scaweb.bsan.mobi

Score 95/100

Web site information

Website image scaweb.bsan.mobi
Web Address
IP Address

SEO data

title
SCA - Medios de Pago
viewport
width=device-width, initial-scale=1

Protocols

SSLv2
not offered
SSLv3
not offered
TLS 1.0
not offered
TLS 1.1
is not offered
TLS 1.2
offered
TLS 1.3
offered with final
ALPN HTTP2
h2

Vulnerabilities

heartbleed
not vulnerable, no heartbeat extension
CCS
not vulnerable
ticketbleed
not vulnerable
ROBOT
not vulnerable
SSL renegotiation
not vulnerable
SSL client renegotiation
not vulnerable
CRIME TLS
not vulnerable
BREACH
potentially VULNERABLE, uses gzip HTTP compression - only supplied '/' tested
POODLE SSL
not vulnerable
fallback SCSV
no protocol below TLS 1.2 offered
SWEET32
not vulnerable
FREAK
not vulnerable
DROWN
not vulnerable to DROWN on this host and port
DROWN
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=C5AE2A45FC90632CA46853664E23647CA5D721A8EC059ABACBBDEE4185BCC921
LOGJAM
not vulnerable, no DH EXPORT ciphers,
LOGJAM-common primes
no DH key
BEAST
not vulnerable, no SSL3 or TLS1
LUCKY13
potentially vulnerable, uses TLS CBC ciphers
RC4
not vulnerable

Header Responses

Status code
200 OK ('/')
Clock skew
0 seconds from localtime
HSTS time
365 days (=31536000 seconds) > 15465600 seconds
HSTS subdomains
includes subdomains
HSTS preload
domain is NOT marked for preloading
HPKP
No support for HTTP Public Key Pinning
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' http: https: tags.tiqcdn.com; font-src 'self' data:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; connect-src *; base-uri 'self'; object-src 'none'; media-src 'self';
Referrer-Policy
Referrer-Policy: no-referrer-when-downgrade
X-UA-Compatible
X-UA-Compatible: IE=Edge

Server Defaults

TLS extensions
'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'session ticket/#35' 'status request/#5' 'next protocol/#13172' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'encrypt-then-mac/#22' 'extended master secret/#23'
TLS session ticket
valid for 7200 seconds only (<daily)
SSL sessionID support
yes
Session Ticket Resumption
supported
Session ID Resumption
supported
TLS timestamp
random
Signature algorithm
SHA256 with RSA
Key size
2048 bits
Key usage
Digital Signature, Key Encipherment
Extended key usage
cert_ext_keyusage
Serial number
5ED7CAB614E08F8DBEE136FD6AB8C713
Fingerprint SHA1
DE474127B4B5F7ADC4B09BA8C26C6A0ECE269B22
Fingerprint SHA256
C5AE2A45FC90632CA46853664E23647CA5D721A8EC059ABACBBDEE4185BCC921
Certificate details
-----BEGIN CERTIFICATE----- MIIG8DCCBdigAwIBAgIQXtfKthTgj42+4Tb9arjHEzANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y MTEwMjYxMTMxMzBaFw0yMjExMjMxMTMxMjlaMIGEMQswCQYDVQQGEwJFUzESMBAG A1UECBMJQ2FudGFicmlhMRIwEAYDVQQHEwlTYW50YW5kZXIxGDAWBgNVBAoTD0dS VVBPIFNBTlRBTkRFUjEYMBYGA1UECxMPQkFOQ08gU0FOVEFOREVSMRkwFwYDVQQD ExBzY2F3ZWIuYnNhbi5tb2JpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAoffP7aWPMBFp2Y7pwhxQ8r5cbr1J78+4l10LCRcUylqGNWn/cj4CGacKQ0q5 b4P7ERjloWxdhrg3i8XA+W+vMB82LkXqmg1YXOuAhiDHT2Blek1i9It6ncaJ9Dq1 B0GF+bC8grhSw5sM9HA9f1Mov7SOn5H211hMRtMrSoqcmyYRmLm5SUIzNY5cOd7+ 5Gi1ZWVTY37rnlqf1UUOI1srjt9mCfuGyNV5zywS9Zl5L1onc/Bsgp94yF7uZq4V qNHv3cLTkiKZGxosOzVIwP7CY7SDGkCmpKDzu5HKbgTJ3ts5dsHXPoh8nHYBKEG+ S0/3chh7D0VWTw4hFmSGZiwSdQIDAQABo4IDJDCCAyAwDAYDVR0TAQH/BAIwADAd BgNVHQ4EFgQUgs91caDuv0EbwYXn1zUk1KK+9UAwHwYDVR0jBBgwFoAUgqJwdN28 Uz/Pe9T3zX+nYMYKTL8waAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRw Oi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRy dXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6 Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwMQYDVR0RBCowKIIQc2Nhd2Vi LmJzYW4ubW9iaYIUd3d3LnNjYXdlYi5ic2FuLm1vYmkwDgYDVR0PAQH/BAQDAgWg MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNVHSAERTBDMDcGCmCG SAGG+mwKAQUwKTAnBggrBgEFBQcCARYbaHR0cHM6Ly93d3cuZW50cnVzdC5uZXQv cnBhMAgGBmeBDAECAjCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYAVhQGmi/X wuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAF8vF6iQQAABAMARzBFAiAZs6K1 QLtJ+DSeodjGrfNJrC3LwUWKMqt1epmOAxuWCgIhAPIt/GGIsoGKtXHi1gGa61iJ MIjujPcIHPzcxe1NJaGDAHYAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSL BeUAAAF8vF6iVAAABAMARzBFAiB1O6WRq7Tr+Jb2k/WTVXi1cDEQR1rr2Q3U/pQa GKun8AIhAJ4G9KR0UVwnqani6Si1c5CSv31MK1MgLBF6GUIyzrm5AHcARqVV63X6 kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF8vF6iWgAABAMASDBGAiEA1tJV RuFGHLkekEBb95kgfxDRtAk5k7vVkKl1IcfAgaQCIQC+L2cHKOyZ2aBsf+Rr07tp M7orX2VnD31P0qH/rij5JDANBgkqhkiG9w0BAQsFAAOCAQEApWH0WWl071SVRtEq QDmYbud51LWOWgvTc/LMSe+LOfN0yHARDDHpaVj9x5RmkbzPLedZcpvkbj9FMsnC 1GTBzVBSvfmgZb1adY9t/J8ELsRHHu0xMkmJduRWs401YwBbkkyJyuKfZaYpHhKy B33aWSF8DVa4G+FdO5TH18tG3qFIVBqtsOfGITZ15hQYJrfRsOpaY7e6St1EJ2iT 4O+PLZT7u9+kuEsLWDU11UezaJXMzBb848iOAzAjZvkqP8d4p1be4MYtaZidPp0d bw2PAwqxGwpsbYGcCnZtOvuN2Ok1PsPlC9mp/MrfxQ86aLvBCy6uNEdAOyeMeFuS t2Z65w== -----END CERTIFICATE-----
Common names
scaweb.bsan.mobi
Service Name Indication
imperva.com
SubjectAlternative Name
scaweb.bsan.mobi www.scaweb.bsan.mobi
Certificate authority issuers
Entrust Certification Authority - L1K (Entrust, Inc. from US)
Certificate trusted
Ok via SAN and CN (SNI mandatory)
Certificate chain trusted
passed.
Is certificate Extended Validation
no
Days before expiry
358 >= 60 days
Valid from
2021-10-26 13:31
Valid until
2022-11-23 12:31
Chain
2
CRL distribution points
http://crl.entrust.net/level1k.crl
Online Certificate Status Protocol URL
http://ocsp.entrust.net
OCSP stapling
offered
cert mustStapleExtension
--
DNS CAArecord
--
certificate transparency
yes (certificate extension)

Server Preferences

order
server
Which protocol negotiated
Default protocol TLS1.3
negotiated
TLS13-AES-128-GCM-SHA256, 253 bit ECDH (X25519)
order TLSv1 2
ECDHE-RSA-AES128-GCM-SHA256

Perfect Forward Secrecy

PFS
offered
PFS s
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
ECDHE curves
prime256v1 secp384r1 secp521r1

Ciphers

ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(0xc030)
ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(0xc028)
ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(0xc014)
AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
(0x9d)
AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
(0x3d)
AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
(0x35)
CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
(0x84)
ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(0xc02f)
ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(0xc027)
ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(0xc013)
AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
(0x9c)
AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
(0x3c)
AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
(0x2f)
CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
(0x41)

Browser Simulations

Android 2.3.7
No connection
Android 4.1.1
No connection
Android 4.3
No connection
Android 4.4.2
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 5.0.0
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 6.0
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 7.0
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Chrome 51
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Chrome 57
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Firefox 47
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Firefox 53
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows XP Internet Explorer 6
No connection
Windows Vista Internet Explorer 7
No connection
Windows XP Internet Explorer 8
No connection
Windows 7 Internet Explorer 8
No connection
Windows 7 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES128-SHA256
Windows 8.1 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES128-SHA256
Windows 8.1 update Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES128-SHA256
Windows 10 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows 10 Edge 13
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Phone 10 Edge 13
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows 7 Opera 17
TLSv1.2 ECDHE-RSA-AES128-SHA256
MacOSX 10.6.8 Safari 5.1.9
No connection
iOS 7 Safari 7
TLSv1.2 ECDHE-RSA-AES128-SHA256
MacOSX 10.11 Safari 9
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
MacOSX 10.12 Safari 10
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
iOS 9 App Transport Security 9
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows 7 Tor 7.0.9
No connection
Java 6 update 45
No connection
Java 7 update 25
No connection
Java 8 update 31
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 1.1.1
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 1.0.2e
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256