Shortcuts: 1. Basic DNS | 2. Url-Checks | 3. Comments | 4. Connections | 5. Certificates | 6. CT-Logs | 7. Html-Content | 8. CAA | 9. TXT |


B

Missing HSTS or Cookie-warnings

Checked:
18.05.2019 04:49:11


Older results

1. Basic DNS and Nameserver Checks

HostTIP-Addressis auth.∑ Queries∑ Timeout
separs.ampr.org
A
44.135.179.28
yes
1
0

AAAA

yes


www.separs.ampr.org

Name Error
yes
1
0


Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2019, 00:00:00, Signature-Inception: 11.05.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
org
2 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 30.05.2019, 17:00:00, Signature-Inception: 17.05.2019, 16:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

4 DNSKEY RR found

Public Key with Algorithm 7, KeyTag 9795, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 7, KeyTag 16454, Flags 256

Public Key with Algorithm 7, KeyTag 17883, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 7, KeyTag 50465, Flags 256

3 RRSIG RR to validate DNSKEY RR found

Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 07.06.2019, 15:27:55, Signature-Inception: 17.05.2019, 14:27:55, KeyTag 9795, Signer-Name: org

Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 07.06.2019, 15:27:55, Signature-Inception: 17.05.2019, 14:27:55, KeyTag 16454, Signer-Name: org

Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 07.06.2019, 15:27:55, Signature-Inception: 17.05.2019, 14:27:55, KeyTag 17883, Signer-Name: org

Status: Good - Algorithmus 7 and DNSKEY with KeyTag 9795 used to validate the DNSKEY RRSet

Status: Good - Algorithmus 7 and DNSKEY with KeyTag 16454 used to validate the DNSKEY RRSet

Status: Good - Algorithmus 7 and DNSKEY with KeyTag 17883 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 9795, DigestType 1 and Digest "Nk36s9ryVMq0d7VnWxB2bdqiSYI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 9795, DigestType 2 and Digest "OSKzG286TqkrGet7UhIPAx/Y4F/wsDuvz5+JG/5/+OU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
ampr.org
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


separs.ampr.org
0 DS RR in the parent zone found

0 DNSKEY RR found


www.separs.ampr.org
0 DS RR in the parent zone found


DomainNameserverNS-IP
www.separs.ampr.org
  ampr.org

separs.ampr.org
  ampr.org
44.0.0.1
ampr.org
  a.coreservers.uk


  ampr.org


  ampr-dns.in-berlin.de


  munnari.oz.au


  ns2.threshinc.com

org
  a0.org.afilias-nst.info / ns000b.app27.mia2.afilias-nst.info


  a2.org.afilias-nst.info / 1.fra.pch


  b0.org.afilias-nst.org / ns000b.app11.ams2.afilias-nst.info


  b2.org.afilias-nst.org / 4.fra.pch


  c0.org.afilias-nst.info / ns000b.app25.ams2.afilias-nst.info


  d0.org.afilias-nst.org / app13.iad1.hosts.meta.redstone.afilias-nst.info-2



SOA - records (beta)

Domain:org
Primary:a0.org.afilias-nst.info
Mail:noc.afilias-nst.info
Serial:2013473748
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:6


Domain:ampr.org
Primary:ampr.org
Mail:hostmaster.ampr.org
Serial:1905171800
Refresh:3600
Retry:900
Expire:1209600
TTL:3600
num Entries:5


Domain:separs.ampr.org
Primary:ampr.org
Mail:hostmaster.ampr.org
Serial:1905171800
Refresh:3600
Retry:900
Expire:1209600
TTL:3600
num Entries:1


2. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://separs.ampr.org/
44.135.179.28
301
https://separs.ampr.org/
0.446
A
Server: nginx
Date: Sat, 18 May 2019 02:51:26 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 232
Connection: close
Location: https://separs.ampr.org/

• https://separs.ampr.org/
44.135.179.28
200

2.903
B
Server: nginx
Date: Sat, 18 May 2019 02:51:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: private, must-revalidate
X-Frame-Options: SAMEORIGIN
pragma: no-cache
expires: -1
Vary: Accept-Encoding

• http://separs.ampr.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
44.135.179.28
200

0.457

Visible Content: check-your-website-dot-server-daten-dot-de.LkXp21kPkRmRsX02Y7aoc7sviV8b7onXs0W7geRyON8
Server: nginx
Date: Sat, 18 May 2019 02:51:29 GMT
Content-Type: text/plain
Content-Length: 86
Connection: close

3. Comments

Aname "separs.ampr.org" is subdomain, public suffix is "org", top-level-domain-type is "generic", tld-manager is "Public Interest Registry (PIR)"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Agood: destination is https
Agood: one preferred version: non-www is preferred
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):1 complete Content-Type - header (2 urls)
http://separs.ampr.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 44.135.179.28


Url with incomplete Content-Type - header - missing charset
Ahttp://separs.ampr.org/ 44.135.179.28
301
https://separs.ampr.org/
correct redirect http - https with the same domain name
Bhttps://separs.ampr.org/ 44.135.179.28
200

Missing HSTS-Header
AGood: Nameserver supports TCP connections: 1 good Nameserver
AGood: Nameserver supports Echo Capitalization: 1 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 1 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 1 good Nameserver
Nameserver doesn't pass all EDNS-Checks: ampr.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
http://separs.ampr.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 44.135.179.28
200

Warning: Not existing ACME-file, but Server sends 200, not 404 or redirect
ADuration: 153223 milliseconds, 153.223 seconds


4. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
separs.ampr.org
44.135.179.28
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Chain (complete)
1CN=separs.ampr.org

2CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US


5. Certificates

1.
1.
CN=separs.ampr.org
11.05.2019
09.08.2019
expires in 75 days
separs.ampr.org - 1 entry

KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:04166FD01D5561651F89D36E3852549C7EA0
Thumbprint:5A791C5899A63510C2D8C1299DA80EB4694CD5E8
SHA256 / Certificate:Cx3DiuaD3xSFDF+jKFCgZQj336ul9GBMIOuNh8Q/krI=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):53e30a25170b83e3de94d8b13127ae54a93fb1b53ea07e0a50e6f1082de038b1
OCSP - Url:http://ocsp.int-x3.letsencrypt.org
OCSP - must staple:no
Certificate Transparency:yes


2.
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
17.03.2016
17.03.2021
expires in 661 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0A0141420000015385736A0B85ECA708
Thumbprint:E6A3B45B062D509B3382282D196EFE97D5956CCB
SHA256 / Certificate:JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=
SHA256 hex / Cert (DANE * 0 1):25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
SHA256 hex / PublicKey (DANE * 1 1):60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
OCSP - Url:http://isrg.trustid.ocsp.identrust.com
OCSP - must staple:no
Certificate Transparency:no


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000
30.09.2021
expires in 858 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:44AFB080D6A327BA893039862EF8406B
Thumbprint:DAC9024F54D8F6DF94935FB1732638CA6AD77C13
SHA256 / Certificate:BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk=
SHA256 hex / Cert (DANE * 0 1):0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
SHA256 hex / PublicKey (DANE * 1 1):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no



6. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
3
3

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
906309272
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-05-11 19:14:45
2019-08-09 19:14:45
separs.ampr.org
1 entries


836485147
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 16:32:02
2019-06-27 16:32:02
separs.ampr.org
1 entries


836454030
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 15:56:20
2019-06-27 15:56:20
separs.ampr.org
1 entries



2. Source crt.sh - old and new certificates, sometimes very slow.

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
3
3

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1482666848
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-05-11 17:14:45
2019-08-09 17:14:45
separs.ampr.org
1 entries


1349974949
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 15:32:02
2019-06-27 14:32:02
separs.ampr.org
1 entries


1349952102
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 14:56:20
2019-06-27 13:56:20
separs.ampr.org
1 entries



7. Html-Content - Entries (BETA - mixed content and other checks)

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://separs.ampr.org/
44.135.179.28
a

25

0







img

4
1,980,176 Bytes
0
4
0





link
stylesheet
8
178,429 Bytes
0
8
0





link
other
1

0







meta
other
5

0







script

4
137,624 Bytes
0
4
0




Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://separs.ampr.org/
44.135.179.28
a

/


1
ok



a

http://separ.comm.sfu.ca/doc/SEPAR%20Brochure%2007.pdf


1
ok



a

http://separ.comm.sfu.ca/doc/separ%20faq.pdf


1
ok



a

http://separ.comm.sfu.ca/publicevent.html


1
ok



a

http://separ.comm.sfu.ca/ve7sar.net


1
ok



a

http://separ.shutterfly.com/


1
ok



a

http://twitter.com/#ve7hme


1
ok



a

https://separ.shutterfly.com/calendar


1
ok



a

https://separs.ampr.org/blog


1
ok



a

https://separs.ampr.org/blog/bbs_is_back


1
ok



a

https://separs.ampr.org/contact


2
ok



a

https://separs.ampr.org/home/membership_login


1
ok



a

https://separs.ampr.org/login


1
ok



a

https://separs.ampr.org/operations


1
ok



a

https://separs.ampr.org/operations/calendar


2
ok



a

https://separs.ampr.org/operations/frequency-list


1
ok



a

https://separs.ampr.org/operations/other-nets


1
ok



a

https://separs.ampr.org/operations/weekly-net


1
ok



a

https://separs.ampr.org/portfolio


1
ok



a

https://separs.ampr.org/read-more


2
ok



a

https://separs.ampr.org/services


1
ok



a

https://www.youtube.com/channel/UCNeaXPVuEge1-wWPE2S1xsQ


1
ok



img
src
/application/files/1515/5416/6679/separslider2.png
200
564673 Bytes

1
ok



img
src
/application/files/3615/5431/0080/packetradio.png
200
666801 Bytes

1
ok



img
src
/application/files/5015/5415/9573/separslider1.png
200
452747 Bytes

1
ok



img
src
https://separs.ampr.org/application/files/cache/thumbnails/9ce2e242012c67d533849c9dc41ba4d9.png
200
295955 Bytes

1
ok



link
canonical
https://separs.ampr.org/


1
ok



link
stylesheet
/application/files/cache/css/neat/customizer.css?ts=1556492294
200
3176 Bytes

1
ok


Content loaded via url("...")

https://fonts.googleapis.com/css?family=Dosis:300,400,500,700
1
https://fonts.googleapis.com/css?family=Raleway:300,400,500,700
1

link
stylesheet
/concrete/blocks/event_list/view.css?ccm_nocache=4b93082bc539c4485cfaaa7e074181bcddb610d9
200
620 Bytes

1
ok



link
stylesheet
/concrete/blocks/feature/view.css?ccm_nocache=4b93082bc539c4485cfaaa7e074181bcddb610d9
200
169 Bytes

1
ok



link
stylesheet
/concrete/blocks/image_slider/view.css?ccm_nocache=4b93082bc539c4485cfaaa7e074181bcddb610d9
200
424 Bytes

1
ok



link
stylesheet
/concrete/css/font-awesome.css?ccm_nocache=4b93082bc539c4485cfaaa7e074181bcddb610d9
200
31023 Bytes

1
ok


Content loaded via url("...")

../css/fonts/fontawesome-webfont.eot?#iefix&v=4.7.0
1
../css/fonts/fontawesome-webfont.eot?v=4.7.0
1
../css/fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular
1
../css/fonts/fontawesome-webfont.ttf?v=4.7.0
1
../css/fonts/fontawesome-webfont.woff?v=4.7.0
1
../css/fonts/fontawesome-webfont.woff2?v=4.7.0
1

link
stylesheet
/concrete/css/responsive-slides.css?ccm_nocache=4b93082bc539c4485cfaaa7e074181bcddb610d9
200
1486 Bytes

1
ok


Content loaded via url("...")

../images/responsive-slides/arrows.gif
1

link
stylesheet
/packages/theme_neat/themes/neat/css/bootstrap.min.css
200
121260 Bytes

1
ok


Content loaded via url("...")

../fonts/glyphicons-halflings-regular.eot
1
../fonts/glyphicons-halflings-regular.eot?#iefix
1
../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular
1
../fonts/glyphicons-halflings-regular.ttf
1
../fonts/glyphicons-halflings-regular.woff
1
../fonts/glyphicons-halflings-regular.woff2
1

link
stylesheet
/packages/theme_neat/themes/neat/css/main.css?v=0.9
200
20271 Bytes

1
ok



meta
content-type
text/html; charset=UTF-8


1
ok



meta
X-UA-Compatible
IE=edge


1
ok



meta
description
Surrey Emergency Program - Amateur Radio Emergency Communications in times of Disaster


1
ok



meta
generator
concrete5 - 8.5.0


1
ok



meta
viewport
width=device-width, initial-scale=1, maximum-scale=1


1
ok



script
src
/concrete/blocks/image/view.js?ccm_nocache=4b93082bc539c4485cfaaa7e074181bcddb610d9
200
197 Bytes

1
ok



script
src
/concrete/js/jquery.js?ccm_nocache=4b93082bc539c4485cfaaa7e074181bcddb610d9
200
97163 Bytes

1
ok



script
src
/concrete/js/responsive-slides.js?ccm_nocache=4b93082bc539c4485cfaaa7e074181bcddb610d9
200
3396 Bytes

1
ok



script
src
/packages/theme_neat/themes/neat/js/bootstrap.min.js
200
36868 Bytes

1
ok



8. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
separs.ampr.org
0

no CAA entry found
1
0
ampr.org
0

no CAA entry found
1
0
org
0

no CAA entry found
1
0


9. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
separs.ampr.org
google-site-verification=BTftDD1-LMGv-bPLtQXQwJsRFvkpA9DcOaDpRzY_ZZg
ok
1
0
_acme-challenge.separs.ampr.org

Name Error - The domain name does not exist
1
0
_acme-challenge.separs.ampr.org.ampr.org

Name Error - The domain name does not exist
1
0
_acme-challenge.separs.ampr.org.separs.ampr.org

Name Error - The domain name does not exist
1
0



Permalink: https://check-your-website.server-daten.de/?i=726a3e5c-7618-489f-90a7-96b86639913d


Last Result: https://check-your-website.server-daten.de/?q=separs.ampr.org - 2019-05-18 04:49:11