indexo.dev

ahdiagnostics.no

.no crawl

First seen 2026-06-04 · Last seen 2026-06-04 · ok HTTP/1.1 200 560 ms crawled 2026-06-04

FR · 212.83.137.235 · AS12876 Scaleway SAS

Reputation 69/100 wrong cert dmarc monitor-only

Classifying

HTML metadata

Language
en

Technology

Server
nginx
Stack
Java

Contact

Phone

Registration

Registrar
Ascio Technologies Inc.
Created
2001-02-28
Updated
2026-03-01
Name servers
  • ns.scannet2.dk
  • ns2.scannet2.dk

DNS records live

NS
  • ns.scannet2.dk
  • ns2.scannet2.dk
MX
  • 0 ahdiagnostics-no.mail.protection.outlook.com
Verified for
  • Google
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net include:spf.mailanyone.net redirect=spf.dynamicweb-cms.com ip4:212.83.137.235 ip4:109.74.189.78 ip4:185.90.213.110 ip4:109.235.115.60 ~all
softfail (~all)
DMARC
v=DMARC1; p=none; fo=1
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TW0Jt+zi0JWR+zgwGdaJ/6c115AGnjOKfT+IAhqIi9/aogIz9ioX7A/gg0/SKKa++bvPi1swHKkk5…
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current) wrong cert

Sectigo Public Server Authentication CA DV R36
from 2026-04-03 to 2026-10-19
Expires in 136 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.ahdiagnostics.no/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
Header values
referrer-policy
no-referrer
permissions-policy
accelerometer=(), ambiant-light-sensor=(), autoplay=(self), battery=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), window-management=(), xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.voiceflow.com; media-src 'self' blob: *.dutscher.com; worker-src 'self' blob: *.dutscher.com; style-src 'self' 'unsafe-inline' *.voiceflow.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com www.paypalobjects.com www.paypal.com matomo.dutscher.com https://cdn.voiceflow.com; img-src 'self' *.paypal.com *.paypalobjects.com *.amazonaws.com blob: *.dutscher.com data: *.dutscher.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.google-analytics.com www.paypal.com matomo.dutscher.com *.voiceflow.com wss://general-runtime.voiceflow.com; frame-src 'self' https://www.youtube.com www.google.com www.youtube-nocookie.com;
strict-transport-security
max-age=31536000 ; includeSubDomains

Links to (4)

Linked from (1)