Shortcuts: 1. Basic DNS | 2. Url-Checks | 3. Comments | 4. Connections | 5. Certificates | 6. CT-Logs | 7. Html-Content | 8. CAA | 9. TXT |


S

Server error

Checked:
15.05.2019 15:39:07


Older results

No older results found

1. Basic DNS and Nameserver Checks

HostTIP-Addressis auth.∑ Queries∑ Timeout
tracker.clickshield-staging.24metrics.com
A
35.233.96.203
yes
1
0

AAAA

yes


www.tracker.clickshield-staging.24metrics.com
A
35.233.96.203
yes
1
0

AAAA

yes



Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2019, 00:00:00, Signature-Inception: 11.05.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
com
1 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 28.05.2019, 05:00:00, Signature-Inception: 15.05.2019, 04:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 3800, Flags 256

Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2019, 18:25:33, Signature-Inception: 12.05.2019, 18:20:33, KeyTag 30909, Signer-Name: com

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
24metrics.com
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


clickshield-staging.24metrics.com
0 DS RR in the parent zone found

0 DNSKEY RR found


tracker.clickshield-staging.24metrics.com
0 DS RR in the parent zone found

0 DNSKEY RR found


www.tracker.clickshield-staging.24metrics.com
0 DS RR in the parent zone found


DomainNameserverNS-IP
www.tracker.clickshield-staging.24metrics.com
  ns-219.awsdns-27.com / eaa5fd01ce2a81f5fa220e82d6143760 -

tracker.clickshield-staging.24metrics.com
  ns-219.awsdns-27.com / eaa5fd01ce2a81f5fa220e82d6143760 -
205.251.192.219

 
2600:9000:5300:db00::1
clickshield-staging.24metrics.com
  ns-219.awsdns-27.com / eaa5fd01ce2a81f5fa220e82d6143760 -

24metrics.com
  ns-1428.awsdns-50.org / a52baed16708d73b974fa8e184aaa353 -


  ns-1662.awsdns-15.co.uk / b340d564a4767d4fe02f9753ab7fd59b -


  ns-219.awsdns-27.com / eaa5fd01ce2a81f5fa220e82d6143760 -


  ns-602.awsdns-11.net / f04f8e211d9fe4ef7e5b866f3055b8e4 -

com
  a.gtld-servers.net


  b.gtld-servers.net


  c.gtld-servers.net


  d.gtld-servers.net


  e.gtld-servers.net


  f.gtld-servers.net


  g.gtld-servers.net


  h.gtld-servers.net


  i.gtld-servers.net


  j.gtld-servers.net


  k.gtld-servers.net


  l.gtld-servers.net


  m.gtld-servers.net



SOA - records (beta)

Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557927522
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:4


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557927522
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:4


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557927537
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:8


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557927537
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:8


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557927552
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557927552
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:24metrics.com
Primary:ns-219.awsdns-27.com
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:4


Domain:clickshield-staging.24metrics.com
Primary:ns-219.awsdns-27.com
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:1


Domain:tracker.clickshield-staging.24metrics.com
Primary:ns-219.awsdns-27.com
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:2


Domain:www.tracker.clickshield-staging.24metrics.com
Primary:ns-219.awsdns-27.com
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:1


2. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://tracker.clickshield-staging.24metrics.com/
35.233.96.203
308
https://tracker.clickshield-staging.24metrics.com/
0.044
A
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:39:51 GMT
Content-Type: text/html
Content-Length: 172
Connection: close
Location: https://tracker.clickshield-staging.24metrics.com/

• http://www.tracker.clickshield-staging.24metrics.com/
35.233.96.203
404

0.047
M
Not Found
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:39:51 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Connection: close

• https://tracker.clickshield-staging.24metrics.com/
35.233.96.203
503

0.267
N
Service Temporarily Unavailable
Certificate error: RemoteCertificateChainErrors
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:39:51 GMT
Content-Type: text/html
Content-Length: 198
Connection: close
Strict-Transport-Security: max-age=15724800; includeSubDomains

• https://www.tracker.clickshield-staging.24metrics.com/
35.233.96.203
404

0.240
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:39:52 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Connection: close
Strict-Transport-Security: max-age=15724800; includeSubDomains

• http://tracker.clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.233.96.203
308
https://tracker.clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.050
A
Visible Content: 308 Permanent Redirect nginx/1.15.10
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:39:52 GMT
Content-Type: text/html
Content-Length: 172
Connection: close
Location: https://tracker.clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• http://www.tracker.clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.233.96.203
404

0.050
A
Not Found
Visible Content: default backend - 404
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:39:52 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Connection: close

• https://tracker.clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

503

0.273
N
Service Temporarily Unavailable
Certificate error: RemoteCertificateChainErrors
Visible Content: 503 Service Temporarily Unavailable nginx/1.15.10
Server: nginx/1.15.10
Date: Wed, 15 May 2019 13:39:53 GMT
Content-Type: text/html
Content-Length: 198
Connection: close
Strict-Transport-Security: max-age=15724800; includeSubDomains

3. Comments

Aname "tracker.clickshield-staging.24metrics.com" is subdomain, public suffix is "com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Ahttp://tracker.clickshield-staging.24metrics.com/ 35.233.96.203
308
https://tracker.clickshield-staging.24metrics.com/
correct redirect http - https with the same domain name
CError - no version with Http-Status 200
Hfatal error: No https - result with http-status 200, no encryption
Mhttp://www.tracker.clickshield-staging.24metrics.com/ 35.233.96.203
404

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://www.tracker.clickshield-staging.24metrics.com/ 35.233.96.203
404

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://tracker.clickshield-staging.24metrics.com/ 35.233.96.203
503

Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://www.tracker.clickshield-staging.24metrics.com/ 35.233.96.203
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://tracker.clickshield-staging.24metrics.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
503

Error - Certificate isn't trusted, RemoteCertificateChainErrors
AGood: Nameserver supports TCP connections: 2 good Nameserver
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 2 good Nameserver
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
ADuration: 49483 milliseconds, 49.483 seconds


4. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
tracker.clickshield-staging.24metrics.com
35.233.96.203
443
Certificate/chain invalid
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Chain (complete)
1CN=tracker.clickshield-staging.24metrics.com

2CN=Fake LE Intermediate X1
www.tracker.clickshield-staging.24metrics.com
35.233.96.203
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Self signed certificate
1CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co


5. Certificates

1.
1.
CN=tracker.clickshield-staging.24metrics.com
15.05.2019
13.08.2019
expires in 79 days
tracker.clickshield-staging.24metrics.com - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00FA1A44FD57C1F7452B9B10A270B268B0CAE1
Thumbprint:4FC0147F0687DE052441E4C9DDD1CC612F7943B2
SHA256 / Certificate:er0bVn6MMoay9gPQ5FB6KB2RvE6obO3Fbb9nSyJBln8=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):76c793bae6f796037f7945ec52cdff45fa9ba099cc47cea9e4d389b64762912e
OCSP - Url:http://ocsp.stg-int-x1.letsencrypt.org
OCSP - must staple:no
Certificate Transparency:yes

RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.

2.
CN=Fake LE Intermediate X1
24.05.2016
24.05.2036
expires in 6208 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008BE12A0E5944ED3C546431F097614FE5
Thumbprint:4EEE7398C1A3DAF91DA16689DB8243927A271B9A
SHA256 / Certificate:qZwbcdoyrdlClxT3HnQK/cVDxPfwEqdI0kp4m4vz1sc=
SHA256 hex / Cert (DANE * 0 1):a99c1b71da32add9429714f71e740afdc543c4f7f012a748d24a789b8bf3d6c7
SHA256 hex / PublicKey (DANE * 1 1):25ec31d428b56d5f8d9b09432ad80276097501a242e17ec6ea5c95810c712c02
OCSP - Url:http://ocsp.stg-root-x1.letsencrypt.org/
OCSP - must staple:no
Certificate Transparency:no


3.
CN=Fake LE Root X1
23.03.2016
23.03.2036
expires in 6146 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00A73D64A0404B29B2E532CE129E7B37DF
Thumbprint:B3F73C419DAC14711F4B97192BF89C7DEA7A7794
SHA256 / Certificate:IZxP/PsE8dOtbKebK1xsD0STF3qA+jfM5/yaMt8oMj0=
SHA256 hex / Cert (DANE * 0 1):219c4ffcfb04f1d3ad6ca79b2b5c6c0f4493177a80fa37cce7fc9a32df28323d
SHA256 hex / PublicKey (DANE * 1 1):5b7b5b32631b6ad5e6dcabbc7b21b6b23334b9345e90b22caa2c27770bb9da8d
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no


2.
1.
CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co
15.05.2019
14.05.2020
expires in 354 days
ingress.local - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:455997BFED21BAB9C1BEE40C5661D7B9
Thumbprint:E0B2050038FB1B3832EEBEB53AB4298496687345
SHA256 / Certificate:nflypxkDUyfIkse4oNJ2o2esvML55RTWn/f6bNzZxLk=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):b9ddcf709fa937aa740ec3f93344200f55d494463047044e11b0c7dd63b4a26a
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


6. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
1
1

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
835978218
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 08:13:36
2019-06-27 08:13:36
tracker.clickshield-staging.24metrics.com
1 entries



2. Source crt.sh - old and new certificates, sometimes very slow.

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
1
9

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1349477404
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 07:13:36
2019-06-27 06:13:36
tracker.clickshield-staging.24metrics.com
1 entries


1172834484
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-02-03 09:10:45
2019-05-04 08:10:45
*.tracker.clickshield-staging.24metrics.com
1 entries


1149799619
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-01-27 11:55:34
2019-04-27 10:55:34
tracker.clickshield-staging.24metrics.com
1 entries


1003328350
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-12-05 10:07:52
2019-03-05 10:07:52
*.tracker.clickshield-staging.24metrics.com
1 entries


984021867
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-28 12:54:39
2019-02-26 12:54:39
tracker.clickshield-staging.24metrics.com
1 entries


983974914
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-28 12:30:17
2019-02-26 12:30:17
tracker.clickshield-staging.24metrics.com
1 entries


968181223
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-22 14:25:53
2019-02-20 14:25:53
tracker.clickshield-staging.24metrics.com
1 entries


965170351
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-21 12:30:55
2019-02-19 12:30:55
tracker.clickshield-staging.24metrics.com
1 entries


932499207
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-09 12:20:47
2019-02-07 12:20:47
tracker.clickshield-staging.24metrics.com
1 entries



7. Html-Content - Entries (BETA - mixed content and other checks)

No Html-Content entries found. Only checked if https + status 200/401/403/404


8. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.tracker.clickshield-staging.24metrics.com
0

no CAA entry found
1
0
tracker.clickshield-staging.24metrics.com
0

no CAA entry found
1
0
clickshield-staging.24metrics.com
0

no CAA entry found
1
0
24metrics.com
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0


9. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
tracker.clickshield-staging.24metrics.com

ok
1
0
www.tracker.clickshield-staging.24metrics.com

ok
1
0
_acme-challenge.tracker.clickshield-staging.24metrics.com

missing entry or wrong length
1
0
_acme-challenge.www.tracker.clickshield-staging.24metrics.com

missing entry or wrong length
1
0
_acme-challenge.tracker.clickshield-staging.24metrics.com.clickshield-staging.24metrics.com

perhaps wrong
1
0
_acme-challenge.tracker.clickshield-staging.24metrics.com.tracker.clickshield-staging.24metrics.com

perhaps wrong
1
0
_acme-challenge.www.tracker.clickshield-staging.24metrics.com.tracker.clickshield-staging.24metrics.com

perhaps wrong
1
0
_acme-challenge.www.tracker.clickshield-staging.24metrics.com.www.tracker.clickshield-staging.24metrics.com

perhaps wrong
1
0



Permalink: https://check-your-website.server-daten.de/?i=78d5f607-38a8-4008-a9f3-fc57f569e563


Last Result: https://check-your-website.server-daten.de/?q=tracker.clickshield-staging.24metrics.com - 2019-05-15 15:39:07