xmovie.bond

Score 94/100

Web site information

Web Address
xmovie.bond
IP Address
188.114.96.3
CDN
CloudFlare

SEO data

Protocols

SSLv2
not offered
SSLv3
not offered
TLS 1.0
offered (deprecated)
TLS 1.1
offered (deprecated)
TLS 1.2
offered
TLS 1.3
offered with final
ALPN HTTP2
h2
ALPN
http/1.1

Vulnerabilities

heartbleed
not vulnerable, no heartbeat extension
CCS
not vulnerable
ticketbleed
not vulnerable

Header Responses

Status code
Unexpected 455 @ '/'
Clock skew
0 seconds from localtime
HSTS
not offered
HPKP
No support for HTTP Public Key Pinning
Number of cookies
0 at '/' (maybe missed the application)
security headers
--

Server Defaults

TLS extensions
'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'status request/#5' 'next protocol/#13172' 'key share/#51' 'supported versions/#43' 'extended master secret/#23' 'application layer protocol negotiation/#16'
TLS session ticket
valid for 64800 seconds only (<daily)
SSL sessionID support
yes
Session Ticket Resumption
supported
Session ID Resumption
not supported
TLS timestamp
off by -1 seconds from your localtime
cert numbers
1
Signature algorithm
SHA256 with RSA
Key size
RSA 2048 bits
Key usage
Digital Signature, Key Encipherment
Extended key usage
TLS Web Server Authentication
Serial number
05F56C95E45EFC3D13301D5F9638A867
cert serialNumberLen
16
Fingerprint SHA1
D7732BB2A3FAC2DDFE08DEE212E900FEDB579C91
Fingerprint SHA256
330647C546F23EBC947DF97BCD345B9DF3ABB2EADA307A9D7505E381C16BA522
Certificate details
-----BEGIN CERTIFICATE----- MIIFaDCCBFCgAwIBAgIQBfVsleRe/D0TMB1fljioZzANBgkqhkiG9w0BAQsFADBG MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM QzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yNDA0MjIxNDE5MjRaFw0yNDA3MjEx NDE5MjNaMBYxFDASBgNVBAMTC3htb3ZpZS5ib25kMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAvArMtM93mNDpQS2qgC6G4lvT0L5Jrddy/5b/uGEfPtv+ 9P4398I3ZX8EbADYi+CI0rImI18j+7bnJGq6YbaiFkeuJbKPpZcsITEdL/F8YmBN 3f6bKHnhYauxXa86T0qp16kSaGg3+ZvASBNleq+t8BelnvzbPz9L4orG4cHzPXgu mywdoVKaJm0AIGxZVKeEIDxJJwULyEWlHQ/mIGVCOJdLhLkf1wAlF+v8Oh9TWNxc SpZzf3teTL4SuF7OylcRP86VS4igWjAXKFMVOLKAK+z39Z8GPniC8NFUXLEmqOB5 eTQJClNxp9+r1KQLce2ou3htTp9ue0UGZCmZTHtS1QIDAQABo4ICgDCCAnwwDgYD VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw HQYDVR0OBBYEFCXrt/eGfZmXWtyN4kedXPXawK8jMB8GA1UdIwQYMBaAFNX8ng3f HsrdCJeXbivFX8Ur9ey4MHgGCCsGAQUFBwEBBGwwajA1BggrBgEFBQcwAYYpaHR0 cDovL29jc3AucGtpLmdvb2cvcy9ndHMxcDUvenRVX0d0aGptcEEwMQYIKwYBBQUH MAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBvL2NlcnRzL2d0czFwNS5kZXIwJQYDVR0R BB4wHIILeG1vdmllLmJvbmSCDSoueG1vdmllLmJvbmQwIQYDVR0gBBowGDAIBgZn gQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Js cy5wa2kuZ29vZy9ndHMxcDUvWXRpQ0dvbkxKcjguY3JsMIIBAwYKKwYBBAHWeQIE AgSB9ASB8QDvAHUAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGP BmP1BQAABAMARjBEAiAteCopFhcpUycG0ehWn+tBStPMFj4KEbLVWnrtK6F3wwIg Q3qwQaWENrrrQa8O79CxJ7hoWFf5gj9ab2vrYw3ZzHYAdgDatr9rP7W2Ip+bwrtc a+hwkXFsu1GEhTS9pD0wSNf7qwAAAY8GY/UHAAAEAwBHMEUCIFJRZoxiR7RqUCZ7 riSjCA4G2tCdQfen0s4jP4psNYP8AiEA720zlPncdYS9Mh56eaazW3GolLYgJGCm 9+xqbYt+JMswDQYJKoZIhvcNAQELBQADggEBAFSQ5QaZ7di17K+wq1Ynwpq7WN2u ypGk0HOo12S054m45lavx1MOpF/oVCwCFZCdB2VUeMgIXkZYFad3PfjlaCOr70MI KyVK3PwyO6e4xa/S/qlmlAdYIlu1LOOoP3ZvmaJMxdrcF4mdv5CsFmLKmmptZeUK Y9tHIhYKqC3/tphQpg2OhOEpz5fxMnn1dyMPnV8j9kQScaME4nhQk4Az3lK5wtlA oKH5t2SUEWD1WumzhngljWaam2kzLN6EO3Xsa9bzx1f1QTdylXmz6RKyJlFlnqGU fwc3eoGXfocYiwyHdE7HNJxgAmBEfv52aa9Ck0hiJMhcnvCWYAEN/GfGSVk= -----END CERTIFICATE-----
Common names
xmovie.bond
Service Name Indication
sni.cloudflaressl.com
SubjectAlternative Name
xmovie.bond *.xmovie.bond
Certificate authority issuers
GTS CA 1P5 (Google Trust Services LLC from US)
Certificate trusted
Ok via SAN (SNI mandatory)
Certificate chain trusted
passed.
Is certificate Extended Validation
no
cert eTLS
not present
cert expirationStatus
80 >= 60 days
Valid from
2024-04-22 14:19
Valid until
2024-07-21 14:19
cert validityPeriod
No finding
Chain
3
certs list ordering problem
no
cert crlDistributionPoints
http://crls.pki.goog/gts1p5/YtiCGonLJr8.crl
Online Certificate Status Protocol URL
http://ocsp.pki.goog/s/gts1p5/ztU_GthjmpA
OCSP stapling
offered
cert ocspRevoked
not revoked
cert mustStapleExtension
--
DNS CAArecord
--
certificate transparency
yes (certificate extension)

Server Preferences

order
server -- TLS 1.3 client determined
Which protocol negotiated
Default protocol TLS1.3
negotiated
TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
order TLSv1
ECDHE-RSA-AES128-SHA
order TLSv1 1
ECDHE-RSA-AES128-SHA
order TLSv1 2
ECDHE-RSA-AES128-GCM-SHA256

Perfect Forward Secrecy

PFS
offered
PFS s
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-CHACHA20-POLY1305-OLD
PFS ECDHE curves
prime256v1 secp384r1 secp521r1