keezmovies.surf

Score 90/100

Web site information

Web Address
keezmovies.surf
IP Address
104.21.35.111
CDN
CloudFlare

SEO data

Protocols

SSLv2
not offered
SSLv3
not offered
TLS 1.0
offered (deprecated)
TLS 1.1
offered (deprecated)
TLS 1.2
offered
TLS 1.3
offered with final
ALPN HTTP2
h2
ALPN
http/1.1

Vulnerabilities

heartbleed
not vulnerable, no heartbeat extension
CCS
not vulnerable
ticketbleed
not vulnerable

Header Responses

Status code
Unexpected 455 @ '/'
Clock skew
0 seconds from localtime
HSTS
not offered
HPKP
No support for HTTP Public Key Pinning
Number of cookies
0 at '/' (maybe missed the application)
security headers
--

Server Defaults

TLS extensions
'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'status request/#5' 'next protocol/#13172' 'key share/#51' 'supported versions/#43' 'extended master secret/#23' 'application layer protocol negotiation/#16'
TLS session ticket
valid for 64800 seconds only (<daily)
SSL sessionID support
yes
Session Ticket Resumption
not supported
Session ID Resumption
not supported
TLS timestamp
off by -1 seconds from your localtime
cert numbers
1
Signature algorithm
SHA256 with RSA
Key size
RSA 2048 bits
Key usage
Digital Signature, Key Encipherment
Extended key usage
TLS Web Server Authentication
Serial number
A3539D537449887E0DEA94F4039DBDBB
cert serialNumberLen
16
Fingerprint SHA1
E9D7C5B684CD381E97245D28BED78A30883A7E8F
Fingerprint SHA256
D741EA1966C50DA7A867CB0E66F7163A84874CE54B26EB45B4E1B7E054FE795C
Certificate details
-----BEGIN CERTIFICATE----- MIIFdzCCBF+gAwIBAgIRAKNTnVN0SYh+DeqU9AOdvbswDQYJKoZIhvcNAQELBQAw RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM TEMxEzARBgNVBAMTCkdUUyBDQSAxUDUwHhcNMjQwMjE3MDQyMTAwWhcNMjQwNTE3 MDQyMDU5WjAaMRgwFgYDVQQDEw9rZWV6bW92aWVzLnN1cmYwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCsf1QfhTnfoYxow6zbo6uET8GLIRE9sA3CQsiF 7qSMlbc+3FQaIt4yvxeN6ETb4ITW9NQRBcfimOcyg0iQjjmjqm9Nj2wQ2zpgjo8i GbtDpTbAyK3docOB4/ErLMUv83fXlG5igShQMWiQki8FHL8XLOVJiC7QHEGKXOlP 9HfSXjkfrhCF8+nXvkAbQejnBfVirjt4JmGxMcjEDV++nssF+jrF9TgrUQwoUraP M0w05emFO52CLkLIz7qOvzG5lOUg54BUGXhurXBmIXJ0WC+oS6/aI4+MA0k3PqZ+ WMlNzGWHpYiMquSGqjgWZ2QIw+CJbUzsx5srlg8SDGCW6GU3AgMBAAGjggKKMIIC hjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQU5Q9yr86QbTha+FHsOoKZjuOn2kUwHwYDVR0jBBgwFoAU 1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzAB hilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9OS1JReE5Qeng5ZzAxBggr BgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAt BgNVHREEJjAkgg9rZWV6bW92aWVzLnN1cmaCESoua2Vlem1vdmllcy5zdXJmMCEG A1UdIAQaMBgwCAYGZ4EMAQIBMAwGCisGAQQB1nkCBQMwPAYDVR0fBDUwMzAxoC+g LYYraHR0cDovL2NybHMucGtpLmdvb2cvZ3RzMXA1L0lJNHhURjRhanVnLmNybDCC AQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AKLiv9Ye3i8vB6DWTm03p9xlQ7DGtS6i 2reK+Jpt9RfYAAABjbWCvnUAAAQDAEcwRQIhAL95U0AUnhOvDnEhBWOek4CO9E1F +2/gXoGDEkF3ZQA1AiAm/mY0XmLjUQJJgvZ8HKibAqMKoVb8lvebdI6ZIkmoCwB3 AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABjbWCvl0AAAQDAEgw RgIhAIaKpTLLxZ/DbOzCyJL2vKImQs0F73QTBVytZt/JKRLRAiEAnWlYfwKcx2Xq qTSgX71AlWZ+8wJoe2O2wOL/cPVJJXwwDQYJKoZIhvcNAQELBQADggEBADNAilYF 5lGtD7AoGjTJrLOjKx9wwL9XQotiAwIGUiTe5fe6oSnMj2kfFk8BiqRkA8xjFSZj 3wO8FtwWv0KyCogc7vJMsRX/p3j+tJKk7pUpFQgBbxBLDd0StORqL4aaZ/yD6Gqh ktqMkQo41faibNfiLqwHAo7vmouixln8s3i1t2U4N8pFs5nX5v/A9SK3gDeg3CM0 l+mryuU++HU0ibw1sBhvZkLRnzcuv3BsHZpiXypjL4ATwQ9f+UNFoKwKU1CHBdHa obbksUo41tfi6km9QrewOliPPcpUZtEN0FEmaopcs1fCs0+D8P9PAnHAXOcr3uSW GvSyKVzwlv6tcRE= -----END CERTIFICATE-----
Common names
keezmovies.surf
Service Name Indication
request w/o SNI didn't succeed
SubjectAlternative Name
keezmovies.surf *.keezmovies.surf
Certificate authority issuers
GTS CA 1P5 (Google Trust Services LLC from US)
Certificate trusted
Ok via SAN (SNI mandatory)
Certificate chain trusted
passed.
Is certificate Extended Validation
no
cert eTLS
not present
cert expirationStatus
expires < 60 days (47)
Valid from
2024-02-17 04:21
Valid until
2024-05-17 04:20
cert validityPeriod
No finding
Chain
3
certs list ordering problem
no
cert crlDistributionPoints
http://crls.pki.goog/gts1p5/II4xTF4ajug.crl
Online Certificate Status Protocol URL
http://ocsp.pki.goog/s/gts1p5/NKRQxNPzx9g
OCSP stapling
offered
cert ocspRevoked
not revoked
cert mustStapleExtension
--
DNS CAArecord
--
certificate transparency
yes (certificate extension)

Server Preferences

order
server -- TLS 1.3 client determined
Which protocol negotiated
Default protocol TLS1.3
negotiated
TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
order TLSv1
ECDHE-RSA-AES128-SHA
order TLSv1 1
ECDHE-RSA-AES128-SHA
order TLSv1 2
ECDHE-RSA-AES128-GCM-SHA256

Perfect Forward Secrecy

PFS
offered
PFS s
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-CHACHA20-POLY1305-OLD
PFS ECDHE curves
prime256v1 secp384r1 secp521r1