https://bb.com.br
Infrastructure
· 17 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
86
GRADE
B
FIX
0
REVIEW
8
PASS
9
INFO
0
Probed from Madrid, Spain
200 OK
Checks
179 PASS 8 REVIEW
CReverse DNSAction0/2 IPs match cert SANREVIEW
Reverse DNS
Action0/2 IPs match cert SAN
0/2 IPs match cert SAN
Info::
PTR lookup failed for 104.18.29.245: lookup 104.18.29.245: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 104.18.28.245: lookup 104.18.28.245: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
BMulti-Resolver DNS SpeedMean 146ms across 3 resolvers (spread 196ms)REVIEW
Multi-Resolver DNS Speed
Mean 146ms across 3 resolvers (spread 196ms)
Mean 146ms across 3 resolvers (spread 196ms)
Info::
Google: 20ms
Got: 20ms via 8.8.8.8:53
Info::
Cloudflare: 203ms
Got: 203ms via 1.1.1.1:53
Info::
Quad9: 216ms
Got: 216ms via 9.9.9.9:53
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 Readiness
ActionNo IPv6 support
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
Why this matters
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
200https://www.bb.com.br/
200https://bb.com.br/
Inconsistent — duplicate content risk
HTTP → HTTPS
301http://bb.com.br/ → https://bb.com.br/
Consistent
BHTTP Probe TimingTotal 1270 ms — DNS, TCP, TLS, TTFB, content transfer breakdownREVIEW
HTTP Probe Timing
Total 1270 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
242 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
17 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
22 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
1.27 sTotal Time Total request time from DNS lookup through full response.
1.27 sConnection waterfall
DNS Lookup 242 ms TCP Connect 17 ms TLS Handshake 22 ms Server Processing 990 ms Content Transfer 0 ms
BTLS Certificate Expiry & Recommendations98 days until leaf cert expires — 1 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
98 days until leaf cert expires — 1 issues to address
Certificate validity
98
days left
0d 30d 60d 90d+
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
BOperational Status PageNo status page link detectedREVIEW
Operational Status Page
No status page link detected
No status page link detected
Info::
No operational status page link detected
Status pages communicate planned maintenance and incidents to users -- a hallmark of operationally-mature services. Most SaaS teams publish one via Atlassian Statuspage, Instatus, BetterUptime, or a self-hosted Cachet. Smaller sites legitimately don't need one; flagged as Info, not a failure.
BHealth Check EndpointNo conventional health endpoint foundREVIEW
Health Check Endpoint
No conventional health endpoint found
No conventional health endpoint found
Info::
No conventional health endpoint found
Health endpoints (/health, /healthz, /status, /ping, /api/health) let uptime monitors, load balancers, and orchestration systems (Kubernetes, ECS, Fly.io) verify the service is alive. Marketing sites and small services often skip them legitimately; flagged as Info, not a failure. Probe results: /api/health: 404, /health: 404, /healthz: 404, /ping: 404, /status: 404.
ADNS Records2 A records, 683 ms lookupPASS
DNS Records
2 A records, 683 ms lookup
2 A records, 683 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 104.18.29.245, 104.18.28.245
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: dns2.bb.com.br, dns3.bb.com.br, dns4.bb.com.br, dns1.bb.com.br
Info::
1 mail exchanger(s) configured
Info::
SPF record present in TXT
Warning::
DNS resolution is slow (683 ms)
Slow DNS adds latency to every page load. Consider a faster DNS provider.
Got: 683 ms
| A | 104.18.29.245, 104.18.28.245 |
| AAAA | — |
| CNAME | — |
| NS | dns2.bb.com.br, dns3.bb.com.br, dns4.bb.com.br, dns1.bb.com.br |
| MX | 1 bancodobrasil.in.tmes.trendmicro.com |
| TXT | apple-domain-verification=bshZ6ehpobzOBAtd cisco-ci-domain-verification=7828dbaa1b5d18ce8d7db7b24a4e0a90dc491b9cd015fba1d79... apple-domain-verification=hgAwaITZz7sLYIeR atlassian-domain-verification=8jwv6hhHK3rzE7WzZaF6j8SoKzdUOzJgKJmtvSnZabyrDqS2WU... facebook-domain-verification=n63bla7q15gijiuxzfn9acg565ppd3 google-site-verification=ajwAaM6pafcYld-zOnO2NvMfj3AoYd49LRC8tJcf8x4 ibmid=bb9d1049-0b9d-4cec-8ace-a8e9cd8a161f FCW2MOVE9HrYWYrS32kV+4Jm9FaXfNRy4tkvnmmUgT4CVULXbwNaeu5RvDuqPqwKMNegokfo+dIjGfRg... trend-micro-v1-domain-verification.9762af746cf1fa4f78619d281b0ecc2b=97ee2e55-cf5... MS=ms78705448 google-site-verification=Wmr6gjjU9yavBiz9uTfI4qf1g8IwZ6w3z02a1_Bw6lA ef9da41523134534be97127b71bb2856 google-site-verification=0bLzI2YSV1Pc9_v5NkO7vP8qN7GwLRHrsINXqsucLqI SPF v=spf1 ip4:170.66.0.0/16 include:spf.protection.outlook.com include:spf.tmes.tre... Dynatrace-site-verification=9e2f01f2-1a16-45fc-b4c0-581877fe6b3e__o1h9mt219frnfi... google-site-verification=ngM_IDru8SDQmU9Q69frKkSPbfvl537M3vabK0qFDT4 adobe-idp-site-verification=920c77122fba327f2729d822f4b845a64afb6a9271fd57e2d8af... |
| CAA | Lookup not available with standard resolver |
Resolved in 683 ms
Slow DNS adds latency to every page load. Consider a faster DNS provider.
Why this matters
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
A+Subdomain TakeoverNo subdomain takeover risk detectedPASS
Subdomain Takeover
No subdomain takeover risk detected
No subdomain takeover risk detected
Info::
No CNAME record present
A+DNSSECSigned and validatingPASS
DNSSEC
Signed and validating
Signed and validating
Info::
DNSSEC fully signed and chain validates (RSASHA256)
A+CAA Recordsissue: certigna.com, certisign.com.br, comodoca.com, digicert.com, globalsign.com, mastercard.com, sectigo.com, soluti.com.br, visa.com | issuewild: certisign.com.br, comodoca.com, digicert.com, globalsign.com, sectigo.com, soluti.com.br | iodef configuredPASS
CAA Records
issue: certigna.com, certisign.com.br, comodoca.com, digicert.com, globalsign.com, mastercard.com, sectigo.com, soluti.com.br, visa.com | issuewild: certisign.com.br, comodoca.com, digicert.com, globalsign.com, sectigo.com, soluti.com.br | iodef configured
issue: certigna.com, certisign.com.br, comodoca.com, digicert.com, globalsign.com, mastercard.com, sectigo.com, soluti.com.br, visa.com | issuewild: certisign.com.br, comodoca.com, digicert.com, globalsign.com, sectigo.com, soluti.com.br | iodef configured
Info::
CAA issue tag present — authorized CA(s): certigna.com, certisign.com.br, comodoca.com, digicert.com, globalsign.com, mastercard.com, sectigo.com, soluti.com.br, visa.com
Info::
CAA iodef tag present (failed-issuance notifications enabled)
A+Redirect ChainNo redirects — direct accessPASS
Redirect Chain
No redirects — direct access
No redirects — direct access
Info::
No redirects — direct access
Got: https://bb.com.br
https://bb.com.br
1016 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://bb.com.br | 200 | 1016 ms | HTTP/1.1 | cloudflare |
ACrawlabilityrobots.txt present, no sitemapPASS
Crawlability
robots.txt present, no sitemap
robots.txt present, no sitemap
Info::
robots.txt is present
Got: 290 bytes
Info::
No sitemap.xml found
A sitemap helps search engines discover and index your pages more efficiently.
Info::
robots.txt references sitemap
A sitemap helps search engines discover and index your pages more efficiently.
Why this matters
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
robots.txt 200 OK
Size 290 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
User-agent: *
Disallow: /docs/pub/
Disallow: /docs/portal/
Disallow: /docs/pub/*.pdf$
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/
Sitemap: https://cdn.bb.com.br/wp-content/uploads/bb-seo/sitemap.xml
sitemap.xml No sitemap found
No sitemap found
Adding a sitemap helps search engines discover your pages.
A+Domain Intelligencebb.com.br — 28 years, 7 months old, hosted on CloudflarePASS
Domain Intelligence
bb.com.br — 28 years, 7 months old, hosted on Cloudflare
bb.com.br — 28 years, 7 months old, hosted on Cloudflare
Info::
Domain registered until Mar 4, 2028 (1 years, 9 months remaining)
Info::
DNSSEC is enabled
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: Cloudflare
Got: AS13335
Domain expiry
647 days
March 4, 2028
SSL certificate
98 days
Issued by DigiCert Inc
Domain age
28 years, 7 months
Registered March 4, 1998
DNSSEC
Enabled
Protects against DNS spoofing
Hosting
Cloudflare
ASN AS13335
104.18.28.245
Registrar
Registrar unknown
Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar
Created March 4, 1998 (28 years, 7 months ago)
Expires March 4, 2028 (1 years, 9 months)
Last Updated June 23, 2025
Name Servers dns1.bb.com.br, dns2.bb.com.br, dns3.bb.com.br, dns4.bb.com.br
DNSSEC Enabled
Registrant BANCO DO BRASIL S.A.
Hosting
IP Address 104.18.28.245
ASN AS13335 (CLOUDFLARENET - Cloudflare, Inc., US)
Provider Cloudflare
Data source: rdap (1.7s)
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Why this matters
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice
ACDN & DeliveryCloudflare (DYNAMIC)PASS
CDN & Delivery
Cloudflare (DYNAMIC)
Cloudflare (DYNAMIC)
Info::
Site is served via Cloudflare CDN (edge: CDG)
Got: cf-ray: a010c1218afaf345-CDG
Info::
CDN cache status: DYNAMIC
CDN Detected: Cloudflare
Provider Cloudflare Cache Status DYNAMIC Evidence cf-ray: a010c1218afaf345-CDG
A+CDN Cache ObservabilityCache state: DYNAMICPASS
CDN Cache Observability
Cache state: DYNAMIC
Cache state: DYNAMIC
Info::
CDN cache state observable via 2 header(s)
Got: age=451, cf-cache-status=DYNAMIC
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.