data-src="images/logos/Cloudolutions.png#joomlaImage://local-images/logos/Cloudolutions.png?width=1280&height=896" alt="Cloud Solutions">
36	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 1786, column 15 to line 1786, column 18
		<h4>Put yo
37	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1797, column 13 to line 1797, column 174
		<img class="card-img-top lazy" data-src="images/logos/Businessill.png#joomlaImage://local-images/logos/Businessill.png?width=1280&height=896" alt="Business Till">
38	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 1800, column 15 to line 1800, column 18
		<h4>Collec
39	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1811, column 13 to line 1811, column 208
		<img class="card-img-top lazy" data-src="images/logos/ShirikiPlanForBusiness.png#joomlaImage://local-images/logos/ShirikiPlanForBusiness.png?width=1280&height=896" alt="Shiriki Plan for Business">
40	error	The heading `h4` (with computed level 4) follows the heading `h2` (with computed level 2), skipping 1 heading level.
		From line 1814, column 15 to line 1814, column 18
		<h4>Get af
41	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1838, column 25 to line 1838, column 115
		ider-box"><img class="card-img-top lazy" alt="Card image cap" data-src="images/logos/WhoWeAreim.jpg"> <div
42	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1850, column 25 to line 1850, column 114
		ider-box"><img class="card-img-top lazy" alt="Card image cap" data-src="images/logos/OurImpact.png"> <div
43	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1862, column 25 to line 1862, column 113
		ider-box"><img class="card-img-top lazy" alt="Card image cap" data-src="images/logos/OurBrand.png"> <div
44	error	Unclosed element `div`.
		From line 1881, column 3 to line 1881, column 25
		p-60"> <div class="container"> <
45	error	No `p` element in scope but a `p` end tag seen.
		From line 1884, column 71 to line 1884, column 74
		nities</p></p> <
46	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1889, column 44 to line 1889, column 214
		der-box"> <img class="card-img-top lazy" data-src="images/logos/NewCustomer-min.png#joomlaImage://local-images/logos/NewCustomer-min.png?width=1280&height=896" alt="Card image cap">
47	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1897, column 44 to line 1897, column 210
		der-box"> <img class="card-img-top lazy" data-src="images/logos/Suppliers-min.png#joomlaImage://local-images/logos/Suppliers-min.png?width=1280&height=896" alt="Card image cap">
48	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 1905, column 44 to line 1905, column 206
		der-box"> <img class="card-img-top lazy" data-src="images/logos/Careers-min.png#joomlaImage://local-images/logos/Careers-min.png?width=1280&height=896" alt="Card image cap">
49	error	End tag `section` seen, but there were open elements.
		From line 1915, column 1 to line 1915, column 10
		</div> </section>
50	error	End tag for `body` seen, but there were unclosed elements.
		From line 3329, column 1 to line 3329, column 7
		</script> </body> <sec
51	error	Stray start tag `section`.
		From line 3331, column 1 to line 3331, column 46
		</body> <section class="fibre business bg-white p-30"> <di
52	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 3343, column 13 to line 3343, column 168
		<img class="card-img-top lazy" data-src="images/logos/Reports-min.png#joomlaImage://local-images/logos/Reports-min.png?width=1280&height=896" alt="Reports">
53	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 3356, column 13 to line 3356, column 165
		<img class="card-img-top lazy" data-src="images/logos/Stocks-min.png#joomlaImage://local-images/logos/Stocks-min.png?width=1280&height=896" alt="Stocks">
54	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 3369, column 13 to line 3369, column 210
		<img class="card-img-top lazy" data-src="images/logos/AnnualGeneralMeeting-min.png#joomlaImage://local-images/logos/AnnualGeneralMeeting-min.png?width=1280&height=896" alt="Annual General Meetings">
55	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 3396, column 13 to line 3396, column 181
		<img class="card-img-top lazy" data-src="images/logos/M-PESAFraud-min.png#joomlaImage://local-images/logos/M-PESAFraud-min.png?width=1280&height=896" alt="M-PESA Fraud">
56	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 3409, column 13 to line 3409, column 186
		<img class="card-img-top lazy" data-src="images/logos/Impersonation-min.png#joomlaImage://local-images/logos/Impersonation-min.png?width=1280&height=896" alt="Impersonation">
57	error	Element `img` is missing one or more of the following attributes: `src`, `srcset`.
		From line 3422, column 13 to line 3422, column 110
		<img class="card-img-top lazy" data-src="images/fakesocials.jpg" alt="Fake Social Media Accounts">
58	error	Attribute `target` not allowed on element `img` at this point.
		From line 3531, column 53 to line 3531, column 121
		tact-us"> <img src="/images/icons/contact.png" alt="safaricom" target="_blank"> Conta
59	error	Attribute `help` not allowed on element `a` at this point.
		From line 3537, column 20 to line 3537, column 123
		="social"><a help="helptwitter" href="https://twitter.com/SafaricomPLC" target="_blank" rel="noopener noreferrer"> <img
60	error	Element `div` not allowed as child of element `ul` in this context. (Suppressing further errors from this subtree.)
		From line 3813, column 1 to line 3813, column 28
		<div class="offset-sidebar"> <
61	error	Duplicate ID `menu-primary-menu`.
		From line 3814, column 5 to line 3814, column 85
		bar"> <ul id="menu-primary-menu" class="nav-menu " data-in="fadeIn" data-out="fadeOut">
62	error	End tag `br`.
		From line 3851, column 101 to line 3851, column 105
		ce below. </br>1 star
63	error	Attribute `value` not allowed on element `textarea` at this point.
		From line 3933, column 33 to line 3934, column 91
		<textarea id="comment" name="comment" value="comment" placeholder="Please tell us more (Max 300 characters)"></text
64	error	Duplicate ID `helpfull`.
		From line 4108, column 1 to line 4108, column 121
		> </div> <div class="modal fade helpfull" id="helpfull" tabindex="-1" role="dialog" aria-labelledby="helpfull" aria-hidden="true"> <
65	error	Duplicate ID `rapid_contact`.
		From line 4117, column 65 to line 4117, column 139
		contact "><form id="rapid_contact" id="rp_46008" method="post" class="contact_form"> <div
66	error	Duplicate attribute `id`.
		From line 4117, column 93 to line 4117, column 93
		id_contact" id="rp_46008" met
67	error	The value of the `for` attribute of the `label` element must be the ID of a non-hidden form control.
		From line 4119, column 66 to line 4119, column 95
		rp_46008"><label for="rp_46008_subject">How ca
68	error	Duplicate ID `search-overlay`.
		From line 4127, column 1 to line 4127, column 49
		h Area--> <div class="search-overlay " id="search-overlay"> <
69	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 8, column 5 to line 8, column 390
		s --> <script type="text/javascript" src="/ruxitagentjs_ICA7NVfgqrux_10335260306043831.js" data-dtconfig="rid=RID_2418\|rpid=-15895327\|domain=safaricom.co.ke\|reportUrl=/rb_bf62926nek\|app=3fab408bed188a6d\|cuc=ogp2awtf\|owasp=1\|mel=100000\|featureHash=ICA7NVfgqrux\|dpvc=1\|lastModification=1778100127255\|tp=500,50,0\|rdnt=1\|uxrgce=1\|srbbv=2\|agentUri=/ruxitagentjs_ICA7NVfgqrux_10335260306043831.js"></scri
70	warning	Consider avoiding viewport values that prevent users from resizing documents.
		From line 55, column 5 to line 55, column 111
		dge"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0,user-scalable=0" />
71	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 78, column 5 to line 78, column 35
		<script type="text/javascript">
72	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 85, column 5 to line 85, column 122
		e --> <script async defer type="text/javascript" src="https://live.mystocks.co.ke/ajax/ir/jst/SCOM" referrerpolicy='origin'></scri
73	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 86, column 5 to line 86, column 121
		ript> <script async defer type="text/javascript" src="https://live.mystocks.co.ke/ajax/ir/js/SCOM" referrerpolicy='origin'></scri
74	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 232, column 5 to line 232, column 35
		pt> <script type="text/javascript"> (
75	warning	The document is not mappable to XML 1.0 due to two consecutive hyphens in a comment.
		From line 395, column 131 to line 395, column 131
		menu megamenu--mega sub-menu">
76	warning	The document is not mappable to XML 1.0 due to two consecutive hyphens in a comment.
		From line 395, column 2006 to line 395, column 2006
		menu megamenu--mega sub-menu">
77	warning	The document is not mappable to XML 1.0 due to two consecutive hyphens in a comment.
		From line 395, column 4411 to line 395, column 4411
		menu megamenu--mega sub-menu">
78	warning	The document is not mappable to XML 1.0 due to two consecutive hyphens in a comment.
		From line 395, column 6098 to line 395, column 6098
		menu megamenu--mega sub-menu">
79	warning	The document is not mappable to XML 1.0 due to two consecutive hyphens in a comment.
		From line 395, column 8498 to line 395, column 8498
		menu megamenu--mega sub-menu">
80	warning	The first occurrence of ID `search-overlay` was here.
		From line 413, column 1 to line 413, column 45
		-active"> <div class="search-icon" id="search-overlay"> <a hr
81	warning	Consider using the `h1` element as a top-level heading only — or else use the `headingoffset` attribute (otherwise, all `h1` elements are treated as top-level headings by many screen readers and other tools).
		From line 456, column 45 to line 456, column 48
		<h1></h1>
82	warning	Empty heading.
		From line 456, column 45 to line 456, column 48
		<h1></h1>
83	warning	Empty heading.
		From line 458, column 73 to line 458, column 76
		<h4></h4>
84	warning	Empty heading.
		From line 493, column 45 to line 493, column 48
		<h1></h1>
85	warning	Consider using the `h1` element as a top-level heading only — or else use the `headingoffset` attribute (otherwise, all `h1` elements are treated as top-level headings by many screen readers and other tools).
		From line 493, column 45 to line 493, column 48
		<h1></h1>
86	warning	Empty heading.
		From line 495, column 73 to line 495, column 76
		<h4></h4>
87	warning	Empty heading.
		From line 530, column 45 to line 530, column 48
		<h1></h1>
88	warning	Consider using the `h1` element as a top-level heading only — or else use the `headingoffset` attribute (otherwise, all `h1` elements are treated as top-level headings by many screen readers and other tools).
		From line 530, column 45 to line 530, column 48
		<h1></h1>
89	warning	Empty heading.
		From line 532, column 73 to line 532, column 76
		<h4></h4>
90	warning	Empty heading.
		From line 567, column 45 to line 567, column 48
		<h1></h1>
91	warning	Consider using the `h1` element as a top-level heading only — or else use the `headingoffset` attribute (otherwise, all `h1` elements are treated as top-level headings by many screen readers and other tools).
		From line 567, column 45 to line 567, column 48
		<h1></h1>
92	warning	Empty heading.
		From line 569, column 73 to line 569, column 76
		<h4></h4>
93	warning	The `button` role is unnecessary for element `button`.
		From line 1920, column 1 to line 1921, column 34
		<button class="acc_widget_trigger" aria-label="Click To View Accessibility Menu" role="button" id="accessibilityModalTrigger"> <s
94	warning	The document is not mappable to XML 1.0 due to two consecutive hyphens in a comment.
		From line 3794, column 58 to line 3794, column 58
		llsite_header--text"><i class=
95	warning	The first occurrence of ID `menu-primary-menu` was here.
		From line 3810, column 13 to line 3810, column 93
		<ul id="menu-primary-menu" class="nav-menu " data-in="fadeIn" data-out="fadeOut">
96	warning	The first occurrence of ID `helpfull` was here.
		From line 3837, column 5 to line 3838, column 27
		ack"> <div class="modal fade" id="helpfull" tabindex="-1" role="dialog" aria-labelledby="feedbackmodal" aria-hidden="true">
97	warning	The first occurrence of ID `rapid_contact` was here.
		From line 3847, column 17 to line 3847, column 76
		<form id="rapid_contact" method="post" class="contact_form">
98	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 4194, column 1 to line 4194, column 110
		Area--> <script src="https://www.safaricom.co.ke//templates/protostar/js/jquery.js?v=12345889" type="text/Javascript"></scri
99	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 4219, column 1 to line 4219, column 31
		cript --> <script type="text/javascript"> (
100	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 4242, column 1 to line 4242, column 105
		</script> <script src="https://www.safaricom.co.ke//templates/protostar/js/main.js?v=20021" type="text/Javascript"></scri
101	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 4243, column 1 to line 4243, column 113
		</script> <script src="https://www.safaricom.co.ke//templates/protostar/js/jquery-ui-1.12.1.min.js" type="text/Javascript"></scri
102	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 4244, column 1 to line 4244, column 110
		</script> <script src="https://www.safaricom.co.ke//templates/protostar/js/speechRecognition.js" type="text/Javascript"></scri
103	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 4355, column 1 to line 4355, column 31
		</script> <script type="text/javascript"> f
104	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 4469, column 1 to line 4469, column 31
		/script> <script type="text/javascript"> j
105	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 4597, column 1 to line 4597, column 125
		script> <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1501412336" async></scri

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke

QNr.	Domain	Type	NS used
1	ke	NS	j.root-servers.net (2001:503:c27::2:30)
	Answer: kenic.anycastdns.cz, mzizi.kenic.or.ke, ns-ke.afrinic.net, ns.anycast.kenic.or.ke
2	ns1.safaricombusiness.co.ke	NS	mzizi.kenic.or.ke (2001:43f8:10:0:50c0:a8ff:feee:30)
	Answer: dns1.safaricombusiness.co.ke, dns2.safaricombusiness.co.ke
	Answer: dns1.safaricombusiness.co.ke 41.203.208.19
	Answer: dns2.safaricombusiness.co.ke 41.203.208.18
3	ns2.safaricombusiness.co.ke	NS	mzizi.kenic.or.ke (2001:43f8:10:0:50c0:a8ff:feee:30)
	Answer: dns1.safaricombusiness.co.ke, dns2.safaricombusiness.co.ke
	Answer: dns1.safaricombusiness.co.ke 41.203.208.19
	Answer: dns2.safaricombusiness.co.ke 41.203.208.18
4	ns3.safaricombusiness.co.ke	NS	mzizi.kenic.or.ke (2001:43f8:10:0:50c0:a8ff:feee:30)
	Answer: dns1.safaricombusiness.co.ke, dns2.safaricombusiness.co.ke
	Answer: dns1.safaricombusiness.co.ke 41.203.208.19
	Answer: dns2.safaricombusiness.co.ke 41.203.208.18
5	ns4.safaricombusiness.co.ke	NS	mzizi.kenic.or.ke (2001:43f8:10:0:50c0:a8ff:feee:30)
	Answer: dns1.safaricombusiness.co.ke, dns2.safaricombusiness.co.ke
	Answer: dns1.safaricombusiness.co.ke 41.203.208.19
	Answer: dns2.safaricombusiness.co.ke 41.203.208.18
6	ns1.safaricombusiness.co.ke: 41.203.208.129	A	dns1.safaricombusiness.co.ke (41.203.208.19)
7	ns1.safaricombusiness.co.ke: No AAAA record found	AAAA	dns1.safaricombusiness.co.ke (41.203.208.19)
8	ns2.safaricombusiness.co.ke: 197.248.128.1	A	dns1.safaricombusiness.co.ke (41.203.208.19)
9	ns2.safaricombusiness.co.ke: No AAAA record found	AAAA	dns1.safaricombusiness.co.ke (41.203.208.19)
10	ns3.safaricombusiness.co.ke: 197.248.128.2	A	dns1.safaricombusiness.co.ke (41.203.208.19)
11	ns3.safaricombusiness.co.ke: No AAAA record found	AAAA	dns1.safaricombusiness.co.ke (41.203.208.19)
12	ns4.safaricombusiness.co.ke: 41.203.208.130	A	dns1.safaricombusiness.co.ke (41.203.208.19)
13	ns4.safaricombusiness.co.ke: No AAAA record found	AAAA	dns1.safaricombusiness.co.ke (41.203.208.19)

14. CAA - Entries

Domainname	flag	Name	Value	∑ Queries
www.safaricom.co.ke	0		no CAA entry found	1
safaricom.co.ke	5	issue	digicert.com	1
	9	issuewild	digicert.com	1
co.ke	0		no CAA entry found	1
ke	0		no CAA entry found	1

15. TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
safaricom.co.ke	atlassian-domain-verification=mQ9tPbLWVp16NM0KF9o/AHU10eswUP40Q3Pcf4lj8qbV+ycAUhAhwhd9ochsxCIs	ok	1
safaricom.co.ke	v=spf1 exists:%{i}.spf.hc502-0.eu.iphmx.com ip4:196.201.213.93 ip4:196.201.213.118 ip4:196.201.213.42 ip4:196.201.213.106 ip4:196.201.213.221 ip4:196.201.213.222 ip4:41.90.221.28 ip4:41.90.221.29 ~all	ok	1
www.safaricom.co.ke		ok	1
_acme-challenge.safaricom.co.ke		Name Error - The domain name does not exist	1
_acme-challenge.www.safaricom.co.ke		Name Error - The domain name does not exist	1
_acme-challenge.safaricom.co.ke.safaricom.co.ke		Name Error - The domain name does not exist	1
_acme-challenge.www.safaricom.co.ke.safaricom.co.ke		Name Error - The domain name does not exist	1
_acme-challenge.www.safaricom.co.ke.www.safaricom.co.ke		Name Error - The domain name does not exist	1

16. DomainService - Entries

Type		Domain	Pref	Value	DNS-error	num Answers	Status	Description
MX		safaricom.co.ke	0	mx1.hc502-0.eu.iphmx.com	0	2	ok
	A			207.54.69.54	0	2	ok
	A			207.54.76.105	0	2	ok
	CNAME				0	0	ok
MX		safaricom.co.ke	0	mx2.hc502-0.eu.iphmx.com	0	2	ok
	A			207.54.69.54	0	2	ok
	A			207.54.76.105	0	2	ok
	CNAME				0	0	ok
SPF	TXT	safaricom.co.ke		v=spf1 exists:%{i}.spf.hc502-0.eu.iphmx.com ip4:196.201.213.93 ip4:196.201.213.118 ip4:196.201.213.42 ip4:196.201.213.106 ip4:196.201.213.221 ip4:196.201.213.222 ip4:41.90.221.28 ip4:41.90.221.29 ~all			ok
_dmarc	TXT	_dmarc.safaricom.co.ke		v=DMARC1;p=reject;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:safaricom-plc@rua.dmp.cisco.com,mailto:dmarcagg@safaricom.co.ke;ruf=mailto:safaricom-plc@ruf.dmp.cisco.com,mailto:dmarcagg@safaricom.co.ke			ok
	TXT	safaricom.co.ke._report._dmarc.rua.dmp.cisco.com		mailto:safaricom-plc@rua.dmp.cisco.com			ok	Mail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.
	TXT	safaricom.co.ke._report._dmarc.rua.dmp.cisco.com		v=DMARC1;			ok	Confirmed. Sending reports to external domain is allowed.
	TXT	safaricom.co.ke._report._dmarc.ruf.dmp.cisco.com		mailto:safaricom-plc@ruf.dmp.cisco.com			ok	Mail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.
	TXT	safaricom.co.ke._report._dmarc.ruf.dmp.cisco.com		v=DMARC1;			ok	Confirmed. Sending reports to external domain is allowed.

17. Cipher Suites

Summary
Domain	IP	Port	num Ciphers	time	Std.Protocol	Forward Secrecy
safaricom.co.ke	45.223.18.17	443	13 Ciphers	94.46 sec		6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.18.17	2083	13 Ciphers	94.64 sec	cPanel (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.18.17	2087	13 Ciphers	94.03 sec	WHM (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.18.17	2096	13 Ciphers	93.50 sec	cPanel Webmail (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.18.17	2222	13 Ciphers	94.25 sec	DirectAdmin (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.18.17	8080	13 Ciphers	93.86 sec	Ookla Speedtest (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.18.17	8083	13 Ciphers	93.75 sec	VestaCP https	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.18.17	8443	13 Ciphers	93.79 sec	Plesk Administration (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.18.17	10000	13 Ciphers	93.99 sec	Webmin (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	443	13 Ciphers	97.52 sec		6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	2083	13 Ciphers	97.73 sec	cPanel (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	2087	13 Ciphers	97.15 sec	WHM (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	2096	13 Ciphers	98.42 sec	cPanel Webmail (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	2222	13 Ciphers	97.27 sec	DirectAdmin (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	8080	13 Ciphers	97.32 sec	Ookla Speedtest (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	8083	13 Ciphers	98.00 sec	VestaCP https	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	8443	13 Ciphers	98.31 sec	Plesk Administration (https)	6 without, 7 FS	53.85 %
safaricom.co.ke	45.223.28.17	10000	13 Ciphers	98.40 sec	Webmin (https)	6 without, 7 FS	53.85 %
www.safaricom.co.ke	45.223.18.17	443	13 Ciphers	94.15 sec		6 without, 7 FS	53.85 %
www.safaricom.co.ke	45.223.28.17	443	13 Ciphers	98.39 sec		6 without, 7 FS	53.85 %
Complete		20	260 Ciphers 13.00 Ciphers/Check	1918.94 sec	95.95 sec/Check	120 without, 140 FS	53.85 %

Details
Domain	IP	Port	Cipher (OpenSsl / IANA)
safaricom.co.ke	45.223.18.17	443	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 94.46 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		2083	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 94.64 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		2087	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 94.03 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		2096	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 93.50 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		2222	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 94.25 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		8080	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 93.86 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		8083	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 93.75 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		8443	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 93.79 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		10000	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 93.99 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
	45.223.28.17	443	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 97.52 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		2083	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 97.73 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		2087	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 97.15 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		2096	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 98.42 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		2222	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 97.27 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		8080	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 97.32 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		8083	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 98.00 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		8443	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 98.31 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		10000	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 98.40 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
www.safaricom.co.ke	45.223.18.17	443	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 94.15 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
	45.223.28.17	443	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 98.39 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1

18. Portchecks

Domain	IP	Port	Description	Result	Answer
safaricom.co.ke	45.223.18.17	21	FTP	open

safaricom.co.ke	45.223.18.17	21	FTP	open
safaricom.co.ke	45.223.18.17	22	SSH

safaricom.co.ke	45.223.18.17	22	SSH
safaricom.co.ke	45.223.18.17	25	SMTP	open

safaricom.co.ke	45.223.18.17	25	SMTP	open
safaricom.co.ke	45.223.18.17	53	DNS	open

safaricom.co.ke	45.223.18.17	53	DNS	open
safaricom.co.ke	45.223.18.17	110	POP3	open

safaricom.co.ke	45.223.18.17	110	POP3	open		This port ist unencrypted and deprecated. Don't use it.
safaricom.co.ke	45.223.18.17	143	IMAP	open

safaricom.co.ke	45.223.18.17	143	IMAP	open		This port ist unencrypted and deprecated. Don't use it.
safaricom.co.ke	45.223.18.17	465	SMTP (encrypted)	open

safaricom.co.ke	45.223.18.17	465	SMTP (encrypted)	open
safaricom.co.ke	45.223.18.17	587	SMTP (encrypted, submission)	open

safaricom.co.ke	45.223.18.17	587	SMTP (encrypted, submission)	open
safaricom.co.ke	45.223.18.17	993	IMAP (encrypted)	open

safaricom.co.ke	45.223.18.17	993	IMAP (encrypted)	open
safaricom.co.ke	45.223.18.17	995	POP3 (encrypted)	open

safaricom.co.ke	45.223.18.17	995	POP3 (encrypted)	open
safaricom.co.ke	45.223.18.17	1433	MS SQL	open

safaricom.co.ke	45.223.18.17	1433	MS SQL	open
safaricom.co.ke	45.223.18.17	2082	cPanel (http)	open
http://45.223.18.17:2082/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2082	cPanel (http)	open	http://45.223.18.17:2082/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2083	cPanel (https)	open
https://45.223.18.17:2083/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2083	cPanel (https)	open	https://45.223.18.17:2083/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2086	WHM (http)	open
http://45.223.18.17:2086/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2086	WHM (http)	open	http://45.223.18.17:2086/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2087	WHM (https)	open
https://45.223.18.17:2087/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2087	WHM (https)	open	https://45.223.18.17:2087/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2089	cPanel Licensing	open

safaricom.co.ke	45.223.18.17	2089	cPanel Licensing	open
safaricom.co.ke	45.223.18.17	2095	cPanel Webmail (http)	open
http://45.223.18.17:2095/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2095	cPanel Webmail (http)	open	http://45.223.18.17:2095/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2096	cPanel Webmail (https)	open
https://45.223.18.17:2096/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2096	cPanel Webmail (https)	open	https://45.223.18.17:2096/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2222	DirectAdmin (http)	open
http://45.223.18.17:2222/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2222	DirectAdmin (http)	open	http://45.223.18.17:2222/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2222	DirectAdmin (https)	open
https://45.223.18.17:2222/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	2222	DirectAdmin (https)	open	https://45.223.18.17:2222/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	3306	mySql	open

safaricom.co.ke	45.223.18.17	3306	mySql	open
safaricom.co.ke	45.223.18.17	5224	Plesk Licensing	open

safaricom.co.ke	45.223.18.17	5224	Plesk Licensing	open
safaricom.co.ke	45.223.18.17	5432	PostgreSQL

safaricom.co.ke	45.223.18.17	5432	PostgreSQL
safaricom.co.ke	45.223.18.17	8080	Ookla Speedtest (http)	open
http://45.223.18.17:8080/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8080	Ookla Speedtest (http)	open	http://45.223.18.17:8080/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8080	Ookla Speedtest (https)	open
https://45.223.18.17:8080/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8080	Ookla Speedtest (https)	open	https://45.223.18.17:8080/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8083	VestaCP http	open
http://45.223.18.17:8083/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8083	VestaCP http	open	http://45.223.18.17:8083/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8083	VestaCP https	open
https://45.223.18.17:8083/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8083	VestaCP https	open	https://45.223.18.17:8083/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8443	Plesk Administration (https)	open
https://45.223.18.17:8443/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8443	Plesk Administration (https)	open	https://45.223.18.17:8443/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8447	Plesk Installer + Updates	open

safaricom.co.ke	45.223.18.17	8447	Plesk Installer + Updates	open
safaricom.co.ke	45.223.18.17	8880	Plesk Administration (http)	open
http://45.223.18.17:8880/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	8880	Plesk Administration (http)	open	http://45.223.18.17:8880/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	10000	Webmin (http)	open
http://45.223.18.17:10000/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	10000	Webmin (http)	open	http://45.223.18.17:10000/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.18.17	10000	Webmin (https)	open
https://45.223.18.17:10000/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.18.17	10000	Webmin (https)	open	https://45.223.18.17:10000/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	21	FTP	open

safaricom.co.ke	45.223.28.17	21	FTP	open
safaricom.co.ke	45.223.28.17	22	SSH

safaricom.co.ke	45.223.28.17	22	SSH
safaricom.co.ke	45.223.28.17	25	SMTP	open

safaricom.co.ke	45.223.28.17	25	SMTP	open
safaricom.co.ke	45.223.28.17	53	DNS	open

safaricom.co.ke	45.223.28.17	53	DNS	open
safaricom.co.ke	45.223.28.17	110	POP3	open

safaricom.co.ke	45.223.28.17	110	POP3	open		This port ist unencrypted and deprecated. Don't use it.
safaricom.co.ke	45.223.28.17	143	IMAP	open

safaricom.co.ke	45.223.28.17	143	IMAP	open		This port ist unencrypted and deprecated. Don't use it.
safaricom.co.ke	45.223.28.17	465	SMTP (encrypted)	open

safaricom.co.ke	45.223.28.17	465	SMTP (encrypted)	open
safaricom.co.ke	45.223.28.17	587	SMTP (encrypted, submission)	open

safaricom.co.ke	45.223.28.17	587	SMTP (encrypted, submission)	open
safaricom.co.ke	45.223.28.17	993	IMAP (encrypted)	open

safaricom.co.ke	45.223.28.17	993	IMAP (encrypted)	open
safaricom.co.ke	45.223.28.17	995	POP3 (encrypted)	open

safaricom.co.ke	45.223.28.17	995	POP3 (encrypted)	open
safaricom.co.ke	45.223.28.17	1433	MS SQL	open

safaricom.co.ke	45.223.28.17	1433	MS SQL	open
safaricom.co.ke	45.223.28.17	2082	cPanel (http)	open
http://45.223.28.17:2082/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2082	cPanel (http)	open	http://45.223.28.17:2082/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2083	cPanel (https)	open
https://45.223.28.17:2083/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2083	cPanel (https)	open	https://45.223.28.17:2083/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2086	WHM (http)	open
http://45.223.28.17:2086/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2086	WHM (http)	open	http://45.223.28.17:2086/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2087	WHM (https)	open
https://45.223.28.17:2087/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2087	WHM (https)	open	https://45.223.28.17:2087/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2089	cPanel Licensing	open

safaricom.co.ke	45.223.28.17	2089	cPanel Licensing	open
safaricom.co.ke	45.223.28.17	2095	cPanel Webmail (http)	open
http://45.223.28.17:2095/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2095	cPanel Webmail (http)	open	http://45.223.28.17:2095/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2096	cPanel Webmail (https)	open
https://45.223.28.17:2096/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2096	cPanel Webmail (https)	open	https://45.223.28.17:2096/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2222	DirectAdmin (http)	open
http://45.223.28.17:2222/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2222	DirectAdmin (http)	open	http://45.223.28.17:2222/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2222	DirectAdmin (https)	open
https://45.223.28.17:2222/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	2222	DirectAdmin (https)	open	https://45.223.28.17:2222/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	3306	mySql	open

safaricom.co.ke	45.223.28.17	3306	mySql	open
safaricom.co.ke	45.223.28.17	5224	Plesk Licensing	open

safaricom.co.ke	45.223.28.17	5224	Plesk Licensing	open
safaricom.co.ke	45.223.28.17	5432	PostgreSQL

safaricom.co.ke	45.223.28.17	5432	PostgreSQL
safaricom.co.ke	45.223.28.17	8080	Ookla Speedtest (http)	open
http://45.223.28.17:8080/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8080	Ookla Speedtest (http)	open	http://45.223.28.17:8080/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8080	Ookla Speedtest (https)	open
https://45.223.28.17:8080/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8080	Ookla Speedtest (https)	open	https://45.223.28.17:8080/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8083	VestaCP http	open
http://45.223.28.17:8083/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8083	VestaCP http	open	http://45.223.28.17:8083/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8083	VestaCP https	open
https://45.223.28.17:8083/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8083	VestaCP https	open	https://45.223.28.17:8083/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8443	Plesk Administration (https)	open
https://45.223.28.17:8443/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8443	Plesk Administration (https)	open	https://45.223.28.17:8443/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8447	Plesk Installer + Updates	open

safaricom.co.ke	45.223.28.17	8447	Plesk Installer + Updates	open
safaricom.co.ke	45.223.28.17	8880	Plesk Administration (http)	open
http://45.223.28.17:8880/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	8880	Plesk Administration (http)	open	http://45.223.28.17:8880/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	10000	Webmin (http)	open
http://45.223.28.17:10000/ Http-Status: 301		Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	10000	Webmin (http)	open	http://45.223.28.17:10000/ Http-Status: 301	Redirect: https://safaricom.co.ke/
safaricom.co.ke	45.223.28.17	10000	Webmin (https)	open
https://45.223.28.17:10000/ Http-Status: 301		Certificate is valid Redirect: https://www.safaricom.co.ke/
safaricom.co.ke	45.223.28.17	10000	Webmin (https)	open	https://45.223.28.17:10000/ Http-Status: 301	Certificate is valid Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	21	FTP	open

www.safaricom.co.ke	45.223.18.17	21	FTP	open
www.safaricom.co.ke	45.223.18.17	22	SSH

www.safaricom.co.ke	45.223.18.17	22	SSH
www.safaricom.co.ke	45.223.18.17	25	SMTP	open

www.safaricom.co.ke	45.223.18.17	25	SMTP	open
www.safaricom.co.ke	45.223.18.17	53	DNS	open

www.safaricom.co.ke	45.223.18.17	53	DNS	open
www.safaricom.co.ke	45.223.18.17	110	POP3	open

www.safaricom.co.ke	45.223.18.17	110	POP3	open		This port ist unencrypted and deprecated. Don't use it.
www.safaricom.co.ke	45.223.18.17	143	IMAP	open

www.safaricom.co.ke	45.223.18.17	143	IMAP	open		This port ist unencrypted and deprecated. Don't use it.
www.safaricom.co.ke	45.223.18.17	465	SMTP (encrypted)	open

www.safaricom.co.ke	45.223.18.17	465	SMTP (encrypted)	open
www.safaricom.co.ke	45.223.18.17	587	SMTP (encrypted, submission)	open

www.safaricom.co.ke	45.223.18.17	587	SMTP (encrypted, submission)	open
www.safaricom.co.ke	45.223.18.17	993	IMAP (encrypted)	open

www.safaricom.co.ke	45.223.18.17	993	IMAP (encrypted)	open
www.safaricom.co.ke	45.223.18.17	995	POP3 (encrypted)	open

www.safaricom.co.ke	45.223.18.17	995	POP3 (encrypted)	open
www.safaricom.co.ke	45.223.18.17	1433	MS SQL	open

www.safaricom.co.ke	45.223.18.17	1433	MS SQL	open
www.safaricom.co.ke	45.223.18.17	2082	cPanel (http)	open
http://45.223.18.17:2082/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	2082	cPanel (http)	open	http://45.223.18.17:2082/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	2083	cPanel (https)	open
https://45.223.18.17:2083/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	2083	cPanel (https)	open	https://45.223.18.17:2083/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	2086	WHM (http)	open
http://45.223.18.17:2086/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	2086	WHM (http)	open	http://45.223.18.17:2086/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	2087	WHM (https)	open
https://45.223.18.17:2087/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	2087	WHM (https)	open	https://45.223.18.17:2087/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	2089	cPanel Licensing	open

www.safaricom.co.ke	45.223.18.17	2089	cPanel Licensing	open
www.safaricom.co.ke	45.223.18.17	2095	cPanel Webmail (http)	open
http://45.223.18.17:2095/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	2095	cPanel Webmail (http)	open	http://45.223.18.17:2095/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	2096	cPanel Webmail (https)	open
https://45.223.18.17:2096/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	2096	cPanel Webmail (https)	open	https://45.223.18.17:2096/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	2222	DirectAdmin (http)	open
http://45.223.18.17:2222/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	2222	DirectAdmin (http)	open	http://45.223.18.17:2222/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	2222	DirectAdmin (https)	open
https://45.223.18.17:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	2222	DirectAdmin (https)	open	https://45.223.18.17:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	3306	mySql	open

www.safaricom.co.ke	45.223.18.17	3306	mySql	open
www.safaricom.co.ke	45.223.18.17	5224	Plesk Licensing	open

www.safaricom.co.ke	45.223.18.17	5224	Plesk Licensing	open
www.safaricom.co.ke	45.223.18.17	5432	PostgreSQL

www.safaricom.co.ke	45.223.18.17	5432	PostgreSQL
www.safaricom.co.ke	45.223.18.17	8080	Ookla Speedtest (http)	open
http://45.223.18.17:8080/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	8080	Ookla Speedtest (http)	open	http://45.223.18.17:8080/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	8080	Ookla Speedtest (https)	open
https://45.223.18.17:8080/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	8080	Ookla Speedtest (https)	open	https://45.223.18.17:8080/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	8083	VestaCP http	open
http://45.223.18.17:8083/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	8083	VestaCP http	open	http://45.223.18.17:8083/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	8083	VestaCP https	open
https://45.223.18.17:8083/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	8083	VestaCP https	open	https://45.223.18.17:8083/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	8443	Plesk Administration (https)	open
https://45.223.18.17:8443/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	8443	Plesk Administration (https)	open	https://45.223.18.17:8443/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	8447	Plesk Installer + Updates	open

www.safaricom.co.ke	45.223.18.17	8447	Plesk Installer + Updates	open
www.safaricom.co.ke	45.223.18.17	8880	Plesk Administration (http)	open
http://45.223.18.17:8880/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	8880	Plesk Administration (http)	open	http://45.223.18.17:8880/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	10000	Webmin (http)	open
http://45.223.18.17:10000/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	10000	Webmin (http)	open	http://45.223.18.17:10000/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.18.17	10000	Webmin (https)	open
https://45.223.18.17:10000/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.18.17	10000	Webmin (https)	open	https://45.223.18.17:10000/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	21	FTP	open

www.safaricom.co.ke	45.223.28.17	21	FTP	open
www.safaricom.co.ke	45.223.28.17	22	SSH

www.safaricom.co.ke	45.223.28.17	22	SSH
www.safaricom.co.ke	45.223.28.17	25	SMTP	open

www.safaricom.co.ke	45.223.28.17	25	SMTP	open
www.safaricom.co.ke	45.223.28.17	53	DNS	open

www.safaricom.co.ke	45.223.28.17	53	DNS	open
www.safaricom.co.ke	45.223.28.17	110	POP3	open

www.safaricom.co.ke	45.223.28.17	110	POP3	open		This port ist unencrypted and deprecated. Don't use it.
www.safaricom.co.ke	45.223.28.17	143	IMAP	open

www.safaricom.co.ke	45.223.28.17	143	IMAP	open		This port ist unencrypted and deprecated. Don't use it.
www.safaricom.co.ke	45.223.28.17	465	SMTP (encrypted)	open

www.safaricom.co.ke	45.223.28.17	465	SMTP (encrypted)	open
www.safaricom.co.ke	45.223.28.17	587	SMTP (encrypted, submission)	open

www.safaricom.co.ke	45.223.28.17	587	SMTP (encrypted, submission)	open
www.safaricom.co.ke	45.223.28.17	993	IMAP (encrypted)	open

www.safaricom.co.ke	45.223.28.17	993	IMAP (encrypted)	open
www.safaricom.co.ke	45.223.28.17	995	POP3 (encrypted)	open

www.safaricom.co.ke	45.223.28.17	995	POP3 (encrypted)	open
www.safaricom.co.ke	45.223.28.17	1433	MS SQL	open

www.safaricom.co.ke	45.223.28.17	1433	MS SQL	open
www.safaricom.co.ke	45.223.28.17	2082	cPanel (http)	open
http://45.223.28.17:2082/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	2082	cPanel (http)	open	http://45.223.28.17:2082/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	2083	cPanel (https)	open
https://45.223.28.17:2083/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	2083	cPanel (https)	open	https://45.223.28.17:2083/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	2086	WHM (http)	open
http://45.223.28.17:2086/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	2086	WHM (http)	open	http://45.223.28.17:2086/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	2087	WHM (https)	open
https://45.223.28.17:2087/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	2087	WHM (https)	open	https://45.223.28.17:2087/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	2089	cPanel Licensing	open

www.safaricom.co.ke	45.223.28.17	2089	cPanel Licensing	open
www.safaricom.co.ke	45.223.28.17	2095	cPanel Webmail (http)	open
http://45.223.28.17:2095/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	2095	cPanel Webmail (http)	open	http://45.223.28.17:2095/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	2096	cPanel Webmail (https)	open
https://45.223.28.17:2096/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	2096	cPanel Webmail (https)	open	https://45.223.28.17:2096/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	2222	DirectAdmin (http)	open
http://45.223.28.17:2222/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	2222	DirectAdmin (http)	open	http://45.223.28.17:2222/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	2222	DirectAdmin (https)	open
https://45.223.28.17:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	2222	DirectAdmin (https)	open	https://45.223.28.17:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	3306	mySql	open

www.safaricom.co.ke	45.223.28.17	3306	mySql	open
www.safaricom.co.ke	45.223.28.17	5224	Plesk Licensing	open

www.safaricom.co.ke	45.223.28.17	5224	Plesk Licensing	open
www.safaricom.co.ke	45.223.28.17	5432	PostgreSQL

www.safaricom.co.ke	45.223.28.17	5432	PostgreSQL
www.safaricom.co.ke	45.223.28.17	8080	Ookla Speedtest (http)	open
http://45.223.28.17:8080/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	8080	Ookla Speedtest (http)	open	http://45.223.28.17:8080/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	8080	Ookla Speedtest (https)	open
https://45.223.28.17:8080/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	8080	Ookla Speedtest (https)	open	https://45.223.28.17:8080/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	8083	VestaCP http	open
http://45.223.28.17:8083/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	8083	VestaCP http	open	http://45.223.28.17:8083/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	8083	VestaCP https	open
https://45.223.28.17:8083/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	8083	VestaCP https	open	https://45.223.28.17:8083/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	8443	Plesk Administration (https)	open
https://45.223.28.17:8443/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	8443	Plesk Administration (https)	open	https://45.223.28.17:8443/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	8447	Plesk Installer + Updates	open

www.safaricom.co.ke	45.223.28.17	8447	Plesk Installer + Updates	open
www.safaricom.co.ke	45.223.28.17	8880	Plesk Administration (http)	open
http://45.223.28.17:8880/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	8880	Plesk Administration (http)	open	http://45.223.28.17:8880/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	10000	Webmin (http)	open
http://45.223.28.17:10000/ Http-Status: 301		Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	10000	Webmin (http)	open	http://45.223.28.17:10000/ Http-Status: 301	Redirect: https://www.safaricom.co.ke/
www.safaricom.co.ke	45.223.28.17	10000	Webmin (https)	open
https://45.223.28.17:10000/ Http-Status: -14 Timeout - The operation has timed out.
www.safaricom.co.ke	45.223.28.17	10000	Webmin (https)	open	https://45.223.28.17:10000/ Http-Status: -14 Timeout - The operation has timed out.

Permalink: https://check-your-website.server-daten.de/?i=bf6b6d6e-06fd-4e50-8ad2-10326a2ce0bc

Last Result: https://check-your-website.server-daten.de/?q=safaricom.co.ke - 2026-05-16 17:55:53

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=safaricom.co.ke" target="_blank">Check this Site: safaricom.co.ke</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page - https://check-your-website.server-daten.de/?d=safaricom.co.ke

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

Mobile- and other Chrome-Checks

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. Header-Checks

3. DNS- and NameServer - Checks

4. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

11. Html-Content - Entries

12. Html-Parsing via https://validator.w3.org/nu/

Summary

Details

13. Nameserver - IP-Adresses

14. CAA - Entries

15. TXT - Entries

16. DomainService - Entries

17. Cipher Suites

18. Portchecks