Check DNS, Urls + Redirects, Certificates and Content of your Website

...

skip EDNS-Check

skip Content-Check

check links

Timeout

Checked:
01.08.2025 09:37:09

Older results

T - 30.06.2025 17:02:33

T - 30.03.2025 20:15:37

T - 30.03.2025 12:51:32

T - 30.03.2025 12:32:09

T - 10.11.2024 13:29:49

T - 19.05.2024 09:39:54

T - 13.05.2024 09:41:18

T - 06.05.2024 08:57:40

T - 04.03.2024 15:04:30

T - 15.02.2024 14:37:49

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
safvdi.safaricom.co.ke	CNAME	rhlddrn.impervadns.net	yes	1	0
	A	45.223.20.17 New York/United States (US) - Incapsula Inc No Hostname found	yes
www.safvdi.safaricom.co.ke		Name Error	yes	1	0
*.safaricom.co.ke	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes
*.safvdi.safaricom.co.ke	A	Name Error	yes
	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	4 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 46441, Flags 256


	Public Key with Algorithm 8, KeyTag 53148, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.08.2025, 00:00:00 +, Signature-Inception: 31.07.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ke
ke	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 17597, DigestType 2 and Digest T+8LxI89Kft57qDfaVwuCj92j+HGYTPINjkJrJcuZdE=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner ke., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 14.08.2025, 05:00:00 +, Signature-Inception: 01.08.2025, 04:00:00 +, KeyTag 46441, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46441 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 17597, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 39129, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner ke., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 13.08.2025, 16:43:04 +, Signature-Inception: 24.07.2025, 15:13:04 +, KeyTag 17597, Signer-Name: ke


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17597 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 17597, DigestType 2 and Digest "T+8LxI89Kft57qDfaVwuCj92j+HGYTPINjkJrJcuZdE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: co.ke
co.ke	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "gj3m6go6u87nbk40qbbptb6j23h5q51k" between the hashed NSEC3-owner "gj3m6go6u87nbk40qbbptb6j23h5q51k" and the hashed NextOwner "gr5h6c9j0bj5qe7303ukhe8i0re9r2vk". So the parent zone confirmes the not-existence of a DS RR. Bitmap: TXT, RRSIG Validated: RRSIG-Owner gj3m6go6u87nbk40qbbptb6j23h5q51k.ke., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 13.08.2025, 17:27:46 +, Signature-Inception: 24.07.2025, 15:57:46 +, KeyTag 39129, Signer-Name: ke


	0 DNSKEY RR found




Zone: safaricom.co.ke
safaricom.co.ke	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 12837, DigestType 2 and Digest GZyITb057YUIuiZioCgMZ4R10qN3nvOspFV0tQ39PeI=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner safaricom.co.ke., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 13.08.2025, 17:27:46 +, Signature-Inception: 24.07.2025, 15:57:46 +, KeyTag 39129, Signer-Name: ke


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39129 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 12837, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 17069, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner safaricom.co.ke., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.08.2025, 00:00:00 +, Signature-Inception: 24.07.2025, 00:00:00 +, KeyTag 12837, Signer-Name: safaricom.co.ke


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 12837 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 12837, DigestType 2 and Digest "GZyITb057YUIuiZioCgMZ4R10qN3nvOspFV0tQ39PeI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: safvdi.safaricom.co.ke
safvdi.safaricom.co.ke	0 DS RR in the parent zone found


	RRSIG Type 5 validates the CNAME - Result: rhlddrn.impervadns.net Validated: RRSIG-Owner safvdi.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 600 sec, Signature-expiration: 14.08.2025, 00:00:00 +, Signature-Inception: 24.07.2025, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke

Zone: www.safvdi.safaricom.co.ke
www.safvdi.safaricom.co.ke	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "an951u36ge6b8uvpkh7j8pf73p6bmihb" between the hashed NSEC3-owner "an951u36ge6b8uvpkh7j8pf73p6bmiha" and the hashed NextOwner "an951u36ge6b8uvpkh7j8pf73p6bmihc". So the parent zone confirmes the not-existence of a DS RR. Bitmap: No Bitmap? Validated: RRSIG-Owner an951u36ge6b8uvpkh7j8pf73p6bmiha.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 14.08.2025, 00:00:00 +, Signature-Inception: 24.07.2025, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	DS-Query in the parent zone sends valid NSEC3 RR with the Hash "579akenpaqttog8o7d0cebp49a8tb7um" as Owner. That's the Hash of "safvdi.safaricom.co.ke" with the NextHashedOwnerName "579akenpaqttog8o7d0cebp49a8tb7un". So that domain name is the Closest Encloser of "www.safvdi.safaricom.co.ke". Opt-Out: False. Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 579akenpaqttog8o7d0cebp49a8tb7um.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 14.08.2025, 00:00:00 +, Signature-Inception: 24.07.2025, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke


	The ClosestEncloser says, that "*.safvdi.safaricom.co.ke" with the Hash "rti8aq76ghfq3sk777ruhlclbu41asu1" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "rti8aq76ghfq3sk777ruhlclbu41asu0" and the Next Owner "rti8aq76ghfq3sk777ruhlclbu41asu2", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False. Bitmap: No Bitmap? Validated: RRSIG-Owner rti8aq76ghfq3sk777ruhlclbu41asu0.safaricom.co.ke., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 14.08.2025, 00:00:00 +, Signature-Inception: 24.07.2025, 00:00:00 +, KeyTag 17069, Signer-Name: safaricom.co.ke

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	4 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 46441, Flags 256


	Public Key with Algorithm 8, KeyTag 53148, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.08.2025, 00:00:00 +, Signature-Inception: 31.07.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: net
net	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 14.08.2025, 05:00:00 +, Signature-Inception: 01.08.2025, 04:00:00 +, KeyTag 46441, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46441 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 33296, Flags 256


	Public Key with Algorithm 13, KeyTag 37331, Flags 257 (SEP = Secure Entry Point)


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner net., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 15.08.2025, 14:10:35 +, Signature-Inception: 31.07.2025, 14:05:35 +, KeyTag 37331, Signer-Name: net


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 37331 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest "LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: impervadns.net
impervadns.net	2 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 15950, DigestType 1 and Digest gq7F9MHMTIBICIkZeleau+lGQGU=


	DS with Algorithm 8, KeyTag 15950, DigestType 2 and Digest 9aETlUYvFx4ik0Tk4du3O3ocnDw7LCuWizZJfx0rwhQ=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner impervadns.net., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2025, 02:53:48 +, Signature-Inception: 29.07.2025, 01:43:48 +, KeyTag 33296, Signer-Name: net


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 33296 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 15950, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 56281, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner impervadns.net., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 15950, Signer-Name: impervadns.net


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 15950 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 15950, DigestType 1 and Digest "gq7F9MHMTIBICIkZeleau+lGQGU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 15950, DigestType 2 and Digest "9aETlUYvFx4ik0Tk4du3O3ocnDw7LCuWizZJfx0rwhQ=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: rhlddrn.impervadns.net
rhlddrn.impervadns.net	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "v46655uoqkmedc571iqndrgr7ekgjoeb" between the hashed NSEC3-owner "v46655uoqkmedc571iqndrgr7ekgjoeb" and the hashed NextOwner "v46ap1pp7s4pf2b2ej6ln15lsh8s7mh7". So the parent zone confirmes the not-existence of a DS RR. Bitmap: A, RRSIG Validated: RRSIG-Owner v46655uoqkmedc571iqndrgr7ekgjoeb.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	0 DNSKEY RR found





	RRSIG Type 1 validates the A - Result: 45.223.20.17 Validated: RRSIG-Owner rhlddrn.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 30 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "v46655uoqkmedc571iqndrgr7ekgjoeb" equal the hashed NSEC3-owner "v46655uoqkmedc571iqndrgr7ekgjoeb" and the hashed NextOwner "v46ap1pp7s4pf2b2ej6ln15lsh8s7mh7". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, RRSIG Validated: RRSIG-Owner v46655uoqkmedc571iqndrgr7ekgjoeb.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	Status: Good. NoData-Proof required and found.


	TXT-Query sends a valid NSEC3 RR as result with the hashed query name "v46655uoqkmedc571iqndrgr7ekgjoeb" equal the hashed NSEC3-owner "v46655uoqkmedc571iqndrgr7ekgjoeb" and the hashed NextOwner "v46ap1pp7s4pf2b2ej6ln15lsh8s7mh7". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, RRSIG Validated: RRSIG-Owner v46655uoqkmedc571iqndrgr7ekgjoeb.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	Status: Good. NoData-Proof required and found.


	AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "v46655uoqkmedc571iqndrgr7ekgjoeb" equal the hashed NSEC3-owner "v46655uoqkmedc571iqndrgr7ekgjoeb" and the hashed NextOwner "v46ap1pp7s4pf2b2ej6ln15lsh8s7mh7". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, RRSIG Validated: RRSIG-Owner v46655uoqkmedc571iqndrgr7ekgjoeb.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.rhlddrn.impervadns.net) sends a valid NSEC3 RR as result with the hashed owner name "v46655uoqkmedc571iqndrgr7ekgjoeb" (unhashed: rhlddrn.impervadns.net). So that's the Closest Encloser of the query name. Bitmap: A, RRSIG Validated: RRSIG-Owner v46655uoqkmedc571iqndrgr7ekgjoeb.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "vfq8avs40epm2qlm6f1pvufoq4oo0cte" (unhashed: _tcp.rhlddrn.impervadns.net) with the owner "vfq0bbir1308798150dijp1dira6nt1b" and the NextOwner "vfqb8j48d6vb5atpcr4ek2racfn7qtn5". So that NSEC3 confirms the not-existence of the Next Closer Name. Bitmap: A, RRSIG Validated: RRSIG-Owner vfq0bbir1308798150dijp1dira6nt1b.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "fbaef7uua41omtcuot2h48dpq34ekpk3" (unhashed: *.rhlddrn.impervadns.net) with the owner "fbadq8aqjk1pkt3o06vlmj39ohnakon7" and the NextOwner "fbafpqk795cpl67elj579mmbhfkl6u9a". So that NSEC3 confirms the not-existence of the Wildcard expansion. Bitmap: A, RRSIG Validated: RRSIG-Owner fbadq8aqjk1pkt3o06vlmj39ohnakon7.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	Status: Good. NXDomain-Proof required and found.


	CAA-Query sends a valid NSEC3 RR as result with the hashed query name "v46655uoqkmedc571iqndrgr7ekgjoeb" equal the hashed NSEC3-owner "v46655uoqkmedc571iqndrgr7ekgjoeb" and the hashed NextOwner "v46ap1pp7s4pf2b2ej6ln15lsh8s7mh7". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, RRSIG Validated: RRSIG-Owner v46655uoqkmedc571iqndrgr7ekgjoeb.impervadns.net., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 22.09.2025, 00:00:00 +, Signature-Inception: 22.07.2024, 00:00:00 +, KeyTag 56281, Signer-Name: impervadns.net


	Status: Good. NoData-Proof required and found.

3. Name Servers

Domain	Nameserver	NS-IP
www.safvdi.safaricom.co.ke	• ns1.safaricombusiness.co.ke
safaricom.co.ke	• ns1.safaricombusiness.co.ke / ns1.safaricombusiness.co.ke	41.203.208.129 Nairobi/Nairobi County/Kenya (KE) - Safaricom Limited	•
	• ns2.safaricombusiness.co.ke / ns2.safaricombusiness.co.ke	197.248.128.1 Nairobi/Nairobi County/Kenya (KE) - Safaricom Limited	•
	• ns3.safaricombusiness.co.ke / ns3.safaricombusiness.co.ke	197.248.128.2 Nairobi/Nairobi County/Kenya (KE) - Safaricom Limited	•
	• ns4.safaricombusiness.co.ke / ns4.safaricombusiness.co.ke	41.203.208.130 Nairobi/Nairobi County/Kenya (KE) - Safaricom Limited	•
co.ke	• mzizi.kenic.or.ke	196.1.4.130 Nairobi/Nairobi County/Kenya (KE) - Kenya Network Information Centre	•
	•	196.1.4.3 Nairobi/Nairobi County/Kenya (KE) - Kenya Network Information Centre	•
	•	196.13.202.53 Nairobi/Nairobi County/Kenya (KE) - Kenya Network Information Centre	•
	•	198.32.67.9 Covington/Kentucky/United States (US) - Kenya Network Information Centre
	•	2001:43f8:10:0:50c0:a8ff:feee:30 Nairobi/Nairobi County/Kenya (KE) - Kenya Network Information Centre
ke	• kenic.anycastdns.cz		•
	• mzizi.kenic.or.ke		•
	• ns.anycast.kenic.or.ke / 8.fra.pch		•
	• ns-ke.afrinic.net / s01.ns2.iso		•

impervadns.net	• ns1.impervadns.net	198.143.61.164 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.61.165 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.61.166 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.61.64 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.61.65 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.61.66 Dallas/Texas/United States (US) - Incapsula Inc	•
	• ns2.impervadns.net	198.143.62.164 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.62.165 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.62.166 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.62.64 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.62.65 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.62.66 Dallas/Texas/United States (US) - Incapsula Inc	•
	• ns3.impervadns.net	198.143.63.164 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.63.165 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.63.166 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.63.64 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.63.65 Dallas/Texas/United States (US) - Incapsula Inc	•
	•	198.143.63.66 Dallas/Texas/United States (US) - Incapsula Inc	•
net	• a.gtld-servers.net / nnn1-dca6		•
	• b.gtld-servers.net / nnn1-elwaw4		•
	• c.gtld-servers.net / nnn1-mnz4		•
	• d.gtld-servers.net / nnn1-mnz1		•
	• e.gtld-servers.net / nnn1-dca4		•
	• f.gtld-servers.net / nnn1-defra-4		•
	• g.gtld-servers.net / nnn1-defra-4		•
	• h.gtld-servers.net / nnn1-defra-4		•
	• i.gtld-servers.net / nnn1-defra-4		•
	• j.gtld-servers.net / nnn1-frmrs-2		•
	• k.gtld-servers.net / nnn1-frmrs-2		•
	• l.gtld-servers.net / nnn1-frmrs-2		•
	• m.gtld-servers.net / nnn1-frmrs-2		•

4. SOA-Entries

Domain:	ke
Zone-Name:	ke
Primary:	mzizi.kenic.or.ke
Mail:	hostmaster.kenic.or.ke
Serial:	2025080121
Refresh:	21600
Retry:	3600
Expire:	604800
TTL:	86400
num Entries:	1

Domain:	ke
Zone-Name:	ke
Primary:	mzizi.kenic.or.ke
Mail:	hostmaster.kenic.or.ke
Serial:	2025080122
Refresh:	21600
Retry:	3600
Expire:	604800
TTL:	86400
num Entries:	3

Domain:	co.ke
Zone-Name:	ke
Primary:	mzizi.kenic.or.ke
Mail:	hostmaster.kenic.or.ke
Serial:	2025080122
Refresh:	21600
Retry:	3600
Expire:	604800
TTL:	86400
num Entries:	5

Domain:	safaricom.co.ke
Zone-Name:	safaricom.co.ke
Primary:	ns1.safaricombusiness.co.ke
Mail:	ebt-ipss.safaricom.co.ke
Serial:	2025073000
Refresh:	86400
Retry:	7200
Expire:	3600000
TTL:	300
num Entries:	4

Domain:	www.safvdi.safaricom.co.ke
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1


Domain:	net
Zone-Name:	net
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1754033925
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	900
num Entries:	7

Domain:	net
Zone-Name:	net
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1754033935
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	900
num Entries:	6

Domain:	impervadns.net
Zone-Name:	impervadns.net
Primary:	ns1.impervadns.net
Mail:	hostmaster.incapsula.com
Serial:	3001
Refresh:	86400
Retry:	7200
Expire:	3600000
TTL:	600
num Entries:	18

5. Screenshots

Startaddress: https://safvdi.safaricom.co.ke/, address used: https://safvdi.safaricom.co.ke/, Screenshot created 2025-08-01 09:51:11 +00:0

Mobil (412px x 732px)

1693 milliseconds

Screenshot mobile - https://safvdi.safaricom.co.ke/

Mobil + Landscape (732px x 412px)

1555 milliseconds

Screenshot mobile landscape - https://safvdi.safaricom.co.ke/

Screen (1280px x 1680px)

1497 milliseconds

Screenshot Desktop - https://safvdi.safaricom.co.ke/

Mobile- and other Chrome-Checks

	width	height
visual Viewport	412	732
content Size	412	732

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://safvdi.safaricom.co.ke/ 45.223.20.17	-14		10.030	T
Timeout - The operation has timed out.

• https://safvdi.safaricom.co.ke/ 45.223.20.17 gzip used - 1720 / 6959 - 75.28 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200 Warning: Control chars (Ascii 8) found in Html-Content	Html is minified: 140.59 % Other inline scripts (∑/total): 0/0	5.126	I
Set-Cookie: JSESSIONID=9CC0673FF86AA73A4EE415D6FFA7C04A; Path=/; Secure; HttpOnly; SameSite=Lax,visid_incap_2674984=foSH/9n9QUiw09YzJG9TwGdwjGgAAAAAQUIPAAAAAABda4VMX6qyuu0lYNMSSzja; expires=Sat, 01 Aug 2026 00:03:06 GMT; HttpOnly; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None,nlbi_2674984=cAqUTmRWcx9E7C6kEBf9CgAAAAAffGGt8Gc64o2pz0ib66gy; HttpOnly; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None,incap_ses_1515_2674984=7ElWNam9Qmu6qGtlwVwGFXJwjGgAAAAAcIIbzEzgwKUC/FHJqFo3IA==; path=/; Domain=.safaricom.co.ke; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'none'
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 11-123355406-123355412 NNYN CT(152 162 0) RT(1754034290071 31) q(0 0 3 0) r(4 12) U24
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Length: 1720

• http://safvdi.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 45.223.20.17	-14		10.040	T
Timeout - The operation has timed out.
Visible Content:

• https://45.223.20.17/ 45.223.20.17	503	Html is minified: 100.00 %	3.204	N
Service Unavailable
Certificate error: RemoteCertificateNameMismatch
Cache-Control: no-store, no-cache
Connection: close
X-Iinfo: 7-72417936-0 0NNN RT(1754034308928 28) q(0 -1 -1 -1) r(0 -1)
Content-Type: text/html
Content-Length: 689

7. Comments

	1. General Results, most used to calculate the result
A	name "safvdi.safaricom.co.ke" is subdomain, public suffix is ".co.ke", top-level-domain is ".ke", top-level-domain-type is "country-code", Country is Kenya, tld-manager is "Kenya Network Information Center (KeNIC)", num .ke-domains preloaded: 66 (complete: 271405)
A	Good: All ip addresses are public addresses
	Warning: Only one ip address found: safvdi.safaricom.co.ke has only one ip address.
	Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: safvdi.safaricom.co.ke has no ipv6 address.
A	DNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
A	Good: destination is https
A	Good - only one version with Http-Status 200
A	Good: one preferred version: non-www is preferred
A	Good: every cookie sent via https is marked as secure
A	Good: Every cookie has a SameSite Attribute with a correct value Strict/Lax/None
	HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
I	https://safvdi.safaricom.co.ke/ 45.223.20.17	200	Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
N	https://45.223.20.17/ 45.223.20.17	503	Error - Certificate isn't trusted, RemoteCertificateNameMismatch
O	safvdi.safaricom.co.ke / 45.223.20.17 / 443		Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	safvdi.safaricom.co.ke / 45.223.20.17 / 8443		Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
X	Fatal error: Nameserver doesn't support TCP connection: mzizi.kenic.or.ke / 198.32.67.9: Timeout
X	Fatal error: Nameserver doesn't support TCP connection: mzizi.kenic.or.ke / 2001:43f8:10:0:50c0:a8ff:feee:30: Timeout
	Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain safvdi.safaricom.co.ke, 1 ip addresses.
B	No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.safvdi.safaricom.co.ke
	2. Header-Checks
A	safvdi.safaricom.co.ke 45.223.20.17	Content-Security-Policy	Ok: Header without syntax errors found: default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'none'
A			Good: default-src directive only with 'none' or 'self', additional sources are blocked.
A			Good: default-src without 'unsafe-inline' or 'unsave-eval'.
E			Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
A			Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E			Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A			Good: No object-src found, but the default-src used as fallback is defined and restricted.
F			Critical: script-src with 'unsafe-inline' or 'unsafe-eval' and without a nonce found. That's dangerous, don't use it. If you really need one of these unsafe directives, add a nonce.
F			Critical: script-src with * or a scheme found. Never allow wildcard - sources.
F			Dangerous: script-src with data: schema found. The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A			Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A		X-Content-Type-Options	Ok: Header without syntax errors found: nosniff
A		X-Frame-Options	Ok: Header without syntax errors found: SAMEORIGIN
B			Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A		X-Xss-Protection	Ok: Header without syntax errors found: 1; mode=block
B			Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
F	safvdi.safaricom.co.ke 45.223.20.17	Referrer-Policy	Critical: Missing Header:
F	safvdi.safaricom.co.ke 45.223.20.17	Permissions-Policy	Critical: Missing Header:
B	safvdi.safaricom.co.ke 45.223.20.17	Cross-Origin-Embedder-Policy	Info: Missing Header
B	safvdi.safaricom.co.ke 45.223.20.17	Cross-Origin-Opener-Policy	Info: Missing Header
B	safvdi.safaricom.co.ke 45.223.20.17	Cross-Origin-Resource-Policy	Info: Missing Header
	3. DNS- and NameServer - Checks
A	Info:: 5 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 0 Name Servers.
A	Info:: 5 Queries complete, 5 with IPv6, 0 with IPv4.
A	Good: All DNS Queries done via IPv6.
A	Info:: 4 different Name Servers found: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke, 4 Name Servers included in Delegation: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke, 4 Name Servers included in 1 Zone definitions: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke, 1 Name Servers listed in SOA.Primary: ns1.safaricombusiness.co.ke.
A	Good: Only one SOA.Primary Name Server found.: ns1.safaricombusiness.co.ke.
A	Good: SOA.Primary Name Server included in the delegation set.: ns1.safaricombusiness.co.ke.
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A	Info: Ipv4-Subnet-list: 4 Name Servers, 2 different subnets (first Byte): 197., 41., 2 different subnets (first two Bytes): 197.248., 41.203., 2 different subnets (first three Bytes): 197.248.128., 41.203.208.
A	Good: Name Server IPv4-addresses from different subnet found:
A	Good: Nameserver supports TCP connections: 4 good Nameserver
A	Good: Nameserver supports Echo Capitalization: 4 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
	Nameserver doesn't pass all EDNS-Checks: ns1.safaricombusiness.co.ke: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
A	Good: All SOA have the same Serial Number
	Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.
	4. Content- and Performance-critical Checks
	http://safvdi.safaricom.co.ke/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 45.223.20.17	-14	Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
A	Good: No https + http status 200 with inline CSS / JavaScript found
	https://safvdi.safaricom.co.ke/ 45.223.20.17	200	Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
	https://safvdi.safaricom.co.ke/ 45.223.20.17	200	Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
	https://safvdi.safaricom.co.ke/ 45.223.20.17	200	Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 2 script elements without defer/async.
A	Good: All CSS / JavaScript files are sent compressed (gzip, deflate, br checked). That reduces the content of the files. 1 external CSS / JavaScript files found
	Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 2 external CSS / JavaScript files without Cache-Control-Header, 1 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 3 complete.
	Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 3 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 3 complete.
A	Good: All checked attribute values are enclosed in quotation marks (" or ').
A	Good: Some img-elements have a valid alt-attribute.: 3 img-elements found, 2 img-elements with correct alt-attributes (defined, not an empty value).
	Wrong: img-elements without alt-attribute or empty alt-attribute found. The alt-attribute ("alternative") is required and should describe the img. So Screenreader and search engines are able to use these informations.: 1 img-elements without alt-attribute, 0 img-elements with empty alt-attribute found.
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
A	Duration: 849176 milliseconds, 849.176 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

safvdi.safaricom.co.ke

45.223.20.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safvdi.safaricom.co.ke

45.223.20.17

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
SNI required

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safvdi.safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

45.223.20.17

443

name does not match

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

45.223.20.17

443

name does not match

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=imperva.com
	2	CN=GlobalSign Atlas R3 DV TLS CA 2025 Q2, O=GlobalSign nv-sa, C=BE

safvdi.safaricom.co.ke

45.223.20.17

8443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

safvdi.safaricom.co.ke

45.223.20.17

8443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=safvdi.safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE
	2	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
	3	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

9. Certificates

CN=safvdi.safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE

09.01.2025

09.01.2026
56 days expired

safvdi.safaricom.co.ke, www.safvdi.safaricom.co.ke - 2 entries

CN=safvdi.safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE

09.01.2025

09.01.2026
56 days expired

safvdi.safaricom.co.ke, www.safvdi.safaricom.co.ke - 2 entries

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0E1F30AF2FBBD0CD9D02689D996FDCDB
Thumbprint:	6A06918AEAF913DAEA754C96D46353A56A196B8C
SHA256 / Certificate:	LvzftFpHw+kKc4AlihvYA82aq1Ry17FUG3yVMqTMv0U=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	b4fac39798afa72c2182c5a9246d30fb1feb471817de51312efac02760614a0b
SHA256 hex / Subject Public Key Information (SPKI):	b4fac39798afa72c2182c5a9246d30fb1feb471817de51312efac02760614a0b (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=safvdi.safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE

09.01.2025

09.01.2026
56 days expired

safvdi.safaricom.co.ke, www.safvdi.safaricom.co.ke - 2 entries

CN=safvdi.safaricom.co.ke, O=Safaricom PLC, L=Nairobi, C=KE

09.01.2025

09.01.2026
56 days expired

safvdi.safaricom.co.ke, www.safvdi.safaricom.co.ke - 2 entries

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0E1F30AF2FBBD0CD9D02689D996FDCDB
Thumbprint:	6A06918AEAF913DAEA754C96D46353A56A196B8C
SHA256 / Certificate:	LvzftFpHw+kKc4AlihvYA82aq1Ry17FUG3yVMqTMv0U=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	b4fac39798afa72c2182c5a9246d30fb1feb471817de51312efac02760614a0b
SHA256 hex / Subject Public Key Information (SPKI):	b4fac39798afa72c2182c5a9246d30fb1feb471817de51312efac02760614a0b (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

30.03.2021

30.03.2031
expires in 1850 days

CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

30.03.2021

30.03.2031
expires in 1850 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0CF5BD062B5602F47AB8502C23CCF066
Thumbprint:	1B511ABEAD59C6CE207077C0BF0E0043B1382612
SHA256 / Certificate:	yAJfn8Zf38lbPKjMeGe5pYe1J3lzlXkXRj/IE9C2Jak=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

30.03.2021

30.03.2031
expires in 1850 days

CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

30.03.2021

30.03.2031
expires in 1850 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0CF5BD062B5602F47AB8502C23CCF066
Thumbprint:	1B511ABEAD59C6CE207077C0BF0E0043B1382612
SHA256 / Certificate:	yAJfn8Zf38lbPKjMeGe5pYe1J3lzlXkXRj/IE9C2Jak=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

29.10.2024

09.11.2031
expires in 2074 days

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

29.10.2024

09.11.2031
expires in 2074 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0E7D75235CA83761577F4CCD24CD6D1D
Thumbprint:	B7402517EEAAC80AB04681186E8247BD7851CD0A
SHA256 / Certificate:	oNYJp+PENOh4qaHBvQZbjc8zqn7+4bEbx1zOXloEIIA=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.cn
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

01.08.2013

15.01.2038
expires in 4333 days

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

01.08.2013

15.01.2038
expires in 4333 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:	DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:	yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):	cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 2075 days

CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 2075 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	02AC5C266A0B409B8F0B79F2AE462577
Thumbprint:	5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
SHA256 / Certificate:	dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=
SHA256 hex / Cert (DANE * 0 1):	7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf
SHA256 hex / PublicKey (DANE * 1 1):	5a889647220e54d6bd8a16817224520bb5c78e58984bd570506388b9de0f075f
SHA256 hex / Subject Public Key Information (SPKI):	5a889647220e54d6bd8a16817224520bb5c78e58984bd570506388b9de0f075f
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=imperva.com

05.07.2025

01.01.2026
64 days expired

luckydrawpromo.skiza.safaricom.com, pay.m-pesaforbusiness.co.ke, smartinventory.safaricom.co.ke, county.safaricom.co.ke, partnerhub.safaricom.co.ke, report.skiza.safaricom.com, sslcertificates.safaricom.co.ke, www.iotsimmanagement.safaricombusiness.co.ke, api.county.safaricom.co.ke, faz01.ngao.safaricom.co.ke, selfcare.safaricom.co.ke, testtwaweza.safaricom.ke, decode.safaricom.co.ke, webchat.safaricom.co.ke, appstg.safaricom.co.ke, partner-onboarding-portal.safaricom.co.ke, mpesafoundation.safaricom.ke, pretups.safaricom.co.ke, api.fsprod.safaricom.co.ke, franchisesimswap-uat.safaricom.co.ke, appsandbox.safaricom.co.ke, mpesaminiapps.safaricom.co.ke, www.uat.shop.masoko.com, imperva.com - 24 entries

CN=imperva.com

05.07.2025

01.01.2026
64 days expired

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	01C60755BF8A5B838A216750312D3997
Thumbprint:	405586176015698B32113B21E279AEB7198BEB32
SHA256 / Certificate:	DaiFhdZTwKsBdSyGMwlTms5hFRkXstZ3MptctPjv9S0=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	8a7e178ad795e89c28a2f494800208aaa13369c5628b01e8e45119960e842769
SHA256 hex / Subject Public Key Information (SPKI):	8a7e178ad795e89c28a2f494800208aaa13369c5628b01e8e45119960e842769 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.globalsign.com/ca/gsatlasr3dvtlsca2025q2
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=GlobalSign Atlas R3 DV TLS CA 2025 Q2, O=GlobalSign nv-sa, C=BE

22.01.2025

22.01.2027
expires in 322 days

CN=GlobalSign Atlas R3 DV TLS CA 2025 Q2, O=GlobalSign nv-sa, C=BE

22.01.2025

22.01.2027
expires in 322 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0082B76505D0CC8AFA728C12A842B7A8EA
Thumbprint:	5AAA6B591247153E8EED0D5C0D6E2C539B8558AE
SHA256 / Certificate:	RdBFYW7o2zOvflCNRx7J6qkSObSfCgYU2Oae8LcWwWg=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	27e6a8fea887f41b1cb3361f2ef96d371dd5c7cfc553dc141a34f01643ec4a3c
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp2.globalsign.com/rootr3
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

18.03.2009

18.03.2029
expires in 1108 days

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

18.03.2009

18.03.2029
expires in 1108 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	04000000000121585308A2
Thumbprint:	D69B561148F01C77C54578C10926DF5B856976AD
SHA256 / Certificate:	y7Ui17fxJ61qAROGW98c1BAufQdZr2NafPRyDcljxTs=
SHA256 hex / Cert (DANE * 0 1):	cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA256 hex / PublicKey (DANE * 1 1):	706bb1017c855c59169bad5c1781cf597f12d2cad2f63d1a4aa37493800ffb80
SHA256 hex / Subject Public Key Information (SPKI):	706bb1017c855c59169bad5c1781cf597f12d2cad2f63d1a4aa37493800ffb80
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer				last 7 days	active	num Certs
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE				0	0	5
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE				0	0	4
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	0	2
CN=GlobalSign Atlas R3 DV TLS CA 2022 Q3, O=GlobalSign nv-sa, C=BE				0	0	2
CN=GlobalSign Atlas R3 DV TLS CA 2022 Q4, O=GlobalSign nv-sa, C=BE				0	0	1
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	0	1
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1, O=GlobalSign nv-sa, C=BE				0	0	1

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
9167865792 precert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2025-01-09 00:00:00	2026-01-08 23:59:59	safvdi.safaricom.co.ke, www.safvdi.safaricom.co.ke - 2 entries
6565321289 precert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2024-01-15 00:00:00	2025-01-14 23:59:59	safvdi.safaricom.co.ke, www.safvdi.safaricom.co.ke - 2 entries
6372671375 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-15 13:31:38	2024-06-12 13:31:38	*.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 9 entries
6354631928 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-12 13:59:01	2023-12-13 13:59:01	*.safaricom.co.ke, imperva.com - 2 entries
6277094135 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-29 13:27:59	2023-11-30 13:27:59	*.safaricom.co.ke, imperva.com - 2 entries
6234115542 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-22 13:27:00	2023-11-23 13:27:00	*.safaricom.co.ke, imperva.com - 2 entries
5414861170 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-21 13:14:59	2023-12-18 13:14:59	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
5414856402 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-21 13:13:56	2023-12-18 13:13:56	*.safaricom.co.ke, imperva.com, mjc.safaricom.co.ke, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 6 entries
5381252134 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-14 12:38:27	2023-06-15 12:38:27	*.safaricom.co.ke, imperva.com - 2 entries
5279563186 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-05-24 12:38:02	2023-05-25 12:38:02	*.safaricom.co.ke, imperva.com - 2 entries
5079461571 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-04-12 12:35:36	2023-04-13 12:35:26	*.safaricom.co.ke, imperva.com - 2 entries
4985866687 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1, O=GlobalSign nv-sa, C=BE	2023-03-23 12:35:03	2023-09-19 12:35:03	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
4697213303 precert	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2023-01-18 00:00:00	2024-01-18 23:59:59	safvdi.safaricom.co.ke - 1 entries
4582279050 precert	CN=GlobalSign Atlas R3 DV TLS CA 2022 Q4, O=GlobalSign nv-sa, C=BE	2022-12-22 11:36:42	2023-06-20 11:36:42	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
4208249099 precert	CN=GlobalSign Atlas R3 DV TLS CA 2022 Q3, O=GlobalSign nv-sa, C=BE	2022-09-22 10:41:22	2023-03-21 10:41:22	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries
4208249092 precert	CN=GlobalSign Atlas R3 DV TLS CA 2022 Q3, O=GlobalSign nv-sa, C=BE	2022-09-22 10:41:20	2023-03-21 10:41:20	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke - 10 entries

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuer				last 7 days	active	num Certs
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE				0	0	26
CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE				0	0	13
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE				0	0	5
CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE				0	0	4
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	0	2
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE				0	0	2
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US				0	0	1
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1, O=GlobalSign nv-sa, C=BE				0	0	1

CRT-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
16111942177 precert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2025-01-08 23:00:00	2026-01-08 22:59:59	safvdi.safaricom.co.ke, www.safvdi.safaricom.co.ke 2 entries
12906763009 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE	2024-04-30 12:11:51	2024-05-01 12:11:51	*.safaricom.co.ke, imperva.com 2 entries
12824663316 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE	2024-04-23 12:10:56	2024-04-24 12:10:56	*.safaricom.co.ke, imperva.com 2 entries
12744051340 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE	2024-04-16 12:09:58	2024-04-17 12:09:58	*.safaricom.co.ke, imperva.com 2 entries
12668754587 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE	2024-04-09 12:09:34	2024-04-10 12:09:34	*.safaricom.co.ke, imperva.com 2 entries
12577661353 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-04-02 12:08:50	2024-04-03 12:08:50	*.safaricom.co.ke, imperva.com 2 entries
12524467465 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-03-26 13:08:22	2024-03-27 13:08:22	*.safaricom.co.ke, imperva.com 2 entries
12436131695 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-03-19 13:08:11	2024-03-20 13:08:11	*.safaricom.co.ke, imperva.com 2 entries
12358008690 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-03-12 13:07:17	2024-03-13 13:07:17	*.safaricom.co.ke, imperva.com 2 entries
12282964958 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-03-05 13:06:25	2024-03-06 13:06:25	*.safaricom.co.ke, imperva.com 2 entries
12208771555 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-02-27 13:05:48	2024-02-28 13:05:48	*.safaricom.co.ke, imperva.com 2 entries
12137039637 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-02-20 13:05:27	2024-02-21 13:05:27	*.safaricom.co.ke, imperva.com 2 entries
12065332717 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-02-13 13:04:29	2024-02-14 13:04:29	*.safaricom.co.ke, imperva.com 2 entries
11996009608 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-02-06 13:03:32	2024-02-07 13:03:32	*.safaricom.co.ke, imperva.com 2 entries
11917863873 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-01-30 13:02:56	2024-01-31 13:02:56	*.safaricom.co.ke, imperva.com 2 entries
11842946522 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-01-23 13:02:08	2024-01-24 13:02:08	*.safaricom.co.ke, imperva.com 2 entries
11765692746 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-01-16 13:01:59	2024-01-17 13:01:59	*.safaricom.co.ke, imperva.com 2 entries
16123686083 leaf cert	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2024-01-14 23:00:00	2025-01-14 22:59:59	safvdi.safaricom.co.ke, www.safvdi.safaricom.co.ke 2 entries
11689931271 precert	CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1, O=GlobalSign nv-sa, C=BE	2024-01-09 13:00:59	2024-01-10 13:00:59	*.safaricom.co.ke, imperva.com 2 entries
11601060153 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2024-01-02 13:00:45	2024-01-03 13:00:37	*.safaricom.co.ke, imperva.com 2 entries
11449813947 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-27 12:30:05	2023-12-28 12:30:05	*.safaricom.co.ke, imperva.com 2 entries
11446767979 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-26 13:00:03	2023-12-27 13:00:03	*.safaricom.co.ke, imperva.com 2 entries
11428420468 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-20 12:30:03	2023-12-21 12:30:03	*.safaricom.co.ke, imperva.com 2 entries
11425472743 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-19 12:59:04	2023-12-20 12:59:04	*.safaricom.co.ke, imperva.com 2 entries
11416579096 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-15 12:31:38	2024-06-12 11:31:38	*.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke 9 entries
11403389861 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-13 12:29:08	2023-12-14 12:29:08	*.safaricom.co.ke, imperva.com 2 entries
11386364971 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-12 12:59:01	2023-12-13 12:59:01	*.safaricom.co.ke, imperva.com 2 entries
11334123366 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-06 12:29:00	2023-12-07 12:29:00	*.safaricom.co.ke, imperva.com 2 entries
11324193290 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-12-05 12:58:59	2023-12-06 12:58:59	*.safaricom.co.ke, imperva.com 2 entries
11260368393 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-29 12:27:59	2023-11-30 12:27:59	*.safaricom.co.ke, imperva.com 2 entries
11249519344 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-28 12:58:00	2023-11-29 12:58:00	*.safaricom.co.ke, imperva.com 2 entries
11184561849 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-22 12:27:00	2023-11-23 12:27:00	*.safaricom.co.ke, imperva.com 2 entries
11165508113 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-21 12:57:01	2023-11-22 12:57:01	*.safaricom.co.ke, imperva.com 2 entries
11107606502 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-15 12:26:14	2023-11-16 12:26:14	*.safaricom.co.ke, imperva.com 2 entries
11095162839 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-14 12:56:12	2023-11-15 12:56:12	*.safaricom.co.ke, imperva.com 2 entries
11036279101 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-08 12:25:19	2023-11-09 12:25:19	*.safaricom.co.ke, imperva.com 2 entries
11026099858 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-07 12:55:28	2023-11-08 12:55:22	*.safaricom.co.ke, imperva.com 2 entries
10966859477 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-11-01 12:25:04	2023-11-02 12:25:04	*.safaricom.co.ke, imperva.com 2 entries
10956223248 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-31 12:55:04	2023-11-01 12:55:04	*.safaricom.co.ke, imperva.com 2 entries
10893140931 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-25 11:24:05	2023-10-26 11:24:05	*.safaricom.co.ke, imperva.com 2 entries
10882880496 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-24 11:54:05	2023-10-25 11:54:05	*.safaricom.co.ke, imperva.com 2 entries
10822302439 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-18 11:23:40	2023-10-19 11:23:40	*.safaricom.co.ke, imperva.com 2 entries
10812356272 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-17 11:53:40	2023-10-18 11:53:40	*.safaricom.co.ke, imperva.com 2 entries
10754278918 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-11 11:22:45	2023-10-12 11:22:45	*.safaricom.co.ke, imperva.com 2 entries
10753626956 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4, O=GlobalSign nv-sa, C=BE	2023-10-10 11:52:41	2023-10-11 11:52:41	*.safaricom.co.ke, imperva.com 2 entries
10748126655 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-10-04 11:22:09	2023-10-05 11:22:09	*.safaricom.co.ke, imperva.com 2 entries
10747289662 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-10-03 11:52:06	2023-10-04 11:52:06	*.safaricom.co.ke, imperva.com 2 entries
10704014327 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-09-27 11:22:06	2023-09-28 11:22:06	*.safaricom.co.ke, imperva.com 2 entries
10696224561 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-09-26 11:51:07	2023-09-27 11:51:07	*.safaricom.co.ke, imperva.com 2 entries
10635050301 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q3, O=GlobalSign nv-sa, C=BE	2023-09-20 11:21:24	2023-09-21 11:21:24	*.safaricom.co.ke, imperva.com 2 entries
10800889669 leaf cert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-21 11:14:59	2023-12-18 12:14:59	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke 10 entries
9709544566 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE	2023-06-21 11:13:56	2023-12-18 12:13:56	*.safaricom.co.ke, imperva.com, mjc.safaricom.co.ke, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke 6 entries
8969341088 precert	CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1, O=GlobalSign nv-sa, C=BE	2023-03-23 11:35:03	2023-09-19 10:35:03	.safaricom.co.ke, .sonarqubeuat2.safaricom.co.ke, fixedacstest.safaricom.co.ke, imperva.com, jfrog-uat.safaricom.co.ke, mjc.safaricom.co.ke, portal.tracetogetherke.com, safaricom.co.ke, shubtest.safaricom.co.ke, testsparesmanager.safaricom.co.ke 10 entries
8436114916 precert	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	2023-01-17 23:00:00	2024-01-18 22:59:59	safvdi.safaricom.co.ke 1 entries

11. Html-Content - Entries

Summary

							Subresource Integrity (SRI)
Domainname	HtmlElement	rel/property	∑	∑ size	∑ problems	∑ int.	∑ ext.	∑ Origin poss.	∑ SRI ParseErrors	∑ SRI valid	∑ SRI missing
https://safvdi.safaricom.co.ke/ 45.223.20.17	a		7	447 Bytes	4	3	4	0	0	0
	img		3		3	3	0	0	0	0
	link	stylesheet	1		1	1	0	0	0	0
	link	other	1		1	1	0	0	0	0
	meta	apple	2		0			0	0	0
	meta	other	4		0			0	0	0
	script		2	20,584 Bytes	2	2	0	0	0	0

Details (currently limited to 500 rows - some problems with spam users)

Domainname	Html-Element	name/equiv/ property/rel	href/src/content	HttpStatus	∑	Status
https://safvdi.safaricom.co.ke/ 45.223.20.17	a		/portal/nativeclient		404	Not Found	1	missing file
				X-Content-Type-Options nosniff found				missing file
				0 Bytes

	a		/portal/webclient/index.html		404	Not Found	2	missing file
				X-Content-Type-Options nosniff found				missing file
				0 Bytes

	a		https://www.vmware.com/go/viewclients		301	https://customerconnect.omnissa.com/downloads/info/slug/desktop_end_user_computing/vmware_horizon_clients/horizon_8	1	ok
				text/plain; charset=utf-8 X-Content-Type-Options nosniff found				ok
				149 Bytes

	a		https://www.vmware.com/go/viewclients#win64		301	https://customerconnect.omnissa.com/downloads/info/slug/desktop_end_user_computing/vmware_horizon_clients/horizon_8	2	ok
				text/plain; charset=utf-8 X-Content-Type-Options nosniff found				ok
				149 Bytes

	a		https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html		404	Not Found	1	missing file
				text/html; charset=utf-8 X-Content-Type-Options nosniff found				missing file
				0 Bytes

	img	src	/portal/webclient/icons-23501559/icon_download.svg		404	Not Found	1	missing file
	alt: Install VMware Horizon Client			X-Content-Type-Options nosniff found				missing file
				0 Bytes

	img	src	/portal/webclient/icons-23501559/icon_html_access.svg		404	Not Found	1	missing file
	no alt-Attribute			X-Content-Type-Options nosniff found				missing file
				0 Bytes

	img	src	/portal/webclient/icons-23501559/logo.png		404	Not Found	1	missing file
	alt: VMware Horizon			X-Content-Type-Options nosniff found				missing file
				0 Bytes

	link	shortcut icon	/portal/favicon.ico?v=23501559		404	Not Found	1	missing file
				X-Content-Type-Options nosniff found				missing file
				0 Bytes

	link	stylesheet	/portal/webclient/style.css?v=23501559		404	Not Found	1	missing file
				X-Content-Type-Options nosniff found				missing file
				0 Bytes
	local SRI possible, possible hash-values: sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= sha384-OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg== <link rel="stylesheet" href="/portal/webclient/style.css?v=23501559" crossorigin="anonymous" integrity="sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" />

	meta	charset	utf-8				1	ok
								ok


	meta	X-UA-Compatible	IE=edge				1	ok
								ok


	meta	apple-mobile-web-app-capable	yes				1	ok
								ok


	meta	apple-mobile-web-app-status-bar-style	white				1	ok
								ok


	meta	author	VMware, Inc.				1	ok
								ok


	meta	viewport	initial-scale=1.0, minimum-scale=1.0, maximum-scale=2.0, user-scalable=yes				1	ok
								ok


	script	src	/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1824478756		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/javascript missing X-Content-Type-Options nosniff		This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.		Problems with Content-Type - Header - see details
	Cache-Control: no-store, no-cache - max-age missing.			Compression (gzip): 20584/86059 Bytes
	local SRI possible, possible hash-values: sha256-JJhDyODkCOoMGn7B3R+PROojFjAPMGEyYnwzVpoioDs= sha384-s4057ic5hAIwMyr8nAmImDF9Gnq/pdC1hJJS2wDfMgLajVumulNwcq1ZjuF7SX+G sha512-hyJp6zuLPIqGw2Tbg8W0EGTJlGEu8xl2zkWGcSuV/+JkeScd90GsK6zmfmqt2MrszEBr6lJKbgUrH5Cef5h37Q== <script src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1824478756" crossorigin="anonymous" integrity="sha256-JJhDyODkCOoMGn7B3R+PROojFjAPMGEyYnwzVpoioDs=" />

	script	src	/portal/resources/main.js?v=23501559		404	Not Found	1	missing file
	Missing defer / async attribute.			X-Content-Type-Options nosniff found				missing file
				0 Bytes
	local SRI possible, possible hash-values: sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= sha384-OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg== <script src="/portal/resources/main.js?v=23501559" crossorigin="anonymous" integrity="sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" />

12. Html-Parsing via https://validator.w3.org/nu/

	Type	Message	num found
Url used (first standard-https-result with http status 200): https://safvdi.safaricom.co.ke/

Summary
	Good: No non-document-errors
	9 errors
	2 warnings
1.	error	Element `p` not allowed as child of element `label` in this context. (Suppressing further errors from this subtree.)	3
2.	error	Bad value `en_US` for attribute `lang` on element `html`: The language subtag `en_us` is not a valid language subtag.	1
3.	error	Bad value `select TextInfo` for attribute `id` on element `div`: An ID must not contain whitespace.	1
4.	error	An `img` element must have an `alt` attribute, except under certain conditions. For details, consult guidance on providing text alternatives for images.	1
5.	error	Attribute `aria-checked` not allowed on element `label` at this point.	1
6.	error	Attribute `role` not allowed on element `label` at this point.	1
7.	error	Duplicate attribute `class`.	1
8.	warning	The `type` attribute is unnecessary for JavaScript resources.	2
Details
	Type	Message + Sample
1	error	Bad value `en_US` for attribute `lang` on element `html`: The language subtag `en_us` is not a valid language subtag.
		From line 5, column 16 to line 6, column 19
		TYPE html> <html lang="en_US"> <head
2	error	Bad value `select TextInfo` for attribute `id` on element `div`: An ID must not contain whitespace.
		From line 54, column 28 to line 54, column 53
		<div id="select TextInfo">Chrome
3	error	Element `p` not allowed as child of element `label` in this context. (Suppressing further errors from this subtree.)
		From line 67, column 28 to line 67, column 30
		<p>Check
4	error	An `img` element must have an `alt` attribute, except under certain conditions. For details, consult guidance on providing text alternatives for images.
		From line 76, column 31 to line 76, column 126
		<img class="portal-web-client-icon" src="/portal/webclient/icons-23501559/icon_html_access.svg">
5	error	Attribute `role` not allowed on element `label` at this point.
		From line 80, column 22 to line 80, column 170
		<label class="skipPortal" id="skipPortalPage" tabindex="2" role="radiogroup" aria-checked="false" onkeypress="skipPageControl.handleCheckbox(event)">
6	error	Attribute `aria-checked` not allowed on element `label` at this point.
		From line 80, column 22 to line 80, column 170
		<label class="skipPortal" id="skipPortalPage" tabindex="2" role="radiogroup" aria-checked="false" onkeypress="skipPageControl.handleCheckbox(event)">
7	error	Element `p` not allowed as child of element `label` in this context. (Suppressing further errors from this subtree.)
		From line 82, column 25 to line 82, column 27
		<p>Check
8	error	Duplicate attribute `class`.
		From line 85, column 142 to line 85, column 142
		L Access" class="portal-block"
9	error	Element `p` not allowed as child of element `label` in this context. (Suppressing further errors from this subtree.)
		From line 90, column 28 to line 90, column 30
		<p>Check
10	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 20, column 4 to line 21, column 61
		1559"> <script type="text/javascript" src="/portal/resources/main.js?v=23501559" async></scri
11	warning	The `type` attribute is unnecessary for JavaScript resources.
		From line 108, column 1 to line 108, column 125
		v> </div> <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1824478756" async></scri

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns1.safaricombusiness.co.ke, ns2.safaricombusiness.co.ke, ns3.safaricombusiness.co.ke, ns4.safaricombusiness.co.ke

QNr.	Domain	Type	NS used
1	ke	NS	e.root-servers.net (2001:500:a8::e)
	Answer: kenic.anycastdns.cz, mzizi.kenic.or.ke, ns-ke.afrinic.net, ns.anycast.kenic.or.ke
2	ns1.safaricombusiness.co.ke	NS	mzizi.kenic.or.ke (2001:43f8:10:0:50c0:a8ff:feee:30)
	Answer: dns1.safaricombusiness.co.ke, dns2.safaricombusiness.co.ke
	Answer: dns2.safaricombusiness.co.ke 41.203.208.18
	Answer: dns1.safaricombusiness.co.ke 41.203.208.19
3	ns2.safaricombusiness.co.ke	NS	mzizi.kenic.or.ke (2001:43f8:10:0:50c0:a8ff:feee:30)
	Answer: dns1.safaricombusiness.co.ke, dns2.safaricombusiness.co.ke
	Answer: dns2.safaricombusiness.co.ke 41.203.208.18
	Answer: dns1.safaricombusiness.co.ke 41.203.208.19
4	ns3.safaricombusiness.co.ke	NS	mzizi.kenic.or.ke (2001:43f8:10:0:50c0:a8ff:feee:30)
	Answer: dns1.safaricombusiness.co.ke, dns2.safaricombusiness.co.ke
	Answer: dns2.safaricombusiness.co.ke 41.203.208.18
	Answer: dns1.safaricombusiness.co.ke 41.203.208.19
5	ns4.safaricombusiness.co.ke	NS	mzizi.kenic.or.ke (2001:43f8:10:0:50c0:a8ff:feee:30)
	Answer: dns1.safaricombusiness.co.ke, dns2.safaricombusiness.co.ke
	Answer: dns2.safaricombusiness.co.ke 41.203.208.18
	Answer: dns1.safaricombusiness.co.ke 41.203.208.19

14. CAA - Entries

Domainname	flag	Value	∑ Queries	∑ Timeout
rhlddrn.impervadns.net	0	no CAA entry found	1	0
safvdi.safaricom.co.ke			1	0
safaricom.co.ke	0	no CAA entry found	2	1
impervadns.net	0	no CAA entry found	1	0
co.ke	0	no CAA entry found	1	0
net	0	no CAA entry found	1	0
ke	0	no CAA entry found	1	0

15. TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
safaricom.co.ke	_4vwdjogq3dr5m452tembig9zp86vwac	ok	1
safaricom.co.ke	_lstbby4prmdq2l3lab3ztehby46iiyl	ok	1
safaricom.co.ke	406jgscvwfj60pg6xs8gpms93nv0hbww	ok	1
safaricom.co.ke	4pwyB7Z7wcm9LBam+I2zBe2tLdPOVOWjSmKpDDLflw7ijM659bNAW6V3b9NGqCw9ReWKFZyI1xwTY6GaGGJz9A==	ok	1
safaricom.co.ke	adobe-idp-site-verification=1e2cf03c83512cbcc6f8d5f9e234ade075429b8dde0833dfabc08795a4360748	ok	1
safaricom.co.ke	atlassian-domain-verification=mQ9tPbLWVp16NM0KF9o/AHU10eswUP40Q3Pcf4lj8qbV+ycAUhAhwhd9ochsxCIs	ok	1
safaricom.co.ke	Dynatrace-site-verification=f1b1478d-a9e3-4063-a177-a08f871880ac__b0u5dli8qp2ns0274d6lavqv7r	ok	1
safaricom.co.ke	fc8fg9mmm6nhq81cs1tj6k9b5mdqpwfx	ok	1
safaricom.co.ke	globalsign-domain-verification=50A8E5BBDF03013E0E828A35928F75C3	ok	1
safaricom.co.ke	globalsign-domain-verification=91fd2706a5a43e3156539245103ed5e4	ok	1
safaricom.co.ke	globalsign-domain-verification=D0D5184A4795BB3CAA09010B37870005	ok	1
safaricom.co.ke	google-site-verification=8scBiLOEM5FPCif_sfx-Tr6l0u6ZpAiVYwVyyaVgPVU	ok	1
safaricom.co.ke	google-site-verification=geHwpYlN8FtZVZG8iUX5XR6KxCMPU_vTbyAeSFLLW6I	ok	1
safaricom.co.ke	google-site-verification=Yn4huK5DUvUI41M1WU_m4s0DxsS8f59nsMgL7h9J3UA	ok	1
safaricom.co.ke	l5d89dnNStJ-nZ4NVBHWq_ptxTSRBOdE	ok	1
safaricom.co.ke	MS=187F0BDED01A14D6B3F038A6AC2DB70ADA7F3AFB	ok	1
safaricom.co.ke	MS=ms37349206	ok	1
safaricom.co.ke	MS=ms44787256	ok	1
safaricom.co.ke	pexip-portal-domain-verification=817bb451-b7d7-499a-9f89-ba86b289ef4f	ok	1
safaricom.co.ke	QNiry4vxaPmkCFbjUl9ItMzB/VDuL1bhmETieIlJvsVt0ezpbld339xPk3LvSJaGRg6PlEyQs77ZTdF3D4WxAQ==	ok	1
safaricom.co.ke	sxx02jpnd6jlnmvbwlbbgl8d1thdsb4y	ok	1
safaricom.co.ke	v=spf1 exists:%{i}.spf.hc502-0.eu.iphmx.com ip4:196.201.213.56 ip4:196.201.213.93 ip4:196.201.213.118 ip4:196.201.213.42 ip4:196.201.213.106 ip4:196.201.213.172 ip4:196.201.213.221 ip4:196.201.213.222 ip4:41.90.221.27/29 ~a ll	ok	1
safvdi.safaricom.co.ke			1
_acme-challenge.rhlddrn.impervadns.net		Name Error - The domain name does not exist	1
_acme-challenge.safvdi.safaricom.co.ke		Name Error - The domain name does not exist	1
_acme-challenge.safvdi.safaricom.co.ke.safaricom.co.ke		Name Error - The domain name does not exist	1
_acme-challenge.safvdi.safaricom.co.ke.safvdi.safaricom.co.ke		Name Error - The domain name does not exist	1
_acme-challenge.rhlddrn.impervadns.net.rhlddrn.impervadns.net		Name Error - The domain name does not exist	1

16. DomainService - Entries

Type		Domain	Pref	Value	DNS-error	num Answers	Status	Description
SPF	TXT	safvdi.safaricom.co.ke					32768	TXT expected, but CNAME found. CNAME not allowed, only TXT queries are allowed. See RFC 7208, 4.4.

17. Cipher Suites

Summary
Domain	IP	Port	num Ciphers	time	Std.Protocol	Forward Secrecy
safvdi.safaricom.co.ke	45.223.20.17	443	13 Ciphers	58.54 sec		6 without, 7 FS	53.85 %
safvdi.safaricom.co.ke	45.223.20.17	8443	13 Ciphers	57.89 sec	Plesk Administration (https)	6 without, 7 FS	53.85 %
Complete		2	26 Ciphers 13.00 Ciphers/Check	116.43 sec	58.22 sec/Check	12 without, 14 FS	53.85 %

Details
Domain	IP	Port	Cipher (OpenSsl / IANA)
safvdi.safaricom.co.ke	45.223.20.17	443	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 58.54 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
		8443	ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
13 Ciphers, 57.89 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1

18. Portchecks

Domain	IP	Port	Description	Result	Answer
safvdi.safaricom.co.ke	45.223.20.17	21	FTP	open

safvdi.safaricom.co.ke	45.223.20.17	21	FTP	open
safvdi.safaricom.co.ke	45.223.20.17	22	SSH

safvdi.safaricom.co.ke	45.223.20.17	22	SSH
safvdi.safaricom.co.ke	45.223.20.17	25	SMTP	open

safvdi.safaricom.co.ke	45.223.20.17	25	SMTP	open
safvdi.safaricom.co.ke	45.223.20.17	53	DNS	open

safvdi.safaricom.co.ke	45.223.20.17	53	DNS	open
safvdi.safaricom.co.ke	45.223.20.17	110	POP3	open

safvdi.safaricom.co.ke	45.223.20.17	110	POP3	open		This port ist unencrypted and deprecated. Don't use it.
safvdi.safaricom.co.ke	45.223.20.17	143	IMAP	open

safvdi.safaricom.co.ke	45.223.20.17	143	IMAP	open		This port ist unencrypted and deprecated. Don't use it.
safvdi.safaricom.co.ke	45.223.20.17	465	SMTP (encrypted)	open
		Mail certificate is valid
safvdi.safaricom.co.ke	45.223.20.17	465	SMTP (encrypted)	open		Mail certificate is valid
safvdi.safaricom.co.ke	45.223.20.17	587	SMTP (encrypted, submission)	open

safvdi.safaricom.co.ke	45.223.20.17	587	SMTP (encrypted, submission)	open
safvdi.safaricom.co.ke	45.223.20.17	993	IMAP (encrypted)	open
		Mail certificate is valid
safvdi.safaricom.co.ke	45.223.20.17	993	IMAP (encrypted)	open		Mail certificate is valid
safvdi.safaricom.co.ke	45.223.20.17	995	POP3 (encrypted)	open
		Mail certificate is valid
safvdi.safaricom.co.ke	45.223.20.17	995	POP3 (encrypted)	open		Mail certificate is valid
safvdi.safaricom.co.ke	45.223.20.17	1433	MS SQL	open

safvdi.safaricom.co.ke	45.223.20.17	1433	MS SQL	open
safvdi.safaricom.co.ke	45.223.20.17	2082	cPanel (http)	open
http://45.223.20.17:2082/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2082	cPanel (http)	open	http://45.223.20.17:2082/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2083	cPanel (https)	open
https://45.223.20.17:2083/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2083	cPanel (https)	open	https://45.223.20.17:2083/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2086	WHM (http)	open
http://45.223.20.17:2086/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2086	WHM (http)	open	http://45.223.20.17:2086/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2087	WHM (https)	open
https://45.223.20.17:2087/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2087	WHM (https)	open	https://45.223.20.17:2087/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2089	cPanel Licensing	open

safvdi.safaricom.co.ke	45.223.20.17	2089	cPanel Licensing	open
safvdi.safaricom.co.ke	45.223.20.17	2095	cPanel Webmail (http)	open
http://45.223.20.17:2095/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2095	cPanel Webmail (http)	open	http://45.223.20.17:2095/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2096	cPanel Webmail (https)	open
https://45.223.20.17:2096/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2096	cPanel Webmail (https)	open	https://45.223.20.17:2096/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2222	DirectAdmin (http)	open
http://45.223.20.17:2222/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2222	DirectAdmin (http)	open	http://45.223.20.17:2222/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2222	DirectAdmin (https)	open
https://45.223.20.17:2222/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	2222	DirectAdmin (https)	open	https://45.223.20.17:2222/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	3306	mySql	open

safvdi.safaricom.co.ke	45.223.20.17	3306	mySql	open
safvdi.safaricom.co.ke	45.223.20.17	5224	Plesk Licensing	open

safvdi.safaricom.co.ke	45.223.20.17	5224	Plesk Licensing	open
safvdi.safaricom.co.ke	45.223.20.17	5432	PostgreSQL

safvdi.safaricom.co.ke	45.223.20.17	5432	PostgreSQL
safvdi.safaricom.co.ke	45.223.20.17	8080	Ookla Speedtest (http)	open
http://45.223.20.17:8080/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8080	Ookla Speedtest (http)	open	http://45.223.20.17:8080/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8080	Ookla Speedtest (https)	open
https://45.223.20.17:8080/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8080	Ookla Speedtest (https)	open	https://45.223.20.17:8080/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8083	VestaCP http	open
http://45.223.20.17:8083/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8083	VestaCP http	open	http://45.223.20.17:8083/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8083	VestaCP https	open
https://45.223.20.17:8083/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8083	VestaCP https	open	https://45.223.20.17:8083/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8443	Plesk Administration (https)	open
https://45.223.20.17:8443/ Http-Status: 404 Not Found		Certificate is valid
safvdi.safaricom.co.ke	45.223.20.17	8443	Plesk Administration (https)	open	https://45.223.20.17:8443/ Http-Status: 404 Not Found	Certificate is valid
safvdi.safaricom.co.ke	45.223.20.17	8447	Plesk Installer + Updates	open

safvdi.safaricom.co.ke	45.223.20.17	8447	Plesk Installer + Updates	open
safvdi.safaricom.co.ke	45.223.20.17	8880	Plesk Administration (http)	open
http://45.223.20.17:8880/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	8880	Plesk Administration (http)	open	http://45.223.20.17:8880/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	10000	Webmin (http)	open
http://45.223.20.17:10000/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	10000	Webmin (http)	open	http://45.223.20.17:10000/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	10000	Webmin (https)	open
https://45.223.20.17:10000/ Http-Status: -14 Timeout - The operation has timed out.
safvdi.safaricom.co.ke	45.223.20.17	10000	Webmin (https)	open	https://45.223.20.17:10000/ Http-Status: -14 Timeout - The operation has timed out.

Permalink: https://check-your-website.server-daten.de/?i=e62e6c77-3947-4962-861d-034b052a203f

Last Result: https://check-your-website.server-daten.de/?q=safvdi.safaricom.co.ke - 2025-08-01 09:37:09

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=safvdi.safaricom.co.ke" target="_blank">Check this Site: safvdi.safaricom.co.ke</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page - https://check-your-website.server-daten.de/?d=safvdi.safaricom.co.ke

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

Mobile- and other Chrome-Checks

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. Header-Checks

3. DNS- and NameServer - Checks

4. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

11. Html-Content - Entries

Summary

Details (currently limited to 500 rows - some problems with spam users)

12. Html-Parsing via https://validator.w3.org/nu/

Summary

Details

13. Nameserver - IP-Adresses

14. CAA - Entries

15. TXT - Entries

16. DomainService - Entries

17. Cipher Suites

18. Portchecks